def test_only_staff_can_access_delete_user_disclaimer(self):
# no logged in user
encoded_user_id = int_str(chaffify(self.user.id))
url = reverse('studioadmin:delete_user_disclaimer',
args=[encoded_user_id])
resp = self.client.get(url)
self.assertEqual(resp.status_code, 302)
self.assertIn(reverse('booking:permission_denied'), resp.url)
# normal user
resp = self._get_response(url, DisclaimerUpdateView, self.user,
encoded_user_id)
self.assertEqual(resp.status_code, 302)
self.assertIn(reverse('booking:permission_denied'), resp.url)
# instructor user
resp = self._get_response(url, DisclaimerUpdateView,
self.instructor_user, encoded_user_id)
self.assertEqual(resp.status_code, 302)
self.assertIn(reverse('booking:permission_denied'), resp.url)
# staff user
resp = self._get_response(url, DisclaimerUpdateView, self.staff_user,
encoded_user_id)
self.assertEqual(resp.status_code, 200)
def test_only_staff_can_access_delete_user_disclaimer(self):
# no logged in user
encoded_user_id = int_str(chaffify(self.user.id))
url = reverse(
'studioadmin:delete_user_disclaimer', args=[encoded_user_id]
)
resp = self.client.get(url)
self.assertEqual(resp.status_code, 302)
self.assertIn(reverse('booking:permission_denied'), resp.url)
# normal user
resp = self._get_response(
url, DisclaimerUpdateView, self.user, encoded_user_id
)
self.assertEqual(resp.status_code, 302)
self.assertIn(reverse('booking:permission_denied'), resp.url)
# instructor user
resp = self._get_response(
url, DisclaimerUpdateView, self.instructor_user, encoded_user_id
)
self.assertEqual(resp.status_code, 302)
self.assertIn(reverse('booking:permission_denied'), resp.url)
# staff user
resp = self._get_response(
url, DisclaimerUpdateView, self.staff_user, encoded_user_id
)
self.assertEqual(resp.status_code, 200)
def test_encoded_id_with_specified_chaff_values(self):
encoded_id = int_str(chaffify(self.user.id, 12345))
self.assertEqual(
dechaffify(str_int(encoded_id), 12345), self.user.id
)
# with non-matching chaff
with self.assertRaises(ValueError):
dechaffify(str_int(encoded_id), 1234)
def test_encoded_id_with_specified_keyspaces(self):
encoded_id = int_str(chaffify(self.user.id), 'abcdefghisjkl')
self.assertEqual(
dechaffify(str_int(encoded_id, 'abcdefghisjkl')), self.user.id
)
# with non-matching keyspaces
with self.assertRaises(ValueError):
dechaffify(str_int(encoded_id, 'abcdefghisjk'))
def test_get_delete_disclaimer_view(self):
encoded_user_id = int_str(chaffify(self.user.id))
delete_url = reverse(
'studioadmin:delete_user_disclaimer', args=[encoded_user_id]
)
resp = self._get_response(
delete_url, DisclaimerDeleteView, self.staff_user, encoded_user_id,
)
self.assertEqual(resp.context_data['user'], self.user)
def test_delete_disclaimer(self):
self.assertEqual(OnlineDisclaimer.objects.count(), 1)
encoded_user_id = int_str(chaffify(self.user.id))
delete_url = reverse('studioadmin:delete_user_disclaimer',
args=[encoded_user_id])
resp = self._post_response(delete_url, DisclaimerDeleteView,
self.staff_user, encoded_user_id,
self.post_data)
self.assertEqual(OnlineDisclaimer.objects.count(), 0)
def test_update_dislaimer(self):
self.assertIsNone(self.disclaimer.home_phone) # null by default
encoded_user_id = int_str(chaffify(self.user.id))
update_url = reverse('studioadmin:update_user_disclaimer',
args=[encoded_user_id])
resp = self._post_response(update_url, DisclaimerUpdateView,
self.staff_user, encoded_user_id,
self.post_data)
self.disclaimer.refresh_from_db()
self.assertEqual(self.disclaimer.home_phone, '123445')
def test_update_dislaimer_sets_date_updated(self):
self.assertIsNone(self.disclaimer.date_updated)
encoded_user_id = int_str(chaffify(self.user.id))
update_url = reverse('studioadmin:update_user_disclaimer',
args=[encoded_user_id])
resp = self._post_response(update_url, DisclaimerUpdateView,
self.staff_user, encoded_user_id,
self.post_data)
self.disclaimer.refresh_from_db()
self.assertIsNotNone(self.disclaimer.date_updated)
def test_user_password_required_to_update_disclaimer(self):
self.assertNotEqual(self.disclaimer.address, '1 test st')
encoded_user_id = int_str(chaffify(self.user.id))
update_url = reverse('studioadmin:update_user_disclaimer',
args=[encoded_user_id])
resp = self._post_response(update_url, DisclaimerUpdateView,
self.staff_user, encoded_user_id,
self.post_data)
self.disclaimer.refresh_from_db()
self.assertEqual(self.disclaimer.address, '1 test st')
def test_delete_disclaimer(self):
self.assertEqual(OnlineDisclaimer.objects.count(), 1)
encoded_user_id = int_str(chaffify(self.user.id))
delete_url = reverse(
'studioadmin:delete_user_disclaimer', args=[encoded_user_id]
)
resp = self._post_response(
delete_url, DisclaimerDeleteView, self.staff_user, encoded_user_id,
self.post_data
)
self.assertEqual(OnlineDisclaimer.objects.count(), 0)
def test_get_delete_disclaimer_view(self):
encoded_user_id = int_str(chaffify(self.user.id))
delete_url = reverse('studioadmin:delete_user_disclaimer',
args=[encoded_user_id])
resp = self._get_response(
delete_url,
DisclaimerDeleteView,
self.staff_user,
encoded_user_id,
)
self.assertEqual(resp.context_data['user'], self.user)
def test_user_password_incorrect(self):
encoded_user_id = int_str(chaffify(self.user.id))
update_url = reverse('studioadmin:update_user_disclaimer',
args=[encoded_user_id])
self.post_data['password'] = '******'
self.assertTrue(
self.client.login(username=self.staff_user.username,
password='******'))
resp = self.client.post(update_url, self.post_data, follow=True)
self.assertIn('Password is incorrect',
format_content(resp.rendered_content))
def test_update_dislaimer(self):
self.assertIsNone(self.disclaimer.home_phone) # null by default
encoded_user_id = int_str(chaffify(self.user.id))
update_url = reverse(
'studioadmin:update_user_disclaimer', args=[encoded_user_id]
)
resp = self._post_response(
update_url, DisclaimerUpdateView, self.staff_user, encoded_user_id,
self.post_data
)
self.disclaimer.refresh_from_db()
self.assertEqual(self.disclaimer.home_phone, '123445')
def test_user_password_required_to_update_disclaimer(self):
self.assertNotEqual(self.disclaimer.address, '1 test st')
encoded_user_id = int_str(chaffify(self.user.id))
update_url = reverse(
'studioadmin:update_user_disclaimer', args=[encoded_user_id]
)
resp = self._post_response(
update_url, DisclaimerUpdateView, self.staff_user, encoded_user_id,
self.post_data
)
self.disclaimer.refresh_from_db()
self.assertEqual(self.disclaimer.address, '1 test st')
def test_update_dislaimer_sets_date_updated(self):
self.assertIsNone(self.disclaimer.date_updated)
encoded_user_id = int_str(chaffify(self.user.id))
update_url = reverse(
'studioadmin:update_user_disclaimer', args=[encoded_user_id]
)
resp = self._post_response(
update_url, DisclaimerUpdateView, self.staff_user, encoded_user_id,
self.post_data
)
self.disclaimer.refresh_from_db()
self.assertIsNotNone(self.disclaimer.date_updated)
def test_user_password_incorrect(self):
encoded_user_id = int_str(chaffify(self.user.id))
update_url = reverse(
'studioadmin:update_user_disclaimer', args=[encoded_user_id]
)
self.post_data['password'] = '******'
self.assertTrue(
self.client.login(username=self.staff_user.username, password='******')
)
resp = self.client.post(update_url, self.post_data, follow=True)
self.assertIn(
'Password is incorrect', format_content(resp.rendered_content)
)
def test_only_staff_or_instructor_can_access_user_disclaimer(self):
# no logged in user
encoded_user_id = int_str(chaffify(self.user.id))
resp = self.client.get(
reverse('studioadmin:user_disclaimer', args=[encoded_user_id]))
self.assertEqual(resp.status_code, 302)
self.assertIn(reverse('login'), resp.url)
# normal user
resp = self._get_user_disclaimer(self.user, encoded_user_id)
self.assertEqual(resp.status_code, 302)
self.assertIn(reverse('booking:permission_denied'), resp.url)
# staff user
resp = self._get_user_disclaimer(self.staff_user, encoded_user_id)
self.assertEqual(resp.status_code, 200)
# instructpr user
resp = self._get_user_disclaimer(self.instructor_user, encoded_user_id)
self.assertEqual(resp.status_code, 200)
def test_update_and_delete_buttons_not_shown_for_instructors(self):
encoded_user_id = int_str(chaffify(self.user.id))
update_url = reverse('studioadmin:update_user_disclaimer',
args=[encoded_user_id])
delete_url = reverse('studioadmin:delete_user_disclaimer',
args=[encoded_user_id])
resp = self._get_user_disclaimer(self.instructor_user, encoded_user_id)
self.assertEqual(resp.status_code, 200)
self.assertNotIn('Update', resp.rendered_content)
self.assertNotIn(update_url, resp.rendered_content)
self.assertNotIn('Delete', resp.rendered_content)
self.assertNotIn(delete_url, resp.rendered_content)
resp = self._get_user_disclaimer(self.staff_user, encoded_user_id)
self.assertEqual(resp.status_code, 200)
self.assertIn('Update', resp.rendered_content)
self.assertIn(update_url, resp.rendered_content)
self.assertIn('Delete', resp.rendered_content)
self.assertIn(delete_url, resp.rendered_content)
def test_update_and_delete_buttons_not_shown_for_instructors(self):
encoded_user_id = int_str(chaffify(self.user.id))
update_url = reverse(
'studioadmin:update_user_disclaimer', args=[encoded_user_id]
)
delete_url = reverse(
'studioadmin:delete_user_disclaimer', args=[encoded_user_id]
)
resp = self._get_user_disclaimer(self.instructor_user, encoded_user_id)
self.assertEqual(resp.status_code, 200)
self.assertNotIn('Update', resp.rendered_content)
self.assertNotIn(update_url, resp.rendered_content)
self.assertNotIn('Delete', resp.rendered_content)
self.assertNotIn(delete_url, resp.rendered_content)
resp = self._get_user_disclaimer(self.staff_user, encoded_user_id)
self.assertEqual(resp.status_code, 200)
self.assertIn('Update', resp.rendered_content)
self.assertIn(update_url, resp.rendered_content)
self.assertIn('Delete', resp.rendered_content)
self.assertIn(delete_url, resp.rendered_content)
def test_no_changes_made(self):
post_data = {
'id': self.disclaimer.id,
'name': self.disclaimer.name,
'dob': self.disclaimer.dob.strftime('%d %b %Y'),
'address': self.disclaimer.address,
'postcode': self.disclaimer.postcode,
'mobile_phone': self.disclaimer.mobile_phone,
'emergency_contact1_name': self.disclaimer.emergency_contact1_name,
'emergency_contact1_relationship':
self.disclaimer.emergency_contact1_relationship,
'emergency_contact1_phone':
self.disclaimer.emergency_contact1_phone,
'emergency_contact2_name': self.disclaimer.emergency_contact2_name,
'emergency_contact2_relationship':
self.disclaimer.emergency_contact2_relationship,
'emergency_contact2_phone':
self.disclaimer.emergency_contact2_phone,
'medical_conditions': False,
'medical_conditions_details': '',
'joint_problems': False,
'joint_problems_details': '',
'allergies': False,
'allergies_details': '',
'medical_treatment_permission': True,
'terms_accepted': True,
'age_over_18_confirmed': True,
'password': '******'
}
encoded_user_id = int_str(chaffify(self.user.id))
update_url = reverse('studioadmin:update_user_disclaimer',
args=[encoded_user_id])
self.assertTrue(
self.client.login(username=self.staff_user.username,
password='******'))
resp = self.client.post(update_url, post_data, follow=True)
self.assertIn('No changes made', format_content(resp.rendered_content))
def test_no_changes_made(self):
post_data = {
'id': self.disclaimer.id,
'name': self.disclaimer.name,
'dob': self.disclaimer.dob.strftime('%d %b %Y'),
'address': self.disclaimer.address,
'postcode': self.disclaimer.postcode,
'mobile_phone': self.disclaimer.mobile_phone,
'emergency_contact1_name': self.disclaimer.emergency_contact1_name,
'emergency_contact1_relationship': self.disclaimer.emergency_contact1_relationship,
'emergency_contact1_phone': self.disclaimer.emergency_contact1_phone,
'emergency_contact2_name': self.disclaimer.emergency_contact2_name,
'emergency_contact2_relationship': self.disclaimer.emergency_contact2_relationship,
'emergency_contact2_phone': self.disclaimer.emergency_contact2_phone,
'medical_conditions': False,
'medical_conditions_details': '',
'joint_problems': False,
'joint_problems_details': '',
'allergies': False, 'allergies_details': '',
'medical_treatment_permission': True,
'terms_accepted': True,
'age_over_18_confirmed': True,
'password': '******'
}
encoded_user_id = int_str(chaffify(self.user.id))
update_url = reverse(
'studioadmin:update_user_disclaimer', args=[encoded_user_id]
)
self.assertTrue(
self.client.login(username=self.staff_user.username, password='******')
)
resp = self.client.post(update_url, post_data, follow=True)
self.assertIn(
'No changes made', format_content(resp.rendered_content)
)
def test_only_staff_or_instructor_can_access_user_disclaimer(self):
# no logged in user
encoded_user_id = int_str(chaffify(self.user.id))
resp = self.client.get(
reverse(
'studioadmin:user_disclaimer',
args=[encoded_user_id]
)
)
self.assertEqual(resp.status_code, 302)
self.assertIn(reverse('login'), resp.url)
# normal user
resp = self._get_user_disclaimer(self.user, encoded_user_id)
self.assertEqual(resp.status_code, 302)
self.assertIn(reverse('booking:permission_denied'), resp.url)
# staff user
resp = self._get_user_disclaimer(self.staff_user, encoded_user_id)
self.assertEqual(resp.status_code, 200)
# instructpr user
resp = self._get_user_disclaimer(self.instructor_user, encoded_user_id)
self.assertEqual(resp.status_code, 200)
def encode(val):
return int_str(chaffify(val))
def test_encoded_id_with_defaults(self):
encoded_id = int_str(chaffify(self.user.id))
self.assertEqual(dechaffify(str_int(encoded_id)), self.user.id)
def encode(val):
return int_str(chaffify(val))
