Beispiel #1
0
 def test_note_get(self):
     self._add_notes_to_data_point()
     view = NoteViewSet.as_view({"get": "retrieve"})
     request = self.factory.get("/", **self.extra)
     response = view(request, pk=self.pk)
     self.assertEqual(response.status_code, 200)
     self.assertDictContainsSubset(self.note, response.data)
Beispiel #2
0
    def test_other_user_notes_access(self):
        self._create_user_and_login("lilly", "1234")
        extra = {"HTTP_AUTHORIZATION": "Token %s" % self.user.auth_token}
        note = {"note": u"Road Warrior"}
        dataid = self.xform.instances.all()[0].pk
        note["instance"] = dataid

        # Other user 'lilly' should not be able to create notes
        # to xform instance owned by 'bob'
        request = self.factory.post("/", data=note, **extra)
        self.assertTrue(self.xform.instances.count())
        response = self.view(request)
        self.assertEqual(response.status_code, 403)

        # save some notes
        self._add_notes_to_data_point()

        # access to /notes endpoint,should be empty list
        request = self.factory.get("/", **extra)
        response = self.view(request)
        self.assertEqual(response.status_code, 200)

        self.assertEqual(response.data, [])
        # Other user 'lilly' should not have access to bob's instance notes
        view = NoteViewSet.as_view({"get": "retrieve"})
        request = self.factory.get("/", **extra)
        response = view(request, pk=self.pk)
        self.assertEqual(response.status_code, 404)
Beispiel #3
0
 def test_note_get(self):
     self._add_notes_to_data_point()
     view = NoteViewSet.as_view({'get': 'retrieve'})
     request = self.factory.get('/', **self.extra)
     response = view(request, pk=self.pk)
     self.assertEqual(response.status_code, 200)
     self.assertDictContainsSubset(self.note, response.data)
Beispiel #4
0
    def test_other_user_notes_access(self):
        self._create_user_and_login('lilly', '1234')
        extra = {'HTTP_AUTHORIZATION': 'Token %s' % self.user.auth_token}
        note = {'note': u"Road Warrior"}
        dataid = self.xform.instances.first().pk
        note['instance'] = dataid

        # Other user 'lilly' should not be able to create notes
        # to xform instance owned by 'bob'
        request = self.factory.post('/', data=note)
        self.assertTrue(self.xform.instances.count())
        response = self.view(request)
        self.assertEqual(response.status_code, 401)

        # save some notes
        self._add_notes_to_data_point()

        # access to /notes endpoint,should be empty list
        request = self.factory.get('/', **extra)
        response = self.view(request)
        self.assertEqual(response.status_code, 200)

        self.assertEqual(response.data, [])

        # Other user 'lilly' sees an empty list when accessing bob's notes
        view = NoteViewSet.as_view({'get': 'retrieve'})
        query_params = {"instance": dataid}
        request = self.factory.get('/', data=query_params, **extra)
        response = view(request, pk=self.pk)
        self.assertEqual(response.status_code, 200)
        self.assertEqual(response.data, [])
Beispiel #5
0
    def test_other_user_notes_access(self):
        self._create_user_and_login('lilly', '1234')
        extra = {'HTTP_AUTHORIZATION': 'Token %s' % self.user.auth_token}
        note = {'note': "Road Warrior"}
        dataid = self.xform.instances.all()[0].pk
        note['instance'] = dataid

        # Other user 'lilly' should not be able to create notes
        # to xform instance owned by 'bob'
        request = self.factory.post('/', data=note, **extra)
        self.assertTrue(self.xform.instances.count())
        response = self.view(request)
        self.assertEqual(response.status_code, 403)

        # save some notes as bob
        self._add_notes_to_data_point()

        # access to /notes endpoint, should be empty list
        request = self.factory.get('/', **extra)
        response = self.view(request)
        self.assertEqual(response.status_code, 200)
        self.assertEqual(response.data, [])

        # Other user 'lilly' should not have access to bob's instance notes
        view = NoteViewSet.as_view({'get': 'retrieve'})
        request = self.factory.get('/', **extra)
        response = view(request, pk=self.pk)
        self.assertEqual(response.status_code, 404)

        # Share publicly XForm
        self.xform.shared = True
        self.xform.shared_data = True
        self.xform.save()

        # Since project is public, other user 'lilly' should have access
        # to bob's instance notes
        # Detail endpoint
        request = self.factory.get('/', **extra)
        response = view(request, pk=self.pk)
        self.assertEqual(response.status_code, 200)
        self.assertEqual(response.data.get('note'), note['note'])

        # List endpoint
        request = self.factory.get('/', **extra)
        response = self.view(request)
        self.assertEqual(response.status_code, 200)
        self.assertEqual(len(response.data), 1)

        # Anonymous user should also have access to bob's instance notes
        # Detail endpoint
        request = self.factory.get('/')
        response = view(request, pk=self.pk)
        self.assertEqual(response.status_code, 200)
        self.assertEqual(response.data.get('note'), note['note'])

        # But Anonymous user cannot still list notes
        # List endpoint
        request = self.factory.get('/')
        response = self.view(request)
        self.assertEqual(response.status_code, 401)
Beispiel #6
0
 def setUp(self):
     super(self.__class__, self).setUp()
     self._create_user_and_login()
     self._publish_transportation_form()
     self._make_submissions()
     self.view = NoteViewSet.as_view({"get": "list", "post": "create", "delete": "destroy"})
     self.factory = RequestFactory()
     self.extra = {"HTTP_AUTHORIZATION": "Token %s" % self.user.auth_token}
Beispiel #7
0
    def test_note_get(self):
        self._add_notes_to_data_point()
        view = NoteViewSet.as_view({'get': 'retrieve'})
        request = self.factory.get('/', **self.extra)
        response = view(request, pk=self.pk)

        self.assertEqual(response.status_code, 200)
        self.assertEqual(response.data['owner'], self.user.username)
        self.assertDictContainsSubset(self.note, response.data)
Beispiel #8
0
 def setUp(self):
     super(TestNoteViewSet, self).setUp()
     self._create_user_and_login()
     self._publish_transportation_form()
     self._make_submissions()
     self.view = NoteViewSet.as_view({
         'get': 'list',
         'post': 'create',
         'delete': 'destroy'
     })
     self.factory = RequestFactory()
     self.extra = {'HTTP_AUTHORIZATION': 'Token %s' % self.user.auth_token}
Beispiel #9
0
    def test_get_note_for_specific_instance(self):
        self._add_notes_to_data_point()
        view = NoteViewSet.as_view({'get': 'retrieve'})

        instance = self.xform.instances.first()

        query_params = {"instance": instance.id}
        request = self.factory.get('/', data=query_params, **self.extra)
        response = view(request, pk=self.pk)
        self.assertEqual(response.status_code, 200)
        self.assertDictContainsSubset(self.note, response.data)

        second_instance = self.xform.instances.last()
        query_params = {"instance": second_instance.id}
        request = self.factory.get('/', data=query_params, **self.extra)
        response = view(request, pk=self.pk)

        self.assertEqual(response.status_code, 200)
        self.assertListEqual(response.data, [])
Beispiel #10
0
    def test_dataview_notes_added_to_data(self):
        # Create note
        view = NoteViewSet.as_view({'post': 'create'})
        comment = u"Dataview note"
        note = {'note': comment}
        data_id = self.xform.instances.all().order_by('pk')[0].pk
        note['instance'] = data_id
        request = self.factory.post('/', data=note, **self.extra)
        self.assertTrue(self.xform.instances.count())
        response = view(request)
        self.assertEqual(response.status_code, 201)

        # Get dataview with added notes
        data = {
            'name': "My Dataview",
            'xform': 'http://testserver/api/v1/forms/%s' % self.xform.pk,
            'project':
            'http://testserver/api/v1/projects/%s' % self.project.pk,
            'columns': '["age"]',
        }
        self._create_dataview(data=data)
        view = DataViewViewSet.as_view({'get': 'data'})
        request = self.factory.get('/', **self.extra)
        response = view(request, pk=self.data_view.pk)
        self.assertEquals(response.status_code, 200)
        self.assertEquals(len(response.data), 8)
        data_with_notes = \
            (d for d in response.data if d["_id"] == data_id).next()
        self.assertIn("_notes", data_with_notes)
        self.assertEquals([{
            'created_by': self.user.id,
            'id': 1,
            'instance_field': None,
            'note': comment,
            'owner': self.user.username
        }], data_with_notes["_notes"])