def test_user_can_view_non_private_user_entries(user_client, alt_user_client): # alt user schedule entry alt_user_rjson = post_schedule(alt_user_client, TEST_SCHEDULE_ENTRY) alt_user_entry_name = alt_user_rjson["name"] alt_user_entry_url = reverse_detail_url(alt_user_entry_name) response = user_client.get(alt_user_entry_url, **HTTPS_KWARG) validate_response(response, status.HTTP_200_OK)
def test_admin_can_create_private_results(admin_client, user_client, test_scheduler): private_entry_name = simulate_frequency_fft_acquisitions( admin_client, is_private=True ) private_result_url = reverse_result_detail(private_entry_name, 1) user_response = user_client.get(private_result_url, **HTTPS_KWARG) validate_response(user_response, status.HTTP_403_FORBIDDEN)
def test_get_existing_entry_details_returns_200(admin_client): """Requesting details of existing entry should return 200.""" rjson = post_schedule(admin_client, TEST_SCHEDULE_ENTRY) entry_name = rjson["name"] url = reverse_detail_url(entry_name) response = admin_client.get(url, **HTTPS_KWARG) validate_response(response, status.HTTP_200_OK)
def test_user_cant_modify_others_results(admin_client, user_client, alt_user_client, test_scheduler): # alt user schedule entry alt_user_entry_name = simulate_acquisitions(alt_user_client, name="alt_user_single_acq") alt_user_acq_url = reverse_result_detail(alt_user_entry_name, 1) new_result_detail = user_client.get(alt_user_acq_url, **HTTPS_KWARG) new_result_detail = new_result_detail.data new_result_detail["task_id"] = 2 user_modify_alt_user_response = update_result_detail( user_client, alt_user_entry_name, 1, new_result_detail) # admin user schedule entry admin_entry_name = simulate_acquisitions(admin_client, name="admin_single_acq") admin_acq_url = reverse_result_detail(admin_entry_name, 1) new_result_detail = user_client.get(admin_acq_url, **HTTPS_KWARG).data new_result_detail["task_id"] = 2 user_modify_admin_response = update_result_detail(user_client, admin_entry_name, 1, new_result_detail) validate_response(user_modify_alt_user_response, status.HTTP_403_FORBIDDEN) validate_response(user_modify_admin_response, status.HTTP_403_FORBIDDEN)
def test_user_cant_modify_other_acquisitions(admin_client, alt_admin_client, user_client, test_scheduler): # alt admin schedule entry alt_admin_entry_name = simulate_acquisitions(alt_admin_client, name='alt_admin_single_acq') alt_admin_acq_url = reverse_acquisition_detail(alt_admin_entry_name, 1) new_acquisition_detail = user_client.get(alt_admin_acq_url, **HTTPS_KWARG) new_acquisition_detail = new_acquisition_detail.data new_acquisition_detail['task_id'] = 2 admin_modify_alt_admin_response = update_acquisition_detail( admin_client, alt_admin_entry_name, 1, new_acquisition_detail) # user schedule entry user_entry_name = simulate_acquisitions(user_client, name='admin_single_acq') user_acq_url = reverse_acquisition_detail(user_entry_name, 1) new_acquisition_detail = admin_client.get(user_acq_url, **HTTPS_KWARG).data new_acquisition_detail['task_id'] = 2 admin_modify_user_response = update_acquisition_detail( admin_client, user_entry_name, 1, new_acquisition_detail) validate_response(admin_modify_alt_admin_response, status.HTTP_405_METHOD_NOT_ALLOWED) validate_response(admin_modify_user_response, status.HTTP_405_METHOD_NOT_ALLOWED)
def test_admin_can_view_private_results(admin_client, alt_admin_client, test_scheduler): private_entry_name = simulate_acquisitions(alt_admin_client, is_private=True) private_result_url = reverse_result_detail(private_entry_name, 1) response = admin_client.get(private_result_url, **HTTPS_KWARG) validate_response(response, status.HTTP_200_OK)
def test_cannot_view_private_result_details(user_client, admin_client, test_scheduler): """A user should not be able to view the result of a private task.""" entry_name = simulate_acquisitions(admin_client, is_private=True) url = reverse_result_detail(entry_name, 1) response = user_client.get(url, **HTTPS_KWARG) validate_response(response, status.HTTP_404_NOT_FOUND)
def test_cannot_delete_result_details(user_client): """Results are read-only.""" entry_name = create_task_results(1, user_client) url = reverse_result_detail(entry_name, 1) response = user_client.delete(url, **HTTPS_KWARG) validate_response(response, status.HTTP_405_METHOD_NOT_ALLOWED)
def test_private_entry_results_list_is_private( admin_client, user_client, test_scheduler ): entry_name = simulate_frequency_fft_acquisitions(admin_client, is_private=True) url = reverse_result_list(entry_name) response = user_client.get(url, **HTTPS_KWARG) validate_response(response, status.HTTP_403_FORBIDDEN)
def test_user_can_view_non_private_admin_entries(admin_client, user_client): # admin user schedule entry admin_rjson = post_schedule(admin_client, TEST_ALTERNATE_SCHEDULE_ENTRY) admin_entry_name = admin_rjson["name"] admin_entry_url = reverse_detail_url(admin_entry_name) response = user_client.get(admin_entry_url, **HTTPS_KWARG) validate_response(response, status.HTTP_200_OK)
def test_user_cant_view_private_acquisitions(admin_client, user_client, test_scheduler): private_entry_name = simulate_acquisitions(admin_client, is_private=True) private_acq_url = reverse_acquisition_detail(private_entry_name, 1) response = user_client.get(private_acq_url, **HTTPS_KWARG) validate_response(response, status.HTTP_403_FORBIDDEN)
def test_private_schedule_entry_is_private(admin_client, user_client): rjson = post_schedule(admin_client, TEST_PRIVATE_SCHEDULE_ENTRY) entry_name = rjson["name"] entry_url = reverse_detail_url(entry_name) user_response = user_client.get(entry_url, **HTTPS_KWARG) admin_user_response = admin_client.get(entry_url, **HTTPS_KWARG) validate_response(user_response, status.HTTP_404_NOT_FOUND) validate_response(admin_user_response, status.HTTP_200_OK)
def test_user_can_delete_their_acquisition(user_client, test_scheduler): entry_name = simulate_acquisitions(user_client) acq_url = reverse_acquisition_detail(entry_name, 1) first_response = user_client.delete(acq_url, **HTTPS_KWARG) second_response = user_client.delete(acq_url, **HTTPS_KWARG) validate_response(first_response, status.HTTP_204_NO_CONTENT) validate_response(second_response, status.HTTP_404_NOT_FOUND)
def test_user_cannot_post_private_schedule(user_client): """Unpriveleged users should not be able to create private entries.""" rjson = post_schedule(user_client, TEST_PRIVATE_SCHEDULE_ENTRY) entry_name = rjson["name"] url = reverse_detail_url(entry_name) response = user_client.get(url, **HTTPS_KWARG) assert not rjson["is_private"] validate_response(response, status.HTTP_200_OK) assert not response.data["is_private"]
def test_user_cannot_view_private_result_details( user_client, admin_client, test_scheduler ): """A user should not be able to view the result of a private task.""" entry_name = simulate_frequency_fft_acquisitions(admin_client, is_private=True) task_id = 1 url = reverse_result_detail(entry_name, task_id) response = user_client.get(url, **HTTPS_KWARG) validate_response(response, status.HTTP_403_FORBIDDEN)
def test_delete_list(user_client, test_scheduler): entry_name = simulate_acquisitions(user_client, n=3) url = reverse_acquisition_list(entry_name) response = user_client.delete(url, **HTTPS_KWARG) validate_response(response, status.HTTP_204_NO_CONTENT) response = user_client.delete(url, **HTTPS_KWARG) validate_response(response, status.HTTP_404_NOT_FOUND)
def test_user_cannot_view_private_entry_details(admin_client, user_client): """A user attempting to access a private entry should receive 404.""" # Private indicates admin wants users to be unaware that the entry exists # on the system, hence 404 vs 403 (FORBIDDEN). rjson = post_schedule(admin_client, TEST_PRIVATE_SCHEDULE_ENTRY) entry_name = rjson["name"] url = reverse_detail_url(entry_name) response = user_client.get(url, **HTTPS_KWARG) validate_response(response, status.HTTP_404_NOT_FOUND)
def test_admin_can_delete_own_results(admin_client, test_scheduler): entry_name = simulate_acquisitions(admin_client) result_url = reverse_result_detail(entry_name, 1) first_response = admin_client.delete(result_url, **HTTPS_KWARG) second_response = admin_client.delete(result_url, **HTTPS_KWARG) validate_response(first_response, status.HTTP_204_NO_CONTENT) validate_response(second_response, status.HTTP_404_NOT_FOUND)
def test_delete_list_data_files_deleted(user_client, test_scheduler): entry_name = simulate_frequency_fft_acquisitions(user_client) task_result = TaskResult.objects.get(schedule_entry__name=entry_name) acquisition = Acquisition.objects.get(task_result__id=task_result.id) data_file = acquisition.data.path assert os.path.exists(data_file) url = reverse_result_list(entry_name) response = user_client.delete(url, **HTTPS_KWARG) validate_response(response, status.HTTP_204_NO_CONTENT) assert not os.path.exists(data_file)
def test_user_cannot_delete_others_results(admin_client, user_client, test_scheduler): # alt admin private schedule entry admin_entry_name = simulate_frequency_fft_acquisitions( admin_client, name="alt_admin_single_acq" ) admin_result_url = reverse_result_detail(admin_entry_name, 1) user_delete_admin_response = user_client.delete(admin_result_url, **HTTPS_KWARG) validate_response(user_delete_admin_response, status.HTTP_403_FORBIDDEN)
def test_user_can_delete_own_results(user_client, test_scheduler): """A user should be able to delete results they own.""" entry_name = simulate_acquisitions(user_client) result_url = reverse_result_detail(entry_name, 1) first_response = user_client.delete(result_url, **HTTPS_KWARG) second_response = user_client.delete(result_url, **HTTPS_KWARG) validate_response(first_response, status.HTTP_204_NO_CONTENT) validate_response(second_response, status.HTTP_404_NOT_FOUND)
def test_user_can_modify_their_entry(user_client): rjson = post_schedule(user_client, TEST_SCHEDULE_ENTRY) entry_name = rjson["name"] user_adjust_response = update_schedule(user_client, entry_name, TEST_ALTERNATE_SCHEDULE_ENTRY) validate_response(user_adjust_response, status.HTTP_200_OK) assert rjson["priority"] == 10 assert user_adjust_response.data["priority"] == 5
def test_entry_posted_to_schedule_is_immediately_available(admin_client): rjson = post_schedule(admin_client, TEST_SCHEDULE_ENTRY) entry_name = rjson["name"] entry_url = reverse_detail_url(entry_name) user_response = admin_client.get(entry_url, **HTTPS_KWARG) for k, v in TEST_SCHEDULE_ENTRY.items(): assert rjson[k] == v validate_response(user_response, status.HTTP_200_OK)
def test_admin_can_view_all_entries(admin_client, alt_admin_client): # alt admin user schedule entry alt_admin_rjson = post_schedule(alt_admin_client, TEST_PRIVATE_SCHEDULE_ENTRY) alt_admin_entry_name = alt_admin_rjson["name"] kws = {"pk": alt_admin_entry_name} kws.update(V1) alt_admin_url = reverse("schedule-detail", kwargs=kws) response = admin_client.get(alt_admin_url, **HTTPS_KWARG) validate_response(response, status.HTTP_200_OK)
def test_admin_can_modify_all_entries(admin_client, alt_admin_client): # admin user schedule entry alt_admin_rjson = post_schedule(alt_admin_client, TEST_PRIVATE_SCHEDULE_ENTRY) alt_admin_entry_name = alt_admin_rjson["name"] admin_adjust_alt_admin_response = update_schedule(admin_client, alt_admin_entry_name, TEST_SCHEDULE_ENTRY) validate_response(admin_adjust_alt_admin_response, status.HTTP_200_OK)
def test_delete_list(user_client): # If result doesn't exist, expect 405 url = reverse_result_list('doesntexist') response = user_client.delete(url, **HTTPS_KWARG) validate_response(response, status.HTTP_405_METHOD_NOT_ALLOWED) # If result does exist, expect 405 entry_name = create_task_results(1, user_client) url = reverse_result_list(entry_name) response = user_client.delete(url, **HTTPS_KWARG) validate_response(response, status.HTTP_405_METHOD_NOT_ALLOWED)
def test_admin_cant_modify_own_results(admin_client, test_scheduler): entry_name = simulate_frequency_fft_acquisitions(admin_client) result_url = reverse_result_detail(entry_name, 1) new_result_detail = admin_client.get(result_url, **HTTPS_KWARG).data new_result_detail["task_id"] = 2 response = update_result_detail(admin_client, entry_name, 1, new_result_detail) validate_response(response, status.HTTP_405_METHOD_NOT_ALLOWED)
def test_delete_list(user_client): # If result doesn't exist, expect 404 url = reverse_result_list("doesntexist") response = user_client.delete(url, **HTTPS_KWARG) validate_response(response, status.HTTP_404_NOT_FOUND) # If result does exist, expect 204 entry_name = create_task_results(1, user_client) url = reverse_result_list(entry_name) response = user_client.delete(url, **HTTPS_KWARG) validate_response(response, status.HTTP_204_NO_CONTENT)
def test_user_cant_create_private_acquisition(user_client, alt_user_client, test_scheduler): # The alt user attempts to create a private acquisition. entry_name = simulate_acquisitions(alt_user_client, is_private=True) result_url = reverse_result_detail(entry_name, 1) # The user attempts to GET the acquisition that the alt user created. response = user_client.get(result_url, **HTTPS_KWARG) # The user successfully GETs the acquistion that the alt user # created; meaning that the acquisition was not, in fact, private. validate_response(response, status.HTTP_200_OK)
def test_get_schedule(admin_client): url = reverse("schedule-list", kwargs=V1) rjson = validate_response(admin_client.get(url, **HTTPS_KWARG)) assert rjson["results"] == EMPTY_SCHEDULE_RESPONSE post_schedule(admin_client, TEST_SCHEDULE_ENTRY) rjson = validate_response(admin_client.get(url, **HTTPS_KWARG)) assert rjson["count"] == 1 expected_name = TEST_SCHEDULE_ENTRY["name"] actual_name = rjson["results"][0]["name"] assert expected_name == actual_name