def test_cannot_accept_invitation_for_another_investigation(self):
user = UserFactory.create()
investigation = InvestigationFactory.create()
wrong_investigation = InvestigationFactory.create()
invitation = Invitation.objects.create(user=user, investigation=investigation)
self.client.force_login(user)
self.client.patch(reverse("invitation", kwargs={"invitation_id": invitation.id}),
data={"investigation": {"id": wrong_investigation.id},
"accepted": True},
format="json")
self.assertQuerysetEqual(wrong_investigation.get_users("V").all(), [])
def test_remove_wrong_investigaiton(self):
admin = UserFactory.create()
user = UserFactory.create()
investigation = InvestigationFactory.create()
other_investigation = InvestigationFactory.create()
investigation.add_user(admin, INVESTIGATION_ROLES.ADMIN)
invitation = Invitation.objects.create(user=user, investigation=other_investigation)
self.client.force_login(admin)
response = self.client.delete(reverse("invitation", kwargs={"invitation_id": invitation.id}))
self.assertEqual(response.status_code, 403)
self.assertEqual(Invitation.objects.count(), 1)
def test_list_invitations_lists_for_investigation(self):
admin = UserFactory.create()
user = UserFactory.create()
investigation = InvestigationFactory.create()
other_investigation = InvestigationFactory.create()
investigation.add_user(admin, INVESTIGATION_ROLES.ADMIN)
invitation = Invitation.objects.create(user=user, investigation=investigation)
Invitation.objects.create(user=user, investigation=other_investigation)
self.client.force_login(admin)
response = self.client.get(reverse("invitations", kwargs={"investigation_slug": investigation.slug}))
self.assertEqual(response.status_code, 200)
self.assertEqual(response.data, [{"email": user.email, "id": invitation.id, "accepted": None}])
def test_invite_user_unauthorized(self):
investigation = InvestigationFactory.create()
response = self.client.post(reverse("invitations", kwargs={"investigation_slug": investigation.slug}),
data={"email": "*****@*****.**"})
# This should be 401...
self.assertEqual(response.status_code, 403)
def test_tag_in_investigation(self):
investigation = InvestigationFactory.create()
tag = TagFactory.create(investigation=investigation)
form_response = FormResponseFactory.create()
self.assertNotEqual(form_response.form_instance.form.investigation,
investigation)
self.assertNotIn(tag, form_response.taglist)
def test_owner_cannot_delete_other_investigation(self):
investigation = InvestigationFactory.create()
self.client.force_login(self.investigation_owner)
response = self.client.delete(make_url(investigation))
self.assertEqual(response.status_code, 403)
def setUp(self):
owner = UserFactory.create()
self.investigation = InvestigationFactory.create()
self.investigation.add_user(owner, INVESTIGATION_ROLES.OWNER)
self.form = FormFactory(investigation=self.investigation)
self.client.force_login(owner)
def test_list_fails_if_unauthorized(self):
other_investigation = InvestigationFactory.create()
self.client.force_login(self.investigation_owner)
response = self.client.get(make_url(other_investigation))
self.assertEqual(response.status_code, 403)
def test_invite_user_non_admin(self):
editor = UserFactory.create()
investigation = InvestigationFactory.create()
investigation.add_user(editor, INVESTIGATION_ROLES.EDITOR)
self.client.force_login(editor)
response = self.client.post(reverse("invitations", kwargs={"investigation_slug": investigation.slug}),
data={"email": "*****@*****.**"})
self.assertEqual(response.status_code, 403)
def test_remove_unauthorized(self):
user = UserFactory.create()
investigation = InvestigationFactory.create()
invitation = Invitation.objects.create(user=user, investigation=investigation)
response = self.client.delete(reverse("invitation", kwargs={"invitation_id": invitation.id}))
self.assertEqual(response.status_code, 403)
self.assertEqual(Invitation.objects.count(), 1)
def test_add_form_unauthorized(self):
investigation = InvestigationFactory.create()
response = self.client.post(reverse(
"interviewers", kwargs={"investigation_slug": investigation.slug}),
data={
"name": "test",
"slug": "test"
})
# This should be 401...
self.assertEqual(response.status_code, 403)
def test_list_for_user(self):
user = UserFactory.create()
investigation = InvestigationFactory.create()
invitation = Invitation.objects.create(user=user, investigation=investigation)
self.client.force_login(user)
response = self.client.get(reverse("user_invitations"))
self.assertEqual(response.status_code, 200)
self.assertEqual(response.data[0]["id"], invitation.id)
self.assertEqual(len(response.data), 1)
def test_can_get_form(self):
admin = UserFactory.create()
investigation = InvestigationFactory.create()
investigation.add_user(admin, INVESTIGATION_ROLES.ADMIN)
form = FormFactory.create(investigation=investigation)
self.client.force_login(admin)
response = self.client.get(
reverse("form_details", kwargs={"form_slug": form.slug}))
self.assertEqual(response.status_code, 200)
def test_get_wrong_investigation(self):
admin = UserFactory.create()
investigation = InvestigationFactory.create()
investigation.add_user(admin, INVESTIGATION_ROLES.ADMIN)
form = FormFactory.create(
) # this will be part of another investigation
self.client.force_login(admin)
response = self.client.get(
reverse("form_details", kwargs={"form_slug": form.slug}))
self.assertEqual(response.status_code, 403)
def test_cannot_change_id_of_invitation(self):
user = UserFactory.create()
investigation = InvestigationFactory.create()
invitation = Invitation.objects.create(user=user, investigation=investigation)
self.client.force_login(user)
self.client.patch(reverse("invitation", kwargs={"invitation_id": invitation.id}),
data={"id": 123})
self.assertEqual(Invitation.objects.filter(id=123).all().count(), 0)
self.assertEqual(Invitation.objects.filter(id=invitation.id).all().count(), 1)
def test_user_can_accept(self):
user = UserFactory.create()
investigation = InvestigationFactory.create()
invitation = Invitation.objects.create(user=user, investigation=investigation)
self.client.force_login(user)
response = self.client.patch(reverse("invitation", kwargs={"invitation_id": invitation.id}),
data={"accepted": True})
self.assertEqual(response.status_code, 200)
self.assertQuerysetEqual(investigation.get_users("V").all(), [repr(user)])
def test_admin_can_edit(self):
admin = UserFactory.create()
investigation = InvestigationFactory.create()
investigation.add_user(admin, INVESTIGATION_ROLES.ADMIN)
form = FormFactory.create(investigation=investigation)
self.client.force_login(admin)
response = self.client.patch(reverse("form_details",
kwargs={"form_slug": form.slug}),
data={"name": "My new Name"})
self.assertEqual(response.status_code, 200)
self.assertEqual(response.data["name"], "My new Name")
def setUp(self):
self.investigation_owner = UserFactory.create()
self.investigation = InvestigationFactory.create()
self.form_instance = FormInstanceFactory.create()
self.form_instance.form.investigation.add_user(
self.investigation_owner, "O")
for i in range(5):
FormResponseFactory.create(form_instance=self.form_instance,
status="S")
for i in range(5):
FormResponseFactory.create(form_instance=self.form_instance,
status="V")
def test_assign_tags_from_other_investigation_fails(self):
responses = self.responses[0]
investigation = InvestigationFactory.create()
other_tag = TagFactory.create(investigation=investigation)
form = responses[0].form_instance.form
payload = {
"selected_responses": [responses[2].id],
"tag": other_tag.id
}
self.client.post(make_url(form), data=payload)
self.assertQuerysetEqual(responses[2].tags.all(), [])
def test_add_tag_fails_for_unauthorized_user(self):
other_investigation = InvestigationFactory.create()
self.client.force_login(self.investigation_owner)
self.assertEqual(self.investigation.tag_set.count(), 0)
self.assertEqual(other_investigation.tag_set.count(), 0)
response = self.client.post(make_url(other_investigation),
{"name": "Test Tag"})
self.assertEqual(response.status_code, 403)
self.assertEqual(self.investigation.tag_set.count(), 0)
self.assertEqual(other_investigation.tag_set.count(), 0)
def test_remove_wrong_permissions(self):
editor = UserFactory.create()
user = UserFactory.create()
investigation = InvestigationFactory.create()
investigation.add_user(editor, INVESTIGATION_ROLES.EDITOR)
invitation = Invitation.objects.create(user=user, investigation=investigation)
self.client.force_login(editor)
response = self.client.delete(reverse("invitation", kwargs={"invitation_id": invitation.id}))
self.assertEqual(response.status_code, 403)
self.assertEqual(Invitation.objects.count(), 1)
def test_slug_cannot_begin_with_number(self):
user = UserFactory.create()
investigation = InvestigationFactory.create()
investigation.add_user(user, INVESTIGATION_ROLES.ADMIN)
self.client.force_login(user)
response = self.client.post(reverse(
"interviewers", kwargs={"investigation_slug": investigation.slug}),
data={
"name": "test",
"slug": "123test"
})
self.assertEqual(response.status_code, 400)
def test_add_form_non_admin(self):
editor = UserFactory.create()
investigation = InvestigationFactory.create()
investigation.add_user(editor, INVESTIGATION_ROLES.EDITOR)
self.client.force_login(editor)
response = self.client.post(reverse(
"interviewers", kwargs={"investigation_slug": investigation.slug}),
data={
"name": "test",
"slug": "test"
})
self.assertEqual(response.status_code, 403)
def test_file_download_fails_for_wrong_user(self):
other_owner = UserFactory.create()
other_investigation = InvestigationFactory.create()
other_investigation.add_user(other_owner, INVESTIGATION_ROLES.OWNER)
form_response = FormResponseFactory.create(
json={"file_field": ["data:image/png;base64,abc123"]},
form_instance=self.form_instance)
self.client.force_login(other_owner)
response = self.client.get(
"/forms/admin/investigations/{}/forms/{}/responses/{}/files/file_field/2"
.format(self.investigation.slug, self.form.slug, form_response.id))
self.assertEquals(response.status_code, 403)
def test_list_with_results(self):
other_investigation = InvestigationFactory.create()
other_investigation.add_user(self.investigation_owner, "O")
self.client.force_login(self.investigation_owner)
response = self.client.get(make_url(self.investigation))
self.assertEqual(response.status_code, 200)
self.assertEqual(response.data,
[{
"first_name": self.investigation_owner.first_name,
"last_name": self.investigation_owner.last_name,
"id": self.investigation_owner.id,
"email": self.investigation_owner.email
}])
def test_cannot_accept_invitation_for_someone_else(self):
admin = UserFactory.create()
user = UserFactory.create()
investigation = InvestigationFactory.create()
investigation.add_user(admin, INVESTIGATION_ROLES.ADMIN)
invitation = Invitation.objects.create(user=user, investigation=investigation)
self.client.force_login(admin)
response = self.client.patch(reverse("invitation", kwargs={"invitation_id": invitation.id}),
data={"accepted": True})
self.assertEqual(response.status_code, 403)
self.assertQuerysetEqual(investigation.get_users("V").all(), [])
def test_cannot_invite_users_that_are_members_already(self):
editor = UserFactory.create()
admin = UserFactory.create()
investigation = InvestigationFactory.create()
investigation.add_user(admin, INVESTIGATION_ROLES.ADMIN)
investigation.add_user(editor, INVESTIGATION_ROLES.EDITOR)
self.client.force_login(admin)
self.assertEqual(Invitation.objects.count(), 0)
response = self.client.post(reverse("invitations", kwargs={"investigation_slug": investigation.slug}),
data={"email": editor.email})
self.assertEqual(response.status_code, 400)
self.assertEqual(Invitation.objects.count(), 0)
def test_admin_can_invite_existing_users(self, mock_send_email):
user = UserFactory.create()
admin = UserFactory.create()
investigation = InvestigationFactory.create()
investigation.add_user(admin, INVESTIGATION_ROLES.ADMIN)
self.client.force_login(admin)
self.assertEqual(Invitation.objects.count(), 0)
response = self.client.post(reverse("invitations", kwargs={"investigation_slug": investigation.slug}),
data={"email": user.email})
self.assertEqual(response.status_code, 201)
self.assertEqual(Invitation.objects.count(), 1)
self.assertTrue(mock_send_email.called)
def test_list_with_results(self):
tag = TagFactory.create()
self.investigation.tag_set.add(tag)
other_investigation = InvestigationFactory.create()
other_tag = TagFactory.create()
other_investigation.tag_set.add(other_tag)
self.client.force_login(self.investigation_owner)
response = self.client.get(make_url(self.investigation))
self.assertEqual(response.status_code, 200)
self.assertEqual(response.data, [{
"id": tag.id,
"name": tag.name,
"investigation": tag.investigation.id
}])
def test_invite_validates_email_address(self):
admin = UserFactory.create()
investigation = InvestigationFactory.create()
investigation.add_user(admin, INVESTIGATION_ROLES.ADMIN)
self.client.force_login(admin)
# The two users are: `admin` form above
# and `AnonymousUser` from DRF
self.assertEqual(User.objects.count(), 2)
self.assertEqual(Invitation.objects.count(), 0)
response = self.client.post(reverse("invitations", kwargs={"investigation_slug": investigation.slug}),
data={"email": "invalid@@@"})
self.assertEqual(response.status_code, 400)
self.assertEqual(Invitation.objects.count(), 0)
self.assertEqual(User.objects.count(), 2)