如何测试视图是否仅由 Django 中的员工用户访问
How to test that a view is only accessed by staff users in Django
我正在学习 Django 中的测试,并且有一个我想测试的视图。此视图只能由员工用户访问。假设视图是:
def staff_users(request):
....
# some logic
return HttpResponseRedirect('/repositories/')
如果请求来自员工用户,它应该重定向到存储库,否则我应该得到类似 permission denied 的内容。我从 tests.py 中的内容开始。
def test_request_object(self):
self.user = User.objects.create_user(
username='abc', email='abc@gmail.com', password='1234')
request = HttpRequest()
# User send a request to access repositories
response = staff_users(request)
self.assertIsNone(response)
这里的问题是我没有将我的请求对象与任何用户相关联,我也了解了 from django.contrib.admin.views.decorators import staff_member_required 但不确定如何在这里使用它们。谁能告诉我应该如何测试我的 view 应该只被 staff users 访问?
您只需decorate您想要保护的视图,如下所示:
@staff_member_required
def staff_users(request):
....
# some logic
return HttpResponseRedirect('/repositories/')
如果您想要自定义测试逻辑而不是使用 django 装饰器,那么您也可以编写自己的装饰器。
def staff_users_only(function):
def wrap(request, *args, **kwargs):
profile = request.session['user_profile']
if profile is True: #then its a staff member
return function(request, *args, **kwargs)
else:
return HttpResponseRedirect('/')
wrap.__doc__=function.__doc__
wrap.__name__=function.__name__
return wrap
并将其用作:
@staff_users_only
def staff_users(request):
....
# some logic
return HttpResponseRedirect('/repositories/')
编辑
sessions 与测试请求对象的关联可以按以下方式完成:
def test_request_object(self):
self.user = User.objects.create_user(
username='abc', email='abc@gmail.com', password='1234')
request = HttpRequest()
#create a session which will hold the user profile that will be used in by our custom decorator
request.session = {} #Session middleware is not available in UnitTest hence create a blank dictionary for testing purpose
request.session['user_profile'] = self.user.is_staff #assuming its django user.
# User send a request to access repositories
response = staff_users(request)
#Check the response type for appropriate action
self.assertIsNone(response)
编辑 2
此外,使用 django Client 库进行测试会是一个更好的主意:
>>> from django.test import Client
>>> c = Client()
>>> response = c.post('/login/', {'username': 'abc', 'password': '1234'})
>>> response.status_code
200
>>> response = c.get('/user/protected-page/')
>>> response.content
b'<!DOCTYPE html...
我正在学习 Django 中的测试,并且有一个我想测试的视图。此视图只能由员工用户访问。假设视图是:
def staff_users(request):
....
# some logic
return HttpResponseRedirect('/repositories/')
如果请求来自员工用户,它应该重定向到存储库,否则我应该得到类似 permission denied 的内容。我从 tests.py 中的内容开始。
def test_request_object(self):
self.user = User.objects.create_user(
username='abc', email='abc@gmail.com', password='1234')
request = HttpRequest()
# User send a request to access repositories
response = staff_users(request)
self.assertIsNone(response)
这里的问题是我没有将我的请求对象与任何用户相关联,我也了解了 from django.contrib.admin.views.decorators import staff_member_required 但不确定如何在这里使用它们。谁能告诉我应该如何测试我的 view 应该只被 staff users 访问?
您只需decorate您想要保护的视图,如下所示:
@staff_member_required
def staff_users(request):
....
# some logic
return HttpResponseRedirect('/repositories/')
如果您想要自定义测试逻辑而不是使用 django 装饰器,那么您也可以编写自己的装饰器。
def staff_users_only(function):
def wrap(request, *args, **kwargs):
profile = request.session['user_profile']
if profile is True: #then its a staff member
return function(request, *args, **kwargs)
else:
return HttpResponseRedirect('/')
wrap.__doc__=function.__doc__
wrap.__name__=function.__name__
return wrap
并将其用作:
@staff_users_only
def staff_users(request):
....
# some logic
return HttpResponseRedirect('/repositories/')
编辑
sessions 与测试请求对象的关联可以按以下方式完成:
def test_request_object(self):
self.user = User.objects.create_user(
username='abc', email='abc@gmail.com', password='1234')
request = HttpRequest()
#create a session which will hold the user profile that will be used in by our custom decorator
request.session = {} #Session middleware is not available in UnitTest hence create a blank dictionary for testing purpose
request.session['user_profile'] = self.user.is_staff #assuming its django user.
# User send a request to access repositories
response = staff_users(request)
#Check the response type for appropriate action
self.assertIsNone(response)
编辑 2
此外,使用 django Client 库进行测试会是一个更好的主意:
>>> from django.test import Client
>>> c = Client()
>>> response = c.post('/login/', {'username': 'abc', 'password': '1234'})
>>> response.status_code
200
>>> response = c.get('/user/protected-page/')
>>> response.content
b'<!DOCTYPE html...