def test_employments_list(employment: Employment, other_user: User, other_company: Company): """ Employments can be listed by existing employees of a company. Users should see only employees of companies they themselves belong to. """ user = employment.user client = APIClient() client.force_authenticate(user) Employment.objects.create(company=other_company, user=other_user, role=Employment.ROLE_ADMIN) assert Employment.objects.count() == 2 # Ensure we only get a single employment back - the one belonging to the company we're in. resp = client.get(client.reverse('employment-list')) resp_data = validate_jsonapi_list_response( resp, expected_count=1, expected_attributes=ATTRIBUTES_LIST, expected_relationships=RELATIONSHIPS_LIST, ) assert set(item['id'] for item in resp_data['data']) == {str(employment.company_id)}
def test_employments_list_public(): """ Employees cannot be listed anonymously. """ client = APIClient() resp = client.get(client.reverse('employment-list')) validate_jsonapi_error_response(resp, 403)
def test_employments_details_public(other_employment: Employment): """ Employment details cannot be viewed anonymously. """ client = APIClient() resp = client.get( client.reverse('employment-detail', pk=other_employment.pk)) validate_jsonapi_error_response(resp, 403)
def do_test_company_listing(client: APIClient, batch_size=5): CompanyFactory.create_batch(batch_size) resp = client.get(client.reverse('company-list')) validate_jsonapi_list_response( resp, expected_count=batch_size, expected_attributes=ATTRIBUTES_LIST, expected_relationships=RELATIONSHIPS_LIST, )
def test_employments_details_unrelated(user: User, other_employment: Employment): """ Employment details cannot be viewed by an unrelated user (non-employee). """ client = APIClient() client.force_authenticate(user) resp = client.get( client.reverse('employment-detail', pk=other_employment.pk)) validate_jsonapi_error_response(resp, 404)
def test_companies_details_public(company: Company): """ Company details can also be viewed anonymously, only basic information is returned. """ client = APIClient() resp = client.get(client.reverse('company-detail', pk=company.pk)) validate_jsonapi_detail_response( resp, expected_attributes=ATTRIBUTES_PUBLIC, expected_relationships=RELATIONSHIPS_PUBLIC, )
def test_companies_details_unrelated(user: User, other_company: Company): """ Company details can be viewed by an unrelated user (non-employee), but only basic information is returned. """ client = APIClient() client.force_authenticate(user) resp = client.get(client.reverse('company-detail', pk=other_company.pk)) validate_jsonapi_detail_response( resp, expected_attributes=ATTRIBUTES_PUBLIC, expected_relationships=RELATIONSHIPS_PUBLIC, )
def test_companies_details_employee(employment: Employment): """ Company details can be viewed by an employee, and full information is returned. """ client = APIClient() client.force_authenticate(employment.user) resp = client.get( client.reverse('company-detail', pk=employment.company.pk)) validate_jsonapi_detail_response( resp, expected_attributes=ATTRIBUTES_FULL, expected_relationships=RELATIONSHIPS_FULL, )
def test_employments_details_employee(employment: Employment, other_user: User): """ Employment details can be viewed by an employee, and full information is returned. """ company = employment.company other_employment = Employment.objects.create(company=company, user=other_user, role=Employment.ROLE_NORMAL) client = APIClient() client.force_authenticate(employment.user) resp = client.get( client.reverse('employment-detail', pk=other_employment.pk)) validate_jsonapi_detail_response( resp, expected_attributes=ATTRIBUTES_FULL, expected_relationships=RELATIONSHIPS_FULL, )