def test_admins_can_edit_notes(mockdata, client, session):
with current_app.test_request_context():
login_admin(client)
officer = Officer.query.first()
old_note = 'meow'
new_note = 'I can haz editing notez'
original_date = datetime.now()
note = Note(
text_contents=old_note,
officer_id=officer.id,
creator_id=1,
date_created=original_date,
date_updated=original_date,
)
db.session.add(note)
db.session.commit()
form = EditTextForm(text_contents=new_note, )
rv = client.post(
url_for('main.note_api', officer_id=officer.id, obj_id=note.id) +
'/edit',
data=form.data,
follow_redirects=True)
assert rv.status_code == 200
assert 'updated' in rv.data
assert note.text_contents == new_note
assert note.date_updated > original_date
def test_ac_cannot_edit_notes_not_in_their_department(mockdata, client,
session):
with current_app.test_request_context():
login_ac(client)
officer = Officer.query.except_(
Officer.query.filter_by(department_id=AC_DEPT)).first()
ac = User.query.filter_by(email='*****@*****.**').first()
old_note = 'meow'
new_note = 'I can haz editing notez'
original_date = datetime.now()
note = Note(
text_contents=old_note,
officer_id=officer.id,
creator_id=ac.id,
date_created=original_date,
date_updated=original_date,
)
db.session.add(note)
db.session.commit()
form = EditTextForm(text_contents=new_note, )
rv = client.post(
url_for('main.note_api', officer_id=officer.id, obj_id=note.id) +
'/edit',
data=form.data,
follow_redirects=True)
assert rv.status_code == 403
def test_users_cannot_see_notes(mockdata, client, session):
with current_app.test_request_context():
officer = Officer.query.first()
text_contents = 'U can\'t see meeee'
note = Note(
text_contents=text_contents,
officer_id=officer.id,
creator_id=1,
date_created=datetime.now(),
date_updated=datetime.now(),
)
db.session.add(note)
db.session.commit()
rv = client.get(url_for('main.officer_profile', officer_id=officer.id),
follow_redirects=True)
# ensures we're looking for a note that exists
assert note in officer.notes
assert rv.status_code == 200
assert text_contents not in rv.data
def test_admins_can_see_notes(mockdata, client, session):
with current_app.test_request_context():
login_admin(client)
officer = Officer.query.first()
text_contents = 'Kittens see everything'
note = Note(
text_contents=text_contents,
officer_id=officer.id,
creator_id=1,
date_created=datetime.now(),
date_updated=datetime.now(),
)
db.session.add(note)
db.session.commit()
rv = client.get(url_for('main.officer_profile', officer_id=officer.id),
follow_redirects=True)
assert note in officer.notes
assert rv.status_code == 200
assert text_contents in rv.data.decode('utf-8')
def test_acs_can_see_notes_in_their_department(mockdata, client, session):
with current_app.test_request_context():
login_ac(client)
officer = Officer.query.filter_by(department_id=AC_DEPT).first()
text_contents = 'I can haz notez'
note = Note(
text_contents=text_contents,
officer_id=officer.id,
creator_id=1,
date_created=datetime.now(),
date_updated=datetime.now(),
)
db.session.add(note)
db.session.commit()
rv = client.get(url_for('main.officer_profile', officer_id=officer.id),
follow_redirects=True)
# ensures we're looking for a note that exists
assert note in officer.notes
assert rv.status_code == 200
assert text_contents in rv.data
def test_acs_cannot_get_edit_form_for_their_non_dept(mockdata, client,
session):
with current_app.test_request_context():
login_ac(client)
officer = Officer.query.except_(
Officer.query.filter_by(department_id=AC_DEPT)).first()
note = Note(
text_contents='Hello',
officer_id=officer.id,
creator_id=2,
date_created=datetime.now(),
date_updated=datetime.now(),
)
db.session.add(note)
db.session.commit()
rv = client.get(
url_for('main.note_api', obj_id=note.id, officer_id=officer.id) +
'/edit',
follow_redirects=True)
assert rv.status_code == 403
def test_acs_can_get_others_edit_form(mockdata, client, session):
with current_app.test_request_context():
login_ac(client)
officer = Officer.query.filter_by(department_id=AC_DEPT).first()
ac = User.query.filter_by(email='*****@*****.**').first()
note = Note(
text_contents='Hello',
officer_id=officer.id,
creator_id=ac.id - 1,
date_created=datetime.now(),
date_updated=datetime.now(),
)
db.session.add(note)
db.session.commit()
rv = client.get(
url_for('main.note_api', obj_id=note.id, officer_id=officer.id) +
'/edit',
follow_redirects=True)
assert rv.status_code == 200
assert 'Update' in rv.data
def test_acs_can_delete_their_notes_in_their_department(
mockdata, client, session):
with current_app.test_request_context():
login_ac(client)
ac = User.query.filter_by(email='*****@*****.**').first()
officer = Officer.query.filter_by(department_id=AC_DEPT).first()
note = Note(
text_contents='Hello',
officer_id=officer.id,
creator_id=ac.id,
date_created=datetime.now(),
date_updated=datetime.now(),
)
db.session.add(note)
db.session.commit()
note_id = note.id
rv = client.post(
url_for('main.note_api', officer_id=officer.id, obj_id=note.id) +
'/delete',
follow_redirects=True)
assert rv.status_code == 200
deleted = Note.query.get(note_id)
assert deleted is None