From be6a077c8e57b0146a053b26f2ba4af0b1d2e2f8 Mon Sep 17 00:00:00 2001 From: imperosol Date: Wed, 18 Dec 2024 14:13:39 +0100 Subject: [PATCH] fix access to the subscription page --- core/models.py | 6 ++---- subscription/tests/test_new_susbcription.py | 15 +++++++++++---- 2 files changed, 13 insertions(+), 8 deletions(-) diff --git a/core/models.py b/core/models.py index 7a9d3a46c..2d578d6db 100644 --- a/core/models.py +++ b/core/models.py @@ -530,10 +530,8 @@ def can_read_subscription_history(self): @cached_property def can_create_subscription(self) -> bool: - from club.models import Membership - - return ( - Membership.objects.board() + return self.is_root or ( + self.memberships.board() .ongoing() .filter(club_id__in=settings.SITH_CAN_CREATE_SUBSCRIPTIONS) .exists() diff --git a/subscription/tests/test_new_susbcription.py b/subscription/tests/test_new_susbcription.py index 8ea51d685..ccdff4075 100644 --- a/subscription/tests/test_new_susbcription.py +++ b/subscription/tests/test_new_susbcription.py @@ -90,13 +90,20 @@ def test_form_new_user(settings: SettingsWrapper): @pytest.mark.django_db @pytest.mark.parametrize( - "user_factory", [lambda: baker.make(User, is_superuser=True), board_user.make] + ("user_factory", "status_code"), + [ + (lambda: baker.make(User, is_superuser=True), 200), + (board_user.make, 200), + (subscriber_user.make, 403), + ], ) -def test_load_page(client: Client, user_factory: Callable[[], User]): - """Just check the page doesn't crash.""" +def test_page_access( + client: Client, user_factory: Callable[[], User], status_code: int +): + """Check that only authorized users may access this page.""" client.force_login(user_factory()) res = client.get(reverse("subscription:subscription")) - assert res.status_code == 200 + assert res.status_code == status_code @pytest.mark.django_db