def test_user_access_other_user(self): """ Test that a user cannot edit/view another user application """ customer1 = create_random_customer() customer2 = create_random_customer() self.assertNotEqual(customer1, customer2) application1 = helpers.create_application(user=customer1) application2 = helpers.create_application(user=customer2) self.assertNotEqual(application1, application2) # login as user1 self.client.login(customer1.email) my_url = reverse('wl_applications:edit_application', args=[application1.pk]) response = self.client.get(my_url) self.assertEqual(302, response.status_code) forbidden_urls = [ reverse('wl_applications:edit_application', args=[application2.pk]), ] for forbidden_url in forbidden_urls: response = self.client.get(forbidden_url, follow=True) self.assertEqual(403, response.status_code)
def test_user_access_other_user(self): """ Test that a user cannot edit/view another user application """ customer1 = create_random_customer() customer2 = create_random_customer() self.assertNotEqual(customer1, customer2) application1 = helpers.create_application(user=customer1) application2 = helpers.create_application(user=customer2) self.assertNotEqual(application1, application2) # login as user1 self.client.login(customer1.email) my_url = reverse('wl_applications:edit_application', args=[application1.pk]) response = self.client.get(my_url) self.assertEqual(302, response.status_code) forbidden_urls = [ reverse('wl_applications:edit_application', args=[application2.pk]), ] for forbidden_url in forbidden_urls: response = self.client.get(forbidden_url, follow=True) self.assertEqual(403, response.status_code)
def test_edit_application(self): """ Testing that a user can edit an application that was either draft or requiring amendments """ application = helpers.create_application(user=self.customer) application.customer_status = 'draft' application.save() application.refresh_from_db() self.client.login(self.customer.email) response = self.client.get(reverse('wl_applications:edit_application', args=(application.pk,)), follow=True) # check that client will be redirected to the enter details page self.assertRedirects(response, reverse('wl_applications:enter_details'), status_code=302, target_status_code=200) # check that the data contained in the context is the same as the application data self.assertEquals(application.data, response.context['application'].data) helpers.delete_application_session(self.client) # check that an application that's not in an editable state can't be edited application.customer_status = 'under_review' application.save() response = self.client.get(reverse('wl_applications:edit_application', args=(application.pk,))) self.assertEqual(response.status_code, 403)
def test_not_submitted_draft_are_deleted(self): """ This is the happy path and the only use case where the application can be deleted. User create application, save as draft and delete it """ self.client.login(self.applicant.email) application = helpers.create_application(self.applicant) self.assertEquals(application.customer_status, 'temp') self.assertFalse(application.is_discardable) # save application as a draft helpers.set_application_session(self.client, application) pk = self.client.session['application_id'] self.assertEqual(application.pk, pk) url = reverse('wl_applications:enter_details') data = {'draft': 'draft'} resp = self.client.post(url, data=data, follow=True) self.assertEqual(resp.status_code, 200) application.refresh_from_db() self.assertEquals(application.customer_status, 'draft') # application should now be discardable self.assertTrue(application.is_discardable) # and deletable self.assertTrue(application.is_deletable) # discard url = reverse('wl_applications:discard_application', args=[application.pk]) # the get should not delete but return a confirm page previous_processing_status = application.processing_status previous_customer_status = application.customer_status resp = self.client.get(url, follow=True) self.assertEquals(resp.status_code, 200) # test that there's a cancel_url in the context of the response and an action_url that is set to the proper url self.assertTrue('cancel_url' in resp.context) self.assertEqual(resp.context['cancel_url'], reverse('wl_dashboard:home')) self.assertTrue('action_url' in resp.context) self.assertEquals(resp.context['action_url'], url) # Application should not be deleted application = Application.objects.filter(pk=application.pk).first() self.assertIsNotNone(application) # status should be unchanged self.assertEqual(application.processing_status, previous_processing_status) self.assertEqual(application.customer_status, previous_customer_status) # actual discard resp = self.client.post(url, data=None, follow=True) self.assertEquals(resp.status_code, 200) # Application should now be deleted application = Application.objects.filter(pk=application.pk).first() self.assertIsNone(application)
def test_not_submitted_draft_are_deleted(self): """ This is the happy path and the only use case where the application can be deleted. User create application, save as draft and delete it """ self.client.login(self.applicant.email) application = helpers.create_application(self.applicant) self.assertEquals(application.customer_status, 'temp') self.assertFalse(application.is_discardable) # save application as a draft helpers.set_application_session(self.client, application) pk = self.client.session['application_id'] self.assertEqual(application.pk, pk) url = reverse('wl_applications:enter_details') data = { 'draft': 'draft' } resp = self.client.post(url, data=data, follow=True) self.assertEqual(resp.status_code, 200) application.refresh_from_db() self.assertEquals(application.customer_status, 'draft') # application should now be discardable self.assertTrue(application.is_discardable) # and deletable self.assertTrue(application.is_deletable) # discard url = reverse('wl_applications:discard_application', args=[application.pk]) # the get should not delete but return a confirm page previous_processing_status = application.processing_status previous_customer_status = application.customer_status resp = self.client.get(url, follow=True) self.assertEquals(resp.status_code, 200) # test that there's a cancel_url in the context of the response and an action_url that is set to the proper url self.assertTrue('cancel_url' in resp.context) self.assertEqual(resp.context['cancel_url'], reverse('wl_dashboard:home')) self.assertTrue('action_url' in resp.context) self.assertEquals(resp.context['action_url'], url) # Application should not be deleted application = Application.objects.filter(pk=application.pk).first() self.assertIsNotNone(application) # status should be unchanged self.assertEqual(application.processing_status, previous_processing_status) self.assertEqual(application.customer_status, previous_customer_status) # actual discard resp = self.client.post(url, data=None, follow=True) self.assertEquals(resp.status_code, 200) # Application should now be deleted application = Application.objects.filter(pk=application.pk).first() self.assertIsNone(application)
def test_user_not_logged_is_redirected_to_login(self): """ A user not logged in should be redirected to the login page and not see a 403 """ customer1 = create_random_customer() application = helpers.create_application(user=customer1) self.assertEqual('draft', application.customer_status) my_urls = [ reverse('applications:edit_application', args=[application.licence_type.code, application.pk]), reverse('applications:enter_details_existing_application', args=[application.licence_type.code, application.pk]), reverse('applications:preview', args=[application.licence_type.code, application.pk]) ] for url in my_urls: response = self.client.get(url, follow=True) self.assertEqual(200, response.status_code, msg="Wrong status code {1} for {0}".format(url, response.status_code)) self.assertTrue(is_login_page(response)) # lodge the application self.client.login(customer1.email) url = reverse('applications:preview', args=[application.licence_type.code, application.pk]) session = self.client.session session['application'] = { 'customer_pk': customer1.pk, 'profile_pk': application.applicant_profile.pk, 'data': { 'project_title': 'Test' } } session.save() self.client.post(url) application.refresh_from_db() self.assertEqual('under_review', application.customer_status) # logout self.client.logout() for url in my_urls: response = self.client.get(url, follow=True) self.assertEqual(200, response.status_code) self.assertTrue(is_login_page(response))
def test_user_access_lodged(self): """ Once the application if lodged the user should not be able to edit it """ customer1 = create_random_customer() # login as user1 self.client.login(customer1.email) application = helpers.create_application(user=customer1) self.assertEqual('draft', application.customer_status) my_urls = [ reverse('wl_applications:edit_application', args=[application.licence_type.code_slug, application.pk]), reverse('wl_applications:enter_details_existing_application', args=[application.licence_type.code_slug, application.pk]), reverse('wl_applications:preview', args=[application.licence_type.code_slug, application.pk]) ] for url in my_urls: response = self.client.get(url, follow=True) self.assertEqual(200, response.status_code, msg="Wrong status code {1} for {0}".format(url, response.status_code)) # lodge the application url = reverse('wl_applications:preview', args=[application.licence_type.code_slug, application.pk]) session = self.client.session session['application'] = { 'customer_pk': customer1.pk, 'profile_pk': application.applicant_profile.pk, 'data': { 'project_title': 'Test' } } session.save() self.client.post(url) application.refresh_from_db() self.assertEqual('under_review', application.customer_status) for url in my_urls: response = self.client.get(url, follow=True) self.assertEqual(403, response.status_code)
def test_multiple_application_entry_denied(self): """ Testing the if a user is in the process of entering an application and attempts to start/edit/renew/amend another application, they are redirected back to home """ entry_denied_message = ('There is currently another application in the process of being entered. Please ' + 'conclude or save this application before creating a new one. If you are seeing this ' + 'message and there is not another application being entered, you may need to '+ '<a href="{}">logout</a> and log in again.').format(reverse('accounts:logout')) self.client.login(self.customer.email) response = self.client.get(reverse('wl_applications:new_application')) self.assertRedirects(response, reverse('wl_applications:select_licence_type'), status_code=302, target_status_code=200, fetch_redirect_response=False) # attempt to start another new licence application response = self.client.get(reverse('wl_applications:new_application'), follow=True) self.assertRedirects(response, reverse('wl_dashboard:tables_customer'), status_code=302, target_status_code=200, fetch_redirect_response=False) self.assertIn('messages', response.context) self.assertEquals(len(response.context['messages']), 1) self.assertEquals([str(m.message) for m in response.context['messages']][0], entry_denied_message) application = helpers.create_application(user=self.customer) # attempt to edit an application response = self.client.get(reverse('wl_applications:edit_application', args=(application.pk, )), follow=True) self.assertRedirects(response, reverse('wl_dashboard:tables_customer'), status_code=302, target_status_code=200, fetch_redirect_response=False) self.assertIn('messages', response.context) self.assertEquals(len(response.context['messages']), 1) self.assertEquals([str(m.message) for m in response.context['messages']][0], entry_denied_message) application = helpers.create_and_lodge_application(user=self.customer) licence = helpers.issue_licence(application, licence_data = { 'end_date': date.today() + relativedelta(days=30), 'is_renewable': True }) # attempt to renew a licence response = self.client.get(reverse('wl_applications:renew_licence', args=(licence.pk, )), follow=True) self.assertRedirects(response, reverse('wl_dashboard:tables_customer'), status_code=302, target_status_code=200, fetch_redirect_response=False) self.assertIn('messages', response.context) self.assertEquals(len(response.context['messages']), 1) self.assertEquals([str(m.message) for m in response.context['messages']][0], entry_denied_message) response = self.client.get(reverse('wl_applications:amend_licence', args=(licence.pk, )), follow=True ) # attempt to amend a licence self.assertRedirects(response, reverse('wl_dashboard:tables_customer'), status_code=302, target_status_code=200, fetch_redirect_response=False) self.assertIn('messages', response.context) self.assertEquals(len(response.context['messages']), 1) self.assertEquals([str(m.message) for m in response.context['messages']][0], entry_denied_message)