def test_filter_checklist_owner_org_admin(self):
group_org_admin = factories.Group(name=ROLE_ORGANIZATION_ADMIN)
self.tola_user.user.groups.add(group_org_admin)
another_user = factories.User(first_name='Johnn', last_name='Lennon')
another_tola = factories.TolaUser(user=another_user)
wkflvl1_1 = factories.WorkflowLevel1(
organization=self.tola_user.organization)
wkflvl1_2 = factories.WorkflowLevel1(
organization=self.tola_user.organization)
wkflvl2_1 = factories.WorkflowLevel2(name='WorkflowLevel2 A',
workflowlevel1=wkflvl1_1)
wkflvl2_2 = factories.WorkflowLevel2(name='WorkflowLevel2 B',
workflowlevel1=wkflvl1_2)
checklist1 = factories.Checklist(name='Checklist A',
owner=self.tola_user,
workflowlevel2=wkflvl2_1)
factories.Checklist(name='Checklist B',
owner=another_tola,
workflowlevel2=wkflvl2_2)
request = self.factory.get('/api/checklist'
'/?owner=%s' % self.tola_user.pk)
request.user = self.tola_user.user
view = ChecklistViewSet.as_view({'get': 'list'})
response = view(request)
self.assertEqual(response.status_code, 200)
self.assertEqual(len(response.data), 1)
self.assertEqual(response.data[0]['name'], checklist1.name)
def test_filter_checklist_country_org_admin(self):
group_org_admin = factories.Group(name=ROLE_ORGANIZATION_ADMIN)
self.tola_user.user.groups.add(group_org_admin)
country1 = factories.Country(country='Brazil', code='BR')
country2 = factories.Country(country='Germany', code='DE')
wkflvl1_1 = factories.WorkflowLevel1(
organization=self.tola_user.organization, country=[country1])
wkflvl1_2 = factories.WorkflowLevel1(
organization=self.tola_user.organization, country=[country2])
wkflvl2_1 = factories.WorkflowLevel2(workflowlevel1=wkflvl1_1)
wkflvl2_2 = factories.WorkflowLevel2(workflowlevel1=wkflvl1_2)
checklist1 = factories.Checklist(name='Checklist A',
workflowlevel2=wkflvl2_1)
factories.Checklist(name='Checklist B', workflowlevel2=wkflvl2_2)
request = self.factory.get(
'/api/checklist'
'/?workflowlevel2__workflowlevel1__country__country=%s' %
country1.country)
request.user = self.tola_user.user
view = ChecklistViewSet.as_view({'get': 'list'})
response = view(request)
self.assertEqual(response.status_code, 200)
self.assertEqual(len(response.data), 1)
self.assertEqual(response.data[0]['name'], checklist1.name)
def test_demo_workflowteam_assignment_not_reassigned_on_update(
self, mock_tsync):
os.environ['APP_BRANCH'] = DEMO_BRANCH
mock_tsync.create_instance.return_value = Mock()
role = factories.Group(name=ROLE_VIEW_ONLY)
wflvl1_0 = factories.WorkflowLevel1(
id=DEFAULT_WORKFLOW_LEVEL_1S[0][0],
name=DEFAULT_WORKFLOW_LEVEL_1S[0][1])
wflvl1_1 = factories.WorkflowLevel1(
id=DEFAULT_WORKFLOW_LEVEL_1S[1][0],
name=DEFAULT_WORKFLOW_LEVEL_1S[1][1])
tola_user = factories.TolaUser(user=factories.User(
first_name='Ringo', last_name='Starr')) # triggers the signal
tola_user.name = 'Laura Pausini'
tola_user.save()
num_results = WorkflowTeam.objects.filter(
workflow_user=tola_user, role=role,
workflowlevel1=wflvl1_0).count()
self.assertEqual(num_results, 1)
num_results = WorkflowTeam.objects.filter(
workflow_user=tola_user, role=role,
workflowlevel1=wflvl1_1).count()
self.assertEqual(num_results, 1)
def test_filter_checklist_wkflvl2_name_org_admin(self):
group_org_admin = factories.Group(name=ROLE_ORGANIZATION_ADMIN)
self.tola_user.user.groups.add(group_org_admin)
wkflvl1_1 = factories.WorkflowLevel1(
organization=self.tola_user.organization)
wkflvl1_2 = factories.WorkflowLevel1(
organization=self.tola_user.organization)
wkflvl2_1 = factories.WorkflowLevel2(name='WorkflowLevel2 A',
workflowlevel1=wkflvl1_1)
wkflvl2_2 = factories.WorkflowLevel2(name='WorkflowLevel2 B',
workflowlevel1=wkflvl1_2)
checklist1 = factories.Checklist(name='Checklist A',
workflowlevel2=wkflvl2_1)
factories.Checklist(name='Checklist B', workflowlevel2=wkflvl2_2)
request = self.factory.get('/api/checklist'
'/?workflowlevel2__name=%s' %
wkflvl2_1.name)
request.user = self.tola_user.user
view = ChecklistViewSet.as_view({'get': 'list'})
response = view(request)
self.assertEqual(response.status_code, 200)
self.assertEqual(len(response.data), 1)
self.assertEqual(response.data[0]['name'], checklist1.name)
def test_update_indicator_program_team(self):
request = self.factory.post('/api/indicator/')
wflvl1 = factories.WorkflowLevel1(
organization=self.tola_user.organization)
WorkflowTeam.objects.create(
workflow_user=self.tola_user,
workflowlevel1=wflvl1,
role=factories.Group(name=ROLE_PROGRAM_TEAM))
indicator = factories.Indicator(workflowlevel1=[wflvl1])
wflvl1_url = reverse('workflowlevel1-detail',
kwargs={'pk': wflvl1.id},
request=request)
data = {
'name': 'Number of beneficiaries registered',
'workflowlevel1': wflvl1_url
}
request = self.factory.post('/api/indicator/', data)
request.user = self.tola_user.user
view = IndicatorViewSet.as_view({'post': 'update'})
response = view(request, pk=indicator.pk)
self.assertEqual(response.status_code, 200)
indicator = Indicator.objects.get(pk=response.data['id'])
self.assertEquals(indicator.name, data['name'])
def test_create_indicator_program_admin_json(self):
request = self.factory.post('/api/indicator/')
wflvl1 = factories.WorkflowLevel1(
organization=self.tola_user.organization)
wflvl1_url = reverse('workflowlevel1-detail',
kwargs={'pk': wflvl1.id},
request=request)
wflvl2 = factories.WorkflowLevel1(
organization=self.tola_user.organization)
wflvl2_url = reverse('workflowlevel1-detail',
kwargs={'pk': wflvl2.id},
request=request)
WorkflowTeam.objects.create(
workflow_user=self.tola_user,
workflowlevel1=wflvl1,
role=factories.Group(name=ROLE_PROGRAM_ADMIN))
data = {
'name': 'Building resilience in Mali',
'workflowlevel1': [wflvl1_url, wflvl2_url]
}
request = self.factory.post('/api/indicator/',
json.dumps(data),
content_type='application/json')
request.user = self.tola_user.user
view = IndicatorViewSet.as_view({'post': 'create'})
response = view(request)
self.assertEqual(response.status_code, 201)
self.assertEqual(response.data['name'], u'Building resilience in Mali')
def test_create_indicator_program_admin_wflvl1_another_org(self):
request = self.factory.post('/api/indicator/')
wflvl1 = factories.WorkflowLevel1(
organization=self.tola_user.organization)
wflvl1_url = reverse('workflowlevel1-detail',
kwargs={'pk': wflvl1.id},
request=request)
another_org = factories.Organization(name='Another Org')
wflvl2 = factories.WorkflowLevel1(organization=another_org)
wflvl2_url = reverse('workflowlevel1-detail',
kwargs={'pk': wflvl2.id},
request=request)
WorkflowTeam.objects.create(
workflow_user=self.tola_user,
workflowlevel1=wflvl1,
role=factories.Group(name=ROLE_PROGRAM_ADMIN))
data = {
'name': 'Building resilience in Mali',
'workflowlevel1': [wflvl1_url, wflvl2_url]
}
request = self.factory.post('/api/indicator/', data)
request.user = self.tola_user.user
view = IndicatorViewSet.as_view({'post': 'create'})
response = view(request)
self.assertEqual(response.status_code, 403)
def _create_groups(self):
self._su_group = CoreGroup.objects.filter(is_global=True,
permissions=15).first()
if not self._su_group:
logger.info("Creating global CoreGroup")
self._su_group = factories.CoreGroup(name='Global Admin',
is_global=True,
permissions=15)
# TODO: remove this after full Group -> CoreGroup refactoring
self._groups.append(factories.Group(name=ROLE_VIEW_ONLY, ))
self._groups.append(factories.Group(name=ROLE_ORGANIZATION_ADMIN, ))
self._groups.append(factories.Group(name=ROLE_WORKFLOW_ADMIN, ))
self._groups.append(factories.Group(name=ROLE_WORKFLOW_TEAM, ))
def test_update_unexisting_portfolio(self):
group_org_admin = factories.Group(name=ROLE_ORGANIZATION_ADMIN)
self.tola_user.user.groups.add(group_org_admin)
request = self.factory.post(None, {})
request.user = self.tola_user.user
view = PortfolioViewSet.as_view({'post': 'update'})
response = view(request, pk=288)
self.assertEqual(response.status_code, 404)
def test_update_unexisting_indicator(self):
group_org_admin = factories.Group(name=ROLE_ORGANIZATION_ADMIN)
self.tola_user.user.groups.add(group_org_admin)
data = {'name': 'Number of beneficiaries registered'}
request = self.factory.post('/api/indicator/', data)
request.user = self.tola_user.user
view = IndicatorViewSet.as_view({'post': 'update'})
response = view(request, pk=288)
self.assertEqual(response.status_code, 404)
def test_list_indicator_superuser_and_org_admin(self):
request = self.factory.get('/api/indicator/')
group_org_admin = factories.Group(name=ROLE_ORGANIZATION_ADMIN)
self.tola_user.user.groups.add(group_org_admin)
request.user = factories.User.build(is_superuser=True, is_staff=True)
view = IndicatorViewSet.as_view({'get': 'list'})
response = view(request)
self.assertEqual(response.status_code, 200)
self.assertEqual(len(response.data), 2)
def test_update_unexisting_workflowlevel1(self):
group_org_admin = factories.Group(name=ROLE_ORGANIZATION_ADMIN)
self.tola_user.user.groups.add(group_org_admin)
data = {'salary': '10'}
request = self.factory.post('/api/workflowlevel1/', data)
request.user = self.tola_user.user
view = WorkflowLevel1ViewSet.as_view({'post': 'update'})
response = view(request, pk=288)
self.assertEqual(response.status_code, 404)
def test_update_unexisting_level(self):
group_org_admin = factories.Group(name=ROLE_ORGANIZATION_ADMIN)
self.tola_user.user.groups.add(group_org_admin)
data = {'name': 'Intermediate Results'}
request = self.factory.post('/api/level/', data)
request.user = self.tola_user.user
view = LevelViewSet.as_view({'post': 'update'})
response = view(request, pk=288)
self.assertEqual(response.status_code, 404)
def test_delete_portfolio_org_admin_different_org(self):
group_org_admin = factories.Group(name=ROLE_ORGANIZATION_ADMIN)
self.tola_user.user.groups.add(group_org_admin)
request = self.factory.delete(None)
request.user = self.tola_user.user
view = PortfolioViewSet.as_view({'delete': 'destroy'})
response = view(request, pk=self.portfolio.pk)
self.assertEquals(response.status_code, 403)
Portfolio.objects.get(pk=self.portfolio.pk)
def test_list_portfolio_org_admin_different_org(self):
group_org_admin = factories.Group(name=ROLE_ORGANIZATION_ADMIN)
self.tola_user.user.groups.add(group_org_admin)
request = self.factory.get('')
request.user = self.tola_user.user
view = PortfolioViewSet.as_view({'get': 'list'})
response = view(request)
self.assertEqual(response.status_code, 200)
self.assertEqual(len(response.data), 0)
def test_update_unexisting_customform(self):
group_org_admin = factories.Group(name=ROLE_ORGANIZATION_ADMIN)
self.tola_user.user.groups.add(group_org_admin)
data = {'name': '4W Daily Activity Report'}
request = self.factory.post('/api/customform/', data)
request.user = self.tola_user.user
view = CustomFormViewSet.as_view({'post': 'update'})
response = view(request, pk=288)
self.assertEqual(response.status_code, 404)
def test_activated_save_two_times(self):
"""
When the TolaUser is saved, a WorkflowTeam object for that user and
the default program is created only once.
"""
role_program_admin = factories.Group(name=ROLE_PROGRAM_ADMIN)
tolauser = factories.TolaUser() # triggers the signal
tolauser.save() # triggers the signal again
wft = WorkflowTeam.objects.get(workflow_user=tolauser)
self.assertEqual(wft.role, role_program_admin)
def test_update_portfolio_org_admin_different_org(self):
group_org_admin = factories.Group(name=ROLE_ORGANIZATION_ADMIN)
self.tola_user.user.groups.add(group_org_admin)
data = {'name': 'Some name'}
request = self.factory.post(None, data)
request.user = self.tola_user.user
view = PortfolioViewSet.as_view({'post': 'update'})
response = view(request, pk=self.portfolio.pk)
self.assertEqual(response.status_code, 403)
def test_update_unexisting_workflowlevel2(self):
group_org_admin = factories.Group(name=ROLE_ORGANIZATION_ADMIN)
self.tola_user.user.groups.add(group_org_admin)
data = {'name': 'Community awareness program conducted to plant trees'}
request = self.factory.post('/api/workflowlevel2/', data)
request.user = self.tola_user.user
view = WorkflowLevel2ViewSet.as_view({'post': 'update'})
response = view(request, pk=288)
self.assertEqual(response.status_code, 404)
def test_delete_workflowlevel1_different_org(self):
group_other = factories.Group(name='other')
self.tola_user.user.groups.add(group_other)
wflvl1 = factories.WorkflowLevel1()
request = self.factory.delete('/api/workflowlevel1/')
request.user = self.tola_user.user
view = WorkflowLevel1ViewSet.as_view({'delete': 'destroy'})
response = view(request, pk=wflvl1.pk)
self.assertEquals(response.status_code, 403)
WorkflowLevel1.objects.get(pk=wflvl1.pk)
def test_update_workflowteam_other_user(self):
role_without_benefits = ROLE_PROGRAM_TEAM
self.workflowteam.role = factories.Group(name=role_without_benefits)
self.workflowteam.save()
data = {'salary': '100'}
request = self.factory.post(None, data)
request.user = self.tola_user.user
view = WorkflowTeamViewSet.as_view({'post': 'update'})
response = view(request, pk=self.workflowteam.pk)
self.assertEqual(response.status_code, 403)
def test_delete_level_org_admin(self):
group_org_admin = factories.Group(name=ROLE_ORGANIZATION_ADMIN)
self.tola_user.user.groups.add(group_org_admin)
level = factories.Level(organization=self.tola_user.organization)
request = self.factory.delete('/api/level/')
request.user = self.tola_user.user
view = LevelViewSet.as_view({'delete': 'destroy'})
response = view(request, pk=level.pk)
self.assertEquals(response.status_code, 204)
self.assertRaises(Level.DoesNotExist, Level.objects.get, pk=level.pk)
def test_delete_workflowteam_role_without_benefit(self):
factories.WorkflowTeam(workflow_user=self.tola_user,
workflowlevel1=self.wflvl1,
role=factories.Group(name=ROLE_PROGRAM_TEAM))
request = self.factory.delete(None)
request.user = self.tola_user.user
view = WorkflowTeamViewSet.as_view({'delete': 'destroy'})
response = view(request, pk=self.workflowteam.pk)
self.assertEqual(response.status_code, 403)
WorkflowTeam.objects.get(pk=self.workflowteam.pk)
def test_list_workflowteam_view_only(self):
WorkflowTeam.objects.create(workflow_user=self.tola_user,
workflowlevel1=self.wflvl1,
role=factories.Group(name=ROLE_VIEW_ONLY))
request_get = self.factory.get('/api/workflowteam/')
request_get.user = self.tola_user.user
view = WorkflowTeamViewSet.as_view({'get': 'list'})
response = view(request_get)
self.assertEqual(response.status_code, 200)
self.assertEqual(len(response.data), 2)
def test_delete_customform_diff_org_admin(self):
group_org_admin = factories.Group(name=ROLE_ORGANIZATION_ADMIN)
self.tola_user.user.groups.add(group_org_admin)
another_org = factories.Organization(name='Another Org')
customform = factories.CustomForm(organization=another_org)
request = self.factory.delete('/api/customform/')
request.user = self.tola_user.user
view = CustomFormViewSet.as_view({'delete': 'destroy'})
response = view(request, pk=customform.pk)
self.assertEquals(response.status_code, 403)
CustomForm.objects.get(pk=customform.pk)
def test_update_workflowlevel1_different_org_admin(self):
group_org_admin = factories.Group(name=ROLE_ORGANIZATION_ADMIN)
self.tola_user.user.groups.add(group_org_admin)
wflvl1 = factories.WorkflowLevel1(
organization=factories.Organization(name='Other Org'))
data = {'name': 'Save the Lennons'}
request = self.factory.post('/api/workflowlevel1/', data)
request.user = self.tola_user.user
view = WorkflowLevel1ViewSet.as_view({'post': 'update'})
response = view(request, pk=wflvl1.pk)
self.assertEqual(response.status_code, 403)
def test_delete_workflowlevel1_different_org_admin(self):
group_org_admin = factories.Group(name=ROLE_ORGANIZATION_ADMIN)
self.tola_user.user.groups.add(group_org_admin)
org_other = factories.Organization(name='Other Org')
wflvl1 = factories.WorkflowLevel1(organization=org_other)
request = self.factory.delete('/api/workflowlevel1/')
request.user = self.tola_user.user
view = WorkflowLevel1ViewSet.as_view({'delete': 'destroy'})
response = view(request, pk=wflvl1.pk)
self.assertEquals(response.status_code, 403)
WorkflowLevel1.objects.get(pk=wflvl1.pk)
def test_update_level_diff_org_admin(self):
group_org_admin = factories.Group(name=ROLE_ORGANIZATION_ADMIN)
self.tola_user.user.groups.add(group_org_admin)
another_org = factories.Organization(name='Another Org')
level = factories.Level(organization=another_org)
data = {'name': 'Goal'}
request = self.factory.post('/api/level/', data)
request.user = self.tola_user.user
view = LevelViewSet.as_view({'post': 'update'})
response = view(request, pk=level.pk)
self.assertEqual(response.status_code, 403)
def test_delete_level_diff_org_admin(self):
group_org_admin = factories.Group(name=ROLE_ORGANIZATION_ADMIN)
self.tola_user.user.groups.add(group_org_admin)
another_org = factories.Organization(name='Another Org')
level = factories.Level(organization=another_org)
request = self.factory.delete('/api/level/')
request.user = self.tola_user.user
view = LevelViewSet.as_view({'delete': 'destroy'})
response = view(request, pk=level.pk)
self.assertEquals(response.status_code, 403)
Level.objects.get(pk=level.pk)
def test_create_portfolio_other_user(self):
role_without_benefits = ROLE_PROGRAM_ADMIN
factories.WorkflowTeam(
workflow_user=self.tola_user,
role=factories.Group(name=role_without_benefits))
data = {'name': 'New portfolio'}
request = self.factory.post(None, data)
request.user = self.tola_user.user
view = PortfolioViewSet.as_view({'post': 'create'})
response = view(request)
self.assertEqual(response.status_code, 403)
