def create_shop(name): return Shop.objects.create( name="foobar", identifier=name, status=ShopStatus.ENABLED, public_name=name, currency=get_default_currency().code, )
def create_shop(name): return Shop.objects.create( name="foobar", identifier=name, status=ShopStatus.ENABLED, public_name=name, currency=factories.get_default_currency().code )
def test_currency_edit_view_works_at_all(rf, admin_user): get_default_shop() # We need a shop to exists request = apply_request_middleware(rf.get("/"), user=admin_user) request.user = admin_user currency = get_default_currency() with replace_modules([CurrencyModule]): view_func = CurrencyEditView.as_view() response = view_func(request, pk=currency.pk) response.render() assert (currency.code in force_text(response.content)) response = view_func(request, pk=None) # "new mode" response.render() assert response.content
def test_currency_edit_view_works_at_all(rf, admin_user): get_default_shop() # We need a shop to exists request = apply_request_middleware(rf.get("/"), user=admin_user) request.user = admin_user currency = get_default_currency() with replace_modules([CurrencyModule]): view_func = CurrencyEditView.as_view() response = view_func(request, pk=currency.pk) response.render() assert (currency.code in force_text(response.content)) response = view_func(request, pk=None) # "new mode" response.render() assert response.content
def test_permissions(admin_user, settings): """ ainoastaan kaupan staff / customer / objektin omistava user * voi vaihtaa tilauksen tilan, toisen kaupan staff ei voi vaihtaa tilauksen tilaa * retrievaa baskettia kuin sinä itse, """ configure(settings) shop_one = factories.get_default_shop() shop_two = Shop.objects.create(name="second shop", identifier="second_shop", status=ShopStatus.ENABLED, public_name="Second shop", currency=get_default_currency().code) user_one = get_user("user_one", "*****@*****.**") user_two = get_user("user_two", "*****@*****.**") user_three = get_user("user_three", "*****@*****.**") user_three.is_staff = True user_three.save() person_one = factories.create_random_person() person_one.user = user_one person_one.save() person_two = factories.create_random_person() person_two.user = user_two person_two.save() # create products product_one = get_product("shop_one_product", shop_one) product_two = get_product("shop_two_product", shop_two) client = _get_client(admin_user) response = client.post("/api/shuup/basket/new/", { "shop": shop_one.pk, "customer_id": person_one.pk, }) assert response.status_code == status.HTTP_201_CREATED basket_data = json.loads(response.content.decode("utf-8")) basket = Basket.objects.first() assert basket.key == basket_data['uuid'].split("-")[1] assert basket.shop == shop_one assert basket.creator == admin_user response = client.get("/api/shuup/basket/{}-{}/".format( shop_one.pk, basket.key)) assert response.status_code == status.HTTP_200_OK # someone figured out the first param is shop!! oh noes client = _get_client(user_one) response = client.get("/api/shuup/basket/{}-{}/".format( shop_two.pk, basket.key)) assert response.status_code == status.HTTP_403_FORBIDDEN basket = Basket.objects.first() assert basket.key == basket_data['uuid'].split("-")[1] assert basket.shop == shop_one assert basket.creator == admin_user # ok, person one has permission to their own basket even though they didn't create it basket = assert_basket_retrieve(admin_user, basket, basket_data, person_one, shop_one, status.HTTP_200_OK) # Person two is not allowed to see the basket basket = assert_basket_retrieve(admin_user, basket, basket_data, person_two, shop_one, status.HTTP_403_FORBIDDEN) # but admin is, yay admin! basket = assert_basket_retrieve(admin_user, basket, basket_data, admin_user, shop_one, status.HTTP_200_OK) # ima become staff. I have the power. person_three = factories.create_random_person() person_three.user = user_three person_three.save() shop_one.staff_members.add(person_three.user) basket = assert_basket_retrieve(admin_user, basket, basket_data, person_three, shop_one, status.HTTP_200_OK)
def test_permissions(admin_user, settings): """ ainoastaan kaupan staff / customer / objektin omistava user * voi vaihtaa tilauksen tilan, toisen kaupan staff ei voi vaihtaa tilauksen tilaa * retrievaa baskettia kuin sinä itse, """ configure(settings) shop_one = factories.get_default_shop() shop_two = Shop.objects.create( name="second shop", identifier="second_shop", status=ShopStatus.ENABLED, public_name="Second shop", currency=get_default_currency().code ) user_one = get_user("user_one", "*****@*****.**") user_two = get_user("user_two", "*****@*****.**") user_three = get_user("user_three", "*****@*****.**") user_three.is_staff = True user_three.save() person_one = factories.create_random_person() person_one.user = user_one person_one.save() person_two = factories.create_random_person() person_two.user = user_two person_two.save() # create products product_one = get_product("shop_one_product", shop_one) product_two = get_product("shop_two_product", shop_two) client = _get_client(admin_user) response = client.post("/api/shuup/basket/new/", { "shop": shop_one.pk, "customer_id": person_one.pk, }) assert response.status_code == status.HTTP_201_CREATED basket_data = json.loads(response.content.decode("utf-8")) basket = Basket.objects.first() assert basket.key == basket_data['uuid'].split("-")[1] assert basket.shop == shop_one assert basket.creator == admin_user response = client.get("/api/shuup/basket/{}-{}/".format(shop_one.pk, basket.key)) assert response.status_code == status.HTTP_200_OK # someone figured out the first param is shop!! oh noes client = _get_client(user_one) response = client.get("/api/shuup/basket/{}-{}/".format(shop_two.pk, basket.key)) assert response.status_code == status.HTTP_403_FORBIDDEN basket = Basket.objects.first() assert basket.key == basket_data['uuid'].split("-")[1] assert basket.shop == shop_one assert basket.creator == admin_user # ok, person one has permission to their own basket even though they didn't create it basket = assert_basket_retrieve(admin_user, basket, basket_data, person_one, shop_one, status.HTTP_200_OK) # Person two is not allowed to see the basket basket = assert_basket_retrieve(admin_user, basket, basket_data, person_two, shop_one, status.HTTP_403_FORBIDDEN) # but admin is, yay admin! basket = assert_basket_retrieve(admin_user, basket, basket_data, admin_user, shop_one, status.HTTP_200_OK) # ima become staff. I have the power. person_three = factories.create_random_person() person_three.user = user_three person_three.save() shop_one.staff_members.add(person_three.user) basket = assert_basket_retrieve(admin_user, basket, basket_data, person_three, shop_one, status.HTTP_200_OK)