def test_rs_detail_view_permissions(client): rs_set = TwoReaderStudies() tests = ( (None, rs_set.rs1, 302), (None, rs_set.rs2, 302), (rs_set.creator, rs_set.rs1, 302), (rs_set.creator, rs_set.rs2, 302), (rs_set.editor1, rs_set.rs1, 200), (rs_set.editor1, rs_set.rs2, 302), (rs_set.reader1, rs_set.rs1, 200), (rs_set.reader1, rs_set.rs2, 302), (rs_set.editor2, rs_set.rs1, 302), (rs_set.editor2, rs_set.rs2, 200), (rs_set.reader2, rs_set.rs1, 302), (rs_set.reader2, rs_set.rs2, 200), (rs_set.u, rs_set.rs1, 302), (rs_set.u, rs_set.rs2, 302), ) for test in tests: response = get_view_for_user(url=test[1].get_absolute_url(), client=client, user=test[0]) assert response.status_code == test[2] if response.status_code == 302 and test[0] is not None: assert response.url == reverse( "reader-studies:permission-request-create", kwargs={"slug": test[1].slug}, )
def test_answer_creator_is_reader(client): rs_set = TwoReaderStudies() im = ImageFactory() rs_set.rs1.images.add(im) q = QuestionFactory(reader_study=rs_set.rs1, answer_type=Question.AnswerType.BOOL) tests = ( (rs_set.editor1, 201), (rs_set.reader1, 201), (rs_set.editor2, 400), (rs_set.reader2, 400), (rs_set.u, 400), ) for test in tests: response = get_view_for_user( viewname="api:reader-studies-answer-list", user=test[0], client=client, method=client.post, data={ "answer": True, "images": [im.api_url], "question": q.api_url, }, content_type="application/json", ) assert response.status_code == test[1]
def test_api_rs_answer_detail_permissions(client): rs_set = TwoReaderStudies() q1 = QuestionFactory(reader_study=rs_set.rs1) reader11 = UserFactory() rs_set.rs1.add_reader(reader11) a1 = AnswerFactory(question=q1, creator=rs_set.reader1, answer="") tests = ( (None, 401), (rs_set.creator, 404), (rs_set.editor1, 200), (rs_set.reader1, 200), (reader11, 404), (rs_set.editor2, 404), (rs_set.reader2, 404), (rs_set.u, 404), ) for test in tests: response = get_view_for_user( viewname="api:reader-studies-answer-detail", reverse_kwargs={"pk": a1.pk}, client=client, user=test[0], content_type="application/json", ) assert response.status_code == test[1]
def test_api_rs_list_permissions(client): rs_set = TwoReaderStudies() tests = ( (None, 401, []), (rs_set.creator, 200, []), (rs_set.editor1, 200, [rs_set.rs1.pk]), (rs_set.reader1, 200, [rs_set.rs1.pk]), (rs_set.editor2, 200, [rs_set.rs2.pk]), (rs_set.reader2, 200, [rs_set.rs2.pk]), (rs_set.u, 200, []), ) for test in tests: response = get_view_for_user( viewname="api:reader-study-list", client=client, user=test[0], content_type="application/json", ) assert response.status_code == test[1] if test[1] != 401: # We provided auth details and get a response assert response.json()["count"] == len(test[2]) pks = [obj["pk"] for obj in response.json()["results"]] for pk in test[2]: assert str(pk) in pks
def test_api_rs_question_list_permissions(client): rs_set = TwoReaderStudies() q1, q2 = ( QuestionFactory(reader_study=rs_set.rs1), QuestionFactory(reader_study=rs_set.rs2), ) tests = ( (None, 200, []), (rs_set.creator, 200, []), (rs_set.editor1, 200, [q1.pk]), (rs_set.reader1, 200, [q1.pk]), (rs_set.editor2, 200, [q2.pk]), (rs_set.reader2, 200, [q2.pk]), (rs_set.u, 200, []), ) for test in tests: response = get_view_for_user( viewname="api:reader-studies-question-list", client=client, user=test[0], content_type="application/json", ) assert response.status_code == test[1] assert response.json()["count"] == len(test[2]) pks = {obj["pk"] for obj in response.json()["results"]} assert {str(pk) for pk in test[2]} == pks
def test_api_rs_patch_permissions(client): rs_set = TwoReaderStudies() tests = ( (None, 401), (rs_set.creator, 404), (rs_set.editor1, 200), (rs_set.reader1, 403), (rs_set.editor2, 404), (rs_set.reader2, 404), (rs_set.u, 404), ) for test in tests: response = get_view_for_user( viewname="api:reader-study-generate-hanging-list", client=client, method=client.patch, data={}, user=test[0], content_type="application/json", reverse_kwargs={"pk": rs_set.rs1.pk}, ) assert response.status_code == test[1] if test[1] == 200: # We provided auth details and get a response assert response.json()["status"] == "Hanging list generated."
def test_rs_edit_view_permissions(client, view_name): rs_set = TwoReaderStudies() tests = ( (None, rs_set.rs1, 302), (None, rs_set.rs2, 302), (rs_set.creator, rs_set.rs1, 403), (rs_set.creator, rs_set.rs2, 403), (rs_set.editor1, rs_set.rs1, 200), (rs_set.editor1, rs_set.rs2, 403), (rs_set.reader1, rs_set.rs1, 403), (rs_set.reader1, rs_set.rs2, 403), (rs_set.editor2, rs_set.rs1, 403), (rs_set.editor2, rs_set.rs2, 200), (rs_set.reader2, rs_set.rs1, 403), (rs_set.reader2, rs_set.rs2, 403), (rs_set.u, rs_set.rs1, 403), (rs_set.u, rs_set.rs2, 403), ) for test in tests: response = get_view_for_user( viewname=f"reader-studies:{view_name}", client=client, user=test[0], reverse_kwargs={"slug": test[1].slug}, ) assert response.status_code == test[2]
def test_image_port_only_with_bounding_box( client, answer_type, port, questions_created ): # The image_port should only be set when using a bounding box rs_set = TwoReaderStudies() assert Question.objects.all().count() == 0 response = get_view_for_user( viewname="reader-studies:add-question", client=client, method=client.post, data={ "question_text": "What?", "answer_type": answer_type, "order": 1, "image_port": port, "direction": "H", "options-TOTAL_FORMS": 2, "options-INITIAL_FORMS": 1, "options-MIN_NUM_FORMS": 0, "options-MAX_NUM_FORMS": 1000, }, reverse_kwargs={"slug": rs_set.rs1.slug}, user=rs_set.editor1, ) if questions_created == 1: assert response.status_code == 302 else: assert response.status_code == 200 assert Question.objects.all().count() == questions_created
def test_rs_detail_view_permissions(client): rs_set = TwoReaderStudies() tests = ( (None, rs_set.rs1, 302), (None, rs_set.rs2, 302), (rs_set.creator, rs_set.rs1, 403), (rs_set.creator, rs_set.rs2, 403), (rs_set.editor1, rs_set.rs1, 200), (rs_set.editor1, rs_set.rs2, 403), (rs_set.reader1, rs_set.rs1, 200), (rs_set.reader1, rs_set.rs2, 403), (rs_set.editor2, rs_set.rs1, 403), (rs_set.editor2, rs_set.rs2, 200), (rs_set.reader2, rs_set.rs1, 403), (rs_set.reader2, rs_set.rs2, 200), (rs_set.u, rs_set.rs1, 403), (rs_set.u, rs_set.rs2, 403), ) for test in tests: response = get_view_for_user(url=test[1].get_absolute_url(), client=client, user=test[0]) assert response.status_code == test[2]
def test_api_rs_answer_mine_list_permissions(client): """ For the "mine" endpoint the list should be filtered by the users own answers """ rs_set = TwoReaderStudies() q1, q2 = ( QuestionFactory(reader_study=rs_set.rs1), QuestionFactory(reader_study=rs_set.rs2), ) reader11 = UserFactory() rs_set.rs1.add_reader(reader11) a1, a11, a2 = ( AnswerFactory(question=q1, creator=rs_set.reader1, answer=""), AnswerFactory(question=q1, creator=reader11, answer=""), AnswerFactory(question=q2, creator=rs_set.reader2, answer=""), ) tests = ( (None, 401, []), (rs_set.creator, 200, []), (rs_set.editor1, 200, []), (rs_set.reader1, 200, [a1.pk]), (reader11, 200, [a11.pk]), (rs_set.editor2, 200, []), (rs_set.reader2, 200, [a2.pk]), (rs_set.u, 200, []), ) for test in tests: response = get_view_for_user( viewname="api:reader-studies-answer-mine", client=client, user=test[0], content_type="application/json", ) assert response.status_code == test[1] if test[1] != 401: # We provided auth details and get a response assert response.json()["count"] == len(test[2]) pks = [obj["pk"] for obj in response.json()["results"]] for pk in test[2]: assert str(pk) in pks
def test_user_autocomplete_permissions(client): rs_set = TwoReaderStudies() tests = ( (None, 302), (rs_set.creator, 403), (rs_set.editor1, 200), (rs_set.reader1, 403), (rs_set.editor2, 200), (rs_set.reader2, 403), (rs_set.u, 403), ) for test in tests: response = get_view_for_user( viewname="reader-studies:users-autocomplete", client=client, user=test[0], ) assert response.status_code == test[1]
def test_question_create(client): rs_set = TwoReaderStudies() tests = ( (None, 0, 302), (rs_set.editor1, 1, 302), (rs_set.reader1, 0, 403), (rs_set.editor2, 0, 403), (rs_set.reader2, 0, 403), (rs_set.u, 0, 403), ) for test in tests: response = get_view_for_user( viewname="reader-studies:add-question", client=client, method=client.post, data={ "question_text": "What?", "answer_type": "STXT", "order": 1, "image_port": "", "direction": "H", "options-TOTAL_FORMS": 2, "options-INITIAL_FORMS": 1, "options-MIN_NUM_FORMS": 0, "options-MAX_NUM_FORMS": 1000, }, reverse_kwargs={"slug": rs_set.rs1.slug}, user=test[0], ) assert response.status_code == test[2] qs = Question.objects.all() assert len(qs) == test[1] if test[1] > 0: question = qs[0] assert question.reader_study == rs_set.rs1 assert question.question_text == "What?" question.delete()
def test_api_rs_detail_permissions(client): rs_set = TwoReaderStudies() tests = ( (None, 401), (rs_set.creator, 404), (rs_set.editor1, 200), (rs_set.reader1, 200), (rs_set.editor2, 404), (rs_set.reader2, 404), (rs_set.u, 404), ) for test in tests: response = get_view_for_user( viewname="api:reader-study-detail", reverse_kwargs={"pk": rs_set.rs1.pk}, client=client, user=test[0], content_type="application/json", ) assert response.status_code == test[1]
def test_reader_can_download_images(client, reverse): rs_set = TwoReaderStudies() im1, im2, im3, im4 = ( ImageFactory(), ImageFactory(), ImageFactory(), ImageFactory(), ) if reverse: for im in [im1, im2, im3, im4]: im.readerstudies.add(rs_set.rs1, rs_set.rs2) for im in [im3, im4]: im.readerstudies.remove(rs_set.rs1, rs_set.rs2) for im in [im1, im2]: im.readerstudies.remove(rs_set.rs2) else: # Test that adding images works rs_set.rs1.images.add(im1, im2, im3, im4) # Test that removing images works rs_set.rs1.images.remove(im3, im4) tests = ( (None, 200, []), (rs_set.creator, 200, []), (rs_set.editor1, 200, []), (rs_set.reader1, 200, [im1.pk, im2.pk]), (rs_set.editor2, 200, []), (rs_set.reader2, 200, []), (rs_set.u, 200, []), ) for test in tests: response = get_view_for_user( viewname="api:image-list", client=client, user=test[0], content_type="application/json", ) assert response.status_code == test[1] assert response.json()["count"] == len(test[2]) pks = {obj["pk"] for obj in response.json()["results"]} assert {str(pk) for pk in test[2]} == pks # Test clearing if reverse: im1.readerstudies.clear() im2.readerstudies.clear() else: rs_set.rs1.images.clear() response = get_view_for_user( viewname="api:image-list", client=client, user=rs_set.reader1, content_type="application/json", ) assert response.status_code == 200 assert response.json()["count"] == 0