Ejemplo n.º 1
0
 def test_get_serializer_class__staff_user_allow_to_modify_all_fields(self):
     assessment = AssessmentFactory(status=STATUS.new,
                                    start_date=Day().date,
                                    end_date=Day().date)
     self.client.force_authenticate(self.staff_user)
     user, decision_by = UserFactory(), UserFactory()
     data = {
         'user': {
             'id': user.id
         },
         'decision_by': {
             'id': decision_by.id
         },
         'status': STATUS.completed,
         'start_date': Day(ago=15).date,
         'end_date': Day(ago=10).date,
         'plan': self.fake.text(),
         'comments': self.fake.text(),
         'notes': self.fake.text(),
     }
     response = self.client.patch(self.get_detail_url(assessment.id),
                                  data=data)
     assessment.refresh_from_db()
     assert assessment.user.id == data['user']['id']
     assert assessment.decision_by.id == data['decision_by']['id']
     assert response.data['user']['id'] == data['user']['id']
     assert response.data['decision_by']['id'] == data['decision_by']['id']
     data.pop('user'), data.pop('decision_by')
     for field in data.keys():
         assert response.data[field] == (format(data[field]) if isinstance(
             data[field], date) else data[field])
         assert getattr(assessment, field) == data[field]
Ejemplo n.º 2
0
 def test_get_serializer_class_non_staff_user_allow_to_modify_non_read_only_fields(
         self):
     assessment = AssessmentFactory(user=self.simple_user,
                                    start_date=Day().date,
                                    end_date=Day().date)
     self.client.force_authenticate(self.simple_user)
     user, decision_by = UserFactory(), UserFactory()
     data = {
         'user': {
             'id': user.id
         },
         'decision_by': {
             'id': decision_by.id
         },
         'status': STATUS.completed,
         'start_date': Day(ago=15).date,
         'end_date': Day(ago=10).date,
         'plan': self.fake.text(),
         'comments': self.fake.text(),
         'notes': self.fake.text(),
     }
     response = self.client.patch(self.get_detail_url(assessment.id),
                                  data=data)
     assert response.status_code == HTTP_403_FORBIDDEN
     assessment.refresh_from_db()
     assert assessment.user.id != data['user']['id']
     assert assessment.decision_by.id != data['decision_by']['id']
     data.pop('user'), data.pop('decision_by')
     for field in data.keys():
         assert getattr(assessment, field) != data[field]
Ejemplo n.º 3
0
 def test__read_only_fields(self):
     absence = AbsenceFactory(status=STATUS.new,
                              reason=REASON.illness,
                              start_date=Day().date,
                              end_date=Day().date)
     user, decision_by = UserFactory(), UserFactory()
     data = {
         'user': {
             'id': user.id
         },
         'decision_by': {
             'id': decision_by.id
         },
         'status': STATUS.verifying,
         'reason': REASON.other,
         'start_date': Day(ago=5).date,
         'end_date': Day(ago=4).date,
         'notes': 'Test notes',
     }
     serializer = AbsenceSerializer(absence, data=data)
     assert serializer.is_valid()
     absence = serializer.save()
     assert absence.user.id == data['user']['id']
     assert absence.decision_by.id != data['decision_by']['id']
     data.pop('user'), data.pop('decision_by'), data.pop('notes')
     for field in data.keys():
         assert getattr(absence, field) == data[field]
Ejemplo n.º 4
0
    def test_permission_classes__staff_allow_to_use_any_rest_method(self):
        self.client.force_authenticate(self.staff_user)

        # POST
        assert Event.objects.count() == 0
        data = {
            'title': self.fake.text(),
            'description': self.fake.text(),
            'start_date': Day(ago=40).date,
            'end_date': Day(ago=35).date,
            'active': self.fake.boolean()
        }
        response = self.client.post(self.get_list_url(), data=data)
        assert response.status_code == HTTP_201_CREATED
        assert response.data['title'] == data['title']
        assert Event.objects.count() == 1
        event = Event.objects.first()
        self.assert_fields(event, data, self.staff_user)

        # GET(id)
        response = self.client.get(self.get_detail_url(response.data['id']))
        assert response.status_code == HTTP_200_OK
        serializer = StaffEventSerializer(event)
        assert response.data == serializer.data

        # PATCH
        data = {'title': self.fake.text()}
        response = self.client.patch(self.get_detail_url(response.data['id']),
                                     data=data)
        event.refresh_from_db()
        assert response.status_code == HTTP_200_OK
        assert response.data['title'] == data['title']
        assert event.title == data['title']

        # PUT
        data = {**response.data, **{'title': self.fake.text()}}
        response = self.client.put(self.get_detail_url(response.data['id']),
                                   data=data)
        event.refresh_from_db()
        assert response.status_code == HTTP_200_OK
        assert response.data['title'] == data['title']
        assert event.title == data['title']

        # DELETE
        response = self.client.delete(self.get_detail_url(response.data['id']))
        assert response.status_code == HTTP_204_NO_CONTENT
        assert Event.objects.count() == 0

        # GET(all)
        [EventFactory() for _ in range(3)]
        events = Event.objects.all()
        response = self.client.get(self.get_list_url())
        assert response.status_code == HTTP_200_OK
        assert len(response.data['results']) == 3
        serializer = StaffEventSerializer(events, many=True)
        assert response.data['results'] == serializer.data
        assert set(entity['id'] for entity in response.data['results']) == set(
            entity.id for entity in events)
Ejemplo n.º 5
0
    def test_permission_classes__non_staff_allow_to_use_subset_of_rest_api_methods(
            self):
        self.client.force_authenticate(self.simple_user)
        event = EventFactory(active=True)
        event.refresh_from_db()

        # POST
        assert Event.objects.count() == 1
        data = {
            'title': self.fake.text(),
            'description': self.fake.text(),
            'start_date': Day(ago=40).date,
            'end_date': Day(ago=35).date,
            'active': self.fake.boolean()
        }
        response = self.client.post(self.get_list_url(), data=data)
        assert response.status_code == HTTP_403_FORBIDDEN
        assert Event.objects.count() == 1

        # GET(id)
        response = self.client.get(self.get_detail_url(event.id))
        assert response.status_code == HTTP_200_OK
        serializer = EventSerializer(event)
        assert response.data == serializer.data

        # PATCH
        data = {'title': self.fake.text()}
        response = self.client.patch(self.get_detail_url(event.id), data=data)
        event.refresh_from_db()
        assert response.status_code == HTTP_403_FORBIDDEN
        assert event.title != data['title']

        # PUT
        data = {**response.data, **{'title': self.fake.text()}}
        response = self.client.put(self.get_detail_url(event.id), data=data)
        event.refresh_from_db()
        assert response.status_code == HTTP_403_FORBIDDEN
        assert event.title != data['title']

        # DELETE
        response = self.client.delete(self.get_detail_url(event.id))
        assert response.status_code == HTTP_403_FORBIDDEN
        assert Event.objects.count() == 1

        # GET(all)
        [EventFactory(active=active) for active in [True, False, True]]
        events = Event.objects.filter(active=True)
        response = self.client.get(self.get_list_url())
        assert response.status_code == HTTP_200_OK
        assert len(response.data['results']) == 3
        serializer = EventSerializer(events, many=True)
        assert response.data['results'] == serializer.data
        assert set(entity['id'] for entity in response.data['results']) == set(
            entity.id for entity in events)
Ejemplo n.º 6
0
    def test_permission_classes__staff_allow_to_use_any_rest_method(self):
        self.client.force_authenticate(self.staff_user)

        # POST
        assert Absence.objects.count() == 0
        data = {
            'user': {'id': self.staff_user.id, 'email': self.staff_user.email},
            'reason': REASON.illness,
            'start_date': Day(ago=40).date,
            'end_date': Day(ago=35).date,
        }
        response = self.client.post(self.get_list_url(), data=data)
        assert response.status_code == HTTP_201_CREATED
        assert Absence.objects.count() == 1
        absence = Absence.objects.first()
        self.assert_fields(absence, data, self.staff_user)

        # GET(id)
        response = self.client.get(self.get_detail_url(response.data['id']))
        assert response.status_code == HTTP_200_OK
        assert response.data['reason'] == data['reason']
        serializer = StaffAbsenceSerializer(absence)
        assert response.data == serializer.data

        # PATCH
        data = {'reason': REASON.other}
        response = self.client.patch(self.get_detail_url(response.data['id']), data=data)
        absence.refresh_from_db()
        assert response.status_code == HTTP_200_OK
        assert response.data['reason'] == data['reason']
        assert absence.reason == data['reason']

        # PUT
        data = {**response.data, **{'reason': REASON.illness}}
        response = self.client.put(self.get_detail_url(response.data['id']), data=data)
        absence.refresh_from_db()
        assert response.status_code == HTTP_200_OK
        assert response.data['reason'] == data['reason']
        assert absence.reason == data['reason']

        # DELETE
        response = self.client.delete(self.get_detail_url(response.data['id']))
        assert response.status_code == HTTP_204_NO_CONTENT
        assert Absence.objects.count() == 0

        # GET(all)
        [AbsenceFactory(user=user) for user in [self.staff_user] + [self.simple_user] * 2]
        absences = Absence.objects.all()
        response = self.client.get(self.get_list_url())
        assert response.status_code == HTTP_200_OK
        assert len(response.data['results']) == 3
        serializer = StaffAbsenceSerializer(absences, many=True)
        assert response.data['results'] == serializer.data
        assert set(absence['id'] for absence in response.data['results']) == set(absence.id for absence in absences)
Ejemplo n.º 7
0
    def test_permission_classes__non_staff_allow_to_use_subset_of_rest_api_methods(self):
        self.client.force_authenticate(self.simple_user)

        # POST
        assert Absence.objects.count() == 0
        data = {
            'user': {'id': self.simple_user.id, 'email': self.simple_user.email},
            'status': STATUS.new,
            'reason': REASON.illness,
            'start_date': Day(ago=40).date,
            'end_date': Day(ago=35).date,
        }
        response = self.client.post(self.get_list_url(), data=data)
        assert response.status_code == HTTP_201_CREATED
        assert response.data['status'] == data['status']
        assert Absence.objects.count() == 1
        absence = Absence.objects.first()
        self.assert_fields(absence, data, self.simple_user)

        # GET(id)
        response = self.client.get(self.get_detail_url(response.data['id']))
        assert response.status_code == HTTP_200_OK
        serializer = AbsenceSerializer(absence)
        assert response.data == serializer.data

        # PATCH
        data = {'reason': REASON.other}
        response = self.client.patch(self.get_detail_url(response.data['id']), data=data)
        absence.refresh_from_db()
        assert response.status_code == HTTP_200_OK
        assert response.data['reason'] == data['reason']
        assert absence.reason == data['reason']

        # PUT
        data = {**response.data, **{'reason': REASON.illness}}
        response = self.client.put(self.get_detail_url(response.data['id']), data=data)
        absence.refresh_from_db()
        assert response.status_code == HTTP_403_FORBIDDEN
        assert absence.reason != data['reason']

        # DELETE
        response = self.client.delete(self.get_detail_url(absence.id))
        assert response.status_code == HTTP_403_FORBIDDEN
        assert Absence.objects.count() == 1

        # GET(all)
        [AbsenceFactory(user=user) for user in [self.staff_user, self.simple_user]]
        absences = Absence.objects.filter(user=self.simple_user)
        response = self.client.get(self.get_list_url())
        assert response.status_code == HTTP_200_OK
        assert len(response.data['results']) == 2
        serializer = AbsenceSerializer(absences, many=True)
        assert response.data['results'] == serializer.data
        assert set(entity['id'] for entity in response.data['results']) == set(entity.id for entity in absences)
Ejemplo n.º 8
0
 def test_get_serializer_class__staff_user_allow_to_modify_all_fields(self):
     event = EventFactory()
     self.client.force_authenticate(self.staff_user)
     data = {
         'title': self.fake.text(),
         'description': self.fake.text(),
         'start_date': Day(ago=40).date,
         'end_date': Day(ago=35).date,
         'active': self.fake.boolean()
     }
     response = self.client.patch(self.get_detail_url(event.id), data=data)
     event.refresh_from_db()
     for field in data.keys():
         assert response.data[field] == (format(data[field]) if isinstance(
             data[field], date) else data[field])
         assert getattr(event, field) == data[field]
Ejemplo n.º 9
0
 def test__read_only_fields(self):
     event = EventFactory(start_date=Day().date, end_date=Day().date, notify=True, active=True)
     data = {
         'title': 'Test',
         'description': 'Test',
         'start_date': Day(ago=5).date,
         'end_date': Day(ago=5).date,
         'notify': False,
         'to': '*****@*****.**',
         'active': False,
     }
     serializer = EventSerializer(event, data=data)
     assert serializer.is_valid()
     event = serializer.save()
     for field in data.keys():
         assert getattr(event, field) != data[field]
Ejemplo n.º 10
0
    def test_permission_classes__non_staff_allows_to_access_only_his_data(
            self):
        self.client.force_authenticate(self.simple_user)
        assessment = AssessmentFactory(user=self.staff_user)

        # POST
        assert Assessment.objects.count() == 1
        data = {
            'user': {
                'id': self.staff_user.id,
                'email': self.staff_user.email
            },
            'status': STATUS.new,
            'start_date': Day(ago=40).date,
            'end_date': Day(ago=35).date,
        }
        response = self.client.post(self.get_list_url(), data=data)
        assert response.status_code == HTTP_403_FORBIDDEN
        assert Assessment.objects.count() == 1

        # GET(id)
        response = self.client.get(self.get_detail_url(assessment.id))
        assert response.status_code == HTTP_404_NOT_FOUND

        # PATCH
        data = {'status': STATUS.in_progress}
        response = self.client.patch(self.get_detail_url(assessment.id),
                                     data=data)
        assert response.status_code == HTTP_403_FORBIDDEN

        # DELETE
        response = self.client.delete(self.get_detail_url(assessment.id))
        assert response.status_code == HTTP_403_FORBIDDEN

        # GET(all)
        [
            AssessmentFactory(user=user)
            for user in [self.simple_user] * 2 + [self.staff_user]
        ]
        assessments = Assessment.objects.filter(user=self.simple_user)
        response = self.client.get(self.get_list_url())
        assert response.status_code == HTTP_200_OK
        assert len(response.data['results']) == 2
        assert Assessment.objects.count() == 4
        serializer = StaffAssessmentSerializer(assessments, many=True)
        assert response.data['results'] == serializer.data
Ejemplo n.º 11
0
 def test__read_only_fields(self):
     assessment = AssessmentFactory(status=STATUS.new, start_date=Day().date, end_date=Day().date)
     user, decision_by = UserFactory(), UserFactory()
     data = {
         'user': {'id': user.id},
         'decision_by': {'id': decision_by.id},
         'status': STATUS.in_progress,
         'start_date': Day(ago=5).date,
         'end_date': Day(ago=5).date,
         'plan': 'Test plan',
         'comments': 'Test comments',
         'notes': 'Test notes',
     }
     serializer = AssessmentSerializer(assessment, data=data)
     assert serializer.is_valid()
     assessment = serializer.save()
     assert assessment.user.id != data['user']['id']
     assert assessment.decision_by.id != data['user']['id']
     data.pop('user'), data.pop('decision_by')
     for field in data.keys():
         assert getattr(assessment, field) != data[field]
Ejemplo n.º 12
0
    def test_permission_classes__non_staff_allows_to_access_and_modify_only_his_data(self):
        self.client.force_authenticate(self.simple_user)
        absence = AbsenceFactory(user=self.staff_user)

        # POST
        assert Absence.objects.count() == 1
        data = {
            'user': {'id': self.staff_user.id, 'email': self.staff_user.email},
            'reason': REASON.illness,
            'start_date': Day(ago=40).date,
            'end_date': Day(ago=35).date,
        }
        response = self.client.post(self.get_list_url(), data=data)
        assert response.status_code == HTTP_403_FORBIDDEN
        assert Absence.objects.count() == 1

        # GET(id)
        response = self.client.get(self.get_detail_url(absence.id))
        assert response.status_code == HTTP_404_NOT_FOUND

        # PATCH
        data = {'reason': REASON.other}
        response = self.client.patch(self.get_detail_url(absence.id), data=data)
        assert response.status_code == HTTP_404_NOT_FOUND

        # DELETE
        response = self.client.delete(self.get_detail_url(absence.id))
        assert response.status_code == HTTP_403_FORBIDDEN

        # GET(all)
        [AbsenceFactory(user=user) for user in [self.simple_user] * 2 + [self.staff_user]]
        absences = Absence.objects.filter(user=self.simple_user)
        response = self.client.get(self.get_list_url())
        assert response.status_code == HTTP_200_OK
        assert len(response.data['results']) == 2
        assert Absence.objects.count() == 4
        serializer = StaffAbsenceSerializer(absences, many=True)
        assert response.data['results'] == serializer.data
Ejemplo n.º 13
0
 def test_get_serializer_class__staff_user_allow_to_modify_all_fields(self):
     absence = AbsenceFactory(status=STATUS.new, reason=REASON.illness, start_date=Day().date, end_date=Day().date)
     self.client.force_authenticate(self.staff_user)
     user, decision_by = UserFactory(), UserFactory()
     data = {
         'user': {'id': user.id},
         'decision_by': {'id': decision_by.id},
         'status': STATUS.verifying,
         'reason': REASON.other,
         'start_date': Day(ago=5).date,
         'end_date': Day(ago=4).date,
         'notes': self.fake.text(),
     }
     response = self.client.patch(self.get_detail_url(absence.id), data=data)
     absence.refresh_from_db()
     assert absence.user.id == data['user']['id']
     assert absence.decision_by.id == data['decision_by']['id']
     assert response.data['user']['id'] == data['user']['id']
     assert response.data['decision_by']['id'] == data['decision_by']['id']
     data.pop('user'), data.pop('decision_by')
     for field in data.keys():
         assert response.data[field] == (format(data[field]) if isinstance(data[field], date) else data[field])
         assert getattr(absence, field) == data[field]
Ejemplo n.º 14
0
 def test_get_serializer_class_non_staff_user_allow_to_modify_non_read_only_fields(self):
     data = {
         'user': self.simple_user,
         'status': STATUS.new,
         'reason': REASON.illness,
         'start_date': Day().date,
         'end_date': Day().date,
     }
     absence = AbsenceFactory(**data)
     self.client.force_authenticate(self.simple_user)
     user, decision_by = UserFactory(), UserFactory()
     data = {
         'user': {'id': user.id},
         'decision_by': {'id': decision_by.id},
         'status': STATUS.verifying,
         'reason': REASON.other,
         'start_date': Day(ago=5).date,
         'end_date': Day(ago=4).date,
         'notes': self.fake.text(),
     }
     response = self.client.patch(self.get_detail_url(absence.id), data=data)
     assert response.status_code == HTTP_403_FORBIDDEN
     absence.refresh_from_db()
     assert absence.user.id != data['user']['id']
     assert absence.decision_by.id != data['decision_by']['id']
     data.pop('user'), data.pop('decision_by')
     for field in data.keys():
         assert getattr(absence, field) != data[field]
     data = {
         'status': STATUS.verifying,
         'reason': REASON.other,
         'start_date': Day(ago=5).date,
         'end_date': Day(ago=4).date,
     }
     response = self.client.patch(self.get_detail_url(absence.id), data=data)
     assert response.status_code == HTTP_200_OK
     absence.refresh_from_db()
     for field in data.keys():
         assert getattr(absence, field) == data[field]
Ejemplo n.º 15
0
    def test_permission_classes__staff_allow_to_use_any_rest_method(self):
        self.client.force_authenticate(self.staff_user)

        # POST
        assert Assessment.objects.count() == 0
        data = {
            'user': {
                'id': self.staff_user.id,
                'email': self.staff_user.email
            },
            'status': STATUS.in_progress,
            'start_date': Day(ago=40).date,
            'end_date': Day(ago=35).date,
        }
        response = self.client.post(self.get_list_url(), data=data)
        assert response.status_code == HTTP_201_CREATED
        assert response.data['status'] == data['status']
        assert Assessment.objects.count() == 1
        assessment = Assessment.objects.first()
        self.assert_fields(assessment, data, self.staff_user)

        # GET(id)
        response = self.client.get(self.get_detail_url(response.data['id']))
        assert response.status_code == HTTP_200_OK
        serializer = StaffAssessmentSerializer(assessment)
        assert response.data == serializer.data

        # PATCH
        data = {'status': STATUS.completed}
        response = self.client.patch(self.get_detail_url(response.data['id']),
                                     data=data)
        assessment.refresh_from_db()
        assert response.status_code == HTTP_200_OK
        assert response.data['status'] == data['status']
        assert assessment.status == data['status']

        # PUT
        data = {**response.data, **{'status': STATUS.completed}}
        response = self.client.put(self.get_detail_url(response.data['id']),
                                   data=data)
        assessment.refresh_from_db()
        assert response.status_code == HTTP_200_OK
        assert response.data['status'] == data['status']
        assert assessment.status == data['status']

        # DELETE
        response = self.client.delete(self.get_detail_url(response.data['id']))
        assert response.status_code == HTTP_204_NO_CONTENT
        assert Assessment.objects.count() == 0

        # GET(all)
        [
            AssessmentFactory(user=user)
            for user in [self.staff_user] + [self.simple_user] * 2
        ]
        assessments = Assessment.objects.all()
        response = self.client.get(self.get_list_url())
        assert response.status_code == HTTP_200_OK
        assert len(response.data['results']) == 3
        serializer = StaffAssessmentSerializer(assessments, many=True)
        assert response.data['results'] == serializer.data
        assert set(entity['id'] for entity in response.data['results']) == set(
            entity.id for entity in assessments)
Ejemplo n.º 16
0
    def test_permission_classes__non_staff_allow_to_use_subset_of_rest_api_methods(
            self):
        self.client.force_authenticate(self.simple_user)
        assessment = AssessmentFactory(user=self.simple_user)
        assessment.refresh_from_db()

        # POST
        assert Assessment.objects.count() == 1
        data = {
            'user': {
                'id': self.simple_user.id,
                'email': self.simple_user.email
            },
            'status': STATUS.new,
            'start_date': Day(ago=40).date,
            'end_date': Day(ago=35).date,
        }
        response = self.client.post(self.get_list_url(), data=data)
        assert response.status_code == HTTP_403_FORBIDDEN
        assert Assessment.objects.count() == 1

        # GET(id)
        response = self.client.get(self.get_detail_url(assessment.id))
        assert response.status_code == HTTP_200_OK
        serializer = AssessmentSerializer(assessment)
        assert response.data == serializer.data

        # PATCH
        data = {'status': STATUS.in_progress}
        response = self.client.patch(self.get_detail_url(assessment.id),
                                     data=data)
        assessment.refresh_from_db()
        assert response.status_code == HTTP_403_FORBIDDEN
        assert assessment.status != data['status']

        # PUT
        data = {**response.data, **{'status': STATUS.failed}}
        response = self.client.put(self.get_detail_url(assessment.id),
                                   data=data)
        assessment.refresh_from_db()
        assert response.status_code == HTTP_403_FORBIDDEN
        assert assessment.status != data['status']

        # DELETE
        response = self.client.delete(self.get_detail_url(assessment.id))
        assert response.status_code == HTTP_403_FORBIDDEN
        assert Assessment.objects.count() == 1

        # GET(all)
        [
            AssessmentFactory(user=user)
            for user in [self.staff_user, self.simple_user]
        ]
        assessments = Assessment.objects.filter(user=self.simple_user)
        response = self.client.get(self.get_list_url())
        assert response.status_code == HTTP_200_OK
        assert len(response.data['results']) == 2
        serializer = AssessmentSerializer(assessments, many=True)
        assert response.data['results'] == serializer.data
        assert set(entity['id'] for entity in response.data['results']) == set(
            entity.id for entity in assessments)
Ejemplo n.º 17
0
 def test_is_birthday__false_5_days_ahead(self):
     self.user.date_of_birth = Day(ago=-5).date
     assert not self.user.is_birthday()