def test_requester_cannot_accept_invite(self): requester_one = test_utils.create_requester() requester_two = test_utils.create_requester() self.login_user(requester_two.user) response = self.get(requester_one.invite_link) print(response.content) self.assertResponseIsPermissionDenied(response)
def test_shopper_cannot_remove_shopper(self): shopper = test_utils.create_shopper() requester = test_utils.create_requester(shoppers=[shopper]) self.assertIn(shopper, requester.shoppers.all()) self.login_user(shopper.user) resp = self.remove_shopper(shopper) self.assertResponseIsPermissionDenied(resp)
def test_requester_can_remove_shopper(self): shopper = test_utils.create_shopper() requester = test_utils.create_requester(shoppers=[shopper]) self.assertIn(shopper, requester.shoppers.all()) self.login_user(requester.user) self.remove_shopper(shopper) self.assertNotIn(shopper, requester.shoppers.all())
def test_invite_link_is_updated_once_invite_is_accepted(self): requester = test_utils.create_requester() original_invite_token = requester.invite_token shopper = test_utils.create_shopper() self.login_user(shopper.user) self.get(requester.invite_link) self.assertIn(shopper, requester.shoppers.all()) requester.refresh_from_db() self.assertNotEqual(original_invite_token, requester.invite_token)
def test_unauthorized_user_cannot_delete_comment(self): requested_item = test_utils.create_requested_item( shopper=test_utils.create_shopper()) comment = test_utils.create_comment(requested_item=requested_item) requester = test_utils.create_requester() self.login_user(requester.user) resp = self.delete_comment(comment) self.assertResponseIsPermissionDenied(resp)
def test_shopper_can_accept_invite(self): requester = test_utils.create_requester() shopper = test_utils.create_shopper() self.login_user(shopper.user) self.get(requester.invite_link) self.assertIn(shopper, requester.shoppers.all())
def test_user_must_be_logged_in_to_accept_invite(self): requester = test_utils.create_requester() shopper = test_utils.create_shopper() resp = self.get(requester.invite_link) self.assertResponseIsRedirect(resp) self.assertNotIn(shopper, requester.shoppers.all())
def test_shopper_cannot_view_detail_of_unauthorized_requester(self): shopper = test_utils.create_shopper() requester = test_utils.create_requester() self.login_user(shopper.user) resp = self.view_requester_detail(requester) self.assertResponseIsPermissionDenied(resp)
def test_requester_cannot_view_requester_detail(self): requester = test_utils.create_requester() requester_two = test_utils.create_requester() self.login_user(requester.user) resp = self.view_requester_detail(requester_two) self.assertResponseIsPermissionDenied(resp)
def test_requester_cannot_view_requesters_for_shopper(self): requester = test_utils.create_requester() self.login_user(requester.user) resp = self.get(reverse('core:requesters')) self.assertResponseIsPermissionDenied(resp)
def test_unauthorized_user_cannot_create_comment(self): requested_item = test_utils.create_requested_item() requester = test_utils.create_requester() self.login_user(requester.user) resp = self.create_comment(requested_item, {'body': 'Foo'}) self.assertResponseIsPermissionDenied(resp)
def test_requester_cannot_claim_requested_item(self): requested_item = test_utils.create_requested_item() requester = test_utils.create_requester() self.login_user(requester.user) resp = self.claim_item(requested_item) self.assertResponseIsPermissionDenied(resp)
def test_requesters_can_create_requested_items(self): requester = test_utils.create_requester() self.login_user(requester.user) resp = self.visit_requested_items() self.assertResponseOK(resp)
def test_requesters_can_access_requested_items_list(self): requester = test_utils.create_requester() self.login_user(requester.user) resp = self.view_requested_items() self.assertResponseOK(resp)