def test_login_as_staff_as_staff(rf): """ Staff user 1 tries to impersonat staff user 2 """ shop = get_default_shop() staff_user1 = UserFactory(is_staff=True) permission_group = get_default_permission_group() staff_user1.groups.add(permission_group) shop.staff_members.add(staff_user1) staff_user2 = UserFactory(is_staff=True) view_func = LoginAsStaffUserView.as_view() request = apply_request_middleware(rf.post("/"), user=staff_user1) with pytest.raises(PermissionDenied): view_func(request, pk=staff_user2.pk) set_permissions_for_group(permission_group, ["user.login-as-staff"]) response = view_func(request, pk=staff_user2.pk) assert response["location"] == reverse("shuup_admin:dashboard") assert get_user(request) == staff_user2 # Stop impersonating and since staff1 does not have user detail permission # he/she should find him/herself from dashboard response = stop_impersonating_staff(request) assert response["location"] == reverse("shuup_admin:dashboard") assert get_user(request) == staff_user1 response = stop_impersonating_staff(request) assert response.status_code == 403
def test_api_permissions_admin_user(admin_user): users = [admin_user, UserFactory(), UserFactory(), UserFactory(), UserFactory()] get_default_shop() viewset = UserViewSet() client = _get_client(admin_user) permission_key = make_permission_config_key(viewset) # set API disabled config.set(None, permission_key, PermissionLevel.DISABLED) assert client.get("/api/shuup/user/").status_code == status.HTTP_403_FORBIDDEN assert client.post("/api/shuup/user/", {"email": "*****@*****.**"}).status_code == status.HTTP_403_FORBIDDEN # set API Public WRITE - access granted config.set(None, permission_key, PermissionLevel.PUBLIC_WRITE) response = client.get("/api/shuup/user/") assert response.status_code == status.HTTP_200_OK user_data = sorted(json.loads(response.content.decode("utf-8")), key=lambda u: u["id"]) for ix, user in enumerate(user_data): assert users[ix].id == user["id"] # DELETE data too assert client.delete("/api/shuup/user/%d/" % users[-1].id).status_code == status.HTTP_204_NO_CONTENT users.pop() # set API Public READ - access granted config.set(None, permission_key, PermissionLevel.PUBLIC_READ) response = client.get("/api/shuup/user/") assert response.status_code == status.HTTP_200_OK user_data = sorted(json.loads(response.content.decode("utf-8")), key=lambda u: u["id"]) for ix, user in enumerate(user_data): assert users[ix].id == user["id"] # DELETE data - YES assert client.delete("/api/shuup/user/%d/" % users[-1].id).status_code == status.HTTP_204_NO_CONTENT users.pop() # set API authenticated readonly - access only for readonly config.set(None, permission_key, PermissionLevel.AUTHENTICATED_READ) response = client.get("/api/shuup/user/") assert response.status_code == status.HTTP_200_OK user_data = sorted(json.loads(response.content.decode("utf-8")), key=lambda u: u["id"]) for ix, user in enumerate(user_data): assert users[ix].id == user["id"] assert client.delete("/api/shuup/user/%d/" % users[-1].id).status_code == status.HTTP_204_NO_CONTENT users.pop() # set API authenticated write - access granted config.set(None, permission_key, PermissionLevel.AUTHENTICATED_WRITE) assert client.get("/api/shuup/user/").status_code == status.HTTP_200_OK assert client.delete("/api/shuup/user/%d/" % users[-1].id).status_code == status.HTTP_204_NO_CONTENT users.pop() # set API admin only - aaaww yess config.set(None, permission_key, PermissionLevel.ADMIN) assert client.get("/api/shuup/user/").status_code == status.HTTP_200_OK assert client.delete("/api/shuup/user/%d/" % users[-1].id).status_code == status.HTTP_204_NO_CONTENT # as we deleted all users, we have left with just one - us get_user_model().objects.count() == 1
def test_api_permissions_authenticated_user(): users = [UserFactory(), UserFactory(), UserFactory()] my_user = users[-1] get_default_shop() viewset = UserViewSet() client = _get_client(my_user) permission_key = make_permission_config_key(viewset) # set API disabled config.set(None, permission_key, PermissionLevel.DISABLED) assert client.get("/api/test/user/").status_code == status.HTTP_403_FORBIDDEN assert client.post("/api/test/user/", {"email": "*****@*****.**"}).status_code == status.HTTP_403_FORBIDDEN # set API Public WRITE - access granted config.set(None, permission_key, PermissionLevel.PUBLIC_WRITE) response = client.get("/api/test/user/") assert response.status_code == status.HTTP_200_OK user_data = sorted(json.loads(response.content.decode("utf-8")), key=lambda u: u["id"]) for ix, user in enumerate(user_data): assert users[ix].id == user["id"] # DELETE data too assert client.delete("/api/test/user/%d/" % users[-1].id).status_code == status.HTTP_204_NO_CONTENT users.pop() # set API Public READ - access granted config.set(None, permission_key, PermissionLevel.PUBLIC_READ) response = client.get("/api/test/user/") assert response.status_code == status.HTTP_200_OK user_data = sorted(json.loads(response.content.decode("utf-8")), key=lambda u: u["id"]) for ix, user in enumerate(user_data): assert users[ix].id == user["id"] # DELETE data - nope, not a safe method assert client.delete("/api/test/user/%d/" % users[0].id).status_code == status.HTTP_403_FORBIDDEN # set API authenticated readonly - access only for readonly config.set(None, permission_key, PermissionLevel.AUTHENTICATED_READ) response = client.get("/api/test/user/") assert response.status_code == status.HTTP_200_OK user_data = sorted(json.loads(response.content.decode("utf-8")), key=lambda u: u["id"]) for ix, user in enumerate(user_data): assert users[ix].id == user["id"] assert client.delete("/api/test/user/%d/" % users[0].id).status_code == status.HTTP_403_FORBIDDEN # set API authenticated write - access granted config.set(None, permission_key, PermissionLevel.AUTHENTICATED_WRITE) assert client.get("/api/test/user/").status_code == status.HTTP_200_OK assert client.delete("/api/test/user/%d/" % users[-1].id).status_code == status.HTTP_204_NO_CONTENT users.pop() # set API admin only - not a chance config.set(None, permission_key, PermissionLevel.ADMIN) assert client.get("/api/test/user/").status_code == status.HTTP_403_FORBIDDEN assert client.delete("/api/test/user/%d/" % users[0].id).status_code == status.HTTP_403_FORBIDDEN
def test_get_by_pk(admin_user): get_default_shop() for i in range(0, 10): UserFactory() user = UserFactory() client = _get_client(admin_user) response = client.get("/api/shuup/user/%s/" % user.id) assert response.status_code == status.HTTP_200_OK user_data = json.loads(response.content.decode("utf-8")) assert user_data.get("id") == user.id assert user_data.get("username") == user.username
def test_api_permissions_anonymous(): users = [UserFactory(), UserFactory(), UserFactory(), UserFactory()] get_default_shop() viewset = UserViewSet() client = _get_client() permission_key = make_permission_config_key(viewset) # set API disabled config.set(None, permission_key, PermissionLevel.DISABLED) assert client.get("/api/test/user/").status_code == status.HTTP_401_UNAUTHORIZED assert client.post("/api/test/user/", {"email": "*****@*****.**"}).status_code == status.HTTP_401_UNAUTHORIZED # set API Public WRITE - access granted config.set(None, permission_key, PermissionLevel.PUBLIC_WRITE) response = client.get("/api/test/user/") assert response.status_code == status.HTTP_200_OK user_data = sorted(json.loads(response.content.decode("utf-8")), key=lambda u: u["id"]) for ix, user in enumerate(user_data): assert users[ix].id == user["id"] # DELETE data too assert client.delete("/api/test/user/%d/" % users[-1].id).status_code == status.HTTP_204_NO_CONTENT users.pop() # set API Public READ - access granted to read config.set(None, permission_key, PermissionLevel.PUBLIC_READ) response = client.get("/api/test/user/") assert response.status_code == status.HTTP_200_OK user_data = sorted(json.loads(response.content.decode("utf-8")), key=lambda u: u["id"]) for ix, user in enumerate(user_data): assert users[ix].id == user["id"] # DELETE data - nope, not a safe method assert client.delete("/api/test/user/%d/" % users[-1].id).status_code == status.HTTP_401_UNAUTHORIZED # set API authenticated readonly - no access config.set(None, permission_key, PermissionLevel.AUTHENTICATED_READ) assert client.get("/api/test/user/").status_code == status.HTTP_401_UNAUTHORIZED assert client.delete("/api/test/user/%d/" % users[-1].id).status_code == status.HTTP_401_UNAUTHORIZED # set API authenticated write - no access config.set(None, permission_key, PermissionLevel.AUTHENTICATED_WRITE) assert client.get("/api/test/user/").status_code == status.HTTP_401_UNAUTHORIZED assert client.delete("/api/test/user/%d/" % users[-1].id).status_code == status.HTTP_401_UNAUTHORIZED # set API admin only - not a chance config.set(None, permission_key, PermissionLevel.ADMIN) assert client.get("/api/test/user/").status_code == status.HTTP_401_UNAUTHORIZED # Remove None values before posting data since posting None data is not cool assert ( client.put("/api/test/user/", {k: v for k, v in user_data[0].items() if v is not None}).status_code == status.HTTP_401_UNAUTHORIZED )
def test_campaign_with_non_active_coupon(rf): initial_status = get_initial_order_status() request, shop, group = initialize_test(rf, include_tax=False) order = _get_order_with_coupon(request, initial_status) coupon = order.coupon_usages.first().coupon coupon.active = False coupon.save() modifier = UserFactory() contact = create_random_person(locale="en_US", minimum_name_comp_len=5) assert order.customer != contact state = _get_frontend_order_state(shop, contact) assert order.shop.id == state["shop"]["selected"]["id"] request = get_frontend_request_for_command(state, "finalize", modifier) response = OrderEditView.as_view()(request, pk=order.pk) assert_contains(response, "orderIdentifier") data = json.loads(response.content.decode("utf8")) edited_order = Order.objects.get(pk=order.pk) assert edited_order.identifier == data[ "orderIdentifier"] == order.identifier assert edited_order.pk == order.pk assert edited_order.lines.count() == 3 assert OrderLineType.DISCOUNT not in [ l.type for l in edited_order.lines.all() ] assert edited_order.coupon_usages.count() == 0
def test_login_as_requires_staff_member(rf, regular_user): shop = get_default_shop() staff_user = UserFactory(is_staff=True) permission_group = get_default_permission_group() staff_user.groups.add(permission_group) def do_nothing(request, shop=None): pass def get_default(request): return get_default_shop() # Maybe some vendors and non marketplace staff members has access to admin module with patch("shuup.admin.shop_provider.set_shop", side_effect=do_nothing): with patch("shuup.admin.shop_provider.get_shop", side_effect=get_default): view_func = LoginAsUserView.as_view() request = apply_request_middleware(rf.post("/"), user=staff_user) # not staff member with pytest.raises(PermissionDenied): view_func(request, pk=regular_user.pk) shop.staff_members.add(staff_user) # no permission with pytest.raises(PermissionDenied): view_func(request, pk=regular_user.pk) set_permissions_for_group(permission_group, ["user.login-as"]) response = view_func(request, pk=regular_user.pk) assert response["location"] == reverse("shuup:index") assert get_user(request) == regular_user
def test_get_by_email(admin_user): get_default_shop() for i in range(0, 10): UserFactory() user = UserFactory() client = _get_client(admin_user) response = client.get("/api/shuup/user/", data={"email": user.email}) assert response.status_code == status.HTTP_200_OK user_data = json.loads(response.content.decode("utf-8")) assert get_user_model().objects.filter(email=user.email).count() == len(user_data) assert user_data[0].get("id") == user.id assert user_data[0].get("email") == user.email assert user_data[0].get("username") == user.username
def test_editing_existing_order(rf, admin_user): modifier = UserFactory() get_initial_order_status() # Needed for the API contact = create_random_person(locale="en_US", minimum_name_comp_len=5) state = get_frontend_order_state(contact=contact) shop = get_default_shop() order = create_empty_order(shop=shop) order.payment_data = {"payment_data": True} order.shipping_data = {"shipping_data": True} order.extra_data = {"external_id": "123"} order.save() assert order.lines.count() == 0 assert order.pk is not None assert order.modified_by == order.creator request = get_frontend_request_for_command(state, "finalize", modifier) response = OrderEditView.as_view()(request, pk=order.pk) assert_contains( response, "orderIdentifier") # this checks for status codes as a side effect data = json.loads(response.content.decode("utf8")) edited_order = Order.objects.get(pk=order.pk) # Re fetch the initial order # Check that identifiers has not changed assert edited_order.identifier == data[ "orderIdentifier"] == order.identifier assert edited_order.pk == order.pk # Check that the product content is updated based on state assert edited_order.lines.count() == 5 assert edited_order.customer == contact # Check that product line have right taxes for line in edited_order.lines.all(): if line.type == OrderLineType.PRODUCT: assert [line_tax.tax.code for line_tax in line.taxes.all()] == ["test_code"] assert line.taxful_price.amount > line.taxless_price.amount # Make sure order modification information is correct assert edited_order.modified_by != order.modified_by assert edited_order.modified_by == modifier assert edited_order.modified_on > order.modified_on # Make sure all non handled attributes is preserved from original order assert edited_order.creator == order.creator assert edited_order.ip_address == order.ip_address assert edited_order.orderer == order.orderer assert edited_order.customer_comment == order.customer_comment assert edited_order.marketing_permission == order.marketing_permission assert edited_order.order_date == order.order_date assert edited_order.status == order.status assert edited_order.payment_data == order.payment_data assert edited_order.shipping_data == order.shipping_data assert edited_order.extra_data == order.extra_data
def test_login_as_staff_without_front_url(rf, admin_user, regular_user): get_default_shop() staff_user = UserFactory(is_staff=True) view_func = LoginAsStaffUserView.as_view() request = apply_request_middleware(rf.post("/"), user=admin_user) def get_none(): return None with patch("shuup.admin.modules.users.views.detail.get_admin_url", side_effect=get_none): with pytest.raises(Problem): view_func(request, pk=staff_user.pk)
def test_get_telemetry_data_after_login(rf, admin_user): get_default_shop() # create users to ensure correct admin is found UserFactory() UserFactory() data = json.loads(get_telemetry_data(rf.get("/"))) assert data.get("admin_user") == admin_user.email assert not data.get("last_login") client = SmartClient() client.login(username="******", password="******") data = json.loads(get_telemetry_data(rf.get("/"))) assert data.get("admin_user") == admin_user.email last_login = data.get("last_login", None) assert last_login last_login_datetime = datetime.datetime.strptime(last_login, "%Y-%m-%dT%H:%M:%S.%fZ") today = datetime.datetime.now() assert last_login_datetime.year == today.year assert last_login_datetime.month == today.month assert last_login_datetime.day == today.day
def test_login_as_staff_user(rf, admin_user): get_default_shop() staff_user = UserFactory(is_staff=True) view_func = LoginAsStaffUserView.as_view() request = apply_request_middleware(rf.post("/"), user=admin_user) context = dict(request=request) assert get_logout_url(context) == "/sa/logout/" response = view_func(request, pk=staff_user.pk) assert response["location"] == reverse("shuup_admin:dashboard") assert get_user(request) == staff_user assert get_logout_url(context) == "/sa/stop-impersonating-staff/" # Stop impersonating and since admin user have all access he should # be in user detail for staff user response = stop_impersonating_staff(request) assert response["location"] == reverse("shuup_admin:user.detail", kwargs={"pk": staff_user.pk}) assert get_user(request) == admin_user
def test_login_as_user_errors(rf, admin_user, regular_user): get_default_shop() view_func = LoginAsUserView.as_view() request = apply_request_middleware(rf.post("/"), user=regular_user) # log in as self with pytest.raises(Problem): view_func(request, pk=regular_user.pk) user = UserFactory() get_person_contact(user) # non superuser trying to login as someone else with pytest.raises(PermissionDenied): view_func(request, pk=user.pk) request = apply_request_middleware(rf.post("/"), user=admin_user) user.is_superuser = True user.save() # user is trying to login as another superuser with pytest.raises(PermissionDenied): view_func(request, pk=user.pk) user.is_superuser = False user.is_staff = True user.save() # user is trying to login as a staff user with pytest.raises(PermissionDenied): view_func(request, pk=user.pk) user.is_staff = False user.is_active = False user.save() # user is trying to login as an inactive user with pytest.raises(Problem): view_func(request, pk=user.pk)
def test_login_as_user_errors(rf, admin_user, regular_user): get_default_shop() view_func = LoginAsUserView.as_view() request = apply_request_middleware(rf.post("/"), user=regular_user, skip_session=True) # log in as self with pytest.raises(Problem): view_func(request, pk=regular_user.pk) user = UserFactory() get_person_contact(user) # non superuser trying to login as someone else with pytest.raises(PermissionDenied): view_func(request, pk=user.pk) request = apply_request_middleware(rf.post("/"), user=admin_user) user.is_superuser = True user.save() # user is trying to login as another superuser with pytest.raises(PermissionDenied): view_func(request, pk=user.pk) user.is_superuser = False user.is_staff = True user.save() # user is trying to login as a staff user with pytest.raises(PermissionDenied): view_func(request, pk=user.pk) user.is_staff = False user.is_active = False user.save() # user is trying to login as an inactive user with pytest.raises(Problem): view_func(request, pk=user.pk)
def test_contact_filters(rf, admin_user): shop = get_default_shop() products_per_order = 5 request = rf.get('/') request.shop = shop apply_request_middleware(request) product = get_default_product() customer = get_person_contact(admin_user) create_order(request, creator=admin_user, customer=customer, product=product) order_one = Order.objects.first() user = UserFactory() second_customer = get_person_contact(user) create_order(request, creator=admin_user, customer=second_customer, product=product) order_two = Order.objects.first() user = UserFactory() user.is_staff = True user.save() create_order(request, creator=user, customer=second_customer, product=product) order_three = Order.objects.first() order_three.orderer = customer order_three.save() # test that admin user gets two orders as he created two expected_taxful_total_price = order_one.taxful_total_price + order_two.taxful_total_price expected_taxless_total_price = order_one.taxless_total_price + order_two.taxless_total_price expected_order_count = 2 test_info = initialize_simple_report(SalesReport, data_overrides={"creator": [admin_user.pk]}) return_data = test_info.json_data.get("tables")[0].get("data") _assert_expected_values(expected_order_count, expected_taxful_total_price, expected_taxless_total_price, products_per_order, return_data) # test that new admin user gets one order expected_taxful_total_price = order_three.taxful_total_price expected_taxless_total_price = order_three.taxless_total_price expected_order_count = 1 test_info = initialize_simple_report(SalesReport, data_overrides={"creator": [user.pk]}) return_data = test_info.json_data.get("tables")[0].get("data") _assert_expected_values(expected_order_count, expected_taxful_total_price, expected_taxless_total_price, products_per_order, return_data) # test that new admin user and second_customer gets one order expected_taxful_total_price = order_three.taxful_total_price expected_taxless_total_price = order_three.taxless_total_price expected_order_count = 1 test_info = initialize_simple_report(SalesReport, data_overrides={"creator": [user.pk], "customer": [second_customer.pk]}) return_data = test_info.json_data.get("tables")[0].get("data") _assert_expected_values(expected_order_count, expected_taxful_total_price, expected_taxless_total_price, products_per_order, return_data) # test that second_customer gets two orders expected_taxful_total_price = order_three.taxful_total_price + order_two.taxful_total_price expected_taxless_total_price = order_three.taxless_total_price + order_two.taxless_total_price expected_order_count = 2 test_info = initialize_simple_report(SalesReport, data_overrides={"customer": [second_customer.pk]}) return_data = test_info.json_data.get("tables")[0].get("data") _assert_expected_values(expected_order_count, expected_taxful_total_price, expected_taxless_total_price, products_per_order, return_data) # test that second_customer gets two orders expected_taxful_total_price = order_three.taxful_total_price expected_taxless_total_price = order_three.taxless_total_price expected_order_count = 1 test_info = initialize_simple_report(SalesReport, data_overrides={"customer": [second_customer.pk], "orderer": [customer.pk]}) return_data = test_info.json_data.get("tables")[0].get("data") _assert_expected_values(expected_order_count, expected_taxful_total_price, expected_taxless_total_price, products_per_order, return_data)
def test_contact_filters(rf, admin_user): shop = get_default_shop() products_per_order = 5 request = rf.get('/') request.shop = shop apply_request_middleware(request) product = get_default_product() customer = get_person_contact(admin_user) create_order(request, creator=admin_user, customer=customer, product=product) order_one = Order.objects.first() user = UserFactory() second_customer = get_person_contact(user) create_order(request, creator=admin_user, customer=second_customer, product=product) order_two = Order.objects.first() user = UserFactory() user.is_staff = True user.save() create_order(request, creator=user, customer=second_customer, product=product) order_three = Order.objects.first() order_three.orderer = customer order_three.save() # test that admin user gets two orders as he created two expected_taxful_total_price = order_one.taxful_total_price + order_two.taxful_total_price expected_taxless_total_price = order_one.taxless_total_price + order_two.taxless_total_price expected_order_count = 2 test_info = initialize_simple_report( SalesReport, data_overrides={"creator": [admin_user.pk]}) return_data = test_info.json_data.get("tables")[0].get("data") _assert_expected_values(expected_order_count, expected_taxful_total_price, expected_taxless_total_price, products_per_order, return_data) # test that new admin user gets one order expected_taxful_total_price = order_three.taxful_total_price expected_taxless_total_price = order_three.taxless_total_price expected_order_count = 1 test_info = initialize_simple_report(SalesReport, data_overrides={"creator": [user.pk]}) return_data = test_info.json_data.get("tables")[0].get("data") _assert_expected_values(expected_order_count, expected_taxful_total_price, expected_taxless_total_price, products_per_order, return_data) # test that new admin user and second_customer gets one order expected_taxful_total_price = order_three.taxful_total_price expected_taxless_total_price = order_three.taxless_total_price expected_order_count = 1 test_info = initialize_simple_report(SalesReport, data_overrides={ "creator": [user.pk], "customer": [second_customer.pk] }) return_data = test_info.json_data.get("tables")[0].get("data") _assert_expected_values(expected_order_count, expected_taxful_total_price, expected_taxless_total_price, products_per_order, return_data) # test that second_customer gets two orders expected_taxful_total_price = order_three.taxful_total_price + order_two.taxful_total_price expected_taxless_total_price = order_three.taxless_total_price + order_two.taxless_total_price expected_order_count = 2 test_info = initialize_simple_report( SalesReport, data_overrides={"customer": [second_customer.pk]}) return_data = test_info.json_data.get("tables")[0].get("data") _assert_expected_values(expected_order_count, expected_taxful_total_price, expected_taxless_total_price, products_per_order, return_data) # test that second_customer gets two orders expected_taxful_total_price = order_three.taxful_total_price expected_taxless_total_price = order_three.taxless_total_price expected_order_count = 1 test_info = initialize_simple_report(SalesReport, data_overrides={ "customer": [second_customer.pk], "orderer": [customer.pk] }) return_data = test_info.json_data.get("tables")[0].get("data") _assert_expected_values(expected_order_count, expected_taxful_total_price, expected_taxless_total_price, products_per_order, return_data)
def test_new_customers_report(rf, admin_user, group_by): with override_provides( "reports", ["shuup.default_reports.reports.new_customers:NewCustomersReport"]): shop = get_default_shop() person_creation_dates = [ datetime(2015, 1, 2), datetime(2015, 1, 1), datetime(2016, 2, 2), ] # create person with NO user for creation_date in person_creation_dates: person = create_random_person() person.created_on = creation_date person.save() user_person_creation_dates = [ datetime(2015, 3, 3), datetime(2015, 3, 3), datetime(2015, 4, 4), datetime(2016, 5, 5), datetime(2016, 6, 6), datetime(2016, 7, 7), ] # create person with users for creation_date in user_person_creation_dates: person = create_random_person() person.user = UserFactory() person.created_on = creation_date person.save() company_creation_dates = [ datetime(2015, 1, 1), datetime(2015, 8, 8), datetime(2015, 9, 9), ] # create company contacts for creation_date in company_creation_dates: company = CompanyFactory() company.created_on = creation_date company.save() data = { "report": NewCustomersReport.get_name(), "shop": shop.pk, "date_range": DateRangeChoices.ALL_TIME.value, "writer": "json", "force_download": 1, "group_by": group_by } view = ReportView.as_view() request = apply_request_middleware(rf.post("/", data=data), user=admin_user) response = view(request) if hasattr(response, "render"): response.render() assert response.status_code == 200 json_data = json.loads(response.content.decode("utf-8")) assert force_text(NewCustomersReport.title) in json_data.get("heading") data = json_data["tables"][0]["data"] if group_by == "%Y": assert len(data) == 3 assert data[0]["date"] == "2015" assert int(data[0]["personcontact"]) == 5 assert int(data[0]["companycontact"]) == 3 assert int(data[0]["users"]) == 3 assert data[1]["date"] == "2016" assert int(data[1]["personcontact"]) == 4 assert int(data[1]["companycontact"]) == 0 assert int(data[1]["users"]) == 3 elif group_by == "%Y-%m": assert len(data) == 10 assert data[0]["date"] == "2015-01" assert int(data[0]["personcontact"]) == 2 assert int(data[0]["companycontact"]) == 1 assert int(data[0]["users"]) == 0 assert data[1]["date"] == "2015-03" assert int(data[1]["personcontact"]) == 2 assert int(data[1]["companycontact"]) == 0 assert int(data[1]["users"]) == 2 assert data[2]["date"] == "2015-04" assert int(data[2]["personcontact"]) == 1 assert int(data[2]["companycontact"]) == 0 assert int(data[2]["users"]) == 1 assert data[3]["date"] == "2015-08" assert int(data[3]["personcontact"]) == 0 assert int(data[3]["companycontact"]) == 1 assert int(data[3]["users"]) == 0 assert data[4]["date"] == "2015-09" assert int(data[4]["personcontact"]) == 0 assert int(data[4]["companycontact"]) == 1 assert int(data[4]["users"]) == 0 assert data[5]["date"] == "2016-02" assert int(data[5]["personcontact"]) == 1 assert int(data[5]["companycontact"]) == 0 assert int(data[5]["users"]) == 0 assert data[6]["date"] == "2016-05" assert int(data[6]["personcontact"]) == 1 assert int(data[6]["companycontact"]) == 0 assert int(data[6]["users"]) == 1 assert data[7]["date"] == "2016-06" assert int(data[7]["personcontact"]) == 1 assert int(data[7]["companycontact"]) == 0 assert int(data[7]["users"]) == 1 assert data[8]["date"] == "2016-07" assert int(data[8]["personcontact"]) == 1 assert int(data[8]["companycontact"]) == 0 assert int(data[8]["users"]) == 1 elif group_by == "%Y-%m-%d": assert len(data) == 11 assert data[0]["date"] == "2015-01-01" assert int(data[0]["personcontact"]) == 1 assert int(data[0]["companycontact"]) == 1 assert int(data[0]["users"]) == 0 assert data[1]["date"] == "2015-01-02" assert int(data[1]["personcontact"]) == 1 assert int(data[1]["companycontact"]) == 0 assert int(data[1]["users"]) == 0 assert data[2]["date"] == "2015-03-03" assert int(data[2]["personcontact"]) == 2 assert int(data[2]["companycontact"]) == 0 assert int(data[2]["users"]) == 2 assert data[3]["date"] == "2015-04-04" assert int(data[3]["personcontact"]) == 1 assert int(data[3]["companycontact"]) == 0 assert int(data[3]["users"]) == 1 assert data[4]["date"] == "2015-08-08" assert int(data[4]["personcontact"]) == 0 assert int(data[4]["companycontact"]) == 1 assert int(data[4]["users"]) == 0 assert data[5]["date"] == "2015-09-09" assert int(data[5]["personcontact"]) == 0 assert int(data[5]["companycontact"]) == 1 assert int(data[5]["users"]) == 0 assert data[6]["date"] == "2016-02-02" assert int(data[6]["personcontact"]) == 1 assert int(data[6]["companycontact"]) == 0 assert int(data[6]["users"]) == 0 assert data[7]["date"] == "2016-05-05" assert int(data[7]["personcontact"]) == 1 assert int(data[7]["companycontact"]) == 0 assert int(data[7]["users"]) == 1 assert data[8]["date"] == "2016-06-06" assert int(data[8]["personcontact"]) == 1 assert int(data[8]["companycontact"]) == 0 assert int(data[8]["users"]) == 1 assert data[9]["date"] == "2016-07-07" assert int(data[9]["personcontact"]) == 1 assert int(data[9]["companycontact"]) == 0 assert int(data[9]["users"]) == 1
def test_login_as_staff_member(rf): shop = get_default_shop() staff_user = UserFactory(is_staff=True) permission_group = get_default_permission_group() staff_user.groups.add(permission_group) shop.staff_members.add(staff_user) view_func = LoginAsUserView.as_view() request = apply_request_middleware(rf.post("/"), user=staff_user, skip_session=True) # log in as self with pytest.raises(Problem): view_func(request, pk=staff_user.pk) user = UserFactory() get_person_contact(user) request = apply_request_middleware(rf.post("/"), user=staff_user) user.is_superuser = True user.save() # user is trying to login as another superuser with pytest.raises(PermissionDenied): view_func(request, pk=user.pk) user.is_superuser = False user.is_staff = True user.save() # user is trying to login as a staff user with pytest.raises(PermissionDenied): view_func(request, pk=user.pk) user.is_staff = False user.is_active = False user.save() # user is trying to login as an inactive user with pytest.raises(Problem): view_func(request, pk=user.pk) user.is_active = True user.save() # staff user without "user.login-as" permission trying to login as valid user with pytest.raises(PermissionDenied): view_func(request, pk=user.pk) permission_group = staff_user.groups.first() set_permissions_for_group(permission_group, ["user.login-as"]) response = view_func(request, pk=user.pk) assert response["location"] == reverse("shuup:index") assert get_user(request) == user