[英]How to test that a view is only accessed by staff users in Django
我正在Django中学习测试,并且有一个要测试的视图。 此视图只能由工作人员用户访问。 假设视图是:
def staff_users(request):
....
# some logic
return HttpResponseRedirect('/repositories/')
如果请求来自工作人员用户,则应将其重定向到存储库,否则我应该会得到诸如permission denied 。 我从tests.py类的东西开始。
def test_request_object(self):
self.user = User.objects.create_user(
username='abc', email='abc@gmail.com', password='1234')
request = HttpRequest()
# User send a request to access repositories
response = staff_users(request)
self.assertIsNone(response)
问题出在这里,我没有将我的请求对象与任何用户相关联,我也from django.contrib.admin.views.decorators import staff_member_required了解了from django.contrib.admin.views.decorators import staff_member_required但不确定如何在这里使用它们。 谁能告诉我该如何测试我的view仅应由staff users ?
您需要做的就是decorate您要保护的视图,如下所示:
@staff_member_required
def staff_users(request):
....
# some logic
return HttpResponseRedirect('/repositories/')
如果您想使用自定义逻辑进行测试而不是使用django装饰器,则也可以编写自己的装饰器。
def staff_users_only(function):
def wrap(request, *args, **kwargs):
profile = request.session['user_profile']
if profile is True: #then its a staff member
return function(request, *args, **kwargs)
else:
return HttpResponseRedirect('/')
wrap.__doc__=function.__doc__
wrap.__name__=function.__name__
return wrap
并将其用作:
@staff_users_only
def staff_users(request):
....
# some logic
return HttpResponseRedirect('/repositories/')
编辑
可以按以下方式完成请求对象上会话的关联:
def test_request_object(self):
self.user = User.objects.create_user(
username='abc', email='abc@gmail.com', password='1234')
request = HttpRequest()
#create a session which will hold the user profile that will be used in by our custom decorator
request.session = {} #Session middleware is not available in UnitTest hence create a blank dictionary for testing purpose
request.session['user_profile'] = self.user.is_staff #assuming its django user.
# User send a request to access repositories
response = staff_users(request)
#Check the response type for appropriate action
self.assertIsNone(response)
编辑2
使用django Client库进行测试也是一个更好的主意:
>>> from django.test import Client
>>> c = Client()
>>> response = c.post('/login/', {'username': 'abc', 'password': '1234'})
>>> response.status_code
200
>>> response = c.get('/user/protected-page/')
>>> response.content
b'<!DOCTYPE html...
需要限制员工用户的访问权限,只能查看和编辑他们在 django admin 中输入的数据
[英]Need to restrict the access for staff users to view and edit only their inputted data in django admin
如何限制员工用户在 Django 管理页面中仅查看他们的信息?
[英]How to restrict access for staff users to see only their information in Django admin page?
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.