mirror of
https://github.com/pretix/pretix.git
synced 2026-05-05 15:14:04 +00:00
Big string replace
This commit is contained in:
Raphael Michel
committed by
Raphael Michel
Raphael Michel
parent
bea9c08ed0
commit
8dc241934d
@@ -342,9 +342,10 @@ def test_event_scheduled_export_list_token(token_client, organizer, event, user,
|
||||
|
||||
team.limit_organizer_permissions = {"organizer.events:create": True}
|
||||
team.all_organizer_permissions = False
|
||||
team.all_event_permissions = False
|
||||
team.save()
|
||||
|
||||
# Token can no longer sees it an gets error message
|
||||
# Token can no longer sees it and gets error message
|
||||
resp = token_client.get('/api/v1/organizers/{}/events/{}/scheduled_exports/'.format(organizer.slug, event.slug))
|
||||
assert resp.status_code == 403
|
||||
|
||||
@@ -363,7 +364,9 @@ def test_event_scheduled_export_list_user(user_client, organizer, event, user, t
|
||||
resp = user_client.get('/api/v1/organizers/{}/events/{}/scheduled_exports/'.format(organizer.slug, event.slug))
|
||||
assert [res] == resp.data['results']
|
||||
|
||||
team.limit_event_permissions["event.settings.general:write"] = False
|
||||
team.limit_organizer_permissions = {"organizer.events:create": True}
|
||||
team.all_organizer_permissions = False
|
||||
team.all_event_permissions = False
|
||||
team.save()
|
||||
|
||||
# Owner still can
|
||||
|
||||
@@ -43,239 +43,238 @@ from pretix.base.models import Organizer
|
||||
event_urls = [
|
||||
(None, ''),
|
||||
(None, 'categories/'),
|
||||
('can_view_orders', 'invoices/'),
|
||||
('event.orders:read', 'invoices/'),
|
||||
(None, 'items/'),
|
||||
('can_view_orders', 'orders/'),
|
||||
('can_view_orders', 'orderpositions/'),
|
||||
('event.orders:read', 'orders/'),
|
||||
('event.orders:read', 'orderpositions/'),
|
||||
(None, 'questions/'),
|
||||
(None, 'quotas/'),
|
||||
('can_view_vouchers', 'vouchers/'),
|
||||
('event.vouchers:read', 'vouchers/'),
|
||||
(None, 'subevents/'),
|
||||
(None, 'taxrules/'),
|
||||
('can_view_orders', 'waitinglistentries/'),
|
||||
('can_view_orders', 'checkinlists/'),
|
||||
('can_view_orders', 'checkins/'),
|
||||
('event.orders:read', 'waitinglistentries/'),
|
||||
('event.orders:read', 'checkinlists/'),
|
||||
('event.orders:read', 'checkins/'),
|
||||
(None, 'seats/'),
|
||||
]
|
||||
|
||||
event_permission_sub_urls = [
|
||||
('get', 'can_change_event_settings', 'settings/', 200),
|
||||
('patch', 'can_change_event_settings', 'settings/', 200),
|
||||
('get', 'can_view_orders', 'revokedsecrets/', 200),
|
||||
('get', 'can_view_orders', 'revokedsecrets/1/', 404),
|
||||
('get', 'can_view_orders', 'blockedsecrets/', 200),
|
||||
('get', 'can_view_orders', 'blockedsecrets/1/', 404),
|
||||
('get', 'can_view_orders', 'transactions/', 200),
|
||||
('get', 'can_view_orders', 'transactions/1/', 404),
|
||||
('get', 'can_view_orders', 'orders/', 200),
|
||||
('get', 'can_view_orders', 'orderpositions/', 200),
|
||||
('delete', 'can_change_orders', 'orderpositions/1/', 404),
|
||||
('post', 'can_change_orders', 'orderpositions/1/price_calc/', 404),
|
||||
('get', 'can_view_vouchers', 'vouchers/', 200),
|
||||
('get', 'can_view_orders', 'invoices/', 200),
|
||||
('get', 'can_view_orders', 'invoices/1/', 404),
|
||||
('post', 'can_change_orders', 'invoices/1/regenerate/', 404),
|
||||
('post', 'can_change_orders', 'invoices/1/reissue/', 404),
|
||||
('post', 'can_change_orders', 'invoices/1/retransmit/', 404),
|
||||
('get', 'can_view_orders', 'waitinglistentries/', 200),
|
||||
('get', 'can_view_orders', 'waitinglistentries/1/', 404),
|
||||
('post', 'can_change_orders', 'waitinglistentries/', 400),
|
||||
('delete', 'can_change_orders', 'waitinglistentries/1/', 404),
|
||||
('patch', 'can_change_orders', 'waitinglistentries/1/', 404),
|
||||
('put', 'can_change_orders', 'waitinglistentries/1/', 404),
|
||||
('post', 'can_change_orders', 'waitinglistentries/1/send_voucher/', 404),
|
||||
('get', 'event.settings.general:write', 'settings/', 200),
|
||||
('patch', 'event.settings.general:write', 'settings/', 200),
|
||||
('get', 'event.orders:read', 'revokedsecrets/', 200),
|
||||
('get', 'event.orders:read', 'revokedsecrets/1/', 404),
|
||||
('get', 'event.orders:read', 'blockedsecrets/', 200),
|
||||
('get', 'event.orders:read', 'blockedsecrets/1/', 404),
|
||||
('get', 'event.orders:read', 'transactions/', 200),
|
||||
('get', 'event.orders:read', 'transactions/1/', 404),
|
||||
('get', 'event.orders:read', 'orders/', 200),
|
||||
('get', 'event.orders:read', 'orderpositions/', 200),
|
||||
('delete', 'event.orders:write', 'orderpositions/1/', 404),
|
||||
('post', 'event.orders:write', 'orderpositions/1/price_calc/', 404),
|
||||
('get', 'event.vouchers:read', 'vouchers/', 200),
|
||||
('get', 'event.orders:read', 'invoices/', 200),
|
||||
('get', 'event.orders:read', 'invoices/1/', 404),
|
||||
('post', 'event.orders:write', 'invoices/1/regenerate/', 404),
|
||||
('post', 'event.orders:write', 'invoices/1/reissue/', 404),
|
||||
('post', 'event.orders:write', 'invoices/1/retransmit/', 404),
|
||||
('get', 'event.orders:read', 'waitinglistentries/', 200),
|
||||
('get', 'event.orders:read', 'waitinglistentries/1/', 404),
|
||||
('post', 'event.orders:write', 'waitinglistentries/', 400),
|
||||
('delete', 'event.orders:write', 'waitinglistentries/1/', 404),
|
||||
('patch', 'event.orders:write', 'waitinglistentries/1/', 404),
|
||||
('put', 'event.orders:write', 'waitinglistentries/1/', 404),
|
||||
('post', 'event.orders:write', 'waitinglistentries/1/send_voucher/', 404),
|
||||
('get', None, 'categories/', 200),
|
||||
('get', None, 'items/', 200),
|
||||
('get', None, 'questions/', 200),
|
||||
('get', None, 'quotas/', 200),
|
||||
('get', None, 'discounts/', 200),
|
||||
('post', 'can_change_items', 'items/', 400),
|
||||
('post', 'event.items:write', 'items/', 400),
|
||||
('get', None, 'items/1/', 404),
|
||||
('put', 'can_change_items', 'items/1/', 404),
|
||||
('patch', 'can_change_items', 'items/1/', 404),
|
||||
('delete', 'can_change_items', 'items/1/', 404),
|
||||
('post', 'can_change_items', 'categories/', 400),
|
||||
('put', 'event.items:write', 'items/1/', 404),
|
||||
('patch', 'event.items:write', 'items/1/', 404),
|
||||
('delete', 'event.items:write', 'items/1/', 404),
|
||||
('post', 'event.items:write', 'categories/', 400),
|
||||
('get', None, 'categories/1/', 404),
|
||||
('put', 'can_change_items', 'categories/1/', 404),
|
||||
('patch', 'can_change_items', 'categories/1/', 404),
|
||||
('delete', 'can_change_items', 'categories/1/', 404),
|
||||
('post', 'can_change_items', 'discounts/', 400),
|
||||
('put', 'event.items:write', 'categories/1/', 404),
|
||||
('patch', 'event.items:write', 'categories/1/', 404),
|
||||
('delete', 'event.items:write', 'categories/1/', 404),
|
||||
('post', 'event.items:write', 'discounts/', 400),
|
||||
('get', None, 'discounts/1/', 404),
|
||||
('put', 'can_change_items', 'discounts/1/', 404),
|
||||
('patch', 'can_change_items', 'discounts/1/', 404),
|
||||
('delete', 'can_change_items', 'discounts/1/', 404),
|
||||
('post', 'can_change_items', 'items/1/variations/', 404),
|
||||
('put', 'event.items:write', 'discounts/1/', 404),
|
||||
('patch', 'event.items:write', 'discounts/1/', 404),
|
||||
('delete', 'event.items:write', 'discounts/1/', 404),
|
||||
('post', 'event.items:write', 'items/1/variations/', 404),
|
||||
('get', None, 'items/1/variations/', 404),
|
||||
('get', None, 'items/1/variations/1/', 404),
|
||||
('put', 'can_change_items', 'items/1/variations/1/', 404),
|
||||
('patch', 'can_change_items', 'items/1/variations/1/', 404),
|
||||
('delete', 'can_change_items', 'items/1/variations/1/', 404),
|
||||
('put', 'event.items:write', 'items/1/variations/1/', 404),
|
||||
('patch', 'event.items:write', 'items/1/variations/1/', 404),
|
||||
('delete', 'event.items:write', 'items/1/variations/1/', 404),
|
||||
('get', None, 'items/1/addons/', 404),
|
||||
('get', None, 'items/1/addons/1/', 404),
|
||||
('post', 'can_change_items', 'items/1/addons/', 404),
|
||||
('put', 'can_change_items', 'items/1/addons/1/', 404),
|
||||
('patch', 'can_change_items', 'items/1/addons/1/', 404),
|
||||
('delete', 'can_change_items', 'items/1/addons/1/', 404),
|
||||
('post', 'event.items:write', 'items/1/addons/', 404),
|
||||
('put', 'event.items:write', 'items/1/addons/1/', 404),
|
||||
('patch', 'event.items:write', 'items/1/addons/1/', 404),
|
||||
('delete', 'event.items:write', 'items/1/addons/1/', 404),
|
||||
('get', None, 'subevents/', 200),
|
||||
('get', None, 'subevents/1/', 404),
|
||||
('get', None, 'taxrules/', 200),
|
||||
('get', None, 'taxrules/1/', 404),
|
||||
('post', 'can_change_event_settings', 'taxrules/', 400),
|
||||
('put', 'can_change_event_settings', 'taxrules/1/', 404),
|
||||
('patch', 'can_change_event_settings', 'taxrules/1/', 404),
|
||||
('delete', 'can_change_event_settings', 'taxrules/1/', 404),
|
||||
('get', 'can_change_event_settings', 'sendmail_rules/', 200),
|
||||
('get', 'can_change_event_settings', 'sendmail_rules/1/', 404),
|
||||
('post', 'can_change_event_settings', 'sendmail_rules/', 400),
|
||||
('put', 'can_change_event_settings', 'sendmail_rules/1/', 404),
|
||||
('patch', 'can_change_event_settings', 'sendmail_rules/1/', 404),
|
||||
('delete', 'can_change_event_settings', 'sendmail_rules/1/', 404),
|
||||
('get', 'can_view_vouchers', 'vouchers/', 200),
|
||||
('get', 'can_view_vouchers', 'vouchers/1/', 404),
|
||||
('post', 'can_change_vouchers', 'vouchers/', 201),
|
||||
('put', 'can_change_vouchers', 'vouchers/1/', 404),
|
||||
('patch', 'can_change_vouchers', 'vouchers/1/', 404),
|
||||
('delete', 'can_change_vouchers', 'vouchers/1/', 404),
|
||||
('post', 'event.settings.general:write', 'taxrules/', 400),
|
||||
('put', 'event.settings.general:write', 'taxrules/1/', 404),
|
||||
('patch', 'event.settings.general:write', 'taxrules/1/', 404),
|
||||
('delete', 'event.settings.general:write', 'taxrules/1/', 404),
|
||||
('get', 'event.settings.general:write', 'sendmail_rules/', 200),
|
||||
('get', 'event.settings.general:write', 'sendmail_rules/1/', 404),
|
||||
('post', 'event.settings.general:write', 'sendmail_rules/', 400),
|
||||
('put', 'event.settings.general:write', 'sendmail_rules/1/', 404),
|
||||
('patch', 'event.settings.general:write', 'sendmail_rules/1/', 404),
|
||||
('delete', 'event.settings.general:write', 'sendmail_rules/1/', 404),
|
||||
('get', 'event.vouchers:read', 'vouchers/', 200),
|
||||
('get', 'event.vouchers:read', 'vouchers/1/', 404),
|
||||
('post', 'event.vouchers:write', 'vouchers/', 201),
|
||||
('put', 'event.vouchers:write', 'vouchers/1/', 404),
|
||||
('patch', 'event.vouchers:write', 'vouchers/1/', 404),
|
||||
('delete', 'event.vouchers:write', 'vouchers/1/', 404),
|
||||
('get', None, 'quotas/', 200),
|
||||
('get', None, 'quotas/1/', 404),
|
||||
('post', 'can_change_items', 'quotas/', 400),
|
||||
('put', 'can_change_items', 'quotas/1/', 404),
|
||||
('patch', 'can_change_items', 'quotas/1/', 404),
|
||||
('delete', 'can_change_items', 'quotas/1/', 404),
|
||||
('post', 'event.items:write', 'quotas/', 400),
|
||||
('put', 'event.items:write', 'quotas/1/', 404),
|
||||
('patch', 'event.items:write', 'quotas/1/', 404),
|
||||
('delete', 'event.items:write', 'quotas/1/', 404),
|
||||
('get', None, 'questions/', 200),
|
||||
('get', None, 'questions/1/', 404),
|
||||
('post', 'can_change_items', 'questions/', 400),
|
||||
('put', 'can_change_items', 'questions/1/', 404),
|
||||
('patch', 'can_change_items', 'questions/1/', 404),
|
||||
('delete', 'can_change_items', 'questions/1/', 404),
|
||||
('post', 'event.items:write', 'questions/', 400),
|
||||
('put', 'event.items:write', 'questions/1/', 404),
|
||||
('patch', 'event.items:write', 'questions/1/', 404),
|
||||
('delete', 'event.items:write', 'questions/1/', 404),
|
||||
('get', None, 'questions/1/options/', 404),
|
||||
('get', None, 'questions/1/options/1/', 404),
|
||||
('put', 'can_change_items', 'questions/1/options/1/', 404),
|
||||
('patch', 'can_change_items', 'questions/1/options/1/', 404),
|
||||
('delete', 'can_change_items', 'questions/1/options/1/', 404),
|
||||
('post', 'can_change_orders', 'orders/', 400),
|
||||
('patch', 'can_change_orders', 'orders/ABC12/', 404),
|
||||
('post', 'can_change_orders', 'orders/ABC12/mark_paid/', 404),
|
||||
('post', 'can_change_orders', 'orders/ABC12/mark_pending/', 404),
|
||||
('post', 'can_change_orders', 'orders/ABC12/mark_expired/', 404),
|
||||
('post', 'can_change_orders', 'orders/ABC12/mark_canceled/', 404),
|
||||
('post', 'can_change_orders', 'orders/ABC12/approve/', 404),
|
||||
('post', 'can_change_orders', 'orders/ABC12/deny/', 404),
|
||||
('post', 'can_change_orders', 'orders/ABC12/extend/', 400),
|
||||
('post', 'can_change_orders', 'orders/ABC12/create_invoice/', 404),
|
||||
('post', 'can_change_orders', 'orders/ABC12/resend_link/', 404),
|
||||
('post', 'can_change_orders', 'orders/ABC12/regenerate_secrets/', 404),
|
||||
('get', 'can_view_orders', 'orders/ABC12/payments/', 404),
|
||||
('get', 'can_view_orders', 'orders/ABC12/payments/1/', 404),
|
||||
('get', 'can_view_orders', 'orders/ABC12/refunds/', 404),
|
||||
('get', 'can_view_orders', 'orders/ABC12/refunds/1/', 404),
|
||||
('post', 'can_change_orders', 'orders/ABC12/payments/1/confirm/', 404),
|
||||
('post', 'can_change_orders', 'orders/ABC12/payments/1/refund/', 404),
|
||||
('post', 'can_change_orders', 'orders/ABC12/payments/1/cancel/', 404),
|
||||
('post', 'can_change_orders', 'orders/ABC12/refunds/1/cancel/', 404),
|
||||
('post', 'can_change_orders', 'orders/ABC12/refunds/1/process/', 404),
|
||||
('post', 'can_change_orders', 'orders/ABC12/refunds/1/done/', 404),
|
||||
('get', 'can_view_orders', 'checkinlists/', 200),
|
||||
('post', 'can_change_orders', 'checkinlists/1/failed_checkins/', 400),
|
||||
('get', 'can_view_orders', 'checkins/', 200),
|
||||
('get', 'can_view_orders', 'checkins/1/', 404),
|
||||
('post', 'can_change_event_settings', 'checkinlists/', 400),
|
||||
('put', 'can_change_event_settings', 'checkinlists/1/', 404),
|
||||
('patch', 'can_change_event_settings', 'checkinlists/1/', 404),
|
||||
('delete', 'can_change_event_settings', 'checkinlists/1/', 404),
|
||||
('get', 'can_view_orders', 'checkinlists/1/positions/', 404),
|
||||
('post', 'can_change_orders', 'checkinlists/1/positions/3/redeem/', 404),
|
||||
('post', 'can_create_events', 'clone/', 400),
|
||||
('get', 'can_view_orders', 'cartpositions/', 200),
|
||||
('get', 'can_view_orders', 'cartpositions/1/', 404),
|
||||
('post', 'can_change_orders', 'cartpositions/', 400),
|
||||
('delete', 'can_change_orders', 'cartpositions/1/', 404),
|
||||
('post', 'can_view_orders', 'exporters/invoicedata/run/', 400),
|
||||
('get', 'can_view_orders', 'exporters/invoicedata/download/bc3f9884-26ee-425b-8636-80613f84b6fa/3cb49ae6-eda3'
|
||||
'-4605-814e-099e23777b36/', 404),
|
||||
('put', 'event.items:write', 'questions/1/options/1/', 404),
|
||||
('patch', 'event.items:write', 'questions/1/options/1/', 404),
|
||||
('delete', 'event.items:write', 'questions/1/options/1/', 404),
|
||||
('post', 'event.orders:write', 'orders/', 400),
|
||||
('patch', 'event.orders:write', 'orders/ABC12/', 404),
|
||||
('post', 'event.orders:write', 'orders/ABC12/mark_paid/', 404),
|
||||
('post', 'event.orders:write', 'orders/ABC12/mark_pending/', 404),
|
||||
('post', 'event.orders:write', 'orders/ABC12/mark_expired/', 404),
|
||||
('post', 'event.orders:write', 'orders/ABC12/mark_canceled/', 404),
|
||||
('post', 'event.orders:write', 'orders/ABC12/approve/', 404),
|
||||
('post', 'event.orders:write', 'orders/ABC12/deny/', 404),
|
||||
('post', 'event.orders:write', 'orders/ABC12/extend/', 400),
|
||||
('post', 'event.orders:write', 'orders/ABC12/create_invoice/', 404),
|
||||
('post', 'event.orders:write', 'orders/ABC12/resend_link/', 404),
|
||||
('post', 'event.orders:write', 'orders/ABC12/regenerate_secrets/', 404),
|
||||
('get', 'event.orders:read', 'orders/ABC12/payments/', 404),
|
||||
('get', 'event.orders:read', 'orders/ABC12/payments/1/', 404),
|
||||
('get', 'event.orders:read', 'orders/ABC12/refunds/', 404),
|
||||
('get', 'event.orders:read', 'orders/ABC12/refunds/1/', 404),
|
||||
('post', 'event.orders:write', 'orders/ABC12/payments/1/confirm/', 404),
|
||||
('post', 'event.orders:write', 'orders/ABC12/payments/1/refund/', 404),
|
||||
('post', 'event.orders:write', 'orders/ABC12/payments/1/cancel/', 404),
|
||||
('post', 'event.orders:write', 'orders/ABC12/refunds/1/cancel/', 404),
|
||||
('post', 'event.orders:write', 'orders/ABC12/refunds/1/process/', 404),
|
||||
('post', 'event.orders:write', 'orders/ABC12/refunds/1/done/', 404),
|
||||
('get', 'event.orders:read', 'checkinlists/', 200),
|
||||
('post', 'event.orders:write', 'checkinlists/1/failed_checkins/', 400),
|
||||
('get', 'event.orders:read', 'checkins/', 200),
|
||||
('get', 'event.orders:read', 'checkins/1/', 404),
|
||||
('post', 'event.settings.general:write', 'checkinlists/', 400),
|
||||
('put', 'event.settings.general:write', 'checkinlists/1/', 404),
|
||||
('patch', 'event.settings.general:write', 'checkinlists/1/', 404),
|
||||
('delete', 'event.settings.general:write', 'checkinlists/1/', 404),
|
||||
('get', 'event.orders:read', 'checkinlists/1/positions/', 404),
|
||||
('post', 'event.orders:write', 'checkinlists/1/positions/3/redeem/', 404),
|
||||
('post', 'organizer.events:create', 'clone/', 400),
|
||||
('get', 'event.orders:read', 'cartpositions/', 200),
|
||||
('get', 'event.orders:read', 'cartpositions/1/', 404),
|
||||
('post', 'event.orders:write', 'cartpositions/', 400),
|
||||
('delete', 'event.orders:write', 'cartpositions/1/', 404),
|
||||
('post', 'event.orders:read', 'exporters/invoicedata/run/', 400),
|
||||
('get', 'event.orders:read', 'exporters/invoicedata/download/bc3f9884-26ee-425b-8636-80613f84b6fa/3cb49ae6-eda3-4605-814e-099e23777b36/', 404),
|
||||
('get', None, 'item_meta_properties/', 200),
|
||||
('get', None, 'item_meta_properties/0/', 404),
|
||||
('post', 'can_change_event_settings', 'item_meta_properties/', 400),
|
||||
('patch', 'can_change_event_settings', 'item_meta_properties/0/', 404),
|
||||
('delete', 'can_change_event_settings', 'item_meta_properties/0/', 404),
|
||||
('post', 'event.settings.general:write', 'item_meta_properties/', 400),
|
||||
('patch', 'event.settings.general:write', 'item_meta_properties/0/', 404),
|
||||
('delete', 'event.settings.general:write', 'item_meta_properties/0/', 404),
|
||||
('get', None, 'seats/', 200),
|
||||
('get', 'can_view_orders', 'seats/?expand=orderposition', 200),
|
||||
('get', 'can_view_orders', 'seats/?expand=cartposition', 200),
|
||||
('get', 'can_view_vouchers', 'seats/?expand=voucher', 200),
|
||||
('get', 'event.orders:read', 'seats/?expand=orderposition', 200),
|
||||
('get', 'event.orders:read', 'seats/?expand=cartposition', 200),
|
||||
('get', 'event.vouchers:read', 'seats/?expand=voucher', 200),
|
||||
('get', None, 'seats/1/', 404),
|
||||
('patch', 'can_change_event_settings', 'seats/1/', 404),
|
||||
('patch', 'event.settings.general:write', 'seats/1/', 404),
|
||||
]
|
||||
|
||||
org_permission_sub_urls = [
|
||||
('patch', 'can_change_organizer_settings', '', 200),
|
||||
('patch', 'can_change_organizer_settings', 'settings/', 200),
|
||||
('get', 'can_change_organizer_settings', 'webhooks/', 200),
|
||||
('post', 'can_change_organizer_settings', 'webhooks/', 400),
|
||||
('get', 'can_change_organizer_settings', 'webhooks/1/', 404),
|
||||
('put', 'can_change_organizer_settings', 'webhooks/1/', 404),
|
||||
('patch', 'can_change_organizer_settings', 'webhooks/1/', 404),
|
||||
('delete', 'can_change_organizer_settings', 'webhooks/1/', 404),
|
||||
('get', 'can_manage_customers', 'customers/', 200),
|
||||
('post', 'can_manage_customers', 'customers/', 201),
|
||||
('get', 'can_manage_customers', 'customers/1/', 404),
|
||||
('patch', 'can_manage_customers', 'customers/1/', 404),
|
||||
('post', 'can_manage_customers', 'customers/1/anonymize/', 404),
|
||||
('put', 'can_manage_customers', 'customers/1/', 404),
|
||||
('delete', 'can_manage_customers', 'customers/1/', 404),
|
||||
('get', 'can_manage_customers', 'memberships/', 200),
|
||||
('post', 'can_manage_customers', 'memberships/', 400),
|
||||
('get', 'can_manage_customers', 'memberships/1/', 404),
|
||||
('patch', 'can_manage_customers', 'memberships/1/', 404),
|
||||
('put', 'can_manage_customers', 'memberships/1/', 404),
|
||||
('delete', 'can_manage_customers', 'memberships/1/', 404),
|
||||
('get', 'can_change_organizer_settings', 'saleschannels/', 200),
|
||||
('post', 'can_change_organizer_settings', 'saleschannels/', 400),
|
||||
('get', 'can_change_organizer_settings', 'saleschannels/web/', 200),
|
||||
('patch', 'can_change_organizer_settings', 'saleschannels/web/', 200),
|
||||
('put', 'can_change_organizer_settings', 'saleschannels/api.1/', 404),
|
||||
('delete', 'can_change_organizer_settings', 'saleschannels/api.1/', 404),
|
||||
('get', 'can_change_organizer_settings', 'membershiptypes/', 200),
|
||||
('post', 'can_change_organizer_settings', 'membershiptypes/', 400),
|
||||
('get', 'can_change_organizer_settings', 'membershiptypes/1/', 404),
|
||||
('patch', 'can_change_organizer_settings', 'membershiptypes/1/', 404),
|
||||
('put', 'can_change_organizer_settings', 'membershiptypes/1/', 404),
|
||||
('delete', 'can_change_organizer_settings', 'membershiptypes/1/', 404),
|
||||
('get', 'can_manage_gift_cards', 'giftcards/', 200),
|
||||
('post', 'can_manage_gift_cards', 'giftcards/', 400),
|
||||
('get', 'can_manage_gift_cards', 'giftcards/1/', 404),
|
||||
('put', 'can_manage_gift_cards', 'giftcards/1/', 404),
|
||||
('patch', 'can_manage_gift_cards', 'giftcards/1/', 404),
|
||||
('get', 'can_manage_gift_cards', 'giftcards/1/transactions/', 404),
|
||||
('get', 'can_manage_gift_cards', 'giftcards/1/transactions/1/', 404),
|
||||
('get', 'can_change_organizer_settings', 'devices/', 200),
|
||||
('post', 'can_change_organizer_settings', 'devices/', 400),
|
||||
('get', 'can_change_organizer_settings', 'devices/1/', 404),
|
||||
('put', 'can_change_organizer_settings', 'devices/1/', 404),
|
||||
('patch', 'can_change_organizer_settings', 'devices/1/', 404),
|
||||
('get', 'can_change_teams', 'teams/', 200),
|
||||
('post', 'can_change_teams', 'teams/', 400),
|
||||
('get', 'can_change_teams', 'teams/{team_id}/', 200),
|
||||
('put', 'can_change_teams', 'teams/{team_id}/', 400),
|
||||
('patch', 'can_change_teams', 'teams/{team_id}/', 200),
|
||||
('get', 'can_change_teams', 'teams/{team_id}/members/', 200),
|
||||
('delete', 'can_change_teams', 'teams/{team_id}/members/2/', 404),
|
||||
('get', 'can_change_teams', 'teams/{team_id}/invites/', 200),
|
||||
('get', 'can_change_teams', 'teams/{team_id}/invites/2/', 404),
|
||||
('delete', 'can_change_teams', 'teams/{team_id}/invites/2/', 404),
|
||||
('post', 'can_change_teams', 'teams/{team_id}/invites/', 400),
|
||||
('get', 'can_change_teams', 'teams/{team_id}/tokens/', 200),
|
||||
('get', 'can_change_teams', 'teams/{team_id}/tokens/0/', 404),
|
||||
('delete', 'can_change_teams', 'teams/{team_id}/tokens/0/', 404),
|
||||
('post', 'can_change_teams', 'teams/{team_id}/tokens/', 400),
|
||||
('get', 'can_manage_reusable_media', 'reusablemedia/1/', 404),
|
||||
('patch', 'organizer.settings.general:write', '', 200),
|
||||
('patch', 'organizer.settings.general:write', 'settings/', 200),
|
||||
('get', 'organizer.settings.general:write', 'webhooks/', 200),
|
||||
('post', 'organizer.settings.general:write', 'webhooks/', 400),
|
||||
('get', 'organizer.settings.general:write', 'webhooks/1/', 404),
|
||||
('put', 'organizer.settings.general:write', 'webhooks/1/', 404),
|
||||
('patch', 'organizer.settings.general:write', 'webhooks/1/', 404),
|
||||
('delete', 'organizer.settings.general:write', 'webhooks/1/', 404),
|
||||
('get', 'organizer.customers:write', 'customers/', 200),
|
||||
('post', 'organizer.customers:write', 'customers/', 201),
|
||||
('get', 'organizer.customers:write', 'customers/1/', 404),
|
||||
('patch', 'organizer.customers:write', 'customers/1/', 404),
|
||||
('post', 'organizer.customers:write', 'customers/1/anonymize/', 404),
|
||||
('put', 'organizer.customers:write', 'customers/1/', 404),
|
||||
('delete', 'organizer.customers:write', 'customers/1/', 404),
|
||||
('get', 'organizer.customers:write', 'memberships/', 200),
|
||||
('post', 'organizer.customers:write', 'memberships/', 400),
|
||||
('get', 'organizer.customers:write', 'memberships/1/', 404),
|
||||
('patch', 'organizer.customers:write', 'memberships/1/', 404),
|
||||
('put', 'organizer.customers:write', 'memberships/1/', 404),
|
||||
('delete', 'organizer.customers:write', 'memberships/1/', 404),
|
||||
('get', 'organizer.settings.general:write', 'saleschannels/', 200),
|
||||
('post', 'organizer.settings.general:write', 'saleschannels/', 400),
|
||||
('get', 'organizer.settings.general:write', 'saleschannels/web/', 200),
|
||||
('patch', 'organizer.settings.general:write', 'saleschannels/web/', 200),
|
||||
('put', 'organizer.settings.general:write', 'saleschannels/api.1/', 404),
|
||||
('delete', 'organizer.settings.general:write', 'saleschannels/api.1/', 404),
|
||||
('get', 'organizer.settings.general:write', 'membershiptypes/', 200),
|
||||
('post', 'organizer.settings.general:write', 'membershiptypes/', 400),
|
||||
('get', 'organizer.settings.general:write', 'membershiptypes/1/', 404),
|
||||
('patch', 'organizer.settings.general:write', 'membershiptypes/1/', 404),
|
||||
('put', 'organizer.settings.general:write', 'membershiptypes/1/', 404),
|
||||
('delete', 'organizer.settings.general:write', 'membershiptypes/1/', 404),
|
||||
('get', 'organizer.giftcards:write', 'giftcards/', 200),
|
||||
('post', 'organizer.giftcards:write', 'giftcards/', 400),
|
||||
('get', 'organizer.giftcards:write', 'giftcards/1/', 404),
|
||||
('put', 'organizer.giftcards:write', 'giftcards/1/', 404),
|
||||
('patch', 'organizer.giftcards:write', 'giftcards/1/', 404),
|
||||
('get', 'organizer.giftcards:write', 'giftcards/1/transactions/', 404),
|
||||
('get', 'organizer.giftcards:write', 'giftcards/1/transactions/1/', 404),
|
||||
('get', 'organizer.settings.general:write', 'devices/', 200),
|
||||
('post', 'organizer.settings.general:write', 'devices/', 400),
|
||||
('get', 'organizer.settings.general:write', 'devices/1/', 404),
|
||||
('put', 'organizer.settings.general:write', 'devices/1/', 404),
|
||||
('patch', 'organizer.settings.general:write', 'devices/1/', 404),
|
||||
('get', 'organizer.teams:write', 'teams/', 200),
|
||||
('post', 'organizer.teams:write', 'teams/', 400),
|
||||
('get', 'organizer.teams:write', 'teams/{team_id}/', 200),
|
||||
('put', 'organizer.teams:write', 'teams/{team_id}/', 400),
|
||||
('patch', 'organizer.teams:write', 'teams/{team_id}/', 200),
|
||||
('get', 'organizer.teams:write', 'teams/{team_id}/members/', 200),
|
||||
('delete', 'organizer.teams:write', 'teams/{team_id}/members/2/', 404),
|
||||
('get', 'organizer.teams:write', 'teams/{team_id}/invites/', 200),
|
||||
('get', 'organizer.teams:write', 'teams/{team_id}/invites/2/', 404),
|
||||
('delete', 'organizer.teams:write', 'teams/{team_id}/invites/2/', 404),
|
||||
('post', 'organizer.teams:write', 'teams/{team_id}/invites/', 400),
|
||||
('get', 'organizer.teams:write', 'teams/{team_id}/tokens/', 200),
|
||||
('get', 'organizer.teams:write', 'teams/{team_id}/tokens/0/', 404),
|
||||
('delete', 'organizer.teams:write', 'teams/{team_id}/tokens/0/', 404),
|
||||
('post', 'organizer.teams:write', 'teams/{team_id}/tokens/', 400),
|
||||
('get', 'organizer.reusablemedia:read', 'reusablemedia/1/', 404),
|
||||
]
|
||||
|
||||
|
||||
event_permission_root_urls = [
|
||||
('post', 'can_create_events', 400),
|
||||
('put', 'can_change_event_settings', 400),
|
||||
('patch', 'can_change_event_settings', 200),
|
||||
('delete', 'can_change_event_settings', 204),
|
||||
('post', 'organizer.events:create', 400),
|
||||
('put', 'event.settings.general:write', 400),
|
||||
('patch', 'event.settings.general:write', 200),
|
||||
('delete', 'event.settings.general:write', 204),
|
||||
]
|
||||
|
||||
|
||||
@@ -537,7 +536,7 @@ def test_update_session_activity(user_client, team, organizer, event):
|
||||
@pytest.mark.django_db
|
||||
@pytest.mark.parametrize("urlset", event_permission_sub_urls)
|
||||
def test_device_subresource_permission_check(device_client, device, organizer, event, urlset):
|
||||
if urlset == ('get', 'can_change_event_settings', 'settings/', 200):
|
||||
if urlset == ('get', 'event.settings.general:write', 'settings/', 200):
|
||||
return
|
||||
resp = getattr(device_client, urlset[0])('/api/v1/organizers/{}/events/{}/{}'.format(
|
||||
organizer.slug, event.slug, urlset[2]))
|
||||
|
||||
@@ -117,52 +117,52 @@ def test_any_event_permission_all(event, user):
|
||||
@pytest.mark.django_db
|
||||
def test_specific_event_permission_limited(event, user):
|
||||
user._teamcache = {}
|
||||
assert not user.has_event_permission(event.organizer, event, 'can_change_orders')
|
||||
assert not user.has_event_permission(event.organizer, event, 'event.orders:write')
|
||||
|
||||
team = Team.objects.create(organizer=event.organizer, limit_event_permissions={"event.orders:write": True})
|
||||
user._teamcache = {}
|
||||
assert not user.has_event_permission(event.organizer, event, 'can_change_orders')
|
||||
assert not user.has_event_permission(event.organizer, event, 'event.orders:write')
|
||||
|
||||
team.members.add(user)
|
||||
user._teamcache = {}
|
||||
assert not user.has_event_permission(event.organizer, event, 'can_change_orders')
|
||||
assert not user.has_event_permission(event.organizer, event, 'event.orders:write')
|
||||
|
||||
team.limit_events.add(event)
|
||||
user._teamcache = {}
|
||||
assert user.has_event_permission(event.organizer, event, 'can_change_orders')
|
||||
assert not user.has_event_permission(event.organizer, event, 'can_change_event_settings')
|
||||
assert user.has_event_permission(event.organizer, event, 'event.orders:write')
|
||||
assert not user.has_event_permission(event.organizer, event, 'event.settings.general:write')
|
||||
|
||||
assert user.has_event_permission(event.organizer, event, ('can_change_orders', 'can_change_event_settings'))
|
||||
assert not user.has_event_permission(event.organizer, event, ('can_change_teams', 'can_change_event_settings'))
|
||||
assert user.has_event_permission(event.organizer, event, ('event.orders:write', 'event.settings.general:write'))
|
||||
assert not user.has_event_permission(event.organizer, event, ('organizer.teams:write', 'event.settings.general:write'))
|
||||
|
||||
team.limit_event_permissions = {}
|
||||
team.save()
|
||||
user._teamcache = {}
|
||||
assert not user.has_event_permission(event.organizer, event, 'can_change_orders')
|
||||
assert not user.has_event_permission(event.organizer, event, 'event.orders:write')
|
||||
|
||||
|
||||
@pytest.mark.django_db
|
||||
def test_specific_event_permission_all(event, user):
|
||||
user._teamcache = {}
|
||||
assert not user.has_event_permission(event.organizer, event, 'can_change_orders')
|
||||
assert not user.has_event_permission(event.organizer, event, 'event.orders:write')
|
||||
|
||||
team = Team.objects.create(organizer=event.organizer, limit_event_permissions={"event.orders:write": True})
|
||||
user._teamcache = {}
|
||||
assert not user.has_event_permission(event.organizer, event, 'can_change_orders')
|
||||
assert not user.has_event_permission(event.organizer, event, 'event.orders:write')
|
||||
|
||||
team.members.add(user)
|
||||
user._teamcache = {}
|
||||
assert not user.has_event_permission(event.organizer, event, 'can_change_orders')
|
||||
assert not user.has_event_permission(event.organizer, event, 'event.orders:write')
|
||||
|
||||
team.all_events = True
|
||||
team.save()
|
||||
user._teamcache = {}
|
||||
assert user.has_event_permission(event.organizer, event, 'can_change_orders')
|
||||
assert user.has_event_permission(event.organizer, event, 'event.orders:write')
|
||||
|
||||
team.limit_event_permissions = {}
|
||||
team.save()
|
||||
user._teamcache = {}
|
||||
assert not user.has_event_permission(event.organizer, event, 'can_change_orders')
|
||||
assert not user.has_event_permission(event.organizer, event, 'event.orders:write')
|
||||
|
||||
|
||||
@pytest.mark.django_db
|
||||
@@ -180,12 +180,12 @@ def test_event_permissions_multiple_teams(event, user):
|
||||
team2.limit_events.add(event)
|
||||
team3.limit_events.add(event2)
|
||||
|
||||
assert user.has_event_permission(event.organizer, event, 'can_change_orders')
|
||||
assert user.has_event_permission(event.organizer, event, 'can_change_vouchers')
|
||||
assert not user.has_event_permission(event.organizer, event, 'can_change_event_settings')
|
||||
assert user.get_event_permission_set(event.organizer, event) == {'can_change_orders', 'can_change_vouchers'}
|
||||
assert user.get_event_permission_set(event.organizer, event2) == {'can_change_orders', 'can_change_event_settings',
|
||||
'can_change_settings'}
|
||||
assert user.has_event_permission(event.organizer, event, 'event.orders:write')
|
||||
assert user.has_event_permission(event.organizer, event, 'event.vouchers:write')
|
||||
assert not user.has_event_permission(event.organizer, event, 'event.settings.general:write')
|
||||
assert user.get_event_permission_set(event.organizer, event) == {'event.orders:write', 'event.vouchers:write'}
|
||||
assert user.get_event_permission_set(event.organizer, event2) == {'event.orders:write', 'event.settings.general:write',
|
||||
'event.settings.general:write'}
|
||||
|
||||
|
||||
@pytest.mark.django_db
|
||||
@@ -205,16 +205,16 @@ def test_any_organizer_permission(event, user):
|
||||
@pytest.mark.django_db
|
||||
def test_specific_organizer_permission(event, user):
|
||||
user._teamcache = {}
|
||||
assert not user.has_organizer_permission(event.organizer, 'can_create_events')
|
||||
assert not user.has_organizer_permission(event.organizer, 'organizer.events:create')
|
||||
|
||||
team = Team.objects.create(organizer=event.organizer, limit_organizer_permissions={"organizer.events:create": True})
|
||||
user._teamcache = {}
|
||||
assert not user.has_organizer_permission(event.organizer, 'can_create_events')
|
||||
assert not user.has_organizer_permission(event.organizer, 'organizer.events:create')
|
||||
|
||||
team.members.add(user)
|
||||
user._teamcache = {}
|
||||
assert user.has_organizer_permission(event.organizer, 'can_create_events')
|
||||
assert user.has_organizer_permission(event.organizer, ('can_create_events', 'can_change_organizer_settings'))
|
||||
assert user.has_organizer_permission(event.organizer, 'organizer.events:create')
|
||||
assert user.has_organizer_permission(event.organizer, ('organizer.events:create', 'organizer.settings.general:write'))
|
||||
|
||||
|
||||
@pytest.mark.django_db
|
||||
@@ -227,19 +227,19 @@ def test_organizer_permissions_multiple_teams(event, user):
|
||||
team3 = Team.objects.create(organizer=orga2, limit_organizer_permissions={"organizer.teams:write": True})
|
||||
team3.members.add(user)
|
||||
|
||||
assert user.has_organizer_permission(event.organizer, 'can_create_events')
|
||||
assert user.has_organizer_permission(event.organizer, 'can_change_organizer_settings')
|
||||
assert not user.has_organizer_permission(event.organizer, 'can_change_teams')
|
||||
assert user.get_organizer_permission_set(event.organizer) == {'can_create_events', 'can_change_organizer_settings'}
|
||||
assert user.get_organizer_permission_set(orga2) == {'can_change_teams'}
|
||||
assert user.has_organizer_permission(event.organizer, 'organizer.events:create')
|
||||
assert user.has_organizer_permission(event.organizer, 'organizer.settings.general:write')
|
||||
assert not user.has_organizer_permission(event.organizer, 'organizer.teams:write')
|
||||
assert user.get_organizer_permission_set(event.organizer) == {'organizer.events:create', 'organizer.settings.general:write'}
|
||||
assert user.get_organizer_permission_set(orga2) == {'organizer.teams:write'}
|
||||
|
||||
|
||||
@pytest.mark.django_db
|
||||
def test_superuser(event, admin, admin_request):
|
||||
assert admin.has_organizer_permission(event.organizer, request=admin_request)
|
||||
assert admin.has_organizer_permission(event.organizer, 'can_create_events', request=admin_request)
|
||||
assert admin.has_organizer_permission(event.organizer, 'organizer.events:create', request=admin_request)
|
||||
assert admin.has_event_permission(event.organizer, event, request=admin_request)
|
||||
assert admin.has_event_permission(event.organizer, event, 'can_change_event_settings', request=admin_request)
|
||||
assert admin.has_event_permission(event.organizer, event, 'event.settings.general:write', request=admin_request)
|
||||
|
||||
assert 'arbitrary' not in admin.get_event_permission_set(event.organizer, event)
|
||||
assert 'arbitrary' not in admin.get_organizer_permission_set(event.organizer)
|
||||
@@ -282,7 +282,7 @@ def test_list_of_events(event, user, admin, admin_request):
|
||||
assert event3 in events
|
||||
assert event4 not in events
|
||||
|
||||
events = list(user.get_events_with_permission('can_change_event_settings', request=admin_request))
|
||||
events = list(user.get_events_with_permission('event.settings.general:write', request=admin_request))
|
||||
assert event not in events
|
||||
assert event2 not in events
|
||||
assert event3 in events
|
||||
@@ -293,8 +293,8 @@ def test_list_of_events(event, user, admin, admin_request):
|
||||
assert set(event3.get_users_with_any_permission()) == {user}
|
||||
assert set(event4.get_users_with_any_permission()) == set()
|
||||
|
||||
assert set(event.get_users_with_permission('can_change_event_settings')) == set()
|
||||
assert set(event2.get_users_with_permission('can_change_event_settings')) == set()
|
||||
assert set(event3.get_users_with_permission('can_change_event_settings')) == {user}
|
||||
assert set(event4.get_users_with_permission('can_change_event_settings')) == set()
|
||||
assert set(event.get_users_with_permission('can_change_orders')) == {user}
|
||||
assert set(event.get_users_with_permission('event.settings.general:write')) == set()
|
||||
assert set(event2.get_users_with_permission('event.settings.general:write')) == set()
|
||||
assert set(event3.get_users_with_permission('event.settings.general:write')) == {user}
|
||||
assert set(event4.get_users_with_permission('event.settings.general:write')) == set()
|
||||
assert set(event.get_users_with_permission('event.orders:write')) == {user}
|
||||
|
||||
@@ -304,115 +304,115 @@ HTTP_POST = "post"
|
||||
HTTP_GET = "get"
|
||||
|
||||
event_permission_urls = [
|
||||
("can_change_event_settings", "live/", 200, HTTP_GET),
|
||||
("can_change_event_settings", "delete/", 200, HTTP_GET),
|
||||
("can_change_event_settings", "dangerzone/", 200, HTTP_GET),
|
||||
("can_change_event_settings", "settings/", 200, HTTP_GET),
|
||||
("can_change_event_settings", "settings/plugins", 200, HTTP_GET),
|
||||
("can_change_event_settings", "settings/payment", 200, HTTP_GET),
|
||||
("can_change_event_settings", "settings/tickets", 200, HTTP_GET),
|
||||
("can_change_event_settings", "settings/email", 200, HTTP_GET),
|
||||
("can_change_event_settings", "settings/email/setup", 200, HTTP_GET),
|
||||
("can_change_event_settings", "settings/cancel", 200, HTTP_GET),
|
||||
("can_change_event_settings", "settings/invoice", 200, HTTP_GET),
|
||||
("can_change_event_settings", "settings/widget", 200, HTTP_GET),
|
||||
("can_change_event_settings", "settings/invoice/preview", 200, HTTP_GET),
|
||||
("can_change_event_settings", "settings/tax/", 200, HTTP_GET),
|
||||
("can_change_event_settings", "settings/tax/1/", 404, HTTP_GET),
|
||||
("can_change_event_settings", "settings/tax/add", 200, HTTP_GET),
|
||||
("can_change_event_settings", "settings/tax/1/delete", 404, HTTP_GET),
|
||||
("can_change_event_settings", "settings/tax/1/default", 404, HTTP_POST),
|
||||
("can_change_event_settings", "comment/", 405, HTTP_GET),
|
||||
("event.settings.general:write", "live/", 200, HTTP_GET),
|
||||
("event.settings.general:write", "delete/", 200, HTTP_GET),
|
||||
("event.settings.general:write", "dangerzone/", 200, HTTP_GET),
|
||||
("event.settings.general:write", "settings/", 200, HTTP_GET),
|
||||
("event.settings.general:write", "settings/plugins", 200, HTTP_GET),
|
||||
("event.settings.general:write", "settings/payment", 200, HTTP_GET),
|
||||
("event.settings.general:write", "settings/tickets", 200, HTTP_GET),
|
||||
("event.settings.general:write", "settings/email", 200, HTTP_GET),
|
||||
("event.settings.general:write", "settings/email/setup", 200, HTTP_GET),
|
||||
("event.settings.general:write", "settings/cancel", 200, HTTP_GET),
|
||||
("event.settings.general:write", "settings/invoice", 200, HTTP_GET),
|
||||
("event.settings.general:write", "settings/widget", 200, HTTP_GET),
|
||||
("event.settings.general:write", "settings/invoice/preview", 200, HTTP_GET),
|
||||
("event.settings.general:write", "settings/tax/", 200, HTTP_GET),
|
||||
("event.settings.general:write", "settings/tax/1/", 404, HTTP_GET),
|
||||
("event.settings.general:write", "settings/tax/add", 200, HTTP_GET),
|
||||
("event.settings.general:write", "settings/tax/1/delete", 404, HTTP_GET),
|
||||
("event.settings.general:write", "settings/tax/1/default", 404, HTTP_POST),
|
||||
("event.settings.general:write", "comment/", 405, HTTP_GET),
|
||||
# Lists are currently not access-controlled
|
||||
# ("can_change_items", "items/", 200),
|
||||
("can_change_items", "items/add", 200, HTTP_GET),
|
||||
("can_change_items", "items/1/up", 404, HTTP_POST),
|
||||
("can_change_items", "items/1/down", 404, HTTP_POST),
|
||||
("can_change_items", "items/reorder/2/", 400, HTTP_POST),
|
||||
("can_change_items", "items/1/delete", 404, HTTP_GET),
|
||||
# ("can_change_items", "categories/", 200),
|
||||
# ("event.items:write", "items/", 200),
|
||||
("event.items:write", "items/add", 200, HTTP_GET),
|
||||
("event.items:write", "items/1/up", 404, HTTP_POST),
|
||||
("event.items:write", "items/1/down", 404, HTTP_POST),
|
||||
("event.items:write", "items/reorder/2/", 400, HTTP_POST),
|
||||
("event.items:write", "items/1/delete", 404, HTTP_GET),
|
||||
# ("event.items:write", "categories/", 200),
|
||||
# We don't have to create categories and similar objects
|
||||
# for testing this, it is enough to test that a 404 error
|
||||
# is returned instead of a 403 one.
|
||||
("can_change_items", "categories/2/", 404, HTTP_GET),
|
||||
("can_change_items", "categories/2/delete", 404, HTTP_GET),
|
||||
("can_change_items", "categories/2/up", 404, HTTP_POST),
|
||||
("can_change_items", "categories/2/down", 404, HTTP_POST),
|
||||
("can_change_items", "categories/reorder", 400, HTTP_POST),
|
||||
("can_change_items", "categories/add", 200, HTTP_GET),
|
||||
# ("can_change_items", "questions/", 200, HTTP_GET),
|
||||
("can_change_items", "questions/2/", 404, HTTP_GET),
|
||||
("can_change_items", "questions/2/delete", 404, HTTP_GET),
|
||||
("can_change_items", "questions/reorder", 400, HTTP_POST),
|
||||
("can_change_items", "questions/add", 200, HTTP_GET),
|
||||
# ("can_change_items", "quotas/", 200, HTTP_GET),
|
||||
("can_change_items", "quotas/2/change", 404, HTTP_GET),
|
||||
("can_change_items", "quotas/2/delete", 404, HTTP_GET),
|
||||
("can_change_items", "quotas/add", 200, HTTP_GET),
|
||||
# ("can_change_items", "discounts/", 200),
|
||||
("event.items:write", "categories/2/", 404, HTTP_GET),
|
||||
("event.items:write", "categories/2/delete", 404, HTTP_GET),
|
||||
("event.items:write", "categories/2/up", 404, HTTP_POST),
|
||||
("event.items:write", "categories/2/down", 404, HTTP_POST),
|
||||
("event.items:write", "categories/reorder", 400, HTTP_POST),
|
||||
("event.items:write", "categories/add", 200, HTTP_GET),
|
||||
# ("event.items:write", "questions/", 200, HTTP_GET),
|
||||
("event.items:write", "questions/2/", 404, HTTP_GET),
|
||||
("event.items:write", "questions/2/delete", 404, HTTP_GET),
|
||||
("event.items:write", "questions/reorder", 400, HTTP_POST),
|
||||
("event.items:write", "questions/add", 200, HTTP_GET),
|
||||
# ("event.items:write", "quotas/", 200, HTTP_GET),
|
||||
("event.items:write", "quotas/2/change", 404, HTTP_GET),
|
||||
("event.items:write", "quotas/2/delete", 404, HTTP_GET),
|
||||
("event.items:write", "quotas/add", 200, HTTP_GET),
|
||||
# ("event.items:write", "discounts/", 200),
|
||||
# We don't have to create categories and similar objects
|
||||
# for testing this, it is enough to test that a 404 error
|
||||
# is returned instead of a 403 one.
|
||||
("can_change_items", "discounts/2/", 404, HTTP_GET),
|
||||
("can_change_items", "discounts/2/delete", 404, HTTP_GET),
|
||||
("can_change_items", "discounts/2/up", 404, HTTP_POST),
|
||||
("can_change_items", "discounts/2/down", 404, HTTP_POST),
|
||||
("can_change_items", "discounts/reorder", 400, HTTP_POST),
|
||||
("can_change_items", "discounts/add", 200, HTTP_GET),
|
||||
("can_change_event_settings", "subevents/", 200, HTTP_GET),
|
||||
("can_change_event_settings", "subevents/2/", 404, HTTP_GET),
|
||||
("can_change_event_settings", "subevents/2/delete", 404, HTTP_GET),
|
||||
("can_change_event_settings", "subevents/add", 200, HTTP_GET),
|
||||
("can_view_orders", "orders/overview/", 200, HTTP_GET),
|
||||
("can_view_orders", "orders/export/", 200, HTTP_GET),
|
||||
("can_view_orders", "orders/export/do", 302, HTTP_POST),
|
||||
("can_view_orders", "orders/", 200, HTTP_GET),
|
||||
("can_view_orders", "orders/FOO/", 200, HTTP_GET),
|
||||
("can_change_orders", "orders/FOO/extend", 200, HTTP_GET),
|
||||
("can_change_orders", "orders/FOO/reactivate", 302, HTTP_GET),
|
||||
("can_change_orders", "orders/FOO/contact", 200, HTTP_GET),
|
||||
("can_change_orders", "orders/FOO/transition", 405, HTTP_GET),
|
||||
("can_change_orders", "orders/FOO/checkvatid", 405, HTTP_GET),
|
||||
("can_change_orders", "orders/FOO/resend", 405, HTTP_GET),
|
||||
("can_change_orders", "orders/FOO/invoice", 405, HTTP_GET),
|
||||
("can_change_orders", "orders/FOO/change", 200, HTTP_GET),
|
||||
("can_change_orders", "orders/FOO/approve", 200, HTTP_GET),
|
||||
("can_change_orders", "orders/FOO/deny", 200, HTTP_GET),
|
||||
("can_change_orders", "orders/FOO/delete", 302, HTTP_GET),
|
||||
("can_change_orders", "orders/FOO/comment", 405, HTTP_GET),
|
||||
("can_change_orders", "orders/FOO/locale", 200, HTTP_GET),
|
||||
("can_change_orders", "orders/FOO/sendmail", 200, HTTP_GET),
|
||||
("can_change_orders", "orders/FOO/1/sendmail", 404, HTTP_GET),
|
||||
("can_change_orders", "orders/import/", 200, HTTP_GET),
|
||||
("can_change_orders", "orders/import/0ab7b081-92d3-4480-82de-2f8b056fd32f/", 404, HTTP_GET),
|
||||
("can_view_orders", "orders/FOO/answer/5/", 404, HTTP_GET),
|
||||
("can_change_orders", "cancel/", 200, HTTP_GET),
|
||||
("can_change_vouchers", "vouchers/add", 200, HTTP_GET),
|
||||
("can_change_vouchers", "vouchers/bulk_add", 200, HTTP_GET),
|
||||
("can_view_vouchers", "vouchers/", 200, HTTP_GET),
|
||||
("can_view_vouchers", "vouchers/tags/", 200, HTTP_GET),
|
||||
("can_view_vouchers", "vouchers/1234/", 404, HTTP_GET),
|
||||
("can_change_vouchers", "vouchers/1234/", 404, HTTP_POST),
|
||||
("can_change_vouchers", "vouchers/1234/delete", 404, HTTP_GET),
|
||||
("can_view_orders", "waitinglist/", 200, HTTP_GET),
|
||||
("can_change_orders", "waitinglist/auto_assign", 405, HTTP_GET),
|
||||
("can_change_orders", "waitinglist/action", 405, HTTP_GET),
|
||||
("can_view_orders", "checkins/", 200, HTTP_GET),
|
||||
("can_view_orders", "checkinlists/", 200, HTTP_GET),
|
||||
("can_view_orders", "checkinlists/1/", 404, HTTP_GET),
|
||||
("can_change_orders", "checkinlists/1/bulk_action", 404, HTTP_POST),
|
||||
("can_checkin_orders", "checkinlists/1/bulk_action", 404, HTTP_POST),
|
||||
("can_change_event_settings", "checkinlists/add", 200, HTTP_GET),
|
||||
("can_change_event_settings", "checkinlists/1/change", 404, HTTP_GET),
|
||||
("can_change_event_settings", "checkinlists/1/delete", 404, HTTP_GET),
|
||||
("event.items:write", "discounts/2/", 404, HTTP_GET),
|
||||
("event.items:write", "discounts/2/delete", 404, HTTP_GET),
|
||||
("event.items:write", "discounts/2/up", 404, HTTP_POST),
|
||||
("event.items:write", "discounts/2/down", 404, HTTP_POST),
|
||||
("event.items:write", "discounts/reorder", 400, HTTP_POST),
|
||||
("event.items:write", "discounts/add", 200, HTTP_GET),
|
||||
("event.settings.general:write", "subevents/", 200, HTTP_GET),
|
||||
("event.settings.general:write", "subevents/2/", 404, HTTP_GET),
|
||||
("event.settings.general:write", "subevents/2/delete", 404, HTTP_GET),
|
||||
("event.settings.general:write", "subevents/add", 200, HTTP_GET),
|
||||
("event.orders:read", "orders/overview/", 200, HTTP_GET),
|
||||
("event.orders:read", "orders/export/", 200, HTTP_GET),
|
||||
("event.orders:read", "orders/export/do", 302, HTTP_POST),
|
||||
("event.orders:read", "orders/", 200, HTTP_GET),
|
||||
("event.orders:read", "orders/FOO/", 200, HTTP_GET),
|
||||
("event.orders:write", "orders/FOO/extend", 200, HTTP_GET),
|
||||
("event.orders:write", "orders/FOO/reactivate", 302, HTTP_GET),
|
||||
("event.orders:write", "orders/FOO/contact", 200, HTTP_GET),
|
||||
("event.orders:write", "orders/FOO/transition", 405, HTTP_GET),
|
||||
("event.orders:write", "orders/FOO/checkvatid", 405, HTTP_GET),
|
||||
("event.orders:write", "orders/FOO/resend", 405, HTTP_GET),
|
||||
("event.orders:write", "orders/FOO/invoice", 405, HTTP_GET),
|
||||
("event.orders:write", "orders/FOO/change", 200, HTTP_GET),
|
||||
("event.orders:write", "orders/FOO/approve", 200, HTTP_GET),
|
||||
("event.orders:write", "orders/FOO/deny", 200, HTTP_GET),
|
||||
("event.orders:write", "orders/FOO/delete", 302, HTTP_GET),
|
||||
("event.orders:write", "orders/FOO/comment", 405, HTTP_GET),
|
||||
("event.orders:write", "orders/FOO/locale", 200, HTTP_GET),
|
||||
("event.orders:write", "orders/FOO/sendmail", 200, HTTP_GET),
|
||||
("event.orders:write", "orders/FOO/1/sendmail", 404, HTTP_GET),
|
||||
("event.orders:write", "orders/import/", 200, HTTP_GET),
|
||||
("event.orders:write", "orders/import/0ab7b081-92d3-4480-82de-2f8b056fd32f/", 404, HTTP_GET),
|
||||
("event.orders:read", "orders/FOO/answer/5/", 404, HTTP_GET),
|
||||
("event.orders:write", "cancel/", 200, HTTP_GET),
|
||||
("event.vouchers:write", "vouchers/add", 200, HTTP_GET),
|
||||
("event.vouchers:write", "vouchers/bulk_add", 200, HTTP_GET),
|
||||
("event.vouchers:read", "vouchers/", 200, HTTP_GET),
|
||||
("event.vouchers:read", "vouchers/tags/", 200, HTTP_GET),
|
||||
("event.vouchers:read", "vouchers/1234/", 404, HTTP_GET),
|
||||
("event.vouchers:write", "vouchers/1234/", 404, HTTP_POST),
|
||||
("event.vouchers:write", "vouchers/1234/delete", 404, HTTP_GET),
|
||||
("event.orders:read", "waitinglist/", 200, HTTP_GET),
|
||||
("event.orders:write", "waitinglist/auto_assign", 405, HTTP_GET),
|
||||
("event.orders:write", "waitinglist/action", 405, HTTP_GET),
|
||||
("event.orders:read", "checkins/", 200, HTTP_GET),
|
||||
("event.orders:read", "checkinlists/", 200, HTTP_GET),
|
||||
("event.orders:read", "checkinlists/1/", 404, HTTP_GET),
|
||||
("event.orders:write", "checkinlists/1/bulk_action", 404, HTTP_POST),
|
||||
("event.orders:checkin", "checkinlists/1/bulk_action", 404, HTTP_POST),
|
||||
("event.settings.general:write", "checkinlists/add", 200, HTTP_GET),
|
||||
("event.settings.general:write", "checkinlists/1/change", 404, HTTP_GET),
|
||||
("event.settings.general:write", "checkinlists/1/delete", 404, HTTP_GET),
|
||||
|
||||
# bank transfer
|
||||
("can_change_orders", "banktransfer/import/", 200, HTTP_GET),
|
||||
("can_change_orders", "banktransfer/job/1/", 404, HTTP_GET),
|
||||
("can_change_orders", "banktransfer/action/", 200, HTTP_GET),
|
||||
("can_change_orders", "banktransfer/refunds/", 200, HTTP_GET),
|
||||
("can_change_orders", "banktransfer/export/1/", 404, HTTP_GET),
|
||||
("can_change_orders", "banktransfer/sepa-export/1/", 404, HTTP_GET),
|
||||
("event.orders:write", "banktransfer/import/", 200, HTTP_GET),
|
||||
("event.orders:write", "banktransfer/job/1/", 404, HTTP_GET),
|
||||
("event.orders:write", "banktransfer/action/", 200, HTTP_GET),
|
||||
("event.orders:write", "banktransfer/refunds/", 200, HTTP_GET),
|
||||
("event.orders:write", "banktransfer/export/1/", 404, HTTP_GET),
|
||||
("event.orders:write", "banktransfer/sepa-export/1/", 404, HTTP_GET),
|
||||
]
|
||||
|
||||
|
||||
@@ -457,14 +457,14 @@ def test_current_permission(client, env):
|
||||
t = Team(
|
||||
pk=2, organizer=env[2], all_events=True
|
||||
)
|
||||
setattr(t, 'can_change_event_settings', True)
|
||||
setattr(t, 'event.settings.general:write', True)
|
||||
t.save()
|
||||
t.members.add(env[1])
|
||||
|
||||
client.login(email='dummy@dummy.dummy', password='dummy')
|
||||
response = client.get('/control/event/dummy/dummy/settings/')
|
||||
assert response.status_code == 200
|
||||
setattr(t, 'can_change_event_settings', False)
|
||||
setattr(t, 'event.settings.general:write', False)
|
||||
t.save()
|
||||
response = client.get('/control/event/dummy/dummy/settings/')
|
||||
assert response.status_code == 403
|
||||
@@ -518,66 +518,66 @@ def test_wrong_organizer(perf_patch, client, env, url):
|
||||
|
||||
|
||||
organizer_permission_urls = [
|
||||
("can_change_teams", "organizer/dummy/teams", 200),
|
||||
("can_change_teams", "organizer/dummy/team/add", 200),
|
||||
("can_change_teams", "organizer/dummy/team/1/", 200),
|
||||
("can_change_teams", "organizer/dummy/team/1/edit", 200),
|
||||
("can_change_teams", "organizer/dummy/team/1/delete", 200),
|
||||
("can_change_organizer_settings", "organizer/dummy/edit", 200),
|
||||
("can_change_organizer_settings", "organizer/dummy/settings/plugins", 200),
|
||||
("can_change_organizer_settings", "organizer/dummy/settings/plugins/pretix.plugins.sendmail/events", 200),
|
||||
("can_change_organizer_settings", "organizer/dummy/settings/email", 200),
|
||||
("can_change_organizer_settings", "organizer/dummy/settings/email/setup", 200),
|
||||
("can_change_organizer_settings", "organizer/dummy/devices", 200),
|
||||
("can_change_organizer_settings", "organizer/dummy/devices/select2", 200),
|
||||
("can_change_organizer_settings", "organizer/dummy/device/add", 200),
|
||||
("can_change_organizer_settings", "organizer/dummy/device/1/edit", 404),
|
||||
("can_change_organizer_settings", "organizer/dummy/device/1/connect", 404),
|
||||
("can_change_organizer_settings", "organizer/dummy/device/1/revoke", 404),
|
||||
("can_change_organizer_settings", "organizer/dummy/gates", 200),
|
||||
("can_change_organizer_settings", "organizer/dummy/gates/select2", 200),
|
||||
("can_change_organizer_settings", "organizer/dummy/gate/add", 200),
|
||||
("can_change_organizer_settings", "organizer/dummy/gate/1/edit", 404),
|
||||
("can_change_organizer_settings", "organizer/dummy/gate/1/delete", 404),
|
||||
("can_change_organizer_settings", "organizer/dummy/properties", 200),
|
||||
("can_change_organizer_settings", "organizer/dummy/property/add", 200),
|
||||
("can_change_organizer_settings", "organizer/dummy/property/1/edit", 404),
|
||||
("can_change_organizer_settings", "organizer/dummy/property/1/delete", 404),
|
||||
("can_change_organizer_settings", "organizer/dummy/channels", 200),
|
||||
("can_change_organizer_settings", "organizer/dummy/channel/add", 200),
|
||||
("can_change_organizer_settings", "organizer/dummy/channel/web/edit", 200),
|
||||
("can_change_organizer_settings", "organizer/dummy/channel/web/delete", 200),
|
||||
("can_change_organizer_settings", "organizer/dummy/membershiptypes", 200),
|
||||
("can_change_organizer_settings", "organizer/dummy/membershiptype/add", 200),
|
||||
("can_change_organizer_settings", "organizer/dummy/membershiptype/1/edit", 404),
|
||||
("can_change_organizer_settings", "organizer/dummy/membershiptype/1/delete", 404),
|
||||
("can_change_organizer_settings", "organizer/dummy/ssoproviders", 200),
|
||||
("can_change_organizer_settings", "organizer/dummy/ssoprovider/add", 200),
|
||||
("can_change_organizer_settings", "organizer/dummy/ssoprovider/1/edit", 404),
|
||||
("can_change_organizer_settings", "organizer/dummy/ssoprovider/1/delete", 404),
|
||||
("can_manage_customers", "organizer/dummy/customers", 200),
|
||||
("can_manage_customers", "organizer/dummy/customer/ABC/edit", 404),
|
||||
("can_manage_customers", "organizer/dummy/customer/ABC/anonymize", 404),
|
||||
("can_manage_customers", "organizer/dummy/customer/ABC/membership/add", 404),
|
||||
("can_manage_customers", "organizer/dummy/customer/ABC/membership/1/edit", 404),
|
||||
("can_manage_customers", "organizer/dummy/customer/ABC/", 404),
|
||||
("can_manage_reusable_media", "organizer/dummy/reusable_media", 200),
|
||||
("can_manage_reusable_media", "organizer/dummy/reusable_media/1/edit", 404),
|
||||
("can_manage_reusable_media", "organizer/dummy/reusable_media/1/", 404),
|
||||
("can_manage_gift_cards", "organizer/dummy/giftcards", 200),
|
||||
("can_manage_gift_cards", "organizer/dummy/giftcard/add", 200),
|
||||
("can_manage_gift_cards", "organizer/dummy/giftcard/1/", 404),
|
||||
("can_manage_gift_cards", "organizer/dummy/giftcard/1/edit", 404),
|
||||
("can_change_organizer_settings", "organizer/dummy/giftcards/acceptance", 200),
|
||||
("can_change_organizer_settings", "organizer/dummy/giftcards/acceptance/invite", 200),
|
||||
("organizer.teams:write", "organizer/dummy/teams", 200),
|
||||
("organizer.teams:write", "organizer/dummy/team/add", 200),
|
||||
("organizer.teams:write", "organizer/dummy/team/1/", 200),
|
||||
("organizer.teams:write", "organizer/dummy/team/1/edit", 200),
|
||||
("organizer.teams:write", "organizer/dummy/team/1/delete", 200),
|
||||
("organizer.settings.general:write", "organizer/dummy/edit", 200),
|
||||
("organizer.settings.general:write", "organizer/dummy/settings/plugins", 200),
|
||||
("organizer.settings.general:write", "organizer/dummy/settings/plugins/pretix.plugins.sendmail/events", 200),
|
||||
("organizer.settings.general:write", "organizer/dummy/settings/email", 200),
|
||||
("organizer.settings.general:write", "organizer/dummy/settings/email/setup", 200),
|
||||
("organizer.settings.general:write", "organizer/dummy/devices", 200),
|
||||
("organizer.settings.general:write", "organizer/dummy/devices/select2", 200),
|
||||
("organizer.settings.general:write", "organizer/dummy/device/add", 200),
|
||||
("organizer.settings.general:write", "organizer/dummy/device/1/edit", 404),
|
||||
("organizer.settings.general:write", "organizer/dummy/device/1/connect", 404),
|
||||
("organizer.settings.general:write", "organizer/dummy/device/1/revoke", 404),
|
||||
("organizer.settings.general:write", "organizer/dummy/gates", 200),
|
||||
("organizer.settings.general:write", "organizer/dummy/gates/select2", 200),
|
||||
("organizer.settings.general:write", "organizer/dummy/gate/add", 200),
|
||||
("organizer.settings.general:write", "organizer/dummy/gate/1/edit", 404),
|
||||
("organizer.settings.general:write", "organizer/dummy/gate/1/delete", 404),
|
||||
("organizer.settings.general:write", "organizer/dummy/properties", 200),
|
||||
("organizer.settings.general:write", "organizer/dummy/property/add", 200),
|
||||
("organizer.settings.general:write", "organizer/dummy/property/1/edit", 404),
|
||||
("organizer.settings.general:write", "organizer/dummy/property/1/delete", 404),
|
||||
("organizer.settings.general:write", "organizer/dummy/channels", 200),
|
||||
("organizer.settings.general:write", "organizer/dummy/channel/add", 200),
|
||||
("organizer.settings.general:write", "organizer/dummy/channel/web/edit", 200),
|
||||
("organizer.settings.general:write", "organizer/dummy/channel/web/delete", 200),
|
||||
("organizer.settings.general:write", "organizer/dummy/membershiptypes", 200),
|
||||
("organizer.settings.general:write", "organizer/dummy/membershiptype/add", 200),
|
||||
("organizer.settings.general:write", "organizer/dummy/membershiptype/1/edit", 404),
|
||||
("organizer.settings.general:write", "organizer/dummy/membershiptype/1/delete", 404),
|
||||
("organizer.settings.general:write", "organizer/dummy/ssoproviders", 200),
|
||||
("organizer.settings.general:write", "organizer/dummy/ssoprovider/add", 200),
|
||||
("organizer.settings.general:write", "organizer/dummy/ssoprovider/1/edit", 404),
|
||||
("organizer.settings.general:write", "organizer/dummy/ssoprovider/1/delete", 404),
|
||||
("organizer.customers:write", "organizer/dummy/customers", 200),
|
||||
("organizer.customers:write", "organizer/dummy/customer/ABC/edit", 404),
|
||||
("organizer.customers:write", "organizer/dummy/customer/ABC/anonymize", 404),
|
||||
("organizer.customers:write", "organizer/dummy/customer/ABC/membership/add", 404),
|
||||
("organizer.customers:write", "organizer/dummy/customer/ABC/membership/1/edit", 404),
|
||||
("organizer.customers:write", "organizer/dummy/customer/ABC/", 404),
|
||||
("organizer.reusablemedia:read", "organizer/dummy/reusable_media", 200),
|
||||
("organizer.reusablemedia:write", "organizer/dummy/reusable_media/1/edit", 404),
|
||||
("organizer.reusablemedia:read", "organizer/dummy/reusable_media/1/", 404),
|
||||
("organizer.giftcards:read", "organizer/dummy/giftcards", 200),
|
||||
("organizer.giftcards:write", "organizer/dummy/giftcard/add", 200),
|
||||
("organizer.giftcards:read", "organizer/dummy/giftcard/1/", 404),
|
||||
("organizer.giftcards:write", "organizer/dummy/giftcard/1/edit", 404),
|
||||
("organizer.settings.general:write", "organizer/dummy/giftcards/acceptance", 200),
|
||||
("organizer.settings.general:write", "organizer/dummy/giftcards/acceptance/invite", 200),
|
||||
|
||||
# bank transfer
|
||||
("can_change_orders", "organizer/dummy/banktransfer/import/", 200),
|
||||
("can_change_orders", "organizer/dummy/banktransfer/job/1/", 404),
|
||||
("can_change_orders", "organizer/dummy/banktransfer/action/", 200),
|
||||
("can_change_orders", "organizer/dummy/banktransfer/refunds/", 200),
|
||||
("can_change_orders", "organizer/dummy/banktransfer/export/1/", 404),
|
||||
("can_change_orders", "organizer/dummy/banktransfer/sepa-export/1/", 404),
|
||||
("event.orders:write", "organizer/dummy/banktransfer/import/", 200),
|
||||
("event.orders:write", "organizer/dummy/banktransfer/job/1/", 404),
|
||||
("event.orders:write", "organizer/dummy/banktransfer/action/", 200),
|
||||
("event.orders:write", "organizer/dummy/banktransfer/refunds/", 200),
|
||||
("event.orders:write", "organizer/dummy/banktransfer/export/1/", 404),
|
||||
("event.orders:write", "organizer/dummy/banktransfer/sepa-export/1/", 404),
|
||||
]
|
||||
|
||||
|
||||
|
||||
@@ -231,9 +231,9 @@ def test_create_team(event, admin_user, admin_team, client):
|
||||
client.login(email='dummy@dummy.dummy', password='dummy')
|
||||
client.post('/control/organizer/dummy/team/add', {
|
||||
'name': 'Foo',
|
||||
'can_create_events': 'on',
|
||||
'organizer.events:create': 'on',
|
||||
'limit_events': str(event.pk),
|
||||
'can_change_event_settings': 'on'
|
||||
'event.settings.general:write': 'on'
|
||||
}, follow=True)
|
||||
with scopes_disabled():
|
||||
t = Team.objects.last()
|
||||
@@ -249,9 +249,9 @@ def test_update_team(event, admin_user, admin_team, client):
|
||||
client.login(email='dummy@dummy.dummy', password='dummy')
|
||||
client.post('/control/organizer/dummy/team/{}/edit'.format(admin_team.pk), {
|
||||
'name': 'Admin',
|
||||
'can_change_teams': 'on',
|
||||
'organizer.teams:write': 'on',
|
||||
'limit_events': str(event.pk),
|
||||
'can_change_event_settings': 'on'
|
||||
'event.settings.general:write': 'on'
|
||||
}, follow=True)
|
||||
admin_team.refresh_from_db()
|
||||
assert admin_team.can_change_event_settings
|
||||
@@ -265,7 +265,7 @@ def test_update_last_team_to_be_no_admin(event, admin_user, admin_team, client):
|
||||
client.login(email='dummy@dummy.dummy', password='dummy')
|
||||
resp = client.post('/control/organizer/dummy/team/{}/edit'.format(admin_team.pk), {
|
||||
'name': 'Admin',
|
||||
'can_change_event_settings': 'on'
|
||||
'event.settings.general:write': 'on'
|
||||
}, follow=True)
|
||||
assert 'alert-danger' in resp.content.decode()
|
||||
|
||||
|
||||
Reference in New Issue
Block a user