From e36d4b9772c4001b9c3330c5ac085d79ed14a623 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Fr=C3=A9d=C3=A9ric=20P=C3=A9ters?= <fpeters@entrouvert.com>
Date: Wed, 20 Jul 2016 13:34:52 +0200
Subject: [PATCH] tests: add a check for unprivileged access to /manage/

---
 tests/test_manager.py | 13 +++++++++++++
 1 file changed, 13 insertions(+)

diff --git a/tests/test_manager.py b/tests/test_manager.py
index 803848f4..41a67901 100644
--- a/tests/test_manager.py
+++ b/tests/test_manager.py
@@ -9,6 +9,14 @@ from chrono.agendas.models import Agenda, Event, Booking
 
 pytestmark = pytest.mark.django_db
 
+@pytest.fixture
+def simple_user():
+    try:
+        user = User.objects.get(username='user')
+    except User.DoesNotExist:
+        user = User.objects.create_user('user', password='user')
+    return user
+
 @pytest.fixture
 def admin_user():
     try:
@@ -30,6 +38,11 @@ def test_unlogged_access(app):
     # connect while not being logged in
     assert app.get('/manage/', status=302).location == 'http://localhost:80/login/?next=/manage/'
 
+def test_simple_user_access(app, simple_user):
+    # connect while being logged as a simple user, access should be forbidden
+    app = login(app, username='user', password='user')
+    assert app.get('/manage/', status=403)
+
 def test_home_redirect(app):
     assert app.get('/', status=302).location == 'http://localhost:80/manage/'