12589 fix tests

2025-08-25 08:46:10 -06:00 · 2023-06-23 08:26:31 -07:00 · 2023-06-23 08:26:31 -07:00 · 53b19980a1
commit 53b19980a1
parent 98ac45ec3c
3 changed files with 29 additions and 4 deletions
--- a/netbox/netbox/authentication.py
+++ b/netbox/netbox/authentication.py
@ -94,6 +94,7 @@ class ObjectPermissionMixin:

    def has_perm(self, user_obj, perm, obj=None):
        app_label, action, model_name = resolve_permission(perm)
+        # breakpoint()

        # Superusers implicitly have all permissions
        if user_obj.is_active and user_obj.is_superuser:
--- a/netbox/users/views.py
+++ b/netbox/users/views.py
@ -375,6 +375,15 @@ class NetBoxUserView(generic.ObjectView):
            'active_tab': 'user',
        }

+    def dispatch(self, request, *args, **kwargs):
+        return super().dispatch(request, *args, **kwargs)
+
+    def get(self, request, *args, **kwargs):
+        return super().get(request, *args, **kwargs)
+
+    def post(self, request, *args, **kwargs):
+        return super().post(request, *args, **kwargs)
+

@register_model_view(NetBoxUser, 'edit')
 class NetBoxUserEditView(generic.ObjectEditView):
--- a/netbox/utilities/testing/views.py
+++ b/netbox/utilities/testing/views.py
@ -1,5 +1,6 @@
 import csv

+from django.conf import settings
 from django.contrib.contenttypes.models import ContentType
 from django.core.exceptions import ObjectDoesNotExist
 from django.db.models import ForeignKey
@ -64,8 +65,15 @@ class ViewTestCases:
        def test_get_object_anonymous(self):
            # Make the request as an unauthenticated user
            self.client.logout()
-            response = self.client.get(self._get_queryset().first().get_absolute_url())
-            self.assertHttpStatus(response, 200)
+            ct = ContentType.objects.get_for_model(self.model)
+            if (ct.app_label, ct.model) in settings.EXEMPT_EXCLUDE_MODELS:
+                # Models listed in EXEMPT_EXCLUDE_MODELS should not be accessible to anonymous users
+                with disable_warnings('django.request'):
+                    response = self.client.get(self._get_queryset().first().get_absolute_url())
+                    self.assertHttpStatus(response, 302)
+            else:
+                response = self.client.get(self._get_queryset().first().get_absolute_url())
+                self.assertHttpStatus(response, 200)

        @override_settings(EXEMPT_VIEW_PERMISSIONS=[])
        def test_get_object_without_permission(self):
@ -407,8 +415,15 @@ class ViewTestCases:
        def test_list_objects_anonymous(self):
            # Make the request as an unauthenticated user
            self.client.logout()
-            response = self.client.get(self._get_url('list'))
-            self.assertHttpStatus(response, 200)
+            ct = ContentType.objects.get_for_model(self.model)
+            if (ct.app_label, ct.model) in settings.EXEMPT_EXCLUDE_MODELS:
+                # Models listed in EXEMPT_EXCLUDE_MODELS should not be accessible to anonymous users
+                with disable_warnings('django.request'):
+                    response = self.client.get(self._get_url('list'))
+                    self.assertHttpStatus(response, 302)
+            else:
+                response = self.client.get(self._get_url('list'))
+                self.assertHttpStatus(response, 200)

        @override_settings(EXEMPT_VIEW_PERMISSIONS=[])
        def test_list_objects_without_permission(self):