update api token page (bug 842382)

Andy McKay · Andy McKay · commit 9e3711580a1c · 2013-02-18T14:02:06.000-08:00
diff --git a/apps/amo/tests/__init__.py b/apps/amo/tests/__init__.py
@@ -439,9 +439,9 @@ def skip_if_disabled(self, setting):
         if not setting:
             raise SkipTest('Skipping since setting is disabled')
 
-    def grant_permission(self, user_obj, rules):
+    def grant_permission(self, user_obj, rules, name='Test Group'):
         """Creates group with rule, and adds user to group."""
-        group = Group.objects.create(name='Test Group', rules=rules)
+        group = Group.objects.create(name=name, rules=rules)
         GroupUser.objects.create(group=group, user=user_obj)
 
     def days_ago(self, days):
diff --git a/mkt/developers/tests/test_views_api.py b/mkt/developers/tests/test_views_api.py
@@ -1,20 +1,22 @@
-from django.contrib.auth.models import User
-
 from nose.tools import eq_
 
 import amo.tests
 from amo.urlresolvers import reverse
+from users.models import UserProfile
+
 from mkt.api.models import Access
+from mkt.site.fixtures import fixture
 
 
 class TestAPI(amo.tests.TestCase):
-    fixtures = ['base/users.json']
+    fixtures = fixture('user_999')
 
     def setUp(self):
-        self.user = User.objects.get(username='regular@mozilla.com')
+        self.profile = UserProfile.objects.get(pk=999)
+        self.user = self.profile.user
+        self.login(self.profile)
         self.create_switch(name='create-api-tokens')
         self.url = reverse('mkt.developers.apps.api')
-        self.client.login(username='regular@mozilla.com', password='password')
 
     def test_logged_out(self):
         self.client.logout()
@@ -38,8 +40,13 @@ def test_regenerate(self):
         assert Access.objects.get(user=self.user).secret != 'bar'
 
     def test_admin(self):
-        admin = User.objects.get(username='editor@mozilla.com')
-        self.client.login(username='editor@mozilla.com', password='password')
-        res = self.client.post(self.url, {'delete': 'yep'})
+        self.grant_permission(self.profile, 'What:ever', name='Admins')
+        res = self.client.post(self.url)
         eq_(res.status_code, 200)
-        eq_(Access.objects.filter(user=admin).count(), 0)
+        eq_(Access.objects.filter(user=self.user).count(), 0)
+
+    def test_other(self):
+        self.grant_permission(self.profile, 'What:ever')
+        res = self.client.post(self.url)
+        eq_(res.status_code, 302)
+        eq_(Access.objects.filter(user=self.user).count(), 1)
diff --git a/mkt/developers/views.py b/mkt/developers/views.py
@@ -753,9 +753,10 @@ def api(request):
     except Access.DoesNotExist:
         access = None
 
-    roles = request.amo_user.groups.all()
+    roles = request.amo_user.groups.filter(name='Admins').exists()
     if roles:
-        messages.error(request, _('Users with roles cannot use the API.'))
+        messages.error(request,
+                       _('Users with the admin role cannot use the API.'))
 
     elif not request.amo_user.read_dev_agreement:
         messages.error(request, _('You must accept the terms of service.'))
diff --git a/mkt/site/fixtures/data/user_999.json b/mkt/site/fixtures/data/user_999.json
@@ -41,7 +41,8 @@
             "notes": "",
             "modified": "2010-01-12 17:01:41",
             "notifyevents": 1,
-            "read_dev_agreement": "2012-08-20 00:00:00"
+            "read_dev_agreement": "2012-08-20 00:00:00",
+            "user": 999
         },
         "model": "users.userprofile",
         "pk": 999
