def test_member_dashboard(self):
"""GETting member dashboard shows notifications for request.user's resources."""
# Some ResourceRequests for the request.user that have not yet been granted
# expected_resource_request_ids = [
# ResourceRequestFactory(
# member=self.user,
# status=REQUEST_REQUESTED
# ).id for i in range(0, 3)
# ]
# Some ResourceRequests for other users
for i in range(0, 2):
ResourceRequestFactory()
# Some ResourceRequests for the request.user that have been granted
# expected_resources_granted_ids = []
for i in range(0, 3):
resource_request = ResourceRequestFactory(member=self.user,
status=REQUEST_APPROVED)
ResourceGrantFactory(member=self.user,
resource_request=resource_request)
# expected_resources_granted_ids.append(resource_request.id)
# Some ResourceGrants for other users
for i in range(0, 2):
ResourceGrantFactory()
# Some ResourceRequests for the request.user that have been denied/revoked
for i in range(0, 3):
ResourceRequestFactory(member=self.user, status=REQUEST_DENIED)
response = self.client.get(reverse(self.url_name))
self.assertEqual(response.status_code, 200)
def test_member_dashboard(self):
"""GETting member dashboard shows ResourceRequests for request.user's resources."""
# Some ResourceRequests for the request.user that have not yet been granted
expected_resource_request_ids = [
ResourceRequestFactory(member=self.user,
status=REQUEST_REQUESTED).id
for i in range(0, 3)
]
# Some ResourceRequests for other users
for i in range(0, 2):
ResourceRequestFactory()
# Some ResourceRequests for the request.user that have been granted
expected_resources_granted_ids = []
for i in range(0, 3):
resource_request = ResourceRequestFactory(member=self.user,
status=REQUEST_APPROVED)
ResourceGrantFactory(member=self.user,
resource_request=resource_request)
expected_resources_granted_ids.append(resource_request.id)
# Some ResourceGrants for other users
for i in range(0, 2):
ResourceGrantFactory()
# Some ResourceRequests for the request.user that have been denied/revoked
for i in range(0, 3):
ResourceRequestFactory(member=self.user, status=REQUEST_DENIED)
response = self.client.get(reverse(self.url_name))
self.assertEqual(response.status_code, 200)
self.assertEqual(
set(response.context_data['resource_requests'].values_list(
'id', flat=True)), set(expected_resource_request_ids))
self.assertEqual(
set(response.context_data['resources_granted'].values_list(
'id', flat=True)), set(expected_resources_granted_ids))
def give_user_access_to_member_token(self, user, member, provider_name):
"""
Give the user access to the member's access_token, and return access_token.
This method creates necessary database objects so that the user is in an
Organization that has a ResourceGrant for the member's Resource, so the
user can use the member's access_token to get data about the member.
"""
# The user is a part of an Organization
organization = OrganizationFactory()
organization.agents.add(user)
# The member has received an access_token to get their own data.
provider_name = provider_name
access_token = 'accessTOKENhere'
UserSocialAuthFactory(
user=member,
provider=provider_name,
extra_data={'refresh_token': 'refreshTOKEN', 'access_token': access_token},
)
# The member has approved the Organization's request for the member's data
resource_request = ResourceRequestFactory(
member=member,
organization=organization,
resourcegrant=None,
status=REQUEST_APPROVED,
)
ResourceGrantFactory(
member=resource_request.member,
organization=resource_request.organization,
resource_class_path=resource_request.resource_class_path,
resource_request=resource_request,
)
def setUp(self):
super().setUp()
# A ResourceRequest for the self.user that has been approved
self.resource_request = ResourceRequestFactory(member=self.user,
resourcegrant=None,
status=REQUEST_APPROVED)
ResourceGrantFactory(
member=self.user,
resource_request=self.resource_request,
organization=self.resource_request.organization,
resource_class_path=self.resource_request.resource_class_path)
def test_non_user_resource_request(self):
"""Revoking a ResourceRequest that isn't for the request.user is not allowed."""
resource_request_other_user = ResourceRequestFactory(status=REQUEST_APPROVED)
ResourceGrantFactory(
member=resource_request_other_user.member,
organization=resource_request_other_user.organization,
resource_class_path=resource_request_other_user.resource_class_path
)
url = reverse(self.url_name, kwargs={'pk': resource_request_other_user.pk})
response = self.client.post(url)
self.assertEqual(response.status_code, 404)
def test_get_post(self):
"""
GETting or POSTing the user_router redirects the user, based on who the User is:
- if the request.user is an Organization User, the User is redirected to the org dashboard
- if the request.user is a member, the User is redirected to the member dashboard
- otherwise, the User is redirected to the org dashboard
"""
subtests = (
# is_agent | is_member | expected_redirect
# --------------------|---------------------|-------------------------
# Is the request.user | Is the request.user | url_name that the user
# an org agent? | an org member? | should be redirected to
# --------------------|---------------------|-------------------------
(True, False, 'org:dashboard'),
(True, True, 'org:dashboard'),
(False, True, 'member:dashboard'),
(False, False, 'member:dashboard'),
)
for (is_agent, is_member, expected_redirect) in subtests:
for method_name in ['get', 'post']:
with self.subTest(
method_name=method_name,
is_agent=is_agent,
is_member=is_member,
expected_redirect=expected_redirect,
):
self.user.refresh_from_db()
if is_agent:
organization = OrganizationFactory()
organization.agents.add(self.user)
else:
self.user.agent_organizations.clear()
if is_member:
organization = OrganizationFactory()
organization.members.add(self.user)
ResourceGrantFactory(
organization=organization, member=self.user
)
else:
self.user.member_organizations.clear()
self.user.resource_grants.all().delete()
# Use the relevant method (GET or POST).
method = getattr(self.client, method_name)
response = method(self.url)
self.assertRedirects(response, reverse(expected_redirect))
def test_get_permissions(self):
"""
A user may see a member's data sources, if:
- the request.user is the member, or
- the request.user is in an Organization that has an approved
ResourceRequest for the member's data
"""
# Create a member
member = UserFactory()
# The member has received an access_token to get their own data.
provider_name = Resource.name
access_token = 'accessTOKENhere'
UserSocialAuthFactory(
user=member,
provider=provider_name,
extra_data={
'refresh_token': 'refreshTOKEN',
'access_token': access_token
},
)
# The URLs that will be used in this test
member_data_url = reverse(self.url_name, kwargs={'pk': member.pk})
with self.subTest(
"A member's data sources without an approved ResourceRequest"):
# We mock the use of the requests library, so we don't make real
# requests from within the test.
with HTTMock(self.response_content_success):
response = self.client.get(member_data_url)
# The request.user does not have access to the member's data
self.assertEqual(response.status_code, 302)
with self.subTest(
"A member's data sources with an approved ResourceRequest, other Organization"
):
# The member has approved some Organization's request for the member's data
organization = OrganizationFactory()
resource_request = ResourceRequestFactory(
member=member,
organization=organization,
resourcegrant=None,
status=REQUEST_APPROVED,
)
resource_grant = ResourceGrantFactory(
member=resource_request.member,
organization=resource_request.organization,
resource_class_path=resource_request.resource_class_path,
resource_request=resource_request,
)
# We mock the use of the requests library, so we don't make real
# requests from within the test.
with HTTMock(self.response_content_success):
response = self.client.get(member_data_url)
# The request.user now has access to the member's data
self.assertEqual(response.status_code, 302)
with self.subTest(
"A member's data sources with approved ResourceRequest from request.user's Organization"
):
# The request.user is now in the organization
organization.agents.add(self.user)
# We mock the use of the requests library, so we don't make real
# requests from within the test.
with HTTMock(self.response_content_success):
response = self.client.get(member_data_url)
# The request.user does not have access to the member's data, since
# the request.user is not in the organization.
self.assertEqual(response.status_code, 200)
with self.subTest('A member requesting their own data'):
self.client.logout()
self.client.force_login(member)
# We mock the use of the requests library, so we don't make real
# requests from within the test.
with HTTMock(self.response_content_success):
response = self.client.get(member_data_url)
# The request.user has access to their own data, regardless of their
# Organization.
self.assertEqual(response.status_code, 200)
# Even if we remove the ResourceRequest and ResourceGrant objects,
# the member is allowed to see their own data.
resource_request.delete()
resource_grant.delete()
with HTTMock(self.response_content_success):
response = self.client.get(member_data_url)
self.assertEqual(response.status_code, 200)