def test_all_seeing_and_maintenance(rf, admin_user):
shop = get_default_shop()
admin_contact = get_person_contact(admin_user)
do_request_and_asserts(rf,
admin_contact,
maintenance=False,
expect_toolbar=True)
assert not admin_contact.is_all_seeing
configuration.set(None, get_all_seeing_key(admin_user), True)
assert admin_contact.is_all_seeing
assert admin_contact.user.is_superuser
do_request_and_asserts(rf,
admin_contact,
maintenance=False,
expect_all_seeing=True,
expect_toolbar=True)
configuration.set(None, get_all_seeing_key(admin_contact), False)
# Test maintenance mode badge
shop.maintenance_mode = True
shop.save()
do_request_and_asserts(rf,
admin_contact,
maintenance=True,
expect_toolbar=True)
def test_category_deletion(admin_user):
admin = get_person_contact(admin_user)
category = get_default_category()
category.children.create(identifier="foo")
shop_product = get_default_shop_product()
shop_product.categories.add(category)
shop_product.primary_category = category
shop_product.save()
configuration.set(None, get_all_seeing_key(admin), True)
assert category.status == CategoryStatus.VISIBLE
assert category.children.count() == 1
with pytest.raises(NotImplementedError):
category.delete()
category.soft_delete()
shop_product.refresh_from_db()
shop_product.product.refresh_from_db()
assert shop_product.categories.count() == 0
assert shop_product.primary_category is None
assert category.status == CategoryStatus.DELETED
assert category.children.count() == 0
# the child category still exists
assert Category.objects.all_visible(customer=admin).count() == 1
assert Category.objects.all_except_deleted().count() == 1
configuration.set(None, get_all_seeing_key(admin), False)
def test_category_deletion(admin_user):
admin = get_person_contact(admin_user)
category = get_default_category()
category.children.create(identifier="foo")
shop_product = get_default_shop_product()
shop_product.categories.add(category)
shop_product.primary_category = category
shop_product.save()
configuration.set(None, get_all_seeing_key(admin), True)
assert category.status == CategoryStatus.VISIBLE
assert category.children.count() == 1
with pytest.raises(NotImplementedError):
category.delete()
category.soft_delete()
shop_product.refresh_from_db()
shop_product.product.refresh_from_db()
assert shop_product.categories.count() == 0
assert shop_product.primary_category is None
assert category.status == CategoryStatus.DELETED
assert category.children.count() == 0
# the child category still exists
assert Category.objects.all_visible(customer=admin).count() == 1
assert Category.objects.all_except_deleted().count() == 1
configuration.set(None, get_all_seeing_key(admin), False)
def test_product_available(admin_user, regular_user, available_until, visible):
shop = get_default_shop()
product = create_product("test-sku", shop=shop)
shop_product = product.get_shop_instance(shop)
regular_contact = get_person_contact(regular_user)
admin_contact = get_person_contact(admin_user)
shop_product.available_until = available_until
shop_product.save()
assert (product in Product.objects.listed(shop=shop)) == visible
assert (product in Product.objects.searchable(shop=shop)) == visible
assert (product
in Product.objects.listed(shop=shop,
customer=admin_contact)) == visible
assert (product
in Product.objects.searchable(shop=shop,
customer=admin_contact)) == visible
assert (product
in Product.objects.searchable(shop=shop,
customer=regular_contact)) == visible
configuration.set(None, get_all_seeing_key(admin_contact), True)
assert product in Product.objects.listed(shop=shop, customer=admin_contact)
assert product in Product.objects.searchable(shop=shop,
customer=admin_contact)
configuration.set(None, get_all_seeing_key(admin_contact), False)
def test_product_visibility(rf, admin_user, regular_user):
anon_contact = get_person_contact(AnonymousUser())
shop_product = get_default_shop_product()
admin_contact = get_person_contact(admin_user)
regular_contact = get_person_contact(regular_user)
configuration.set(None, get_all_seeing_key(admin_contact), True)
with modify(
shop_product.product, deleted=True
): # NB: assigning to `product` here works because `get_shop_instance` populates `_product_cache`
assert error_exists(shop_product.get_visibility_errors(customer=anon_contact), "product_deleted")
assert error_exists(shop_product.get_visibility_errors(customer=admin_contact), "product_deleted")
with pytest.raises(ProductNotVisibleProblem):
shop_product.raise_if_not_visible(anon_contact)
assert not shop_product.is_list_visible()
with modify(
shop_product, visibility_limit=ProductVisibility.VISIBLE_TO_ALL, visibility=ShopProductVisibility.NOT_VISIBLE
):
assert error_exists(shop_product.get_visibility_errors(customer=anon_contact), "product_not_visible")
assert error_does_not_exist(shop_product.get_visibility_errors(customer=admin_contact), "product_not_visible")
assert not shop_product.is_list_visible()
with modify(
shop_product,
visibility_limit=ProductVisibility.VISIBLE_TO_LOGGED_IN,
visibility=ShopProductVisibility.ALWAYS_VISIBLE,
):
assert error_exists(
shop_product.get_visibility_errors(customer=anon_contact), "product_not_visible_to_anonymous"
)
assert error_does_not_exist(
shop_product.get_visibility_errors(customer=admin_contact), "product_not_visible_to_anonymous"
)
customer_group = get_default_customer_group()
grouped_user = get_user_model().objects.create_user(username=printable_gibberish(20))
grouped_contact = get_person_contact(grouped_user)
with modify(
shop_product,
visibility_limit=ProductVisibility.VISIBLE_TO_GROUPS,
visibility=ShopProductVisibility.ALWAYS_VISIBLE,
):
shop_product.visibility_groups.add(customer_group)
customer_group.members.add(grouped_contact)
customer_group.members.remove(get_person_contact(regular_user))
assert error_does_not_exist(
shop_product.get_visibility_errors(customer=grouped_contact), "product_not_visible_to_group"
)
assert error_does_not_exist(
shop_product.get_visibility_errors(customer=admin_contact), "product_not_visible_to_group"
)
assert error_exists(
shop_product.get_visibility_errors(customer=regular_contact), "product_not_visible_to_group"
)
configuration.set(None, get_all_seeing_key(admin_contact), False)
def test_omniscience(admin_user, regular_user):
assert not get_person_contact(admin_user).is_all_seeing
configuration.set(None, get_all_seeing_key(admin_user), True)
assert get_person_contact(admin_user).is_all_seeing
assert not get_person_contact(regular_user).is_all_seeing
assert not get_person_contact(None).is_all_seeing
assert not get_person_contact(AnonymousUser()).is_all_seeing
assert not AnonymousContact().is_all_seeing
configuration.set(None, get_all_seeing_key(admin_user), False)
def test_omniscience(admin_user, regular_user):
assert not get_person_contact(admin_user).is_all_seeing
configuration.set(None, get_all_seeing_key(admin_user), True)
assert get_person_contact(admin_user).is_all_seeing
assert not get_person_contact(regular_user).is_all_seeing
assert not get_person_contact(None).is_all_seeing
assert not get_person_contact(AnonymousUser()).is_all_seeing
assert not AnonymousContact().is_all_seeing
configuration.set(None, get_all_seeing_key(admin_user), False)
def test_product_query(visibility, show_in_list, show_in_search, admin_user,
regular_user):
shop = get_default_shop()
product = create_product("test-sku", shop=shop)
shop_product = product.get_shop_instance(shop)
anon_contact = AnonymousContact()
regular_contact = get_person_contact(regular_user)
admin_contact = get_person_contact(admin_user)
shop_product.visibility = visibility
shop_product.save()
assert shop_product.visibility_limit == ProductVisibility.VISIBLE_TO_ALL
# Anonymous contact should be the same as no contact
assert (product in Product.objects.listed(shop=shop)) == show_in_list
assert (product in Product.objects.searchable(shop=shop)) == show_in_search
assert (product
in Product.objects.listed(shop=shop,
customer=anon_contact)) == show_in_list
assert (product in Product.objects.searchable(
shop=shop, customer=anon_contact)) == show_in_search
# Admin should see all non-deleted results
configuration.set(None, get_all_seeing_key(admin_contact), True)
assert product in Product.objects.listed(shop=shop, customer=admin_contact)
assert product in Product.objects.searchable(shop=shop,
customer=admin_contact)
# Anonymous contact shouldn't see products with logged in visibility limit
shop_product.visibility_limit = ProductVisibility.VISIBLE_TO_LOGGED_IN
shop_product.save()
assert product not in Product.objects.listed(shop=shop,
customer=anon_contact)
assert product not in Product.objects.searchable(shop=shop,
customer=anon_contact)
# Reset visibility limit
shop_product.visibility_limit = ProductVisibility.VISIBLE_TO_ALL
shop_product.save()
# No one should see deleted products
product.soft_delete()
assert product not in Product.objects.listed(shop=shop)
assert product not in Product.objects.searchable(shop=shop)
assert product not in Product.objects.listed(shop=shop,
customer=admin_contact)
assert product not in Product.objects.searchable(shop=shop,
customer=admin_contact)
configuration.set(None, get_all_seeing_key(admin_contact), False)
def test_all_seeing_and_maintenance(rf, admin_user):
shop = get_default_shop()
admin_contact = get_person_contact(admin_user)
do_request_and_asserts(rf, admin_contact, maintenance=False, expect_toolbar=True)
assert not admin_contact.is_all_seeing
configuration.set(None, get_all_seeing_key(admin_user), True)
assert admin_contact.is_all_seeing
assert admin_contact.user.is_superuser
do_request_and_asserts(rf, admin_contact, maintenance=False, expect_all_seeing=True, expect_toolbar=True)
configuration.set(None, get_all_seeing_key(admin_contact), False)
# Test maintenance mode badge
shop.maintenance_mode = True
shop.save()
do_request_and_asserts(rf, admin_contact, maintenance=True, expect_toolbar=True)
def test_product_available(admin_user, regular_user, available_until, visible):
shop = get_default_shop()
product = create_product("test-sku", shop=shop)
shop_product = product.get_shop_instance(shop)
regular_contact = get_person_contact(regular_user)
admin_contact = get_person_contact(admin_user)
shop_product.available_until = available_until
shop_product.save()
assert (product in Product.objects.listed(shop=shop)) == visible
assert (product in Product.objects.searchable(shop=shop)) == visible
assert (product in Product.objects.listed(shop=shop, customer=admin_contact)) == visible
assert (product in Product.objects.searchable(shop=shop, customer=admin_contact)) == visible
assert (product in Product.objects.searchable(shop=shop, customer=regular_contact)) == visible
configuration.set(None, get_all_seeing_key(admin_contact), True)
assert product in Product.objects.listed(shop=shop, customer=admin_contact)
assert product in Product.objects.searchable(shop=shop, customer=admin_contact)
configuration.set(None, get_all_seeing_key(admin_contact), False)
def test_category_visibility(admin_user, regular_user):
visible_public_category = Category.objects.create(status=CategoryStatus.VISIBLE, visibility=CategoryVisibility.VISIBLE_TO_ALL, identifier="visible_public", name=DEFAULT_NAME)
hidden_public_category = Category.objects.create(status=CategoryStatus.INVISIBLE, visibility=CategoryVisibility.VISIBLE_TO_ALL, identifier="hidden_public", name=DEFAULT_NAME)
deleted_public_category = Category.objects.create(status=CategoryStatus.DELETED, visibility=CategoryVisibility.VISIBLE_TO_ALL, identifier="deleted_public", name=DEFAULT_NAME)
logged_in_category = Category.objects.create(status=CategoryStatus.VISIBLE, visibility=CategoryVisibility.VISIBLE_TO_LOGGED_IN, identifier="visible_logged_in", name=DEFAULT_NAME)
group_visible_category = Category.objects.create(status=CategoryStatus.VISIBLE, visibility=CategoryVisibility.VISIBLE_TO_GROUPS, identifier="visible_groups", name=DEFAULT_NAME)
assert visible_public_category.name == DEFAULT_NAME
assert str(visible_public_category) == DEFAULT_NAME
anon_contact = AnonymousContact()
regular_contact = get_person_contact(regular_user)
admin_contact = get_person_contact(admin_user)
configuration.set(None, get_all_seeing_key(admin_contact), True)
for (customer, category, expect) in [
(anon_contact, visible_public_category, True),
(anon_contact, hidden_public_category, False),
(anon_contact, deleted_public_category, False),
(anon_contact, logged_in_category, False),
(anon_contact, group_visible_category, False),
(regular_contact, visible_public_category, True),
(regular_contact, hidden_public_category, False),
(regular_contact, deleted_public_category, False),
(regular_contact, logged_in_category, True),
(regular_contact, group_visible_category, False),
(admin_contact, visible_public_category, True),
(admin_contact, hidden_public_category, True),
(admin_contact, deleted_public_category, False),
(admin_contact, logged_in_category, True),
(admin_contact, group_visible_category, True),
]:
result = Category.objects.all_visible(customer=customer).filter(pk=category.pk).exists()
assert result == expect, "Queryset visibility of %s for %s as expected" % (category.identifier, customer)
assert category.is_visible(customer) == expect, "Direct visibility of %s for %s as expected" % (category.identifier, customer)
assert not Category.objects.all_except_deleted().filter(pk=deleted_public_category.pk).exists(), "Deleted category does not show up in 'all_except_deleted'"
configuration.set(None, get_all_seeing_key(admin_contact), False)
def test_product_query(visibility, show_in_list, show_in_search, admin_user, regular_user):
shop = get_default_shop()
product = create_product("test-sku", shop=shop)
shop_product = product.get_shop_instance(shop)
anon_contact = AnonymousContact()
regular_contact = get_person_contact(regular_user)
admin_contact = get_person_contact(admin_user)
shop_product.visibility = visibility
shop_product.save()
assert shop_product.visibility_limit == ProductVisibility.VISIBLE_TO_ALL
# Anonymous contact should be the same as no contact
assert (product in Product.objects.listed(shop=shop)) == show_in_list
assert (product in Product.objects.searchable(shop=shop)) == show_in_search
assert (product in Product.objects.listed(shop=shop, customer=anon_contact)) == show_in_list
assert (product in Product.objects.searchable(shop=shop, customer=anon_contact)) == show_in_search
# Admin should see all non-deleted results
configuration.set(None, get_all_seeing_key(admin_contact), True)
assert product in Product.objects.listed(shop=shop, customer=admin_contact)
assert product in Product.objects.searchable(shop=shop, customer=admin_contact)
# Anonymous contact shouldn't see products with logged in visibility limit
shop_product.visibility_limit = ProductVisibility.VISIBLE_TO_LOGGED_IN
shop_product.save()
assert product not in Product.objects.listed(shop=shop, customer=anon_contact)
assert product not in Product.objects.searchable(shop=shop, customer=anon_contact)
# Reset visibility limit
shop_product.visibility_limit = ProductVisibility.VISIBLE_TO_ALL
shop_product.save()
# No one should see deleted products
product.soft_delete()
assert product not in Product.objects.listed(shop=shop)
assert product not in Product.objects.searchable(shop=shop)
assert product not in Product.objects.listed(shop=shop, customer=admin_contact)
assert product not in Product.objects.searchable(shop=shop, customer=admin_contact)
configuration.set(None, get_all_seeing_key(admin_contact), False)
def test_regular_user_is_blind(rf, regular_user):
shop = get_default_shop()
contact = get_person_contact(regular_user)
do_request_and_asserts(rf, contact, maintenance=False, expect_all_seeing=False, expect_toolbar=False)
# user needs to be superuser to even get a glimpse
assert not contact.is_all_seeing
configuration.set(None, get_all_seeing_key(contact), True)
assert not contact.is_all_seeing # only superusers can be allseeing
# Contact might be all-seeing in database but toolbar requires superuser
do_request_and_asserts(rf, contact, maintenance=False, expect_all_seeing=False, expect_toolbar=False)
def test_regular_user_is_blind(rf, regular_user):
shop = get_default_shop()
contact = get_person_contact(regular_user)
do_request_and_asserts(rf, contact, maintenance=False, expect_all_seeing=False, expect_toolbar=False)
# user needs to be superuser to even get a glimpse
assert not contact.is_all_seeing
configuration.set(None, get_all_seeing_key(contact), True)
assert not contact.is_all_seeing # only superusers can be allseeing
# Contact might be all-seeing in database but toolbar requires superuser
do_request_and_asserts(rf, contact, maintenance=False, expect_all_seeing=False, expect_toolbar=False)
def test_product_visibility(rf, admin_user, regular_user):
anon_contact = get_person_contact(AnonymousUser())
shop_product = get_default_shop_product()
admin_contact = get_person_contact(admin_user)
regular_contact = get_person_contact(regular_user)
configuration.set(None, get_all_seeing_key(admin_contact), True)
with modify(shop_product.product, deleted=True): # NB: assigning to `product` here works because `get_shop_instance` populates `_product_cache`
assert error_exists(shop_product.get_visibility_errors(customer=anon_contact), "product_deleted")
assert error_exists(shop_product.get_visibility_errors(customer=admin_contact), "product_deleted")
with pytest.raises(ProductNotVisibleProblem):
shop_product.raise_if_not_visible(anon_contact)
assert not shop_product.is_list_visible()
with modify(shop_product, visibility_limit=ProductVisibility.VISIBLE_TO_ALL, visibility=ShopProductVisibility.NOT_VISIBLE):
assert error_exists(shop_product.get_visibility_errors(customer=anon_contact), "product_not_visible")
assert error_does_not_exist(shop_product.get_visibility_errors(customer=admin_contact), "product_not_visible")
assert not shop_product.is_list_visible()
with modify(shop_product, visibility_limit=ProductVisibility.VISIBLE_TO_LOGGED_IN, visibility=ShopProductVisibility.ALWAYS_VISIBLE):
assert error_exists(shop_product.get_visibility_errors(customer=anon_contact), "product_not_visible_to_anonymous")
assert error_does_not_exist(shop_product.get_visibility_errors(customer=admin_contact), "product_not_visible_to_anonymous")
customer_group = get_default_customer_group()
grouped_user = get_user_model().objects.create_user(username=printable_gibberish(20))
grouped_contact = get_person_contact(grouped_user)
with modify(shop_product, visibility_limit=ProductVisibility.VISIBLE_TO_GROUPS, visibility=ShopProductVisibility.ALWAYS_VISIBLE):
shop_product.visibility_groups.add(customer_group)
customer_group.members.add(grouped_contact)
customer_group.members.remove(get_person_contact(regular_user))
assert error_does_not_exist(shop_product.get_visibility_errors(customer=grouped_contact), "product_not_visible_to_group")
assert error_does_not_exist(shop_product.get_visibility_errors(customer=admin_contact), "product_not_visible_to_group")
assert error_exists(shop_product.get_visibility_errors(customer=regular_contact), "product_not_visible_to_group")
configuration.set(None, get_all_seeing_key(admin_contact), False)
def test_category_visibility(admin_user, regular_user):
visible_public_category = Category.objects.create(
status=CategoryStatus.VISIBLE,
visibility=CategoryVisibility.VISIBLE_TO_ALL,
identifier="visible_public",
name=DEFAULT_NAME,
)
hidden_public_category = Category.objects.create(
status=CategoryStatus.INVISIBLE,
visibility=CategoryVisibility.VISIBLE_TO_ALL,
identifier="hidden_public",
name=DEFAULT_NAME,
)
deleted_public_category = Category.objects.create(
status=CategoryStatus.DELETED,
visibility=CategoryVisibility.VISIBLE_TO_ALL,
identifier="deleted_public",
name=DEFAULT_NAME,
)
logged_in_category = Category.objects.create(
status=CategoryStatus.VISIBLE,
visibility=CategoryVisibility.VISIBLE_TO_LOGGED_IN,
identifier="visible_logged_in",
name=DEFAULT_NAME,
)
group_visible_category = Category.objects.create(
status=CategoryStatus.VISIBLE,
visibility=CategoryVisibility.VISIBLE_TO_GROUPS,
identifier="visible_groups",
name=DEFAULT_NAME,
)
assert visible_public_category.name == DEFAULT_NAME
assert str(visible_public_category) == DEFAULT_NAME
anon_contact = AnonymousContact()
regular_contact = get_person_contact(regular_user)
admin_contact = get_person_contact(admin_user)
configuration.set(None, get_all_seeing_key(admin_contact), True)
for (customer, category, expect) in [
(anon_contact, visible_public_category, True),
(anon_contact, hidden_public_category, False),
(anon_contact, deleted_public_category, False),
(anon_contact, logged_in_category, False),
(anon_contact, group_visible_category, False),
(regular_contact, visible_public_category, True),
(regular_contact, hidden_public_category, False),
(regular_contact, deleted_public_category, False),
(regular_contact, logged_in_category, True),
(regular_contact, group_visible_category, False),
(admin_contact, visible_public_category, True),
(admin_contact, hidden_public_category, True),
(admin_contact, deleted_public_category, False),
(admin_contact, logged_in_category, True),
(admin_contact, group_visible_category, True),
]:
result = Category.objects.all_visible(customer=customer).filter(
pk=category.pk).exists()
assert result == expect, "Queryset visibility of %s for %s as expected" % (
category.identifier, customer)
assert category.is_visible(
customer
) == expect, "Direct visibility of %s for %s as expected" % (
category.identifier,
customer,
)
assert (not Category.objects.all_except_deleted().filter(
pk=deleted_public_category.pk).exists()
), "Deleted category does not show up in 'all_except_deleted'"
configuration.set(None, get_all_seeing_key(admin_contact), False)
