def test_inspector_can_update_an_existing_user():
inspector = factories.UserProfileFactory(
profile_type=UserProfile.INSPECTOR)
control = factories.ControlFactory()
existing_user = factories.UserProfileFactory(
profile_type=UserProfile.AUDITED)
inspector.controls.add(control)
existing_user.controls.add(control)
post_data = {
'first_name': 'Marcel',
'last_name': 'Proust',
'profile_type': UserProfile.AUDITED,
'organization': '',
'email': existing_user.user.email,
}
assert existing_user.user.first_name != 'Marcel'
assert existing_user.user.last_name != 'Proust'
utils.login(client, user=inspector.user)
url = reverse('api:user-list')
count_before = User.objects.count()
client.post(url, post_data)
count_after = User.objects.count()
modified_user = UserProfile.objects.get(pk=existing_user.pk)
assert count_after == count_before
assert modified_user.user.first_name == 'Marcel'
assert modified_user.user.last_name == 'Proust'
def test_inspector_can_update_an_existing_user_with_different_casing():
inspector = factories.UserProfileFactory(
profile_type=UserProfile.INSPECTOR)
control = factories.ControlFactory()
existing_user = factories.UserProfileFactory(
profile_type=UserProfile.AUDITED)
inspector.controls.add(control)
existing_user.controls.add(control)
post_data = {
'first_name': 'Marcel',
'last_name': 'Proust',
'profile_type': UserProfile.AUDITED,
'organization': '',
'email': existing_user.user.email.upper(), # uppercase the email
}
assert existing_user.user.first_name != 'Marcel'
assert existing_user.user.last_name != 'Proust'
utils.login(client, user=inspector.user)
url = reverse('api:user-list')
count_before = User.objects.count()
client.post(url, post_data)
count_after = User.objects.count()
modified_user = UserProfile.objects.get(pk=existing_user.pk)
# Update has happened successfully
assert count_after == count_before
assert modified_user.user.first_name == 'Marcel'
assert modified_user.user.last_name == 'Proust'
# Email is still lowercase
assert modified_user.user.email.lower() == modified_user.user.email
def test_cannot_list_question_file_by_question_from_deleted_control():
deleted_question_file = factories.QuestionFileFactory()
deleted_control = deleted_question_file.question.theme.questionnaire.control
deleted_control.delete()
assert Control.objects.get(id=deleted_control.id).is_deleted
# Audited
audited = factories.UserProfileFactory(profile_type=UserProfile.AUDITED)
audited.controls.add(deleted_control)
response = list_annexes_for_question(audited.user,
deleted_question_file.question.id)
assert response.status_code == 200
assert len(response.data) == 0
assert deleted_question_file.file.name not in str(response.content)
# Inspector
inspector = factories.UserProfileFactory(
profile_type=UserProfile.INSPECTOR)
inspector.controls.add(deleted_control)
response = list_annexes_for_question(inspector.user,
deleted_question_file.question.id)
assert response.status_code == 200
assert len(response.data) == 0
assert deleted_question_file.file.name not in str(response.content)
def test_inspector_can_remove_user_from_control():
someone = factories.UserProfileFactory(profile_type='audited')
inspector = factories.UserProfileFactory(profile_type='inspector')
control = factories.ControlFactory()
inspector.controls.add(control)
someone.controls.add(control)
utils.login(client, user=inspector.user)
url = reverse('api:user-remove-control', args=[someone.pk])
count_before = User.objects.filter(profile__controls=control).count()
response = client.post(url, {'control': control.pk})
count_after = User.objects.filter(profile__controls=control).count()
assert count_after == count_before - 1
assert response.status_code == 200
def test_logged_in_user_can_search_user_by_username():
inspector = factories.UserProfileFactory(
profile_type=UserProfile.INSPECTOR)
login_user = inspector.user
target_user = factories.UserProfileFactory()
control = factories.ControlFactory()
inspector.controls.add(control)
target_user.controls.add(control)
response = search_user_by_username(login_user, target_user.user.username)
assert response.status_code == 200
assert len(response.data) == 1
assert response.data[0]['email'] == target_user.user.username
def test_cannot_get_inexistant_question_file():
inspector = factories.UserProfileFactory(
profile_type=UserProfile.INSPECTOR)
# method not allowed
assert get_question_file(inspector.user,
21038476187629481736498376).status_code == 405
def test_inspector_can_list_question_file_from_draft_questionnaire():
inspector = factories.UserProfileFactory(
profile_type=UserProfile.INSPECTOR)
published_question_file = factories.QuestionFileFactory()
published_questionnaire = published_question_file.question.theme.questionnaire
published_questionnaire.is_draft = False
published_questionnaire.save()
assert Questionnaire.objects.get(
id=published_questionnaire.id).is_published
inspector.controls.add(published_questionnaire.control)
draft_question_file = factories.QuestionFileFactory()
draft_questionnaire = draft_question_file.question.theme.questionnaire
draft_questionnaire.is_draft = True
draft_questionnaire.save()
assert Questionnaire.objects.get(id=draft_questionnaire.id).is_draft
inspector.controls.add(draft_questionnaire.control)
response = list_annexes(inspector.user)
assert response.status_code == 200
assert published_question_file.file.name in str(response.content)
assert draft_question_file.file.name in str(response.content)
assert len(response.data) == 2
def test_an_email_is_sent_when_user_is_removed():
someone = factories.UserProfileFactory(profile_type=UserProfile.AUDITED)
inspector = factories.UserProfileFactory(
profile_type=UserProfile.INSPECTOR)
control = factories.ControlFactory()
inspector.controls.add(control)
someone.controls.add(control)
utils.login(client, user=inspector.user)
url = reverse('api:user-remove-control', args=[someone.pk])
count_users_before = User.objects.filter(profile__controls=control).count()
count_emails_before = len(mail.outbox)
client.post(url, {'control': control.pk})
count_users_after = User.objects.filter(profile__controls=control).count()
count_emails_after = len(mail.outbox)
assert count_users_after == count_users_before - 1
assert count_emails_after == count_emails_before + 1
def test_cannot_get_question_file_even_if_user_belongs_to_control():
inspector = factories.UserProfileFactory(
profile_type=UserProfile.INSPECTOR)
audited = factories.UserProfileFactory(profile_type=UserProfile.AUDITED)
question_file = factories.QuestionFileFactory()
questionnaire = question_file.question.theme.questionnaire
inspector.controls.add(questionnaire.control)
audited.controls.add(questionnaire.control)
questionnaire.is_draft = False
questionnaire.save()
assert Questionnaire.objects.get(id=questionnaire.id).is_published
# method not allowed
assert get_question_file(inspector.user,
question_file.id).status_code == 405
assert get_question_file(audited.user, question_file.id).status_code == 405
def test_cannot_search_user_by_username_if_associated_with_deleted_control():
inspector = factories.UserProfileFactory(
profile_type=UserProfile.INSPECTOR)
login_user = inspector.user
target_user = factories.UserProfileFactory()
control = factories.ControlFactory()
inspector.controls.add(control)
target_user.controls.add(control)
control.delete()
control.save()
response = search_user_by_username(login_user, target_user.user.username)
# Sucessful query with no results
assert response.status_code == 200
assert len(response.data) == 0
def test_logged_in_user_can_list_users():
factories.UserProfileFactory()
user = factories.UserFactory()
utils.login(client, user=user)
url = reverse('api:user-list')
response = client.get(url)
assert response.status_code == 200
def test_logged_in_user_can_get_current_user():
user_profile = factories.UserProfileFactory()
user = user_profile.user
utils.login(client, user=user)
url = reverse('api:user-current')
response = client.get(url)
assert response.status_code == 200
def test_delete_twice_raise_404():
inspector = factories.UserProfileFactory(profile_type=UserProfile.INSPECTOR)
control = factories.ControlFactory()
inspector.controls.add(control)
utils.login(client, user=inspector.user)
url = reverse('api:deletion-delete-control', args=[control.pk])
control.delete()
response = client.post(url)
assert response.status_code == 404
def test_cannot_get_question_file_if_control_is_deleted():
inspector = factories.UserProfileFactory(
profile_type=UserProfile.INSPECTOR)
question_file = factories.QuestionFileFactory()
inspector.controls.add(question_file.question.theme.questionnaire.control)
question_file.question.theme.questionnaire.control.delete()
# method not allowed
assert get_question_file(inspector.user,
question_file.id).status_code == 405
def test_email_is_not_sent_if_sending_flag_is_disabled():
response_file = factories.ResponseFileFactory()
inspector = factories.UserProfileFactory(profile_type=UserProfile.INSPECTOR)
inspector.controls.add(response_file.question.theme.questionnaire.control)
inspector.send_files_report = False
inspector.save()
count_emails_before = len(mail.outbox)
send_files_report()
count_emails_after = len(mail.outbox)
assert count_emails_after == count_emails_before
def test_audited_cannot_get_question_file_from_draft_questionnaire():
audited = factories.UserProfileFactory(profile_type=UserProfile.AUDITED)
question_file = factories.QuestionFileFactory()
audited.controls.add(question_file.question.theme.questionnaire.control)
question_file.question.theme.questionnaire.is_draft = True
question_file.question.theme.questionnaire.save()
assert Questionnaire.objects.get(
id=question_file.question.theme.questionnaire.id).is_draft
# method not allowed
assert get_question_file(audited.user, question_file.id).status_code == 405
def test_audited_cannot_delete_a_control():
audited = factories.UserProfileFactory(profile_type=UserProfile.AUDITED)
control = factories.ControlFactory()
audited.controls.add(control)
utils.login(client, user=audited.user)
url = reverse('api:deletion-delete-control', args=[control.pk])
count_before = Control.objects.active().count()
response = client.post(url)
count_after = Control.objects.active().count()
assert count_after == count_before
assert response.status_code == 403
def test_inspector_can_delete_a_control():
inspector = factories.UserProfileFactory(profile_type=UserProfile.INSPECTOR)
control = factories.ControlFactory()
inspector.controls.add(control)
utils.login(client, user=inspector.user)
url = reverse('api:deletion-delete-control', args=[control.pk])
count_before = Control.objects.active().count()
response = client.post(url)
count_after = Control.objects.active().count()
assert count_after == count_before - 1
assert response.status_code == 200
def test_inspector_can_remove_question_file():
inspector = factories.UserProfileFactory(profile_type=UserProfile.INSPECTOR)
question_file = factories.QuestionFileFactory()
inspector.controls.add(question_file.question.theme.questionnaire.control)
utils.login(client, user=inspector.user)
url = reverse('api:annexe-detail', args=[question_file.id])
count_before = QuestionFile.objects.count()
response = client.delete(url)
assert response.status_code == 204
count_after = QuestionFile.objects.count()
assert count_after == count_before - 1
def test_audited_cannot_remove_question_file():
audited = factories.UserProfileFactory(profile_type=UserProfile.AUDITED)
question_file = factories.QuestionFileFactory()
audited.controls.add(question_file.question.theme.questionnaire.control)
utils.login(client, user=audited.user)
url = reverse('api:annexe-detail', args=[question_file.id])
count_before = QuestionFile.objects.count()
response = client.delete(url)
assert response.status_code == 403
count_after = QuestionFile.objects.count()
assert count_after == count_before
def test_cannot_upload_question_file_if_control_is_deleted():
inspector = factories.UserProfileFactory(
profile_type=UserProfile.INSPECTOR)
question = factories.QuestionFactory()
inspector.controls.add(question.theme.questionnaire.control)
utils.login(client, user=inspector.user)
url = reverse('api:annexe-list')
post_data = {
'file': factories.dummy_file.open(),
'question': [question.id]
}
question.theme.questionnaire.control.delete()
response = client.post(url, post_data, format='multipart')
assert response.status_code == 403
def test_audited_cannot_update_question_file_from_draft_questionnaire():
audited = factories.UserProfileFactory(profile_type=UserProfile.AUDITED)
question_file = factories.QuestionFileFactory()
questionnaire = question_file.question.theme.questionnaire
audited.controls.add(questionnaire.control)
questionnaire.is_draft = True
questionnaire.save()
assert Questionnaire.objects.get(id=questionnaire.id).is_draft
payload = {
"id": question_file.id,
"question": question_file.question.id + 1
}
# Forbidden
assert update_question_file(audited.user, payload).status_code == 403
def test_audited_cannot_list_question_file_by_question_from_draft_questionnaire(
):
audited = factories.UserProfileFactory(profile_type=UserProfile.AUDITED)
draft_question_file = factories.QuestionFileFactory()
draft_questionnaire = draft_question_file.question.theme.questionnaire
draft_questionnaire.is_draft = True
draft_questionnaire.save()
assert Questionnaire.objects.get(id=draft_questionnaire.id).is_draft
audited.controls.add(draft_questionnaire.control)
response = list_annexes_for_question(audited.user,
draft_question_file.question.id)
assert response.status_code == 200
assert len(response.data) == 0
assert draft_question_file.file.name not in str(response.content)
def test_inspector_can_upload_question_file():
inspector = factories.UserProfileFactory(profile_type=UserProfile.INSPECTOR)
question = factories.QuestionFactory()
inspector.controls.add(question.theme.questionnaire.control)
utils.login(client, user=inspector.user)
url = reverse('api:annexe-list')
count_before = QuestionFile.objects.count()
post_data = {
'file': factories.dummy_file.open(),
'question': [question.id]
}
response = client.post(url, post_data, format='multipart')
assert response.status_code == 201
count_after = QuestionFile.objects.count()
assert count_after == count_before + 1
def test_audited_cannot_upload_question_file():
audited = factories.UserProfileFactory(profile_type=UserProfile.AUDITED)
question = factories.QuestionFactory()
audited.controls.add(question.theme.questionnaire.control)
utils.login(client, user=audited.user)
url = reverse('api:annexe-list')
count_before = QuestionFile.objects.count()
post_data = {
'file': factories.dummy_file.open(),
'question': [question.id]
}
response = client.post(url, post_data, format='multipart')
assert response.status_code == 403
count_after = QuestionFile.objects.count()
assert count_after == count_before
def test_inspector_cannot_update_question_file_from_published_questionnaire():
inspector = factories.UserProfileFactory(
profile_type=UserProfile.INSPECTOR)
question_file = factories.QuestionFileFactory()
questionnaire = question_file.question.theme.questionnaire
inspector.controls.add(questionnaire.control)
questionnaire.is_draft = False
questionnaire.save()
assert Questionnaire.objects.get(id=questionnaire.id).is_published
payload = {
"id": question_file.id,
"question": question_file.question.id + 1
}
# method not allowed
assert update_question_file(inspector.user, payload).status_code == 405
def test_audited_cannot_create_user():
audited = factories.UserProfileFactory(profile_type='audited')
control = factories.ControlFactory()
audited.controls.add(control)
post_data = {
'first_name': 'Inspector',
'last_name': 'Gadget',
'profile_type': 'inspector',
'email': '*****@*****.**',
'controls': [control.id]
}
utils.login(client, user=audited.user)
url = reverse('api:user-list')
count_before = User.objects.count()
response = client.post(url, post_data)
count_after = User.objects.count()
assert count_after == count_before
assert response.status_code >= 300
def test_inspector_can_create_user():
inspector = factories.UserProfileFactory(profile_type='inspector')
control = factories.ControlFactory()
inspector.controls.add(control)
post_data = {
'first_name': 'Marcel',
'last_name': 'Proust',
'profile_type': 'audited',
'email': '*****@*****.**',
'controls': [control.id]
}
utils.login(client, user=inspector.user)
url = reverse('api:user-list')
count_before = User.objects.count()
response = client.post(url, post_data)
count_after = User.objects.count()
assert count_after == count_before + 1
assert response.status_code == 201
def test_cannot_create_user_when_control_is_deleted():
inspector = factories.UserProfileFactory(
profile_type=UserProfile.INSPECTOR)
control = factories.ControlFactory()
inspector.controls.add(control)
post_data = {
'first_name': 'Marcel',
'last_name': 'Proust',
'profile_type': UserProfile.AUDITED,
'email': '*****@*****.**',
'control': control.id
}
utils.login(client, user=inspector.user)
url = reverse('api:user-list')
count_before = User.objects.count()
control.delete()
response = client.post(url, post_data)
count_after = User.objects.count()
assert count_after == count_before
assert 400 <= response.status_code < 500
def test_new_audited_user_should_not_have_the_file_reporting_flag_activated():
inspector = factories.UserProfileFactory(
profile_type=UserProfile.INSPECTOR)
control = factories.ControlFactory()
inspector.controls.add(control)
post_data = {
'first_name': 'Marcel',
'last_name': 'Proust',
'profile_type': 'audited',
'email': '*****@*****.**',
'control': control.id
}
utils.login(client, user=inspector.user)
url = reverse('api:user-list')
count_before = User.objects.count()
response = client.post(url, post_data)
count_after = User.objects.count()
assert count_after == count_before + 1
assert response.status_code == 201
new_user = User.objects.get(email='*****@*****.**')
assert not new_user.profile.send_files_report
