zydronium/manage.get.gov
1
0
Fork 0
mirror of https://github.com/cisagov/manage.get.gov.git synced 2025-07-20 09:46:06 +02:00
Code Issues Projects Releases Packages Wiki Activity

Expose users in django admin for CISA Analysts while hiding uuids

Browse source
This commit is contained in:
rachidatecs 2023-07-07 11:01:15 -04:00
parent bf93ea7a28
commit 52dc04c1ac
No known key found for this signature in database
GPG key ID: 3CEBBFA7325E5525
5 changed files with 112 additions and 37 deletions
Download patch file Download diff file Expand all files Collapse all files

80
src/registrar/tests/test_admin.py
View file

@ -1,8 +1,8 @@
from django.test import TestCase, RequestFactory, Client
from django.contrib.admin.sites import AdminSite
from registrar.admin import DomainApplicationAdmin, ListHeaderAdmin
from registrar.admin import DomainApplicationAdmin, ListHeaderAdmin, MyUserAdmin
from registrar.models import DomainApplication, DomainInformation, User
from .common import completed_application, mock_user
from .common import completed_application, mock_user, create_superuser, create_user
from django.contrib.auth import get_user_model
from django.conf import settings
@ -14,21 +14,9 @@ class TestDomainApplicationAdmin(TestCase):
def setUp(self):
self.site = AdminSite()
self.factory = RequestFactory()
self.admin = ListHeaderAdmin(model=DomainApplication, admin_site=None)
self.client = Client(HTTP_HOST="localhost:8080")
username = "admin"
first_name = "First"
last_name = "Last"
email = "info@example.com"
p = "adminpassword"
User = get_user_model()
self.superuser = User.objects.create_superuser(
username=username,
first_name=first_name,
last_name=last_name,
email=email,
password=p,
)
# self.admin = ListHeaderAdmin(model=DomainApplication, admin_site=None)
# self.client = Client(HTTP_HOST="localhost:8080")
# self.superuser = create_superuser(self)
@boto3_mocking.patching
def test_save_model_sends_submitted_email(self):
@ -179,10 +167,23 @@ class TestDomainApplicationAdmin(TestCase):
DomainInformation.objects.get(id=application.pk).delete()
application.delete()
def tearDown(self):
DomainApplication.objects.all().delete()
User.objects.all().delete()
class ListHeaderAdminTest(TestCase):
def setUp(self):
self.site = AdminSite()
self.factory = RequestFactory()
self.admin = ListHeaderAdmin(model=DomainApplication, admin_site=None)
self.client = Client(HTTP_HOST="localhost:8080")
self.superuser = create_superuser(self)
def test_changelist_view(self):
# Have to get creative to get past linter
p = "adminpassword"
self.client.login(username="admin", password=p)
p = "adminpass"
self.client.login(username="superuser", password=p)
# Mock a user
user = mock_user()
@ -240,7 +241,44 @@ class TestDomainApplicationAdmin(TestCase):
)
def tearDown(self):
# delete any applications too
DomainApplication.objects.all().delete()
User.objects.all().delete()
self.superuser.delete()
class MyUserAdminTest(TestCase):
def setUp(self):
admin_site = AdminSite()
self.admin = MyUserAdmin(model=get_user_model(), admin_site=admin_site)
def test_list_display_without_username(self):
request = self.client.request().wsgi_request
request.user = create_user(self)
list_display = self.admin.get_list_display(request)
expected_list_display = (
"email",
"first_name",
"last_name",
"is_staff",
"is_superuser",
)
self.assertEqual(list_display, expected_list_display)
self.assertNotIn("username", list_display)
def test_get_fieldsets_superuser(self):
request = self.client.request().wsgi_request
request.user = create_superuser(self)
fieldsets = self.admin.get_fieldsets(request)
expected_fieldsets = super(MyUserAdmin, self.admin).get_fieldsets(request)
self.assertEqual(fieldsets, expected_fieldsets)
def test_get_fieldsets_non_superuser(self):
request = self.client.request().wsgi_request
request.user = create_user(self)
fieldsets = self.admin.get_fieldsets(request)
expected_fieldsets = ((None, {"fields": []}),)
self.assertEqual(fieldsets, expected_fieldsets)
def tearDown(self):
User.objects.all().delete()