debug-menu permission, closes #1068

Also added tests for navigation menu logic.
2025-12-10 16:51:24 +01:00 · 2020-10-30 08:41:57 -07:00 · 2020-10-30 08:41:57 -07:00 · 222f79bb4c
commit 222f79bb4c
parent 9f0987cb57
6 changed files with 58 additions and 4 deletions
--- a/tests/test_html.py
+++ b/tests/test_html.py
@ -1507,3 +1507,41 @@ def test_edit_sql_link_not_shown_if_user_lacks_permission(permission_allowed):
            assert "Edit SQL" in response.text
        else:
            assert "Edit SQL" not in response.text
+
+
+@pytest.mark.parametrize(
+    "actor_id,should_have_links,should_not_have_links",
+    [
+        (None, None, None),
+        ("test", None, ["/-/permissions"]),
+        ("root", ["/-/permissions", "/-/allow-debug", "/-/metadata"], None),
+    ],
+)
+def test_navigation_menu_links(
+    app_client, actor_id, should_have_links, should_not_have_links
+):
+    cookies = {}
+    if actor_id:
+        cookies = {"ds_actor": app_client.actor_cookie({"id": actor_id})}
+    html = app_client.get("/", cookies=cookies).text
+    soup = Soup(html, "html.parser")
+    details = soup.find("nav").find("details")
+    if not actor_id:
+        # Should not show a menu
+        assert details is None
+        return
+    # They are logged in: should show a menu
+    assert details is not None
+    # And a rogout form
+    assert details.find("form") is not None
+    if should_have_links:
+        for link in should_have_links:
+            assert (
+                details.find("a", {"href": link}) is not None
+            ), "{} expected but missing from nav menu".format(link)
+
+    if should_not_have_links:
+        for link in should_not_have_links:
+            assert (
+                details.find("a", {"href": link}) is None
+            ), "{} found but should not have been in nav menu".format(link)
--- a/tests/test_permissions.py
+++ b/tests/test_permissions.py
@ -310,10 +310,11 @@ def test_permissions_checked(app_client, path, permissions):

 def test_permissions_debug(app_client):
    app_client.ds._permission_checks.clear()
-    assert 403 == app_client.get("/-/permissions").status
+    assert app_client.get("/-/permissions").status == 403
    # With the cookie it should work
    cookie = app_client.actor_cookie({"id": "root"})
    response = app_client.get("/-/permissions", cookies={"ds_actor": cookie})
+    assert response.status == 200
    # Should show one failure and one success
    soup = Soup(response.body, "html.parser")
    check_divs = soup.findAll("div", {"class": "check"})