def test_companies_create_only_fields(user: User):
""" Ensures that create-only fields cannot be updated for existing instances.
It also acts as general test for the create-only fields functionality.
"""
client = APIClient()
client.force_authenticate(user)
# Part one - try creating a company without reg_code (required and create-only field) - this should fail
req_data = deepcopy(COMPANIES_CREATE_REQUEST)
del req_data['data']['attributes']['reg_code']
resp = client.post(client.reverse('company-list'), data=req_data)
validate_jsonapi_error_response(resp, expected_status_code=400)
# Part two - create a company with all the necessary fields
req_data = deepcopy(COMPANIES_CREATE_REQUEST)
resp = client.post(client.reverse('company-list'), data=req_data)
resp_data = validate_jsonapi_detail_response(resp,
expected_status_code=201)
# Ensure everything is as intended
req_data_attributes = req_data['data']['attributes']
company = Company.objects.get(id=resp_data['data']['id'])
for attr_name in req_data_attributes:
assert getattr(company, attr_name) == req_data_attributes[attr_name]
# Next, try updating the reg_code, which should be read-only
new_reg_code = 123456
assert company.reg_code != new_reg_code
patch_data = {
"data": {
"type": "company",
"id": str(company.id),
"attributes": {
'reg_code': new_reg_code,
},
},
}
# Try to update the value - it should be no-op
resp = client.patch(client.reverse('company-detail', pk=company.pk),
patch_data)
validate_jsonapi_detail_response(
resp,
expected_attributes=ATTRIBUTES_FULL,
expected_relationships=RELATIONSHIPS_FULL,
)
# Ensure the value in database hasn't been changed
refreshed_company = Company.objects.get(id=company.id)
assert refreshed_company.reg_code == company.reg_code
def test_create_company_public():
""" Companies cannot be created by anonymous users.
"""
client = APIClient()
resp = client.post(client.reverse('company-list'),
data=COMPANIES_CREATE_REQUEST)
validate_jsonapi_error_response(resp, expected_status_code=403)
def test_create_employment_public(company: Company):
""" Employments cannot be created by anonymous users.
"""
client = APIClient()
req_data = get_employment_create_data_for(company, '*****@*****.**')
resp = client.post(client.reverse('employment-list'), data=req_data)
validate_jsonapi_error_response(resp, expected_status_code=403)
def test_create_employment_unrelated(user: User, other_company: Company):
""" Users who are not employees of a company cannot create employments for that company.
"""
client = APIClient()
client.force_authenticate(user)
req_data = get_employment_create_data_for(other_company,
'*****@*****.**')
resp = client.post(client.reverse('employment-list'), data=req_data)
validate_jsonapi_error_response(resp, expected_status_code=400)
def test_create_company(user: User):
""" Users should be able to create companies. They should become admin of the created company.
"""
client = APIClient()
client.force_authenticate(user)
resp = client.post(client.reverse('company-list'),
data=COMPANIES_CREATE_REQUEST)
data = validate_jsonapi_detail_response(resp, expected_status_code=201)
assert Employment.objects.filter(user=user,
company_id=data['data']['id'],
role=Employment.ROLE_ADMIN).exists()
def test_create_employment_nonadmin(employment: Employment):
""" Users who are not admin in a company cannot create employments for that company.
"""
company = employment.company
user = employment.user
employment.role = Employment.ROLE_NORMAL
employment.save()
client = APIClient()
client.force_authenticate(user)
req_data = get_employment_create_data_for(company, '*****@*****.**')
resp = client.post(client.reverse('employment-list'), data=req_data)
validate_jsonapi_error_response(resp, expected_status_code=400)
def test_create_employment(employment: Employment):
""" Admin users should be able to create employments in the same company.
"""
company = employment.company
user = employment.user
assert employment.role == Employment.ROLE_ADMIN
email = '*****@*****.**'
assert not User.objects.filter(email=email).exists()
client = APIClient()
client.force_authenticate(user)
req_data = get_employment_create_data_for(company, email)
resp = client.post(client.reverse('employment-list'), data=req_data)
validate_jsonapi_detail_response(resp, expected_status_code=201)
assert User.objects.filter(email=email).exists()
assert Employment.objects.filter(user=user,
company=company,
role=Employment.ROLE_ADMIN).exists()
