def test_add_user_to_organisation_group_fail(self):
        """
        Make sure adding a user to admin group fails when the user is not in
        the admin group
        """
        organisation_group = OrganisationGroupFactory.create()
        user = OrganisationUserFactory.create(user__username='******')
        new_user = OrganisationUserFactory.create(user__username='******')

        # organisation_group.organisationuser_set.add(user)

        self.c.force_authenticate(user.user)

        data = {
            "user_id": new_user.id,
        }

        res = self.c.post(
            "/api/publishers/{}/group/?format=json".format(
                organisation_group.publisher.id),
            data,
            format='json'
        )

        self.assertEqual(res.status_code, 403)
    def test_user_cant_remove_owner(self):
        """
        Make sure the initial creator of the admin group can't be removed from the admin group
        """
        admin_group = OrganisationAdminGroupFactory.create()
        user = OrganisationUserFactory.create(user__username='******')
        new_user = OrganisationUserFactory.create(user__username='******')

        admin_group.organisationuser_set.add(new_user)
        admin_group.organisationuser_set.add(user)
        admin_group.owner = new_user
        admin_group.save()

        self.c.force_authenticate(user.user)

        data = {
            "user_id": new_user.id,
        }

        res = self.c.delete(
            "/api/publishers/{}/admin-group/{}?format=json".format(
                admin_group.publisher.id, new_user.id),
            format='json')

        self.assertEquals(res.status_code, 401)
    def test_cant_remove_admin(self):
        """
        Before an admin can be removed from the organization, he must be
        removed from the organisation admin group
        """
        organisation_group = OrganisationGroupFactory.create()
        admin_group = OrganisationAdminGroupFactory.create()
        user = OrganisationUserFactory.create(user__username='******')
        new_user = OrganisationUserFactory.create(user__username='******')

        admin_group.organisationuser_set.add(user)
        organisation_group.organisationuser_set.add(user)

        admin_group.organisationuser_set.add(new_user)
        organisation_group.organisationuser_set.add(new_user)

        self.c.force_authenticate(user.user)

        res = self.c.delete(
            "/api/publishers/{}/group/{}?format=json".format(
                organisation_group.publisher.id, new_user.id),
            format='json'
        )

        self.assertEqual(res.status_code, 401)
    def test_add_user_to_organisation_group_success(self):
        """
        Adding a user to an admin group when the user is in the admin group
        """
        organisation_group = OrganisationGroupFactory.create()
        admin_group = OrganisationAdminGroupFactory.create()

        user = OrganisationUserFactory.create(user__username='******')
        new_user = OrganisationUserFactory.create(user__username='******')

        organisation_group.organisationuser_set.add(user)
        admin_group.organisationuser_set.add(user)

        admin_group.save()

        self.c.force_authenticate(user.user)

        data = {
            "user_id": new_user.id,
        }

        res = self.c.post("/api/publishers/{}/group/?format=json".format(
            organisation_group.publisher.id),
                          data,
                          format='json')

        self.assertEquals(res.status_code, 200)
        self.assertEquals(
            len(
                OrganisationGroup.objects.get(
                    pk=organisation_group.id).organisationuser_set.all()), 2)
    def test_add_user_to_admin_group_fail(self):
        """
        Make sure adding a user to admin group fails when the user is not in
        the admin group
        """
        admin_group = OrganisationAdminGroupFactory.create()
        user = OrganisationUserFactory.create(user__username='******')
        new_user = OrganisationUserFactory.create(user__username='******')

        # admin_group.organisationuser_set.add(user)

        self.c.force_authenticate(user.user)

        data = {
            "user_id": new_user.id,
        }

        res = self.c.post(
            "/api/publishers/{}/admin-group/?format=json".format(
                admin_group.publisher.id),
            data,
            format='json'
        )

        self.assertEqual(res.status_code, 403)
    def test_remove_user_from_admin_group_fail(self):
        """
        Make sure a normal user can't remove users from an admin group
        """
        admin_group = OrganisationAdminGroupFactory.create()
        user = OrganisationUserFactory.create(user__username='******')
        new_user = OrganisationUserFactory.create(user__username='******')

        # admin_group.organisationuser_set.add(user)
        admin_group.organisationuser_set.add(new_user)

        admin_group.save()

        self.c.force_authenticate(user.user)

        data = {
            "user_id": new_user.id,
        }

        res = self.c.delete(
            "/api/publishers/{}/admin-group/{}?format=json".format(
                admin_group.publisher.id, new_user.id),
            format='json')

        self.assertEquals(res.status_code, 403)
    def test_add_user_to_organisation_group_success(self):
        """
        Adding a user to an admin group when the user is in the admin group
        """
        organisation_group = OrganisationGroupFactory.create()
        admin_group = OrganisationAdminGroupFactory.create()

        user = OrganisationUserFactory.create(user__username='******')
        new_user = OrganisationUserFactory.create(user__username='******')

        organisation_group.organisationuser_set.add(user)
        admin_group.organisationuser_set.add(user)

        admin_group.save()

        self.c.force_authenticate(user.user)

        data = {
            "user_id": new_user.id,
        }

        res = self.c.post(
            "/api/publishers/{}/group/?format=json".format(
                organisation_group.publisher.id),
            data,
            format='json'
        )

        self.assertEqual(res.status_code, 200)
        self.assertEqual(len(OrganisationGroup.objects.get(
            pk=organisation_group.id).organisationuser_set.all()), 2)
Beispiel #8
0
    def test_post_activity_fail_if_not_in_admin_group(self):
        """
        Test the user can only POST activities as a publisher of which he is
        in the admin Group
        """
        admin_group = OrganisationAdminGroupFactory.create()
        user = OrganisationUserFactory.create(user__username='******')

        # admin_group.organisationuser_set.add(user)

        self.c.force_authenticate(user.user)

        PublisherFactory.create()

        codelist_factory.VersionFactory.create(code="2.02")

        data = {
            "iati_identifier": "WOPA",
            "publisher_id": admin_group.publisher.id
        }

        res = self.c.post(
            "/api/publishers/{}/activities/?format=json".format(
                admin_group.publisher.id),
            data,
            format='json'
        )

        self.assertEqual(res.status_code, 403)
Beispiel #9
0
    def setUp(self):
        user = OrganisationUserFactory.create(user__username='******')

        self.c.force_authenticate(user.user)

        self.activity = \
            iati_factory.ActivityFactory.create(iati_identifier='activity_id')
    def setUp(self):
        user = OrganisationUserFactory.create(user__username='******')

        self.c.force_authenticate(user.user)

        self.activity = \
            iati_factory.ActivityFactory.create(iati_identifier='activity_id')
    def test_post_activity_fail_if_not_in_admin_group(self):
        """
        Test the user can only POST activities as a publisher of which he is
        in the admin Group
        """
        admin_group = OrganisationAdminGroupFactory.create()
        user = OrganisationUserFactory.create(user__username='******')

        # admin_group.organisationuser_set.add(user)

        self.c.force_authenticate(user.user)

        PublisherFactory.create()

        codelist_factory.VersionFactory.create(code="2.02")

        data = {
            "iati_identifier": "WOPA",
            "publisher_id": admin_group.publisher.id
        }

        res = self.c.post(
            "/api/publishers/{}/activities/?format=json".format(
                admin_group.publisher.id),
            data,
            format='json'
        )

        self.assertEqual(res.status_code, 403)
    def test_update_activity_success(self):
        """
        Test the user can only PUT activities as a publisher of which he is in
        the admin Group
        """
        admin_group = OrganisationAdminGroupFactory.create()
        user = OrganisationUserFactory.create(user__username='******')

        admin_group.organisationuser_set.add(user)

        self.c.force_authenticate(user.user)

        activity = iati_factory.ActivityFactory.create(
            publisher=admin_group.publisher)

        data = {
            "iati_identifier": "WOPA",
            "publisher_id": activity.publisher.id
        }

        res = self.c.put(
            "/api/publishers/{}/activities/{}/?format=json".format(
                activity.publisher.id, activity.id),
            data,
            format='json'
        )

        self.assertEqual(res.status_code, 200)
Beispiel #13
0
    def test_update_activity_success(self):
        """
        Test the user can only PUT activities as a publisher of which he is in
        the admin Group
        """
        admin_group = OrganisationAdminGroupFactory.create()
        user = OrganisationUserFactory.create(user__username='******')

        admin_group.organisationuser_set.add(user)

        self.c.force_authenticate(user.user)

        activity = iati_factory.ActivityFactory.create(
            publisher=admin_group.publisher)

        data = {
            "iati_identifier": "WOPA",
            "publisher_id": activity.publisher.id
        }

        res = self.c.put(
            "/api/publishers/{}/activities/{}/?format=json".format(
                activity.publisher.id, activity.id),
            data,
            format='json'
        )

        self.assertEqual(res.status_code, 200)
    def test_remove_user_from_organisation_group_fail(self):
        """
        Make sure a normal user can't remove users from an admin group
        """
        organisation_group = OrganisationGroupFactory.create()
        user = OrganisationUserFactory.create(user__username='******')
        new_user = OrganisationUserFactory.create(user__username='******')

        # organisation_group.organisationuser_set.add(user)
        organisation_group.organisationuser_set.add(new_user)

        self.c.force_authenticate(user.user)

        res = self.c.delete(
            "/api/publishers/{}/group/{}?format=json".format(
                organisation_group.publisher.id, new_user.id),
            format='json'
        )

        self.assertEqual(res.status_code, 403)
    def test_remove_user_from_organisation_group_success(self):
        """
        Make sure a normal user can't remove users from an admin group
        """
        organisation_group = OrganisationGroupFactory.create()
        admin_group = OrganisationAdminGroupFactory.create()
        user = OrganisationUserFactory.create(user__username='******')
        new_user = OrganisationUserFactory.create(user__username='******')

        admin_group.organisationuser_set.add(user)
        organisation_group.organisationuser_set.add(user)
        organisation_group.organisationuser_set.add(new_user)

        self.c.force_authenticate(user.user)

        res = self.c.delete("/api/publishers/{}/group/{}?format=json".format(
            organisation_group.publisher.id, new_user.id),
                            format='json')

        self.assertEqual(res.status_code, 200)
    def test_get_organisation_users(self):
        """
        get a list of users within this organisation
        """
        organisation_group = OrganisationGroupFactory.create()
        user = OrganisationUserFactory.create(user__username='******')
        new_user = OrganisationUserFactory.create(user__username='******')

        organisation_group.organisationuser_set.add(user)
        organisation_group.organisationuser_set.add(new_user)

        self.c.force_authenticate(user.user)

        res = self.c.get(
            "/api/publishers/{}/group/?format=json".format(
                organisation_group.publisher.id), )

        self.assertEquals(res.data, [
            OrderedDict([('username', u'test1'), ('email', u'')]),
            OrderedDict([('username', u'test2'), ('email', u'')]),
        ])
    def test_get_organisation_users(self):
        """
        get a list of users within this organisation
        """
        organisation_group = OrganisationGroupFactory.create()
        user = OrganisationUserFactory.create(user__username='******')
        new_user = OrganisationUserFactory.create(user__username='******')

        organisation_group.organisationuser_set.add(user)
        organisation_group.organisationuser_set.add(new_user)

        self.c.force_authenticate(user.user)

        res = self.c.get(
            "/api/publishers/{}/group/?format=json".format(
                organisation_group.publisher.id),
        )

        self.assertEqual(res.data, [
            OrderedDict([('username', u'test1'), ('email', u'')]),
            OrderedDict([('username', u'test2'), ('email', u'')]),
        ])
    def test_cant_remove_admin(self):
        """
        Before an admin can be removed from the organization, he must be removed from the organisation admin group
        """
        organisation_group = OrganisationGroupFactory.create()
        admin_group = OrganisationAdminGroupFactory.create()
        user = OrganisationUserFactory.create(user__username='******')
        new_user = OrganisationUserFactory.create(user__username='******')

        admin_group.organisationuser_set.add(user)
        organisation_group.organisationuser_set.add(user)

        admin_group.organisationuser_set.add(new_user)
        organisation_group.organisationuser_set.add(new_user)

        self.c.force_authenticate(user.user)

        res = self.c.delete("/api/publishers/{}/group/{}?format=json".format(
            organisation_group.publisher.id, new_user.id),
                            format='json')

        self.assertEquals(res.status_code, 401)
    def test_user_cant_remove_owner(self):
        """
        Make sure the initial creator of the admin group can't be removed from
        the admin group
        """
        admin_group = OrganisationAdminGroupFactory.create()
        user = OrganisationUserFactory.create(user__username='******')
        new_user = OrganisationUserFactory.create(user__username='******')

        admin_group.organisationuser_set.add(new_user)
        admin_group.organisationuser_set.add(user)
        admin_group.owner = new_user
        admin_group.save()

        self.c.force_authenticate(user.user)

        res = self.c.delete(
            "/api/publishers/{}/admin-group/{}?format=json".format(
                admin_group.publisher.id, new_user.id),
            format='json'
        )

        self.assertEqual(res.status_code, 401)
Beispiel #20
0
    def test_verify_api_key_success(self):
        """
        An organization admin should be able to verify an API key
        """
        admin_group = OrganisationAdminGroupFactory.create()
        user = OrganisationUserFactory.create(user__username='******')

        admin_group.organisationuser_set.add(user)

        OrganisationFactory.create(organisation_identifier="NL-KVK-51018586")

        self.c.force_authenticate(user.user)

        data = {
            "apiKey": "this_is_mocked",
            "userId": "this_is_mocked",
        }

        res = self.c.post(
            "/api/publishers/api_key/verify/",
            data=data,
            format='json'
        )

        print(res.status_code)

        # test api key has been set on user
        updated_user = OrganisationUser.objects.get(pk=user.pk)
        self.assertEqual(updated_user.iati_api_key, data['apiKey'])

        # test publisher has been created
        publisher = Publisher.objects.all()[1]

        # test organisation groups have been created
        org_group = OrganisationGroup.objects.get(publisher=publisher)
        self.assertEqual(
            org_group.organisationuser_set.get(pk=updated_user.id),
            updated_user
        )

        org_admin_group = OrganisationAdminGroup.objects.get(
            publisher=publisher
        )
        self.assertEqual(
            org_admin_group.organisationuser_set.get(
                pk=updated_user.id), updated_user)
        self.assertEqual(org_admin_group.owner, updated_user)
    def setUp(self):
        user = OrganisationUserFactory.create(user__username='******')

        self.c.force_authenticate(user.user)