def test_func(self):
"""
implementation of the UserPassesTestMixin test_func
"""
user = self.request.user
if not user.is_authenticated():
return False
if not is_assessor(user):
return False
assessment = self.get_assessment()
return assessment is not None and assessment.assessor_group in get_user_assessor_groups(user)
def test_func(self):
"""
implementation of the UserPassesTestMixin test_func
"""
user = self.request.user
if not user.is_authenticated():
self.raise_exception = False
return False
self.raise_exception = True
if is_customer(user) or is_officer(user):
return False
assessment = self.get_assessment()
return assessment is not None and assessment.assessor_group in get_user_assessor_groups(user)
def test_func(self):
"""
implementation of the UserPassesTestMixin test_func
"""
user = self.request.user
if not user.is_authenticated():
self.raise_exception = False
return False
self.raise_exception = True
if is_customer(user) or is_officer(user):
return False
assessment = self.get_assessment()
return assessment is not None and assessment.assessor_group in get_user_assessor_groups(
user)
def test_assessor_access_limited(self):
"""
Test that an assessor cannot edit an assessment that doesn't belong to their group
All accessor can search conditions
"""
assessor = get_or_create_default_assessor()
self.client.login(assessor.email)
# This assessor doesn't belong to a group
self.assertTrue(is_assessor(assessor))
self.assertFalse(get_user_assessor_groups(assessor))
# forbidden
urls_get_forbidden = [
reverse('wl_applications:enter_conditions', args=[self.application.pk]),
reverse('wl_applications:enter_conditions_assessor', args=[self.application.pk, self.assessment.pk]),
]
urls_post_forbidden = [
{
'url': reverse('wl_applications:create_condition'),
'data': {
'code': '123488374',
'text': 'condition text'
}
},
{
'url': reverse('wl_applications:set_assessment_condition_state'),
'data': {
'assessmentConditionID': self.assessment_condition.pk,
'acceptanceStatus': 'accepted',
}
},
{
'url': reverse('wl_applications:enter_conditions', args=[self.application.pk]),
'data': {
'conditionID': [self.condition.pk],
}
},
{
'url': reverse('wl_applications:enter_conditions_assessor',
args=[self.application.pk, self.assessment.pk]),
'data': {
'conditionID': [self.condition.pk],
}
},
]
# Allowed
urls_get_allowed = [
reverse('wl_applications:search_conditions')
]
urls_post_allowed = [
]
for url in urls_get_forbidden:
response = self.client.get(url, follow=True)
if response.status_code != 403:
self.assertRedirects(response, reverse('wl_dashboard:tables_assessor'), status_code=302,
target_status_code=200)
for url in urls_post_forbidden:
response = self.client.post(url['url'], url['data'], follow=True)
if response.status_code != 403:
self.assertRedirects(response, reverse('wl_dashboard:tables_assessor'), status_code=302,
target_status_code=200)
for url in urls_get_allowed:
response = self.client.get(url, follow=True)
self.assertEqual(200, response.status_code)
for url in urls_post_allowed:
response = self.client.post(url['url'], url['data'], follow=True)
self.assertEqual(200, response.status_code)
def test_assessor_access_limited(self):
"""
Test that an assessor cannot edit an assessment that doesn't belong to their group
All accessor can search conditions
"""
assessor = get_or_create_default_assessor()
self.client.login(assessor.email)
# This assessor doesn't belong to a group
self.assertTrue(is_assessor(assessor))
self.assertFalse(get_user_assessor_groups(assessor))
# forbidden
urls_get_forbidden = [
reverse('wl_applications:enter_conditions',
args=[self.application.pk]),
reverse('wl_applications:enter_conditions_assessor',
args=[self.application.pk, self.assessment.pk]),
]
urls_post_forbidden = [
{
'url':
reverse('wl_applications:create_condition',
args=[self.application.pk]),
'data': {
'code': '123488374',
'text': 'condition text'
}
},
{
'url':
reverse('wl_applications:set_assessment_condition_state'),
'data': {
'assessmentConditionID': self.assessment_condition.pk,
'acceptanceStatus': 'accepted',
}
},
{
'url':
reverse('wl_applications:enter_conditions',
args=[self.application.pk]),
'data': {
'conditionID': [self.condition.pk],
}
},
{
'url':
reverse('wl_applications:enter_conditions_assessor',
args=[self.application.pk, self.assessment.pk]),
'data': {
'conditionID': [self.condition.pk],
}
},
]
# Allowed
urls_get_allowed = [reverse('wl_applications:search_conditions')]
urls_post_allowed = []
for url in urls_get_forbidden:
response = self.client.get(url, follow=True)
if response.status_code != 403:
self.assertRedirects(response,
reverse('wl_dashboard:tables_assessor'),
status_code=302,
target_status_code=200)
for url in urls_post_forbidden:
response = self.client.post(url['url'], url['data'], follow=True)
if response.status_code != 403:
self.assertRedirects(response,
reverse('wl_dashboard:tables_assessor'),
status_code=302,
target_status_code=200)
for url in urls_get_allowed:
response = self.client.get(url, follow=True)
self.assertEqual(200, response.status_code)
for url in urls_post_allowed:
response = self.client.post(url['url'], url['data'], follow=True)
self.assertEqual(200, response.status_code)
