def test_audited_cannot_download_questionnaire_file_if_draft(client):
questionnaire = factories.QuestionnaireFactory(is_draft=True)
user = utils.make_audited_user(questionnaire.control)
utils.login(client, user=user)
url = reverse('send-questionnaire-file', args=[questionnaire.id])
response = client.get(url)
assert response.status_code == 404
def test_send_response_file_list_does_not_contais_files_from_other_questionnaire(
client):
response_file_1 = factories.ResponseFileFactory(is_deleted=False)
questionnaire_1 = response_file_1.question.theme.questionnaire
questionnaire_1.is_draft = False
questionnaire_1.save()
assert not questionnaire_1.is_draft
# Questionnaire 2 in same control as questionnaire 1
questionnaire_2 = factories.QuestionnaireFactory(
control=questionnaire_1.control)
questionnaire_2.is_draft = False
questionnaire_2.save()
assert not questionnaire_2.is_draft
theme_2 = factories.ThemeFactory(questionnaire=questionnaire_2)
question_2 = factories.QuestionFactory(theme=theme_2)
response_file_2 = factories.ResponseFileFactory(is_deleted=False,
question=question_2)
user = utils.make_audited_user(questionnaire_1.control)
files = get_files_for_export(questionnaire_1)
assert len(files) == 1
assert files[0].file.name == response_file_1.file.name
def test_can_access_question_api_if_control_is_associated_with_the_user():
question = factories.QuestionFactory()
questionnaire = question.theme.questionnaire
questionnaire.is_draft = False
questionnaire.save()
user = utils.make_audited_user(questionnaire.control)
assert get_question(user, question.id).status_code == 200
def test_can_get_users_of_control_if_control_belongs_to_user():
control = factories.ControlFactory()
inspector = utils.make_inspector_user(control)
audited = utils.make_audited_user(control)
assert get_users_of_control(inspector, control).status_code == 200
assert get_users_of_control(audited, control).status_code == 200
def test_send_response_file_list_has_files_in_order_of_question_numbering(
client):
question_1 = factories.QuestionFactory()
question_2 = factories.QuestionFactory(theme=question_1.theme)
assert question_1.numbering < question_2.numbering
response_file_3 = factories.ResponseFileFactory(question=question_2,
is_deleted=False)
response_file_1 = factories.ResponseFileFactory(question=question_1,
is_deleted=False)
response_file_2 = factories.ResponseFileFactory(question=question_1,
is_deleted=False)
assert response_file_1.file.name != response_file_2.file.name
assert response_file_1.file.name != response_file_3.file.name
assert response_file_2.file.name != response_file_3.file.name
questionnaire = response_file_1.question.theme.questionnaire
questionnaire.is_draft = False
questionnaire.save()
assert not questionnaire.is_draft
user = utils.make_audited_user(questionnaire.control)
files = get_files_for_export(questionnaire)
assert len(files) == 3
assert files[0].file.name == response_file_1.file.name
assert files[1].file.name == response_file_2.file.name
assert files[2].file.name == response_file_3.file.name
def test_can_get_response_file_if_control_is_associated_with_the_user():
response_file = factories.ResponseFileFactory()
user = utils.make_audited_user(response_file.question.theme.questionnaire.control)
response = get_response_file(user, response_file.id)
assert response.status_code == 200
def test_cannot_get_users_of_control_if_control_does_not_belong_to_user():
control = factories.ControlFactory()
inspector = utils.make_inspector_user()
audited = utils.make_audited_user()
assert get_users_of_control(inspector, control).status_code == 404
assert get_users_of_control(audited, control).status_code == 404
def test_cannot_get_users_of_control_if_control_is_deleted():
control = factories.ControlFactory()
inspector = utils.make_inspector_user(control)
audited = utils.make_audited_user(control)
control.delete()
assert get_users_of_control(inspector, control).status_code == 404
assert get_users_of_control(audited, control).status_code == 404
def test_send_response_file_list_fails_for_draft_questionnaire_for_audited(
client):
questionnaire = factories.QuestionnaireFactory(is_draft=True)
user = utils.make_audited_user(questionnaire.control)
response = get_response_list(client, user, questionnaire.id)
assert response.status_code != 200
def test_send_response_file_list_works_for_audited_if_the_control_is_associated_with_the_user(
client):
questionnaire = factories.QuestionnaireFactory(is_draft=False)
user = utils.make_audited_user(questionnaire.control)
response = get_response_list(client, user, questionnaire.id)
assert response.status_code == 200
def test_cannot_trash_response_file_if_control_is_deleted():
response_file = factories.ResponseFileFactory()
user = utils.make_audited_user(
response_file.question.theme.questionnaire.control)
payload = {"is_deleted": "true"}
response_file.question.theme.questionnaire.control.delete()
response = trash_response_file(user, response_file.id, payload)
assert response.status_code == 404
def test_cannot_get_response_file_if_control_is_not_associated_with_the_user():
response_file = factories.ResponseFileFactory()
control = factories.ControlFactory()
user = utils.make_audited_user(control)
response = get_response_file(user, response_file.id)
assert 400 <= response.status_code <= 499
def test_audited_cannot_delete_theme_from_draft_questionnaire():
theme = factories.ThemeFactory()
audited_user = utils.make_audited_user(theme.questionnaire.control)
theme.questionnaire.is_draft = True
theme.questionnaire.save()
assert Questionnaire.objects.get(id=theme.questionnaire.id).is_draft
assert delete_theme(audited_user, theme.id).status_code == 403
def test_cannot_retrieve_theme_even_if_user_belongs_to_control():
theme = factories.ThemeFactory()
audited_user = utils.make_audited_user(theme.questionnaire.control)
inspector_user = utils.make_inspector_user(theme.questionnaire.control)
theme.questionnaire.is_draft = False
theme.questionnaire.save()
assert get_theme(audited_user, theme.id).status_code == 405
assert get_theme(inspector_user, theme.id).status_code == 405
def test_draft_questionnaire_is_not_listed_in_controls_data_if_user_is_audited():
control = factories.ControlFactory()
factories.QuestionnaireFactory(control=control, is_draft=False, title='MUST BE LISTED')
factories.QuestionnaireFactory(control=control, is_draft=True, title='MUST NOT BE LISTED')
user = utils.make_audited_user(control)
response = list_control(user)
assert response.status_code == 200
assert 'MUST BE LISTED' in str(response.content)
assert 'MUST NOT BE LISTED' not in str(response.content)
def test_cannot_untrash_a_file():
response_file = factories.ResponseFileFactory(is_deleted=True)
user = utils.make_audited_user(response_file.question.theme.questionnaire.control)
payload = { "is_deleted": "false" }
response = trash_response_file(user, response_file.id, payload)
assert 400 <= response.status_code < 500
assert ResponseFile.objects.get(id=response_file.id).is_deleted
def test_send_response_file_list_fails_for_audited_if_the_control_is_not_associated_with_the_user(
client):
questionnaire = factories.QuestionnaireFactory(is_draft=False)
unauthorized_control = factories.ControlFactory()
user = utils.make_audited_user(unauthorized_control)
response = get_response_list(client, user, questionnaire.id)
assert response.status_code != 200
def test_cannot_delete_theme_if_questionnaire_is_published():
theme = factories.ThemeFactory()
audited_user = utils.make_audited_user(theme.questionnaire.control)
inspector_user = utils.make_inspector_user(theme.questionnaire.control)
theme.questionnaire.is_draft = False
theme.questionnaire.save()
assert delete_theme(audited_user, theme.id).status_code == 403
assert delete_theme(inspector_user, theme.id).status_code == 405
def test_cannot_trash_response_file_if_control_is_not_associated_with_the_user():
response_file = factories.ResponseFileFactory()
control = factories.ControlFactory()
user = utils.make_audited_user(control)
payload = { "is_deleted": "true" }
response = trash_response_file(user, response_file.id, payload)
assert 400 <= response.status_code <= 499
def test_trashing_keeps_the_same_basename():
response_file = factories.ResponseFileFactory()
basename_before = response_file.basename
user = utils.make_audited_user(response_file.question.theme.questionnaire.control)
payload = { "is_deleted": "true" }
trash_response_file(user, response_file.id, payload)
basename_after = ResponseFile.objects.get(id=response_file.id).basename
assert basename_after == basename_before
def test_trashing_logs_an_action():
response_file = factories.ResponseFileFactory()
user = utils.make_audited_user(response_file.question.theme.questionnaire.control)
payload = { "is_deleted": "true" }
assert not Action.objects.filter(verb__contains="trashed response-file").exists()
trash_response_file(user, response_file.id, payload)
assert Action.objects.filter(verb__contains="trashed response-file").exists()
action = Action.objects.filter(verb__contains="trashed response-file").last()
assert action.actor_object_id == str(user.id)
assert action.target_object_id == str(response_file.id)
def test_audited_cannot_access_api():
control = factories.ControlFactory()
user = utils.make_audited_user(control)
questionnaire = factories.QuestionnaireFactory(control=control, is_draft=True, editor=user)
assert_questionnaire_has_editor(questionnaire, user)
response = call_api(user, questionnaire.id, user.id)
assert 400 <= response.status_code < 500
assert_questionnaire_has_editor(questionnaire, user)
def __init__(self, client):
questionnaire = factories.QuestionnaireFactory(is_draft=False)
self.filename = questionnaire.basename
user = utils.make_audited_user(questionnaire.control)
utils.login(client, user=user)
url = reverse('send-questionnaire-file', args=[questionnaire.id])
self.response = client.get(url)
def test_download_question_file_fails_if_the_control_is_not_associated_with_the_user(
client):
question_file = factories.QuestionFileFactory()
unauthorized_control = factories.ControlFactory()
assert unauthorized_control != question_file.question.theme.questionnaire.control
user = utils.make_audited_user(unauthorized_control)
utils.login(client, user=user)
url = reverse('send-question-file', args=[question_file.id])
response = client.get(url)
assert response.status_code != 200
def test_as_auditor_questionnaire_is_not_listed_if_not_associated_with_user_control():
control_in = factories.ControlFactory()
control_out = factories.ControlFactory()
factories.QuestionnaireFactory(control=control_in, is_draft=False, title='MUST BE LISTED')
factories.QuestionnaireFactory(control=control_out, is_draft=False, title='MUST NOT BE LISTED')
user = utils.make_audited_user(control_in)
response = list_control(user)
assert response.status_code == 200
assert 'MUST BE LISTED' in str(response.content)
assert 'MUST NOT BE LISTED' not in str(response.content)
def test_can_access_questionnaire_api_if_control_is_associated_with_the_user():
questionnaire = factories.QuestionnaireFactory()
audited_user = utils.make_audited_user(questionnaire.control)
# get
assert get_questionnaire(audited_user, questionnaire.id).status_code == 200
# create
inspector_user = utils.make_inspector_user(questionnaire.control)
payload = make_create_payload(questionnaire.control.id)
assert create_questionnaire(inspector_user, payload).status_code == 201
def test_send_response_file_list_does_not_contain_deleted_file(client):
response_file = factories.ResponseFileFactory(is_deleted=True)
questionnaire = response_file.question.theme.questionnaire
questionnaire.is_draft = False
questionnaire.save()
assert not questionnaire.is_draft
user = utils.make_audited_user(questionnaire.control)
files = get_files_for_export(questionnaire)
assert len(files) == 0
def test_audited_cannot_trash_response_file_if_already_deleted():
response_file = factories.ResponseFileFactory(is_deleted=True)
user = utils.make_audited_user(
response_file.question.theme.questionnaire.control)
payload = {"is_deleted": "true"}
assert ResponseFile.objects.get(id=response_file.id).is_deleted
response = trash_response_file(user, response_file.id, payload)
assert response.status_code == 400
assert ResponseFile.objects.get(id=response_file.id).is_deleted
def test_audited_cannot_update_theme():
theme = factories.ThemeFactory()
user = utils.make_audited_user(theme.questionnaire.control)
# Audited cannot update draft questionnaire
theme.questionnaire.is_draft = True
theme.questionnaire.save()
assert 400 <= update_theme(user, make_update_theme_payload(theme)).status_code < 500
# Audited cannot update published questionnaire
theme.questionnaire.is_draft = False
theme.questionnaire.save()
assert 400 <= update_theme(user, make_update_theme_payload(theme)).status_code < 500
def test_audited_cannot_update_published_questionnaire():
# In fact, draft or not, audited should not be able to update at all
increment_ids()
control = factories.ControlFactory()
user = utils.make_audited_user(control)
questionnaire = factories.QuestionnaireFactory(is_draft=False,
control=control,
editor=user)
payload = make_update_payload(questionnaire)
# Here we are trying to update a questionnaire that's already published
response = update_questionnaire(user, payload)
assert 400 <= response.status_code < 500
