def test_authenticated_user_can_get_single_asset_condition(
self, mock_verify_id_token):
mock_verify_id_token.return_value = {'email': self.user.email}
test_asset = Asset(
asset_code='IC002',
serial_number='SN002',
model_number=self.assetmodel,
purchase_date="2018-07-10",
asset_location=self.centre,
)
test_asset.save()
data = {'asset': test_asset.id, 'notes': 'working perfectly'}
new_asset_condition = client.post(
self.asset_condition_urls,
data=data,
HTTP_AUTHORIZATION='Token {}'.format(self.token_user),
)
self.assertEqual(new_asset_condition.status_code, 201)
response = client.get(
'{}/{}/'.format(self.asset_condition_urls,
new_asset_condition.data['id']),
HTTP_AUTHORIZATION='Token {}'.format(self.token_user),
)
self.assertEqual(response.data['id'], new_asset_condition.data['id'])
self.assertEqual(response.status_code, 200)
def setUp(self):
super(AssetConditionAPITest, self).setUp()
self.user = User.objects.create(email='*****@*****.**',
cohort=19,
slack_handle='tester',
password='******')
asset_category = AssetCategory.objects.create(category_name="Computer")
asset_sub_category = AssetSubCategory.objects.create(
sub_category_name="Electronics", asset_category=asset_category)
asset_type = AssetType.objects.create(
asset_type="Accessory", asset_sub_category=asset_sub_category)
make_label = AssetMake.objects.create(make_label="Sades",
asset_type=asset_type)
self.assetmodel = AssetModelNumber(model_number='IMN50987',
make_label=make_label)
self.assetmodel.save()
self.token_user = '******'
self.test_asset = Asset(
asset_code='IC001',
serial_number='SN001',
assigned_to=self.user,
model_number=self.assetmodel,
purchase_date="2018-07-10",
)
self.test_asset.save()
self.asset = Asset.objects.get(serial_number='SN001')
self.asset_condition = AssetCondition(asset=self.asset,
notes='working')
self.asset_condition.save()
self.asset_conditon = AssetCondition.objects.get(asset=self.asset)
self.asset_condition_urls = reverse('asset-condition-list')
def setUp(self):
super(AssetStatusAPITest, self).setUp()
asset_category = AssetCategory.objects.create(
category_name="Computer")
asset_sub_category = AssetSubCategory.objects.create(
sub_category_name="Electronics", asset_category=asset_category)
asset_type = AssetType.objects.create(
asset_type="Accessory", asset_sub_category=asset_sub_category)
make_label = AssetMake.objects.create(
make_label="Sades", asset_type=asset_type)
self.assetmodel = AssetModelNumber(
model_number='IMN50987', make_label=make_label)
self.test_assetmodel1 = AssetModelNumber(
model_number="IMN50987", make_label=make_label)
self.test_assetmodel1.save()
self.token_user = '******'
self.normal_user = User.objects.create(
email='*****@*****.**', cohort=10,
slack_handle='@test_user', password='******'
)
self.test_asset = Asset(
asset_code="IC001",
serial_number="SN001",
model_number=self.test_assetmodel1,
assigned_to=self.normal_user,
purchase_date="2018-07-10"
)
self.test_asset.save()
self.asset = Asset.objects.get(asset_code="IC001")
self.asset_status = AssetStatus.objects.get(asset=self.asset)
self.asset_status_urls = reverse('asset-status-list')
def setUp(self):
super(AssetLogModelTest, self).setUp()
asset_category = AssetCategory.objects.create(category_name="Computer")
asset_sub_category = AssetSubCategory.objects.create(
sub_category_name="Electronics", asset_category=asset_category)
asset_type = AssetType.objects.create(
asset_type="Accessory", asset_sub_category=asset_sub_category)
make_label = AssetMake.objects.create(make_label="Sades",
asset_type=asset_type)
self.assetmodel = AssetModelNumber(model_number='IMN50987',
make_label=make_label)
self.test_assetmodel1 = AssetModelNumber(model_number="IMN50987",
make_label=make_label)
self.test_assetmodel1.save()
self.normal_user = User.objects.create(email='*****@*****.**',
cohort=10,
slack_handle='@test_user',
password='******')
self.test_asset = Asset(
asset_code="IC001",
serial_number="SN001",
model_number=self.test_assetmodel1,
assigned_to=self.normal_user,
purchase_date="2018-07-10",
)
self.test_asset.save()
self.test_other_asset = Asset(
asset_code="IC00sf",
serial_number="SN00134",
model_number=self.test_assetmodel1,
assigned_to=self.normal_user,
purchase_date="2018-07-10",
)
self.test_other_asset.save()
self.checked_by = SecurityUser.objects.create(
email="*****@*****.**",
password="******",
first_name="TestFirst",
last_name="TestLast",
phone_number="254720900900",
badge_number="AE23")
self.checkin = AssetLog.objects.create(checked_by=self.checked_by,
asset=self.test_asset,
log_type="Checkin")
self.checkout = AssetLog.objects.create(checked_by=self.checked_by,
asset=self.test_asset,
log_type="Checkout")
self.token_checked_by = 'test_token'
self.token_normal_user = '******'
self.asset_logs_url = reverse('asset-logs-list')
def setUp(self):
super(ManageAssetTestCase, self).setUp()
self.admin = User.objects.create_superuser(email='*****@*****.**',
cohort=20,
slack_handle='@admin',
password='******')
self.token_admin = "tokenadmin"
self.user = User.objects.create_user(email='*****@*****.**',
cohort=20,
slack_handle='@admin',
password='******')
self.token_user = '******'
self.other_user = User.objects.create_user(email='*****@*****.**',
cohort=20,
slack_handle='@admin',
password='******')
self.token_other_user = '******'
self.asset_category = AssetCategory.objects.create(
category_name="Accessories")
self.asset_sub_category = AssetSubCategory.objects.create(
sub_category_name="Sub Category name",
asset_category=self.asset_category)
self.asset_type = AssetType.objects.create(
asset_type="Asset Type",
asset_sub_category=self.asset_sub_category)
self.make_label = AssetMake.objects.create(make_label="Asset Make",
asset_type=self.asset_type)
self.assetmodel = AssetModelNumber(model_number="IMN50987",
make_label=self.make_label)
self.assetmodel.save()
self.asset = Asset(asset_code="IC001",
serial_number="SN001",
assigned_to=self.user,
model_number=self.assetmodel,
purchase_date="2018-07-10")
self.asset.save()
allocation_history = AllocationHistory(asset=self.asset,
current_owner=self.user)
allocation_history.save()
self.checked_by = SecurityUser.objects.create(
email="*****@*****.**",
password="******",
first_name="TestFirst",
last_name="TestLast",
phone_number="254720900900",
badge_number="AE23")
self.manage_asset_urls = reverse('manage-assets-list')
def test_admin_can_filter_asset_by_asset_status(self, mock_verify_id_token):
mock_verify_id_token.return_value = {'email': self.admin_user.email}
url = reverse('manage-assets-list')
response = client.get(
'{}?current_status={}'.format(url, 'Allocated'),
HTTP_AUTHORIZATION="Token {}".format(self.token_admin),
)
self.assertEqual(response.data['count'], 1)
response = client.get(
'{}?current_status={}'.format(url, 'Available'),
HTTP_AUTHORIZATION="Token {}".format(self.token_admin),
)
count = response.data.get('count')
Asset(
asset_code="IC002",
serial_number="SN002",
model_number=self.assetmodel,
purchase_date="2018-07-10",
asset_location=self.centre,
).save()
response = client.get(
'{}?current_status={}'.format(url, 'Available'),
HTTP_AUTHORIZATION="Token {}".format(self.token_admin),
)
self.assertEqual(response.data['count'], count + 1)
def test_authenticated_user_can_post_asset_condition(
self, mock_verify_id_token):
mock_verify_id_token.return_value = {'email': self.user.email}
test_asset = Asset(asset_code='IC002',
serial_number='SN002',
assigned_to=self.user,
model_number=self.assetmodel,
purchase_date="2018-07-10")
test_asset.save()
data = {'asset': test_asset.id, 'notes': 'working perfectly'}
response = client.post(self.asset_condition_urls,
data=data,
HTTP_AUTHORIZATION='Token {}'.format(
self.token_user))
self.assertIn(data['notes'], response.data.values())
self.assertEqual(response.status_code, 201)
def setUp(self):
self.test_assetmodel1 = AssetModelNumber.objects.create(
name="IMN50987", asset_make=self.asset_make)
self.test_other_asset = Asset(
asset_code="IC00sf",
serial_number="SN00134",
model_number=self.test_assetmodel1,
purchase_date="2018-07-10",
)
self.test_other_asset.save()
self.checkin = AssetLog.objects.create(checked_by=self.security_user,
asset=self.asset,
log_type=CHECKIN)
self.checkout = AssetLog.objects.create(checked_by=self.security_user,
asset=self.asset,
log_type=CHECKOUT)
def setUp(self):
super(AssetHealthTestCase, self).setUp()
self.admin = User.objects.create_superuser(email='*****@*****.**',
cohort=20,
slack_handle='@admin',
password='******')
self.token_admin = "tokenadmin"
self.user = User.objects.create_user(email='*****@*****.**',
cohort=20,
slack_handle='@admin',
password='******')
self.token_user = '******'
self.other_user = User.objects.create_user(email='*****@*****.**',
cohort=20,
slack_handle='@admin',
password='******')
self.token_other_user = '******'
self.asset_category = AssetCategory.objects.create(
category_name="Accessories")
self.asset_sub_category = AssetSubCategory.objects.create(
sub_category_name="Sub Category name",
asset_category=self.asset_category)
self.asset_type = AssetType.objects.create(
asset_type="Asset Type",
asset_sub_category=self.asset_sub_category)
self.make_label = AssetMake.objects.create(make_label="Asset Make",
asset_type=self.asset_type)
self.assetmodel = AssetModelNumber(model_number="IMN50987",
make_label=self.make_label)
self.assetmodel.save()
self.asset = Asset(
asset_code="IC001",
serial_number="SN001",
assigned_to=self.user,
model_number=self.assetmodel,
purchase_date="2018-07-10",
)
self.asset.save()
allocation_history = AllocationHistory(asset=self.asset,
current_owner=self.user)
allocation_history.save()
self.asset_urls = reverse('asset-health-list')
def setUp(self):
self.test_assetmodel1 = AssetModelNumber.objects.create(
model_number="IMN50987", make_label=self.make_label)
self.test_other_asset = Asset(
asset_code="IC00sf",
serial_number="SN00134",
model_number=self.test_assetmodel1,
assigned_to=self.asset_assignee,
purchase_date="2018-07-10",
)
self.test_other_asset.save()
self.checkin = AssetLog.objects.create(checked_by=self.security_user,
asset=self.asset,
log_type="Checkin")
self.checkout = AssetLog.objects.create(checked_by=self.security_user,
asset=self.asset,
log_type="Checkout")
def setUp(self):
super(AssetIncidentReportAPITest, self).setUp()
asset_category = AssetCategory.objects.create(category_name="Computer")
asset_sub_category = AssetSubCategory.objects.create(
sub_category_name="Electronics", asset_category=asset_category)
asset_type = AssetType.objects.create(
asset_type="Accessory", asset_sub_category=asset_sub_category)
make_label = AssetMake.objects.create(make_label="Sades",
asset_type=asset_type)
self.assetmodel = AssetModelNumber(model_number='IMN50987',
make_label=make_label)
self.test_assetmodel = AssetModelNumber(model_number="IMN50987",
make_label=make_label)
self.test_assetmodel.save()
self.user = User.objects.create_user(email='*****@*****.**',
cohort=20,
slack_handle='@admin',
password='******')
self.token_user = '******'
self.test_asset = Asset(asset_code="qaz123",
serial_number="123qaz",
model_number=self.test_assetmodel,
assigned_to=self.user,
purchase_date="2018-07-10")
self.test_asset.save()
self.incident_report = AssetIncidentReport.objects.create(
asset=self.test_asset,
incident_type="Loss",
incident_location="44",
incident_description="Mugging",
injuries_sustained="Black eye",
loss_of_property="Laptop",
witnesses="John Doe",
police_abstract_obtained="Yes")
self.incident_report_url = reverse('incidence-reports-list')
self.count_before = AssetIncidentReport.objects.count()
def setUp(self):
self.client = Client()
self.admin_user = get_user_model().objects.create_superuser(
email='*****@*****.**',
password='******'
)
self.client.force_login(self.admin_user) ## helper function to force user login
self.user = get_user_model().objects.create_user(
email='*****@*****.**',
password='******',
name='Test user full name'
)
self.instrument = Instrument(name='test', symbol='test', category='test', price=5)
self.instrument.save()
self.asset = Asset(owner=self.user, instrument=self.instrument, quantity=5)
self.asset.save()
self.buy_transaction = BuyTransaction(owner=self.user, instrument=self.instrument, quantity=5,
created_at=datetime.datetime.now())
self.buy_transaction.save()
self.sell_transaction = BuyTransaction(owner=self.user, instrument=self.instrument, quantity=5,
created_at=datetime.datetime.now())
self.sell_transaction.save()
def test_authenticated_user_cant_post_invalid_asset_serial_number(
self, mock_verify_id_token):
mock_verify_id_token.return_value = {'email': self.user.email}
invalid_asset = Asset(
asset_code='IC0024',
serial_number='SN0014',
assigned_to=self.user,
model_number=self.assetmodel,
)
data = {'asset': invalid_asset, 'notes': 'working perfectly'}
response = client.post(self.asset_condition_urls,
data=data,
HTTP_AUTHORIZATION='Token {}'.format(
self.token_user))
self.assertEqual(response.status_code, 400)
def create(self, request, *args, **kwargs):
asset = Asset()
asset.asset = request.data['asset']
asset.title = request.data['title']
asset.description = request.data['description']
asset.employer = request.user.employer
try:
emp = Employee.objects.get(user__email=request.data['assigned'])
except Employee.DoesNotExist:
return Response({
'success': False,
'message': 'No Such Employee To Assgin The Asset'
})
assigned_asset = AssignedAsset()
assigned_asset.asset = asset
assigned_asset.employee = emp
with transaction.atomic():
asset.save()
assigned_asset.save()
return Response({'success': True})
class AssetLogModelTest(APIBaseTestCase):
"""Tests for the AssetLog Model and API"""
def setUp(self):
super(AssetLogModelTest, self).setUp()
asset_category = AssetCategory.objects.create(category_name="Computer")
asset_sub_category = AssetSubCategory.objects.create(
sub_category_name="Electronics", asset_category=asset_category)
asset_type = AssetType.objects.create(
asset_type="Accessory", asset_sub_category=asset_sub_category)
make_label = AssetMake.objects.create(make_label="Sades",
asset_type=asset_type)
self.assetmodel = AssetModelNumber(model_number='IMN50987',
make_label=make_label)
self.test_assetmodel1 = AssetModelNumber(model_number="IMN50987",
make_label=make_label)
self.test_assetmodel1.save()
self.normal_user = User.objects.create(email='*****@*****.**',
cohort=10,
slack_handle='@test_user',
password='******')
self.test_asset = Asset(
asset_code="IC001",
serial_number="SN001",
model_number=self.test_assetmodel1,
assigned_to=self.normal_user,
purchase_date="2018-07-10",
)
self.test_asset.save()
self.test_other_asset = Asset(
asset_code="IC00sf",
serial_number="SN00134",
model_number=self.test_assetmodel1,
assigned_to=self.normal_user,
purchase_date="2018-07-10",
)
self.test_other_asset.save()
self.checked_by = SecurityUser.objects.create(
email="*****@*****.**",
password="******",
first_name="TestFirst",
last_name="TestLast",
phone_number="254720900900",
badge_number="AE23")
self.checkin = AssetLog.objects.create(checked_by=self.checked_by,
asset=self.test_asset,
log_type="Checkin")
self.checkout = AssetLog.objects.create(checked_by=self.checked_by,
asset=self.test_asset,
log_type="Checkout")
self.token_checked_by = 'test_token'
self.token_normal_user = '******'
self.asset_logs_url = reverse('asset-logs-list')
def test_add_checkin(self):
AssetLog.objects.create(checked_by=self.checked_by,
asset=self.test_other_asset,
log_type="Checkin")
self.assertEqual(AssetLog.objects.count(), 3)
def test_add_checkout(self):
AssetLog.objects.create(checked_by=self.checked_by,
asset=self.test_other_asset,
log_type="Checkout")
self.assertEqual(AssetLog.objects.count(), 3)
def test_add_checkin_without_log_type(self):
with self.assertRaises(ValidationError) as e:
AssetLog.objects.create(
checked_by=self.checked_by,
asset=self.test_other_asset,
)
self.assertEqual(
e.exception.message_dict, {
'log_type': ['This field cannot be blank.'],
'__all__': ['Log type is required.']
})
def test_delete_checkin(self):
self.assertEqual(AssetLog.objects.count(), 2)
self.checkin.delete()
self.assertEqual(AssetLog.objects.count(), 1)
def test_update_checkin(self):
self.checkin.asset = self.test_other_asset
self.checkin.save()
self.assertEqual(self.checkin.asset.asset_code,
self.test_other_asset.asset_code)
def test_update_checkout(self):
self.checkout.asset = self.test_other_asset
self.checkout.save()
self.assertEqual(self.checkout.asset.asset_code,
self.test_other_asset.asset_code)
def test_non_authenticated_user_checkin_checkout(self):
response = client.get(self.asset_logs_url)
self.assertEqual(
response.data,
{'detail': 'Authentication credentials were not provided.'})
def test_checkout_model_string_representation(self):
self.assertEqual(str(self.checkin.asset.serial_number),
self.test_asset.serial_number)
@patch('api.authentication.auth.verify_id_token')
def test_authenticated_normal_user_list_checkin_checkout(
self, mock_verify_id_token):
mock_verify_id_token.return_value = {'email': self.normal_user.email}
response = client.get(self.asset_logs_url,
HTTP_AUTHORIZATION="Token {}".format(
self.token_normal_user))
self.assertEqual(
response.data,
{'detail': 'You do not have permission to perform this action.'})
self.assertEqual(response.status_code, 403)
@patch('api.authentication.auth.verify_id_token')
def test_authenticated_security_user_list_checkin_checkout(
self, mock_verify_id_token):
mock_verify_id_token.return_value = {'email': self.checked_by.email}
response = client.get(self.asset_logs_url,
HTTP_AUTHORIZATION="Token {}".format(
self.token_checked_by))
self.assertIn(self.checkout.id, response.data['results'][0].values())
self.assertEqual(len(response.data['results']),
AssetLog.objects.count())
self.assertEqual(response.status_code, 200)
@patch('api.authentication.auth.verify_id_token')
def test_authenticated_normal_user_create_checkin(self,
mock_verify_id_token):
mock_verify_id_token.return_value = {'email': self.normal_user.email}
response = client.get(self.asset_logs_url,
HTTP_AUTHORIZATION="Token {}".format(
self.token_normal_user))
self.assertEqual(
response.data,
{'detail': 'You do not have permission to perform this action.'})
self.assertEqual(response.status_code, 403)
@patch('api.authentication.auth.verify_id_token')
def test_authenticated_security_user_create_checkin(
self, mock_verify_id_token):
mock_verify_id_token.return_value = {'email': self.checked_by.email}
data = {'asset': self.test_other_asset.id, 'log_type': 'Checkin'}
response = client.post(self.asset_logs_url,
data,
HTTP_AUTHORIZATION="Token {}".format(
self.token_checked_by))
self.assertEqual(
response.data['asset'], f"{self.test_other_asset.serial_number} - "
f"{self.test_other_asset.asset_code}")
self.assertEqual(response.status_code, 201)
@patch('api.authentication.auth.verify_id_token')
def test_authenticated_security_user_create_checkout(
self, mock_verify_id_token):
mock_verify_id_token.return_value = {'email': self.checked_by.email}
data = {'asset': self.test_other_asset.id, 'log_type': 'Checkout'}
response = client.post(self.asset_logs_url,
data,
HTTP_AUTHORIZATION="Token {}".format(
self.token_checked_by))
self.assertEqual(
response.data['asset'], f"{self.test_other_asset.serial_number} - "
f"{self.test_other_asset.asset_code}")
self.assertEqual(response.status_code, 201)
@patch('api.authentication.auth.verify_id_token')
def test_authenticated_security_user_create_with_invalid_log_type(
self, mock_verify_id_token):
mock_verify_id_token.return_value = {'email': self.checked_by.email}
log_type = "Invalid"
data = {'asset': self.test_other_asset.id, 'log_type': log_type}
response = client.post(self.asset_logs_url,
data,
HTTP_AUTHORIZATION="Token {}".format(
self.token_checked_by))
self.assertEqual(
response.data,
{'log_type': ['"{}" is not a valid choice.'.format(log_type)]})
self.assertEqual(response.status_code, 400)
@patch('api.authentication.auth.verify_id_token')
def test_authenticated_security_user_create_checkin_without_asset(
self, mock_verify_id_token):
mock_verify_id_token.return_value = {'email': self.checked_by.email}
data = {'log_type': 'Checkin'}
response = client.post(self.asset_logs_url,
data,
HTTP_AUTHORIZATION="Token {}".format(
self.token_checked_by))
self.assertDictEqual(response.data,
{'asset': ['This field is required.']})
self.assertEqual(response.status_code, 400)
@patch('api.authentication.auth.verify_id_token')
def test_authenticated_security_user_view_checkin_detail(
self, mock_verify_id_token):
mock_verify_id_token.return_value = {'email': self.checked_by.email}
response = client.get(
"{}/{}/".format(self.asset_logs_url, self.checkin.id),
HTTP_AUTHORIZATION="Token {}".format(self.token_checked_by))
self.assertEqual(response.data['id'], self.checkin.id)
self.assertEqual(response.status_code, 200)
@patch('api.authentication.auth.verify_id_token')
def test_authenticated_security_user_cannot_delete_checkin(
self, mock_verify_id_token):
mock_verify_id_token.return_value = {'email': self.checked_by.email}
response = client.delete(
"{}/{}/".format(self.asset_logs_url, self.checkin.id),
HTTP_AUTHORIZATION="Token {}".format(self.token_checked_by))
self.assertEqual(response.data,
{'detail': 'Method "DELETE" not allowed.'})
self.assertEqual(response.status_code, 405)
@patch('api.authentication.auth.verify_id_token')
def test_authenticated_security_user_cannot_put_checkin(
self, mock_verify_id_token):
mock_verify_id_token.return_value = {'email': self.checked_by.email}
response = client.put(
"{}/{}/".format(self.asset_logs_url, self.checkin.id),
HTTP_AUTHORIZATION="Token {}".format(self.token_checked_by))
self.assertEqual(response.data,
{'detail': 'Method "PUT" not allowed.'})
self.assertEqual(response.status_code, 405)
@patch('api.authentication.auth.verify_id_token')
def test_authenticated_security_user_cannot_patch_checkin(
self, mock_verify_id_token):
mock_verify_id_token.return_value = {'email': self.checked_by.email}
response = client.patch(
"{}/{}/".format(self.asset_logs_url, self.checkin.id),
HTTP_AUTHORIZATION="Token {}".format(self.token_checked_by))
self.assertEqual(response.data,
{'detail': 'Method "PATCH" not allowed.'})
self.assertEqual(response.status_code, 405)
class AssetConditionAPITest(APIBaseTestCase):
''' Tests for the AssetCondition endpoint'''
def setUp(self):
super(AssetConditionAPITest, self).setUp()
self.user = User.objects.create(email='*****@*****.**',
cohort=19,
slack_handle='tester',
password='******')
asset_category = AssetCategory.objects.create(category_name="Computer")
asset_sub_category = AssetSubCategory.objects.create(
sub_category_name="Electronics", asset_category=asset_category)
asset_type = AssetType.objects.create(
asset_type="Accessory", asset_sub_category=asset_sub_category)
make_label = AssetMake.objects.create(make_label="Sades",
asset_type=asset_type)
self.assetmodel = AssetModelNumber(model_number='IMN50987',
make_label=make_label)
self.assetmodel.save()
self.token_user = '******'
self.test_asset = Asset(
asset_code='IC001',
serial_number='SN001',
assigned_to=self.user,
model_number=self.assetmodel,
purchase_date="2018-07-10",
)
self.test_asset.save()
self.asset = Asset.objects.get(serial_number='SN001')
self.asset_condition = AssetCondition(asset=self.asset,
notes='working')
self.asset_condition.save()
self.asset_conditon = AssetCondition.objects.get(asset=self.asset)
self.asset_condition_urls = reverse('asset-condition-list')
def test_non_authenciated_user_can_view_asset_condition(self):
response = client.get(self.asset_condition_urls)
self.assertEqual(response.status_code, 401)
@patch('api.authentication.auth.verify_id_token')
def test_authenciated_user_can_view_asset_condition(
self, mock_verify_id_token):
mock_verify_id_token.return_value = {'email': self.user.email}
response = client.get(self.asset_condition_urls,
HTTP_AUTHORIZATION='Token {}'.format(
self.token_user))
self.assertIn(self.asset_condition.notes,
response.data['results'][0].values())
self.assertEqual(len(response.data['results']), Asset.objects.count())
self.assertEqual(response.status_code, 200)
@patch('api.authentication.auth.verify_id_token')
def test_authenticated_user_can_post_asset_condition(
self, mock_verify_id_token):
mock_verify_id_token.return_value = {'email': self.user.email}
test_asset = Asset(asset_code='IC002',
serial_number='SN002',
assigned_to=self.user,
model_number=self.assetmodel,
purchase_date="2018-07-10")
test_asset.save()
data = {'asset': test_asset.id, 'notes': 'working perfectly'}
response = client.post(self.asset_condition_urls,
data=data,
HTTP_AUTHORIZATION='Token {}'.format(
self.token_user))
self.assertIn(data['notes'], response.data.values())
self.assertEqual(response.status_code, 201)
@patch('api.authentication.auth.verify_id_token')
def test_authenticated_user_cant_post_invalid_asset_serial_number(
self, mock_verify_id_token):
mock_verify_id_token.return_value = {'email': self.user.email}
invalid_asset = Asset(
asset_code='IC0024',
serial_number='SN0014',
assigned_to=self.user,
model_number=self.assetmodel,
)
data = {'asset': invalid_asset, 'notes': 'working perfectly'}
response = client.post(self.asset_condition_urls,
data=data,
HTTP_AUTHORIZATION='Token {}'.format(
self.token_user))
self.assertEqual(response.status_code, 400)
@patch('api.authentication.auth.verify_id_token')
def test_authenticated_user_can_get_all_asset_condition(
self, mock_verify_id_token):
mock_verify_id_token.return_value = {'email': self.user.email}
response = client.get(self.asset_condition_urls,
HTTP_AUTHORIZATION='Token {}'.format(
self.token_user))
self.assertEqual(response.status_code, 200)
@patch('api.authentication.auth.verify_id_token')
def test_authenticated_user_can_get_single_asset_condition(
self, mock_verify_id_token):
mock_verify_id_token.return_value = {'email': self.user.email}
test_asset = Asset(
asset_code='IC002',
serial_number='SN002',
assigned_to=self.user,
model_number=self.assetmodel,
purchase_date="2018-07-10",
)
test_asset.save()
data = {'asset': test_asset.id, 'notes': 'working perfectly'}
new_asset_condition = client.post(self.asset_condition_urls,
data=data,
HTTP_AUTHORIZATION='Token {}'.format(
self.token_user))
self.assertEqual(new_asset_condition.status_code, 201)
response = client.get('{}/{}/'.format(self.asset_condition_urls,
new_asset_condition.data['id']),
HTTP_AUTHORIZATION='Token {}'.format(
self.token_user))
self.assertEqual(response.data['id'], new_asset_condition.data['id'])
self.assertEqual(response.status_code, 200)
@patch('api.authentication.auth.verify_id_token')
def test_authenticated_user_condition_api_endpoint_cannot_allow_put(
self, mock_verify_id_token):
mock_verify_id_token.return_value = {'email': self.user.email}
response = client.put(self.asset_condition_urls,
HTTP_AUTHORIZATION='Token {}'.format(
self.token_user))
self.assertEqual(response.status_code, 405)
@patch('api.authentication.auth.verify_id_token')
def test_authenticated_user_condition_api_endpoint_cannot_allow_patch(
self, mock_verify_id_token):
mock_verify_id_token.return_value = {'email': self.user.email}
response = client.patch(self.asset_condition_urls,
HTTP_AUTHORIZATION='Token {}'.format(
self.token_user))
self.assertEqual(response.status_code, 405)
@patch('api.authentication.auth.verify_id_token')
def test_condition_api_endpoint_cannot_allow_delete(
self, mock_verify_id_token):
mock_verify_id_token.return_value = {'email': self.user.email}
response = client.delete(self.asset_condition_urls,
HTTP_AUTHORIZATION='Token {}'.format(
self.token_user))
self.assertEqual(response.status_code, 405)
class AdminSiteTests(TestCase):
def setUp(self):
self.client = Client()
self.admin_user = get_user_model().objects.create_superuser(
email='*****@*****.**',
password='******'
)
self.client.force_login(self.admin_user) ## helper function to force user login
self.user = get_user_model().objects.create_user(
email='*****@*****.**',
password='******',
name='Test user full name'
)
self.instrument = Instrument(name='test', symbol='test', category='test', price=5)
self.instrument.save()
self.asset = Asset(owner=self.user, instrument=self.instrument, quantity=5)
self.asset.save()
self.buy_transaction = BuyTransaction(owner=self.user, instrument=self.instrument, quantity=5,
created_at=datetime.datetime.now())
self.buy_transaction.save()
self.sell_transaction = BuyTransaction(owner=self.user, instrument=self.instrument, quantity=5,
created_at=datetime.datetime.now())
self.sell_transaction.save()
def test_users_listed(self):
"""Test that users are listed on user page"""
url = reverse('admin:core_user_changelist') ## generate user list page, check django admin docs
response = self.client.get(url)
self.assertContains(response, self.user.name)
self.assertContains(response, self.user.email)
def test_user_change_page(self):
"""Test that the User edit page works"""
url = reverse('admin:core_user_change', args=[self.user.id]) # /admin/core/user/1
response = self.client.get(url)
self.assertEqual(response.status_code, 200)
def test_create_user_page(self):
"""Test that the crate user page works"""
url = reverse('admin:core_user_add')
response = self.client.get(url)
self.assertEqual(response.status_code, 200)
def test_instrument_listed(self):
"""Test that created instrument is listed on admin page"""
url = reverse('admin:core_instrument_changelist')
response = self.client.get(url)
self.assertContains(response, self.instrument.name)
self.assertContains(response, self.instrument.symbol)
def test_asset_listed(self):
"""Test that created instrument is listed on admin page"""
url = reverse('admin:core_asset_changelist')
response = self.client.get(url)
self.assertContains(response, self.asset.instrument)
self.assertContains(response, self.asset.quantity)
def test_buy_transaction_listed(self):
"""Test that created instrument is listed on admin page"""
url = reverse('admin:core_buytransaction_changelist')
response = self.client.get(url)
self.assertContains(response, self.buy_transaction.instrument)
self.assertContains(response, self.buy_transaction.quantity)
def test_sell_transaction_listed(self):
"""Test that created instrument is listed on admin page"""
url = reverse('admin:core_selltransaction_changelist')
response = self.client.get(url)
self.assertContains(response, self.sell_transaction.instrument)
class ManageAssetTestCase(APIBaseTestCase):
def setUp(self):
super(ManageAssetTestCase, self).setUp()
self.admin = User.objects.create_superuser(email='*****@*****.**',
cohort=20,
slack_handle='@admin',
password='******')
self.token_admin = "tokenadmin"
self.user = User.objects.create_user(email='*****@*****.**',
cohort=20,
slack_handle='@admin',
password='******')
self.token_user = '******'
self.other_user = User.objects.create_user(email='*****@*****.**',
cohort=20,
slack_handle='@admin',
password='******')
self.token_other_user = '******'
self.asset_category = AssetCategory.objects.create(
category_name="Accessories")
self.asset_sub_category = AssetSubCategory.objects.create(
sub_category_name="Sub Category name",
asset_category=self.asset_category)
self.asset_type = AssetType.objects.create(
asset_type="Asset Type",
asset_sub_category=self.asset_sub_category)
self.make_label = AssetMake.objects.create(make_label="Asset Make",
asset_type=self.asset_type)
self.assetmodel = AssetModelNumber(model_number="IMN50987",
make_label=self.make_label)
self.assetmodel.save()
self.asset = Asset(asset_code="IC001",
serial_number="SN001",
assigned_to=self.user,
model_number=self.assetmodel,
purchase_date="2018-07-10")
self.asset.save()
allocation_history = AllocationHistory(asset=self.asset,
current_owner=self.user)
allocation_history.save()
self.checked_by = SecurityUser.objects.create(
email="*****@*****.**",
password="******",
first_name="TestFirst",
last_name="TestLast",
phone_number="254720900900",
badge_number="AE23")
self.manage_asset_urls = reverse('manage-assets-list')
def test_non_authenticated_admin_view_assets(self):
response = client.get(self.manage_asset_urls)
self.assertEqual(
response.data,
{'detail': 'Authentication credentials were not provided.'})
@patch('api.authentication.auth.verify_id_token')
def test_authenticated_admin_view_assets(self, mock_verify_id_token):
mock_verify_id_token.return_value = {'email': self.admin.email}
response = client.get(self.manage_asset_urls,
HTTP_AUTHORIZATION="Token {}".format(
self.token_user))
self.assertIn(self.asset.asset_code,
response.data['results'][0].values())
self.assertEqual(len(response.data['results']), Asset.objects.count())
self.assertEqual(response.status_code, 200)
@patch('api.authentication.auth.verify_id_token')
def test_non_admin_cannot_view_all_assets(self, mock_verify_id_token):
mock_verify_id_token.return_value = {'email': self.user.email}
response = client.get(self.manage_asset_urls,
HTTP_AUTHORIZATION="Token {}".format(
self.token_user))
self.assertEqual(response.status_code, 403)
@patch('api.authentication.auth.verify_id_token')
def test_non_admin_cannot_post_put_or_delete(self, mock_verify_id_token):
mock_verify_id_token.return_value = {'email': self.user.email}
response = client.post(self.manage_asset_urls,
HTTP_AUTHORIZATION="Token {}".format(
self.token_user))
self.assertEqual(response.status_code, 403)
response = client.put(self.manage_asset_urls,
HTTP_AUTHORIZATION="Token {}".format(
self.token_user))
self.assertEqual(response.status_code, 403)
response = client.delete(self.manage_asset_urls,
HTTP_AUTHORIZATION="Token {}".format(
self.token_user))
self.assertEqual(response.status_code, 403)
@patch('api.authentication.auth.verify_id_token')
def test_authenticated_admin_view_all_assets(self, mock_verify_id_token):
mock_verify_id_token.return_value = {'email': self.admin.email}
response = client.get(self.manage_asset_urls,
HTTP_AUTHORIZATION="Token {}".format(
self.token_admin))
self.assertEqual(len(response.data['results']), Asset.objects.count())
self.assertEqual(response.status_code, 200)
@patch('api.authentication.auth.verify_id_token')
def test_admin_can_post_asset(self, mock_verify_id_token):
mock_verify_id_token.return_value = {'email': self.admin.email}
data = {
"asset_code": "IC002",
"serial_number": "SN002",
"model_number": self.assetmodel.model_number,
"purchase_date": "2018-07-10"
}
response = client.post(self.manage_asset_urls,
data=data,
HTTP_AUTHORIZATION="Token {}".format(
self.token_user))
res_data = response.data
self.assertEqual(data.get("asset_code"), res_data.get("asset_code"))
self.assertEqual(data.get("serial_number"),
res_data.get("serial_number"))
self.assertEqual(data.get("model_number"),
res_data.get("model_number"))
self.assertEqual(Asset.objects.count(), 2)
self.assertEqual(response.status_code, 201)
@patch('api.authentication.auth.verify_id_token')
def test_admin_can_post_asset_with_specs(self, mock_verify_id_token):
mock_verify_id_token.return_value = {'email': self.admin.email}
data = {
"asset_code": "IC003",
"serial_number": "SN003",
"model_number": self.assetmodel.model_number,
"purchase_date": "2018-07-10",
"processor_type": "Intel core i3",
"processor_speed": 2.3,
"screen_size": 15
}
response = client.post(self.manage_asset_urls,
data=data,
HTTP_AUTHORIZATION="Token {}".format(
self.token_user))
res_data = response.data
self.assertEqual(data.get("serial_number"),
res_data.get("serial_number"))
self.assertIsNotNone(res_data.get('specs', None))
self.assertEqual(data['screen_size'],
res_data.get('specs').get('screen_size'))
self.assertEqual(response.status_code, 201)
@patch('api.authentication.auth.verify_id_token')
def test_admin_cannot_post_asset_with_invalid_specs_fields(
self, mock_verify_id_token):
mock_verify_id_token.return_value = {'email': self.admin.email}
data = {
"asset_code": "IC002",
"serial_number": "SN002",
"model_number": self.assetmodel.model_number,
"purchase_date": "2018-07-10",
"processor_type": "Intel core i3",
"processor_speed": 5.0,
"screen_size": 19
}
response = client.post(self.manage_asset_urls,
data=data,
HTTP_AUTHORIZATION="Token {}".format(
self.token_user))
self.assertEqual(response.status_code, 400)
self.assertIn("screen_size", response.data)
self.assertIn("processor_speed", response.data)
@patch('api.authentication.auth.verify_id_token')
def test_admin_cannot_post_asset_with_missing_fields(
self, mock_verify_id_token):
mock_verify_id_token.return_value = {'email': self.admin.email}
data = {
"model_number": self.assetmodel.model_number,
"purchase_date": "2018-07-10"
}
response = client.post(self.manage_asset_urls,
data=data,
HTTP_AUTHORIZATION="Token {}".format(
self.token_user))
self.assertEqual(response.status_code, 400)
self.assertEqual(
response.data['__all__'][0],
"['Please provide either the serial number, asset code or both.']")
@patch('api.authentication.auth.verify_id_token')
def test_cannot_post_asset_with_invalid_model_number(
self, mock_verify_id_token):
mock_verify_id_token.return_value = {'email': self.admin.email}
self.assetmodel.id = 300
data = {
"asset_code": "IC002",
"serial_number": "SN002",
"model_number": self.assetmodel.id,
"purchase_date": "2018-07-10"
}
response = client.post(self.manage_asset_urls,
data=data,
HTTP_AUTHORIZATION="Token {}".format(
self.token_user))
self.assertEqual(
response.data,
{'model_number': ['Object with model_number=300 does not exist.']})
self.assertEqual(response.status_code, 400)
@patch('api.authentication.auth.verify_id_token')
def test_assets_api_endpoint_cant_allow_patch(self, mock_verify_id_token):
mock_verify_id_token.return_value = {'email': self.admin.email}
response = client.patch(
'{}/{}/'.format(self.manage_asset_urls, self.asset.serial_number),
HTTP_AUTHORIZATION="Token {}".format(self.token_user))
self.assertEqual(response.data,
{'detail': 'Method "PATCH" not allowed.'})
@patch('api.authentication.auth.verify_id_token')
def test_assets_detail_api_endpoint_contain_assigned_to_details(
self, mock_verify_id_token):
mock_verify_id_token.return_value = {'email': self.admin.email}
response = client.get(
'{}/{}/'.format(self.manage_asset_urls, self.asset.serial_number),
HTTP_AUTHORIZATION="Token {}".format(self.token_user))
self.assertIn(self.user.email, response.data['assigned_to'].values())
self.assertEqual(response.status_code, 200)
@patch('api.authentication.auth.verify_id_token')
def test_assets_assigned_to_details_has_no_password(
self, mock_verify_id_token):
mock_verify_id_token.return_value = {'email': self.admin.email}
response = client.get(
'{}/{}/'.format(self.manage_asset_urls, self.asset.serial_number),
HTTP_AUTHORIZATION="Token {}".format(self.token_user))
self.assertNotIn('password', response.data['assigned_to'].keys())
self.assertEqual(response.status_code, 200)
@patch('api.authentication.auth.verify_id_token')
def test_checkin_status_for_non_checked_asset(self, mock_verify_id_token):
mock_verify_id_token.return_value = {'email': self.admin.email}
response = client.get(
'{}/{}/'.format(self.manage_asset_urls, self.asset.serial_number),
HTTP_AUTHORIZATION="Token {}".format(self.token_user))
self.assertIn('checkin_status', response.data.keys())
self.assertEqual(response.data['checkin_status'], None)
self.assertEqual(response.status_code, 200)
@patch('api.authentication.auth.verify_id_token')
def test_checkin_status_for_checked_in_asset(self, mock_verify_id_token):
AssetLog.objects.create(checked_by=self.checked_by,
asset=self.asset,
log_type="Checkin")
mock_verify_id_token.return_value = {'email': self.admin.email}
response = client.get(
'{}/{}/'.format(self.manage_asset_urls, self.asset.serial_number),
HTTP_AUTHORIZATION="Token {}".format(self.token_user))
self.assertIn('checkin_status', response.data.keys())
self.assertEqual(response.data['checkin_status'], "checked_in")
self.assertEqual(response.status_code, 200)
@patch('api.authentication.auth.verify_id_token')
def test_checkin_status_for_checkout_in_asset(self, mock_verify_id_token):
AssetLog.objects.create(checked_by=self.checked_by,
asset=self.asset,
log_type="Checkout")
mock_verify_id_token.return_value = {'email': self.admin.email}
response = client.get(
'{}/{}/'.format(self.manage_asset_urls, self.asset.serial_number),
HTTP_AUTHORIZATION="Token {}".format(self.token_user))
self.assertIn('checkin_status', response.data.keys())
self.assertEqual(response.data['checkin_status'], "checked_out")
self.assertEqual(response.status_code, 200)
@patch('api.authentication.auth.verify_id_token')
def test_asset_type_in_asset_api(self, mock_verify_id_token):
mock_verify_id_token.return_value = {'email': self.admin.email}
response = client.get(
'{}/{}/'.format(self.manage_asset_urls, self.asset.serial_number),
HTTP_AUTHORIZATION="Token {}".format(self.token_user))
self.assertIn('asset_type', response.data.keys())
self.assertEqual(response.data['asset_type'],
self.asset_type.asset_type)
self.assertEqual(response.status_code, 200)
@patch('api.authentication.auth.verify_id_token')
def test_asset_filter_by_email(self, mock_verify_id_token):
mock_verify_id_token.return_value = {'email': self.admin.email}
response = client.get(
'{}?email={}'.format(self.manage_asset_urls, self.user.email),
HTTP_AUTHORIZATION="Token {}".format(self.token_user))
self.assertTrue(len(response.data) > 0)
self.assertIn(self.user.email,
response.data['results'][0]['assigned_to']['email'])
@patch('api.authentication.auth.verify_id_token')
def test_asset_filter_non_existing_email_return_empty(
self, mock_verify_id_token):
mock_verify_id_token.return_value = {'email': self.admin.email}
response = client.get('{}?email={}'.format(self.manage_asset_urls,
'*****@*****.**'),
HTTP_AUTHORIZATION="Token {}".format(
self.token_user))
self.assertFalse(len(response.data['results']) > 0)
@patch('api.authentication.auth.verify_id_token')
def test_asset_filter_with_invalid_email_fails_with_validation_error(
self, mock_verify_id_token):
mock_verify_id_token.return_value = {'email': self.admin.email}
response = client.get(
'{}?email={}'.format(self.manage_asset_urls, 'notavalidemail'),
HTTP_AUTHORIZATION="Token {}".format(self.token_user))
self.assertEqual(response.status_code, 400)
self.assertEqual(response.data[0], 'Enter a valid email address.')
@patch('api.authentication.auth.verify_id_token')
def test_assets_have_allocation_history(self, mock_verify_id_token):
mock_verify_id_token.return_value = {'email': self.admin.email}
response = client.get(
'{}/{}/'.format(self.manage_asset_urls, self.asset.serial_number),
HTTP_AUTHORIZATION="Token {}".format(self.token_user))
self.assertIn('allocation_history', response.data.keys())
self.assertEqual(response.status_code, 200)
class AssetLogModelTest(APIBaseTestCase):
"""Tests for the AssetLog Model and API"""
def setUp(self):
self.test_assetmodel1 = AssetModelNumber.objects.create(
name="IMN50987", asset_make=self.asset_make)
self.test_other_asset = Asset(
asset_code="IC00sf",
serial_number="SN00134",
model_number=self.test_assetmodel1,
purchase_date="2018-07-10",
)
self.test_other_asset.save()
self.checkin = AssetLog.objects.create(checked_by=self.security_user,
asset=self.asset,
log_type=CHECKIN)
self.checkout = AssetLog.objects.create(checked_by=self.security_user,
asset=self.asset,
log_type=CHECKOUT)
def test_verify_double_checkin_for_asset(self):
# First log
AssetLog.objects.create(checked_by=self.security_user,
asset=self.test_other_asset,
log_type=CHECKIN)
initial_log_count = AssetLog.objects.count()
# Second log
AssetLog.objects.create(checked_by=self.security_user,
asset=self.test_other_asset,
log_type=CHECKIN)
final_log_count = AssetLog.objects.count()
self.assertEqual(initial_log_count, final_log_count)
def test_verify_checkin_for_asset_once_checked_in(self):
# First log
AssetLog.objects.create(checked_by=self.security_user,
asset=self.test_other_asset,
log_type=CHECKIN)
# Second log
AssetLog.objects.create(
checked_by=self.security_user,
asset=self.test_other_asset,
log_type=CHECKOUT,
)
initial_log_count = AssetLog.objects.count()
# Checkin First log again
AssetLog.objects.create(checked_by=self.security_user,
asset=self.test_other_asset,
log_type=CHECKIN)
final_log_count = AssetLog.objects.count()
self.assertEqual(initial_log_count + 1, final_log_count)
def test_add_checkin(self):
AssetLog.objects.create(checked_by=self.security_user,
asset=self.test_other_asset,
log_type=CHECKIN)
self.assertEqual(AssetLog.objects.count(), 3)
created_log = AssetLog.objects.filter(
asset=self.test_other_asset).first()
self.assertEqual(created_log.log_type, CHECKIN)
def test_verify_double_checkout_for_asset(self):
# First log
AssetLog.objects.create(
checked_by=self.security_user,
asset=self.test_other_asset,
log_type=CHECKOUT,
)
initial_log_count = AssetLog.objects.count()
# Second log
AssetLog.objects.create(
checked_by=self.security_user,
asset=self.test_other_asset,
log_type=CHECKOUT,
)
final_log_count = AssetLog.objects.count()
self.assertEqual(initial_log_count, final_log_count)
def test_verify_checkout_for_asset_once_checked_out(self):
# First log
AssetLog.objects.create(
checked_by=self.security_user,
asset=self.test_other_asset,
log_type=CHECKOUT,
)
# Second log
AssetLog.objects.create(checked_by=self.security_user,
asset=self.test_other_asset,
log_type=CHECKIN)
initial_log_count = AssetLog.objects.count()
# Checkout First log again
AssetLog.objects.create(
checked_by=self.security_user,
asset=self.test_other_asset,
log_type=CHECKOUT,
)
final_log_count = AssetLog.objects.count()
self.assertEqual(initial_log_count + 1, final_log_count)
def test_add_checkout(self):
count_before_log = AssetLog.objects.count()
AssetLog.objects.create(
checked_by=self.security_user,
asset=self.test_other_asset,
log_type=CHECKOUT,
)
self.assertEqual(AssetLog.objects.count(), count_before_log + 1)
def test_add_checkin_without_log_type(self):
with self.assertRaises(ValidationError) as e:
AssetLog.objects.create(checked_by=self.security_user,
asset=self.test_other_asset)
self.assertEqual(
e.exception.message_dict,
{
"log_type": ["This field cannot be blank."],
"__all__": ["Log type is required."],
},
)
def test_delete_checkin(self):
self.assertEqual(AssetLog.objects.count(), 2)
self.checkin.delete()
self.assertEqual(AssetLog.objects.count(), 1)
def test_update_checkin(self):
self.checkin.asset = self.test_other_asset
self.checkin.save()
self.assertEqual(self.checkin.asset.asset_code,
self.test_other_asset.asset_code)
def test_update_checkout(self):
self.checkout.asset = self.test_other_asset
self.checkout.save()
self.assertEqual(self.checkout.asset.asset_code,
self.test_other_asset.asset_code)
def test_non_authenticated_user_checkin_checkout(self):
response = client.get(self.asset_logs_url)
self.assertEqual(
response.data,
{"detail": "Authentication credentials were not provided."})
def test_checkout_model_string_representation(self):
self.assertEqual(str(self.checkin.asset.serial_number),
self.asset.serial_number)
@patch("api.authentication.auth.verify_id_token")
def test_authenticated_normal_user_list_checkin_checkout(
self, mock_verify_id_token):
mock_verify_id_token.return_value = {"email": self.user.email}
response = client.get(self.asset_logs_url,
HTTP_AUTHORIZATION="Token {}".format(
self.token_user))
self.assertEqual(
response.data,
{"detail": "You do not have permission to perform this action."},
)
self.assertEqual(response.status_code, 403)
@patch("api.authentication.auth.verify_id_token")
def test_authenticated_security_user_list_checkin_checkout(
self, mock_verify_id_token):
mock_verify_id_token.return_value = {"email": self.security_user.email}
response = client.get(
self.asset_logs_url,
HTTP_AUTHORIZATION="Token {}".format(self.token_checked_by),
)
self.assertIn(self.checkout.id, response.data["results"][0].values())
self.assertEqual(len(response.data["results"]),
AssetLog.objects.count())
self.assertEqual(response.status_code, 200)
@patch("api.authentication.auth.verify_id_token")
def test_authenticated_admin_user_list_checkin_checkout(
self, mock_verify_id_token):
mock_verify_id_token.return_value = {"email": self.admin_user.email}
response = client.get(self.asset_logs_url,
HTTP_AUTHORIZATION="Token {}".format(
self.token_admin))
self.assertIn(self.checkout.id, response.data["results"][0].values())
self.assertEqual(len(response.data["results"]),
AssetLog.objects.count())
self.assertEqual(response.status_code, 200)
@patch("api.authentication.auth.verify_id_token")
def test_authenticated_normal_user_create_checkin(self,
mock_verify_id_token):
mock_verify_id_token.return_value = {"email": self.user.email}
response = client.get(self.asset_logs_url,
HTTP_AUTHORIZATION="Token {}".format(
self.token_user))
self.assertEqual(
response.data,
{"detail": "You do not have permission to perform this action."},
)
self.assertEqual(response.status_code, 403)
@patch("api.authentication.auth.verify_id_token")
def test_authenticated_security_user_create_checkin(
self, mock_verify_id_token):
mock_verify_id_token.return_value = {"email": self.security_user.email}
data = {"asset": self.test_other_asset.id, "log_type": "Checkin"}
response = client.post(
self.asset_logs_url,
data,
HTTP_AUTHORIZATION="Token {}".format(self.token_checked_by),
)
self.assertEqual(
response.data["asset"],
f"{self.test_other_asset.serial_number} - "
f"{self.test_other_asset.asset_code}",
)
self.assertEqual(response.status_code, 201)
@patch("api.authentication.auth.verify_id_token")
def test_authenticated_security_user_cannot_double_checkin_an_asset(
self, mock_verify_id_token):
mock_verify_id_token.return_value = {"email": self.security_user.email}
AssetLog.objects.create(checked_by=self.security_user,
asset=self.test_other_asset,
log_type=CHECKIN)
initial_log_count = AssetLog.objects.count()
data = {"asset": self.test_other_asset.id, "log_type": CHECKIN}
response = client.post(
self.asset_logs_url,
data,
HTTP_AUTHORIZATION="Token {}".format(self.token_checked_by),
)
updated_log_count = AssetLog.objects.count()
self.assertEqual(response.status_code, 400)
self.assertEqual(initial_log_count, updated_log_count)
@patch("api.authentication.auth.verify_id_token")
def test_that_authenticated_security_user_can_checkin_asset_previously_checked_in(
self, mock_verify_id_token):
mock_verify_id_token.return_value = {"email": self.security_user.email}
# Check in the asset
AssetLog.objects.create(checked_by=self.security_user,
asset=self.test_other_asset,
log_type=CHECKIN)
# Checkout the asset
AssetLog.objects.create(
checked_by=self.security_user,
asset=self.test_other_asset,
log_type=CHECKOUT,
)
initial_log_count = AssetLog.objects.count()
data = {"asset": self.test_other_asset.id, "log_type": CHECKIN}
response = client.post(
self.asset_logs_url,
data,
HTTP_AUTHORIZATION="Token {}".format(self.token_checked_by),
)
updated_log_count = AssetLog.objects.count()
self.assertEqual(response.status_code, 201)
self.assertEqual(initial_log_count + 1, updated_log_count)
@patch("api.authentication.auth.verify_id_token")
def test_authenticated_security_user_can_checkout_asset_previously_checked_out(
self, mock_verify_id_token):
mock_verify_id_token.return_value = {"email": self.security_user.email}
# Check in the asset
AssetLog.objects.create(
checked_by=self.security_user,
asset=self.test_other_asset,
log_type=CHECKOUT,
)
# Checkout the asset
AssetLog.objects.create(checked_by=self.security_user,
asset=self.test_other_asset,
log_type=CHECKIN)
initial_log_count = AssetLog.objects.count()
data = {"asset": self.test_other_asset.id, "log_type": CHECKOUT}
response = client.post(
self.asset_logs_url,
data,
HTTP_AUTHORIZATION="Token {}".format(self.token_checked_by),
)
updated_log_count = AssetLog.objects.count()
self.assertEqual(response.status_code, 201)
self.assertEqual(initial_log_count + 1, updated_log_count)
@patch("api.authentication.auth.verify_id_token")
def test_authenticated_security_user_create_checkout(
self, mock_verify_id_token):
mock_verify_id_token.return_value = {"email": self.security_user.email}
data = {"asset": self.test_other_asset.id, "log_type": CHECKOUT}
response = client.post(
self.asset_logs_url,
data,
HTTP_AUTHORIZATION="Token {}".format(self.token_checked_by),
)
self.assertEqual(
response.data["asset"],
f"{self.test_other_asset.serial_number} - "
f"{self.test_other_asset.asset_code}",
)
self.assertEqual(response.status_code, 201)
@patch("api.authentication.auth.verify_id_token")
def test_authenticated_security_user_cannot_double_checkout_an_asset(
self, mock_verify_id_token):
mock_verify_id_token.return_value = {"email": self.security_user.email}
AssetLog.objects.create(
checked_by=self.security_user,
asset=self.test_other_asset,
log_type=CHECKOUT,
)
initial_log_count = AssetLog.objects.count()
data = {"asset": self.test_other_asset.id, "log_type": CHECKOUT}
response = client.post(
self.asset_logs_url,
data,
HTTP_AUTHORIZATION="Token {}".format(self.token_checked_by),
)
updated_log_count = AssetLog.objects.count()
self.assertEqual(response.status_code, 400)
self.assertEqual(initial_log_count, updated_log_count)
@patch("api.authentication.auth.verify_id_token")
def test_authenticated_security_user_create_with_invalid_log_type(
self, mock_verify_id_token):
mock_verify_id_token.return_value = {"email": self.security_user.email}
log_type = "Invalid"
data = {"asset": self.test_other_asset.id, "log_type": log_type}
response = client.post(
self.asset_logs_url,
data,
HTTP_AUTHORIZATION="Token {}".format(self.token_checked_by),
)
self.assertEqual(
response.data,
{"log_type": ['"{}" is not a valid choice.'.format(log_type)]},
)
self.assertEqual(response.status_code, 400)
@patch("api.authentication.auth.verify_id_token")
def test_authenticated_security_user_create_checkin_without_asset(
self, mock_verify_id_token):
mock_verify_id_token.return_value = {"email": self.security_user.email}
data = {"log_type": "Checkin"}
response = client.post(
self.asset_logs_url,
data,
HTTP_AUTHORIZATION="Token {}".format(self.token_checked_by),
)
self.assertDictEqual(response.data,
{"asset": ["This field is required."]})
self.assertEqual(response.status_code, 400)
@patch("api.authentication.auth.verify_id_token")
def test_authenticated_security_user_view_checkin_detail(
self, mock_verify_id_token):
mock_verify_id_token.return_value = {"email": self.security_user.email}
response = client.get(
"{}/{}/".format(self.asset_logs_url, self.checkin.id),
HTTP_AUTHORIZATION="Token {}".format(self.token_checked_by),
)
self.assertEqual(response.data["id"], self.checkin.id)
self.assertEqual(response.status_code, 200)
@patch("api.authentication.auth.verify_id_token")
def test_authenticated_security_user_cannot_delete_checkin(
self, mock_verify_id_token):
mock_verify_id_token.return_value = {"email": self.security_user.email}
response = client.delete(
"{}/{}/".format(self.asset_logs_url, self.checkin.id),
HTTP_AUTHORIZATION="Token {}".format(self.token_checked_by),
)
self.assertEqual(response.data,
{"detail": 'Method "DELETE" not allowed.'})
self.assertEqual(response.status_code, 405)
@patch("api.authentication.auth.verify_id_token")
def test_authenticated_security_user_cannot_put_checkin(
self, mock_verify_id_token):
mock_verify_id_token.return_value = {"email": self.security_user.email}
response = client.put(
"{}/{}/".format(self.asset_logs_url, self.checkin.id),
HTTP_AUTHORIZATION="Token {}".format(self.token_checked_by),
)
self.assertEqual(response.data,
{"detail": 'Method "PUT" not allowed.'})
self.assertEqual(response.status_code, 405)
@patch("api.authentication.auth.verify_id_token")
def test_authenticated_security_user_cannot_patch_checkin(
self, mock_verify_id_token):
mock_verify_id_token.return_value = {"email": self.security_user.email}
response = client.patch(
"{}/{}/".format(self.asset_logs_url, self.checkin.id),
HTTP_AUTHORIZATION="Token {}".format(self.token_checked_by),
)
self.assertEqual(response.data,
{"detail": 'Method "PATCH" not allowed.'})
self.assertEqual(response.status_code, 405)
class AssetLogModelTest(APIBaseTestCase):
"""Tests for the AssetLog Model and API"""
def setUp(self):
self.test_assetmodel1 = AssetModelNumber.objects.create(
model_number="IMN50987", make_label=self.make_label)
self.test_other_asset = Asset(
asset_code="IC00sf",
serial_number="SN00134",
model_number=self.test_assetmodel1,
assigned_to=self.asset_assignee,
purchase_date="2018-07-10",
)
self.test_other_asset.save()
self.checkin = AssetLog.objects.create(checked_by=self.security_user,
asset=self.asset,
log_type="Checkin")
self.checkout = AssetLog.objects.create(checked_by=self.security_user,
asset=self.asset,
log_type="Checkout")
def test_add_checkin(self):
AssetLog.objects.create(
checked_by=self.security_user,
asset=self.test_other_asset,
log_type="Checkin",
)
self.assertEqual(AssetLog.objects.count(), 3)
def test_add_checkout(self):
AssetLog.objects.create(
checked_by=self.security_user,
asset=self.test_other_asset,
log_type="Checkout",
)
self.assertEqual(AssetLog.objects.count(), 3)
def test_add_checkin_without_log_type(self):
with self.assertRaises(ValidationError) as e:
AssetLog.objects.create(checked_by=self.security_user,
asset=self.test_other_asset)
self.assertEqual(
e.exception.message_dict,
{
'log_type': ['This field cannot be blank.'],
'__all__': ['Log type is required.'],
},
)
def test_delete_checkin(self):
self.assertEqual(AssetLog.objects.count(), 2)
self.checkin.delete()
self.assertEqual(AssetLog.objects.count(), 1)
def test_update_checkin(self):
self.checkin.asset = self.test_other_asset
self.checkin.save()
self.assertEqual(self.checkin.asset.asset_code,
self.test_other_asset.asset_code)
def test_update_checkout(self):
self.checkout.asset = self.test_other_asset
self.checkout.save()
self.assertEqual(self.checkout.asset.asset_code,
self.test_other_asset.asset_code)
def test_non_authenticated_user_checkin_checkout(self):
response = client.get(self.asset_logs_url)
self.assertEqual(
response.data,
{'detail': 'Authentication credentials were not provided.'})
def test_checkout_model_string_representation(self):
self.assertEqual(str(self.checkin.asset.serial_number),
self.asset.serial_number)
@patch('api.authentication.auth.verify_id_token')
def test_authenticated_normal_user_list_checkin_checkout(
self, mock_verify_id_token):
mock_verify_id_token.return_value = {'email': self.user.email}
response = client.get(self.asset_logs_url,
HTTP_AUTHORIZATION="Token {}".format(
self.token_user))
self.assertEqual(
response.data,
{'detail': 'You do not have permission to perform this action.'},
)
self.assertEqual(response.status_code, 403)
@patch('api.authentication.auth.verify_id_token')
def test_authenticated_security_user_list_checkin_checkout(
self, mock_verify_id_token):
mock_verify_id_token.return_value = {'email': self.security_user.email}
response = client.get(
self.asset_logs_url,
HTTP_AUTHORIZATION="Token {}".format(self.token_checked_by),
)
self.assertIn(self.checkout.id, response.data['results'][0].values())
self.assertEqual(len(response.data['results']),
AssetLog.objects.count())
self.assertEqual(response.status_code, 200)
@patch('api.authentication.auth.verify_id_token')
def test_authenticated_normal_user_create_checkin(self,
mock_verify_id_token):
mock_verify_id_token.return_value = {'email': self.user.email}
response = client.get(self.asset_logs_url,
HTTP_AUTHORIZATION="Token {}".format(
self.token_user))
self.assertEqual(
response.data,
{'detail': 'You do not have permission to perform this action.'},
)
self.assertEqual(response.status_code, 403)
@patch('api.authentication.auth.verify_id_token')
def test_authenticated_security_user_create_checkin(
self, mock_verify_id_token):
mock_verify_id_token.return_value = {'email': self.security_user.email}
data = {'asset': self.test_other_asset.id, 'log_type': 'Checkin'}
response = client.post(
self.asset_logs_url,
data,
HTTP_AUTHORIZATION="Token {}".format(self.token_checked_by),
)
self.assertEqual(
response.data['asset'],
f"{self.test_other_asset.serial_number} - "
f"{self.test_other_asset.asset_code}",
)
self.assertEqual(response.status_code, 201)
@patch('api.authentication.auth.verify_id_token')
def test_authenticated_security_user_create_checkout(
self, mock_verify_id_token):
mock_verify_id_token.return_value = {'email': self.security_user.email}
data = {'asset': self.test_other_asset.id, 'log_type': 'Checkout'}
response = client.post(
self.asset_logs_url,
data,
HTTP_AUTHORIZATION="Token {}".format(self.token_checked_by),
)
self.assertEqual(
response.data['asset'],
f"{self.test_other_asset.serial_number} - "
f"{self.test_other_asset.asset_code}",
)
self.assertEqual(response.status_code, 201)
@patch('api.authentication.auth.verify_id_token')
def test_authenticated_security_user_create_with_invalid_log_type(
self, mock_verify_id_token):
mock_verify_id_token.return_value = {'email': self.security_user.email}
log_type = "Invalid"
data = {'asset': self.test_other_asset.id, 'log_type': log_type}
response = client.post(
self.asset_logs_url,
data,
HTTP_AUTHORIZATION="Token {}".format(self.token_checked_by),
)
self.assertEqual(
response.data,
{'log_type': ['"{}" is not a valid choice.'.format(log_type)]},
)
self.assertEqual(response.status_code, 400)
@patch('api.authentication.auth.verify_id_token')
def test_authenticated_security_user_create_checkin_without_asset(
self, mock_verify_id_token):
mock_verify_id_token.return_value = {'email': self.security_user.email}
data = {'log_type': 'Checkin'}
response = client.post(
self.asset_logs_url,
data,
HTTP_AUTHORIZATION="Token {}".format(self.token_checked_by),
)
self.assertDictEqual(response.data,
{'asset': ['This field is required.']})
self.assertEqual(response.status_code, 400)
@patch('api.authentication.auth.verify_id_token')
def test_authenticated_security_user_view_checkin_detail(
self, mock_verify_id_token):
mock_verify_id_token.return_value = {'email': self.security_user.email}
response = client.get(
"{}/{}/".format(self.asset_logs_url, self.checkin.id),
HTTP_AUTHORIZATION="Token {}".format(self.token_checked_by),
)
self.assertEqual(response.data['id'], self.checkin.id)
self.assertEqual(response.status_code, 200)
@patch('api.authentication.auth.verify_id_token')
def test_authenticated_security_user_cannot_delete_checkin(
self, mock_verify_id_token):
mock_verify_id_token.return_value = {'email': self.security_user.email}
response = client.delete(
"{}/{}/".format(self.asset_logs_url, self.checkin.id),
HTTP_AUTHORIZATION="Token {}".format(self.token_checked_by),
)
self.assertEqual(response.data,
{'detail': 'Method "DELETE" not allowed.'})
self.assertEqual(response.status_code, 405)
@patch('api.authentication.auth.verify_id_token')
def test_authenticated_security_user_cannot_put_checkin(
self, mock_verify_id_token):
mock_verify_id_token.return_value = {'email': self.security_user.email}
response = client.put(
"{}/{}/".format(self.asset_logs_url, self.checkin.id),
HTTP_AUTHORIZATION="Token {}".format(self.token_checked_by),
)
self.assertEqual(response.data,
{'detail': 'Method "PUT" not allowed.'})
self.assertEqual(response.status_code, 405)
@patch('api.authentication.auth.verify_id_token')
def test_authenticated_security_user_cannot_patch_checkin(
self, mock_verify_id_token):
mock_verify_id_token.return_value = {'email': self.security_user.email}
response = client.patch(
"{}/{}/".format(self.asset_logs_url, self.checkin.id),
HTTP_AUTHORIZATION="Token {}".format(self.token_checked_by),
)
self.assertEqual(response.data,
{'detail': 'Method "PATCH" not allowed.'})
self.assertEqual(response.status_code, 405)
class AssetIncidentReportAPITest(APIBaseTestCase):
""" Tests for the AssetIncidentReport API """
def setUp(self):
super(AssetIncidentReportAPITest, self).setUp()
asset_category = AssetCategory.objects.create(category_name="Computer")
asset_sub_category = AssetSubCategory.objects.create(
sub_category_name="Electronics", asset_category=asset_category)
asset_type = AssetType.objects.create(
asset_type="Accessory", asset_sub_category=asset_sub_category)
make_label = AssetMake.objects.create(make_label="Sades",
asset_type=asset_type)
self.assetmodel = AssetModelNumber(model_number='IMN50987',
make_label=make_label)
self.test_assetmodel = AssetModelNumber(model_number="IMN50987",
make_label=make_label)
self.test_assetmodel.save()
self.user = User.objects.create_user(email='*****@*****.**',
cohort=20,
slack_handle='@admin',
password='******')
self.token_user = '******'
self.test_asset = Asset(asset_code="qaz123",
serial_number="123qaz",
model_number=self.test_assetmodel,
assigned_to=self.user,
purchase_date="2018-07-10")
self.test_asset.save()
self.incident_report = AssetIncidentReport.objects.create(
asset=self.test_asset,
incident_type="Loss",
incident_location="44",
incident_description="Mugging",
injuries_sustained="Black eye",
loss_of_property="Laptop",
witnesses="John Doe",
police_abstract_obtained="Yes")
self.incident_report_url = reverse('incidence-reports-list')
self.count_before = AssetIncidentReport.objects.count()
def test_non_authenticated_user_view_incident_report(self):
response = client.get(self.incident_report_url)
self.assertEqual(
response.data,
{'detail': 'Authentication credentials were not provided.'})
@patch('api.authentication.auth.verify_id_token')
def test_authenticated_user_post_incident_report(self,
mock_verify_id_token):
mock_verify_id_token.return_value = {'email': self.user.email}
data = {
"asset": self.test_asset.id,
"incident_type": "Loss",
"incident_location": "CDB",
"incident_description": "Lorem Ipsum",
"injuries_sustained": "N/a",
"loss_of_property": "Mobile Phone",
"witnesses": "John Doe +2347548458457",
"police_abstract_obtained": "Yes"
}
response = client.post(f"{self.incident_report_url}",
data,
HTTP_AUTHORIZATION="Token {}".format(
self.token_user))
self.assertIn(
f"{self.test_asset.serial_number} - {self.test_asset.asset_code}",
response.data.values())
self.assertIn("submitted_by", response.data.keys())
self.assertEqual(response.data['submitted_by'], self.user.email)
self.assertEqual(response.status_code, 201)
@patch('api.authentication.auth.verify_id_token')
def test_authenticated_user_post_invalid_incident_type(
self, mock_verify_id_token):
mock_verify_id_token.return_value = {'email': self.user.email}
data = {
"asset": self.test_asset.id,
"incident_type": "Invalid",
"incident_location": "CDB",
"incident_description": "Lorem Ipsum",
"injuries_sustained": "N/a",
"loss_of_property": "Mobile Phone",
"witnesses": "John Doe +2347548458457",
"police_abstract_obtained": "Yes"
}
response = client.post(f"{self.incident_report_url}",
data,
HTTP_AUTHORIZATION="Token {}".format(
self.token_user))
self.assertEquals(
response.data,
{'incident_type': ['"Invalid" is not a valid choice.']})
self.assertEqual(response.status_code, 400)
@patch('api.authentication.auth.verify_id_token')
def test_authenticated_user_post_empty_incident_fields(
self, mock_verify_id_token):
mock_verify_id_token.return_value = {'email': self.user.email}
data = {
"asset": self.test_asset.id,
"incident_type": "Loss",
"incident_location": "",
"incident_description": "Lorem",
"police_abstract_obtained": "Yes"
}
response = client.post(f"{self.incident_report_url}",
data,
HTTP_AUTHORIZATION="Token {}".format(
self.token_user))
self.assertEquals(
response.data,
{'incident_location': ['This field may not be blank.']})
self.assertEqual(response.status_code, 400)
@patch('api.authentication.auth.verify_id_token')
def test_authenticated_user_get_incident_report(self,
mock_verify_id_token):
mock_verify_id_token.return_value = {'email': self.user.email}
response = client.get(f"{self.incident_report_url}",
HTTP_AUTHORIZATION="Token {}".format(
self.token_user))
self.assertIn(self.incident_report.id,
response.data['results'][0].values())
self.assertEqual(len(response.data['results']),
AssetIncidentReport.objects.count())
self.assertEqual(response.status_code, 200)
@patch('api.authentication.auth.verify_id_token')
def test_authenticated_user_get_single_incident_report(
self, mock_verify_id_token):
mock_verify_id_token.return_value = {'email': self.user.email}
response = client.get(
f"{self.incident_report_url}/{self.incident_report.id}/",
HTTP_AUTHORIZATION="Token {}".format(self.token_user))
self.assertIn(self.incident_report.id, response.data.values())
self.assertEqual(response.status_code, 200)
@patch('api.authentication.auth.verify_id_token')
def test_cant_allow_put_incident_report(self, mock_verify_id_token):
mock_verify_id_token.return_value = {'email': self.user.email}
response = client.put(f"{self.incident_report_url}",
HTTP_AUTHORIZATION="Token {}".format(
self.token_user))
self.assertEqual(response.data,
{'detail': 'Method "PUT" not allowed.'})
self.assertEquals(response.status_code, 405)
@patch('api.authentication.auth.verify_id_token')
def test_cant_allow_patch_incident_report(self, mock_verify_id_token):
mock_verify_id_token.return_value = {'email': self.user.email}
response = client.patch(f"{self.incident_report_url}",
HTTP_AUTHORIZATION="Token {}".format(
self.token_user))
self.assertEqual(response.data,
{'detail': 'Method "PATCH" not allowed.'})
self.assertEquals(response.status_code, 405)
@patch('api.authentication.auth.verify_id_token')
def test_cant_allow_delete_incident_report(self, mock_verify_id_token):
mock_verify_id_token.return_value = {'email': self.user.email}
response = client.delete(f"{self.incident_report_url}",
HTTP_AUTHORIZATION="Token {}".format(
self.token_user))
self.assertEqual(response.data,
{'detail': 'Method "DELETE" not allowed.'})
self.assertEquals(response.status_code, 405)
class AssetStatusAPITest(APIBaseTestCase):
"""Tests for the Asset Status API"""
def setUp(self):
super(AssetStatusAPITest, self).setUp()
asset_category = AssetCategory.objects.create(
category_name="Computer")
asset_sub_category = AssetSubCategory.objects.create(
sub_category_name="Electronics", asset_category=asset_category)
asset_type = AssetType.objects.create(
asset_type="Accessory", asset_sub_category=asset_sub_category)
make_label = AssetMake.objects.create(
make_label="Sades", asset_type=asset_type)
self.assetmodel = AssetModelNumber(
model_number='IMN50987', make_label=make_label)
self.test_assetmodel1 = AssetModelNumber(
model_number="IMN50987", make_label=make_label)
self.test_assetmodel1.save()
self.token_user = '******'
self.normal_user = User.objects.create(
email='*****@*****.**', cohort=10,
slack_handle='@test_user', password='******'
)
self.test_asset = Asset(
asset_code="IC001",
serial_number="SN001",
model_number=self.test_assetmodel1,
assigned_to=self.normal_user,
purchase_date="2018-07-10"
)
self.test_asset.save()
self.asset = Asset.objects.get(asset_code="IC001")
self.asset_status = AssetStatus.objects.get(asset=self.asset)
self.asset_status_urls = reverse('asset-status-list')
def test_non_authenticated_user_view_asset_status(self):
response = client.get(self.asset_status_urls)
self.assertEqual(response.data, {
'detail': 'Authentication credentials were not provided.'
})
@patch('api.authentication.auth.verify_id_token')
def test_authenticated_user_view_asset_status(self, mock_verify_id_token):
mock_verify_id_token.return_value = {'email': self.normal_user.email}
response = client.get(
self.asset_status_urls,
HTTP_AUTHORIZATION="Token {}".format(self.token_user))
self.assertIn(f"{self.asset.asset_code} - {self.asset.serial_number}",
response.data['results'][0].values())
self.assertEqual(len(response.data['results']), Asset.objects.count())
self.assertEqual(response.status_code, 200)
@patch('api.authentication.auth.verify_id_token')
def test_authenticated_user_view_single_asset_status(
self, mock_verify_id_token):
mock_verify_id_token.return_value = {'email': self.normal_user.email}
response = client.get(
'{}/{}/'.format(self.asset_status_urls, self.asset_status.id),
HTTP_AUTHORIZATION="Token {}".format(self.token_user))
self.assertIn(
f"{self.asset.asset_code} - {self.asset.serial_number}",
response.data.values())
self.assertEqual(response.status_code, 200)
@patch('api.authentication.auth.verify_id_token')
def test_authenticated_user_post_asset_status(self, mock_verify_id_token):
mock_verify_id_token.return_value = {'email': self.normal_user.email}
data = {
"asset": self.test_asset.id,
"current_status": "Available"
}
response = client.post(
self.asset_status_urls,
data=data,
HTTP_AUTHORIZATION="Token {}".format(self.token_user))
self.assertIn(
f"{self.test_asset.asset_code} - {self.test_asset.serial_number}",
response.data.values())
self.assertEqual(response.status_code, 201)
@patch('api.authentication.auth.verify_id_token')
def test_authenticated_user_post_invalid_serial_number(
self, mock_verify_id_token):
mock_verify_id_token.return_value = {'email': self.normal_user.email}
data = {
"asset": 100000,
"current_status": "Available"
}
response = client.post(
self.asset_status_urls,
data=data,
HTTP_AUTHORIZATION="Token {}".format(self.token_user))
self.assertEqual(response.data, {
'asset': ['Invalid pk "100000" - object does not exist.']
})
self.assertEqual(response.status_code, 400)
@patch('api.authentication.auth.verify_id_token')
def test_authenticated_user_post_invalid_status(
self, mock_verify_id_token):
mock_verify_id_token.return_value = {'email': self.normal_user.email}
data = {
"asset": self.test_asset.id,
"current_status": "Invalid"
}
response = client.post(
self.asset_status_urls,
data=data,
HTTP_AUTHORIZATION="Token {}".format(self.token_user))
self.assertEqual(response.data, {
'current_status': ['"Invalid" is not a valid choice.']
})
self.assertEqual(response.status_code, 400)
@patch('api.authentication.auth.verify_id_token')
def test_authenticated_user_post_empty_payload(self, mock_verify_id_token):
mock_verify_id_token.return_value = {'email': self.normal_user.email}
data = {}
response = client.post(
self.asset_status_urls,
data=data,
HTTP_AUTHORIZATION="Token {}".format(self.token_user))
self.assertEqual(response.data, {
'asset': ['This field is required.'],
'current_status': ['This field is required.']
})
self.assertEqual(response.status_code, 400)
@patch('api.authentication.auth.verify_id_token')
def test_authenticated_user_put_not_allowed(self, mock_verify_id_token):
mock_verify_id_token.return_value = {'email': self.normal_user.email}
data = {}
response = client.put(
self.asset_status_urls,
data=data,
HTTP_AUTHORIZATION="Token {}".format(self.token_user))
self.assertEqual(response.data, {
'detail': 'Method "PUT" not allowed.'
})
self.assertEqual(response.status_code, 405)
@patch('api.authentication.auth.verify_id_token')
def test_authenticated_user_patch_not_allowed(self, mock_verify_id_token):
mock_verify_id_token.return_value = {'email': self.normal_user.email}
data = {}
response = client.patch(
self.asset_status_urls,
data=data,
HTTP_AUTHORIZATION="Token {}".format(self.token_user))
self.assertEqual(response.data, {
'detail': 'Method "PATCH" not allowed.'
})
self.assertEqual(response.status_code, 405)
@patch('api.authentication.auth.verify_id_token')
def test_authenticated_user_delete_not_allowed(self, mock_verify_id_token):
mock_verify_id_token.return_value = {'email': self.normal_user.email}
response = client.delete(
self.asset_status_urls,
HTTP_AUTHORIZATION="Token {}".format(self.token_user))
self.assertEqual(response.data, {
'detail': 'Method "DELETE" not allowed.'
})
self.assertEqual(response.status_code, 405)
class AssetHealthTestCase(APIBaseTestCase):
def setUp(self):
super(AssetHealthTestCase, self).setUp()
self.admin = User.objects.create_superuser(email='*****@*****.**',
cohort=20,
slack_handle='@admin',
password='******')
self.token_admin = "tokenadmin"
self.user = User.objects.create_user(email='*****@*****.**',
cohort=20,
slack_handle='@admin',
password='******')
self.token_user = '******'
self.other_user = User.objects.create_user(email='*****@*****.**',
cohort=20,
slack_handle='@admin',
password='******')
self.token_other_user = '******'
self.asset_category = AssetCategory.objects.create(
category_name="Accessories")
self.asset_sub_category = AssetSubCategory.objects.create(
sub_category_name="Sub Category name",
asset_category=self.asset_category)
self.asset_type = AssetType.objects.create(
asset_type="Asset Type",
asset_sub_category=self.asset_sub_category)
self.make_label = AssetMake.objects.create(make_label="Asset Make",
asset_type=self.asset_type)
self.assetmodel = AssetModelNumber(model_number="IMN50987",
make_label=self.make_label)
self.assetmodel.save()
self.asset = Asset(
asset_code="IC001",
serial_number="SN001",
assigned_to=self.user,
model_number=self.assetmodel,
purchase_date="2018-07-10",
)
self.asset.save()
allocation_history = AllocationHistory(asset=self.asset,
current_owner=self.user)
allocation_history.save()
self.asset_urls = reverse('asset-health-list')
def test_non_authenticated_user_view_assets_health(self):
response = client.get(self.asset_urls)
self.assertEqual(
response.data,
{'detail': 'Authentication credentials were not provided.'})
@patch('api.authentication.auth.verify_id_token')
def test_non_admin_cannot_view_asset_health(self, mock_verify_id_token):
mock_verify_id_token.return_value = {'email': self.user.email}
response = client.get(self.asset_urls,
HTTP_AUTHORIZATION="Token {}".format(
self.token_user))
self.assertEqual(response.data,
{'detail': ['You do not have authorization']})
self.assertEqual(response.status_code, 403)
@patch('api.authentication.auth.verify_id_token')
def test_authenticated_admin_view_assets_health(self,
mock_verify_id_token):
mock_verify_id_token.return_value = {'email': self.admin.email}
response = client.get(self.asset_urls,
HTTP_AUTHORIZATION="Token {}".format(
self.token_admin))
self.assertEqual(len(response.data), Asset.objects.count())
self.assertEqual(response.data[0]['model_number'],
self.asset.model_number.model_number)
self.assertEqual(response.data[0]['count_by_status']['Allocated'], 1)
self.assertEqual(response.data[0]['count_by_status']['Available'], 0)
self.assertEqual(response.data[0]['count_by_status']['Damaged'], 0)
self.assertEqual(response.data[0]['count_by_status']['Lost'], 0)
self.assertEqual(response.status_code, 200)
@patch('api.authentication.auth.verify_id_token')
def test_assets_health_api_endpoint_cant_allow_put(self,
mock_verify_id_token):
mock_verify_id_token.return_value = {'email': self.user.email}
response = client.put(self.asset_urls,
HTTP_AUTHORIZATION="Token {}".format(
self.token_user))
self.assertEqual(response.data,
{'detail': 'Method "PUT" not allowed.'})
@patch('api.authentication.auth.verify_id_token')
def test_assets_health_api_endpoint_cant_allow_patch(
self, mock_verify_id_token):
mock_verify_id_token.return_value = {'email': self.user.email}
response = client.patch(self.asset_urls,
HTTP_AUTHORIZATION="Token {}".format(
self.token_user))
self.assertEqual(response.data,
{'detail': 'Method "PATCH" not allowed.'})
@patch('api.authentication.auth.verify_id_token')
def test_assets_health__endpoint_cant_allow_delete(self,
mock_verify_id_token):
mock_verify_id_token.return_value = {'email': self.user.email}
response = client.delete(
'{}/{}/'.format(self.asset_urls, self.asset.serial_number),
HTTP_AUTHORIZATION="Token {}".format(self.token_user))
self.assertEqual(response.data,
{'detail': 'Method "DELETE" not allowed.'})
@patch('api.authentication.auth.verify_id_token')
def test_asset_type_in_asset_health_api(self, mock_verify_id_token):
mock_verify_id_token.return_value = {'email': self.admin.email}
response = client.get(self.asset_urls,
HTTP_AUTHORIZATION="Token {}".format(
self.token_admin))
self.assertIn('asset_type', response.data[0])
self.assertEqual(response.data[0]['asset_type'],
self.asset_type.asset_type)
self.assertEqual(response.status_code, 200)
class AssetTestCase(APIBaseTestCase):
def setUp(self):
super(AssetTestCase, self).setUp()
self.user = User.objects.create_user(
email='*****@*****.**', cohort=20,
slack_handle='@admin', password='******'
)
self.token_user = '******'
self.other_user = User.objects.create_user(
email='*****@*****.**', cohort=20,
slack_handle='@admin', password='******'
)
self.token_other_user = '******'
self.asset_category = AssetCategory.objects.create(
category_name="Accessories")
self.asset_sub_category = AssetSubCategory.objects.create(
sub_category_name="Sub Category name",
asset_category=self.asset_category)
self.asset_type = AssetType.objects.create(
asset_type="Asset Type",
asset_sub_category=self.asset_sub_category)
self.make_label = AssetMake.objects.create(
make_label="Asset Make", asset_type=self.asset_type)
self.assetmodel = AssetModelNumber(
model_number="IMN50987", make_label=self.make_label)
self.assetmodel.save()
self.asset = Asset(
asset_code="IC001",
serial_number="SN001",
assigned_to=self.user,
model_number=self.assetmodel,
purchase_date="2018-07-10"
)
self.asset.save()
allocation_history = AllocationHistory(
asset=self.asset,
current_owner=self.user
)
allocation_history.save()
self.checked_by = SecurityUser.objects.create(
email="*****@*****.**",
password="******",
first_name="TestFirst",
last_name="TestLast",
phone_number="254720900900",
badge_number="AE23"
)
self.asset_urls = reverse('assets-list')
def test_non_authenticated_user_view_assets(self):
response = client.get(self.asset_urls)
self.assertEqual(response.data, {
'detail': 'Authentication credentials were not provided.'
})
@patch('api.authentication.auth.verify_id_token')
def test_authenticated_owner_view_assets(self, mock_verify_id_token):
mock_verify_id_token.return_value = {'email': self.user.email}
response = client.get(
self.asset_urls,
HTTP_AUTHORIZATION="Token {}".format(self.token_user))
self.assertIn(self.asset.asset_code,
response.data['results'][0].values())
self.assertEqual(len(response.data['results']), Asset.objects.count())
self.assertEqual(response.status_code, 200)
@patch('api.authentication.auth.verify_id_token')
def test_authenticated_user_get_single_asset(self, mock_verify_id_token):
mock_verify_id_token.return_value = {'email': self.user.email}
response = client.get(
"{}/{}/".format(self.asset_urls, self.asset.serial_number),
HTTP_AUTHORIZATION="Token {}".format(self.token_user))
self.assertIn(self.asset.asset_code, response.data.values())
self.assertEqual(response.status_code, 200)
@patch('api.authentication.auth.verify_id_token')
def test_assets_api_endpoint_cant_allow_put(self, mock_verify_id_token):
mock_verify_id_token.return_value = {'email': self.user.email}
response = client.put(
'{}/{}/'.format(self.asset_urls, self.asset.serial_number),
HTTP_AUTHORIZATION="Token {}".format(self.token_user))
self.assertEqual(response.data, {
'detail': 'Method "PUT" not allowed.'
})
@patch('api.authentication.auth.verify_id_token')
def test_assets_api_endpoint_cant_allow_patch(self, mock_verify_id_token):
mock_verify_id_token.return_value = {'email': self.user.email}
response = client.patch(
'{}/{}/'.format(self.asset_urls, self.asset.serial_number),
HTTP_AUTHORIZATION="Token {}".format(self.token_user))
self.assertEqual(response.data, {
'detail': 'Method "PATCH" not allowed.'
})
@patch('api.authentication.auth.verify_id_token')
def test_assets_api_endpoint_cant_allow_delete(self, mock_verify_id_token):
mock_verify_id_token.return_value = {'email': self.user.email}
response = client.delete(
'{}/{}/'.format(self.asset_urls, self.asset.serial_number),
HTTP_AUTHORIZATION="Token {}".format(self.token_user))
self.assertEqual(response.data, {
'detail': 'Method "DELETE" not allowed.'
})
@patch('api.authentication.auth.verify_id_token')
def test_asset_filter_by_email(self, mock_verify_id_token):
mock_verify_id_token.return_value = {'email': self.user.email}
response = client.get(
'{}?email={}'.format(self.asset_urls, self.user.email),
HTTP_AUTHORIZATION="Token {}".format(self.token_user))
self.assertTrue(len(response.data) > 0)
self.assertIn(self.user.email,
response.data['results'][0]['assigned_to']['email'])
@patch('api.authentication.auth.verify_id_token')
def test_asset_filter_non_existing_email_return_empty(
self, mock_verify_id_token):
mock_verify_id_token.return_value = {'email': self.user.email}
response = client.get(
'{}?email={}'.format(
self.asset_urls,
'*****@*****.**'),
HTTP_AUTHORIZATION="Token {}".format(self.token_user))
self.assertFalse(len(response.data['results']) > 0)
@patch('api.authentication.auth.verify_id_token')
def test_asset_filter_with_invalid_email_return_error(
self, mock_verify_id_token):
mock_verify_id_token.return_value = {'email': self.user.email}
response = client.get(
'{}?email={}'.format(
self.asset_urls,
'userwithnoasset'),
HTTP_AUTHORIZATION="Token {}".format(self.token_user))
self.assertEqual(response.data[0], 'Enter a valid email address.')
self.assertEqual(400, response.status_code)
@patch('api.authentication.auth.verify_id_token')
def test_assets_detail_api_endpoint_contain_assigned_to_details(
self, mock_verify_id_token):
mock_verify_id_token.return_value = {'email': self.user.email}
response = client.get(
'{}/{}/'.format(self.asset_urls, self.asset.serial_number),
HTTP_AUTHORIZATION="Token {}".format(self.token_user))
self.assertIn(self.user.email,
response.data['assigned_to'].values())
self.assertEqual(response.status_code, 200)
@patch('api.authentication.auth.verify_id_token')
def test_assets_assigned_to_details_has_no_password(
self, mock_verify_id_token):
mock_verify_id_token.return_value = {'email': self.user.email}
response = client.get(
'{}/{}/'.format(self.asset_urls, self.asset.serial_number),
HTTP_AUTHORIZATION="Token {}".format(self.token_user))
self.assertNotIn('password', response.data['assigned_to'].keys())
self.assertEqual(response.status_code, 200)
@patch('api.authentication.auth.verify_id_token')
def test_checkin_status_for_non_checked_asset(self, mock_verify_id_token):
mock_verify_id_token.return_value = {'email': self.user.email}
response = client.get(
'{}/{}/'.format(self.asset_urls, self.asset.serial_number),
HTTP_AUTHORIZATION="Token {}".format(self.token_user))
self.assertIn('checkin_status', response.data.keys())
self.assertEqual(response.data['checkin_status'], None)
self.assertEqual(response.status_code, 200)
@patch('api.authentication.auth.verify_id_token')
def test_checkin_status_for_checked_in_asset(
self, mock_verify_id_token):
AssetLog.objects.create(
checked_by=self.checked_by,
asset=self.asset,
log_type="Checkin"
)
mock_verify_id_token.return_value = {'email': self.user.email}
response = client.get(
'{}/{}/'.format(self.asset_urls, self.asset.serial_number),
HTTP_AUTHORIZATION="Token {}".format(self.token_user))
self.assertIn('checkin_status', response.data.keys())
self.assertEqual(response.data['checkin_status'],
"checked_in")
self.assertEqual(response.status_code, 200)
@patch('api.authentication.auth.verify_id_token')
def test_checkin_status_for_checkout_in_asset(
self, mock_verify_id_token):
AssetLog.objects.create(
checked_by=self.checked_by,
asset=self.asset,
log_type="Checkout"
)
mock_verify_id_token.return_value = {'email': self.user.email}
response = client.get(
'{}/{}/'.format(self.asset_urls, self.asset.serial_number),
HTTP_AUTHORIZATION="Token {}".format(self.token_user))
self.assertIn('checkin_status', response.data.keys())
self.assertEqual(response.data['checkin_status'],
"checked_out")
self.assertEqual(response.status_code, 200)
@patch('api.authentication.auth.verify_id_token')
def test_asset_type_in_asset_api(self, mock_verify_id_token):
mock_verify_id_token.return_value = {'email': self.user.email}
response = client.get(
'{}/{}/'.format(self.asset_urls, self.asset.serial_number),
HTTP_AUTHORIZATION="Token {}".format(self.token_user))
self.assertIn('asset_type', response.data.keys())
self.assertEqual(response.data['asset_type'],
self.asset_type.asset_type)
self.assertEqual(response.status_code, 200)
@patch('api.authentication.auth.verify_id_token')
def test_assets_have_allocation_history(
self, mock_verify_id_token):
mock_verify_id_token.return_value = {'email': self.user.email}
response = client.get(
'{}/{}/'.format(self.asset_urls, self.asset.serial_number),
HTTP_AUTHORIZATION="Token {}".format(self.token_user))
self.assertIn('allocation_history', response.data.keys())
self.assertEqual(response.status_code, 200)
@patch('api.authentication.auth.verify_id_token')
def test_assets_have_asset_category(
self, mock_verify_id_token):
mock_verify_id_token.return_value = {'email': self.user.email}
response = client.get(
'{}/{}/'.format(self.asset_urls, self.asset.serial_number),
HTTP_AUTHORIZATION="Token {}".format(self.token_user))
self.assertIn('asset_category', response.data.keys())
self.assertEqual(response.status_code, 200)
@patch('api.authentication.auth.verify_id_token')
def test_assets_have_asset_sub_category(
self, mock_verify_id_token):
mock_verify_id_token.return_value = {'email': self.user.email}
response = client.get(
'{}/{}/'.format(self.asset_urls, self.asset.serial_number),
HTTP_AUTHORIZATION="Token {}".format(self.token_user))
self.assertIn('asset_sub_category', response.data.keys())
self.assertEqual(response.status_code, 200)
@patch('api.authentication.auth.verify_id_token')
def test_assets_have_make_label(
self, mock_verify_id_token):
mock_verify_id_token.return_value = {'email': self.user.email}
response = client.get(
'{}/{}/'.format(self.asset_urls, self.asset.serial_number),
HTTP_AUTHORIZATION="Token {}".format(self.token_user))
self.assertIn('make_label', response.data.keys())
self.assertEqual(response.status_code, 200)
@patch('api.authentication.auth.verify_id_token')
def test_assets_have_notes(
self, mock_verify_id_token):
mock_verify_id_token.return_value = {'email': self.user.email}
response = client.get(
'{}/{}/'.format(self.asset_urls, self.asset.serial_number),
HTTP_AUTHORIZATION="Token {}".format(self.token_user))
self.assertIn('notes', response.data.keys())
self.assertEqual(response.status_code, 200)