Gitiles
Code Review Sign In
gerrit-public.fairphone.software / tools / hiccup / hiccup-server / 0b1aa8c786dbddd68c1c64d2446b28de19de1067^! / .
commit0b1aa8c786dbddd68c1c64d2446b28de19de1067[log] [tgz]
authorMitja Nikolaus <mitja@fairphone.com>Fri Sep 14 15:33:29 2018 +0200
committerMitja Nikolaus <mitja@fairphone.com>Thu Oct 04 17:43:44 2018 +0000
treea9cbcab19f36872accdd997949f5fe3313851688
parent7e41c9194cc46ad33d92aaa54e427ea378782fc0 [diff]
Refactor crashreport stats view permissions

Align authorization permissions with the rest of the stats API:
Not only users of the correct group are authorized but also admin
users.

This change fixes some tests that now do not need to be skipped
anymore.

Issue: HIC-204
Change-Id: If82b9156e84f78f8dbe7c1a930c7bf8c3941e7e2

diff --git a/crashreport_stats/tests/test_views.py b/crashreport_stats/tests/test_views.py
index c188d23..0965f75 100644
--- a/crashreport_stats/tests/test_views.py
+++ b/crashreport_stats/tests/test_views.py

@@ -31,9 +31,6 @@
     def _get_with_params(self, url, params):
         return self.fp_staff_client.get(self._url_with_params(url, params))
 
-    @unittest.skip(
-        "Fails because the view is currently not accessible for admin users."
-    )
     def test_home_view_as_admin(self):
         """Test that admin users can access the home view."""
         self._assert_get_as_admin_user_succeeds(self.home_url)
@@ -56,9 +53,6 @@
             self.home_url, expected_status=status.HTTP_302_FOUND
         )
 
-    @unittest.skip(
-        "Fails because the view is currently not accessible for admin users."
-    )
     def test_device_view_as_admin(self):
         """Test that admin users can access the device view."""
         self._assert_get_as_admin_user_succeeds(
@@ -95,9 +89,6 @@
             expected_status=status.HTTP_302_FOUND,
         )
 
-    @unittest.skip(
-        "Fails because the view is currently not accessible for admin users."
-    )
     def test_versions_view_as_admin(self):
         """Test that admin users can access the versions view."""
         self._assert_get_as_admin_user_succeeds(self.versions_url)
@@ -120,9 +111,6 @@
             self.versions_url, expected_status=status.HTTP_302_FOUND
         )
 
-    @unittest.skip(
-        "Fails because the view is currently not accessible for admin users."
-    )
     def test_versions_all_view_as_admin(self):
         """Test that admin users can access the versions all view."""
         self._assert_get_as_admin_user_succeeds(self.versions_all_url)
@@ -145,9 +133,6 @@
             self.versions_all_url, expected_status=status.HTTP_302_FOUND
         )
 
-    @unittest.skip(
-        "Fails because the view is currently not accessible for admin users."
-    )
     def test_home_view_post_as_admin_user(self):
         """Test HTTP POST method to home view as admin user."""
         response = self.admin.post(

diff --git a/crashreport_stats/tests/utils.py b/crashreport_stats/tests/utils.py
index 983a976..f1b9d92 100644
--- a/crashreport_stats/tests/utils.py
+++ b/crashreport_stats/tests/utils.py

@@ -338,7 +338,7 @@
             "somebody", "somebody@example.com", "thepassword"
         )
         cls.admin = APIClient()
-        cls.admin.force_authenticate(admin_user)
+        cls.admin.force_login(admin_user)
 
         fp_staff_group = Group(name=FP_STAFF_GROUP_NAME)
         fp_staff_group.save()

diff --git a/crashreport_stats/views.py b/crashreport_stats/views.py
index 58e3261..07691df 100644
--- a/crashreport_stats/views.py
+++ b/crashreport_stats/views.py

@@ -8,11 +8,7 @@
 from django.urls import reverse
 
 from crashreports.models import Device
-
-
-def is_fairphone_staff(user):
-    """Check if the user is part of the FairphoneSoftwareTeam group."""
-    return user.groups.filter(name="FairphoneSoftwareTeam").exists()
+from crashreports.permissions import user_is_hiccup_staff
 
 
 class DeviceUUIDForm(forms.Form):
@@ -21,7 +17,7 @@
     uuid = forms.CharField(label="Device UUID:", max_length=100)
 
 
-@user_passes_test(is_fairphone_staff)
+@user_passes_test(user_is_hiccup_staff)
 def device_stats(request):
     """Respond with statistics for a specific device."""
     template = loader.get_template("crashreport_stats/device.html")
@@ -31,21 +27,21 @@
     return HttpResponse(template.render({"uuid": uuid}, request))
 
 
-@user_passes_test(is_fairphone_staff)
+@user_passes_test(user_is_hiccup_staff)
 def versions_all_overview(request):
     """Respond with the distribution of official release versions."""
     template = loader.get_template("crashreport_stats/versions.html")
     return HttpResponse(template.render({"is_official_release": "1"}, request))
 
 
-@user_passes_test(is_fairphone_staff)
+@user_passes_test(user_is_hiccup_staff)
 def versions_overview(request):
     """Respond with the distribution of non-official release versions."""
     template = loader.get_template("crashreport_stats/versions.html")
     return HttpResponse(template.render({"is_official_release": "2"}, request))
 
 
-@user_passes_test(is_fairphone_staff)
+@user_passes_test(user_is_hiccup_staff)
 def home(request):
     """Respond with a form for searching devices by UUID.