def test_owner_can_view_other_users_in_project(self):
self.client.force_authenticate(self.users['other'])
project_permission = factories.ProjectPermissionFactory(
user=self.users['owner'])
project = project_permission.project
factories.ProjectPermissionFactory(project=project,
user=self.users['other'])
response = self.client.get(factories.UserFactory.get_list_url())
self.assertEqual(len(response.data), 2)
def setUp(self):
self.expert_user = structure_factories.UserFactory()
self.request_user = structure_factories.UserFactory()
self.expert_permission = structure_factories.ProjectPermissionFactory(
user=self.expert_user)
request_permission = structure_factories.ProjectPermissionFactory(
user=self.request_user)
self.request = factories.ExpertRequestFactory(
project=request_permission.project, user=self.request_user)
self.other_user = structure_factories.UserFactory()
self.url = structure_factories.UserFactory.get_list_url()
def test_task_revokes_expired_permissions(self):
expired_permission = factories.ProjectPermissionFactory(
expiration_time=timezone.now() - datetime.timedelta(days=100))
not_expired_permission = factories.ProjectPermissionFactory(
expiration_time=timezone.now() + datetime.timedelta(days=100))
tasks.check_expired_permissions()
self.assertFalse(
expired_permission.project.has_user(expired_permission.user,
expired_permission.role))
self.assertTrue(
not_expired_permission.project.has_user(
not_expired_permission.user, not_expired_permission.role))
def test_project_permission_deleting_is_not_available_for_blocked_organization(
self, ):
project = factories.ProjectFactory(customer=self.customer)
permission = factories.ProjectPermissionFactory(project=project)
url = factories.ProjectPermissionFactory.get_url(permission)
self.client.force_authenticate(user=self.user)
response = self.client.delete(url)
self.assertEqual(response.status_code, status.HTTP_400_BAD_REQUEST)
def test_user_cannot_grant_permissions_with_greater_expiration_time(self):
expiration_time = timezone.now() + datetime.timedelta(days=100)
permission = factories.ProjectPermissionFactory(
role=ProjectRole.MANAGER, expiration_time=expiration_time
)
self.client.force_authenticate(user=permission.user)
response = self.client.post(
factories.ProjectPermissionFactory.get_list_url(),
{
'project': factories.ProjectFactory.get_url(project=permission.project),
'user': factories.UserFactory.get_url(),
'role': factories.ProjectPermissionFactory.role,
'expiration_time': expiration_time + datetime.timedelta(days=1),
},
)
self.assertEqual(response.status_code, status.HTTP_403_FORBIDDEN)
def setUp(self):
permission = factories.ProjectPermissionFactory()
self.user = permission.user
self.project = permission.project
self.url = reverse('project_permission-detail',
kwargs={'pk': permission.pk})
