def test_media_view_images_without_root_access(rf):
shop = factories.get_default_shop()
staff_user = factories.UserFactory(is_staff=True)
permission_group = factories.get_default_permission_group()
staff_user.groups.add(permission_group)
shop.staff_members.add(staff_user)
set_permissions_for_group(permission_group, ["upload-media"])
assert not can_see_root_folder(staff_user)
folder = get_or_create_folder(shop, "Root")
File.objects.create(name="normalfile", folder=folder)
img = Image.objects.create(name="imagefile", folder=folder, is_public=True)
request = apply_request_middleware(rf.get("/", {
"filter": "images",
"action": "folder"
}),
user=staff_user)
request.user = staff_user
view_func = MediaBrowserView.as_view()
response = view_func(request)
assert isinstance(response, JsonResponse)
content = json.loads(response.content.decode("utf-8"))
assert len(content["folder"]["folders"]) == 0
assert len(content["folder"]["files"]) == 0
def test_reports_admin_permissions(rf):
shop = get_default_shop() # We need a shop to exists
staff_user = get_default_staff_user(shop)
permission_group = get_default_permission_group()
staff_user.groups = [permission_group]
request = apply_request_middleware(rf.get("/"), user=staff_user)
request.user = staff_user
with replace_modules([ReportsAdminModule]):
with override_provides("reports", REPORTS):
extra_permissions = ReportsAdminModule().get_extra_permissions()
assert len(extra_permissions) == 3
assert SalesReport.identifier in extra_permissions
assert TotalSales.identifier in extra_permissions
assert SalesPerHour.identifier in extra_permissions
with admin_only_urls():
view_func = ReportView.as_view()
response = view_func(request)
response.render()
response = view_func(request, pk=None) # "new mode"
response.render()
assert response.content
soup = BeautifulSoup(response.content)
assert soup.find("div", {"class": "content-block"}).text == "No reports available"
expected_report_identifiers = []
for report_cls in [SalesReport, TotalSales, SalesPerHour]:
expected_report_identifiers.append(report_cls.identifier)
set_permissions_for_group(permission_group, [report_cls.identifier])
response = view_func(request, pk=None) # "new mode"
response.render()
assert response.content
soup = BeautifulSoup(response.content)
for option in soup.find("select", {"id": "id_report"}).findAll("option"):
assert option["value"] in expected_report_identifiers
def test_login_as_requires_staff_member(rf, regular_user):
shop = get_default_shop()
staff_user = UserFactory(is_staff=True)
permission_group = get_default_permission_group()
staff_user.groups.add(permission_group)
def do_nothing(request, shop=None):
pass
def get_default(request):
return get_default_shop()
# Maybe some vendors and non marketplace staff members has access to admin module
with patch("shuup.admin.shop_provider.set_shop", side_effect=do_nothing):
with patch("shuup.admin.shop_provider.get_shop",
side_effect=get_default):
view_func = LoginAsUserView.as_view()
request = apply_request_middleware(rf.post("/"), user=staff_user)
# not staff member
with pytest.raises(PermissionDenied):
view_func(request, pk=regular_user.pk)
shop.staff_members.add(staff_user)
# no permission
with pytest.raises(PermissionDenied):
view_func(request, pk=regular_user.pk)
set_permissions_for_group(permission_group, ["user.login-as"])
response = view_func(request, pk=regular_user.pk)
assert response["location"] == reverse("shuup:index")
assert get_user(request) == regular_user
def test_login_as_staff_as_staff(rf):
"""
Staff user 1 tries to impersonat staff user 2
"""
shop = get_default_shop()
staff_user1 = UserFactory(is_staff=True)
permission_group = get_default_permission_group()
staff_user1.groups.add(permission_group)
shop.staff_members.add(staff_user1)
staff_user2 = UserFactory(is_staff=True)
view_func = LoginAsStaffUserView.as_view()
request = apply_request_middleware(rf.post("/"), user=staff_user1)
with pytest.raises(PermissionDenied):
view_func(request, pk=staff_user2.pk)
set_permissions_for_group(permission_group, ["user.login-as-staff"])
response = view_func(request, pk=staff_user2.pk)
assert response["location"] == reverse("shuup_admin:dashboard")
assert get_user(request) == staff_user2
# Stop impersonating and since staff1 does not have user detail permission
# he/she should find him/herself from dashboard
response = stop_impersonating_staff(request)
assert response["location"] == reverse("shuup_admin:dashboard")
assert get_user(request) == staff_user1
response = stop_impersonating_staff(request)
assert response.status_code == 403
def test_reports_admin_permissions(rf):
shop = get_default_shop() # We need a shop to exists
staff_user = get_default_staff_user(shop)
permission_group = get_default_permission_group()
staff_user.groups.add(permission_group)
request = apply_request_middleware(rf.get("/"), user=staff_user)
request.user = staff_user
with replace_modules([ReportsAdminModule]):
with override_provides("reports", REPORTS):
extra_permissions = ReportsAdminModule().get_extra_permissions()
assert len(extra_permissions) == 3
assert SalesReport.identifier in extra_permissions
assert TotalSales.identifier in extra_permissions
assert SalesPerHour.identifier in extra_permissions
with admin_only_urls():
view_func = ReportView.as_view()
response = view_func(request)
response.render()
response = view_func(request, pk=None) # "new mode"
response.render()
assert response.content
soup = BeautifulSoup(response.content)
assert soup.find("div", {"class": "content-block"}).text == "No reports available"
expected_report_identifiers = []
for report_cls in [SalesReport, TotalSales, SalesPerHour]:
expected_report_identifiers.append(report_cls.identifier)
set_permissions_for_group(permission_group, [report_cls.identifier])
response = view_func(request, pk=None) # "new mode"
response.render()
assert response.content
soup = BeautifulSoup(response.content)
for option in soup.find("select", {"id": "id_report"}).findAll("option"):
assert option["value"] in expected_report_identifiers
def get_staff_user():
shop = factories.get_default_shop()
staff_user = factories.UserFactory(is_staff=True)
permission_group = factories.get_default_permission_group()
staff_user.groups.add(permission_group)
shop.staff_members.add(staff_user)
set_permissions_for_group(permission_group, ["Customize Staff Admin Menu", "menu.arrange_staff", "menu.reset_staff"])
return staff_user
def test_order_shipments(rf, admin_user):
shop = get_default_shop()
supplier = get_supplier(module_identifier="simple_supplier", identifier="1", name="supplier")
supplier.shops.add(shop)
product = create_product("sku1", shop=shop, default_price=10)
shop_product = product.get_shop_instance(shop=shop)
shop_product.suppliers.set([supplier])
product_quantities = {
supplier.pk: {product.pk: 20},
}
def get_quantity(supplier, product):
return product_quantities[supplier.pk][product.pk]
order = create_empty_order(shop=shop)
order.full_clean()
order.save()
order.change_status(OrderStatus.objects.get_default_processing())
# Let's test the order order status history section for superuser
request = apply_request_middleware(rf.get("/"), user=admin_user, shop=shop)
# Add product to order for supplier
add_product_to_order(order, supplier, product, get_quantity(supplier, product), 8)
context = OrderHistorySection.get_context_data(order, request)
assert len(context) == 2
# Let's create staff user without any permissions
staff_user = create_random_user(is_staff=True)
group = get_default_permission_group()
staff_user.groups.add(group)
shop.staff_members.add(staff_user)
request = apply_request_middleware(rf.get("/"), user=staff_user, shop=shop)
context = OrderHistorySection.get_context_data(order, request)
assert len(context) == 2
# works fine while rendering
rendered_content = loader.render_to_string(
OrderHistorySection.template,
context={
OrderHistorySection.identifier: context,
"order_status_history": OrderStatusHistory.objects.filter(order=order).order_by("-created_on"),
},
)
assert force_text(OrderStatus.objects.get_default_initial().name) in rendered_content
assert force_text(OrderStatus.objects.get_default_processing().name) in rendered_content
client = Client()
client.force_login(admin_user)
# We should see the order status section
assert OrderHistorySection.visible_for_object(order, request)
def test_media_view_images(rf):
with override_settings(SHUUP_ENABLE_MULTIPLE_SHOPS=True):
shop1 = factories.get_shop(identifier="shop1", enabled=True)
shop1_staff1 = _create_random_staff(shop1)
shop1_staff2 = _create_random_staff(shop1)
group = factories.get_default_permission_group()
set_permissions_for_group(group,
["media.upload-to-folder", "media.view-all"])
shop2 = factories.get_shop(identifier="shop2", enabled=True)
shop2_staff = _create_random_staff(shop2)
shop1_staff1.groups.add(group)
shop1_staff2.groups.add(group)
shop2_staff.groups.add(group)
# Let's agree this folder is created by for example carousel
# so it would be shared with all the shops.
folder = Folder.objects.create(name="Root")
assert MediaFolder.objects.count() == 0
path = "%s" % folder.name
File.objects.create(name="normalfile",
folder=folder) # Shared between shops
# Let's create 4 images for shop 1
_mbv_upload(shop1, shop1_staff1, path=path)
_mbv_upload(shop1, shop1_staff1, path=path)
_mbv_upload(shop1, shop1_staff2, path=path)
_mbv_upload(shop1, shop1_staff2, path=path)
assert MediaFile.objects.count() == 4
# Let's create 3 images for shop 2
_mbv_upload(shop2, shop2_staff, path=path)
_mbv_upload(shop2, shop2_staff, path=path)
_mbv_upload(shop2, shop2_staff, path=path)
assert MediaFile.objects.count() == 7
# All files were created to same folder and while uploading
# the each shop declared that they own the folder.
assert Folder.objects.count() == 1
assert MediaFolder.objects.count() == 1
assert MediaFolder.objects.filter(shops=shop1).exists()
assert shop1.media_folders.count() == 1
assert shop1.media_files.count() == 4
assert MediaFolder.objects.filter(shops=shop2).exists()
assert shop2.media_folders.count() == 1
assert shop2.media_files.count() == 3
# Now let's make sure that each staff can view the folder
# and all the files she should see.
_check_that_staff_can_see_folder(rf, shop1, shop1_staff1, folder, 5)
_check_that_staff_can_see_folder(rf, shop1, shop1_staff2, folder, 5)
_check_that_staff_can_see_folder(rf, shop2, shop2_staff, folder, 4)
def get_supplier_user():
factories.get_default_shop()
supplier = factories.get_default_supplier()
supplier_user = factories.UserFactory(is_staff=True)
permission_group = factories.get_default_permission_group()
supplier_user.groups.add(permission_group)
set_permissions_for_group(permission_group, [
"Customize Supplier Admin Menu", "menu.arrange_supplier",
"menu.reset_staff"
])
return supplier_user
def test_login_as_staff_member(rf):
shop = get_default_shop()
staff_user = UserFactory(is_staff=True)
permission_group = get_default_permission_group()
staff_user.groups.add(permission_group)
shop.staff_members.add(staff_user)
view_func = LoginAsUserView.as_view()
request = apply_request_middleware(rf.post("/"),
user=staff_user,
skip_session=True)
# log in as self
with pytest.raises(Problem):
view_func(request, pk=staff_user.pk)
user = UserFactory()
get_person_contact(user)
request = apply_request_middleware(rf.post("/"), user=staff_user)
user.is_superuser = True
user.save()
# user is trying to login as another superuser
with pytest.raises(PermissionDenied):
view_func(request, pk=user.pk)
user.is_superuser = False
user.is_staff = True
user.save()
# user is trying to login as a staff user
with pytest.raises(PermissionDenied):
view_func(request, pk=user.pk)
user.is_staff = False
user.is_active = False
user.save()
# user is trying to login as an inactive user
with pytest.raises(Problem):
view_func(request, pk=user.pk)
user.is_active = True
user.save()
# staff user without "user.login-as" permission trying to login as valid user
with pytest.raises(PermissionDenied):
view_func(request, pk=user.pk)
permission_group = staff_user.groups.first()
set_permissions_for_group(permission_group, ["user.login-as"])
response = view_func(request, pk=user.pk)
assert response["location"] == reverse("shuup:index")
assert get_user(request) == user
def test_can_see_root_folder(rf, admin_user):
assert not can_see_root_folder(None)
assert can_see_root_folder(admin_user)
shop = factories.get_default_shop()
staff_user = factories.UserFactory(is_staff=True)
assert not can_see_root_folder(staff_user)
permission_group = factories.get_default_permission_group()
staff_user.groups.add(permission_group)
shop.staff_members.add(staff_user)
set_permissions_for_group(permission_group, ["media.view-all"])
assert can_see_root_folder(staff_user)
def test_shop_and_supplier_info():
activate("en")
shop = factories.get_shop(True, "USD", enabled=True, name="Shop.com")
supplier = factories.get_default_supplier()
staff_user = factories.create_random_user(is_staff=True)
staff_user.set_password("randpw")
staff_user.save()
staff_user.groups.set([factories.get_default_permission_group()])
shop.staff_members.add(staff_user)
assert staff_user in [staff for staff in shop.staff_members.all()]
assert shop.status == ShopStatus.ENABLED
client = SmartClient()
with override_settings(
SHUUP_ENABLE_MULTIPLE_SHOPS=True,
SHUUP_ENABLE_MULTIPLE_SUPPLIERS=False,
SHUUP_ADMIN_SUPPLIER_PROVIDER_SPEC=
"shuup.testing.supplier_provider.FirstSupplierProvider",
):
url = reverse("shuup_admin:dashboard")
client.login(username=staff_user.username, password="******")
response, soup = client.response_and_soup(url)
assert response.status_code == 200
assert shop.name in soup.find("div", {
"class": "active-shop-and-supplier-info"
}).text
assert supplier.name not in soup.find(
"div", {
"class": "active-shop-and-supplier-info"
}).text
with override_settings(
SHUUP_ENABLE_MULTIPLE_SHOPS=True,
SHUUP_ENABLE_MULTIPLE_SUPPLIERS=True,
SHUUP_ADMIN_SUPPLIER_PROVIDER_SPEC=
"shuup.testing.supplier_provider.FirstSupplierProvider",
):
url = reverse("shuup_admin:dashboard")
client.login(username=staff_user.username, password="******")
response, soup = client.response_and_soup(url)
assert response.status_code == 200
assert shop.name in soup.find("div", {
"class": "active-shop-and-supplier-info"
}).text
assert supplier.name in soup.find(
"div", {
"class": "active-shop-and-supplier-info"
}).text
def test_browser_config_as_shop_staff(rf):
shop = factories.get_default_shop()
staff_user = factories.UserFactory(is_staff=True)
permission_group = factories.get_default_permission_group()
staff_user.groups.add(permission_group)
shop.staff_members.add(staff_user)
request = apply_request_middleware(rf.post("/"), user=staff_user)
urls = get_browser_urls(request)
# staff does not have media permission
assert urls["media"] is None
set_permissions_for_group(permission_group, ["media.browse"])
urls = get_browser_urls(request)
assert urls["media"] == reverse("shuup_admin:media.browse")
media_module_permission_urls = set(get_permissions_from_urls(MediaModule().get_urls()))
assert "media.browse" in media_module_permission_urls
assert "shuup_admin:media.browse" not in media_module_permission_urls
def test_staff_authentication():
shop = factories.get_shop(True, "USD", enabled=True)
staff_user = factories.create_random_user(is_staff=True)
staff_user.set_password("randpw")
staff_user.save()
staff_user.groups = [factories.get_default_permission_group()]
shop.staff_members.add(staff_user)
assert staff_user in [staff for staff in shop.staff_members.all()]
assert shop.status == ShopStatus.ENABLED
client = SmartClient()
url = reverse("shuup_admin:dashboard")
client.login(username=staff_user.username, password="******")
response, soup = client.response_and_soup(url)
assert response.status_code == 200
shop.status = ShopStatus.DISABLED
shop.save()
response, soup = client.response_and_soup(url)
assert response.status_code == 400
assert "There is no active shop available" in soup.text
def test_get_folders_without_view_all_permission(rf):
shop = factories.get_default_shop()
staff_user = factories.UserFactory(is_staff=True)
permission_group = factories.get_default_permission_group()
staff_user.groups.add(permission_group)
shop.staff_members.add(staff_user)
set_permissions_for_group(permission_group, ["upload-media"])
assert not can_see_root_folder(staff_user)
# Create a structure and retrieve it
folder1 = get_or_create_folder(shop, printable_gibberish())
folder1_media_folder = ensure_media_folder(shop, folder1)
folder1_media_folder.owners.add(staff_user)
folder2 = get_or_create_folder(shop, printable_gibberish())
folder3 = get_or_create_folder(shop, printable_gibberish())
folder4 = get_or_create_folder(shop, printable_gibberish())
folder4.parent = folder2
folder4.save()
folder4_media_folder = ensure_media_folder(shop, folder4)
folder4_media_folder.owners.add(staff_user)
folder5 = get_or_create_folder(shop, printable_gibberish())
folder5.parent = folder4
folder5.save()
folder6 = get_or_create_folder(shop, printable_gibberish())
folder6.parent = folder5
folder6.save()
folder6_media_folder = ensure_media_folder(shop, folder6)
folder6_media_folder.owners.add(staff_user)
folder7 = get_or_create_folder(shop, printable_gibberish())
folder7.parent = folder6
folder7.save()
tree = get_id_tree(mbv_command(staff_user, {"action": "folders"}, "GET"))
assert set((folder1.id, folder4.id)) <= set(tree.keys())
def test_staff_authentication():
shop = factories.get_shop(True, "USD", enabled=True)
staff_user = factories.create_random_user(is_staff=True)
staff_user.set_password("randpw")
staff_user.save()
staff_user.groups = [factories.get_default_permission_group()]
shop.staff_members.add(staff_user)
assert staff_user in [staff for staff in shop.staff_members.all()]
assert shop.status == ShopStatus.ENABLED
client = SmartClient()
url = reverse("shuup_admin:dashboard")
client.login(username=staff_user.username, password="******")
response, soup = client.response_and_soup(url)
assert response.status_code == 200
shop.status = ShopStatus.DISABLED
shop.save()
response, soup = client.response_and_soup(url)
assert response.status_code == 400
assert "There is no active shop available" in soup.text
def test_shop_and_supplier_info():
activate("en")
shop = factories.get_shop(True, "USD", enabled=True, name="Shop.com")
supplier = factories.get_default_supplier()
staff_user = factories.create_random_user(is_staff=True)
staff_user.set_password("randpw")
staff_user.save()
staff_user.groups = [factories.get_default_permission_group()]
shop.staff_members.add(staff_user)
assert staff_user in [staff for staff in shop.staff_members.all()]
assert shop.status == ShopStatus.ENABLED
client = SmartClient()
with override_settings(
SHUUP_ENABLE_MULTIPLE_SHOPS=True,
SHUUP_ENABLE_MULTIPLE_SUPPLIERS=False,
SHUUP_ADMIN_SUPPLIER_PROVIDER_SPEC="shuup.testing.supplier_provider.FirstSupplierProvider"
):
url = reverse("shuup_admin:dashboard")
client.login(username=staff_user.username, password="******")
response, soup = client.response_and_soup(url)
assert response.status_code == 200
assert shop.name in soup.find("div", {"class": "active-shop-and-supplier-info"}).text
assert supplier.name not in soup.find("div", {"class": "active-shop-and-supplier-info"}).text
with override_settings(
SHUUP_ENABLE_MULTIPLE_SHOPS=True,
SHUUP_ENABLE_MULTIPLE_SUPPLIERS=True,
SHUUP_ADMIN_SUPPLIER_PROVIDER_SPEC="shuup.testing.supplier_provider.FirstSupplierProvider"
):
url = reverse("shuup_admin:dashboard")
client.login(username=staff_user.username, password="******")
response, soup = client.response_and_soup(url)
assert response.status_code == 200
assert shop.name in soup.find("div", {"class": "active-shop-and-supplier-info"}).text
assert supplier.name in soup.find("div", {"class": "active-shop-and-supplier-info"}).text
def test_order_shipments(rf, admin_user):
shop = get_default_shop()
supplier1 = Supplier.objects.create(identifier="1", name="supplier1")
supplier1.shops.add(shop)
supplier2 = Supplier.objects.create(identifier="2")
supplier2.shops.add(shop)
product1 = create_product("sku1", shop=shop, default_price=10)
shop_product1 = product1.get_shop_instance(shop=shop)
shop_product1.suppliers.set([supplier1])
product2 = create_product("sku3",
shop=shop,
default_price=10,
shipping_mode=ShippingMode.NOT_SHIPPED)
shop_product2 = product1.get_shop_instance(shop=shop)
shop_product2.suppliers.set([supplier2])
product_quantities = {
supplier1.pk: {
product1.pk: 20
},
supplier2.pk: {
product2.pk: 10
}
}
def get_quantity(supplier, product):
return product_quantities[supplier.pk][product.pk]
order = create_empty_order(shop=shop)
order.full_clean()
order.save()
# Let's test the order shipment section for superuser
request = apply_request_middleware(rf.get("/"), user=admin_user, shop=shop)
# Add product 3 to order for supplier 2
add_product_to_order(order, supplier2, product2,
get_quantity(supplier2, product2), 8)
# Product is not shippable so order section should not be available
assert not ShipmentSection.visible_for_object(order, request)
# Add product 2 to order for supplier 1
add_product_to_order(order, supplier1, product1,
get_quantity(supplier1, product1), 7)
# Now we should see the shipment section
assert ShipmentSection.visible_for_object(order, request)
# Make order fully paid so we can start creting shipments and refunds
order.cache_prices()
order.check_all_verified()
order.create_payment(order.taxful_total_price)
assert order.is_paid()
product_summary = order.get_product_summary()
assert product_summary[product1.pk]["unshipped"] == 20
assert product_summary[product2.pk]["unshipped"] == 0
assert product_summary[product2.pk]["ordered"] == 10
# Fully ship the order
order.create_shipment({product1: 5}, supplier=supplier1)
order.create_shipment({product1: 5}, supplier=supplier1)
order.create_shipment({product1: 10}, supplier=supplier1)
assert not order.get_unshipped_products()
assert order.is_fully_shipped()
context = ShipmentSection.get_context_data(order, request)
assert len(context["suppliers"]) == 2
assert len(context["create_urls"].keys()) == 2 # One for each supplier
assert len(context["delete_urls"].keys()) == 3 # One for each shipment
# Let's create staff user without any permissions
staff_user = create_random_user(is_staff=True)
group = get_default_permission_group()
staff_user.groups.add(group)
shop.staff_members.add(staff_user)
request = apply_request_middleware(rf.get("/"), user=staff_user, shop=shop)
context = ShipmentSection.get_context_data(order, request)
assert len(context["suppliers"]) == 2
assert len(context["create_urls"].keys()) == 0
assert len(context["delete_urls"].keys()) == 0
assert len(context["set_sent_urls"].keys()) == 0
set_permissions_for_group(group, ["order.create-shipment"])
request = apply_request_middleware(rf.get("/"), user=staff_user, shop=shop)
context = ShipmentSection.get_context_data(order, request)
assert len(context["suppliers"]) == 2
assert len(context["create_urls"].keys()) == 2
assert len(context["delete_urls"].keys()) == 0
assert len(context["set_sent_urls"].keys()) == 0
set_permissions_for_group(group, [
"order.create-shipment", "order.delete-shipment",
"order.set-shipment-sent"
])
request = apply_request_middleware(rf.get("/"), user=staff_user, shop=shop)
context = ShipmentSection.get_context_data(order, request)
assert len(context["suppliers"]) == 2
assert len(context["create_urls"].keys()) == 2
assert len(context["delete_urls"].keys()) == 3
assert len(context["set_sent_urls"].keys()) == 3
# works fine while rendering
rendered_content = loader.render_to_string(ShipmentSection.template,
context={
ShipmentSection.identifier:
context,
"order": order,
})
all_urls = list(context["delete_urls"].values())
all_urls.extend(list(context["set_sent_urls"].values()))
for url in all_urls:
assert url in rendered_content
assert order.get_sent_shipments().count() == 0
order.shipments.filter(status=ShipmentStatus.NOT_SENT) == 3
client = Client()
client.force_login(admin_user)
# mark all shipments as sent!
for mark_sent_url in context["set_sent_urls"].values():
response = client.post(mark_sent_url)
assert response.status_code == 302
assert order.get_sent_shipments().count() == 3
order.shipments.filter(status=ShipmentStatus.NOT_SENT) == 0
# Make product1 unshipped
product1.shipping_mode = ShippingMode.NOT_SHIPPED
product1.save()
# We still should see the order shipment section since existing shipments
assert ShipmentSection.visible_for_object(order, request)
# list all shipments in shipments list view
response = client.get("{}?jq={}".format(
reverse("shuup_admin:order.shipments.list"),
json.dumps({
"perPage": 10,
"page": 1
})))
assert response.status_code == 200
data = json.loads(response.content)
assert len(data["items"]) == 3
for item in data["items"]:
assert item["status"] == "Sent"
# Let's delete all shipments since both products is unshipped and we
# don't need those.
for shipment in order.shipments.all():
shipment.soft_delete()
assert not ShipmentSection.visible_for_object(order, request)
def test_ajax_object_select_view_with_contacts_multipleshop(rf, contact_cls):
shop1 = get_default_shop()
shop2 = get_shop(identifier="shop2")
staff = create_random_user(is_staff=True)
shop1.staff_members.add(staff)
shop2.staff_members.add(staff)
view = ObjectSelectorView.as_view()
model_name = "shuup.%s" % contact_cls._meta.model_name
customer = contact_cls.objects.create(name="Michael Jackson",
email="*****@*****.**")
customer_shop1 = contact_cls.objects.create(name="Roberto",
email="*****@*****.**")
customer_shop2 = contact_cls.objects.create(name="Maria",
email="*****@*****.**")
permission_group = get_default_permission_group()
staff.groups.add(permission_group)
permission_name = "%s.object_selector" % contact_cls._meta.model_name
set_permissions_for_group(permission_group, [permission_name])
results = _get_object_selector_results(rf, view, model_name, "michael",
staff)
assert len(results) == 0
customer.add_to_shop(shop1)
customer.add_to_shop(shop2)
customer_shop1.add_to_shop(shop1)
customer_shop2.add_to_shop(shop2)
for shop in [shop1, shop2]:
results = _get_object_selector_results(rf,
view,
model_name,
"michael",
staff,
shop=shop)
assert len(results) == 1
assert results[0].get("id") == customer.id
assert results[0].get("name") == customer.name
results = _get_object_selector_results(rf,
view,
model_name,
"roberto",
staff,
shop=shop)
if shop == shop1:
assert len(results) == 1
assert results[0].get("id") == customer_shop1.id
assert results[0].get("name") == customer_shop1.name
else:
assert len(results) == 0
results = _get_object_selector_results(rf,
view,
model_name,
"maria",
staff,
shop=shop)
if shop == shop2:
assert len(results) == 1
assert results[0].get("id") == customer_shop2.id
assert results[0].get("name") == customer_shop2.name
else:
assert len(results) == 0
def test_permission_groups_selector(admin_user):
shop = get_default_shop()
get_default_permission_group()
assert get_object_selector_results(PermissionGroup, shop, admin_user,
"default")
def test_order_shipment_section(rf, admin_user):
shop = get_default_shop()
supplier1 = Supplier.objects.create(identifier="1", name="supplier1")
supplier1.shops.add(shop)
supplier2 = Supplier.objects.create(identifier="2")
supplier2.shops.add(shop)
product1 = create_product("sku1", shop=shop, default_price=10)
shop_product1 = product1.get_shop_instance(shop=shop)
shop_product1.suppliers.set([supplier1])
product2 = create_product("sku3", shop=shop, default_price=10, shipping_mode=ShippingMode.NOT_SHIPPED)
shop_product2 = product1.get_shop_instance(shop=shop)
shop_product2.suppliers.set([supplier2])
product_quantities = {
supplier1.pk: {
product1.pk: 20
},
supplier2.pk: {
product2.pk: 10
}
}
def get_quantity(supplier, product):
return product_quantities[supplier.pk][product.pk]
order = create_empty_order(shop=shop)
order.full_clean()
order.save()
# Let's test the order shipment section for superuser
request = apply_request_middleware(rf.get("/"), user=admin_user, shop=shop)
# Add product 3 to order for supplier 2
add_product_to_order(order, supplier2, product2, get_quantity(supplier2, product2), 8)
# Product is not shippable so order section should not be available
assert not ShipmentSection.visible_for_object(order, request)
# Add product 2 to order for supplier 1
add_product_to_order(order, supplier1, product1, get_quantity(supplier1, product1), 7)
# Now we should see the shipment section
assert ShipmentSection.visible_for_object(order, request)
# Make order fully paid so we can start creting shipments and refunds
order.cache_prices()
order.check_all_verified()
order.create_payment(order.taxful_total_price)
assert order.is_paid()
product_summary = order.get_product_summary()
assert product_summary[product1.pk]["unshipped"] == 20
assert product_summary[product2.pk]["unshipped"] == 0
assert product_summary[product2.pk]["ordered"] == 10
# Fully ship the order
order.create_shipment({product1: 5}, supplier=supplier1)
order.create_shipment({product1: 5}, supplier=supplier1)
order.create_shipment({product1: 10}, supplier=supplier1)
assert not order.get_unshipped_products()
assert order.is_fully_shipped()
context = ShipmentSection.get_context_data(order, request)
assert len(context["suppliers"]) == 2
assert len(context["create_urls"].keys()) == 2 # One for each supplier
assert len(context["delete_urls"].keys()) == 3 # One for each shipment
# Let's create staff user without any permissions
staff_user = create_random_user(is_staff=True)
group = get_default_permission_group()
staff_user.groups.add(group)
shop.staff_members.add(staff_user)
request = apply_request_middleware(rf.get("/"), user=staff_user, shop=shop)
context = ShipmentSection.get_context_data(order, request)
assert len(context["suppliers"]) == 2
assert len(context["create_urls"].keys()) == 0
assert len(context["delete_urls"].keys()) == 0
set_permissions_for_group(group, ["order.create-shipment"])
request = apply_request_middleware(rf.get("/"), user=staff_user, shop=shop)
context = ShipmentSection.get_context_data(order, request)
assert len(context["suppliers"]) == 2
assert len(context["create_urls"].keys()) == 2
assert len(context["delete_urls"].keys()) == 0
set_permissions_for_group(group, ["order.create-shipment", "order.delete-shipment"])
request = apply_request_middleware(rf.get("/"), user=staff_user, shop=shop)
context = ShipmentSection.get_context_data(order, request)
assert len(context["suppliers"]) == 2
assert len(context["create_urls"].keys()) == 2
assert len(context["delete_urls"].keys()) == 3
# Make product1 unshipped
product1.shipping_mode = ShippingMode.NOT_SHIPPED
product1.save()
# We still should see the order shipment section since existing shipments
assert ShipmentSection.visible_for_object(order, request)
# Let's delete all shipments since both products is unshipped and we
# don't need those.
for shipment in order.shipments.all():
shipment.soft_delete()
assert not ShipmentSection.visible_for_object(order, request)
def test_order_shipment_section(rf, admin_user):
shop = get_default_shop()
supplier1 = Supplier.objects.create(identifier="1", name="supplier1")
supplier1.shops.add(shop)
supplier2 = Supplier.objects.create(identifier="2")
supplier2.shops.add(shop)
product1 = create_product("sku1", shop=shop, default_price=10)
shop_product1 = product1.get_shop_instance(shop=shop)
shop_product1.suppliers = [supplier1]
product2 = create_product("sku3", shop=shop, default_price=10, shipping_mode=ShippingMode.NOT_SHIPPED)
shop_product2 = product1.get_shop_instance(shop=shop)
shop_product2.suppliers = [supplier2]
product_quantities = {
supplier1.pk: {
product1.pk: 20
},
supplier2.pk: {
product2.pk: 10
}
}
def get_quantity(supplier, product):
return product_quantities[supplier.pk][product.pk]
order = create_empty_order(shop=shop)
order.full_clean()
order.save()
# Let's test the order shipment section for superuser
request = apply_request_middleware(rf.get("/"), user=admin_user, shop=shop)
# Add product 3 to order for supplier 2
add_product_to_order(order, supplier2, product2, get_quantity(supplier2, product2), 8)
# Product is not shippable so order section should not be available
assert not ShipmentSection.visible_for_object(order, request)
# Add product 2 to order for supplier 1
add_product_to_order(order, supplier1, product1, get_quantity(supplier1, product1), 7)
# Now we should see the shipment section
assert ShipmentSection.visible_for_object(order, request)
# Make order fully paid so we can start creting shipments and refunds
order.cache_prices()
order.check_all_verified()
order.create_payment(order.taxful_total_price)
assert order.is_paid()
product_summary = order.get_product_summary()
assert product_summary[product1.pk]["unshipped"] == 20
assert product_summary[product2.pk]["unshipped"] == 0
assert product_summary[product2.pk]["ordered"] == 10
# Fully ship the order
order.create_shipment({product1: 5}, supplier=supplier1)
order.create_shipment({product1: 5}, supplier=supplier1)
order.create_shipment({product1: 10}, supplier=supplier1)
assert not order.get_unshipped_products()
assert order.is_fully_shipped()
context = ShipmentSection.get_context_data(order, request)
assert len(context["suppliers"]) == 2
assert len(context["create_urls"].keys()) == 2 # One for each supplier
assert len(context["delete_urls"].keys()) == 3 # One for each shipment
# Let's create staff user without any permissions
staff_user = create_random_user(is_staff=True)
group = get_default_permission_group()
staff_user.groups.add(group)
shop.staff_members.add(staff_user)
request = apply_request_middleware(rf.get("/"), user=staff_user, shop=shop)
context = ShipmentSection.get_context_data(order, request)
assert len(context["suppliers"]) == 2
assert len(context["create_urls"].keys()) == 0
assert len(context["delete_urls"].keys()) == 0
set_permissions_for_group(group, ["order.create-shipment"])
request = apply_request_middleware(rf.get("/"), user=staff_user, shop=shop)
context = ShipmentSection.get_context_data(order, request)
assert len(context["suppliers"]) == 2
assert len(context["create_urls"].keys()) == 2
assert len(context["delete_urls"].keys()) == 0
set_permissions_for_group(group, ["order.create-shipment", "order.delete-shipment"])
request = apply_request_middleware(rf.get("/"), user=staff_user, shop=shop)
context = ShipmentSection.get_context_data(order, request)
assert len(context["suppliers"]) == 2
assert len(context["create_urls"].keys()) == 2
assert len(context["delete_urls"].keys()) == 3
# Make product1 unshipped
product1.shipping_mode = ShippingMode.NOT_SHIPPED
product1.save()
# We still should see the order shipment section since existing shipments
assert ShipmentSection.visible_for_object(order, request)
# Let's delete all shipments since both products is unshipped and we
# don't need those.
for shipment in order.shipments.all():
shipment.soft_delete()
assert not ShipmentSection.visible_for_object(order, request)
