[tests] Added tests

pandafy · pandafy · commit 679d8bc82b95 · 2025-05-27T00:11:09.000+05:30
diff --git a/openwisp_users/multitenancy.py b/openwisp_users/multitenancy.py
@@ -66,7 +66,7 @@ def _has_org_permission(self, request, obj, perm_func):
         associated with specific organizations.
         """
         perm = perm_func(request, obj)
-        if not request.user.is_superuser and obj and hasattr(obj, 'organization_id'):
+        if not request.user.is_superuser and obj and hasattr(obj, "organization_id"):
             perm = perm and (
                 obj.organization_id
                 and str(obj.organization_id) in request.user.organizations_managed
diff --git a/openwisp_users/tests/utils.py b/openwisp_users/tests/utils.py
@@ -1,10 +1,13 @@
 from datetime import date
 
+import django
 from django.contrib.auth import get_user_model
 from django.contrib.auth.models import Permission
 from django.urls import reverse
 from swapper import load_model
 
+from openwisp_users.multitenancy import SHARED_SYSTEMWIDE_LABEL
+
 Organization = load_model("openwisp_users", "Organization")
 OrganizationOwner = load_model("openwisp_users", "OrganizationOwner")
 OrganizationUser = load_model("openwisp_users", "OrganizationUser")
@@ -236,9 +239,82 @@ def _test_recoverlist_operator_403(self, app_label, model_label):
         )
         self.assertEqual(response.status_code, 403)
 
-    def _get_autocomplete_view_path(self, app_label, model_name, field_name):
+    def _test_org_admin_create_shareable_object(
+        self, path, payload, model, expected_count=0, error_message=None, user=None
+    ):
+        """
+        Verifies a non-superuser cannot create a shareable object
+        """
+        if not user:
+            user = self._create_administrator(organizations=[self._get_org()])
+        self.client.force_login(user)
+        response = self.client.post(
+            path,
+            data=payload,
+            follow=True,
+        )
+        error_message = error_message or (
+            '<div class="form-row errors field-organization">\n'
+            '            <ul class="errorlist"{}>'
+            "<li>This field is required.</li></ul>"
+        ).format(' id="id_organization_error"' if django.VERSION >= (5, 2) else "")
+        self.assertContains(response, error_message)
+        self.assertEqual(model.objects.count(), expected_count)
+
+    def _test_org_admin_view_shareable_object(
+        self, path, user=None, expected_element=None
+    ):
+        """
+        Verifies a non-superuser can view a shareable object
+        """
+        if not user:
+            user = self._create_administrator(organizations=[self._get_org()])
+        self.client.force_login(user)
+        response = self.client.get(path, follow=True)
+        self.assertEqual(response.status_code, 200)
+        if not expected_element:
+            expected_element = (
+                '<div class="form-row field-organization">\n\n\n<div>\n\n'
+                '<div class="flex-container">\n\n'
+                "<label>Organization:</label>\n\n"
+                '<div class="readonly">-</div>\n\n\n'
+                "</div>\n\n</div>\n\n\n</div>"
+            )
+        self.assertContains(response, expected_element, html=True)
+
+    def _test_object_organization_fk_autocomplete_view(
+        self,
+        model,
+    ):
+        app_label = model._meta.app_label
+        model_name = model._meta.model_name
+        path = self._get_autocomplete_view_path(app_label, model_name, "organization")
+        org = self._get_org()
+        admin = User.objects.filter(is_superuser=True).first()
+        if not admin:
+            admin = self._create_admin()
+        org_admin = self._create_administrator(organizations=[org])
+
+        with self.subTest("Org admin should only see their own org"):
+            self.client.force_login(org_admin)
+            response = self.client.get(path)
+            self.assertEqual(response.status_code, 200)
+            self.assertContains(response, org.name)
+            self.assertNotContains(response, SHARED_SYSTEMWIDE_LABEL)
+
+        with self.subTest("Superuser should see all orgs and shared label"):
+            self.client.force_login(admin)
+            response = self.client.get(path)
+            self.assertEqual(response.status_code, 200)
+            self.assertContains(response, org.name)
+            self.assertContains(response, SHARED_SYSTEMWIDE_LABEL)
+
+    def _get_autocomplete_view_path(
+        self, app_label, model_name, field_name, is_filter=False
+    ):
         path = reverse("admin:ow-auto-filter")
         return (
             f"{path}?app_label={app_label}"
             f"&model_name={model_name}&field_name={field_name}"
+            "{}".format("&is_filter=true" if is_filter else "")
         )
diff --git a/openwisp_users/views.py b/openwisp_users/views.py
@@ -43,5 +43,5 @@ def get_empty_label(self):
 
     def get_allow_null(self):
         if self.object_list.model == Organization:
-            return self.request.user.is_superuser or self.request.GET.get('is_filter')
+            return self.request.user.is_superuser or self.request.GET.get("is_filter")
         return super().get_allow_null()
diff --git a/tests/testapp/tests/test_admin.py b/tests/testapp/tests/test_admin.py
@@ -1,12 +1,11 @@
 import os
 
-import django
 from django.contrib.auth import get_user_model
 from django.test import TestCase
 from django.urls import reverse
 from swapper import load_model
 
-from openwisp_users.tests.utils import TestOrganizationMixin
+from openwisp_users.tests.utils import TestMultitenantAdminMixin, TestOrganizationMixin
 
 from ..models import Template
 
@@ -45,30 +44,42 @@ def test_accounts_login(self):
         )
 
 
-class TestTemplateAdmin(TestOrganizationMixin, TestCase):
+class TestTemplateAdmin(TestMultitenantAdminMixin, TestCase):
+    def _create_template(self, **kwargs):
+        if "organization" not in kwargs:
+            kwargs["organization"] = self._get_org()
+        options = {
+            "name": "test-template",
+        }
+        options.update(kwargs)
+        template = Template(**options)
+        template.full_clean()
+        template.save()
+        return template
+
     def test_org_admin_create_shareable_template(self):
-        administrator = self._create_administrator()
-        self.client.force_login(administrator)
-        response = self.client.post(
+        self._test_org_admin_create_shareable_object(
             reverse("admin:testapp_template_add"),
-            data={
+            payload={
                 "name": "test-template",
                 "organization": "",
             },
-            follow=True,
+            model=Template,
         )
-        self.assertContains(
-            response,
-            (
-                '<div class="form-row errors field-organization">\n'
-                '            <ul class="errorlist"{}>'
-                "<li>This field is required.</li></ul>"
-            ).format(' id="id_organization_error"' if django.VERSION >= (5, 2) else ""),
+
+    def test_template_organization_autocomplete_view(self):
+        self._test_object_organization_fk_autocomplete_view(
+            Template,
+        )
+
+    def test_org_admin_view_shared_template(self):
+        template = self._create_template(organization=None)
+        self._test_org_admin_view_shareable_object(
+            reverse("admin:testapp_template_change", args=(template.id,)),
         )
-        self.assertEqual(Template.objects.count(), 0)
 
     def test_superuser_create_shareable_template(self):
-        admin = self._create_admin()
+        admin = self._get_admin()
         self.client.force_login(admin)
         response = self.client.post(
             reverse("admin:testapp_template_add"),
diff --git a/tests/testapp/tests/test_selenium.py b/tests/testapp/tests/test_selenium.py
@@ -24,13 +24,17 @@ def setUp(self):
         )
 
     def _test_multitenant_autocomplete_org_field(
-        self, username, password, path, visible, hidden
+        self,
+        username,
+        password,
+        path,
+        visible,
+        hidden,
+        select2_selector="#select2-id_organization-container",
     ):
         self.login(username=username, password=password)
         self.open(path)
-        self.web_driver.find_element(
-            By.CSS_SELECTOR, "#select2-id_organization-container"
-        ).click()
+        self.web_driver.find_element(By.CSS_SELECTOR, select2_selector).click()
         WebDriverWait(self.web_driver, 2).until(
             EC.invisibility_of_element_located(
                 (By.CSS_SELECTOR, ".select2-results__option.loading-results")
@@ -143,3 +147,30 @@ def test_shelf_add_form_organization_field(self):
             self.assertEqual(len(org_select.all_selected_options), 1)
             self.assertEqual(org_select.first_selected_option.text, org1.name)
         self.logout()
+
+    def test_organization_autocomplete_filter(self):
+        """
+        The autocomplete_filter should show option to filter
+        shared objects to non-superuser.
+        """
+        path = reverse("admin:testapp_shelf_changelist")
+        org1 = self._create_org(name="org1")
+        administrator = self._create_administrator(
+            organizations=[org1], username="tester", password="tester"
+        )
+        administrator.user_permissions.add(
+            *Permission.objects.filter(
+                Q(codename__contains="shelf") | Q(codename="view_organization")
+            ).values_list("id", flat=True),
+        )
+        self._test_multitenant_autocomplete_org_field(
+            path=path,
+            username="tester",
+            password="tester",
+            visible=[org1.name, "Shared systemwide (no organization)"],
+            hidden=list(
+                Organization.objects.exclude(id=org1.id).values_list("name", flat=True)
+            ),
+            select2_selector="#select2-id-organization-dal-filter-container",
+        )
+        self.logout()
