def test_no_access_to_questionnaire_api_for_anonymous():
questionnaire = factories.QuestionnaireFactory()
# retrieve is never allowed
response = utils.get_resource_without_login(client, 'questionnaire',
questionnaire.id)
assert response.status_code == 403
# update
payload = make_update_payload(questionnaire)
response = utils.update_resource_without_login(client, 'questionnaire',
payload)
assert response.status_code == 403
# delete is never allowed
response = utils.delete_resource_without_login(client, 'questionnaire',
questionnaire.id)
assert response.status_code == 403
# create
clear_saved_data()
payload = make_create_payload(questionnaire.control.id)
response = utils.create_resource_without_login(client, 'questionnaire',
payload)
assert response.status_code == 403
assert_no_data_is_saved()
def test_cannot_get_control_for_anonymous():
control = factories.ControlFactory()
response = utils.get_resource_without_login(client, 'control', control.id)
assert response.status_code == 403
def test_no_access_to_question_api_for_anonymous():
question = factories.QuestionFactory()
response = utils.get_resource_without_login(client, 'question',
question.id)
assert response.status_code == 403
def test_cannot_get_response_file_if_user_not_logged_in():
response_file = factories.ResponseFileFactory()
response = utils.get_resource_without_login(client, 'response-file', response_file.id)
assert response.status_code == 403
def test_no_access_to_theme_api_for_anonymous():
theme = factories.ThemeFactory()
response = utils.get_resource_without_login(client, 'theme', theme.id)
assert response.status_code == 403