def test_create_new_basket(admin_user): shop = factories.get_default_shop() shop2 = create_shop("foobar") client = _get_client(admin_user) response = client.post("/api/shuup/basket/new/", { "shop": shop2.pk }) assert response.status_code == status.HTTP_201_CREATED basket_data = json.loads(response.content.decode("utf-8")) basket = Basket.objects.first() assert basket.key == basket_data['uuid'].split("-")[1] assert basket.shop == shop2 admin_contact = get_person_contact(admin_user) assert basket.customer == admin_contact assert basket.orderer == admin_contact assert basket.creator == admin_user # invalid shop response = client.post("/api/shuup/basket/new/", data={"shop": 1000}) assert response.status_code == status.HTTP_400_BAD_REQUEST # no shop in multishop mode response = client.post("/api/shuup/basket/new/") assert response.status_code == status.HTTP_400_BAD_REQUEST # no shop in single shop mode with override_settings(SHUUP_ENABLE_MULTIPLE_SHOPS=False): response = client.post("/api/shuup/basket/new/") assert response.status_code == status.HTTP_201_CREATED basket_data = json.loads(response.content.decode("utf-8")) basket = Basket.objects.all()[1] assert basket.key == basket_data['uuid'].split("-")[1] assert basket.shop == shop assert basket.customer == admin_contact assert basket.orderer == admin_contact assert basket.creator == admin_user person = factories.create_random_person() response = client.post("/api/shuup/basket/new/", data={"customer": person.pk}) assert response.status_code == status.HTTP_201_CREATED basket_data = json.loads(response.content.decode("utf-8")) basket = Basket.objects.all()[2] assert basket.key == basket_data['uuid'].split("-")[1] assert basket.shop == shop assert basket.creator == admin_user assert basket.customer.pk == person.pk assert basket.orderer.pk == person.pk assert basket.creator.pk == admin_user.pk # Try to fetch the basket as the customer user = factories.UserFactory() person.user = user person.save() response = client.get("/api/shuup/basket/{}/".format(basket_data['uuid'])) assert response.status_code == 200 customer_basket_data = json.loads(response.content.decode("utf-8")) assert basket.key == customer_basket_data['key'] # Still same basket as before assert customer_basket_data['customer']['id'] == person.pk # Still same customer as before
def test_media_view_images_without_root_access(rf): shop = factories.get_default_shop() staff_user = factories.UserFactory(is_staff=True) permission_group = factories.get_default_permission_group() staff_user.groups.add(permission_group) shop.staff_members.add(staff_user) set_permissions_for_group(permission_group, ["upload-media"]) assert not can_see_root_folder(staff_user) folder = get_or_create_folder(shop, "Root") File.objects.create(name="normalfile", folder=folder) img = Image.objects.create(name="imagefile", folder=folder, is_public=True) request = apply_request_middleware(rf.get("/", { "filter": "images", "action": "folder" }), user=staff_user) request.user = staff_user view_func = MediaBrowserView.as_view() response = view_func(request) assert isinstance(response, JsonResponse) content = json.loads(response.content.decode("utf-8")) assert len(content["folder"]["folders"]) == 0 assert len(content["folder"]["files"]) == 0
def get_staff_user(): shop = factories.get_default_shop() staff_user = factories.UserFactory(is_staff=True) permission_group = factories.get_default_permission_group() staff_user.groups.add(permission_group) shop.staff_members.add(staff_user) set_permissions_for_group(permission_group, ["Customize Staff Admin Menu", "menu.arrange_staff", "menu.reset_staff"]) return staff_user
def get_supplier_user(): factories.get_default_shop() supplier = factories.get_default_supplier() supplier_user = factories.UserFactory(is_staff=True) permission_group = factories.get_default_permission_group() supplier_user.groups.add(permission_group) set_permissions_for_group(permission_group, [ "Customize Supplier Admin Menu", "menu.arrange_supplier", "menu.reset_staff" ]) return supplier_user
def test_can_see_root_folder(rf, admin_user): assert not can_see_root_folder(None) assert can_see_root_folder(admin_user) shop = factories.get_default_shop() staff_user = factories.UserFactory(is_staff=True) assert not can_see_root_folder(staff_user) permission_group = factories.get_default_permission_group() staff_user.groups.add(permission_group) shop.staff_members.add(staff_user) set_permissions_for_group(permission_group, ["media.view-all"]) assert can_see_root_folder(staff_user)
def test_browser_config_as_shop_staff(rf): shop = factories.get_default_shop() staff_user = factories.UserFactory(is_staff=True) permission_group = factories.get_default_permission_group() staff_user.groups.add(permission_group) shop.staff_members.add(staff_user) request = apply_request_middleware(rf.post("/"), user=staff_user) urls = get_browser_urls(request) # staff does not have media permission assert urls["media"] is None set_permissions_for_group(permission_group, ["media.browse"]) urls = get_browser_urls(request) assert urls["media"] == reverse("shuup_admin:media.browse") media_module_permission_urls = set(get_permissions_from_urls(MediaModule().get_urls())) assert "media.browse" in media_module_permission_urls assert "shuup_admin:media.browse" not in media_module_permission_urls
def test_get_folders_without_view_all_permission(rf): shop = factories.get_default_shop() staff_user = factories.UserFactory(is_staff=True) permission_group = factories.get_default_permission_group() staff_user.groups.add(permission_group) shop.staff_members.add(staff_user) set_permissions_for_group(permission_group, ["upload-media"]) assert not can_see_root_folder(staff_user) # Create a structure and retrieve it folder1 = get_or_create_folder(shop, printable_gibberish()) folder1_media_folder = ensure_media_folder(shop, folder1) folder1_media_folder.owners.add(staff_user) folder2 = get_or_create_folder(shop, printable_gibberish()) folder3 = get_or_create_folder(shop, printable_gibberish()) folder4 = get_or_create_folder(shop, printable_gibberish()) folder4.parent = folder2 folder4.save() folder4_media_folder = ensure_media_folder(shop, folder4) folder4_media_folder.owners.add(staff_user) folder5 = get_or_create_folder(shop, printable_gibberish()) folder5.parent = folder4 folder5.save() folder6 = get_or_create_folder(shop, printable_gibberish()) folder6.parent = folder5 folder6.save() folder6_media_folder = ensure_media_folder(shop, folder6) folder6_media_folder.owners.add(staff_user) folder7 = get_or_create_folder(shop, printable_gibberish()) folder7.parent = folder6 folder7.save() tree = get_id_tree(mbv_command(staff_user, {"action": "folders"}, "GET")) assert set((folder1.id, folder4.id)) <= set(tree.keys())