def test_form_clone_endpoint(self): self._publish_xls_form_to_project() alice_data = {'username': '******', 'email': '*****@*****.**'} alice_profile = self._create_user_profile(alice_data) view = XFormViewSet.as_view({ 'post': 'clone' }) formid = self.xform.pk count = XForm.objects.count() data = {'username': '******'} request = self.factory.post('/', data=data, **self.extra) response = view(request, pk=formid) self.assertEqual(response.status_code, 400) data = {'username': '******'} request = self.factory.post('/', data=data, **self.extra) response = view(request, pk=formid) self.assertFalse(self.user.has_perm('can_add_xform', alice_profile)) self.assertEqual(response.status_code, 403) ManagerRole.add(self.user, alice_profile) request = self.factory.post('/', data=data, **self.extra) response = view(request, pk=formid) self.assertTrue(self.user.has_perm('can_add_xform', alice_profile)) self.assertEqual(response.status_code, 201) self.assertEqual(count + 1, XForm.objects.count())
def test_form_clone_endpoint(self): self._publish_xls_form_to_project() alice_data = {'username': '******', 'email': '*****@*****.**'} alice_profile = self._create_user_profile(alice_data) view = XFormViewSet.as_view({'post': 'clone'}) formid = self.xform.pk count = XForm.objects.count() data = {'username': '******'} request = self.factory.post('/', data=data, **self.extra) response = view(request, pk=formid) self.assertEqual(response.status_code, 400) self.assertEqual(response.get('Last-Modified'), None) data = {'username': '******'} request = self.factory.post('/', data=data, **self.extra) response = view(request, pk=formid) self.assertFalse(self.user.has_perm('can_add_xform', alice_profile)) self.assertEqual(response.status_code, 403) ManagerRole.add(self.user, alice_profile) request = self.factory.post('/', data=data, **self.extra) response = view(request, pk=formid) self.assertTrue(self.user.has_perm('can_add_xform', alice_profile)) self.assertEqual(response.status_code, 201) self.assertEqual(count + 1, XForm.objects.count())
def test_form_clone_endpoint(self): self._publish_xls_form_to_project() alice_data = {"username": "******", "email": "*****@*****.**"} alice_profile = self._create_user_profile(alice_data) view = XFormViewSet.as_view({"post": "clone"}) formid = self.xform.pk count = XForm.objects.count() data = {"username": "******"} request = self.factory.post("/", data=data, **self.extra) response = view(request, pk=formid) self.assertEqual(response.status_code, 400) data = {"username": "******"} request = self.factory.post("/", data=data, **self.extra) response = view(request, pk=formid) self.assertFalse(self.user.has_perm("can_add_xform", alice_profile)) self.assertEqual(response.status_code, 403) ManagerRole.add(self.user, alice_profile) request = self.factory.post("/", data=data, **self.extra) response = view(request, pk=formid) self.assertTrue(self.user.has_perm("can_add_xform", alice_profile)) self.assertEqual(response.status_code, 201) self.assertEqual(count + 1, XForm.objects.count())
def test_project_manager_can_assign_form_to_project_no_perm(self): # user must have owner/manager permissions view = ProjectViewSet.as_view({ 'post': 'forms', 'get': 'retrieve' }) self._publish_xls_form_to_project() # alice user is not manager to both projects alice_data = {'username': '******', 'email': '*****@*****.**'} alice_profile = self._create_user_profile(alice_data) self.assertFalse(ManagerRole.user_has_role(alice_profile.user, self.project)) formid = self.xform.pk project_name = u'another project' self._project_create({'name': project_name}) self.assertTrue(self.project.name == project_name) ManagerRole.add(alice_profile.user, self.project) self.assertTrue(ManagerRole.user_has_role(alice_profile.user, self.project)) self._login_user_and_profile(alice_data) project_id = self.project.pk post_data = {'formid': formid} request = self.factory.post('/', data=post_data, **self.extra) response = view(request, pk=project_id) self.assertEqual(response.status_code, 403)
def test_manager_role_add(self): bob, created = UserProfile.objects.get_or_create(user=self.user) alice = self._create_user('alice', 'alice') self.assertFalse(alice.has_perm(CAN_ADD_XFORM_TO_PROFILE, bob)) ManagerRole.add(alice, bob) self.assertTrue(alice.has_perm(CAN_ADD_XFORM_TO_PROFILE, bob))
def test_manager_has_role(self): bob = UserProfile.objects.create(user=self.user) alice = self._create_user('alice', 'alice') self.assertFalse(ManagerRole.has_role(alice, bob)) ManagerRole.add(alice, bob) self.assertTrue(ManagerRole.has_role(alice, bob))
def test_manager_has_role(self): bob, created = UserProfile.objects.get_or_create(user=self.user) alice = self._create_user('alice', 'alice') self.assertFalse(ManagerRole.user_has_role(alice, bob)) self.assertFalse(ManagerRole.has_role(perms_for(alice, bob), bob)) ManagerRole.add(alice, bob) self.assertTrue(ManagerRole.user_has_role(alice, bob)) self.assertTrue(ManagerRole.has_role(perms_for(alice, bob), bob))
def test_manager_has_role(self): bob, created = UserProfile.objects.get_or_create(user=self.user) alice = self._create_user('alice', 'alice') self.assertFalse(ManagerRole.user_has_role(alice, bob)) self.assertFalse(ManagerRole.has_role( perms_for(alice, bob), bob)) ManagerRole.add(alice, bob) self.assertTrue(ManagerRole.user_has_role(alice, bob)) self.assertTrue(ManagerRole.has_role( perms_for(alice, bob), bob))
def test_reassign_role(self): self._publish_transportation_form() alice = self._create_user('alice', 'alice') self.assertFalse(ManagerRole.has_role(alice, self.xform)) ManagerRole.add(alice, self.xform) self.assertTrue(ManagerRole.has_role(alice, self.xform)) ReadOnlyRole.add(alice, self.xform) self.assertFalse(ManagerRole.has_role(alice, self.xform)) self.assertTrue(ReadOnlyRole.has_role(alice, self.xform))
def test_owner_cannot_remove_self_if_no_other_owner(self): self._project_create() view = ProjectViewSet.as_view({ 'put': 'share' }) ManagerRole.add(self.user, self.project) tom_data = {'username': '******', 'email': '*****@*****.**'} bob_profile = self._create_user_profile(tom_data) OwnerRole.add(bob_profile.user, self.project) data = {'username': '******', 'remove': True, 'role': 'owner'} request = self.factory.put('/', data=data, **self.extra) response = view(request, pk=self.project.pk) self.assertEqual(response.status_code, 400) error = {'remove': [u"Project requires at least one owner"]} self.assertEquals(response.data, error) self.assertTrue(OwnerRole.user_has_role(bob_profile.user, self.project)) alice_data = {'username': '******', 'email': '*****@*****.**'} profile = self._create_user_profile(alice_data) OwnerRole.add(profile.user, self.project) view = ProjectViewSet.as_view({ 'put': 'share' }) data = {'username': '******', 'remove': True, 'role': 'owner'} request = self.factory.put('/', data=data, **self.extra) response = view(request, pk=self.project.pk) self.assertEqual(response.status_code, 204) self.assertFalse(OwnerRole.user_has_role(bob_profile.user, self.project))
def test_reassign_role(self): self._publish_transportation_form() alice = self._create_user('alice', 'alice') self.assertFalse(ManagerRole.user_has_role(alice, self.xform)) ManagerRole.add(alice, self.xform) self.assertTrue(ManagerRole.user_has_role(alice, self.xform)) self.assertTrue( ManagerRole.has_role(perms_for(alice, self.xform), self.xform)) ReadOnlyRole.add(alice, self.xform) self.assertFalse(ManagerRole.user_has_role(alice, self.xform)) self.assertTrue(ReadOnlyRole.user_has_role(alice, self.xform)) self.assertFalse( ManagerRole.has_role(perms_for(alice, self.xform), self.xform)) self.assertTrue( ReadOnlyRole.has_role(perms_for(alice, self.xform), self.xform))
def _create_submission_review(self): """ Utility method creates Submission Review """ instance_id = self._first_xform_instance.id # Ensure Managers can create a Submission Review self._create_user_and_login('bob', '1234') ManagerRole.add(self.user, self._first_xform_instance.xform) submission_data = { 'note': "Supreme Overload!", 'instance': instance_id } view = SubmissionReviewViewSet.as_view({'post': 'create'}) request = self.factory.post('/', data=submission_data, **self.extra) response = view(request=request) self.assertEqual(201, response.status_code) self.assertEqual("Supreme Overload!", response.data['note']) self.assertEqual(instance_id, response.data['instance']) return response.data