[#13] prevent download of private keys

[pi-sigma]

Fixes #13 (partly)

• complements the security patch to django-privates (PR #5) by overriding the private_media_no_download_fields attribute in the admin
• adds tests for the admin's list and detail views and checks that the latter does not contain a download link for private keys

[codecov-commenter]

Codecov Report

Merging #14 (947d7b6) into main (a8bb42d) will increase coverage by 0.31%.
The diff coverage is 100.00%.

@@            Coverage Diff             @@
##             main      #14      +/-   ##
==========================================
+ Coverage   99.26%   99.57%   +0.31%     
==========================================
  Files          15       16       +1     
  Lines         406      470      +64     
==========================================
+ Hits          403      468      +65     
+ Misses          3        2       -1     

Impacted Files	Coverage Δ
simple_certmanager/admin.py	100.00% <100.00%> (ø)
tests/test_admin.py	100.00% <100.00%> (ø)
tests/test_certificates.py	100.00% <100.00%> (ø)
simple_certmanager/models.py	100.00% <0.00%> (+1.49%)	⬆️

📣 We’re building smart automated test selection to slash your CI/CD build times. Learn more

[pi-sigma]

At the moment, private keys can still be downloaded by modifying the URL in the address bar of the browser. To prevent this, the view for the private key should not be created. This can be achieved by modifying the admin.PrivateMediaMixin.get_urls method in django-privates. I tried to achieve the same result by overwriting that method in the simple_certmanager.admin.CertificateAdmin class, but to no avail.

[sergei-maertens]

for the next time - we prefer writing tests in pytest style for libraries, pytest-django provides many useful tools to make tests easier to read and maintain.