Esempio n. 1
0
 def test_func(self):
     """
     implementation of the UserPassesTestMixin test_func
     """
     user = self.request.user
     if not user.is_authenticated():
         return False
     if not is_assessor(user):
         return False
     assessment = self.get_assessment()
     return assessment is not None and assessment.assessor_group in get_user_assessor_groups(user)
Esempio n. 2
0
 def test_func(self):
     """
     implementation of the UserPassesTestMixin test_func
     """
     user = self.request.user
     if not user.is_authenticated():
         self.raise_exception = False
         return False
     self.raise_exception = True
     if is_customer(user) or is_officer(user):
         return False
     assessment = self.get_assessment()
     return assessment is not None and assessment.assessor_group in get_user_assessor_groups(user)
Esempio n. 3
0
 def test_func(self):
     """
     implementation of the UserPassesTestMixin test_func
     """
     user = self.request.user
     if not user.is_authenticated():
         self.raise_exception = False
         return False
     self.raise_exception = True
     if is_customer(user) or is_officer(user):
         return False
     assessment = self.get_assessment()
     return assessment is not None and assessment.assessor_group in get_user_assessor_groups(
         user)
Esempio n. 4
0
    def test_assessor_access_limited(self):
        """
        Test that an assessor cannot edit an assessment that doesn't belong to their group
        All accessor can search conditions
        """
        assessor = get_or_create_default_assessor()
        self.client.login(assessor.email)
        # This assessor doesn't belong to a group
        self.assertTrue(is_assessor(assessor))
        self.assertFalse(get_user_assessor_groups(assessor))

        # forbidden
        urls_get_forbidden = [
            reverse('wl_applications:enter_conditions', args=[self.application.pk]),
            reverse('wl_applications:enter_conditions_assessor', args=[self.application.pk, self.assessment.pk]),
        ]
        urls_post_forbidden = [
            {
                'url': reverse('wl_applications:create_condition'),
                'data': {
                    'code': '123488374',
                    'text': 'condition text'
                }
            },
            {
                'url': reverse('wl_applications:set_assessment_condition_state'),
                'data': {
                    'assessmentConditionID': self.assessment_condition.pk,
                    'acceptanceStatus': 'accepted',
                }
            },
            {
                'url': reverse('wl_applications:enter_conditions', args=[self.application.pk]),
                'data': {
                    'conditionID': [self.condition.pk],
                }
            },
            {
                'url': reverse('wl_applications:enter_conditions_assessor',
                               args=[self.application.pk, self.assessment.pk]),
                'data': {
                    'conditionID': [self.condition.pk],
                }
            },
        ]
        # Allowed
        urls_get_allowed = [
            reverse('wl_applications:search_conditions')
        ]
        urls_post_allowed = [
        ]
        for url in urls_get_forbidden:
            response = self.client.get(url, follow=True)
            if response.status_code != 403:
                self.assertRedirects(response, reverse('wl_dashboard:tables_assessor'), status_code=302,
                                     target_status_code=200)
        for url in urls_post_forbidden:
            response = self.client.post(url['url'], url['data'], follow=True)
            if response.status_code != 403:
                self.assertRedirects(response, reverse('wl_dashboard:tables_assessor'), status_code=302,
                                     target_status_code=200)
        for url in urls_get_allowed:
            response = self.client.get(url, follow=True)
            self.assertEqual(200, response.status_code)

        for url in urls_post_allowed:
            response = self.client.post(url['url'], url['data'], follow=True)
            self.assertEqual(200, response.status_code)
Esempio n. 5
0
    def test_assessor_access_limited(self):
        """
        Test that an assessor cannot edit an assessment that doesn't belong to their group
        All accessor can search conditions
        """
        assessor = get_or_create_default_assessor()
        self.client.login(assessor.email)
        # This assessor doesn't belong to a group
        self.assertTrue(is_assessor(assessor))
        self.assertFalse(get_user_assessor_groups(assessor))

        # forbidden
        urls_get_forbidden = [
            reverse('wl_applications:enter_conditions',
                    args=[self.application.pk]),
            reverse('wl_applications:enter_conditions_assessor',
                    args=[self.application.pk, self.assessment.pk]),
        ]
        urls_post_forbidden = [
            {
                'url':
                reverse('wl_applications:create_condition',
                        args=[self.application.pk]),
                'data': {
                    'code': '123488374',
                    'text': 'condition text'
                }
            },
            {
                'url':
                reverse('wl_applications:set_assessment_condition_state'),
                'data': {
                    'assessmentConditionID': self.assessment_condition.pk,
                    'acceptanceStatus': 'accepted',
                }
            },
            {
                'url':
                reverse('wl_applications:enter_conditions',
                        args=[self.application.pk]),
                'data': {
                    'conditionID': [self.condition.pk],
                }
            },
            {
                'url':
                reverse('wl_applications:enter_conditions_assessor',
                        args=[self.application.pk, self.assessment.pk]),
                'data': {
                    'conditionID': [self.condition.pk],
                }
            },
        ]
        # Allowed
        urls_get_allowed = [reverse('wl_applications:search_conditions')]
        urls_post_allowed = []
        for url in urls_get_forbidden:
            response = self.client.get(url, follow=True)
            if response.status_code != 403:
                self.assertRedirects(response,
                                     reverse('wl_dashboard:tables_assessor'),
                                     status_code=302,
                                     target_status_code=200)
        for url in urls_post_forbidden:
            response = self.client.post(url['url'], url['data'], follow=True)
            if response.status_code != 403:
                self.assertRedirects(response,
                                     reverse('wl_dashboard:tables_assessor'),
                                     status_code=302,
                                     target_status_code=200)
        for url in urls_get_allowed:
            response = self.client.get(url, follow=True)
            self.assertEqual(200, response.status_code)

        for url in urls_post_allowed:
            response = self.client.post(url['url'], url['data'], follow=True)
            self.assertEqual(200, response.status_code)