def test_contribution_flow_accessibilite_data(data, client):
client.force_login(data.sophie)
response = client.get(
reverse("contrib_sanitaires", kwargs={"erp_slug": data.erp.slug}))
assert response.status_code == 200
response = client.post(
reverse("contrib_sanitaires", kwargs={"erp_slug": data.erp.slug}),
data={
"sanitaires_presence": "False",
"sanitaires_adaptes": "",
"action": "contribute",
},
follow=True,
)
updated_erp = Erp.objects.get(slug=data.erp.slug)
assert updated_erp.user == data.erp.user # original owner is preserved
assert updated_erp.accessibilite.sanitaires_presence is False
assert updated_erp.accessibilite.sanitaires_adaptes is None
assert_redirect(
response,
reverse("contrib_labellisation", kwargs={"erp_slug":
updated_erp.slug}),
)
assert response.status_code == 200
def test_staff_view(rf: RequestFactory, ChallengeSet, admin_user, mocker):
# admin_user is a superuser, not a challenge admin
creator = ChallengeSet.creator
challenge = ChallengeSet.challenge
participant = ChallengeSet.participant
non_participant = ChallengeSet.non_participant
# Messages need to be mocked when using request factory
mock_messages = mocker.patch(
"grandchallenge.core.permissions.mixins.messages"
).start()
mock_messages.INFO = "INFO"
assert_redirect(
settings.LOGIN_URL, AnonymousUser(), StaffOnlyView, challenge, rf
)
assert_status(403, participant, StaffOnlyView, challenge, rf)
assert_status(403, non_participant, StaffOnlyView, challenge, rf)
assert_status(403, creator, StaffOnlyView, challenge, rf)
assert_status(200, admin_user, StaffOnlyView, challenge, rf)
participant.is_staff = True
participant.save()
assert_status(200, participant, StaffOnlyView, challenge, rf)
def test_delete_erp_owner(data, client, monkeypatch, capsys):
client.force_login(data.niko)
response = client.get(
reverse("contrib_delete", kwargs={"erp_slug": data.erp.slug}))
assert response.status_code == 200
assert Erp.objects.filter(slug=data.erp.slug).count() == 1
# non-confirmed submission
response = client.post(
reverse("contrib_delete", kwargs={"erp_slug": data.erp.slug}),
data={"confirm": False},
)
assert response.status_code == 200
assert "confirm" in response.context["form"].errors
# confirmed submission
response = client.post(
reverse("contrib_delete", kwargs={"erp_slug": data.erp.slug}),
data={"confirm": True},
follow=True,
)
assert_redirect(response, "/compte/erps/")
assert response.status_code == 200
assert Erp.objects.filter(slug=data.erp.slug).count() == 0
def test_admin_with_regular_user(data, client, capsys):
# test that regular frontend user don't have access to the admin
client.force_login(data.samuel)
response = client.get(reverse("admin:index"), follow=True)
# ensure user is redirected to admin login page
assert_redirect(response, "/admin/login/?next=/admin/")
assert response.status_code == 200
assert "admin/login.html" in [t.name for t in response.templates]
def test_permissions_after_challenge_rename(
rf: RequestFactory, admin_user, mocker, challenge_set
):
"""
Check that we can rename challenges.
admin_user is superuser.
"""
creator = challenge_set.creator
challenge = challenge_set.challenge
participant = challenge_set.participant
non_participant = challenge_set.non_participant
# Messages need to be mocked when using request factory
mock_messages = mocker.patch(
"grandchallenge.core.permissions.mixins.messages"
).start()
mock_messages.INFO = "INFO"
assert_status(200, admin_user, AdminOnlyView, challenge, rf)
assert_status(200, creator, AdminOnlyView, challenge, rf)
assert_status(403, participant, AdminOnlyView, challenge, rf)
assert_status(403, non_participant, AdminOnlyView, challenge, rf)
assert_redirect(
settings.LOGIN_URL, AnonymousUser(), AdminOnlyView, challenge, rf
)
assert_status(200, admin_user, ParticipantOrAdminOnlyView, challenge, rf)
assert_status(200, creator, ParticipantOrAdminOnlyView, challenge, rf)
assert_status(200, participant, ParticipantOrAdminOnlyView, challenge, rf)
assert_status(
403, non_participant, ParticipantOrAdminOnlyView, challenge, rf
)
assert_redirect(
settings.LOGIN_URL,
AnonymousUser(),
ParticipantOrAdminOnlyView,
challenge,
rf,
)
challenge.short_name += "appendedname"
challenge.save()
assert_status(200, admin_user, AdminOnlyView, challenge, rf)
assert_status(200, creator, AdminOnlyView, challenge, rf)
assert_status(403, participant, AdminOnlyView, challenge, rf)
assert_status(403, non_participant, AdminOnlyView, challenge, rf)
assert_redirect(
settings.LOGIN_URL, AnonymousUser(), AdminOnlyView, challenge, rf
)
assert_status(200, admin_user, ParticipantOrAdminOnlyView, challenge, rf)
assert_status(200, creator, ParticipantOrAdminOnlyView, challenge, rf)
assert_status(200, participant, ParticipantOrAdminOnlyView, challenge, rf)
assert_status(
403, non_participant, ParticipantOrAdminOnlyView, challenge, rf
)
assert_redirect(
settings.LOGIN_URL,
AnonymousUser(),
ParticipantOrAdminOnlyView,
challenge,
rf,
)
def test_erp_vote_anonymous(data, client):
response = client.post(
reverse("erp_vote", kwargs={"erp_slug": data.erp.slug}),
{
"action": "DOWN",
"comment": "bouh"
},
follow=True,
)
# ensure user is redirected to login page
assert_redirect(response,
"/compte/login/?next=/app/aux-bons-croissants/vote/")
assert response.status_code == 200
assert "registration/login.html" in [t.name for t in response.templates]
def test_permissions_after_challenge_rename(
rf: RequestFactory, admin_user, mocker, ChallengeSet
):
""" Check that we can rename challenges.
Admin_user is superuser """
creator = ChallengeSet.creator
challenge = ChallengeSet.challenge
participant = ChallengeSet.participant
non_participant = ChallengeSet.non_participant
# Messages need to be mocked when using request factory
mock_messages = mocker.patch(
"grandchallenge.core.permissions.mixins.messages"
).start()
mock_messages.INFO = "INFO"
assert_status(200, admin_user, AdminOnlyView, challenge, rf)
assert_status(200, creator, AdminOnlyView, challenge, rf)
assert_status(403, participant, AdminOnlyView, challenge, rf)
assert_status(403, non_participant, AdminOnlyView, challenge, rf)
assert_redirect(
settings.LOGIN_URL, AnonymousUser(), AdminOnlyView, challenge, rf
)
assert_status(200, admin_user, ParticipantOrAdminOnlyView, challenge, rf)
assert_status(200, creator, ParticipantOrAdminOnlyView, challenge, rf)
assert_status(200, participant, ParticipantOrAdminOnlyView, challenge, rf)
assert_status(
403, non_participant, ParticipantOrAdminOnlyView, challenge, rf
)
assert_redirect(
settings.LOGIN_URL,
AnonymousUser(),
ParticipantOrAdminOnlyView,
challenge,
rf,
)
challenge.short_name += "appendedname"
challenge.save()
assert_status(200, admin_user, AdminOnlyView, challenge, rf)
assert_status(200, creator, AdminOnlyView, challenge, rf)
assert_status(403, participant, AdminOnlyView, challenge, rf)
assert_status(403, non_participant, AdminOnlyView, challenge, rf)
assert_redirect(
settings.LOGIN_URL, AnonymousUser(), AdminOnlyView, challenge, rf
)
assert_status(200, admin_user, ParticipantOrAdminOnlyView, challenge, rf)
assert_status(200, creator, ParticipantOrAdminOnlyView, challenge, rf)
assert_status(200, participant, ParticipantOrAdminOnlyView, challenge, rf)
assert_status(
403, non_participant, ParticipantOrAdminOnlyView, challenge, rf
)
assert_redirect(
settings.LOGIN_URL,
AnonymousUser(),
ParticipantOrAdminOnlyView,
challenge,
rf,
)
def test_permissions_mixin(
rf: RequestFactory, admin_user, mocker, ChallengeSet
):
# admin_user is a superuser, not a challenge admin
creator = ChallengeSet.creator
challenge = ChallengeSet.challenge
participant = ChallengeSet.participant
non_participant = ChallengeSet.non_participant
# Messages need to be mocked when using request factory
mock_messages = mocker.patch(
"grandchallenge.core.permissions.mixins.messages"
).start()
mock_messages.INFO = "INFO"
assert_status(200, admin_user, AdminOnlyView, challenge, rf)
assert_status(200, creator, AdminOnlyView, challenge, rf)
assert_status(403, participant, AdminOnlyView, challenge, rf)
assert_status(403, non_participant, AdminOnlyView, challenge, rf)
assert_redirect(
settings.LOGIN_URL, AnonymousUser(), AdminOnlyView, challenge, rf
)
assert_status(200, admin_user, ParticipantOrAdminOnlyView, challenge, rf)
assert_status(200, creator, ParticipantOrAdminOnlyView, challenge, rf)
assert_status(200, participant, ParticipantOrAdminOnlyView, challenge, rf)
assert_status(
403, non_participant, ParticipantOrAdminOnlyView, challenge, rf
)
assert_redirect(
settings.LOGIN_URL,
AnonymousUser(),
ParticipantOrAdminOnlyView,
challenge,
rf,
)
# Make a 2nd challenge and make sure that the admins and participants
# here cannot see the first
creator2 = UserFactory()
challenge2 = ChallengeFactory(creator=creator2)
participant2 = UserFactory()
challenge2.add_participant(participant2)
assert_status(403, creator2, AdminOnlyView, challenge, rf)
assert_status(403, participant2, AdminOnlyView, challenge, rf)
assert_status(403, creator2, ParticipantOrAdminOnlyView, challenge, rf)
assert_status(403, participant2, ParticipantOrAdminOnlyView, challenge, rf)
def test_contribution_flow_administrative_data(data, mocker, client):
mocker.patch(
"erp.provider.geocoder.geocode",
return_value={
"geom": Point(0, 0),
"numero": "4",
"voie": "Grand Rue",
"lieu_dit": None,
"code_postal": "34830",
"commune": "Jacou",
"code_insee": "34120",
},
)
client.force_login(data.sophie)
response = client.get(
reverse("contrib_edit_infos", kwargs={"erp_slug": data.erp.slug}))
assert response.status_code == 200
response = client.post(
reverse("contrib_edit_infos", kwargs={"erp_slug": data.erp.slug}),
data={
"source": "sirene",
"source_id": "xxx",
"nom": "Test contribution",
"activite": data.boulangerie.pk,
"numero": "12",
"voie": "GRAND RUE",
"lieu_dit": "",
"code_postal": "34830",
"commune": "JACOU",
"site_internet": "http://google.com/",
"action": "contribute",
},
follow=True,
)
updated_erp = Erp.objects.get(slug=data.erp.slug)
assert response.context["form"].errors == {}
assert updated_erp.nom == "Test contribution"
assert updated_erp.user == data.erp.user # original owner is preserved
assert_redirect(response, "/contrib/localisation/aux-bons-croissants/")
assert response.status_code == 200
def test_ajout_erp_a11y_vide_erreur(data, client, capsys):
client.force_login(data.niko)
# empty a11y data
data.erp.accessibilite.sanitaires_presence = None
data.erp.accessibilite.sanitaires_adaptes = None
data.erp.accessibilite.save()
data.erp.save()
assert data.erp.accessibilite.has_data() is False
# published field on
response = client.post(
reverse("contrib_publication", kwargs={"erp_slug": data.erp.slug}),
data={
"user_type": Erp.USER_ROLE_PUBLIC,
"published": "on",
"certif": "on",
},
)
assert response.status_code == 200
assert response.context.get("empty_a11y") is True
erp = Erp.objects.get(slug=data.erp.slug)
assert erp.accessibilite.has_data() is False
assert erp.published is False
# published field off
response = client.post(
reverse("contrib_publication", kwargs={"erp_slug": data.erp.slug}),
data={
"user_type": Erp.USER_ROLE_PUBLIC,
"certif": "on",
},
follow=True,
)
assert_redirect(response, "/compte/erps/")
erp = Erp.objects.get(slug=data.erp.slug)
assert erp.published is False
def test_erp_edit_can_be_contributed(data, client):
# editing requires authentication
response = client.get(reverse("contrib_transport",
kwargs={"erp_slug": data.erp.slug}),
follow=True)
assert_redirect(
response,
"/compte/login/?next=/contrib/transport/aux-bons-croissants/")
assert response.status_code == 200
# owners can edit their erp
client.force_login(data.niko)
response = client.get(
reverse("contrib_transport", kwargs={"erp_slug": data.erp.slug}))
assert response.status_code == 200
assert "initialement fournies par" not in response.content.decode()
# non-owner can't
client.force_login(data.sophie)
response = client.get(
reverse("contrib_transport", kwargs={"erp_slug": data.erp.slug}))
assert response.status_code == 200
assert "initialement fournies par" in response.content.decode()
def test_ajout_erp_authenticated(data, client, monkeypatch, capsys):
client.force_login(data.niko)
response = client.get(reverse("contrib_start"))
assert response.status_code == 200
response = client.get(reverse("contrib_admin_infos"))
assert response.status_code == 200
# Admin infos
def mock_geocode(*args, **kwargs):
return {
"geom": Point(0, 0),
"numero": "12",
"voie": "Grand rue",
"lieu_dit": None,
"code_postal": "34830",
"commune": "Jacou",
"code_insee": "34122",
}
monkeypatch.setattr(geocoder, "geocode", mock_geocode)
response = client.post(
reverse("contrib_admin_infos"),
data={
"source": "sirene",
"source_id": "xxx",
"nom": "Test ERP",
"activite": data.boulangerie.pk,
"numero": "12",
"voie": "GRAND RUE",
"lieu_dit": "",
"code_postal": "34830",
"commune": "JACOU",
},
follow=True,
)
erp = Erp.objects.get(nom="Test ERP")
assert erp.user == data.niko
assert erp.published is False
assert_redirect(response, f"/contrib/localisation/{erp.slug}/")
assert response.status_code == 200
# Localisation
response = client.post(
reverse("contrib_localisation", kwargs={"erp_slug": erp.slug}),
data={
"lat": "43",
"lon": "3"
},
follow=True,
)
erp = Erp.objects.get(nom="Test ERP")
assert erp.geom.x == 3
assert erp.geom.y == 43
assert_redirect(response, "/contrib/transport/test-erp/")
assert response.status_code == 200
# Transport
response = client.post(
reverse("contrib_transport", kwargs={"erp_slug": erp.slug}),
data={
"transport_station_presence": True,
"transport_information": "blah"
},
follow=True,
)
accessibilite = Accessibilite.objects.get(erp__slug=erp.slug)
assert accessibilite.transport_station_presence is True
assert accessibilite.transport_information == "blah"
assert_redirect(response, "/contrib/stationnement/test-erp/")
assert response.status_code == 200
# Stationnement
response = client.post(
reverse("contrib_stationnement", kwargs={"erp_slug": erp.slug}),
data={
"stationnement_presence": True,
"stationnement_pmr": True,
"stationnement_ext_presence": True,
"stationnement_ext_pmr": True,
},
follow=True,
)
accessibilite = Accessibilite.objects.get(erp__slug=erp.slug)
assert accessibilite.stationnement_presence is True
assert accessibilite.stationnement_pmr is True
assert accessibilite.stationnement_ext_presence is True
assert accessibilite.stationnement_ext_pmr is True
assert_redirect(response, "/contrib/exterieur/test-erp/")
assert response.status_code == 200
# Extérieur
response = client.post(
reverse("contrib_exterieur", kwargs={"erp_slug": erp.slug}),
data={
"cheminement_ext_presence": True,
"cheminement_ext_terrain_accidente": True,
"cheminement_ext_plain_pied": False,
"cheminement_ext_ascenseur": True,
"cheminement_ext_nombre_marches": 42,
"cheminement_ext_sens_marches": "descendant",
"cheminement_ext_reperage_marches": True,
"cheminement_ext_main_courante": True,
"cheminement_ext_rampe": "aucune",
"cheminement_ext_pente_presence": True,
"cheminement_ext_pente_degre_difficulte": "légère",
"cheminement_ext_pente_longueur": "courte",
"cheminement_ext_devers": "aucun",
"cheminement_ext_bande_guidage": True,
"cheminement_ext_retrecissement": True,
},
follow=True,
)
accessibilite = Accessibilite.objects.get(erp__slug=erp.slug)
assert accessibilite.cheminement_ext_presence is True
assert accessibilite.cheminement_ext_terrain_accidente is True
assert accessibilite.cheminement_ext_plain_pied is False
assert accessibilite.cheminement_ext_ascenseur is True
assert accessibilite.cheminement_ext_nombre_marches == 42
assert accessibilite.cheminement_ext_sens_marches == "descendant"
assert accessibilite.cheminement_ext_reperage_marches is True
assert accessibilite.cheminement_ext_main_courante is True
assert accessibilite.cheminement_ext_rampe == "aucune"
assert accessibilite.cheminement_ext_pente_presence is True
assert accessibilite.cheminement_ext_pente_degre_difficulte == "légère"
assert accessibilite.cheminement_ext_pente_longueur == "courte"
assert accessibilite.cheminement_ext_devers == "aucun"
assert accessibilite.cheminement_ext_bande_guidage is True
assert accessibilite.cheminement_ext_retrecissement is True
assert_redirect(response, "/contrib/entree/test-erp/")
assert response.status_code == 200
# Entree
response = client.post(
reverse("contrib_entree", kwargs={"erp_slug": erp.slug}),
data={
"entree_reperage": True,
"entree_vitree": True,
"entree_vitree_vitrophanie": True,
"entree_plain_pied": False,
"entree_ascenseur": True,
"entree_marches": 42,
"entree_marches_sens": "descendant",
"entree_marches_reperage": True,
"entree_marches_main_courante": True,
"entree_marches_rampe": "aucune",
"entree_balise_sonore": True,
"entree_dispositif_appel": True,
"entree_dispositif_appel_type": ["bouton", "visiophone"],
"entree_aide_humaine": True,
"entree_largeur_mini": 80,
"entree_pmr": True,
"entree_pmr_informations": "blah",
},
follow=True,
)
accessibilite = Accessibilite.objects.get(erp__slug=erp.slug)
assert accessibilite.entree_reperage is True
assert accessibilite.entree_vitree is True
assert accessibilite.entree_vitree_vitrophanie is True
assert accessibilite.entree_plain_pied is False
assert accessibilite.entree_ascenseur is True
assert accessibilite.entree_marches == 42
assert accessibilite.entree_marches_sens == "descendant"
assert accessibilite.entree_marches_reperage is True
assert accessibilite.entree_marches_main_courante is True
assert accessibilite.entree_marches_rampe == "aucune"
assert accessibilite.entree_balise_sonore is True
assert accessibilite.entree_dispositif_appel is True
assert accessibilite.entree_dispositif_appel_type == [
"bouton", "visiophone"
]
assert accessibilite.entree_aide_humaine is True
assert accessibilite.entree_largeur_mini == 80
assert accessibilite.entree_pmr is True
assert accessibilite.entree_pmr_informations == "blah"
assert_redirect(response, "/contrib/accueil/test-erp/")
assert response.status_code == 200
# Accueil
response = client.post(
reverse("contrib_accueil", kwargs={"erp_slug": erp.slug}),
data={
"accueil_visibilite": True,
"accueil_personnels": "aucun",
"accueil_equipements_malentendants_presence": True,
"accueil_equipements_malentendants": ["bim", "lsf"],
"accueil_cheminement_plain_pied": False,
"accueil_cheminement_ascenseur": True,
"accueil_cheminement_nombre_marches": 42,
"accueil_cheminement_sens_marches": "descendant",
"accueil_cheminement_reperage_marches": True,
"accueil_cheminement_main_courante": True,
"accueil_cheminement_rampe": "aucune",
"accueil_retrecissement": True,
},
follow=True,
)
accessibilite = Accessibilite.objects.get(erp__slug=erp.slug)
assert accessibilite.accueil_visibilite is True
assert accessibilite.accueil_personnels == "aucun"
assert accessibilite.accueil_equipements_malentendants_presence is True
assert accessibilite.accueil_equipements_malentendants == ["bim", "lsf"]
assert accessibilite.accueil_cheminement_plain_pied is False
assert accessibilite.accueil_cheminement_ascenseur is True
assert accessibilite.accueil_cheminement_nombre_marches == 42
assert accessibilite.accueil_cheminement_sens_marches == "descendant"
assert accessibilite.accueil_cheminement_reperage_marches is True
assert accessibilite.accueil_cheminement_main_courante is True
assert accessibilite.accueil_cheminement_rampe == "aucune"
assert accessibilite.accueil_retrecissement is True
assert_redirect(response, "/contrib/sanitaires/test-erp/")
assert response.status_code == 200
# Sanitaires
response = client.post(
reverse("contrib_sanitaires", kwargs={"erp_slug": erp.slug}),
data={
"sanitaires_presence": True,
"sanitaires_adaptes": 1,
},
follow=True,
)
accessibilite = Accessibilite.objects.get(erp__slug=erp.slug)
assert accessibilite.sanitaires_presence is True
assert accessibilite.sanitaires_adaptes == 1
assert_redirect(response, "/contrib/labellisation/test-erp/")
assert response.status_code == 200
# Labels
response = client.post(
reverse("contrib_labellisation", kwargs={"erp_slug": erp.slug}),
data={
"labels": ["th"],
"labels_familles_handicap": ["visuel", "auditif"],
"labels_autre": "X",
},
follow=True,
)
accessibilite = Accessibilite.objects.get(erp__slug=erp.slug)
assert accessibilite.labels == ["th"]
assert accessibilite.labels_familles_handicap == ["visuel", "auditif"]
assert accessibilite.labels_autre == "X"
assert_redirect(response, "/contrib/commentaire/test-erp/")
assert response.status_code == 200
# Commentaire
response = client.post(
reverse("contrib_commentaire", kwargs={"erp_slug": erp.slug}),
data={
"commentaire": "test commentaire",
},
follow=True,
)
accessibilite = Accessibilite.objects.get(erp__slug=erp.slug)
assert accessibilite.commentaire == "test commentaire"
assert_redirect(response, "/contrib/publication/test-erp/")
assert response.status_code == 200
# Publication
# Public user
response = client.post(
reverse("contrib_publication", kwargs={"erp_slug": erp.slug}),
data={
"user_type": Erp.USER_ROLE_PUBLIC,
"published": "on",
"certif": "on",
},
follow=True,
)
erp = Erp.objects.get(slug=erp.slug, user_type=Erp.USER_ROLE_PUBLIC)
assert erp.published is True
assert_redirect(response, "/compte/erps/")
assert response.status_code == 200
# Gestionnaire user
response = client.post(
reverse("contrib_publication", kwargs={"erp_slug": erp.slug}),
data={
"user_type": Erp.USER_ROLE_GESTIONNAIRE,
"registre_url": "http://www.google.com/",
"published": "on",
"certif": "on",
},
follow=True,
)
erp = Erp.objects.get(slug=erp.slug, user_type=Erp.USER_ROLE_GESTIONNAIRE)
assert erp.published is True
# FIXME: this performs an actual query, we should use a mock
assert erp.accessibilite.registre_url == "http://www.google.com/"
assert_redirect(response, "/compte/erps/")
assert response.status_code == 200
# Administrative user
response = client.post(
reverse("contrib_publication", kwargs={"erp_slug": erp.slug}),
data={
"user_type": Erp.USER_ROLE_ADMIN,
"conformite": True,
"published": "on",
"certif": "on",
},
follow=True,
)
erp = Erp.objects.get(slug=erp.slug, user_type=Erp.USER_ROLE_ADMIN)
assert erp.published is True
assert erp.accessibilite.conformite is True
assert_redirect(response, "/compte/erps/")
assert response.status_code == 200
def test_ajout_erp_requires_auth(data, client):
response = client.get(reverse("contrib_start"), follow=True)
assert_redirect(response, "/compte/login/?next=/contrib/start/")
assert response.status_code == 200
assert "registration/login.html" in [t.name for t in response.templates]
def test_update_username_anonymous(client, data):
response = client.get(reverse("mon_identifiant"), follow=True)
assert_redirect(response, "/compte/login/")
