def test_questionnaire_delete():
increment_ids()
question = factories.QuestionFactory()
theme = question.theme
questionnaire = theme.questionnaire
user = utils.make_inspector_user(questionnaire.control)
assert Questionnaire.objects.all().count() == 1
assert Theme.objects.all().count() == 1
assert Question.objects.all().count() == 1
response = delete_questionnaire(user, questionnaire.id)
assert 200 <= response.status_code < 300
# Cascade delete : child objects are deleted
assert Questionnaire.objects.all().count() == 0
assert Theme.objects.all().count() == 0
assert Question.objects.all().count() == 0
def test_inspector_cannot_upload_question_file_to_published_questionnaire():
inspector = factories.UserProfileFactory(
profile_type=UserProfile.INSPECTOR)
question = factories.QuestionFactory()
questionnaire = question.theme.questionnaire
questionnaire.is_draft = False
questionnaire.save()
inspector.controls.add(questionnaire.control)
utils.login(client, user=inspector.user)
url = reverse('api:annexe-list')
count_before = QuestionFile.objects.count()
post_data = {
'file': factories.dummy_file.open(),
'question': [question.id]
}
response = client.post(url, post_data, format='multipart')
assert response.status_code == 403
count_after = QuestionFile.objects.count()
assert count_after == count_before
def test_questionnaire_update__theme_delete():
increment_ids()
question = factories.QuestionFactory()
theme = question.theme
questionnaire = theme.questionnaire
user = utils.make_inspector_user(questionnaire.control)
payload = make_update_payload(questionnaire)
payload['themes'] = []
assert Questionnaire.objects.all().count() == 1
assert Theme.objects.all().count() == 1
assert Question.objects.all().count() == 1
response = update_questionnaire(user, payload)
assert response.status_code == 200
# data is saved
assert Questionnaire.objects.all().count() == 1
assert Theme.objects.all().count() == 0
assert Question.objects.all().count() == 0
# Response data is filled in
assert len(response.data.get('themes', [])) == 0
def test_no_access_to_question_api_for_anonymous():
question = factories.QuestionFactory()
response = utils.get_resource_without_login(client, 'question',
question.id)
assert response.status_code == 403
def test_no_access_to_question_api_if_control_is_not_associated_with_the_user(
):
question_in = factories.QuestionFactory()
question_out = factories.QuestionFactory()
user = utils.make_audited_user(question_in.theme.questionnaire.control)
assert get_question(user, question_out.id).status_code != 200
def test_can_access_question_api_if_control_is_associated_with_the_user():
question = factories.QuestionFactory()
user = utils.make_audited_user(question.theme.questionnaire.control)
assert get_question(user, question.id).status_code == 200
def question():
return factories.QuestionFactory(choice=choice)
def test_no_access_to_question_api_for_deleted_control():
question = factories.QuestionFactory()
user = utils.make_audited_user(question.theme.questionnaire.control)
question.theme.questionnaire.control.delete()
assert get_question(user, question.id).status_code == 404
def test_audited_cannot_get_a_question_if_questionnaire_is_draft():
question = factories.QuestionFactory()
user = utils.make_audited_user(question.theme.questionnaire.control)
response = get_question(user, question.id)
assert 400 <= response.status_code < 500
def test_no_access_to_question_api_for_anonymous():
question = factories.QuestionFactory()
url = reverse('api:question-detail', args=[question.id])
response = client.get(url)
assert response.status_code == 403