def test_employments_list(employment: Employment, other_user: User,
other_company: Company):
""" Employments can be listed by existing employees of a company.
Users should see only employees of companies they themselves belong to.
"""
user = employment.user
client = APIClient()
client.force_authenticate(user)
Employment.objects.create(company=other_company,
user=other_user,
role=Employment.ROLE_ADMIN)
assert Employment.objects.count() == 2
# Ensure we only get a single employment back - the one belonging to the company we're in.
resp = client.get(client.reverse('employment-list'))
resp_data = validate_jsonapi_list_response(
resp,
expected_count=1,
expected_attributes=ATTRIBUTES_LIST,
expected_relationships=RELATIONSHIPS_LIST,
)
assert set(item['id']
for item in resp_data['data']) == {str(employment.company_id)}
def test_employments_list_public():
""" Employees cannot be listed anonymously.
"""
client = APIClient()
resp = client.get(client.reverse('employment-list'))
validate_jsonapi_error_response(resp, 403)
def test_employments_details_public(other_employment: Employment):
""" Employment details cannot be viewed anonymously.
"""
client = APIClient()
resp = client.get(
client.reverse('employment-detail', pk=other_employment.pk))
validate_jsonapi_error_response(resp, 403)
def do_test_company_listing(client: APIClient, batch_size=5):
CompanyFactory.create_batch(batch_size)
resp = client.get(client.reverse('company-list'))
validate_jsonapi_list_response(
resp,
expected_count=batch_size,
expected_attributes=ATTRIBUTES_LIST,
expected_relationships=RELATIONSHIPS_LIST,
)
def test_employments_details_unrelated(user: User,
other_employment: Employment):
""" Employment details cannot be viewed by an unrelated user (non-employee).
"""
client = APIClient()
client.force_authenticate(user)
resp = client.get(
client.reverse('employment-detail', pk=other_employment.pk))
validate_jsonapi_error_response(resp, 404)
def test_companies_details_public(company: Company):
""" Company details can also be viewed anonymously, only basic information is returned.
"""
client = APIClient()
resp = client.get(client.reverse('company-detail', pk=company.pk))
validate_jsonapi_detail_response(
resp,
expected_attributes=ATTRIBUTES_PUBLIC,
expected_relationships=RELATIONSHIPS_PUBLIC,
)
def test_companies_details_unrelated(user: User, other_company: Company):
""" Company details can be viewed by an unrelated user (non-employee), but only basic information is returned.
"""
client = APIClient()
client.force_authenticate(user)
resp = client.get(client.reverse('company-detail', pk=other_company.pk))
validate_jsonapi_detail_response(
resp,
expected_attributes=ATTRIBUTES_PUBLIC,
expected_relationships=RELATIONSHIPS_PUBLIC,
)
def test_companies_details_employee(employment: Employment):
""" Company details can be viewed by an employee, and full information is returned.
"""
client = APIClient()
client.force_authenticate(employment.user)
resp = client.get(
client.reverse('company-detail', pk=employment.company.pk))
validate_jsonapi_detail_response(
resp,
expected_attributes=ATTRIBUTES_FULL,
expected_relationships=RELATIONSHIPS_FULL,
)
def test_employments_details_employee(employment: Employment,
other_user: User):
""" Employment details can be viewed by an employee, and full information is returned.
"""
company = employment.company
other_employment = Employment.objects.create(company=company,
user=other_user,
role=Employment.ROLE_NORMAL)
client = APIClient()
client.force_authenticate(employment.user)
resp = client.get(
client.reverse('employment-detail', pk=other_employment.pk))
validate_jsonapi_detail_response(
resp,
expected_attributes=ATTRIBUTES_FULL,
expected_relationships=RELATIONSHIPS_FULL,
)
