add test for demoting last management group

ephios-dev · Aug 28, 2023 · 9fdc1b8 · 9fdc1b8
1 parent ddd0c7e
commit 9fdc1b8
Show file tree

Hide file tree

Showing 3 changed files with 49 additions and 8 deletions.
diff --git a/ephios/core/forms/users.py b/ephios/core/forms/users.py
@@ -178,7 +178,7 @@ def __init__(self, **kwargs):
 
     def clean_is_management_group(self):
         is_management_group = self.cleaned_data["is_management_group"]
-        if self.initial.get("is_management_group", False) and not is_management_group:
+        if self.fields["is_management_group"].initial and not is_management_group:
             other_management_groups = get_groups_with_perms(
                 only_with_perms_in=CORE_MANAGEMENT_PERMISSIONS,
                 must_have_all_perms=True,

diff --git a/tests/core/test_views_group.py b/tests/core/test_views_group.py
@@ -3,6 +3,9 @@
 from django.urls import reverse
 from guardian.shortcuts import get_group_perms
 
+from ephios.core.forms.users import CORE_MANAGEMENT_PERMISSIONS
+from ephios.extra.permissions import get_groups_with_perms
+
 
 class TestGroupView:
     def test_group_list_permission_required(self, django_app, volunteer):
@@ -79,9 +82,16 @@ def test_group_create_with_permissions(self, django_app, groups, manager):
         assert group.permissions.filter(codename="view_group").exists()
 
     def test_group_edit(self, django_app, groups, manager):
-        group = manager.groups.first()
+        managers, planners, volunteers = groups
+        # promote planning group to management group, so we can delete the management group
+        form = django_app.get(
+            reverse("core:group_edit", kwargs={"pk": planners.id}), user=manager
+        ).form
+        form["is_management_group"] = True
+        form.submit()
+
         form = django_app.get(
-            reverse("core:group_edit", kwargs={"pk": group.id}), user=manager
+            reverse("core:group_edit", kwargs={"pk": managers.id}), user=manager
         ).form
         group_name = "New name"
         form["name"] = group_name
@@ -91,12 +101,12 @@ def test_group_edit(self, django_app, groups, manager):
         form["publish_event_for_group"].select_multiple(texts=["Volunteers"])
         response = form.submit()
         assert response.status_code == 302
-        group.refresh_from_db()
-        assert group.name == group_name
-        assert set(group.user_set.all()) == {manager}
-        assert not group.permissions.filter(codename="add_event").exists()
+        managers.refresh_from_db()
+        assert managers.name == group_name
+        assert set(managers.user_set.all()) == {manager}
+        assert not managers.permissions.filter(codename="add_event").exists()
         assert "publish_event_for_group" not in get_group_perms(
-            group, Group.objects.get(name="Volunteers")
+            managers, Group.objects.get(name="Volunteers")
         )
 
     def test_group_delete(self, django_app, groups, manager):
@@ -122,3 +132,20 @@ def test_cannot_delete_last_management_group(self, django_app, groups, manager):
         assert response.status_code == 200
         assert "least one group with management permissions" in response.text
         assert Group.objects.filter(name="Managers").exists()
+
+    def test_management_perms_cannot_be_removed_from_last_management_group(
+        self, django_app, superuser, groups
+    ):
+        group = Group.objects.get(name="Managers")
+        form = django_app.get(
+            reverse("core:group_edit", kwargs={"pk": group.id}),
+            user=superuser,
+            status=200,
+        ).form
+        form["is_management_group"] = False
+        response = form.submit()
+        assert response.status_code == 200
+        assert "least one group with management permissions must exist" in response.text
+        assert Group.objects.get(name="Managers") in get_groups_with_perms(
+            only_with_perms_in=CORE_MANAGEMENT_PERMISSIONS, must_have_all_perms=True
+        )
diff --git a/tests/extra/test_permissions.py b/tests/extra/test_permissions.py
@@ -1,3 +1,5 @@
+import pytest
+
 from ephios.core.forms.users import CORE_MANAGEMENT_PERMISSIONS
 from ephios.extra.permissions import get_groups_with_perms
 
@@ -22,3 +24,15 @@ def test_querying_get_groups_with_perms(groups, event):
         must_have_all_perms=True,
     )
     assert set(management_groups_by_list) == {managers}
+
+    management_groups_by_list = get_groups_with_perms(
+        only_with_perms_in=["core.view_event", "core.change_event"],
+        must_have_all_perms=False,
+    )
+    assert set(management_groups_by_list) == {managers}
+
+    with pytest.raises(ValueError):
+        # view_event is not a specific enough to identify a permission
+        get_groups_with_perms(
+            only_with_perms_in=["view_event"],
+        )