def setUp(self):
self.client = StateManagerAuthClient()
mycanton = str((self.client.user.managedstates.first()).canton)
self.myorga = OrganizationFactory(address_canton=mycanton)
self.myorga.save()
OTHERSTATES = [c for c in DV_STATES if c != mycanton]
self.foreignorga = OrganizationFactory(
address_canton=OTHERSTATES[0])
self.foreignorga.save()
def setUp(self):
super(StateManagerUserTest, self).setUp()
self.client = StateManagerAuthClient()
mycanton = str((self.client.user.managedstates.first()).canton)
OTHERSTATES = [c for c in DV_STATES if c != mycanton]
for user in self.users:
user.profile.affiliation_canton = OTHERSTATES[0]
user.profile.save()
self.users[0].profile.affiliation_canton = mycanton
self.users[0].profile.save()
self.myuser = self.users[0]
self.foreignuser = self.users[1]
class OrgaStateManagerUserTest(TestCase):
expected_code = 200
def setUp(self):
self.client = StateManagerAuthClient()
mycanton = str((self.client.user.managedstates.first()).canton)
self.myorga = OrganizationFactory(address_canton=mycanton)
self.myorga.save()
OTHERSTATES = [c for c in DV_STATES if c != mycanton]
self.foreignorga = OrganizationFactory(
address_canton=OTHERSTATES[0])
self.foreignorga.save()
def test_access_to_orga_list(self):
response = self.client.get(reverse('organization-list'))
self.assertTemplateUsed(response, 'orga/organization_filter.html')
self.assertEqual(response.status_code, self.expected_code)
response = self.client.get(reverse(
'organization-list-export',
kwargs={'format': 'csv'}))
self.assertEqual(response.status_code, self.expected_code)
def test_access_to_orga_detail(self):
response = self.client.get(reverse('organization-detail',
kwargs={'pk': self.myorga.pk}))
self.assertTemplateUsed(response, 'orga/organization_detail.html')
self.assertEqual(response.status_code, self.expected_code)
# The other orga cannot be accessed
response = self.client.get(reverse('organization-detail',
kwargs={'pk': self.foreignorga.pk}))
self.assertEqual(response.status_code, 404)
def test_access_to_orga_edit(self):
url = reverse('organization-update', kwargs={'pk': self.myorga.pk})
response = self.client.get(url)
self.assertTemplateUsed(response, 'orga/organization_form.html')
self.assertEqual(response.status_code, self.expected_code)
# Our orga cannot be edited away from my cantons
initial = self.myorga.__dict__.copy()
del(initial['id'])
del(initial['created_on'])
del(initial['address_ptr_id'])
del(initial['_state'])
initial['address_no'] = self.myorga.address_no + 1
response = self.client.post(url, initial)
# Code 302 because update succeeded
self.assertEqual(response.status_code, 302, url)
# Check update succeeded
neworga = Organization.objects.get(pk=self.myorga.pk)
self.assertEqual(neworga.address_no, str(self.myorga.address_no + 1))
# Test some update, that must go through
initial['address_canton'] = self.foreignorga.address_canton
response = self.client.post(url, initial)
# Code 200 because update failed
self.assertEqual(response.status_code, 200, url)
# Check update failed
neworga = Organization.objects.get(pk=self.myorga.pk)
self.assertEqual(neworga.address_canton, self.myorga.address_canton)
# The other orga cannot be accessed
response = self.client.get(reverse('organization-update',
kwargs={'pk': self.foreignorga.pk}))
self.assertEqual(response.status_code, 404)
def test_autocompletes(self):
for al in ['OrganizationAutocomplete']:
url = reverse(
'autocomplete_light_autocomplete',
kwargs={'autocomplete': al}
)
response = self.client.get(url)
self.assertEqual(response.status_code, self.expected_code, url)
# Check that we only find our orga
entries = re.findall('data-value="(\d+)"', str(response.content))
self.assertEqual(entries, [str(self.myorga.pk)])
def setUp(self):
self.client = StateManagerAuthClient()
super(StateManagerUserTest, self).setUp()
class StateManagerUserTest(SeasonTestCaseMixin):
def setUp(self):
self.client = StateManagerAuthClient()
super(StateManagerUserTest, self).setUp()
def test_access_to_season_list(self):
for symbolicurl in restrictedgenericurls:
url = reverse(symbolicurl)
# Final URL is forbidden
response = self.client.get(url, follow=True)
self.assertEqual(response.status_code, 200, url)
def test_access_to_season_detail(self):
for symbolicurl in restrictedspecificurls:
url = reverse(symbolicurl, kwargs={'pk': self.season.pk})
# Final URL is OK
response = self.client.get(url, follow=True)
self.assertEqual(response.status_code, 200, url)
for symbolicurl in restrictedhelperspecificurls:
for helper in self.users:
url = reverse(
symbolicurl,
kwargs={
'pk': self.season.pk,
'helperpk': helper.pk
})
# Final URL is OK
response = self.client.get(url, follow=True)
self.assertEqual(response.status_code, 200, url)
for exportformat in ['csv', 'ods', 'xls']:
url = reverse(
'season-export',
kwargs={
'pk': self.season.pk,
'format': exportformat
})
# Final URL is OK
response = self.client.get(url, follow=True)
self.assertEqual(response.status_code, 200, url)
def test_season_creation(self):
url = reverse('season-create')
# Final URL is OK
response = self.client.get(url, follow=True)
self.assertEqual(response.status_code, 200, url)
initial = {
'begin': '09.03.2015',
'end': '10.03.2015',
'cantons': [],
'leader': self.client.user.pk,
}
# 200 because we're back on the page, because cantons' empty
response = self.client.post(url, initial)
self.assertEqual(response.status_code, 200, url)
initial['cantons'] = self.foreigncantons
# 200 because we're back on the page, because cantons' not our cantons
response = self.client.post(url, initial)
self.assertEqual(response.status_code, 200, url)
initial['cantons'] = self.mycantons
# That works now
response = self.client.post(url, initial)
self.assertEqual(response.status_code, 302, url)
initial['end'] = '08.03.2015' # Inverse dates
# That must not work
response = self.client.post(url, initial)
self.assertEqual(response.status_code, 200, url)
def test_session_creation(self):
url = reverse('session-create', kwargs={'seasonpk': self.season.pk})
# Final URL is OK
response = self.client.get(url, follow=True)
self.assertEqual(response.status_code, 200, url)
initial = {
'day': (self.season.begin).strftime(SWISS_DATE_INPUT_FORMAT),
'begin': '09:00',
}
# 200 because we're back on the page, because organization' empty
response = self.client.post(url, initial)
self.assertEqual(response.status_code, 200, url)
orga = OrganizationFactory(
address_canton=self.foreignseason.cantons[0]
)
initial['organization'] = orga.pk
# 200 because we're back on the page, because organization is not
# in our canton
response = self.client.post(url, initial)
self.assertEqual(response.status_code, 200, url)
orga = OrganizationFactory(address_canton=self.season.cantons[0])
initial['organization'] = orga.pk
# That works now
response = self.client.post(url, initial)
self.assertEqual(response.status_code, 302, url)
def test_no_access_to_foreign_season(self):
for symbolicurl in restrictedspecificurls:
url = reverse(symbolicurl, kwargs={'pk': self.foreignseason.pk})
# Final URL is NOK
response = self.client.get(url, follow=True)
# For helperlist and actorlist
if symbolicurl in ['season-availabilities', 'season-staff-update',
'season-helperlist', 'season-actorlist']:
self.assertEqual(response.status_code, 403, url)
else:
self.assertEqual(response.status_code, 404, url)
def test_no_access_to_foreignsession(self):
for session in self.foreignsessions:
urls = [
reverse(
'session-list',
kwargs={
'seasonpk': self.foreignseason.pk,
'year': session.day.year,
'week': session.day.strftime('%W'),
}),
reverse(
'session-create',
kwargs={
'seasonpk': self.foreignseason.pk,
}),
reverse(
'session-detail',
kwargs={
'seasonpk': self.foreignseason.pk,
'pk': session.pk,
}),
reverse(
'session-update',
kwargs={
'seasonpk': self.foreignseason.pk,
'pk': session.pk,
}),
reverse(
'session-staff-choices',
kwargs={
'seasonpk': self.foreignseason.pk,
'pk': session.pk,
}),
reverse(
'session-delete',
kwargs={
'seasonpk': self.foreignseason.pk,
'pk': session.pk,
}),
]
for url in urls:
# Final URL is forbidden
response = self.client.get(url, follow=True)
self.assertEqual(response.status_code, 403, url)
def test_access_to_mysession(self):
for session in self.sessions:
urls = [
reverse(
'session-list',
kwargs={
'seasonpk': self.season.pk,
'year': session.day.year,
'week': session.day.strftime('%W'),
}),
reverse(
'session-create',
kwargs={
'seasonpk': self.season.pk,
}),
reverse(
'session-detail',
kwargs={
'seasonpk': self.season.pk,
'pk': session.pk,
}),
reverse(
'session-update',
kwargs={
'seasonpk': self.season.pk,
'pk': session.pk,
}),
reverse(
'session-staff-choices',
kwargs={
'seasonpk': self.season.pk,
'pk': session.pk,
}),
reverse(
'session-delete',
kwargs={
'seasonpk': self.season.pk,
'pk': session.pk,
}),
]
for url in urls:
# Final URL is forbidden
response = self.client.get(url, follow=True)
self.assertEqual(response.status_code, 200, url)
class StateManagerUserTest(ProfileTestCase):
def setUp(self):
super(StateManagerUserTest, self).setUp()
self.client = StateManagerAuthClient()
mycanton = str((self.client.user.managedstates.first()).canton)
OTHERSTATES = [c for c in DV_STATES if c != mycanton]
for user in self.users:
user.profile.affiliation_canton = OTHERSTATES[0]
user.profile.save()
self.users[0].profile.affiliation_canton = mycanton
self.users[0].profile.save()
self.myuser = self.users[0]
self.foreignuser = self.users[1]
def test_my_allowances(self):
for symbolicurl in myurlsforall + myurlsforoffice:
for exportformat in ["csv", "ods", "xls"]:
url = tryurl(symbolicurl, self.client.user, exportformat)
response = self.client.get(url)
self.assertEqual(response.status_code, 200, url)
def test_otherusers_access(self):
response = self.client.get(reverse("user-detail", kwargs={"pk": self.myuser.pk}))
self.assertTemplateUsed(response, "auth/user_detail.html")
self.assertEqual(response.status_code, 200, response)
# The other user cannot be accessed
response = self.client.get(reverse("user-detail", kwargs={"pk": self.foreignuser.pk}))
self.assertEqual(response.status_code, 403)
def test_otherusers_edit(self):
url = reverse("user-update", kwargs={"pk": self.myuser.pk})
response = self.client.get(url)
self.assertTemplateUsed(response, "auth/user_form.html")
self.assertEqual(response.status_code, 200, response)
# Our orga cannot be edited away from my cantons
initial = self.getprofileinitial(self.myuser)
initial["address_no"] = 24
response = self.client.post(url, initial)
# Code 302 because update succeeded
self.assertEqual(response.status_code, 302, url)
# Check update succeeded
newuser = get_user_model().objects.get(pk=self.myuser.pk)
self.assertEqual(newuser.profile.address_no, "24")
# Test some update, that must go through
initial["affiliation_canton"] = self.foreignuser.profile.affiliation_canton
response = self.client.post(url, initial)
# Code 200 because update failed
self.assertEqual(response.status_code, 200, url)
# Check update failed
newuser = get_user_model().objects.get(pk=self.myuser.pk)
self.assertEqual(newuser.profile.affiliation_canton, self.myuser.profile.affiliation_canton)
# The other user cannot be accessed
response = self.client.get(reverse("user-update", kwargs={"pk": self.foreignuser.pk}))
self.assertEqual(response.status_code, 403)
def test_autocompletes(self):
for al in ["AllPersons"]:
url = reverse("autocomplete_light_autocomplete", kwargs={"autocomplete": al})
response = self.client.get(url)
self.assertEqual(response.status_code, 200, url)
# Check that we only find our orga
entries = re.findall('data-value="(\d+)"', str(response.content))
self.assertEqual(entries, [str(self.myuser.pk)])
