def test_move_project_owner(self):
# create project and publish form to project
self._publish_xls_form_to_project()
alice_data = {'username': '******', 'email': '*****@*****.**'}
alice_profile = self._create_user_profile(alice_data)
alice = alice_profile.user
projectid = self.project.pk
self.assertFalse(OwnerRole.user_has_role(alice, self.project))
view = ProjectViewSet.as_view({
'patch': 'partial_update'
})
data_patch = {
'owner': 'http://testserver/api/v1/users/%s' % alice.username
}
request = self.factory.patch('/', data=data_patch, **self.extra)
response = view(request, pk=projectid)
self.project.reload()
self.assertEqual(response.status_code, 200)
self.assertEquals(self.project.organization, alice)
self.assertTrue(OwnerRole.user_has_role(alice, self.project))
def test_owner_cannot_remove_self_if_no_other_owner(self):
self._project_create()
view = ProjectViewSet.as_view({'put': 'share'})
data = {'username': '******', 'remove': True, 'role': 'owner'}
request = self.factory.put('/', data=data, **self.extra)
response = view(request, pk=self.project.pk)
self.assertEqual(response.status_code, 400)
error = {'remove': [u"Project requires at least one owner"]}
self.assertEquals(response.data, error)
self.assertTrue(OwnerRole.user_has_role(self.user, self.project))
alice_data = {'username': '******', 'email': '*****@*****.**'}
profile = self._create_user_profile(alice_data)
OwnerRole.add(profile.user, self.project)
view = ProjectViewSet.as_view({'put': 'share'})
data = {'username': '******', 'remove': True, 'role': 'owner'}
request = self.factory.put('/', data=data, **self.extra)
response = view(request, pk=self.project.pk)
self.assertEqual(response.status_code, 204)
self.assertFalse(OwnerRole.user_has_role(self.user, self.project))
def test_org_members_added_to_projects(self):
# create org
self._org_create()
view = OrganizationProfileViewSet.as_view({
'post': 'members',
'get': 'retrieve',
'put': 'members'
})
# create aboy
self.profile_data['username'] = "******"
aboy = self._create_user_profile().user
data = {'username': '******',
'role': 'owner'}
request = self.factory.post(
'/', data=json.dumps(data),
content_type="application/json", **self.extra)
response = view(request, user='******')
self.assertEqual(response.status_code, 201)
# create a proj
project_data = {
'owner': self.company_data['user']
}
self._project_create(project_data)
self._publish_xls_form_to_project()
# create alice
self.profile_data['username'] = "******"
alice = self._create_user_profile().user
alice_data = {'username': '******',
'role': 'owner'}
request = self.factory.post(
'/', data=json.dumps(alice_data),
content_type="application/json", **self.extra)
response = view(request, user='******')
self.assertEqual(response.status_code, 201)
# Assert that user added in org is added to teams in proj
self.assertTrue(OwnerRole.user_has_role(aboy, self.project))
self.assertTrue(OwnerRole.user_has_role(alice, self.project))
self.assertTrue(OwnerRole.user_has_role(aboy, self.xform))
self.assertTrue(OwnerRole.user_has_role(alice, self.xform))
# Org admins are added to owners in project
projectView = ProjectViewSet.as_view({
'get': 'retrieve'
})
request = self.factory.get('/', **self.extra)
response = projectView(request, pk=self.project.pk)
project_users = response.data.get('users')
users_in_users = [user['user'] for user in project_users]
self.assertIn('bob', users_in_users)
self.assertIn('denoinc', users_in_users)
self.assertIn('aboy', users_in_users)
self.assertIn('alice', users_in_users)
def test_org_members_added_to_projects(self):
# create org
self._org_create()
view = OrganizationProfileViewSet.as_view({
'post': 'members',
'get': 'retrieve',
'put': 'members'
})
# create aboy
self.profile_data['username'] = "******"
aboy = self._create_user_profile().user
data = {'username': '******',
'role': 'owner'}
request = self.factory.post(
'/', data=json.dumps(data),
content_type="application/json", **self.extra)
response = view(request, user='******')
self.assertEqual(response.status_code, 201)
# create a proj
project_data = {
'owner': self.company_data['user']
}
self._project_create(project_data)
self._publish_xls_form_to_project()
# create alice
self.profile_data['username'] = "******"
alice = self._create_user_profile().user
alice_data = {'username': '******',
'role': 'owner'}
request = self.factory.post(
'/', data=json.dumps(alice_data),
content_type="application/json", **self.extra)
response = view(request, user='******')
self.assertEqual(response.status_code, 201)
# Assert that user added in org is added to teams in proj
self.assertTrue(OwnerRole.user_has_role(aboy, self.project))
self.assertTrue(OwnerRole.user_has_role(alice, self.project))
self.assertTrue(OwnerRole.user_has_role(aboy, self.xform))
self.assertTrue(OwnerRole.user_has_role(alice, self.xform))
# Org admins are added to owners in project
projectView = ProjectViewSet.as_view({
'get': 'retrieve'
})
request = self.factory.get('/', **self.extra)
response = projectView(request, pk=self.project.pk)
project_users = response.data.get('users')
users_in_users = [user['user'] for user in project_users]
self.assertIn('bob', users_in_users)
self.assertIn('denoinc', users_in_users)
self.assertIn('aboy', users_in_users)
self.assertIn('alice', users_in_users)
def test_publish_xlsform(self):
view = XFormViewSet.as_view({"post": "create"})
data = {
"owner": "http://testserver/api/v1/users/bob",
"public": False,
"public_data": False,
"description": u"transportation_2011_07_25",
"downloadable": True,
"allows_sms": False,
"encrypted": False,
"sms_id_string": u"transportation_2011_07_25",
"id_string": u"transportation_2011_07_25",
"title": u"transportation_2011_07_25",
"bamboo_dataset": u"",
}
path = os.path.join(
settings.ONADATA_DIR, "apps", "main", "tests", "fixtures", "transportation", "transportation.xls"
)
with open(path) as xls_file:
post_data = {"xls_file": xls_file}
request = self.factory.post("/", data=post_data, **self.extra)
response = view(request)
self.assertEqual(response.status_code, 201)
xform = self.user.xforms.all()[0]
data.update({"url": "http://testserver/api/v1/forms/%s" % xform.pk})
self.assertDictContainsSubset(data, response.data)
self.assertTrue(OwnerRole.user_has_role(self.user, xform))
self.assertEquals("owner", response.data["users"][0]["role"])
def test_publish_xlsform(self):
view = XFormViewSet.as_view({
'post': 'create'
})
data = {
'owner': 'http://testserver/api/v1/users/bob',
'public': False,
'public_data': False,
'description': u'transportation_2011_07_25',
'downloadable': True,
'allows_sms': False,
'encrypted': False,
'sms_id_string': u'transportation_2011_07_25',
'id_string': u'transportation_2011_07_25',
'title': u'transportation_2011_07_25',
'bamboo_dataset': u''
}
path = os.path.join(
settings.PROJECT_ROOT, "apps", "main", "tests", "fixtures",
"transportation", "transportation.xls")
with open(path) as xls_file:
post_data = {'xls_file': xls_file}
request = self.factory.post('/', data=post_data, **self.extra)
response = view(request)
self.assertEqual(response.status_code, 201)
xform = self.user.xforms.all()[0]
data.update({
'url':
'http://testserver/api/v1/forms/%s' % xform.pk
})
self.assertDictContainsSubset(data, response.data)
self.assertTrue(OwnerRole.user_has_role(self.user, xform))
self.assertEquals("owner", response.data['users'][0]['role'])
def test_publish_xlsform(self):
view = XFormViewSet.as_view({'post': 'create'})
data = {
'owner': 'http://testserver/api/v1/users/bob',
'public': False,
'public_data': False,
'description': u'transportation_2011_07_25',
'downloadable': True,
'allows_sms': False,
'encrypted': False,
'sms_id_string': u'transportation_2011_07_25',
'id_string': u'transportation_2011_07_25',
'title': u'transportation_2011_07_25',
'bamboo_dataset': u''
}
path = os.path.join(settings.PROJECT_ROOT, "apps", "main", "tests",
"fixtures", "transportation", "transportation.xls")
with open(path) as xls_file:
post_data = {'xls_file': xls_file}
request = self.factory.post('/', data=post_data, **self.extra)
response = view(request)
self.assertEqual(response.status_code, 201)
xform = self.user.xforms.all()[0]
data.update(
{'url': 'http://testserver/api/v1/forms/%s' % xform.pk})
self.assertDictContainsSubset(data, response.data)
self.assertTrue(OwnerRole.user_has_role(self.user, xform))
self.assertEquals("owner", response.data['users'][0]['role'])
def test_publish_select_external_xlsform(self):
view = XFormViewSet.as_view({'post': 'create'})
path = os.path.join(settings.PROJECT_ROOT, "apps", "api", "tests",
"fixtures", "select_one_external.xlsx")
with open(path) as xls_file:
meta_count = MetaData.objects.count()
post_data = {'xls_file': xls_file}
request = self.factory.post('/', data=post_data, **self.extra)
response = view(request)
self.assertEqual(response.status_code, 201)
self.assertEqual(meta_count + 1, MetaData.objects.count())
xform = self.user.xforms.all()[0]
metadata = xform.metadata_set.all()[0]
self.assertEqual('itemsets.csv', metadata.data_value)
self.assertTrue(OwnerRole.user_has_role(self.user, xform))
self.assertTrue(OwnerRole.user_has_role(self.user, metadata))
self.assertEquals("owner", response.data['users'][0]['role'])
def test_publish_xls_form_to_organization_project(self):
self._org_create()
project_data = {
'owner': self.company_data['user']
}
self._project_create(project_data)
self._publish_xls_form_to_project()
self.assertTrue(OwnerRole.user_has_role(self.user, self.xform))
def test_publish_xls_form_to_organization_project(self):
self._org_create()
project_data = {
'owner': self.company_data['user']
}
self._project_create(project_data)
self._publish_xls_form_to_project()
self.assertTrue(OwnerRole.user_has_role(self.user, self.xform))
def test_owner_cannot_remove_self_if_no_other_owner(self):
self._project_create()
view = ProjectViewSet.as_view({
'put': 'share'
})
ManagerRole.add(self.user, self.project)
tom_data = {'username': '******', 'email': '*****@*****.**'}
bob_profile = self._create_user_profile(tom_data)
OwnerRole.add(bob_profile.user, self.project)
data = {'username': '******', 'remove': True, 'role': 'owner'}
request = self.factory.put('/', data=data, **self.extra)
response = view(request, pk=self.project.pk)
self.assertEqual(response.status_code, 400)
error = {'remove': [u"Project requires at least one owner"]}
self.assertEquals(response.data, error)
self.assertTrue(OwnerRole.user_has_role(bob_profile.user,
self.project))
alice_data = {'username': '******', 'email': '*****@*****.**'}
profile = self._create_user_profile(alice_data)
OwnerRole.add(profile.user, self.project)
view = ProjectViewSet.as_view({
'put': 'share'
})
data = {'username': '******', 'remove': True, 'role': 'owner'}
request = self.factory.put('/', data=data, **self.extra)
response = view(request, pk=self.project.pk)
self.assertEqual(response.status_code, 204)
self.assertFalse(OwnerRole.user_has_role(bob_profile.user,
self.project))
def test_reassign_role_owner_to_editor(self):
self._publish_transportation_form()
alice = self._create_user('alice', 'alice')
self.assertFalse(OwnerRole.user_has_role(alice, self.xform))
OwnerRole.add(alice, self.xform)
self.assertTrue(OwnerRole.user_has_role(alice, self.xform))
self.assertTrue(
OwnerRole.has_role(perms_for(alice, self.xform), self.xform))
EditorRole.add(alice, self.xform)
self.assertFalse(OwnerRole.user_has_role(alice, self.xform))
self.assertTrue(EditorRole.user_has_role(alice, self.xform))
self.assertFalse(
OwnerRole.has_role(perms_for(alice, self.xform), self.xform))
self.assertTrue(
EditorRole.has_role(perms_for(alice, self.xform), self.xform))
def test_reassign_role_owner_to_editor(self):
self._publish_transportation_form()
alice = self._create_user('alice', 'alice')
self.assertFalse(OwnerRole.user_has_role(alice, self.xform))
OwnerRole.add(alice, self.xform)
self.assertTrue(OwnerRole.user_has_role(alice, self.xform))
self.assertTrue(OwnerRole.has_role(
perms_for(alice, self.xform), self.xform))
EditorRole.add(alice, self.xform)
self.assertFalse(OwnerRole.user_has_role(alice, self.xform))
self.assertTrue(EditorRole.user_has_role(alice, self.xform))
self.assertFalse(OwnerRole.has_role(
perms_for(alice, self.xform), self.xform))
self.assertTrue(EditorRole.has_role(
perms_for(alice, self.xform), self.xform))
def test_publish_select_external_xlsform(self):
view = XFormViewSet.as_view({
'post': 'create'
})
path = os.path.join(
settings.PROJECT_ROOT, "apps", "api", "tests", "fixtures",
"select_one_external.xlsx")
with open(path) as xls_file:
meta_count = MetaData.objects.count()
post_data = {'xls_file': xls_file}
request = self.factory.post('/', data=post_data, **self.extra)
response = view(request)
self.assertEqual(response.status_code, 201)
self.assertEqual(meta_count + 1, MetaData.objects.count())
xform = self.user.xforms.all()[0]
metadata = xform.metadata_set.all()[0]
self.assertEqual('itemsets.csv', metadata.data_value)
self.assertTrue(OwnerRole.user_has_role(self.user, xform))
self.assertTrue(OwnerRole.user_has_role(self.user, metadata))
self.assertEquals("owner", response.data['users'][0]['role'])
def test_project_users_get_readonly_role_on_add_form(self):
self._project_create()
alice_data = {'username': '******', 'email': '*****@*****.**'}
alice_profile = self._create_user_profile(alice_data)
ReadOnlyRole.add(alice_profile.user, self.project)
self.assertTrue(ReadOnlyRole.user_has_role(alice_profile.user,
self.project))
self._publish_xls_form_to_project()
self.assertTrue(ReadOnlyRole.user_has_role(alice_profile.user,
self.xform))
self.assertFalse(OwnerRole.user_has_role(alice_profile.user,
self.xform))
def test_project_users_get_readonly_role_on_add_form(self):
self._project_create()
alice_data = {'username': '******', 'email': '*****@*****.**'}
alice_profile = self._create_user_profile(alice_data)
ReadOnlyRole.add(alice_profile.user, self.project)
self.assertTrue(
ReadOnlyRole.user_has_role(alice_profile.user, self.project))
self._publish_xls_form_to_project()
self.assertTrue(
ReadOnlyRole.user_has_role(alice_profile.user, self.xform))
self.assertFalse(
OwnerRole.user_has_role(alice_profile.user, self.xform))
def test_creator_permissions(self):
"""
Test that the creator of the organization has the necessary
permissions
"""
self._org_create()
request = self.factory.get('/', **self.extra)
response = self.view(request)
self.assertNotEqual(response.get('Cache-Control'), None)
self.assertEqual(response.status_code, 200)
orgs = OrganizationProfile.objects.filter(creator=self.user)
self.assertEqual(orgs.count(), 1)
org = orgs.first()
self.assertTrue(OwnerRole.user_has_role(self.user, org))
self.assertTrue(
OwnerRole.user_has_role(self.user, org.userprofile_ptr))
members_view = OrganizationProfileViewSet.as_view({
'post': 'members',
'delete': 'members'
})
# New admins should also have the required permissions
self.profile_data['username'] = "******"
dave = self._create_user_profile().user
data = {'username': '******',
'role': 'owner'}
request = self.factory.post(
'/', data=json.dumps(data),
content_type="application/json", **self.extra)
response = members_view(request, user='******')
self.assertEqual(response.status_code, 201)
# Ensure user has role
self.assertTrue(OwnerRole.user_has_role(dave, org))
self.assertTrue(
OwnerRole.user_has_role(dave, org.userprofile_ptr))
# Permissions should be removed when the user is removed from
# organization
request = self.factory.delete('/', data=json.dumps(data),
content_type="application/json",
**self.extra)
response = members_view(request, user='******')
expected_results = [u'denoinc']
self.assertEqual(expected_results, response.data)
# Ensure permissions are removed
self.assertFalse(OwnerRole.user_has_role(dave, org))
self.assertFalse(
OwnerRole.user_has_role(dave, org.userprofile_ptr))
def validate_content_object(self, value):
request = self.context.get('request')
users = get_users_with_perms(
value.project, attach_perms=False, with_group_users=False
)
profile = value.project.organization.profile
# Shared or an admin in the organization
if request.user not in users and not\
is_organization(profile) and not\
OwnerRole.user_has_role(request.user,
profile):
raise serializers.ValidationError(_(
u"You don't have permission to the Project."
))
return value
def validate_content_object(self, value):
request = self.context.get('request')
users = get_users_with_perms(
value.project, attach_perms=False, with_group_users=False
)
profile = value.project.organization.profile
# Shared or an admin in the organization
if request.user not in users and not\
is_organization(profile) and not\
OwnerRole.user_has_role(request.user,
profile):
raise serializers.ValidationError(_(
u"You don't have permission to the Project."
))
return value
def test_cannot_share_project_to_owner(self):
# create project and publish form to project
self._publish_xls_form_to_project()
data = {'username': self.user.username, 'role': ManagerRole.name,
'email_msg': 'I have shared the project with you'}
request = self.factory.post('/', data=data, **self.extra)
view = ProjectViewSet.as_view({
'post': 'share'
})
response = view(request, pk=self.project.pk)
self.assertEqual(response.status_code, 400)
self.assertEqual(response.data['username'], [u"Cannot share project"
u" with the owner"])
self.assertTrue(OwnerRole.user_has_role(self.user, self.project))
def test_create_organization_creates_team_and_perms(self):
# create a user - bob
profile = tools.create_organization_object("modilabs", self.user)
profile.save()
self.assertIsInstance(profile, OrganizationProfile)
organization_profile = OrganizationProfile.objects.get(
user__username="******")
# check organization was created
self.assertTrue(organization_profile.is_organization)
self.assertTrue(hasattr(profile, 'metadata'))
# check that the default team was created
team_name = "modilabs#%s" % Team.OWNER_TEAM_NAME
team = Team.objects.get(organization=organization_profile.user,
name=team_name)
self.assertIsInstance(team, Team)
self.assertIn(team.group_ptr, self.user.groups.all())
self.assertTrue(self.user.has_perm('api.is_org_owner'))
# Assert that the user has the OwnerRole for the Organization
self.assertTrue(
OwnerRole.user_has_role(self.user, organization_profile))
def test_form_id_filter_for_require_auth_account(self):
"""
Test formList formID filter for account that requires authentication
"""
# Bob submit forms
xls_path = os.path.join(settings.PROJECT_ROOT, "apps", "main", "tests",
"fixtures", "tutorial.xls")
self._publish_xls_form_to_project(xlsform_path=xls_path)
xls_file_path = os.path.join(settings.PROJECT_ROOT, "apps", "logger",
"fixtures",
"external_choice_form_v1.xlsx")
self._publish_xls_form_to_project(xlsform_path=xls_file_path)
# Set require auth to true
self.user.profile.require_auth = True
self.user.profile.save()
request = self.factory.get('/', {'formID': self.xform.id_string})
response = self.view(request, username=self.user.username)
self.assertEqual(response.status_code, 401)
# Test for authenticated user but unrecognized formID
auth = DigestAuth('bob', 'bobbob')
request = self.factory.get('/', {'formID': 'unrecognizedID'})
request.META.update(auth(request.META, response))
response = self.view(request, username=self.user.username)
self.assertEqual(response.status_code, 200)
self.assertEqual(response.data, [])
# Test for authenticated user and valid formID
request = self.factory.get('/', {'formID': self.xform.id_string})
self.assertTrue(self.user.profile.require_auth)
response = self.view(request, username=self.user.username)
self.assertEqual(response.status_code, 401)
auth = DigestAuth('bob', 'bobbob')
request.META.update(auth(request.META, response))
response = self.view(request, username=self.user.username)
self.assertEqual(response.status_code, 200)
path = os.path.join(
os.path.dirname(__file__), '..', 'fixtures', 'formList2.xml')
with open(path, encoding='utf-8') as f:
form_list = f.read().strip()
data = {"hash": self.xform.hash, "pk": self.xform.pk,
'version': self.xform.version}
content = response.render().content.decode('utf-8')
self.assertEqual(content, form_list % data)
# Test for shared forms
# Create user Alice
alice_data = {
'username': '******',
'email': '*****@*****.**',
'password1': 'alice',
'password2': 'alice'
}
alice_profile = self._create_user_profile(alice_data)
# check that she can authenticate successfully
request = self.factory.get('/')
response = self.view(request)
self.assertEqual(response.status_code, 401)
auth = DigestAuth('alice', 'alice')
request.META.update(auth(request.META, response))
response = self.view(request)
self.assertEqual(response.status_code, 200)
self.assertFalse(
ReadOnlyRole.user_has_role(alice_profile.user, self.project))
# share Bob's project with Alice
data = {
'username': '******',
'role': ReadOnlyRole.name
}
request = self.factory.post('/', data=data, **self.extra)
share_view = ProjectViewSet.as_view({'post': 'share'})
project_id = self.project.pk
response = share_view(request, pk=project_id)
self.assertEqual(response.status_code, 204)
self.assertTrue(
ReadOnlyRole.user_has_role(alice_profile.user, self.project))
request = self.factory.get('/', {'formID': self.xform.id_string})
response = self.view(request)
self.assertEqual(response.status_code, 401)
auth = DigestAuth('alice', 'alice')
request.META.update(auth(request.META, response))
response = self.view(request, username='******')
self.assertEqual(response.status_code, 200)
path = os.path.join(
os.path.dirname(__file__), '..', 'fixtures', 'formList2.xml')
with open(path, encoding='utf-8') as f:
form_list = f.read().strip()
data = {"hash": self.xform.hash, "pk": self.xform.pk,
"version": self.xform.version}
content = response.render().content.decode('utf-8')
self.assertEqual(content, form_list % data)
# Bob's profile
bob_profile = self.user
# Submit form as Alice
self._login_user_and_profile(extra_post_data=alice_data)
self.assertEqual(self.user.username, 'alice')
path = os.path.join(
settings.PROJECT_ROOT, "apps", "main", "tests", "fixtures",
"good_eats_multilang", "good_eats_multilang.xls")
self._publish_xls_form_to_project(xlsform_path=path)
self.assertTrue(OwnerRole.user_has_role(alice_profile.user,
self.xform))
# Share Alice's form with Bob
ReadOnlyRole.add(bob_profile, self.xform)
self.assertTrue(ReadOnlyRole.user_has_role(bob_profile, self.xform))
# Get unrecognized formID as bob
request = self.factory.get('/', {'formID': 'unrecognizedID'})
response = self.view(request, username=bob_profile.username)
self.assertEqual(response.status_code, 401)
auth = DigestAuth('bob', 'bobbob')
request.META.update(auth(request.META, response))
response = self.view(request, username=bob_profile.username)
self.assertEqual(response.status_code, 200)
self.assertEqual(response.data, [])
# Get Alice's form as Bob
request = self.factory.get('/', {'formID': 'good_eats_multilang'})
response = self.view(request, username=bob_profile.username)
self.assertEqual(response.status_code, 401)
auth = DigestAuth('bob', 'bobbob')
request.META.update(auth(request.META, response))
response = self.view(request, username=bob_profile.username)
self.assertEqual(response.status_code, 200)
self.assertEqual(len(response.data), 1)
self.assertEqual(response.data[0]['formID'], 'good_eats_multilang')
def _check_is_admin_or_manager( # pylint: disable=no-self-use
self, user: User, xform: XForm) -> bool:
return OwnerRole.user_has_role(
user, xform) or ManagerRole.user_has_role(user, xform)
def test_form_id_filter_for_require_auth_account(self):
"""
Test formList formID filter for account that requires authentication
"""
# Bob submit forms
xls_path = os.path.join(settings.PROJECT_ROOT, "apps", "main", "tests",
"fixtures", "tutorial.xls")
self._publish_xls_form_to_project(xlsform_path=xls_path)
xls_file_path = os.path.join(settings.PROJECT_ROOT, "apps", "logger",
"fixtures",
"external_choice_form_v1.xlsx")
self._publish_xls_form_to_project(xlsform_path=xls_file_path)
# Set require auth to true
self.user.profile.require_auth = True
self.user.profile.save()
request = self.factory.get('/', {'formID': self.xform.id_string})
response = self.view(request, username=self.user.username)
self.assertEqual(response.status_code, 401)
# Test for authenticated user but unrecognized formID
auth = DigestAuth('bob', 'bobbob')
request = self.factory.get('/', {'formID': 'unrecognizedID'})
request.META.update(auth(request.META, response))
response = self.view(request, username=self.user.username)
self.assertEqual(response.status_code, 200)
self.assertEqual(response.data, [])
# Test for authenticated user and valid formID
request = self.factory.get('/', {'formID': self.xform.id_string})
self.assertTrue(self.user.profile.require_auth)
response = self.view(request, username=self.user.username)
self.assertEqual(response.status_code, 401)
auth = DigestAuth('bob', 'bobbob')
request.META.update(auth(request.META, response))
response = self.view(request, username=self.user.username)
self.assertEqual(response.status_code, 200)
path = os.path.join(
os.path.dirname(__file__), '..', 'fixtures', 'formList2.xml')
with open(path, encoding='utf-8') as f:
form_list = f.read().strip()
data = {"hash": self.xform.hash, "pk": self.xform.pk,
'version': self.xform.version}
content = response.render().content.decode('utf-8')
self.assertEqual(content, form_list % data)
# Test for shared forms
# Create user Alice
alice_data = {
'username': '******',
'email': '*****@*****.**',
'password1': 'alice',
'password2': 'alice'
}
alice_profile = self._create_user_profile(alice_data)
# check that she can authenticate successfully
request = self.factory.get('/')
response = self.view(request)
self.assertEqual(response.status_code, 401)
auth = DigestAuth('alice', 'alice')
request.META.update(auth(request.META, response))
response = self.view(request)
self.assertEqual(response.status_code, 200)
self.assertFalse(
ReadOnlyRole.user_has_role(alice_profile.user, self.project))
# share Bob's project with Alice
data = {
'username': '******',
'role': ReadOnlyRole.name
}
request = self.factory.post('/', data=data, **self.extra)
share_view = ProjectViewSet.as_view({'post': 'share'})
project_id = self.project.pk
response = share_view(request, pk=project_id)
self.assertEqual(response.status_code, 204)
self.assertTrue(
ReadOnlyRole.user_has_role(alice_profile.user, self.project))
request = self.factory.get('/', {'formID': self.xform.id_string})
response = self.view(request)
self.assertEqual(response.status_code, 401)
auth = DigestAuth('alice', 'alice')
request.META.update(auth(request.META, response))
response = self.view(request, username='******')
self.assertEqual(response.status_code, 200)
path = os.path.join(
os.path.dirname(__file__), '..', 'fixtures', 'formList2.xml')
with open(path, encoding='utf-8') as f:
form_list = f.read().strip()
data = {"hash": self.xform.hash, "pk": self.xform.pk,
"version": self.xform.version}
content = response.render().content.decode('utf-8')
self.assertEqual(content, form_list % data)
# Bob's profile
bob_profile = self.user
# Submit form as Alice
self._login_user_and_profile(extra_post_data=alice_data)
self.assertEqual(self.user.username, 'alice')
path = os.path.join(
settings.PROJECT_ROOT, "apps", "main", "tests", "fixtures",
"good_eats_multilang", "good_eats_multilang.xls")
self._publish_xls_form_to_project(xlsform_path=path)
self.assertTrue(OwnerRole.user_has_role(alice_profile.user,
self.xform))
# Share Alice's form with Bob
ReadOnlyRole.add(bob_profile, self.xform)
self.assertTrue(ReadOnlyRole.user_has_role(bob_profile, self.xform))
# Get unrecognized formID as bob
request = self.factory.get('/', {'formID': 'unrecognizedID'})
response = self.view(request, username=bob_profile.username)
self.assertEqual(response.status_code, 401)
auth = DigestAuth('bob', 'bobbob')
request.META.update(auth(request.META, response))
response = self.view(request, username=bob_profile.username)
self.assertEqual(response.status_code, 200)
self.assertEqual(response.data, [])
# Get Alice's form as Bob
request = self.factory.get('/', {'formID': 'good_eats_multilang'})
response = self.view(request, username=bob_profile.username)
self.assertEqual(response.status_code, 401)
auth = DigestAuth('bob', 'bobbob')
request.META.update(auth(request.META, response))
response = self.view(request, username=bob_profile.username)
self.assertEqual(response.status_code, 200)
self.assertEqual(len(response.data), 1)
self.assertEqual(response.data[0]['formID'], 'good_eats_multilang')
