def test_contribution_flow_accessibilite_data(data, client): client.force_login(data.sophie) response = client.get( reverse("contrib_sanitaires", kwargs={"erp_slug": data.erp.slug})) assert response.status_code == 200 response = client.post( reverse("contrib_sanitaires", kwargs={"erp_slug": data.erp.slug}), data={ "sanitaires_presence": "False", "sanitaires_adaptes": "", "action": "contribute", }, follow=True, ) updated_erp = Erp.objects.get(slug=data.erp.slug) assert updated_erp.user == data.erp.user # original owner is preserved assert updated_erp.accessibilite.sanitaires_presence is False assert updated_erp.accessibilite.sanitaires_adaptes is None assert_redirect( response, reverse("contrib_labellisation", kwargs={"erp_slug": updated_erp.slug}), ) assert response.status_code == 200
def test_staff_view(rf: RequestFactory, ChallengeSet, admin_user, mocker): # admin_user is a superuser, not a challenge admin creator = ChallengeSet.creator challenge = ChallengeSet.challenge participant = ChallengeSet.participant non_participant = ChallengeSet.non_participant # Messages need to be mocked when using request factory mock_messages = mocker.patch( "grandchallenge.core.permissions.mixins.messages" ).start() mock_messages.INFO = "INFO" assert_redirect( settings.LOGIN_URL, AnonymousUser(), StaffOnlyView, challenge, rf ) assert_status(403, participant, StaffOnlyView, challenge, rf) assert_status(403, non_participant, StaffOnlyView, challenge, rf) assert_status(403, creator, StaffOnlyView, challenge, rf) assert_status(200, admin_user, StaffOnlyView, challenge, rf) participant.is_staff = True participant.save() assert_status(200, participant, StaffOnlyView, challenge, rf)
def test_delete_erp_owner(data, client, monkeypatch, capsys): client.force_login(data.niko) response = client.get( reverse("contrib_delete", kwargs={"erp_slug": data.erp.slug})) assert response.status_code == 200 assert Erp.objects.filter(slug=data.erp.slug).count() == 1 # non-confirmed submission response = client.post( reverse("contrib_delete", kwargs={"erp_slug": data.erp.slug}), data={"confirm": False}, ) assert response.status_code == 200 assert "confirm" in response.context["form"].errors # confirmed submission response = client.post( reverse("contrib_delete", kwargs={"erp_slug": data.erp.slug}), data={"confirm": True}, follow=True, ) assert_redirect(response, "/compte/erps/") assert response.status_code == 200 assert Erp.objects.filter(slug=data.erp.slug).count() == 0
def test_admin_with_regular_user(data, client, capsys): # test that regular frontend user don't have access to the admin client.force_login(data.samuel) response = client.get(reverse("admin:index"), follow=True) # ensure user is redirected to admin login page assert_redirect(response, "/admin/login/?next=/admin/") assert response.status_code == 200 assert "admin/login.html" in [t.name for t in response.templates]
def test_permissions_after_challenge_rename( rf: RequestFactory, admin_user, mocker, challenge_set ): """ Check that we can rename challenges. admin_user is superuser. """ creator = challenge_set.creator challenge = challenge_set.challenge participant = challenge_set.participant non_participant = challenge_set.non_participant # Messages need to be mocked when using request factory mock_messages = mocker.patch( "grandchallenge.core.permissions.mixins.messages" ).start() mock_messages.INFO = "INFO" assert_status(200, admin_user, AdminOnlyView, challenge, rf) assert_status(200, creator, AdminOnlyView, challenge, rf) assert_status(403, participant, AdminOnlyView, challenge, rf) assert_status(403, non_participant, AdminOnlyView, challenge, rf) assert_redirect( settings.LOGIN_URL, AnonymousUser(), AdminOnlyView, challenge, rf ) assert_status(200, admin_user, ParticipantOrAdminOnlyView, challenge, rf) assert_status(200, creator, ParticipantOrAdminOnlyView, challenge, rf) assert_status(200, participant, ParticipantOrAdminOnlyView, challenge, rf) assert_status( 403, non_participant, ParticipantOrAdminOnlyView, challenge, rf ) assert_redirect( settings.LOGIN_URL, AnonymousUser(), ParticipantOrAdminOnlyView, challenge, rf, ) challenge.short_name += "appendedname" challenge.save() assert_status(200, admin_user, AdminOnlyView, challenge, rf) assert_status(200, creator, AdminOnlyView, challenge, rf) assert_status(403, participant, AdminOnlyView, challenge, rf) assert_status(403, non_participant, AdminOnlyView, challenge, rf) assert_redirect( settings.LOGIN_URL, AnonymousUser(), AdminOnlyView, challenge, rf ) assert_status(200, admin_user, ParticipantOrAdminOnlyView, challenge, rf) assert_status(200, creator, ParticipantOrAdminOnlyView, challenge, rf) assert_status(200, participant, ParticipantOrAdminOnlyView, challenge, rf) assert_status( 403, non_participant, ParticipantOrAdminOnlyView, challenge, rf ) assert_redirect( settings.LOGIN_URL, AnonymousUser(), ParticipantOrAdminOnlyView, challenge, rf, )
def test_erp_vote_anonymous(data, client): response = client.post( reverse("erp_vote", kwargs={"erp_slug": data.erp.slug}), { "action": "DOWN", "comment": "bouh" }, follow=True, ) # ensure user is redirected to login page assert_redirect(response, "/compte/login/?next=/app/aux-bons-croissants/vote/") assert response.status_code == 200 assert "registration/login.html" in [t.name for t in response.templates]
def test_permissions_after_challenge_rename( rf: RequestFactory, admin_user, mocker, ChallengeSet ): """ Check that we can rename challenges. Admin_user is superuser """ creator = ChallengeSet.creator challenge = ChallengeSet.challenge participant = ChallengeSet.participant non_participant = ChallengeSet.non_participant # Messages need to be mocked when using request factory mock_messages = mocker.patch( "grandchallenge.core.permissions.mixins.messages" ).start() mock_messages.INFO = "INFO" assert_status(200, admin_user, AdminOnlyView, challenge, rf) assert_status(200, creator, AdminOnlyView, challenge, rf) assert_status(403, participant, AdminOnlyView, challenge, rf) assert_status(403, non_participant, AdminOnlyView, challenge, rf) assert_redirect( settings.LOGIN_URL, AnonymousUser(), AdminOnlyView, challenge, rf ) assert_status(200, admin_user, ParticipantOrAdminOnlyView, challenge, rf) assert_status(200, creator, ParticipantOrAdminOnlyView, challenge, rf) assert_status(200, participant, ParticipantOrAdminOnlyView, challenge, rf) assert_status( 403, non_participant, ParticipantOrAdminOnlyView, challenge, rf ) assert_redirect( settings.LOGIN_URL, AnonymousUser(), ParticipantOrAdminOnlyView, challenge, rf, ) challenge.short_name += "appendedname" challenge.save() assert_status(200, admin_user, AdminOnlyView, challenge, rf) assert_status(200, creator, AdminOnlyView, challenge, rf) assert_status(403, participant, AdminOnlyView, challenge, rf) assert_status(403, non_participant, AdminOnlyView, challenge, rf) assert_redirect( settings.LOGIN_URL, AnonymousUser(), AdminOnlyView, challenge, rf ) assert_status(200, admin_user, ParticipantOrAdminOnlyView, challenge, rf) assert_status(200, creator, ParticipantOrAdminOnlyView, challenge, rf) assert_status(200, participant, ParticipantOrAdminOnlyView, challenge, rf) assert_status( 403, non_participant, ParticipantOrAdminOnlyView, challenge, rf ) assert_redirect( settings.LOGIN_URL, AnonymousUser(), ParticipantOrAdminOnlyView, challenge, rf, )
def test_permissions_mixin( rf: RequestFactory, admin_user, mocker, ChallengeSet ): # admin_user is a superuser, not a challenge admin creator = ChallengeSet.creator challenge = ChallengeSet.challenge participant = ChallengeSet.participant non_participant = ChallengeSet.non_participant # Messages need to be mocked when using request factory mock_messages = mocker.patch( "grandchallenge.core.permissions.mixins.messages" ).start() mock_messages.INFO = "INFO" assert_status(200, admin_user, AdminOnlyView, challenge, rf) assert_status(200, creator, AdminOnlyView, challenge, rf) assert_status(403, participant, AdminOnlyView, challenge, rf) assert_status(403, non_participant, AdminOnlyView, challenge, rf) assert_redirect( settings.LOGIN_URL, AnonymousUser(), AdminOnlyView, challenge, rf ) assert_status(200, admin_user, ParticipantOrAdminOnlyView, challenge, rf) assert_status(200, creator, ParticipantOrAdminOnlyView, challenge, rf) assert_status(200, participant, ParticipantOrAdminOnlyView, challenge, rf) assert_status( 403, non_participant, ParticipantOrAdminOnlyView, challenge, rf ) assert_redirect( settings.LOGIN_URL, AnonymousUser(), ParticipantOrAdminOnlyView, challenge, rf, ) # Make a 2nd challenge and make sure that the admins and participants # here cannot see the first creator2 = UserFactory() challenge2 = ChallengeFactory(creator=creator2) participant2 = UserFactory() challenge2.add_participant(participant2) assert_status(403, creator2, AdminOnlyView, challenge, rf) assert_status(403, participant2, AdminOnlyView, challenge, rf) assert_status(403, creator2, ParticipantOrAdminOnlyView, challenge, rf) assert_status(403, participant2, ParticipantOrAdminOnlyView, challenge, rf)
def test_contribution_flow_administrative_data(data, mocker, client): mocker.patch( "erp.provider.geocoder.geocode", return_value={ "geom": Point(0, 0), "numero": "4", "voie": "Grand Rue", "lieu_dit": None, "code_postal": "34830", "commune": "Jacou", "code_insee": "34120", }, ) client.force_login(data.sophie) response = client.get( reverse("contrib_edit_infos", kwargs={"erp_slug": data.erp.slug})) assert response.status_code == 200 response = client.post( reverse("contrib_edit_infos", kwargs={"erp_slug": data.erp.slug}), data={ "source": "sirene", "source_id": "xxx", "nom": "Test contribution", "activite": data.boulangerie.pk, "numero": "12", "voie": "GRAND RUE", "lieu_dit": "", "code_postal": "34830", "commune": "JACOU", "site_internet": "http://google.com/", "action": "contribute", }, follow=True, ) updated_erp = Erp.objects.get(slug=data.erp.slug) assert response.context["form"].errors == {} assert updated_erp.nom == "Test contribution" assert updated_erp.user == data.erp.user # original owner is preserved assert_redirect(response, "/contrib/localisation/aux-bons-croissants/") assert response.status_code == 200
def test_ajout_erp_a11y_vide_erreur(data, client, capsys): client.force_login(data.niko) # empty a11y data data.erp.accessibilite.sanitaires_presence = None data.erp.accessibilite.sanitaires_adaptes = None data.erp.accessibilite.save() data.erp.save() assert data.erp.accessibilite.has_data() is False # published field on response = client.post( reverse("contrib_publication", kwargs={"erp_slug": data.erp.slug}), data={ "user_type": Erp.USER_ROLE_PUBLIC, "published": "on", "certif": "on", }, ) assert response.status_code == 200 assert response.context.get("empty_a11y") is True erp = Erp.objects.get(slug=data.erp.slug) assert erp.accessibilite.has_data() is False assert erp.published is False # published field off response = client.post( reverse("contrib_publication", kwargs={"erp_slug": data.erp.slug}), data={ "user_type": Erp.USER_ROLE_PUBLIC, "certif": "on", }, follow=True, ) assert_redirect(response, "/compte/erps/") erp = Erp.objects.get(slug=data.erp.slug) assert erp.published is False
def test_erp_edit_can_be_contributed(data, client): # editing requires authentication response = client.get(reverse("contrib_transport", kwargs={"erp_slug": data.erp.slug}), follow=True) assert_redirect( response, "/compte/login/?next=/contrib/transport/aux-bons-croissants/") assert response.status_code == 200 # owners can edit their erp client.force_login(data.niko) response = client.get( reverse("contrib_transport", kwargs={"erp_slug": data.erp.slug})) assert response.status_code == 200 assert "initialement fournies par" not in response.content.decode() # non-owner can't client.force_login(data.sophie) response = client.get( reverse("contrib_transport", kwargs={"erp_slug": data.erp.slug})) assert response.status_code == 200 assert "initialement fournies par" in response.content.decode()
def test_ajout_erp_authenticated(data, client, monkeypatch, capsys): client.force_login(data.niko) response = client.get(reverse("contrib_start")) assert response.status_code == 200 response = client.get(reverse("contrib_admin_infos")) assert response.status_code == 200 # Admin infos def mock_geocode(*args, **kwargs): return { "geom": Point(0, 0), "numero": "12", "voie": "Grand rue", "lieu_dit": None, "code_postal": "34830", "commune": "Jacou", "code_insee": "34122", } monkeypatch.setattr(geocoder, "geocode", mock_geocode) response = client.post( reverse("contrib_admin_infos"), data={ "source": "sirene", "source_id": "xxx", "nom": "Test ERP", "activite": data.boulangerie.pk, "numero": "12", "voie": "GRAND RUE", "lieu_dit": "", "code_postal": "34830", "commune": "JACOU", }, follow=True, ) erp = Erp.objects.get(nom="Test ERP") assert erp.user == data.niko assert erp.published is False assert_redirect(response, f"/contrib/localisation/{erp.slug}/") assert response.status_code == 200 # Localisation response = client.post( reverse("contrib_localisation", kwargs={"erp_slug": erp.slug}), data={ "lat": "43", "lon": "3" }, follow=True, ) erp = Erp.objects.get(nom="Test ERP") assert erp.geom.x == 3 assert erp.geom.y == 43 assert_redirect(response, "/contrib/transport/test-erp/") assert response.status_code == 200 # Transport response = client.post( reverse("contrib_transport", kwargs={"erp_slug": erp.slug}), data={ "transport_station_presence": True, "transport_information": "blah" }, follow=True, ) accessibilite = Accessibilite.objects.get(erp__slug=erp.slug) assert accessibilite.transport_station_presence is True assert accessibilite.transport_information == "blah" assert_redirect(response, "/contrib/stationnement/test-erp/") assert response.status_code == 200 # Stationnement response = client.post( reverse("contrib_stationnement", kwargs={"erp_slug": erp.slug}), data={ "stationnement_presence": True, "stationnement_pmr": True, "stationnement_ext_presence": True, "stationnement_ext_pmr": True, }, follow=True, ) accessibilite = Accessibilite.objects.get(erp__slug=erp.slug) assert accessibilite.stationnement_presence is True assert accessibilite.stationnement_pmr is True assert accessibilite.stationnement_ext_presence is True assert accessibilite.stationnement_ext_pmr is True assert_redirect(response, "/contrib/exterieur/test-erp/") assert response.status_code == 200 # Extérieur response = client.post( reverse("contrib_exterieur", kwargs={"erp_slug": erp.slug}), data={ "cheminement_ext_presence": True, "cheminement_ext_terrain_accidente": True, "cheminement_ext_plain_pied": False, "cheminement_ext_ascenseur": True, "cheminement_ext_nombre_marches": 42, "cheminement_ext_sens_marches": "descendant", "cheminement_ext_reperage_marches": True, "cheminement_ext_main_courante": True, "cheminement_ext_rampe": "aucune", "cheminement_ext_pente_presence": True, "cheminement_ext_pente_degre_difficulte": "légère", "cheminement_ext_pente_longueur": "courte", "cheminement_ext_devers": "aucun", "cheminement_ext_bande_guidage": True, "cheminement_ext_retrecissement": True, }, follow=True, ) accessibilite = Accessibilite.objects.get(erp__slug=erp.slug) assert accessibilite.cheminement_ext_presence is True assert accessibilite.cheminement_ext_terrain_accidente is True assert accessibilite.cheminement_ext_plain_pied is False assert accessibilite.cheminement_ext_ascenseur is True assert accessibilite.cheminement_ext_nombre_marches == 42 assert accessibilite.cheminement_ext_sens_marches == "descendant" assert accessibilite.cheminement_ext_reperage_marches is True assert accessibilite.cheminement_ext_main_courante is True assert accessibilite.cheminement_ext_rampe == "aucune" assert accessibilite.cheminement_ext_pente_presence is True assert accessibilite.cheminement_ext_pente_degre_difficulte == "légère" assert accessibilite.cheminement_ext_pente_longueur == "courte" assert accessibilite.cheminement_ext_devers == "aucun" assert accessibilite.cheminement_ext_bande_guidage is True assert accessibilite.cheminement_ext_retrecissement is True assert_redirect(response, "/contrib/entree/test-erp/") assert response.status_code == 200 # Entree response = client.post( reverse("contrib_entree", kwargs={"erp_slug": erp.slug}), data={ "entree_reperage": True, "entree_vitree": True, "entree_vitree_vitrophanie": True, "entree_plain_pied": False, "entree_ascenseur": True, "entree_marches": 42, "entree_marches_sens": "descendant", "entree_marches_reperage": True, "entree_marches_main_courante": True, "entree_marches_rampe": "aucune", "entree_balise_sonore": True, "entree_dispositif_appel": True, "entree_dispositif_appel_type": ["bouton", "visiophone"], "entree_aide_humaine": True, "entree_largeur_mini": 80, "entree_pmr": True, "entree_pmr_informations": "blah", }, follow=True, ) accessibilite = Accessibilite.objects.get(erp__slug=erp.slug) assert accessibilite.entree_reperage is True assert accessibilite.entree_vitree is True assert accessibilite.entree_vitree_vitrophanie is True assert accessibilite.entree_plain_pied is False assert accessibilite.entree_ascenseur is True assert accessibilite.entree_marches == 42 assert accessibilite.entree_marches_sens == "descendant" assert accessibilite.entree_marches_reperage is True assert accessibilite.entree_marches_main_courante is True assert accessibilite.entree_marches_rampe == "aucune" assert accessibilite.entree_balise_sonore is True assert accessibilite.entree_dispositif_appel is True assert accessibilite.entree_dispositif_appel_type == [ "bouton", "visiophone" ] assert accessibilite.entree_aide_humaine is True assert accessibilite.entree_largeur_mini == 80 assert accessibilite.entree_pmr is True assert accessibilite.entree_pmr_informations == "blah" assert_redirect(response, "/contrib/accueil/test-erp/") assert response.status_code == 200 # Accueil response = client.post( reverse("contrib_accueil", kwargs={"erp_slug": erp.slug}), data={ "accueil_visibilite": True, "accueil_personnels": "aucun", "accueil_equipements_malentendants_presence": True, "accueil_equipements_malentendants": ["bim", "lsf"], "accueil_cheminement_plain_pied": False, "accueil_cheminement_ascenseur": True, "accueil_cheminement_nombre_marches": 42, "accueil_cheminement_sens_marches": "descendant", "accueil_cheminement_reperage_marches": True, "accueil_cheminement_main_courante": True, "accueil_cheminement_rampe": "aucune", "accueil_retrecissement": True, }, follow=True, ) accessibilite = Accessibilite.objects.get(erp__slug=erp.slug) assert accessibilite.accueil_visibilite is True assert accessibilite.accueil_personnels == "aucun" assert accessibilite.accueil_equipements_malentendants_presence is True assert accessibilite.accueil_equipements_malentendants == ["bim", "lsf"] assert accessibilite.accueil_cheminement_plain_pied is False assert accessibilite.accueil_cheminement_ascenseur is True assert accessibilite.accueil_cheminement_nombre_marches == 42 assert accessibilite.accueil_cheminement_sens_marches == "descendant" assert accessibilite.accueil_cheminement_reperage_marches is True assert accessibilite.accueil_cheminement_main_courante is True assert accessibilite.accueil_cheminement_rampe == "aucune" assert accessibilite.accueil_retrecissement is True assert_redirect(response, "/contrib/sanitaires/test-erp/") assert response.status_code == 200 # Sanitaires response = client.post( reverse("contrib_sanitaires", kwargs={"erp_slug": erp.slug}), data={ "sanitaires_presence": True, "sanitaires_adaptes": 1, }, follow=True, ) accessibilite = Accessibilite.objects.get(erp__slug=erp.slug) assert accessibilite.sanitaires_presence is True assert accessibilite.sanitaires_adaptes == 1 assert_redirect(response, "/contrib/labellisation/test-erp/") assert response.status_code == 200 # Labels response = client.post( reverse("contrib_labellisation", kwargs={"erp_slug": erp.slug}), data={ "labels": ["th"], "labels_familles_handicap": ["visuel", "auditif"], "labels_autre": "X", }, follow=True, ) accessibilite = Accessibilite.objects.get(erp__slug=erp.slug) assert accessibilite.labels == ["th"] assert accessibilite.labels_familles_handicap == ["visuel", "auditif"] assert accessibilite.labels_autre == "X" assert_redirect(response, "/contrib/commentaire/test-erp/") assert response.status_code == 200 # Commentaire response = client.post( reverse("contrib_commentaire", kwargs={"erp_slug": erp.slug}), data={ "commentaire": "test commentaire", }, follow=True, ) accessibilite = Accessibilite.objects.get(erp__slug=erp.slug) assert accessibilite.commentaire == "test commentaire" assert_redirect(response, "/contrib/publication/test-erp/") assert response.status_code == 200 # Publication # Public user response = client.post( reverse("contrib_publication", kwargs={"erp_slug": erp.slug}), data={ "user_type": Erp.USER_ROLE_PUBLIC, "published": "on", "certif": "on", }, follow=True, ) erp = Erp.objects.get(slug=erp.slug, user_type=Erp.USER_ROLE_PUBLIC) assert erp.published is True assert_redirect(response, "/compte/erps/") assert response.status_code == 200 # Gestionnaire user response = client.post( reverse("contrib_publication", kwargs={"erp_slug": erp.slug}), data={ "user_type": Erp.USER_ROLE_GESTIONNAIRE, "registre_url": "http://www.google.com/", "published": "on", "certif": "on", }, follow=True, ) erp = Erp.objects.get(slug=erp.slug, user_type=Erp.USER_ROLE_GESTIONNAIRE) assert erp.published is True # FIXME: this performs an actual query, we should use a mock assert erp.accessibilite.registre_url == "http://www.google.com/" assert_redirect(response, "/compte/erps/") assert response.status_code == 200 # Administrative user response = client.post( reverse("contrib_publication", kwargs={"erp_slug": erp.slug}), data={ "user_type": Erp.USER_ROLE_ADMIN, "conformite": True, "published": "on", "certif": "on", }, follow=True, ) erp = Erp.objects.get(slug=erp.slug, user_type=Erp.USER_ROLE_ADMIN) assert erp.published is True assert erp.accessibilite.conformite is True assert_redirect(response, "/compte/erps/") assert response.status_code == 200
def test_ajout_erp_requires_auth(data, client): response = client.get(reverse("contrib_start"), follow=True) assert_redirect(response, "/compte/login/?next=/contrib/start/") assert response.status_code == 200 assert "registration/login.html" in [t.name for t in response.templates]
def test_update_username_anonymous(client, data): response = client.get(reverse("mon_identifiant"), follow=True) assert_redirect(response, "/compte/login/")