def test_shows_logged_in_users_organisations(self): me = UserFactory.create(last_login=datetime.datetime(2019, 6, 3, 16, 35, 0, 0, pytz.UTC)) my_org = OrganisationFactory.create() AssessmentFactory.create(owner=me, organisation=my_org) AssessmentFactory.create(owner=me, organisation=my_org) my_org.members.add(me) OrganisationFactory.create() # make another organisation: it shouldn't show up self.client.force_authenticate(me) response = self.client.get("/api/v1/organisations/") assert response.status_code == status.HTTP_200_OK expected = [ OrderedDict([ ("id", f"{my_org.id}"), ("name", my_org.name), ("assessments", 2), ("members", [ { "userid": f"{me.id}", "name": me.username, "last_login": me.last_login.isoformat(), } ]), ]), ] assert expected == response.data
def test_returns_all_assessments_connected_to_organisation(self): AssessmentFactory.create(organisation=self.organisation) AssessmentFactory.create(organisation=self.organisation) AssessmentFactory.create() AssessmentFactory.create(organisation=OrganisationFactory.create()) self.call_and_assert_number_of_returns_assessments(2)
def test_returns_assessments_with_expected_result_structure(self): user = UserFactory.create() self.client.force_authenticate(user) with freeze_time("2019-06-01T16:35:34Z"): a1 = AssessmentFactory.create( name="test assessment 1", description="test description", data={"foo": "bar"}, openbem_version="10.1.1", owner=user, ) response = self.client.get("/api/v1/assessments/") expected_structure = { "id": "{}".format(a1.pk), "created_at": "2019-06-01T16:35:34Z", "updated_at": "2019-06-01T16:35:34Z", "mdate": "1559406934", "status": "In progress", "openbem_version": "10.1.1", "name": "test assessment 1", "description": "test description", "author": user.username, "userid": f"{user.id}", } assert expected_structure == response.data.pop()
def test_returns_structure_as_expected(self): with freeze_time("2019-06-01T16:35:34Z"): assessment = AssessmentFactory.create( name="test assessment 1", description="test description", data={"foo": "bar"}, openbem_version="10.1.1", owner=self.org_member, organisation=self.organisation ) self.client.force_authenticate(self.org_member) response = self.client.get(f"/api/v1/organisations/{self.organisation.pk}/assessments/") expected_result = { "id": "{}".format(assessment.pk), "created_at": "2019-06-01T16:35:34Z", "updated_at": "2019-06-01T16:35:34Z", "mdate": "1559406934", "status": "In progress", "openbem_version": "10.1.1", "name": "test assessment 1", "description": "test description", "author": self.org_member.username, "userid": f"{self.org_member.id}", } assert expected_result == response.data.pop()
def test_owner_who_isnt_organisation_member_can_access(self): assessment = AssessmentFactory.create() self.client.force_authenticate(assessment.owner) self.call_endpoint_and_assert( assessment, True, )
def test_unauthenticated_user_cannot_access(self): assessment = AssessmentFactory.create() self.call_endpoint_and_assert( assessment, False, "Authentication credentials were not provided.", )
def test_returns_not_found_if_not_owner(self): someone_else = UserFactory.create() someone_else.set_password("foo") someone_else.save() someone_elses_assessment = AssessmentFactory.create(owner=someone_else) self.client.login(username=self.me.username, password="******") not_my_assessment_url = f"/assessments/{someone_elses_assessment.pk}/" response = self.client.get(not_my_assessment_url) assert status.HTTP_404_NOT_FOUND == response.status_code
def test_user_who_isnt_owner_and_isnt_organisation_member_cannot_access( self): assessment = AssessmentFactory.create() non_owner = UserFactory.create() self.client.force_authenticate(non_owner) self.call_endpoint_and_assert( assessment, False, "You do not have permission to perform this action.")
def test_organisation_member_who_isnt_owner_can_access(self): organisation = OrganisationFactory.create() assessment = AssessmentFactory.create(organisation=organisation) org_member = UserFactory.create() organisation.members.add(org_member) self.client.force_authenticate(org_member) self.call_endpoint_and_assert( assessment, True, )
def test_returns_only_assessments_connected_to_the_organisation(self): second_org = OrganisationFactory.create() second_org.members.add(self.org_member) AssessmentFactory.create(organisation=self.organisation) AssessmentFactory.create(organisation=self.organisation) AssessmentFactory.create(organisation=second_org) self.call_and_assert_number_of_returns_assessments(2)
def test_only_returns_assessments_for_logged_in_user(self): me = UserFactory.create() someone_else = UserFactory.create() self.client.force_authenticate(me) AssessmentFactory.create(owner=me) AssessmentFactory.create(owner=me) AssessmentFactory.create(owner=someone_else) response = self.client.get("/api/v1/assessments/") assert response.status_code == status.HTTP_200_OK assert 2 == len(response.data)
def test_doesnt_return_assessments_in_connected_organisation(self): user = UserFactory.create() organisation = OrganisationFactory.create() organisation.members.add(user) self.client.force_authenticate(user) AssessmentFactory.create(owner=user) AssessmentFactory.create(owner=user) AssessmentFactory.create(organisation=organisation) response = self.client.get("/api/v1/assessments/") assert response.status_code == status.HTTP_200_OK assert 2 == len(response.data)
def setUpClass(cls): super().setUpClass() cls.me = UserFactory() cls.me.set_password("foo") cls.me.save() cls.my_assessment = AssessmentFactory.create(owner=cls.me)
def assessment() -> Assessment: return AssessmentFactory()
def test_returns_forbidden_if_not_logged_in(self): AssessmentFactory.create(organisation=self.organisation) response = self.client.get(f"/api/v1/organisations/{self.organisation.pk}/assessments/") assert status.HTTP_403_FORBIDDEN == response.status_code assert {"detail": "Authentication credentials were not provided."} == response.json()
def test_doesnt_return_own_assessments_that_arent_connected_to_organisation(self): AssessmentFactory.create(owner=self.org_member) self.call_and_assert_number_of_returns_assessments(0)