def test_authorisation(self):
"""
Only superuser or API users
:return:
"""
url = reverse("wl_returns:api:data", kwargs={
'return_type_pk': self.return_type.pk,
'resource_number': 0
})
customer = helpers.get_or_create_default_customer()
officer = helpers.get_or_create_default_officer()
assessor = helpers.get_or_create_default_assessor()
api_user = helpers.get_or_create_api_user()
self.assertTrue(is_api_user(api_user))
admin = helpers.create_random_customer()
admin.is_superuser = True
admin.save()
self.assertTrue(is_api_user(admin))
client = helpers.SocialClient()
forbidden = [customer, officer, assessor]
for user in forbidden:
client.login(user.email)
self.assertEqual(client.get(url).status_code,
status.HTTP_403_FORBIDDEN)
client.logout()
allowed = [admin, api_user]
for user in allowed:
client.login(user.email)
self.assertEqual(client.get(url).status_code,
status.HTTP_200_OK)
client.logout()
def setUp(self):
self.customer = helpers.get_or_create_default_customer()
self.assertTrue(is_customer(self.customer))
self.officer = helpers.get_or_create_default_officer()
self.assertTrue(is_officer(self.officer))
self.assessor = helpers.get_or_create_default_assessor()
self.assertTrue(is_assessor(self.assessor))
self.client = helpers.SocialClient()
def setUp(self):
self.customer = get_or_create_default_customer(include_default_profile=True)
self.officer = get_or_create_default_officer()
self.assessor = get_or_create_default_assessor()
self.not_allowed_customer = create_random_customer()
self.assertNotEqual(self.not_allowed_customer, self.customer)
self.client = SocialClient()
self.licence_type = get_or_create_licence_type('regulation-17')
self.return_type = get_or_create_return_type(self.licence_type)
def setUp(self):
self.customer = get_or_create_default_customer(
include_default_profile=True)
self.officer = get_or_create_default_officer()
self.assessor = get_or_create_default_assessor()
self.not_allowed_customer = create_random_customer()
self.assertNotEqual(self.not_allowed_customer, self.customer)
self.client = SocialClient()
self.application = create_and_lodge_application(self.customer)
def setUp(self):
self.client = main_helpers.SocialClient()
self.user = main_helpers.get_or_create_default_customer()
self.officer = main_helpers.get_or_create_default_officer()
self.assessor = main_helpers.get_or_create_default_assessor()
self.lodged_application = app_helpers.create_and_lodge_application(
self.user, **{'data': {
'title': 'Lodged Application'
}})
self.issued_application = app_helpers.create_and_lodge_application(
self.user, **{'data': {
'title': 'Issued Application'
}})
self.licence = app_helpers.issue_licence(self.issued_application,
self.officer)
self.assertIsNotNone(self.licence)
self.issue_urls_get = [
{
'url':
reverse('wl_applications:issue_licence',
args=[self.lodged_application.pk]),
'data':
None
},
{
'url':
reverse('wl_applications:reissue_licence',
args=[self.licence.pk]),
'data':
None
},
{
'url':
reverse('wl_applications:preview_licence',
args=[self.issued_application.pk]),
'data':
app_helpers.get_minimum_data_for_issuing_licence()
},
]
self.issue_urls_post = [
{
'url':
reverse('wl_applications:issue_licence',
args=[self.lodged_application.pk]),
'data':
app_helpers.get_minimum_data_for_issuing_licence()
},
]
def setUp(self):
self.client = main_helpers.SocialClient()
self.user = main_helpers.get_or_create_default_customer()
self.officer = main_helpers.get_or_create_default_officer()
self.assessor = main_helpers.get_or_create_default_assessor()
self.lodged_application = app_helpers.create_and_lodge_application(self.user, **{
'data': {
'title': 'Lodged Application'
}
})
self.issued_application = app_helpers.create_and_lodge_application(self.user, **{
'data': {
'title': 'Issued Application'
}
})
self.licence = app_helpers.issue_licence(self.issued_application, self.officer)
self.assertIsNotNone(self.licence)
self.issue_urls_get = [
{
'url': reverse('wl_applications:issue_licence', args=[self.lodged_application.pk]),
'data': None
},
{
'url': reverse('wl_applications:reissue_licence', args=[self.licence.pk]),
'data': None
},
{
'url': reverse('wl_applications:preview_licence', args=[self.issued_application.pk]),
'data': app_helpers.get_minimum_data_for_issuing_licence()
},
]
self.issue_urls_post = [
{
'url': reverse('wl_applications:issue_licence', args=[self.lodged_application.pk]),
'data': app_helpers.get_minimum_data_for_issuing_licence()
},
]
def test_assessor_access_normal(self):
"""
Test that an assessor can edit an assessment that belongs to their group
"""
assessor = get_or_create_default_assessor()
self.client.login(assessor.email)
# This assessor doesn't belong to a group
self.assertTrue(is_assessor(assessor))
# add the assessor to the assessment group
self.assertTrue(
Assessment.objects.filter(
application=self.application).count() > 0)
for assessment in Assessment.objects.filter(
application=self.application):
add_assessor_to_assessor_group(assessor, assessment.assessor_group)
# forbidden
urls_get_forbidden = [
reverse('wl_applications:enter_conditions',
args=[self.application.pk]),
]
urls_post_forbidden = [
{
'url':
reverse('wl_applications:create_condition',
args=[self.application.pk]),
'data': {
'code': '123488374',
'text': 'condition text'
}
},
{
'url':
reverse('wl_applications:set_assessment_condition_state'),
'data': {
'assessmentConditionID': self.assessment_condition.pk,
'acceptanceStatus': 'accepted',
}
},
{
'url':
reverse('wl_applications:enter_conditions',
args=[self.application.pk]),
'data': {
'conditionID': [self.condition.pk],
}
},
]
# Allowed
urls_get_allowed = [
reverse('wl_applications:search_conditions'),
reverse('wl_applications:enter_conditions_assessor',
args=[self.application.pk, self.assessment.pk]),
]
urls_post_allowed = [
{
'url':
reverse('wl_applications:enter_conditions_assessor',
args=[self.application.pk, self.assessment.pk]),
'data': {
'conditionID': [self.condition.pk],
}
},
]
for url in urls_get_forbidden:
response = self.client.get(url, follow=True)
if response.status_code != 403:
self.assertRedirects(response,
reverse('wl_dashboard:tables_assessor'),
status_code=302,
target_status_code=200)
for url in urls_post_forbidden:
response = self.client.post(url['url'], url['data'], follow=True)
if response.status_code != 403:
self.assertRedirects(response,
reverse('wl_dashboard:tables_assessor'),
status_code=302,
target_status_code=200)
for url in urls_get_allowed:
response = self.client.get(url, follow=True)
self.assertEqual(200, response.status_code)
for url in urls_post_allowed:
response = self.client.post(url['url'], url['data'], follow=True)
self.assertEqual(200, response.status_code)
def test_assessor_access_normal(self):
"""
Test that an assessor can edit an assessment that belongs to their group
"""
assessor = get_or_create_default_assessor()
self.client.login(assessor.email)
# This assessor doesn't belong to a group
self.assertTrue(is_assessor(assessor))
# add the assessor to the assessment group
self.assertTrue(Assessment.objects.filter(application=self.application).count() > 0)
for assessment in Assessment.objects.filter(application=self.application):
add_assessor_to_assessor_group(assessor, assessment.assessor_group)
# forbidden
urls_get_forbidden = [
reverse('wl_applications:enter_conditions', args=[self.application.pk]),
]
urls_post_forbidden = [
{
'url': reverse('wl_applications:create_condition', args=[self.application.pk]),
'data': {
'code': '123488374',
'text': 'condition text'
}
},
{
'url': reverse('wl_applications:set_assessment_condition_state'),
'data': {
'assessmentConditionID': self.assessment_condition.pk,
'acceptanceStatus': 'accepted',
}
},
{
'url': reverse('wl_applications:enter_conditions', args=[self.application.pk]),
'data': {
'conditionID': [self.condition.pk],
}
},
]
# Allowed
urls_get_allowed = [
reverse('wl_applications:search_conditions'),
reverse('wl_applications:enter_conditions_assessor', args=[self.application.pk, self.assessment.pk]),
]
urls_post_allowed = [
{
'url': reverse('wl_applications:enter_conditions_assessor',
args=[self.application.pk, self.assessment.pk]),
'data': {
'conditionID': [self.condition.pk],
}
},
]
for url in urls_get_forbidden:
response = self.client.get(url, follow=True)
if response.status_code != 403:
self.assertRedirects(response, reverse('wl_dashboard:tables_assessor'), status_code=302,
target_status_code=200)
for url in urls_post_forbidden:
response = self.client.post(url['url'], url['data'], follow=True)
if response.status_code != 403:
self.assertRedirects(response, reverse('wl_dashboard:tables_assessor'), status_code=302,
target_status_code=200)
for url in urls_get_allowed:
response = self.client.get(url, follow=True)
self.assertEqual(200, response.status_code)
for url in urls_post_allowed:
response = self.client.post(url['url'], url['data'], follow=True)
self.assertEqual(200, response.status_code)
