def test_note_get(self):
self._add_notes_to_data_point()
view = NoteViewSet.as_view({"get": "retrieve"})
request = self.factory.get("/", **self.extra)
response = view(request, pk=self.pk)
self.assertEqual(response.status_code, 200)
self.assertDictContainsSubset(self.note, response.data)
def test_other_user_notes_access(self):
self._create_user_and_login("lilly", "1234")
extra = {"HTTP_AUTHORIZATION": "Token %s" % self.user.auth_token}
note = {"note": u"Road Warrior"}
dataid = self.xform.instances.all()[0].pk
note["instance"] = dataid
# Other user 'lilly' should not be able to create notes
# to xform instance owned by 'bob'
request = self.factory.post("/", data=note, **extra)
self.assertTrue(self.xform.instances.count())
response = self.view(request)
self.assertEqual(response.status_code, 403)
# save some notes
self._add_notes_to_data_point()
# access to /notes endpoint,should be empty list
request = self.factory.get("/", **extra)
response = self.view(request)
self.assertEqual(response.status_code, 200)
self.assertEqual(response.data, [])
# Other user 'lilly' should not have access to bob's instance notes
view = NoteViewSet.as_view({"get": "retrieve"})
request = self.factory.get("/", **extra)
response = view(request, pk=self.pk)
self.assertEqual(response.status_code, 404)
def test_note_get(self):
self._add_notes_to_data_point()
view = NoteViewSet.as_view({'get': 'retrieve'})
request = self.factory.get('/', **self.extra)
response = view(request, pk=self.pk)
self.assertEqual(response.status_code, 200)
self.assertDictContainsSubset(self.note, response.data)
def test_other_user_notes_access(self):
self._create_user_and_login('lilly', '1234')
extra = {'HTTP_AUTHORIZATION': 'Token %s' % self.user.auth_token}
note = {'note': u"Road Warrior"}
dataid = self.xform.instances.first().pk
note['instance'] = dataid
# Other user 'lilly' should not be able to create notes
# to xform instance owned by 'bob'
request = self.factory.post('/', data=note)
self.assertTrue(self.xform.instances.count())
response = self.view(request)
self.assertEqual(response.status_code, 401)
# save some notes
self._add_notes_to_data_point()
# access to /notes endpoint,should be empty list
request = self.factory.get('/', **extra)
response = self.view(request)
self.assertEqual(response.status_code, 200)
self.assertEqual(response.data, [])
# Other user 'lilly' sees an empty list when accessing bob's notes
view = NoteViewSet.as_view({'get': 'retrieve'})
query_params = {"instance": dataid}
request = self.factory.get('/', data=query_params, **extra)
response = view(request, pk=self.pk)
self.assertEqual(response.status_code, 200)
self.assertEqual(response.data, [])
def test_other_user_notes_access(self):
self._create_user_and_login('lilly', '1234')
extra = {'HTTP_AUTHORIZATION': 'Token %s' % self.user.auth_token}
note = {'note': "Road Warrior"}
dataid = self.xform.instances.all()[0].pk
note['instance'] = dataid
# Other user 'lilly' should not be able to create notes
# to xform instance owned by 'bob'
request = self.factory.post('/', data=note, **extra)
self.assertTrue(self.xform.instances.count())
response = self.view(request)
self.assertEqual(response.status_code, 403)
# save some notes as bob
self._add_notes_to_data_point()
# access to /notes endpoint, should be empty list
request = self.factory.get('/', **extra)
response = self.view(request)
self.assertEqual(response.status_code, 200)
self.assertEqual(response.data, [])
# Other user 'lilly' should not have access to bob's instance notes
view = NoteViewSet.as_view({'get': 'retrieve'})
request = self.factory.get('/', **extra)
response = view(request, pk=self.pk)
self.assertEqual(response.status_code, 404)
# Share publicly XForm
self.xform.shared = True
self.xform.shared_data = True
self.xform.save()
# Since project is public, other user 'lilly' should have access
# to bob's instance notes
# Detail endpoint
request = self.factory.get('/', **extra)
response = view(request, pk=self.pk)
self.assertEqual(response.status_code, 200)
self.assertEqual(response.data.get('note'), note['note'])
# List endpoint
request = self.factory.get('/', **extra)
response = self.view(request)
self.assertEqual(response.status_code, 200)
self.assertEqual(len(response.data), 1)
# Anonymous user should also have access to bob's instance notes
# Detail endpoint
request = self.factory.get('/')
response = view(request, pk=self.pk)
self.assertEqual(response.status_code, 200)
self.assertEqual(response.data.get('note'), note['note'])
# But Anonymous user cannot still list notes
# List endpoint
request = self.factory.get('/')
response = self.view(request)
self.assertEqual(response.status_code, 401)
def setUp(self):
super(self.__class__, self).setUp()
self._create_user_and_login()
self._publish_transportation_form()
self._make_submissions()
self.view = NoteViewSet.as_view({"get": "list", "post": "create", "delete": "destroy"})
self.factory = RequestFactory()
self.extra = {"HTTP_AUTHORIZATION": "Token %s" % self.user.auth_token}
def test_note_get(self):
self._add_notes_to_data_point()
view = NoteViewSet.as_view({'get': 'retrieve'})
request = self.factory.get('/', **self.extra)
response = view(request, pk=self.pk)
self.assertEqual(response.status_code, 200)
self.assertEqual(response.data['owner'], self.user.username)
self.assertDictContainsSubset(self.note, response.data)
def setUp(self):
super(TestNoteViewSet, self).setUp()
self._create_user_and_login()
self._publish_transportation_form()
self._make_submissions()
self.view = NoteViewSet.as_view({
'get': 'list',
'post': 'create',
'delete': 'destroy'
})
self.factory = RequestFactory()
self.extra = {'HTTP_AUTHORIZATION': 'Token %s' % self.user.auth_token}
def test_get_note_for_specific_instance(self):
self._add_notes_to_data_point()
view = NoteViewSet.as_view({'get': 'retrieve'})
instance = self.xform.instances.first()
query_params = {"instance": instance.id}
request = self.factory.get('/', data=query_params, **self.extra)
response = view(request, pk=self.pk)
self.assertEqual(response.status_code, 200)
self.assertDictContainsSubset(self.note, response.data)
second_instance = self.xform.instances.last()
query_params = {"instance": second_instance.id}
request = self.factory.get('/', data=query_params, **self.extra)
response = view(request, pk=self.pk)
self.assertEqual(response.status_code, 200)
self.assertListEqual(response.data, [])
def test_dataview_notes_added_to_data(self):
# Create note
view = NoteViewSet.as_view({'post': 'create'})
comment = u"Dataview note"
note = {'note': comment}
data_id = self.xform.instances.all().order_by('pk')[0].pk
note['instance'] = data_id
request = self.factory.post('/', data=note, **self.extra)
self.assertTrue(self.xform.instances.count())
response = view(request)
self.assertEqual(response.status_code, 201)
# Get dataview with added notes
data = {
'name': "My Dataview",
'xform': 'http://testserver/api/v1/forms/%s' % self.xform.pk,
'project':
'http://testserver/api/v1/projects/%s' % self.project.pk,
'columns': '["age"]',
}
self._create_dataview(data=data)
view = DataViewViewSet.as_view({'get': 'data'})
request = self.factory.get('/', **self.extra)
response = view(request, pk=self.data_view.pk)
self.assertEquals(response.status_code, 200)
self.assertEquals(len(response.data), 8)
data_with_notes = \
(d for d in response.data if d["_id"] == data_id).next()
self.assertIn("_notes", data_with_notes)
self.assertEquals([{
'created_by': self.user.id,
'id': 1,
'instance_field': None,
'note': comment,
'owner': self.user.username
}], data_with_notes["_notes"])
