def test_remove_requester_by_linked_unit_member(self, mock_mailer_send):
"""
Referral linked unit members can remove a requester from a referral.
"""
user = factories.UserFactory()
referral = factories.ReferralFactory(
state=models.ReferralState.RECEIVED)
models.UnitMembership.objects.create(
role=models.UnitMembershipRole.MEMBER,
user=user,
unit=referral.units.first(),
)
other_requester = factories.UserFactory()
referral.users.add(other_requester)
self.assertEqual(referral.users.count(), 2)
response = self.client.post(
f"/api/referrals/{referral.id}/remove_requester/",
{"requester": other_requester.id},
HTTP_AUTHORIZATION=
f"Token {Token.objects.get_or_create(user=user)[0]}",
)
self.assertEqual(response.status_code, 200)
self.assertEqual(
models.ReferralActivity.objects.count(),
1,
)
referral.refresh_from_db()
self.assertEqual(referral.users.count(), 1)
self.assertEqual(referral.state, models.ReferralState.RECEIVED)
mock_mailer_send.assert_not_called()
def test_remove_requester_by_random_logged_in_user(self, mock_mailer_send):
"""
Random logged-in users cannot remove a requester from a referral.
"""
user = factories.UserFactory()
referral = factories.ReferralFactory(
state=models.ReferralState.RECEIVED)
other_requester = factories.UserFactory()
referral.users.add(other_requester)
self.assertEqual(referral.users.count(), 2)
response = self.client.post(
f"/api/referrals/{referral.id}/remove_requester/",
{"requester": other_requester.id},
HTTP_AUTHORIZATION=
f"Token {Token.objects.get_or_create(user=user)[0]}",
)
self.assertEqual(response.status_code, 403)
self.assertEqual(
models.ReferralActivity.objects.count(),
0,
)
referral.refresh_from_db()
self.assertEqual(referral.users.count(), 2)
self.assertEqual(referral.state, models.ReferralState.RECEIVED)
mock_mailer_send.assert_not_called()
def test_list_users_by_anonymous_user(self):
"""
Anonymous users cannot make list requests on user endpoints.
"""
factories.UserFactory(first_name="Sherlock",
last_name="Holmes",
email="*****@*****.**")
factories.UserFactory(first_name="John",
last_name="Watson",
email="*****@*****.**")
response = self.client.get(
"/api/users/",
{"query": "Sherlock"},
)
self.assertEqual(response.status_code, 401)
def test_create_referral_by_random_logged_in_user_with_invalid_form(
self, _):
"""
If the form is invalid (for example, missing a required field), referral creation
should fail.
"""
user = factories.UserFactory()
topic = factories.TopicFactory()
form_data = {
"context": "le contexte",
"prior_work": "le travail préalable",
"requester": "le demandeur ou la demandeuse",
"topic": str(topic.id),
"urgency": models.Referral.URGENCY_2,
"urgency_explanation": "la justification de l'urgence",
}
response = self.client.post(
"/api/referrals/",
form_data,
HTTP_AUTHORIZATION=
f"Token {Token.objects.get_or_create(user=user)[0]}",
)
self.assertEqual(response.status_code, 400)
self.assertEqual(
response.json(),
{"question": ["Ce champ est obligatoire."]},
)
def test_create_referral_by_random_logged_in_user(self, _):
"""
Any logged-in user can create a referral using the CREATE endpoint.
"""
topic = factories.TopicFactory()
urgency_level = factories.ReferralUrgencyFactory()
user = factories.UserFactory()
file1 = BytesIO(b"firstfile")
file1.name = "the first file name"
file2 = BytesIO(b"secondfile")
file2.name = "the second file name"
form_data = {
"context": "le contexte",
"files": (file1, file2),
"prior_work": "le travail préalable",
"question": "la question posée",
"requester": "le demandeur ou la demandeuse",
"topic": str(topic.id),
"urgency_level": urgency_level.id,
"urgency_explanation": "la justification de l'urgence",
}
response = self.client.post(
"/api/referrals/",
form_data,
HTTP_AUTHORIZATION=
f"Token {Token.objects.get_or_create(user=user)[0]}",
)
self.assertEqual(response.status_code, 201)
referral = models.Referral.objects.get(id=response.json()["id"])
# All simple fields match the incoming request
self.assertEqual(referral.context, "le contexte")
self.assertEqual(referral.prior_work, "le travail préalable")
self.assertEqual(referral.question, "la question posée")
self.assertEqual(referral.requester, "le demandeur ou la demandeuse")
self.assertEqual(referral.urgency_level, urgency_level)
self.assertEqual(referral.urgency_explanation,
"la justification de l'urgence")
# The correct foreign keys were added to the referral
self.assertEqual(referral.topic, topic)
self.assertEqual(referral.user, user)
# The attachments for the referral were created and linked with it
self.assertEqual(referral.attachments.count(), 2)
self.assertEqual(referral.attachments.all()[0].file.read(),
b"firstfile")
self.assertEqual(referral.attachments.all()[0].name,
"the first file name")
self.assertEqual(referral.attachments.all()[1].file.read(),
b"secondfile")
self.assertEqual(referral.attachments.all()[1].name,
"the second file name")
# The "create" activity for the Referral is generated
activities = models.ReferralActivity.objects.filter(
referral__id=referral.id)
self.assertEqual(len(activities), 1)
self.assertEqual(activities[0].referral, referral)
self.assertEqual(activities[0].actor, user)
self.assertEqual(activities[0].verb,
models.ReferralActivityVerb.CREATED)
def test_remove_requester_from_answered_state(self, mock_mailer_send):
"""
Requesters cannot be removed from a referral in the ANSWERED state.
"""
referral = factories.ReferralFactory(
state=models.ReferralState.ANSWERED)
user = referral.users.first()
other_requester = factories.UserFactory()
referral.users.add(other_requester)
self.assertEqual(referral.users.count(), 2)
response = self.client.post(
f"/api/referrals/{referral.id}/remove_requester/",
{"requester": other_requester.id},
HTTP_AUTHORIZATION=
f"Token {Token.objects.get_or_create(user=user)[0]}",
)
self.assertEqual(response.status_code, 400)
self.assertEqual(
response.json(),
{
"errors": [
"Transition REMOVE_REQUESTER not allowed from state answered."
]
},
)
self.assertEqual(
models.ReferralActivity.objects.count(),
0,
)
referral.refresh_from_db()
self.assertEqual(referral.users.count(), 2)
self.assertEqual(referral.state, models.ReferralState.ANSWERED)
mock_mailer_send.assert_not_called()
def test_remove_attachment_by_referral_linked_unit_members(self, _):
"""
Other unit members who are not the author cannot remove attachments from answers to
a referral their unit is linked with.
"""
user = factories.UserFactory()
answer = factories.ReferralAnswerFactory(
state=models.ReferralAnswerState.DRAFT)
answer.referral.units.get().members.add(user)
attachment = factories.ReferralAnswerAttachmentFactory()
attachment.referral_answers.add(answer)
answer.refresh_from_db()
self.assertEqual(answer.attachments.count(), 1)
response = self.client.post(
f"/api/referralanswers/{answer.id}/remove_attachment/",
{"attachment": attachment.id},
content_type="application/json",
HTTP_AUTHORIZATION=
f"Token {Token.objects.get_or_create(user=user)[0]}",
)
self.assertEqual(response.status_code, 403)
answer.refresh_from_db()
self.assertEqual(answer.attachments.count(), 1)
def test_remove_requester_already_not_linked(self, mock_mailer_send):
"""
The request fails with a relevant error when the user to remove is already
not linked to the referral.
"""
referral = factories.ReferralFactory(
state=models.ReferralState.RECEIVED)
user = referral.users.first()
other_requester = factories.UserFactory()
self.assertEqual(referral.users.count(), 1)
response = self.client.post(
f"/api/referrals/{referral.id}/remove_requester/",
{"requester": other_requester.id},
HTTP_AUTHORIZATION=
f"Token {Token.objects.get_or_create(user=user)[0]}",
)
self.assertEqual(response.status_code, 400)
self.assertEqual(
response.json(),
{
"errors": [
f"User {other_requester.id} is not linked to referral {referral.id}."
]
},
)
self.assertEqual(
models.ReferralActivity.objects.count(),
0,
)
referral.refresh_from_db()
self.assertEqual(referral.users.count(), 1)
self.assertEqual(referral.state, models.ReferralState.RECEIVED)
mock_mailer_send.assert_not_called()
def test_list_topics_performance(self):
"""
Make sure even with large numbers of topics and children, we do not make an onslaught
of requests, and the whole API request does not take too much time to execute.
"""
user = factories.UserFactory()
unit = factories.UnitFactory()
# Use the 'build' method as we have more operations to perform before actually
# saving our topics.
root_topics = factories.TopicFactory.build_batch(100, unit=unit)
child_topics = factories.TopicFactory.build_batch(300, unit=unit)
# Link 3 child topics to each of our root topics
i = 0
for child_topic in child_topics:
child_topic.parent = root_topics[floor(i / 3)]
i = i + 1
# Use a bulk operation to speed up the test
Topic.objects.bulk_create(root_topics + child_topics)
with self.assertNumQueries(8):
pre_response = perf_counter()
response = self.client.get(
"/api/topics/?limit=999",
HTTP_AUTHORIZATION=
f"Token {Token.objects.get_or_create(user=user)[0]}",
)
post_response = perf_counter()
self.assertEqual(response.status_code, 200)
self.assertEqual(response.json()["count"], 400)
self.assertLess(post_response - pre_response, 0.4)
def test_list_topics_by_unit(self):
"""
Logged-in users can list topics for a given unit.
"""
user = factories.UserFactory()
factories.TopicFactory.create_batch(2)
unit = factories.UnitFactory()
expected_topics = [
factories.TopicFactory(name="First topic", unit=unit),
factories.TopicFactory(name="Second topic", unit=unit),
]
response = self.client.get(
f"/api/topics/?limit=999&unit={unit.id}",
HTTP_AUTHORIZATION=
f"Token {Token.objects.get_or_create(user=user)[0]}",
)
self.assertEqual(response.status_code, 200)
self.assertEqual(response.json()["count"], 2)
self.assertEqual(response.json()["results"][0]["id"],
str(expected_topics[0].id))
self.assertEqual(response.json()["results"][1]["id"],
str(expected_topics[1].id))
def test_remove_requester_from_in_validation_state(self, mock_mailer_send):
"""
Requesters can be removed from a referral in the IN_VALIDATION state.
"""
referral = factories.ReferralFactory(
state=models.ReferralState.IN_VALIDATION)
user = referral.users.first()
other_requester = factories.UserFactory()
referral.users.add(other_requester)
self.assertEqual(referral.users.count(), 2)
response = self.client.post(
f"/api/referrals/{referral.id}/remove_requester/",
{"requester": other_requester.id},
HTTP_AUTHORIZATION=
f"Token {Token.objects.get_or_create(user=user)[0]}",
)
self.assertEqual(response.status_code, 200)
self.assertEqual(
models.ReferralActivity.objects.count(),
1,
)
referral.refresh_from_db()
self.assertEqual(referral.users.count(), 1)
self.assertEqual(referral.state, models.ReferralState.IN_VALIDATION)
mock_mailer_send.assert_not_called()
def test_create_referralanswer_with_content(self, _):
"""
Make sure content is handled during referral answer creation.
"""
user = factories.UserFactory()
referral = factories.ReferralFactory(
state=models.ReferralState.ASSIGNED)
referral.units.get().members.add(user)
factories.ReferralActivityFactory(
actor=user,
referral=referral,
verb=models.ReferralActivityVerb.ASSIGNED)
response = self.client.post(
"/api/referralanswers/",
{
"referral": str(referral.id),
"content": "some content string"
},
content_type="application/json",
HTTP_AUTHORIZATION=
f"Token {Token.objects.get_or_create(user=user)[0]}",
)
self.assertEqual(response.status_code, 201)
answer = models.ReferralAnswer.objects.get(id=response.json()["id"])
self.assertEqual(answer.content, "some content string")
def test_create_referralanswer_from_closed_state(self, _):
"""
Answers cannot be created for referrals in the CLOSED state.
"""
user = factories.UserFactory()
referral = factories.ReferralFactory(state=models.ReferralState.CLOSED)
referral.units.get().members.add(user)
self.assertEqual(models.ReferralActivity.objects.all().count(), 0)
response = self.client.post(
"/api/referralanswers/",
{"referral": str(referral.id)},
content_type="application/json",
HTTP_AUTHORIZATION=
f"Token {Token.objects.get_or_create(user=user)[0]}",
)
# Neither the referral answer nor the activity were created
self.assertEqual(response.status_code, 400)
self.assertEqual(
response.json(),
{
"errors":
["Transition DRAFT_ANSWER not allowed from state closed."]
},
)
self.assertEqual(models.ReferralAnswer.objects.all().count(), 0)
self.assertEqual(models.ReferralActivity.objects.all().count(), 0)
referral.refresh_from_db()
self.assertEqual(referral.state, models.ReferralState.CLOSED)
def test_add_requester_from_closed_state(self, mock_mailer_send):
"""
Requesters cannot be added on a referral in the CLOSED state.
"""
new_requester = factories.UserFactory()
referral = factories.ReferralFactory(state=models.ReferralState.CLOSED)
user = referral.users.first()
self.assertEqual(referral.users.count(), 1)
response = self.client.post(
f"/api/referrals/{referral.id}/add_requester/",
{"requester": new_requester.id},
HTTP_AUTHORIZATION=f"Token {Token.objects.get_or_create(user=user)[0]}",
)
self.assertEqual(response.status_code, 400)
self.assertEqual(
response.json(),
{"errors": ["Transition ADD_REQUESTER not allowed from state closed."]},
)
self.assertEqual(
models.ReferralActivity.objects.count(),
0,
)
referral.refresh_from_db()
self.assertEqual(referral.users.count(), 1)
self.assertEqual(referral.state, models.ReferralState.CLOSED)
mock_mailer_send.assert_not_called()
def test_list_referralanswers_by_unit_member(self, _):
"""
Referral unit members can get both draft & published answers for referrals
their unit is linked with.
"""
user = factories.UserFactory()
referral = factories.ReferralFactory()
referral.units.first().members.add(user)
draft_answer = factories.ReferralAnswerFactory(
referral=referral,
state=models.ReferralAnswerState.DRAFT,
created_at=arrow.utcnow().shift(days=-15).datetime,
)
published_answer = factories.ReferralAnswerFactory(
referral=referral,
state=models.ReferralAnswerState.PUBLISHED,
created_at=arrow.utcnow().shift(days=-7).datetime,
)
response = self.client.get(
f"/api/referralanswers/?referral={referral.id}",
HTTP_AUTHORIZATION=
f"Token {Token.objects.get_or_create(user=user)[0]}",
)
self.assertEqual(response.status_code, 200)
self.assertEqual(response.json()["count"], 2)
self.assertEqual(response.json()["results"][0]["id"],
str(published_answer.id))
self.assertEqual(response.json()["results"][1]["id"],
str(draft_answer.id))
def test_list_referralanswers_by_unit_member_missing_referral_param(
self, _):
"""
The API returns an error response when the referral parameter is missing.
"""
user = factories.UserFactory()
referral = factories.ReferralFactory()
referral.units.first().members.add(user)
factories.ReferralAnswerFactory(referral=referral,
state=models.ReferralAnswerState.DRAFT)
factories.ReferralAnswerFactory(
referral=referral, state=models.ReferralAnswerState.PUBLISHED)
response = self.client.get(
"/api/referralanswers/",
HTTP_AUTHORIZATION=
f"Token {Token.objects.get_or_create(user=user)[0]}",
)
self.assertEqual(response.status_code, 400)
self.assertEqual(
response.json(),
{
"errors":
["ReferralAnswer list requests need a referral parameter"]
},
)
def test_list_topics(self):
"""
Logged-in users can list existing topics.
"""
user = factories.UserFactory()
root_topics = [
factories.TopicFactory(name="First root topic"),
factories.TopicFactory(name="Second root topic"),
]
factories.TopicFactory(is_active=False)
factories.TopicFactory(name="Child topic", parent=root_topics[0])
response = self.client.get(
"/api/topics/?limit=999",
HTTP_AUTHORIZATION=
f"Token {Token.objects.get_or_create(user=user)[0]}",
)
self.assertEqual(response.status_code, 200)
self.assertEqual(response.json()["count"], 3)
self.assertEqual(response.json()["results"][0]["name"],
"First root topic")
self.assertEqual(response.json()["results"][1]["name"], "Child topic")
self.assertEqual(response.json()["results"][2]["name"],
"Second root topic")
def test_retrieve_topic(self):
"""
Logged-in users can retrieve an existing topic.
"""
user = factories.UserFactory()
topic = factories.TopicFactory()
topic.refresh_from_db()
response = self.client.get(
f"/api/topics/{topic.id}/",
HTTP_AUTHORIZATION=
f"Token {Token.objects.get_or_create(user=user)[0]}",
)
self.assertEqual(response.status_code, 200)
self.assertEqual(
response.json(),
{
"id": str(topic.id),
"created_at": topic.created_at.isoformat()[:-6] +
"Z", # NB: DRF literally does this
"is_active": True,
"name": topic.name,
"parent": None,
"path": "0000",
"unit": str(topic.unit.id),
"unit_name": topic.unit.name,
},
)
def test_add_requester_by_linked_unit_member(self, mock_mailer_send):
"""
Referral linked unit members can add a requester to a referral.
"""
user = factories.UserFactory()
new_requester = factories.UserFactory()
referral = factories.ReferralFactory(state=models.ReferralState.RECEIVED)
models.UnitMembership.objects.create(
role=models.UnitMembershipRole.MEMBER,
user=user,
unit=referral.units.first(),
)
self.assertEqual(referral.users.count(), 1)
response = self.client.post(
f"/api/referrals/{referral.id}/add_requester/",
{"requester": new_requester.id},
HTTP_AUTHORIZATION=f"Token {Token.objects.get_or_create(user=user)[0]}",
)
self.assertEqual(response.status_code, 200)
self.assertEqual(
models.ReferralActivity.objects.count(),
1,
)
referral.refresh_from_db()
self.assertEqual(referral.users.count(), 2)
self.assertEqual(referral.state, models.ReferralState.RECEIVED)
mock_mailer_send.assert_called_with(
{
"params": {
"case_number": referral.id,
"created_by": user.get_full_name(),
"link_to_referral": (
"https://partaj/app/sent-referrals"
f"/referral-detail/{referral.id}"
),
"topic": referral.topic.name,
"urgency": referral.urgency_level.name,
},
"replyTo": {"email": "*****@*****.**", "name": "Partaj"},
"templateId": settings.SENDINBLUE[
"REFERRAL_REQUESTER_ADDED_TEMPLATE_ID"
],
"to": [{"email": new_requester.email}],
}
)
def test_assign_referral_by_admin_user(self, _):
"""
Admin users can assign a referral.
"""
user = factories.UserFactory(is_staff=True)
referral = factories.ReferralFactory()
assignee = factories.UserFactory()
referral.topic.unit.members.add(assignee)
response = self.client.post(
f"/api/referrals/{referral.id}/assign/",
{"assignee_id": assignee.id},
HTTP_AUTHORIZATION=
f"Token {Token.objects.get_or_create(user=user)[0]}",
)
self.assertEqual(response.status_code, 200)
self.assertEqual(response.json()["state"],
models.ReferralState.ASSIGNED)
self.assertEqual(response.json()["assignees"], [str(assignee.id)])
def test_list_referral_urgencies_by_random_logged_in_user(self):
"""
Any logged in users can get the list of referral urgencies.
"""
user = factories.UserFactory()
response = self.client.get(
"/api/urgencies/?limit=999",
HTTP_AUTHORIZATION=
f"Token {Token.objects.get_or_create(user=user)[0]}",
)
self.assertEqual(response.status_code, 200)
# NB: these are the default set of referral urgencies as bootstrapped by migrations
self.assertEqual(
response.json(),
{
"count":
4,
"next":
None,
"previous":
None,
"results": [
{
"duration": "21 00:00:00",
"id": 4,
"index": 0,
"name": "3 weeks",
"requires_justification": False,
},
{
"duration": "7 00:00:00",
"id": 1,
"index": None,
"name": "Urgent — 1 week",
"requires_justification": True,
},
{
"duration": "3 00:00:00",
"id": 2,
"index": None,
"name": "Extremely urgent — 3 days",
"requires_justification": True,
},
{
"duration": "1 00:00:00",
"id": 3,
"index": None,
"name": "Absolute emergency — 24 hours",
"requires_justification": True,
},
],
},
)
def test_list_referrals_by_admin_user(self, _):
"""
Admin users cannot make list requests on the referral endpoints.
"""
user = factories.UserFactory(is_staff=True)
response = self.client.get(
"/api/referrals/",
HTTP_AUTHORIZATION=
f"Token {Token.objects.get_or_create(user=user)[0]}",
)
self.assertEqual(response.status_code, 403)
def test_retrieve_unit_from_random_logged_in_user(self):
"""
Random logged-in users cannot retrieve an existing unit.
"""
user = factories.UserFactory()
unit = factories.UnitFactory()
response = self.client.get(
f"/api/units/{unit.id}/",
HTTP_AUTHORIZATION=f"Token {Token.objects.get_or_create(user=user)[0]}",
)
self.assertEqual(response.status_code, 403)
def test_retrieve_referralactivity_by_admin_user(self):
"""
Retrieve endpoint for referral activity is not implemented.
"""
user = factories.UserFactory(is_staff=True)
create_activity = factories.ReferralActivityFactory(
verb=models.ReferralActivityVerb.CREATED
)
response = self.client.get(
f"/api/referralactivities/{create_activity.id}/",
HTTP_AUTHORIZATION=f"Token {Token.objects.get_or_create(user=user)[0]}",
)
self.assertEqual(response.status_code, 400)
def test_retrieve_referralmessage_by_random_logged_in_user(self, _):
"""
Random logged-in users cannot retrieve referral messages linked to referrals to which
they themselves are not linked.
"""
user = factories.UserFactory()
referral_message = factories.ReferralMessageFactory()
response = self.client.get(
f"/api/referralmessages/{referral_message.id}/",
HTTP_AUTHORIZATION=f"Token {Token.objects.get_or_create(user=user)[0]}",
)
self.assertEqual(response.status_code, 403)
def test_list_referralanswervalidationrequest_missing_answer_param(self):
"""
The request fails with an apprioriate error when a user attempts to get a list of
validation requests but does not provide the answer param.
"""
user = factories.UserFactory()
factories.ReferralAnswerValidationRequestFactory.create_batch(2)
response = self.client.post(
"/api/referralanswerattachments/",
HTTP_AUTHORIZATION=
f"Token {Token.objects.get_or_create(user=user)[0]}",
)
self.assertEqual(response.status_code, 404)
def test_retrieve_referral_by_random_logged_in_user(self, _):
"""
Any random logged in user cannot get a referral with the retrieve endpoint.
"""
user = factories.UserFactory()
referral = factories.ReferralFactory()
response = self.client.get(
f"/api/referrals/{referral.id}/",
HTTP_AUTHORIZATION=
f"Token {Token.objects.get_or_create(user=user)[0]}",
)
self.assertEqual(response.status_code, 403)
def test_list_referralactivity_by_random_logged_in_user(self):
"""
Random logged in users cannot make list requests on referral activity for a referral
with which they have no link.
"""
user = factories.UserFactory()
create_activity = factories.ReferralActivityFactory(
verb=models.ReferralActivityVerb.CREATED
)
response = self.client.get(
f"/api/referralactivities/?referral={create_activity.referral.id}",
HTTP_AUTHORIZATION=f"Token {Token.objects.get_or_create(user=user)[0]}",
)
self.assertEqual(response.status_code, 403)
def test_list_unitmemberships_from_random_logged_in_user(self):
"""
Unit memberships cannot be listed without a unit param.
"""
factories.UnitMembershipFactory()
user = factories.UserFactory()
response = self.client.get(
"/api/unitmemberships/?limit=999",
HTTP_AUTHORIZATION=
f"Token {Token.objects.get_or_create(user=user)[0]}",
)
self.assertEqual(response.status_code, 404)
def test_retrieve_referralmessage_by_referral_linked_unit_member(self, _):
"""
A referral's linked unit members can retrieve any referral message linked to that referral.
"""
user = factories.UserFactory()
referral_message = factories.ReferralMessageFactory()
referral_message.referral.units.get().members.add(user)
response = self.client.get(
f"/api/referralmessages/{referral_message.id}/",
HTTP_AUTHORIZATION=f"Token {Token.objects.get_or_create(user=user)[0]}",
)
self.assertEqual(response.status_code, 200)
self.assertEqual(response.json()["id"], str(referral_message.id))
