def test_shows_logged_in_user_all_users(self): me = UserFactory.create() user_1 = UserFactory.create() user_2 = UserFactory.create() org = OrganisationFactory.create() org.members.add(me) org.admins.add(me) self.client.force_authenticate(me) response = self.client.get(f"/{VERSION}/api/users/") assert response.status_code == status.HTTP_200_OK expected = [ { "id": f"{me.id}", "name": me.username }, { "id": f"{user_1.id}", "name": user_1.username }, { "id": f"{user_2.id}", "name": user_2.username }, ] assert expected == response.json()
def test_shows_logged_in_users_organisations(self): me = UserFactory.create( last_login=datetime.datetime(2019, 6, 3, 16, 35, 0, 0, pytz.UTC)) my_org = OrganisationFactory.create() org_admin = UserFactory.create( last_login=datetime.datetime(2019, 6, 3, 13, 21, 0, 0, pytz.UTC)) my_org.members.add(org_admin) my_org.admins.add(org_admin) AssessmentFactory.create(owner=me, organisation=my_org) AssessmentFactory.create(owner=me, organisation=my_org) my_org.members.add(me) my_org.librarians.add(me) OrganisationFactory.create( ) # make another organisation: it shouldn't show up self.client.force_authenticate(me) response = self.client.get(f"/{VERSION}/api/organisations/") assert response.status_code == status.HTTP_200_OK expected = [ OrderedDict([ ("id", f"{my_org.id}"), ("name", my_org.name), ("assessments", 2), ( "members", [ { "id": f"{me.id}", "name": me.username, "is_admin": False, "is_librarian": True, "last_login": me.last_login.isoformat(), }, { "id": f"{org_admin.id}", "name": org_admin.username, "is_admin": True, "is_librarian": False, "last_login": org_admin.last_login.isoformat(), }, ], ), ( "permissions", { "can_add_remove_members": False, "can_promote_demote_librarians": False, }, ), ("report_template", ""), ]) ] assert expected == response.data
def setUpClass(cls): super().setUpClass() cls.org = OrganisationFactory.create() cls.org_admin = UserFactory.create() cls.member = UserFactory.create() cls.org.members.add(cls.org_admin) cls.org.members.add(cls.member) cls.org.admins.add(cls.org_admin)
def setUpClass(cls): super().setUpClass() cls.org = OrganisationFactory.create() cls.member_1 = UserFactory.create( last_login=datetime.datetime(2019, 6, 3, 16, 35, 0, 0, pytz.UTC)) cls.org.members.add(cls.member_1) cls.org_admin = UserFactory.create( last_login=datetime.datetime(2019, 6, 3, 13, 21, 0, 0, pytz.UTC)) cls.org.members.add(cls.org_admin) cls.org.admins.add(cls.org_admin)
def test_only_returns_assessments_for_logged_in_user(self): me = UserFactory.create() someone_else = UserFactory.create() self.client.force_authenticate(me) AssessmentFactory.create(owner=me) AssessmentFactory.create(owner=me) AssessmentFactory.create(owner=someone_else) response = self.client.get("/api/v1/assessments/") assert response.status_code == status.HTTP_200_OK assert 2 == len(response.data)
def test_shows_logged_in_users_organisations(self): me = UserFactory.create(last_login=datetime.datetime(2019, 6, 3, 16, 35, 0, 0, pytz.UTC)) my_org = OrganisationFactory.create() AssessmentFactory.create(owner=me, organisation=my_org) AssessmentFactory.create(owner=me, organisation=my_org) my_org.members.add(me) OrganisationFactory.create() # make another organisation: it shouldn't show up self.client.force_authenticate(me) response = self.client.get("/api/v1/organisations/") assert response.status_code == status.HTTP_200_OK expected = [ OrderedDict([ ("id", f"{my_org.id}"), ("name", my_org.name), ("assessments", 2), ("members", [ { "userid": f"{me.id}", "name": me.username, "last_login": me.last_login.isoformat(), } ]), ]), ] assert expected == response.data
def test_list_libraries(self): with freeze_time("2019-06-01T16:35:34Z"): l1 = LibraryFactory.create(owner=self.me) l2 = LibraryFactory.create(owner=self.me) LibraryFactory.create( owner=UserFactory.create()) # another library (someone else's) self.client.force_authenticate(self.me) response = self.client.get(f"/{VERSION}/api/libraries/") assert response.status_code == status.HTTP_200_OK assert 2 == len(response.data) assert { "id": "{}".format(l1.pk), "created_at": "2019-06-01T16:35:34Z", "updated_at": "2019-06-01T16:35:34Z", "name": l1.name, "type": l1.type, "writeable": True, "data": l1.data, } == response.data[0] assert { "id": "{}".format(l2.pk), "created_at": "2019-06-01T16:35:34Z", "updated_at": "2019-06-01T16:35:34Z", "name": l2.name, "type": l2.type, "writeable": True, "data": l2.data, } == response.data[1]
def setUpClass(cls): super().setUpClass() cls.org_admin = UserFactory.create() cls.normal_member = UserFactory.create() cls.non_member = UserFactory.create() cls.librarian = UserFactory.create() cls.org = OrganisationFactory.create() cls.org.members.add(cls.org_admin) cls.org.members.add(cls.normal_member) cls.org.members.add(cls.librarian) cls.org.admins.add(cls.org_admin) cls.org.librarians.add(cls.librarian)
def test_returns_assessments_with_expected_result_structure(self): user = UserFactory.create() self.client.force_authenticate(user) with freeze_time("2019-06-01T16:35:34Z"): a1 = AssessmentFactory.create( name="test assessment 1", description="test description", data={"foo": "bar"}, openbem_version="10.1.1", owner=user, ) response = self.client.get("/api/v1/assessments/") expected_structure = { "id": "{}".format(a1.pk), "created_at": "2019-06-01T16:35:34Z", "updated_at": "2019-06-01T16:35:34Z", "mdate": "1559406934", "status": "In progress", "openbem_version": "10.1.1", "name": "test assessment 1", "description": "test description", "author": user.username, "userid": f"{user.id}", } assert expected_structure == response.data.pop()
def test_user_who_is_superuser_can_delete_item_in_global_library(self): library = self.create_library(owner_organisation=None, owner_user=None) self.client.force_authenticate(UserFactory.create(is_superuser=True)) response = self._call_endpoint(library) assert status.HTTP_204_NO_CONTENT == response.status_code
def test_returns_organisation_assessments(self): user = UserFactory.create() organisation = OrganisationFactory.create() organisation.members.add(user) self.client.force_authenticate(user) with freeze_time("2019-06-01T16:35:34Z"): a1 = AssessmentFactory.create( name="test assessment 1", description="test description", data={"foo": "bar"}, owner=user, organisation=organisation, ) response = self.client.get(f"/{VERSION}/api/assessments/") expected_structure = { "id": "{}".format(a1.pk), "created_at": "2019-06-01T16:35:34Z", "updated_at": "2019-06-01T16:35:34Z", "mdate": "1559406934", "status": "In progress", "name": "test assessment 1", "description": "test description", "author": user.username, "userid": f"{user.id}", "organisation": { "id": organisation.pk, "name": organisation.name }, } assert expected_structure == response.data.pop()
def test_returns_forbidden_if_listing_for_organisation_not_a_member_of(self): someone_else = UserFactory.create() self.client.force_authenticate(someone_else) response = self.client.get(f"/api/v1/organisations/{self.organisation.pk}/assessments/") assert status.HTTP_403_FORBIDDEN == response.status_code assert {"detail": "You are not a member of the Organisation."} == response.json()
def test_user_who_isnt_owner_and_isnt_organisation_member_cannot_access(self): assessment = AssessmentFactory.create() non_owner = UserFactory.create() self.client.force_authenticate(non_owner) response = self._call_endpoint(assessment) self._assert_error(response, status.HTTP_404_NOT_FOUND, "Not found.")
def test_user_who_isnt_an_organisation_admin_cannot_list_users(self): self.client.force_authenticate(UserFactory.create()) response = self.client.get(f"/{VERSION}/api/users/") self._assert_error( response, status.HTTP_403_FORBIDDEN, "You are not an admin of an organisation.", )
def test_librarian_of_organisation_can_create_a_library_in_organisation(self): person = UserFactory.create() organisation = OrganisationFactory.create() organisation.members.add(person) organisation.librarians.add(person) self.client.force_authenticate(person) response = self._call_endpoint(organisation) assert status.HTTP_201_CREATED == response.status_code
def test_an_organisation_admin_can_list_all_users(self): me = UserFactory.create() org = OrganisationFactory.create() org.members.add(me) org.admins.add(me) self.client.force_authenticate(me) response = self.client.get(f"/{VERSION}/api/users/") assert response.status_code == status.HTTP_200_OK
def setUpClass(cls): super().setUpClass() cls.my_org = OrganisationFactory.create() cls.other_org = OrganisationFactory.create() cls.org_admin = UserFactory.create() cls.my_org.members.add(cls.org_admin) cls.my_org.admins.add(cls.org_admin) cls.library = LibraryFactory.create(owner_organisation=cls.my_org, owner_user=None)
def test_not_my_assessment(self): someone_else = UserFactory.create() a = factories.AssessmentFactory.create(owner=someone_else) i1 = factories.ImageFactory.create(assessment=a) self.client.force_authenticate(self.me) response = self.client.delete(f"/{VERSION}/api/images/{i1.pk}/") assert response.status_code == status.HTTP_403_FORBIDDEN
def test_user_who_isnt_member_cannot_delete_a_library_item_in_organisation( self): org_with_no_members = OrganisationFactory.create() library = self.create_library(owner_organisation=org_with_no_members, owner_user=None) person = UserFactory.create() self.client.force_authenticate(person) response = self._call_endpoint(library) self._assert_error(response, status.HTTP_404_NOT_FOUND, "Not found.")
def test_returns_not_found_if_not_owner(self): someone_else = UserFactory.create() someone_else.set_password("foo") someone_else.save() someone_elses_assessment = AssessmentFactory.create(owner=someone_else) self.client.login(username=self.me.username, password="******") not_my_assessment_url = f"/assessments/{someone_elses_assessment.pk}/" response = self.client.get(not_my_assessment_url) assert status.HTTP_404_NOT_FOUND == response.status_code
def test_user_who_isnt_owner_cannot_delete_library_item(self): non_owner = UserFactory.create() self.client.force_authenticate(non_owner) response = self._call_endpoint(self.create_library()) self._assert_error( response, status.HTTP_404_NOT_FOUND, "Not found.", )
def test_if_last_login_is_none_shows_never(self): me = UserFactory.create(last_login=None) my_org = OrganisationFactory.create() my_org.members.add(me) self.client.force_authenticate(me) response = self.client.get(f"/{VERSION}/api/organisations/") assert response.status_code == status.HTTP_200_OK assert "never" == response.data[0]["members"][0]["last_login"]
def test_user_who_isnt_owner_and_isnt_organisation_member_cannot_access( self): assessment = AssessmentFactory.create() non_owner = UserFactory.create() self.client.force_authenticate(non_owner) self.call_endpoint_and_assert( assessment, False, "You do not have permission to perform this action.")
def test_organisation_member_who_isnt_owner_can_access(self): organisation = OrganisationFactory.create() assessment = AssessmentFactory.create(organisation=organisation) org_member = UserFactory.create() organisation.members.add(org_member) self.client.force_authenticate(org_member) response = self._call_endpoint(assessment) self._assert_success(response)
def test_org_member_who_is_not_an_org_admin_cannot_list_library_shares(self): normal_member = UserFactory.create() self.my_org.members.add(normal_member) self.client.force_authenticate(normal_member) response = self._call_endpoint(self.my_org, self.shared_library) self._assert_error( response, status.HTTP_403_FORBIDDEN, "You are not an admin of the Organisation.", )
def test_returns_404_if_user_is_not_owner(self): other_user = UserFactory.create() assessment_count = Assessment.objects.count() self.client.force_authenticate(other_user) response = self.client.post( f"/{VERSION}/api/assessments/{self.assessment.pk}/duplicate/") assert status.HTTP_404_NOT_FOUND == response.status_code assert assessment_count == Assessment.objects.count() assert self.assessment.data == Assessment.objects.last().data
def test_user_who_isnt_member_cannot_create_a_library_in_organisation(self): person = UserFactory.create() org_with_no_members = OrganisationFactory.create() self.client.force_authenticate(person) response = self._call_endpoint(org_with_no_members) self._assert_error( response, status.HTTP_403_FORBIDDEN, "You are not a librarian of the Organisation.", )
def test_user_who_isnt_superuser_cannot_delete_item_in_global_library( self): library = self.create_library(owner_organisation=None, owner_user=None) self.client.force_authenticate(UserFactory.create(is_superuser=False)) response = self._call_endpoint(library) self._assert_error( response, status.HTTP_403_FORBIDDEN, "You do not have permission to perform this action.", )
def setUpClass(cls): cls.me = UserFactory.create() with freeze_time("2019-06-01T16:35:34Z"): cls.assessment = AssessmentFactory.create( owner=cls.me, name="test name", description="test description", data={"foo": "bar"}, status="In progress", ) super().setUpClass()
def test_librarian_of_organisation_can_delete_a_library_item_in_organisation( self): organisation = OrganisationFactory.create() library = self.create_library(owner_organisation=organisation, owner_user=None) person = UserFactory.create() organisation.members.add(person) organisation.librarians.add(person) self.client.force_authenticate(person) response = self._call_endpoint(library) assert status.HTTP_204_NO_CONTENT == response.status_code