def create_shop(name):
return Shop.objects.create(
name="foobar",
identifier=name,
status=ShopStatus.ENABLED,
public_name=name,
currency=get_default_currency().code,
)
def create_shop(name):
return Shop.objects.create(
name="foobar",
identifier=name,
status=ShopStatus.ENABLED,
public_name=name,
currency=factories.get_default_currency().code
)
def test_currency_edit_view_works_at_all(rf, admin_user):
get_default_shop() # We need a shop to exists
request = apply_request_middleware(rf.get("/"), user=admin_user)
request.user = admin_user
currency = get_default_currency()
with replace_modules([CurrencyModule]):
view_func = CurrencyEditView.as_view()
response = view_func(request, pk=currency.pk)
response.render()
assert (currency.code in force_text(response.content))
response = view_func(request, pk=None) # "new mode"
response.render()
assert response.content
def test_currency_edit_view_works_at_all(rf, admin_user):
get_default_shop() # We need a shop to exists
request = apply_request_middleware(rf.get("/"), user=admin_user)
request.user = admin_user
currency = get_default_currency()
with replace_modules([CurrencyModule]):
view_func = CurrencyEditView.as_view()
response = view_func(request, pk=currency.pk)
response.render()
assert (currency.code in force_text(response.content))
response = view_func(request, pk=None) # "new mode"
response.render()
assert response.content
def test_permissions(admin_user, settings):
"""
ainoastaan kaupan staff / customer / objektin omistava user
* voi vaihtaa tilauksen tilan, toisen kaupan staff ei voi vaihtaa tilauksen tilaa
* retrievaa baskettia kuin sinä itse,
"""
configure(settings)
shop_one = factories.get_default_shop()
shop_two = Shop.objects.create(name="second shop",
identifier="second_shop",
status=ShopStatus.ENABLED,
public_name="Second shop",
currency=get_default_currency().code)
user_one = get_user("user_one", "*****@*****.**")
user_two = get_user("user_two", "*****@*****.**")
user_three = get_user("user_three", "*****@*****.**")
user_three.is_staff = True
user_three.save()
person_one = factories.create_random_person()
person_one.user = user_one
person_one.save()
person_two = factories.create_random_person()
person_two.user = user_two
person_two.save()
# create products
product_one = get_product("shop_one_product", shop_one)
product_two = get_product("shop_two_product", shop_two)
client = _get_client(admin_user)
response = client.post("/api/shuup/basket/new/", {
"shop": shop_one.pk,
"customer_id": person_one.pk,
})
assert response.status_code == status.HTTP_201_CREATED
basket_data = json.loads(response.content.decode("utf-8"))
basket = Basket.objects.first()
assert basket.key == basket_data['uuid'].split("-")[1]
assert basket.shop == shop_one
assert basket.creator == admin_user
response = client.get("/api/shuup/basket/{}-{}/".format(
shop_one.pk, basket.key))
assert response.status_code == status.HTTP_200_OK
# someone figured out the first param is shop!! oh noes
client = _get_client(user_one)
response = client.get("/api/shuup/basket/{}-{}/".format(
shop_two.pk, basket.key))
assert response.status_code == status.HTTP_403_FORBIDDEN
basket = Basket.objects.first()
assert basket.key == basket_data['uuid'].split("-")[1]
assert basket.shop == shop_one
assert basket.creator == admin_user
# ok, person one has permission to their own basket even though they didn't create it
basket = assert_basket_retrieve(admin_user, basket, basket_data,
person_one, shop_one, status.HTTP_200_OK)
# Person two is not allowed to see the basket
basket = assert_basket_retrieve(admin_user, basket, basket_data,
person_two, shop_one,
status.HTTP_403_FORBIDDEN)
# but admin is, yay admin!
basket = assert_basket_retrieve(admin_user, basket, basket_data,
admin_user, shop_one, status.HTTP_200_OK)
# ima become staff. I have the power.
person_three = factories.create_random_person()
person_three.user = user_three
person_three.save()
shop_one.staff_members.add(person_three.user)
basket = assert_basket_retrieve(admin_user, basket, basket_data,
person_three, shop_one, status.HTTP_200_OK)
def test_permissions(admin_user, settings):
"""
ainoastaan kaupan staff / customer / objektin omistava user
* voi vaihtaa tilauksen tilan, toisen kaupan staff ei voi vaihtaa tilauksen tilaa
* retrievaa baskettia kuin sinä itse,
"""
configure(settings)
shop_one = factories.get_default_shop()
shop_two = Shop.objects.create(
name="second shop",
identifier="second_shop",
status=ShopStatus.ENABLED,
public_name="Second shop",
currency=get_default_currency().code
)
user_one = get_user("user_one", "*****@*****.**")
user_two = get_user("user_two", "*****@*****.**")
user_three = get_user("user_three", "*****@*****.**")
user_three.is_staff = True
user_three.save()
person_one = factories.create_random_person()
person_one.user = user_one
person_one.save()
person_two = factories.create_random_person()
person_two.user = user_two
person_two.save()
# create products
product_one = get_product("shop_one_product", shop_one)
product_two = get_product("shop_two_product", shop_two)
client = _get_client(admin_user)
response = client.post("/api/shuup/basket/new/", {
"shop": shop_one.pk,
"customer_id": person_one.pk,
})
assert response.status_code == status.HTTP_201_CREATED
basket_data = json.loads(response.content.decode("utf-8"))
basket = Basket.objects.first()
assert basket.key == basket_data['uuid'].split("-")[1]
assert basket.shop == shop_one
assert basket.creator == admin_user
response = client.get("/api/shuup/basket/{}-{}/".format(shop_one.pk, basket.key))
assert response.status_code == status.HTTP_200_OK
# someone figured out the first param is shop!! oh noes
client = _get_client(user_one)
response = client.get("/api/shuup/basket/{}-{}/".format(shop_two.pk, basket.key))
assert response.status_code == status.HTTP_403_FORBIDDEN
basket = Basket.objects.first()
assert basket.key == basket_data['uuid'].split("-")[1]
assert basket.shop == shop_one
assert basket.creator == admin_user
# ok, person one has permission to their own basket even though they didn't create it
basket = assert_basket_retrieve(admin_user, basket, basket_data, person_one, shop_one, status.HTTP_200_OK)
# Person two is not allowed to see the basket
basket = assert_basket_retrieve(admin_user, basket, basket_data, person_two, shop_one, status.HTTP_403_FORBIDDEN)
# but admin is, yay admin!
basket = assert_basket_retrieve(admin_user, basket, basket_data, admin_user, shop_one, status.HTTP_200_OK)
# ima become staff. I have the power.
person_three = factories.create_random_person()
person_three.user = user_three
person_three.save()
shop_one.staff_members.add(person_three.user)
basket = assert_basket_retrieve(admin_user, basket, basket_data, person_three, shop_one, status.HTTP_200_OK)
