def test_add_user_to_organisation_group_fail(self):
"""
Make sure adding a user to admin group fails when the user is not in
the admin group
"""
organisation_group = OrganisationGroupFactory.create()
user = OrganisationUserFactory.create(user__username='******')
new_user = OrganisationUserFactory.create(user__username='******')
# organisation_group.organisationuser_set.add(user)
self.c.force_authenticate(user.user)
data = {
"user_id": new_user.id,
}
res = self.c.post(
"/api/publishers/{}/group/?format=json".format(
organisation_group.publisher.id),
data,
format='json'
)
self.assertEqual(res.status_code, 403)
def test_user_cant_remove_owner(self):
"""
Make sure the initial creator of the admin group can't be removed from the admin group
"""
admin_group = OrganisationAdminGroupFactory.create()
user = OrganisationUserFactory.create(user__username='******')
new_user = OrganisationUserFactory.create(user__username='******')
admin_group.organisationuser_set.add(new_user)
admin_group.organisationuser_set.add(user)
admin_group.owner = new_user
admin_group.save()
self.c.force_authenticate(user.user)
data = {
"user_id": new_user.id,
}
res = self.c.delete(
"/api/publishers/{}/admin-group/{}?format=json".format(
admin_group.publisher.id, new_user.id),
format='json')
self.assertEquals(res.status_code, 401)
def test_cant_remove_admin(self):
"""
Before an admin can be removed from the organization, he must be
removed from the organisation admin group
"""
organisation_group = OrganisationGroupFactory.create()
admin_group = OrganisationAdminGroupFactory.create()
user = OrganisationUserFactory.create(user__username='******')
new_user = OrganisationUserFactory.create(user__username='******')
admin_group.organisationuser_set.add(user)
organisation_group.organisationuser_set.add(user)
admin_group.organisationuser_set.add(new_user)
organisation_group.organisationuser_set.add(new_user)
self.c.force_authenticate(user.user)
res = self.c.delete(
"/api/publishers/{}/group/{}?format=json".format(
organisation_group.publisher.id, new_user.id),
format='json'
)
self.assertEqual(res.status_code, 401)
def test_add_user_to_organisation_group_success(self):
"""
Adding a user to an admin group when the user is in the admin group
"""
organisation_group = OrganisationGroupFactory.create()
admin_group = OrganisationAdminGroupFactory.create()
user = OrganisationUserFactory.create(user__username='******')
new_user = OrganisationUserFactory.create(user__username='******')
organisation_group.organisationuser_set.add(user)
admin_group.organisationuser_set.add(user)
admin_group.save()
self.c.force_authenticate(user.user)
data = {
"user_id": new_user.id,
}
res = self.c.post("/api/publishers/{}/group/?format=json".format(
organisation_group.publisher.id),
data,
format='json')
self.assertEquals(res.status_code, 200)
self.assertEquals(
len(
OrganisationGroup.objects.get(
pk=organisation_group.id).organisationuser_set.all()), 2)
def test_add_user_to_admin_group_fail(self):
"""
Make sure adding a user to admin group fails when the user is not in
the admin group
"""
admin_group = OrganisationAdminGroupFactory.create()
user = OrganisationUserFactory.create(user__username='******')
new_user = OrganisationUserFactory.create(user__username='******')
# admin_group.organisationuser_set.add(user)
self.c.force_authenticate(user.user)
data = {
"user_id": new_user.id,
}
res = self.c.post(
"/api/publishers/{}/admin-group/?format=json".format(
admin_group.publisher.id),
data,
format='json'
)
self.assertEqual(res.status_code, 403)
def test_remove_user_from_admin_group_fail(self):
"""
Make sure a normal user can't remove users from an admin group
"""
admin_group = OrganisationAdminGroupFactory.create()
user = OrganisationUserFactory.create(user__username='******')
new_user = OrganisationUserFactory.create(user__username='******')
# admin_group.organisationuser_set.add(user)
admin_group.organisationuser_set.add(new_user)
admin_group.save()
self.c.force_authenticate(user.user)
data = {
"user_id": new_user.id,
}
res = self.c.delete(
"/api/publishers/{}/admin-group/{}?format=json".format(
admin_group.publisher.id, new_user.id),
format='json')
self.assertEquals(res.status_code, 403)
def test_add_user_to_organisation_group_success(self):
"""
Adding a user to an admin group when the user is in the admin group
"""
organisation_group = OrganisationGroupFactory.create()
admin_group = OrganisationAdminGroupFactory.create()
user = OrganisationUserFactory.create(user__username='******')
new_user = OrganisationUserFactory.create(user__username='******')
organisation_group.organisationuser_set.add(user)
admin_group.organisationuser_set.add(user)
admin_group.save()
self.c.force_authenticate(user.user)
data = {
"user_id": new_user.id,
}
res = self.c.post(
"/api/publishers/{}/group/?format=json".format(
organisation_group.publisher.id),
data,
format='json'
)
self.assertEqual(res.status_code, 200)
self.assertEqual(len(OrganisationGroup.objects.get(
pk=organisation_group.id).organisationuser_set.all()), 2)
def test_post_activity_fail_if_not_in_admin_group(self):
"""
Test the user can only POST activities as a publisher of which he is
in the admin Group
"""
admin_group = OrganisationAdminGroupFactory.create()
user = OrganisationUserFactory.create(user__username='******')
# admin_group.organisationuser_set.add(user)
self.c.force_authenticate(user.user)
PublisherFactory.create()
codelist_factory.VersionFactory.create(code="2.02")
data = {
"iati_identifier": "WOPA",
"publisher_id": admin_group.publisher.id
}
res = self.c.post(
"/api/publishers/{}/activities/?format=json".format(
admin_group.publisher.id),
data,
format='json'
)
self.assertEqual(res.status_code, 403)
def setUp(self):
user = OrganisationUserFactory.create(user__username='******')
self.c.force_authenticate(user.user)
self.activity = \
iati_factory.ActivityFactory.create(iati_identifier='activity_id')
def setUp(self):
user = OrganisationUserFactory.create(user__username='******')
self.c.force_authenticate(user.user)
self.activity = \
iati_factory.ActivityFactory.create(iati_identifier='activity_id')
def test_post_activity_fail_if_not_in_admin_group(self):
"""
Test the user can only POST activities as a publisher of which he is
in the admin Group
"""
admin_group = OrganisationAdminGroupFactory.create()
user = OrganisationUserFactory.create(user__username='******')
# admin_group.organisationuser_set.add(user)
self.c.force_authenticate(user.user)
PublisherFactory.create()
codelist_factory.VersionFactory.create(code="2.02")
data = {
"iati_identifier": "WOPA",
"publisher_id": admin_group.publisher.id
}
res = self.c.post(
"/api/publishers/{}/activities/?format=json".format(
admin_group.publisher.id),
data,
format='json'
)
self.assertEqual(res.status_code, 403)
def test_update_activity_success(self):
"""
Test the user can only PUT activities as a publisher of which he is in
the admin Group
"""
admin_group = OrganisationAdminGroupFactory.create()
user = OrganisationUserFactory.create(user__username='******')
admin_group.organisationuser_set.add(user)
self.c.force_authenticate(user.user)
activity = iati_factory.ActivityFactory.create(
publisher=admin_group.publisher)
data = {
"iati_identifier": "WOPA",
"publisher_id": activity.publisher.id
}
res = self.c.put(
"/api/publishers/{}/activities/{}/?format=json".format(
activity.publisher.id, activity.id),
data,
format='json'
)
self.assertEqual(res.status_code, 200)
def test_update_activity_success(self):
"""
Test the user can only PUT activities as a publisher of which he is in
the admin Group
"""
admin_group = OrganisationAdminGroupFactory.create()
user = OrganisationUserFactory.create(user__username='******')
admin_group.organisationuser_set.add(user)
self.c.force_authenticate(user.user)
activity = iati_factory.ActivityFactory.create(
publisher=admin_group.publisher)
data = {
"iati_identifier": "WOPA",
"publisher_id": activity.publisher.id
}
res = self.c.put(
"/api/publishers/{}/activities/{}/?format=json".format(
activity.publisher.id, activity.id),
data,
format='json'
)
self.assertEqual(res.status_code, 200)
def test_remove_user_from_organisation_group_fail(self):
"""
Make sure a normal user can't remove users from an admin group
"""
organisation_group = OrganisationGroupFactory.create()
user = OrganisationUserFactory.create(user__username='******')
new_user = OrganisationUserFactory.create(user__username='******')
# organisation_group.organisationuser_set.add(user)
organisation_group.organisationuser_set.add(new_user)
self.c.force_authenticate(user.user)
res = self.c.delete(
"/api/publishers/{}/group/{}?format=json".format(
organisation_group.publisher.id, new_user.id),
format='json'
)
self.assertEqual(res.status_code, 403)
def test_remove_user_from_organisation_group_success(self):
"""
Make sure a normal user can't remove users from an admin group
"""
organisation_group = OrganisationGroupFactory.create()
admin_group = OrganisationAdminGroupFactory.create()
user = OrganisationUserFactory.create(user__username='******')
new_user = OrganisationUserFactory.create(user__username='******')
admin_group.organisationuser_set.add(user)
organisation_group.organisationuser_set.add(user)
organisation_group.organisationuser_set.add(new_user)
self.c.force_authenticate(user.user)
res = self.c.delete("/api/publishers/{}/group/{}?format=json".format(
organisation_group.publisher.id, new_user.id),
format='json')
self.assertEqual(res.status_code, 200)
def test_get_organisation_users(self):
"""
get a list of users within this organisation
"""
organisation_group = OrganisationGroupFactory.create()
user = OrganisationUserFactory.create(user__username='******')
new_user = OrganisationUserFactory.create(user__username='******')
organisation_group.organisationuser_set.add(user)
organisation_group.organisationuser_set.add(new_user)
self.c.force_authenticate(user.user)
res = self.c.get(
"/api/publishers/{}/group/?format=json".format(
organisation_group.publisher.id), )
self.assertEquals(res.data, [
OrderedDict([('username', u'test1'), ('email', u'')]),
OrderedDict([('username', u'test2'), ('email', u'')]),
])
def test_get_organisation_users(self):
"""
get a list of users within this organisation
"""
organisation_group = OrganisationGroupFactory.create()
user = OrganisationUserFactory.create(user__username='******')
new_user = OrganisationUserFactory.create(user__username='******')
organisation_group.organisationuser_set.add(user)
organisation_group.organisationuser_set.add(new_user)
self.c.force_authenticate(user.user)
res = self.c.get(
"/api/publishers/{}/group/?format=json".format(
organisation_group.publisher.id),
)
self.assertEqual(res.data, [
OrderedDict([('username', u'test1'), ('email', u'')]),
OrderedDict([('username', u'test2'), ('email', u'')]),
])
def test_cant_remove_admin(self):
"""
Before an admin can be removed from the organization, he must be removed from the organisation admin group
"""
organisation_group = OrganisationGroupFactory.create()
admin_group = OrganisationAdminGroupFactory.create()
user = OrganisationUserFactory.create(user__username='******')
new_user = OrganisationUserFactory.create(user__username='******')
admin_group.organisationuser_set.add(user)
organisation_group.organisationuser_set.add(user)
admin_group.organisationuser_set.add(new_user)
organisation_group.organisationuser_set.add(new_user)
self.c.force_authenticate(user.user)
res = self.c.delete("/api/publishers/{}/group/{}?format=json".format(
organisation_group.publisher.id, new_user.id),
format='json')
self.assertEquals(res.status_code, 401)
def test_user_cant_remove_owner(self):
"""
Make sure the initial creator of the admin group can't be removed from
the admin group
"""
admin_group = OrganisationAdminGroupFactory.create()
user = OrganisationUserFactory.create(user__username='******')
new_user = OrganisationUserFactory.create(user__username='******')
admin_group.organisationuser_set.add(new_user)
admin_group.organisationuser_set.add(user)
admin_group.owner = new_user
admin_group.save()
self.c.force_authenticate(user.user)
res = self.c.delete(
"/api/publishers/{}/admin-group/{}?format=json".format(
admin_group.publisher.id, new_user.id),
format='json'
)
self.assertEqual(res.status_code, 401)
def test_verify_api_key_success(self):
"""
An organization admin should be able to verify an API key
"""
admin_group = OrganisationAdminGroupFactory.create()
user = OrganisationUserFactory.create(user__username='******')
admin_group.organisationuser_set.add(user)
OrganisationFactory.create(organisation_identifier="NL-KVK-51018586")
self.c.force_authenticate(user.user)
data = {
"apiKey": "this_is_mocked",
"userId": "this_is_mocked",
}
res = self.c.post(
"/api/publishers/api_key/verify/",
data=data,
format='json'
)
print(res.status_code)
# test api key has been set on user
updated_user = OrganisationUser.objects.get(pk=user.pk)
self.assertEqual(updated_user.iati_api_key, data['apiKey'])
# test publisher has been created
publisher = Publisher.objects.all()[1]
# test organisation groups have been created
org_group = OrganisationGroup.objects.get(publisher=publisher)
self.assertEqual(
org_group.organisationuser_set.get(pk=updated_user.id),
updated_user
)
org_admin_group = OrganisationAdminGroup.objects.get(
publisher=publisher
)
self.assertEqual(
org_admin_group.organisationuser_set.get(
pk=updated_user.id), updated_user)
self.assertEqual(org_admin_group.owner, updated_user)
def setUp(self):
user = OrganisationUserFactory.create(user__username='******')
self.c.force_authenticate(user.user)
