def test_rs_detail_view_permissions(client):
rs_set = TwoReaderStudies()
tests = (
(None, rs_set.rs1, 302),
(None, rs_set.rs2, 302),
(rs_set.creator, rs_set.rs1, 302),
(rs_set.creator, rs_set.rs2, 302),
(rs_set.editor1, rs_set.rs1, 200),
(rs_set.editor1, rs_set.rs2, 302),
(rs_set.reader1, rs_set.rs1, 200),
(rs_set.reader1, rs_set.rs2, 302),
(rs_set.editor2, rs_set.rs1, 302),
(rs_set.editor2, rs_set.rs2, 200),
(rs_set.reader2, rs_set.rs1, 302),
(rs_set.reader2, rs_set.rs2, 200),
(rs_set.u, rs_set.rs1, 302),
(rs_set.u, rs_set.rs2, 302),
)
for test in tests:
response = get_view_for_user(url=test[1].get_absolute_url(),
client=client,
user=test[0])
assert response.status_code == test[2]
if response.status_code == 302 and test[0] is not None:
assert response.url == reverse(
"reader-studies:permission-request-create",
kwargs={"slug": test[1].slug},
)
def test_answer_creator_is_reader(client):
rs_set = TwoReaderStudies()
im = ImageFactory()
rs_set.rs1.images.add(im)
q = QuestionFactory(reader_study=rs_set.rs1,
answer_type=Question.AnswerType.BOOL)
tests = (
(rs_set.editor1, 201),
(rs_set.reader1, 201),
(rs_set.editor2, 400),
(rs_set.reader2, 400),
(rs_set.u, 400),
)
for test in tests:
response = get_view_for_user(
viewname="api:reader-studies-answer-list",
user=test[0],
client=client,
method=client.post,
data={
"answer": True,
"images": [im.api_url],
"question": q.api_url,
},
content_type="application/json",
)
assert response.status_code == test[1]
def test_api_rs_answer_detail_permissions(client):
rs_set = TwoReaderStudies()
q1 = QuestionFactory(reader_study=rs_set.rs1)
reader11 = UserFactory()
rs_set.rs1.add_reader(reader11)
a1 = AnswerFactory(question=q1, creator=rs_set.reader1, answer="")
tests = (
(None, 401),
(rs_set.creator, 404),
(rs_set.editor1, 200),
(rs_set.reader1, 200),
(reader11, 404),
(rs_set.editor2, 404),
(rs_set.reader2, 404),
(rs_set.u, 404),
)
for test in tests:
response = get_view_for_user(
viewname="api:reader-studies-answer-detail",
reverse_kwargs={"pk": a1.pk},
client=client,
user=test[0],
content_type="application/json",
)
assert response.status_code == test[1]
def test_api_rs_list_permissions(client):
rs_set = TwoReaderStudies()
tests = (
(None, 401, []),
(rs_set.creator, 200, []),
(rs_set.editor1, 200, [rs_set.rs1.pk]),
(rs_set.reader1, 200, [rs_set.rs1.pk]),
(rs_set.editor2, 200, [rs_set.rs2.pk]),
(rs_set.reader2, 200, [rs_set.rs2.pk]),
(rs_set.u, 200, []),
)
for test in tests:
response = get_view_for_user(
viewname="api:reader-study-list",
client=client,
user=test[0],
content_type="application/json",
)
assert response.status_code == test[1]
if test[1] != 401:
# We provided auth details and get a response
assert response.json()["count"] == len(test[2])
pks = [obj["pk"] for obj in response.json()["results"]]
for pk in test[2]:
assert str(pk) in pks
def test_api_rs_question_list_permissions(client):
rs_set = TwoReaderStudies()
q1, q2 = (
QuestionFactory(reader_study=rs_set.rs1),
QuestionFactory(reader_study=rs_set.rs2),
)
tests = (
(None, 200, []),
(rs_set.creator, 200, []),
(rs_set.editor1, 200, [q1.pk]),
(rs_set.reader1, 200, [q1.pk]),
(rs_set.editor2, 200, [q2.pk]),
(rs_set.reader2, 200, [q2.pk]),
(rs_set.u, 200, []),
)
for test in tests:
response = get_view_for_user(
viewname="api:reader-studies-question-list",
client=client,
user=test[0],
content_type="application/json",
)
assert response.status_code == test[1]
assert response.json()["count"] == len(test[2])
pks = {obj["pk"] for obj in response.json()["results"]}
assert {str(pk) for pk in test[2]} == pks
def test_api_rs_patch_permissions(client):
rs_set = TwoReaderStudies()
tests = (
(None, 401),
(rs_set.creator, 404),
(rs_set.editor1, 200),
(rs_set.reader1, 403),
(rs_set.editor2, 404),
(rs_set.reader2, 404),
(rs_set.u, 404),
)
for test in tests:
response = get_view_for_user(
viewname="api:reader-study-generate-hanging-list",
client=client,
method=client.patch,
data={},
user=test[0],
content_type="application/json",
reverse_kwargs={"pk": rs_set.rs1.pk},
)
assert response.status_code == test[1]
if test[1] == 200:
# We provided auth details and get a response
assert response.json()["status"] == "Hanging list generated."
def test_rs_edit_view_permissions(client, view_name):
rs_set = TwoReaderStudies()
tests = (
(None, rs_set.rs1, 302),
(None, rs_set.rs2, 302),
(rs_set.creator, rs_set.rs1, 403),
(rs_set.creator, rs_set.rs2, 403),
(rs_set.editor1, rs_set.rs1, 200),
(rs_set.editor1, rs_set.rs2, 403),
(rs_set.reader1, rs_set.rs1, 403),
(rs_set.reader1, rs_set.rs2, 403),
(rs_set.editor2, rs_set.rs1, 403),
(rs_set.editor2, rs_set.rs2, 200),
(rs_set.reader2, rs_set.rs1, 403),
(rs_set.reader2, rs_set.rs2, 403),
(rs_set.u, rs_set.rs1, 403),
(rs_set.u, rs_set.rs2, 403),
)
for test in tests:
response = get_view_for_user(
viewname=f"reader-studies:{view_name}",
client=client,
user=test[0],
reverse_kwargs={"slug": test[1].slug},
)
assert response.status_code == test[2]
def test_image_port_only_with_bounding_box(
client, answer_type, port, questions_created
):
# The image_port should only be set when using a bounding box
rs_set = TwoReaderStudies()
assert Question.objects.all().count() == 0
response = get_view_for_user(
viewname="reader-studies:add-question",
client=client,
method=client.post,
data={
"question_text": "What?",
"answer_type": answer_type,
"order": 1,
"image_port": port,
"direction": "H",
"options-TOTAL_FORMS": 2,
"options-INITIAL_FORMS": 1,
"options-MIN_NUM_FORMS": 0,
"options-MAX_NUM_FORMS": 1000,
},
reverse_kwargs={"slug": rs_set.rs1.slug},
user=rs_set.editor1,
)
if questions_created == 1:
assert response.status_code == 302
else:
assert response.status_code == 200
assert Question.objects.all().count() == questions_created
def test_rs_detail_view_permissions(client):
rs_set = TwoReaderStudies()
tests = (
(None, rs_set.rs1, 302),
(None, rs_set.rs2, 302),
(rs_set.creator, rs_set.rs1, 403),
(rs_set.creator, rs_set.rs2, 403),
(rs_set.editor1, rs_set.rs1, 200),
(rs_set.editor1, rs_set.rs2, 403),
(rs_set.reader1, rs_set.rs1, 200),
(rs_set.reader1, rs_set.rs2, 403),
(rs_set.editor2, rs_set.rs1, 403),
(rs_set.editor2, rs_set.rs2, 200),
(rs_set.reader2, rs_set.rs1, 403),
(rs_set.reader2, rs_set.rs2, 200),
(rs_set.u, rs_set.rs1, 403),
(rs_set.u, rs_set.rs2, 403),
)
for test in tests:
response = get_view_for_user(url=test[1].get_absolute_url(),
client=client,
user=test[0])
assert response.status_code == test[2]
def test_api_rs_answer_mine_list_permissions(client):
"""
For the "mine" endpoint the list should be filtered by the users own
answers
"""
rs_set = TwoReaderStudies()
q1, q2 = (
QuestionFactory(reader_study=rs_set.rs1),
QuestionFactory(reader_study=rs_set.rs2),
)
reader11 = UserFactory()
rs_set.rs1.add_reader(reader11)
a1, a11, a2 = (
AnswerFactory(question=q1, creator=rs_set.reader1, answer=""),
AnswerFactory(question=q1, creator=reader11, answer=""),
AnswerFactory(question=q2, creator=rs_set.reader2, answer=""),
)
tests = (
(None, 401, []),
(rs_set.creator, 200, []),
(rs_set.editor1, 200, []),
(rs_set.reader1, 200, [a1.pk]),
(reader11, 200, [a11.pk]),
(rs_set.editor2, 200, []),
(rs_set.reader2, 200, [a2.pk]),
(rs_set.u, 200, []),
)
for test in tests:
response = get_view_for_user(
viewname="api:reader-studies-answer-mine",
client=client,
user=test[0],
content_type="application/json",
)
assert response.status_code == test[1]
if test[1] != 401:
# We provided auth details and get a response
assert response.json()["count"] == len(test[2])
pks = [obj["pk"] for obj in response.json()["results"]]
for pk in test[2]:
assert str(pk) in pks
def test_user_autocomplete_permissions(client):
rs_set = TwoReaderStudies()
tests = (
(None, 302),
(rs_set.creator, 403),
(rs_set.editor1, 200),
(rs_set.reader1, 403),
(rs_set.editor2, 200),
(rs_set.reader2, 403),
(rs_set.u, 403),
)
for test in tests:
response = get_view_for_user(
viewname="reader-studies:users-autocomplete",
client=client,
user=test[0],
)
assert response.status_code == test[1]
def test_question_create(client):
rs_set = TwoReaderStudies()
tests = (
(None, 0, 302),
(rs_set.editor1, 1, 302),
(rs_set.reader1, 0, 403),
(rs_set.editor2, 0, 403),
(rs_set.reader2, 0, 403),
(rs_set.u, 0, 403),
)
for test in tests:
response = get_view_for_user(
viewname="reader-studies:add-question",
client=client,
method=client.post,
data={
"question_text": "What?",
"answer_type": "STXT",
"order": 1,
"image_port": "",
"direction": "H",
"options-TOTAL_FORMS": 2,
"options-INITIAL_FORMS": 1,
"options-MIN_NUM_FORMS": 0,
"options-MAX_NUM_FORMS": 1000,
},
reverse_kwargs={"slug": rs_set.rs1.slug},
user=test[0],
)
assert response.status_code == test[2]
qs = Question.objects.all()
assert len(qs) == test[1]
if test[1] > 0:
question = qs[0]
assert question.reader_study == rs_set.rs1
assert question.question_text == "What?"
question.delete()
def test_api_rs_detail_permissions(client):
rs_set = TwoReaderStudies()
tests = (
(None, 401),
(rs_set.creator, 404),
(rs_set.editor1, 200),
(rs_set.reader1, 200),
(rs_set.editor2, 404),
(rs_set.reader2, 404),
(rs_set.u, 404),
)
for test in tests:
response = get_view_for_user(
viewname="api:reader-study-detail",
reverse_kwargs={"pk": rs_set.rs1.pk},
client=client,
user=test[0],
content_type="application/json",
)
assert response.status_code == test[1]
def test_reader_can_download_images(client, reverse):
rs_set = TwoReaderStudies()
im1, im2, im3, im4 = (
ImageFactory(),
ImageFactory(),
ImageFactory(),
ImageFactory(),
)
if reverse:
for im in [im1, im2, im3, im4]:
im.readerstudies.add(rs_set.rs1, rs_set.rs2)
for im in [im3, im4]:
im.readerstudies.remove(rs_set.rs1, rs_set.rs2)
for im in [im1, im2]:
im.readerstudies.remove(rs_set.rs2)
else:
# Test that adding images works
rs_set.rs1.images.add(im1, im2, im3, im4)
# Test that removing images works
rs_set.rs1.images.remove(im3, im4)
tests = (
(None, 200, []),
(rs_set.creator, 200, []),
(rs_set.editor1, 200, []),
(rs_set.reader1, 200, [im1.pk, im2.pk]),
(rs_set.editor2, 200, []),
(rs_set.reader2, 200, []),
(rs_set.u, 200, []),
)
for test in tests:
response = get_view_for_user(
viewname="api:image-list",
client=client,
user=test[0],
content_type="application/json",
)
assert response.status_code == test[1]
assert response.json()["count"] == len(test[2])
pks = {obj["pk"] for obj in response.json()["results"]}
assert {str(pk) for pk in test[2]} == pks
# Test clearing
if reverse:
im1.readerstudies.clear()
im2.readerstudies.clear()
else:
rs_set.rs1.images.clear()
response = get_view_for_user(
viewname="api:image-list",
client=client,
user=rs_set.reader1,
content_type="application/json",
)
assert response.status_code == 200
assert response.json()["count"] == 0