def test_check_access_perms_detects_organization_admins(self):
org_user = OrganizationUserFactory(is_admin=True)
org = org_user.organization
user = org_user.user
org_user_delete_view = CustomOrganizationUserDelete()
org_user_delete_view.kwargs = {'organization_pk': org.pk}
self.assertIsNone(org_user_delete_view._check_access_perms(user))
def test_check_access_perms_detects_organization_admins(self):
org_user = OrganizationUserFactory(is_admin=True)
org = org_user.organization
user = org_user.user
org_user_delete_view = CustomOrganizationUserDelete()
org_user_delete_view.kwargs = {'organization_pk': org.pk}
self.assertIsNone(org_user_delete_view._check_access_perms(user))
def test_check_access_perms_doesnt_detect_normal_users(self):
org_user = OrganizationUserFactory()
org = org_user.organization
user = org_user.user
org_user_delete_view = CustomOrganizationUserDelete()
org_user_delete_view.kwargs = {'organization_pk': org.pk}
self.assertIsInstance(
org_user_delete_view._check_access_perms(user),
HttpResponseForbidden)
def test_check_access_perms_doesnt_detect_normal_users(self):
org_user = OrganizationUserFactory()
org = org_user.organization
user = org_user.user
org_user_delete_view = CustomOrganizationUserDelete()
org_user_delete_view.kwargs = {'organization_pk': org.pk}
self.assertIsInstance(
org_user_delete_view._check_access_perms(user),
HttpResponseForbidden)
def test_delete_deletes_the_unused_permissions(self):
org_user_delete_view = CustomOrganizationUserDelete()
org_user = OrganizationUserFactory()
org = org_user.organization
user = org_user.user
assign(GUARDIAN_PERMISSION, user, org)
self.assertTrue(user.has_perm(GUARDIAN_PERMISSION, org))
org_user_delete_view.get_object = lambda: org_user
request = RequestFactory()
request.user = user
org_user_delete_view.delete(request)
self.assertFalse(user.has_perm(GUARDIAN_PERMISSION, org))
def test_delete_stops_users_watching_decisions_for_the_organization(self):
org_user_delete_view = CustomOrganizationUserDelete()
observed_item = ObservedItemFactory()
org = observed_item.observed_object.organization
user = observed_item.user
org_user = OrganizationUserFactory(organization=org, user=user)
decision = observed_item.observed_object
org_user_delete_view.get_object = lambda: org_user
request = RequestFactory()
request.user = user
org_user_delete_view.delete(request)
self.assertSequenceEqual([], decision.watchers.all())
def test_delete_stops_users_watching_decisions_for_the_organization(self):
org_user_delete_view = CustomOrganizationUserDelete()
observed_item = ObservedItemFactory()
org = observed_item.observed_object.organization
user = observed_item.user
org_user = OrganizationUserFactory(organization=org, user=user)
decision = observed_item.observed_object
org_user_delete_view.get_object = lambda: org_user
request = RequestFactory()
request.user = user
org_user_delete_view.delete(request)
self.assertSequenceEqual([], decision.watchers.all())
def test_delete_deletes_the_unused_permissions(self):
org_user_delete_view = CustomOrganizationUserDelete()
org_user = OrganizationUserFactory()
org = org_user.organization
user = org_user.user
assign_perm(GUARDIAN_PERMISSION, user, org)
self.assertTrue(user.has_perm(GUARDIAN_PERMISSION, org))
org_user_delete_view.get_object = lambda: org_user
request = RequestFactory()
request.user = user
org_user_delete_view.delete(request)
self.assertFalse(user.has_perm(GUARDIAN_PERMISSION, org))
def test_delete_stops_users_watching_feedback_for_the_organization(self):
org_user_delete_view = CustomOrganizationUserDelete()
feedback = FeedbackFactory()
observed_item = ObservedItemFactory(observed_object=feedback)
org = observed_item.observed_object.decision.organization
user = feedback.author
org_user = OrganizationUserFactory(organization=org, user=user)
org_user_delete_view.get_object = lambda: org_user
request = RequestFactory()
request.user = user
org_user_delete_view.delete(request)
# Two observed items were created for different users
# Only the second one should remain after the delete request
self.assertSequenceEqual([observed_item], feedback.watchers.all())
def test_delete_stops_users_watching_feedback_for_the_organization(self):
org_user_delete_view = CustomOrganizationUserDelete()
feedback = FeedbackFactory()
observed_item = ObservedItemFactory(observed_object=feedback)
org = observed_item.observed_object.decision.organization
user = feedback.author
org_user = OrganizationUserFactory(organization=org, user=user)
org_user_delete_view.get_object = lambda: org_user
request = RequestFactory()
request.user = user
org_user_delete_view.delete(request)
# Two observed items were created for different users
# Only the second one should remain after the delete request
self.assertSequenceEqual([observed_item], feedback.watchers.all())
def test_organisation_user_delete_view_doesnt_let_user_delete_others(self):
org_user_delete_view = CustomOrganizationUserDelete()
org_user = OrganizationUserFactory()
org = org_user.organization
user_1 = org_user.user
user_2 = UserFactory()
assign_perm(GUARDIAN_PERMISSION, user_1, org)
request = RequestFactory().post("/", {'submit': "Delete"})
request.user = user_1
org_user_delete_view.get_object = lambda: org_user
response = org_user_delete_view.dispatch(
request, organization_pk=unicode(org.pk), user_pk=unicode(user_2.pk))
self.assertIsInstance(response, HttpResponseForbidden)
def test_organisation_user_delete_view_doesnt_let_user_delete_others(self):
org_user_delete_view = CustomOrganizationUserDelete()
org_user = OrganizationUserFactory()
org = org_user.organization
user_1 = org_user.user
user_2 = UserFactory()
assign_perm(GUARDIAN_PERMISSION, user_1, org)
request = RequestFactory().post("/", {'submit': "Delete"})
request.user = user_1
org_user_delete_view.get_object = lambda: org_user
response = org_user_delete_view.dispatch(
request, organization_pk=unicode(org.pk), user_pk=unicode(user_2.pk))
self.assertIsInstance(response, HttpResponseForbidden)
def test_organisation_user_delete_view_is_accessible_to_admin(self):
org_user_delete_view = CustomOrganizationUserDelete()
org_user = OrganizationUserFactory(is_admin=True)
org = org_user.organization
user_1 = org_user.user
user_2 = UserFactory()
assign_perm(GUARDIAN_PERMISSION, user_1, org)
request = RequestFactory().post("/", {'submit': "Delete"})
request.user = user_1
org_user_delete_view.get_object = lambda: org_user
response = org_user_delete_view.dispatch(
request, organization_pk=org.pk, user_pk=user_2.pk)
self.assertEqual(
reverse('organization_user_list', args=[org.pk]), response['Location'])
def test_organisation_user_delete_view_is_accessible_to_admin(self):
org_user_delete_view = CustomOrganizationUserDelete()
org_user = OrganizationUserFactory(is_admin=True)
org = org_user.organization
user_1 = org_user.user
user_2 = UserFactory()
assign_perm(GUARDIAN_PERMISSION, user_1, org)
request = RequestFactory().post("/", {'submit': "Delete"})
request.user = user_1
org_user_delete_view.get_object = lambda: org_user
response = org_user_delete_view.dispatch(
request, organization_pk=org.pk, user_pk=user_2.pk)
self.assertEqual(
reverse('organization_user_list', args=[org.pk]), response['Location'])
