From c4df2a77761a1ae392eb5c4803b5712803d5239f Mon Sep 17 00:00:00 2001
From: Mariusz Felisiak <felisiak.mariusz@gmail.com>
Date: Wed, 6 Mar 2024 13:28:32 +0100
Subject: [PATCH] Refs #35030 -- Added more tests for @user_passes_test
 decorator.

---
 tests/auth_tests/test_decorators.py | 40 ++++++++++++++++++++++++++++-
 1 file changed, 39 insertions(+), 1 deletion(-)

diff --git a/tests/auth_tests/test_decorators.py b/tests/auth_tests/test_decorators.py
index ae43adcb0a..6cc92302d6 100644
--- a/tests/auth_tests/test_decorators.py
+++ b/tests/auth_tests/test_decorators.py
@@ -1,6 +1,10 @@
 from django.conf import settings
 from django.contrib.auth import models
-from django.contrib.auth.decorators import login_required, permission_required
+from django.contrib.auth.decorators import (
+    login_required,
+    permission_required,
+    user_passes_test,
+)
 from django.core.exceptions import PermissionDenied
 from django.http import HttpResponse
 from django.test import TestCase, override_settings
@@ -142,3 +146,37 @@ class PermissionsRequiredDecoratorTest(TestCase):
         request.user = self.user
         with self.assertRaises(PermissionDenied):
             a_view(request)
+
+
+class UserPassesTestDecoratorTest(TestCase):
+    factory = RequestFactory()
+
+    @classmethod
+    def setUpTestData(cls):
+        cls.user_pass = models.User.objects.create(username="joe", password="qwerty")
+        cls.user_deny = models.User.objects.create(username="jim", password="qwerty")
+        models.Group.objects.create(name="Joe group")
+        # Add permissions auth.add_customuser and auth.change_customuser
+        perms = models.Permission.objects.filter(
+            codename__in=("add_customuser", "change_customuser")
+        )
+        cls.user_pass.user_permissions.add(*perms)
+
+    def test_decorator(self):
+        def sync_test_func(user):
+            return bool(
+                models.Group.objects.filter(name__istartswith=user.username).exists()
+            )
+
+        @user_passes_test(sync_test_func)
+        def sync_view(request):
+            return HttpResponse()
+
+        request = self.factory.get("/rand")
+        request.user = self.user_pass
+        response = sync_view(request)
+        self.assertEqual(response.status_code, 200)
+
+        request.user = self.user_deny
+        response = sync_view(request)
+        self.assertEqual(response.status_code, 302)