def test_get_permitted_submissions_when_permitted(self): cc_pubdef = auth_models.Organization.objects.get( slug='cc_pubdef') subs = cc_pubdef.submissions.all() mock_user = Mock(is_staff=False, **{'profile.organization': cc_pubdef}) result = SubmissionsService.get_permitted_submissions(mock_user) self.assertListEqual(list(result), list(subs))
def test_get_permitted_submissions_when_permitted(self): cc_pubdef = auth_models.Organization.objects.get( slug=constants.Organizations.COCO_PUBDEF) subs = cc_pubdef.submissions.all() mock_user = Mock(is_staff=False, **{'profile.organization': cc_pubdef}) result = SubmissionsService.get_permitted_submissions(mock_user) self.assertListEqual(list(result), list(subs))
def get(self, request, submission_id): self.submissions = list( SubmissionsService.get_permitted_submissions( request.user, [submission_id])) if not self.submissions: return not_allowed(request) return super().get(request, submission_id)
def test_get_permitted_submissions_when_staff(self): orgs = auth_models.Organization.objects.all() for org in orgs: SubmissionsService.create_for_organizations([org], answers={}) subs = set(models.FormSubmission.objects.all()) mock_user = Mock(is_staff=True) result = SubmissionsService.get_permitted_submissions(mock_user) self.assertEqual(set(result), subs)
def test_get_permitted_submissions_when_not_permitted(self): cc_pubdef = auth_models.Organization.objects.get(slug='cc_pubdef') sf_pubdef = auth_models.Organization.objects.get(slug='sf_pubdef') submission = SubmissionsService.create_for_organizations([cc_pubdef], answers={}) mock_user = Mock(is_staff=False, **{'profile.organization': sf_pubdef}) result = SubmissionsService.get_permitted_submissions( mock_user, [submission.id]) self.assertListEqual(list(result), [])
def get(self, request, submission_id): if request.user.profile.should_see_pdf() and not request.user.is_staff: return redirect( reverse_lazy('intake-filled_pdf', kwargs=dict(submission_id=submission_id))) self.submissions = list(SubmissionsService.get_permitted_submissions( request.user, [submission_id])) if not self.submissions: return not_allowed(request) return super().get(request, submission_id)
def get(self, request, submission_id): if request.user.profile.should_see_pdf() and not request.user.is_staff: return redirect( reverse_lazy('intake-filled_pdf', kwargs=dict(submission_id=submission_id))) self.submissions = list( SubmissionsService.get_permitted_submissions( request.user, [submission_id])) if not self.submissions: return not_allowed(request) return super().get(request, submission_id)
def test_get_permitted_submissions_when_not_permitted(self): cc_pubdef = auth_models.Organization.objects.get( slug='cc_pubdef') sf_pubdef = auth_models.Organization.objects.get( slug='sf_pubdef') submission = SubmissionsService.create_for_organizations( [cc_pubdef], answers={}) mock_user = Mock(is_staff=False, **{'profile.organization': sf_pubdef}) result = SubmissionsService.get_permitted_submissions( mock_user, [submission.id]) self.assertListEqual(list(result), [])
def test_filters_to_organization_of_user(self): # Given a user from one org who tries to access all submissions # assert that they only receive submissions for their org # given a user from one org org = Organization.objects.get(slug=Organizations.ALAMEDA_PUBDEF) user = org.profiles.first().user # who requests all submissions submissions = SubmissionsService.get_permitted_submissions(user) # make sure they only receive those subs targeted to their org for sub in submissions: orgs = list(sub.organizations.all()) self.assertIn(org, orgs)
def get_context_data(self, **kwargs): is_staff = self.request.user.is_staff context = super().get_context_data(**kwargs) context['submissions'] = \ SubmissionsService.get_permitted_submissions( self.request.user, related_objects=True) # context['page_counter'] = \ # utils.get_page_navigation_counter( # page=context['submissions'], # wing_size=9) context['show_pdf'] = self.request.user.profile.should_see_pdf() context['body_class'] = 'admin' if is_staff: context['ALL_TAG_NAMES'] = TagsService.get_all_used_tag_names() return context
def test_filters_to_organization_of_user(self): # Given a user from one org who tries to access all submissions # assert that they only receive submissions for their org # given a user from one org org = Organization.objects.get(slug='a_pubdef') user = org.profiles.first().user # who requests all submissions submissions = list(SubmissionsService.get_permitted_submissions(user)) # make sure they only receive those subs targeted to their org for sub in submissions: orgs = list(sub.organizations.all()) self.assertIn(org, orgs) other_submissions = models.FormSubmission.objects.exclude( organizations=org) for other in other_submissions: self.assertNotIn(other, submissions)
def get(self, request, submission_id): if request.user.profile.should_see_pdf() and not request.user.is_staff: return redirect( reverse_lazy('intake-filled_pdf', kwargs=dict(submission_id=submission_id))) submissions = list( SubmissionsService.get_permitted_submissions( request.user, [submission_id])) if not submissions: return self.not_allowed(request) submission = submissions[0] self.mark_viewed(request, submission) display_form, letter_display = submission.get_display_form_for_user( request.user) context = dict(form=display_form, declaration_form=letter_display) response = TemplateResponse(request, self.template_name, context) return response
def test_filters_to_organization_of_user(self): # Given a user from one org who tries to access all submissions # assert that they only receive submissions for their org # given a user from one org org = Organization.objects.get(slug='a_pubdef') user = org.profiles.first().user # who requests all submissions submissions = list(SubmissionsService.get_permitted_submissions(user)) # make sure they only receive those subs targeted to their org for sub in submissions: orgs = list(sub.organizations.all()) self.assertIn(org, orgs) other_submissions = models.FormSubmission.objects.exclude( organizations=org) for other in other_submissions: self.assertNotIn(other, submissions)
def get_submissions_from_params(self, request): ids = self.get_ids_from_params(request) return list( SubmissionsService.get_permitted_submissions(request.user, ids))
def get(self, request, submission_id): self.submissions = list(SubmissionsService.get_permitted_submissions( request.user, [submission_id])) if not self.submissions: return not_allowed(request) return super().get(request, submission_id)
def get_submissions_from_params(self, request): ids = self.get_ids_from_params(request) return list(SubmissionsService.get_permitted_submissions( request.user, ids))