def test_requester_cannot_accept_invite(self):
requester_one = test_utils.create_requester()
requester_two = test_utils.create_requester()
self.login_user(requester_two.user)
response = self.get(requester_one.invite_link)
print(response.content)
self.assertResponseIsPermissionDenied(response)
def test_shopper_cannot_remove_shopper(self):
shopper = test_utils.create_shopper()
requester = test_utils.create_requester(shoppers=[shopper])
self.assertIn(shopper, requester.shoppers.all())
self.login_user(shopper.user)
resp = self.remove_shopper(shopper)
self.assertResponseIsPermissionDenied(resp)
def test_requester_can_remove_shopper(self):
shopper = test_utils.create_shopper()
requester = test_utils.create_requester(shoppers=[shopper])
self.assertIn(shopper, requester.shoppers.all())
self.login_user(requester.user)
self.remove_shopper(shopper)
self.assertNotIn(shopper, requester.shoppers.all())
def test_invite_link_is_updated_once_invite_is_accepted(self):
requester = test_utils.create_requester()
original_invite_token = requester.invite_token
shopper = test_utils.create_shopper()
self.login_user(shopper.user)
self.get(requester.invite_link)
self.assertIn(shopper, requester.shoppers.all())
requester.refresh_from_db()
self.assertNotEqual(original_invite_token, requester.invite_token)
def test_unauthorized_user_cannot_delete_comment(self):
requested_item = test_utils.create_requested_item(
shopper=test_utils.create_shopper())
comment = test_utils.create_comment(requested_item=requested_item)
requester = test_utils.create_requester()
self.login_user(requester.user)
resp = self.delete_comment(comment)
self.assertResponseIsPermissionDenied(resp)
def test_shopper_can_accept_invite(self):
requester = test_utils.create_requester()
shopper = test_utils.create_shopper()
self.login_user(shopper.user)
self.get(requester.invite_link)
self.assertIn(shopper, requester.shoppers.all())
def test_user_must_be_logged_in_to_accept_invite(self):
requester = test_utils.create_requester()
shopper = test_utils.create_shopper()
resp = self.get(requester.invite_link)
self.assertResponseIsRedirect(resp)
self.assertNotIn(shopper, requester.shoppers.all())
def test_shopper_cannot_view_detail_of_unauthorized_requester(self):
shopper = test_utils.create_shopper()
requester = test_utils.create_requester()
self.login_user(shopper.user)
resp = self.view_requester_detail(requester)
self.assertResponseIsPermissionDenied(resp)
def test_requester_cannot_view_requester_detail(self):
requester = test_utils.create_requester()
requester_two = test_utils.create_requester()
self.login_user(requester.user)
resp = self.view_requester_detail(requester_two)
self.assertResponseIsPermissionDenied(resp)
def test_requester_cannot_view_requesters_for_shopper(self):
requester = test_utils.create_requester()
self.login_user(requester.user)
resp = self.get(reverse('core:requesters'))
self.assertResponseIsPermissionDenied(resp)
def test_unauthorized_user_cannot_create_comment(self):
requested_item = test_utils.create_requested_item()
requester = test_utils.create_requester()
self.login_user(requester.user)
resp = self.create_comment(requested_item, {'body': 'Foo'})
self.assertResponseIsPermissionDenied(resp)
def test_requester_cannot_claim_requested_item(self):
requested_item = test_utils.create_requested_item()
requester = test_utils.create_requester()
self.login_user(requester.user)
resp = self.claim_item(requested_item)
self.assertResponseIsPermissionDenied(resp)
def test_requesters_can_create_requested_items(self):
requester = test_utils.create_requester()
self.login_user(requester.user)
resp = self.visit_requested_items()
self.assertResponseOK(resp)
def test_requesters_can_access_requested_items_list(self):
requester = test_utils.create_requester()
self.login_user(requester.user)
resp = self.view_requested_items()
self.assertResponseOK(resp)