def test_user_access_other_user(self):
"""
Test that a user cannot edit/view another user application
"""
customer1 = create_random_customer()
customer2 = create_random_customer()
self.assertNotEqual(customer1, customer2)
application1 = helpers.create_application(user=customer1)
application2 = helpers.create_application(user=customer2)
self.assertNotEqual(application1, application2)
# login as user1
self.client.login(customer1.email)
my_url = reverse('wl_applications:edit_application', args=[application1.pk])
response = self.client.get(my_url)
self.assertEqual(302, response.status_code)
forbidden_urls = [
reverse('wl_applications:edit_application', args=[application2.pk]),
]
for forbidden_url in forbidden_urls:
response = self.client.get(forbidden_url, follow=True)
self.assertEqual(403, response.status_code)
def test_user_access_other_user(self):
"""
Test that a user cannot edit/view another user application
"""
customer1 = create_random_customer()
customer2 = create_random_customer()
self.assertNotEqual(customer1, customer2)
application1 = helpers.create_application(user=customer1)
application2 = helpers.create_application(user=customer2)
self.assertNotEqual(application1, application2)
# login as user1
self.client.login(customer1.email)
my_url = reverse('wl_applications:edit_application', args=[application1.pk])
response = self.client.get(my_url)
self.assertEqual(302, response.status_code)
forbidden_urls = [
reverse('wl_applications:edit_application', args=[application2.pk]),
]
for forbidden_url in forbidden_urls:
response = self.client.get(forbidden_url, follow=True)
self.assertEqual(403, response.status_code)
def test_edit_application(self):
"""
Testing that a user can edit an application that was either draft or requiring amendments
"""
application = helpers.create_application(user=self.customer)
application.customer_status = 'draft'
application.save()
application.refresh_from_db()
self.client.login(self.customer.email)
response = self.client.get(reverse('wl_applications:edit_application', args=(application.pk,)), follow=True)
# check that client will be redirected to the enter details page
self.assertRedirects(response, reverse('wl_applications:enter_details'), status_code=302,
target_status_code=200)
# check that the data contained in the context is the same as the application data
self.assertEquals(application.data, response.context['application'].data)
helpers.delete_application_session(self.client)
# check that an application that's not in an editable state can't be edited
application.customer_status = 'under_review'
application.save()
response = self.client.get(reverse('wl_applications:edit_application', args=(application.pk,)))
self.assertEqual(response.status_code, 403)
def test_not_submitted_draft_are_deleted(self):
"""
This is the happy path and the only use case where the application can be deleted.
User create application, save as draft and delete it
"""
self.client.login(self.applicant.email)
application = helpers.create_application(self.applicant)
self.assertEquals(application.customer_status, 'temp')
self.assertFalse(application.is_discardable)
# save application as a draft
helpers.set_application_session(self.client, application)
pk = self.client.session['application_id']
self.assertEqual(application.pk, pk)
url = reverse('wl_applications:enter_details')
data = {'draft': 'draft'}
resp = self.client.post(url, data=data, follow=True)
self.assertEqual(resp.status_code, 200)
application.refresh_from_db()
self.assertEquals(application.customer_status, 'draft')
# application should now be discardable
self.assertTrue(application.is_discardable)
# and deletable
self.assertTrue(application.is_deletable)
# discard
url = reverse('wl_applications:discard_application',
args=[application.pk])
# the get should not delete but return a confirm page
previous_processing_status = application.processing_status
previous_customer_status = application.customer_status
resp = self.client.get(url, follow=True)
self.assertEquals(resp.status_code, 200)
# test that there's a cancel_url in the context of the response and an action_url that is set to the proper url
self.assertTrue('cancel_url' in resp.context)
self.assertEqual(resp.context['cancel_url'],
reverse('wl_dashboard:home'))
self.assertTrue('action_url' in resp.context)
self.assertEquals(resp.context['action_url'], url)
# Application should not be deleted
application = Application.objects.filter(pk=application.pk).first()
self.assertIsNotNone(application)
# status should be unchanged
self.assertEqual(application.processing_status,
previous_processing_status)
self.assertEqual(application.customer_status, previous_customer_status)
# actual discard
resp = self.client.post(url, data=None, follow=True)
self.assertEquals(resp.status_code, 200)
# Application should now be deleted
application = Application.objects.filter(pk=application.pk).first()
self.assertIsNone(application)
def test_not_submitted_draft_are_deleted(self):
"""
This is the happy path and the only use case where the application can be deleted.
User create application, save as draft and delete it
"""
self.client.login(self.applicant.email)
application = helpers.create_application(self.applicant)
self.assertEquals(application.customer_status, 'temp')
self.assertFalse(application.is_discardable)
# save application as a draft
helpers.set_application_session(self.client, application)
pk = self.client.session['application_id']
self.assertEqual(application.pk, pk)
url = reverse('wl_applications:enter_details')
data = {
'draft': 'draft'
}
resp = self.client.post(url, data=data, follow=True)
self.assertEqual(resp.status_code, 200)
application.refresh_from_db()
self.assertEquals(application.customer_status, 'draft')
# application should now be discardable
self.assertTrue(application.is_discardable)
# and deletable
self.assertTrue(application.is_deletable)
# discard
url = reverse('wl_applications:discard_application', args=[application.pk])
# the get should not delete but return a confirm page
previous_processing_status = application.processing_status
previous_customer_status = application.customer_status
resp = self.client.get(url, follow=True)
self.assertEquals(resp.status_code, 200)
# test that there's a cancel_url in the context of the response and an action_url that is set to the proper url
self.assertTrue('cancel_url' in resp.context)
self.assertEqual(resp.context['cancel_url'], reverse('wl_dashboard:home'))
self.assertTrue('action_url' in resp.context)
self.assertEquals(resp.context['action_url'], url)
# Application should not be deleted
application = Application.objects.filter(pk=application.pk).first()
self.assertIsNotNone(application)
# status should be unchanged
self.assertEqual(application.processing_status, previous_processing_status)
self.assertEqual(application.customer_status, previous_customer_status)
# actual discard
resp = self.client.post(url, data=None, follow=True)
self.assertEquals(resp.status_code, 200)
# Application should now be deleted
application = Application.objects.filter(pk=application.pk).first()
self.assertIsNone(application)
def test_user_not_logged_is_redirected_to_login(self):
"""
A user not logged in should be redirected to the login page and not see a 403
"""
customer1 = create_random_customer()
application = helpers.create_application(user=customer1)
self.assertEqual('draft', application.customer_status)
my_urls = [
reverse('applications:edit_application', args=[application.licence_type.code, application.pk]),
reverse('applications:enter_details_existing_application',
args=[application.licence_type.code, application.pk]),
reverse('applications:preview', args=[application.licence_type.code, application.pk])
]
for url in my_urls:
response = self.client.get(url, follow=True)
self.assertEqual(200, response.status_code,
msg="Wrong status code {1} for {0}".format(url, response.status_code))
self.assertTrue(is_login_page(response))
# lodge the application
self.client.login(customer1.email)
url = reverse('applications:preview', args=[application.licence_type.code, application.pk])
session = self.client.session
session['application'] = {
'customer_pk': customer1.pk,
'profile_pk': application.applicant_profile.pk,
'data': {
'project_title': 'Test'
}
}
session.save()
self.client.post(url)
application.refresh_from_db()
self.assertEqual('under_review', application.customer_status)
# logout
self.client.logout()
for url in my_urls:
response = self.client.get(url, follow=True)
self.assertEqual(200, response.status_code)
self.assertTrue(is_login_page(response))
def test_user_access_lodged(self):
"""
Once the application if lodged the user should not be able to edit it
"""
customer1 = create_random_customer()
# login as user1
self.client.login(customer1.email)
application = helpers.create_application(user=customer1)
self.assertEqual('draft', application.customer_status)
my_urls = [
reverse('wl_applications:edit_application', args=[application.licence_type.code_slug, application.pk]),
reverse('wl_applications:enter_details_existing_application',
args=[application.licence_type.code_slug, application.pk]),
reverse('wl_applications:preview', args=[application.licence_type.code_slug, application.pk])
]
for url in my_urls:
response = self.client.get(url, follow=True)
self.assertEqual(200, response.status_code,
msg="Wrong status code {1} for {0}".format(url, response.status_code))
# lodge the application
url = reverse('wl_applications:preview', args=[application.licence_type.code_slug, application.pk])
session = self.client.session
session['application'] = {
'customer_pk': customer1.pk,
'profile_pk': application.applicant_profile.pk,
'data': {
'project_title': 'Test'
}
}
session.save()
self.client.post(url)
application.refresh_from_db()
self.assertEqual('under_review', application.customer_status)
for url in my_urls:
response = self.client.get(url, follow=True)
self.assertEqual(403, response.status_code)
def test_multiple_application_entry_denied(self):
"""
Testing the if a user is in the process of entering an application and attempts to start/edit/renew/amend
another application, they are redirected back to home
"""
entry_denied_message = ('There is currently another application in the process of being entered. Please ' +
'conclude or save this application before creating a new one. If you are seeing this ' +
'message and there is not another application being entered, you may need to '+
'<a href="{}">logout</a> and log in again.').format(reverse('accounts:logout'))
self.client.login(self.customer.email)
response = self.client.get(reverse('wl_applications:new_application'))
self.assertRedirects(response, reverse('wl_applications:select_licence_type'),
status_code=302, target_status_code=200, fetch_redirect_response=False)
# attempt to start another new licence application
response = self.client.get(reverse('wl_applications:new_application'), follow=True)
self.assertRedirects(response, reverse('wl_dashboard:tables_customer'),
status_code=302, target_status_code=200, fetch_redirect_response=False)
self.assertIn('messages', response.context)
self.assertEquals(len(response.context['messages']), 1)
self.assertEquals([str(m.message) for m in response.context['messages']][0], entry_denied_message)
application = helpers.create_application(user=self.customer)
# attempt to edit an application
response = self.client.get(reverse('wl_applications:edit_application', args=(application.pk, )), follow=True)
self.assertRedirects(response, reverse('wl_dashboard:tables_customer'),
status_code=302, target_status_code=200, fetch_redirect_response=False)
self.assertIn('messages', response.context)
self.assertEquals(len(response.context['messages']), 1)
self.assertEquals([str(m.message) for m in response.context['messages']][0], entry_denied_message)
application = helpers.create_and_lodge_application(user=self.customer)
licence = helpers.issue_licence(application, licence_data = {
'end_date': date.today() + relativedelta(days=30),
'is_renewable': True
})
# attempt to renew a licence
response = self.client.get(reverse('wl_applications:renew_licence', args=(licence.pk, )), follow=True)
self.assertRedirects(response, reverse('wl_dashboard:tables_customer'),
status_code=302, target_status_code=200, fetch_redirect_response=False)
self.assertIn('messages', response.context)
self.assertEquals(len(response.context['messages']), 1)
self.assertEquals([str(m.message) for m in response.context['messages']][0], entry_denied_message)
response = self.client.get(reverse('wl_applications:amend_licence', args=(licence.pk, )), follow=True )
# attempt to amend a licence
self.assertRedirects(response, reverse('wl_dashboard:tables_customer'),
status_code=302, target_status_code=200, fetch_redirect_response=False)
self.assertIn('messages', response.context)
self.assertEquals(len(response.context['messages']), 1)
self.assertEquals([str(m.message) for m in response.context['messages']][0], entry_denied_message)
