def test_can_delete_saved_report(self): report = self._create_saved_report(domain=self.domain, user_id=self.user._id) response = self.delete_config(self.domain, report._id) self.assertEqual(response.status_code, 200) with self.assertRaises(ResourceNotFound): ReportConfig.get(report._id)
def test_non_admin_cannot_edit_other_shared_configs(self): config1 = self.create_report_config( domain=self.DOMAIN, owner_id=self.admin_user._id, name='Name', description='', ) post_data = { 'description': 'Malicious description', 'name': config1.name, '_id': config1._id, } self.log_user_in(self.non_admin_user.username) try: _response = self.client.post( self.URL, json.dumps(post_data), content_type='application/json;charset=UTF-8', ) except Exception as e: self.assertTrue(e.__class__ == AssertionError) # Validate that config1 is untouched original_config = ReportConfig.get(config1._id) self.assertEqual(original_config.description, '')
def test_other_admin_can_edit_shared_saved_report(self, *args): config1 = self.create_report_config( domain=self.DOMAIN, owner_id=self.admin_user._id, name='Name', description='', ) # Create ReportNotification as to make confi1 shared self.create_report_notification([config1], owner_id=self.admin_user._id) ReportConfig.shared_on_domain.clear(ReportConfig, self.DOMAIN, only_id=True) new_description = 'This is a description' post_data = { 'description': new_description, 'name': config1.name, '_id': config1._id, } self.log_user_in(self.other_admin_user.username) response = self.client.post( self.URL, json.dumps(post_data), content_type='application/json;charset=UTF-8', ) self.assertEqual(response.status_code, 200) updated_config = ReportConfig.get(config1._id) self.assertTrue(updated_config.description, new_description)
def test_admin_can_edit_normal_config(self, *args): config1 = self.create_report_config( domain=self.DOMAIN, owner_id=self.admin_user._id, name='Name', description='', ) new_description = 'This is a description' post_data = { 'description': new_description, 'name': config1.name, '_id': config1._id, } self.log_user_in(self.admin_user.username) response = self.client.post( self.URL, json.dumps(post_data), content_type='application/json;charset=UTF-8', ) self.assertEqual(response.status_code, 200) updated_config = ReportConfig.get(config1._id) self.assertTrue(updated_config.description, new_description)