Merged in [7549] from rcross@amsl.com:

    fix tests to work with secauth middleware changes
 - Legacy-Id: 7570
Note: SVN reference [7549] has been migrated to Git commit 0b5fc98

Author: levkowetz

ietf/secr/groups/tests.py

@@ -77,7 +77,7 @@ def test_view(self):
         make_test_data()
         group = Group.objects.all()[0]
         url = reverse('groups_view', kwargs={'acronym':group.acronym})
-        response = self.client.get(url)
+        response = self.client.get(url, REMOTE_USER=SECR_USER)
         self.assertEqual(response.status_code, 200)
 
     # ------- Test Edit -------- #

ietf/secr/middleware/secauth.py

@@ -1,21 +1,15 @@
 import re
 
 from django.conf import settings
-from django.shortcuts import render_to_response
+from django.contrib.auth.decorators import login_required
+from ietf.ietfauth.utils import has_role, role_required
 
-from ietf.ietfauth.utils import has_role
-            
 
 
 class SecAuthMiddleware(object):
     """
-    Middleware component that performs custom auth check for every
-    request except those excluded by SECR_AUTH_UNRESTRICTED_URLS.
-
-    Since authentication is performed externally at the apache level
-    REMOTE_USER should contain the name of the authenticated
-    user.  If the user is a secretariat than access is granted.  
-    Otherwise return a 401 error page.
+    Middleware component that performs custom auth check for secretariat
+    apps.  request except those excluded by SECR_AUTH_UNRESTRICTED_URLS.
 
     To use, add the class to MIDDLEWARE_CLASSES and define
     SECR_AUTH_UNRESTRICTED_URLS in your settings.py.
@@ -28,30 +22,32 @@ class SecAuthMiddleware(object):
 
     Also sets custom request attributes:
     user_is_secretariat
-    user_is_chair
-    user_is_ad
-    )
-
     """
 
     def __init__(self):
         self.unrestricted = [re.compile(pattern) for pattern in
             settings.SECR_AUTH_UNRESTRICTED_URLS]
 
+    def is_unrestricted_url(self,path):
+        for pattern in self.unrestricted:
+            if pattern.match(path):
+                return True
+        return False
+        
     def process_view(self, request, view_func, view_args, view_kwargs):
-        # need to initialize user, it doesn't get set when running tests for example
-
         if request.path.startswith('/secr/'):
-            request.user_is_secretariat = False
-            
-            if request.user.is_anonymous():
-                return render_to_response('401.html')
-
-            # do custom check
+            # set custom request attribute
             if has_role(request.user, 'Secretariat'):
                 request.user_is_secretariat = True
-                    
+            else:
+                request.user_is_secretariat = False
+
+            if request.path.startswith('/secr/announcement/'):
+                return login_required(view_func)(request,*view_args,**view_kwargs)
+            elif self.is_unrestricted_url(request.path):
+                return role_required('WG Chair','Secretariat')(view_func)(request,*view_args,**view_kwargs)
+            else:
+                return role_required('Secretariat')(view_func)(request,*view_args,**view_kwargs)
+        else:
             return None
-
-        return None
 

ietf/secr/sreq/tests.py

@@ -12,13 +12,13 @@ class SreqUrlTests(TestCase):
     def test_urls(self):
         draft = make_test_data()
 
-        r = self.client.get("/secr/")
+        r = self.client.get("/secr/",REMOTE_USER=SECR_USER)
         self.assertEqual(r.status_code, 200)
 
-        r = self.client.get("/secr/sreq/")
+        r = self.client.get("/secr/sreq/",REMOTE_USER=SECR_USER)
         self.assertEqual(r.status_code, 200)
 
-        r = self.client.get("/secr/sreq/%s/new/" % draft.group.acronym)
+        r = self.client.get("/secr/sreq/%s/new/" % draft.group.acronym, REMOTE_USER=SECR_USER)
         self.assertEqual(r.status_code, 200)
 
 class MainTestCase(TestCase):
@@ -42,8 +42,8 @@ def test_submit_request(self):
                      'id_attendees':'10',
                      'id_conflict1':'',
                      'id_comments':'need projector'}
-        self.client.login(  REMOTE_USER=SECR_USER)
-        r = self.client.post(url,post_data)
+        self.client.login(REMOTE_USER=SECR_USER)
+        r = self.client.post(url,post_data,REMOTE_USER=SECR_USER)
         self.assertEqual(r.status_code, 200)
 """
         #assert False, self.client.session..__dict__