def test_create_new_basket(admin_user):
shop = factories.get_default_shop()
shop2 = create_shop("foobar")
client = _get_client(admin_user)
response = client.post("/api/shuup/basket/new/", {
"shop": shop2.pk
})
assert response.status_code == status.HTTP_201_CREATED
basket_data = json.loads(response.content.decode("utf-8"))
basket = Basket.objects.first()
assert basket.key == basket_data['uuid'].split("-")[1]
assert basket.shop == shop2
admin_contact = get_person_contact(admin_user)
assert basket.customer == admin_contact
assert basket.orderer == admin_contact
assert basket.creator == admin_user
# invalid shop
response = client.post("/api/shuup/basket/new/", data={"shop": 1000})
assert response.status_code == status.HTTP_400_BAD_REQUEST
# no shop in multishop mode
response = client.post("/api/shuup/basket/new/")
assert response.status_code == status.HTTP_400_BAD_REQUEST
# no shop in single shop mode
with override_settings(SHUUP_ENABLE_MULTIPLE_SHOPS=False):
response = client.post("/api/shuup/basket/new/")
assert response.status_code == status.HTTP_201_CREATED
basket_data = json.loads(response.content.decode("utf-8"))
basket = Basket.objects.all()[1]
assert basket.key == basket_data['uuid'].split("-")[1]
assert basket.shop == shop
assert basket.customer == admin_contact
assert basket.orderer == admin_contact
assert basket.creator == admin_user
person = factories.create_random_person()
response = client.post("/api/shuup/basket/new/", data={"customer": person.pk})
assert response.status_code == status.HTTP_201_CREATED
basket_data = json.loads(response.content.decode("utf-8"))
basket = Basket.objects.all()[2]
assert basket.key == basket_data['uuid'].split("-")[1]
assert basket.shop == shop
assert basket.creator == admin_user
assert basket.customer.pk == person.pk
assert basket.orderer.pk == person.pk
assert basket.creator.pk == admin_user.pk
# Try to fetch the basket as the customer
user = factories.UserFactory()
person.user = user
person.save()
response = client.get("/api/shuup/basket/{}/".format(basket_data['uuid']))
assert response.status_code == 200
customer_basket_data = json.loads(response.content.decode("utf-8"))
assert basket.key == customer_basket_data['key'] # Still same basket as before
assert customer_basket_data['customer']['id'] == person.pk # Still same customer as before
def test_media_view_images_without_root_access(rf):
shop = factories.get_default_shop()
staff_user = factories.UserFactory(is_staff=True)
permission_group = factories.get_default_permission_group()
staff_user.groups.add(permission_group)
shop.staff_members.add(staff_user)
set_permissions_for_group(permission_group, ["upload-media"])
assert not can_see_root_folder(staff_user)
folder = get_or_create_folder(shop, "Root")
File.objects.create(name="normalfile", folder=folder)
img = Image.objects.create(name="imagefile", folder=folder, is_public=True)
request = apply_request_middleware(rf.get("/", {
"filter": "images",
"action": "folder"
}),
user=staff_user)
request.user = staff_user
view_func = MediaBrowserView.as_view()
response = view_func(request)
assert isinstance(response, JsonResponse)
content = json.loads(response.content.decode("utf-8"))
assert len(content["folder"]["folders"]) == 0
assert len(content["folder"]["files"]) == 0
def get_staff_user():
shop = factories.get_default_shop()
staff_user = factories.UserFactory(is_staff=True)
permission_group = factories.get_default_permission_group()
staff_user.groups.add(permission_group)
shop.staff_members.add(staff_user)
set_permissions_for_group(permission_group, ["Customize Staff Admin Menu", "menu.arrange_staff", "menu.reset_staff"])
return staff_user
def get_supplier_user():
factories.get_default_shop()
supplier = factories.get_default_supplier()
supplier_user = factories.UserFactory(is_staff=True)
permission_group = factories.get_default_permission_group()
supplier_user.groups.add(permission_group)
set_permissions_for_group(permission_group, [
"Customize Supplier Admin Menu", "menu.arrange_supplier",
"menu.reset_staff"
])
return supplier_user
def test_can_see_root_folder(rf, admin_user):
assert not can_see_root_folder(None)
assert can_see_root_folder(admin_user)
shop = factories.get_default_shop()
staff_user = factories.UserFactory(is_staff=True)
assert not can_see_root_folder(staff_user)
permission_group = factories.get_default_permission_group()
staff_user.groups.add(permission_group)
shop.staff_members.add(staff_user)
set_permissions_for_group(permission_group, ["media.view-all"])
assert can_see_root_folder(staff_user)
def test_browser_config_as_shop_staff(rf):
shop = factories.get_default_shop()
staff_user = factories.UserFactory(is_staff=True)
permission_group = factories.get_default_permission_group()
staff_user.groups.add(permission_group)
shop.staff_members.add(staff_user)
request = apply_request_middleware(rf.post("/"), user=staff_user)
urls = get_browser_urls(request)
# staff does not have media permission
assert urls["media"] is None
set_permissions_for_group(permission_group, ["media.browse"])
urls = get_browser_urls(request)
assert urls["media"] == reverse("shuup_admin:media.browse")
media_module_permission_urls = set(get_permissions_from_urls(MediaModule().get_urls()))
assert "media.browse" in media_module_permission_urls
assert "shuup_admin:media.browse" not in media_module_permission_urls
def test_get_folders_without_view_all_permission(rf):
shop = factories.get_default_shop()
staff_user = factories.UserFactory(is_staff=True)
permission_group = factories.get_default_permission_group()
staff_user.groups.add(permission_group)
shop.staff_members.add(staff_user)
set_permissions_for_group(permission_group, ["upload-media"])
assert not can_see_root_folder(staff_user)
# Create a structure and retrieve it
folder1 = get_or_create_folder(shop, printable_gibberish())
folder1_media_folder = ensure_media_folder(shop, folder1)
folder1_media_folder.owners.add(staff_user)
folder2 = get_or_create_folder(shop, printable_gibberish())
folder3 = get_or_create_folder(shop, printable_gibberish())
folder4 = get_or_create_folder(shop, printable_gibberish())
folder4.parent = folder2
folder4.save()
folder4_media_folder = ensure_media_folder(shop, folder4)
folder4_media_folder.owners.add(staff_user)
folder5 = get_or_create_folder(shop, printable_gibberish())
folder5.parent = folder4
folder5.save()
folder6 = get_or_create_folder(shop, printable_gibberish())
folder6.parent = folder5
folder6.save()
folder6_media_folder = ensure_media_folder(shop, folder6)
folder6_media_folder.owners.add(staff_user)
folder7 = get_or_create_folder(shop, printable_gibberish())
folder7.parent = folder6
folder7.save()
tree = get_id_tree(mbv_command(staff_user, {"action": "folders"}, "GET"))
assert set((folder1.id, folder4.id)) <= set(tree.keys())
