def get_user_home_url(user): if accounts_helpers.is_officer(user): return '/dashboard/officer' elif accounts_helpers.is_assessor(user): return '/dashboard/tables/assessor' return '/dashboard/tables/customer'
def setUp(self): self.customer = helpers.get_or_create_default_customer() self.assertTrue(is_customer(self.customer)) self.officer = helpers.get_or_create_default_officer() self.assertTrue(is_officer(self.officer)) self.assessor = helpers.get_or_create_default_assessor() self.assertTrue(is_assessor(self.assessor)) self.client = helpers.SocialClient()
def test_create_default_assessor(self): user = get_or_create_default_assessor() self.assertIsNotNone(user) self.assertTrue(isinstance(user, EmailUser)) self.assertEqual(TestData.DEFAULT_ASSESSOR['email'], user.email) self.assertTrue(accounts_helpers.is_assessor(user)) # test that we can login self.client.login(user.email) is_client_authenticated(self.client)
def get(self, *args, **kwargs): if self.request.user.is_authenticated(): if is_officer(self.request.user): return redirect('wl_dashboard:tree_officer') elif is_assessor(self.request.user): return redirect('wl_dashboard:tables_assessor') return redirect('wl_dashboard:tables_customer') else: kwargs['form'] = LoginForm return super(DashBoardRoutingView, self).get(*args, **kwargs)
def test_func(self): """ implementation of the UserPassesTestMixin test_func """ user = self.request.user if not user.is_authenticated(): return False if not is_assessor(user): return False assessment = self.get_assessment() return assessment is not None and assessment.assessor_group in get_user_assessor_groups(user)
def test_func(self): """ implementation of the UserPassesTestMixin test_func """ user = self.request.user if not user.is_authenticated(): return False if is_officer(user) or is_assessor(user): return True application = self.get_application() if application is not None: return application.applicant == user and application.can_user_view else: return True
def test_func(self): """ implementation of the UserPassesTestMixin test_func """ user = self.request.user if not user.is_authenticated(): self.raise_exception = False return False self.raise_exception = True if not is_assessor(user): return False assessment = self.get_assessment() return assessment is not None and assessment.assessor_group in get_user_assessor_groups( user)
def get(self, *args, **kwargs): if self.request.user.is_authenticated(): if (not self.request.user.first_name) or (not self.request.user.last_name) or (not self.request.user.dob): messages.info(self.request, 'Welcome! As this is your first time using the website, please enter your full name and date of birth.') return redirect('wl_main:edit_account') if is_officer(self.request.user): return redirect('wl_dashboard:tree_officer') elif is_assessor(self.request.user): return redirect('wl_dashboard:tables_assessor') return redirect('wl_dashboard:tables_customer') else: kwargs['form'] = LoginForm return super(DashBoardRoutingView, self).get(*args, **kwargs)
def test_assessor_access_normal(self): """ Test that an assessor can edit an assessment that belongs to their group """ assessor = get_or_create_default_assessor() self.client.login(assessor.email) # This assessor doesn't belong to a group self.assertTrue(is_assessor(assessor)) # add the assessor to the assessment group self.assertTrue( Assessment.objects.filter( application=self.application).count() > 0) for assessment in Assessment.objects.filter( application=self.application): add_assessor_to_assessor_group(assessor, assessment.assessor_group) # forbidden urls_get_forbidden = [ reverse('wl_applications:enter_conditions', args=[self.application.pk]), ] urls_post_forbidden = [ { 'url': reverse('wl_applications:create_condition', args=[self.application.pk]), 'data': { 'code': '123488374', 'text': 'condition text' } }, { 'url': reverse('wl_applications:set_assessment_condition_state'), 'data': { 'assessmentConditionID': self.assessment_condition.pk, 'acceptanceStatus': 'accepted', } }, { 'url': reverse('wl_applications:enter_conditions', args=[self.application.pk]), 'data': { 'conditionID': [self.condition.pk], } }, ] # Allowed urls_get_allowed = [ reverse('wl_applications:search_conditions'), reverse('wl_applications:enter_conditions_assessor', args=[self.application.pk, self.assessment.pk]), ] urls_post_allowed = [ { 'url': reverse('wl_applications:enter_conditions_assessor', args=[self.application.pk, self.assessment.pk]), 'data': { 'conditionID': [self.condition.pk], } }, ] for url in urls_get_forbidden: response = self.client.get(url, follow=True) if response.status_code != 403: self.assertRedirects(response, reverse('wl_dashboard:tables_assessor'), status_code=302, target_status_code=200) for url in urls_post_forbidden: response = self.client.post(url['url'], url['data'], follow=True) if response.status_code != 403: self.assertRedirects(response, reverse('wl_dashboard:tables_assessor'), status_code=302, target_status_code=200) for url in urls_get_allowed: response = self.client.get(url, follow=True) self.assertEqual(200, response.status_code) for url in urls_post_allowed: response = self.client.post(url['url'], url['data'], follow=True) self.assertEqual(200, response.status_code)
def test_func(self): user = self.request.user return is_officer(user) or is_assessor(user)
def test_func(self): return is_assessor(self.request.user)
def test_assessor_access_normal(self): """ Test that an assessor can edit an assessment that belongs to their group """ assessor = get_or_create_default_assessor() self.client.login(assessor.email) # This assessor doesn't belong to a group self.assertTrue(is_assessor(assessor)) # add the assessor to the assessment group self.assertTrue(Assessment.objects.filter(application=self.application).count() > 0) for assessment in Assessment.objects.filter(application=self.application): add_assessor_to_assessor_group(assessor, assessment.assessor_group) # forbidden urls_get_forbidden = [ reverse('applications:enter_conditions', args=[self.application.pk]), ] urls_post_forbidden = [ { 'url': reverse('applications:create_condition'), 'data': { 'code': '123488374', 'text': 'condition text' } }, { 'url': reverse('applications:set_assessment_condition_state'), 'data': { 'assessmentConditionID': self.assessment_condition.pk, 'acceptanceStatus': 'accepted', } }, { 'url': reverse('applications:submit_conditions', args=[self.application.pk]), 'data': { 'conditionID': [self.condition.pk], } }, ] # Allowed urls_get_allowed = [ reverse('applications:search_conditions'), reverse('applications:enter_conditions_assessor', args=[self.application.pk, self.assessment.pk]), ] urls_post_allowed = [ { 'url': reverse('applications:submit_conditions_assessor', args=[self.application.pk, self.assessment.pk]), 'data': { 'conditionID': [self.condition.pk], } }, ] for url in urls_get_forbidden: response = self.client.get(url, follow=True) if response.status_code != 403: self.assertRedirects(response, reverse('dashboard:tables_assessor'), status_code=302, target_status_code=200) for url in urls_post_forbidden: response = self.client.post(url['url'], url['data'], follow=True) if response.status_code != 403: self.assertRedirects(response, reverse('dashboard:tables_assessor'), status_code=302, target_status_code=200) for url in urls_get_allowed: response = self.client.get(url, follow=True) self.assertEqual(200, response.status_code) for url in urls_post_allowed: response = self.client.post(url['url'], url['data'], follow=True) self.assertEqual(200, response.status_code)
def test_assessor_access_limited(self): """ Test that an assessor cannot edit an assessment that doesn't belong to their group All accessor can search conditions """ assessor = get_or_create_default_assessor() self.client.login(assessor.email) # This assessor doesn't belong to a group self.assertTrue(is_assessor(assessor)) self.assertFalse(get_user_assessor_groups(assessor)) # forbidden urls_get_forbidden = [ reverse('wl_applications:enter_conditions', args=[self.application.pk]), reverse('wl_applications:enter_conditions_assessor', args=[self.application.pk, self.assessment.pk]), ] urls_post_forbidden = [ { 'url': reverse('wl_applications:create_condition'), 'data': { 'code': '123488374', 'text': 'condition text' } }, { 'url': reverse('wl_applications:set_assessment_condition_state'), 'data': { 'assessmentConditionID': self.assessment_condition.pk, 'acceptanceStatus': 'accepted', } }, { 'url': reverse('wl_applications:enter_conditions', args=[self.application.pk]), 'data': { 'conditionID': [self.condition.pk], } }, { 'url': reverse('wl_applications:enter_conditions_assessor', args=[self.application.pk, self.assessment.pk]), 'data': { 'conditionID': [self.condition.pk], } }, ] # Allowed urls_get_allowed = [ reverse('wl_applications:search_conditions') ] urls_post_allowed = [ ] for url in urls_get_forbidden: response = self.client.get(url, follow=True) if response.status_code != 403: self.assertRedirects(response, reverse('wl_dashboard:tables_assessor'), status_code=302, target_status_code=200) for url in urls_post_forbidden: response = self.client.post(url['url'], url['data'], follow=True) if response.status_code != 403: self.assertRedirects(response, reverse('wl_dashboard:tables_assessor'), status_code=302, target_status_code=200) for url in urls_get_allowed: response = self.client.get(url, follow=True) self.assertEqual(200, response.status_code) for url in urls_post_allowed: response = self.client.post(url['url'], url['data'], follow=True) self.assertEqual(200, response.status_code)