def test_login_as_staff_as_staff(rf):
"""
Staff user 1 tries to impersonat staff user 2
"""
shop = get_default_shop()
staff_user1 = UserFactory(is_staff=True)
permission_group = get_default_permission_group()
staff_user1.groups.add(permission_group)
shop.staff_members.add(staff_user1)
staff_user2 = UserFactory(is_staff=True)
view_func = LoginAsStaffUserView.as_view()
request = apply_request_middleware(rf.post("/"), user=staff_user1)
with pytest.raises(PermissionDenied):
view_func(request, pk=staff_user2.pk)
set_permissions_for_group(permission_group, ["user.login-as-staff"])
response = view_func(request, pk=staff_user2.pk)
assert response["location"] == reverse("shuup_admin:dashboard")
assert get_user(request) == staff_user2
# Stop impersonating and since staff1 does not have user detail permission
# he/she should find him/herself from dashboard
response = stop_impersonating_staff(request)
assert response["location"] == reverse("shuup_admin:dashboard")
assert get_user(request) == staff_user1
response = stop_impersonating_staff(request)
assert response.status_code == 403
def test_api_permissions_admin_user(admin_user):
users = [admin_user, UserFactory(), UserFactory(), UserFactory(), UserFactory()]
get_default_shop()
viewset = UserViewSet()
client = _get_client(admin_user)
permission_key = make_permission_config_key(viewset)
# set API disabled
config.set(None, permission_key, PermissionLevel.DISABLED)
assert client.get("/api/shuup/user/").status_code == status.HTTP_403_FORBIDDEN
assert client.post("/api/shuup/user/", {"email": "*****@*****.**"}).status_code == status.HTTP_403_FORBIDDEN
# set API Public WRITE - access granted
config.set(None, permission_key, PermissionLevel.PUBLIC_WRITE)
response = client.get("/api/shuup/user/")
assert response.status_code == status.HTTP_200_OK
user_data = sorted(json.loads(response.content.decode("utf-8")), key=lambda u: u["id"])
for ix, user in enumerate(user_data):
assert users[ix].id == user["id"]
# DELETE data too
assert client.delete("/api/shuup/user/%d/" % users[-1].id).status_code == status.HTTP_204_NO_CONTENT
users.pop()
# set API Public READ - access granted
config.set(None, permission_key, PermissionLevel.PUBLIC_READ)
response = client.get("/api/shuup/user/")
assert response.status_code == status.HTTP_200_OK
user_data = sorted(json.loads(response.content.decode("utf-8")), key=lambda u: u["id"])
for ix, user in enumerate(user_data):
assert users[ix].id == user["id"]
# DELETE data - YES
assert client.delete("/api/shuup/user/%d/" % users[-1].id).status_code == status.HTTP_204_NO_CONTENT
users.pop()
# set API authenticated readonly - access only for readonly
config.set(None, permission_key, PermissionLevel.AUTHENTICATED_READ)
response = client.get("/api/shuup/user/")
assert response.status_code == status.HTTP_200_OK
user_data = sorted(json.loads(response.content.decode("utf-8")), key=lambda u: u["id"])
for ix, user in enumerate(user_data):
assert users[ix].id == user["id"]
assert client.delete("/api/shuup/user/%d/" % users[-1].id).status_code == status.HTTP_204_NO_CONTENT
users.pop()
# set API authenticated write - access granted
config.set(None, permission_key, PermissionLevel.AUTHENTICATED_WRITE)
assert client.get("/api/shuup/user/").status_code == status.HTTP_200_OK
assert client.delete("/api/shuup/user/%d/" % users[-1].id).status_code == status.HTTP_204_NO_CONTENT
users.pop()
# set API admin only - aaaww yess
config.set(None, permission_key, PermissionLevel.ADMIN)
assert client.get("/api/shuup/user/").status_code == status.HTTP_200_OK
assert client.delete("/api/shuup/user/%d/" % users[-1].id).status_code == status.HTTP_204_NO_CONTENT
# as we deleted all users, we have left with just one - us
get_user_model().objects.count() == 1
def test_api_permissions_authenticated_user():
users = [UserFactory(), UserFactory(), UserFactory()]
my_user = users[-1]
get_default_shop()
viewset = UserViewSet()
client = _get_client(my_user)
permission_key = make_permission_config_key(viewset)
# set API disabled
config.set(None, permission_key, PermissionLevel.DISABLED)
assert client.get("/api/test/user/").status_code == status.HTTP_403_FORBIDDEN
assert client.post("/api/test/user/", {"email": "*****@*****.**"}).status_code == status.HTTP_403_FORBIDDEN
# set API Public WRITE - access granted
config.set(None, permission_key, PermissionLevel.PUBLIC_WRITE)
response = client.get("/api/test/user/")
assert response.status_code == status.HTTP_200_OK
user_data = sorted(json.loads(response.content.decode("utf-8")), key=lambda u: u["id"])
for ix, user in enumerate(user_data):
assert users[ix].id == user["id"]
# DELETE data too
assert client.delete("/api/test/user/%d/" % users[-1].id).status_code == status.HTTP_204_NO_CONTENT
users.pop()
# set API Public READ - access granted
config.set(None, permission_key, PermissionLevel.PUBLIC_READ)
response = client.get("/api/test/user/")
assert response.status_code == status.HTTP_200_OK
user_data = sorted(json.loads(response.content.decode("utf-8")), key=lambda u: u["id"])
for ix, user in enumerate(user_data):
assert users[ix].id == user["id"]
# DELETE data - nope, not a safe method
assert client.delete("/api/test/user/%d/" % users[0].id).status_code == status.HTTP_403_FORBIDDEN
# set API authenticated readonly - access only for readonly
config.set(None, permission_key, PermissionLevel.AUTHENTICATED_READ)
response = client.get("/api/test/user/")
assert response.status_code == status.HTTP_200_OK
user_data = sorted(json.loads(response.content.decode("utf-8")), key=lambda u: u["id"])
for ix, user in enumerate(user_data):
assert users[ix].id == user["id"]
assert client.delete("/api/test/user/%d/" % users[0].id).status_code == status.HTTP_403_FORBIDDEN
# set API authenticated write - access granted
config.set(None, permission_key, PermissionLevel.AUTHENTICATED_WRITE)
assert client.get("/api/test/user/").status_code == status.HTTP_200_OK
assert client.delete("/api/test/user/%d/" % users[-1].id).status_code == status.HTTP_204_NO_CONTENT
users.pop()
# set API admin only - not a chance
config.set(None, permission_key, PermissionLevel.ADMIN)
assert client.get("/api/test/user/").status_code == status.HTTP_403_FORBIDDEN
assert client.delete("/api/test/user/%d/" % users[0].id).status_code == status.HTTP_403_FORBIDDEN
def test_get_by_pk(admin_user):
get_default_shop()
for i in range(0, 10):
UserFactory()
user = UserFactory()
client = _get_client(admin_user)
response = client.get("/api/shuup/user/%s/" % user.id)
assert response.status_code == status.HTTP_200_OK
user_data = json.loads(response.content.decode("utf-8"))
assert user_data.get("id") == user.id
assert user_data.get("username") == user.username
def test_api_permissions_anonymous():
users = [UserFactory(), UserFactory(), UserFactory(), UserFactory()]
get_default_shop()
viewset = UserViewSet()
client = _get_client()
permission_key = make_permission_config_key(viewset)
# set API disabled
config.set(None, permission_key, PermissionLevel.DISABLED)
assert client.get("/api/test/user/").status_code == status.HTTP_401_UNAUTHORIZED
assert client.post("/api/test/user/", {"email": "*****@*****.**"}).status_code == status.HTTP_401_UNAUTHORIZED
# set API Public WRITE - access granted
config.set(None, permission_key, PermissionLevel.PUBLIC_WRITE)
response = client.get("/api/test/user/")
assert response.status_code == status.HTTP_200_OK
user_data = sorted(json.loads(response.content.decode("utf-8")), key=lambda u: u["id"])
for ix, user in enumerate(user_data):
assert users[ix].id == user["id"]
# DELETE data too
assert client.delete("/api/test/user/%d/" % users[-1].id).status_code == status.HTTP_204_NO_CONTENT
users.pop()
# set API Public READ - access granted to read
config.set(None, permission_key, PermissionLevel.PUBLIC_READ)
response = client.get("/api/test/user/")
assert response.status_code == status.HTTP_200_OK
user_data = sorted(json.loads(response.content.decode("utf-8")), key=lambda u: u["id"])
for ix, user in enumerate(user_data):
assert users[ix].id == user["id"]
# DELETE data - nope, not a safe method
assert client.delete("/api/test/user/%d/" % users[-1].id).status_code == status.HTTP_401_UNAUTHORIZED
# set API authenticated readonly - no access
config.set(None, permission_key, PermissionLevel.AUTHENTICATED_READ)
assert client.get("/api/test/user/").status_code == status.HTTP_401_UNAUTHORIZED
assert client.delete("/api/test/user/%d/" % users[-1].id).status_code == status.HTTP_401_UNAUTHORIZED
# set API authenticated write - no access
config.set(None, permission_key, PermissionLevel.AUTHENTICATED_WRITE)
assert client.get("/api/test/user/").status_code == status.HTTP_401_UNAUTHORIZED
assert client.delete("/api/test/user/%d/" % users[-1].id).status_code == status.HTTP_401_UNAUTHORIZED
# set API admin only - not a chance
config.set(None, permission_key, PermissionLevel.ADMIN)
assert client.get("/api/test/user/").status_code == status.HTTP_401_UNAUTHORIZED
# Remove None values before posting data since posting None data is not cool
assert (
client.put("/api/test/user/", {k: v for k, v in user_data[0].items() if v is not None}).status_code
== status.HTTP_401_UNAUTHORIZED
)
def test_campaign_with_non_active_coupon(rf):
initial_status = get_initial_order_status()
request, shop, group = initialize_test(rf, include_tax=False)
order = _get_order_with_coupon(request, initial_status)
coupon = order.coupon_usages.first().coupon
coupon.active = False
coupon.save()
modifier = UserFactory()
contact = create_random_person(locale="en_US", minimum_name_comp_len=5)
assert order.customer != contact
state = _get_frontend_order_state(shop, contact)
assert order.shop.id == state["shop"]["selected"]["id"]
request = get_frontend_request_for_command(state, "finalize", modifier)
response = OrderEditView.as_view()(request, pk=order.pk)
assert_contains(response, "orderIdentifier")
data = json.loads(response.content.decode("utf8"))
edited_order = Order.objects.get(pk=order.pk)
assert edited_order.identifier == data[
"orderIdentifier"] == order.identifier
assert edited_order.pk == order.pk
assert edited_order.lines.count() == 3
assert OrderLineType.DISCOUNT not in [
l.type for l in edited_order.lines.all()
]
assert edited_order.coupon_usages.count() == 0
def test_login_as_requires_staff_member(rf, regular_user):
shop = get_default_shop()
staff_user = UserFactory(is_staff=True)
permission_group = get_default_permission_group()
staff_user.groups.add(permission_group)
def do_nothing(request, shop=None):
pass
def get_default(request):
return get_default_shop()
# Maybe some vendors and non marketplace staff members has access to admin module
with patch("shuup.admin.shop_provider.set_shop", side_effect=do_nothing):
with patch("shuup.admin.shop_provider.get_shop",
side_effect=get_default):
view_func = LoginAsUserView.as_view()
request = apply_request_middleware(rf.post("/"), user=staff_user)
# not staff member
with pytest.raises(PermissionDenied):
view_func(request, pk=regular_user.pk)
shop.staff_members.add(staff_user)
# no permission
with pytest.raises(PermissionDenied):
view_func(request, pk=regular_user.pk)
set_permissions_for_group(permission_group, ["user.login-as"])
response = view_func(request, pk=regular_user.pk)
assert response["location"] == reverse("shuup:index")
assert get_user(request) == regular_user
def test_get_by_email(admin_user):
get_default_shop()
for i in range(0, 10):
UserFactory()
user = UserFactory()
client = _get_client(admin_user)
response = client.get("/api/shuup/user/", data={"email": user.email})
assert response.status_code == status.HTTP_200_OK
user_data = json.loads(response.content.decode("utf-8"))
assert get_user_model().objects.filter(email=user.email).count() == len(user_data)
assert user_data[0].get("id") == user.id
assert user_data[0].get("email") == user.email
assert user_data[0].get("username") == user.username
def test_editing_existing_order(rf, admin_user):
modifier = UserFactory()
get_initial_order_status() # Needed for the API
contact = create_random_person(locale="en_US", minimum_name_comp_len=5)
state = get_frontend_order_state(contact=contact)
shop = get_default_shop()
order = create_empty_order(shop=shop)
order.payment_data = {"payment_data": True}
order.shipping_data = {"shipping_data": True}
order.extra_data = {"external_id": "123"}
order.save()
assert order.lines.count() == 0
assert order.pk is not None
assert order.modified_by == order.creator
request = get_frontend_request_for_command(state, "finalize", modifier)
response = OrderEditView.as_view()(request, pk=order.pk)
assert_contains(
response,
"orderIdentifier") # this checks for status codes as a side effect
data = json.loads(response.content.decode("utf8"))
edited_order = Order.objects.get(pk=order.pk) # Re fetch the initial order
# Check that identifiers has not changed
assert edited_order.identifier == data[
"orderIdentifier"] == order.identifier
assert edited_order.pk == order.pk
# Check that the product content is updated based on state
assert edited_order.lines.count() == 5
assert edited_order.customer == contact
# Check that product line have right taxes
for line in edited_order.lines.all():
if line.type == OrderLineType.PRODUCT:
assert [line_tax.tax.code
for line_tax in line.taxes.all()] == ["test_code"]
assert line.taxful_price.amount > line.taxless_price.amount
# Make sure order modification information is correct
assert edited_order.modified_by != order.modified_by
assert edited_order.modified_by == modifier
assert edited_order.modified_on > order.modified_on
# Make sure all non handled attributes is preserved from original order
assert edited_order.creator == order.creator
assert edited_order.ip_address == order.ip_address
assert edited_order.orderer == order.orderer
assert edited_order.customer_comment == order.customer_comment
assert edited_order.marketing_permission == order.marketing_permission
assert edited_order.order_date == order.order_date
assert edited_order.status == order.status
assert edited_order.payment_data == order.payment_data
assert edited_order.shipping_data == order.shipping_data
assert edited_order.extra_data == order.extra_data
def test_login_as_staff_without_front_url(rf, admin_user, regular_user):
get_default_shop()
staff_user = UserFactory(is_staff=True)
view_func = LoginAsStaffUserView.as_view()
request = apply_request_middleware(rf.post("/"), user=admin_user)
def get_none():
return None
with patch("shuup.admin.modules.users.views.detail.get_admin_url", side_effect=get_none):
with pytest.raises(Problem):
view_func(request, pk=staff_user.pk)
def test_get_telemetry_data_after_login(rf, admin_user):
get_default_shop()
# create users to ensure correct admin is found
UserFactory()
UserFactory()
data = json.loads(get_telemetry_data(rf.get("/")))
assert data.get("admin_user") == admin_user.email
assert not data.get("last_login")
client = SmartClient()
client.login(username="******", password="******")
data = json.loads(get_telemetry_data(rf.get("/")))
assert data.get("admin_user") == admin_user.email
last_login = data.get("last_login", None)
assert last_login
last_login_datetime = datetime.datetime.strptime(last_login, "%Y-%m-%dT%H:%M:%S.%fZ")
today = datetime.datetime.now()
assert last_login_datetime.year == today.year
assert last_login_datetime.month == today.month
assert last_login_datetime.day == today.day
def test_login_as_staff_user(rf, admin_user):
get_default_shop()
staff_user = UserFactory(is_staff=True)
view_func = LoginAsStaffUserView.as_view()
request = apply_request_middleware(rf.post("/"), user=admin_user)
context = dict(request=request)
assert get_logout_url(context) == "/sa/logout/"
response = view_func(request, pk=staff_user.pk)
assert response["location"] == reverse("shuup_admin:dashboard")
assert get_user(request) == staff_user
assert get_logout_url(context) == "/sa/stop-impersonating-staff/"
# Stop impersonating and since admin user have all access he should
# be in user detail for staff user
response = stop_impersonating_staff(request)
assert response["location"] == reverse("shuup_admin:user.detail", kwargs={"pk": staff_user.pk})
assert get_user(request) == admin_user
def test_login_as_user_errors(rf, admin_user, regular_user):
get_default_shop()
view_func = LoginAsUserView.as_view()
request = apply_request_middleware(rf.post("/"), user=regular_user)
# log in as self
with pytest.raises(Problem):
view_func(request, pk=regular_user.pk)
user = UserFactory()
get_person_contact(user)
# non superuser trying to login as someone else
with pytest.raises(PermissionDenied):
view_func(request, pk=user.pk)
request = apply_request_middleware(rf.post("/"), user=admin_user)
user.is_superuser = True
user.save()
# user is trying to login as another superuser
with pytest.raises(PermissionDenied):
view_func(request, pk=user.pk)
user.is_superuser = False
user.is_staff = True
user.save()
# user is trying to login as a staff user
with pytest.raises(PermissionDenied):
view_func(request, pk=user.pk)
user.is_staff = False
user.is_active = False
user.save()
# user is trying to login as an inactive user
with pytest.raises(Problem):
view_func(request, pk=user.pk)
def test_login_as_user_errors(rf, admin_user, regular_user):
get_default_shop()
view_func = LoginAsUserView.as_view()
request = apply_request_middleware(rf.post("/"), user=regular_user, skip_session=True)
# log in as self
with pytest.raises(Problem):
view_func(request, pk=regular_user.pk)
user = UserFactory()
get_person_contact(user)
# non superuser trying to login as someone else
with pytest.raises(PermissionDenied):
view_func(request, pk=user.pk)
request = apply_request_middleware(rf.post("/"), user=admin_user)
user.is_superuser = True
user.save()
# user is trying to login as another superuser
with pytest.raises(PermissionDenied):
view_func(request, pk=user.pk)
user.is_superuser = False
user.is_staff = True
user.save()
# user is trying to login as a staff user
with pytest.raises(PermissionDenied):
view_func(request, pk=user.pk)
user.is_staff = False
user.is_active = False
user.save()
# user is trying to login as an inactive user
with pytest.raises(Problem):
view_func(request, pk=user.pk)
def test_contact_filters(rf, admin_user):
shop = get_default_shop()
products_per_order = 5
request = rf.get('/')
request.shop = shop
apply_request_middleware(request)
product = get_default_product()
customer = get_person_contact(admin_user)
create_order(request, creator=admin_user, customer=customer, product=product)
order_one = Order.objects.first()
user = UserFactory()
second_customer = get_person_contact(user)
create_order(request, creator=admin_user, customer=second_customer, product=product)
order_two = Order.objects.first()
user = UserFactory()
user.is_staff = True
user.save()
create_order(request, creator=user, customer=second_customer, product=product)
order_three = Order.objects.first()
order_three.orderer = customer
order_three.save()
# test that admin user gets two orders as he created two
expected_taxful_total_price = order_one.taxful_total_price + order_two.taxful_total_price
expected_taxless_total_price = order_one.taxless_total_price + order_two.taxless_total_price
expected_order_count = 2
test_info = initialize_simple_report(SalesReport, data_overrides={"creator": [admin_user.pk]})
return_data = test_info.json_data.get("tables")[0].get("data")
_assert_expected_values(expected_order_count,
expected_taxful_total_price,
expected_taxless_total_price,
products_per_order,
return_data)
# test that new admin user gets one order
expected_taxful_total_price = order_three.taxful_total_price
expected_taxless_total_price = order_three.taxless_total_price
expected_order_count = 1
test_info = initialize_simple_report(SalesReport, data_overrides={"creator": [user.pk]})
return_data = test_info.json_data.get("tables")[0].get("data")
_assert_expected_values(expected_order_count,
expected_taxful_total_price,
expected_taxless_total_price,
products_per_order,
return_data)
# test that new admin user and second_customer gets one order
expected_taxful_total_price = order_three.taxful_total_price
expected_taxless_total_price = order_three.taxless_total_price
expected_order_count = 1
test_info = initialize_simple_report(SalesReport,
data_overrides={"creator": [user.pk], "customer": [second_customer.pk]})
return_data = test_info.json_data.get("tables")[0].get("data")
_assert_expected_values(expected_order_count,
expected_taxful_total_price,
expected_taxless_total_price,
products_per_order,
return_data)
# test that second_customer gets two orders
expected_taxful_total_price = order_three.taxful_total_price + order_two.taxful_total_price
expected_taxless_total_price = order_three.taxless_total_price + order_two.taxless_total_price
expected_order_count = 2
test_info = initialize_simple_report(SalesReport, data_overrides={"customer": [second_customer.pk]})
return_data = test_info.json_data.get("tables")[0].get("data")
_assert_expected_values(expected_order_count,
expected_taxful_total_price,
expected_taxless_total_price,
products_per_order,
return_data)
# test that second_customer gets two orders
expected_taxful_total_price = order_three.taxful_total_price
expected_taxless_total_price = order_three.taxless_total_price
expected_order_count = 1
test_info = initialize_simple_report(SalesReport,
data_overrides={"customer": [second_customer.pk], "orderer": [customer.pk]})
return_data = test_info.json_data.get("tables")[0].get("data")
_assert_expected_values(expected_order_count,
expected_taxful_total_price,
expected_taxless_total_price,
products_per_order,
return_data)
def test_contact_filters(rf, admin_user):
shop = get_default_shop()
products_per_order = 5
request = rf.get('/')
request.shop = shop
apply_request_middleware(request)
product = get_default_product()
customer = get_person_contact(admin_user)
create_order(request,
creator=admin_user,
customer=customer,
product=product)
order_one = Order.objects.first()
user = UserFactory()
second_customer = get_person_contact(user)
create_order(request,
creator=admin_user,
customer=second_customer,
product=product)
order_two = Order.objects.first()
user = UserFactory()
user.is_staff = True
user.save()
create_order(request,
creator=user,
customer=second_customer,
product=product)
order_three = Order.objects.first()
order_three.orderer = customer
order_three.save()
# test that admin user gets two orders as he created two
expected_taxful_total_price = order_one.taxful_total_price + order_two.taxful_total_price
expected_taxless_total_price = order_one.taxless_total_price + order_two.taxless_total_price
expected_order_count = 2
test_info = initialize_simple_report(
SalesReport, data_overrides={"creator": [admin_user.pk]})
return_data = test_info.json_data.get("tables")[0].get("data")
_assert_expected_values(expected_order_count, expected_taxful_total_price,
expected_taxless_total_price, products_per_order,
return_data)
# test that new admin user gets one order
expected_taxful_total_price = order_three.taxful_total_price
expected_taxless_total_price = order_three.taxless_total_price
expected_order_count = 1
test_info = initialize_simple_report(SalesReport,
data_overrides={"creator": [user.pk]})
return_data = test_info.json_data.get("tables")[0].get("data")
_assert_expected_values(expected_order_count, expected_taxful_total_price,
expected_taxless_total_price, products_per_order,
return_data)
# test that new admin user and second_customer gets one order
expected_taxful_total_price = order_three.taxful_total_price
expected_taxless_total_price = order_three.taxless_total_price
expected_order_count = 1
test_info = initialize_simple_report(SalesReport,
data_overrides={
"creator": [user.pk],
"customer": [second_customer.pk]
})
return_data = test_info.json_data.get("tables")[0].get("data")
_assert_expected_values(expected_order_count, expected_taxful_total_price,
expected_taxless_total_price, products_per_order,
return_data)
# test that second_customer gets two orders
expected_taxful_total_price = order_three.taxful_total_price + order_two.taxful_total_price
expected_taxless_total_price = order_three.taxless_total_price + order_two.taxless_total_price
expected_order_count = 2
test_info = initialize_simple_report(
SalesReport, data_overrides={"customer": [second_customer.pk]})
return_data = test_info.json_data.get("tables")[0].get("data")
_assert_expected_values(expected_order_count, expected_taxful_total_price,
expected_taxless_total_price, products_per_order,
return_data)
# test that second_customer gets two orders
expected_taxful_total_price = order_three.taxful_total_price
expected_taxless_total_price = order_three.taxless_total_price
expected_order_count = 1
test_info = initialize_simple_report(SalesReport,
data_overrides={
"customer": [second_customer.pk],
"orderer": [customer.pk]
})
return_data = test_info.json_data.get("tables")[0].get("data")
_assert_expected_values(expected_order_count, expected_taxful_total_price,
expected_taxless_total_price, products_per_order,
return_data)
def test_new_customers_report(rf, admin_user, group_by):
with override_provides(
"reports",
["shuup.default_reports.reports.new_customers:NewCustomersReport"]):
shop = get_default_shop()
person_creation_dates = [
datetime(2015, 1, 2),
datetime(2015, 1, 1),
datetime(2016, 2, 2),
]
# create person with NO user
for creation_date in person_creation_dates:
person = create_random_person()
person.created_on = creation_date
person.save()
user_person_creation_dates = [
datetime(2015, 3, 3),
datetime(2015, 3, 3),
datetime(2015, 4, 4),
datetime(2016, 5, 5),
datetime(2016, 6, 6),
datetime(2016, 7, 7),
]
# create person with users
for creation_date in user_person_creation_dates:
person = create_random_person()
person.user = UserFactory()
person.created_on = creation_date
person.save()
company_creation_dates = [
datetime(2015, 1, 1),
datetime(2015, 8, 8),
datetime(2015, 9, 9),
]
# create company contacts
for creation_date in company_creation_dates:
company = CompanyFactory()
company.created_on = creation_date
company.save()
data = {
"report": NewCustomersReport.get_name(),
"shop": shop.pk,
"date_range": DateRangeChoices.ALL_TIME.value,
"writer": "json",
"force_download": 1,
"group_by": group_by
}
view = ReportView.as_view()
request = apply_request_middleware(rf.post("/", data=data),
user=admin_user)
response = view(request)
if hasattr(response, "render"):
response.render()
assert response.status_code == 200
json_data = json.loads(response.content.decode("utf-8"))
assert force_text(NewCustomersReport.title) in json_data.get("heading")
data = json_data["tables"][0]["data"]
if group_by == "%Y":
assert len(data) == 3
assert data[0]["date"] == "2015"
assert int(data[0]["personcontact"]) == 5
assert int(data[0]["companycontact"]) == 3
assert int(data[0]["users"]) == 3
assert data[1]["date"] == "2016"
assert int(data[1]["personcontact"]) == 4
assert int(data[1]["companycontact"]) == 0
assert int(data[1]["users"]) == 3
elif group_by == "%Y-%m":
assert len(data) == 10
assert data[0]["date"] == "2015-01"
assert int(data[0]["personcontact"]) == 2
assert int(data[0]["companycontact"]) == 1
assert int(data[0]["users"]) == 0
assert data[1]["date"] == "2015-03"
assert int(data[1]["personcontact"]) == 2
assert int(data[1]["companycontact"]) == 0
assert int(data[1]["users"]) == 2
assert data[2]["date"] == "2015-04"
assert int(data[2]["personcontact"]) == 1
assert int(data[2]["companycontact"]) == 0
assert int(data[2]["users"]) == 1
assert data[3]["date"] == "2015-08"
assert int(data[3]["personcontact"]) == 0
assert int(data[3]["companycontact"]) == 1
assert int(data[3]["users"]) == 0
assert data[4]["date"] == "2015-09"
assert int(data[4]["personcontact"]) == 0
assert int(data[4]["companycontact"]) == 1
assert int(data[4]["users"]) == 0
assert data[5]["date"] == "2016-02"
assert int(data[5]["personcontact"]) == 1
assert int(data[5]["companycontact"]) == 0
assert int(data[5]["users"]) == 0
assert data[6]["date"] == "2016-05"
assert int(data[6]["personcontact"]) == 1
assert int(data[6]["companycontact"]) == 0
assert int(data[6]["users"]) == 1
assert data[7]["date"] == "2016-06"
assert int(data[7]["personcontact"]) == 1
assert int(data[7]["companycontact"]) == 0
assert int(data[7]["users"]) == 1
assert data[8]["date"] == "2016-07"
assert int(data[8]["personcontact"]) == 1
assert int(data[8]["companycontact"]) == 0
assert int(data[8]["users"]) == 1
elif group_by == "%Y-%m-%d":
assert len(data) == 11
assert data[0]["date"] == "2015-01-01"
assert int(data[0]["personcontact"]) == 1
assert int(data[0]["companycontact"]) == 1
assert int(data[0]["users"]) == 0
assert data[1]["date"] == "2015-01-02"
assert int(data[1]["personcontact"]) == 1
assert int(data[1]["companycontact"]) == 0
assert int(data[1]["users"]) == 0
assert data[2]["date"] == "2015-03-03"
assert int(data[2]["personcontact"]) == 2
assert int(data[2]["companycontact"]) == 0
assert int(data[2]["users"]) == 2
assert data[3]["date"] == "2015-04-04"
assert int(data[3]["personcontact"]) == 1
assert int(data[3]["companycontact"]) == 0
assert int(data[3]["users"]) == 1
assert data[4]["date"] == "2015-08-08"
assert int(data[4]["personcontact"]) == 0
assert int(data[4]["companycontact"]) == 1
assert int(data[4]["users"]) == 0
assert data[5]["date"] == "2015-09-09"
assert int(data[5]["personcontact"]) == 0
assert int(data[5]["companycontact"]) == 1
assert int(data[5]["users"]) == 0
assert data[6]["date"] == "2016-02-02"
assert int(data[6]["personcontact"]) == 1
assert int(data[6]["companycontact"]) == 0
assert int(data[6]["users"]) == 0
assert data[7]["date"] == "2016-05-05"
assert int(data[7]["personcontact"]) == 1
assert int(data[7]["companycontact"]) == 0
assert int(data[7]["users"]) == 1
assert data[8]["date"] == "2016-06-06"
assert int(data[8]["personcontact"]) == 1
assert int(data[8]["companycontact"]) == 0
assert int(data[8]["users"]) == 1
assert data[9]["date"] == "2016-07-07"
assert int(data[9]["personcontact"]) == 1
assert int(data[9]["companycontact"]) == 0
assert int(data[9]["users"]) == 1
def test_login_as_staff_member(rf):
shop = get_default_shop()
staff_user = UserFactory(is_staff=True)
permission_group = get_default_permission_group()
staff_user.groups.add(permission_group)
shop.staff_members.add(staff_user)
view_func = LoginAsUserView.as_view()
request = apply_request_middleware(rf.post("/"),
user=staff_user,
skip_session=True)
# log in as self
with pytest.raises(Problem):
view_func(request, pk=staff_user.pk)
user = UserFactory()
get_person_contact(user)
request = apply_request_middleware(rf.post("/"), user=staff_user)
user.is_superuser = True
user.save()
# user is trying to login as another superuser
with pytest.raises(PermissionDenied):
view_func(request, pk=user.pk)
user.is_superuser = False
user.is_staff = True
user.save()
# user is trying to login as a staff user
with pytest.raises(PermissionDenied):
view_func(request, pk=user.pk)
user.is_staff = False
user.is_active = False
user.save()
# user is trying to login as an inactive user
with pytest.raises(Problem):
view_func(request, pk=user.pk)
user.is_active = True
user.save()
# staff user without "user.login-as" permission trying to login as valid user
with pytest.raises(PermissionDenied):
view_func(request, pk=user.pk)
permission_group = staff_user.groups.first()
set_permissions_for_group(permission_group, ["user.login-as"])
response = view_func(request, pk=user.pk)
assert response["location"] == reverse("shuup:index")
assert get_user(request) == user
