def test_no_access_to_questionnaire_api_for_anonymous(): questionnaire = factories.QuestionnaireFactory() # retrieve is never allowed response = utils.get_resource_without_login(client, 'questionnaire', questionnaire.id) assert response.status_code == 403 # update payload = make_update_payload(questionnaire) response = utils.update_resource_without_login(client, 'questionnaire', payload) assert response.status_code == 403 # delete is never allowed response = utils.delete_resource_without_login(client, 'questionnaire', questionnaire.id) assert response.status_code == 403 # create clear_saved_data() payload = make_create_payload(questionnaire.control.id) response = utils.create_resource_without_login(client, 'questionnaire', payload) assert response.status_code == 403 assert_no_data_is_saved()
def test_cannot_get_control_for_anonymous(): control = factories.ControlFactory() response = utils.get_resource_without_login(client, 'control', control.id) assert response.status_code == 403
def test_no_access_to_question_api_for_anonymous(): question = factories.QuestionFactory() response = utils.get_resource_without_login(client, 'question', question.id) assert response.status_code == 403
def test_cannot_get_response_file_if_user_not_logged_in(): response_file = factories.ResponseFileFactory() response = utils.get_resource_without_login(client, 'response-file', response_file.id) assert response.status_code == 403
def test_no_access_to_theme_api_for_anonymous(): theme = factories.ThemeFactory() response = utils.get_resource_without_login(client, 'theme', theme.id) assert response.status_code == 403