def test_update_category_slug_and_name( staff_api_client, category, permission_manage_products, input_slug, expected_slug, input_name, error_message, error_field, ): query = """ mutation($id: ID!, $name: String, $slug: String) { categoryUpdate( id: $id input: { name: $name slug: $slug } ) { category{ name slug } productErrors { field message code } } } """ old_name = category.name old_slug = category.slug assert input_slug != old_slug assert input_name != old_name node_id = graphene.Node.to_global_id("Category", category.id) variables = {"slug": input_slug, "name": input_name, "id": node_id} response = staff_api_client.post_graphql( query, variables, permissions=[permission_manage_products]) content = get_graphql_content(response) category.refresh_from_db() data = content["data"]["categoryUpdate"] errors = data["productErrors"] if not error_message: assert data["category"]["name"] == input_name == category.name assert data["category"]["slug"] == input_slug == category.slug else: assert errors assert errors[0]["field"] == error_field assert errors[0]["code"] == ProductErrorCode.REQUIRED.name
def test_uuid_scalar_value_passed_in_input(api_client, checkout): token = checkout.token query = f""" query{{ checkout(token: "{token}") {{ token }} }} """ response = api_client.post_graphql(query) content = get_graphql_content(response) assert content["data"]["checkout"]["token"] == str(checkout.token)
def test_mutation_authorization_key_add(staff_api_client, permission_manage_settings): # mutation with correct input data should create a new key instance variables = {"keyType": "FACEBOOK", "key": "key", "password": "******"} response = staff_api_client.post_graphql( AUTHORIZATION_KEY_ADD, variables, permissions=[permission_manage_settings]) content = get_graphql_content(response) assert content["data"]["authorizationKeyAdd"]["authorizationKey"][ "key"] == "key"
def test_webhook_update_by_staff( staff_api_client, app, webhook, permission_manage_webhooks ): query = WEBHOOK_UPDATE webhook_id = graphene.Node.to_global_id("Webhook", webhook.pk) variables = { "id": webhook_id, "events": [ WebhookEventTypeEnum.CUSTOMER_CREATED.name, WebhookEventTypeEnum.CUSTOMER_CREATED.name, ], "is_active": False, } staff_api_client.user.user_permissions.add(permission_manage_webhooks) response = staff_api_client.post_graphql(query, variables=variables) get_graphql_content(response) webhook.refresh_from_db() assert webhook.is_active is False events = webhook.events.all() assert len(events) == 1 assert events[0].event_type == WebhookEventTypeEnum.CUSTOMER_CREATED.value
def test_query_charge_taxes_on_shipping(api_client, site_settings): query = """ query { shop { chargeTaxesOnShipping } }""" response = api_client.post_graphql(query) content = get_graphql_content(response) data = content["data"]["shop"] charge_taxes_on_shipping = site_settings.charge_taxes_on_shipping assert data["chargeTaxesOnShipping"] == charge_taxes_on_shipping
def test_category_delete_mutation(staff_api_client, category, permission_manage_products): variables = {"id": graphene.Node.to_global_id("Category", category.id)} response = staff_api_client.post_graphql( MUTATION_CATEGORY_DELETE, variables, permissions=[permission_manage_products]) content = get_graphql_content(response) data = content["data"]["categoryDelete"] assert data["category"]["name"] == category.name with pytest.raises(category._meta.model.DoesNotExist): category.refresh_from_db()
def test_menu_query_error_when_no_param( user_api_client, menu, graphql_log_handler, ): variables = {} response = user_api_client.post_graphql(QUERY_MENU, variables=variables) assert graphql_log_handler.messages == [ "saleor.graphql.errors.handled[ERROR].GraphQLError" ] content = get_graphql_content(response, ignore_errors=True) assert len(content["errors"]) == 1
def test_digital_content_create_mutation_custom_settings( monkeypatch, staff_api_client, variant, permission_manage_products, media_root ): query = """ mutation createDigitalContent($variant: ID!, $input: DigitalContentUploadInput!) { digitalContentCreate(variantId: $variant, input: $input) { variant { id } } } """ image_file, image_name = create_image() url_valid_days = 3 max_downloads = 5 variables = { "variant": graphene.Node.to_global_id("ProductVariant", variant.id), "input": { "useDefaultSettings": False, "maxDownloads": max_downloads, "urlValidDays": url_valid_days, "automaticFulfillment": True, "contentFile": image_name, }, } body = get_multipart_request_body(query, variables, image_file, image_name) response = staff_api_client.post_multipart( body, permissions=[permission_manage_products] ) get_graphql_content(response) variant.refresh_from_db() assert variant.digital_content.content_file assert variant.digital_content.max_downloads == max_downloads assert variant.digital_content.url_valid_days == url_valid_days assert variant.digital_content.automatic_fulfillment assert not variant.digital_content.use_default_settings
def test_delete_wmsdeliverer(staff_api_client, wms_deliverer, permission_manage_wmsdocument): query = DELETE_WMSDELIVERER_MUTATION node_id = graphene.Node.to_global_id("WmsDeliverer", wms_deliverer.id) variables = {"id": node_id} staff_api_client.user.user_permissions.add(permission_manage_wmsdocument) response = staff_api_client.post_graphql(query, variables) content = get_graphql_content(response) data = content["data"]["wmsDelivererDelete"] assert data["wmsDeliverer"]["id"] == node_id with pytest.raises(wms_deliverer._meta.model.DoesNotExist): wms_deliverer.refresh_from_db() assert node_id == data["wmsDeliverer"]["id"]
def test_wmsdeliverer_query_by_id(staff_api_client, wms_deliverer, permission_manage_wmsdocument): query = QUERY_WMSDELIVERER wmsdeliverer_id = graphene.Node.to_global_id("WmsDeliverer", wms_deliverer.pk) variables = {"id": wmsdeliverer_id} staff_api_client.user.user_permissions.add(permission_manage_wmsdocument) response = staff_api_client.post_graphql(query, variables=variables) content = get_graphql_content(response) wmsdeliverer_data = content["data"]["wmsDeliverer"] assert wmsdeliverer_data is not None assert wmsdeliverer_data["id"] == wmsdeliverer_id
def test_sample_payload_query_by_staff( mock_generate_sample_payload, event_type, has_access, staff_api_client, permission_manage_users, permission_manage_products, permission_manage_checkouts, ): mock_generate_sample_payload.return_value = {"mocked_response": ""} query = SAMPLE_PAYLOAD_QUERY staff_api_client.user.user_permissions.add(permission_manage_users) staff_api_client.user.user_permissions.add(permission_manage_products) staff_api_client.user.user_permissions.add(permission_manage_checkouts) variables = {"event_type": event_type.name} response = staff_api_client.post_graphql(query, variables=variables) if not has_access: assert_no_permission(response) mock_generate_sample_payload.assert_not_called() else: get_graphql_content(response) mock_generate_sample_payload.assert_called_with(event_type.value)
def test_query_webhooks_by_app_without_permissions(app_api_client,): second_app = App.objects.create(name="Sample app account", is_active=True) second_webhook = Webhook.objects.create( app=second_app, target_url="http://www.example.com/test" ) second_webhook.events.create(event_type="order_created") query = QUERY_WEBHOOKS variables = {"filter": {}} response = app_api_client.post_graphql(query, variables=variables) content = get_graphql_content(response) webhooks = content["data"]["webhooks"]["edges"] assert len(webhooks) == 0
def test_service_account_with_access_to_resources( app_api_client, app, permission_manage_orders, order_with_lines, ): query = """ query { orders(first: 5) { edges { node { id } } } } """ response = app_api_client.post_graphql(query) assert_no_permission(response) response = app_api_client.post_graphql( query, permissions=[permission_manage_orders]) get_graphql_content(response)
def test_activate_gift_card_active_gift_card( staff_api_client, gift_card, permission_manage_gift_card ): assert gift_card.is_active variables = {"id": graphene.Node.to_global_id("GiftCard", gift_card.id)} response = staff_api_client.post_graphql( ACTIVATE_GIFT_CARD_MUTATION, variables, permissions=[permission_manage_gift_card], ) content = get_graphql_content(response) data = content["data"]["giftCardActivate"]["giftCard"] assert data["isActive"]
def test_query_stocks_with_filters_product_variant__product( staff_api_client, stock, permission_manage_products): staff_api_client.user.user_permissions.add(permission_manage_products) product = stock.product_variant.product response_name = staff_api_client.post_graphql( QUERY_STOCKS_WITH_FILTERS, variables={"filter": { "search": product.name }}) content = get_graphql_content(response_name) total_count = content["data"]["stocks"]["totalCount"] assert (total_count == Stock.objects.filter( product_variant__product__name=product.name).count())
def test_attributes_pagination_with_sorting( sort_by, attributes_order, staff_api_client, attributes_for_pagination, ): page_size = 3 variables = {"first": page_size, "after": None, "sortBy": sort_by} response = staff_api_client.post_graphql(QUERY_ATTRIBUTES_PAGINATION, variables,) content = get_graphql_content(response) attributes_nodes = content["data"]["attributes"]["edges"] assert attributes_order[0] == attributes_nodes[0]["node"]["name"] assert attributes_order[1] == attributes_nodes[1]["node"]["name"] assert attributes_order[2] == attributes_nodes[2]["node"]["name"] assert len(attributes_nodes) == page_size
def test_query_stock(staff_api_client, stock, permission_manage_products): staff_api_client.user.user_permissions.add(permission_manage_products) stock_id = graphene.Node.to_global_id("Stock", stock.pk) response = staff_api_client.post_graphql(QUERY_STOCK, variables={"id": stock_id}) content = get_graphql_content(response) content_stock = content["data"]["stock"] assert (content_stock["productVariant"]["product"]["name"] == stock.product_variant.product.name) assert content_stock["warehouse"]["name"] == stock.warehouse.name assert content_stock["quantity"] == stock.quantity assert content_stock[ "quantityAllocated"] == get_quantity_allocated_for_stock(stock)
def test_checkout_by_token(checkout, user_api_client, customer_user): # given checkout.user = customer_user checkout.save() variables = {"token": checkout.token} # when response = user_api_client.post_graphql(CHECKOUT_QUERY, variables) # then content = get_graphql_content(response) data = content["data"]["checkout"] assert data["id"] == to_global_id_or_none(checkout)
def test_query_warehouses(staff_api_client, warehouse, permission_manage_products): response = staff_api_client.post_graphql( QUERY_WAREHOUSES, permissions=[permission_manage_products]) content = get_graphql_content(response)["data"] assert content["warehouses"]["totalCount"] == Warehouse.objects.count() warehouses = content["warehouses"]["edges"] warehouse_id = graphene.Node.to_global_id("Warehouse", warehouse.pk) warehouse_first = warehouses[0]["node"] assert warehouse_first["id"] == warehouse_id assert warehouse_first["name"] == warehouse.name assert (len(warehouse_first["shippingZones"]["edges"]) == warehouse.shipping_zones.count())
def test_delete_warehouse_deletes_associated_address( staff_api_client, warehouse, permission_manage_products): warehouse_id = graphene.Node.to_global_id("Warehouse", warehouse.pk) assert Address.objects.count() == 1 response = staff_api_client.post_graphql( MUTATION_DELETE_WAREHOUSE, variables={"id": warehouse_id}, permissions=[permission_manage_products], ) content = get_graphql_content(response) errors = content["data"]["deleteWarehouse"]["warehouseErrors"] assert len(errors) == 0 assert not Address.objects.exists()
def test_delete_categories_with_subcategories_and_products( mock_update_products_minimal_variant_prices_task, staff_api_client, category_list, permission_manage_products, product, category, ): product.category = category category.parent = category_list[0] product.save() category.save() parent_product = Product.objects.get(pk=product.pk) parent_product.slug = "parent-product" parent_product.id = None parent_product.category = category_list[0] parent_product.save() product_list = [product, parent_product] variables = { "ids": [ graphene.Node.to_global_id("Category", category.id) for category in category_list ] } response = staff_api_client.post_graphql( MUTATION_CATEGORY_BULK_DELETE, variables, permissions=[permission_manage_products], ) content = get_graphql_content(response) assert content["data"]["categoryBulkDelete"]["count"] == 3 assert not Category.objects.filter( id__in=[category.id for category in category_list]).exists() mock_update_products_minimal_variant_prices_task.delay.assert_called_once() ( _call_args, call_kwargs, ) = mock_update_products_minimal_variant_prices_task.delay.call_args assert set(call_kwargs["product_ids"]) == set([p.pk for p in product_list]) for product in product_list: product.refresh_from_db() assert not product.category assert not product.is_published assert not product.publication_date
def test_delete_staff_members_left_not_manageable_permissions( staff_api_client, staff_users, permission_manage_staff, permission_manage_users, permission_manage_orders, ): """Ensure user can't delete users when some permissions will be not manageable.""" query = STAFF_BULK_DELETE_MUTATION groups = Group.objects.bulk_create([ Group(name="manage users"), Group(name="manage staff"), Group(name="manage orders"), ]) group1, group2, group3 = groups group1.permissions.add(permission_manage_users) group2.permissions.add(permission_manage_staff) group3.permissions.add(permission_manage_orders) staff_user, staff_user1, staff_user2 = staff_users group1.user_set.add(staff_user1) group2.user_set.add(staff_user2, staff_user1, staff_user) group3.user_set.add(staff_user1) staff_user.user_permissions.add(permission_manage_users, permission_manage_orders, permission_manage_staff) variables = { "ids": [ graphene.Node.to_global_id("User", user.id) for user in [staff_user1, staff_user2] ] } response = staff_api_client.post_graphql(query, variables) content = get_graphql_content(response) data = content["data"]["staffBulkDelete"] errors = data["staffErrors"] assert len(errors) == 1 assert data["count"] == 0 assert errors[0]["field"] == "ids" assert errors[0][ "code"] == AccountErrorCode.LEFT_NOT_MANAGEABLE_PERMISSION.name assert set(errors[0]["permissions"]) == { AccountPermissions.MANAGE_USERS.name, OrderPermissions.MANAGE_ORDERS.name, } assert User.objects.filter( id__in=[user.id for user in [staff_user1, staff_user2]]).exists()
def test_digital_content_update_mutation_missing_content( monkeypatch, staff_api_client, variant, permission_manage_products ): url_valid_days = 3 max_downloads = 5 query = """ mutation digitalUpdate($variant: ID!, $input: DigitalContentInput!){ digitalContentUpdate(variantId:$variant, input: $input){ variant{ id } content{ contentFile maxDownloads urlValidDays automaticFulfillment } errors { field message } productErrors { field message code } } } """ variables = { "variant": graphene.Node.to_global_id("ProductVariant", variant.id), "input": { "maxDownloads": max_downloads, "urlValidDays": url_valid_days, "automaticFulfillment": True, "useDefaultSettings": False, }, } response = staff_api_client.post_graphql( query, variables, permissions=[permission_manage_products] ) content = get_graphql_content(response) assert content["data"]["digitalContentUpdate"]["errors"] errors = content["data"]["digitalContentUpdate"]["errors"] assert len(errors) == 1 assert errors[0]["field"] == "variantId" product_errors = content["data"]["digitalContentUpdate"]["productErrors"] assert product_errors[0]["code"] == ProductErrorCode.VARIANT_NO_DIGITAL_CONTENT.name
def test_query_name(user_api_client, site_settings): query = """ query { shop { name description } } """ response = user_api_client.post_graphql(query) content = get_graphql_content(response) data = content["data"]["shop"] assert data["description"] == site_settings.description assert data["name"] == site_settings.site.name
def test_webhook_create_by_staff_and_service_account( staff_api_client, app, permission_manage_webhooks, permission_manage_orders, ): query = WEBHOOK_CREATE_BY_STAFF app.permissions.add(permission_manage_orders) service_account_id = graphene.Node.to_global_id("ServiceAccount", app.pk) variables = { "target_url": "https://www.example.com", "events": [WebhookEventTypeEnum.ORDER_CREATED.name], "service_account": service_account_id, } staff_api_client.user.user_permissions.add(permission_manage_webhooks) response = staff_api_client.post_graphql(query, variables=variables) get_graphql_content(response) new_webhook = Webhook.objects.get() assert new_webhook.target_url == "https://www.example.com" assert new_webhook.app == app events = new_webhook.events.all() assert len(events) == 1 assert events[0].event_type == WebhookEventTypeEnum.ORDER_CREATED.value
def test_collection_image_query(user_api_client, collection, media_root): alt_text = "Alt text for an image." image_file, image_name = create_image() collection.background_image = image_file collection.background_image_alt = alt_text collection.save() collection_id = graphene.Node.to_global_id("Collection", collection.pk) variables = {"id": collection_id} response = user_api_client.post_graphql(FETCH_COLLECTION_QUERY, variables) content = get_graphql_content(response) data = content["data"]["collection"] thumbnail_url = collection.background_image.thumbnail["120x120"].url assert thumbnail_url in data["backgroundImage"]["url"] assert data["backgroundImage"]["alt"] == alt_text
def test_bulk_unpublish(staff_api_client, page_list, permission_manage_pages): assert all(page.is_published for page in page_list) variables = { "ids": [graphene.Node.to_global_id("Page", page.id) for page in page_list], "is_published": False, } response = staff_api_client.post_graphql( MUTATION_PUBLISH_PAGES, variables, permissions=[permission_manage_pages] ) content = get_graphql_content(response) page_list = Page.objects.filter(id__in=[page.pk for page in page_list]) assert content["data"]["pageBulkPublish"]["count"] == len(page_list) assert not any(page.is_published for page in page_list)
def test_retrieve_shop(api_client, count_queries): query = """ query getShop { shop { defaultCountry { code country } countries { country code } geolocalization { country { code country } } } } """ get_graphql_content(api_client.post_graphql(query))
def test_update_shipping_zone(staff_api_client, shipping_zone, permission_manage_shipping): name = "Parabolic name" shipping_id = graphene.Node.to_global_id("ShippingZone", shipping_zone.pk) variables = {"id": shipping_id, "name": name, "countries": []} response = staff_api_client.post_graphql( UPDATE_SHIPPING_ZONE_QUERY, variables, permissions=[permission_manage_shipping]) content = get_graphql_content(response) data = content["data"]["shippingZoneUpdate"] assert not data["shippingErrors"] data = content["data"]["shippingZoneUpdate"]["shippingZone"] assert data["name"] == name
def test_delete_staff_members_superuser_can_delete__out_of_scope_users( superuser_api_client, staff_users, permission_manage_staff, permission_manage_users, permission_manage_orders, ): """Ensure superuser can delete users when some users has wider scope of permissions. """ query = STAFF_BULK_DELETE_MUTATION groups = Group.objects.bulk_create([ Group(name="manage users"), Group(name="manage staff"), Group(name="manage orders and users"), ]) group1, group2, group3 = groups group1.permissions.add(permission_manage_users) group2.permissions.add(permission_manage_staff) group3.permissions.add(permission_manage_orders, permission_manage_users) staff_user, staff_user1, staff_user2 = staff_users staff_user3 = User.objects.create( email="*****@*****.**", password="******", is_staff=True, is_active=True, ) group1.user_set.add(staff_user1) group2.user_set.add(staff_user2, staff_user1, staff_user3) group3.user_set.add(staff_user1, staff_user3) staff_user.user_permissions.add(permission_manage_users, permission_manage_staff) variables = { "ids": [ graphene.Node.to_global_id("User", user.id) for user in [staff_user1, staff_user2] ] } response = superuser_api_client.post_graphql(query, variables) content = get_graphql_content(response) data = content["data"]["staffBulkDelete"] errors = data["staffErrors"] assert not errors assert data["count"] == 2 assert not User.objects.filter( id__in=[user.id for user in [staff_user1, staff_user2]]).exists()