def test_can_delete_saved_report(self):
report = self._create_saved_report(domain=self.domain,
user_id=self.user._id)
response = self.delete_config(self.domain, report._id)
self.assertEqual(response.status_code, 200)
with self.assertRaises(ResourceNotFound):
ReportConfig.get(report._id)
def test_non_admin_cannot_edit_other_shared_configs(self):
config1 = self.create_report_config(
domain=self.DOMAIN,
owner_id=self.admin_user._id,
name='Name',
description='',
)
post_data = {
'description': 'Malicious description',
'name': config1.name,
'_id': config1._id,
}
self.log_user_in(self.non_admin_user.username)
try:
_response = self.client.post(
self.URL,
json.dumps(post_data),
content_type='application/json;charset=UTF-8',
)
except Exception as e:
self.assertTrue(e.__class__ == AssertionError)
# Validate that config1 is untouched
original_config = ReportConfig.get(config1._id)
self.assertEqual(original_config.description, '')
def test_other_admin_can_edit_shared_saved_report(self, *args):
config1 = self.create_report_config(
domain=self.DOMAIN,
owner_id=self.admin_user._id,
name='Name',
description='',
)
# Create ReportNotification as to make confi1 shared
self.create_report_notification([config1],
owner_id=self.admin_user._id)
ReportConfig.shared_on_domain.clear(ReportConfig,
self.DOMAIN,
only_id=True)
new_description = 'This is a description'
post_data = {
'description': new_description,
'name': config1.name,
'_id': config1._id,
}
self.log_user_in(self.other_admin_user.username)
response = self.client.post(
self.URL,
json.dumps(post_data),
content_type='application/json;charset=UTF-8',
)
self.assertEqual(response.status_code, 200)
updated_config = ReportConfig.get(config1._id)
self.assertTrue(updated_config.description, new_description)
def test_admin_can_edit_normal_config(self, *args):
config1 = self.create_report_config(
domain=self.DOMAIN,
owner_id=self.admin_user._id,
name='Name',
description='',
)
new_description = 'This is a description'
post_data = {
'description': new_description,
'name': config1.name,
'_id': config1._id,
}
self.log_user_in(self.admin_user.username)
response = self.client.post(
self.URL,
json.dumps(post_data),
content_type='application/json;charset=UTF-8',
)
self.assertEqual(response.status_code, 200)
updated_config = ReportConfig.get(config1._id)
self.assertTrue(updated_config.description, new_description)