def test_editor_can_transfer_rights(): control = factories.ControlFactory() user = utils.make_inspector_user(control, assign_questionnaire_editor=False) other_user = utils.make_inspector_user(control, assign_questionnaire_editor=False) questionnaire = factories.QuestionnaireFactory(control=control, is_draft=True, editor=user) assert_questionnaire_has_editor(questionnaire, user) response = call_api(user, questionnaire.id, other_user.id) assert response.status_code == 200 assert_questionnaire_has_editor(questionnaire, other_user)
def test_questionnaire_draft_update__non_author_cannot_update(): increment_ids() # Create questionnaire draft through api, to set the author properly. control = factories.ControlFactory() user = utils.make_inspector_user(control) questionnaire = create_questionnaire_through_api(user, control) non_author = utils.make_inspector_user(control) payload = questionnaire payload['description'] = 'this is a great questionnaire.' response = update_questionnaire(non_author, payload) assert 400 <= response.status_code < 500
def test_cannot_get_users_of_neigboring_control(): # testing for a specific bug we had. control_1 = factories.ControlFactory() inspector_1 = utils.make_inspector_user(control_1) control_2 = factories.ControlFactory() inspector_2 = utils.make_inspector_user(control_2) inspector_2.profile.controls.add(control_1) # control_2 is unknown to inspector_1. # inspector_2 is known to inspector_1/ # So inspector_1 should not be able to get info on control_2. assert get_users_of_control(inspector_1, control_2).status_code == 404
def run_test_questionnaire_update__theme_create(added_theme): increment_ids() theme = factories.ThemeFactory() questionnaire = theme.questionnaire user = utils.make_inspector_user(questionnaire.control) payload = make_update_payload(questionnaire) payload['themes'].append(added_theme) assert Questionnaire.objects.all().count() == 1 assert Theme.objects.all().count() == 1 response = update_questionnaire(user, payload) assert response.status_code == 200 # data is saved assert Questionnaire.objects.all().count() == 1 saved_qr = Questionnaire.objects.get(id=questionnaire.id) assert saved_qr == questionnaire assert Theme.objects.all().count() == 2 new_theme = Theme.objects.last() assert new_theme.title == payload['themes'][1]['title'] assert new_theme.questionnaire == saved_qr # Response data is filled in assert len(response.data['themes']) == 2 assert response.data['themes'][1]['title'] == payload['themes'][1]['title']
def test_questionnaire_update__question_delete(): increment_ids() question = factories.QuestionFactory() theme = question.theme questionnaire = theme.questionnaire user = utils.make_inspector_user(questionnaire.control) payload = make_update_payload(questionnaire) payload['themes'][0]['questions'] = [] assert Questionnaire.objects.all().count() == 1 assert Theme.objects.all().count() == 1 assert Question.objects.all().count() == 1 response = update_questionnaire(user, payload) assert response.status_code == 200 # data is saved assert Questionnaire.objects.all().count() == 1 assert Theme.objects.all().count() == 1 assert Question.objects.all().count() == 0 # Response data is filled in assert len(response.data['themes'][0].get('questions', [])) == 0
def test_questionnaire_update__theme_update(): increment_ids() theme = factories.ThemeFactory() questionnaire = theme.questionnaire user = utils.make_inspector_user(questionnaire.control) payload = make_update_payload(questionnaire) payload['themes'][0]['title'] = 'this is a great theme.' assert Questionnaire.objects.all().count() == 1 assert Theme.objects.all().count() == 1 assert payload['themes'][0]['title'] != theme.title response = update_questionnaire(user, payload) assert response.status_code == 200 # data is saved assert Questionnaire.objects.all().count() == 1 saved_qr = Questionnaire.objects.get(id=questionnaire.id) assert saved_qr == questionnaire assert Theme.objects.all().count() == 1 saved_theme = Theme.objects.get(id=theme.id) assert saved_theme.title != theme.title assert saved_theme.title == payload['themes'][0]['title'] # Response data is filled in assert len(response.data['themes']) == 1 assert response.data['themes'][0]['title'] == payload['themes'][0]['title']
def test_can_access_questionnaire_api_if_control_is_associated_with_the_user(): questionnaire = factories.QuestionnaireFactory() # create inspector_user = utils.make_inspector_user(questionnaire.control) payload = make_create_payload(questionnaire.control.id) assert create_questionnaire(inspector_user, payload).status_code == 201
def run_test_questionnaire_update__theme_recreated(modify_payload_func): increment_ids() question = factories.QuestionFactory() theme = question.theme questionnaire = theme.questionnaire user = utils.make_inspector_user(questionnaire.control) payload = make_update_payload(questionnaire) original_id = payload['themes'][0]['id'] modify_payload_func(payload) assert Questionnaire.objects.all().count() == 1 assert Theme.objects.all().count() == 1 assert Question.objects.all().count() == 1 response = update_questionnaire(user, payload) assert response.status_code == 200 # data is saved assert Questionnaire.objects.all().count() == 1 assert Theme.objects.all().count() == 1 assert Question.objects.all().count() == 1 # Original theme was deleted assert Theme.objects.all().last().id != original_id # Response data is filled in assert len(response.data.get('themes', [])) == 1 assert len(response.data['themes'][0].get('questions', [])) == 1
def test_can_get_users_of_control_if_control_belongs_to_user(): control = factories.ControlFactory() inspector = utils.make_inspector_user(control) audited = utils.make_audited_user(control) assert get_users_of_control(inspector, control).status_code == 200 assert get_users_of_control(audited, control).status_code == 200
def test_inspector_cannot_update_theme_if_questionnaire_is_published(): theme = factories.ThemeFactory() questionnaire = theme.questionnaire questionnaire.is_draft = False questionnaire.save() user = utils.make_inspector_user(questionnaire.control) assert 400 <= update_theme(user, make_update_theme_payload(theme)).status_code < 500
def test_cannot_get_users_of_control_if_control_does_not_belong_to_user(): control = factories.ControlFactory() inspector = utils.make_inspector_user() audited = utils.make_audited_user() assert get_users_of_control(inspector, control).status_code == 404 assert get_users_of_control(audited, control).status_code == 404
def test_inspector_can_download_questionnaire_file_if_draft(client): questionnaire = factories.QuestionnaireFactory(is_draft=True) user = utils.make_inspector_user(questionnaire.control) utils.login(client, user=user) url = reverse('send-questionnaire-file', args=[questionnaire.id]) response = client.get(url) assert response.status_code == 200
def test_questionnaire_update__question_update(): increment_ids() question = factories.QuestionFactory() theme = question.theme questionnaire = theme.questionnaire user = utils.make_inspector_user(questionnaire.control) payload = make_update_payload(questionnaire) payload['themes'][0]['questions'][0][ 'description'] = 'this is a great question.' assert Questionnaire.objects.all().count() == 1 assert Theme.objects.all().count() == 1 assert Question.objects.all().count() == 1 response = update_questionnaire(user, payload) assert response.status_code == 200 # Data is saved assert Questionnaire.objects.all().count() == 1 assert Theme.objects.all().count() == 1 assert Question.objects.all().count() == 1 saved_question = Question.objects.get(id=question.id) assert saved_question.description != question.description assert saved_question.description == payload['themes'][0]['questions'][0][ 'description'] # Response data is filled assert len(response.data['themes']) == 1 assert len(response.data['themes'][0]['questions']) == 1 assert \ response.data['themes'][0]['questions'][0]['description'] == payload['themes'][0]['questions'][0]['description']
def run_test_questionnaire_update__question_create(added_question): increment_ids() question = factories.QuestionFactory() theme = question.theme questionnaire = theme.questionnaire user = utils.make_inspector_user(questionnaire.control) payload = make_update_payload(questionnaire) payload['themes'][0]['questions'].append(added_question) assert Questionnaire.objects.all().count() == 1 assert Theme.objects.all().count() == 1 assert Question.objects.all().count() == 1 response = update_questionnaire(user, payload) assert response.status_code == 200 # data is saved assert Questionnaire.objects.all().count() == 1 assert Theme.objects.all().count() == 1 assert Question.objects.all().count() == 2 new_question = Question.objects.last() assert new_question.description == payload['themes'][0]['questions'][1][ 'description'] # Response data is filled in assert len(response.data['themes'][0]['questions']) == 2 assert \ response.data['themes'][0]['questions'][1]['description'] == payload['themes'][0]['questions'][1]['description']
def test_user_cannot_set_editor_if_they_cannot_access_the_questionnaire(): control = factories.ControlFactory() user = utils.make_inspector_user(control=None, assign_questionnaire_editor=False) questionnaire = factories.QuestionnaireFactory(control=control, is_draft=True) response = call_api(user, questionnaire.id, user.id) assert 400 <= response.status_code < 500
def test_send_response_file_list_fails_for_draft_questionnaire_for_inspector( client): questionnaire = factories.QuestionnaireFactory(is_draft=True) user = utils.make_inspector_user(questionnaire.control) utils.login(client, user=user) url = reverse('send-response-file-list', args=[questionnaire.id]) response = client.get(url) assert response.status_code != 200
def test_send_response_file_list_works_for_inspector_if_the_control_is_associated_with_the_user( client): questionnaire = factories.QuestionnaireFactory(is_draft=False) user = utils.make_inspector_user(questionnaire.control) response = get_response_list(client, user, questionnaire.id) assert response.status_code == 200
def test_cannot_get_users_of_control_if_control_is_deleted(): control = factories.ControlFactory() inspector = utils.make_inspector_user(control) audited = utils.make_audited_user(control) control.delete() assert get_users_of_control(inspector, control).status_code == 404 assert get_users_of_control(audited, control).status_code == 404
def test_draft_questionnaire_is_listed_in_controls_data_if_user_is_inspector(): control = factories.ControlFactory() factories.QuestionnaireFactory(control=control, is_draft=False, title='MUST BE LISTED') factories.QuestionnaireFactory(control=control, is_draft=True, title='MUST ALSO BE LISTED') user = utils.make_inspector_user(control) response = list_control(user) assert response.status_code == 200 assert 'MUST BE LISTED' in str(response.content) assert 'MUST ALSO BE LISTED' in str(response.content)
def test_no_questionnaire_create_if_control_is_deleted(): increment_ids() control = factories.ControlFactory() user = utils.make_inspector_user(control) payload = make_create_payload(control.id) assert_no_data_is_saved() control.delete() response = create_questionnaire(user, payload) assert 403 <= response.status_code <= 404
def test_questionnaire_create_fails_with_malformed_question(): control = factories.ControlFactory() user = utils.make_inspector_user(control) payload = make_create_payload(control.id) payload['themes'][0]['questions'][0].pop('description') response = create_questionnaire(user, payload) assert response.status_code == 400 assert_no_data_is_saved()
def test_cannot_retrieve_theme_even_if_user_belongs_to_control(): theme = factories.ThemeFactory() audited_user = utils.make_audited_user(theme.questionnaire.control) inspector_user = utils.make_inspector_user(theme.questionnaire.control) theme.questionnaire.is_draft = False theme.questionnaire.save() assert get_theme(audited_user, theme.id).status_code == 405 assert get_theme(inspector_user, theme.id).status_code == 405
def test_cannot_delete_theme_if_questionnaire_is_published(): theme = factories.ThemeFactory() audited_user = utils.make_audited_user(theme.questionnaire.control) inspector_user = utils.make_inspector_user(theme.questionnaire.control) theme.questionnaire.is_draft = False theme.questionnaire.save() assert delete_theme(audited_user, theme.id).status_code == 403 assert delete_theme(inspector_user, theme.id).status_code == 405
def test_send_response_file_list_fails_for_inspector_if_the_control_is_not_associated_with_the_user( client): questionnaire = factories.QuestionnaireFactory(is_draft=False) unauthorized_control = factories.ControlFactory() user = utils.make_inspector_user(unauthorized_control) response = get_response_list(client, user, questionnaire.id) assert response.status_code != 200
def test_noneditor_can_get_rights_on_questionnaire_without_editor(): control = factories.ControlFactory() user = utils.make_inspector_user(control, assign_questionnaire_editor=False) questionnaire = factories.QuestionnaireFactory(control=control, is_draft=True, editor=None) assert_questionnaire_has_editor(questionnaire, None) response = call_api(user, questionnaire.id, user.id) assert response.status_code == 200 assert_questionnaire_has_editor(questionnaire, user)
def test_no_questionnaire_update_if_control_is_deleted(): increment_ids() questionnaire = factories.QuestionnaireFactory() user = utils.make_inspector_user(questionnaire.control) payload = make_update_payload(questionnaire) questionnaire.control.delete() response = update_questionnaire(user, payload) assert 403 <= response.status_code <= 404
def test_questionnaire_draft_update__non_editor_cannot_update(): increment_ids() questionnaire = factories.QuestionnaireFactory() control = questionnaire.control non_editor = utils.make_inspector_user(control, assign_questionnaire_editor=False) payload = make_update_payload(questionnaire) payload['description'] = 'this is a great questionnaire.' response = update_questionnaire(non_editor, payload) assert 400 <= response.status_code < 500
def test_inspector_cannot_trash_response_file(): response_file = factories.ResponseFileFactory() user = utils.make_inspector_user( response_file.question.theme.questionnaire.control) payload = {"is_deleted": "true"} assert not ResponseFile.objects.get(id=response_file.id).is_deleted response = trash_response_file(user, response_file.id, payload) assert response.status_code == 403 assert not ResponseFile.objects.get(id=response_file.id).is_deleted
def test_inspector_cannot_update_published_questionnaire(): increment_ids() control = factories.ControlFactory() user = utils.make_inspector_user(control) questionnaire = factories.QuestionnaireFactory(is_draft=False, control=control, editor=user) payload = make_update_payload(questionnaire) # Here we are trying to update a questionnaire that's already published response = update_questionnaire(user, payload) assert 400 <= response.status_code < 500
def test_questionnaire_draft_update__editor_can_update(): increment_ids() control = factories.ControlFactory() user = utils.make_inspector_user(control) questionnaire = create_questionnaire_through_api(user, control) payload = questionnaire payload['description'] = 'this is a great questionnaire.' response = update_questionnaire(user, payload) assert response.status_code == 200