def test_destroy_as_user(user, short_link): """An logged in user should not be able to delete a short link""" client = get_api_client(user=user) url = _get_short_link_url(short_link) response = client.delete(url) assert response.status_code == status.HTTP_404_NOT_FOUND
def test_delete_form_returns_detail(admin_user, form): """Test that deleting a forms returns a response detail.""" client = get_api_client(user=admin_user) url = _get_form_detail_url(form) response = client.delete(url) assert response.data.get("detail")
def test_list_forms_data(admin_user): """Should return the correct fields about the forms.""" form = EventFormFactory() field = form.fields.first() option = field.options.first() client = get_api_client(user=admin_user) url = _get_forms_url() response = client.get(url) response = response.json() assert response[0] == { "id": str(form.id), "resource_type": "EventForm", "title": form.title, "event": form.event.id, "type": form.type.name, "fields": [{ "id": str(field.id), "title": field.title, "options": [{ "id": str(option.id), "title": option.title }], "type": field.type.name, "required": field.required, }], }
def test_update_option_when_id_is_not_passed_in_options_request_data_adds_new_option( admin_user, form): """Test that new options are added when the option id is not included in the request data.""" field = form.fields.first() field.options.all().delete() client = get_api_client(user=admin_user) url = _get_form_detail_url(form) data = { "resource_type": "Form", "fields": [{ "id": field.id, "title": "string", "options": [{ "title": "string" }], "type": "SINGLE_SELECT", "required": False, }], } client.patch(url, data) field.refresh_from_db() assert field.options.count() == 1
def test_delete_form_as_member_is_not_permitted(member, form): """Members should not be allowed to delete forms.""" client = get_api_client(user=member) url = _get_form_detail_url(form) response = client.delete(url) assert response.status_code == status.HTTP_403_FORBIDDEN
def test_update_fields_when_id_is_passed_in_field_request_data_updates_the_field( admin_user, form): """Test that the field is updated when the field id is not included in the request data.""" client = get_api_client(user=admin_user) url = _get_form_detail_url(form) field = Field.objects.get(form=form.id) expected_field_data = { "id": str(field.id), "title": "i love this field <3", "type": "SINGLE_SELECT", "options": [], "required": False, } data = { "resource_type": "Form", "title": "testform", "fields": [{ **expected_field_data }], } response = client.patch(url, data) response = response.json() field_resp = response["fields"][0] actual_field_data = { key: field_resp[key] for key in expected_field_data.keys() } assert actual_field_data == expected_field_data
def test_update_options_when_id_is_passed_in_options_request_data_updates_the_option( admin_user, form): """Test that the option is updated when the option id is included in the request data.""" field = form.fields.first() option = field.options.first() updated_title = "Test" data = { "resource_type": "Form", "fields": [{ "id": str(field.id), "options": [ { "id": str(option.id), "title": updated_title, }, ], }], } client = get_api_client(user=admin_user) url = _get_form_detail_url(form) client.patch(url, data) option.refresh_from_db() assert option.title == updated_title
def test_update_form_as_member_is_not_permitted(member, form): """A member should not be allowed to update forms.""" client = get_api_client(user=member) url = _get_form_detail_url(form) response = client.put(url, _get_form_update_data(form)) assert response.status_code == status.HTTP_403_FORBIDDEN
def test_create_forms_as_admin_is_permitted(form, member, group_name): """An admin should be able to create forms.""" client = get_api_client(user=member, group_name=group_name) url = _get_forms_url() response = client.post(url, _get_form_post_data(form)) assert response.status_code == status.HTTP_201_CREATED
def test_create_forms_as_member_is_not_permitted(form, member): """A member should not be able to create forms.""" client = get_api_client(user=member) url = _get_forms_url() response = client.post(url, _get_form_post_data(form)) assert response.status_code == status.HTTP_403_FORBIDDEN
def test_destroy_as_owner(short_link): """The owner should be able to delete a short link""" client = get_api_client(user=short_link.user) url = _get_short_link_url(short_link) response = client.delete(url) assert response.status_code == status.HTTP_200_OK
def test_delete_as_group_members(event, user, group_name, expected_status_code): """Only users in an admin group should be able to delete an event entity.""" client = get_api_client(user=user, group_name=group_name) url = get_events_url_detail(event) response = client.delete(url) assert response.status_code == expected_status_code
def test_list_forms_as_member_is_not_permitted(member): """A member should not be able to list forms.""" client = get_api_client(user=member) url = _get_forms_url() response = client.get(url) assert response.status_code == status.HTTP_403_FORBIDDEN
def test_destroy_notification_as_owner(notification): """The owner should not be able to delete a notification""" client = get_api_client(user=notification.user) url = _get_notification_url(notification) response = client.delete(url) assert response.status_code == status.HTTP_403_FORBIDDEN
def test_retrieve_as_member_of_admin_group(member, news, group_name): """A member of an admin group should be able to retrieve news.""" client = get_api_client(user=member, group_name=group_name) url = _get_news_detail_url(news) response = client.get(url) assert response.status_code == status.HTTP_200_OK
def test_destroy_returns_detail_in_response(news): """Should return a detail message in the response.""" client = get_api_client(user=UserFactory(), group_name=AdminGroup.INDEX) url = _get_news_detail_url(news) response = client.delete(url) assert response.json().get("detail")
def test_destroy_as_member(member, news): """A member should not be able to delete news.""" client = get_api_client(user=member) url = _get_news_detail_url(news) response = client.delete(url) assert response.status_code == status.HTTP_403_FORBIDDEN
def test_create_as_admin_user(user, group_name, expected_status_code): """Only users in an admin group should be able to create an event entity.""" data = get_event_data() client = get_api_client(user=user, group_name=group_name) response = client.post(API_EVENTS_BASE_URL, data) assert response.status_code == expected_status_code
def test_create_as_member(member, weekly_business_post_data): """A member should not be able to create weekly_business.""" client = get_api_client(user=member) response = client.post(_get_weekly_business_url(), weekly_business_post_data) assert response.status_code == status.HTTP_403_FORBIDDEN
def test_create_as_member_of_admin_group(news_post_data, group_name, expected_status_code): """Only members of HS, Index or NoK should be able to create news.""" client = get_api_client(user=UserFactory(), group_name=group_name) response = client.post(_get_news_url(), news_post_data) assert response.status_code == expected_status_code
def test_retrieve_form_as_member(member, form): client = get_api_client(user=member) url = _get_form_detail_url(form) response = client.get(url) assert response.status_code == status.HTTP_200_OK assert response.json()
def test_list_notifications_as_user(user): """Tests if an logged in user can list notifications""" client = get_api_client(user=user) url = _get_notification_url() response = client.get(url) assert response.status_code == status.HTTP_200_OK
def test_update_notification_as_user(user, notification): """An logged in user should not be able to update a notification""" client = get_api_client(user=user) url = _get_notification_url(notification) data = _get_notification_put_data(notification=notification) response = client.put(url, data) assert response.status_code == status.HTTP_403_FORBIDDEN
def test_retrieve_as_member(member, news): """A member should be able to retrieve news.""" url = _get_news_detail_url(news) client = get_api_client(user=member) response = client.get(url) assert response.status_code == status.HTTP_200_OK
def test_update_as_member(member, news): """A member should not be able to update news.""" client = get_api_client(user=member) data = _get_news_put_data(news) url = _get_news_detail_url(news) response = client.put(url, data) assert response.status_code == status.HTTP_403_FORBIDDEN
def test_retrieve_as_admin_user(event, user, group_name, expected_status_code): """An admin user should be able to retrieve an event with more data.""" url = get_events_url_detail(event) client = get_api_client(user=user, group_name=group_name) response = client.get(url) assert response.status_code == expected_status_code assert "evaluate_link" in response.data.keys()
def test_retrieve_notification_as_user(notification, user): """Tests if a logged in user can retrieve another user's notification""" client = get_api_client(user=user) url = _get_notification_url(notification) response = client.get(url) assert response.status_code == status.HTTP_403_FORBIDDEN
def test_destroy_as_member_of_admin_group(news, group_name, expected_status_code): """Only members of HS, Index or NoK should be able to delete news.""" client = get_api_client(user=UserFactory(), group_name=group_name) url = _get_news_detail_url(news) response = client.delete(url) assert response.status_code == expected_status_code
def test_retrieve_notification_as_owner(notification): """Tests if a logged in user can retrieve it's own notification""" client = get_api_client(user=notification.user) url = _get_notification_url(notification) response = client.get(url) assert response.status_code == status.HTTP_200_OK
def test_create_as_user(user): """A user should not be able to create an event entity.""" data = get_event_data() client = get_api_client(user=user) response = client.post(API_EVENTS_BASE_URL, data=data) assert response.status_code == 403