def test_inspector_can_list_question_file_from_draft_questionnaire(): inspector = factories.UserProfileFactory( profile_type=UserProfile.INSPECTOR) published_question_file = factories.QuestionFileFactory() published_questionnaire = published_question_file.question.theme.questionnaire published_questionnaire.is_draft = False published_questionnaire.save() assert Questionnaire.objects.get( id=published_questionnaire.id).is_published inspector.controls.add(published_questionnaire.control) draft_question_file = factories.QuestionFileFactory() draft_questionnaire = draft_question_file.question.theme.questionnaire draft_questionnaire.is_draft = True draft_questionnaire.save() assert Questionnaire.objects.get(id=draft_questionnaire.id).is_draft inspector.controls.add(draft_questionnaire.control) response = list_annexes(inspector.user) assert response.status_code == 200 assert published_question_file.file.name in str(response.content) assert draft_question_file.file.name in str(response.content) assert len(response.data) == 2
def test_cannot_list_question_file_by_question_from_deleted_control(): deleted_question_file = factories.QuestionFileFactory() deleted_control = deleted_question_file.question.theme.questionnaire.control deleted_control.delete() assert Control.objects.get(id=deleted_control.id).is_deleted # Audited audited = factories.UserProfileFactory(profile_type=UserProfile.AUDITED) audited.controls.add(deleted_control) response = list_annexes_for_question(audited.user, deleted_question_file.question.id) assert response.status_code == 200 assert len(response.data) == 0 assert deleted_question_file.file.name not in str(response.content) # Inspector inspector = factories.UserProfileFactory( profile_type=UserProfile.INSPECTOR) inspector.controls.add(deleted_control) response = list_annexes_for_question(inspector.user, deleted_question_file.question.id) assert response.status_code == 200 assert len(response.data) == 0 assert deleted_question_file.file.name not in str(response.content)
def test_download_question_file_fails_if_the_control_is_not_associated_with_the_user( client): question_file = factories.QuestionFileFactory() unauthorized_control = factories.ControlFactory() assert unauthorized_control != question_file.question.theme.questionnaire.control user = utils.make_audited_user(unauthorized_control) utils.login(client, user=user) url = reverse('send-question-file', args=[question_file.id]) response = client.get(url) assert response.status_code != 200
def test_cannot_get_question_file_if_control_is_deleted(): inspector = factories.UserProfileFactory( profile_type=UserProfile.INSPECTOR) question_file = factories.QuestionFileFactory() inspector.controls.add(question_file.question.theme.questionnaire.control) question_file.question.theme.questionnaire.control.delete() # method not allowed assert get_question_file(inspector.user, question_file.id).status_code == 405
def __init__(self, client): question_file = factories.QuestionFileFactory() self.filename = question_file.basename user = utils.make_audited_user( question_file.question.theme.questionnaire.control) utils.login(client, user=user) url = reverse('send-question-file', args=[question_file.id]) self.response = client.get(url)
def test_audited_cannot_get_question_file_from_draft_questionnaire(): audited = factories.UserProfileFactory(profile_type=UserProfile.AUDITED) question_file = factories.QuestionFileFactory() audited.controls.add(question_file.question.theme.questionnaire.control) question_file.question.theme.questionnaire.is_draft = True question_file.question.theme.questionnaire.save() assert Questionnaire.objects.get( id=question_file.question.theme.questionnaire.id).is_draft # method not allowed assert get_question_file(audited.user, question_file.id).status_code == 405
def test_inspector_can_remove_question_file(): inspector = factories.UserProfileFactory(profile_type=UserProfile.INSPECTOR) question_file = factories.QuestionFileFactory() inspector.controls.add(question_file.question.theme.questionnaire.control) utils.login(client, user=inspector.user) url = reverse('api:annexe-detail', args=[question_file.id]) count_before = QuestionFile.objects.count() response = client.delete(url) assert response.status_code == 204 count_after = QuestionFile.objects.count() assert count_after == count_before - 1
def test_audited_cannot_remove_question_file(): audited = factories.UserProfileFactory(profile_type=UserProfile.AUDITED) question_file = factories.QuestionFileFactory() audited.controls.add(question_file.question.theme.questionnaire.control) utils.login(client, user=audited.user) url = reverse('api:annexe-detail', args=[question_file.id]) count_before = QuestionFile.objects.count() response = client.delete(url) assert response.status_code == 403 count_after = QuestionFile.objects.count() assert count_after == count_before
def test_audited_cannot_list_question_file_from_draft_questionnaire(): audited = factories.UserProfileFactory(profile_type=UserProfile.AUDITED) published_question_file = factories.QuestionFileFactory() published_questionnaire = published_question_file.question.theme.questionnaire published_questionnaire.is_draft = False published_questionnaire.save() assert Questionnaire.objects.get( id=published_questionnaire.id).is_published audited.controls.add(published_questionnaire.control) draft_question_file = factories.QuestionFileFactory() draft_questionnaire = draft_question_file.question.theme.questionnaire draft_questionnaire.is_draft = True draft_questionnaire.save() assert Questionnaire.objects.get(id=draft_questionnaire.id).is_draft audited.controls.add(draft_questionnaire.control) response = list_annexes(audited.user) assert response.status_code == 200 assert published_question_file.file.name in str(response.content) assert draft_question_file.file.name not in str(response.content) assert len(response.data) == 1
def test_audited_cannot_update_question_file_from_draft_questionnaire(): audited = factories.UserProfileFactory(profile_type=UserProfile.AUDITED) question_file = factories.QuestionFileFactory() questionnaire = question_file.question.theme.questionnaire audited.controls.add(questionnaire.control) questionnaire.is_draft = True questionnaire.save() assert Questionnaire.objects.get(id=questionnaire.id).is_draft payload = { "id": question_file.id, "question": question_file.question.id + 1 } # Forbidden assert update_question_file(audited.user, payload).status_code == 403
def test_cannot_get_question_file_even_if_user_belongs_to_control(): inspector = factories.UserProfileFactory( profile_type=UserProfile.INSPECTOR) audited = factories.UserProfileFactory(profile_type=UserProfile.AUDITED) question_file = factories.QuestionFileFactory() questionnaire = question_file.question.theme.questionnaire inspector.controls.add(questionnaire.control) audited.controls.add(questionnaire.control) questionnaire.is_draft = False questionnaire.save() assert Questionnaire.objects.get(id=questionnaire.id).is_published # method not allowed assert get_question_file(inspector.user, question_file.id).status_code == 405 assert get_question_file(audited.user, question_file.id).status_code == 405
def test_inspector_cannot_update_question_file_from_published_questionnaire(): inspector = factories.UserProfileFactory( profile_type=UserProfile.INSPECTOR) question_file = factories.QuestionFileFactory() questionnaire = question_file.question.theme.questionnaire inspector.controls.add(questionnaire.control) questionnaire.is_draft = False questionnaire.save() assert Questionnaire.objects.get(id=questionnaire.id).is_published payload = { "id": question_file.id, "question": question_file.question.id + 1 } # method not allowed assert update_question_file(inspector.user, payload).status_code == 405