I'm writing detailed functional tests for my views to complement the unit tests on my models. It's a Django project and I'm using the built in Django test framework with unittest. Obviously, one of the important things to check in these functional tests is that the permissions are set up correctly. With that in mind, I'm attempting something like this:
anonclient = Client()
userclient = Client()
userclient.login(username='test_user', password='test')
adminclient = Client()
adminclient.login(username='test_admin', password='test')
path = "/path/to/my/page"
anonresponse = anonclient.get(path)
userresponse = userclient.get(path)
adminresponse = adminclient.get(path)
I need to be able to confirm that the anonclient and userclient were both denied permission while the adminclient worked correctly. Howerver, I can't find a way to test that this has happened robustly!
At first I decided to check that the response was a 302 redirect (because a side effect of failing the permission check is being redirected) but this means it is impossible to tell the difference between functionality that automatically redirects the user and a failed permissions check. (I can't just use self.assertRedirects(response, url) because the target url can be overridden via the permission_required decorator's login_url parameter in the view!)
Perhaps I should look into extending the user_passes_test decorator so that it adds a property to the response object if the test fails? This could then be checked for in the tests. Failing that I will have to determine whether the request was successful by checking if the request's side-effects have happened. Doing it this way will work, but it will be extremely long winded, especially with a lot of these checks being done.
I can't imagine I am the first person to run into this issue, what's the right way to deal with this problem, or what have I missed?
Thanks very much!