def test_project_share_remove_user(self): self._project_create() alice_data = {'username': '******', 'email': '*****@*****.**'} alice_profile = self._create_user_profile(alice_data) view = ProjectViewSet.as_view({ 'post': 'share' }) projectid = self.project.pk role_class = ReadOnlyRole data = {'username': '******', 'role': role_class.name} request = self.factory.post('/', data=data, **self.extra) response = view(request, pk=projectid) self.assertEqual(response.status_code, 204) self.assertTrue(role_class.user_has_role(alice_profile.user, self.project)) view = ProjectViewSet.as_view({ 'post': 'share' }) data['remove'] = True request = self.factory.post('/', data=data, **self.extra) response = view(request, pk=projectid) self.assertEqual(response.status_code, 204) self.assertFalse(role_class.user_has_role(alice_profile.user, self.project))
def test_owner_cannot_remove_self_if_no_other_owner(self): self._project_create() view = ProjectViewSet.as_view({'put': 'share'}) data = {'username': '******', 'remove': True, 'role': 'owner'} request = self.factory.put('/', data=data, **self.extra) response = view(request, pk=self.project.pk) self.assertEqual(response.status_code, 400) error = {'remove': [u"Project requires at least one owner"]} self.assertEquals(response.data, error) self.assertTrue(OwnerRole.user_has_role(self.user, self.project)) alice_data = {'username': '******', 'email': '*****@*****.**'} profile = self._create_user_profile(alice_data) OwnerRole.add(profile.user, self.project) view = ProjectViewSet.as_view({'put': 'share'}) data = {'username': '******', 'remove': True, 'role': 'owner'} request = self.factory.put('/', data=data, **self.extra) response = view(request, pk=self.project.pk) self.assertEqual(response.status_code, 204) self.assertFalse(OwnerRole.user_has_role(self.user, self.project))
def test_project_share_remove_user(self): self._project_create() alice_data = {'username': '******', 'email': '*****@*****.**'} alice_profile = self._create_user_profile(alice_data) view = ProjectViewSet.as_view({ 'post': 'share' }) projectid = self.project.pk role_class = ReadOnlyRole data = {'username': '******', 'role': role_class.name} request = self.factory.post('/', data=data, **self.extra) response = view(request, pk=projectid) self.assertEqual(response.status_code, 204) self.assertTrue(role_class.user_has_role(alice_profile.user, self.project)) view = ProjectViewSet.as_view({ 'post': 'share' }) data['remove'] = True request = self.factory.post('/', data=data, **self.extra) response = view(request, pk=projectid) self.assertEqual(response.status_code, 204) self.assertFalse(role_class.user_has_role(alice_profile.user, self.project))
def test_data_in_public_project(self): self._make_submissions() view = DataViewSet.as_view({'get': 'list'}) request = self.factory.get('/', **self.extra) formid = self.xform.pk response = view(request, pk=formid) self.assertEquals(response.status_code, 200) self.assertEqual(len(response.data), 4) # get project id projectid = self.xform.project.pk view = ProjectViewSet.as_view({'put': 'update'}) data = { 'shared': True, 'name': 'test project', 'owner': 'http://testserver/api/v1/users/%s' % self.user.username } request = self.factory.put('/', data=data, **self.extra) response = view(request, pk=projectid) self.assertEqual(response.status_code, 200) # anonymous user view = DataViewSet.as_view({'get': 'list'}) request = self.factory.get('/') formid = self.xform.pk response = view(request, pk=formid) self.assertEquals(response.status_code, 200) self.assertEqual(len(response.data), 4)
def _publish_xls_form_to_project(self): self._project_create() view = ProjectViewSet.as_view({ 'post': 'forms' }) project_id = self.project.pk data = { 'owner': 'http://testserver/api/v1/users/bob', 'public': False, 'public_data': False, 'description': u'', 'downloadable': True, 'is_crowd_form': False, 'allows_sms': False, 'encrypted': False, 'sms_id_string': u'transportation_2011_07_25', 'id_string': u'transportation_2011_07_25', 'title': u'transportation_2011_07_25', 'bamboo_dataset': u'' } path = os.path.join( settings.PROJECT_ROOT, "apps", "main", "tests", "fixtures", "transportation", "transportation.xls") with open(path) as xls_file: post_data = {'xls_file': xls_file} request = self.factory.post('/', data=post_data, **self.extra) response = view(request, owner='bob', pk=project_id) self.assertEqual(response.status_code, 201) self.xform = self.user.xforms.all()[0] data.update({ 'url': 'http://testserver/api/v1/forms/bob/%s' % self.xform.pk }) self.assertDictContainsSubset(data, response.data) self.form_data = response.data
def test_projects_get(self): self._project_create() view = ProjectViewSet.as_view({'get': 'retrieve'}) request = self.factory.get('/', **self.extra) response = view(request, pk=self.project.pk) self.assertEqual(response.status_code, 200) self.assertEqual(response.data, self.project_data)
def test_view_xls_form(self): self._publish_xls_form_to_project() view = ProjectViewSet.as_view({'get': 'forms'}) request = self.factory.get('/', **self.extra) response = view(request, pk=self.project.pk) self.assertEqual(response.status_code, 200) self.assertEqual(response.data, [self.form_data])
def test_project_share_endpoint(self): self._project_create() alice_data = {'username': '******', 'email': '*****@*****.**'} alice_profile = self._create_user_profile(alice_data) view = ProjectViewSet.as_view({ 'post': 'share' }) projectid = self.project.pk ROLES = [ReadOnlyRole, DataEntryRole, EditorRole, ManagerRole, OwnerRole] for role_class in ROLES: self.assertFalse(role_class.user_has_role(alice_profile.user, self.project)) data = {'username': '******', 'role': role_class.name} request = self.factory.post('/', data=data, **self.extra) response = view(request, pk=projectid) self.assertEqual(response.status_code, 204) self.assertTrue(role_class.user_has_role(alice_profile.user, self.project)) data = {'username': '******', 'role': ''} request = self.factory.post('/', data=data, **self.extra) response = view(request, pk=projectid) self.assertEqual(response.status_code, 400)
def test_forms_endpoint_with_metadata(self): date_modified = self.xform.date_modified for data_type in ['supporting_doc', 'media', 'source']: self._add_form_metadata(self.xform, data_type, self.data_value, self.path) self.xform.refresh_from_db() self.assertNotEqual(date_modified, self.xform.date_modified) # /forms view = XFormViewSet.as_view({ 'get': 'retrieve' }) formid = self.xform.pk request = self.factory.get('/', **self.extra) response = view(request, pk=formid) self.assertEqual(response.status_code, 200) data = XFormSerializer(self.xform, context={'request': request}).data self.assertEqual(response.data, data) # /projects/[pk]/forms view = ProjectViewSet.as_view({ 'get': 'forms' }) request = self.factory.get('/', **self.extra) response = view(request, pk=self.project.pk) self.assertEqual(response.status_code, 200) self.assertEqual(response.data, [data])
def test_project_get_starred_by(self): self._project_create() # add star as bob view = ProjectViewSet.as_view({'get': 'star', 'post': 'star'}) request = self.factory.post('/', **self.extra) response = view(request, pk=self.project.pk) # ensure email not shared user_profile_data = self.user_profile_data() del user_profile_data['email'] alice_data = {'username': '******', 'email': '*****@*****.**'} self._login_user_and_profile(alice_data) # add star as alice request = self.factory.post('/', **self.extra) response = view(request, pk=self.project.pk) # get star users as alice request = self.factory.get('/', **self.extra) response = view(request, pk=self.project.pk) self.assertEqual(response.status_code, 200) self.assertEqual(len(response.data), 2) alice_profile, bob_profile = sorted(response.data, key=itemgetter('username')) self.assertEquals(sorted(bob_profile.items()), sorted(user_profile_data.items())) self.assertEqual(alice_profile['username'], 'alice')
def test_move_project_owner(self): # create project and publish form to project self._publish_xls_form_to_project() alice_data = {'username': '******', 'email': '*****@*****.**'} alice_profile = self._create_user_profile(alice_data) alice = alice_profile.user projectid = self.project.pk self.assertFalse(OwnerRole.user_has_role(alice, self.project)) view = ProjectViewSet.as_view({ 'patch': 'partial_update' }) data_patch = { 'owner': 'http://testserver/api/v1/users/%s' % alice.username } request = self.factory.patch('/', data=data_patch, **self.extra) response = view(request, pk=projectid) self.project.reload() self.assertEqual(response.status_code, 200) self.assertEquals(self.project.organization, alice) self.assertTrue(OwnerRole.user_has_role(alice, self.project))
def test_get_starred_projects(self): self._project_create() # add star as bob view = ProjectViewSet.as_view({ 'get': 'star', 'post': 'star' }) request = self.factory.post('/', **self.extra) response = view(request, pk=self.project.pk) # get starred projects view = ConnectViewSet.as_view({ 'get': 'starred', }) request = self.factory.get('/', **self.extra) response = view(request, user=self.user) self.assertEqual(response.status_code, 200) self.project.refresh_from_db() request.user = self.user self.project_data = ProjectSerializer( self.project, context={'request': request}).data del self.project_data['date_modified'] del response.data[0]['date_modified'] self.assertEqual(len(response.data), 1) self.assertDictEqual(dict(response.data[0]), dict(self.project_data))
def test_data_in_public_project(self): self._make_submissions() view = DataViewSet.as_view({'get': 'list'}) request = self.factory.get('/', **self.extra) formid = self.xform.pk response = view(request, pk=formid) self.assertEquals(response.status_code, 200) self.assertEqual(len(response.data), 4) # get project id projectid = self.xform.project.pk view = ProjectViewSet.as_view({ 'put': 'update' }) data = {'shared': True, 'name': 'test project', 'owner': 'http://testserver/api/v1/users/%s' % self.user.username} request = self.factory.put('/', data=data, **self.extra) response = view(request, pk=projectid) self.assertEqual(response.status_code, 200) # anonymous user view = DataViewSet.as_view({'get': 'list'}) request = self.factory.get('/') formid = self.xform.pk response = view(request, pk=formid) self.assertEquals(response.status_code, 200) self.assertEqual(len(response.data), 4)
def test_form_inherits_permision_from_project(self): self._publish_xls_form_to_project() self._make_submissions() project_view = ProjectViewSet.as_view({'get': 'retrieve'}) xform_view = XFormViewSet.as_view({'get': 'retrieve'}) data_view = DataViewSet.as_view({'get': 'list'}) alice_data = {'username': '******', 'email': '*****@*****.**'} self._login_user_and_profile(extra_post_data=alice_data) formid = self.xform.pk project_id = self.project.pk request = self.factory.get('/', **self.extra) response = xform_view(request, pk=formid) self.assertEqual(response.status_code, 404) response = data_view(request, pk=formid) self.assertEqual(response.status_code, 404) # Give owner role to the project role.OwnerRole.add(self.user, self.project) response = project_view(request, pk=project_id) self.assertEqual(response.status_code, 200) response = xform_view(request, pk=formid) self.assertEqual(response.status_code, 200) response = data_view(request, pk=formid) self.assertEqual(response.status_code, 200)
def _project_create(self, project_data={}, merge=True): view = ProjectViewSet.as_view({ 'post': 'create' }) if merge: data = { 'name': u'demo', 'owner': 'http://testserver/api/v1/users/%s' % self.user.username, 'metadata': {'description': 'Some description', 'location': 'Naivasha, Kenya', 'category': 'governance'}, 'public': False } data.update(project_data) else: data = project_data request = self.factory.post( '/', data=json.dumps(data), content_type="application/json", **self.extra) response = view(request, owner=self.user.username) self.assertEqual(response.status_code, 201) self.project = Project.objects.filter( name=data['name'], created_by=self.user)[0] data['url'] = 'http://testserver/api/v1/projects/%s'\ % self.project.pk self.assertDictContainsSubset(data, response.data) self.project_data = ProjectSerializer( self.project, context={'request': request}).data
def test_forms_endpoint_with_metadata(self): date_modified = self.xform.date_modified for data_type in ['supporting_doc', 'media', 'source']: self._add_form_metadata(self.xform, data_type, self.data_value, self.path) self.xform.reload() self.assertNotEqual(date_modified, self.xform.date_modified) # /forms view = XFormViewSet.as_view({ 'get': 'retrieve' }) formid = self.xform.pk request = self.factory.get('/', **self.extra) response = view(request, pk=formid) self.assertEqual(response.status_code, 200) data = XFormSerializer(self.xform, context={'request': request}).data self.assertEqual(response.data, data) # /projects/[pk]/forms view = ProjectViewSet.as_view({ 'get': 'forms' }) request = self.factory.get('/', **self.extra) response = view(request, pk=self.project.pk) self.assertEqual(response.status_code, 200) self.assertEqual(response.data, [data])
def test_project_get_starred_by(self): self._project_create() # add star as bob view = ProjectViewSet.as_view({ 'get': 'star', 'post': 'star' }) request = self.factory.post('/', **self.extra) response = view(request, pk=self.project.pk) # ensure email not shared user_profile_data = self.user_profile_data() del user_profile_data['email'] alice_data = {'username': '******', 'email': '*****@*****.**'} self._login_user_and_profile(alice_data) # add star as alice request = self.factory.post('/', **self.extra) response = view(request, pk=self.project.pk) # get star users as alice request = self.factory.get('/', **self.extra) response = view(request, pk=self.project.pk) self.assertEqual(response.status_code, 200) self.assertEqual(len(response.data), 2) alice_profile, bob_profile = sorted(response.data, key=itemgetter('username')) self.assertEquals(sorted(bob_profile.items()), sorted(user_profile_data.items())) self.assertEqual(alice_profile['username'], 'alice')
def test_publish_xlsform_using_url_upload(self, mock_urlopen): with HTTMock(enketo_mock): self._project_create() view = ProjectViewSet.as_view({ 'post': 'forms' }) pre_count = XForm.objects.count() project_id = self.project.pk xls_url = 'https://ona.io/examples/forms/tutorial/form.xlsx' path = os.path.join( settings.PROJECT_ROOT, "apps", "main", "tests", "fixtures", "transportation", "transportation_different_id_string.xlsx") xls_file = open(path) mock_urlopen.return_value = xls_file post_data = {'xls_url': xls_url} request = self.factory.post('/', data=post_data, **self.extra) response = view(request, pk=project_id) mock_urlopen.assert_called_with(xls_url) xls_file.close() self.assertEqual(response.status_code, 201) self.assertEqual(XForm.objects.count(), pre_count + 1)
def test_assign_form_to_project(self): view = ProjectViewSet.as_view({ 'post': 'forms', 'get': 'retrieve' }) self._publish_xls_form_to_project() formid = self.xform.pk old_project = self.project project_name = u'another project' self._project_create({'name': project_name}) self.assertTrue(self.project.name == project_name) project_id = self.project.pk post_data = {'formid': formid} request = self.factory.post('/', data=post_data, **self.extra) response = view(request, pk=project_id) self.assertEqual(response.status_code, 201) self.assertTrue(self.project.projectxform_set.filter(xform=self.xform)) self.assertFalse(old_project.projectxform_set.filter(xform=self.xform)) # check if form added appears in the project details request = self.factory.get('/', **self.extra) response = view(request, pk=self.project.pk) self.assertIn('forms', response.data.keys()) self.assertEqual(len(response.data['forms']), 1)
def test_project_all_users_can_share_remove_themselves(self): self._publish_xls_form_to_project() alice_data = {'username': '******', 'email': '*****@*****.**'} self._login_user_and_profile(alice_data) view = ProjectViewSet.as_view({ 'put': 'share' }) data = {'username': '******', 'remove': True} for role_name, role_class in role.ROLES.iteritems(): ShareProject(self.project, 'alice', role_name).save() self.assertTrue(role_class.user_has_role(self.user, self.project)) self.assertTrue(role_class.user_has_role(self.user, self.xform)) data['role'] = role_name request = self.factory.put('/', data=data, **self.extra) response = view(request, pk=self.project.pk) self.assertEqual(response.status_code, 204) self.assertFalse(role_class.user_has_role(self.user, self.project)) self.assertFalse(role_class.user_has_role(self.user, self.xform))
def test_project_manager_can_assign_form_to_project_no_perm(self): # user must have owner/manager permissions view = ProjectViewSet.as_view({ 'post': 'forms', 'get': 'retrieve' }) self._publish_xls_form_to_project() # alice user is not manager to both projects alice_data = {'username': '******', 'email': '*****@*****.**'} alice_profile = self._create_user_profile(alice_data) self.assertFalse(ManagerRole.user_has_role(alice_profile.user, self.project)) formid = self.xform.pk project_name = u'another project' self._project_create({'name': project_name}) self.assertTrue(self.project.name == project_name) ManagerRole.add(alice_profile.user, self.project) self.assertTrue(ManagerRole.user_has_role(alice_profile.user, self.project)) self._login_user_and_profile(alice_data) project_id = self.project.pk post_data = {'formid': formid} request = self.factory.post('/', data=post_data, **self.extra) response = view(request, pk=project_id) self.assertEqual(response.status_code, 403)
def test_assign_form_to_project(self): view = ProjectViewSet.as_view({ 'post': 'forms', 'get': 'retrieve' }) self._publish_xls_form_to_project() formid = self.xform.pk old_project = self.project project_name = u'another project' self._project_create({'name': project_name}) self.assertTrue(self.project.name == project_name) project_id = self.project.pk post_data = {'formid': formid} request = self.factory.post('/', data=post_data, **self.extra) response = view(request, pk=project_id) self.assertEqual(response.status_code, 201) self.assertTrue(self.project.projectxform_set.filter(xform=self.xform)) self.assertFalse(old_project.projectxform_set.filter(xform=self.xform)) # check if form added appears in the project details request = self.factory.get('/', **self.extra) response = view(request, pk=self.project.pk) self.assertIn('forms', response.data.keys()) self.assertEqual(len(response.data['forms']), 1)
def test_project_share_inactive_user(self): # create project and publish form to project self._publish_xls_form_to_project() alice_data = {'username': '******', 'email': '*****@*****.**'} alice_profile = self._create_user_profile(alice_data) # set the user inactive self.assertTrue(alice_profile.user.is_active) alice_profile.user.is_active = False alice_profile.user.save() projectid = self.project.pk self.assertFalse(ReadOnlyRole.user_has_role(alice_profile.user, self.project)) data = {'username': '******', 'role': ReadOnlyRole.name} request = self.factory.put('/', data=data, **self.extra) view = ProjectViewSet.as_view({ 'put': 'share' }) response = view(request, pk=projectid) self.assertEqual(response.status_code, 400) self.assertEqual(response.data, {'username': [u'User is not active']}) self.assertFalse(ReadOnlyRole.user_has_role(alice_profile.user, self.project)) self.assertFalse(ReadOnlyRole.user_has_role(alice_profile.user, self.xform))
def test_project_share_readonly(self): # create project and publish form to project self._publish_xls_form_to_project() alice_data = {'username': '******', 'email': '*****@*****.**'} alice_profile = self._create_user_profile(alice_data) projectid = self.project.pk self.assertFalse(ReadOnlyRole.user_has_role(alice_profile.user, self.project)) data = {'username': '******', 'role': ReadOnlyRole.name} request = self.factory.put('/', data=data, **self.extra) view = ProjectViewSet.as_view({ 'put': 'share' }) response = view(request, pk=projectid) self.assertEqual(response.status_code, 204) self.assertTrue(ReadOnlyRole.user_has_role(alice_profile.user, self.project)) self.assertTrue(ReadOnlyRole.user_has_role(alice_profile.user, self.xform)) perms = role.get_object_users_with_permissions(self.project) for p in perms: user = p.get('user') if user == alice_profile.user: r = p.get('role') self.assertEquals(r, ReadOnlyRole.name)
def test_get_starred_projects(self): self._project_create() # add star as bob view = ProjectViewSet.as_view({ 'get': 'star', 'post': 'star' }) request = self.factory.post('/', **self.extra) response = view(request, pk=self.project.pk) # get starred projects view = ConnectViewSet.as_view({ 'get': 'starred', }) request = self.factory.get('/', **self.extra) response = view(request, user=self.user) self.assertEqual(response.status_code, 200) self.project.refresh_from_db() request.user = self.user self.project_data = ProjectSerializer( self.project, context={'request': request}).data del self.project_data['date_modified'] del response.data[0]['date_modified'] self.assertEqual(len(response.data), 1) self.assertDictEqual(dict(response.data[0]), dict(self.project_data))
def _project_create(self, project_data={}, merge=True): view = ProjectViewSet.as_view({ 'post': 'create' }) if merge: data = { 'name': u'demo', 'owner': 'http://testserver/api/v1/users/%s' % self.user.username, 'metadata': {'description': 'Some description', 'location': 'Naivasha, Kenya', 'category': 'governance'}, 'public': False } data.update(project_data) else: data = project_data request = self.factory.post( '/', data=json.dumps(data), content_type="application/json", **self.extra) response = view(request, owner=self.user.username) self.assertEqual(response.status_code, 201) self.project = Project.objects.filter( name=data['name'], created_by=self.user)[0] data['url'] = 'http://testserver/api/v1/projects/%s'\ % self.project.pk self.assertDictContainsSubset(data, response.data) request.user = self.user self.project_data = ProjectSerializer( self.project, context={'request': request}).data
def test_projects_tags(self): self._project_create() view = ProjectViewSet.as_view({ 'get': 'labels', 'post': 'labels', 'delete': 'labels' }) list_view = ProjectViewSet.as_view({ 'get': 'list', }) project_id = self.project.pk # no tags request = self.factory.get('/', **self.extra) response = view(request, pk=project_id) self.assertNotEqual(response.get('Last-Modified'), None) self.assertEqual(response.data, []) # add tag "hello" request = self.factory.post('/', data={"tags": "hello"}, **self.extra) response = view(request, pk=project_id) self.assertEqual(response.status_code, 201) self.assertEqual(response.data, [u'hello']) # check filter by tag request = self.factory.get('/', data={"tags": "hello"}, **self.extra) request.user = self.user self.project_data = ProjectSerializer(self.project, context={ 'request': request }).data response = list_view(request, pk=project_id) self.assertNotEqual(response.get('Last-Modified'), None) self.assertEqual(response.status_code, 200) self.assertEqual(response.data, [self.project_data]) request = self.factory.get('/', data={"tags": "goodbye"}, **self.extra) response = list_view(request, pk=project_id) self.assertNotEqual(response.get('Last-Modified'), None) self.assertEqual(response.status_code, 200) self.assertEqual(response.data, []) # remove tag "hello" request = self.factory.delete('/', **self.extra) response = view(request, pk=project_id, label='hello') self.assertNotEqual(response.get('Last-Modified'), None) self.assertEqual(response.status_code, 200) self.assertEqual(response.data, [])
def _publish_xls_form_to_project(self, publish_data={}, merge=True, public=False): if not hasattr(self, 'project'): self._project_create() elif self.project.created_by != self.user: self._project_create() view = ProjectViewSet.as_view({'post': 'forms'}) project_id = self.project.pk if merge: data = { 'owner': 'http://testserver/api/v1/users/%s' % self.project.organization.username, 'public': False, 'public_data': False, 'description': u'transportation_2011_07_25', 'downloadable': True, 'allows_sms': False, 'encrypted': False, 'sms_id_string': u'transportation_2011_07_25', 'id_string': u'transportation_2011_07_25', 'title': u'transportation_2011_07_25', 'bamboo_dataset': u'' } data.update(publish_data) else: data = publish_data path = os.path.join(settings.PROJECT_ROOT, "apps", "main", "tests", "fixtures", "transportation", "transportation.xls") with open(path) as xls_file: post_data = {'xls_file': xls_file} request = self.factory.post('/', data=post_data, **self.extra) response = view(request, pk=project_id) self.assertEqual(response.status_code, 201) self.xform = XForm.objects.all().order_by('pk').reverse()[0] data.update( {'url': 'http://testserver/api/v1/forms/%s' % (self.xform.pk)}) # Input was a private so change to public if project public if public: data['public_data'] = data['public'] = True self.assertDictContainsSubset(data, response.data) self.form_data = response.data
def test_org_members_added_to_projects(self): # create org self._org_create() view = OrganizationProfileViewSet.as_view({ 'post': 'members', 'get': 'retrieve', 'put': 'members' }) # create aboy self.profile_data['username'] = "******" aboy = self._create_user_profile().user data = {'username': '******', 'role': 'owner'} request = self.factory.post( '/', data=json.dumps(data), content_type="application/json", **self.extra) response = view(request, user='******') self.assertEqual(response.status_code, 201) # create a proj project_data = { 'owner': self.company_data['user'] } self._project_create(project_data) self._publish_xls_form_to_project() # create alice self.profile_data['username'] = "******" alice = self._create_user_profile().user alice_data = {'username': '******', 'role': 'owner'} request = self.factory.post( '/', data=json.dumps(alice_data), content_type="application/json", **self.extra) response = view(request, user='******') self.assertEqual(response.status_code, 201) # Assert that user added in org is added to teams in proj self.assertTrue(OwnerRole.user_has_role(aboy, self.project)) self.assertTrue(OwnerRole.user_has_role(alice, self.project)) self.assertTrue(OwnerRole.user_has_role(aboy, self.xform)) self.assertTrue(OwnerRole.user_has_role(alice, self.xform)) # Org admins are added to owners in project projectView = ProjectViewSet.as_view({ 'get': 'retrieve' }) request = self.factory.get('/', **self.extra) response = projectView(request, pk=self.project.pk) project_users = response.data.get('users') users_in_users = [user['user'] for user in project_users] self.assertIn('bob', users_in_users) self.assertIn('denoinc', users_in_users) self.assertIn('aboy', users_in_users) self.assertIn('alice', users_in_users)
def test_org_members_added_to_projects(self): # create org self._org_create() view = OrganizationProfileViewSet.as_view({ 'post': 'members', 'get': 'retrieve', 'put': 'members' }) # create aboy self.profile_data['username'] = "******" aboy = self._create_user_profile().user data = {'username': '******', 'role': 'owner'} request = self.factory.post( '/', data=json.dumps(data), content_type="application/json", **self.extra) response = view(request, user='******') self.assertEqual(response.status_code, 201) # create a proj project_data = { 'owner': self.company_data['user'] } self._project_create(project_data) self._publish_xls_form_to_project() # create alice self.profile_data['username'] = "******" alice = self._create_user_profile().user alice_data = {'username': '******', 'role': 'owner'} request = self.factory.post( '/', data=json.dumps(alice_data), content_type="application/json", **self.extra) response = view(request, user='******') self.assertEqual(response.status_code, 201) # Assert that user added in org is added to teams in proj self.assertTrue(OwnerRole.user_has_role(aboy, self.project)) self.assertTrue(OwnerRole.user_has_role(alice, self.project)) self.assertTrue(OwnerRole.user_has_role(aboy, self.xform)) self.assertTrue(OwnerRole.user_has_role(alice, self.xform)) # Org admins are added to owners in project projectView = ProjectViewSet.as_view({ 'get': 'retrieve' }) request = self.factory.get('/', **self.extra) response = projectView(request, pk=self.project.pk) project_users = response.data.get('users') users_in_users = [user['user'] for user in project_users] self.assertIn('bob', users_in_users) self.assertIn('denoinc', users_in_users) self.assertIn('aboy', users_in_users) self.assertIn('alice', users_in_users)
def test_projects_tags(self): self._project_create() view = ProjectViewSet.as_view({ 'get': 'labels', 'post': 'labels', 'delete': 'labels' }) list_view = ProjectViewSet.as_view({ 'get': 'list', }) project_id = self.project.pk # no tags request = self.factory.get('/', **self.extra) response = view(request, pk=project_id) self.assertNotEqual(response.get('Last-Modified'), None) self.assertEqual(response.data, []) # add tag "hello" request = self.factory.post('/', data={"tags": "hello"}, **self.extra) response = view(request, pk=project_id) self.assertEqual(response.status_code, 201) self.assertEqual(response.data, [u'hello']) # check filter by tag request = self.factory.get('/', data={"tags": "hello"}, **self.extra) request.user = self.user self.project_data = ProjectSerializer( self.project, context={'request': request}).data response = list_view(request, pk=project_id) self.assertNotEqual(response.get('Last-Modified'), None) self.assertEqual(response.status_code, 200) self.assertEqual(response.data, [self.project_data]) request = self.factory.get('/', data={"tags": "goodbye"}, **self.extra) response = list_view(request, pk=project_id) self.assertNotEqual(response.get('Last-Modified'), None) self.assertEqual(response.status_code, 200) self.assertEqual(response.data, []) # remove tag "hello" request = self.factory.delete('/', **self.extra) response = view(request, pk=project_id, label='hello') self.assertEqual(response.status_code, 200) self.assertEqual(response.get('Last-Modified'), None) self.assertEqual(response.data, [])
def test_projects_get(self): self._project_create() view = ProjectViewSet.as_view({ 'get': 'retrieve' }) request = self.factory.get('/', **self.extra) response = view(request, pk=self.project.pk) self.assertEqual(response.status_code, 200) self.assertEqual(response.data, self.project_data)
def test_view_xls_form(self): self._publish_xls_form_to_project() view = ProjectViewSet.as_view({ 'get': 'forms' }) request = self.factory.get('/', **self.extra) response = view(request, pk=self.project.pk) self.assertEqual(response.status_code, 200) self.assertEqual(response.data, [self.form_data])
def test_owner_cannot_remove_self_if_no_other_owner(self): self._project_create() view = ProjectViewSet.as_view({ 'put': 'share' }) ManagerRole.add(self.user, self.project) tom_data = {'username': '******', 'email': '*****@*****.**'} bob_profile = self._create_user_profile(tom_data) OwnerRole.add(bob_profile.user, self.project) data = {'username': '******', 'remove': True, 'role': 'owner'} request = self.factory.put('/', data=data, **self.extra) response = view(request, pk=self.project.pk) self.assertEqual(response.status_code, 400) error = {'remove': [u"Project requires at least one owner"]} self.assertEquals(response.data, error) self.assertTrue(OwnerRole.user_has_role(bob_profile.user, self.project)) alice_data = {'username': '******', 'email': '*****@*****.**'} profile = self._create_user_profile(alice_data) OwnerRole.add(profile.user, self.project) view = ProjectViewSet.as_view({ 'put': 'share' }) data = {'username': '******', 'remove': True, 'role': 'owner'} request = self.factory.put('/', data=data, **self.extra) response = view(request, pk=self.project.pk) self.assertEqual(response.status_code, 204) self.assertFalse(OwnerRole.user_has_role(bob_profile.user, self.project))
def test_read_only_users_get_non_empty_formlist_using_preview_formlist( self, mock_send_mail): alice_data = { 'username': '******', 'email': '*****@*****.**', 'password1': 'alice', 'password2': 'alice' } alice_profile = self._create_user_profile(alice_data) self.assertFalse( ReadOnlyRole.user_has_role(alice_profile.user, self.project)) # share bob's project with alice data = { 'username': '******', 'role': ReadOnlyRole.name, 'email_msg': 'I have shared the project with you' } request = self.factory.post('/', data=data, **self.extra) share_view = ProjectViewSet.as_view({'post': 'share'}) projectid = self.project.pk response = share_view(request, pk=projectid) self.assertEqual(response.status_code, 204) self.assertTrue(mock_send_mail.called) self.assertTrue( ReadOnlyRole.user_has_role(alice_profile.user, self.project)) # check that she can authenticate successfully request = self.factory.get('/') response = self.view(request) self.assertEqual(response.status_code, 401) auth = DigestAuth('alice', 'alice') request.META.update(auth(request.META, response)) response = self.view(request, username='******') self.assertEqual(response.status_code, 200) # check that alice gets an empty response when requesting bob's # formlist self.assertEqual(response.data, []) # set endpoint to preview formList self.view = PreviewXFormListViewSet.as_view({"get": "list"}) request = self.factory.get('/') response = self.view(request) self.assertEqual(response.status_code, 401) self.assertNotEqual(response.data, []) auth = DigestAuth('alice', 'alice') request.META.update(auth(request.META, response)) response = self.view(request, username='******') self.assertEqual(response.status_code, 200) # check that alice does NOT get an empty response when requesting bob's # formlist when using the preview formlist endpoint self.assertNotEqual(response.data, [])
def test_project_update_shared_cascades_to_xforms(self): self._publish_xls_form_to_project() view = ProjectViewSet.as_view({'patch': 'partial_update'}) projectid = self.project.pk data = {'public': 'true'} request = self.factory.patch('/', data=data, **self.extra) response = view(request, pk=projectid) xforms_status = XForm.objects.filter(project__pk=projectid)\ .values_list('shared', flat=True) self.assertTrue(xforms_status[0]) self.assertEqual(response.status_code, 200)
def test_read_only_users_get_non_empty_formlist_using_preview_formlist( self, mock_send_mail): alice_data = { 'username': '******', 'email': '*****@*****.**', 'password1': 'alice', 'password2': 'alice' } alice_profile = self._create_user_profile(alice_data) self.assertFalse( ReadOnlyRole.user_has_role(alice_profile.user, self.project)) # share bob's project with alice data = { 'username': '******', 'role': ReadOnlyRole.name, 'email_msg': 'I have shared the project with you' } request = self.factory.post('/', data=data, **self.extra) share_view = ProjectViewSet.as_view({'post': 'share'}) projectid = self.project.pk response = share_view(request, pk=projectid) self.assertEqual(response.status_code, 204) self.assertTrue(mock_send_mail.called) self.assertTrue( ReadOnlyRole.user_has_role(alice_profile.user, self.project)) # check that she can authenticate successfully request = self.factory.get('/') response = self.view(request) self.assertEqual(response.status_code, 401) auth = DigestAuth('alice', 'alice') request.META.update(auth(request.META, response)) response = self.view(request, username='******') self.assertEqual(response.status_code, 200) # check that alice gets an empty response when requesting bob's # formlist self.assertEqual(response.data, []) # set endpoint to preview formList self.view = PreviewXFormListViewSet.as_view({"get": "list"}) request = self.factory.get('/') response = self.view(request) self.assertEqual(response.status_code, 401) self.assertNotEqual(response.data, []) auth = DigestAuth('alice', 'alice') request.META.update(auth(request.META, response)) response = self.view(request, username='******') self.assertEqual(response.status_code, 200) # check that alice does NOT get an empty response when requesting bob's # formlist when using the preview formlist endpoint self.assertNotEqual(response.data, [])
def test_project_add_star(self): self._project_create() self.assertEqual(len(self.project.user_stars.all()), 0) view = ProjectViewSet.as_view({'post': 'star'}) request = self.factory.post('/', **self.extra) response = view(request, pk=self.project.pk) self.project.reload() self.assertEqual(response.status_code, 204) self.assertEqual(len(self.project.user_stars.all()), 1) self.assertEqual(self.project.user_stars.all()[0], self.user)
def _publish_xls_form_to_project(self, publish_data={}, merge=True, public=False, xlsform_path=None): if not hasattr(self, 'project'): self._project_create() elif self.project.created_by != self.user: self._project_create() view = ProjectViewSet.as_view({ 'post': 'forms' }) project_id = self.project.pk if merge: data = { 'owner': 'http://testserver/api/v1/users/%s' % self.project.organization.username, 'public': False, 'public_data': False, 'description': u'transportation_2011_07_25', 'downloadable': True, 'allows_sms': False, 'encrypted': False, 'sms_id_string': u'transportation_2011_07_25', 'id_string': u'transportation_2011_07_25', 'title': u'transportation_2011_07_25', 'bamboo_dataset': u'' } data.update(publish_data) else: data = publish_data path = xlsform_path or os.path.join( settings.PROJECT_ROOT, "apps", "main", "tests", "fixtures", "transportation", "transportation.xls") with HTTMock(enketo_preview_url_mock, enketo_url_mock): with open(path, 'rb') as xls_file: post_data = {'xls_file': xls_file} request = self.factory.post( '/', data=post_data, **self.extra) response = view(request, pk=project_id) self.assertEqual(response.status_code, 201) self.xform = XForm.objects.all().order_by('pk').reverse()[0] data.update({ 'url': 'http://testserver/api/v1/forms/%s' % (self.xform.pk) }) # Input was a private so change to public if project public if public: data['public_data'] = data['public'] = True self.form_data = response.data
def test_projects_get(self): self._project_create() view = ProjectViewSet.as_view({'get': 'retrieve'}) request = self.factory.get('/', **self.extra) response = view(request) self.assertEqual(response.status_code, 400) self.assertEqual(response.data, {'detail': 'Expected URL keyword argument `owner`.'}) request = self.factory.get('/', **self.extra) response = view(request, owner='bob', pk=self.project.pk) self.assertEqual(response.status_code, 200) self.assertEqual(response.data, self.project_data)
def test_anon_project_form_endpoint(self): self._project_create() self._publish_xls_form_to_project() view = ProjectViewSet.as_view({ 'get': 'forms' }) request = self.factory.get('/') response = view(request, pk=self.project.pk) self.assertEqual(response.status_code, 404)
def test_project_update_shared_cascades_to_xforms(self): self._publish_xls_form_to_project() view = ProjectViewSet.as_view({ 'patch': 'partial_update' }) projectid = self.project.pk data = {'public': 'true'} request = self.factory.patch('/', data=data, **self.extra) response = view(request, pk=projectid) xforms_status = XForm.objects.filter(project__pk=projectid)\ .values_list('shared', flat=True) self.assertTrue(xforms_status[0]) self.assertEqual(response.status_code, 200)
def test_project_partial_updates_to_existing_metadata(self): self._project_create() view = ProjectViewSet.as_view({'patch': 'partial_update'}) projectid = self.project.pk metadata = '{"description": "Changed description"}' json_metadata = json.loads(metadata) data = {'metadata': metadata} request = self.factory.patch('/', data=data, **self.extra) response = view(request, pk=projectid) project = Project.objects.get(pk=projectid) json_metadata.update(project.metadata) self.assertEqual(response.status_code, 200) self.assertEqual(project.metadata, json_metadata)
def test_project_update_shared_cascades_to_xforms(self): self._publish_xls_form_to_project() view = ProjectViewSet.as_view({'patch': 'partial_update'}) projectid = self.project.pk data = {'public': 'true'} request = self.factory.patch('/', data=data, **self.extra) response = view(request, pk=projectid) project = Project.objects.get(pk=projectid) project_xforms = project.projectxform_set.all() xforms_status = {p.xform.shared for p in project_xforms} xforms_status = list(xforms_status) self.assertTrue(xforms_status[0]) self.assertEqual(response.status_code, 200)
def test_projects_get(self): self._project_create() view = ProjectViewSet.as_view({ 'get': 'retrieve' }) request = self.factory.get('/', **self.extra) response = view(request) self.assertEqual(response.status_code, 400) self.assertEqual(response.data, {'detail': 'Expected URL keyword argument `owner`.'}) request = self.factory.get('/', **self.extra) response = view(request, owner='bob', pk=self.project.pk) self.assertEqual(response.status_code, 200) self.assertEqual(response.data, self.project_data)
def test_project_add_star(self): self._project_create() self.assertEqual(len(self.project.user_stars.all()), 0) view = ProjectViewSet.as_view({ 'post': 'star' }) request = self.factory.post('/', **self.extra) response = view(request, pk=self.project.pk) self.project.reload() self.assertEqual(response.status_code, 204) self.assertEqual(len(self.project.user_stars.all()), 1) self.assertEqual(self.project.user_stars.all()[0], self.user)
def test_project_share_endpoint_form_published_later(self, mock_send_mail): # create project self._project_create() alice_data = {'username': '******', 'email': '*****@*****.**'} alice_profile = self._create_user_profile(alice_data) projectid = self.project.pk ROLES = [ReadOnlyRole, DataEntryRole, EditorRole, ManagerRole, OwnerRole] for role_class in ROLES: self.assertFalse(role_class.user_has_role(alice_profile.user, self.project)) data = {'username': '******', 'role': role_class.name, 'email_msg': 'I have shared the project with you'} request = self.factory.post('/', data=data, **self.extra) view = ProjectViewSet.as_view({ 'post': 'share' }) response = view(request, pk=projectid) self.assertEqual(response.status_code, 204) self.assertTrue(mock_send_mail.called) self.assertTrue(role_class.user_has_role(alice_profile.user, self.project)) # publish form after project sharing self._publish_xls_form_to_project() self.assertTrue(role_class.user_has_role(alice_profile.user, self.xform)) # Reset the mock called value to False mock_send_mail.called = False data = {'username': '******', 'role': ''} request = self.factory.post('/', data=data, **self.extra) response = view(request, pk=projectid) self.assertEqual(response.status_code, 400) self.assertEqual(response.get('Last-Modified'), None) self.assertFalse(mock_send_mail.called) role_class._remove_obj_permissions(alice_profile.user, self.project) self.xform.delete()
def test_project_update_shared_cascades_to_xforms(self): self._publish_xls_form_to_project() view = ProjectViewSet.as_view({ 'patch': 'partial_update' }) projectid = self.project.pk data = {'public': 'true'} request = self.factory.patch('/', data=data, **self.extra) response = view(request, pk=projectid) project = Project.objects.get(pk=projectid) project_xforms = project.projectxform_set.all() xforms_status = {p.xform.shared for p in project_xforms} xforms_status = list(xforms_status) self.assertTrue(xforms_status[0]) self.assertEqual(response.status_code, 200)
def test_project_partial_updates_to_existing_metadata(self): self._project_create() view = ProjectViewSet.as_view({ 'patch': 'partial_update' }) projectid = self.project.pk metadata = '{"description": "Changed description"}' json_metadata = json.loads(metadata) data = {'metadata': metadata} request = self.factory.patch('/', data=data, **self.extra) response = view(request, pk=projectid) project = Project.objects.get(pk=projectid) json_metadata.update(project.metadata) self.assertEqual(response.status_code, 200) self.assertEqual(project.metadata, json_metadata)
def test_project_share_readonly_no_downloads(self): # create project and publish form to project self._publish_xls_form_to_project() alice_data = {'username': '******', 'email': '*****@*****.**'} alice_profile = self._create_user_profile(alice_data) tom_data = {'username': '******', 'email': '*****@*****.**'} tom_data = self._create_user_profile(tom_data) projectid = self.project.pk self.assertFalse( ReadOnlyRoleNoDownload.user_has_role(alice_profile.user, self.project)) data = {'username': '******', 'role': ReadOnlyRoleNoDownload.name} request = self.factory.post('/', data=data, **self.extra) view = ProjectViewSet.as_view({ 'post': 'share', 'get': 'retrieve' }) response = view(request, pk=projectid) self.assertEqual(response.status_code, 204) data = {'username': '******', 'role': ReadOnlyRole.name} request = self.factory.post('/', data=data, **self.extra) response = view(request, pk=projectid) self.assertEqual(response.status_code, 204) request = self.factory.get('/', **self.extra) response = view(request, pk=self.project.pk) # get the users users = response.data.get('users') self.assertEqual(len(users), 3) for user in users: if user.get('user') == 'bob': self.assertEquals(user.get('role'), 'owner') elif user.get('user') == 'alice': self.assertEquals(user.get('role'), 'readonly-no-download') elif user.get('user') == 'tom': self.assertEquals(user.get('role'), 'readonly')