def test_destroy_as_user(user, short_link):
"""An logged in user should not be able to delete a short link"""
client = get_api_client(user=user)
url = _get_short_link_url(short_link)
response = client.delete(url)
assert response.status_code == status.HTTP_404_NOT_FOUND
def test_delete_form_returns_detail(admin_user, form):
"""Test that deleting a forms returns a response detail."""
client = get_api_client(user=admin_user)
url = _get_form_detail_url(form)
response = client.delete(url)
assert response.data.get("detail")
def test_list_forms_data(admin_user):
"""Should return the correct fields about the forms."""
form = EventFormFactory()
field = form.fields.first()
option = field.options.first()
client = get_api_client(user=admin_user)
url = _get_forms_url()
response = client.get(url)
response = response.json()
assert response[0] == {
"id":
str(form.id),
"resource_type":
"EventForm",
"title":
form.title,
"event":
form.event.id,
"type":
form.type.name,
"fields": [{
"id": str(field.id),
"title": field.title,
"options": [{
"id": str(option.id),
"title": option.title
}],
"type": field.type.name,
"required": field.required,
}],
}
def test_update_option_when_id_is_not_passed_in_options_request_data_adds_new_option(
admin_user, form):
"""Test that new options are added when the option id is not included in the request data."""
field = form.fields.first()
field.options.all().delete()
client = get_api_client(user=admin_user)
url = _get_form_detail_url(form)
data = {
"resource_type":
"Form",
"fields": [{
"id": field.id,
"title": "string",
"options": [{
"title": "string"
}],
"type": "SINGLE_SELECT",
"required": False,
}],
}
client.patch(url, data)
field.refresh_from_db()
assert field.options.count() == 1
def test_delete_form_as_member_is_not_permitted(member, form):
"""Members should not be allowed to delete forms."""
client = get_api_client(user=member)
url = _get_form_detail_url(form)
response = client.delete(url)
assert response.status_code == status.HTTP_403_FORBIDDEN
def test_update_fields_when_id_is_passed_in_field_request_data_updates_the_field(
admin_user, form):
"""Test that the field is updated when the field id is not included in the request data."""
client = get_api_client(user=admin_user)
url = _get_form_detail_url(form)
field = Field.objects.get(form=form.id)
expected_field_data = {
"id": str(field.id),
"title": "i love this field <3",
"type": "SINGLE_SELECT",
"options": [],
"required": False,
}
data = {
"resource_type": "Form",
"title": "testform",
"fields": [{
**expected_field_data
}],
}
response = client.patch(url, data)
response = response.json()
field_resp = response["fields"][0]
actual_field_data = {
key: field_resp[key]
for key in expected_field_data.keys()
}
assert actual_field_data == expected_field_data
def test_update_options_when_id_is_passed_in_options_request_data_updates_the_option(
admin_user, form):
"""Test that the option is updated when the option id is included in the request data."""
field = form.fields.first()
option = field.options.first()
updated_title = "Test"
data = {
"resource_type":
"Form",
"fields": [{
"id":
str(field.id),
"options": [
{
"id": str(option.id),
"title": updated_title,
},
],
}],
}
client = get_api_client(user=admin_user)
url = _get_form_detail_url(form)
client.patch(url, data)
option.refresh_from_db()
assert option.title == updated_title
def test_update_form_as_member_is_not_permitted(member, form):
"""A member should not be allowed to update forms."""
client = get_api_client(user=member)
url = _get_form_detail_url(form)
response = client.put(url, _get_form_update_data(form))
assert response.status_code == status.HTTP_403_FORBIDDEN
def test_create_forms_as_admin_is_permitted(form, member, group_name):
"""An admin should be able to create forms."""
client = get_api_client(user=member, group_name=group_name)
url = _get_forms_url()
response = client.post(url, _get_form_post_data(form))
assert response.status_code == status.HTTP_201_CREATED
def test_create_forms_as_member_is_not_permitted(form, member):
"""A member should not be able to create forms."""
client = get_api_client(user=member)
url = _get_forms_url()
response = client.post(url, _get_form_post_data(form))
assert response.status_code == status.HTTP_403_FORBIDDEN
def test_destroy_as_owner(short_link):
"""The owner should be able to delete a short link"""
client = get_api_client(user=short_link.user)
url = _get_short_link_url(short_link)
response = client.delete(url)
assert response.status_code == status.HTTP_200_OK
def test_delete_as_group_members(event, user, group_name,
expected_status_code):
"""Only users in an admin group should be able to delete an event entity."""
client = get_api_client(user=user, group_name=group_name)
url = get_events_url_detail(event)
response = client.delete(url)
assert response.status_code == expected_status_code
def test_list_forms_as_member_is_not_permitted(member):
"""A member should not be able to list forms."""
client = get_api_client(user=member)
url = _get_forms_url()
response = client.get(url)
assert response.status_code == status.HTTP_403_FORBIDDEN
def test_destroy_notification_as_owner(notification):
"""The owner should not be able to delete a notification"""
client = get_api_client(user=notification.user)
url = _get_notification_url(notification)
response = client.delete(url)
assert response.status_code == status.HTTP_403_FORBIDDEN
def test_retrieve_as_member_of_admin_group(member, news, group_name):
"""A member of an admin group should be able to retrieve news."""
client = get_api_client(user=member, group_name=group_name)
url = _get_news_detail_url(news)
response = client.get(url)
assert response.status_code == status.HTTP_200_OK
def test_destroy_returns_detail_in_response(news):
"""Should return a detail message in the response."""
client = get_api_client(user=UserFactory(), group_name=AdminGroup.INDEX)
url = _get_news_detail_url(news)
response = client.delete(url)
assert response.json().get("detail")
def test_destroy_as_member(member, news):
"""A member should not be able to delete news."""
client = get_api_client(user=member)
url = _get_news_detail_url(news)
response = client.delete(url)
assert response.status_code == status.HTTP_403_FORBIDDEN
def test_create_as_admin_user(user, group_name, expected_status_code):
"""Only users in an admin group should be able to create an event entity."""
data = get_event_data()
client = get_api_client(user=user, group_name=group_name)
response = client.post(API_EVENTS_BASE_URL, data)
assert response.status_code == expected_status_code
def test_create_as_member(member, weekly_business_post_data):
"""A member should not be able to create weekly_business."""
client = get_api_client(user=member)
response = client.post(_get_weekly_business_url(),
weekly_business_post_data)
assert response.status_code == status.HTTP_403_FORBIDDEN
def test_create_as_member_of_admin_group(news_post_data, group_name,
expected_status_code):
"""Only members of HS, Index or NoK should be able to create news."""
client = get_api_client(user=UserFactory(), group_name=group_name)
response = client.post(_get_news_url(), news_post_data)
assert response.status_code == expected_status_code
def test_retrieve_form_as_member(member, form):
client = get_api_client(user=member)
url = _get_form_detail_url(form)
response = client.get(url)
assert response.status_code == status.HTTP_200_OK
assert response.json()
def test_list_notifications_as_user(user):
"""Tests if an logged in user can list notifications"""
client = get_api_client(user=user)
url = _get_notification_url()
response = client.get(url)
assert response.status_code == status.HTTP_200_OK
def test_update_notification_as_user(user, notification):
"""An logged in user should not be able to update a notification"""
client = get_api_client(user=user)
url = _get_notification_url(notification)
data = _get_notification_put_data(notification=notification)
response = client.put(url, data)
assert response.status_code == status.HTTP_403_FORBIDDEN
def test_retrieve_as_member(member, news):
"""A member should be able to retrieve news."""
url = _get_news_detail_url(news)
client = get_api_client(user=member)
response = client.get(url)
assert response.status_code == status.HTTP_200_OK
def test_update_as_member(member, news):
"""A member should not be able to update news."""
client = get_api_client(user=member)
data = _get_news_put_data(news)
url = _get_news_detail_url(news)
response = client.put(url, data)
assert response.status_code == status.HTTP_403_FORBIDDEN
def test_retrieve_as_admin_user(event, user, group_name, expected_status_code):
"""An admin user should be able to retrieve an event with more data."""
url = get_events_url_detail(event)
client = get_api_client(user=user, group_name=group_name)
response = client.get(url)
assert response.status_code == expected_status_code
assert "evaluate_link" in response.data.keys()
def test_retrieve_notification_as_user(notification, user):
"""Tests if a logged in user can retrieve another user's notification"""
client = get_api_client(user=user)
url = _get_notification_url(notification)
response = client.get(url)
assert response.status_code == status.HTTP_403_FORBIDDEN
def test_destroy_as_member_of_admin_group(news, group_name,
expected_status_code):
"""Only members of HS, Index or NoK should be able to delete news."""
client = get_api_client(user=UserFactory(), group_name=group_name)
url = _get_news_detail_url(news)
response = client.delete(url)
assert response.status_code == expected_status_code
def test_retrieve_notification_as_owner(notification):
"""Tests if a logged in user can retrieve it's own notification"""
client = get_api_client(user=notification.user)
url = _get_notification_url(notification)
response = client.get(url)
assert response.status_code == status.HTTP_200_OK
def test_create_as_user(user):
"""A user should not be able to create an event entity."""
data = get_event_data()
client = get_api_client(user=user)
response = client.post(API_EVENTS_BASE_URL, data=data)
assert response.status_code == 403
