Merge branch '1706028676-113' into 'master'

[#113] Bugfix: dashboard Closes #113 See merge request !17

Merge branch '1706028676-113' into 'master'
[#113] Bugfix: dashboard Closes #113 See merge request !17
ecadc079 · Steven Kusuman · 8fd552b9 · 0044d8e4 · ecadc079 · ecadc079
Commit ecadc079 authored Oct 08, 2020 by Steven Kusuman
--- a/app/tests.py
+++ b/app/tests.py
@@ -365,13 +365,15 @@ class UploadPageTest(TestCase):
        self.client = Client()
        self.user = User.objects._create_user(email="kontributor@gov.id",
                                              password="kontributor", is_contributor=True)
+        self.admin = User.objects.create_admin(email="admin@gov.id",
+                                               password="admin")

    def test_upload_page_using_login_func(self):
        found = resolve("/unggah/")
        self.assertEqual(found.func.__name__,
                         UploadMateriView.as_view().__name__)

-    def test_uplaod_page_url_is_exist(self):
+    def test_upload_page_url_is_exist(self):
        # Positive test
        self.client.login(email="kontributor@gov.id",
                          password="kontributor")
@@ -384,6 +386,18 @@ class UploadPageTest(TestCase):
        response = Client().get("/fake/")
        self.assertEqual(response.status_code, 404)

+    def test_upload_page_url_admin_doesnt_exist(self):        
+        self.client.login(email="admin@gov.id",
+                          password="admin")
+        response = self.client.get("/unggah/")
+        self.assertEqual(response.status_code, 403)
+
+    def test_upload_page_url_admin_cant_upload(self):        
+        self.client.login(email="admin@gov.id",
+                          password="admin")
+        response = self.client.post("/unggah/")
+        self.assertEqual(response.status_code, 403)
+
    def test_upload_page_template(self):
        url = "/unggah/"
        self.client.login(email="kontributor@gov.id",

--- a/app/views.py
+++ b/app/views.py
@@ -282,7 +282,7 @@ class UploadMateriView(TemplateView):
        return context

    def post(self, request, *args, **kwargs):
-        if request.user.is_authenticated == False:
+        if request.user.is_authenticated == False or not request.user.is_contributor:
            raise PermissionDenied(request)
        form = UploadMateriForm(request.POST, request.FILES)
        if form.is_valid():
@@ -308,8 +308,9 @@ class UploadMateriView(TemplateView):
            return self.render_to_response(context)

    def get(self, request, *args, **kwargs):
-        if request.user.is_authenticated == False:
+        if request.user.is_authenticated == False or not request.user.is_contributor:
            raise PermissionDenied(request)
+        
        context = self.get_context_data(**kwargs)
        context["form"] = UploadMateriForm
        return self.render_to_response(context)