def test_inspector_can_list_question_file_from_draft_questionnaire():
inspector = factories.UserProfileFactory(
profile_type=UserProfile.INSPECTOR)
published_question_file = factories.QuestionFileFactory()
published_questionnaire = published_question_file.question.theme.questionnaire
published_questionnaire.is_draft = False
published_questionnaire.save()
assert Questionnaire.objects.get(
id=published_questionnaire.id).is_published
inspector.controls.add(published_questionnaire.control)
draft_question_file = factories.QuestionFileFactory()
draft_questionnaire = draft_question_file.question.theme.questionnaire
draft_questionnaire.is_draft = True
draft_questionnaire.save()
assert Questionnaire.objects.get(id=draft_questionnaire.id).is_draft
inspector.controls.add(draft_questionnaire.control)
response = list_annexes(inspector.user)
assert response.status_code == 200
assert published_question_file.file.name in str(response.content)
assert draft_question_file.file.name in str(response.content)
assert len(response.data) == 2
def test_cannot_list_question_file_by_question_from_deleted_control():
deleted_question_file = factories.QuestionFileFactory()
deleted_control = deleted_question_file.question.theme.questionnaire.control
deleted_control.delete()
assert Control.objects.get(id=deleted_control.id).is_deleted
# Audited
audited = factories.UserProfileFactory(profile_type=UserProfile.AUDITED)
audited.controls.add(deleted_control)
response = list_annexes_for_question(audited.user,
deleted_question_file.question.id)
assert response.status_code == 200
assert len(response.data) == 0
assert deleted_question_file.file.name not in str(response.content)
# Inspector
inspector = factories.UserProfileFactory(
profile_type=UserProfile.INSPECTOR)
inspector.controls.add(deleted_control)
response = list_annexes_for_question(inspector.user,
deleted_question_file.question.id)
assert response.status_code == 200
assert len(response.data) == 0
assert deleted_question_file.file.name not in str(response.content)
def test_download_question_file_fails_if_the_control_is_not_associated_with_the_user(
client):
question_file = factories.QuestionFileFactory()
unauthorized_control = factories.ControlFactory()
assert unauthorized_control != question_file.question.theme.questionnaire.control
user = utils.make_audited_user(unauthorized_control)
utils.login(client, user=user)
url = reverse('send-question-file', args=[question_file.id])
response = client.get(url)
assert response.status_code != 200
def test_cannot_get_question_file_if_control_is_deleted():
inspector = factories.UserProfileFactory(
profile_type=UserProfile.INSPECTOR)
question_file = factories.QuestionFileFactory()
inspector.controls.add(question_file.question.theme.questionnaire.control)
question_file.question.theme.questionnaire.control.delete()
# method not allowed
assert get_question_file(inspector.user,
question_file.id).status_code == 405
def __init__(self, client):
question_file = factories.QuestionFileFactory()
self.filename = question_file.basename
user = utils.make_audited_user(
question_file.question.theme.questionnaire.control)
utils.login(client, user=user)
url = reverse('send-question-file', args=[question_file.id])
self.response = client.get(url)
def test_audited_cannot_get_question_file_from_draft_questionnaire():
audited = factories.UserProfileFactory(profile_type=UserProfile.AUDITED)
question_file = factories.QuestionFileFactory()
audited.controls.add(question_file.question.theme.questionnaire.control)
question_file.question.theme.questionnaire.is_draft = True
question_file.question.theme.questionnaire.save()
assert Questionnaire.objects.get(
id=question_file.question.theme.questionnaire.id).is_draft
# method not allowed
assert get_question_file(audited.user, question_file.id).status_code == 405
def test_inspector_can_remove_question_file():
inspector = factories.UserProfileFactory(profile_type=UserProfile.INSPECTOR)
question_file = factories.QuestionFileFactory()
inspector.controls.add(question_file.question.theme.questionnaire.control)
utils.login(client, user=inspector.user)
url = reverse('api:annexe-detail', args=[question_file.id])
count_before = QuestionFile.objects.count()
response = client.delete(url)
assert response.status_code == 204
count_after = QuestionFile.objects.count()
assert count_after == count_before - 1
def test_audited_cannot_remove_question_file():
audited = factories.UserProfileFactory(profile_type=UserProfile.AUDITED)
question_file = factories.QuestionFileFactory()
audited.controls.add(question_file.question.theme.questionnaire.control)
utils.login(client, user=audited.user)
url = reverse('api:annexe-detail', args=[question_file.id])
count_before = QuestionFile.objects.count()
response = client.delete(url)
assert response.status_code == 403
count_after = QuestionFile.objects.count()
assert count_after == count_before
def test_audited_cannot_list_question_file_from_draft_questionnaire():
audited = factories.UserProfileFactory(profile_type=UserProfile.AUDITED)
published_question_file = factories.QuestionFileFactory()
published_questionnaire = published_question_file.question.theme.questionnaire
published_questionnaire.is_draft = False
published_questionnaire.save()
assert Questionnaire.objects.get(
id=published_questionnaire.id).is_published
audited.controls.add(published_questionnaire.control)
draft_question_file = factories.QuestionFileFactory()
draft_questionnaire = draft_question_file.question.theme.questionnaire
draft_questionnaire.is_draft = True
draft_questionnaire.save()
assert Questionnaire.objects.get(id=draft_questionnaire.id).is_draft
audited.controls.add(draft_questionnaire.control)
response = list_annexes(audited.user)
assert response.status_code == 200
assert published_question_file.file.name in str(response.content)
assert draft_question_file.file.name not in str(response.content)
assert len(response.data) == 1
def test_audited_cannot_update_question_file_from_draft_questionnaire():
audited = factories.UserProfileFactory(profile_type=UserProfile.AUDITED)
question_file = factories.QuestionFileFactory()
questionnaire = question_file.question.theme.questionnaire
audited.controls.add(questionnaire.control)
questionnaire.is_draft = True
questionnaire.save()
assert Questionnaire.objects.get(id=questionnaire.id).is_draft
payload = {
"id": question_file.id,
"question": question_file.question.id + 1
}
# Forbidden
assert update_question_file(audited.user, payload).status_code == 403
def test_cannot_get_question_file_even_if_user_belongs_to_control():
inspector = factories.UserProfileFactory(
profile_type=UserProfile.INSPECTOR)
audited = factories.UserProfileFactory(profile_type=UserProfile.AUDITED)
question_file = factories.QuestionFileFactory()
questionnaire = question_file.question.theme.questionnaire
inspector.controls.add(questionnaire.control)
audited.controls.add(questionnaire.control)
questionnaire.is_draft = False
questionnaire.save()
assert Questionnaire.objects.get(id=questionnaire.id).is_published
# method not allowed
assert get_question_file(inspector.user,
question_file.id).status_code == 405
assert get_question_file(audited.user, question_file.id).status_code == 405
def test_inspector_cannot_update_question_file_from_published_questionnaire():
inspector = factories.UserProfileFactory(
profile_type=UserProfile.INSPECTOR)
question_file = factories.QuestionFileFactory()
questionnaire = question_file.question.theme.questionnaire
inspector.controls.add(questionnaire.control)
questionnaire.is_draft = False
questionnaire.save()
assert Questionnaire.objects.get(id=questionnaire.id).is_published
payload = {
"id": question_file.id,
"question": question_file.question.id + 1
}
# method not allowed
assert update_question_file(inspector.user, payload).status_code == 405
