def test_user_cant_modify_other_acquisitions(admin_client, user_client, alt_user_client, test_scheduler): # alt user schedule entry alt_user_entry_name = simulate_acquisitions(alt_user_client, name='alt_user_single_acq') alt_user_acq_url = reverse_acquisition_detail(alt_user_entry_name, 1) new_acquisition_detail = user_client.get(alt_user_acq_url, **HTTPS_KWARG) new_acquisition_detail = new_acquisition_detail.data new_acquisition_detail['task_id'] = 2 user_modify_alt_user_response = update_acquisition_detail( user_client, alt_user_entry_name, 1, new_acquisition_detail) # admin user schedule entry admin_entry_name = simulate_acquisitions(admin_client, name='admin_single_acq') admin_acq_url = reverse_acquisition_detail(admin_entry_name, 1) new_acquisition_detail = user_client.get(admin_acq_url, **HTTPS_KWARG).data new_acquisition_detail['task_id'] = 2 user_modify_admin_response = update_acquisition_detail( user_client, admin_entry_name, 1, new_acquisition_detail) validate_response(user_modify_alt_user_response, status.HTTP_403_FORBIDDEN) validate_response(user_modify_admin_response, status.HTTP_403_FORBIDDEN)
def test_user_cant_modify_other_acquisitions(admin_client, alt_admin_client, user_client, test_scheduler): # alt admin schedule entry alt_admin_entry_name = simulate_acquisitions(alt_admin_client, name='alt_admin_single_acq') alt_admin_acq_url = reverse_acquisition_detail(alt_admin_entry_name, 1) new_acquisition_detail = user_client.get(alt_admin_acq_url, **HTTPS_KWARG) new_acquisition_detail = new_acquisition_detail.data new_acquisition_detail['task_id'] = 2 admin_modify_alt_admin_response = update_acquisition_detail( admin_client, alt_admin_entry_name, 1, new_acquisition_detail) # user schedule entry user_entry_name = simulate_acquisitions(user_client, name='admin_single_acq') user_acq_url = reverse_acquisition_detail(user_entry_name, 1) new_acquisition_detail = admin_client.get(user_acq_url, **HTTPS_KWARG).data new_acquisition_detail['task_id'] = 2 admin_modify_user_response = update_acquisition_detail( admin_client, user_entry_name, 1, new_acquisition_detail) validate_response(admin_modify_alt_admin_response, status.HTTP_405_METHOD_NOT_ALLOWED) validate_response(admin_modify_user_response, status.HTTP_405_METHOD_NOT_ALLOWED)
def test_single_acquisition_response(user_client, test_scheduler): entry_name = simulate_acquisitions(user_client, n=1) acquisition, = get_acquisition_list(user_client, entry_name) task_id = 1 expected_url = reverse_acquisition_detail(entry_name, task_id) assert acquisition['self'] == expected_url assert acquisition['task_id'] == task_id
def test_admin_can_create_private_acquisition(admin_client, user_client, test_scheduler): private_entry_name = simulate_acquisitions(admin_client, is_private=True) private_acq_url = reverse_acquisition_detail(private_entry_name, 1) user_response = user_client.get(private_acq_url, **HTTPS_KWARG) validate_response(user_response, status.HTTP_403_FORBIDDEN)
def test_multiple_acquisition_response(user_client, test_scheduler): entry_name = simulate_acquisitions(user_client, n=3) acquisitions = get_acquisition_list(user_client, entry_name) assert len(acquisitions) == 3 for i, acq in enumerate(acquisitions, start=1): expected_url = reverse_acquisition_detail(entry_name, i) assert acq['self'] == expected_url assert acq['task_id'] == i
def test_admin_can_delete_their_acquisition(admin_client, test_scheduler): entry_name = simulate_acquisitions(admin_client) acq_url = reverse_acquisition_detail(entry_name, 1) first_response = admin_client.delete(acq_url, **HTTPS_KWARG) second_response = admin_client.delete(acq_url, **HTTPS_KWARG) validate_response(first_response, status.HTTP_204_NO_CONTENT) validate_response(second_response, status.HTTP_404_NOT_FOUND)
def test_admin_can_view_private_acquisitions(admin_client, alt_admin_client, test_scheduler): private_entry_name = simulate_acquisitions(alt_admin_client, is_private=True) private_acq_url = reverse_acquisition_detail(private_entry_name, 1) response = admin_client.get(private_acq_url, **HTTPS_KWARG) validate_response(response, status.HTTP_200_OK)
def test_admin_can_view_all_acquisitions(admin_client, alt_admin_client, user_client, test_scheduler): # alt admin schedule entry alt_admin_entry_name = simulate_acquisitions(alt_admin_client, name='alt_admin_single_acq') alt_admin_acq_url = reverse_acquisition_detail(alt_admin_entry_name, 1) admin_view_alt_admin_response = admin_client.get(alt_admin_acq_url, **HTTPS_KWARG) # user schedule entry user_acq_name = simulate_acquisitions(user_client, name='admin_single_acq') user_acq_url = reverse_acquisition_detail(user_acq_name, 1) admin_view_user_response = admin_client.get(user_acq_url, **HTTPS_KWARG) validate_response(admin_view_alt_admin_response, status.HTTP_200_OK) validate_response(admin_view_user_response, status.HTTP_200_OK)
def test_user_cant_delete_other_acquisitions(admin_client, user_client, alt_user_client, test_scheduler): # alt user schedule entry alt_user_entry_name = simulate_acquisitions(alt_user_client, name='alt_user_single_acq') alt_user_acq_url = reverse_acquisition_detail(alt_user_entry_name, 1) user_delete_alt_user_response = user_client.delete(alt_user_acq_url, **HTTPS_KWARG) # admin user schedule entry admin_acq_name = simulate_acquisitions(admin_client, name='admin_single_acq') admin_acq_url = reverse_acquisition_detail(admin_acq_name, 1) user_delete_admin_response = user_client.delete(admin_acq_url, **HTTPS_KWARG) validate_response(user_delete_admin_response, status.HTTP_403_FORBIDDEN) validate_response(user_delete_alt_user_response, status.HTTP_403_FORBIDDEN)
def test_admin_cant_modify_their_acquisition(admin_client, test_scheduler): entry_name = simulate_acquisitions(admin_client) acq_url = reverse_acquisition_detail(entry_name, 1) new_acquisition_detail = admin_client.get(acq_url, **HTTPS_KWARG).data new_acquisition_detail['task_id'] = 2 response = update_acquisition_detail(admin_client, entry_name, 1, new_acquisition_detail) validate_response(response, status.HTTP_405_METHOD_NOT_ALLOWED)
def test_admin_can_delete_other_acquisitions(admin_client, alt_admin_client, user_client, test_scheduler): # alt admin private schedule entry alt_admin_entry_name = simulate_acquisitions(alt_admin_client, name='alt_admin_single_acq', is_private=True) alt_admin_acq_url = reverse_acquisition_detail(alt_admin_entry_name, 1) admin_delete_alt_admin_response = admin_client.delete( alt_admin_acq_url, **HTTPS_KWARG) # user schedule entry user_acq_name = simulate_acquisitions(user_client, name='admin_single_acq') user_acq_url = reverse_acquisition_detail(user_acq_name, 1) admin_delete_user_response = admin_client.delete(user_acq_url, **HTTPS_KWARG) validate_response(admin_delete_user_response, status.HTTP_204_NO_CONTENT) validate_response(admin_delete_alt_admin_response, status.HTTP_204_NO_CONTENT)
def test_user_cant_create_private_acquisition(user_client, alt_user_client, test_scheduler): # The alt user attempts to create a private acquisition. entry_name = simulate_acquisitions(alt_user_client, is_private=True) acq_url = reverse_acquisition_detail(entry_name, 1) # The user attempts to GET the acquisition that the alt user created. response = user_client.get(acq_url, **HTTPS_KWARG) # The user successfully GETs the acquistion that the alt user # created; meaning that the acquisition was not, in fact, private. validate_response(response, status.HTTP_200_OK)
def test_delete_single(user_client, test_scheduler): entry_name = simulate_acquisitions(user_client, n=3) task_id_to_delete = 2 url = reverse_acquisition_detail(entry_name, task_id_to_delete) response = user_client.delete(url, **HTTPS_KWARG) validate_response(response, status.HTTP_204_NO_CONTENT) response = user_client.delete(url, **HTTPS_KWARG) validate_response(response, status.HTTP_404_NOT_FOUND) # other 2 acquisitions should be unaffected get_acquisition_detail(user_client, entry_name, 1) get_acquisition_detail(user_client, entry_name, 3)
def test_user_can_create_nonprivate_acquisition(user_client, test_scheduler): entry_name = simulate_acquisitions(user_client) acq_url = reverse_acquisition_detail(entry_name, 1) response = user_client.get(acq_url, **HTTPS_KWARG) validate_response(response, status.HTTP_200_OK)