From da1deac44ea334bf001ba668e28f48d56e894ace Mon Sep 17 00:00:00 2001 From: "Adrian A. Baumann" Date: Tue, 4 Nov 2025 13:25:27 +0100 Subject: [PATCH] =?UTF-8?q?Unvollst=C3=A4ndige=20Vorgaben=20nur=20noch=20f?= =?UTF-8?q?=C3=BCr=20Admins?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- dokumente/tests.py | 35 +++++++++++++++++++++++++++++++++++ dokumente/views.py | 6 ++++++ pages/templates/base.html | 2 ++ 3 files changed, 43 insertions(+) diff --git a/dokumente/tests.py b/dokumente/tests.py index 2625c49..1e24337 100644 --- a/dokumente/tests.py +++ b/dokumente/tests.py @@ -1,6 +1,7 @@ from django.test import TestCase, Client from django.urls import reverse from django.core.management import call_command +from django.contrib.auth.models import User from datetime import date, timedelta from io import StringIO from .models import ( @@ -825,6 +826,15 @@ class IncompleteVorgabenTest(TestCase): def setUp(self): self.client = Client() + # Create and login a staff user + self.staff_user = User.objects.create_user( + username='teststaff', + password='testpass123' + ) + self.staff_user.is_staff = True + self.staff_user.save() + self.client.login(username='teststaff', password='testpass123') + # Create test data self.dokumententyp = Dokumententyp.objects.create( name="Test Typ", @@ -1092,3 +1102,28 @@ class IncompleteVorgabenTest(TestCase): response = self.client.get(reverse('incomplete_vorgaben')) # Should NOT appear in "no text" list because it has both text types self.assertNotContains(response, 'Vorgabe mit beiden Texten') + + def test_incomplete_vorgaben_staff_only(self): + """Test that non-staff users are redirected to login""" + # Logout the staff user + self.client.logout() + + # Try to access the page as anonymous user + response = self.client.get(reverse('incomplete_vorgaben')) + self.assertEqual(response.status_code, 302) # Redirect to login + + # Create a regular (non-staff) user + regular_user = User.objects.create_user( + username='regularuser', + password='testpass123' + ) + self.client.login(username='regularuser', password='testpass123') + + # Try to access the page as regular user + response = self.client.get(reverse('incomplete_vorgaben')) + self.assertEqual(response.status_code, 302) # Redirect to login + + # Login as staff user again - should work + self.client.login(username='teststaff', password='testpass123') + response = self.client.get(reverse('incomplete_vorgaben')) + self.assertEqual(response.status_code, 200) # Success diff --git a/dokumente/views.py b/dokumente/views.py index b802543..273df9c 100644 --- a/dokumente/views.py +++ b/dokumente/views.py @@ -1,4 +1,5 @@ from django.shortcuts import render, get_object_or_404 +from django.contrib.auth.decorators import login_required, user_passes_test from .models import Dokument, Vorgabe, VorgabeKurztext, VorgabeLangtext, Checklistenfrage from abschnitte.utils import render_textabschnitte @@ -56,6 +57,11 @@ def standard_checkliste(request, nummer): }) +def is_staff_user(user): + return user.is_staff + +@login_required +@user_passes_test(is_staff_user) def incomplete_vorgaben(request): """ Show lists of incomplete Vorgaben: diff --git a/pages/templates/base.html b/pages/templates/base.html index 8145f73..1749be3 100644 --- a/pages/templates/base.html +++ b/pages/templates/base.html @@ -17,7 +17,9 @@