Remove redundant ObjectPermissionViewTestCase

netbox/netbox/tests/test_authentication.py

@@ -168,356 +168,6 @@ class ExternalAuthenticationTestCase(TestCase):
         self.assertTrue(new_user.has_perms(['dcim.add_site', 'dcim.change_site']))
 
 
-class ObjectPermissionViewTestCase(TestCase):
-
-    @classmethod
-    def setUpTestData(cls):
-
-        cls.sites = (
-            Site(name='Site 1', slug='site-1'),
-            Site(name='Site 2', slug='site-2'),
-            Site(name='Site 3', slug='site-3'),
-        )
-        Site.objects.bulk_create(cls.sites)
-
-        cls.prefixes = (
-            Prefix(prefix=IPNetwork('10.0.0.0/24'), site=cls.sites[0]),
-            Prefix(prefix=IPNetwork('10.0.1.0/24'), site=cls.sites[0]),
-            Prefix(prefix=IPNetwork('10.0.2.0/24'), site=cls.sites[0]),
-            Prefix(prefix=IPNetwork('10.0.3.0/24'), site=cls.sites[1]),
-            Prefix(prefix=IPNetwork('10.0.4.0/24'), site=cls.sites[1]),
-            Prefix(prefix=IPNetwork('10.0.5.0/24'), site=cls.sites[1]),
-            Prefix(prefix=IPNetwork('10.0.6.0/24'), site=cls.sites[2]),
-            Prefix(prefix=IPNetwork('10.0.7.0/24'), site=cls.sites[2]),
-            Prefix(prefix=IPNetwork('10.0.8.0/24'), site=cls.sites[2]),
-        )
-        Prefix.objects.bulk_create(cls.prefixes)
-
-    @override_settings(EXEMPT_VIEW_PERMISSIONS=[])
-    def test_get_object(self):
-
-        # Attempt to retrieve object without permission
-        response = self.client.get(self.prefixes[0].get_absolute_url())
-        self.assertHttpStatus(response, 403)
-
-        # Assign object permission
-        obj_perm = ObjectPermission(
-            constraints={'site__name': 'Site 1'},
-            actions=['view']
-        )
-        obj_perm.save()
-        obj_perm.users.add(self.user)
-        obj_perm.object_types.add(ContentType.objects.get_for_model(Prefix))
-
-        # Retrieve permitted object
-        response = self.client.get(self.prefixes[0].get_absolute_url())
-        self.assertHttpStatus(response, 200)
-
-        # Attempt to retrieve non-permitted object
-        response = self.client.get(self.prefixes[3].get_absolute_url())
-        self.assertHttpStatus(response, 404)
-
-    @override_settings(EXEMPT_VIEW_PERMISSIONS=[])
-    def test_list_objects(self):
-
-        # Attempt to list objects without permission
-        response = self.client.get(reverse('ipam:prefix_list'))
-        self.assertHttpStatus(response, 403)
-
-        # Assign object permission
-        obj_perm = ObjectPermission(
-            constraints={'site__name': 'Site 1'},
-            actions=['view']
-        )
-        obj_perm.save()
-        obj_perm.users.add(self.user)
-        obj_perm.object_types.add(ContentType.objects.get_for_model(Prefix))
-
-        # Retrieve all objects. Only permitted objects should be returned.
-        response = self.client.get(reverse('ipam:prefix_list'))
-        self.assertHttpStatus(response, 200)
-        self.assertIn(str(self.prefixes[0].prefix), str(response.content))
-        self.assertNotIn(str(self.prefixes[3].prefix), str(response.content))
-
-    @override_settings(EXEMPT_VIEW_PERMISSIONS=[])
-    def test_create_object(self):
-        initial_count = Prefix.objects.count()
-        form_data = {
-            'prefix': '10.0.9.0/24',
-            'site': self.sites[1].pk,
-            'status': PrefixStatusChoices.STATUS_ACTIVE,
-        }
-
-        # Attempt to create an object without permission
-        request = {
-            'path': reverse('ipam:prefix_add'),
-            'data': form_data,
-            'follow': False,  # Do not follow 302 redirects
-        }
-        response = self.client.post(**request)
-        self.assertHttpStatus(response, 403)
-        self.assertEqual(initial_count, Prefix.objects.count())
-
-        # Assign object permission
-        obj_perm = ObjectPermission(
-            constraints={'site__name': 'Site 1'},
-            actions=['view', 'add']
-        )
-        obj_perm.save()
-        obj_perm.users.add(self.user)
-        obj_perm.object_types.add(ContentType.objects.get_for_model(Prefix))
-
-        # Attempt to create a non-permitted object
-        request = {
-            'path': reverse('ipam:prefix_add'),
-            'data': form_data,
-            'follow': True,  # Follow 302 redirects
-        }
-        response = self.client.post(**request)
-        self.assertHttpStatus(response, 200)
-        self.assertEqual(Prefix.objects.count(), initial_count)
-
-        # Create a permitted object
-        form_data['site'] = self.sites[0].pk
-        request = {
-            'path': reverse('ipam:prefix_add'),
-            'data': form_data,
-            'follow': True,  # Follow 302 redirects
-        }
-        response = self.client.post(**request)
-        self.assertHttpStatus(response, 200)
-        self.assertEqual(Prefix.objects.count(), initial_count + 1)
-
-    @override_settings(EXEMPT_VIEW_PERMISSIONS=[])
-    def test_edit_object(self):
-        form_data = {
-            'prefix': '10.0.9.0/24',
-            'site': self.sites[0].pk,
-            'status': PrefixStatusChoices.STATUS_RESERVED,
-        }
-
-        # Attempt to edit an object without permission
-        request = {
-            'path': reverse('ipam:prefix_edit', kwargs={'pk': self.prefixes[0].pk}),
-            'data': form_data,
-            'follow': False,  # Do not follow 302 redirects
-        }
-        response = self.client.post(**request)
-        self.assertHttpStatus(response, 403)
-
-        # Assign object permission
-        obj_perm = ObjectPermission(
-            constraints={'site__name': 'Site 1'},
-            actions=['view', 'change']
-        )
-        obj_perm.save()
-        obj_perm.users.add(self.user)
-        obj_perm.object_types.add(ContentType.objects.get_for_model(Prefix))
-
-        # Attempt to edit a non-permitted object
-        request = {
-            'path': reverse('ipam:prefix_edit', kwargs={'pk': self.prefixes[3].pk}),
-            'data': form_data,
-            'follow': True,  # Follow 302 redirects
-        }
-        response = self.client.post(**request)
-        self.assertHttpStatus(response, 404)
-
-        # Edit a permitted object
-        request = {
-            'path': reverse('ipam:prefix_edit', kwargs={'pk': self.prefixes[0].pk}),
-            'data': form_data,
-            'follow': True,  # Follow 302 redirects
-        }
-        response = self.client.post(**request)
-        self.assertHttpStatus(response, 200)
-        prefix = Prefix.objects.get(pk=self.prefixes[0].pk)
-        self.assertEqual(prefix.status, PrefixStatusChoices.STATUS_RESERVED)
-
-    @override_settings(EXEMPT_VIEW_PERMISSIONS=[])
-    def test_delete_object(self):
-        form_data = {
-            'confirm': True
-        }
-
-        # Attempt to delete object without permission
-        request = {
-            'path': reverse('ipam:prefix_delete', kwargs={'pk': self.prefixes[0].pk}),
-            'data': form_data,
-        }
-        response = self.client.post(**request)
-        self.assertHttpStatus(response, 403)
-
-        # Assign object permission
-        obj_perm = ObjectPermission(
-            constraints={'site__name': 'Site 1'},
-            actions=['view', 'delete']
-        )
-        obj_perm.save()
-        obj_perm.users.add(self.user)
-        obj_perm.object_types.add(ContentType.objects.get_for_model(Prefix))
-
-        # Delete permitted object
-        request = {
-            'path': reverse('ipam:prefix_delete', kwargs={'pk': self.prefixes[0].pk}),
-            'data': form_data,
-            'follow': True,  # Follow 302 redirects
-        }
-        response = self.client.post(**request)
-        self.assertHttpStatus(response, 200)
-        self.assertFalse(Prefix.objects.filter(pk=self.prefixes[0].pk).exists())
-
-        # Attempt to delete non-permitted object
-        request = {
-            'path': reverse('ipam:prefix_delete', kwargs={'pk': self.prefixes[3].pk}),
-            'data': form_data,
-            'follow': True,  # Follow 302 redirects
-        }
-        response = self.client.post(**request)
-        self.assertHttpStatus(response, 404)
-        self.assertTrue(Prefix.objects.filter(pk=self.prefixes[3].pk).exists())
-
-    @override_settings(EXEMPT_VIEW_PERMISSIONS=[])
-    def test_bulk_import_objects(self):
-        initial_count = Prefix.objects.count()
-        form_data = {
-            'csv': "prefix,status,site\n"
-                   "10.0.9.0/24,Active,Site 1\n"
-                   "10.0.10.0/24,Active,Site 2\n"
-                   "10.0.11.0/24,Active,Site 3\n",
-        }
-
-        # Attempt to import objects without permission
-        request = {
-            'path': reverse('ipam:prefix_import'),
-            'data': form_data,
-        }
-        response = self.client.post(**request)
-        self.assertHttpStatus(response, 403)
-        self.assertEqual(initial_count, Prefix.objects.count())
-
-        # Assign object permission
-        obj_perm = ObjectPermission(
-            constraints={'site__name': 'Site 1'},
-            actions=['add']
-        )
-        obj_perm.save()
-        obj_perm.users.add(self.user)
-        obj_perm.object_types.add(ContentType.objects.get_for_model(Prefix))
-
-        # Attempt to create non-permitted objects
-        request = {
-            'path': reverse('ipam:prefix_import'),
-            'data': form_data,
-        }
-        response = self.client.post(**request)
-        self.assertHttpStatus(response, 200)
-        self.assertEqual(Prefix.objects.count(), initial_count)
-
-        # Create a permitted object
-        form_data = {
-            'csv': "prefix,status,site\n"
-                   "10.0.9.0/24,Active,Site 1\n"
-                   "10.0.10.0/24,Active,Site 1\n"
-                   "10.0.11.0/24,Active,Site 1\n",
-        }
-        request = {
-            'path': reverse('ipam:prefix_import'),
-            'data': form_data,
-        }
-        response = self.client.post(**request)
-        self.assertHttpStatus(response, 200)
-        self.assertEqual(Prefix.objects.count(), initial_count + 3)
-
-    @override_settings(EXEMPT_VIEW_PERMISSIONS=[])
-    def test_bulk_edit_objects(self):
-        form_data = {
-            'pk': [p.pk for p in self.prefixes],
-            'status': 'reserved',
-            '_apply': True,
-        }
-
-        # Attempt to edit objects without permission
-        request = {
-            'path': reverse('ipam:prefix_bulk_edit'),
-            'data': form_data,
-        }
-        response = self.client.post(**request)
-        self.assertHttpStatus(response, 403)
-
-        # Assign object permission
-        obj_perm = ObjectPermission(
-            constraints={'site__name': 'Site 1'},
-            actions=['change']
-        )
-        obj_perm.save()
-        obj_perm.users.add(self.user)
-        obj_perm.object_types.add(ContentType.objects.get_for_model(Prefix))
-
-        # Attempt to edit non-permitted objects
-        request = {
-            'path': reverse('ipam:prefix_bulk_edit'),
-            'data': form_data,
-        }
-        response = self.client.post(**request)
-        self.assertHttpStatus(response, 302)
-        self.assertEqual(Prefix.objects.get(pk=self.prefixes[3].pk).status, 'active')
-
-        # Edit permitted objects
-        form_data['pk'] = [p.pk for p in self.prefixes[:3]]
-        request = {
-            'path': reverse('ipam:prefix_bulk_edit'),
-            'data': form_data,
-        }
-        response = self.client.post(**request)
-        self.assertHttpStatus(response, 302)
-        self.assertEqual(Prefix.objects.get(pk=self.prefixes[0].pk).status, 'reserved')
-
-    @override_settings(EXEMPT_VIEW_PERMISSIONS=[])
-    def test_bulk_delete_objects(self):
-        form_data = {
-            'pk': [p.pk for p in self.prefixes],
-            'confirm': True,
-            '_confirm': True,
-        }
-
-        # Attempt to delete objects without permission
-        request = {
-            'path': reverse('ipam:prefix_bulk_delete'),
-            'data': form_data,
-        }
-        response = self.client.post(**request)
-        self.assertHttpStatus(response, 403)
-
-        # Assign object permission
-        obj_perm = ObjectPermission(
-            constraints={'site__name': 'Site 1'},
-            actions=['view', 'delete']
-        )
-        obj_perm.save()
-        obj_perm.users.add(self.user)
-        obj_perm.object_types.add(ContentType.objects.get_for_model(Prefix))
-
-        # Attempt to delete non-permitted object
-        request = {
-            'path': reverse('ipam:prefix_bulk_delete'),
-            'data': form_data,
-        }
-        response = self.client.post(**request)
-        self.assertHttpStatus(response, 200)
-        self.assertTrue(Prefix.objects.filter(pk=self.prefixes[3].pk).exists())
-
-        # Delete permitted objects
-        form_data['pk'] = [p.pk for p in self.prefixes[:3]]
-        request = {
-            'path': reverse('ipam:prefix_bulk_delete'),
-            'data': form_data,
-        }
-        response = self.client.post(**request)
-        self.assertHttpStatus(response, 302)
-        self.assertFalse(Prefix.objects.filter(pk=self.prefixes[0].pk).exists())
-
-
 class ObjectPermissionAPIViewTestCase(TestCase):
     client_class = APIClient