Integrate django-scopes (#1319)

* Install django-scopes * Fix tests.api * Update tasks and cronjobs * Fix remaining tests * Remove unused import * Fix tests after rebase * Disable scopes for get_Events_with_any_permission * Disable scopes for a management command
2026-05-05 15:14:04 +00:00 · 2019-06-17 10:46:55 +02:00
parent b1db5dbb3e
commit d85ddb5bda
130 changed files with 6253 additions and 4509 deletions
--- a/src/tests/control/test_teams.py
+++ b/src/tests/control/test_teams.py
@@ -1,6 +1,7 @@
 import pytest
 from django.core import mail as djmail
 from django.utils.timezone import now
+from django_scopes import scopes_disabled

 from pretix.base.models import Event, Organizer, Team, User

@@ -35,15 +36,15 @@ def admin_user(admin_team):
 def test_list_of_teams(event, admin_user, client):
    client.login(email='dummy@dummy.dummy', password='dummy')
    resp = client.get('/control/organizer/dummy/teams')
-    assert 'Admin team' in resp.rendered_content
+    assert 'Admin team' in resp.content.decode()


@pytest.mark.django_db
 def test_team_detail_view(event, admin_user, admin_team, client):
    client.login(email='dummy@dummy.dummy', password='dummy')
    resp = client.get('/control/organizer/dummy/team/{}/'.format(admin_team.pk))
-    assert 'Admin team' in resp.rendered_content
-    assert admin_user.email in resp.rendered_content
+    assert 'Admin team' in resp.content.decode()
+    assert admin_user.email in resp.content.decode()


@pytest.mark.django_db
@@ -55,10 +56,11 @@ def test_team_add_user(event, admin_user, admin_team, client):
    resp = client.post('/control/organizer/dummy/team/{}/'.format(admin_team.pk), {
        'user': u.email
    }, follow=True)
-    assert 'Admin team' in resp.rendered_content
-    assert admin_user.email in resp.rendered_content
-    assert u.email in resp.rendered_content
-    assert u in admin_team.members.all()
+    assert 'Admin team' in resp.content.decode()
+    assert admin_user.email in resp.content.decode()
+    assert u.email in resp.content.decode()
+    with scopes_disabled():
+        assert u in admin_team.members.all()


@pytest.mark.django_db
@@ -69,10 +71,11 @@ def test_team_create_invite(event, admin_user, admin_team, client):
    resp = client.post('/control/organizer/dummy/team/{}/'.format(admin_team.pk), {
        'user': 'foo@example.org'
    }, follow=True)
-    assert 'Admin team' in resp.rendered_content
-    assert admin_user.email in resp.rendered_content
-    assert 'foo@example.org' in resp.rendered_content
-    assert admin_team.invites.first().email == 'foo@example.org'
+    assert 'Admin team' in resp.content.decode()
+    assert admin_user.email in resp.content.decode()
+    assert 'foo@example.org' in resp.content.decode()
+    with scopes_disabled():
+        assert admin_team.invites.first().email == 'foo@example.org'
    assert len(djmail.outbox) == 1


@@ -84,21 +87,23 @@ def test_team_create_token(event, admin_user, admin_team, client):
    resp = client.post('/control/organizer/dummy/team/{}/'.format(admin_team.pk), {
        'name': 'Test token'
    }, follow=True)
-    assert 'Test token' in resp.rendered_content
-    assert admin_team.tokens.first().name == 'Test token'
-    assert admin_team.tokens.first().token in resp.rendered_content
+    assert 'Test token' in resp.content.decode()
+    with scopes_disabled():
+        assert admin_team.tokens.first().name == 'Test token'
+        assert admin_team.tokens.first().token in resp.content.decode()


@pytest.mark.django_db
 def test_team_remove_token(event, admin_user, admin_team, client):
    client.login(email='dummy@dummy.dummy', password='dummy')

-    tk = admin_team.tokens.create(name='Test token')
+    with scopes_disabled():
+        tk = admin_team.tokens.create(name='Test token')
    resp = client.post('/control/organizer/dummy/team/{}/'.format(admin_team.pk), {
        'remove-token': str(tk.pk)
    }, follow=True)
-    assert tk.token not in resp.rendered_content
-    assert 'Test token' in resp.rendered_content
+    assert tk.token not in resp.content.decode()
+    assert 'Test token' in resp.content.decode()
    tk.refresh_from_db()
    assert not tk.active

@@ -112,9 +117,9 @@ def test_team_resend_invite(event, admin_user, admin_team, client):
    resp = client.post('/control/organizer/dummy/team/{}/'.format(admin_team.pk), {
        'resend-invite': str(inv.pk)
    }, follow=True)
-    assert 'Admin team' in resp.rendered_content
-    assert admin_user.email in resp.rendered_content
-    assert 'foo@example.org' in resp.rendered_content
+    assert 'Admin team' in resp.content.decode()
+    assert admin_user.email in resp.content.decode()
+    assert 'foo@example.org' in resp.content.decode()
    assert len(djmail.outbox) == 1


@@ -122,13 +127,15 @@ def test_team_resend_invite(event, admin_user, admin_team, client):
 def test_team_revoke_invite(event, admin_user, admin_team, client):
    client.login(email='dummy@dummy.dummy', password='dummy')

-    inv = admin_team.invites.create(email='foo@example.org')
+    with scopes_disabled():
+        inv = admin_team.invites.create(email='foo@example.org')
    resp = client.post('/control/organizer/dummy/team/{}/'.format(admin_team.pk), {
        'remove-invite': str(inv.pk)
    }, follow=True)
-    assert 'Admin team' in resp.rendered_content
-    assert admin_user.email in resp.rendered_content
-    assert not admin_team.invites.exists()
+    assert 'Admin team' in resp.content.decode()
+    assert admin_user.email in resp.content.decode()
+    with scopes_disabled():
+        assert not admin_team.invites.exists()


@pytest.mark.django_db
@@ -136,14 +143,16 @@ def test_team_remove_user(event, admin_user, admin_team, client):
    client.login(email='dummy@dummy.dummy', password='dummy')

    u = User.objects.create_user('dummy2@dummy.dummy', 'dummy')
-    admin_team.members.add(u)
+    with scopes_disabled():
+        admin_team.members.add(u)

    resp = client.post('/control/organizer/dummy/team/{}/'.format(admin_team.pk), {
        'remove-member': u.pk
    }, follow=True)
-    assert 'Admin team' in resp.rendered_content
-    assert admin_user.email in resp.rendered_content
-    assert u not in admin_team.members.all()
+    assert 'Admin team' in resp.content.decode()
+    assert admin_user.email in resp.content.decode()
+    with scopes_disabled():
+        assert u not in admin_team.members.all()


@pytest.mark.django_db
@@ -153,30 +162,34 @@ def test_team_remove_last_admin(event, admin_user, admin_team, client):
    resp = client.post('/control/organizer/dummy/team/{}/'.format(admin_team.pk), {
        'remove-member': admin_user.pk
    }, follow=True)
-    assert 'alert-danger' in resp.rendered_content
-    assert admin_user in admin_team.members.all()
+    assert 'alert-danger' in resp.content.decode()
+    with scopes_disabled():
+        assert admin_user in admin_team.members.all()

    t2 = Team.objects.create(organizer=event.organizer, name='Admin team 2')
    resp = client.post('/control/organizer/dummy/team/{}/'.format(admin_team.pk), {
        'remove-member': admin_user.pk
    }, follow=True)
-    assert 'alert-danger' in resp.rendered_content
-    assert admin_user in admin_team.members.all()
+    assert 'alert-danger' in resp.content.decode()
+    with scopes_disabled():
+        assert admin_user in admin_team.members.all()

    t2.members.add(admin_user)
    resp = client.post('/control/organizer/dummy/team/{}/'.format(admin_team.pk), {
        'remove-member': admin_user.pk
    }, follow=True)
-    assert 'alert-danger' in resp.rendered_content
-    assert admin_user in admin_team.members.all()
+    assert 'alert-danger' in resp.content.decode()
+    with scopes_disabled():
+        assert admin_user in admin_team.members.all()

    t2.can_change_teams = True
    t2.save()
    resp = client.post('/control/organizer/dummy/team/{}/'.format(admin_team.pk), {
        'remove-member': admin_user.pk
    }, follow=True)
-    assert 'alert-danger' not in resp.rendered_content
-    assert admin_user not in admin_team.members.all()
+    assert 'alert-danger' not in resp.content.decode()
+    with scopes_disabled():
+        assert admin_user not in admin_team.members.all()


@pytest.mark.django_db
@@ -188,12 +201,13 @@ def test_create_team(event, admin_user, admin_team, client):
        'limit_events': str(event.pk),
        'can_change_event_settings': 'on'
    }, follow=True)
-    t = Team.objects.last()
-    assert t.can_change_event_settings
-    assert t.can_create_events
-    assert not t.can_change_organizer_settings
-    assert list(t.limit_events.all()) == [event]
-    assert list(t.members.all()) == [admin_user]
+    with scopes_disabled():
+        t = Team.objects.last()
+        assert t.can_change_event_settings
+        assert t.can_create_events
+        assert not t.can_change_organizer_settings
+        assert list(t.limit_events.all()) == [event]
+        assert list(t.members.all()) == [admin_user]


@pytest.mark.django_db
@@ -208,7 +222,8 @@ def test_update_team(event, admin_user, admin_team, client):
    admin_team.refresh_from_db()
    assert admin_team.can_change_event_settings
    assert not admin_team.can_change_organizer_settings
-    assert list(admin_team.limit_events.all()) == [event]
+    with scopes_disabled():
+        assert list(admin_team.limit_events.all()) == [event]


@pytest.mark.django_db
@@ -218,17 +233,19 @@ def test_update_last_team_to_be_no_admin(event, admin_user, admin_team, client):
        'name': 'Admin',
        'can_change_event_settings': 'on'
    }, follow=True)
-    assert 'alert-danger' in resp.rendered_content
+    assert 'alert-danger' in resp.content.decode()


@pytest.mark.django_db
 def test_remove_team(event, admin_user, admin_team, client):
    client.login(email='dummy@dummy.dummy', password='dummy')

-    t2 = Team.objects.create(organizer=event.organizer, name='Admin team 2')
+    with scopes_disabled():
+        t2 = Team.objects.create(organizer=event.organizer, name='Admin team 2')
    resp = client.post('/control/organizer/dummy/team/{}/delete'.format(t2.pk), {}, follow=True)
-    assert Team.objects.count() == 1
-    assert 'alert-success' in resp.rendered_content
+    with scopes_disabled():
+        assert Team.objects.count() == 1
+    assert 'alert-success' in resp.content.decode()


@pytest.mark.django_db
@@ -236,8 +253,9 @@ def test_remove_last_admin_team(event, admin_user, admin_team, client):
    client.login(email='dummy@dummy.dummy', password='dummy')

    resp = client.post('/control/organizer/dummy/team/{}/delete'.format(admin_team.pk), {}, follow=True)
-    assert Team.objects.count() == 1
-    assert 'alert-danger' in resp.rendered_content
+    with scopes_disabled():
+        assert Team.objects.count() == 1
+    assert 'alert-danger' in resp.content.decode()


@pytest.mark.django_db
@@ -245,7 +263,8 @@ def test_resend_invalid_invite(event, admin_user, admin_team, client):
    client.login(email='dummy@dummy.dummy', password='dummy')
    djmail.outbox = []

-    inv = admin_team.invites.create(email='foo@example.org')
+    with scopes_disabled():
+        inv = admin_team.invites.create(email='foo@example.org')
    resp = client.post('/control/organizer/dummy/team/{}/'.format(admin_team.pk), {
        'resend-invite': inv.pk + 1
    }, follow=True)
@@ -256,7 +275,8 @@ def test_resend_invalid_invite(event, admin_user, admin_team, client):

@pytest.mark.django_db
 def test_invite_invalid_token(event, admin_team, client):
-    i = admin_team.invites.create(email='foo@bar.com')
+    with scopes_disabled():
+        i = admin_team.invites.create(email='foo@bar.com')
    resp = client.get('/control/invite/foo{}bar'.format(i.token), follow=True)
    assert b'alert-danger' in resp.content
    assert b'invalid link' in resp.content
@@ -265,9 +285,10 @@ def test_invite_invalid_token(event, admin_team, client):
@pytest.mark.django_db
 def test_invite_existing_team_member(event, admin_team, client):
    u = User.objects.create_user('dummy2@dummy.dummy', 'dummy')
-    admin_team.members.add(u)
-    client.login(email='dummy2@dummy.dummy', password='dummy')
-    i = admin_team.invites.create(email='foo@bar.com')
+    with scopes_disabled():
+        admin_team.members.add(u)
+        client.login(email='dummy2@dummy.dummy', password='dummy')
+        i = admin_team.invites.create(email='foo@bar.com')
    resp = client.get('/control/invite/{}'.format(i.token), follow=True)
    assert b'alert-danger' in resp.content
    assert b'already are part of' in resp.content
@@ -277,16 +298,19 @@ def test_invite_existing_team_member(event, admin_team, client):
 def test_invite_authenticated(event, admin_team, client):
    u = User.objects.create_user('dummy2@dummy.dummy', 'dummy')
    client.login(email='dummy2@dummy.dummy', password='dummy')
-    i = admin_team.invites.create(email='foo@bar.com')
+    with scopes_disabled():
+        i = admin_team.invites.create(email='foo@bar.com')
    resp = client.get('/control/invite/{}'.format(i.token), follow=True)
    assert b'alert-success' in resp.content
-    assert u in admin_team.members.all()
-    assert not admin_team.invites.exists()
+    with scopes_disabled():
+        assert u in admin_team.members.all()
+        assert not admin_team.invites.exists()


@pytest.mark.django_db
 def test_invite_new_user(event, admin_team, client):
-    i = admin_team.invites.create(email='foo@bar.com')
+    with scopes_disabled():
+        i = admin_team.invites.create(email='foo@bar.com')
    resp = client.get('/control/invite/{}'.format(i.token), follow=True)
    assert b'<form' in resp.content
    resp = client.post('/control/invite/{}'.format(i.token), {
@@ -296,5 +320,6 @@ def test_invite_new_user(event, admin_team, client):
    }, follow=True)

    assert b'alert-success' in resp.content
-    assert admin_team.members.filter(email='dummy@example.org').exists()
-    assert not admin_team.invites.exists()
+    with scopes_disabled():
+        assert admin_team.members.filter(email='dummy@example.org').exists()
+        assert not admin_team.invites.exists()