Exemple #1
0
def test_rs_create_permissions(client):
    creator = get_rs_creator()
    # Creators should be able to get the create view
    response = get_view_for_user(viewname="reader-studies:create",
                                 client=client,
                                 user=creator)
    assert response.status_code == 200

    # Normal users should have permission denied
    u = UserFactory()
    response = get_view_for_user(viewname="reader-studies:create",
                                 client=client,
                                 user=u)
    assert response.status_code == 403
Exemple #2
0
def test_rs_list_permissions(client):
    # Users should login
    response = get_view_for_user(viewname="reader-studies:list", client=client)
    assert response.status_code == 200
    assert "Add a new reader study" not in response.rendered_content

    creator = get_rs_creator()

    # Creators should be able to see the create button
    response = get_view_for_user(viewname="reader-studies:list",
                                 client=client,
                                 user=creator)
    assert response.status_code == 200
    assert "Add a new reader study" in response.rendered_content

    rs1, rs2 = ReaderStudyFactory(use_display_sets=False), ReaderStudyFactory(
        use_display_sets=False)
    reader1 = UserFactory()

    # Readers should only be able to see the studies they have access to
    response = get_view_for_user(viewname="reader-studies:list",
                                 client=client,
                                 user=reader1)
    assert response.status_code == 200
    assert "Add a new reader study" not in response.rendered_content
    assert rs1.slug not in response.rendered_content
    assert rs2.slug not in response.rendered_content

    rs1.add_reader(user=reader1)

    response = get_view_for_user(viewname="reader-studies:list",
                                 client=client,
                                 user=reader1)
    assert response.status_code == 200
    assert "Add a new reader study" not in response.rendered_content
    assert rs1.slug in response.rendered_content
    assert rs2.slug not in response.rendered_content

    editor2 = UserFactory()
    rs2.add_editor(user=editor2)

    # Editors should only be able to see the studies that they have access to
    response = get_view_for_user(viewname="reader-studies:list",
                                 client=client,
                                 user=editor2)
    assert response.status_code == 200
    assert "Add a new reader study" not in response.rendered_content
    assert rs1.slug not in response.rendered_content
    assert rs2.slug in response.rendered_content
def test_reader_study_create(client, uploaded_image):
    # The study creator should automatically get added to the editors group
    creator = get_rs_creator()
    ws = WorkstationFactory()

    def try_create_rs(allow_case_navigation):
        return get_view_for_user(
            viewname="reader-studies:create",
            client=client,
            method=client.post,
            data={
                "title": "foo bar",
                "logo": uploaded_image(),
                "workstation": ws.pk,
                "allow_answer_modification": True,
                "allow_case_navigation": allow_case_navigation,
            },
            follow=True,
            user=creator,
        )

    response = try_create_rs(False)
    assert "error_1_id_workstation" in response.rendered_content

    # The editor must have view permissions for the workstation to add it
    ws.add_user(user=creator)

    response = try_create_rs(False)
    assert "error_1_id_workstation" not in response.rendered_content
    assert (
        "`allow_case_navigation` must be checked if `allow_answer_modification` is"
        in response.rendered_content
    )

    response = try_create_rs(True)
    assert "error_1_id_workstation" not in response.rendered_content
    assert (
        "`allow_case_navigation` must be checked if `allow_answer_modification` is"
        not in response.rendered_content
    )
    assert response.status_code == 200

    rs = ReaderStudy.objects.get(title="foo bar")

    assert rs.slug == "foo-bar"
    assert rs.is_editor(user=creator)
    assert not rs.is_reader(user=creator)
    assert is_following(user=creator, obj=rs)
def test_rs_create_permissions(client):
    # Users should login
    response = get_view_for_user(viewname="reader-studies:list", client=client)
    assert response.status_code == 302
    assert response.url.startswith(settings.LOGIN_URL)

    creator = get_rs_creator()

    # Creators should be able to get the create view
    response = get_view_for_user(viewname="reader-studies:create",
                                 client=client,
                                 user=creator)
    assert response.status_code == 200

    # Normal users should have permission denied
    u = UserFactory()
    response = get_view_for_user(viewname="reader-studies:create",
                                 client=client,
                                 user=u)
    assert response.status_code == 403
Exemple #5
0
def test_reader_study_create(client, uploaded_image):
    # The study creator should automatically get added to the editors group
    creator = get_rs_creator()
    ws = WorkstationFactory()

    def try_create_rs(
        allow_case_navigation=False,
        shuffle_hanging_list=False,
        roll_over_answers_for_n_cases=0,
    ):
        return get_view_for_user(
            viewname="reader-studies:create",
            client=client,
            method=client.post,
            data={
                "title": "foo bar",
                "logo": uploaded_image(),
                "workstation": ws.pk,
                "allow_answer_modification": True,
                "shuffle_hanging_list": shuffle_hanging_list,
                "allow_case_navigation": allow_case_navigation,
                "access_request_handling": AccessRequestHandlingOptions.MANUAL_REVIEW,
                "roll_over_answers_for_n_cases": roll_over_answers_for_n_cases,
            },
            follow=True,
            user=creator,
        )

    response = try_create_rs()
    assert "error_1_id_workstation" in response.rendered_content

    # The editor must have view permissions for the workstation to add it
    ws.add_user(user=creator)

    roll_over_error = "Rolling over answers should not be used together with case navigation or shuffling of the hanging list"
    for navigation, shuffle in [(True, True), (True, False), (False, True)]:
        response = try_create_rs(
            allow_case_navigation=navigation,
            shuffle_hanging_list=shuffle,
            roll_over_answers_for_n_cases=1,
        )
        assert "error_1_id_workstation" not in response.rendered_content
        assert roll_over_error in response.rendered_content

    response = try_create_rs(roll_over_answers_for_n_cases=1)
    assert "error_1_id_workstation" not in response.rendered_content
    assert roll_over_error not in response.rendered_content
    assert response.status_code == 200

    case_navigation_error = (
        "Case navigation is required when answer modification is allowed"
    )
    response = try_create_rs(allow_case_navigation=False)
    assert "error_1_id_workstation" not in response.rendered_content
    assert case_navigation_error in response.rendered_content

    response = try_create_rs(allow_case_navigation=True)
    assert "error_1_id_workstation" not in response.rendered_content
    assert case_navigation_error not in response.rendered_content
    assert response.status_code == 200

    rs = ReaderStudy.objects.get(title="foo bar")

    assert rs.slug == "foo-bar"
    assert rs.is_editor(user=creator)
    assert not rs.is_reader(user=creator)
    assert is_following(user=creator, obj=rs)