def test_partner_filtering(self):
"""Users can filter by partner"""
if not self.partner_filtering:
return
# We can't tell if its working unless they have permission to see
# other users' records
user = CtsUserFactory(role=ROLE_MANAGER)
partner1 = self.partner
partner2 = CtsUserFactory(role=ROLE_PARTNER)
partner1_item = self.item_for_partner(partner1)
partner2_item = self.item_for_partner(partner2)
queryset = self.filter_class._meta.model.objects.all()
# Filter to only partner1 items
data = {'partner': partner1.pk}
filter = self.filter_class(data=data, queryset=queryset, user=user)
pks = filter.qs.values_list('pk', flat=True)
self.assertIn(partner1_item.id, pks)
self.assertNotIn(partner2_item.id, pks)
# Filter to only partner2 items
data = {'partner': partner2.pk}
filter = self.filter_class(data=data, queryset=queryset, user=user)
pks = filter.qs.values_list('pk', flat=True)
self.assertNotIn(partner1_item.id, pks)
self.assertIn(partner2_item.id, pks)
def test_user_edit_duplicate_email(self):
user = CtsUserFactory()
user2 = CtsUserFactory()
data = model_to_dict(user)
data['email'] = user2.email
form = CtsUserEditForm(instance=user, data=data)
self.assertFalse(form.is_valid())
self.assertIn('email', form.errors)
def test_update_deviceid(self, mock_ona_form_submissions,
mock_get_form_definition):
# A later scan can update the user/device connection
user2 = CtsUserFactory(code='test2', deviceid='device_foo')
user3 = CtsUserFactory(code='test3', deviceid='device_foo')
submission = json.loads(USER_CODE_DATA)
mock_ona_form_submissions.return_value = [submission]
verify_deviceid.run()
# "new" user now has device
self.assertEqual('device_foo',
CtsUser.objects.get(pk=self.user.pk).deviceid)
# and previous users do not
self.assertEqual('', CtsUser.objects.get(pk=user2.pk).deviceid)
self.assertEqual('', CtsUser.objects.get(pk=user3.pk).deviceid)
def test_is_just_partner(self):
user = CtsUserFactory(role=ROLE_PARTNER, is_superuser=False)
self.assertTrue(user.is_just_partner())
user.role = ROLE_COORDINATOR
user.save()
self.assertFalse(user.is_just_partner())
user.role = ROLE_PARTNER
user.is_superuser = True
user.save()
self.assertFalse(user.is_just_partner())
user = CtsUserFactory(role=ROLE_PARTNER, is_superuser=False)
self.assertTrue(user.is_just_partner())
manager_group = Group.objects.get(name=ROLE_MANAGER)
user.groups.add(manager_group)
self.assertFalse(user.is_just_partner())
def test_list(self):
user = CtsUserFactory()
rsp = self.client.get(reverse('user_list'))
self.assertEqual(200, rsp.status_code)
self.assertContains(rsp,
user.name,
msg_prefix=rsp.content.decode('utf-8'))
def setUp(self):
super(KitDeleteViewTest, self).setUp()
self.user = CtsUserFactory(email="*****@*****.**",
password="******",
role=ROLE_COORDINATOR)
assert self.client.login(email="*****@*****.**", password="******")
assert self.user.has_perm('shipments.delete_kit')
def setUp(self):
super(ReportTestMixin, self).setUp()
self.user = CtsUserFactory(email="*****@*****.**")
self.user.set_password("password")
self.user.save()
assert self.client.login(email="*****@*****.**", password="******")
self.url = reverse(self.report_class.get_report_url_name())
def test_just_partner(self):
# Partner may not view another's shipment
self.just_partner()
user2 = CtsUserFactory()
self.shipment.partner = user2
self.shipment.save()
rsp = self.client.get(self.url)
self.assertEqual(404, rsp.status_code)
def test_just_partner_get_other(self):
# Partner may not view other partners' shipments
# Just acts like it's not there (404)
self.just_partner()
partner = CtsUserFactory(role=ROLE_PARTNER)
self.shipment.partner = partner
self.shipment.save()
rsp = self.client.get(self.url)
self.assert404(rsp)
def can_see_other_partners_records(self, user):
"""Return True if the user can see other partners' records"""
other_partner = CtsUserFactory(role=ROLE_PARTNER)
item = self.item_for_partner(other_partner)
queryset = self.filter_class._meta.model.objects.all()
filter = self.filter_class(data={}, queryset=queryset, user=user)
pks = filter.qs.values_list('pk', flat=True)
return item.id in pks
def test_just_partner(self):
# Partner may not view another's shipment
self.url = reverse('summary_manifests',
kwargs={'pk': self.shipment.pk})
self.just_partner()
self.shipment.partner = CtsUserFactory()
self.shipment.save()
rsp = self.client.get(self.url)
self.assertEqual(404, rsp.status_code)
def test_just_partner(self):
# Partner may view a shipment's package items, but only if it's the user's shipment
self.just_partner()
rsp = self.client.get(self.url)
self.assertEqual(200, rsp.status_code)
self.shipment.partner = CtsUserFactory()
self.shipment.save()
rsp = self.client.get(self.url)
self.assertEqual(404, rsp.status_code)
def test_post_user(self):
# The API is read-only. Any POST should return a 405
user = CtsUserFactory(name="barney fife")
rsp = self.call_api('/api/auth/users/%d/' % user.pk)
self.assertEqual(200, rsp.status_code)
data = json.loads(rsp.content)
data['name'] = "Freddy Fife"
rsp = self.post_api('/api/auth/users/%d/' % user.pk, data=data)
self.assertEqual(405, rsp.status_code)
def test_hex_color(self):
# missing #
user = CtsUserFactory(colour='555aaa')
with self.assertRaises(ValidationError):
user.full_clean()
# not 3 or 6
user = CtsUserFactory(colour='#5544')
with self.assertRaises(ValidationError):
user.full_clean()
# alpha out of range
user = CtsUserFactory(colour='#JJJKKK')
with self.assertRaises(ValidationError):
user.full_clean()
# short version
user.colour = '#FFF'
user.full_clean()
# long version
user.colour = '#FFFCCC'
user.full_clean()
def test_reset_api_token_post_without_permission(self):
self.user.role = ROLE_PARTNER # least permissions
self.user.save()
user = CtsUserFactory()
original_token = user.auth_token.key
url = reverse('reset_api_token', kwargs={'pk': user.pk})
rsp = self.client.post(url)
self.assertEqual(403, rsp.status_code)
user = CtsUser.objects.get(pk=user.pk)
self.assertEqual(original_token, user.auth_token.key)
def test_just_partner(self):
# Partner may not view another's shipment
# For this view, means other shipments are omitted from the view
self.just_partner()
self.shipment.partner = CtsUserFactory()
self.shipment.save()
rsp = self.client.get(self.url)
context = rsp.context
shipments = context['shipments']
self.assertNotIn(self.shipment, shipments)
def test_user_edit(self):
user = CtsUserFactory()
data = model_to_dict(user)
data['mobile'] = '+1134234'
form = CtsUserEditForm(instance=user, data=data)
self.assertTrue(form.is_valid())
user = form.save()
user = CtsUser.objects.get(pk=user.pk)
self.assertEqual(data['mobile'], user.mobile)
def test_duplicate_email(self):
data = {
'email': '*****@*****.**',
'password1': 'password',
'password2': 'password',
}
initial = {'is_active': True, 'name': '', 'email': ''}
CtsUserFactory(email=data['email'])
form = CtsUserCreationForm(initial=initial, data=data)
self.assertFalse(form.is_valid())
self.assertIn('email', form.errors)
def test_mobile_validator(self):
# text
user = CtsUserFactory(mobile='555aaa')
with self.assertRaises(ValidationError):
user.full_clean()
# optional +
user.mobile = '+555'
user.full_clean()
# optional -
user.mobile = '555-555-555'
user.full_clean()
def test_create_duplicate_email(self):
data = {
'name': 'test',
'email': '*****@*****.**',
'mobile': '999',
'skype': 'testtest',
'role': ROLE_PARTNER,
'is_active': True,
}
CtsUserFactory(email=data['email'])
url = reverse('new_cts_user_modal')
rsp = self.client.post(url, data=data)
self.assertEqual(400, rsp.status_code)
def test_just_partner(self):
# Partner may not view another's shipment
self.just_partner()
self.shipment.partner = CtsUserFactory()
self.shipment.save()
self.url = reverse('package_barcodes',
kwargs={
'pk': self.shipment.pk,
'size': 6,
'labels': '3,4'
})
rsp = self.client.get(self.url)
self.assertEqual(404, rsp.status_code)
def test_post_good(self):
partner = CtsUserFactory(role=ROLE_PARTNER)
data = {
'description': 'DESCRIPTION',
'shipment_date': force_text(timezone.now().date()),
'estimated_delivery': 2,
'partner': partner.id,
'store_release': 'foo'
}
rsp = self.client.post(reverse('create_shipment'), data=data)
if rsp.status_code == 400:
self.fail(rsp.context['form'].errors)
new_shipment = Shipment.objects.exclude(pk=self.shipment.pk).get()
next_url = reverse('edit_shipment', kwargs={'pk': new_shipment.pk})
self.assertRedirects(rsp, next_url)
self.assertEqual('DESCRIPTION', new_shipment.description)
def test_post_good(self):
partner = CtsUserFactory(role=ROLE_PARTNER)
data = {
'description': 'DESCRIPTION',
'shipment_date': force_text(timezone.now().date()),
'estimated_delivery': 2,
'partner': partner.id,
'store_release': 'foo'
}
rsp = self.client.post(self.url, data=data)
if rsp.status_code == 400:
self.fail(rsp.context['form'].errors)
self.assertRedirects(rsp,
reverse('edit_shipment', args=[self.shipment.pk]))
shipment = Shipment.objects.get(pk=self.shipment.pk)
self.assertEqual(data['description'], shipment.description)
def test_delete(self):
# Delete a user
# Need to be logged in as one user, then delete another user
user = CtsUserFactory()
url = reverse('user_delete', args=[user.pk])
rsp = self.client.get(url)
self.assertEqual(200, rsp.status_code)
self.assertContains(rsp, 'Confirm')
CtsUser.objects.get(pk=user.pk)
# Now delete it!
# Should really just change them to not active.
rsp = self.client.post(url)
if rsp.status_code == 400:
self.fail(rsp.context['form'].errors)
self.assertRedirects(rsp, reverse('user_list'))
user = CtsUser.objects.get(pk=user.pk)
self.assertFalse(user.is_active)
def test_save_sets_groups(self):
user = CtsUserFactory(role=ROLE_PARTNER)
self.assertTrue(user.groups.filter(name=ROLE_PARTNER).exists())
self.assertFalse(user.groups.filter(name=ROLE_OFFICER).exists())
self.assertFalse(user.groups.filter(name=ROLE_COORDINATOR).exists())
user.role = ROLE_OFFICER
user.save()
self.assertFalse(user.groups.filter(name=ROLE_PARTNER).exists())
self.assertTrue(user.groups.filter(name=ROLE_OFFICER).exists())
self.assertFalse(user.groups.filter(name=ROLE_COORDINATOR).exists())
user.role = ROLE_COORDINATOR
user.save()
self.assertFalse(user.groups.filter(name=ROLE_PARTNER).exists())
self.assertTrue(user.groups.filter(name=ROLE_OFFICER).exists())
self.assertTrue(user.groups.filter(name=ROLE_COORDINATOR).exists())
user.role = ROLE_PARTNER
user.save()
self.assertTrue(user.groups.filter(name=ROLE_PARTNER).exists())
self.assertFalse(user.groups.filter(name=ROLE_OFFICER).exists())
self.assertFalse(user.groups.filter(name=ROLE_COORDINATOR).exists())
def test_skype_validator(self):
# space
user = CtsUserFactory(skype='aaa aaa')
with self.assertRaises(ValidationError):
user.full_clean()
# starts with non-letter
user.skype = '$asdfasdf'
with self.assertRaises(ValidationError):
user.full_clean()
# < 5 chars
user.skype = 'asdff'
with self.assertRaises(ValidationError):
user.full_clean()
# > 32 chars
user.skype = ''.join(
random.choice(string.lowercase) for i in range(33))
with self.assertRaises(ValidationError):
user.full_clean()
user.skype = ''.join(
random.choice(string.lowercase) for i in range(10))
user.full_clean()
def setUp(self):
super(TestReportList, self).setUp()
self.user = CtsUserFactory(email="*****@*****.**")
self.user.set_password("password")
self.user.save()
assert self.client.login(email="*****@*****.**", password="******")
def setUp(self):
self.user = CtsUserFactory(code=QR_CODE)
reset_bad_form_ids()
forget_form_definitions()
def test_has_role(self):
user = CtsUserFactory(role=ROLE_PARTNER)
self.assertTrue(user.has_role(ROLE_PARTNER))
self.assertFalse(user.has_role(ROLE_COORDINATOR))
user.groups.add(Group.objects.get(name=ROLE_COORDINATOR))
self.assertTrue(user.has_role(ROLE_COORDINATOR))
def setUp(self):
self.user = CtsUserFactory(email='*****@*****.**', password='******')
assert self.client.login(email='*****@*****.**', password="******")
