def test_user_can_view_non_private_admin_entries(admin_client, user_client): # admin user schedule entry admin_rjson = post_schedule(admin_client, TEST_ALTERNATE_SCHEDULE_ENTRY) admin_entry_name = admin_rjson["name"] admin_entry_url = reverse_detail_url(admin_entry_name) response = user_client.get(admin_entry_url, **HTTPS_KWARG) validate_response(response, status.HTTP_200_OK)
def test_get_existing_entry_details_returns_200(admin_client): """Requesting details of existing entry should return 200.""" rjson = post_schedule(admin_client, TEST_SCHEDULE_ENTRY) entry_name = rjson["name"] url = reverse_detail_url(entry_name) response = admin_client.get(url, **HTTPS_KWARG) validate_response(response, status.HTTP_200_OK)
def test_user_can_view_non_private_user_entries(user_client, alt_user_client): # alt user schedule entry alt_user_rjson = post_schedule(alt_user_client, TEST_SCHEDULE_ENTRY) alt_user_entry_name = alt_user_rjson["name"] alt_user_entry_url = reverse_detail_url(alt_user_entry_name) response = user_client.get(alt_user_entry_url, **HTTPS_KWARG) validate_response(response, status.HTTP_200_OK)
def test_user_cannot_view_private_entry_details(admin_client, user_client): """A user attempting to access a private entry should receive 404.""" # Private indicates admin wants users to be unaware that the entry exists # on the system, hence 404 vs 403 (FORBIDDEN). rjson = post_schedule(admin_client, TEST_PRIVATE_SCHEDULE_ENTRY) entry_name = rjson["name"] url = reverse_detail_url(entry_name) response = user_client.get(url, **HTTPS_KWARG) validate_response(response, status.HTTP_404_NOT_FOUND)
def test_user_cannot_post_private_schedule(user_client): """Unpriveleged users should not be able to create private entries.""" rjson = post_schedule(user_client, TEST_PRIVATE_SCHEDULE_ENTRY) entry_name = rjson["name"] url = reverse_detail_url(entry_name) response = user_client.get(url, **HTTPS_KWARG) assert not rjson["is_private"] validate_response(response, status.HTTP_200_OK) assert not response.data["is_private"]
def test_private_schedule_entry_is_private(admin_client, user_client): rjson = post_schedule(admin_client, TEST_PRIVATE_SCHEDULE_ENTRY) entry_name = rjson["name"] entry_url = reverse_detail_url(entry_name) user_response = user_client.get(entry_url, **HTTPS_KWARG) admin_user_response = admin_client.get(entry_url, **HTTPS_KWARG) validate_response(user_response, status.HTTP_404_NOT_FOUND) validate_response(admin_user_response, status.HTTP_200_OK)
def test_entry_posted_to_schedule_is_immediately_available(admin_client): rjson = post_schedule(admin_client, TEST_SCHEDULE_ENTRY) entry_name = rjson["name"] entry_url = reverse_detail_url(entry_name) user_response = admin_client.get(entry_url, **HTTPS_KWARG) for k, v in TEST_SCHEDULE_ENTRY.items(): assert rjson[k] == v validate_response(user_response, status.HTTP_200_OK)
def test_user_cannot_delete_any_other_entry(admin_client, user_client, alt_user_client): # alt user schedule entry alt_user_rjson = post_schedule(alt_user_client, TEST_SCHEDULE_ENTRY) alt_user_entry_name = alt_user_rjson["name"] alt_user_entry_url = reverse_detail_url(alt_user_entry_name) user_delete_alt_user_response = user_client.delete(alt_user_entry_url, **HTTPS_KWARG) # admin user schedule entry admin_rjson = post_schedule(admin_client, TEST_PRIVATE_SCHEDULE_ENTRY) admin_entry_name = admin_rjson["name"] admin_entry_url = reverse_detail_url(admin_entry_name) user_delete_admin_response = user_client.delete(admin_entry_url, **HTTPS_KWARG) validate_response(user_delete_alt_user_response, status.HTTP_403_FORBIDDEN) # Admin's entry is private, hence 404 instead of 403 validate_response(user_delete_admin_response, status.HTTP_404_NOT_FOUND)
def test_user_can_delete_their_entry(user_client): rjson = post_schedule(user_client, TEST_SCHEDULE_ENTRY) entry_name = rjson["name"] entry_url = reverse_detail_url(entry_name) # First attempt to delete should return 204 response = user_client.delete(entry_url, **HTTPS_KWARG) validate_response(response, status.HTTP_204_NO_CONTENT) # Second attempt to delete should return 404 response = user_client.delete(entry_url, **HTTPS_KWARG) validate_response(response, status.HTTP_404_NOT_FOUND)
def test_validate_only_does_not_modify_schedule_with_bad_entry(user_client): """A bad entry with validate_only should return 400 only.""" # Ensure that a 400 "BAD REQUEST" is returned from the validator entry = TEST_SCHEDULE_ENTRY.copy() entry["interval"] = 1.5 # non-integer interval is invalid entry["validate_only"] = True expected_status = status.HTTP_400_BAD_REQUEST post_schedule(user_client, entry, expected_status=expected_status) # Ensure that the entry didn't make it into the schedule url = reverse_detail_url(entry["name"]) response = user_client.get(url, **HTTPS_KWARG) validate_response(response, status.HTTP_404_NOT_FOUND)
def test_validate_only_does_not_modify_schedule_with_good_entry(user_client): """A good entry with validate_only should return 200 only.""" # Ensure that a 200 "OK" is returned from the validator entry = TEST_SCHEDULE_ENTRY.copy() entry["validate_only"] = True expected_status = status.HTTP_204_NO_CONTENT post_schedule(user_client, entry, expected_status=expected_status) # Ensure that the entry didn't make it into the schedule entry_name = entry["name"] url = reverse_detail_url(entry_name) response = user_client.get(url, **HTTPS_KWARG) validate_response(response, status.HTTP_404_NOT_FOUND)
def test_delete_entry_with_acquisitions_fails(admin_client, test_scheduler): """Attempting to delete entry with protected acquisitions should fail.""" entry_name = simulate_frequency_fft_acquisitions(admin_client) entry_url = reverse_detail_url(entry_name) response = admin_client.delete(entry_url, **HTTPS_KWARG) rjson = validate_response(response, status.HTTP_400_BAD_REQUEST) expected_status = status.HTTP_204_NO_CONTENT for acq_url in rjson["protected_objects"]: response = admin_client.delete(acq_url, **HTTPS_KWARG) validate_response(response, expected_status) response = admin_client.delete(entry_url, **HTTPS_KWARG) validate_response(response, expected_status)
def test_post_unknown_field_to_schedule(admin_client): """Unknown fields in a schedule entry should be ignored.""" entry_json = TEST_SCHEDULE_ENTRY.copy() entry_json["nonsense"] = True rjson = post_schedule(admin_client, entry_json) entry_name = rjson["name"] entry_url = reverse_detail_url(entry_name) response = admin_client.get(entry_url, **HTTPS_KWARG) validate_response(response, status.HTTP_200_OK) for k, v in TEST_SCHEDULE_ENTRY.items(): assert rjson[k] == v assert "nonsense" not in rjson assert "nonsense" not in response.data
def test_get_nonexistent_entry_details_returns_404(admin_client): """Requesting details of non-existent entry should return 404.""" url = reverse_detail_url("doesntexist") response = admin_client.get(url, **HTTPS_KWARG) validate_response(response, status.HTTP_404_NOT_FOUND)