def test_staff_user_can_access_any_organization_user(self):
self.client.force_authenticate(self.staff_user)
organization_user = OrganizationUserFactory()
response = self.client.get(
OrganizationUserFactory.get_url(organization_user))
self.assertEqual(response.status_code, status.HTTP_200_OK)
def test_staff_user_can_delete_any_organization_user(self):
organization_user = OrganizationUserFactory()
self.client.force_authenticate(self.staff_user)
response = self.client.delete(
OrganizationUserFactory.get_url(organization_user))
self.assertEqual(response.status_code, status.HTTP_204_NO_CONTENT)
def test_user_cannot_access_other_organization_users(self):
self.client.force_authenticate(self.user)
organization_user = OrganizationUserFactory()
response = self.client.get(
OrganizationUserFactory.get_url(organization_user))
self.assertEqual(response.status_code, status.HTTP_404_NOT_FOUND)
def test_user_cannot_approve_his_organization_user(self):
self.client.force_authenticate(self.user)
organization_user = OrganizationUserFactory(user=self.user)
response = self.client.post(
OrganizationUserFactory.get_url(organization_user,
action='approve'))
self.assertEqual(response.status_code, status.HTTP_403_FORBIDDEN)
def test_customer_owner_can_delete_his_customer_organization_user(self):
organization = OrganizationFactory(customer=self.customer)
organization_user = OrganizationUserFactory(organization=organization)
self.client.force_authenticate(self.customer_owner)
response = self.client.delete(
OrganizationUserFactory.get_url(organization_user))
self.assertEqual(response.status_code, status.HTTP_204_NO_CONTENT)
def test_user_cannot_delete_approved_organization_user(self):
organization_user = OrganizationUserFactory(is_approved=True,
user=self.user)
self.client.force_authenticate(self.user)
response = self.client.delete(
OrganizationUserFactory.get_url(organization_user))
self.assertEqual(response.status_code, status.HTTP_403_FORBIDDEN)
def test_customer_owner_can_access_his_customer_organization_users(self):
organization = OrganizationFactory(customer=self.customer)
organization_user = OrganizationUserFactory(organization=organization)
self.client.force_authenticate(self.customer_owner)
response = self.client.get(
OrganizationUserFactory.get_url(organization_user))
self.assertEqual(response.status_code, status.HTTP_200_OK)
def test_staff_user_can_reject_organization_user(self):
self.client.force_authenticate(self.staff_user)
organization_user = OrganizationUserFactory(is_approved=True)
response = self.client.post(
OrganizationUserFactory.get_url(organization_user,
action='reject'))
self.assertEqual(response.status_code, status.HTTP_200_OK)
organization_user = models.OrganizationUser.objects.get(
uuid=organization_user.uuid)
self.assertFalse(organization_user.is_approved)
def test_customer_owner_can_approve_his_customer_organization_user(self):
self.client.force_authenticate(self.customer_owner)
organization = OrganizationFactory(customer=self.customer)
organization_user = OrganizationUserFactory(organization=organization)
response = self.client.post(
OrganizationUserFactory.get_url(organization_user,
action='approve'))
self.assertEqual(response.status_code, status.HTTP_200_OK)
organization_user = models.OrganizationUser.objects.get(
uuid=organization_user.uuid)
self.assertTrue(organization_user.is_approved)
def test_user_can_create_organization_user(self):
organization = OrganizationFactory()
self.client.force_authenticate(self.user)
data = {
'user': structure_factories.UserFactory.get_url(self.user),
'organization': OrganizationFactory.get_url(organization)
}
response = self.client.post(OrganizationUserFactory.get_list_url(),
data)
self.assertEqual(response.status_code, status.HTTP_201_CREATED)
def test_user_can_list_organization_users(self):
self.client.force_authenticate(self.user)
response = self.client.get(OrganizationUserFactory.get_list_url())
self.assertEqual(response.status_code, status.HTTP_200_OK)
def test_anonymous_user_cannot_list_organization_users(self):
response = self.client.get(OrganizationUserFactory.get_list_url())
self.assertEqual(response.status_code, status.HTTP_401_UNAUTHORIZED)