From 76772fc2ad18056869de4e00088c0940ab48d6bc Mon Sep 17 00:00:00 2001
From: Oskar Persson <oskar.persson@polken.se>
Date: Fri, 21 Feb 2020 11:50:41 +0100
Subject: [PATCH] Fix read-only change view for users in admin

---
 ESSArch_Core/auth/admin.py            |  3 +++
 ESSArch_Core/auth/tests/test_admin.py | 39 +++++++++++++++++++++++----
 2 files changed, 37 insertions(+), 5 deletions(-)

diff --git a/ESSArch_Core/auth/admin.py b/ESSArch_Core/auth/admin.py
index 816a1a06e..1e14c5a3d 100644
--- a/ESSArch_Core/auth/admin.py
+++ b/ESSArch_Core/auth/admin.py
@@ -161,6 +161,9 @@ def has_change_permission(self, request, obj=None):
     def has_delete_permission(self, request, obj=None):
         return request.user.has_perm("%s.%s" % ('auth', 'delete_user'))
 
+    def has_view_permission(self, request, obj=None):
+        return request.user.has_perm("%s.%s" % ('auth', 'view_user'))
+
     def has_module_permission(self, request):
         return request.user.has_module_perms('auth')
 
diff --git a/ESSArch_Core/auth/tests/test_admin.py b/ESSArch_Core/auth/tests/test_admin.py
index 32fdf3a22..6faa99cae 100644
--- a/ESSArch_Core/auth/tests/test_admin.py
+++ b/ESSArch_Core/auth/tests/test_admin.py
@@ -1,30 +1,59 @@
-from django.contrib.auth.models import User
+from django.contrib.auth import get_user_model
+from django.contrib.auth.models import Permission
+from django.contrib.contenttypes.models import ContentType
 from django.test import TestCase
 from django.urls import reverse
 
 from ESSArch_Core.auth.models import ProxyGroup
 
+User = get_user_model()
 
-class UserAdminTestCase(TestCase):
-    @classmethod
-    def setUpTestData(cls):
-        cls.user = User.objects.create(is_staff=True, is_superuser=True)
 
+class UserAdminTestCase(TestCase):
     def setUp(self):
+        self.user = User.objects.create(is_staff=True)
+        self.ctype = ContentType.objects.get_for_model(User)
+
         self.client.force_login(self.user)
 
     def test_add_view(self):
+        # Django requires both add and change permissions for adding users
+        self.user.user_permissions.add(
+            Permission.objects.get(content_type=self.ctype, codename='add_user'),
+            Permission.objects.get(content_type=self.ctype, codename='change_user'),
+        )
         response = self.client.get(reverse('admin:essauth_proxyuser_add'))
         self.assertEqual(response.status_code, 200)
 
     def test_changelist_view(self):
+        self.user.user_permissions.add(
+            Permission.objects.get(content_type=self.ctype, codename='view_user'),
+        )
         response = self.client.get(reverse('admin:essauth_proxyuser_changelist'))
         self.assertEqual(response.status_code, 200)
 
     def test_change_view(self):
+        self.user.user_permissions.add(
+            Permission.objects.get(content_type=self.ctype, codename='change_user'),
+        )
+        response = self.client.get(reverse('admin:essauth_proxyuser_change', args=(self.user.pk,)))
+        self.assertNotContains(response, 'Assigned roles', status_code=200)
+
+        self.user.user_permissions.add(
+            Permission.objects.get(codename='assign_groupmemberrole'),
+        )
         response = self.client.get(reverse('admin:essauth_proxyuser_change', args=(self.user.pk,)))
         self.assertContains(response, 'Assigned roles', status_code=200)
 
+    def test_read_only_view(self):
+        # fixed in django-nested-inline #110
+
+        self.user.user_permissions.add(
+            Permission.objects.get(content_type=self.ctype, codename='view_user'),
+        )
+        response = self.client.get(reverse('admin:essauth_proxyuser_change', args=(self.user.pk,)))
+        self.assertNotContains(response, 'Assigned roles', status_code=200)
+
 
 class GroupAdminTestCase(TestCase):
     @classmethod