def test_update_category_slug_and_name(
staff_api_client,
category,
permission_manage_products,
input_slug,
expected_slug,
input_name,
error_message,
error_field,
):
query = """
mutation($id: ID!, $name: String, $slug: String) {
categoryUpdate(
id: $id
input: {
name: $name
slug: $slug
}
) {
category{
name
slug
}
productErrors {
field
message
code
}
}
}
"""
old_name = category.name
old_slug = category.slug
assert input_slug != old_slug
assert input_name != old_name
node_id = graphene.Node.to_global_id("Category", category.id)
variables = {"slug": input_slug, "name": input_name, "id": node_id}
response = staff_api_client.post_graphql(
query, variables, permissions=[permission_manage_products])
content = get_graphql_content(response)
category.refresh_from_db()
data = content["data"]["categoryUpdate"]
errors = data["productErrors"]
if not error_message:
assert data["category"]["name"] == input_name == category.name
assert data["category"]["slug"] == input_slug == category.slug
else:
assert errors
assert errors[0]["field"] == error_field
assert errors[0]["code"] == ProductErrorCode.REQUIRED.name
def test_uuid_scalar_value_passed_in_input(api_client, checkout):
token = checkout.token
query = f"""
query{{
checkout(token: "{token}") {{
token
}}
}}
"""
response = api_client.post_graphql(query)
content = get_graphql_content(response)
assert content["data"]["checkout"]["token"] == str(checkout.token)
def test_mutation_authorization_key_add(staff_api_client,
permission_manage_settings):
# mutation with correct input data should create a new key instance
variables = {"keyType": "FACEBOOK", "key": "key", "password": "******"}
response = staff_api_client.post_graphql(
AUTHORIZATION_KEY_ADD,
variables,
permissions=[permission_manage_settings])
content = get_graphql_content(response)
assert content["data"]["authorizationKeyAdd"]["authorizationKey"][
"key"] == "key"
def test_webhook_update_by_staff(
staff_api_client, app, webhook, permission_manage_webhooks
):
query = WEBHOOK_UPDATE
webhook_id = graphene.Node.to_global_id("Webhook", webhook.pk)
variables = {
"id": webhook_id,
"events": [
WebhookEventTypeEnum.CUSTOMER_CREATED.name,
WebhookEventTypeEnum.CUSTOMER_CREATED.name,
],
"is_active": False,
}
staff_api_client.user.user_permissions.add(permission_manage_webhooks)
response = staff_api_client.post_graphql(query, variables=variables)
get_graphql_content(response)
webhook.refresh_from_db()
assert webhook.is_active is False
events = webhook.events.all()
assert len(events) == 1
assert events[0].event_type == WebhookEventTypeEnum.CUSTOMER_CREATED.value
def test_query_charge_taxes_on_shipping(api_client, site_settings):
query = """
query {
shop {
chargeTaxesOnShipping
}
}"""
response = api_client.post_graphql(query)
content = get_graphql_content(response)
data = content["data"]["shop"]
charge_taxes_on_shipping = site_settings.charge_taxes_on_shipping
assert data["chargeTaxesOnShipping"] == charge_taxes_on_shipping
def test_category_delete_mutation(staff_api_client, category,
permission_manage_products):
variables = {"id": graphene.Node.to_global_id("Category", category.id)}
response = staff_api_client.post_graphql(
MUTATION_CATEGORY_DELETE,
variables,
permissions=[permission_manage_products])
content = get_graphql_content(response)
data = content["data"]["categoryDelete"]
assert data["category"]["name"] == category.name
with pytest.raises(category._meta.model.DoesNotExist):
category.refresh_from_db()
def test_menu_query_error_when_no_param(
user_api_client,
menu,
graphql_log_handler,
):
variables = {}
response = user_api_client.post_graphql(QUERY_MENU, variables=variables)
assert graphql_log_handler.messages == [
"saleor.graphql.errors.handled[ERROR].GraphQLError"
]
content = get_graphql_content(response, ignore_errors=True)
assert len(content["errors"]) == 1
def test_digital_content_create_mutation_custom_settings(
monkeypatch, staff_api_client, variant, permission_manage_products, media_root
):
query = """
mutation createDigitalContent($variant: ID!,
$input: DigitalContentUploadInput!) {
digitalContentCreate(variantId: $variant, input: $input) {
variant {
id
}
}
}
"""
image_file, image_name = create_image()
url_valid_days = 3
max_downloads = 5
variables = {
"variant": graphene.Node.to_global_id("ProductVariant", variant.id),
"input": {
"useDefaultSettings": False,
"maxDownloads": max_downloads,
"urlValidDays": url_valid_days,
"automaticFulfillment": True,
"contentFile": image_name,
},
}
body = get_multipart_request_body(query, variables, image_file, image_name)
response = staff_api_client.post_multipart(
body, permissions=[permission_manage_products]
)
get_graphql_content(response)
variant.refresh_from_db()
assert variant.digital_content.content_file
assert variant.digital_content.max_downloads == max_downloads
assert variant.digital_content.url_valid_days == url_valid_days
assert variant.digital_content.automatic_fulfillment
assert not variant.digital_content.use_default_settings
def test_delete_wmsdeliverer(staff_api_client, wms_deliverer,
permission_manage_wmsdocument):
query = DELETE_WMSDELIVERER_MUTATION
node_id = graphene.Node.to_global_id("WmsDeliverer", wms_deliverer.id)
variables = {"id": node_id}
staff_api_client.user.user_permissions.add(permission_manage_wmsdocument)
response = staff_api_client.post_graphql(query, variables)
content = get_graphql_content(response)
data = content["data"]["wmsDelivererDelete"]
assert data["wmsDeliverer"]["id"] == node_id
with pytest.raises(wms_deliverer._meta.model.DoesNotExist):
wms_deliverer.refresh_from_db()
assert node_id == data["wmsDeliverer"]["id"]
def test_wmsdeliverer_query_by_id(staff_api_client, wms_deliverer,
permission_manage_wmsdocument):
query = QUERY_WMSDELIVERER
wmsdeliverer_id = graphene.Node.to_global_id("WmsDeliverer",
wms_deliverer.pk)
variables = {"id": wmsdeliverer_id}
staff_api_client.user.user_permissions.add(permission_manage_wmsdocument)
response = staff_api_client.post_graphql(query, variables=variables)
content = get_graphql_content(response)
wmsdeliverer_data = content["data"]["wmsDeliverer"]
assert wmsdeliverer_data is not None
assert wmsdeliverer_data["id"] == wmsdeliverer_id
def test_sample_payload_query_by_staff(
mock_generate_sample_payload,
event_type,
has_access,
staff_api_client,
permission_manage_users,
permission_manage_products,
permission_manage_checkouts,
):
mock_generate_sample_payload.return_value = {"mocked_response": ""}
query = SAMPLE_PAYLOAD_QUERY
staff_api_client.user.user_permissions.add(permission_manage_users)
staff_api_client.user.user_permissions.add(permission_manage_products)
staff_api_client.user.user_permissions.add(permission_manage_checkouts)
variables = {"event_type": event_type.name}
response = staff_api_client.post_graphql(query, variables=variables)
if not has_access:
assert_no_permission(response)
mock_generate_sample_payload.assert_not_called()
else:
get_graphql_content(response)
mock_generate_sample_payload.assert_called_with(event_type.value)
def test_query_webhooks_by_app_without_permissions(app_api_client,):
second_app = App.objects.create(name="Sample app account", is_active=True)
second_webhook = Webhook.objects.create(
app=second_app, target_url="http://www.example.com/test"
)
second_webhook.events.create(event_type="order_created")
query = QUERY_WEBHOOKS
variables = {"filter": {}}
response = app_api_client.post_graphql(query, variables=variables)
content = get_graphql_content(response)
webhooks = content["data"]["webhooks"]["edges"]
assert len(webhooks) == 0
def test_service_account_with_access_to_resources(
app_api_client,
app,
permission_manage_orders,
order_with_lines,
):
query = """
query {
orders(first: 5) {
edges {
node {
id
}
}
}
}
"""
response = app_api_client.post_graphql(query)
assert_no_permission(response)
response = app_api_client.post_graphql(
query, permissions=[permission_manage_orders])
get_graphql_content(response)
def test_activate_gift_card_active_gift_card(
staff_api_client, gift_card, permission_manage_gift_card
):
assert gift_card.is_active
variables = {"id": graphene.Node.to_global_id("GiftCard", gift_card.id)}
response = staff_api_client.post_graphql(
ACTIVATE_GIFT_CARD_MUTATION,
variables,
permissions=[permission_manage_gift_card],
)
content = get_graphql_content(response)
data = content["data"]["giftCardActivate"]["giftCard"]
assert data["isActive"]
def test_query_stocks_with_filters_product_variant__product(
staff_api_client, stock, permission_manage_products):
staff_api_client.user.user_permissions.add(permission_manage_products)
product = stock.product_variant.product
response_name = staff_api_client.post_graphql(
QUERY_STOCKS_WITH_FILTERS,
variables={"filter": {
"search": product.name
}})
content = get_graphql_content(response_name)
total_count = content["data"]["stocks"]["totalCount"]
assert (total_count == Stock.objects.filter(
product_variant__product__name=product.name).count())
def test_attributes_pagination_with_sorting(
sort_by, attributes_order, staff_api_client, attributes_for_pagination,
):
page_size = 3
variables = {"first": page_size, "after": None, "sortBy": sort_by}
response = staff_api_client.post_graphql(QUERY_ATTRIBUTES_PAGINATION, variables,)
content = get_graphql_content(response)
attributes_nodes = content["data"]["attributes"]["edges"]
assert attributes_order[0] == attributes_nodes[0]["node"]["name"]
assert attributes_order[1] == attributes_nodes[1]["node"]["name"]
assert attributes_order[2] == attributes_nodes[2]["node"]["name"]
assert len(attributes_nodes) == page_size
def test_query_stock(staff_api_client, stock, permission_manage_products):
staff_api_client.user.user_permissions.add(permission_manage_products)
stock_id = graphene.Node.to_global_id("Stock", stock.pk)
response = staff_api_client.post_graphql(QUERY_STOCK,
variables={"id": stock_id})
content = get_graphql_content(response)
content_stock = content["data"]["stock"]
assert (content_stock["productVariant"]["product"]["name"] ==
stock.product_variant.product.name)
assert content_stock["warehouse"]["name"] == stock.warehouse.name
assert content_stock["quantity"] == stock.quantity
assert content_stock[
"quantityAllocated"] == get_quantity_allocated_for_stock(stock)
def test_checkout_by_token(checkout, user_api_client, customer_user):
# given
checkout.user = customer_user
checkout.save()
variables = {"token": checkout.token}
# when
response = user_api_client.post_graphql(CHECKOUT_QUERY, variables)
# then
content = get_graphql_content(response)
data = content["data"]["checkout"]
assert data["id"] == to_global_id_or_none(checkout)
def test_query_warehouses(staff_api_client, warehouse,
permission_manage_products):
response = staff_api_client.post_graphql(
QUERY_WAREHOUSES, permissions=[permission_manage_products])
content = get_graphql_content(response)["data"]
assert content["warehouses"]["totalCount"] == Warehouse.objects.count()
warehouses = content["warehouses"]["edges"]
warehouse_id = graphene.Node.to_global_id("Warehouse", warehouse.pk)
warehouse_first = warehouses[0]["node"]
assert warehouse_first["id"] == warehouse_id
assert warehouse_first["name"] == warehouse.name
assert (len(warehouse_first["shippingZones"]["edges"]) ==
warehouse.shipping_zones.count())
def test_delete_warehouse_deletes_associated_address(
staff_api_client, warehouse, permission_manage_products):
warehouse_id = graphene.Node.to_global_id("Warehouse", warehouse.pk)
assert Address.objects.count() == 1
response = staff_api_client.post_graphql(
MUTATION_DELETE_WAREHOUSE,
variables={"id": warehouse_id},
permissions=[permission_manage_products],
)
content = get_graphql_content(response)
errors = content["data"]["deleteWarehouse"]["warehouseErrors"]
assert len(errors) == 0
assert not Address.objects.exists()
def test_delete_categories_with_subcategories_and_products(
mock_update_products_minimal_variant_prices_task,
staff_api_client,
category_list,
permission_manage_products,
product,
category,
):
product.category = category
category.parent = category_list[0]
product.save()
category.save()
parent_product = Product.objects.get(pk=product.pk)
parent_product.slug = "parent-product"
parent_product.id = None
parent_product.category = category_list[0]
parent_product.save()
product_list = [product, parent_product]
variables = {
"ids": [
graphene.Node.to_global_id("Category", category.id)
for category in category_list
]
}
response = staff_api_client.post_graphql(
MUTATION_CATEGORY_BULK_DELETE,
variables,
permissions=[permission_manage_products],
)
content = get_graphql_content(response)
assert content["data"]["categoryBulkDelete"]["count"] == 3
assert not Category.objects.filter(
id__in=[category.id for category in category_list]).exists()
mock_update_products_minimal_variant_prices_task.delay.assert_called_once()
(
_call_args,
call_kwargs,
) = mock_update_products_minimal_variant_prices_task.delay.call_args
assert set(call_kwargs["product_ids"]) == set([p.pk for p in product_list])
for product in product_list:
product.refresh_from_db()
assert not product.category
assert not product.is_published
assert not product.publication_date
def test_delete_staff_members_left_not_manageable_permissions(
staff_api_client,
staff_users,
permission_manage_staff,
permission_manage_users,
permission_manage_orders,
):
"""Ensure user can't delete users when some permissions will be not manageable."""
query = STAFF_BULK_DELETE_MUTATION
groups = Group.objects.bulk_create([
Group(name="manage users"),
Group(name="manage staff"),
Group(name="manage orders"),
])
group1, group2, group3 = groups
group1.permissions.add(permission_manage_users)
group2.permissions.add(permission_manage_staff)
group3.permissions.add(permission_manage_orders)
staff_user, staff_user1, staff_user2 = staff_users
group1.user_set.add(staff_user1)
group2.user_set.add(staff_user2, staff_user1, staff_user)
group3.user_set.add(staff_user1)
staff_user.user_permissions.add(permission_manage_users,
permission_manage_orders,
permission_manage_staff)
variables = {
"ids": [
graphene.Node.to_global_id("User", user.id)
for user in [staff_user1, staff_user2]
]
}
response = staff_api_client.post_graphql(query, variables)
content = get_graphql_content(response)
data = content["data"]["staffBulkDelete"]
errors = data["staffErrors"]
assert len(errors) == 1
assert data["count"] == 0
assert errors[0]["field"] == "ids"
assert errors[0][
"code"] == AccountErrorCode.LEFT_NOT_MANAGEABLE_PERMISSION.name
assert set(errors[0]["permissions"]) == {
AccountPermissions.MANAGE_USERS.name,
OrderPermissions.MANAGE_ORDERS.name,
}
assert User.objects.filter(
id__in=[user.id for user in [staff_user1, staff_user2]]).exists()
def test_digital_content_update_mutation_missing_content(
monkeypatch, staff_api_client, variant, permission_manage_products
):
url_valid_days = 3
max_downloads = 5
query = """
mutation digitalUpdate($variant: ID!, $input: DigitalContentInput!){
digitalContentUpdate(variantId:$variant, input: $input){
variant{
id
}
content{
contentFile
maxDownloads
urlValidDays
automaticFulfillment
}
errors {
field
message
}
productErrors {
field
message
code
}
}
}
"""
variables = {
"variant": graphene.Node.to_global_id("ProductVariant", variant.id),
"input": {
"maxDownloads": max_downloads,
"urlValidDays": url_valid_days,
"automaticFulfillment": True,
"useDefaultSettings": False,
},
}
response = staff_api_client.post_graphql(
query, variables, permissions=[permission_manage_products]
)
content = get_graphql_content(response)
assert content["data"]["digitalContentUpdate"]["errors"]
errors = content["data"]["digitalContentUpdate"]["errors"]
assert len(errors) == 1
assert errors[0]["field"] == "variantId"
product_errors = content["data"]["digitalContentUpdate"]["productErrors"]
assert product_errors[0]["code"] == ProductErrorCode.VARIANT_NO_DIGITAL_CONTENT.name
def test_query_name(user_api_client, site_settings):
query = """
query {
shop {
name
description
}
}
"""
response = user_api_client.post_graphql(query)
content = get_graphql_content(response)
data = content["data"]["shop"]
assert data["description"] == site_settings.description
assert data["name"] == site_settings.site.name
def test_webhook_create_by_staff_and_service_account(
staff_api_client,
app,
permission_manage_webhooks,
permission_manage_orders,
):
query = WEBHOOK_CREATE_BY_STAFF
app.permissions.add(permission_manage_orders)
service_account_id = graphene.Node.to_global_id("ServiceAccount", app.pk)
variables = {
"target_url": "https://www.example.com",
"events": [WebhookEventTypeEnum.ORDER_CREATED.name],
"service_account": service_account_id,
}
staff_api_client.user.user_permissions.add(permission_manage_webhooks)
response = staff_api_client.post_graphql(query, variables=variables)
get_graphql_content(response)
new_webhook = Webhook.objects.get()
assert new_webhook.target_url == "https://www.example.com"
assert new_webhook.app == app
events = new_webhook.events.all()
assert len(events) == 1
assert events[0].event_type == WebhookEventTypeEnum.ORDER_CREATED.value
def test_collection_image_query(user_api_client, collection, media_root):
alt_text = "Alt text for an image."
image_file, image_name = create_image()
collection.background_image = image_file
collection.background_image_alt = alt_text
collection.save()
collection_id = graphene.Node.to_global_id("Collection", collection.pk)
variables = {"id": collection_id}
response = user_api_client.post_graphql(FETCH_COLLECTION_QUERY, variables)
content = get_graphql_content(response)
data = content["data"]["collection"]
thumbnail_url = collection.background_image.thumbnail["120x120"].url
assert thumbnail_url in data["backgroundImage"]["url"]
assert data["backgroundImage"]["alt"] == alt_text
def test_bulk_unpublish(staff_api_client, page_list, permission_manage_pages):
assert all(page.is_published for page in page_list)
variables = {
"ids": [graphene.Node.to_global_id("Page", page.id) for page in page_list],
"is_published": False,
}
response = staff_api_client.post_graphql(
MUTATION_PUBLISH_PAGES, variables, permissions=[permission_manage_pages]
)
content = get_graphql_content(response)
page_list = Page.objects.filter(id__in=[page.pk for page in page_list])
assert content["data"]["pageBulkPublish"]["count"] == len(page_list)
assert not any(page.is_published for page in page_list)
def test_retrieve_shop(api_client, count_queries):
query = """
query getShop {
shop {
defaultCountry {
code
country
}
countries {
country
code
}
geolocalization {
country {
code
country
}
}
}
}
"""
get_graphql_content(api_client.post_graphql(query))
def test_update_shipping_zone(staff_api_client, shipping_zone,
permission_manage_shipping):
name = "Parabolic name"
shipping_id = graphene.Node.to_global_id("ShippingZone", shipping_zone.pk)
variables = {"id": shipping_id, "name": name, "countries": []}
response = staff_api_client.post_graphql(
UPDATE_SHIPPING_ZONE_QUERY,
variables,
permissions=[permission_manage_shipping])
content = get_graphql_content(response)
data = content["data"]["shippingZoneUpdate"]
assert not data["shippingErrors"]
data = content["data"]["shippingZoneUpdate"]["shippingZone"]
assert data["name"] == name
def test_delete_staff_members_superuser_can_delete__out_of_scope_users(
superuser_api_client,
staff_users,
permission_manage_staff,
permission_manage_users,
permission_manage_orders,
):
"""Ensure superuser can delete users when some users has wider scope of permissions.
"""
query = STAFF_BULK_DELETE_MUTATION
groups = Group.objects.bulk_create([
Group(name="manage users"),
Group(name="manage staff"),
Group(name="manage orders and users"),
])
group1, group2, group3 = groups
group1.permissions.add(permission_manage_users)
group2.permissions.add(permission_manage_staff)
group3.permissions.add(permission_manage_orders, permission_manage_users)
staff_user, staff_user1, staff_user2 = staff_users
staff_user3 = User.objects.create(
email="*****@*****.**",
password="******",
is_staff=True,
is_active=True,
)
group1.user_set.add(staff_user1)
group2.user_set.add(staff_user2, staff_user1, staff_user3)
group3.user_set.add(staff_user1, staff_user3)
staff_user.user_permissions.add(permission_manage_users,
permission_manage_staff)
variables = {
"ids": [
graphene.Node.to_global_id("User", user.id)
for user in [staff_user1, staff_user2]
]
}
response = superuser_api_client.post_graphql(query, variables)
content = get_graphql_content(response)
data = content["data"]["staffBulkDelete"]
errors = data["staffErrors"]
assert not errors
assert data["count"] == 2
assert not User.objects.filter(
id__in=[user.id for user in [staff_user1, staff_user2]]).exists()
