def test_should_disallow_ip_editor_to_delete_consignee_that_is_vision_imported(self):
user = User.objects.create_user(username='******', password='******')
consignee = ConsigneeFactory(name="User Attached Consignee")
profile = UserProfile(user=user, consignee=consignee)
profile.save()
user.groups = [Group.objects.get(name='Implementing Partner_editor')]
user.save()
consignee = ConsigneeFactory(name='New Consignee', imported_from_vision=True)
self.client.login(username='******', password='******')
response = self.client.delete(ENDPOINT_URL + str(consignee.id) + '/')
self.assertEqual(response.status_code, 403)
self.assertEqual(Consignee.objects.filter(name='New Consignee').count(), 1)
def test_should_allow_ip_editor_to_delete_consignee_that_are_not_created_by_them_but_same_consignee(
self):
user_consignee = ConsigneeFactory(name='Created Consignee')
user_one = User.objects.create_user(username='******',
password='******')
user_profile = UserProfile(user=user_one, consignee=user_consignee)
user_profile.save()
user_one.groups = [
Group.objects.get(name='Implementing Partner_editor')
]
user_one.save()
user_two = User.objects.create_user(username='******',
password='******')
user_profile = UserProfile(user=user_two, consignee=user_consignee)
user_profile.save()
user_two.groups = [
Group.objects.get(name='Implementing Partner_editor')
]
user_two.save()
consignee = ConsigneeFactory(name='New Consignee',
imported_from_vision=False,
created_by_user=user_one)
self.client.login(username='******', password='******')
response = self.client.delete(ENDPOINT_URL + str(consignee.id) + '/')
self.assertEqual(response.status_code, 204)
self.assertEqual(
Consignee.objects.filter(name='New Consignee').count(), 0)
def test_should_allow_ip_editor_to_change_consignee_only_if_created_within_same_ip(
self):
user_consignee = ConsigneeFactory(name='Created Consignee')
user_one = User.objects.create_user(username='******',
password='******')
user_profile = UserProfile(user=user_one, consignee=user_consignee)
user_profile.save()
user_one.groups = [
Group.objects.get(name='Implementing Partner_editor')
]
user_one.save()
user_two = User.objects.create_user(username='******',
password='******')
user_profile = UserProfile(user=user_two, consignee=user_consignee)
user_profile.save()
user_two.groups = [
Group.objects.get(name='Implementing Partner_editor')
]
user_two.save()
consignee = ConsigneeFactory(name='New Consignee',
imported_from_vision=False,
created_by_user=user_one)
self.client.login(username='******', password='******')
response = self.client.put(ENDPOINT_URL + str(consignee.id) + '/',
{'name': 'Updated Consignee'})
self.assertEqual(response.status_code, 200)
self.assertEqual(
Consignee.objects.filter(name='New Consignee').count(), 0)
self.assertEqual(
Consignee.objects.filter(name='Updated Consignee').count(), 1)
def test_should_give_ip_user_permission_to_fully_edit_consignee_created_by_himself(
self):
profile_consignee_one = ConsigneeFactory(name='Consignee 1')
user_one = User.objects.create_user(username='******',
password='******')
user_profile_one = UserProfile(user=user_one,
consignee=profile_consignee_one)
user_profile_one.save()
user_one.groups = [
Group.objects.get(name='Implementing Partner_editor')
]
user_one.save()
user_two = User.objects.create_user(username='******',
password='******')
user_profile_two = UserProfile(user=user_two,
consignee=profile_consignee_one)
user_profile_two.save()
user_two.groups = [
Group.objects.get(name='Implementing Partner_editor')
]
user_two.save()
consignee_to_check = ConsigneeFactory(name='Original Name',
imported_from_vision=False,
created_by_user=user_two)
self.client.login(username='******', password='******')
response = self.client.get(ENDPOINT_URL + str(consignee_to_check.id) +
'/permission_to_edit/')
self.assertEqual(response.data['permission'], 'can_edit_fully')
self.assertEqual(response.status_code, 200)
def test_should_disallow_ip_editor_from_deleting_consignee_created_by_another_role(self):
user = User.objects.create_user(username='******', password='******')
attached_consignee = ConsigneeFactory(name='User Attached Consignee', created_by_user=user, imported_from_vision=False)
profile = UserProfile(user=user, consignee=attached_consignee)
profile.save()
user.groups = [Group.objects.get(name='Implementing Partner_editor')]
user.save()
user_two = User.objects.create_user(username='******', password='******')
user_two.groups = [Group.objects.get(name='UNICEF_admin')]
user_two.save()
consignee = ConsigneeFactory(name='New Consignee', created_by_user=user_two, imported_from_vision=False)
self.client.login(username='******', password='******')
response = self.client.delete(ENDPOINT_URL + str(consignee.id) + '/')
self.assertEqual(response.status_code, 403)
def test_should_disallow_ip_editor_to_delete_consignee_that_is_vision_imported(
self):
user = User.objects.create_user(username='******',
password='******')
consignee = ConsigneeFactory(name="User Attached Consignee")
profile = UserProfile(user=user, consignee=consignee)
profile.save()
user.groups = [Group.objects.get(name='Implementing Partner_editor')]
user.save()
consignee = ConsigneeFactory(name='New Consignee',
imported_from_vision=True)
self.client.login(username='******', password='******')
response = self.client.delete(ENDPOINT_URL + str(consignee.id) + '/')
self.assertEqual(response.status_code, 403)
self.assertEqual(
Consignee.objects.filter(name='New Consignee').count(), 1)
def test_should_allow_ip_editor_to_change_consignee_if_created_by_them(self):
consignee = ConsigneeFactory(name='New Consignee', imported_from_vision=False)
user = User.objects.create_user(username='******', password='******')
user_profile = UserProfile(user=user, consignee=consignee)
user_profile.save()
user.groups = [Group.objects.get(name='Implementing Partner_editor')]
user.save()
consignee_to_update = ConsigneeFactory(
name='Original Name',
imported_from_vision=False,
created_by_user=user)
self.client.login(username='******', password='******')
response = self.client.put(ENDPOINT_URL + str(consignee_to_update.id) + '/', {'name': 'New Name'})
self.assertEqual(response.status_code, 200)
self.assertEqual(Consignee.objects.filter(name='Original Name').count(), 0)
self.assertEqual(Consignee.objects.filter(name='New Name').count(), 1)
def test_should_allow_ip_editor_to_change_consignee_remarks_even_if_created_by_another(self):
profile_consignee_one = ConsigneeFactory(name='Consignee 1')
profile_consignee_two = ConsigneeFactory(name='Consignee 2')
user_one = User.objects.create_user(username='******', password='******')
user_profile_one = UserProfile(user=user_one, consignee=profile_consignee_one)
user_profile_one.save()
user_one.groups = [Group.objects.get(name='Implementing Partner_editor')]
user_one.save()
user_two = User.objects.create_user(username='******', password='******')
user_profile_two = UserProfile(user=user_two, consignee=profile_consignee_two)
user_profile_two.save()
user_two.groups = [Group.objects.get(name='Implementing Partner_editor')]
user_two.save()
user_two_created_consignee = ConsigneeFactory(
name='Some Consignee',
remarks='Original Remark',
imported_from_vision=False,
created_by_user=user_two)
self.client.login(username='******', password='******')
response = self.client.put(
ENDPOINT_URL + str(user_two_created_consignee.id) + '/',
{'name': 'Some Consignee', 'remarks': 'Updated Remark'})
self.assertEqual(response.status_code, 200)
self.assertEqual(Consignee.objects.get(name='Some Consignee').remarks, 'Updated Remark')
def test_should_not_allow_ip_editor_to_change_consignee_only_if_consignee_created_by_another_ip(self):
profile_consignee_one = ConsigneeFactory(name='Consignee 1')
profile_consignee_two = ConsigneeFactory(name='Consignee 2')
user_one = User.objects.create_user(username='******', password='******')
user_profile_one = UserProfile(user=user_one, consignee=profile_consignee_one)
user_profile_one.save()
user_one.groups = [Group.objects.get(name='Implementing Partner_editor')]
user_one.save()
user_two = User.objects.create_user(username='******', password='******')
user_profile_two = UserProfile(user=user_two, consignee=profile_consignee_two)
user_profile_two.save()
user_two.groups = [Group.objects.get(name='Implementing Partner_editor')]
user_two.save()
user_two_created_consignee = ConsigneeFactory(
name='Another New Consignee',
imported_from_vision=False,
created_by_user=user_two)
self.client.login(username='******', password='******')
response = self.client.put(
ENDPOINT_URL + str(user_two_created_consignee.id) + '/',
{'name': 'Updated New Consignee'})
self.assertEqual(response.status_code, 403)
self.assertEqual(Consignee.objects.filter(name='Another New Consignee').count(), 1)
self.assertEqual(Consignee.objects.filter(name='Updated New Consignee').count(), 0)
def test_should_disallow_ip_editor_from_deleting_consignee_created_by_another_role(
self):
user = User.objects.create_user(username='******', password='******')
attached_consignee = ConsigneeFactory(name='User Attached Consignee',
created_by_user=user,
imported_from_vision=False)
profile = UserProfile(user=user, consignee=attached_consignee)
profile.save()
user.groups = [Group.objects.get(name='Implementing Partner_editor')]
user.save()
user_two = User.objects.create_user(username='******',
password='******')
user_two.groups = [Group.objects.get(name='UNICEF_admin')]
user_two.save()
consignee = ConsigneeFactory(name='New Consignee',
created_by_user=user_two,
imported_from_vision=False)
self.client.login(username='******', password='******')
response = self.client.delete(ENDPOINT_URL + str(consignee.id) + '/')
self.assertEqual(response.status_code, 403)
def test_should_allow_ip_editor_to_change_consignee_remarks_even_if_created_by_another(
self):
profile_consignee_one = ConsigneeFactory(name='Consignee 1')
profile_consignee_two = ConsigneeFactory(name='Consignee 2')
user_one = User.objects.create_user(username='******',
password='******')
user_profile_one = UserProfile(user=user_one,
consignee=profile_consignee_one)
user_profile_one.save()
user_one.groups = [
Group.objects.get(name='Implementing Partner_editor')
]
user_one.save()
user_two = User.objects.create_user(username='******',
password='******')
user_profile_two = UserProfile(user=user_two,
consignee=profile_consignee_two)
user_profile_two.save()
user_two.groups = [
Group.objects.get(name='Implementing Partner_editor')
]
user_two.save()
user_two_created_consignee = ConsigneeFactory(
name='Some Consignee',
remarks='Original Remark',
imported_from_vision=False,
created_by_user=user_two)
self.client.login(username='******', password='******')
response = self.client.put(
ENDPOINT_URL + str(user_two_created_consignee.id) + '/', {
'name': 'Some Consignee',
'remarks': 'Updated Remark'
})
self.assertEqual(response.status_code, 200)
self.assertEqual(
Consignee.objects.get(name='Some Consignee').remarks,
'Updated Remark')
def test_should_allow_ip_editor_to_delete_consignee_that_are_not_created_by_them_but_same_consignee(self):
user_consignee = ConsigneeFactory(name='Created Consignee')
user_one = User.objects.create_user(username='******', password='******')
user_profile = UserProfile(user=user_one, consignee=user_consignee)
user_profile.save()
user_one.groups = [Group.objects.get(name='Implementing Partner_editor')]
user_one.save()
user_two = User.objects.create_user(username='******', password='******')
user_profile = UserProfile(user=user_two, consignee=user_consignee)
user_profile.save()
user_two.groups = [Group.objects.get(name='Implementing Partner_editor')]
user_two.save()
consignee = ConsigneeFactory(name='New Consignee', imported_from_vision=False, created_by_user=user_one)
self.client.login(username='******', password='******')
response = self.client.delete(ENDPOINT_URL + str(consignee.id) + '/')
self.assertEqual(response.status_code, 204)
self.assertEqual(Consignee.objects.filter(name='New Consignee').count(), 0)
def test_should_give_ip_user_permission_to_fully_edit_consignee_created_by_same_ip(self):
profile_consignee_one = ConsigneeFactory(name='Consignee 1')
user_one = User.objects.create_user(username='******', password='******')
user_profile_one = UserProfile(user=user_one, consignee=profile_consignee_one)
user_profile_one.save()
user_one.groups = [Group.objects.get(name='Implementing Partner_editor')]
user_one.save()
user_two = User.objects.create_user(username='******', password='******')
user_profile_two = UserProfile(user=user_two, consignee=profile_consignee_one)
user_profile_two.save()
user_two.groups = [Group.objects.get(name='Implementing Partner_editor')]
user_two.save()
consignee_to_check = ConsigneeFactory(
name='Original Name',
imported_from_vision=False,
created_by_user=user_two)
self.client.login(username='******', password='******')
response = self.client.get(ENDPOINT_URL + str(consignee_to_check.id) + '/permission_to_edit/')
self.assertEqual(response.data['permission'], 'can_edit_fully')
self.assertEqual(response.status_code, 200)