Skip to content

Commit

Permalink
wip
Browse files Browse the repository at this point in the history
  • Loading branch information
SamDudley committed Oct 8, 2024
1 parent 1c80937 commit e573a98
Show file tree
Hide file tree
Showing 4 changed files with 44 additions and 9 deletions.
4 changes: 2 additions & 2 deletions staff/models.py
Original file line number Diff line number Diff line change
Expand Up @@ -11,7 +11,7 @@ def __str__(self) -> str:
return f"{self.employee_no} - {self.first_name} {self.last_name}"


class StaffForecast(models.QuerySet):
class StaffForecastQuerySet(models.QuerySet):
pass


Expand All @@ -24,7 +24,7 @@ class Meta:
)
]

objects = StaffForecast.as_manager()
objects = StaffForecastQuerySet.as_manager()

staff = models.ForeignKey(Staff, models.PROTECT, related_name="forecast")
year = models.ForeignKey("core.FinancialYear", models.PROTECT)
Expand Down
3 changes: 0 additions & 3 deletions staff/tests.py

This file was deleted.

30 changes: 30 additions & 0 deletions staff/tests/test_views.py
Original file line number Diff line number Diff line change
@@ -0,0 +1,30 @@
import pytest

from django.contrib.auth import get_user_model


User = get_user_model()


@pytest.fixture
def user(db, client):
user = User.objects.create_user(
username="staff.test",
email="[email protected]",
password="password",
)
user.save()
client.force_login(user)
return user


@pytest.mark.parametrize(
"url",
[
"/staff/edit-payroll/",
"/staff/debug/",
],
)
def test_only_superuser_can_access(client, user, url):
r = client.get(url)
assert r.status_code == 403
16 changes: 12 additions & 4 deletions staff/views.py
Original file line number Diff line number Diff line change
@@ -1,6 +1,8 @@
from functools import wraps
from django.http import HttpResponse, HttpRequest
from django.template.response import TemplateResponse
from django.contrib.auth.decorators import user_passes_test
from django.core.exceptions import PermissionDenied

from core.models import FinancialYear
from costcentre.models import CostCentre
Expand All @@ -10,17 +12,23 @@


# TODO: Remove once no longer needed.
def _user_is_superuser(user):
return user.is_superuser
def superuser_view(view_func):
@wraps(view_func)
def wrapper(request, *args, **kwargs):
if not request.user.is_superuser:
raise PermissionDenied
return view_func(*args, **kwargs)

return wrapper

@user_passes_test(_user_is_superuser)

@superuser_view
def edit_payroll_page(request: HttpRequest) -> HttpResponse:
context = {}
return TemplateResponse(request, "staff/page/edit_payroll.html", context)


@user_passes_test(_user_is_superuser)
@superuser_view
def staff_debug_page(request: HttpRequest) -> HttpResponse:
if request.GET.get("cost_centre"):
cost_centre = CostCentre.objects.get(pk=request.GET.get("cost_centre"))
Expand Down

0 comments on commit e573a98

Please sign in to comment.