def test_list_invitations_lists_for_investigation(self): admin = UserFactory.create() user = UserFactory.create() investigation = InvestigationFactory.create() other_investigation = InvestigationFactory.create() investigation.add_user(admin, INVESTIGATION_ROLES.ADMIN) invitation = Invitation.objects.create(user=user, investigation=investigation) Invitation.objects.create(user=user, investigation=other_investigation) self.client.force_login(admin) response = self.client.get(reverse("invitations", kwargs={"investigation_slug": investigation.slug})) self.assertEqual(response.status_code, 200) self.assertEqual(response.data, [{"email": user.email, "id": invitation.id, "accepted": None}])
def test_cannot_accept_invitation_for_another_investigation(self): user = UserFactory.create() investigation = InvestigationFactory.create() wrong_investigation = InvestigationFactory.create() invitation = Invitation.objects.create(user=user, investigation=investigation) self.client.force_login(user) self.client.patch(reverse("invitation", kwargs={"invitation_id": invitation.id}), data={"investigation": {"id": wrong_investigation.id}, "accepted": True}, format="json") self.assertQuerysetEqual(wrong_investigation.get_users("V").all(), [])
def test_remove_wrong_investigaiton(self): admin = UserFactory.create() user = UserFactory.create() investigation = InvestigationFactory.create() other_investigation = InvestigationFactory.create() investigation.add_user(admin, INVESTIGATION_ROLES.ADMIN) invitation = Invitation.objects.create(user=user, investigation=other_investigation) self.client.force_login(admin) response = self.client.delete(reverse("invitation", kwargs={"invitation_id": invitation.id})) self.assertEqual(response.status_code, 403) self.assertEqual(Invitation.objects.count(), 1)
def test_invite_user_unauthorized(self): investigation = InvestigationFactory.create() response = self.client.post(reverse("invitations", kwargs={"investigation_slug": investigation.slug}), data={"email": "*****@*****.**"}) # This should be 401... self.assertEqual(response.status_code, 403)
def test_tag_in_investigation(self): investigation = InvestigationFactory.create() tag = TagFactory.create(investigation=investigation) form_response = FormResponseFactory.create() self.assertNotEqual(form_response.form_instance.form.investigation, investigation) self.assertNotIn(tag, form_response.taglist)
def test_owner_cannot_delete_other_investigation(self): investigation = InvestigationFactory.create() self.client.force_login(self.investigation_owner) response = self.client.delete(make_url(investigation)) self.assertEqual(response.status_code, 403)
def test_list_fails_if_unauthorized(self): other_investigation = InvestigationFactory.create() self.client.force_login(self.investigation_owner) response = self.client.get(make_url(other_investigation)) self.assertEqual(response.status_code, 403)
def setUp(self): owner = UserFactory.create() self.investigation = InvestigationFactory.create() self.investigation.add_user(owner, INVESTIGATION_ROLES.OWNER) self.form = FormFactory(investigation=self.investigation) self.client.force_login(owner)
def test_wrong_admin_cannot_add_form(self): admin = UserFactory.create() investigation = InvestigationFactory.create() investigation.add_user(admin, INVESTIGATION_ROLES.ADMIN) other_investigation = InvestigationFactory() self.client.force_login(admin) self.assertEqual(Form.objects.count(), 0) response = self.client.post(reverse( "interviewers", kwargs={"investigation_slug": other_investigation.slug}), data={ "name": "test", "slug": "test" }) self.assertEqual(response.status_code, 403) self.assertEqual(Form.objects.count(), 0)
def test_invite_user_non_admin(self): editor = UserFactory.create() investigation = InvestigationFactory.create() investigation.add_user(editor, INVESTIGATION_ROLES.EDITOR) self.client.force_login(editor) response = self.client.post(reverse("invitations", kwargs={"investigation_slug": investigation.slug}), data={"email": "*****@*****.**"}) self.assertEqual(response.status_code, 403)
def test_remove_unauthorized(self): user = UserFactory.create() investigation = InvestigationFactory.create() invitation = Invitation.objects.create(user=user, investigation=investigation) response = self.client.delete(reverse("invitation", kwargs={"invitation_id": invitation.id})) self.assertEqual(response.status_code, 403) self.assertEqual(Invitation.objects.count(), 1)
def test_list_for_user(self): user = UserFactory.create() investigation = InvestigationFactory.create() invitation = Invitation.objects.create(user=user, investigation=investigation) self.client.force_login(user) response = self.client.get(reverse("user_invitations")) self.assertEqual(response.status_code, 200) self.assertEqual(response.data[0]["id"], invitation.id) self.assertEqual(len(response.data), 1)
def test_add_form_unauthorized(self): investigation = InvestigationFactory.create() response = self.client.post(reverse( "interviewers", kwargs={"investigation_slug": investigation.slug}), data={ "name": "test", "slug": "test" }) # This should be 401... self.assertEqual(response.status_code, 403)
def test_can_get_form(self): admin = UserFactory.create() investigation = InvestigationFactory.create() investigation.add_user(admin, INVESTIGATION_ROLES.ADMIN) form = FormFactory.create(investigation=investigation) self.client.force_login(admin) response = self.client.get( reverse("form_details", kwargs={"form_slug": form.slug})) self.assertEqual(response.status_code, 200)
def test_get_wrong_investigation(self): admin = UserFactory.create() investigation = InvestigationFactory.create() investigation.add_user(admin, INVESTIGATION_ROLES.ADMIN) form = FormFactory.create( ) # this will be part of another investigation self.client.force_login(admin) response = self.client.get( reverse("form_details", kwargs={"form_slug": form.slug})) self.assertEqual(response.status_code, 403)
def test_user_can_accept(self): user = UserFactory.create() investigation = InvestigationFactory.create() invitation = Invitation.objects.create(user=user, investigation=investigation) self.client.force_login(user) response = self.client.patch(reverse("invitation", kwargs={"invitation_id": invitation.id}), data={"accepted": True}) self.assertEqual(response.status_code, 200) self.assertQuerysetEqual(investigation.get_users("V").all(), [repr(user)])
def test_cannot_change_id_of_invitation(self): user = UserFactory.create() investigation = InvestigationFactory.create() invitation = Invitation.objects.create(user=user, investigation=investigation) self.client.force_login(user) self.client.patch(reverse("invitation", kwargs={"invitation_id": invitation.id}), data={"id": 123}) self.assertEqual(Invitation.objects.filter(id=123).all().count(), 0) self.assertEqual(Invitation.objects.filter(id=invitation.id).all().count(), 1)
def test_admin_can_edit(self): admin = UserFactory.create() investigation = InvestigationFactory.create() investigation.add_user(admin, INVESTIGATION_ROLES.ADMIN) form = FormFactory.create(investigation=investigation) self.client.force_login(admin) response = self.client.patch(reverse("form_details", kwargs={"form_slug": form.slug}), data={"name": "My new Name"}) self.assertEqual(response.status_code, 200) self.assertEqual(response.data["name"], "My new Name")
def setUp(self): self.investigation_owner = UserFactory.create() self.investigation = InvestigationFactory.create() self.form_instance = FormInstanceFactory.create() self.form_instance.form.investigation.add_user( self.investigation_owner, "O") for i in range(5): FormResponseFactory.create(form_instance=self.form_instance, status="S") for i in range(5): FormResponseFactory.create(form_instance=self.form_instance, status="V")
def test_assign_tags_from_other_investigation_fails(self): responses = self.responses[0] investigation = InvestigationFactory.create() other_tag = TagFactory.create(investigation=investigation) form = responses[0].form_instance.form payload = { "selected_responses": [responses[2].id], "tag": other_tag.id } self.client.post(make_url(form), data=payload) self.assertQuerysetEqual(responses[2].tags.all(), [])
def test_add_form_non_admin(self): editor = UserFactory.create() investigation = InvestigationFactory.create() investigation.add_user(editor, INVESTIGATION_ROLES.EDITOR) self.client.force_login(editor) response = self.client.post(reverse( "interviewers", kwargs={"investigation_slug": investigation.slug}), data={ "name": "test", "slug": "test" }) self.assertEqual(response.status_code, 403)
def test_remove_wrong_permissions(self): editor = UserFactory.create() user = UserFactory.create() investigation = InvestigationFactory.create() investigation.add_user(editor, INVESTIGATION_ROLES.EDITOR) invitation = Invitation.objects.create(user=user, investigation=investigation) self.client.force_login(editor) response = self.client.delete(reverse("invitation", kwargs={"invitation_id": invitation.id})) self.assertEqual(response.status_code, 403) self.assertEqual(Invitation.objects.count(), 1)
def test_slug_cannot_begin_with_number(self): user = UserFactory.create() investigation = InvestigationFactory.create() investigation.add_user(user, INVESTIGATION_ROLES.ADMIN) self.client.force_login(user) response = self.client.post(reverse( "interviewers", kwargs={"investigation_slug": investigation.slug}), data={ "name": "test", "slug": "123test" }) self.assertEqual(response.status_code, 400)
def test_add_tag_fails_for_unauthorized_user(self): other_investigation = InvestigationFactory.create() self.client.force_login(self.investigation_owner) self.assertEqual(self.investigation.tag_set.count(), 0) self.assertEqual(other_investigation.tag_set.count(), 0) response = self.client.post(make_url(other_investigation), {"name": "Test Tag"}) self.assertEqual(response.status_code, 403) self.assertEqual(self.investigation.tag_set.count(), 0) self.assertEqual(other_investigation.tag_set.count(), 0)
def test_file_download_fails_for_wrong_user(self): other_owner = UserFactory.create() other_investigation = InvestigationFactory.create() other_investigation.add_user(other_owner, INVESTIGATION_ROLES.OWNER) form_response = FormResponseFactory.create( json={"file_field": ["data:image/png;base64,abc123"]}, form_instance=self.form_instance) self.client.force_login(other_owner) response = self.client.get( "/forms/admin/investigations/{}/forms/{}/responses/{}/files/file_field/2" .format(self.investigation.slug, self.form.slug, form_response.id)) self.assertEquals(response.status_code, 403)
def test_list_with_results(self): other_investigation = InvestigationFactory.create() other_investigation.add_user(self.investigation_owner, "O") self.client.force_login(self.investigation_owner) response = self.client.get(make_url(self.investigation)) self.assertEqual(response.status_code, 200) self.assertEqual(response.data, [{ "first_name": self.investigation_owner.first_name, "last_name": self.investigation_owner.last_name, "id": self.investigation_owner.id, "email": self.investigation_owner.email }])
def test_cannot_accept_invitation_for_someone_else(self): admin = UserFactory.create() user = UserFactory.create() investigation = InvestigationFactory.create() investigation.add_user(admin, INVESTIGATION_ROLES.ADMIN) invitation = Invitation.objects.create(user=user, investigation=investigation) self.client.force_login(admin) response = self.client.patch(reverse("invitation", kwargs={"invitation_id": invitation.id}), data={"accepted": True}) self.assertEqual(response.status_code, 403) self.assertQuerysetEqual(investigation.get_users("V").all(), [])
def test_cannot_invite_users_that_are_members_already(self): editor = UserFactory.create() admin = UserFactory.create() investigation = InvestigationFactory.create() investigation.add_user(admin, INVESTIGATION_ROLES.ADMIN) investigation.add_user(editor, INVESTIGATION_ROLES.EDITOR) self.client.force_login(admin) self.assertEqual(Invitation.objects.count(), 0) response = self.client.post(reverse("invitations", kwargs={"investigation_slug": investigation.slug}), data={"email": editor.email}) self.assertEqual(response.status_code, 400) self.assertEqual(Invitation.objects.count(), 0)
def test_admin_can_invite_existing_users(self, mock_send_email): user = UserFactory.create() admin = UserFactory.create() investigation = InvestigationFactory.create() investigation.add_user(admin, INVESTIGATION_ROLES.ADMIN) self.client.force_login(admin) self.assertEqual(Invitation.objects.count(), 0) response = self.client.post(reverse("invitations", kwargs={"investigation_slug": investigation.slug}), data={"email": user.email}) self.assertEqual(response.status_code, 201) self.assertEqual(Invitation.objects.count(), 1) self.assertTrue(mock_send_email.called)
def test_list_with_results(self): tag = TagFactory.create() self.investigation.tag_set.add(tag) other_investigation = InvestigationFactory.create() other_tag = TagFactory.create() other_investigation.tag_set.add(other_tag) self.client.force_login(self.investigation_owner) response = self.client.get(make_url(self.investigation)) self.assertEqual(response.status_code, 200) self.assertEqual(response.data, [{ "id": tag.id, "name": tag.name, "investigation": tag.investigation.id }])