def test_companies_create_only_fields(user: User): """ Ensures that create-only fields cannot be updated for existing instances. It also acts as general test for the create-only fields functionality. """ client = APIClient() client.force_authenticate(user) # Part one - try creating a company without reg_code (required and create-only field) - this should fail req_data = deepcopy(COMPANIES_CREATE_REQUEST) del req_data['data']['attributes']['reg_code'] resp = client.post(client.reverse('company-list'), data=req_data) validate_jsonapi_error_response(resp, expected_status_code=400) # Part two - create a company with all the necessary fields req_data = deepcopy(COMPANIES_CREATE_REQUEST) resp = client.post(client.reverse('company-list'), data=req_data) resp_data = validate_jsonapi_detail_response(resp, expected_status_code=201) # Ensure everything is as intended req_data_attributes = req_data['data']['attributes'] company = Company.objects.get(id=resp_data['data']['id']) for attr_name in req_data_attributes: assert getattr(company, attr_name) == req_data_attributes[attr_name] # Next, try updating the reg_code, which should be read-only new_reg_code = 123456 assert company.reg_code != new_reg_code patch_data = { "data": { "type": "company", "id": str(company.id), "attributes": { 'reg_code': new_reg_code, }, }, } # Try to update the value - it should be no-op resp = client.patch(client.reverse('company-detail', pk=company.pk), patch_data) validate_jsonapi_detail_response( resp, expected_attributes=ATTRIBUTES_FULL, expected_relationships=RELATIONSHIPS_FULL, ) # Ensure the value in database hasn't been changed refreshed_company = Company.objects.get(id=company.id) assert refreshed_company.reg_code == company.reg_code
def test_create_company_public(): """ Companies cannot be created by anonymous users. """ client = APIClient() resp = client.post(client.reverse('company-list'), data=COMPANIES_CREATE_REQUEST) validate_jsonapi_error_response(resp, expected_status_code=403)
def test_create_employment_public(company: Company): """ Employments cannot be created by anonymous users. """ client = APIClient() req_data = get_employment_create_data_for(company, '*****@*****.**') resp = client.post(client.reverse('employment-list'), data=req_data) validate_jsonapi_error_response(resp, expected_status_code=403)
def test_create_employment_unrelated(user: User, other_company: Company): """ Users who are not employees of a company cannot create employments for that company. """ client = APIClient() client.force_authenticate(user) req_data = get_employment_create_data_for(other_company, '*****@*****.**') resp = client.post(client.reverse('employment-list'), data=req_data) validate_jsonapi_error_response(resp, expected_status_code=400)
def test_create_company(user: User): """ Users should be able to create companies. They should become admin of the created company. """ client = APIClient() client.force_authenticate(user) resp = client.post(client.reverse('company-list'), data=COMPANIES_CREATE_REQUEST) data = validate_jsonapi_detail_response(resp, expected_status_code=201) assert Employment.objects.filter(user=user, company_id=data['data']['id'], role=Employment.ROLE_ADMIN).exists()
def test_create_employment_nonadmin(employment: Employment): """ Users who are not admin in a company cannot create employments for that company. """ company = employment.company user = employment.user employment.role = Employment.ROLE_NORMAL employment.save() client = APIClient() client.force_authenticate(user) req_data = get_employment_create_data_for(company, '*****@*****.**') resp = client.post(client.reverse('employment-list'), data=req_data) validate_jsonapi_error_response(resp, expected_status_code=400)
def test_create_employment(employment: Employment): """ Admin users should be able to create employments in the same company. """ company = employment.company user = employment.user assert employment.role == Employment.ROLE_ADMIN email = '*****@*****.**' assert not User.objects.filter(email=email).exists() client = APIClient() client.force_authenticate(user) req_data = get_employment_create_data_for(company, email) resp = client.post(client.reverse('employment-list'), data=req_data) validate_jsonapi_detail_response(resp, expected_status_code=201) assert User.objects.filter(email=email).exists() assert Employment.objects.filter(user=user, company=company, role=Employment.ROLE_ADMIN).exists()