def test_add_team_member_non_unique(api_client, team_member_factory,
user_factory):
"""
If a team member already exists, attempting to add them again should
return an error message.
"""
# Given an existing team member...
member = team_member_factory()
# Charlie, an existing staff user...
password = "******"
user = user_factory(is_staff=True, name="Charlie", password=password)
# ...logs in and attempts to recreate a team member that already
# exists.
api_client.log_in(user.email, password)
response = api_client.mutate(
ADD_TEAM_MEMBER_MUTATION,
variables={
"personSlug": member.person.slug,
"role": "C",
"teamYear": member.team.year,
},
)
# He receives an error message stating that the team member already
# exists.
assert response.status_code == 200
graphql_utils.assert_has_error(
response.json(),
(f"{member.person.name} is already a member of the "
f"{member.team.year} team."),
path=["addTeamMember"],
)
def test_add_team_member_invalid_person_slug(api_client, team_factory,
user_factory):
"""
If there is no person with the provided person slug, an error should
be returned.
"""
# Given an existing team...
team = team_factory()
# Bill, an existing staff user...
password = "******"
user = user_factory(is_staff=True, name="Bill", password=password)
# ...logs in and attempts to add a team member using a slug that
# does not correspond to any person.
api_client.log_in(user.email, password)
slug = "non-existent"
response = api_client.mutate(
ADD_TEAM_MEMBER_MUTATION,
variables={
"personSlug": slug,
"role": "C",
"teamYear": team.year
},
)
# He receives an error message stating the person doesn't exist.
assert response.status_code == 200
graphql_utils.assert_has_error(
response.json(),
f'The person with the slug "{slug}" does not exist.',
path=["addTeamMember"],
)
def test_add_team_member_invalid_team_year(api_client, person_factory,
user_factory):
"""
Attempting to use an invalid role should return an error message.
"""
# Given an existing person...
person = person_factory()
# Jennifer, an existing staff user...
password = "******"
user = user_factory(is_staff=True, name="Jennifer", password=password)
# ...logs in and attempts to create a team member, but she
# accidentally specifies a team year that doesn't exist yet.
api_client.log_in(user.email, password)
year = 2018
response = api_client.mutate(
ADD_TEAM_MEMBER_MUTATION,
variables={
"personSlug": person.slug,
"role": "C",
"teamYear": year
},
)
# Since the year is invalid, she receives an error response.
assert response.status_code == 200
graphql_utils.assert_has_error(
response.json(),
f"The team for the year {year} does not exist.",
path=["addTeamMember"],
)
def test_add_team_member_non_staff(api_client, person_factory, team_factory,
user_factory):
"""
Non staff users should receive a permissions error if they attempt
to create a new team member.
"""
# Given an existing team and person...
person = person_factory()
team = team_factory()
# Sally, an existing non-staff user...
password = "******"
user = user_factory(name="Sally", password=password)
# ...logs in and attempts to create a new team member.
api_client.log_in(user.email, password)
response = api_client.mutate(
ADD_TEAM_MEMBER_MUTATION,
variables={
"personSlug": person.slug,
"role": "C",
"teamYear": team.year,
},
)
# She receives an error message because she is not a staff user.
assert response.status_code == 200
graphql_utils.assert_has_error(
response.json(),
"You do not have permission to add a team member.",
path=["addTeamMember"],
)
def test_create_team_non_unique(api_client, team_factory, user_factory):
"""
Attempting to create a team for the same year as an existing team
should raise an error.
"""
# Jenny is a staff user on the site
password = "******"
user = user_factory(is_staff=True, password=password)
# She logs in
api_client.log_in(user.email, password)
# There is a team already on the site.
year = 2018
team_factory(year=year)
# She tries to create a team for the same year
response = api_client.mutate(CREATE_TEAM_MUTATION,
variables={"year": year})
# She receives an error because the team year is not unique
assert response.status_code == 200
graphql_utils.assert_has_error(
response.json(),
f"There is already a team for the year {year}.",
path=["createTeam"],
)
def test_get_team_missing(api_client):
"""
Attempting to fetch a team that is missing should return an error
message.
"""
response = api_client.query(TEAM_QUERY, variables={"year": 2018})
assert response.status_code == 200
graphql_utils.assert_has_error(
response.json(), "Team matching query does not exist.", path=["team"]
)
def test_get_user_invalid_id(api_client):
"""
If there is no user with the provided ID, an error message should be
returned.
"""
response = api_client.query(
USER_QUERY, variables={"id": str(uuid.uuid4())}
)
response.raise_for_status()
assert response.status_code == 200
graphql_utils.assert_has_error(
response.json(), "User matching query does not exist.", path=["user"]
)
def test_get_post_unpublished(api_client, post_factory):
"""
Attempting to fetch an unpublished post should behave the same as if
the post didn't exist.
"""
now = timezone.now()
later = now + datetime.timedelta(days=1)
post = post_factory(published=later)
response = api_client.query(POST_QUERY, variables={"slug": post.slug})
response.raise_for_status()
assert response.status_code == 200
graphql_utils.assert_has_error(response.json(),
"Post matching query does not exist.",
path=["post"])
def test_log_in_invalid_credentials(api_client, user_factory):
"""
Trying to log in with invalid credentials should raise an error.
"""
user = user_factory(password="******")
response = api_client.mutate(
LOG_IN_MUTATION,
variables={"email": user.email, "password": "******"},
)
response.raise_for_status()
assert response.status_code == 200
graphql_utils.assert_has_error(
response.json(),
"No user with the provided email/password was found.",
path=["logIn"],
)
# No session cookie should have been set
assert "sessionid" not in response.cookies
def test_create_team_not_staff(api_client, user_factory):
"""
Non-staff users should receive an error message if they try to
create a team.
"""
# Jane is a normal user on the site.
password = "******"
user = user_factory(password=password)
# She logs in
api_client.log_in(user.email, password)
# Now she tries to create a team
response = api_client.mutate(CREATE_TEAM_MUTATION,
variables={"year": 2018})
# She receives an error because she is not allowed to perform that
# mutation.
assert response.status_code == 200
graphql_utils.assert_has_error(
response.json(),
"You do not have permission to create a team.",
path=["createTeam"],
)
def test_create_person_non_staff(api_client, user_factory):
"""
If a non-staff user attempts to add a new person they should receive
a permissions error.
"""
# Jane is a normal user.
password = "******"
user = user_factory(name="Jane", password=password)
# She logs in...
api_client.log_in(user.email, password)
# She attempts to create a new person...
response = api_client.mutate(CREATE_PERSON_MUTATION,
variables={"name": "John Smith"})
response.raise_for_status()
# She receives an error message.
assert response.status_code == 200
graphql_utils.assert_has_error(
response.json(),
"You do not have permission to create a new person.",
path=["createPerson"],
)
