can't change user permissions during unittest in django
Asked Answered
E

1

10

I've finally decided to make some tests for my apps but I'm stuck on testing if a user can change another user (depends on the type of the user -- I use django-rules to be able to do logical permission checks, but this is not important)

Here's the code I have so far

class RulesAndPermissionsTests(TestCase):
    fixtures = ['auth_no_permissions.json', 'profiles.json', 'rules.json']

    def setUp(self):
        self.c = Client()
        self.user = User.objects.get(username="estagiario")
        self.non_staff = User.objects.get(username="fisica")
        self.admin = User.objects.get(username="admin")
        login = self.c.login(username='estagiario', password='estagiario')

    def test_can_change_non_staff_users(self):
        self.assertFalse(self.user.has_perm('logical_change_user', self.non_staff.profile)) # can't change non staff users without permission

        # now add the permission and test it again
        self.user.user_permissions.add(Permission.objects.get(codename='change_user'))
        print self.user.get_all_permissions() # prints set([])
        self.assertTrue(self.user.has_perm('logical_change_user', self.non_staff.profile))

Even after adding the permission, my user still has no permissions. Is this because I'm not allowed to create anything during the tests (is this a bad practice?)? Or does django cache the permissions somehow? If I add the permission at setUp it works, but I wanted to change it during the same test (testing with and without the permission).

Thanks in advance!

Esotropia answered 11/4, 2012 at 9:4 Comment(0)
O
25

If you look at the source code for the ModelBackend, you can see that Django does cache the permissions on the user object.

You could try wiping the cache, but that could break your tests if the caching mechanism changes in future. The easiest thing to do is to refetch the user from the database in your test.

from django.contrib.auth.models import Permission

def test_can_change_non_staff_users(self):
    self.assertFalse(self.user.has_perm('logical_change_user', self.non_staff.profile)) # can't change non staff users without permission

    # now add the permission and test it again
    self.user.user_permissions.add(Permission.objects.get(codename='change_user'))

    # refetch user from the database
    self.user = User.objects.get(pk=self.user.pk)
    print self.user.get_all_permissions() # should now include new permission
    self.assertTrue(self.user.has_perm('logical_change_user', self.non_staff.profile))
Orenorenburg answered 11/4, 2012 at 9:30 Comment(2)
many thanks! silly me, I tried relogging the user but didn't try refetching the user. is it a bad practice to add permission during the testcase? thanks!Esotropia
I think you're ok to add the permission during the test case, I don't think it's bad practice.Orenorenburg

© 2022 - 2024 — McMap. All rights reserved.