def test_note_get(self): self._add_notes_to_data_point() view = NoteViewSet.as_view({"get": "retrieve"}) request = self.factory.get("/", **self.extra) response = view(request, pk=self.pk) self.assertEqual(response.status_code, 200) self.assertDictContainsSubset(self.note, response.data)
def test_other_user_notes_access(self): self._create_user_and_login("lilly", "1234") extra = {"HTTP_AUTHORIZATION": "Token %s" % self.user.auth_token} note = {"note": u"Road Warrior"} dataid = self.xform.instances.all()[0].pk note["instance"] = dataid # Other user 'lilly' should not be able to create notes # to xform instance owned by 'bob' request = self.factory.post("/", data=note, **extra) self.assertTrue(self.xform.instances.count()) response = self.view(request) self.assertEqual(response.status_code, 403) # save some notes self._add_notes_to_data_point() # access to /notes endpoint,should be empty list request = self.factory.get("/", **extra) response = self.view(request) self.assertEqual(response.status_code, 200) self.assertEqual(response.data, []) # Other user 'lilly' should not have access to bob's instance notes view = NoteViewSet.as_view({"get": "retrieve"}) request = self.factory.get("/", **extra) response = view(request, pk=self.pk) self.assertEqual(response.status_code, 404)
def test_note_get(self): self._add_notes_to_data_point() view = NoteViewSet.as_view({'get': 'retrieve'}) request = self.factory.get('/', **self.extra) response = view(request, pk=self.pk) self.assertEqual(response.status_code, 200) self.assertDictContainsSubset(self.note, response.data)
def test_other_user_notes_access(self): self._create_user_and_login('lilly', '1234') extra = {'HTTP_AUTHORIZATION': 'Token %s' % self.user.auth_token} note = {'note': u"Road Warrior"} dataid = self.xform.instances.first().pk note['instance'] = dataid # Other user 'lilly' should not be able to create notes # to xform instance owned by 'bob' request = self.factory.post('/', data=note) self.assertTrue(self.xform.instances.count()) response = self.view(request) self.assertEqual(response.status_code, 401) # save some notes self._add_notes_to_data_point() # access to /notes endpoint,should be empty list request = self.factory.get('/', **extra) response = self.view(request) self.assertEqual(response.status_code, 200) self.assertEqual(response.data, []) # Other user 'lilly' sees an empty list when accessing bob's notes view = NoteViewSet.as_view({'get': 'retrieve'}) query_params = {"instance": dataid} request = self.factory.get('/', data=query_params, **extra) response = view(request, pk=self.pk) self.assertEqual(response.status_code, 200) self.assertEqual(response.data, [])
def test_other_user_notes_access(self): self._create_user_and_login('lilly', '1234') extra = {'HTTP_AUTHORIZATION': 'Token %s' % self.user.auth_token} note = {'note': "Road Warrior"} dataid = self.xform.instances.all()[0].pk note['instance'] = dataid # Other user 'lilly' should not be able to create notes # to xform instance owned by 'bob' request = self.factory.post('/', data=note, **extra) self.assertTrue(self.xform.instances.count()) response = self.view(request) self.assertEqual(response.status_code, 403) # save some notes as bob self._add_notes_to_data_point() # access to /notes endpoint, should be empty list request = self.factory.get('/', **extra) response = self.view(request) self.assertEqual(response.status_code, 200) self.assertEqual(response.data, []) # Other user 'lilly' should not have access to bob's instance notes view = NoteViewSet.as_view({'get': 'retrieve'}) request = self.factory.get('/', **extra) response = view(request, pk=self.pk) self.assertEqual(response.status_code, 404) # Share publicly XForm self.xform.shared = True self.xform.shared_data = True self.xform.save() # Since project is public, other user 'lilly' should have access # to bob's instance notes # Detail endpoint request = self.factory.get('/', **extra) response = view(request, pk=self.pk) self.assertEqual(response.status_code, 200) self.assertEqual(response.data.get('note'), note['note']) # List endpoint request = self.factory.get('/', **extra) response = self.view(request) self.assertEqual(response.status_code, 200) self.assertEqual(len(response.data), 1) # Anonymous user should also have access to bob's instance notes # Detail endpoint request = self.factory.get('/') response = view(request, pk=self.pk) self.assertEqual(response.status_code, 200) self.assertEqual(response.data.get('note'), note['note']) # But Anonymous user cannot still list notes # List endpoint request = self.factory.get('/') response = self.view(request) self.assertEqual(response.status_code, 401)
def setUp(self): super(self.__class__, self).setUp() self._create_user_and_login() self._publish_transportation_form() self._make_submissions() self.view = NoteViewSet.as_view({"get": "list", "post": "create", "delete": "destroy"}) self.factory = RequestFactory() self.extra = {"HTTP_AUTHORIZATION": "Token %s" % self.user.auth_token}
def test_note_get(self): self._add_notes_to_data_point() view = NoteViewSet.as_view({'get': 'retrieve'}) request = self.factory.get('/', **self.extra) response = view(request, pk=self.pk) self.assertEqual(response.status_code, 200) self.assertEqual(response.data['owner'], self.user.username) self.assertDictContainsSubset(self.note, response.data)
def setUp(self): super(TestNoteViewSet, self).setUp() self._create_user_and_login() self._publish_transportation_form() self._make_submissions() self.view = NoteViewSet.as_view({ 'get': 'list', 'post': 'create', 'delete': 'destroy' }) self.factory = RequestFactory() self.extra = {'HTTP_AUTHORIZATION': 'Token %s' % self.user.auth_token}
def test_get_note_for_specific_instance(self): self._add_notes_to_data_point() view = NoteViewSet.as_view({'get': 'retrieve'}) instance = self.xform.instances.first() query_params = {"instance": instance.id} request = self.factory.get('/', data=query_params, **self.extra) response = view(request, pk=self.pk) self.assertEqual(response.status_code, 200) self.assertDictContainsSubset(self.note, response.data) second_instance = self.xform.instances.last() query_params = {"instance": second_instance.id} request = self.factory.get('/', data=query_params, **self.extra) response = view(request, pk=self.pk) self.assertEqual(response.status_code, 200) self.assertListEqual(response.data, [])
def test_dataview_notes_added_to_data(self): # Create note view = NoteViewSet.as_view({'post': 'create'}) comment = u"Dataview note" note = {'note': comment} data_id = self.xform.instances.all().order_by('pk')[0].pk note['instance'] = data_id request = self.factory.post('/', data=note, **self.extra) self.assertTrue(self.xform.instances.count()) response = view(request) self.assertEqual(response.status_code, 201) # Get dataview with added notes data = { 'name': "My Dataview", 'xform': 'http://testserver/api/v1/forms/%s' % self.xform.pk, 'project': 'http://testserver/api/v1/projects/%s' % self.project.pk, 'columns': '["age"]', } self._create_dataview(data=data) view = DataViewViewSet.as_view({'get': 'data'}) request = self.factory.get('/', **self.extra) response = view(request, pk=self.data_view.pk) self.assertEquals(response.status_code, 200) self.assertEquals(len(response.data), 8) data_with_notes = \ (d for d in response.data if d["_id"] == data_id).next() self.assertIn("_notes", data_with_notes) self.assertEquals([{ 'created_by': self.user.id, 'id': 1, 'instance_field': None, 'note': comment, 'owner': self.user.username }], data_with_notes["_notes"])