def test_editor_can_transfer_rights():
control = factories.ControlFactory()
user = utils.make_inspector_user(control, assign_questionnaire_editor=False)
other_user = utils.make_inspector_user(control, assign_questionnaire_editor=False)
questionnaire = factories.QuestionnaireFactory(control=control, is_draft=True, editor=user)
assert_questionnaire_has_editor(questionnaire, user)
response = call_api(user, questionnaire.id, other_user.id)
assert response.status_code == 200
assert_questionnaire_has_editor(questionnaire, other_user)
def test_questionnaire_draft_update__non_author_cannot_update():
increment_ids()
# Create questionnaire draft through api, to set the author properly.
control = factories.ControlFactory()
user = utils.make_inspector_user(control)
questionnaire = create_questionnaire_through_api(user, control)
non_author = utils.make_inspector_user(control)
payload = questionnaire
payload['description'] = 'this is a great questionnaire.'
response = update_questionnaire(non_author, payload)
assert 400 <= response.status_code < 500
def test_cannot_get_users_of_neigboring_control():
# testing for a specific bug we had.
control_1 = factories.ControlFactory()
inspector_1 = utils.make_inspector_user(control_1)
control_2 = factories.ControlFactory()
inspector_2 = utils.make_inspector_user(control_2)
inspector_2.profile.controls.add(control_1)
# control_2 is unknown to inspector_1.
# inspector_2 is known to inspector_1/
# So inspector_1 should not be able to get info on control_2.
assert get_users_of_control(inspector_1, control_2).status_code == 404
def run_test_questionnaire_update__theme_create(added_theme):
increment_ids()
theme = factories.ThemeFactory()
questionnaire = theme.questionnaire
user = utils.make_inspector_user(questionnaire.control)
payload = make_update_payload(questionnaire)
payload['themes'].append(added_theme)
assert Questionnaire.objects.all().count() == 1
assert Theme.objects.all().count() == 1
response = update_questionnaire(user, payload)
assert response.status_code == 200
# data is saved
assert Questionnaire.objects.all().count() == 1
saved_qr = Questionnaire.objects.get(id=questionnaire.id)
assert saved_qr == questionnaire
assert Theme.objects.all().count() == 2
new_theme = Theme.objects.last()
assert new_theme.title == payload['themes'][1]['title']
assert new_theme.questionnaire == saved_qr
# Response data is filled in
assert len(response.data['themes']) == 2
assert response.data['themes'][1]['title'] == payload['themes'][1]['title']
def test_questionnaire_update__question_delete():
increment_ids()
question = factories.QuestionFactory()
theme = question.theme
questionnaire = theme.questionnaire
user = utils.make_inspector_user(questionnaire.control)
payload = make_update_payload(questionnaire)
payload['themes'][0]['questions'] = []
assert Questionnaire.objects.all().count() == 1
assert Theme.objects.all().count() == 1
assert Question.objects.all().count() == 1
response = update_questionnaire(user, payload)
assert response.status_code == 200
# data is saved
assert Questionnaire.objects.all().count() == 1
assert Theme.objects.all().count() == 1
assert Question.objects.all().count() == 0
# Response data is filled in
assert len(response.data['themes'][0].get('questions', [])) == 0
def test_questionnaire_update__theme_update():
increment_ids()
theme = factories.ThemeFactory()
questionnaire = theme.questionnaire
user = utils.make_inspector_user(questionnaire.control)
payload = make_update_payload(questionnaire)
payload['themes'][0]['title'] = 'this is a great theme.'
assert Questionnaire.objects.all().count() == 1
assert Theme.objects.all().count() == 1
assert payload['themes'][0]['title'] != theme.title
response = update_questionnaire(user, payload)
assert response.status_code == 200
# data is saved
assert Questionnaire.objects.all().count() == 1
saved_qr = Questionnaire.objects.get(id=questionnaire.id)
assert saved_qr == questionnaire
assert Theme.objects.all().count() == 1
saved_theme = Theme.objects.get(id=theme.id)
assert saved_theme.title != theme.title
assert saved_theme.title == payload['themes'][0]['title']
# Response data is filled in
assert len(response.data['themes']) == 1
assert response.data['themes'][0]['title'] == payload['themes'][0]['title']
def test_can_access_questionnaire_api_if_control_is_associated_with_the_user():
questionnaire = factories.QuestionnaireFactory()
# create
inspector_user = utils.make_inspector_user(questionnaire.control)
payload = make_create_payload(questionnaire.control.id)
assert create_questionnaire(inspector_user, payload).status_code == 201
def run_test_questionnaire_update__theme_recreated(modify_payload_func):
increment_ids()
question = factories.QuestionFactory()
theme = question.theme
questionnaire = theme.questionnaire
user = utils.make_inspector_user(questionnaire.control)
payload = make_update_payload(questionnaire)
original_id = payload['themes'][0]['id']
modify_payload_func(payload)
assert Questionnaire.objects.all().count() == 1
assert Theme.objects.all().count() == 1
assert Question.objects.all().count() == 1
response = update_questionnaire(user, payload)
assert response.status_code == 200
# data is saved
assert Questionnaire.objects.all().count() == 1
assert Theme.objects.all().count() == 1
assert Question.objects.all().count() == 1
# Original theme was deleted
assert Theme.objects.all().last().id != original_id
# Response data is filled in
assert len(response.data.get('themes', [])) == 1
assert len(response.data['themes'][0].get('questions', [])) == 1
def test_can_get_users_of_control_if_control_belongs_to_user():
control = factories.ControlFactory()
inspector = utils.make_inspector_user(control)
audited = utils.make_audited_user(control)
assert get_users_of_control(inspector, control).status_code == 200
assert get_users_of_control(audited, control).status_code == 200
def test_inspector_cannot_update_theme_if_questionnaire_is_published():
theme = factories.ThemeFactory()
questionnaire = theme.questionnaire
questionnaire.is_draft = False
questionnaire.save()
user = utils.make_inspector_user(questionnaire.control)
assert 400 <= update_theme(user, make_update_theme_payload(theme)).status_code < 500
def test_cannot_get_users_of_control_if_control_does_not_belong_to_user():
control = factories.ControlFactory()
inspector = utils.make_inspector_user()
audited = utils.make_audited_user()
assert get_users_of_control(inspector, control).status_code == 404
assert get_users_of_control(audited, control).status_code == 404
def test_inspector_can_download_questionnaire_file_if_draft(client):
questionnaire = factories.QuestionnaireFactory(is_draft=True)
user = utils.make_inspector_user(questionnaire.control)
utils.login(client, user=user)
url = reverse('send-questionnaire-file', args=[questionnaire.id])
response = client.get(url)
assert response.status_code == 200
def test_questionnaire_update__question_update():
increment_ids()
question = factories.QuestionFactory()
theme = question.theme
questionnaire = theme.questionnaire
user = utils.make_inspector_user(questionnaire.control)
payload = make_update_payload(questionnaire)
payload['themes'][0]['questions'][0][
'description'] = 'this is a great question.'
assert Questionnaire.objects.all().count() == 1
assert Theme.objects.all().count() == 1
assert Question.objects.all().count() == 1
response = update_questionnaire(user, payload)
assert response.status_code == 200
# Data is saved
assert Questionnaire.objects.all().count() == 1
assert Theme.objects.all().count() == 1
assert Question.objects.all().count() == 1
saved_question = Question.objects.get(id=question.id)
assert saved_question.description != question.description
assert saved_question.description == payload['themes'][0]['questions'][0][
'description']
# Response data is filled
assert len(response.data['themes']) == 1
assert len(response.data['themes'][0]['questions']) == 1
assert \
response.data['themes'][0]['questions'][0]['description'] == payload['themes'][0]['questions'][0]['description']
def run_test_questionnaire_update__question_create(added_question):
increment_ids()
question = factories.QuestionFactory()
theme = question.theme
questionnaire = theme.questionnaire
user = utils.make_inspector_user(questionnaire.control)
payload = make_update_payload(questionnaire)
payload['themes'][0]['questions'].append(added_question)
assert Questionnaire.objects.all().count() == 1
assert Theme.objects.all().count() == 1
assert Question.objects.all().count() == 1
response = update_questionnaire(user, payload)
assert response.status_code == 200
# data is saved
assert Questionnaire.objects.all().count() == 1
assert Theme.objects.all().count() == 1
assert Question.objects.all().count() == 2
new_question = Question.objects.last()
assert new_question.description == payload['themes'][0]['questions'][1][
'description']
# Response data is filled in
assert len(response.data['themes'][0]['questions']) == 2
assert \
response.data['themes'][0]['questions'][1]['description'] == payload['themes'][0]['questions'][1]['description']
def test_user_cannot_set_editor_if_they_cannot_access_the_questionnaire():
control = factories.ControlFactory()
user = utils.make_inspector_user(control=None, assign_questionnaire_editor=False)
questionnaire = factories.QuestionnaireFactory(control=control, is_draft=True)
response = call_api(user, questionnaire.id, user.id)
assert 400 <= response.status_code < 500
def test_send_response_file_list_fails_for_draft_questionnaire_for_inspector(
client):
questionnaire = factories.QuestionnaireFactory(is_draft=True)
user = utils.make_inspector_user(questionnaire.control)
utils.login(client, user=user)
url = reverse('send-response-file-list', args=[questionnaire.id])
response = client.get(url)
assert response.status_code != 200
def test_send_response_file_list_works_for_inspector_if_the_control_is_associated_with_the_user(
client):
questionnaire = factories.QuestionnaireFactory(is_draft=False)
user = utils.make_inspector_user(questionnaire.control)
response = get_response_list(client, user, questionnaire.id)
assert response.status_code == 200
def test_cannot_get_users_of_control_if_control_is_deleted():
control = factories.ControlFactory()
inspector = utils.make_inspector_user(control)
audited = utils.make_audited_user(control)
control.delete()
assert get_users_of_control(inspector, control).status_code == 404
assert get_users_of_control(audited, control).status_code == 404
def test_draft_questionnaire_is_listed_in_controls_data_if_user_is_inspector():
control = factories.ControlFactory()
factories.QuestionnaireFactory(control=control, is_draft=False, title='MUST BE LISTED')
factories.QuestionnaireFactory(control=control, is_draft=True, title='MUST ALSO BE LISTED')
user = utils.make_inspector_user(control)
response = list_control(user)
assert response.status_code == 200
assert 'MUST BE LISTED' in str(response.content)
assert 'MUST ALSO BE LISTED' in str(response.content)
def test_no_questionnaire_create_if_control_is_deleted():
increment_ids()
control = factories.ControlFactory()
user = utils.make_inspector_user(control)
payload = make_create_payload(control.id)
assert_no_data_is_saved()
control.delete()
response = create_questionnaire(user, payload)
assert 403 <= response.status_code <= 404
def test_questionnaire_create_fails_with_malformed_question():
control = factories.ControlFactory()
user = utils.make_inspector_user(control)
payload = make_create_payload(control.id)
payload['themes'][0]['questions'][0].pop('description')
response = create_questionnaire(user, payload)
assert response.status_code == 400
assert_no_data_is_saved()
def test_cannot_retrieve_theme_even_if_user_belongs_to_control():
theme = factories.ThemeFactory()
audited_user = utils.make_audited_user(theme.questionnaire.control)
inspector_user = utils.make_inspector_user(theme.questionnaire.control)
theme.questionnaire.is_draft = False
theme.questionnaire.save()
assert get_theme(audited_user, theme.id).status_code == 405
assert get_theme(inspector_user, theme.id).status_code == 405
def test_cannot_delete_theme_if_questionnaire_is_published():
theme = factories.ThemeFactory()
audited_user = utils.make_audited_user(theme.questionnaire.control)
inspector_user = utils.make_inspector_user(theme.questionnaire.control)
theme.questionnaire.is_draft = False
theme.questionnaire.save()
assert delete_theme(audited_user, theme.id).status_code == 403
assert delete_theme(inspector_user, theme.id).status_code == 405
def test_send_response_file_list_fails_for_inspector_if_the_control_is_not_associated_with_the_user(
client):
questionnaire = factories.QuestionnaireFactory(is_draft=False)
unauthorized_control = factories.ControlFactory()
user = utils.make_inspector_user(unauthorized_control)
response = get_response_list(client, user, questionnaire.id)
assert response.status_code != 200
def test_noneditor_can_get_rights_on_questionnaire_without_editor():
control = factories.ControlFactory()
user = utils.make_inspector_user(control, assign_questionnaire_editor=False)
questionnaire = factories.QuestionnaireFactory(control=control, is_draft=True, editor=None)
assert_questionnaire_has_editor(questionnaire, None)
response = call_api(user, questionnaire.id, user.id)
assert response.status_code == 200
assert_questionnaire_has_editor(questionnaire, user)
def test_no_questionnaire_update_if_control_is_deleted():
increment_ids()
questionnaire = factories.QuestionnaireFactory()
user = utils.make_inspector_user(questionnaire.control)
payload = make_update_payload(questionnaire)
questionnaire.control.delete()
response = update_questionnaire(user, payload)
assert 403 <= response.status_code <= 404
def test_questionnaire_draft_update__non_editor_cannot_update():
increment_ids()
questionnaire = factories.QuestionnaireFactory()
control = questionnaire.control
non_editor = utils.make_inspector_user(control,
assign_questionnaire_editor=False)
payload = make_update_payload(questionnaire)
payload['description'] = 'this is a great questionnaire.'
response = update_questionnaire(non_editor, payload)
assert 400 <= response.status_code < 500
def test_inspector_cannot_trash_response_file():
response_file = factories.ResponseFileFactory()
user = utils.make_inspector_user(
response_file.question.theme.questionnaire.control)
payload = {"is_deleted": "true"}
assert not ResponseFile.objects.get(id=response_file.id).is_deleted
response = trash_response_file(user, response_file.id, payload)
assert response.status_code == 403
assert not ResponseFile.objects.get(id=response_file.id).is_deleted
def test_inspector_cannot_update_published_questionnaire():
increment_ids()
control = factories.ControlFactory()
user = utils.make_inspector_user(control)
questionnaire = factories.QuestionnaireFactory(is_draft=False,
control=control,
editor=user)
payload = make_update_payload(questionnaire)
# Here we are trying to update a questionnaire that's already published
response = update_questionnaire(user, payload)
assert 400 <= response.status_code < 500
def test_questionnaire_draft_update__editor_can_update():
increment_ids()
control = factories.ControlFactory()
user = utils.make_inspector_user(control)
questionnaire = create_questionnaire_through_api(user, control)
payload = questionnaire
payload['description'] = 'this is a great questionnaire.'
response = update_questionnaire(user, payload)
assert response.status_code == 200
