def test_media_view_images_without_root_access(rf): shop = factories.get_default_shop() staff_user = factories.UserFactory(is_staff=True) permission_group = factories.get_default_permission_group() staff_user.groups.add(permission_group) shop.staff_members.add(staff_user) set_permissions_for_group(permission_group, ["upload-media"]) assert not can_see_root_folder(staff_user) folder = get_or_create_folder(shop, "Root") File.objects.create(name="normalfile", folder=folder) img = Image.objects.create(name="imagefile", folder=folder, is_public=True) request = apply_request_middleware(rf.get("/", { "filter": "images", "action": "folder" }), user=staff_user) request.user = staff_user view_func = MediaBrowserView.as_view() response = view_func(request) assert isinstance(response, JsonResponse) content = json.loads(response.content.decode("utf-8")) assert len(content["folder"]["folders"]) == 0 assert len(content["folder"]["files"]) == 0
def test_reports_admin_permissions(rf): shop = get_default_shop() # We need a shop to exists staff_user = get_default_staff_user(shop) permission_group = get_default_permission_group() staff_user.groups = [permission_group] request = apply_request_middleware(rf.get("/"), user=staff_user) request.user = staff_user with replace_modules([ReportsAdminModule]): with override_provides("reports", REPORTS): extra_permissions = ReportsAdminModule().get_extra_permissions() assert len(extra_permissions) == 3 assert SalesReport.identifier in extra_permissions assert TotalSales.identifier in extra_permissions assert SalesPerHour.identifier in extra_permissions with admin_only_urls(): view_func = ReportView.as_view() response = view_func(request) response.render() response = view_func(request, pk=None) # "new mode" response.render() assert response.content soup = BeautifulSoup(response.content) assert soup.find("div", {"class": "content-block"}).text == "No reports available" expected_report_identifiers = [] for report_cls in [SalesReport, TotalSales, SalesPerHour]: expected_report_identifiers.append(report_cls.identifier) set_permissions_for_group(permission_group, [report_cls.identifier]) response = view_func(request, pk=None) # "new mode" response.render() assert response.content soup = BeautifulSoup(response.content) for option in soup.find("select", {"id": "id_report"}).findAll("option"): assert option["value"] in expected_report_identifiers
def test_login_as_requires_staff_member(rf, regular_user): shop = get_default_shop() staff_user = UserFactory(is_staff=True) permission_group = get_default_permission_group() staff_user.groups.add(permission_group) def do_nothing(request, shop=None): pass def get_default(request): return get_default_shop() # Maybe some vendors and non marketplace staff members has access to admin module with patch("shuup.admin.shop_provider.set_shop", side_effect=do_nothing): with patch("shuup.admin.shop_provider.get_shop", side_effect=get_default): view_func = LoginAsUserView.as_view() request = apply_request_middleware(rf.post("/"), user=staff_user) # not staff member with pytest.raises(PermissionDenied): view_func(request, pk=regular_user.pk) shop.staff_members.add(staff_user) # no permission with pytest.raises(PermissionDenied): view_func(request, pk=regular_user.pk) set_permissions_for_group(permission_group, ["user.login-as"]) response = view_func(request, pk=regular_user.pk) assert response["location"] == reverse("shuup:index") assert get_user(request) == regular_user
def test_login_as_staff_as_staff(rf): """ Staff user 1 tries to impersonat staff user 2 """ shop = get_default_shop() staff_user1 = UserFactory(is_staff=True) permission_group = get_default_permission_group() staff_user1.groups.add(permission_group) shop.staff_members.add(staff_user1) staff_user2 = UserFactory(is_staff=True) view_func = LoginAsStaffUserView.as_view() request = apply_request_middleware(rf.post("/"), user=staff_user1) with pytest.raises(PermissionDenied): view_func(request, pk=staff_user2.pk) set_permissions_for_group(permission_group, ["user.login-as-staff"]) response = view_func(request, pk=staff_user2.pk) assert response["location"] == reverse("shuup_admin:dashboard") assert get_user(request) == staff_user2 # Stop impersonating and since staff1 does not have user detail permission # he/she should find him/herself from dashboard response = stop_impersonating_staff(request) assert response["location"] == reverse("shuup_admin:dashboard") assert get_user(request) == staff_user1 response = stop_impersonating_staff(request) assert response.status_code == 403
def test_reports_admin_permissions(rf): shop = get_default_shop() # We need a shop to exists staff_user = get_default_staff_user(shop) permission_group = get_default_permission_group() staff_user.groups.add(permission_group) request = apply_request_middleware(rf.get("/"), user=staff_user) request.user = staff_user with replace_modules([ReportsAdminModule]): with override_provides("reports", REPORTS): extra_permissions = ReportsAdminModule().get_extra_permissions() assert len(extra_permissions) == 3 assert SalesReport.identifier in extra_permissions assert TotalSales.identifier in extra_permissions assert SalesPerHour.identifier in extra_permissions with admin_only_urls(): view_func = ReportView.as_view() response = view_func(request) response.render() response = view_func(request, pk=None) # "new mode" response.render() assert response.content soup = BeautifulSoup(response.content) assert soup.find("div", {"class": "content-block"}).text == "No reports available" expected_report_identifiers = [] for report_cls in [SalesReport, TotalSales, SalesPerHour]: expected_report_identifiers.append(report_cls.identifier) set_permissions_for_group(permission_group, [report_cls.identifier]) response = view_func(request, pk=None) # "new mode" response.render() assert response.content soup = BeautifulSoup(response.content) for option in soup.find("select", {"id": "id_report"}).findAll("option"): assert option["value"] in expected_report_identifiers
def get_staff_user(): shop = factories.get_default_shop() staff_user = factories.UserFactory(is_staff=True) permission_group = factories.get_default_permission_group() staff_user.groups.add(permission_group) shop.staff_members.add(staff_user) set_permissions_for_group(permission_group, ["Customize Staff Admin Menu", "menu.arrange_staff", "menu.reset_staff"]) return staff_user
def test_order_shipments(rf, admin_user): shop = get_default_shop() supplier = get_supplier(module_identifier="simple_supplier", identifier="1", name="supplier") supplier.shops.add(shop) product = create_product("sku1", shop=shop, default_price=10) shop_product = product.get_shop_instance(shop=shop) shop_product.suppliers.set([supplier]) product_quantities = { supplier.pk: {product.pk: 20}, } def get_quantity(supplier, product): return product_quantities[supplier.pk][product.pk] order = create_empty_order(shop=shop) order.full_clean() order.save() order.change_status(OrderStatus.objects.get_default_processing()) # Let's test the order order status history section for superuser request = apply_request_middleware(rf.get("/"), user=admin_user, shop=shop) # Add product to order for supplier add_product_to_order(order, supplier, product, get_quantity(supplier, product), 8) context = OrderHistorySection.get_context_data(order, request) assert len(context) == 2 # Let's create staff user without any permissions staff_user = create_random_user(is_staff=True) group = get_default_permission_group() staff_user.groups.add(group) shop.staff_members.add(staff_user) request = apply_request_middleware(rf.get("/"), user=staff_user, shop=shop) context = OrderHistorySection.get_context_data(order, request) assert len(context) == 2 # works fine while rendering rendered_content = loader.render_to_string( OrderHistorySection.template, context={ OrderHistorySection.identifier: context, "order_status_history": OrderStatusHistory.objects.filter(order=order).order_by("-created_on"), }, ) assert force_text(OrderStatus.objects.get_default_initial().name) in rendered_content assert force_text(OrderStatus.objects.get_default_processing().name) in rendered_content client = Client() client.force_login(admin_user) # We should see the order status section assert OrderHistorySection.visible_for_object(order, request)
def test_media_view_images(rf): with override_settings(SHUUP_ENABLE_MULTIPLE_SHOPS=True): shop1 = factories.get_shop(identifier="shop1", enabled=True) shop1_staff1 = _create_random_staff(shop1) shop1_staff2 = _create_random_staff(shop1) group = factories.get_default_permission_group() set_permissions_for_group(group, ["media.upload-to-folder", "media.view-all"]) shop2 = factories.get_shop(identifier="shop2", enabled=True) shop2_staff = _create_random_staff(shop2) shop1_staff1.groups.add(group) shop1_staff2.groups.add(group) shop2_staff.groups.add(group) # Let's agree this folder is created by for example carousel # so it would be shared with all the shops. folder = Folder.objects.create(name="Root") assert MediaFolder.objects.count() == 0 path = "%s" % folder.name File.objects.create(name="normalfile", folder=folder) # Shared between shops # Let's create 4 images for shop 1 _mbv_upload(shop1, shop1_staff1, path=path) _mbv_upload(shop1, shop1_staff1, path=path) _mbv_upload(shop1, shop1_staff2, path=path) _mbv_upload(shop1, shop1_staff2, path=path) assert MediaFile.objects.count() == 4 # Let's create 3 images for shop 2 _mbv_upload(shop2, shop2_staff, path=path) _mbv_upload(shop2, shop2_staff, path=path) _mbv_upload(shop2, shop2_staff, path=path) assert MediaFile.objects.count() == 7 # All files were created to same folder and while uploading # the each shop declared that they own the folder. assert Folder.objects.count() == 1 assert MediaFolder.objects.count() == 1 assert MediaFolder.objects.filter(shops=shop1).exists() assert shop1.media_folders.count() == 1 assert shop1.media_files.count() == 4 assert MediaFolder.objects.filter(shops=shop2).exists() assert shop2.media_folders.count() == 1 assert shop2.media_files.count() == 3 # Now let's make sure that each staff can view the folder # and all the files she should see. _check_that_staff_can_see_folder(rf, shop1, shop1_staff1, folder, 5) _check_that_staff_can_see_folder(rf, shop1, shop1_staff2, folder, 5) _check_that_staff_can_see_folder(rf, shop2, shop2_staff, folder, 4)
def get_supplier_user(): factories.get_default_shop() supplier = factories.get_default_supplier() supplier_user = factories.UserFactory(is_staff=True) permission_group = factories.get_default_permission_group() supplier_user.groups.add(permission_group) set_permissions_for_group(permission_group, [ "Customize Supplier Admin Menu", "menu.arrange_supplier", "menu.reset_staff" ]) return supplier_user
def test_login_as_staff_member(rf): shop = get_default_shop() staff_user = UserFactory(is_staff=True) permission_group = get_default_permission_group() staff_user.groups.add(permission_group) shop.staff_members.add(staff_user) view_func = LoginAsUserView.as_view() request = apply_request_middleware(rf.post("/"), user=staff_user, skip_session=True) # log in as self with pytest.raises(Problem): view_func(request, pk=staff_user.pk) user = UserFactory() get_person_contact(user) request = apply_request_middleware(rf.post("/"), user=staff_user) user.is_superuser = True user.save() # user is trying to login as another superuser with pytest.raises(PermissionDenied): view_func(request, pk=user.pk) user.is_superuser = False user.is_staff = True user.save() # user is trying to login as a staff user with pytest.raises(PermissionDenied): view_func(request, pk=user.pk) user.is_staff = False user.is_active = False user.save() # user is trying to login as an inactive user with pytest.raises(Problem): view_func(request, pk=user.pk) user.is_active = True user.save() # staff user without "user.login-as" permission trying to login as valid user with pytest.raises(PermissionDenied): view_func(request, pk=user.pk) permission_group = staff_user.groups.first() set_permissions_for_group(permission_group, ["user.login-as"]) response = view_func(request, pk=user.pk) assert response["location"] == reverse("shuup:index") assert get_user(request) == user
def test_can_see_root_folder(rf, admin_user): assert not can_see_root_folder(None) assert can_see_root_folder(admin_user) shop = factories.get_default_shop() staff_user = factories.UserFactory(is_staff=True) assert not can_see_root_folder(staff_user) permission_group = factories.get_default_permission_group() staff_user.groups.add(permission_group) shop.staff_members.add(staff_user) set_permissions_for_group(permission_group, ["media.view-all"]) assert can_see_root_folder(staff_user)
def test_shop_and_supplier_info(): activate("en") shop = factories.get_shop(True, "USD", enabled=True, name="Shop.com") supplier = factories.get_default_supplier() staff_user = factories.create_random_user(is_staff=True) staff_user.set_password("randpw") staff_user.save() staff_user.groups.set([factories.get_default_permission_group()]) shop.staff_members.add(staff_user) assert staff_user in [staff for staff in shop.staff_members.all()] assert shop.status == ShopStatus.ENABLED client = SmartClient() with override_settings( SHUUP_ENABLE_MULTIPLE_SHOPS=True, SHUUP_ENABLE_MULTIPLE_SUPPLIERS=False, SHUUP_ADMIN_SUPPLIER_PROVIDER_SPEC= "shuup.testing.supplier_provider.FirstSupplierProvider", ): url = reverse("shuup_admin:dashboard") client.login(username=staff_user.username, password="******") response, soup = client.response_and_soup(url) assert response.status_code == 200 assert shop.name in soup.find("div", { "class": "active-shop-and-supplier-info" }).text assert supplier.name not in soup.find( "div", { "class": "active-shop-and-supplier-info" }).text with override_settings( SHUUP_ENABLE_MULTIPLE_SHOPS=True, SHUUP_ENABLE_MULTIPLE_SUPPLIERS=True, SHUUP_ADMIN_SUPPLIER_PROVIDER_SPEC= "shuup.testing.supplier_provider.FirstSupplierProvider", ): url = reverse("shuup_admin:dashboard") client.login(username=staff_user.username, password="******") response, soup = client.response_and_soup(url) assert response.status_code == 200 assert shop.name in soup.find("div", { "class": "active-shop-and-supplier-info" }).text assert supplier.name in soup.find( "div", { "class": "active-shop-and-supplier-info" }).text
def test_browser_config_as_shop_staff(rf): shop = factories.get_default_shop() staff_user = factories.UserFactory(is_staff=True) permission_group = factories.get_default_permission_group() staff_user.groups.add(permission_group) shop.staff_members.add(staff_user) request = apply_request_middleware(rf.post("/"), user=staff_user) urls = get_browser_urls(request) # staff does not have media permission assert urls["media"] is None set_permissions_for_group(permission_group, ["media.browse"]) urls = get_browser_urls(request) assert urls["media"] == reverse("shuup_admin:media.browse") media_module_permission_urls = set(get_permissions_from_urls(MediaModule().get_urls())) assert "media.browse" in media_module_permission_urls assert "shuup_admin:media.browse" not in media_module_permission_urls
def test_staff_authentication(): shop = factories.get_shop(True, "USD", enabled=True) staff_user = factories.create_random_user(is_staff=True) staff_user.set_password("randpw") staff_user.save() staff_user.groups = [factories.get_default_permission_group()] shop.staff_members.add(staff_user) assert staff_user in [staff for staff in shop.staff_members.all()] assert shop.status == ShopStatus.ENABLED client = SmartClient() url = reverse("shuup_admin:dashboard") client.login(username=staff_user.username, password="******") response, soup = client.response_and_soup(url) assert response.status_code == 200 shop.status = ShopStatus.DISABLED shop.save() response, soup = client.response_and_soup(url) assert response.status_code == 400 assert "There is no active shop available" in soup.text
def test_get_folders_without_view_all_permission(rf): shop = factories.get_default_shop() staff_user = factories.UserFactory(is_staff=True) permission_group = factories.get_default_permission_group() staff_user.groups.add(permission_group) shop.staff_members.add(staff_user) set_permissions_for_group(permission_group, ["upload-media"]) assert not can_see_root_folder(staff_user) # Create a structure and retrieve it folder1 = get_or_create_folder(shop, printable_gibberish()) folder1_media_folder = ensure_media_folder(shop, folder1) folder1_media_folder.owners.add(staff_user) folder2 = get_or_create_folder(shop, printable_gibberish()) folder3 = get_or_create_folder(shop, printable_gibberish()) folder4 = get_or_create_folder(shop, printable_gibberish()) folder4.parent = folder2 folder4.save() folder4_media_folder = ensure_media_folder(shop, folder4) folder4_media_folder.owners.add(staff_user) folder5 = get_or_create_folder(shop, printable_gibberish()) folder5.parent = folder4 folder5.save() folder6 = get_or_create_folder(shop, printable_gibberish()) folder6.parent = folder5 folder6.save() folder6_media_folder = ensure_media_folder(shop, folder6) folder6_media_folder.owners.add(staff_user) folder7 = get_or_create_folder(shop, printable_gibberish()) folder7.parent = folder6 folder7.save() tree = get_id_tree(mbv_command(staff_user, {"action": "folders"}, "GET")) assert set((folder1.id, folder4.id)) <= set(tree.keys())
def test_staff_authentication(): shop = factories.get_shop(True, "USD", enabled=True) staff_user = factories.create_random_user(is_staff=True) staff_user.set_password("randpw") staff_user.save() staff_user.groups = [factories.get_default_permission_group()] shop.staff_members.add(staff_user) assert staff_user in [staff for staff in shop.staff_members.all()] assert shop.status == ShopStatus.ENABLED client = SmartClient() url = reverse("shuup_admin:dashboard") client.login(username=staff_user.username, password="******") response, soup = client.response_and_soup(url) assert response.status_code == 200 shop.status = ShopStatus.DISABLED shop.save() response, soup = client.response_and_soup(url) assert response.status_code == 400 assert "There is no active shop available" in soup.text
def test_shop_and_supplier_info(): activate("en") shop = factories.get_shop(True, "USD", enabled=True, name="Shop.com") supplier = factories.get_default_supplier() staff_user = factories.create_random_user(is_staff=True) staff_user.set_password("randpw") staff_user.save() staff_user.groups = [factories.get_default_permission_group()] shop.staff_members.add(staff_user) assert staff_user in [staff for staff in shop.staff_members.all()] assert shop.status == ShopStatus.ENABLED client = SmartClient() with override_settings( SHUUP_ENABLE_MULTIPLE_SHOPS=True, SHUUP_ENABLE_MULTIPLE_SUPPLIERS=False, SHUUP_ADMIN_SUPPLIER_PROVIDER_SPEC="shuup.testing.supplier_provider.FirstSupplierProvider" ): url = reverse("shuup_admin:dashboard") client.login(username=staff_user.username, password="******") response, soup = client.response_and_soup(url) assert response.status_code == 200 assert shop.name in soup.find("div", {"class": "active-shop-and-supplier-info"}).text assert supplier.name not in soup.find("div", {"class": "active-shop-and-supplier-info"}).text with override_settings( SHUUP_ENABLE_MULTIPLE_SHOPS=True, SHUUP_ENABLE_MULTIPLE_SUPPLIERS=True, SHUUP_ADMIN_SUPPLIER_PROVIDER_SPEC="shuup.testing.supplier_provider.FirstSupplierProvider" ): url = reverse("shuup_admin:dashboard") client.login(username=staff_user.username, password="******") response, soup = client.response_and_soup(url) assert response.status_code == 200 assert shop.name in soup.find("div", {"class": "active-shop-and-supplier-info"}).text assert supplier.name in soup.find("div", {"class": "active-shop-and-supplier-info"}).text
def test_order_shipments(rf, admin_user): shop = get_default_shop() supplier1 = Supplier.objects.create(identifier="1", name="supplier1") supplier1.shops.add(shop) supplier2 = Supplier.objects.create(identifier="2") supplier2.shops.add(shop) product1 = create_product("sku1", shop=shop, default_price=10) shop_product1 = product1.get_shop_instance(shop=shop) shop_product1.suppliers.set([supplier1]) product2 = create_product("sku3", shop=shop, default_price=10, shipping_mode=ShippingMode.NOT_SHIPPED) shop_product2 = product1.get_shop_instance(shop=shop) shop_product2.suppliers.set([supplier2]) product_quantities = { supplier1.pk: { product1.pk: 20 }, supplier2.pk: { product2.pk: 10 } } def get_quantity(supplier, product): return product_quantities[supplier.pk][product.pk] order = create_empty_order(shop=shop) order.full_clean() order.save() # Let's test the order shipment section for superuser request = apply_request_middleware(rf.get("/"), user=admin_user, shop=shop) # Add product 3 to order for supplier 2 add_product_to_order(order, supplier2, product2, get_quantity(supplier2, product2), 8) # Product is not shippable so order section should not be available assert not ShipmentSection.visible_for_object(order, request) # Add product 2 to order for supplier 1 add_product_to_order(order, supplier1, product1, get_quantity(supplier1, product1), 7) # Now we should see the shipment section assert ShipmentSection.visible_for_object(order, request) # Make order fully paid so we can start creting shipments and refunds order.cache_prices() order.check_all_verified() order.create_payment(order.taxful_total_price) assert order.is_paid() product_summary = order.get_product_summary() assert product_summary[product1.pk]["unshipped"] == 20 assert product_summary[product2.pk]["unshipped"] == 0 assert product_summary[product2.pk]["ordered"] == 10 # Fully ship the order order.create_shipment({product1: 5}, supplier=supplier1) order.create_shipment({product1: 5}, supplier=supplier1) order.create_shipment({product1: 10}, supplier=supplier1) assert not order.get_unshipped_products() assert order.is_fully_shipped() context = ShipmentSection.get_context_data(order, request) assert len(context["suppliers"]) == 2 assert len(context["create_urls"].keys()) == 2 # One for each supplier assert len(context["delete_urls"].keys()) == 3 # One for each shipment # Let's create staff user without any permissions staff_user = create_random_user(is_staff=True) group = get_default_permission_group() staff_user.groups.add(group) shop.staff_members.add(staff_user) request = apply_request_middleware(rf.get("/"), user=staff_user, shop=shop) context = ShipmentSection.get_context_data(order, request) assert len(context["suppliers"]) == 2 assert len(context["create_urls"].keys()) == 0 assert len(context["delete_urls"].keys()) == 0 assert len(context["set_sent_urls"].keys()) == 0 set_permissions_for_group(group, ["order.create-shipment"]) request = apply_request_middleware(rf.get("/"), user=staff_user, shop=shop) context = ShipmentSection.get_context_data(order, request) assert len(context["suppliers"]) == 2 assert len(context["create_urls"].keys()) == 2 assert len(context["delete_urls"].keys()) == 0 assert len(context["set_sent_urls"].keys()) == 0 set_permissions_for_group(group, [ "order.create-shipment", "order.delete-shipment", "order.set-shipment-sent" ]) request = apply_request_middleware(rf.get("/"), user=staff_user, shop=shop) context = ShipmentSection.get_context_data(order, request) assert len(context["suppliers"]) == 2 assert len(context["create_urls"].keys()) == 2 assert len(context["delete_urls"].keys()) == 3 assert len(context["set_sent_urls"].keys()) == 3 # works fine while rendering rendered_content = loader.render_to_string(ShipmentSection.template, context={ ShipmentSection.identifier: context, "order": order, }) all_urls = list(context["delete_urls"].values()) all_urls.extend(list(context["set_sent_urls"].values())) for url in all_urls: assert url in rendered_content assert order.get_sent_shipments().count() == 0 order.shipments.filter(status=ShipmentStatus.NOT_SENT) == 3 client = Client() client.force_login(admin_user) # mark all shipments as sent! for mark_sent_url in context["set_sent_urls"].values(): response = client.post(mark_sent_url) assert response.status_code == 302 assert order.get_sent_shipments().count() == 3 order.shipments.filter(status=ShipmentStatus.NOT_SENT) == 0 # Make product1 unshipped product1.shipping_mode = ShippingMode.NOT_SHIPPED product1.save() # We still should see the order shipment section since existing shipments assert ShipmentSection.visible_for_object(order, request) # list all shipments in shipments list view response = client.get("{}?jq={}".format( reverse("shuup_admin:order.shipments.list"), json.dumps({ "perPage": 10, "page": 1 }))) assert response.status_code == 200 data = json.loads(response.content) assert len(data["items"]) == 3 for item in data["items"]: assert item["status"] == "Sent" # Let's delete all shipments since both products is unshipped and we # don't need those. for shipment in order.shipments.all(): shipment.soft_delete() assert not ShipmentSection.visible_for_object(order, request)
def test_ajax_object_select_view_with_contacts_multipleshop(rf, contact_cls): shop1 = get_default_shop() shop2 = get_shop(identifier="shop2") staff = create_random_user(is_staff=True) shop1.staff_members.add(staff) shop2.staff_members.add(staff) view = ObjectSelectorView.as_view() model_name = "shuup.%s" % contact_cls._meta.model_name customer = contact_cls.objects.create(name="Michael Jackson", email="*****@*****.**") customer_shop1 = contact_cls.objects.create(name="Roberto", email="*****@*****.**") customer_shop2 = contact_cls.objects.create(name="Maria", email="*****@*****.**") permission_group = get_default_permission_group() staff.groups.add(permission_group) permission_name = "%s.object_selector" % contact_cls._meta.model_name set_permissions_for_group(permission_group, [permission_name]) results = _get_object_selector_results(rf, view, model_name, "michael", staff) assert len(results) == 0 customer.add_to_shop(shop1) customer.add_to_shop(shop2) customer_shop1.add_to_shop(shop1) customer_shop2.add_to_shop(shop2) for shop in [shop1, shop2]: results = _get_object_selector_results(rf, view, model_name, "michael", staff, shop=shop) assert len(results) == 1 assert results[0].get("id") == customer.id assert results[0].get("name") == customer.name results = _get_object_selector_results(rf, view, model_name, "roberto", staff, shop=shop) if shop == shop1: assert len(results) == 1 assert results[0].get("id") == customer_shop1.id assert results[0].get("name") == customer_shop1.name else: assert len(results) == 0 results = _get_object_selector_results(rf, view, model_name, "maria", staff, shop=shop) if shop == shop2: assert len(results) == 1 assert results[0].get("id") == customer_shop2.id assert results[0].get("name") == customer_shop2.name else: assert len(results) == 0
def test_permission_groups_selector(admin_user): shop = get_default_shop() get_default_permission_group() assert get_object_selector_results(PermissionGroup, shop, admin_user, "default")
def test_order_shipment_section(rf, admin_user): shop = get_default_shop() supplier1 = Supplier.objects.create(identifier="1", name="supplier1") supplier1.shops.add(shop) supplier2 = Supplier.objects.create(identifier="2") supplier2.shops.add(shop) product1 = create_product("sku1", shop=shop, default_price=10) shop_product1 = product1.get_shop_instance(shop=shop) shop_product1.suppliers.set([supplier1]) product2 = create_product("sku3", shop=shop, default_price=10, shipping_mode=ShippingMode.NOT_SHIPPED) shop_product2 = product1.get_shop_instance(shop=shop) shop_product2.suppliers.set([supplier2]) product_quantities = { supplier1.pk: { product1.pk: 20 }, supplier2.pk: { product2.pk: 10 } } def get_quantity(supplier, product): return product_quantities[supplier.pk][product.pk] order = create_empty_order(shop=shop) order.full_clean() order.save() # Let's test the order shipment section for superuser request = apply_request_middleware(rf.get("/"), user=admin_user, shop=shop) # Add product 3 to order for supplier 2 add_product_to_order(order, supplier2, product2, get_quantity(supplier2, product2), 8) # Product is not shippable so order section should not be available assert not ShipmentSection.visible_for_object(order, request) # Add product 2 to order for supplier 1 add_product_to_order(order, supplier1, product1, get_quantity(supplier1, product1), 7) # Now we should see the shipment section assert ShipmentSection.visible_for_object(order, request) # Make order fully paid so we can start creting shipments and refunds order.cache_prices() order.check_all_verified() order.create_payment(order.taxful_total_price) assert order.is_paid() product_summary = order.get_product_summary() assert product_summary[product1.pk]["unshipped"] == 20 assert product_summary[product2.pk]["unshipped"] == 0 assert product_summary[product2.pk]["ordered"] == 10 # Fully ship the order order.create_shipment({product1: 5}, supplier=supplier1) order.create_shipment({product1: 5}, supplier=supplier1) order.create_shipment({product1: 10}, supplier=supplier1) assert not order.get_unshipped_products() assert order.is_fully_shipped() context = ShipmentSection.get_context_data(order, request) assert len(context["suppliers"]) == 2 assert len(context["create_urls"].keys()) == 2 # One for each supplier assert len(context["delete_urls"].keys()) == 3 # One for each shipment # Let's create staff user without any permissions staff_user = create_random_user(is_staff=True) group = get_default_permission_group() staff_user.groups.add(group) shop.staff_members.add(staff_user) request = apply_request_middleware(rf.get("/"), user=staff_user, shop=shop) context = ShipmentSection.get_context_data(order, request) assert len(context["suppliers"]) == 2 assert len(context["create_urls"].keys()) == 0 assert len(context["delete_urls"].keys()) == 0 set_permissions_for_group(group, ["order.create-shipment"]) request = apply_request_middleware(rf.get("/"), user=staff_user, shop=shop) context = ShipmentSection.get_context_data(order, request) assert len(context["suppliers"]) == 2 assert len(context["create_urls"].keys()) == 2 assert len(context["delete_urls"].keys()) == 0 set_permissions_for_group(group, ["order.create-shipment", "order.delete-shipment"]) request = apply_request_middleware(rf.get("/"), user=staff_user, shop=shop) context = ShipmentSection.get_context_data(order, request) assert len(context["suppliers"]) == 2 assert len(context["create_urls"].keys()) == 2 assert len(context["delete_urls"].keys()) == 3 # Make product1 unshipped product1.shipping_mode = ShippingMode.NOT_SHIPPED product1.save() # We still should see the order shipment section since existing shipments assert ShipmentSection.visible_for_object(order, request) # Let's delete all shipments since both products is unshipped and we # don't need those. for shipment in order.shipments.all(): shipment.soft_delete() assert not ShipmentSection.visible_for_object(order, request)
def test_order_shipment_section(rf, admin_user): shop = get_default_shop() supplier1 = Supplier.objects.create(identifier="1", name="supplier1") supplier1.shops.add(shop) supplier2 = Supplier.objects.create(identifier="2") supplier2.shops.add(shop) product1 = create_product("sku1", shop=shop, default_price=10) shop_product1 = product1.get_shop_instance(shop=shop) shop_product1.suppliers = [supplier1] product2 = create_product("sku3", shop=shop, default_price=10, shipping_mode=ShippingMode.NOT_SHIPPED) shop_product2 = product1.get_shop_instance(shop=shop) shop_product2.suppliers = [supplier2] product_quantities = { supplier1.pk: { product1.pk: 20 }, supplier2.pk: { product2.pk: 10 } } def get_quantity(supplier, product): return product_quantities[supplier.pk][product.pk] order = create_empty_order(shop=shop) order.full_clean() order.save() # Let's test the order shipment section for superuser request = apply_request_middleware(rf.get("/"), user=admin_user, shop=shop) # Add product 3 to order for supplier 2 add_product_to_order(order, supplier2, product2, get_quantity(supplier2, product2), 8) # Product is not shippable so order section should not be available assert not ShipmentSection.visible_for_object(order, request) # Add product 2 to order for supplier 1 add_product_to_order(order, supplier1, product1, get_quantity(supplier1, product1), 7) # Now we should see the shipment section assert ShipmentSection.visible_for_object(order, request) # Make order fully paid so we can start creting shipments and refunds order.cache_prices() order.check_all_verified() order.create_payment(order.taxful_total_price) assert order.is_paid() product_summary = order.get_product_summary() assert product_summary[product1.pk]["unshipped"] == 20 assert product_summary[product2.pk]["unshipped"] == 0 assert product_summary[product2.pk]["ordered"] == 10 # Fully ship the order order.create_shipment({product1: 5}, supplier=supplier1) order.create_shipment({product1: 5}, supplier=supplier1) order.create_shipment({product1: 10}, supplier=supplier1) assert not order.get_unshipped_products() assert order.is_fully_shipped() context = ShipmentSection.get_context_data(order, request) assert len(context["suppliers"]) == 2 assert len(context["create_urls"].keys()) == 2 # One for each supplier assert len(context["delete_urls"].keys()) == 3 # One for each shipment # Let's create staff user without any permissions staff_user = create_random_user(is_staff=True) group = get_default_permission_group() staff_user.groups.add(group) shop.staff_members.add(staff_user) request = apply_request_middleware(rf.get("/"), user=staff_user, shop=shop) context = ShipmentSection.get_context_data(order, request) assert len(context["suppliers"]) == 2 assert len(context["create_urls"].keys()) == 0 assert len(context["delete_urls"].keys()) == 0 set_permissions_for_group(group, ["order.create-shipment"]) request = apply_request_middleware(rf.get("/"), user=staff_user, shop=shop) context = ShipmentSection.get_context_data(order, request) assert len(context["suppliers"]) == 2 assert len(context["create_urls"].keys()) == 2 assert len(context["delete_urls"].keys()) == 0 set_permissions_for_group(group, ["order.create-shipment", "order.delete-shipment"]) request = apply_request_middleware(rf.get("/"), user=staff_user, shop=shop) context = ShipmentSection.get_context_data(order, request) assert len(context["suppliers"]) == 2 assert len(context["create_urls"].keys()) == 2 assert len(context["delete_urls"].keys()) == 3 # Make product1 unshipped product1.shipping_mode = ShippingMode.NOT_SHIPPED product1.save() # We still should see the order shipment section since existing shipments assert ShipmentSection.visible_for_object(order, request) # Let's delete all shipments since both products is unshipped and we # don't need those. for shipment in order.shipments.all(): shipment.soft_delete() assert not ShipmentSection.visible_for_object(order, request)