def test_user_cant_modify_other_acquisitions(admin_client, user_client,
alt_user_client, test_scheduler):
# alt user schedule entry
alt_user_entry_name = simulate_acquisitions(alt_user_client,
name='alt_user_single_acq')
alt_user_acq_url = reverse_acquisition_detail(alt_user_entry_name, 1)
new_acquisition_detail = user_client.get(alt_user_acq_url, **HTTPS_KWARG)
new_acquisition_detail = new_acquisition_detail.data
new_acquisition_detail['task_id'] = 2
user_modify_alt_user_response = update_acquisition_detail(
user_client, alt_user_entry_name, 1, new_acquisition_detail)
# admin user schedule entry
admin_entry_name = simulate_acquisitions(admin_client,
name='admin_single_acq')
admin_acq_url = reverse_acquisition_detail(admin_entry_name, 1)
new_acquisition_detail = user_client.get(admin_acq_url, **HTTPS_KWARG).data
new_acquisition_detail['task_id'] = 2
user_modify_admin_response = update_acquisition_detail(
user_client, admin_entry_name, 1, new_acquisition_detail)
validate_response(user_modify_alt_user_response, status.HTTP_403_FORBIDDEN)
validate_response(user_modify_admin_response, status.HTTP_403_FORBIDDEN)
def test_user_cant_modify_other_acquisitions(admin_client, alt_admin_client,
user_client, test_scheduler):
# alt admin schedule entry
alt_admin_entry_name = simulate_acquisitions(alt_admin_client,
name='alt_admin_single_acq')
alt_admin_acq_url = reverse_acquisition_detail(alt_admin_entry_name, 1)
new_acquisition_detail = user_client.get(alt_admin_acq_url, **HTTPS_KWARG)
new_acquisition_detail = new_acquisition_detail.data
new_acquisition_detail['task_id'] = 2
admin_modify_alt_admin_response = update_acquisition_detail(
admin_client, alt_admin_entry_name, 1, new_acquisition_detail)
# user schedule entry
user_entry_name = simulate_acquisitions(user_client,
name='admin_single_acq')
user_acq_url = reverse_acquisition_detail(user_entry_name, 1)
new_acquisition_detail = admin_client.get(user_acq_url, **HTTPS_KWARG).data
new_acquisition_detail['task_id'] = 2
admin_modify_user_response = update_acquisition_detail(
admin_client, user_entry_name, 1, new_acquisition_detail)
validate_response(admin_modify_alt_admin_response,
status.HTTP_405_METHOD_NOT_ALLOWED)
validate_response(admin_modify_user_response,
status.HTTP_405_METHOD_NOT_ALLOWED)
def test_single_acquisition_response(user_client, test_scheduler):
entry_name = simulate_acquisitions(user_client, n=1)
acquisition, = get_acquisition_list(user_client, entry_name)
task_id = 1
expected_url = reverse_acquisition_detail(entry_name, task_id)
assert acquisition['self'] == expected_url
assert acquisition['task_id'] == task_id
def test_admin_can_create_private_acquisition(admin_client, user_client,
test_scheduler):
private_entry_name = simulate_acquisitions(admin_client, is_private=True)
private_acq_url = reverse_acquisition_detail(private_entry_name, 1)
user_response = user_client.get(private_acq_url, **HTTPS_KWARG)
validate_response(user_response, status.HTTP_403_FORBIDDEN)
def test_multiple_acquisition_response(user_client, test_scheduler):
entry_name = simulate_acquisitions(user_client, n=3)
acquisitions = get_acquisition_list(user_client, entry_name)
assert len(acquisitions) == 3
for i, acq in enumerate(acquisitions, start=1):
expected_url = reverse_acquisition_detail(entry_name, i)
assert acq['self'] == expected_url
assert acq['task_id'] == i
def test_admin_can_delete_their_acquisition(admin_client, test_scheduler):
entry_name = simulate_acquisitions(admin_client)
acq_url = reverse_acquisition_detail(entry_name, 1)
first_response = admin_client.delete(acq_url, **HTTPS_KWARG)
second_response = admin_client.delete(acq_url, **HTTPS_KWARG)
validate_response(first_response, status.HTTP_204_NO_CONTENT)
validate_response(second_response, status.HTTP_404_NOT_FOUND)
def test_admin_can_view_private_acquisitions(admin_client, alt_admin_client,
test_scheduler):
private_entry_name = simulate_acquisitions(alt_admin_client,
is_private=True)
private_acq_url = reverse_acquisition_detail(private_entry_name, 1)
response = admin_client.get(private_acq_url, **HTTPS_KWARG)
validate_response(response, status.HTTP_200_OK)
def test_admin_can_view_all_acquisitions(admin_client, alt_admin_client,
user_client, test_scheduler):
# alt admin schedule entry
alt_admin_entry_name = simulate_acquisitions(alt_admin_client,
name='alt_admin_single_acq')
alt_admin_acq_url = reverse_acquisition_detail(alt_admin_entry_name, 1)
admin_view_alt_admin_response = admin_client.get(alt_admin_acq_url,
**HTTPS_KWARG)
# user schedule entry
user_acq_name = simulate_acquisitions(user_client, name='admin_single_acq')
user_acq_url = reverse_acquisition_detail(user_acq_name, 1)
admin_view_user_response = admin_client.get(user_acq_url, **HTTPS_KWARG)
validate_response(admin_view_alt_admin_response, status.HTTP_200_OK)
validate_response(admin_view_user_response, status.HTTP_200_OK)
def test_user_cant_delete_other_acquisitions(admin_client, user_client,
alt_user_client, test_scheduler):
# alt user schedule entry
alt_user_entry_name = simulate_acquisitions(alt_user_client,
name='alt_user_single_acq')
alt_user_acq_url = reverse_acquisition_detail(alt_user_entry_name, 1)
user_delete_alt_user_response = user_client.delete(alt_user_acq_url,
**HTTPS_KWARG)
# admin user schedule entry
admin_acq_name = simulate_acquisitions(admin_client,
name='admin_single_acq')
admin_acq_url = reverse_acquisition_detail(admin_acq_name, 1)
user_delete_admin_response = user_client.delete(admin_acq_url,
**HTTPS_KWARG)
validate_response(user_delete_admin_response, status.HTTP_403_FORBIDDEN)
validate_response(user_delete_alt_user_response, status.HTTP_403_FORBIDDEN)
def test_admin_cant_modify_their_acquisition(admin_client, test_scheduler):
entry_name = simulate_acquisitions(admin_client)
acq_url = reverse_acquisition_detail(entry_name, 1)
new_acquisition_detail = admin_client.get(acq_url, **HTTPS_KWARG).data
new_acquisition_detail['task_id'] = 2
response = update_acquisition_detail(admin_client, entry_name, 1,
new_acquisition_detail)
validate_response(response, status.HTTP_405_METHOD_NOT_ALLOWED)
def test_admin_can_delete_other_acquisitions(admin_client, alt_admin_client,
user_client, test_scheduler):
# alt admin private schedule entry
alt_admin_entry_name = simulate_acquisitions(alt_admin_client,
name='alt_admin_single_acq',
is_private=True)
alt_admin_acq_url = reverse_acquisition_detail(alt_admin_entry_name, 1)
admin_delete_alt_admin_response = admin_client.delete(
alt_admin_acq_url, **HTTPS_KWARG)
# user schedule entry
user_acq_name = simulate_acquisitions(user_client, name='admin_single_acq')
user_acq_url = reverse_acquisition_detail(user_acq_name, 1)
admin_delete_user_response = admin_client.delete(user_acq_url,
**HTTPS_KWARG)
validate_response(admin_delete_user_response, status.HTTP_204_NO_CONTENT)
validate_response(admin_delete_alt_admin_response,
status.HTTP_204_NO_CONTENT)
def test_user_cant_create_private_acquisition(user_client, alt_user_client,
test_scheduler):
# The alt user attempts to create a private acquisition.
entry_name = simulate_acquisitions(alt_user_client, is_private=True)
acq_url = reverse_acquisition_detail(entry_name, 1)
# The user attempts to GET the acquisition that the alt user created.
response = user_client.get(acq_url, **HTTPS_KWARG)
# The user successfully GETs the acquistion that the alt user
# created; meaning that the acquisition was not, in fact, private.
validate_response(response, status.HTTP_200_OK)
def test_delete_single(user_client, test_scheduler):
entry_name = simulate_acquisitions(user_client, n=3)
task_id_to_delete = 2
url = reverse_acquisition_detail(entry_name, task_id_to_delete)
response = user_client.delete(url, **HTTPS_KWARG)
validate_response(response, status.HTTP_204_NO_CONTENT)
response = user_client.delete(url, **HTTPS_KWARG)
validate_response(response, status.HTTP_404_NOT_FOUND)
# other 2 acquisitions should be unaffected
get_acquisition_detail(user_client, entry_name, 1)
get_acquisition_detail(user_client, entry_name, 3)
def test_user_can_create_nonprivate_acquisition(user_client, test_scheduler):
entry_name = simulate_acquisitions(user_client)
acq_url = reverse_acquisition_detail(entry_name, 1)
response = user_client.get(acq_url, **HTTPS_KWARG)
validate_response(response, status.HTTP_200_OK)
