def setUp(self):
super().setUp()
self.report_summary = self.create_picklist_item(
"Report Summary", self.team, PicklistType.REPORT_SUMMARY,
PickListStatus.ACTIVE)
self.good_1 = GoodFactory(
organisation=self.organisation,
flags=[FlagFactory(level=FlagLevels.GOOD, team=self.team)])
self.good_2 = GoodFactory(organisation=self.organisation)
role = Role(name="review_goods")
role.permissions.set([constants.GovPermissions.REVIEW_GOODS.name])
role.save()
self.gov_user.role = role
self.gov_user.save()
self.application = self.create_draft_standard_application(
organisation=self.organisation)
self.good_on_application_1 = GoodOnApplication.objects.create(
good=self.good_1,
application=self.application,
quantity=10,
unit=Units.NAR,
value=500)
self.good_on_application_2 = GoodOnApplication.objects.create(
good=self.good_2,
application=self.application,
quantity=10,
unit=Units.NAR,
value=500)
self.case = self.submit_application(self.application)
self.url = reverse_lazy("goods:control_list_entries",
kwargs={"case_pk": self.case.id})
def test_change_role_of_a_gov_user(self):
self.gov_user.role = self.default_role
self.gov_user.save()
# create a second user to adopt the super user role as it will overwrite the save during the edit of the first user
valid_user = GovUserFactory(
baseuser_ptr__email="*****@*****.**",
baseuser_ptr__first_name="John",
baseuser_ptr__last_name="Smith",
team=self.team,
)
valid_user.save()
role = Role(name="some role")
role.permissions.set(
[constants.GovPermissions.MANAGE_LICENCE_FINAL_ADVICE.name])
role.save()
data = {"role": role.id}
url = reverse("gov_users:gov_user", kwargs={"pk": self.gov_user.pk})
response = self.client.put(url, data, **self.gov_headers)
response_data = response.json()
self.assertEqual(response.status_code, status.HTTP_200_OK)
self.assertEqual(response_data["gov_user"]["role"], str(role.id))
def setUp(self):
super().setUp()
self.standard_application = self.create_draft_standard_application(
self.organisation)
self.good = self.standard_application.goods.first().good
self.standard_case = self.submit_application(self.standard_application)
team_2 = Team(name="2")
team_3 = Team(name="3")
team_2.save()
team_3.save()
role = Role(name="team_level")
role.permissions.set([
constants.GovPermissions.MANAGE_LICENCE_FINAL_ADVICE.name,
constants.GovPermissions.MANAGE_TEAM_ADVICE.name,
constants.GovPermissions.MANAGE_TEAM_CONFIRM_OWN_ADVICE.name,
constants.GovPermissions.MANAGE_LICENCE_FINAL_ADVICE.name,
constants.GovPermissions.MANAGE_TEAM_ADVICE.name,
])
role.save()
self.gov_user.role = role
self.gov_user.save()
self.gov_user_2 = GovUserFactory(baseuser_ptr__email="*****@*****.**",
team=team_2,
role=role)
self.gov_user_3 = GovUserFactory(baseuser_ptr__email="*****@*****.**",
team=team_3,
role=role)
self.standard_case_url = reverse("cases:case_final_advice",
kwargs={"pk": self.standard_case.id})
def test_get_list_of_all_roles_as_super_user(self):
self.gov_user.role = self.super_user_role
self.gov_user.save()
role = Role(name="some")
role.permissions.set([constants.GovPermissions.MANAGE_LICENCE_FINAL_ADVICE.name])
role.save()
initial_roles_count = Role.objects.filter(type=UserType.INTERNAL).count()
response = self.client.get(self.url, **self.gov_headers)
response_data = response.json()
self.assertEqual(response.status_code, status.HTTP_200_OK)
self.assertEqual(len(response_data["roles"]), initial_roles_count)
def setUp(self):
super().setUp()
self.standard_application = self.create_draft_standard_application(self.organisation)
self.standard_case = self.submit_application(self.standard_application)
role = Role(name="team_level")
role.permissions.set([constants.GovPermissions.MANAGE_TEAM_CONFIRM_OWN_ADVICE.name])
role.save()
self.gov_user.role = role
self.gov_user.save()
self.url = reverse("cases:team_advice", kwargs={"pk": self.standard_case.id})
def test_cannot_change_another_users_role_to_one_the_request_user_does_not_have_access_to(
self):
user_role = Role(name="new role", organisation=self.organisation)
user_role.permissions.set(
[constants.ExporterPermissions.ADMINISTER_USERS.name])
user_role.save()
second_user_role = Role(name="new role",
organisation=self.organisation)
second_user_role.permissions.set([
constants.ExporterPermissions.ADMINISTER_USERS.name,
constants.ExporterPermissions.ADMINISTER_SITES.name
])
second_user_role.save()
self.exporter_user.set_role(self.organisation, user_role)
second_user = self.create_exporter_user(self.organisation)
response = self.client.put(
reverse(
"organisations:user",
kwargs={
"org_pk": self.organisation.id,
"user_pk": second_user.pk
},
),
data={"role": str(second_user_role.id)},
**self.exporter_headers,
)
self.assertEqual(response.status_code, status.HTTP_403_FORBIDDEN)
self.assertNotEqual(second_user.get_role(self.organisation),
second_user_role)
def test_user_can_only_see_permissions_user_already_has_in_current_role(self, permissions):
user_role = Role(name="new role")
user_role.permissions.set(permissions)
user_role.save()
self.gov_user.role = user_role
self.gov_user.save()
url = reverse("gov_users:permissions")
response = self.client.get(url, **self.gov_headers)
response_data = response.json()["permissions"]
self.assertEqual(response.status_code, status.HTTP_200_OK)
self.assertEqual(len(response_data), len(permissions))
for permission in permissions:
self.assertIn(permission, [p["id"] for p in response_data])
def test_only_see_permissions_user_already_has(self, permissions):
user_role = Role(name="new role", organisation=self.organisation)
user_role.permissions.set(permissions)
user_role.save()
self.exporter_user.set_role(self.organisation, user_role)
url = reverse("organisations:permissions")
response = self.client.get(url, **self.exporter_headers)
response_data = response.json()["permissions"]
self.assertEqual(response.status_code, status.HTTP_200_OK)
self.assertEqual(len(response_data), len(permissions))
for permission in permissions:
self.assertIn(permission, [p["id"] for p in response_data])
def test_cannot_edit_role_without_permission(self):
role = Role(name="some",
organisation=self.organisation,
type=UserType.EXPORTER)
role.save()
url = reverse("organisations:role",
kwargs={
"org_pk": self.organisation.id,
"pk": role.id
})
data = {"permissions": [ExporterPermissions.ADMINISTER_USERS.name]}
response = self.client.put(url, data, **self.exporter_headers)
self.assertEqual(response.status_code, status.HTTP_403_FORBIDDEN)
self.assertEqual(
Role.objects.get(id=role.id).permissions.values().count(), 0)
def test_role_name_must_be_unique(self, data):
self.gov_user.role = self.super_user_role
self.gov_user.save()
Role(name="this is a name").save()
initial_roles_count = Role.objects.count()
response = self.client.post(self.url, data, **self.gov_headers)
self.assertEqual(response.status_code, status.HTTP_400_BAD_REQUEST)
self.assertEqual(Role.objects.all().count(), initial_roles_count)
def test_goods_flag_before_and_after_reviewing_good(self):
"""Tests applying of flagging rule with a matching group and excluding entry.
Reviews the good and updates the entry to match with excluding entry and ensures that
the flag is now cleared after review.
"""
flag = self.create_flag(name="good flag", level=FlagLevels.GOOD, team=self.team)
case = self.create_mod_clearance_application(self.organisation, CaseTypeEnum.EXHIBITION)
self.submit_application(case)
good = GoodOnApplication.objects.filter(application_id=case.id).first().good
good.control_list_entries.set(ControlListEntry.objects.filter(rating="ML8a"))
good.save()
self.create_flagging_rule(
level=FlagLevels.GOOD,
team=self.team,
flag=flag,
matching_values=[],
matching_groups=["ML8"],
excluded_values=["ML8b"],
)
apply_flagging_rules_to_case(case)
self.assertEqual(good.flags.count(), 1)
role = Role(name="review_goods")
role.permissions.set([constants.GovPermissions.REVIEW_GOODS.name])
role.save()
self.gov_user.role = role
self.gov_user.save()
self.url = reverse_lazy("goods:control_list_entries", kwargs={"case_pk": case.id})
data = {
"objects": [good.id],
"comment": "Update rating to match with flag excluded value",
"report_summary": "test report summary",
"control_list_entries": ["ML8b"],
"is_good_controlled": True,
}
response = self.client.post(self.url, data, **self.gov_headers)
self.assertEquals(response.status_code, status.HTTP_200_OK)
self.assertEqual(good.flags.count(), 0)
def test_get_list_of_all_roles_as_exporter_super_user(self):
self.exporter_user.set_role(self.organisation,
self.exporter_super_user_role)
initial_roles_count = Role.objects.filter(
type=UserType.EXPORTER).count()
url = reverse("organisations:roles_views",
kwargs={"org_pk": self.organisation.id})
role = Role(name="some",
organisation=self.organisation,
type=UserType.EXPORTER)
role.save()
response = self.client.get(url, **self.exporter_headers)
response_data = response.json()
self.assertEqual(response.status_code, status.HTTP_200_OK)
self.assertEqual(len(response_data["results"]),
initial_roles_count + 1)
def test_role_name_must_be_unique(self, data):
self.exporter_user.set_role(self.organisation,
self.exporter_super_user_role)
Role(name="this is a name", organisation=self.organisation).save()
initial_roles_count = Role.objects.count()
url = reverse("organisations:roles_views",
kwargs={"org_pk": self.organisation.id})
response = self.client.post(url, data, **self.exporter_headers)
self.assertEqual(response.status_code, status.HTTP_400_BAD_REQUEST)
self.assertEqual(Role.objects.all().count(), initial_roles_count)
def test_edit_a_role(self):
self.exporter_user.set_role(self.organisation,
self.exporter_super_user_role)
role = Role(name="some",
organisation=self.organisation,
type=UserType.EXPORTER)
role.save()
url = reverse("organisations:role",
kwargs={
"org_pk": self.organisation.id,
"pk": role.id
})
data = {"permissions": [ExporterPermissions.ADMINISTER_USERS.name]}
response = self.client.put(url, data, **self.exporter_headers)
self.assertEqual(response.status_code, status.HTTP_200_OK)
self.assertTrue(
ExporterPermissions.ADMINISTER_USERS.name in Role.objects.get(
id=role.id).permissions.values_list("id", flat=True))
def setUp(self):
super().setUp()
self.query = self.create_pv_grading_query("This is a widget",
self.organisation)
role = Role(name="review_goods")
role.permissions.set(
[constants.GovPermissions.RESPOND_PV_GRADING.name])
role.save()
self.gov_user.role = role
self.gov_user.save()
self.url = reverse("queries:goods_queries:pv_grading_query_response",
kwargs={"pk": self.query.pk})
self.data = {
"prefix": "abc",
"grading": PvGrading.UK_SECRET,
"suffix": "123",
"comment": "the good is graded",
}
def setUp(self):
super().setUp()
self.report_summary = self.create_picklist_item(
"Report Summary", self.team, PicklistType.REPORT_SUMMARY,
PickListStatus.ACTIVE)
role = Role(name="review_goods")
role.permissions.set([constants.GovPermissions.REVIEW_GOODS.name])
role.save()
self.gov_user.role = role
self.gov_user.save()
self.application = self.create_draft_open_application(
organisation=self.organisation)
self.good_1 = GoodsTypeFactory(application=self.application)
self.good_1.flags.add(self.create_flag("New Flag", "Good", self.team))
self.good_2 = GoodsTypeFactory(application=self.application)
self.case = self.submit_application(self.application)
self.url = reverse_lazy("goods:control_list_entries",
kwargs={"case_pk": self.case.id})
def setUp(self):
super().setUp()
self.report_summary = self.create_picklist_item(
"Report Summary", self.team, PicklistType.REPORT_SUMMARY,
PickListStatus.ACTIVE)
self.query = self.create_clc_query("This is a widget",
self.organisation)
role = Role(name="review_goods")
role.permissions.set([constants.GovPermissions.REVIEW_GOODS.name])
role.save()
self.gov_user.role = role
self.gov_user.save()
self.url = reverse("queries:goods_queries:clc_query_response",
kwargs={"pk": self.query.pk})
self.data = {
"comment": "I Am Easy to Find",
"report_summary": self.report_summary.pk,
"control_list_entries": ["ML1a"],
"is_good_controlled": "yes",
}
def setUp(self):
super().setUp()
role = Role(name="review_goods")
role.permissions.set([
constants.GovPermissions.REVIEW_GOODS.name,
constants.GovPermissions.RESPOND_PV_GRADING.name
])
role.save()
self.gov_user.role = role
self.gov_user.save()
self.report_summary = self.create_picklist_item(
"Report Summary", self.team, PicklistType.REPORT_SUMMARY,
PickListStatus.ACTIVE)
self.pv_graded_and_controlled_good = self.create_good(
description="This is a good",
organisation=self.organisation,
is_good_controlled=None,
is_pv_graded=GoodPvGraded.GRADING_REQUIRED,
)
self.clc_and_pv_query = GoodsQuery.objects.create(
clc_raised_reasons="some clc reasons",
pv_grading_raised_reasons="some pv reasons",
good=self.pv_graded_and_controlled_good,
organisation=self.organisation,
case_type_id=CaseTypeEnum.GOODS.id,
status=get_starting_status(is_clc_required=True),
)
self.clc_and_pv_query.flags.set([
Flag.objects.get(id=SystemFlags.GOOD_CLC_QUERY_ID),
Flag.objects.get(id=SystemFlags.GOOD_PV_GRADING_QUERY_ID),
])
self.clc_and_pv_query.save()
def test_cannot_change_own_role(self):
user_role = Role(name="new role", organisation=self.organisation)
user_role.permissions.set(
[constants.ExporterPermissions.ADMINISTER_USERS.name])
user_role.save()
self.exporter_user.set_role(self.organisation, user_role)
response = self.client.put(
reverse(
"organisations:user",
kwargs={
"org_pk": self.organisation.id,
"user_pk": self.exporter_user.pk
},
),
data={"role": str(constants.Roles.EXPORTER_DEFAULT_ROLE_ID)},
**self.exporter_headers,
)
self.assertEqual(response.status_code, status.HTTP_400_BAD_REQUEST)
self.assertNotEqual(
self.exporter_user.get_role(self.organisation),
Role.objects.get(id=constants.Roles.EXPORTER_DEFAULT_ROLE_ID),
)
def test_role_name_not_have_to_be_unique_different_organisations(self):
self.exporter_user.set_role(self.organisation,
self.exporter_super_user_role)
org, _ = self.create_organisation_with_exporter_user()
role_name = "duplicate name"
Role(name=role_name, organisation=org, type=UserType.EXPORTER).save()
data = {"name": role_name, "permissions": []}
url = reverse("organisations:roles_views",
kwargs={"org_pk": self.organisation.id})
response = self.client.post(url, data, **self.exporter_headers)
self.assertEqual(response.status_code, status.HTTP_201_CREATED)
self.assertEqual(Role.objects.filter(name=role_name).count(), 2)
def test_can_change_another_users_role_to_newly_created_role(self):
user_role = Role(name="new role one",
organisation=self.organisation,
type=UserType.EXPORTER)
user_role.permissions.set(
[constants.ExporterPermissions.ADMINISTER_USERS.name])
user_role.save()
second_user_role = Role(name="new role two",
organisation=self.organisation,
type=UserType.EXPORTER)
second_user_role.save()
self.exporter_user.set_role(self.organisation, user_role)
second_user = self.create_exporter_user(self.organisation)
response = self.client.put(
reverse(
"organisations:user",
kwargs={
"org_pk": self.organisation.id,
"user_pk": second_user.pk
},
),
data={"role": second_user_role.id},
**self.exporter_headers,
)
response_body = response.json()
second_user.refresh_from_db()
self.assertEqual(response.status_code, status.HTTP_200_OK)
self.assertNotEqual(second_user.get_role(self.organisation), user_role)
self.assertEqual(response_body["user_relationship"]["role"],
str(second_user_role.id))
self.assertEqual(response_body["user_relationship"]["status"]["key"],
"Active")
self.assertEqual(response_body["user_relationship"]["status"]["value"],
"Active")
paid=False,
date=date(2019, 10, 15),
amount=10000)
bill3 = Bills(bill_number="102",
client=client2,
cashier="Cashier 1",
paid=False,
date=date(2019, 10, 15),
amount=10000)
db_session.add(bill1)
db_session.add(bill2)
db_session.add(bill3)
db_session.commit()
role1 = Role(name="admin", description="Administration Privileges")
role2 = Role(name="user", description="User Privileges")
db_session.add(role1)
db_session.add(role2)
db_session.commit()
user1 = User(
email="*****@*****.**",
username="******",
password="******")
user2 = User(
email="*****@*****.**",
username="******",
password="******")
def test_only_see_roles_user_has_all_permissions_for_1_permission(self):
permissions = [constants.ExporterPermissions.ADMINISTER_USERS.name]
user_role = Role(name="new role", organisation=self.organisation)
user_role.permissions.set(permissions)
user_role.save()
self.exporter_user.set_role(self.organisation, user_role)
url = reverse("organisations:roles_views",
kwargs={"org_pk": self.organisation.id})
# Create a new role, each with a singular different permission
for permission in Permission.exporter.all():
role = Role(name=str(permission.id),
organisation=self.organisation)
role.permissions.set([permission.id])
role.save()
second_role = Role(name="multi permission role",
organisation=self.organisation)
second_role.permissions.set([
constants.ExporterPermissions.ADMINISTER_USERS.name,
constants.ExporterPermissions.ADMINISTER_SITES.name,
constants.ExporterPermissions.EXPORTER_ADMINISTER_ROLES.name,
])
second_role.save()
response = self.client.get(url, **self.exporter_headers)
response_data = response.json()["results"]
self.assertEqual(response.status_code, status.HTTP_200_OK)
self.assertEqual(len(response_data), 3)
self.assertIn(
str(
Role.objects.get(name=constants.ExporterPermissions.
ADMINISTER_USERS.name).id),
str(response_data))
def test_only_roles_that_a_user_sees_are_roles_with_a_subset_of_the_permissions_of_the_users_own_role_min(self):
permissions = [constants.GovPermissions.MANAGE_TEAM_ADVICE.name]
user_role = Role(name="new role")
user_role.permissions.set(permissions)
user_role.save()
self.gov_user.role = user_role
self.gov_user.save()
# Create a new role, each with a singular different permission
for permission in Permission.internal.all():
role = Role(name=str(permission.id))
role.permissions.set([permission.id])
role.save()
second_role = Role(name="multi permission role")
second_role.permissions.set(
[
constants.GovPermissions.MANAGE_TEAM_ADVICE.name,
constants.GovPermissions.MANAGE_LICENCE_FINAL_ADVICE.name,
constants.GovPermissions.REVIEW_GOODS.name,
]
)
second_role.save()
response = self.client.get(self.url, **self.gov_headers)
response_data = response.json()["roles"]
self.assertEqual(response.status_code, status.HTTP_200_OK)
self.assertEqual(len(response_data), 3)
self.assertIn(
str(Role.objects.get(name=constants.GovPermissions.MANAGE_TEAM_ADVICE.name).id), str(response_data)
)
class CreateCaseTeamAdviceTests(DataTestClient):
def setUp(self):
super().setUp()
self.standard_application = self.create_draft_standard_application(self.organisation)
self.good = self.standard_application.goods.first().good
self.standard_case = self.submit_application(self.standard_application)
self.role = Role(name="team_level")
self.role.permissions.set(
[
constants.GovPermissions.MANAGE_TEAM_ADVICE.name,
constants.GovPermissions.MANAGE_TEAM_CONFIRM_OWN_ADVICE.name,
]
)
self.role.save()
self.gov_user.role = self.role
self.gov_user.save()
self.gov_user_2 = GovUserFactory(baseuser_ptr__email="*****@*****.**", team=self.team, role=self.role)
self.gov_user_3 = GovUserFactory(baseuser_ptr__email="*****@*****.**", team=self.team, role=self.role)
self.open_application = self.create_draft_open_application(self.organisation)
self.open_case = self.submit_application(self.open_application)
self.standard_case_url = reverse("cases:team_advice", kwargs={"pk": self.standard_case.id})
self.open_case_url = reverse("cases:team_advice", kwargs={"pk": self.open_case.id})
def test_advice_is_concatenated_when_team_advice_first_created(self):
"""
Team advice is created on first call
"""
self.create_advice(self.gov_user, self.standard_case, "end_user", AdviceType.PROVISO, AdviceLevel.TEAM)
self.create_advice(self.gov_user_2, self.standard_case, "end_user", AdviceType.PROVISO, AdviceLevel.TEAM)
self.create_advice(self.gov_user, self.standard_case, "good", AdviceType.NO_LICENCE_REQUIRED, AdviceLevel.TEAM)
self.create_advice(
self.gov_user_2, self.standard_case, "good", AdviceType.NO_LICENCE_REQUIRED, AdviceLevel.TEAM
)
response = self.client.get(self.standard_case_url, **self.gov_headers)
response_data = response.json()["advice"]
self.assertEqual(response.status_code, status.HTTP_200_OK)
self.assertEqual(len(response_data), 2)
end_user, good = None, None
for data in response_data:
if data.get("end_user"):
end_user = data.get("type").get("key")
elif data.get("good"):
good = data.get("type").get("key")
self.assertEqual(end_user, AdviceType.PROVISO)
self.assertEqual(good, AdviceType.NO_LICENCE_REQUIRED)
def test_create_conflicting_team_advice_shows_all_fields(self):
"""
The type should show conflicting if there are conflicting types in the advice on a single object
"""
self.create_advice(self.gov_user, self.standard_case, "good", AdviceType.NO_LICENCE_REQUIRED, AdviceLevel.USER)
self.create_advice(self.gov_user_2, self.standard_case, "good", AdviceType.REFUSE, AdviceLevel.USER)
self.create_advice(self.gov_user_3, self.standard_case, "good", AdviceType.PROVISO, AdviceLevel.USER)
response = self.client.get(self.standard_case_url, **self.gov_headers)
response_data = response.json()["advice"][0]
self.assertEqual(response_data.get("type").get("key"), "conflicting")
self.assertEqual(response_data.get("proviso"), "I am easy to proviso")
self.assertCountEqual(["1a", "1b", "1c"], response_data["denial_reasons"])
# Normal restrictions on team advice items
@parameterized.expand(
[
[AdviceType.APPROVE],
[AdviceType.PROVISO],
[AdviceType.REFUSE],
[AdviceType.NO_LICENCE_REQUIRED],
[AdviceType.NOT_APPLICABLE],
]
)
def test_create_end_user_case_team_advice(self, advice_type):
"""
Tests that a gov user can create an approval/proviso/refuse/nlr/not_applicable
piece of team level advice for an end user
"""
data = {
"text": "I Am Easy to Find",
"note": "I Am Easy to Find",
"type": advice_type,
"end_user": str(self.standard_application.end_user.party.id),
}
if advice_type == AdviceType.PROVISO:
data["proviso"] = "I am easy to proviso"
if advice_type == AdviceType.REFUSE:
data["denial_reasons"] = ["1a", "1b", "1c"]
response = self.client.post(self.standard_case_url, **self.gov_headers, data=[data])
response_data = response.json()["advice"][0]
self.assertEqual(response.status_code, status.HTTP_201_CREATED)
self.assertEqual(response_data["text"], data["text"])
self.assertEqual(response_data["note"], data["note"])
self.assertEqual(response_data["type"]["key"], data["type"])
self.assertEqual(response_data["end_user"], data["end_user"])
advice_object = Advice.objects.get()
# Ensure that proviso details aren't added unless the type sent is PROVISO
if advice_type != AdviceType.PROVISO:
self.assertEqual(response_data["proviso"], None)
self.assertEqual(advice_object.proviso, None)
else:
self.assertEqual(response_data["proviso"], data["proviso"])
self.assertEqual(advice_object.proviso, data["proviso"])
# Ensure that refusal details aren't added unless the type sent is REFUSE
if advice_type != AdviceType.REFUSE:
self.assertEqual(response_data["denial_reasons"], [])
self.assertEqual(advice_object.denial_reasons.count(), 0)
else:
self.assertCountEqual(response_data["denial_reasons"], data["denial_reasons"])
self.assertCountEqual(
convert_queryset_to_str(advice_object.denial_reasons.values_list("id", flat=True)),
data["denial_reasons"],
)
# User must have permission to create team advice
def test_user_cannot_create_team_level_advice_without_permissions(self):
"""
Tests that the right level of permissions are required
"""
self.gov_user.role.permissions.set([])
self.gov_user.save()
response = self.client.get(self.standard_case_url, **self.gov_headers)
self.assertEqual(response.status_code, status.HTTP_403_FORBIDDEN)
response = self.client.post(self.standard_case_url, **self.gov_headers)
self.assertEqual(response.status_code, status.HTTP_403_FORBIDDEN)
response = self.client.delete(self.standard_case_url, **self.gov_headers)
self.assertEqual(response.status_code, status.HTTP_403_FORBIDDEN)
def test_advice_from_another_team_not_collated(self):
"""
When collating advice, only the user's team's advice should be collated
"""
TeamAdviceFactory(user=self.gov_user, team=self.team, case=self.standard_case, good=self.good)
team_2 = TeamFactory()
self.gov_user_2.team = team_2
self.gov_user_2.save()
TeamAdviceFactory(user=self.gov_user_2, team=team_2, case=self.standard_case, good=self.good)
response = self.client.get(self.standard_case_url, **self.gov_headers)
response_data = response.json()["advice"]
# Team 2's advice would conflict with team 1's if both were brought in
self.assertEqual(response.status_code, status.HTTP_200_OK)
def test_cannot_submit_user_level_advice_if_team_advice_exists_for_that_team_on_that_case(self,):
"""
Logically blocks the submission of lower tier advice if higher tier advice exists
"""
TeamAdviceFactory(user=self.gov_user_2, team=self.team, case=self.standard_case, good=self.good)
data = {
"text": "I Am Easy to Find",
"note": "I Am Easy to Find",
"type": AdviceType.APPROVE,
"end_user": str(self.standard_application.end_user.party.id),
}
response = self.client.post(
reverse("cases:user_advice", kwargs={"pk": self.standard_case.id}), **self.gov_headers, data=[data]
)
self.assertEqual(response.status_code, status.HTTP_400_BAD_REQUEST)
def test_can_submit_user_level_advice_if_team_advice_has_been_cleared_for_that_team_on_that_case(self,):
"""
No residual data is left to block lower tier advice being submitted after a clear
"""
self.create_advice(self.gov_user_2, self.standard_case, "good", AdviceType.PROVISO, AdviceLevel.USER)
self.client.delete(self.standard_case_url, **self.gov_headers)
data = {
"text": "I Am Easy to Find",
"note": "I Am Easy to Find",
"type": AdviceType.APPROVE,
"end_user": str(self.standard_application.end_user.party.id),
}
response = self.client.post(
reverse("cases:user_advice", kwargs={"pk": self.standard_case.id}), **self.gov_headers, data=[data]
)
self.assertEqual(response.status_code, status.HTTP_201_CREATED)
def test_create_and_delete_audit_trail_is_created_when_the_appropriate_actions_take_place(self,):
"""
Audit trail is created when clearing or combining advice
"""
self.create_advice(
self.gov_user, self.standard_case, "end_user", AdviceType.NO_LICENCE_REQUIRED, AdviceLevel.USER
)
self.create_advice(self.gov_user_2, self.standard_case, "good", AdviceType.REFUSE, AdviceLevel.USER)
self.create_advice(self.gov_user_3, self.standard_case, "good", AdviceType.PROVISO, AdviceLevel.USER)
self.client.get(self.standard_case_url, **self.gov_headers)
self.client.delete(self.standard_case_url, **self.gov_headers)
response = self.client.get(reverse("cases:activity", kwargs={"pk": self.standard_case.id}), **self.gov_headers)
self.assertEqual(len(response.json()["activity"]), 3)
# def test_creating_team_advice_does_not_overwrite_user_level_advice(self):
# """
# Because of the shared parent class, make sure the parent class "save" method is overridden by the child class
# """
# self.create_advice(self.gov_user, self.standard_case, "end_user", AdviceType.NO_LICENCE_REQUIRED, AdviceLevel.USER)
# self.create_advice(self.gov_user, self.standard_case, "end_user", AdviceType.NO_LICENCE_REQUIRED, AdviceLevel.TEAM)
#
# self.client.get(self.standard_case_url, **self.gov_headers)
#
# self.assertEqual(Advice.objects.count(), 2)
@parameterized.expand(
[
[AdviceType.APPROVE],
[AdviceType.PROVISO],
[AdviceType.REFUSE],
[AdviceType.NO_LICENCE_REQUIRED],
[AdviceType.NOT_APPLICABLE],
]
)
def test_coalesce_merges_duplicate_advice_instead_of_appending_it_simple(self, advice_type):
"""
Makes sure we strip out duplicates of advice on the same object
"""
self.create_advice(self.gov_user_2, self.standard_case, "good", advice_type, AdviceLevel.USER)
self.create_advice(self.gov_user_3, self.standard_case, "good", advice_type, AdviceLevel.USER)
response = self.client.get(self.standard_case_url, **self.gov_headers)
response_data = response.json()["advice"]
self.assertNotIn("\n-------\n", response_data[0]["text"])
def test_merge_user_advice_same_advice_type_same_pv_gradings(self):
"""
Same advice type, same pv grading
"""
pv_grading = PvGrading.UK_OFFICIAL
self.create_advice(
self.gov_user_2, self.standard_case, "good", AdviceType.APPROVE, AdviceLevel.USER, pv_grading
)
self.create_advice(
self.gov_user_3, self.standard_case, "good", AdviceType.APPROVE, AdviceLevel.USER, pv_grading
)
response = self.client.get(self.standard_case_url, **self.gov_headers)
response_data = response.json()["advice"]
self.assertNotIn("\n-------\n", response_data[0]["text"])
self.assertEquals(
PvGrading.to_str(pv_grading), Advice.objects.get(id=response_data[0]["id"]).collated_pv_grading
)
def test_merge_user_advice_same_advice_type_different_pv_gradings(self):
"""
Same advice types, different pv gradings
"""
pv_grading = PvGrading.UK_OFFICIAL
pv_grading_2 = PvGrading.UK_OFFICIAL_SENSITIVE
self.create_advice(
self.gov_user_2, self.standard_case, "good", AdviceType.APPROVE, AdviceLevel.USER, pv_grading
)
self.create_advice(
self.gov_user_3, self.standard_case, "good", AdviceType.APPROVE, AdviceLevel.USER, pv_grading_2
)
response = self.client.get(self.standard_case_url, **self.gov_headers)
response_data = response.json()["advice"]
self.assertNotIn("\n-------\n", response_data[0]["text"])
self.assertIn("\n-------\n", Advice.objects.get(id=response_data[0]["id"]).collated_pv_grading)
def test_merge_user_advice_different_advice_type_different_pv_gradings(self):
"""
Different advice type, different pv gradings
"""
pv_grading = PvGrading.UK_OFFICIAL
pv_grading_2 = PvGrading.UK_OFFICIAL_SENSITIVE
self.create_advice(
self.gov_user_2, self.standard_case, "good", AdviceType.APPROVE, AdviceLevel.USER, pv_grading
)
self.create_advice(
self.gov_user_3, self.standard_case, "good", AdviceType.PROVISO, AdviceLevel.USER, pv_grading_2
)
response = self.client.get(self.standard_case_url, **self.gov_headers)
response_data = response.json()["advice"]
self.assertNotIn("\n-------\n", response_data[0]["text"])
self.assertIn("\n-------\n", Advice.objects.get(id=response_data[0]["id"]).collated_pv_grading)
def test_merge_user_advice_different_advice_type_same_pv_gradings(self):
"""
Different advice type, same pv gradings
"""
pv_grading = PvGrading.UK_OFFICIAL
self.create_advice(
self.gov_user_2, self.standard_case, "good", AdviceType.APPROVE, AdviceLevel.USER, pv_grading
)
self.create_advice(
self.gov_user_3, self.standard_case, "good", AdviceType.PROVISO, AdviceLevel.USER, pv_grading
)
response = self.client.get(self.standard_case_url, **self.gov_headers)
response_data = response.json()["advice"]
self.assertNotIn("\n-------\n", response_data[0]["text"])
self.assertEquals(
PvGrading.to_str(pv_grading), Advice.objects.get(id=response_data[0]["id"]).collated_pv_grading
)
def test_when_user_advice_exists_combine_team_advice_with_confirm_own_advice_success(self,):
self.role.permissions.set([constants.GovPermissions.MANAGE_TEAM_CONFIRM_OWN_ADVICE.name])
self.create_advice(self.gov_user, self.standard_case, "good", AdviceType.PROVISO, AdviceLevel.USER)
response = self.client.get(
reverse("cases:team_advice", kwargs={"pk": self.standard_case.id}), **self.gov_headers
)
self.assertEqual(response.status_code, status.HTTP_200_OK)
def test_when_user_advice_exists_combine_team_advice_without_confirm_own_advice_failure(self,):
self.role.permissions.set([constants.GovPermissions.MANAGE_TEAM_ADVICE.name])
self.create_advice(self.gov_user, self.standard_case, "good", AdviceType.PROVISO, AdviceLevel.USER)
response = self.client.get(
reverse("cases:team_advice", kwargs={"pk": self.standard_case.id}), **self.gov_headers
)
self.assertEqual(response.status_code, status.HTTP_403_FORBIDDEN)
def test_when_user_advice_exists_clear_team_advice_with_confirm_own_advice_success(self,):
self.role.permissions.set([constants.GovPermissions.MANAGE_TEAM_CONFIRM_OWN_ADVICE.name])
self.create_advice(self.gov_user, self.standard_case, "good", AdviceType.PROVISO, AdviceLevel.USER)
response = self.client.delete(
reverse("cases:team_advice", kwargs={"pk": self.standard_case.id}), **self.gov_headers
)
self.assertEqual(response.status_code, status.HTTP_200_OK)
def test_when_user_advice_exists_clear_team_advice_without_confirm_own_advice_failure(self,):
self.role.permissions.set([constants.GovPermissions.MANAGE_TEAM_ADVICE.name])
self.create_advice(self.gov_user, self.standard_case, "good", AdviceType.PROVISO, AdviceLevel.USER)
response = self.client.delete(
reverse("cases:team_advice", kwargs={"pk": self.standard_case.id}), **self.gov_headers
)
self.assertEqual(response.status_code, status.HTTP_403_FORBIDDEN)
def test_when_user_advice_exists_create_team_advice_with_confirm_own_advice_success(self,):
self.role.permissions.set([constants.GovPermissions.MANAGE_TEAM_CONFIRM_OWN_ADVICE.name])
self.create_advice(self.gov_user, self.standard_case, "good", AdviceType.PROVISO, AdviceLevel.USER)
data = {
"text": "I Am Easy to Find",
"note": "I Am Easy to Find",
"type": AdviceType.APPROVE,
"end_user": str(self.standard_application.end_user.party.id),
}
response = self.client.post(
reverse("cases:team_advice", kwargs={"pk": self.standard_case.id}), **self.gov_headers, data=[data]
)
self.assertEqual(response.status_code, status.HTTP_201_CREATED)
def test_when_user_advice_exists_create_team_advice_without_confirm_own_advice_failure(self,):
self.role.permissions.set([constants.GovPermissions.MANAGE_TEAM_ADVICE.name])
self.create_advice(self.gov_user, self.standard_case, "good", AdviceType.PROVISO, AdviceLevel.USER)
data = {
"text": "I Am Easy to Find",
"note": "I Am Easy to Find",
"type": AdviceType.APPROVE,
"end_user": str(self.standard_application.end_user.party.id),
}
response = self.client.post(
reverse("cases:team_advice", kwargs={"pk": self.standard_case.id}), **self.gov_headers, data=[data]
)
self.assertEqual(response.status_code, status.HTTP_403_FORBIDDEN)
@parameterized.expand(CaseStatusEnum.terminal_statuses())
def test_cannot_create_team_advice_when_case_in_terminal_state(self, terminal_status):
data = {
"text": "I Am Easy to Find",
"note": "I Am Easy to Find",
"type": AdviceType.APPROVE,
"end_user": str(self.standard_application.end_user.party.id),
}
self.standard_application.status = get_case_status_by_status(terminal_status)
self.standard_application.save()
response = self.client.post(self.standard_case_url, **self.gov_headers, data=[data])
self.assertEqual(response.status_code, status.HTTP_400_BAD_REQUEST)