def test_only_staff_can_access_delete_user_disclaimer(self): # no logged in user encoded_user_id = int_str(chaffify(self.user.id)) url = reverse('studioadmin:delete_user_disclaimer', args=[encoded_user_id]) resp = self.client.get(url) self.assertEqual(resp.status_code, 302) self.assertIn(reverse('booking:permission_denied'), resp.url) # normal user resp = self._get_response(url, DisclaimerUpdateView, self.user, encoded_user_id) self.assertEqual(resp.status_code, 302) self.assertIn(reverse('booking:permission_denied'), resp.url) # instructor user resp = self._get_response(url, DisclaimerUpdateView, self.instructor_user, encoded_user_id) self.assertEqual(resp.status_code, 302) self.assertIn(reverse('booking:permission_denied'), resp.url) # staff user resp = self._get_response(url, DisclaimerUpdateView, self.staff_user, encoded_user_id) self.assertEqual(resp.status_code, 200)
def test_only_staff_can_access_delete_user_disclaimer(self): # no logged in user encoded_user_id = int_str(chaffify(self.user.id)) url = reverse( 'studioadmin:delete_user_disclaimer', args=[encoded_user_id] ) resp = self.client.get(url) self.assertEqual(resp.status_code, 302) self.assertIn(reverse('booking:permission_denied'), resp.url) # normal user resp = self._get_response( url, DisclaimerUpdateView, self.user, encoded_user_id ) self.assertEqual(resp.status_code, 302) self.assertIn(reverse('booking:permission_denied'), resp.url) # instructor user resp = self._get_response( url, DisclaimerUpdateView, self.instructor_user, encoded_user_id ) self.assertEqual(resp.status_code, 302) self.assertIn(reverse('booking:permission_denied'), resp.url) # staff user resp = self._get_response( url, DisclaimerUpdateView, self.staff_user, encoded_user_id ) self.assertEqual(resp.status_code, 200)
def test_encoded_id_with_specified_chaff_values(self): encoded_id = int_str(chaffify(self.user.id, 12345)) self.assertEqual( dechaffify(str_int(encoded_id), 12345), self.user.id ) # with non-matching chaff with self.assertRaises(ValueError): dechaffify(str_int(encoded_id), 1234)
def test_encoded_id_with_specified_keyspaces(self): encoded_id = int_str(chaffify(self.user.id), 'abcdefghisjkl') self.assertEqual( dechaffify(str_int(encoded_id, 'abcdefghisjkl')), self.user.id ) # with non-matching keyspaces with self.assertRaises(ValueError): dechaffify(str_int(encoded_id, 'abcdefghisjk'))
def test_get_delete_disclaimer_view(self): encoded_user_id = int_str(chaffify(self.user.id)) delete_url = reverse( 'studioadmin:delete_user_disclaimer', args=[encoded_user_id] ) resp = self._get_response( delete_url, DisclaimerDeleteView, self.staff_user, encoded_user_id, ) self.assertEqual(resp.context_data['user'], self.user)
def test_delete_disclaimer(self): self.assertEqual(OnlineDisclaimer.objects.count(), 1) encoded_user_id = int_str(chaffify(self.user.id)) delete_url = reverse('studioadmin:delete_user_disclaimer', args=[encoded_user_id]) resp = self._post_response(delete_url, DisclaimerDeleteView, self.staff_user, encoded_user_id, self.post_data) self.assertEqual(OnlineDisclaimer.objects.count(), 0)
def test_update_dislaimer(self): self.assertIsNone(self.disclaimer.home_phone) # null by default encoded_user_id = int_str(chaffify(self.user.id)) update_url = reverse('studioadmin:update_user_disclaimer', args=[encoded_user_id]) resp = self._post_response(update_url, DisclaimerUpdateView, self.staff_user, encoded_user_id, self.post_data) self.disclaimer.refresh_from_db() self.assertEqual(self.disclaimer.home_phone, '123445')
def test_update_dislaimer_sets_date_updated(self): self.assertIsNone(self.disclaimer.date_updated) encoded_user_id = int_str(chaffify(self.user.id)) update_url = reverse('studioadmin:update_user_disclaimer', args=[encoded_user_id]) resp = self._post_response(update_url, DisclaimerUpdateView, self.staff_user, encoded_user_id, self.post_data) self.disclaimer.refresh_from_db() self.assertIsNotNone(self.disclaimer.date_updated)
def test_user_password_required_to_update_disclaimer(self): self.assertNotEqual(self.disclaimer.address, '1 test st') encoded_user_id = int_str(chaffify(self.user.id)) update_url = reverse('studioadmin:update_user_disclaimer', args=[encoded_user_id]) resp = self._post_response(update_url, DisclaimerUpdateView, self.staff_user, encoded_user_id, self.post_data) self.disclaimer.refresh_from_db() self.assertEqual(self.disclaimer.address, '1 test st')
def test_delete_disclaimer(self): self.assertEqual(OnlineDisclaimer.objects.count(), 1) encoded_user_id = int_str(chaffify(self.user.id)) delete_url = reverse( 'studioadmin:delete_user_disclaimer', args=[encoded_user_id] ) resp = self._post_response( delete_url, DisclaimerDeleteView, self.staff_user, encoded_user_id, self.post_data ) self.assertEqual(OnlineDisclaimer.objects.count(), 0)
def test_get_delete_disclaimer_view(self): encoded_user_id = int_str(chaffify(self.user.id)) delete_url = reverse('studioadmin:delete_user_disclaimer', args=[encoded_user_id]) resp = self._get_response( delete_url, DisclaimerDeleteView, self.staff_user, encoded_user_id, ) self.assertEqual(resp.context_data['user'], self.user)
def test_user_password_incorrect(self): encoded_user_id = int_str(chaffify(self.user.id)) update_url = reverse('studioadmin:update_user_disclaimer', args=[encoded_user_id]) self.post_data['password'] = '******' self.assertTrue( self.client.login(username=self.staff_user.username, password='******')) resp = self.client.post(update_url, self.post_data, follow=True) self.assertIn('Password is incorrect', format_content(resp.rendered_content))
def test_update_dislaimer(self): self.assertIsNone(self.disclaimer.home_phone) # null by default encoded_user_id = int_str(chaffify(self.user.id)) update_url = reverse( 'studioadmin:update_user_disclaimer', args=[encoded_user_id] ) resp = self._post_response( update_url, DisclaimerUpdateView, self.staff_user, encoded_user_id, self.post_data ) self.disclaimer.refresh_from_db() self.assertEqual(self.disclaimer.home_phone, '123445')
def test_user_password_required_to_update_disclaimer(self): self.assertNotEqual(self.disclaimer.address, '1 test st') encoded_user_id = int_str(chaffify(self.user.id)) update_url = reverse( 'studioadmin:update_user_disclaimer', args=[encoded_user_id] ) resp = self._post_response( update_url, DisclaimerUpdateView, self.staff_user, encoded_user_id, self.post_data ) self.disclaimer.refresh_from_db() self.assertEqual(self.disclaimer.address, '1 test st')
def test_update_dislaimer_sets_date_updated(self): self.assertIsNone(self.disclaimer.date_updated) encoded_user_id = int_str(chaffify(self.user.id)) update_url = reverse( 'studioadmin:update_user_disclaimer', args=[encoded_user_id] ) resp = self._post_response( update_url, DisclaimerUpdateView, self.staff_user, encoded_user_id, self.post_data ) self.disclaimer.refresh_from_db() self.assertIsNotNone(self.disclaimer.date_updated)
def test_user_password_incorrect(self): encoded_user_id = int_str(chaffify(self.user.id)) update_url = reverse( 'studioadmin:update_user_disclaimer', args=[encoded_user_id] ) self.post_data['password'] = '******' self.assertTrue( self.client.login(username=self.staff_user.username, password='******') ) resp = self.client.post(update_url, self.post_data, follow=True) self.assertIn( 'Password is incorrect', format_content(resp.rendered_content) )
def test_only_staff_or_instructor_can_access_user_disclaimer(self): # no logged in user encoded_user_id = int_str(chaffify(self.user.id)) resp = self.client.get( reverse('studioadmin:user_disclaimer', args=[encoded_user_id])) self.assertEqual(resp.status_code, 302) self.assertIn(reverse('login'), resp.url) # normal user resp = self._get_user_disclaimer(self.user, encoded_user_id) self.assertEqual(resp.status_code, 302) self.assertIn(reverse('booking:permission_denied'), resp.url) # staff user resp = self._get_user_disclaimer(self.staff_user, encoded_user_id) self.assertEqual(resp.status_code, 200) # instructpr user resp = self._get_user_disclaimer(self.instructor_user, encoded_user_id) self.assertEqual(resp.status_code, 200)
def test_update_and_delete_buttons_not_shown_for_instructors(self): encoded_user_id = int_str(chaffify(self.user.id)) update_url = reverse('studioadmin:update_user_disclaimer', args=[encoded_user_id]) delete_url = reverse('studioadmin:delete_user_disclaimer', args=[encoded_user_id]) resp = self._get_user_disclaimer(self.instructor_user, encoded_user_id) self.assertEqual(resp.status_code, 200) self.assertNotIn('Update', resp.rendered_content) self.assertNotIn(update_url, resp.rendered_content) self.assertNotIn('Delete', resp.rendered_content) self.assertNotIn(delete_url, resp.rendered_content) resp = self._get_user_disclaimer(self.staff_user, encoded_user_id) self.assertEqual(resp.status_code, 200) self.assertIn('Update', resp.rendered_content) self.assertIn(update_url, resp.rendered_content) self.assertIn('Delete', resp.rendered_content) self.assertIn(delete_url, resp.rendered_content)
def test_update_and_delete_buttons_not_shown_for_instructors(self): encoded_user_id = int_str(chaffify(self.user.id)) update_url = reverse( 'studioadmin:update_user_disclaimer', args=[encoded_user_id] ) delete_url = reverse( 'studioadmin:delete_user_disclaimer', args=[encoded_user_id] ) resp = self._get_user_disclaimer(self.instructor_user, encoded_user_id) self.assertEqual(resp.status_code, 200) self.assertNotIn('Update', resp.rendered_content) self.assertNotIn(update_url, resp.rendered_content) self.assertNotIn('Delete', resp.rendered_content) self.assertNotIn(delete_url, resp.rendered_content) resp = self._get_user_disclaimer(self.staff_user, encoded_user_id) self.assertEqual(resp.status_code, 200) self.assertIn('Update', resp.rendered_content) self.assertIn(update_url, resp.rendered_content) self.assertIn('Delete', resp.rendered_content) self.assertIn(delete_url, resp.rendered_content)
def test_no_changes_made(self): post_data = { 'id': self.disclaimer.id, 'name': self.disclaimer.name, 'dob': self.disclaimer.dob.strftime('%d %b %Y'), 'address': self.disclaimer.address, 'postcode': self.disclaimer.postcode, 'mobile_phone': self.disclaimer.mobile_phone, 'emergency_contact1_name': self.disclaimer.emergency_contact1_name, 'emergency_contact1_relationship': self.disclaimer.emergency_contact1_relationship, 'emergency_contact1_phone': self.disclaimer.emergency_contact1_phone, 'emergency_contact2_name': self.disclaimer.emergency_contact2_name, 'emergency_contact2_relationship': self.disclaimer.emergency_contact2_relationship, 'emergency_contact2_phone': self.disclaimer.emergency_contact2_phone, 'medical_conditions': False, 'medical_conditions_details': '', 'joint_problems': False, 'joint_problems_details': '', 'allergies': False, 'allergies_details': '', 'medical_treatment_permission': True, 'terms_accepted': True, 'age_over_18_confirmed': True, 'password': '******' } encoded_user_id = int_str(chaffify(self.user.id)) update_url = reverse('studioadmin:update_user_disclaimer', args=[encoded_user_id]) self.assertTrue( self.client.login(username=self.staff_user.username, password='******')) resp = self.client.post(update_url, post_data, follow=True) self.assertIn('No changes made', format_content(resp.rendered_content))
def test_no_changes_made(self): post_data = { 'id': self.disclaimer.id, 'name': self.disclaimer.name, 'dob': self.disclaimer.dob.strftime('%d %b %Y'), 'address': self.disclaimer.address, 'postcode': self.disclaimer.postcode, 'mobile_phone': self.disclaimer.mobile_phone, 'emergency_contact1_name': self.disclaimer.emergency_contact1_name, 'emergency_contact1_relationship': self.disclaimer.emergency_contact1_relationship, 'emergency_contact1_phone': self.disclaimer.emergency_contact1_phone, 'emergency_contact2_name': self.disclaimer.emergency_contact2_name, 'emergency_contact2_relationship': self.disclaimer.emergency_contact2_relationship, 'emergency_contact2_phone': self.disclaimer.emergency_contact2_phone, 'medical_conditions': False, 'medical_conditions_details': '', 'joint_problems': False, 'joint_problems_details': '', 'allergies': False, 'allergies_details': '', 'medical_treatment_permission': True, 'terms_accepted': True, 'age_over_18_confirmed': True, 'password': '******' } encoded_user_id = int_str(chaffify(self.user.id)) update_url = reverse( 'studioadmin:update_user_disclaimer', args=[encoded_user_id] ) self.assertTrue( self.client.login(username=self.staff_user.username, password='******') ) resp = self.client.post(update_url, post_data, follow=True) self.assertIn( 'No changes made', format_content(resp.rendered_content) )
def test_only_staff_or_instructor_can_access_user_disclaimer(self): # no logged in user encoded_user_id = int_str(chaffify(self.user.id)) resp = self.client.get( reverse( 'studioadmin:user_disclaimer', args=[encoded_user_id] ) ) self.assertEqual(resp.status_code, 302) self.assertIn(reverse('login'), resp.url) # normal user resp = self._get_user_disclaimer(self.user, encoded_user_id) self.assertEqual(resp.status_code, 302) self.assertIn(reverse('booking:permission_denied'), resp.url) # staff user resp = self._get_user_disclaimer(self.staff_user, encoded_user_id) self.assertEqual(resp.status_code, 200) # instructpr user resp = self._get_user_disclaimer(self.instructor_user, encoded_user_id) self.assertEqual(resp.status_code, 200)
def encode(val): return int_str(chaffify(val))
def test_encoded_id_with_defaults(self): encoded_id = int_str(chaffify(self.user.id)) self.assertEqual(dechaffify(str_int(encoded_id)), self.user.id)