[chores:tests] Added AdminActionPermTestMixin

openwisp_utils/tests.py

@@ -5,6 +5,7 @@
 from unittest import TextTestResult, mock
 
 from django.conf import settings
+from django.contrib.auth.models import Permission
 from django.db import DEFAULT_DB_ALIAS, connections
 from django.test.runner import DiscoverRunner
 from django.test.utils import CaptureQueriesContext
@@ -170,3 +171,86 @@ def assertNumQueries(self, num, func=None, *args, using=DEFAULT_DB_ALIAS, **kwar
 
         with context:
             func(*args, **kwargs)
+
+
+class AdminActionPermTestMixin:
+    def _test_action_permission(
+        self,
+        path,
+        action,
+        user,
+        obj,
+        message,
+        message_level='success',
+        required_perms=None,
+        extra_payload=None,
+    ):
+        all_perms = {'add', 'change', 'delete', 'view'}
+        required_perms = required_perms or all_perms
+        extra_payload = extra_payload or {}
+        self.client.force_login(user)
+        payload = {
+            '_selected_action': [obj.pk],
+            'action': action,
+            'post': 'yes',
+            **extra_payload,
+        }
+        admin_action_option = f'<option value="{action}">'
+        # Add all permissions to the user except the required permissions
+        user.user_permissions.add(
+            *Permission.objects.filter(
+                codename__in=[
+                    f'{perm}_{obj._meta.model_name}'
+                    for perm in all_perms - set(required_perms)
+                ]
+            )
+        )
+
+        with self.subTest('Test user lacks necessary permission for action'):
+            # Verify admin action option is not present on the changelist
+            response = self.client.get(path)
+            self.assertNotContains(response, admin_action_option)
+
+            # Verify action cannot be performed using forced request
+            response = self.client.post(path, data=payload, follow=True)
+            self.assertEqual(response.status_code, 200)
+            try:
+                self.assertContains(
+                    response,
+                    '<ul class="messagelist">\n'
+                    '<li class="warning">No action selected.</li>\n'
+                    '</ul>',
+                    html=True,
+                )
+            except AssertionError:
+                # If there is only one admin action available for the user,
+                # and the user lacks permission for that action, then the
+                # admin action form will not be displayed on the changelist.
+                self.assertNotContains(
+                    response, '<label>Action: <select name="action" required>'
+                )
+
+        # Add required permissions to the user
+        user.user_permissions.add(
+            *Permission.objects.filter(
+                codename__in=[
+                    f'{perm}_{obj._meta.model_name}' for perm in required_perms
+                ]
+            )
+        )
+
+        with self.subTest('Test user has necessary permission for action'):
+            # Verify admin action option is present on the changelist
+            response = self.client.get(path, follow=True)
+            self.assertContains(response, admin_action_option)
+
+            # Verify action can be performed
+            response = self.client.post(path, data=payload, follow=True)
+            self.assertEqual(response.status_code, 200)
+            self.assertContains(
+                response,
+                '<ul class="messagelist">\n'
+                f'<li class="{message_level}">{message}</li>'
+                '</ul>',
+                html=True,
+            )