def test_comment_visibility(admin_user):
shop = factories.get_default_shop()
admin_contact = get_person_contact(admin_user)
staff_user = factories.create_random_user("en", is_staff=True)
staff_contact = get_person_contact(staff_user)
shop.staff_members.add(staff_user)
normal_user = factories.create_random_user("en")
normal_contact = get_person_contact(normal_user)
task_type = TaskType.objects.create(name="Request", shop=shop)
task = create_task(shop, admin_contact, task_type, "my task")
task.comment(admin_contact, "This is only visibile for super users", TaskCommentVisibility.ADMINS_ONLY)
task.comment(staff_contact, "This is only visibile for staff only", TaskCommentVisibility.STAFF_ONLY)
task.comment(normal_contact, "This is visibile for everyone", TaskCommentVisibility.PUBLIC)
# admin see all comments
assert task.comments.for_contact(admin_contact).count() == 3
# staff see all public + staff only
assert task.comments.for_contact(staff_contact).count() == 2
# normal contact see all public
assert task.comments.for_contact(normal_contact).count() == 1
# anonymous contact see all public
assert task.comments.for_contact(AnonymousContact()).count() == 1
def test_get_shop(rf, get_shop_fn):
with override_settings(E-Commerce_ENABLE_MULTIPLE_SHOPS=True):
activate("en")
shop1 = Shop.objects.create(identifier="shop1", status=ShopStatus.ENABLED)
shop2 = Shop.objects.create(identifier="shop2", status=ShopStatus.ENABLED)
normal_user = factories.create_random_user()
staff_user = factories.create_random_user(is_staff=True)
request = apply_request_middleware(rf.post("/"), user=normal_user, skip_session=True)
# user not staff
assert get_shop_fn(request) is None
# staff user now
with pytest.raises(PermissionDenied) as exc:
request = apply_request_middleware(rf.post("/"), user=staff_user)
assert exc.value == "You are not a staff member of this shop"
# no shop set
assert get_shop_fn(request) is None
# adds the user to a shop
shop1.staff_members.add(staff_user)
request = apply_request_middleware(rf.post("/"), user=staff_user, skip_session=True)
assert get_shop_fn(request) == shop1
# adds the user to another shop
shop2.staff_members.add(staff_user)
# still the first shop as we do not set any
assert get_shop_fn(request) == shop1
for shop in [shop1, shop2]:
request = apply_request_middleware(rf.post("/"), user=staff_user, shop=shop)
assert get_shop_fn(request) == shop
def _test_happy_hours_delete_view(rf, index):
shop = factories.get_shop(identifier="shop%s" % index, enabled=True)
staff_user = factories.create_random_user(is_staff=True)
shop.staff_members.add(staff_user)
happy_hour_name = "The Hour %s" % index
happy_hour = HappyHour.objects.create(name=happy_hour_name)
happy_hour.shops = [shop]
extra_happy_hour= HappyHour.objects.create(name="Extra Hour %s" % index)
extra_happy_hour.shops = [shop]
assert HappyHour.objects.filter(name=happy_hour_name).exists()
view_func = HappyHourDeleteView.as_view()
request = apply_request_middleware(rf.post("/"), user=staff_user, shop=shop)
set_shop(request, shop)
response = view_func(request, pk=happy_hour.pk)
if hasattr(response, "render"):
response.render()
assert response.status_code == 302
assert not HappyHour.objects.filter(name=happy_hour_name).exists()
# Make sure that this staff can't remove other people discounts
other_exceptions = HappyHour.objects.exclude(shops=shop)
exception_count = other_exceptions.count()
for coupon in other_exceptions:
view_func = HappyHourDeleteView.as_view()
request = apply_request_middleware(rf.post("/"), user=staff_user, shop=shop)
set_shop(request, shop)
with pytest.raises(Http404):
response = view_func(request, pk=coupon.pk)
if hasattr(response, "render"):
response.render()
assert exception_count == HappyHour.objects.exclude(shops=shop).count()
def test_set_non_shop_member_customer(rf):
"""
Set some customer to the basket that is not member of the shop
"""
with override_settings(**CORE_BASKET_SETTINGS):
shop = factories.get_shop(False)
assert shop != factories.get_default_shop()
user = factories.create_random_user()
request = apply_request_middleware(rf.get("/"), user=user)
basket = get_basket(request, "basket")
basket.customer = get_person_contact(user)
assert basket.shop == factories.get_default_shop()
person = factories.create_random_person()
person.shops.add(shop)
company = factories.create_random_company()
company.add_to_shop(shop)
for customer in [person, company]:
with pytest.raises(ValidationError) as exc:
basket_commands.handle_set_customer(request, basket, customer)
assert exc.value.code == "invalid_customer_shop"
assert basket.customer == get_person_contact(user)
def test_authenticate_form_without_consent_checkboxes(client):
activate("en")
shop = factories.get_default_shop()
user = factories.create_random_user("en")
user.email = "*****@*****.**"
user.set_password("1234")
user.save()
consent_text = printable_gibberish()
gdpr_settings = GDPRSettings.get_for_shop(shop)
gdpr_settings.enabled = True
gdpr_settings.skip_consent_on_auth = True
gdpr_settings.auth_consent_text = consent_text
gdpr_settings.save()
# create privacy policy GDPR document
privacy_policy = ensure_gdpr_privacy_policy(shop)
redirect_target = "/redirect-success/"
client = SmartClient()
login_url = reverse("E-Commerce:login")
response = client.get(login_url)
soup = BeautifulSoup(response.content)
login_form = soup.find("form", {"action": "/login/"})
assert len(login_form.findAll("input")) == 4
assert consent_text in login_form.text
# user didn't check the privacy policy agreement
response = client.post(login_url, data={
"username": user.email,
"password": "******",
REDIRECT_FIELD_NAME: redirect_target
})
assert response.status_code == 302
def test_company_contact_for_shop_staff(rf, admin_user):
company_contact = get_company_contact(admin_user)
assert company_contact is None
shop = factories.get_default_shop()
# Let's create shop for the shop staff
company_contact = get_company_contact_for_shop_staff(shop, admin_user)
company_contact = get_company_contact_for_shop_staff(shop, admin_user)
assert company_contact is not None
# Let's create second staff member to make sure all good with
# creating company contact for shop staff.
new_staff_user = factories.create_random_user()
with pytest.raises(AssertionError):
get_company_contact_for_shop_staff(shop, new_staff_user)
new_staff_user.is_staff = True
new_staff_user.save()
with pytest.raises(AssertionError):
# Since the new staff is not in shop members. The admin user
# passed since he is also superuser.
get_company_contact_for_shop_staff(shop, new_staff_user)
shop.staff_members.add(new_staff_user)
assert company_contact == get_company_contact_for_shop_staff(shop, new_staff_user)
# Make sure both user has person contact linked to the company contact
company_members = company_contact.members.all()
assert get_person_contact(admin_user) in company_members
assert get_person_contact(new_staff_user) in company_members
def test_update_injection():
shop = factories.get_default_shop()
client = SmartClient()
index_url = reverse("E-Commerce:index")
page = ensure_gdpr_privacy_policy(shop)
shop_gdpr = GDPRSettings.get_for_shop(shop)
shop_gdpr.enabled = True
shop_gdpr.privacy_policy = page
shop_gdpr.save()
assert_update(client, index_url, False) # nothing consented in past, should not show
user = factories.create_random_user("en")
password = "******"
user.set_password(password)
user.save()
client.login(username=user.username, password=password)
assert_update(client, index_url, False) # no consent given, should not be visible
create_user_consent_for_all_documents(shop, user)
assert_update(client, index_url, False)
with reversion.create_revision():
page.save()
assert not is_documents_consent_in_sync(shop, user)
assert_update(client, index_url, True)
# consent
client.get(reverse("E-Commerce:gdpr_policy_consent", kwargs=dict(page_id=page.pk)))
assert is_documents_consent_in_sync(shop, user)
assert_update(client, index_url, False)
def test_category_tour(browser, admin_user, live_server, settings):
shop = factories.get_default_shop()
shop2 = factories.get_shop(identifier="shop2")
admin_user_2 = factories.create_random_user(is_staff=True, is_superuser=True)
admin_user_2.set_password("password")
admin_user_2.save()
shop.staff_members.add(admin_user)
shop.staff_members.add(admin_user_2)
for user in [admin_user, admin_user_2]:
initialize_admin_browser_test(browser, live_server, settings, username=user.username, tour_complete=False)
wait_until_condition(browser, lambda x: x.is_text_present("Welcome!"))
browser.visit(live_server + "/sa/categories/new")
wait_until_condition(browser, lambda x: x.is_text_present("Add a new product category"), timeout=30)
wait_until_condition(browser, lambda x: x.is_element_present_by_css(".shepherd-button.btn-primary"))
click_element(browser, ".shepherd-button.btn-primary")
wait_until_condition(browser, lambda x: not x.is_element_present_by_css(".shepherd-button"))
wait_until_condition(browser, lambda x: is_tour_complete(shop, "category", user))
# check whether the tour is shown again
browser.visit(live_server + "/sa/categories/new")
wait_until_condition(browser, lambda x: not x.is_text_present("Add a new product category"))
browser.visit(live_server + "/logout")
browser.visit(live_server + "/sa")
assert is_tour_complete(shop2, "category", user) is False
def _test_coupon_code_list_view(rf, index):
shop = factories.get_shop(identifier="shop%s" % index, enabled=True)
staff_user = factories.create_random_user(is_staff=True)
shop.staff_members.add(staff_user)
coupon_code = CouponCode.objects.create(code="%s" % index)
coupon_code.shops = [shop]
view_func = CouponCodeListView.as_view()
request = apply_request_middleware(
rf.get("/", {
"jq": json.dumps({"perPage": 100, "page": 1})
}),
user=staff_user,
shop=shop)
set_shop(request, shop)
response = view_func(request)
if hasattr(response, "render"):
response.render()
assert response.status_code == 200
view_instance = CouponCodeListView()
view_instance.request = request
assert request.shop == shop
assert view_instance.get_queryset().count() == 1
data = json.loads(view_instance.get(request).content.decode("UTF-8"))
assert len(data["items"]) == 1
coupon_code_data = [item for item in data["items"] if item["_id"] == coupon_code.pk][0]
assert coupon_code_data["usages"] == 0
def test_force_views_only_for_staff(rf):
shop = factories.get_default_shop()
user = factories.create_random_user(is_staff=True)
person_contact = get_person_contact(user)
# Start forcing. There shouldn't be any changes to
# request customer due calling the force functions since
# those just do the redirect in case the current is user
# is not shop staff.
request = apply_request_middleware(rf.get("/"), user=user)
assert request.customer == person_contact
_call_force_view(request, force_anonymous_contact)
request = apply_request_middleware(rf.get("/"), user=user)
assert request.customer == person_contact
_call_force_view(request, force_person_contact)
request = apply_request_middleware(rf.get("/"), user=user)
assert request.customer == person_contact
_call_force_view(request, force_company_contact)
request = apply_request_middleware(rf.get("/"), user=user)
assert request.customer == person_contact
assert get_company_contact(user) is None
def _test_coupon_code_delete_view(rf, index):
shop = factories.get_shop(identifier="shop%s" % index, enabled=True)
staff_user = factories.create_random_user(is_staff=True)
shop.staff_members.add(staff_user)
code = "code-%s" % index
coupon = CouponCode.objects.create(code=code)
coupon.shops = [shop]
extra_coupon = CouponCode.objects.create(code="extra-coupon-%s" % index)
extra_coupon.shops = [shop]
assert CouponCode.objects.filter(code=code).exists()
view_func = CouponCodeDeleteView.as_view()
request = apply_request_middleware(rf.post("/"), user=staff_user, shop=shop)
set_shop(request, shop)
response = view_func(request, pk=coupon.pk)
if hasattr(response, "render"):
response.render()
assert response.status_code == 302
assert not CouponCode.objects.filter(code=code).exists()
# Make sure that this staff can't remove other people discounts
other_coupons = CouponCode.objects.exclude(shops=shop)
coupon_count = other_coupons.count()
for coupon in other_coupons:
view_func = CouponCodeDeleteView.as_view()
request = apply_request_middleware(rf.post("/"), user=staff_user, shop=shop)
set_shop(request, shop)
with pytest.raises(Http404):
response = view_func(request, pk=coupon.pk)
if hasattr(response, "render"):
response.render()
assert coupon_count == CouponCode.objects.exclude(shops=shop).count()
def test_add_product_with_extra_parent_line(rf):
"""
Add product to basket with extra info and parent line
"""
with override_settings(**CORE_BASKET_SETTINGS):
shop = factories.get_default_shop()
user = factories.create_random_user()
product = factories.create_product("product", shop, factories.get_default_supplier(), 10)
request = apply_request_middleware(rf.get("/"), user=user)
basket = get_basket(request, "basket")
basket.customer = get_person_contact(user)
cmd_response = basket_commands.handle_add(request, basket, product.id, 1, extra={"more": "stuff"})
line_id1 = cmd_response["line_id"]
assert cmd_response["ok"]
line1 = basket.get_basket_line(line_id1)
assert line1._data["more"] == "stuff"
cmd_response = basket_commands.handle_add(
request, basket, product.id, 1, parent_line=line1, force_new_line=True)
line_id2 = cmd_response["line_id"]
assert cmd_response["ok"]
line2 = basket.get_basket_line(line_id2)
assert not line2._data
assert line_id1 != line_id2
assert line2.parent_line.line_id == line_id1
def test_reset_admin_user_password(client):
get_default_shop()
user = factories.create_random_user("en", is_staff=True, is_active=True, email=REGULAR_USER_EMAIL)
user.set_password(REGULAR_USER_PASSWORD)
user.save(update_fields=("password",))
assert len(mail.outbox) == 0
response = client.post(reverse("E-Commerce_admin:request_password"), data={
"email": user.email
})
assert response.status_code == 302
assert response.get("location")
assert response.get("location").endswith(reverse("E-Commerce_admin:login"))
assert len(mail.outbox) == 1
email_content = mail.outbox[0].body
url = email_content[email_content.find("http"):]
_, _, _, _, _, uid, token, _ = url.split("/")
new_password = "******"
response = client.post(reverse("E-Commerce_admin:recover_password", kwargs=dict(uidb64=uid, token=token)), data={
"new_password1": new_password,
"new_password2": new_password
})
assert response.status_code == 302
assert response.get("location")
assert response.get("location").endswith(reverse("E-Commerce_admin:login"))
assert len(mail.outbox) == 1
user.refresh_from_db()
assert user.check_password(new_password)
def _test_happy_hours_list_view(rf, index):
shop = factories.get_shop(identifier="shop%s" % index, enabled=True)
staff_user = factories.create_random_user(is_staff=True)
shop.staff_members.add(staff_user)
happy_hour = HappyHour.objects.create(name="After Work %s" % index)
happy_hour.shops = [shop]
view_func = HappyHourListView.as_view()
request = apply_request_middleware(
rf.get("/", {
"jq": json.dumps({"perPage": 100, "page": 1})
}),
user=staff_user,
shop=shop)
set_shop(request, shop)
response = view_func(request)
if hasattr(response, "render"):
response.render()
assert response.status_code == 200
view_instance = HappyHourListView()
view_instance.request = request
assert request.shop == shop
assert view_instance.get_queryset().count() == 1
data = json.loads(view_instance.get(request).content.decode("UTF-8"))
assert len(data["items"]) == 1
def _test_exception_delete_view(rf, index):
shop = factories.get_shop(identifier="shop%s" % index, enabled=True)
staff_user = factories.create_random_user(is_staff=True)
shop.staff_members.add(staff_user)
exception_name = "Exception %s" % index
exception = AvailabilityException.objects.create(
name=exception_name, start_datetime=now(), end_datetime=now())
exception.shops = [shop]
extra_exception = AvailabilityException.objects.create(
name="Extra Exception %s" % index, start_datetime=now(), end_datetime=now())
extra_exception.shops = [shop]
assert AvailabilityException.objects.filter(name=exception_name).exists()
view_func = AvailabilityExceptionDeleteView.as_view()
request = apply_request_middleware(rf.post("/"), user=staff_user, shop=shop)
set_shop(request, shop)
response = view_func(request, pk=exception.pk)
if hasattr(response, "render"):
response.render()
assert response.status_code == 302
assert not AvailabilityException.objects.filter(name=exception_name).exists()
# Make sure that this staff can't remove other people discounts
other_exceptions = AvailabilityException.objects.exclude(shops=shop)
exception_count = other_exceptions.count()
for coupon in other_exceptions:
view_func = AvailabilityExceptionDeleteView.as_view()
request = apply_request_middleware(rf.post("/"), user=staff_user, shop=shop)
set_shop(request, shop)
with pytest.raises(Http404):
response = view_func(request, pk=coupon.pk)
if hasattr(response, "render"):
response.render()
assert exception_count == AvailabilityException.objects.exclude(shops=shop).count()
def test_product_tour(browser, admin_user, live_server, settings):
shop = factories.get_default_shop()
shop2 = factories.get_shop(identifier="shop2")
admin_user_2 = factories.create_random_user(is_staff=True, is_superuser=True)
admin_user_2.set_password("password")
admin_user_2.save()
product = factories.get_default_product()
shop_product = product.get_shop_instance(shop)
shop.staff_members.add(admin_user)
shop.staff_members.add(admin_user_2)
for user in [admin_user, admin_user_2]:
initialize_admin_browser_test(browser, live_server, settings, username=user.username, tour_complete=False)
wait_until_condition(browser, lambda x: x.is_text_present("Welcome!"))
browser.visit(live_server + "/sa/products/%d/" % shop_product.pk)
wait_until_condition(browser, lambda x: x.is_text_present(shop_product.product.name))
# as this is added through javascript, add an extra timeout
wait_until_condition(browser, lambda x: x.is_text_present("You are adding a product."), timeout=30)
wait_until_condition(browser, lambda x: x.is_element_present_by_css(".shepherd-button.btn-primary"))
click_element(browser, ".shepherd-button.btn-primary")
category_targets = [
"a.shepherd-enabled[href='#basic-information-section']",
"a.shepherd-enabled[href='#additional-details-section']",
"a.shepherd-enabled[href='#manufacturer-section']",
"a.shepherd-enabled[href*='-additional-section']",
"a.shepherd-enabled[href='#product-media-section']",
"a.shepherd-enabled[href='#product-images-section']",
"a.shepherd-enabled[href='#contact-group-pricing-section']",
"a.shepherd-enabled[href='#contact-group-discount-section']"
]
# Scroll top before starting to click. For some reason the first
# item is not found without this. For Firefox or Chrome the browser
# does not do any extra scroll which could hide the first item.
# Steps are scrollTo false on purpose since the scrollTo true is the
# config which does not work in real world.
browser.execute_script("window.scrollTo(0,0)")
for target in category_targets:
try:
wait_until_condition(browser, lambda x: x.is_element_present_by_css(target))
browser.find_by_css(".shepherd-button.btn-primary").last.click()
except ElementNotInteractableException:
move_to_element(browser, ".shepherd-button.btn-primary")
wait_until_condition(browser, lambda x: x.is_element_present_by_css(target))
browser.find_by_css(".shepherd-button.btn-primary").last.click()
wait_until_condition(browser, lambda x: is_tour_complete(shop, "product", user))
# check whether the tour is shown again
browser.visit(live_server + "/sa/products/%d/" % shop_product.pk)
wait_until_condition(browser, lambda x: not x.is_text_present("You are adding a product."), timeout=20)
assert is_tour_complete(shop2, "product", user) is False
browser.visit(live_server + "/logout")
browser.visit(live_server + "/sa")
def test_set_company_customer(rf):
"""
Set a company as the basket customer
"""
with override_settings(**CORE_BASKET_SETTINGS):
user = factories.create_random_user()
request = apply_request_middleware(rf.get("/"), user=user)
basket = get_basket(request, "basket")
basket.customer = get_person_contact(user)
person = factories.create_random_person()
company = factories.create_random_company()
# no orderer provided
with pytest.raises(ValidationError) as exc:
basket_commands.handle_set_customer(request, basket, company)
assert exc.value.code == "invalid_orderer"
assert basket.customer == get_person_contact(user)
# orderer provided but not member of the company
with pytest.raises(ValidationError) as exc:
basket_commands.handle_set_customer(request, basket, company, person)
assert exc.value.code == "orderer_not_company_member"
assert basket.customer == get_person_contact(user)
# orderer provided but user not member of the company
company.members.add(person)
with pytest.raises(ValidationError) as exc:
basket_commands.handle_set_customer(request, basket, company, person)
assert exc.value.code == "not_company_member"
assert basket.customer == get_person_contact(user)
# staff and admin can add any the company and orderer without being member of the company
superuser = factories.create_random_user(is_superuser=True)
staff = factories.create_random_user(is_staff=True)
basket.shop.staff_members.add(staff)
for user in [superuser, staff]:
basket.customer = None
basket.orderer = None
request = apply_request_middleware(rf.get("/"), user=user)
assert basket_commands.handle_set_customer(request, basket, company, person)["ok"] is True
assert basket.customer == company
assert basket.orderer == person
def test_product_campaigns_section(rf, admin_user):
shop = factories.get_default_shop()
supplier = factories.get_default_supplier()
product = factories.create_product("test", shop=shop, supplier=supplier, default_price=10)
campaign1 = _create_active_campaign(shop, supplier, product)
campaign2 = _create_active_campaign(shop, None, product)
shop_staff_user = factories.create_random_user(is_staff=True)
shop.staff_members.add(shop_staff_user)
supplier_staff_user = factories.create_random_user(username=supplier.identifier, is_staff=True)
shop.staff_members.add(supplier_staff_user)
supplier_provider = "E-Commerce.testing.supplier_provider.UsernameSupplierProvider"
with override_settings(E-Commerce_ADMIN_SUPPLIER_PROVIDER_SPEC=supplier_provider):
request = apply_request_middleware(rf.get("/"), user=admin_user)
request.shop = shop
assert get_supplier(request) is None
context = ProductCampaignsSection.get_context_data(product, request)
assert context[shop]["basket_campaigns"].count() == 2
request = apply_request_middleware(rf.get("/"), user=shop_staff_user)
request.shop = shop
assert get_supplier(request) is None
context = ProductCampaignsSection.get_context_data(product, request)
assert context[shop]["basket_campaigns"].count() == 2
request = apply_request_middleware(rf.get("/"), user=supplier_staff_user)
request.shop = shop
assert get_supplier(request) == supplier
context = ProductCampaignsSection.get_context_data(product, request)
assert context[shop]["basket_campaigns"].count() == 1
campaign1.supplier = None
campaign1.save()
context = ProductCampaignsSection.get_context_data(product, request)
assert context[shop]["basket_campaigns"].count() == 0
BasketCampaign.objects.update(supplier=supplier)
context = ProductCampaignsSection.get_context_data(product, request)
assert context[shop]["basket_campaigns"].count() == 2
def test_set_shop(rf, set_shop_fn, get_shop_fn):
with override_settings(E-Commerce_ENABLE_MULTIPLE_SHOPS=True):
activate("en")
factories.get_default_shop()
shop1 = Shop.objects.create(identifier="shop1", status=ShopStatus.ENABLED)
shop2 = Shop.objects.create(identifier="shop2", status=ShopStatus.ENABLED)
normal_user = factories.create_random_user()
staff_user = factories.create_random_user(is_staff=True)
request = apply_request_middleware(rf.post("/"), user=normal_user, skip_session=True)
# user not staff
with pytest.raises(PermissionDenied) as exc:
set_shop_fn(request, shop1)
assert exc.value == "You must be a staff user"
# staff user now
with pytest.raises(PermissionDenied) as exc:
request = apply_request_middleware(rf.post("/"), user=staff_user)
assert exc.value == "You are not a staff member of this shop"
# the user is not member of the shop staff
with pytest.raises(PermissionDenied):
set_shop_fn(request, shop1)
assert get_shop_fn(request) is None
# user is member of the shop staff
shop1.staff_members.add(staff_user)
request = apply_request_middleware(rf.post("/"), user=staff_user, skip_session=True)
set_shop_fn(request, shop1)
assert get_shop_fn(request) == shop1
# can't set a shop which user is not member
with pytest.raises(PermissionDenied):
set_shop_fn(request, shop2)
assert get_shop_fn(request) == shop1
# adds the user to another shop
shop2.staff_members.add(staff_user)
set_shop_fn(request, shop2)
assert get_shop_fn(request) == shop2
def test_set_different_customer(rf):
"""
Set some customer to the basket that is not the request one
"""
with override_settings(**CORE_BASKET_SETTINGS):
user = factories.create_random_user()
request = apply_request_middleware(rf.get("/"), user=user)
basket = get_basket(request, "basket")
basket.customer = get_person_contact(user)
person1 = factories.create_random_person()
with pytest.raises(ValidationError) as exc:
basket_commands.handle_set_customer(request, basket, person1)
assert exc.value.code == "no_permission"
assert basket.customer == get_person_contact(user)
# with superuser
person2 = factories.create_random_person()
superuser = factories.create_random_user(is_superuser=True)
request = apply_request_middleware(rf.get("/"), user=superuser)
assert basket_commands.handle_set_customer(request, basket, person2)["ok"] is True
assert basket.customer == person2
assert basket.orderer == person2
# with staff user not member of the shop
person3 = factories.create_random_person()
staff = factories.create_random_user(is_staff=True)
request = apply_request_middleware(rf.get("/"), user=staff)
with pytest.raises(ValidationError) as exc:
basket_commands.handle_set_customer(request, basket, person3)
assert exc.value.code == "no_permission"
assert basket.customer == person2
assert basket.orderer == person2
# with staff user member of the shop
person4 = factories.create_random_person()
staff_member = factories.create_random_user(is_staff=True)
basket.shop.staff_members.add(staff_member)
request = apply_request_middleware(rf.get("/"), user=staff_member)
assert basket_commands.handle_set_customer(request, basket, person4)["ok"] is True
assert basket.customer == person4
assert basket.orderer == person4
def test_home_tour(browser, admin_user, live_server, settings):
shop = factories.get_default_shop()
shop2 = factories.get_shop(identifier="shop2")
admin_user_2 = factories.create_random_user(is_staff=True, is_superuser=True)
admin_user_2.set_password("password")
admin_user_2.save()
shop.staff_members.add(admin_user)
shop.staff_members.add(admin_user_2)
for user in [admin_user, admin_user_2]:
initialize_admin_browser_test(browser, live_server, settings, username=user.username, tour_complete=False)
wait_until_condition(browser, lambda x: x.is_text_present("Welcome!"))
browser.visit(live_server + "/sa/home")
wait_until_condition(browser, lambda x: x.is_text_present("Hi, new shop owner!"), timeout=30)
wait_until_condition(browser, lambda x: x.is_element_present_by_css(".shepherd-button.btn-primary"))
click_element(browser, ".shepherd-button.btn-primary")
category_targets = [
".shepherd-enabled[data-target-id='category-1'",
".shepherd-enabled[data-target-id='category-2'",
".shepherd-enabled[data-target-id='category-3'",
".shepherd-enabled[data-target-id='category-5'",
".shepherd-enabled[data-target-id='category-9'",
".shepherd-enabled[data-target-id='category-4'",
".shepherd-enabled[data-target-id='category-6'",
".shepherd-enabled[data-target-id='category-7'",
".shepherd-enabled[data-target-id='category-8'",
".shepherd-enabled#site-search",
".shepherd-enabled.shop-btn.visit-store",
]
for target in category_targets:
wait_until_condition(browser, lambda x: x.is_element_present_by_css(target))
move_to_element(browser, ".shepherd-button.btn-primary")
browser.find_by_css(".shepherd-button.btn-primary").last.click()
wait_until_condition(browser, lambda x: x.is_text_present("We're done!"), timeout=30)
move_to_element(browser, ".shepherd-button.btn-primary")
browser.find_by_css(".shepherd-button.btn-primary").last.click()
wait_until_condition(browser, lambda x: is_tour_complete(shop, "home", user))
# check whether the tour is shown again
browser.visit(live_server + "/sa/home")
wait_until_condition(browser, lambda x: not x.is_text_present("Hi, new shop owner!"))
browser.visit(live_server + "/logout")
browser.visit(live_server + "/sa")
wait_until_condition(browser, lambda x: not x.is_text_present("Hi, new shop owner!"))
assert is_tour_complete(shop2, "home", user) is False
def test_set_from_customer_to_anonymous(rf):
"""
Set anonymous to the basket customer
"""
with override_settings(**CORE_BASKET_SETTINGS):
user = factories.create_random_user()
request = apply_request_middleware(rf.get("/"), user=user)
basket = get_basket(request, "basket")
basket.customer = get_person_contact(user)
assert basket_commands.handle_set_customer(request, basket, AnonymousContact())["ok"] is True
assert basket.customer == AnonymousContact()
assert basket.orderer == AnonymousContact()
assert basket.creator == user
def test_edit_object_view_no_permissions(rf):
user = factories.create_random_user("en", is_staff=True)
shop = factories.get_default_shop()
shop.staff_members.add(user)
view = EditObjectView.as_view()
product = factories.create_product("p1", shop, factories.get_default_supplier())
model = ".".join(ContentType.objects.get_for_model(product).natural_key())
# no permission
with pytest.raises(Problem) as error:
_get_edit_object_view(rf, view, model, product.id, user, shop)
assert "You do not have the required permission" in str(error)
def test_serialize_data():
"""
Test contact dashboard views
"""
activate("en")
shop = factories.get_default_shop()
customer = factories.create_random_person("en")
user = factories.create_random_user("en")
user.set_password("1234")
user.save()
customer.user = user
customer.default_billing_address = factories.create_random_address()
customer.default_shipping_address = factories.create_random_address()
customer.save()
company = factories.create_random_company()
company.default_billing_address = factories.create_random_address()
company.default_shipping_address = factories.create_random_address()
company.save()
company.members.add(customer)
product = factories.create_product("p1", shop, factories.get_default_supplier())
for basket_customer in [customer, company]:
[factories.create_random_order(basket_customer, [product]) for order in range(3)]
client = SmartClient()
client.login(username=user.username, password="******")
response = client.get(reverse("E-Commerce:gdpr_customer_dashboard"))
assert response.status_code == 200
assert "My Data" in response.content.decode("utf-8")
response = client.post(reverse("E-Commerce:gdpr_download_data"))
assert response._headers["content-disposition"][0] == "Content-Disposition"
assert response.status_code == 200
from E-Commerce.tasks.models import Task, TaskType
from E-Commerce.gdpr.models import GDPR_ANONYMIZE_TASK_TYPE_IDENTIFIER
response = client.post(reverse("E-Commerce:gdpr_anonymize_account"))
assert response.status_code == 302
assert response.url.endswith(reverse("E-Commerce:index"))
task_type = TaskType.objects.get(identifier=GDPR_ANONYMIZE_TASK_TYPE_IDENTIFIER, shop=shop)
assert Task.objects.get(type=task_type, shop=shop)
user.refresh_from_db()
assert user.is_active is False
refreshed_customer = PersonContact.objects.get(id=customer.id)
assert refreshed_customer.is_active is False
assert refreshed_customer.name == customer.name # nothing changed yet
def test_add_product(rf):
"""
Add product to basket
"""
with override_settings(**CORE_BASKET_SETTINGS):
shop = factories.get_default_shop()
user = factories.create_random_user()
product = factories.create_product("product", shop, factories.get_default_supplier(), 10)
request = apply_request_middleware(rf.get("/"), user=user)
basket = get_basket(request, "basket")
basket.customer = get_person_contact(user)
cmd_response = basket_commands.handle_add(request, basket, product.id, 1)
assert cmd_response["ok"]
assert cmd_response["line_id"]
assert cmd_response["added"] == 1
assert len(basket.get_lines()) == 1
def test_basket_with_custom_shop(rf):
"""
Set a different shop for basket
"""
with override_settings(**CORE_BASKET_SETTINGS):
shop1 = factories.get_default_shop()
shop2 = factories.get_shop(identifier="shop2")
user = factories.create_random_user()
request = apply_request_middleware(rf.get("/"), user=user, shop=shop1)
basket_class = cached_load("E-Commerce_BASKET_CLASS_SPEC")
basket = basket_class(request, "basket", shop=shop2)
assert basket.shop == shop2
product_shop2 = factories.create_product("product_shop2", shop2, factories.get_default_supplier(), 10)
line = basket.add_product(factories.get_default_supplier(), shop2, product_shop2, 1)
assert line.shop == shop2
def test_force_contact_views(rf):
shop = factories.get_default_shop()
user = factories.create_random_user(is_staff=True)
shop.staff_members.add(user)
person_contact = get_person_contact(user)
request = apply_request_middleware(rf.get("/"), user=user)
assert request.customer == person_contact
# Force contact to anonymous contact
_call_force_view(request, force_anonymous_contact)
# Re-process middlewares so we check the force contact
request = apply_request_middleware(rf.get("/"), user=user)
assert request.customer.is_anonymous
assert get_person_contact(user).is_anonymous
assert_all_good_with_random_user()
# Force contact to person contact
_call_force_view(request, force_person_contact)
request = apply_request_middleware(rf.get("/"), user=user)
assert request.customer == person_contact
assert get_person_contact(user) == person_contact
assert_all_good_with_random_user()
# Force contact to company contact. This also ensures
# company contact for staff user if does not exists.
_call_force_view(request, force_company_contact)
request = apply_request_middleware(rf.get("/"), user=user)
assert get_company_contact(user) == request.customer
assert person_contact in request.customer.members.all()
assert request.person == person_contact
assert_all_good_with_random_user()
# Finally force back to person contact. Now without
# forcing the request would have company contact
# since company contact for shop staff was created
# while forcing company.
_call_force_view(request, force_person_contact)
request = apply_request_middleware(rf.get("/"), user=user)
assert request.customer == person_contact
assert get_person_contact(user) == person_contact
assert get_company_contact(user) is None
assert_all_good_with_random_user()
def test_suppliers_edit(rf, admin_user):
shop = factories.get_default_shop()
edit_view = SupplierEditView.as_view()
staff_user = factories.create_random_user("en", is_staff=True)
shop.staff_members.add(staff_user)
with override_settings(E-Commerce_ENABLE_MULTIPLE_SUPPLIERS=True):
for index, user in enumerate([admin_user, staff_user]):
payload = {
"base-name": "Supplier Name %d" % index,
"base-description__en": "Supplier Description %d" % index,
"base-type": SupplierType.INTERNAL.value,
"base-module_identifier": "",
"base-shops": shop.pk,
"base-enabled": "on",
"base-logo": "",
"base-is_approved": "on",
"address-name": "Address Name %d" % index,
"address-email": "*****@*****.**",
"address-phone": "23742578329",
"address-tax_number": "ABC123",
"address-street": "Streetz",
"address-postal_code": "90014",
"address-city": "Los Angeles",
"address-region_code": "CA",
"address-country": "US"
}
request = apply_request_middleware(rf.post("/", payload), user=user)
response = edit_view(request)
assert response.status_code == 302
supplier = Supplier.objects.last()
assert response.url == reverse("E-Commerce_admin:supplier.edit", kwargs=dict(pk=supplier.pk))
assert supplier.name == payload["base-name"]
assert supplier.description == payload["base-description__en"]
assert supplier.shops.count() == 1
assert supplier.enabled
assert supplier.is_approved
assert supplier.contact_address.name == payload["address-name"]
request = apply_request_middleware(rf.get("/"), user=user)
response = edit_view(request, **{"pk": supplier.pk})
assert response.status_code == 200
def test_set_from_anonymous_to_customer_auth(rf):
"""
Set some random customer to the basket when authenticated
"""
with override_settings(**CORE_BASKET_SETTINGS):
user = factories.create_random_user()
request = apply_request_middleware(rf.get("/"), user=user)
basket = get_basket(request, "basket")
basket.customer = AnonymousContact()
# can not set the customer for something different as the request customer
with pytest.raises(ValidationError) as exc:
basket_commands.handle_set_customer(request, basket, factories.create_random_person())
assert exc.value.code == "no_permission"
assert basket.customer == AnonymousContact()
assert basket_commands.handle_set_customer(request, basket, get_person_contact(user))["ok"] is True
assert basket.customer == get_person_contact(user)
def test_anonymous_set_company_customer(rf):
"""
Set a company as the basket customer
"""
with override_settings(**CORE_BASKET_SETTINGS):
user = factories.create_random_user()
request = apply_request_middleware(rf.get("/"), user=user)
basket = get_basket(request, "basket")
basket.customer = AnonymousContact()
person = factories.create_random_person()
company = factories.create_random_company()
company.members.add(person)
with pytest.raises(ValidationError) as exc:
basket_commands.handle_set_customer(request, basket, company, person)
assert exc.value.code == "not_company_member"
assert basket.customer == AnonymousContact()
