def test_user_can_view_non_private_user_entries(user_client, alt_user_client):
# alt user schedule entry
alt_user_rjson = post_schedule(alt_user_client, TEST_SCHEDULE_ENTRY)
alt_user_entry_name = alt_user_rjson["name"]
alt_user_entry_url = reverse_detail_url(alt_user_entry_name)
response = user_client.get(alt_user_entry_url, **HTTPS_KWARG)
validate_response(response, status.HTTP_200_OK)
def test_admin_can_create_private_results(admin_client, user_client, test_scheduler):
private_entry_name = simulate_frequency_fft_acquisitions(
admin_client, is_private=True
)
private_result_url = reverse_result_detail(private_entry_name, 1)
user_response = user_client.get(private_result_url, **HTTPS_KWARG)
validate_response(user_response, status.HTTP_403_FORBIDDEN)
def test_get_existing_entry_details_returns_200(admin_client):
"""Requesting details of existing entry should return 200."""
rjson = post_schedule(admin_client, TEST_SCHEDULE_ENTRY)
entry_name = rjson["name"]
url = reverse_detail_url(entry_name)
response = admin_client.get(url, **HTTPS_KWARG)
validate_response(response, status.HTTP_200_OK)
def test_user_cant_modify_others_results(admin_client, user_client,
alt_user_client, test_scheduler):
# alt user schedule entry
alt_user_entry_name = simulate_acquisitions(alt_user_client,
name="alt_user_single_acq")
alt_user_acq_url = reverse_result_detail(alt_user_entry_name, 1)
new_result_detail = user_client.get(alt_user_acq_url, **HTTPS_KWARG)
new_result_detail = new_result_detail.data
new_result_detail["task_id"] = 2
user_modify_alt_user_response = update_result_detail(
user_client, alt_user_entry_name, 1, new_result_detail)
# admin user schedule entry
admin_entry_name = simulate_acquisitions(admin_client,
name="admin_single_acq")
admin_acq_url = reverse_result_detail(admin_entry_name, 1)
new_result_detail = user_client.get(admin_acq_url, **HTTPS_KWARG).data
new_result_detail["task_id"] = 2
user_modify_admin_response = update_result_detail(user_client,
admin_entry_name, 1,
new_result_detail)
validate_response(user_modify_alt_user_response, status.HTTP_403_FORBIDDEN)
validate_response(user_modify_admin_response, status.HTTP_403_FORBIDDEN)
def test_user_cant_modify_other_acquisitions(admin_client, alt_admin_client,
user_client, test_scheduler):
# alt admin schedule entry
alt_admin_entry_name = simulate_acquisitions(alt_admin_client,
name='alt_admin_single_acq')
alt_admin_acq_url = reverse_acquisition_detail(alt_admin_entry_name, 1)
new_acquisition_detail = user_client.get(alt_admin_acq_url, **HTTPS_KWARG)
new_acquisition_detail = new_acquisition_detail.data
new_acquisition_detail['task_id'] = 2
admin_modify_alt_admin_response = update_acquisition_detail(
admin_client, alt_admin_entry_name, 1, new_acquisition_detail)
# user schedule entry
user_entry_name = simulate_acquisitions(user_client,
name='admin_single_acq')
user_acq_url = reverse_acquisition_detail(user_entry_name, 1)
new_acquisition_detail = admin_client.get(user_acq_url, **HTTPS_KWARG).data
new_acquisition_detail['task_id'] = 2
admin_modify_user_response = update_acquisition_detail(
admin_client, user_entry_name, 1, new_acquisition_detail)
validate_response(admin_modify_alt_admin_response,
status.HTTP_405_METHOD_NOT_ALLOWED)
validate_response(admin_modify_user_response,
status.HTTP_405_METHOD_NOT_ALLOWED)
def test_admin_can_view_private_results(admin_client, alt_admin_client,
test_scheduler):
private_entry_name = simulate_acquisitions(alt_admin_client,
is_private=True)
private_result_url = reverse_result_detail(private_entry_name, 1)
response = admin_client.get(private_result_url, **HTTPS_KWARG)
validate_response(response, status.HTTP_200_OK)
def test_cannot_view_private_result_details(user_client, admin_client,
test_scheduler):
"""A user should not be able to view the result of a private task."""
entry_name = simulate_acquisitions(admin_client, is_private=True)
url = reverse_result_detail(entry_name, 1)
response = user_client.get(url, **HTTPS_KWARG)
validate_response(response, status.HTTP_404_NOT_FOUND)
def test_cannot_delete_result_details(user_client):
"""Results are read-only."""
entry_name = create_task_results(1, user_client)
url = reverse_result_detail(entry_name, 1)
response = user_client.delete(url, **HTTPS_KWARG)
validate_response(response, status.HTTP_405_METHOD_NOT_ALLOWED)
def test_private_entry_results_list_is_private(
admin_client, user_client, test_scheduler
):
entry_name = simulate_frequency_fft_acquisitions(admin_client, is_private=True)
url = reverse_result_list(entry_name)
response = user_client.get(url, **HTTPS_KWARG)
validate_response(response, status.HTTP_403_FORBIDDEN)
def test_user_can_view_non_private_admin_entries(admin_client, user_client):
# admin user schedule entry
admin_rjson = post_schedule(admin_client, TEST_ALTERNATE_SCHEDULE_ENTRY)
admin_entry_name = admin_rjson["name"]
admin_entry_url = reverse_detail_url(admin_entry_name)
response = user_client.get(admin_entry_url, **HTTPS_KWARG)
validate_response(response, status.HTTP_200_OK)
def test_user_cant_view_private_acquisitions(admin_client, user_client,
test_scheduler):
private_entry_name = simulate_acquisitions(admin_client, is_private=True)
private_acq_url = reverse_acquisition_detail(private_entry_name, 1)
response = user_client.get(private_acq_url, **HTTPS_KWARG)
validate_response(response, status.HTTP_403_FORBIDDEN)
def test_private_schedule_entry_is_private(admin_client, user_client):
rjson = post_schedule(admin_client, TEST_PRIVATE_SCHEDULE_ENTRY)
entry_name = rjson["name"]
entry_url = reverse_detail_url(entry_name)
user_response = user_client.get(entry_url, **HTTPS_KWARG)
admin_user_response = admin_client.get(entry_url, **HTTPS_KWARG)
validate_response(user_response, status.HTTP_404_NOT_FOUND)
validate_response(admin_user_response, status.HTTP_200_OK)
def test_user_can_delete_their_acquisition(user_client, test_scheduler):
entry_name = simulate_acquisitions(user_client)
acq_url = reverse_acquisition_detail(entry_name, 1)
first_response = user_client.delete(acq_url, **HTTPS_KWARG)
second_response = user_client.delete(acq_url, **HTTPS_KWARG)
validate_response(first_response, status.HTTP_204_NO_CONTENT)
validate_response(second_response, status.HTTP_404_NOT_FOUND)
def test_user_cannot_post_private_schedule(user_client):
"""Unpriveleged users should not be able to create private entries."""
rjson = post_schedule(user_client, TEST_PRIVATE_SCHEDULE_ENTRY)
entry_name = rjson["name"]
url = reverse_detail_url(entry_name)
response = user_client.get(url, **HTTPS_KWARG)
assert not rjson["is_private"]
validate_response(response, status.HTTP_200_OK)
assert not response.data["is_private"]
def test_user_cannot_view_private_result_details(
user_client, admin_client, test_scheduler
):
"""A user should not be able to view the result of a private task."""
entry_name = simulate_frequency_fft_acquisitions(admin_client, is_private=True)
task_id = 1
url = reverse_result_detail(entry_name, task_id)
response = user_client.get(url, **HTTPS_KWARG)
validate_response(response, status.HTTP_403_FORBIDDEN)
def test_delete_list(user_client, test_scheduler):
entry_name = simulate_acquisitions(user_client, n=3)
url = reverse_acquisition_list(entry_name)
response = user_client.delete(url, **HTTPS_KWARG)
validate_response(response, status.HTTP_204_NO_CONTENT)
response = user_client.delete(url, **HTTPS_KWARG)
validate_response(response, status.HTTP_404_NOT_FOUND)
def test_user_cannot_view_private_entry_details(admin_client, user_client):
"""A user attempting to access a private entry should receive 404."""
# Private indicates admin wants users to be unaware that the entry exists
# on the system, hence 404 vs 403 (FORBIDDEN).
rjson = post_schedule(admin_client, TEST_PRIVATE_SCHEDULE_ENTRY)
entry_name = rjson["name"]
url = reverse_detail_url(entry_name)
response = user_client.get(url, **HTTPS_KWARG)
validate_response(response, status.HTTP_404_NOT_FOUND)
def test_admin_can_delete_own_results(admin_client, test_scheduler):
entry_name = simulate_acquisitions(admin_client)
result_url = reverse_result_detail(entry_name, 1)
first_response = admin_client.delete(result_url, **HTTPS_KWARG)
second_response = admin_client.delete(result_url, **HTTPS_KWARG)
validate_response(first_response, status.HTTP_204_NO_CONTENT)
validate_response(second_response, status.HTTP_404_NOT_FOUND)
def test_delete_list_data_files_deleted(user_client, test_scheduler):
entry_name = simulate_frequency_fft_acquisitions(user_client)
task_result = TaskResult.objects.get(schedule_entry__name=entry_name)
acquisition = Acquisition.objects.get(task_result__id=task_result.id)
data_file = acquisition.data.path
assert os.path.exists(data_file)
url = reverse_result_list(entry_name)
response = user_client.delete(url, **HTTPS_KWARG)
validate_response(response, status.HTTP_204_NO_CONTENT)
assert not os.path.exists(data_file)
def test_user_cannot_delete_others_results(admin_client, user_client, test_scheduler):
# alt admin private schedule entry
admin_entry_name = simulate_frequency_fft_acquisitions(
admin_client, name="alt_admin_single_acq"
)
admin_result_url = reverse_result_detail(admin_entry_name, 1)
user_delete_admin_response = user_client.delete(admin_result_url, **HTTPS_KWARG)
validate_response(user_delete_admin_response, status.HTTP_403_FORBIDDEN)
def test_user_can_delete_own_results(user_client, test_scheduler):
"""A user should be able to delete results they own."""
entry_name = simulate_acquisitions(user_client)
result_url = reverse_result_detail(entry_name, 1)
first_response = user_client.delete(result_url, **HTTPS_KWARG)
second_response = user_client.delete(result_url, **HTTPS_KWARG)
validate_response(first_response, status.HTTP_204_NO_CONTENT)
validate_response(second_response, status.HTTP_404_NOT_FOUND)
def test_user_can_modify_their_entry(user_client):
rjson = post_schedule(user_client, TEST_SCHEDULE_ENTRY)
entry_name = rjson["name"]
user_adjust_response = update_schedule(user_client, entry_name,
TEST_ALTERNATE_SCHEDULE_ENTRY)
validate_response(user_adjust_response, status.HTTP_200_OK)
assert rjson["priority"] == 10
assert user_adjust_response.data["priority"] == 5
def test_entry_posted_to_schedule_is_immediately_available(admin_client):
rjson = post_schedule(admin_client, TEST_SCHEDULE_ENTRY)
entry_name = rjson["name"]
entry_url = reverse_detail_url(entry_name)
user_response = admin_client.get(entry_url, **HTTPS_KWARG)
for k, v in TEST_SCHEDULE_ENTRY.items():
assert rjson[k] == v
validate_response(user_response, status.HTTP_200_OK)
def test_admin_can_view_all_entries(admin_client, alt_admin_client):
# alt admin user schedule entry
alt_admin_rjson = post_schedule(alt_admin_client,
TEST_PRIVATE_SCHEDULE_ENTRY)
alt_admin_entry_name = alt_admin_rjson["name"]
kws = {"pk": alt_admin_entry_name}
kws.update(V1)
alt_admin_url = reverse("schedule-detail", kwargs=kws)
response = admin_client.get(alt_admin_url, **HTTPS_KWARG)
validate_response(response, status.HTTP_200_OK)
def test_admin_can_modify_all_entries(admin_client, alt_admin_client):
# admin user schedule entry
alt_admin_rjson = post_schedule(alt_admin_client,
TEST_PRIVATE_SCHEDULE_ENTRY)
alt_admin_entry_name = alt_admin_rjson["name"]
admin_adjust_alt_admin_response = update_schedule(admin_client,
alt_admin_entry_name,
TEST_SCHEDULE_ENTRY)
validate_response(admin_adjust_alt_admin_response, status.HTTP_200_OK)
def test_delete_list(user_client):
# If result doesn't exist, expect 405
url = reverse_result_list('doesntexist')
response = user_client.delete(url, **HTTPS_KWARG)
validate_response(response, status.HTTP_405_METHOD_NOT_ALLOWED)
# If result does exist, expect 405
entry_name = create_task_results(1, user_client)
url = reverse_result_list(entry_name)
response = user_client.delete(url, **HTTPS_KWARG)
validate_response(response, status.HTTP_405_METHOD_NOT_ALLOWED)
def test_admin_cant_modify_own_results(admin_client, test_scheduler):
entry_name = simulate_frequency_fft_acquisitions(admin_client)
result_url = reverse_result_detail(entry_name, 1)
new_result_detail = admin_client.get(result_url, **HTTPS_KWARG).data
new_result_detail["task_id"] = 2
response = update_result_detail(admin_client, entry_name, 1, new_result_detail)
validate_response(response, status.HTTP_405_METHOD_NOT_ALLOWED)
def test_delete_list(user_client):
# If result doesn't exist, expect 404
url = reverse_result_list("doesntexist")
response = user_client.delete(url, **HTTPS_KWARG)
validate_response(response, status.HTTP_404_NOT_FOUND)
# If result does exist, expect 204
entry_name = create_task_results(1, user_client)
url = reverse_result_list(entry_name)
response = user_client.delete(url, **HTTPS_KWARG)
validate_response(response, status.HTTP_204_NO_CONTENT)
def test_user_cant_create_private_acquisition(user_client, alt_user_client,
test_scheduler):
# The alt user attempts to create a private acquisition.
entry_name = simulate_acquisitions(alt_user_client, is_private=True)
result_url = reverse_result_detail(entry_name, 1)
# The user attempts to GET the acquisition that the alt user created.
response = user_client.get(result_url, **HTTPS_KWARG)
# The user successfully GETs the acquistion that the alt user
# created; meaning that the acquisition was not, in fact, private.
validate_response(response, status.HTTP_200_OK)
def test_get_schedule(admin_client):
url = reverse("schedule-list", kwargs=V1)
rjson = validate_response(admin_client.get(url, **HTTPS_KWARG))
assert rjson["results"] == EMPTY_SCHEDULE_RESPONSE
post_schedule(admin_client, TEST_SCHEDULE_ENTRY)
rjson = validate_response(admin_client.get(url, **HTTPS_KWARG))
assert rjson["count"] == 1
expected_name = TEST_SCHEDULE_ENTRY["name"]
actual_name = rjson["results"][0]["name"]
assert expected_name == actual_name
