def test_authorisation(self): """ Only superuser or API users :return: """ url = reverse("wl_returns:api:data", kwargs={ 'return_type_pk': self.return_type.pk, 'resource_number': 0 }) customer = helpers.get_or_create_default_customer() officer = helpers.get_or_create_default_officer() assessor = helpers.get_or_create_default_assessor() api_user = helpers.get_or_create_api_user() self.assertTrue(is_api_user(api_user)) admin = helpers.create_random_customer() admin.is_superuser = True admin.save() self.assertTrue(is_api_user(admin)) client = helpers.SocialClient() forbidden = [customer, officer, assessor] for user in forbidden: client.login(user.email) self.assertEqual(client.get(url).status_code, status.HTTP_403_FORBIDDEN) client.logout() allowed = [admin, api_user] for user in allowed: client.login(user.email) self.assertEqual(client.get(url).status_code, status.HTTP_200_OK) client.logout()
def setUp(self): self.customer = helpers.get_or_create_default_customer() self.assertTrue(is_customer(self.customer)) self.officer = helpers.get_or_create_default_officer() self.assertTrue(is_officer(self.officer)) self.assessor = helpers.get_or_create_default_assessor() self.assertTrue(is_assessor(self.assessor)) self.client = helpers.SocialClient()
def setUp(self): self.customer = get_or_create_default_customer(include_default_profile=True) self.officer = get_or_create_default_officer() self.assessor = get_or_create_default_assessor() self.not_allowed_customer = create_random_customer() self.assertNotEqual(self.not_allowed_customer, self.customer) self.client = SocialClient() self.licence_type = get_or_create_licence_type('regulation-17') self.return_type = get_or_create_return_type(self.licence_type)
def setUp(self): self.customer = get_or_create_default_customer( include_default_profile=True) self.officer = get_or_create_default_officer() self.assessor = get_or_create_default_assessor() self.not_allowed_customer = create_random_customer() self.assertNotEqual(self.not_allowed_customer, self.customer) self.client = SocialClient() self.application = create_and_lodge_application(self.customer)
def setUp(self): self.client = main_helpers.SocialClient() self.user = main_helpers.get_or_create_default_customer() self.officer = main_helpers.get_or_create_default_officer() self.assessor = main_helpers.get_or_create_default_assessor() self.lodged_application = app_helpers.create_and_lodge_application( self.user, **{'data': { 'title': 'Lodged Application' }}) self.issued_application = app_helpers.create_and_lodge_application( self.user, **{'data': { 'title': 'Issued Application' }}) self.licence = app_helpers.issue_licence(self.issued_application, self.officer) self.assertIsNotNone(self.licence) self.issue_urls_get = [ { 'url': reverse('wl_applications:issue_licence', args=[self.lodged_application.pk]), 'data': None }, { 'url': reverse('wl_applications:reissue_licence', args=[self.licence.pk]), 'data': None }, { 'url': reverse('wl_applications:preview_licence', args=[self.issued_application.pk]), 'data': app_helpers.get_minimum_data_for_issuing_licence() }, ] self.issue_urls_post = [ { 'url': reverse('wl_applications:issue_licence', args=[self.lodged_application.pk]), 'data': app_helpers.get_minimum_data_for_issuing_licence() }, ]
def setUp(self): self.client = main_helpers.SocialClient() self.user = main_helpers.get_or_create_default_customer() self.officer = main_helpers.get_or_create_default_officer() self.assessor = main_helpers.get_or_create_default_assessor() self.lodged_application = app_helpers.create_and_lodge_application(self.user, **{ 'data': { 'title': 'Lodged Application' } }) self.issued_application = app_helpers.create_and_lodge_application(self.user, **{ 'data': { 'title': 'Issued Application' } }) self.licence = app_helpers.issue_licence(self.issued_application, self.officer) self.assertIsNotNone(self.licence) self.issue_urls_get = [ { 'url': reverse('wl_applications:issue_licence', args=[self.lodged_application.pk]), 'data': None }, { 'url': reverse('wl_applications:reissue_licence', args=[self.licence.pk]), 'data': None }, { 'url': reverse('wl_applications:preview_licence', args=[self.issued_application.pk]), 'data': app_helpers.get_minimum_data_for_issuing_licence() }, ] self.issue_urls_post = [ { 'url': reverse('wl_applications:issue_licence', args=[self.lodged_application.pk]), 'data': app_helpers.get_minimum_data_for_issuing_licence() }, ]
def test_assessor_access_normal(self): """ Test that an assessor can edit an assessment that belongs to their group """ assessor = get_or_create_default_assessor() self.client.login(assessor.email) # This assessor doesn't belong to a group self.assertTrue(is_assessor(assessor)) # add the assessor to the assessment group self.assertTrue( Assessment.objects.filter( application=self.application).count() > 0) for assessment in Assessment.objects.filter( application=self.application): add_assessor_to_assessor_group(assessor, assessment.assessor_group) # forbidden urls_get_forbidden = [ reverse('wl_applications:enter_conditions', args=[self.application.pk]), ] urls_post_forbidden = [ { 'url': reverse('wl_applications:create_condition', args=[self.application.pk]), 'data': { 'code': '123488374', 'text': 'condition text' } }, { 'url': reverse('wl_applications:set_assessment_condition_state'), 'data': { 'assessmentConditionID': self.assessment_condition.pk, 'acceptanceStatus': 'accepted', } }, { 'url': reverse('wl_applications:enter_conditions', args=[self.application.pk]), 'data': { 'conditionID': [self.condition.pk], } }, ] # Allowed urls_get_allowed = [ reverse('wl_applications:search_conditions'), reverse('wl_applications:enter_conditions_assessor', args=[self.application.pk, self.assessment.pk]), ] urls_post_allowed = [ { 'url': reverse('wl_applications:enter_conditions_assessor', args=[self.application.pk, self.assessment.pk]), 'data': { 'conditionID': [self.condition.pk], } }, ] for url in urls_get_forbidden: response = self.client.get(url, follow=True) if response.status_code != 403: self.assertRedirects(response, reverse('wl_dashboard:tables_assessor'), status_code=302, target_status_code=200) for url in urls_post_forbidden: response = self.client.post(url['url'], url['data'], follow=True) if response.status_code != 403: self.assertRedirects(response, reverse('wl_dashboard:tables_assessor'), status_code=302, target_status_code=200) for url in urls_get_allowed: response = self.client.get(url, follow=True) self.assertEqual(200, response.status_code) for url in urls_post_allowed: response = self.client.post(url['url'], url['data'], follow=True) self.assertEqual(200, response.status_code)
def test_assessor_access_normal(self): """ Test that an assessor can edit an assessment that belongs to their group """ assessor = get_or_create_default_assessor() self.client.login(assessor.email) # This assessor doesn't belong to a group self.assertTrue(is_assessor(assessor)) # add the assessor to the assessment group self.assertTrue(Assessment.objects.filter(application=self.application).count() > 0) for assessment in Assessment.objects.filter(application=self.application): add_assessor_to_assessor_group(assessor, assessment.assessor_group) # forbidden urls_get_forbidden = [ reverse('wl_applications:enter_conditions', args=[self.application.pk]), ] urls_post_forbidden = [ { 'url': reverse('wl_applications:create_condition', args=[self.application.pk]), 'data': { 'code': '123488374', 'text': 'condition text' } }, { 'url': reverse('wl_applications:set_assessment_condition_state'), 'data': { 'assessmentConditionID': self.assessment_condition.pk, 'acceptanceStatus': 'accepted', } }, { 'url': reverse('wl_applications:enter_conditions', args=[self.application.pk]), 'data': { 'conditionID': [self.condition.pk], } }, ] # Allowed urls_get_allowed = [ reverse('wl_applications:search_conditions'), reverse('wl_applications:enter_conditions_assessor', args=[self.application.pk, self.assessment.pk]), ] urls_post_allowed = [ { 'url': reverse('wl_applications:enter_conditions_assessor', args=[self.application.pk, self.assessment.pk]), 'data': { 'conditionID': [self.condition.pk], } }, ] for url in urls_get_forbidden: response = self.client.get(url, follow=True) if response.status_code != 403: self.assertRedirects(response, reverse('wl_dashboard:tables_assessor'), status_code=302, target_status_code=200) for url in urls_post_forbidden: response = self.client.post(url['url'], url['data'], follow=True) if response.status_code != 403: self.assertRedirects(response, reverse('wl_dashboard:tables_assessor'), status_code=302, target_status_code=200) for url in urls_get_allowed: response = self.client.get(url, follow=True) self.assertEqual(200, response.status_code) for url in urls_post_allowed: response = self.client.post(url['url'], url['data'], follow=True) self.assertEqual(200, response.status_code)