From eda3488bea41d9dfc09399e44eb07edf71621922 Mon Sep 17 00:00:00 2001
From: fonfon <blubb@fonfon.at>
Date: Mon, 26 Dec 2016 11:09:26 +0100
Subject: [PATCH] Updated tests about accessing the setup page

- anonymous users should not be able to access the setup page
- registered should be able to do so
---
 plinth/tests/data/django_test_settings.py |  2 ++
 plinth/tests/test_middleware.py           | 13 ++++++++++---
 2 files changed, 12 insertions(+), 3 deletions(-)

diff --git a/plinth/tests/data/django_test_settings.py b/plinth/tests/data/django_test_settings.py
index 8f2978c90..8edf1df15 100644
--- a/plinth/tests/data/django_test_settings.py
+++ b/plinth/tests/data/django_test_settings.py
@@ -31,6 +31,8 @@ DATABASES = {
 }
 
 INSTALLED_APPS = (
+    'django.contrib.auth',
+    'django.contrib.contenttypes',
     'plinth',
 )
 
diff --git a/plinth/tests/test_middleware.py b/plinth/tests/test_middleware.py
index 4663385ba..a30343ba7 100644
--- a/plinth/tests/test_middleware.py
+++ b/plinth/tests/test_middleware.py
@@ -21,6 +21,7 @@ Test module for Plinth's custom middleware.
 
 from unittest.mock import Mock, patch
 
+from django.contrib.auth.models import AnonymousUser, User
 from django.http import HttpResponse
 from django.test import TestCase
 from django.test.client import RequestFactory
@@ -86,18 +87,24 @@ class TestSetupMiddleware(TestCase):
     @patch('plinth.module_loader.loaded_modules')
     @patch('django.urls.resolve')
     def test_module_view(self, resolve, loaded_modules, setup_view):
-        """Test that setup view is returned."""
+        """Test that only registered users can access the setup view."""
         resolve.return_value.namespaces = ['mockapp']
         module = Mock()
         module.setup_helper.is_finished = None
         loaded_modules.__getitem__.return_value = module
         view = Mock()
         setup_view.as_view.return_value = view
-
         request = RequestFactory().get('/plinth/mockapp')
-        self.middleware.process_view(request, **self.kwargs)
 
+        # Verify that anonymous users cannot access the setup page
+        request.user = AnonymousUser()
+        self.middleware.process_view(request, **self.kwargs)
         setup_view.as_view.assert_called_once_with()
+        view.assert_not_called()
+
+        # Verify that logged-in users can access the setup page
+        request.user = User(username='johndoe')
+        self.middleware.process_view(request, **self.kwargs)
         view.assert_called_once_with(request, setup_helper=module.setup_helper)
 
     @patch('django.contrib.messages.success')