def test_user_access_other_user(self): """ Test that a user cannot edit/view another user application """ customer1 = create_random_customer() customer2 = create_random_customer() self.assertNotEqual(customer1, customer2) application1 = helpers.create_application(user=customer1) application2 = helpers.create_application(user=customer2) self.assertNotEqual(application1, application2) # login as user1 self.client.login(customer1.email) my_url = reverse('wl_applications:edit_application', args=[application1.pk]) response = self.client.get(my_url) self.assertEqual(302, response.status_code) forbidden_urls = [ reverse('wl_applications:edit_application', args=[application2.pk]), ] for forbidden_url in forbidden_urls: response = self.client.get(forbidden_url, follow=True) self.assertEqual(403, response.status_code)
def test_user_not_logged_is_redirected_to_login(self): """ A user not logged in should be redirected to the login page and not see a 403 """ customer1 = create_random_customer() self.client.login(customer1) self.client.get(reverse('wl_applications:new_application')) self.client.get(reverse('wl_applications:select_licence_type', args=(1,))) application = Application.objects.first() self.assertIsNotNone(application) # check that the state of the application is temp self.assertEqual(application.processing_status, 'temp') response = self.client.post(reverse('wl_applications:preview')) # check that client is redirected to checkout self.assertRedirects(response, reverse('wl_payments:checkout_application', args=(application.pk,)), status_code=302, target_status_code=200, fetch_redirect_response=False) application.refresh_from_db() # check that the state of the application is new/underreview self.assertEqual(application.processing_status, 'new') self.assertEqual('under_review', application.customer_status) # logout self.client.logout() response = self.client.get(reverse('wl_applications:edit_application', args=[application.pk]), follow=True) self.assertEqual(200, response.status_code) self.assertTrue(is_login_page(response))
def test_user_access_lodged(self): """ Once the application if lodged the user should not be able to edit it """ customer1 = create_random_customer() self.client.login(customer1) self.client.get(reverse('wl_applications:new_application')) self.client.get(reverse('wl_applications:select_licence_type', args=(1,))) application = Application.objects.first() self.assertIsNotNone(application) self.assertIsNotNone(application.applicant) # check that the state of the application is temp self.assertEqual(application.processing_status, 'temp') response = self.client.post(reverse('wl_applications:preview')) # check that client is redirected to checkout self.assertRedirects(response, reverse('wl_payments:checkout_application', args=(application.pk,)), status_code=302, target_status_code=200, fetch_redirect_response=False) application.refresh_from_db() # check that the state of the application is new/underreview self.assertEqual(application.processing_status, 'new') self.assertEqual('under_review', application.customer_status) response = self.client.get(reverse('wl_applications:edit_application', args=[application.pk]), follow=True) self.assertEqual(403, response.status_code)
def test_user_access_lodged(self): """ Once the application if lodged the user should not be able to edit it """ customer1 = create_random_customer() self.client.login(customer1) self.client.get(reverse('wl_applications:new_application')) self.client.get(reverse('wl_applications:select_licence_type', args=(1,))) application = Application.objects.first() self.assertIsNotNone(application) self.assertIsNotNone(application.applicant) # check that the state of the application is temp self.assertEqual(application.processing_status, 'temp') response = self.client.post(reverse('wl_applications:preview')) # check that client is redirected to checkout self.assertRedirects(response, reverse('wl_payments:checkout_application', args=(application.pk,)), status_code=302, target_status_code=200, fetch_redirect_response=False) # FIXME: simulate full checkout process instead of skipping self.client.get(reverse('wl_applications:complete')) application.refresh_from_db() # check that the state of the application is new/underreview self.assertEqual(application.processing_status, 'new') self.assertEqual('under_review', application.customer_status) response = self.client.get(reverse('wl_applications:edit_application', args=[application.pk]), follow=True) self.assertEqual(403, response.status_code)
def test_authorisation(self): """ Only superuser or API users :return: """ url = reverse("wl_returns:api:data", kwargs={ 'return_type_pk': self.return_type.pk, 'resource_number': 0 }) customer = helpers.get_or_create_default_customer() officer = helpers.get_or_create_default_officer() assessor = helpers.get_or_create_default_assessor() api_user = helpers.get_or_create_api_user() self.assertTrue(is_api_user(api_user)) admin = helpers.create_random_customer() admin.is_superuser = True admin.save() self.assertTrue(is_api_user(admin)) client = helpers.SocialClient() forbidden = [customer, officer, assessor] for user in forbidden: client.login(user.email) self.assertEqual(client.get(url).status_code, status.HTTP_403_FORBIDDEN) client.logout() allowed = [admin, api_user] for user in allowed: client.login(user.email) self.assertEqual(client.get(url).status_code, status.HTTP_200_OK) client.logout()
def setUp(self): self.customer = get_or_create_default_customer(include_default_profile=True) self.officer = get_or_create_default_officer() self.assessor = get_or_create_default_assessor() self.not_allowed_customer = create_random_customer() self.assertNotEqual(self.not_allowed_customer, self.customer) self.client = SocialClient() self.licence_type = get_or_create_licence_type('regulation-17') self.return_type = get_or_create_return_type(self.licence_type)
def setUp(self): self.customer = get_or_create_default_customer( include_default_profile=True) self.officer = get_or_create_default_officer() self.assessor = get_or_create_default_assessor() self.not_allowed_customer = create_random_customer() self.assertNotEqual(self.not_allowed_customer, self.customer) self.client = SocialClient() self.application = create_and_lodge_application(self.customer)
def create_application(user=None, **kwargs): if "applicant_profile" not in kwargs: if user is None: user = create_random_customer() kwargs["applicant_profile"] = create_profile(user) if "licence_type" not in kwargs: kwargs["licence_type"] = create_licence_type() if "data" not in kwargs: kwargs["data"] = {} application = mixer.blend(Application, **kwargs) return application
def create_application(user=None, **kwargs): if 'applicant_profile' not in kwargs: if user is None: user = create_random_customer() kwargs['applicant_profile'] = create_profile(user) if 'licence_type' not in kwargs: kwargs['licence_type'] = create_licence_type() if 'data' not in kwargs: kwargs['data'] = {} application = mixer.blend(Application, **kwargs) return application
def create_application(user=None, **kwargs): if user is None: user = create_random_customer() if 'applicant' not in kwargs: kwargs['applicant'] = user if 'applicant_profile' not in kwargs: kwargs['applicant_profile'] = create_profile(user) if 'licence_type' not in kwargs: kwargs['licence_type'] = get_or_create_licence_type() if 'data' not in kwargs: kwargs['data'] = {} application = G(Application, **kwargs) return application
def test_user_not_logged_is_redirected_to_login(self): """ A user not logged in should be redirected to the login page and not see a 403 """ customer1 = create_random_customer() application = helpers.create_application(user=customer1) self.assertEqual('draft', application.customer_status) my_urls = [ reverse('applications:edit_application', args=[application.licence_type.code, application.pk]), reverse('applications:enter_details_existing_application', args=[application.licence_type.code, application.pk]), reverse('applications:preview', args=[application.licence_type.code, application.pk]) ] for url in my_urls: response = self.client.get(url, follow=True) self.assertEqual(200, response.status_code, msg="Wrong status code {1} for {0}".format(url, response.status_code)) self.assertTrue(is_login_page(response)) # lodge the application self.client.login(customer1.email) url = reverse('applications:preview', args=[application.licence_type.code, application.pk]) session = self.client.session session['application'] = { 'customer_pk': customer1.pk, 'profile_pk': application.applicant_profile.pk, 'data': { 'project_title': 'Test' } } session.save() self.client.post(url) application.refresh_from_db() self.assertEqual('under_review', application.customer_status) # logout self.client.logout() for url in my_urls: response = self.client.get(url, follow=True) self.assertEqual(200, response.status_code) self.assertTrue(is_login_page(response))
def test_user_access_lodged(self): """ Once the application if lodged the user should not be able to edit it """ customer1 = create_random_customer() # login as user1 self.client.login(customer1.email) application = helpers.create_application(user=customer1) self.assertEqual('draft', application.customer_status) my_urls = [ reverse('wl_applications:edit_application', args=[application.licence_type.code_slug, application.pk]), reverse('wl_applications:enter_details_existing_application', args=[application.licence_type.code_slug, application.pk]), reverse('wl_applications:preview', args=[application.licence_type.code_slug, application.pk]) ] for url in my_urls: response = self.client.get(url, follow=True) self.assertEqual(200, response.status_code, msg="Wrong status code {1} for {0}".format(url, response.status_code)) # lodge the application url = reverse('wl_applications:preview', args=[application.licence_type.code_slug, application.pk]) session = self.client.session session['application'] = { 'customer_pk': customer1.pk, 'profile_pk': application.applicant_profile.pk, 'data': { 'project_title': 'Test' } } session.save() self.client.post(url) application.refresh_from_db() self.assertEqual('under_review', application.customer_status) for url in my_urls: response = self.client.get(url, follow=True) self.assertEqual(403, response.status_code)
def test_create_profile(self): user = create_random_customer() profile = create_profile(user) self.assertIsNotNone(profile) self.assertEquals(user, profile.user) self.assertEquals(profile, user.profile_set.first())
def test_create_profile(self): user = create_random_customer() profile = create_profile(user) self.assertIsNotNone(profile) self.assertEquals(user, profile.user) self.assertEquals(profile, user.profiles.first())