def test_shows_logged_in_users_organisations(self):
me = UserFactory.create(last_login=datetime.datetime(2019, 6, 3, 16, 35, 0, 0, pytz.UTC))
my_org = OrganisationFactory.create()
AssessmentFactory.create(owner=me, organisation=my_org)
AssessmentFactory.create(owner=me, organisation=my_org)
my_org.members.add(me)
OrganisationFactory.create() # make another organisation: it shouldn't show up
self.client.force_authenticate(me)
response = self.client.get("/api/v1/organisations/")
assert response.status_code == status.HTTP_200_OK
expected = [
OrderedDict([
("id", f"{my_org.id}"),
("name", my_org.name),
("assessments", 2),
("members", [
{
"userid": f"{me.id}",
"name": me.username,
"last_login": me.last_login.isoformat(),
}
]),
]),
]
assert expected == response.data
def test_returns_all_assessments_connected_to_organisation(self):
AssessmentFactory.create(organisation=self.organisation)
AssessmentFactory.create(organisation=self.organisation)
AssessmentFactory.create()
AssessmentFactory.create(organisation=OrganisationFactory.create())
self.call_and_assert_number_of_returns_assessments(2)
def test_returns_assessments_with_expected_result_structure(self):
user = UserFactory.create()
self.client.force_authenticate(user)
with freeze_time("2019-06-01T16:35:34Z"):
a1 = AssessmentFactory.create(
name="test assessment 1",
description="test description",
data={"foo": "bar"},
openbem_version="10.1.1",
owner=user,
)
response = self.client.get("/api/v1/assessments/")
expected_structure = {
"id": "{}".format(a1.pk),
"created_at": "2019-06-01T16:35:34Z",
"updated_at": "2019-06-01T16:35:34Z",
"mdate": "1559406934",
"status": "In progress",
"openbem_version": "10.1.1",
"name": "test assessment 1",
"description": "test description",
"author": user.username,
"userid": f"{user.id}",
}
assert expected_structure == response.data.pop()
def test_returns_structure_as_expected(self):
with freeze_time("2019-06-01T16:35:34Z"):
assessment = AssessmentFactory.create(
name="test assessment 1",
description="test description",
data={"foo": "bar"},
openbem_version="10.1.1",
owner=self.org_member,
organisation=self.organisation
)
self.client.force_authenticate(self.org_member)
response = self.client.get(f"/api/v1/organisations/{self.organisation.pk}/assessments/")
expected_result = {
"id": "{}".format(assessment.pk),
"created_at": "2019-06-01T16:35:34Z",
"updated_at": "2019-06-01T16:35:34Z",
"mdate": "1559406934",
"status": "In progress",
"openbem_version": "10.1.1",
"name": "test assessment 1",
"description": "test description",
"author": self.org_member.username,
"userid": f"{self.org_member.id}",
}
assert expected_result == response.data.pop()
def test_owner_who_isnt_organisation_member_can_access(self):
assessment = AssessmentFactory.create()
self.client.force_authenticate(assessment.owner)
self.call_endpoint_and_assert(
assessment,
True,
)
def test_unauthenticated_user_cannot_access(self):
assessment = AssessmentFactory.create()
self.call_endpoint_and_assert(
assessment,
False,
"Authentication credentials were not provided.",
)
def test_returns_not_found_if_not_owner(self):
someone_else = UserFactory.create()
someone_else.set_password("foo")
someone_else.save()
someone_elses_assessment = AssessmentFactory.create(owner=someone_else)
self.client.login(username=self.me.username, password="******")
not_my_assessment_url = f"/assessments/{someone_elses_assessment.pk}/"
response = self.client.get(not_my_assessment_url)
assert status.HTTP_404_NOT_FOUND == response.status_code
def test_user_who_isnt_owner_and_isnt_organisation_member_cannot_access(
self):
assessment = AssessmentFactory.create()
non_owner = UserFactory.create()
self.client.force_authenticate(non_owner)
self.call_endpoint_and_assert(
assessment, False,
"You do not have permission to perform this action.")
def test_organisation_member_who_isnt_owner_can_access(self):
organisation = OrganisationFactory.create()
assessment = AssessmentFactory.create(organisation=organisation)
org_member = UserFactory.create()
organisation.members.add(org_member)
self.client.force_authenticate(org_member)
self.call_endpoint_and_assert(
assessment,
True,
)
def test_returns_only_assessments_connected_to_the_organisation(self):
second_org = OrganisationFactory.create()
second_org.members.add(self.org_member)
AssessmentFactory.create(organisation=self.organisation)
AssessmentFactory.create(organisation=self.organisation)
AssessmentFactory.create(organisation=second_org)
self.call_and_assert_number_of_returns_assessments(2)
def test_only_returns_assessments_for_logged_in_user(self):
me = UserFactory.create()
someone_else = UserFactory.create()
self.client.force_authenticate(me)
AssessmentFactory.create(owner=me)
AssessmentFactory.create(owner=me)
AssessmentFactory.create(owner=someone_else)
response = self.client.get("/api/v1/assessments/")
assert response.status_code == status.HTTP_200_OK
assert 2 == len(response.data)
def test_doesnt_return_assessments_in_connected_organisation(self):
user = UserFactory.create()
organisation = OrganisationFactory.create()
organisation.members.add(user)
self.client.force_authenticate(user)
AssessmentFactory.create(owner=user)
AssessmentFactory.create(owner=user)
AssessmentFactory.create(organisation=organisation)
response = self.client.get("/api/v1/assessments/")
assert response.status_code == status.HTTP_200_OK
assert 2 == len(response.data)
def setUpClass(cls):
super().setUpClass()
cls.me = UserFactory()
cls.me.set_password("foo")
cls.me.save()
cls.my_assessment = AssessmentFactory.create(owner=cls.me)
def assessment() -> Assessment:
return AssessmentFactory()
def test_returns_forbidden_if_not_logged_in(self):
AssessmentFactory.create(organisation=self.organisation)
response = self.client.get(f"/api/v1/organisations/{self.organisation.pk}/assessments/")
assert status.HTTP_403_FORBIDDEN == response.status_code
assert {"detail": "Authentication credentials were not provided."} == response.json()
def test_doesnt_return_own_assessments_that_arent_connected_to_organisation(self):
AssessmentFactory.create(owner=self.org_member)
self.call_and_assert_number_of_returns_assessments(0)