Skip to content

Commit

Permalink
student cannot be a superuser
Browse files Browse the repository at this point in the history
  • Loading branch information
SKairinos committed Dec 15, 2023
1 parent 33d8e8b commit 8e30eda
Show file tree
Hide file tree
Showing 3 changed files with 58 additions and 27 deletions.
10 changes: 9 additions & 1 deletion codeforlife/user/migrations/0001_initial.py
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
# Generated by Django 3.2.20 on 2023-12-15 16:05
# Generated by Django 3.2.20 on 2023-12-15 17:11

from django.conf import settings
import django.core.validators
Expand Down Expand Up @@ -220,4 +220,12 @@ class Migration(migrations.Migration):
model_name='user',
constraint=models.CheckConstraint(check=models.Q(models.Q(('last_name__isnull', False), ('teacher__isnull', False)), models.Q(('last_name__isnull', True), ('student__isnull', False)), models.Q(('last_name__isnull', False), ('student__isnull', True), ('teacher__isnull', True)), _connector='OR'), name='user__last_name'),
),
migrations.AddConstraint(
model_name='user',
constraint=models.CheckConstraint(check=models.Q(('is_staff', True), ('student__isnull', False), _negated=True), name='user__is_staff'),
),
migrations.AddConstraint(
model_name='user',
constraint=models.CheckConstraint(check=models.Q(('is_superuser', True), ('student__isnull', False), _negated=True), name='user__is_superuser'),
),
]
14 changes: 14 additions & 0 deletions codeforlife/user/models/user.py
Original file line number Diff line number Diff line change
Expand Up @@ -239,6 +239,20 @@ class Meta(TypedModelMeta):
),
name="user__last_name",
),
models.CheckConstraint(
check=~Q(
student__isnull=False,
is_staff=True,
),
name="user__is_staff",
),
models.CheckConstraint(
check=~Q(
student__isnull=False,
is_superuser=True,
),
name="user__is_superuser",
),
# pylint: enable=unsupported-binary-operation
]

Expand Down
61 changes: 35 additions & 26 deletions codeforlife/user/tests/models/test_user.py
Original file line number Diff line number Diff line change
Expand Up @@ -165,10 +165,44 @@ def test_constraints__last_name__indy(self):
with self.assert_raises_integrity_error():
User.objects.create_user(
password="password",
first_name="teacher",
first_name="Indiana",
email="[email protected]",
)

def test_constraints__is_staff(self):
"""
Students cannot be a staff user.
"""

with self.assert_raises_integrity_error():
User.objects.create_user(
first_name="Indiana",
password="password",
student=Student.objects.create(
auto_gen_password="password",
klass=self.klass__AB123,
school=self.school__1,
),
is_staff=True,
)

def test_constraints__is_superuser(self):
"""
Students cannot be a super user.
"""

with self.assert_raises_integrity_error():
User.objects.create_user(
first_name="Indiana",
password="password",
student=Student.objects.create(
auto_gen_password="password",
klass=self.klass__AB123,
school=self.school__1,
),
is_superuser=True,
)

def test_objects__create(self):
"""
Cannot call objects.create.
Expand Down Expand Up @@ -263,31 +297,6 @@ def test_objects__create_superuser__teacher(self):
assert user.is_staff
assert user.is_superuser

def test_objects__create_superuser__student(self):
"""
Create a student super user.
"""

user_fields = {
"first_name": "first_name",
"password": "password",
"student": Student.objects.create(
auto_gen_password="password",
klass=self.klass__AB123,
school=self.school__1,
),
}

user = User.objects.create_superuser(
**user_fields # type: ignore[arg-type]
)
assert user.first_name == user_fields["first_name"]
assert user.password != user_fields["password"]
assert user.check_password(user_fields["password"])
assert user.student == user_fields["student"]
assert user.is_staff
assert user.is_superuser

def test_objects__create_superuser__indy(self):
"""
Create an independent super user.
Expand Down

0 comments on commit 8e30eda

Please sign in to comment.