def setUp(self):
self.user1 = UserFactory.create()
self.user2 = UserFactory.create()
self.user3 = UserFactory.create()
self.comment = CommentFactory.create(author=self.user1)
admin_user_group = UserGroup.objects.filter(investigation=self.comment.form_response.form_instance.form.investigation,
role=INVESTIGATION_ROLES.EDITOR).first()
admin_user_group.group.user_set.add(self.user1)
admin_user_group.group.user_set.add(self.user2)
self.client = Client()
def test_remove_wrong_permissions(self):
editor = UserFactory.create()
user = UserFactory.create()
investigation = InvestigationFactory.create()
investigation.add_user(editor, INVESTIGATION_ROLES.EDITOR)
invitation = Invitation.objects.create(user=user, investigation=investigation)
self.client.force_login(editor)
response = self.client.delete(reverse("invitation", kwargs={"invitation_id": invitation.id}))
self.assertEqual(response.status_code, 403)
self.assertEqual(Invitation.objects.count(), 1)
def test_remove_invitation(self):
admin = UserFactory.create()
user = UserFactory.create()
investigation = InvestigationFactory.create()
investigation.add_user(admin, INVESTIGATION_ROLES.ADMIN)
invitation = Invitation.objects.create(user=user, investigation=investigation)
self.client.force_login(admin)
response = self.client.delete(reverse("invitation", kwargs={"invitation_id": invitation.id}))
self.assertEqual(response.status_code, 204)
self.assertEqual(Invitation.objects.count(), 0)
def test_cannot_accept_invitation_for_someone_else(self):
admin = UserFactory.create()
user = UserFactory.create()
investigation = InvestigationFactory.create()
investigation.add_user(admin, INVESTIGATION_ROLES.ADMIN)
invitation = Invitation.objects.create(user=user, investigation=investigation)
self.client.force_login(admin)
response = self.client.patch(reverse("invitation", kwargs={"invitation_id": invitation.id}),
data={"accepted": True})
self.assertEqual(response.status_code, 403)
self.assertQuerysetEqual(investigation.get_users("V").all(), [])
def test_list_invitations_lists_for_investigation(self):
admin = UserFactory.create()
user = UserFactory.create()
investigation = InvestigationFactory.create()
other_investigation = InvestigationFactory.create()
investigation.add_user(admin, INVESTIGATION_ROLES.ADMIN)
invitation = Invitation.objects.create(user=user, investigation=investigation)
Invitation.objects.create(user=user, investigation=other_investigation)
self.client.force_login(admin)
response = self.client.get(reverse("invitations", kwargs={"investigation_slug": investigation.slug}))
self.assertEqual(response.status_code, 200)
self.assertEqual(response.data, [{"email": user.email, "id": invitation.id, "accepted": None}])
def test_admin_can_invite_existing_users(self, mock_send_email):
user = UserFactory.create()
admin = UserFactory.create()
investigation = InvestigationFactory.create()
investigation.add_user(admin, INVESTIGATION_ROLES.ADMIN)
self.client.force_login(admin)
self.assertEqual(Invitation.objects.count(), 0)
response = self.client.post(reverse("invitations", kwargs={"investigation_slug": investigation.slug}),
data={"email": user.email})
self.assertEqual(response.status_code, 201)
self.assertEqual(Invitation.objects.count(), 1)
self.assertTrue(mock_send_email.called)
def test_cannot_invite_users_that_are_members_already(self):
editor = UserFactory.create()
admin = UserFactory.create()
investigation = InvestigationFactory.create()
investigation.add_user(admin, INVESTIGATION_ROLES.ADMIN)
investigation.add_user(editor, INVESTIGATION_ROLES.EDITOR)
self.client.force_login(admin)
self.assertEqual(Invitation.objects.count(), 0)
response = self.client.post(reverse("invitations", kwargs={"investigation_slug": investigation.slug}),
data={"email": editor.email})
self.assertEqual(response.status_code, 400)
self.assertEqual(Invitation.objects.count(), 0)
def setUp(self):
owner = UserFactory.create()
self.investigation = InvestigationFactory.create()
self.investigation.add_user(owner, INVESTIGATION_ROLES.OWNER)
self.form = FormFactory(investigation=self.investigation)
self.client.force_login(owner)
def test_assign_multiple_assignee(self):
responses = self.responses[0]
form = responses[0].form_instance.form
investigation = form.investigation
editor_group = UserGroup.objects.filter(investigation=investigation, role=INVESTIGATION_ROLES.OWNER).first().group
user = UserFactory.create()
user.groups.add(editor_group)
payload = {
"selected_responses": [responses[3].id, responses[4].id],
"assignee_email": user.email
}
self.client.post(make_url(form), data=payload)
self.assertQuerysetEqual(responses[0].assignees.all(), [])
self.assertQuerysetEqual(responses[1].assignees.all(), [])
self.assertQuerysetEqual(responses[2].assignees.all(), [])
self.assertQuerysetEqual(responses[3].assignees.all(), [repr(user)])
self.assertQuerysetEqual(responses[4].assignees.all(), [repr(user)])
payload = {
"selected_responses": [responses[1].id, responses[4].id],
"assignee_email": "clear_assignees"
}
self.client.post(make_url(form), data=payload)
self.assertQuerysetEqual(responses[0].assignees.all(), [])
self.assertQuerysetEqual(responses[1].assignees.all(), [])
self.assertQuerysetEqual(responses[2].assignees.all(), [])
self.assertQuerysetEqual(responses[3].assignees.all(), [repr(user)])
self.assertQuerysetEqual(responses[4].assignees.all(), [])
def test_admin_cannot_delete(self):
admin_user = UserFactory.create()
self.investigation.add_user(admin_user, "A")
self.client.force_login(admin_user)
response = self.client.delete(make_url(self.investigation))
self.assertEqual(response.status_code, 403)
def test_cannot_have_same_slug_twice(self):
user = UserFactory.create()
self.client.force_login(user)
response = self.client.post(reverse("investigations"), {
"name": "test",
"slug": self.investigation.slug
})
self.assertEqual(response.status_code, 400)
def test_slug_cannot_contain_special_characters(self):
user = UserFactory.create()
self.client.force_login(user)
response = self.client.post(reverse("investigations"), {
"name": "test",
"slug": "%$test"
})
self.assertEqual(response.status_code, 400)
def test_slug_cannot_begin_with_number(self):
user = UserFactory.create()
self.client.force_login(user)
response = self.client.post(reverse("investigations"), {
"name": "test",
"slug": "123test"
})
self.assertEqual(response.status_code, 400)
def test_one_invitation_per_user_investigation(self):
user = UserFactory.create()
admin = UserFactory.create()
investigation = InvestigationFactory.create()
investigation.add_user(admin, INVESTIGATION_ROLES.ADMIN)
self.client.force_login(admin)
self.assertEqual(Invitation.objects.count(), 0)
response = self.client.post(reverse("invitations", kwargs={"investigation_slug": investigation.slug}),
data={"email": user.email})
self.assertEqual(response.status_code, 201)
self.assertEqual(Invitation.objects.count(), 1)
response = self.client.post(reverse("invitations", kwargs={"investigation_slug": investigation.slug}),
data={"email": user.email})
self.assertEqual(response.status_code, 400)
self.assertEqual(Invitation.objects.count(), 1)
def test_remove_unauthorized(self):
user = UserFactory.create()
investigation = InvestigationFactory.create()
invitation = Invitation.objects.create(user=user, investigation=investigation)
response = self.client.delete(reverse("invitation", kwargs={"invitation_id": invitation.id}))
self.assertEqual(response.status_code, 403)
self.assertEqual(Invitation.objects.count(), 1)
def setUp(self):
self.admin_user = UserFactory.create()
self.response = FormResponseFactory.create()
admin_user_group = UserGroup.objects.filter(
investigation=self.response.form_instance.form.investigation,
role=INVESTIGATION_ROLES.ADMIN).first()
admin_user_group.group.user_set.add(self.admin_user)
self.client.force_login(self.admin_user)
def test_invite_user_non_admin(self):
editor = UserFactory.create()
investigation = InvestigationFactory.create()
investigation.add_user(editor, INVESTIGATION_ROLES.EDITOR)
self.client.force_login(editor)
response = self.client.post(reverse("invitations", kwargs={"investigation_slug": investigation.slug}),
data={"email": "*****@*****.**"})
self.assertEqual(response.status_code, 403)
def test_list_for_user(self):
user = UserFactory.create()
investigation = InvestigationFactory.create()
invitation = Invitation.objects.create(user=user, investigation=investigation)
self.client.force_login(user)
response = self.client.get(reverse("user_invitations"))
self.assertEqual(response.status_code, 200)
self.assertEqual(response.data[0]["id"], invitation.id)
self.assertEqual(len(response.data), 1)
def test_can_get_form(self):
admin = UserFactory.create()
investigation = InvestigationFactory.create()
investigation.add_user(admin, INVESTIGATION_ROLES.ADMIN)
form = FormFactory.create(investigation=investigation)
self.client.force_login(admin)
response = self.client.get(
reverse("form_details", kwargs={"form_slug": form.slug}))
self.assertEqual(response.status_code, 200)
def test_assign_user_from_other_investigation_fails(self):
user_without_groups = UserFactory.create()
payload = {
"assignees": [user_without_groups.id],
}
response = self.client.patch(make_url(self.response), data=payload)
expected_message = 'Invalid pk "{}" - object does not exist.'.format(
user_without_groups.id)
self.assertEqual(json.loads(response.content.decode("utf-8")),
{"assignees": [expected_message]})
self.assertEqual(response.status_code, 400)
self.assertQuerysetEqual(self.response.assignees.all(), [])
def test_user_can_accept(self):
user = UserFactory.create()
investigation = InvestigationFactory.create()
invitation = Invitation.objects.create(user=user, investigation=investigation)
self.client.force_login(user)
response = self.client.patch(reverse("invitation", kwargs={"invitation_id": invitation.id}),
data={"accepted": True})
self.assertEqual(response.status_code, 200)
self.assertQuerysetEqual(investigation.get_users("V").all(), [repr(user)])
def test_cannot_change_id_of_invitation(self):
user = UserFactory.create()
investigation = InvestigationFactory.create()
invitation = Invitation.objects.create(user=user, investigation=investigation)
self.client.force_login(user)
self.client.patch(reverse("invitation", kwargs={"invitation_id": invitation.id}),
data={"id": 123})
self.assertEqual(Invitation.objects.filter(id=123).all().count(), 0)
self.assertEqual(Invitation.objects.filter(id=invitation.id).all().count(), 1)
def test_get_wrong_investigation(self):
admin = UserFactory.create()
investigation = InvestigationFactory.create()
investigation.add_user(admin, INVESTIGATION_ROLES.ADMIN)
form = FormFactory.create(
) # this will be part of another investigation
self.client.force_login(admin)
response = self.client.get(
reverse("form_details", kwargs={"form_slug": form.slug}))
self.assertEqual(response.status_code, 403)
def test_remove_tag_fails_if_unauthorized(self):
other_user = UserFactory.create()
tag = TagFactory.create()
self.investigation.tag_set.add(tag)
self.client.force_login(other_user)
self.assertEqual(self.investigation.tag_set.count(), 1)
response = self.client.delete(make_details_url(tag))
self.assertEqual(response.status_code, 403)
self.assertEqual(self.investigation.tag_set.count(), 1)
def test_admin_can_edit(self):
admin = UserFactory.create()
investigation = InvestigationFactory.create()
investigation.add_user(admin, INVESTIGATION_ROLES.ADMIN)
form = FormFactory.create(investigation=investigation)
self.client.force_login(admin)
response = self.client.patch(reverse("form_details",
kwargs={"form_slug": form.slug}),
data={"name": "My new Name"})
self.assertEqual(response.status_code, 200)
self.assertEqual(response.data["name"], "My new Name")
def setUp(self):
self.investigation_owner = UserFactory.create()
self.investigation = InvestigationFactory.create()
self.form_instance = FormInstanceFactory.create()
self.form_instance.form.investigation.add_user(
self.investigation_owner, "O")
for i in range(5):
FormResponseFactory.create(form_instance=self.form_instance,
status="S")
for i in range(5):
FormResponseFactory.create(form_instance=self.form_instance,
status="V")
def test_assign_multiple_assignee_fails_with_wrong_user(self):
responses = self.responses[0]
form = responses[0].form_instance.form
user = UserFactory.create()
payload = {
"selected_responses": [responses[3].id, responses[4].id],
"assignee_email": user.email
}
self.client.post(make_url(form), data=payload)
self.assertQuerysetEqual(responses[3].tags.all(), [])
self.assertQuerysetEqual(responses[4].tags.all(), [])
def setUp(self):
self.user = UserFactory.create()
self.form_instance = FormInstanceFactory.create()
self.form_response1 = FormResponseFactory.create(form_instance=self.form_instance)
self.form_response2 = FormResponseFactory.create(form_instance=self.form_instance)
self.comment1 = CommentFactory.create(author=self.user, text="bla",
date=timezone.datetime(2018, 1, 12, tzinfo=pytz.utc),
form_response=self.form_response1)
self.comment2 = CommentFactory.create(author=self.user, text="blup",
date=timezone.datetime(2018, 1, 15, tzinfo=pytz.utc),
form_response=self.form_response1)
User.objects.create_superuser('*****@*****.**', 'password')
self.client.login(email='*****@*****.**', password='******')
def test_slug_cannot_begin_with_number(self):
user = UserFactory.create()
investigation = InvestigationFactory.create()
investigation.add_user(user, INVESTIGATION_ROLES.ADMIN)
self.client.force_login(user)
response = self.client.post(reverse(
"interviewers", kwargs={"investigation_slug": investigation.slug}),
data={
"name": "test",
"slug": "123test"
})
self.assertEqual(response.status_code, 400)
def test_add_form_non_admin(self):
editor = UserFactory.create()
investigation = InvestigationFactory.create()
investigation.add_user(editor, INVESTIGATION_ROLES.EDITOR)
self.client.force_login(editor)
response = self.client.post(reverse(
"interviewers", kwargs={"investigation_slug": investigation.slug}),
data={
"name": "test",
"slug": "test"
})
self.assertEqual(response.status_code, 403)