def test_audited_cannot_download_questionnaire_file_if_draft(client): questionnaire = factories.QuestionnaireFactory(is_draft=True) user = utils.make_audited_user(questionnaire.control) utils.login(client, user=user) url = reverse('send-questionnaire-file', args=[questionnaire.id]) response = client.get(url) assert response.status_code == 404
def test_send_response_file_list_does_not_contais_files_from_other_questionnaire( client): response_file_1 = factories.ResponseFileFactory(is_deleted=False) questionnaire_1 = response_file_1.question.theme.questionnaire questionnaire_1.is_draft = False questionnaire_1.save() assert not questionnaire_1.is_draft # Questionnaire 2 in same control as questionnaire 1 questionnaire_2 = factories.QuestionnaireFactory( control=questionnaire_1.control) questionnaire_2.is_draft = False questionnaire_2.save() assert not questionnaire_2.is_draft theme_2 = factories.ThemeFactory(questionnaire=questionnaire_2) question_2 = factories.QuestionFactory(theme=theme_2) response_file_2 = factories.ResponseFileFactory(is_deleted=False, question=question_2) user = utils.make_audited_user(questionnaire_1.control) files = get_files_for_export(questionnaire_1) assert len(files) == 1 assert files[0].file.name == response_file_1.file.name
def test_can_access_question_api_if_control_is_associated_with_the_user(): question = factories.QuestionFactory() questionnaire = question.theme.questionnaire questionnaire.is_draft = False questionnaire.save() user = utils.make_audited_user(questionnaire.control) assert get_question(user, question.id).status_code == 200
def test_can_get_users_of_control_if_control_belongs_to_user(): control = factories.ControlFactory() inspector = utils.make_inspector_user(control) audited = utils.make_audited_user(control) assert get_users_of_control(inspector, control).status_code == 200 assert get_users_of_control(audited, control).status_code == 200
def test_send_response_file_list_has_files_in_order_of_question_numbering( client): question_1 = factories.QuestionFactory() question_2 = factories.QuestionFactory(theme=question_1.theme) assert question_1.numbering < question_2.numbering response_file_3 = factories.ResponseFileFactory(question=question_2, is_deleted=False) response_file_1 = factories.ResponseFileFactory(question=question_1, is_deleted=False) response_file_2 = factories.ResponseFileFactory(question=question_1, is_deleted=False) assert response_file_1.file.name != response_file_2.file.name assert response_file_1.file.name != response_file_3.file.name assert response_file_2.file.name != response_file_3.file.name questionnaire = response_file_1.question.theme.questionnaire questionnaire.is_draft = False questionnaire.save() assert not questionnaire.is_draft user = utils.make_audited_user(questionnaire.control) files = get_files_for_export(questionnaire) assert len(files) == 3 assert files[0].file.name == response_file_1.file.name assert files[1].file.name == response_file_2.file.name assert files[2].file.name == response_file_3.file.name
def test_can_get_response_file_if_control_is_associated_with_the_user(): response_file = factories.ResponseFileFactory() user = utils.make_audited_user(response_file.question.theme.questionnaire.control) response = get_response_file(user, response_file.id) assert response.status_code == 200
def test_cannot_get_users_of_control_if_control_does_not_belong_to_user(): control = factories.ControlFactory() inspector = utils.make_inspector_user() audited = utils.make_audited_user() assert get_users_of_control(inspector, control).status_code == 404 assert get_users_of_control(audited, control).status_code == 404
def test_cannot_get_users_of_control_if_control_is_deleted(): control = factories.ControlFactory() inspector = utils.make_inspector_user(control) audited = utils.make_audited_user(control) control.delete() assert get_users_of_control(inspector, control).status_code == 404 assert get_users_of_control(audited, control).status_code == 404
def test_send_response_file_list_fails_for_draft_questionnaire_for_audited( client): questionnaire = factories.QuestionnaireFactory(is_draft=True) user = utils.make_audited_user(questionnaire.control) response = get_response_list(client, user, questionnaire.id) assert response.status_code != 200
def test_send_response_file_list_works_for_audited_if_the_control_is_associated_with_the_user( client): questionnaire = factories.QuestionnaireFactory(is_draft=False) user = utils.make_audited_user(questionnaire.control) response = get_response_list(client, user, questionnaire.id) assert response.status_code == 200
def test_cannot_trash_response_file_if_control_is_deleted(): response_file = factories.ResponseFileFactory() user = utils.make_audited_user( response_file.question.theme.questionnaire.control) payload = {"is_deleted": "true"} response_file.question.theme.questionnaire.control.delete() response = trash_response_file(user, response_file.id, payload) assert response.status_code == 404
def test_cannot_get_response_file_if_control_is_not_associated_with_the_user(): response_file = factories.ResponseFileFactory() control = factories.ControlFactory() user = utils.make_audited_user(control) response = get_response_file(user, response_file.id) assert 400 <= response.status_code <= 499
def test_audited_cannot_delete_theme_from_draft_questionnaire(): theme = factories.ThemeFactory() audited_user = utils.make_audited_user(theme.questionnaire.control) theme.questionnaire.is_draft = True theme.questionnaire.save() assert Questionnaire.objects.get(id=theme.questionnaire.id).is_draft assert delete_theme(audited_user, theme.id).status_code == 403
def test_cannot_retrieve_theme_even_if_user_belongs_to_control(): theme = factories.ThemeFactory() audited_user = utils.make_audited_user(theme.questionnaire.control) inspector_user = utils.make_inspector_user(theme.questionnaire.control) theme.questionnaire.is_draft = False theme.questionnaire.save() assert get_theme(audited_user, theme.id).status_code == 405 assert get_theme(inspector_user, theme.id).status_code == 405
def test_draft_questionnaire_is_not_listed_in_controls_data_if_user_is_audited(): control = factories.ControlFactory() factories.QuestionnaireFactory(control=control, is_draft=False, title='MUST BE LISTED') factories.QuestionnaireFactory(control=control, is_draft=True, title='MUST NOT BE LISTED') user = utils.make_audited_user(control) response = list_control(user) assert response.status_code == 200 assert 'MUST BE LISTED' in str(response.content) assert 'MUST NOT BE LISTED' not in str(response.content)
def test_cannot_untrash_a_file(): response_file = factories.ResponseFileFactory(is_deleted=True) user = utils.make_audited_user(response_file.question.theme.questionnaire.control) payload = { "is_deleted": "false" } response = trash_response_file(user, response_file.id, payload) assert 400 <= response.status_code < 500 assert ResponseFile.objects.get(id=response_file.id).is_deleted
def test_send_response_file_list_fails_for_audited_if_the_control_is_not_associated_with_the_user( client): questionnaire = factories.QuestionnaireFactory(is_draft=False) unauthorized_control = factories.ControlFactory() user = utils.make_audited_user(unauthorized_control) response = get_response_list(client, user, questionnaire.id) assert response.status_code != 200
def test_cannot_delete_theme_if_questionnaire_is_published(): theme = factories.ThemeFactory() audited_user = utils.make_audited_user(theme.questionnaire.control) inspector_user = utils.make_inspector_user(theme.questionnaire.control) theme.questionnaire.is_draft = False theme.questionnaire.save() assert delete_theme(audited_user, theme.id).status_code == 403 assert delete_theme(inspector_user, theme.id).status_code == 405
def test_cannot_trash_response_file_if_control_is_not_associated_with_the_user(): response_file = factories.ResponseFileFactory() control = factories.ControlFactory() user = utils.make_audited_user(control) payload = { "is_deleted": "true" } response = trash_response_file(user, response_file.id, payload) assert 400 <= response.status_code <= 499
def test_trashing_keeps_the_same_basename(): response_file = factories.ResponseFileFactory() basename_before = response_file.basename user = utils.make_audited_user(response_file.question.theme.questionnaire.control) payload = { "is_deleted": "true" } trash_response_file(user, response_file.id, payload) basename_after = ResponseFile.objects.get(id=response_file.id).basename assert basename_after == basename_before
def test_trashing_logs_an_action(): response_file = factories.ResponseFileFactory() user = utils.make_audited_user(response_file.question.theme.questionnaire.control) payload = { "is_deleted": "true" } assert not Action.objects.filter(verb__contains="trashed response-file").exists() trash_response_file(user, response_file.id, payload) assert Action.objects.filter(verb__contains="trashed response-file").exists() action = Action.objects.filter(verb__contains="trashed response-file").last() assert action.actor_object_id == str(user.id) assert action.target_object_id == str(response_file.id)
def test_audited_cannot_access_api(): control = factories.ControlFactory() user = utils.make_audited_user(control) questionnaire = factories.QuestionnaireFactory(control=control, is_draft=True, editor=user) assert_questionnaire_has_editor(questionnaire, user) response = call_api(user, questionnaire.id, user.id) assert 400 <= response.status_code < 500 assert_questionnaire_has_editor(questionnaire, user)
def __init__(self, client): questionnaire = factories.QuestionnaireFactory(is_draft=False) self.filename = questionnaire.basename user = utils.make_audited_user(questionnaire.control) utils.login(client, user=user) url = reverse('send-questionnaire-file', args=[questionnaire.id]) self.response = client.get(url)
def test_download_question_file_fails_if_the_control_is_not_associated_with_the_user( client): question_file = factories.QuestionFileFactory() unauthorized_control = factories.ControlFactory() assert unauthorized_control != question_file.question.theme.questionnaire.control user = utils.make_audited_user(unauthorized_control) utils.login(client, user=user) url = reverse('send-question-file', args=[question_file.id]) response = client.get(url) assert response.status_code != 200
def test_as_auditor_questionnaire_is_not_listed_if_not_associated_with_user_control(): control_in = factories.ControlFactory() control_out = factories.ControlFactory() factories.QuestionnaireFactory(control=control_in, is_draft=False, title='MUST BE LISTED') factories.QuestionnaireFactory(control=control_out, is_draft=False, title='MUST NOT BE LISTED') user = utils.make_audited_user(control_in) response = list_control(user) assert response.status_code == 200 assert 'MUST BE LISTED' in str(response.content) assert 'MUST NOT BE LISTED' not in str(response.content)
def test_can_access_questionnaire_api_if_control_is_associated_with_the_user(): questionnaire = factories.QuestionnaireFactory() audited_user = utils.make_audited_user(questionnaire.control) # get assert get_questionnaire(audited_user, questionnaire.id).status_code == 200 # create inspector_user = utils.make_inspector_user(questionnaire.control) payload = make_create_payload(questionnaire.control.id) assert create_questionnaire(inspector_user, payload).status_code == 201
def test_send_response_file_list_does_not_contain_deleted_file(client): response_file = factories.ResponseFileFactory(is_deleted=True) questionnaire = response_file.question.theme.questionnaire questionnaire.is_draft = False questionnaire.save() assert not questionnaire.is_draft user = utils.make_audited_user(questionnaire.control) files = get_files_for_export(questionnaire) assert len(files) == 0
def test_audited_cannot_trash_response_file_if_already_deleted(): response_file = factories.ResponseFileFactory(is_deleted=True) user = utils.make_audited_user( response_file.question.theme.questionnaire.control) payload = {"is_deleted": "true"} assert ResponseFile.objects.get(id=response_file.id).is_deleted response = trash_response_file(user, response_file.id, payload) assert response.status_code == 400 assert ResponseFile.objects.get(id=response_file.id).is_deleted
def test_audited_cannot_update_theme(): theme = factories.ThemeFactory() user = utils.make_audited_user(theme.questionnaire.control) # Audited cannot update draft questionnaire theme.questionnaire.is_draft = True theme.questionnaire.save() assert 400 <= update_theme(user, make_update_theme_payload(theme)).status_code < 500 # Audited cannot update published questionnaire theme.questionnaire.is_draft = False theme.questionnaire.save() assert 400 <= update_theme(user, make_update_theme_payload(theme)).status_code < 500
def test_audited_cannot_update_published_questionnaire(): # In fact, draft or not, audited should not be able to update at all increment_ids() control = factories.ControlFactory() user = utils.make_audited_user(control) questionnaire = factories.QuestionnaireFactory(is_draft=False, control=control, editor=user) payload = make_update_payload(questionnaire) # Here we are trying to update a questionnaire that's already published response = update_questionnaire(user, payload) assert 400 <= response.status_code < 500