class TestStatusLifeCycle(TestCase):
fixtures = ['licences.json']
def setUp(self):
self.client = SocialClient()
self.officer = get_or_create_default_officer()
self.user = get_or_create_default_customer()
self.assertNotEqual(self.officer, self.user)
def tearDown(self):
self.client.logout()
clear_mailbox()
clear_all_id_files()
def test_id_update(self):
"""
Test that when an ID update is required and the users update their ID the customer and id status are correctly
updated
"""
application = create_and_lodge_application(self.user)
self.client.login(self.officer.email)
self.assertTrue(is_client_authenticated(self.client))
clear_mailbox()
data = {
'officer': self.officer.pk,
'application': application.pk,
'reason': IDRequest.REASON_CHOICES[0][0],
'text': 'you to upload an ID.'
}
url = reverse('wl_applications:id_request')
self.assertFalse(is_email())
response = self.client.post(url, data)
self.assertEqual(200, response.status_code)
resp_data = json.loads(response.content.decode('utf8'))
self.assertIn('id_check_status', resp_data)
self.assertIn('processing_status', resp_data)
application.refresh_from_db()
self.assertEqual('id_required', application.customer_status)
self.assertEqual('awaiting_update', application.id_check_status)
self.assertEqual('awaiting_applicant_response',
application.processing_status)
self.assertTrue(is_email())
email = get_email()
self.assertIn(application.applicant_profile.email, email.to)
self.assertEqual(ApplicationIDUpdateRequestedEmail.subject,
email.subject)
# now user upload ID
self.client.logout()
self.assertIsNone(self.user.identification)
self.client.login(self.user.email)
self.assertTrue(is_client_authenticated(self.client))
self.client.get(reverse('wl_main:identification'))
upload_id(self.user)
self.user.refresh_from_db()
self.assertIsNotNone(self.user.identification)
application.refresh_from_db()
self.assertEqual('updated', application.id_check_status)
self.assertEqual('under_review', application.customer_status)
self.assertEqual('ready_for_action', application.processing_status)
class TestStatusLifeCycle(TestCase):
fixtures = ['licences.json']
def setUp(self):
self.client = SocialClient()
self.officer = get_or_create_default_officer()
self.user = get_or_create_default_customer()
self.assertNotEqual(self.officer, self.user)
def tearDown(self):
self.client.logout()
clear_mailbox()
clear_all_id_files()
def test_id_update(self):
"""
Test that when an ID update is required and the users update their ID the customer and id status are correctly
updated
"""
application = create_and_lodge_application(self.user)
self.client.login(self.officer.email)
self.assertTrue(is_client_authenticated(self.client))
clear_mailbox()
data = {
'officer': self.officer.pk,
'application': application.pk,
'reason': IDRequest.REASON_CHOICES[0][0],
'text': 'you to upload an ID.'
}
url = reverse('wl_applications:id_request')
self.assertFalse(is_email())
response = self.client.post(url, data)
self.assertEqual(200, response.status_code)
resp_data = json.loads(response.content.decode('utf8'))
self.assertIn('id_check_status', resp_data)
self.assertIn('processing_status', resp_data)
application.refresh_from_db()
self.assertEqual('id_required', application.customer_status)
self.assertEqual('awaiting_update', application.id_check_status)
self.assertEqual('awaiting_applicant_response', application.processing_status)
self.assertTrue(is_email())
email = get_email()
self.assertIn(application.applicant_profile.email, email.to)
self.assertEqual(ApplicationIDUpdateRequestedEmail.subject, email.subject)
# now user upload ID
self.client.logout()
self.assertIsNone(self.user.identification)
self.client.login(self.user.email)
self.assertTrue(is_client_authenticated(self.client))
self.client.get(reverse('wl_main:identification'))
upload_id(self.user)
self.user.refresh_from_db()
self.assertIsNotNone(self.user.identification)
application.refresh_from_db()
self.assertEqual('updated', application.id_check_status)
self.assertEqual('under_review', application.customer_status)
self.assertEqual('ready_for_action', application.processing_status)
def lodge_application(application):
"""
:param application:
"""
client = SocialClient()
client.login(application.applicant.email)
client.get(reverse('wl_applications:edit_application', args=[application.pk]))
url = reverse_lazy('wl_applications:preview')
client.post(url)
application.refresh_from_db()
client.logout()
return application
def lodge_application(application):
"""
:param application:
"""
client = SocialClient()
client.login(application.applicant.email)
client.get(
reverse('wl_applications:edit_application', args=[application.pk]))
url = reverse_lazy('wl_applications:preview')
client.post(url)
application.refresh_from_db()
client.logout()
return application
class ViewApplicationTestCase(TestCase):
fixtures = [
'licences.json', 'countries.json', 'catalogue.json', 'partner.json'
]
def setUp(self):
self.customer = get_or_create_default_customer(
include_default_profile=True)
self.officer = get_or_create_default_officer()
self.assessor = get_or_create_default_assessor()
self.not_allowed_customer = create_random_customer()
self.assertNotEqual(self.not_allowed_customer, self.customer)
self.client = SocialClient()
self.application = create_and_lodge_application(self.customer)
def tearDown(self):
self.client.logout()
def test_view_application_pdf(self):
"""
Testing that when a user requests the application as a pdf they are returned a response containing a pdf
"""
self.client.login(self.officer.email)
response = self.client.get(
reverse('wl_applications:view_application_pdf',
args=(self.application.pk, )))
self.assertEquals(response['content-type'], 'application/pdf')
def test_view_application_pdf_permissions(self):
"""
Testing that only officers, assessors and customer that owns the application can view the application pdf
"""
url = reverse('wl_applications:view_application_pdf',
args=(self.application.pk, ))
allowed = [self.officer, self.assessor, self.customer]
forbidden = [self.not_allowed_customer]
for user in allowed:
self.client.login(user.email)
response = self.client.get(url)
self.assertEqual(200, response.status_code)
self.client.logout()
for user in forbidden:
self.client.login(user.email)
response = self.client.get(url)
self.assertEqual(403, response.status_code)
self.client.logout()
def get_action_log(application):
client = SocialClient()
officer = get_or_create_default_officer()
client.login(officer.email)
url = reverse('wl_applications:action_list', args=[application.pk])
resp = client.get(url)
client.logout()
return resp.json()['data']
def get_action_log(application):
client = SocialClient()
officer = get_or_create_default_officer()
client.login(officer.email)
url = reverse('wl_applications:action_list', args=[application.pk])
resp = client.get(url)
client.logout()
return resp.json()['data']
class ApplicationEntryTestCase(TestCase):
fixtures = ['licences.json', 'catalogue.json', 'partner.json']
def setUp(self):
helpers.create_default_country()
self.customer = get_or_create_default_customer()
self.client = SocialClient()
self.licence_type = WildlifeLicenceType.objects.get(product_title='regulation-17')
self.licence_type.identification_required = True
self.licence_type.save()
def tearDown(self):
self.client.logout()
# clean id file
if self.customer.identification:
os.remove(self.customer.identification.path)
def test_new_application(self):
"""
Testing that a user can begin the process of creating an application
"""
self.client.login(self.customer.email)
original_application_count = Application.objects.count()
# check that client can access the licence type selection list
response = self.client.get(reverse('wl_applications:new_application'), follow=True)
self.assertRedirects(response, reverse('wl_applications:select_licence_type'),
status_code=302, target_status_code=200, fetch_redirect_response=False)
self.assertEquals(Application.objects.count(), original_application_count + 1)
application = Application.objects.get(pk=response.context['application'].id)
self.assertEquals(application.application_type, 'new_licence')
self.assertEqual(self.client.session['application_id'], application.id)
def test_edit_application(self):
"""
Testing that a user can edit an application that was either draft or requiring amendments
"""
application = helpers.create_application(user=self.customer)
application.customer_status = 'draft'
application.save()
application.refresh_from_db()
self.client.login(self.customer.email)
response = self.client.get(reverse('wl_applications:edit_application', args=(application.pk,)), follow=True)
# check that client will be redirected to the enter details page
self.assertRedirects(response, reverse('wl_applications:enter_details'), status_code=302,
target_status_code=200)
# check that the data contained in the context is the same as the application data
self.assertEquals(application.data, response.context['application'].data)
helpers.delete_application_session(self.client)
# check that an application that's not in an editable state can't be edited
application.customer_status = 'under_review'
application.save()
response = self.client.get(reverse('wl_applications:edit_application', args=(application.pk,)))
self.assertEqual(response.status_code, 403)
def test_renew_licence(self):
"""
Testing that a user can renew a licence and restart the application process based on the previous
licence's application data
"""
application = helpers.create_and_lodge_application(user=self.customer)
licence = helpers.issue_licence(application, licence_data = {
'end_date': date.today() + relativedelta(days=30),
'is_renewable': True
})
self.client.login(self.customer.email)
response = self.client.get(reverse('wl_applications:renew_licence', args=(licence.pk,)), follow=True)
# check that client will be redirected to the enter details page
self.assertRedirects(response, reverse('wl_applications:enter_details'), status_code=302,
target_status_code=200)
self.assertNotEquals(application.id, response.context['application'].id)
self.assertEquals(response.context['application'].application_type, 'renewal')
# check that the data contained in the context is the same as the application data
self.assertEquals(application.data, response.context['application'].data)
helpers.delete_application_session(self.client)
# check that a licence that isn't due to expire within 30 days is not cannot be renewed
application = helpers.create_and_lodge_application(user=self.customer)
licence = helpers.issue_licence(application, licence_data = {
'end_date': date.today() + relativedelta(days=31),
'is_renewable': True
})
response = self.client.get(reverse('wl_applications:renew_licence', args=(licence.pk,)), follow=True)
self.assertEqual(response.status_code, 403)
# check that a licence that isn't renewable cannot be renewed
application = helpers.create_and_lodge_application(user=self.customer)
licence = helpers.issue_licence(application, licence_data = {
'end_date': date.today() + relativedelta(days=30),
'is_renewable': False
})
response = self.client.get(reverse('wl_applications:renew_licence', args=(licence.pk,)), follow=True)
self.assertEqual(response.status_code, 403)
def test_amend_licence(self):
"""
Testing that a user can amend a licence and restart the application process based on the previous
licence's application data
"""
application = helpers.create_and_lodge_application(user=self.customer)
licence = helpers.issue_licence(application)
self.client.login(self.customer.email)
response = self.client.get(reverse('wl_applications:amend_licence', args=(licence.pk,)), follow=True)
# check that client will be redirected to the enter details page
self.assertRedirects(response, reverse('wl_applications:enter_details'), status_code=302,
target_status_code=200)
self.assertNotEquals(application.id, response.context['application'].id)
self.assertEquals(response.context['application'].application_type, 'amendment')
# check that the data contained in the context is the same as the application data
self.assertEquals(application.data, response.context['application'].data)
def test_select_licence_type(self):
"""
Testing that a user can display the licence type selection list
"""
self.client.login(self.customer.email)
self.client.get(reverse('wl_applications:new_application'))
# check that client can access the licence type selection list
response = self.client.get(reverse('wl_applications:select_licence_type'))
self.assertEqual(200, response.status_code)
# check that client can select a licence type the licence type selection list
response = self.client.get(reverse('wl_applications:select_licence_type', args=(self.licence_type.pk,)))
self.assertRedirects(response, reverse('wl_applications:check_identification'),
status_code=302, target_status_code=200, fetch_redirect_response=False)
def test_check_identification_required_no_current_id(self):
"""
Testing that a user can display the identification required page in the case the user has no
current identification, and upload an ID.
"""
self.client.login(self.customer.email)
self.client.get(reverse('wl_applications:new_application'))
self.client.get(reverse('wl_applications:select_licence_type', args=(self.licence_type.pk,)))
# check that client can access the identification required page
response = self.client.get(reverse('wl_applications:check_identification'))
self.assertEqual(200, response.status_code)
with open(TEST_ID_PATH, 'rb') as fp:
post_params = {
'identification_file': fp
}
response = self.client.post(reverse('wl_applications:check_identification'),
post_params, follow=True)
self.assertRedirects(response, reverse('wl_applications:create_select_profile'),
status_code=302, target_status_code=200, fetch_redirect_response=True)
# update customer
self.customer = EmailUser.objects.get(email=self.customer.email)
def test_check_identification_required_current_id(self):
"""
Testing that a user can display the identification required page in the case the user has a
current identification.
"""
self.client.login(self.customer.email)
self.client.get(reverse('wl_applications:new_application'))
self.client.get(reverse('wl_applications:select_licence_type', args=(self.licence_type.pk,)))
self.client.get(reverse('wl_applications:check_identification'))
with open(TEST_ID_PATH, 'rb') as fp:
self.customer.identification = Document.objects.create(name='test_id')
self.customer.identification.file.save('test_id.jpg', File(fp), save=True)
self.customer.save()
# check that client is redirected to profile creation / selection page
response = self.client.get(reverse('wl_applications:check_identification'), follow=True)
self.assertRedirects(response, reverse('wl_applications:create_select_profile'),
status_code=302, target_status_code=200, fetch_redirect_response=True)
def test_create_select_profile_create(self):
"""
Testing that a user can display the create / select profile page and create a profile
in the case the user has no profile
"""
self.client.login(self.customer.email)
original_profile_count = self.customer.profiles.count()
self.client.get(reverse('wl_applications:new_application'))
self.client.get(reverse('wl_applications:select_licence_type', args=(self.licence_type.pk,)))
# check that client can access the profile create/select page
response = self.client.get(reverse('wl_applications:create_select_profile'))
self.assertEqual(200, response.status_code)
# check there is not a profile selection form, meaning there is no profile
self.assertFalse('profile_selection_form' in response.context)
post_params = {
'user': self.customer.pk,
'name': 'Test Profile',
'email': '*****@*****.**',
'institution': 'Test Institution',
'line1': '1 Test Street',
'locality': 'Test Suburb',
'state': 'WA',
'country': 'AU',
'postcode': '0001',
'create': True
}
response = self.client.post(reverse('wl_applications:create_select_profile'), post_params)
# check that client is redirected to enter details page
self.assertRedirects(response, reverse('wl_applications:enter_details'),
status_code=302, target_status_code=200, fetch_redirect_response=False)
# check that a new profile was created
self.assertEqual(self.customer.profiles.count(), original_profile_count + 1)
# check the created profile has been set in the application
self.assertEquals(self.customer.profiles.first(), Application.objects.first().applicant_profile)
def test_create_select_profile_select(self):
"""
Testing that a user can display the create / select profile page and select a profile
in the case the user has one or more existing profiles
"""
self.client.login(self.customer.email)
self.client.get(reverse('wl_applications:new_application'))
self.client.get(reverse('wl_applications:select_licence_type', args=(self.licence_type.pk,)))
# create profiles
address1 = Address.objects.create(user=self.customer, line1='1 Test Street', locality='Test Suburb',
state='WA', postcode='0001')
profile1 = Profile.objects.create(user=self.customer, name='Test Profile', email='*****@*****.**',
institution='Test Institution', postal_address=address1)
address2 = Address.objects.create(user=self.customer, line1='2 Test Street', locality='Test Suburb',
state='WA', postcode='0001')
profile2 = Profile.objects.create(user=self.customer, name='Test Profile 2', email='*****@*****.**',
institution='Test Institution', postal_address=address2)
# check that client can access the profile create/select page
response = self.client.get(reverse('wl_applications:create_select_profile'))
self.assertEqual(200, response.status_code)
# check there is a profile selection form, meaning there at least one existing profile
self.assertTrue('profile_selection_form' in response.context)
post_params = {
'profile': profile2.pk,
'select': True
}
response = self.client.post(reverse('wl_applications:create_select_profile'), post_params)
# check that client is redirected to enter details page
self.assertRedirects(response, reverse('wl_applications:enter_details'),
status_code=302, target_status_code=200, fetch_redirect_response=False)
# check the created profile has been set in the application
self.assertEquals(profile2, Application.objects.first().applicant_profile)
def test_enter_details_draft(self):
"""
Testing that a user can enter the details of an application form and save as a draft
"""
self.client.login(self.customer.email)
self.client.get(reverse('wl_applications:new_application'))
self.client.get(reverse('wl_applications:select_licence_type', args=(self.licence_type.pk,)))
application = Application.objects.first()
# check that the state of the application is temp
self.assertEqual(application.processing_status, 'temp')
# check that client can access the enter details page
response = self.client.get(reverse('wl_applications:enter_details'))
self.assertEqual(200, response.status_code)
post_params = {
'project_title-0-0': 'Test Title',
'draft': True
}
response = self.client.post(reverse('wl_applications:enter_details'), post_params)
# check that client is redirected to the dashboard
self.assertRedirects(response, reverse('wl_dashboard:home'), status_code=302, target_status_code=200,
fetch_redirect_response=False)
application.refresh_from_db()
# check that the state of the application is draft
self.assertEqual(application.processing_status, 'draft')
# check that the state of the application is draft
self.assertEqual(application.data[0]['project_details'][0]['project_title'], 'Test Title')
def test_enter_details_draft_continue(self):
"""
Testing that a user can enter the details of an application form and save as a draft
and continue editing
"""
self.client.login(self.customer.email)
self.client.get(reverse('wl_applications:new_application'))
self.client.get(reverse('wl_applications:select_licence_type', args=(self.licence_type.pk,)))
application = Application.objects.first()
# check that the state of the application is temp
self.assertEqual(application.processing_status, 'temp')
# check that client can access the enter details page
response = self.client.get(reverse('wl_applications:enter_details'))
self.assertEqual(200, response.status_code)
post_params = {
'project_title-0-0': 'Test Title',
'draft_continue': True
}
response = self.client.post(reverse('wl_applications:enter_details'), post_params)
# check that client is redirected back to enter details page
self.assertRedirects(response, reverse('wl_applications:enter_details'),
status_code=302, target_status_code=200, fetch_redirect_response=False)
application.refresh_from_db()
# check that the state of the application is draft
self.assertEqual(application.processing_status, 'draft')
# check that the state of the application is draft
self.assertEqual(application.data[0]['project_details'][0]['project_title'], 'Test Title')
def test_enter_details_preview(self):
"""
Testing that a user can enter the details of an application form and that the data is
saved in the session for previewing
"""
self.client.login(self.customer.email)
self.client.get(reverse('wl_applications:new_application'))
self.client.get(reverse('wl_applications:select_licence_type', args=(self.licence_type.pk,)))
# check that client can access the enter details page
response = self.client.get(reverse('wl_applications:enter_details'))
self.assertEqual(200, response.status_code)
post_params = {
'project_title-0-0': 'Test Title',
'lodge': True
}
response = self.client.post(reverse('wl_applications:enter_details'), post_params)
# check that client is redirected to preview
self.assertRedirects(response, reverse('wl_applications:preview'),
status_code=302, target_status_code=200, fetch_redirect_response=False)
application = Application.objects.first()
# check that the state of the application is temp
self.assertEqual(application.processing_status, 'temp')
# check that the state of the application is draft
self.assertEqual(application.data[0]['project_details'][0]['project_title'], 'Test Title')
def test_preview_lodge(self):
"""
Testing that a user can preview the details of an application form then lodge the application
"""
self.client.login(self.customer.email)
self.client.get(reverse('wl_applications:new_application'))
self.client.get(reverse('wl_applications:select_licence_type', args=(self.licence_type.pk,)))
application = Application.objects.first()
self.assertIsNotNone(application.applicant)
# check that the state of the application is temp
self.assertEqual(application.processing_status, 'temp')
response = self.client.post(reverse('wl_applications:preview'))
# check that client is redirected to checkout
self.assertRedirects(response, reverse('wl_payments:checkout_application', args=(application.pk,)),
status_code=302, target_status_code=200, fetch_redirect_response=False)
# FIXME: simulate full checkout process instead of skipping
self.client.get(reverse('wl_applications:complete'))
application.refresh_from_db()
# check that the state of the application is new
self.assertEqual(application.processing_status, 'new')
def test_delete_application(self):
"""
Testing that when a user leaves the application entry workflow unexpectedly, the temporary application
and session application reference they were working with are deleted.
"""
self.client.login(self.customer.email)
response = self.client.get(reverse('wl_applications:new_application'), follow=True)
self.assertRedirects(response, reverse('wl_applications:select_licence_type'),
status_code=302, target_status_code=200, fetch_redirect_response=False)
application_id = response.context['application'].id
self.assertIn('application_id', self.client.session)
self.assertEqual(application_id, self.client.session['application_id'])
response = self.client.post(reverse('wl_applications:delete_application_session'), {
'applicationId': application_id
})
self.assertEqual(response.status_code, 200)
self.assertNotIn('application_id', self.client.session)
self.assertFalse(Application.objects.filter(pk=application_id).exists())
response = self.client.get(reverse('wl_applications:new_application'))
self.assertRedirects(response, reverse('wl_applications:select_licence_type'),
status_code=302, target_status_code=200, fetch_redirect_response=False)
def test_multiple_application_entry_denied(self):
"""
Testing the if a user is in the process of entering an application and attempts to start/edit/renew/amend
another application, they are redirected back to home
"""
entry_denied_message = ('There is currently another application in the process of being entered. Please ' +
'conclude or save this application before creating a new one. If you are seeing this ' +
'message and there is not another application being entered, you may need to '+
'<a href="{}">logout</a> and log in again.').format(reverse('accounts:logout'))
self.client.login(self.customer.email)
response = self.client.get(reverse('wl_applications:new_application'))
self.assertRedirects(response, reverse('wl_applications:select_licence_type'),
status_code=302, target_status_code=200, fetch_redirect_response=False)
# attempt to start another new licence application
response = self.client.get(reverse('wl_applications:new_application'), follow=True)
self.assertRedirects(response, reverse('wl_dashboard:tables_customer'),
status_code=302, target_status_code=200, fetch_redirect_response=False)
self.assertIn('messages', response.context)
self.assertEquals(len(response.context['messages']), 1)
self.assertEquals([str(m.message) for m in response.context['messages']][0], entry_denied_message)
application = helpers.create_application(user=self.customer)
# attempt to edit an application
response = self.client.get(reverse('wl_applications:edit_application', args=(application.pk, )), follow=True)
self.assertRedirects(response, reverse('wl_dashboard:tables_customer'),
status_code=302, target_status_code=200, fetch_redirect_response=False)
self.assertIn('messages', response.context)
self.assertEquals(len(response.context['messages']), 1)
self.assertEquals([str(m.message) for m in response.context['messages']][0], entry_denied_message)
application = helpers.create_and_lodge_application(user=self.customer)
licence = helpers.issue_licence(application, licence_data = {
'end_date': date.today() + relativedelta(days=30),
'is_renewable': True
})
# attempt to renew a licence
response = self.client.get(reverse('wl_applications:renew_licence', args=(licence.pk, )), follow=True)
self.assertRedirects(response, reverse('wl_dashboard:tables_customer'),
status_code=302, target_status_code=200, fetch_redirect_response=False)
self.assertIn('messages', response.context)
self.assertEquals(len(response.context['messages']), 1)
self.assertEquals([str(m.message) for m in response.context['messages']][0], entry_denied_message)
response = self.client.get(reverse('wl_applications:amend_licence', args=(licence.pk, )), follow=True )
# attempt to amend a licence
self.assertRedirects(response, reverse('wl_dashboard:tables_customer'),
status_code=302, target_status_code=200, fetch_redirect_response=False)
self.assertIn('messages', response.context)
self.assertEquals(len(response.context['messages']), 1)
self.assertEquals([str(m.message) for m in response.context['messages']][0], entry_denied_message)
class ApplicationEntrySecurity(TransactionTestCase):
fixtures = ['licences.json']
serialized_rollback = True
def setUp(self):
self.client = SocialClient()
def tearDown(self):
self.client.logout()
def test_user_access_other_user(self):
"""
Test that a user cannot edit/view another user application
"""
customer1 = create_random_customer()
customer2 = create_random_customer()
self.assertNotEqual(customer1, customer2)
application1 = helpers.create_application(user=customer1)
application2 = helpers.create_application(user=customer2)
self.assertNotEqual(application1, application2)
# login as user1
self.client.login(customer1.email)
my_url = reverse('wl_applications:edit_application', args=[application1.pk])
response = self.client.get(my_url)
self.assertEqual(302, response.status_code)
forbidden_urls = [
reverse('wl_applications:edit_application', args=[application2.pk]),
]
for forbidden_url in forbidden_urls:
response = self.client.get(forbidden_url, follow=True)
self.assertEqual(403, response.status_code)
def test_user_access_lodged(self):
"""
Once the application if lodged the user should not be able to edit it
"""
customer1 = create_random_customer()
self.client.login(customer1)
self.client.get(reverse('wl_applications:new_application'))
self.client.get(reverse('wl_applications:select_licence_type', args=(1,)))
application = Application.objects.first()
self.assertIsNotNone(application)
self.assertIsNotNone(application.applicant)
# check that the state of the application is temp
self.assertEqual(application.processing_status, 'temp')
response = self.client.post(reverse('wl_applications:preview'))
# check that client is redirected to checkout
self.assertRedirects(response, reverse('wl_payments:checkout_application', args=(application.pk,)),
status_code=302, target_status_code=200, fetch_redirect_response=False)
# FIXME: simulate full checkout process instead of skipping
self.client.get(reverse('wl_applications:complete'))
application.refresh_from_db()
# check that the state of the application is new/underreview
self.assertEqual(application.processing_status, 'new')
self.assertEqual('under_review', application.customer_status)
response = self.client.get(reverse('wl_applications:edit_application', args=[application.pk]), follow=True)
self.assertEqual(403, response.status_code)
def test_user_not_logged_is_redirected_to_login(self):
"""
A user not logged in should be redirected to the login page and not see a 403
"""
customer1 = create_random_customer()
self.client.login(customer1)
self.client.get(reverse('wl_applications:new_application'))
self.client.get(reverse('wl_applications:select_licence_type', args=(1,)))
application = Application.objects.first()
self.assertIsNotNone(application)
# check that the state of the application is temp
self.assertEqual(application.processing_status, 'temp')
response = self.client.post(reverse('wl_applications:preview'))
# check that client is redirected to checkout
self.assertRedirects(response, reverse('wl_payments:checkout_application', args=(application.pk,)),
status_code=302, target_status_code=200, fetch_redirect_response=False)
# FIXME: simulate full checkout process instead of skipping
self.client.get(reverse('wl_applications:complete'))
application.refresh_from_db()
# check that the state of the application is new/underreview
self.assertEqual(application.processing_status, 'new')
self.assertEqual('under_review', application.customer_status)
# logout
self.client.logout()
response = self.client.get(reverse('wl_applications:edit_application', args=[application.pk]), follow=True)
self.assertEqual(200, response.status_code)
self.assertTrue(is_login_page(response))
class AccountsTestCase(TestCase):
def setUp(self):
create_default_country()
self.customer = get_or_create_default_customer()
self.officer = get_or_create_default_officer()
self.client = SocialClient()
def tearDown(self):
self.client.logout()
# clean id file
if self.customer.identification:
os.remove(self.customer.identification.path)
def test_profile_list(self):
"""Testing that a user can display the profile list if they are a customer"""
self.client.login(self.customer.email)
# check that client can access the profile list
response = self.client.get(reverse('wl_main:list_profiles'))
self.assertEqual(200, response.status_code)
def test_profile_list_non_customer(self):
"""Testing that a user cannot display the profile list if they are not a customer"""
self.client.login(self.officer.email)
# check that client gets redirected if they try to access the profile list
response = self.client.get(reverse('wl_main:list_profiles'))
self.assertEqual(403, response.status_code)
def test_create_profile(self):
"""Testing that a user can create a profile"""
self.client.login(self.customer.email)
original_profile_count = Profile.objects.filter(user=self.customer).count()
# check that client can access the create profile page
response = self.client.get(reverse('wl_main:create_profile'))
self.assertEqual(200, response.status_code)
post_params = {
'user': self.customer.pk,
'name': 'Test Profile',
'email': '*****@*****.**',
'institution': 'Test Institution',
'line1': '1 Test Street',
'locality': 'Test Suburb',
'state': 'WA',
'country': 'AU',
'postcode': '0001'
}
response = self.client.post(reverse('wl_main:create_profile'), post_params)
self.assertEqual(302, response.status_code)
# check that a new profile has been created
self.assertEquals(Profile.objects.filter(user=self.customer).count(), original_profile_count + 1)
def test_edit_profile(self):
"""Testing that a user can edit an existing profile"""
self.client.login(self.customer.email)
# check no profile
self.assertEquals(0, Profile.objects.filter(user=self.customer).count())
# create original profile
# address = Address.objects.create(line1='1 Test Street', locality='Test Suburb', state='WA', postcode='0001')
# profile = Profile.objects.create(user=self.customer, name='Test Profile', email='*****@*****.**',
# institution='Test Institution', postal_address=address)
post_params = {
'user': self.customer.pk,
'name': 'Test Profile',
'email': '*****@*****.**',
'institution': 'Test Institution',
'line1': '1 Test Street',
'locality': 'Test Suburb',
'state': 'WA',
'country': 'AU',
'postcode': '0001'
}
response = self.client.post(reverse('wl_main:create_profile'), post_params)
self.assertEqual(302, response.status_code)
# check that one profile has been created
self.assertEquals(1, Profile.objects.filter(user=self.customer).count())
profile = Profile.objects.filter(user=self.customer).first()
# check that client can access the edit profile page
response = self.client.get(reverse('wl_main:edit_profile', args=(profile.pk,)))
self.assertEqual(200, response.status_code)
# updated profile
post_params['name'] = 'Updated Profile'
post_params['line1'] = 'New Line 1'
response = self.client.post(reverse('wl_main:edit_profile', args=(profile.pk,)), post_params)
self.assertEqual(302, response.status_code)
# get updated profile
self.assertEquals(1, Profile.objects.filter(user=self.customer).count())
profile = Profile.objects.filter(user=self.customer).first()
# check that the profile has been edited
self.assertEquals(profile.name, 'Updated Profile')
self.assertEquals(profile.postal_address.line1, 'New Line 1')
def test_manage_id(self):
"""Testing that a user can access the manage identification page"""
self.client.login(self.customer.email)
# check that client can access the manage identification page
response = self.client.get(reverse('wl_main:identification'))
self.assertEqual(200, response.status_code)
def test_upload_id(self):
"""Testing that a user can upload an ID image"""
self.client.login(self.customer.email)
self.assertIsNone(self.customer.identification)
response = self.client.get(reverse('wl_main:identification'))
self.assertEqual(200, response.status_code)
response = upload_id(self.customer)
self.assertEqual(200, response.status_code)
# update customer
self.customer.refresh_from_db()
self.assertIsNotNone(self.customer.identification)
class ReturnsTestCase(TestCase):
fixtures = ['licences.json', 'countries.json', 'catalogue.json', 'partner.json', 'returns.json']
def setUp(self):
self.customer = get_or_create_default_customer(include_default_profile=True)
self.officer = get_or_create_default_officer()
self.client = SocialClient()
self.licence = create_licence(self.customer, self.officer, product_title='regulation-17')
self.ret = create_return(self.licence)
def tearDown(self):
self.client.logout()
def test_returns_lodgement_page(self):
"""Testing that a user can access the returns lodgement page"""
self.client.login(self.customer.email)
# check that client can access the licence type selection list
response = self.client.get(reverse('wl_returns:enter_return', args=(self.ret.pk,)))
self.assertEqual(200, response.status_code)
def test_lodge_nil_return(self):
"""Testing that a user can log a nil return"""
self.client.login(self.customer.email)
post_params = {
'nil': True,
'comments': 'No survey taken'
}
response = self.client.post(reverse('wl_returns:enter_return', args=(self.ret.pk,)),
post_params)
self.assertRedirects(response, reverse('home'),
status_code=302, target_status_code=200, fetch_redirect_response=False)
def test_upload_return_spreadsheet(self):
"""Testing that a user can upload a return spreadsheet"""
self.client.login(self.customer.email)
with open(TEST_SPREADSHEET_PATH, 'rb') as fp:
post_params = {
'upload': True,
'spreadsheet_file': fp
}
response = self.client.post(reverse('wl_returns:enter_return', args=(self.ret.pk,)),
post_params)
self.assertEqual(200, response.status_code)
# assert values in the response context match those in the spreadsheet
for key, value in response.context['tables'][0]['data'][0].items():
self.assertEqual(value['value'], TEST_VALUES[key])
def test_lodge_return(self):
"""Testing that a user can lodge a return"""
self.client.login(self.customer.email)
# check return status is intially 'current'
self.assertEqual(self.ret.status, 'current')
post_params = {
'lodge': True,
}
for key, value in TEST_VALUES.items():
post_params['regulation-17::{}'.format(key)] = value
response = self.client.post(reverse('wl_returns:enter_return', args=(self.ret.pk,)), post_params)
self.assertRedirects(response, reverse('home'),
status_code=302, target_status_code=200, fetch_redirect_response=False)
self.ret.refresh_from_db()
# check return status is 'submitted'
self.assertEqual(self.ret.status, 'submitted')
# assert values in the return is what is expected
for key, value in self.ret.returntable_set.first().returnrow_set.first().data.items():
self.assertEqual(value, str(TEST_VALUES[key]))
class TestPermissions(TestCase):
fixtures = ['licences.json', 'countries.json', 'catalogue.json', 'partner.json', 'returns.json']
def setUp(self):
self.customer = get_or_create_default_customer(include_default_profile=True)
self.officer = get_or_create_default_officer()
self.assessor = get_or_create_default_assessor()
self.not_allowed_customer = create_random_customer()
self.assertNotEqual(self.not_allowed_customer, self.customer)
self.client = SocialClient()
self.licence = create_licence(self.customer, self.officer, product_title='regulation-17')
self.ret = create_return(self.licence)
def test_returns_lodgement_page(self):
"""
Only officer or application owner can view returns
"""
url = reverse('wl_returns:enter_return', args=(self.ret.pk,))
allowed = [self.officer, self.customer]
forbidden = [self.not_allowed_customer, self.assessor]
for user in allowed:
self.client.login(user.email)
response = self.client.get(url)
self.assertEqual(200, response.status_code)
self.client.logout()
for user in forbidden:
self.client.login(user.email)
response = self.client.get(url)
self.assertEqual(403, response.status_code)
self.client.logout()
def test_readonly_view(self):
"""
Only officer or application owner can enter returns
"""
url = reverse('wl_returns:view_return', args=(self.ret.pk,))
allowed = [self.officer, self.customer]
forbidden = [self.not_allowed_customer, self.assessor]
for user in allowed:
self.client.login(user.email)
response = self.client.get(url)
self.assertEqual(200, response.status_code)
self.client.logout()
for user in forbidden:
self.client.login(user.email)
response = self.client.get(url)
self.assertEqual(403, response.status_code)
self.client.logout()
def test_curate_view(self):
"""
Only officer can curate returns
"""
url = reverse('wl_returns:curate_return', args=(self.ret.pk,))
allowed = [self.officer]
forbidden = [self.not_allowed_customer, self.assessor, self.customer]
for user in allowed:
self.client.login(user.email)
response = self.client.get(url)
self.assertEqual(200, response.status_code)
self.client.logout()
for user in forbidden:
self.client.login(user.email)
response = self.client.get(url)
self.assertEqual(403, response.status_code)
self.client.logout()
def test_view_log(self):
"""
Only officer can view log
"""
url = reverse('wl_returns:log_list', args=(self.ret.pk,))
allowed = [self.officer]
forbidden = [self.not_allowed_customer, self.assessor, self.customer]
for user in allowed:
self.client.login(user.email)
response = self.client.get(url)
self.assertEqual(200, response.status_code)
self.client.logout()
for user in forbidden:
self.client.login(user.email)
response = self.client.get(url)
self.assertEqual(403, response.status_code)
self.client.logout()
def test_add_log(self):
"""
Only officer can view log
"""
url = reverse('wl_returns:add_log_entry', args=(self.ret.pk,))
allowed = [self.officer]
forbidden = [self.not_allowed_customer, self.assessor, self.customer]
payload = {
'to': 'user',
'from': 'test',
'type': 'email'
}
for user in allowed:
self.client.login(user.email)
response = self.client.post(url, data=payload)
self.assertEqual(200, response.status_code)
self.client.logout()
for user in forbidden:
self.client.login(user.email)
response = self.client.post(url, data=payload)
self.assertEqual(403, response.status_code)
self.client.logout()
def test_download_template(self):
"""
Every authenticated user should be able to download a return template
"""
return_type = self.ret.return_type
url = reverse('wl_returns:download_return_template', args=(return_type.pk,))
allowed = [self.officer, self.not_allowed_customer, self.assessor, self.customer]
forbidden = []
for user in allowed:
self.client.login(user.email)
response = self.client.get(url)
self.assertEqual(200, response.status_code)
self.client.logout()
for user in forbidden:
self.client.login(user.email)
response = self.client.get(url)
self.assertEqual(403, response.status_code)
self.client.logout()
class AccountsTestCase(TestCase):
def setUp(self):
self.customer = get_or_create_default_customer()
self.officer = get_or_create_default_officer()
self.client = SocialClient()
def tearDown(self):
self.client.logout()
# clean id file
if self.customer.identification:
os.remove(self.customer.identification.path)
def test_profile_list(self):
"""Testing that a user can display the profile list if they are a customer"""
self.client.login(self.customer.email)
# check that client can access the profile list
response = self.client.get(reverse('wl_main:list_profiles'))
self.assertEqual(200, response.status_code)
def test_profile_list_non_customer(self):
"""Testing that a user cannot display the profile list if they are not a customer"""
self.client.login(self.officer.email)
# check that client gets redirected if they try to access the profile list
response = self.client.get(reverse('wl_main:list_profiles'))
self.assertEqual(302, response.status_code)
def test_create_profile(self):
"""Testing that a user can create a profile"""
self.client.login(self.customer.email)
original_profile_count = Profile.objects.filter(user=self.customer).count()
# check that client can access the create profile page
response = self.client.get(reverse('wl_main:create_profile'))
self.assertEqual(200, response.status_code)
post_params = {
'user': self.customer.pk,
'name': 'Test Profile',
'email': '*****@*****.**',
'institution': 'Test Institution',
'line1': '1 Test Street',
'locality': 'Test Suburb',
'state': 'WA',
'country': 'AU',
'postcode': '0001'
}
response = self.client.post(reverse('wl_main:create_profile'), post_params)
self.assertEqual(302, response.status_code)
# check that a new profile has been created
self.assertEquals(Profile.objects.filter(user=self.customer).count(), original_profile_count + 1)
def test_edit_profile(self):
"""Testing that a user can edit an existing profile"""
self.client.login(self.customer.email)
# create original profile
address = Address.objects.create(line1='1 Test Street', locality='Test Suburb', state='WA', postcode='0001')
profile = Profile.objects.create(user=self.customer, name='Test Profile', email='*****@*****.**',
institution='Test Institution', postal_address=address)
# check that client can access the edit profile page
response = self.client.get(reverse('wl_main:edit_profile', args=(profile.pk,)))
self.assertEqual(200, response.status_code)
post_params = {
'user': self.customer.pk,
'name': 'Test Profile 2',
'email': profile.email,
'institution': profile.institution,
'line1': '2 Test Street',
'locality': address.locality,
'state': address.state,
'country': 'AU',
'postcode': address.postcode
}
response = self.client.post(reverse('wl_main:edit_profile', args=(profile.pk,)), post_params)
self.assertEqual(302, response.status_code)
# get updated profile
profile = Profile.objects.get(pk=profile.pk)
# check that the profile has been edited
self.assertEquals(profile.name, 'Test Profile 2')
self.assertEquals(profile.postal_address.line1, '2 Test Street')
def test_manage_id(self):
"""Testing that a user can access the manage identification page"""
self.client.login(self.customer.email)
# check that client can access the manage identification page
response = self.client.get(reverse('wl_main:identification'))
self.assertEqual(200, response.status_code)
def test_upload_id(self):
"""Testing that a user can upload an ID image"""
self.client.login(self.customer.email)
self.assertIsNone(self.customer.identification)
response = self.client.get(reverse('wl_main:identification'))
self.assertEqual(200, response.status_code)
with open(TEST_ID_PATH, 'rb') as fp:
post_params = {
'identification_file': fp
}
self.client.login(self.customer.email)
response = self.client.post(reverse('wl_main:identification'), post_params, follow=True)
self.assertEqual(200, response.status_code)
# update customer
self.customer = EmailUser.objects.get(email=self.customer.email)
self.assertIsNotNone(self.customer.identification)
# assert image url is the customer ID's url path
self.assertEqual(response.context['existing_id_image_url'], self.customer.identification.file.url)
class ApplicationEntryTestCase(TestCase):
fixtures = ['licences.json', 'catalogue.json', 'partner.json']
def setUp(self):
self.customer = get_or_create_default_customer()
self.client = SocialClient()
self.licence_type = WildlifeLicenceType.objects.get(
product_code='regulation-17')
self.licence_type.identification_required = True
self.licence_type.save()
def tearDown(self):
self.client.logout()
# clean id file
if self.customer.identification:
os.remove(self.customer.identification.path)
def test_new_application(self):
"""Testing that a user begin the process of creating an application"""
self.client.login(self.customer.email)
original_application_count = Application.objects.count()
# check that client can access the licence type selection list
response = self.client.get(reverse('wl_applications:new_application'))
self.assertRedirects(response,
reverse('wl_applications:select_licence_type'),
status_code=302,
target_status_code=200,
fetch_redirect_response=False)
self.assertEquals(Application.objects.count(),
original_application_count + 1)
self.assertEqual(self.client.session['application_id'],
Application.objects.first().id)
def test_select_licence_type(self):
"""Testing that a user can display the licence type selection list"""
self.client.login(self.customer.email)
self.client.get(reverse('wl_applications:new_application'))
# check that client can access the licence type selection list
response = self.client.get(
reverse('wl_applications:select_licence_type'))
self.assertEqual(200, response.status_code)
# check that client can select a licence type the licence type selection list
response = self.client.get(
reverse('wl_applications:select_licence_type',
args=(self.licence_type.pk, )))
self.assertRedirects(response,
reverse('wl_applications:check_identification'),
status_code=302,
target_status_code=200,
fetch_redirect_response=False)
def test_check_identification_required_no_current_id(self):
"""Testing that a user can display the identification required page in the case the user has no
current identification, and upload an ID.
"""
self.client.login(self.customer.email)
self.client.get(reverse('wl_applications:new_application'))
self.client.get(
reverse('wl_applications:select_licence_type',
args=(self.licence_type.pk, )))
# check that client can access the identification required page
response = self.client.get(
reverse('wl_applications:check_identification'))
self.assertEqual(200, response.status_code)
with open(TEST_ID_PATH, 'rb') as fp:
post_params = {'identification_file': fp}
response = self.client.post(
reverse('wl_applications:check_identification'),
post_params,
follow=True)
self.assertRedirects(
response,
reverse('wl_applications:create_select_profile'),
status_code=302,
target_status_code=200,
fetch_redirect_response=True)
# update customer
self.customer = EmailUser.objects.get(email=self.customer.email)
def test_check_identification_required_current_id(self):
"""Testing that a user can display the identification required page in the case the user has a
current identification.
"""
self.client.login(self.customer.email)
self.client.get(reverse('wl_applications:new_application'))
self.client.get(
reverse('wl_applications:select_licence_type',
args=(self.licence_type.pk, )))
self.client.get(reverse('wl_applications:check_identification'))
with open(TEST_ID_PATH, 'rb') as fp:
self.customer.identification = Document.objects.create(
name='test_id')
self.customer.identification.file.save('test_id.jpg',
File(fp),
save=True)
self.customer.save()
# check that client is redirected to profile creation / selection page
response = self.client.get(
reverse('wl_applications:check_identification'), follow=True)
self.assertRedirects(response,
reverse('wl_applications:create_select_profile'),
status_code=302,
target_status_code=200,
fetch_redirect_response=True)
def test_create_select_profile_create(self):
"""Testing that a user can display the create / select profile page and create a profile
in the case the user has no profile
"""
self.client.login(self.customer.email)
original_profile_count = self.customer.profiles.count()
self.client.get(reverse('wl_applications:new_application'))
self.client.get(
reverse('wl_applications:select_licence_type',
args=(self.licence_type.pk, )))
# check that client can access the profile create/select page
response = self.client.get(
reverse('wl_applications:create_select_profile'))
self.assertEqual(200, response.status_code)
# check there is not a profile selection form, meaning there is no profile
self.assertFalse('profile_selection_form' in response.context)
post_params = {
'user': self.customer.pk,
'name': 'Test Profile',
'email': '*****@*****.**',
'institution': 'Test Institution',
'line1': '1 Test Street',
'locality': 'Test Suburb',
'state': 'WA',
'country': 'AU',
'postcode': '0001',
'create': True
}
response = self.client.post(
reverse('wl_applications:create_select_profile'), post_params)
# check that client is redirected to enter details page
self.assertRedirects(response,
reverse('wl_applications:enter_details'),
status_code=302,
target_status_code=200,
fetch_redirect_response=False)
# check that a new profile was created
self.assertEqual(self.customer.profiles.count(),
original_profile_count + 1)
# check the created profile has been set in the application
self.assertEquals(self.customer.profiles.first(),
Application.objects.first().applicant_profile)
def test_create_select_profile_select(self):
"""Testing that a user can display the create / select profile page and select a profile
in the case the user has one or more existing profiles
"""
self.client.login(self.customer.email)
self.client.get(reverse('wl_applications:new_application'))
self.client.get(
reverse('wl_applications:select_licence_type',
args=(self.licence_type.pk, )))
# create profiles
address1 = Address.objects.create(user=self.customer,
line1='1 Test Street',
locality='Test Suburb',
state='WA',
postcode='0001')
profile1 = Profile.objects.create(user=self.customer,
name='Test Profile',
email='*****@*****.**',
institution='Test Institution',
postal_address=address1)
address2 = Address.objects.create(user=self.customer,
line1='2 Test Street',
locality='Test Suburb',
state='WA',
postcode='0001')
profile2 = Profile.objects.create(user=self.customer,
name='Test Profile 2',
email='*****@*****.**',
institution='Test Institution',
postal_address=address2)
# check that client can access the profile create/select page
response = self.client.get(
reverse('wl_applications:create_select_profile'))
self.assertEqual(200, response.status_code)
# check there is a profile selection form, meaning there at least one existing profile
self.assertTrue('profile_selection_form' in response.context)
post_params = {'profile': profile2.pk, 'select': True}
response = self.client.post(
reverse('wl_applications:create_select_profile'), post_params)
# check that client is redirected to enter details page
self.assertRedirects(response,
reverse('wl_applications:enter_details'),
status_code=302,
target_status_code=200,
fetch_redirect_response=False)
# check the created profile has been set in the application
self.assertEquals(profile2,
Application.objects.first().applicant_profile)
def test_enter_details_draft(self):
"""Testing that a user can enter the details of an application form and save as a draft
"""
self.client.login(self.customer.email)
self.client.get(reverse('wl_applications:new_application'))
self.client.get(
reverse('wl_applications:select_licence_type',
args=(self.licence_type.pk, )))
application = Application.objects.first()
# check that the state of the application is temp
self.assertEqual(application.processing_status, 'temp')
# check that client can access the enter details page
response = self.client.get(reverse('wl_applications:enter_details'))
self.assertEqual(200, response.status_code)
post_params = {'project_title-0-0': 'Test Title', 'draft': True}
response = self.client.post(reverse('wl_applications:enter_details'),
post_params)
# check that client is redirected to the dashboard
self.assertRedirects(response,
reverse('wl_dashboard:home'),
status_code=302,
target_status_code=200,
fetch_redirect_response=False)
application.refresh_from_db()
# check that the state of the application is draft
self.assertEqual(application.processing_status, 'draft')
# check that the state of the application is draft
self.assertEqual(
application.data[0]['project_details'][0]['project_title'],
'Test Title')
def test_enter_details_draft_continue(self):
"""Testing that a user can enter the details of an application form and save as a draft
and continue editing"""
self.client.login(self.customer.email)
self.client.get(reverse('wl_applications:new_application'))
self.client.get(
reverse('wl_applications:select_licence_type',
args=(self.licence_type.pk, )))
application = Application.objects.first()
# check that the state of the application is temp
self.assertEqual(application.processing_status, 'temp')
# check that client can access the enter details page
response = self.client.get(reverse('wl_applications:enter_details'))
self.assertEqual(200, response.status_code)
post_params = {
'project_title-0-0': 'Test Title',
'draft_continue': True
}
response = self.client.post(reverse('wl_applications:enter_details'),
post_params)
# check that client is redirected back to enter details page
self.assertRedirects(response,
reverse('wl_applications:enter_details'),
status_code=302,
target_status_code=200,
fetch_redirect_response=False)
application.refresh_from_db()
# check that the state of the application is draft
self.assertEqual(application.processing_status, 'draft')
# check that the state of the application is draft
self.assertEqual(
application.data[0]['project_details'][0]['project_title'],
'Test Title')
def test_enter_details_preview(self):
"""Testing that a user can enter the details of an application form and that the data is
saved in the session for previewing
"""
self.client.login(self.customer.email)
self.client.get(reverse('wl_applications:new_application'))
self.client.get(
reverse('wl_applications:select_licence_type',
args=(self.licence_type.pk, )))
# check that client can access the enter details page
response = self.client.get(reverse('wl_applications:enter_details'))
self.assertEqual(200, response.status_code)
post_params = {'project_title-0-0': 'Test Title', 'lodge': True}
response = self.client.post(reverse('wl_applications:enter_details'),
post_params)
# check that client is redirected to preview
self.assertRedirects(response,
reverse('wl_applications:preview'),
status_code=302,
target_status_code=200,
fetch_redirect_response=False)
application = Application.objects.first()
# check that the state of the application is temp
self.assertEqual(application.processing_status, 'temp')
# check that the state of the application is draft
self.assertEqual(
application.data[0]['project_details'][0]['project_title'],
'Test Title')
def test_preview_lodge(self):
"""Testing that a user can preview the details of an application form then lodge the application
"""
self.client.login(self.customer.email)
self.client.get(reverse('wl_applications:new_application'))
self.client.get(
reverse('wl_applications:select_licence_type',
args=(self.licence_type.pk, )))
application = Application.objects.first()
self.assertIsNotNone(application.applicant)
# check that the state of the application is temp
self.assertEqual(application.processing_status, 'temp')
response = self.client.post(reverse('wl_applications:preview'),
follow=True)
# check that client is redirected to complete
self.assertRedirects(response,
reverse('wl_applications:complete'),
status_code=302,
target_status_code=200,
fetch_redirect_response=False)
application.refresh_from_db()
# check that the state of the application is new
self.assertEqual(application.processing_status, 'new')
class ApplicationEntryTestCase(TestCase):
fixtures = ['licences.json', 'catalogue.json', 'partner.json']
def setUp(self):
helpers.create_default_country()
self.customer = get_or_create_default_customer()
self.client = SocialClient()
self.licence_type = WildlifeLicenceType.objects.get(product_title='regulation-17')
self.licence_type.identification_required = True
self.licence_type.save()
def tearDown(self):
self.client.logout()
# clean id file
if self.customer.identification:
os.remove(self.customer.identification.path)
def test_new_application(self):
"""Testing that a user begin the process of creating an application"""
self.client.login(self.customer.email)
original_application_count = Application.objects.count()
# check that client can access the licence type selection list
response = self.client.get(reverse('wl_applications:new_application'))
self.assertRedirects(response, reverse('wl_applications:select_licence_type'),
status_code=302, target_status_code=200, fetch_redirect_response=False)
self.assertEquals(Application.objects.count(), original_application_count + 1)
self.assertEqual(self.client.session['application_id'], Application.objects.first().id)
def test_select_licence_type(self):
"""Testing that a user can display the licence type selection list"""
self.client.login(self.customer.email)
self.client.get(reverse('wl_applications:new_application'))
# check that client can access the licence type selection list
response = self.client.get(reverse('wl_applications:select_licence_type'))
self.assertEqual(200, response.status_code)
# check that client can select a licence type the licence type selection list
response = self.client.get(reverse('wl_applications:select_licence_type', args=(self.licence_type.pk,)))
self.assertRedirects(response, reverse('wl_applications:check_identification'),
status_code=302, target_status_code=200, fetch_redirect_response=False)
def test_check_identification_required_no_current_id(self):
"""Testing that a user can display the identification required page in the case the user has no
current identification, and upload an ID.
"""
self.client.login(self.customer.email)
self.client.get(reverse('wl_applications:new_application'))
self.client.get(reverse('wl_applications:select_licence_type', args=(self.licence_type.pk,)))
# check that client can access the identification required page
response = self.client.get(reverse('wl_applications:check_identification'))
self.assertEqual(200, response.status_code)
with open(TEST_ID_PATH, 'rb') as fp:
post_params = {
'identification_file': fp
}
response = self.client.post(reverse('wl_applications:check_identification'),
post_params, follow=True)
self.assertRedirects(response, reverse('wl_applications:create_select_profile'),
status_code=302, target_status_code=200, fetch_redirect_response=True)
# update customer
self.customer = EmailUser.objects.get(email=self.customer.email)
def test_check_identification_required_current_id(self):
"""Testing that a user can display the identification required page in the case the user has a
current identification.
"""
self.client.login(self.customer.email)
self.client.get(reverse('wl_applications:new_application'))
self.client.get(reverse('wl_applications:select_licence_type', args=(self.licence_type.pk,)))
self.client.get(reverse('wl_applications:check_identification'))
with open(TEST_ID_PATH, 'rb') as fp:
self.customer.identification = Document.objects.create(name='test_id')
self.customer.identification.file.save('test_id.jpg', File(fp), save=True)
self.customer.save()
# check that client is redirected to profile creation / selection page
response = self.client.get(reverse('wl_applications:check_identification'), follow=True)
self.assertRedirects(response, reverse('wl_applications:create_select_profile'),
status_code=302, target_status_code=200, fetch_redirect_response=True)
def test_create_select_profile_create(self):
"""Testing that a user can display the create / select profile page and create a profile
in the case the user has no profile
"""
self.client.login(self.customer.email)
original_profile_count = self.customer.profiles.count()
self.client.get(reverse('wl_applications:new_application'))
self.client.get(reverse('wl_applications:select_licence_type', args=(self.licence_type.pk,)))
# check that client can access the profile create/select page
response = self.client.get(reverse('wl_applications:create_select_profile'))
self.assertEqual(200, response.status_code)
# check there is not a profile selection form, meaning there is no profile
self.assertFalse('profile_selection_form' in response.context)
post_params = {
'user': self.customer.pk,
'name': 'Test Profile',
'email': '*****@*****.**',
'institution': 'Test Institution',
'line1': '1 Test Street',
'locality': 'Test Suburb',
'state': 'WA',
'country': 'AU',
'postcode': '0001',
'create': True
}
response = self.client.post(reverse('wl_applications:create_select_profile'), post_params)
# check that client is redirected to enter details page
self.assertRedirects(response, reverse('wl_applications:enter_details'),
status_code=302, target_status_code=200, fetch_redirect_response=False)
# check that a new profile was created
self.assertEqual(self.customer.profiles.count(), original_profile_count + 1)
# check the created profile has been set in the application
self.assertEquals(self.customer.profiles.first(), Application.objects.first().applicant_profile)
def test_create_select_profile_select(self):
"""Testing that a user can display the create / select profile page and select a profile
in the case the user has one or more existing profiles
"""
self.client.login(self.customer.email)
self.client.get(reverse('wl_applications:new_application'))
self.client.get(reverse('wl_applications:select_licence_type', args=(self.licence_type.pk,)))
# create profiles
address1 = Address.objects.create(user=self.customer, line1='1 Test Street', locality='Test Suburb',
state='WA', postcode='0001')
profile1 = Profile.objects.create(user=self.customer, name='Test Profile', email='*****@*****.**',
institution='Test Institution', postal_address=address1)
address2 = Address.objects.create(user=self.customer, line1='2 Test Street', locality='Test Suburb',
state='WA', postcode='0001')
profile2 = Profile.objects.create(user=self.customer, name='Test Profile 2', email='*****@*****.**',
institution='Test Institution', postal_address=address2)
# check that client can access the profile create/select page
response = self.client.get(reverse('wl_applications:create_select_profile'))
self.assertEqual(200, response.status_code)
# check there is a profile selection form, meaning there at least one existing profile
self.assertTrue('profile_selection_form' in response.context)
post_params = {
'profile': profile2.pk,
'select': True
}
response = self.client.post(reverse('wl_applications:create_select_profile'), post_params)
# check that client is redirected to enter details page
self.assertRedirects(response, reverse('wl_applications:enter_details'),
status_code=302, target_status_code=200, fetch_redirect_response=False)
# check the created profile has been set in the application
self.assertEquals(profile2, Application.objects.first().applicant_profile)
def test_enter_details_draft(self):
"""Testing that a user can enter the details of an application form and save as a draft
"""
self.client.login(self.customer.email)
self.client.get(reverse('wl_applications:new_application'))
self.client.get(reverse('wl_applications:select_licence_type', args=(self.licence_type.pk,)))
application = Application.objects.first()
# check that the state of the application is temp
self.assertEqual(application.processing_status, 'temp')
# check that client can access the enter details page
response = self.client.get(reverse('wl_applications:enter_details'))
self.assertEqual(200, response.status_code)
post_params = {
'project_title-0-0': 'Test Title',
'draft': True
}
response = self.client.post(reverse('wl_applications:enter_details'), post_params)
# check that client is redirected to the dashboard
self.assertRedirects(response, reverse('wl_dashboard:home'), status_code=302, target_status_code=200,
fetch_redirect_response=False)
application.refresh_from_db()
# check that the state of the application is draft
self.assertEqual(application.processing_status, 'draft')
# check that the state of the application is draft
self.assertEqual(application.data[0]['project_details'][0]['project_title'], 'Test Title')
def test_enter_details_draft_continue(self):
"""Testing that a user can enter the details of an application form and save as a draft
and continue editing"""
self.client.login(self.customer.email)
self.client.get(reverse('wl_applications:new_application'))
self.client.get(reverse('wl_applications:select_licence_type', args=(self.licence_type.pk,)))
application = Application.objects.first()
# check that the state of the application is temp
self.assertEqual(application.processing_status, 'temp')
# check that client can access the enter details page
response = self.client.get(reverse('wl_applications:enter_details'))
self.assertEqual(200, response.status_code)
post_params = {
'project_title-0-0': 'Test Title',
'draft_continue': True
}
response = self.client.post(reverse('wl_applications:enter_details'), post_params)
# check that client is redirected back to enter details page
self.assertRedirects(response, reverse('wl_applications:enter_details'),
status_code=302, target_status_code=200, fetch_redirect_response=False)
application.refresh_from_db()
# check that the state of the application is draft
self.assertEqual(application.processing_status, 'draft')
# check that the state of the application is draft
self.assertEqual(application.data[0]['project_details'][0]['project_title'], 'Test Title')
def test_enter_details_preview(self):
"""Testing that a user can enter the details of an application form and that the data is
saved in the session for previewing
"""
self.client.login(self.customer.email)
self.client.get(reverse('wl_applications:new_application'))
self.client.get(reverse('wl_applications:select_licence_type', args=(self.licence_type.pk,)))
# check that client can access the enter details page
response = self.client.get(reverse('wl_applications:enter_details'))
self.assertEqual(200, response.status_code)
post_params = {
'project_title-0-0': 'Test Title',
'lodge': True
}
response = self.client.post(reverse('wl_applications:enter_details'), post_params)
# check that client is redirected to preview
self.assertRedirects(response, reverse('wl_applications:preview'),
status_code=302, target_status_code=200, fetch_redirect_response=False)
application = Application.objects.first()
# check that the state of the application is temp
self.assertEqual(application.processing_status, 'temp')
# check that the state of the application is draft
self.assertEqual(application.data[0]['project_details'][0]['project_title'], 'Test Title')
def test_preview_lodge(self):
"""Testing that a user can preview the details of an application form then lodge the application
"""
self.client.login(self.customer.email)
self.client.get(reverse('wl_applications:new_application'))
self.client.get(reverse('wl_applications:select_licence_type', args=(self.licence_type.pk,)))
application = Application.objects.first()
self.assertIsNotNone(application.applicant)
# check that the state of the application is temp
self.assertEqual(application.processing_status, 'temp')
response = self.client.post(reverse('wl_applications:preview'))
# check that client is redirected to checkout
self.assertRedirects(response, reverse('wl_payments:checkout_application', args=(application.pk,)),
status_code=302, target_status_code=200, fetch_redirect_response=False)
application.refresh_from_db()
# check that the state of the application is new
self.assertEqual(application.processing_status, 'new')
class ApplicationEntrySecurity(TestCase):
def setUp(self):
self.client = SocialClient()
def test_user_access_other_user(self):
"""
Test that a user cannot edit/view another user application
"""
customer1 = create_random_customer()
customer2 = create_random_customer()
self.assertNotEqual(customer1, customer2)
application1 = helpers.create_application(user=customer1)
application2 = helpers.create_application(user=customer2)
self.assertNotEqual(application1, application2)
# login as user1
self.client.login(customer1.email)
my_url = reverse('applications:enter_details_existing_application',
args=[application1.licence_type.code, application1.pk])
response = self.client.get(my_url)
self.assertEqual(200, response.status_code)
forbidden_urls = [
reverse('applications:edit_application', args=[application2.licence_type.code, application2.pk]),
reverse('applications:enter_details_existing_application',
args=[application2.licence_type.code, application2.pk]),
reverse('applications:preview', args=[application2.licence_type.code, application2.pk])
]
for forbidden_url in forbidden_urls:
response = self.client.get(forbidden_url, follow=True)
self.assertEqual(403, response.status_code)
def test_user_access_lodged(self):
"""
Once the application if lodged the user should not be able to edit it
"""
customer1 = create_random_customer()
# login as user1
self.client.login(customer1.email)
application = helpers.create_application(user=customer1)
self.assertEqual('draft', application.customer_status)
my_urls = [
reverse('applications:edit_application', args=[application.licence_type.code, application.pk]),
reverse('applications:enter_details_existing_application',
args=[application.licence_type.code, application.pk]),
reverse('applications:preview', args=[application.licence_type.code, application.pk])
]
for url in my_urls:
response = self.client.get(url, follow=True)
self.assertEqual(200, response.status_code,
msg="Wrong status code {1} for {0}".format(url, response.status_code))
# lodge the application
url = reverse('applications:preview', args=[application.licence_type.code, application.pk])
session = self.client.session
session['application'] = {
'profile': application.applicant_profile.pk,
'data': {
'project_title': 'Test'
}
}
session.save()
self.client.post(url)
application.refresh_from_db()
self.assertEqual('under_review', application.customer_status)
for url in my_urls:
response = self.client.get(url, follow=True)
self.assertEqual(403, response.status_code)
def test_user_not_logged_is_redirected_to_login(self):
"""
A user not logged in should be redirected to the login page and not see a 403
"""
customer1 = create_random_customer()
application = helpers.create_application(user=customer1)
self.assertEqual('draft', application.customer_status)
my_urls = [
reverse('applications:edit_application', args=[application.licence_type.code, application.pk]),
reverse('applications:enter_details_existing_application',
args=[application.licence_type.code, application.pk]),
reverse('applications:preview', args=[application.licence_type.code, application.pk])
]
for url in my_urls:
response = self.client.get(url, follow=True)
self.assertEqual(200, response.status_code,
msg="Wrong status code {1} for {0}".format(url, response.status_code))
self.assertTrue(is_login_page(response))
# lodge the application
self.client.login(customer1.email)
url = reverse('applications:preview', args=[application.licence_type.code, application.pk])
session = self.client.session
session['application'] = {
'profile': application.applicant_profile.pk,
'data': {
'project_title': 'Test'
}
}
session.save()
self.client.post(url)
application.refresh_from_db()
self.assertEqual('under_review', application.customer_status)
# logout
self.client.logout()
for url in my_urls:
response = self.client.get(url, follow=True)
self.assertEqual(200, response.status_code)
self.assertTrue(is_login_page(response))
class TestApplicationDiscardView(TestCase):
"""
Rules of discard:
If draft not submitted -> delete the app
otherwise -> flag as discarded
@see https://kanboard.dpaw.wa.gov.au/?controller=TaskViewController&action=show&task_id=2833&project_id=24
External person must be able to discard application pushed back .
@see https://kanboard.dpaw.wa.gov.au/?controller=TaskViewController&action=show&task_id=2743&project_id=24
"""
fixtures = ['licences.json', 'catalogue.json', 'partner.json']
def setUp(self):
self.client = SocialClient()
self.officer = helpers.get_or_create_default_officer()
self.applicant = get_or_create_default_customer()
self.assertNotEqual(self.officer, self.applicant)
def tearDown(self):
self.client.logout()
clear_mailbox()
def test_cannot_discard(self):
"""
Test that an application cannot be discarded if it hasn't been pushed back to the applicant.
Formally its processing status must be in the list of Application.CUSTOMER_DISCARDABLE_STATE
:return:
"""
# lodge application
application = helpers.create_and_lodge_application(self.applicant)
self.assertFalse(application.is_discardable)
# try to discard with get or post
previous_processing_status = application.processing_status
previous_customer_status = application.customer_status
url = reverse('wl_applications:discard_application', args=[application.pk])
self.client.login(self.applicant.email)
self.assertTrue(is_client_authenticated(self.client))
resp = self.client.get(url, follow=True)
application.refresh_from_db()
# status should be unchanged
self.assertNotEqual(application.processing_status, 'discarded')
self.assertNotEqual(application.customer_status, 'discarded')
self.assertEqual(application.processing_status, previous_processing_status)
self.assertEqual(application.customer_status, previous_customer_status)
# the response should have an error message
self.assertTrue(has_response_error_messages(resp))
# same with post method
resp = self.client.post(url, follow=True)
application.refresh_from_db()
# status should be unchanged
self.assertNotEqual(application.processing_status, 'discarded')
self.assertNotEqual(application.customer_status, 'discarded')
self.assertEqual(application.processing_status, previous_processing_status)
self.assertEqual(application.customer_status, previous_customer_status)
# the response should have an error message
self.assertTrue(has_response_error_messages(resp))
def test_pushed_back_application_discarded_not_deleted(self):
# lodge application
application = helpers.create_and_lodge_application(self.applicant)
self.assertFalse(application.is_discardable)
# officer request amendment
url = reverse('wl_applications:amendment_request')
self.client.login(self.officer.email)
resp = self.client.post(url, data={
'application': application.pk,
'officer': self.officer.pk,
'reason': 'missing_information'
})
self.assertEquals(resp.status_code, 200)
application.refresh_from_db()
# application should now be discardable
self.assertTrue(application.is_discardable)
# but not deletable
self.assertFalse(application.is_deletable)
# discard
self.client.logout()
clear_mailbox()
self.client.login(self.applicant.email)
self.assertTrue(is_client_authenticated(self.client))
url = reverse('wl_applications:discard_application', args=[application.pk])
# the get should not discard but return a confirm page
previous_processing_status = application.processing_status
previous_customer_status = application.customer_status
resp = self.client.get(url)
self.assertEquals(resp.status_code, 200)
# test that there's a cancel_url in the context of the response and an action_url that is set to the proper url
self.assertTrue('cancel_url' in resp.context)
self.assertEqual(resp.context['cancel_url'], reverse('wl_dashboard:home'))
self.assertTrue('action_url' in resp.context)
self.assertEquals(resp.context['action_url'], url)
application.refresh_from_db()
# status should be unchanged
self.assertNotEqual(application.processing_status, 'discarded')
self.assertNotEqual(application.customer_status, 'discarded')
self.assertEqual(application.processing_status, previous_processing_status)
self.assertEqual(application.customer_status, previous_customer_status)
# actual discard
resp = self.client.post(url, data=None, follow=True)
self.assertEquals(resp.status_code, 200)
application.refresh_from_db()
self.assertEqual(application.processing_status, 'discarded')
self.assertEqual(application.customer_status, 'discarded')
# there should be a message
self.assertTrue(has_response_messages(resp))
self.assertFalse(has_response_error_messages(resp))
def test_not_submitted_draft_are_deleted(self):
"""
This is the happy path and the only use case where the application can be deleted.
User create application, save as draft and delete it
"""
self.client.login(self.applicant.email)
application = helpers.create_application(self.applicant)
self.assertEquals(application.customer_status, 'temp')
self.assertFalse(application.is_discardable)
# save application as a draft
helpers.set_application_session(self.client, application)
pk = self.client.session['application_id']
self.assertEqual(application.pk, pk)
url = reverse('wl_applications:enter_details')
data = {
'draft': 'draft'
}
resp = self.client.post(url, data=data, follow=True)
self.assertEqual(resp.status_code, 200)
application.refresh_from_db()
self.assertEquals(application.customer_status, 'draft')
# application should now be discardable
self.assertTrue(application.is_discardable)
# and deletable
self.assertTrue(application.is_deletable)
# discard
url = reverse('wl_applications:discard_application', args=[application.pk])
# the get should not delete but return a confirm page
previous_processing_status = application.processing_status
previous_customer_status = application.customer_status
resp = self.client.get(url, follow=True)
self.assertEquals(resp.status_code, 200)
# test that there's a cancel_url in the context of the response and an action_url that is set to the proper url
self.assertTrue('cancel_url' in resp.context)
self.assertEqual(resp.context['cancel_url'], reverse('wl_dashboard:home'))
self.assertTrue('action_url' in resp.context)
self.assertEquals(resp.context['action_url'], url)
# Application should not be deleted
application = Application.objects.filter(pk=application.pk).first()
self.assertIsNotNone(application)
# status should be unchanged
self.assertEqual(application.processing_status, previous_processing_status)
self.assertEqual(application.customer_status, previous_customer_status)
# actual discard
resp = self.client.post(url, data=None, follow=True)
self.assertEquals(resp.status_code, 200)
# Application should now be deleted
application = Application.objects.filter(pk=application.pk).first()
self.assertIsNone(application)
def test_submitted_draft_cannot_be_deleted(self):
"""
Use case:
Applicant lodge an application.
Officer send it back to him with amendments requested
Applicant reopen it and save it as a draft
At this stage the user should not be able to delete it because it has already been lodged
"""
# lodge application
application = helpers.create_and_lodge_application(self.applicant)
# application should not be discardable
self.assertFalse(application.is_discardable)
# and not deletable
self.assertFalse(application.is_deletable)
# officer request amendment
url = reverse('wl_applications:amendment_request')
self.client.login(self.officer.email)
resp = self.client.post(url, data={
'application': application.pk,
'officer': self.officer.pk,
'reason': 'missing_information'
})
self.assertEquals(resp.status_code, 200)
application.refresh_from_db()
self.client.logout()
self.client.login(self.applicant.email)
url = reverse('wl_applications:edit_application', args=[application.pk])
self.client.get(url, follow=True)
# save as draft
data = {
'draft': 'draft',
'data': application.data
}
url = reverse('wl_applications:enter_details')
resp = self.client.post(url, data, follow=True)
self.assertEqual(resp.status_code, 200)
application.refresh_from_db()
self.assertEqual(application.customer_status, 'draft')
# application should now be discardable
self.assertTrue(application.is_discardable)
# and not deletable
self.assertFalse(application.is_deletable)
# actual discard
url = reverse('wl_applications:discard_application', args=[application.pk])
resp = self.client.post(url, follow=True)
# application should not be deleted
application = Application.objects.filter(pk=application.pk).first()
self.assertIsNotNone(application)
# but in a discarded state
self.assertEqual(application.processing_status, 'discarded')
self.assertEqual(application.customer_status, 'discarded')
# there should be a message
self.assertTrue(has_response_messages(resp))
self.assertFalse(has_response_error_messages(resp))
class TestStatusLifeCycle(TestCase):
fixtures = ['licences.json']
def setUp(self):
self.client = SocialClient()
self.officer = get_or_create_default_officer()
self.user = get_or_create_default_customer()
self.assertNotEqual(self.officer, self.user)
def tearDown(self):
self.client.logout()
clear_mailbox()
clear_all_id_files()
def test_id_update(self):
"""
Test that when an ID update is required and the users update their ID the customer and id status are correctly
updated
"""
application = create_and_lodge_application(self.user)
self.client.login(self.officer.email)
self.assertTrue(is_client_authenticated(self.client))
clear_mailbox()
data = {
'officer': self.officer.pk,
'application': application.pk,
'reason': IDRequest.REASON_CHOICES[0][0],
'text': 'you to upload an ID.'
}
url = reverse('wl_applications:id_request')
self.assertFalse(is_email())
response = self.client.post(url, data)
self.assertEqual(200, response.status_code)
resp_data = json.loads(response.content.decode('utf8'))
self.assertIn('id_check_status', resp_data)
self.assertIn('processing_status', resp_data)
application.refresh_from_db()
self.assertEqual('id_required', application.customer_status)
self.assertEqual('awaiting_update', application.id_check_status)
self.assertEqual('awaiting_applicant_response',
application.processing_status)
self.assertTrue(is_email())
email = get_email()
self.assertIn(application.applicant_profile.email, email.to)
self.assertEqual(ApplicationIDUpdateRequestedEmail.subject,
email.subject)
# now user upload ID
self.client.logout()
self.assertIsNone(self.user.identification)
self.client.login(self.user.email)
self.assertTrue(is_client_authenticated(self.client))
self.client.get(reverse('wl_main:identification'))
upload_id(self.user)
self.user.refresh_from_db()
self.assertIsNotNone(self.user.identification)
application.refresh_from_db()
self.assertEqual('updated', application.id_check_status)
self.assertEqual('under_review', application.customer_status)
self.assertEqual('ready_for_action', application.processing_status)
def test_issued_status_after_entering_condition(self):
"""
Test that if an application has been issued, entering condition leave the status as issued
@see https://kanboard.dpaw.wa.gov.au/?controller=TaskViewController&action=show&task_id=2736&project_id=24
"""
application = create_and_lodge_application(self.user)
# set some conditions
url = reverse('wl_applications:enter_conditions',
args=[application.pk])
condition = get_or_create_condition('0001', {"text": "For unit test"})
data = {'conditionID': [condition.pk]}
self.client.login(self.officer.email)
self.assertTrue(is_client_authenticated(self.client))
resp = self.client.post(url, data=data, follow=True)
self.assertEquals(200, resp.status_code)
application.refresh_from_db()
self.assertEquals(application.processing_status, 'ready_to_issue')
# issue licence
url = reverse('wl_applications:issue_licence', args=[application.pk])
today = datetime.date.today()
tomorrow = today + datetime.timedelta(days=1)
data = {
'regions': [G(Region).pk],
'return_frequency': -1,
'issue_date': str(today),
'start_date': str(today),
'end_date': str(tomorrow)
}
resp = self.client.post(url, data=data, follow=True)
self.assertEquals(200, resp.status_code)
application.refresh_from_db()
self.assertEquals(application.processing_status, 'issued')
# now repost conditions
url = reverse('wl_applications:enter_conditions',
args=[application.pk])
condition = get_or_create_condition('0001', {"text": "For unit test"})
data = {'conditionID': [condition.pk]}
resp = self.client.post(url, data=data, follow=True)
self.assertEquals(200, resp.status_code)
application.refresh_from_db()
# status should not be 'ready_to_issue' but 'issued'
expected_status = 'issued'
self.assertEquals(application.processing_status, expected_status)
def test_issued_declined_licences_cannot_be_assessed(self):
"""
Test that if a licence has been issued or application declined, assessments can no longer be done.
@see https://kanboard.dpaw.wa.gov.au/?controller=TaskViewController&action=show&task_id=2743&project_id=24
"""
# create application to issue
application = create_and_lodge_application(self.user)
# send out assessment
assessment = get_or_create_assessment(application)
self.assertEquals(assessment.status, 'awaiting_assessment')
self.client.login(self.officer.email)
# issue licence
url = reverse('wl_applications:issue_licence', args=[application.pk])
today = datetime.date.today()
tomorrow = today + datetime.timedelta(days=1)
data = {
'regions': [G(Region).pk],
'return_frequency': -1,
'issue_date': str(today),
'start_date': str(today),
'end_date': str(tomorrow)
}
resp = self.client.post(url, data=data, follow=True)
self.assertEquals(200, resp.status_code)
application.refresh_from_db()
self.assertEquals(application.processing_status, 'issued')
assessment.refresh_from_db()
self.assertEquals(assessment.status, 'assessment_expired')
# create application to decline
application = create_and_lodge_application(self.user)
# send out assessment
assessment = get_or_create_assessment(application)
self.assertEquals(assessment.status, 'awaiting_assessment')
# decline licence
resp = self.client.post(reverse('wl_applications:process',
args=[application.pk]),
data={'decline': True},
follow=True)
self.assertEquals(200, resp.status_code)
assessment.refresh_from_db()
self.assertEquals(assessment.status, 'assessment_expired')
def test_declined_applications_status(self):
"""
Test that if an application has been declined, the officer and customer will both have a declined status
@see https://kanboard.dpaw.wa.gov.au/?controller=TaskViewController&action=show&task_id=2741&project_id=24
"""
# create application to decline
application = create_and_lodge_application(self.user)
self.client.login(self.officer.email)
# decline licence
resp = self.client.post(reverse('wl_applications:process',
args=[application.pk]),
data={
'decline': True,
'reason': 'N/A'
},
follow=True)
self.assertEquals(200, resp.status_code)
application.refresh_from_db()
self.assertEquals(application.customer_status, 'declined')
self.assertEquals(application.processing_status, 'declined')
# Test that the reason is stored
details = ApplicationDeclinedDetails.objects.filter(
application=application).first()
self.assertIsNotNone(details)
self.assertEqual(application, details.application)
self.assertEqual(self.officer, details.officer)
self.assertEquals('N/A', details.reason)
class TestStatusLifeCycle(TestCase):
fixtures = ['licences.json']
def setUp(self):
self.client = SocialClient()
self.officer = get_or_create_default_officer()
self.user = get_or_create_default_customer()
self.assertNotEqual(self.officer, self.user)
def tearDown(self):
self.client.logout()
clear_mailbox()
clear_all_id_files()
def test_id_update(self):
"""
Test that when an ID update is required and the users update their ID the customer and id status are correctly
updated
"""
application = create_and_lodge_application(self.user)
self.client.login(self.officer.email)
self.assertTrue(is_client_authenticated(self.client))
clear_mailbox()
data = {
'officer': self.officer.pk,
'application': application.pk,
'reason': IDRequest.REASON_CHOICES[0][0],
'text': 'you to upload an ID.'
}
url = reverse('wl_applications:id_request')
self.assertFalse(is_email())
response = self.client.post(url, data)
self.assertEqual(200, response.status_code)
resp_data = json.loads(response.content.decode('utf8'))
self.assertIn('id_check_status', resp_data)
self.assertIn('processing_status', resp_data)
application.refresh_from_db()
self.assertEqual('id_required', application.customer_status)
self.assertEqual('awaiting_update', application.id_check_status)
self.assertEqual('awaiting_applicant_response',
application.processing_status)
self.assertTrue(is_email())
email = get_email()
self.assertIn(application.applicant_profile.email, email.to)
self.assertEqual(ApplicationIDUpdateRequestedEmail.subject,
email.subject)
# now user upload ID
self.client.logout()
self.assertIsNone(self.user.identification)
self.client.login(self.user.email)
self.assertTrue(is_client_authenticated(self.client))
self.client.get(reverse('wl_main:identification'))
upload_id(self.user)
self.user.refresh_from_db()
self.assertIsNotNone(self.user.identification)
application.refresh_from_db()
self.assertEqual('updated', application.id_check_status)
self.assertEqual('under_review', application.customer_status)
self.assertEqual('ready_for_action', application.processing_status)
def test_application_amendment(self):
"""
Test that when an amendment is required, the user receives an email and can amend their application. When the
user relodged, the officer can see the amendment and set the review status accordingly.
"""
application = create_and_lodge_application(self.user)
self.assertFalse(application.can_user_edit)
self.client.login(self.officer.email)
post_data = {
'officer': self.officer.pk,
'application': application.pk,
'reason': AmendmentRequest.REASON_CHOICES[0][0],
'text': 'Application needs more data'
}
response = self.client.post(
reverse('wl_applications:amendment_request'), post_data)
self.assertEqual(200, response.status_code)
resp_data = json.loads(response.content.decode('utf8'))
application.refresh_from_db()
self.assertIn('review_status', resp_data)
self.assertEquals(resp_data['review_status'],
utils.REVIEW_STATUSES[application.review_status])
self.assertIn('processing_status', resp_data)
self.assertEquals(
resp_data['processing_status'],
utils.PROCESSING_STATUSES[application.processing_status])
self.assertEqual(application.customer_status, 'amendment_required')
self.assertEqual(application.processing_status,
'awaiting_applicant_response')
self.assertEqual(application.review_status, 'awaiting_amendments')
amendment_request = AmendmentRequest.objects.filter(
application=application).first()
self.assertIsNotNone(amendment_request)
self.assertEquals(amendment_request.status, 'requested')
self.assertTrue(is_email())
email = get_email()
self.assertIn(application.applicant_profile.email, email.to)
self.assertEqual(ApplicationAmendmentRequestedEmail.subject,
email.subject)
# user logs in
self.client.logout()
self.client.login(self.user.email)
self.assertTrue(application.can_user_edit)
response = self.client.get(reverse('wl_applications:edit_application',
args=(application.pk, )),
follow=True)
# check that client will be redirected to the enter details page
self.assertRedirects(response,
reverse('wl_applications:enter_details'),
status_code=302,
target_status_code=200)
# edit and resubmit data
post_params = {'project_title-0-0': 'New Title', 'lodge': True}
response = self.client.post(reverse('wl_applications:enter_details'),
post_params)
# check that client is redirected to preview
self.assertRedirects(response,
reverse('wl_applications:preview'),
status_code=302,
target_status_code=200,
fetch_redirect_response=False)
response = self.client.post(reverse('wl_applications:preview'))
# FIXME: simulate full checkout process instead of skipping
self.client.get(reverse('wl_applications:complete'))
application.refresh_from_db()
self.assertFalse(application.can_user_edit)
self.assertEqual(
application.data[0]['project_details'][0]['project_title'],
'New Title')
self.assertEqual(application.customer_status, 'under_review')
self.assertEqual(application.processing_status, 'ready_for_action')
self.assertEqual(application.review_status, 'amended')
amendment_request.refresh_from_db()
self.assertEquals(amendment_request.status, 'amended')
# officer logs in
self.client.logout()
self.client.login(self.officer.email)
post_data = {'applicationID': application.id, 'status': 'accepted'}
response = self.client.post(
reverse('wl_applications:set_review_status'), post_data)
self.assertEquals(response.status_code, 200)
application.refresh_from_db()
self.assertEquals(application.review_status, 'accepted')
def test_character_check(self):
"""
Test that the character check shows for questionable characters
"""
self.user.character_flagged = True
self.user.save()
application = create_and_lodge_application(self.user)
self.assertEquals(application.character_check_status, 'not_checked')
self.client.login(self.officer.email)
response = self.client.get(
reverse('wl_applications:process', args=(application.pk, )))
self.assertContains(response,
'<span class="glyphicon glyphicon-user"></span>')
post_data = {'applicationID': application.id, 'status': 'accepted'}
response = self.client.post(
reverse('wl_applications:set_character_check_status'), post_data)
self.assertEquals(response.status_code, 200)
application.refresh_from_db()
self.assertEquals(application.character_check_status, 'accepted')
def test_issued_status_after_entering_condition(self):
"""
Test that if an application has been issued, entering condition leave the status as issued
@see https://kanboard.dpaw.wa.gov.au/?controller=TaskViewController&action=show&task_id=2736&project_id=24
"""
application = create_and_lodge_application(self.user)
# set some conditions
url = reverse('wl_applications:enter_conditions',
args=[application.pk])
condition = get_or_create_condition('0001', {"text": "For unit test"})
data = {'conditionID': [condition.pk]}
self.client.login(self.officer.email)
self.assertTrue(is_client_authenticated(self.client))
resp = self.client.post(url, data=data, follow=True)
self.assertEquals(200, resp.status_code)
application.refresh_from_db()
self.assertEquals(application.processing_status, 'ready_to_issue')
# issue licence
url = reverse('wl_applications:issue_licence', args=[application.pk])
today = datetime.date.today()
tomorrow = today + datetime.timedelta(days=1)
data = {
'regions': [G(Region).pk],
'return_frequency': -1,
'issue_date': str(today),
'start_date': str(today),
'end_date': str(tomorrow)
}
resp = self.client.post(url, data=data, follow=True)
self.assertEquals(200, resp.status_code)
application.refresh_from_db()
self.assertEquals(application.processing_status, 'issued')
# now repost conditions
url = reverse('wl_applications:enter_conditions',
args=[application.pk])
condition = get_or_create_condition('0001', {"text": "For unit test"})
data = {'conditionID': [condition.pk]}
resp = self.client.post(url, data=data, follow=True)
self.assertEquals(200, resp.status_code)
application.refresh_from_db()
# status should not be 'ready_to_issue' but 'issued'
expected_status = 'issued'
self.assertEquals(application.processing_status, expected_status)
def test_issued_declined_licences_cannot_be_assessed(self):
"""
Test that if a licence has been issued or application declined, assessments can no longer be done.
@see https://kanboard.dpaw.wa.gov.au/?controller=TaskViewController&action=show&task_id=2743&project_id=24
"""
# create application to issue
application = create_and_lodge_application(self.user)
# send out assessment
assessment = get_or_create_assessment(application)
self.assertEquals(assessment.status, 'awaiting_assessment')
self.client.login(self.officer.email)
# issue licence
url = reverse('wl_applications:issue_licence', args=[application.pk])
today = datetime.date.today()
tomorrow = today + datetime.timedelta(days=1)
data = {
'regions': [G(Region).pk],
'return_frequency': -1,
'issue_date': str(today),
'start_date': str(today),
'end_date': str(tomorrow)
}
resp = self.client.post(url, data=data, follow=True)
self.assertEquals(200, resp.status_code)
application.refresh_from_db()
self.assertEquals(application.processing_status, 'issued')
assessment.refresh_from_db()
self.assertEquals(assessment.status, 'assessment_expired')
# create application to decline
application = create_and_lodge_application(self.user)
# send out assessment
assessment = get_or_create_assessment(application)
self.assertEquals(assessment.status, 'awaiting_assessment')
# decline licence
resp = self.client.post(reverse('wl_applications:process',
args=[application.pk]),
data={'decline': True},
follow=True)
self.assertEquals(200, resp.status_code)
assessment.refresh_from_db()
self.assertEquals(assessment.status, 'assessment_expired')
def test_declined_applications_status(self):
"""
Test that if an application has been declined, the officer and customer will both have a declined status
@see https://kanboard.dpaw.wa.gov.au/?controller=TaskViewController&action=show&task_id=2741&project_id=24
"""
# create application to decline
application = create_and_lodge_application(self.user)
self.client.login(self.officer.email)
# decline licence
resp = self.client.post(reverse('wl_applications:process',
args=[application.pk]),
data={
'decline': True,
'reason': 'N/A'
},
follow=True)
self.assertEquals(200, resp.status_code)
application.refresh_from_db()
self.assertEquals(application.customer_status, 'declined')
self.assertEquals(application.processing_status, 'declined')
# Test that the reason is stored
details = ApplicationDeclinedDetails.objects.filter(
application=application).first()
self.assertIsNotNone(details)
self.assertEqual(application, details.application)
self.assertEqual(self.officer, details.officer)
self.assertEquals('N/A', details.reason)
class AccountsTestCase(TestCase):
def setUp(self):
create_default_country()
self.customer = get_or_create_default_customer()
self.officer = get_or_create_default_officer()
self.client = SocialClient()
def tearDown(self):
self.client.logout()
# clean id file
if self.customer.identification:
os.remove(self.customer.identification.path)
def test_search_customers(self):
"""Testing that searching customers will return the right customer(s) and only customers"""
self.client.login(self.officer.email)
user_1, _ = get_or_create_user({
'first_name': 'Some',
'last_name': 'Guy',
'email': '*****@*****.**',
'dob': datetime.date(1989, 8, 12),
})
user_2, _ = get_or_create_user({
'first_name': 'Some Other',
'last_name': 'Guy',
'email': '*****@*****.**',
'dob': datetime.date(1998, 8, 12),
})
# search for users by common part of first name - both users should be found
response = self.client.get('{}?q={}'.format(reverse('wl_main:search_customers'), 'some'))
self.assertEqual(200, response.status_code)
json_response = response.json()
self.assertEqual(len(json_response), 2)
# make user_2 an officer and check that only user_1 is found by search for common part of first name
add_to_group(user_2, 'officers')
response = self.client.get('{}?q={}'.format(reverse('wl_main:search_customers'), 'some'))
self.assertEqual(200, response.status_code)
json_response = response.json()
self.assertEqual(len(json_response), 1)
self.assertEqual(json_response[0]['id'], user_1.id)
self.assertEqual(json_response[0]['text'], user_1.get_full_name_dob())
def test_profile_list(self):
"""Testing that a user can display the profile list if they are a customer"""
self.client.login(self.customer.email)
# check that client can access the profile list
response = self.client.get(reverse('wl_main:list_profiles'))
self.assertEqual(200, response.status_code)
def test_profile_list_non_customer(self):
"""Testing that a user cannot display the profile list if they are not a customer"""
self.client.login(self.officer.email)
# check that client gets redirected if they try to access the profile list
response = self.client.get(reverse('wl_main:list_profiles'))
self.assertEqual(302, response.status_code)
def test_create_profile(self):
"""Testing that a user can create a profile"""
self.client.login(self.customer.email)
original_profile_count = Profile.objects.filter(user=self.customer).count()
# check that client can access the create profile page
response = self.client.get(reverse('wl_main:create_profile'))
self.assertEqual(200, response.status_code)
post_params = {
'user': self.customer.pk,
'name': 'Test Profile',
'email': '*****@*****.**',
'institution': 'Test Institution',
'line1': '1 Test Street',
'locality': 'Test Suburb',
'state': 'WA',
'country': 'AU',
'postcode': '0001'
}
response = self.client.post(reverse('wl_main:create_profile'), post_params)
self.assertEqual(302, response.status_code)
# check that a new profile has been created
self.assertEquals(Profile.objects.filter(user=self.customer).count(), original_profile_count + 1)
def test_edit_profile(self):
"""Testing that a user can edit an existing profile"""
self.client.login(self.customer.email)
# check no profile
self.assertEquals(0, Profile.objects.filter(user=self.customer).count())
# create original profile
# address = Address.objects.create(line1='1 Test Street', locality='Test Suburb', state='WA', postcode='0001')
# profile = Profile.objects.create(user=self.customer, name='Test Profile', email='*****@*****.**',
# institution='Test Institution', postal_address=address)
post_params = {
'user': self.customer.pk,
'name': 'Test Profile',
'email': '*****@*****.**',
'institution': 'Test Institution',
'line1': '1 Test Street',
'locality': 'Test Suburb',
'state': 'WA',
'country': 'AU',
'postcode': '0001'
}
response = self.client.post(reverse('wl_main:create_profile'), post_params)
self.assertEqual(302, response.status_code)
# check that one profile has been created
self.assertEquals(1, Profile.objects.filter(user=self.customer).count())
profile = Profile.objects.filter(user=self.customer).first()
# check that client can access the edit profile page
response = self.client.get(reverse('wl_main:edit_profile', args=(profile.pk,)))
self.assertEqual(200, response.status_code)
# updated profile
post_params['name'] = 'Updated Profile'
post_params['line1'] = 'New Line 1'
response = self.client.post(reverse('wl_main:edit_profile', args=(profile.pk,)), post_params)
self.assertEqual(302, response.status_code)
# get updated profile
self.assertEquals(1, Profile.objects.filter(user=self.customer).count())
profile = Profile.objects.filter(user=self.customer).first()
# check that the profile has been edited
self.assertEquals(profile.name, 'Updated Profile')
self.assertEquals(profile.postal_address.line1, 'New Line 1')
def test_manage_id(self):
"""Testing that a user can access the manage identification page"""
self.client.login(self.customer.email)
# check that client can access the manage identification page
response = self.client.get(reverse('wl_main:identification'))
self.assertEqual(200, response.status_code)
def test_upload_id(self):
"""Testing that a user can upload an ID image"""
self.client.login(self.customer.email)
self.assertIsNone(self.customer.identification)
response = self.client.get(reverse('wl_main:identification'))
self.assertEqual(200, response.status_code)
response = upload_id(self.customer)
self.assertEqual(200, response.status_code)
# update customer
self.customer.refresh_from_db()
self.assertIsNotNone(self.customer.identification)
class ApplicationEntryTestCase(TestCase):
def setUp(self):
self.customer = create_default_customer()
self.client = SocialClient()
licence_type = WildlifeLicenceType.objects.get(code='regulation17')
licence_type.identification_required = True
licence_type.save()
def tearDown(self):
self.client.logout()
# clean id file
if self.customer.identification:
os.remove(self.customer.identification.path)
def test_select_licence_type(self):
"""Testing that a user can display the licence type selection list"""
self.client.login(self.customer.email)
# check that client can access the licence type selection list
response = self.client.get(reverse('applications:select_licence_type'))
self.assertEqual(200, response.status_code)
def test_check_identification_required_no_current_id(self):
"""Testing that a user can display the identification required page in the case the user has no
current identification, and upload an ID.
"""
self.client.login(self.customer.email)
# check that client can access the identification required page
response = self.client.get(reverse('applications:check_identification', args=('regulation17',)))
self.assertEqual(200, response.status_code)
with open(TEST_ID_PATH) as fp:
post_params = {
'identification_file': fp
}
response = self.client.post(reverse('applications:check_identification', args=('regulation17',)),
post_params)
self.assertRedirects(response, reverse('applications:create_select_profile', args=('regulation17',)),
status_code=302, target_status_code=200, fetch_redirect_response=False)
# update customer
self.customer = EmailUser.objects.get(email=self.customer.email)
# assert customer's ID is the uploaded file
self.assertEqual(self.customer.identification.filename, 'test_id.jpg')
def test_check_identification_required_current_id(self):
"""Testing that a user can display the identification required page in the case the user has a
current identification.
"""
self.client.login(self.customer.email)
with open(TEST_ID_PATH) as fp:
self.customer.identification = Document.objects.create(name='test_id')
self.customer.identification.file.save('test_id.jpg', File(fp), save=True)
self.customer.save()
# check that client is redirected to profile creation / selection page
response = self.client.get(reverse('applications:check_identification', args=('regulation17',)))
self.assertRedirects(response, reverse('applications:create_select_profile', args=('regulation17',)),
status_code=302, target_status_code=200, fetch_redirect_response=False)
def test_create_select_profile_create(self):
"""Testing that a user can display the create / select profile page and create a profile
in the case the user has no profile
"""
self.client.login(self.customer.email)
original_profile_count = self.customer.profile_set.count()
# create the application dict in the session first
# the session must be stored in a variable in order to be modifyable
# https://docs.djangoproject.com/en/1.9/topics/testing/tools/#persistent-state
session = self.client.session
session['application'] = {}
session.save()
# check that client can access the profile create/select page
response = self.client.get(reverse('applications:create_select_profile', args=('regulation17',)))
self.assertEqual(200, response.status_code)
# check there is not a profile selection form, meaning there is no profile
self.assertFalse('profile_selection_form' in response.context)
post_params = {
'name': 'Test Profile',
'email': '*****@*****.**',
'institution': 'Test Institution',
'line1': '1 Test Street',
'locality': 'Test Suburb',
'state': 'WA',
'country': 'AU',
'postcode': '0001',
'create': True
}
response = self.client.post(reverse('applications:create_select_profile', args=('regulation17',)), post_params)
# check that client is redirected to enter details page
self.assertRedirects(response, reverse('applications:enter_details', args=('regulation17',)),
status_code=302, target_status_code=200, fetch_redirect_response=False)
# chech that a new profile was created
self.assertEqual(self.customer.profile_set.count(), original_profile_count + 1)
# check the created profile has been set in the session
self.assertTrue('profile' in self.client.session['application'])
def test_create_select_profile_select(self):
"""Testing that a user can display the create / select profile page and select a profile
in the case the user has one or more existing profiles
"""
self.client.login(self.customer.email)
# create profiles
address1 = Address.objects.create(line1='1 Test Street', locality='Test Suburb', state='WA', postcode='0001')
Profile.objects.create(user=self.customer, name='Test Profile', email='*****@*****.**',
institution='Test Institution', postal_address=address1)
address2 = Address.objects.create(line1='2 Test Street', locality='Test Suburb', state='WA', postcode='0001')
profile2 = Profile.objects.create(user=self.customer, name='Test Profile 2', email='*****@*****.**',
institution='Test Institution', postal_address=address2)
# create the application dict in the session first
# the session must be stored in a variable in order to be modifyable
# https://docs.djangoproject.com/en/1.9/topics/testing/tools/#persistent-state
session = self.client.session
session['application'] = {}
session.save()
# check that client can access the profile create/select page
response = self.client.get(reverse('applications:create_select_profile', args=('regulation17',)))
self.assertEqual(200, response.status_code)
# check there is a profile selection form, meaning there at least one existing profile
self.assertTrue('profile_selection_form' in response.context)
post_params = {
'profile': profile2.pk,
'select': True
}
response = self.client.post(reverse('applications:create_select_profile', args=('regulation17',)), post_params)
# check that client is redirected to enter details page
self.assertRedirects(response, reverse('applications:enter_details', args=('regulation17',)),
status_code=302, target_status_code=200, fetch_redirect_response=False)
# check the profile has been set in the session
self.assertTrue('profile' in self.client.session['application'])
# check that the profile in the session is the selected profile
self.assertEqual(self.client.session['application']['profile'], profile2.pk)
def test_enter_details_draft(self):
"""Testing that a user can enter the details of an application form and save as a draft
"""
self.client.login(self.customer.email)
# create profiles
address = Address.objects.create(line1='1 Test Street', locality='Test Suburb', state='WA', postcode='0001')
profile = Profile.objects.create(user=self.customer, name='Test Profile', email='*****@*****.**',
institution='Test Institution', postal_address=address)
# create the application dict in the session first
# the session must be stored in a variable in order to be modifyable
# https://docs.djangoproject.com/en/1.9/topics/testing/tools/#persistent-state
session = self.client.session
session['application'] = {'profile': profile.pk}
session.save()
original_applications_count = profile.application_set.count()
# check that client can access the enter details page
response = self.client.get(reverse('applications:enter_details', args=('regulation17',)))
self.assertEqual(200, response.status_code)
post_params = {
'project_title': 'Test Title',
'draft': True
}
response = self.client.post(reverse('applications:enter_details', args=('regulation17',)), post_params)
# check that client is redirected to the dashboard
self.assertRedirects(response, reverse('dashboard:home'), status_code=302, target_status_code=200,
fetch_redirect_response=False)
# check that a new application was created
self.assertEqual(profile.application_set.count(), original_applications_count + 1)
# check that the state of the application is draft
self.assertEqual(profile.application_set.first().processing_status, 'draft')
def test_enter_details_draft_continue(self):
"""Testing that a user can enter the details of an application form and save as a draft
and continue editing"""
self.client.login(self.customer.email)
# create profiles
address = Address.objects.create(line1='1 Test Street', locality='Test Suburb', state='WA', postcode='0001')
profile = Profile.objects.create(user=self.customer, name='Test Profile', email='*****@*****.**',
institution='Test Institution', postal_address=address)
# create the application dict in the session first
# the session must be stored in a variable in order to be modifyable
# https://docs.djangoproject.com/en/1.9/topics/testing/tools/#persistent-state
session = self.client.session
session['application'] = {'profile': profile.pk}
session.save()
original_applications_count = profile.application_set.count()
# check that client can access the enter details page
response = self.client.get(reverse('applications:enter_details', args=('regulation17',)))
self.assertEqual(200, response.status_code)
post_params = {
'project_title': 'Test Title',
'draft_continue': True
}
response = self.client.post(reverse('applications:enter_details', args=('regulation17',)), post_params)
# check that client is redirected to enter details page
self.assertRedirects(response, reverse('applications:enter_details',
args=('regulation17', profile.application_set.first().pk)),
status_code=302, target_status_code=200, fetch_redirect_response=False)
# check that a new application was created
self.assertEqual(profile.application_set.count(), original_applications_count + 1)
# check that the state of the application is draft
self.assertEqual(profile.application_set.first().processing_status, 'draft')
def test_enter_details_preview(self):
"""Testing that a user can enter the details of an application form and that the data is
saved in the session for previewing
"""
self.client.login(self.customer.email)
# create profiles
address = Address.objects.create(line1='1 Test Street', locality='Test Suburb', state='WA', postcode='0001')
profile = Profile.objects.create(user=self.customer, name='Test Profile', email='*****@*****.**',
institution='Test Institution', postal_address=address)
# create the application dict in the session first
# the session must be stored in a variable in order to be modifyable
# https://docs.djangoproject.com/en/1.9/topics/testing/tools/#persistent-state
session = self.client.session
session['application'] = {'profile': profile.pk}
session.save()
# check that client can access the enter details page
response = self.client.get(reverse('applications:enter_details', args=('regulation17',)))
self.assertEqual(200, response.status_code)
post_params = {
'project_title': 'Test Title',
'lodge': True
}
response = self.client.post(reverse('applications:enter_details', args=('regulation17',)), post_params)
# check the data has been set in the session
self.assertTrue('data' in self.client.session['application'])
# check that the profile in the session is the selected profile
self.assertEqual(self.client.session['application']['data'].get('project_title', ''), 'Test Title')
def test_enter_details_lodge(self):
"""Testing that a user can preview the details of an application form then lodge the application
"""
self.client.login(self.customer.email)
# create profiles
address = Address.objects.create(line1='1 Test Street', locality='Test Suburb', state='WA', postcode='0001')
profile = Profile.objects.create(user=self.customer, name='Test Profile', email='*****@*****.**',
institution='Test Institution', postal_address=address)
# create the application dict in the session first
# the session must be stored in a variable in order to be modifyable
# https://docs.djangoproject.com/en/1.9/topics/testing/tools/#persistent-state
session = self.client.session
session['application'] = {'profile': profile.pk, 'data': {'project_title': 'Test Title'}}
session.save()
original_applications_count = profile.application_set.count()
# check that client can access the enter details page
response = self.client.get(reverse('applications:preview', args=('regulation17',)))
self.assertEqual(200, response.status_code)
post_params = {
'lodge': True
}
response = self.client.post(reverse('applications:preview', args=('regulation17',)), post_params)
# chech that a new applicaiton was created
self.assertEqual(profile.application_set.count(), original_applications_count + 1)
# check that the state of the application is draft
self.assertEqual(profile.application_set.first().processing_status, 'new')
class TestViewAccess(TestCase):
def setUp(self):
self.client = SocialClient()
self.user = get_or_create_default_customer()
self.officer = get_or_create_default_officer()
self.application = create_and_lodge_application(
self.user, **{'data': {
'title': 'My Application'
}})
self.process_urls_get = [
reverse('wl_applications:process', args=[self.application.pk]),
]
self.process_urls_post = [
{
'url':
reverse('wl_applications:process', args=[self.application.pk]),
'data': {
'applicationID': self.application.pk,
}
},
{
'url': reverse('wl_applications:assign_officer'),
'data': {
'applicationID': self.application.pk,
'userID': self.officer.pk,
}
},
{
'url': reverse('wl_applications:set_id_check_status'),
'data': {
'applicationID': self.application.pk,
'status': 'accepted',
}
},
{
'url': reverse('wl_applications:id_request'),
'data': {
'applicationID': self.application.pk,
}
},
{
'url': reverse('wl_applications:set_character_check_status'),
'data': {
'applicationID': self.application.pk,
'status': 'accepted',
}
},
{
'url': reverse('wl_applications:set_review_status'),
'data': {
'applicationID': self.application.pk,
'status': 'accepted',
}
},
{
'url': reverse('wl_applications:amendment_request'),
'data': {
'applicationID': self.application.pk,
}
},
{
'url': reverse('wl_applications:send_for_assessment'),
'data': {
'applicationID': self.application.pk,
'assGroupID': get_or_create_default_assessor_group().pk,
'status': 'awaiting_assessment'
}
},
{
'url': reverse('wl_applications:remind_assessment'),
'data': {
'applicationID': self.application.pk,
'assessmentID':
get_or_create_assessment(self.application).pk
}
},
]
def tearDown(self):
self.client.logout()
def test_customer_access(self):
"""
A Customer cannot access any URL
"""
# not logged-in
for url in self.process_urls_get:
response = self.client.get(url, follow=True)
self.assertTrue(is_login_page(response))
for url in self.process_urls_post:
response = self.client.post(url['url'], url['data'], follow=True)
self.assertTrue(is_login_page(response))
# logged-in. Should redirect to dashboard
self.client.login(self.user.email)
for url in self.process_urls_get:
response = self.client.get(url, follow=True)
self.assertRedirects(response,
reverse('wl_dashboard:tables_customer'),
status_code=302,
target_status_code=200)
for url in self.process_urls_post:
response = self.client.post(url['url'], url['data'], follow=True)
self.assertRedirects(response,
reverse('wl_dashboard:tables_customer'),
status_code=302,
target_status_code=200)
def test_officer_access(self):
self.client.login(self.officer.email)
for url in self.process_urls_get:
response = self.client.get(url, follow=False)
self.assertEqual(200, response.status_code)
for url in self.process_urls_post:
response = self.client.post(url['url'], url['data'], follow=True)
self.assertEquals(200, response.status_code)
class TestViewAccess(TestCase):
fixtures = ['licences.json', 'conditions.json', 'returns.json']
def setUp(self):
self.client = SocialClient()
self.user = get_or_create_default_customer()
self.officer = get_or_create_default_officer()
self.application = app_helpers.create_and_lodge_application(
self.user, **{'data': {
'title': 'My Application'
}})
self.assessment = app_helpers.get_or_create_assessment(
self.application)
self.condition = Condition.objects.first()
self.assessment_condition = AssessmentCondition.objects.create(
assessment=self.assessment, condition=self.condition, order=1)
self.urls_get = [
reverse('wl_applications:enter_conditions',
args=[self.application.pk]),
reverse('wl_applications:search_conditions')
]
self.urls_post = [
{
'url':
reverse('wl_applications:create_condition',
args=[self.application.pk]),
'data': {
'code': '123488374',
'text': 'condition text'
}
},
{
'url':
reverse('wl_applications:set_assessment_condition_state'),
'data': {
'assessmentConditionID': self.assessment_condition.pk,
'acceptanceStatus': 'accepted',
}
},
{
'url':
reverse('wl_applications:enter_conditions',
args=[self.application.pk]),
'data': {
'conditionID': [self.condition.pk],
}
},
]
def tearDown(self):
self.client.logout()
def test_customer_access(self):
"""
A Customer cannot access any URL
"""
# not logged-in
for url in self.urls_get:
response = self.client.get(url, follow=True)
self.assertTrue(is_login_page(response))
for url in self.urls_post:
response = self.client.post(url['url'], url['data'], follow=True)
self.assertTrue(is_login_page(response))
# logged-in. Should throw a 403 or redirect to login
self.client.login(self.user.email)
for url in self.urls_get:
response = self.client.get(url, follow=True)
if response.status_code != 403:
self.assertRedirects(response,
reverse('wl_dashboard:tables_customer'),
status_code=302,
target_status_code=200)
for url in self.urls_post:
response = self.client.post(url['url'], url['data'], follow=True)
if response.status_code != 403:
self.assertRedirects(response,
reverse('wl_dashboard:tables_customer'),
status_code=302,
target_status_code=200)
def test_officer_access(self):
"""
Officer should be able to access any views
"""
self.client.login(self.officer.email)
for url in self.urls_get:
response = self.client.get(url, follow=False)
self.assertEqual(200, response.status_code)
for url in self.urls_post:
response = self.client.post(url['url'], url['data'], follow=True)
self.assertEquals(200, response.status_code)
def test_assessor_access_limited(self):
"""
Test that an assessor cannot edit an assessment that doesn't belong to their group
All accessor can search conditions
"""
assessor = get_or_create_default_assessor()
self.client.login(assessor.email)
# This assessor doesn't belong to a group
self.assertTrue(is_assessor(assessor))
self.assertFalse(get_user_assessor_groups(assessor))
# forbidden
urls_get_forbidden = [
reverse('wl_applications:enter_conditions',
args=[self.application.pk]),
reverse('wl_applications:enter_conditions_assessor',
args=[self.application.pk, self.assessment.pk]),
]
urls_post_forbidden = [
{
'url':
reverse('wl_applications:create_condition',
args=[self.application.pk]),
'data': {
'code': '123488374',
'text': 'condition text'
}
},
{
'url':
reverse('wl_applications:set_assessment_condition_state'),
'data': {
'assessmentConditionID': self.assessment_condition.pk,
'acceptanceStatus': 'accepted',
}
},
{
'url':
reverse('wl_applications:enter_conditions',
args=[self.application.pk]),
'data': {
'conditionID': [self.condition.pk],
}
},
{
'url':
reverse('wl_applications:enter_conditions_assessor',
args=[self.application.pk, self.assessment.pk]),
'data': {
'conditionID': [self.condition.pk],
}
},
]
# Allowed
urls_get_allowed = [reverse('wl_applications:search_conditions')]
urls_post_allowed = []
for url in urls_get_forbidden:
response = self.client.get(url, follow=True)
if response.status_code != 403:
self.assertRedirects(response,
reverse('wl_dashboard:tables_assessor'),
status_code=302,
target_status_code=200)
for url in urls_post_forbidden:
response = self.client.post(url['url'], url['data'], follow=True)
if response.status_code != 403:
self.assertRedirects(response,
reverse('wl_dashboard:tables_assessor'),
status_code=302,
target_status_code=200)
for url in urls_get_allowed:
response = self.client.get(url, follow=True)
self.assertEqual(200, response.status_code)
for url in urls_post_allowed:
response = self.client.post(url['url'], url['data'], follow=True)
self.assertEqual(200, response.status_code)
def test_assessor_access_normal(self):
"""
Test that an assessor can edit an assessment that belongs to their group
"""
assessor = get_or_create_default_assessor()
self.client.login(assessor.email)
# This assessor doesn't belong to a group
self.assertTrue(is_assessor(assessor))
# add the assessor to the assessment group
self.assertTrue(
Assessment.objects.filter(
application=self.application).count() > 0)
for assessment in Assessment.objects.filter(
application=self.application):
add_assessor_to_assessor_group(assessor, assessment.assessor_group)
# forbidden
urls_get_forbidden = [
reverse('wl_applications:enter_conditions',
args=[self.application.pk]),
]
urls_post_forbidden = [
{
'url':
reverse('wl_applications:create_condition',
args=[self.application.pk]),
'data': {
'code': '123488374',
'text': 'condition text'
}
},
{
'url':
reverse('wl_applications:set_assessment_condition_state'),
'data': {
'assessmentConditionID': self.assessment_condition.pk,
'acceptanceStatus': 'accepted',
}
},
{
'url':
reverse('wl_applications:enter_conditions',
args=[self.application.pk]),
'data': {
'conditionID': [self.condition.pk],
}
},
]
# Allowed
urls_get_allowed = [
reverse('wl_applications:search_conditions'),
reverse('wl_applications:enter_conditions_assessor',
args=[self.application.pk, self.assessment.pk]),
]
urls_post_allowed = [
{
'url':
reverse('wl_applications:enter_conditions_assessor',
args=[self.application.pk, self.assessment.pk]),
'data': {
'conditionID': [self.condition.pk],
}
},
]
for url in urls_get_forbidden:
response = self.client.get(url, follow=True)
if response.status_code != 403:
self.assertRedirects(response,
reverse('wl_dashboard:tables_assessor'),
status_code=302,
target_status_code=200)
for url in urls_post_forbidden:
response = self.client.post(url['url'], url['data'], follow=True)
if response.status_code != 403:
self.assertRedirects(response,
reverse('wl_dashboard:tables_assessor'),
status_code=302,
target_status_code=200)
for url in urls_get_allowed:
response = self.client.get(url, follow=True)
self.assertEqual(200, response.status_code)
for url in urls_post_allowed:
response = self.client.post(url['url'], url['data'], follow=True)
self.assertEqual(200, response.status_code)
class TestStatusLifeCycle(TestCase):
fixtures = ['licences.json']
def setUp(self):
self.client = SocialClient()
self.officer = get_or_create_default_officer()
self.user = get_or_create_default_customer()
self.assertNotEqual(self.officer, self.user)
def tearDown(self):
self.client.logout()
clear_mailbox()
clear_all_id_files()
def test_id_update(self):
"""
Test that when an ID update is required and the users update their ID the customer and id status are correctly
updated
"""
application = create_and_lodge_application(self.user)
self.client.login(self.officer.email)
self.assertTrue(is_client_authenticated(self.client))
clear_mailbox()
data = {
'officer': self.officer.pk,
'application': application.pk,
'reason': IDRequest.REASON_CHOICES[0][0],
'text': 'you to upload an ID.'
}
url = reverse('wl_applications:id_request')
self.assertFalse(is_email())
response = self.client.post(url, data)
self.assertEqual(200, response.status_code)
resp_data = json.loads(response.content.decode('utf8'))
self.assertIn('id_check_status', resp_data)
self.assertIn('processing_status', resp_data)
application.refresh_from_db()
self.assertEqual('id_required', application.customer_status)
self.assertEqual('awaiting_update', application.id_check_status)
self.assertEqual('awaiting_applicant_response', application.processing_status)
self.assertTrue(is_email())
email = get_email()
self.assertIn(application.applicant_profile.email, email.to)
self.assertEqual(ApplicationIDUpdateRequestedEmail.subject, email.subject)
# now user upload ID
self.client.logout()
self.assertIsNone(self.user.identification)
self.client.login(self.user.email)
self.assertTrue(is_client_authenticated(self.client))
self.client.get(reverse('wl_main:identification'))
upload_id(self.user)
self.user.refresh_from_db()
self.assertIsNotNone(self.user.identification)
application.refresh_from_db()
self.assertEqual('updated', application.id_check_status)
self.assertEqual('under_review', application.customer_status)
self.assertEqual('ready_for_action', application.processing_status)
def test_application_amendment(self):
"""
Test that when an amendment is required, the user receives an email and can amend their application. When the
user relodged, the officer can see the amendment and set the review status accordingly.
"""
application = create_and_lodge_application(self.user)
self.assertFalse(application.can_user_edit)
self.client.login(self.officer.email)
post_data = {
'officer': self.officer.pk,
'application': application.pk,
'reason': AmendmentRequest.REASON_CHOICES[0][0],
'text': 'Application needs more data'
}
response = self.client.post(reverse('wl_applications:amendment_request'), post_data)
self.assertEqual(200, response.status_code)
resp_data = json.loads(response.content.decode('utf8'))
application.refresh_from_db()
self.assertIn('review_status', resp_data)
self.assertEquals(resp_data['review_status'], utils.REVIEW_STATUSES[application.review_status])
self.assertIn('processing_status', resp_data)
self.assertEquals(resp_data['processing_status'], utils.PROCESSING_STATUSES[application.processing_status])
self.assertEqual(application.customer_status, 'amendment_required')
self.assertEqual(application.processing_status, 'awaiting_applicant_response')
self.assertEqual(application.review_status, 'awaiting_amendments')
amendment_request = AmendmentRequest.objects.filter(application=application).first()
self.assertIsNotNone(amendment_request)
self.assertEquals(amendment_request.status, 'requested')
self.assertTrue(is_email())
email = get_email()
self.assertIn(application.applicant_profile.email, email.to)
self.assertEqual(ApplicationAmendmentRequestedEmail.subject, email.subject)
# user logs in
self.client.logout()
self.client.login(self.user.email)
self.assertTrue(application.can_user_edit)
response = self.client.get(reverse('wl_applications:edit_application', args=(application.pk,)), follow=True)
# check that client will be redirected to the enter details page
self.assertRedirects(response, reverse('wl_applications:enter_details'), status_code=302,
target_status_code=200)
# edit and resubmit data
post_params = {
'project_title-0-0': 'New Title',
'lodge': True
}
response = self.client.post(reverse('wl_applications:enter_details'), post_params)
# check that client is redirected to preview
self.assertRedirects(response, reverse('wl_applications:preview'),
status_code=302, target_status_code=200, fetch_redirect_response=False)
response = self.client.post(reverse('wl_applications:preview'))
# FIXME: simulate full checkout process instead of skipping
self.client.get(reverse('wl_applications:complete'))
application.refresh_from_db()
self.assertFalse(application.can_user_edit)
self.assertEqual(application.data[0]['project_details'][0]['project_title'], 'New Title')
self.assertEqual(application.customer_status, 'under_review')
self.assertEqual(application.processing_status, 'ready_for_action')
self.assertEqual(application.review_status, 'amended')
amendment_request.refresh_from_db()
self.assertEquals(amendment_request.status, 'amended')
# officer logs in
self.client.logout()
self.client.login(self.officer.email)
post_data = {
'applicationID': application.id,
'status': 'accepted'
}
response = self.client.post(reverse('wl_applications:set_review_status'), post_data)
self.assertEquals(response.status_code, 200)
application.refresh_from_db()
self.assertEquals(application.review_status, 'accepted')
def test_character_check(self):
"""
Test that the character check shows for questionable characters
"""
self.user.character_flagged = True
self.user.save()
application = create_and_lodge_application(self.user)
self.assertEquals(application.character_check_status, 'not_checked')
self.client.login(self.officer.email)
response = self.client.get(reverse('wl_applications:process', args=(application.pk,)))
self.assertContains(response, '<span class="glyphicon glyphicon-user"></span>')
post_data = {
'applicationID': application.id,
'status': 'accepted'
}
response = self.client.post(reverse('wl_applications:set_character_check_status'), post_data)
self.assertEquals(response.status_code, 200)
application.refresh_from_db()
self.assertEquals(application.character_check_status, 'accepted')
def test_issued_status_after_entering_condition(self):
"""
Test that if an application has been issued, entering condition leave the status as issued
@see https://kanboard.dpaw.wa.gov.au/?controller=TaskViewController&action=show&task_id=2736&project_id=24
"""
application = create_and_lodge_application(self.user)
# set some conditions
url = reverse('wl_applications:enter_conditions', args=[application.pk])
condition = get_or_create_condition('0001', {"text": "For unit test"})
data = {
'conditionID': [condition.pk]
}
self.client.login(self.officer.email)
self.assertTrue(is_client_authenticated(self.client))
resp = self.client.post(url, data=data, follow=True)
self.assertEquals(200, resp.status_code)
application.refresh_from_db()
self.assertEquals(application.processing_status, 'ready_to_issue')
# issue licence
url = reverse('wl_applications:issue_licence', args=[application.pk])
today = datetime.date.today()
tomorrow = today + datetime.timedelta(days=1)
data = {
'regions': [G(Region).pk],
'return_frequency': -1,
'issue_date': str(today),
'start_date': str(today),
'end_date': str(tomorrow)
}
resp = self.client.post(url, data=data, follow=True)
self.assertEquals(200, resp.status_code)
application.refresh_from_db()
self.assertEquals(application.processing_status, 'issued')
# now repost conditions
url = reverse('wl_applications:enter_conditions', args=[application.pk])
condition = get_or_create_condition('0001', {"text": "For unit test"})
data = {
'conditionID': [condition.pk]
}
resp = self.client.post(url, data=data, follow=True)
self.assertEquals(200, resp.status_code)
application.refresh_from_db()
# status should not be 'ready_to_issue' but 'issued'
expected_status = 'issued'
self.assertEquals(application.processing_status, expected_status)
def test_issued_declined_licences_cannot_be_assessed(self):
"""
Test that if a licence has been issued or application declined, assessments can no longer be done.
@see https://kanboard.dpaw.wa.gov.au/?controller=TaskViewController&action=show&task_id=2743&project_id=24
"""
# create application to issue
application = create_and_lodge_application(self.user)
# send out assessment
assessment = get_or_create_assessment(application)
self.assertEquals(assessment.status, 'awaiting_assessment')
self.client.login(self.officer.email)
# issue licence
url = reverse('wl_applications:issue_licence', args=[application.pk])
today = datetime.date.today()
tomorrow = today + datetime.timedelta(days=1)
data = {
'regions': [G(Region).pk],
'return_frequency': -1,
'issue_date': str(today),
'start_date': str(today),
'end_date': str(tomorrow)
}
resp = self.client.post(url, data=data, follow=True)
self.assertEquals(200, resp.status_code)
application.refresh_from_db()
self.assertEquals(application.processing_status, 'issued')
assessment.refresh_from_db()
self.assertEquals(assessment.status, 'assessment_expired')
# create application to decline
application = create_and_lodge_application(self.user)
# send out assessment
assessment = get_or_create_assessment(application)
self.assertEquals(assessment.status, 'awaiting_assessment')
# decline licence
resp = self.client.post(reverse('wl_applications:process', args=[application.pk]), data={'decline': True},
follow=True)
self.assertEquals(200, resp.status_code)
assessment.refresh_from_db()
self.assertEquals(assessment.status, 'assessment_expired')
def test_declined_applications_status(self):
"""
Test that if an application has been declined, the officer and customer will both have a declined status
@see https://kanboard.dpaw.wa.gov.au/?controller=TaskViewController&action=show&task_id=2741&project_id=24
"""
# create application to decline
application = create_and_lodge_application(self.user)
self.client.login(self.officer.email)
# decline licence
resp = self.client.post(reverse('wl_applications:process', args=[application.pk]),
data={'decline': True, 'reason': 'N/A'},
follow=True)
self.assertEquals(200, resp.status_code)
application.refresh_from_db()
self.assertEquals(application.customer_status, 'declined')
self.assertEquals(application.processing_status, 'declined')
# Test that the reason is stored
details = ApplicationDeclinedDetails.objects.filter(application=application).first()
self.assertIsNotNone(details)
self.assertEqual(application, details.application)
self.assertEqual(self.officer, details.officer)
self.assertEquals('N/A', details.reason)
class AccountsTestCase(TestCase):
def setUp(self):
create_default_country()
self.customer = get_or_create_default_customer()
self.officer = get_or_create_default_officer()
self.client = SocialClient()
def tearDown(self):
self.client.logout()
# clean id file
if self.customer.identification:
os.remove(self.customer.identification.path)
def test_profile_list(self):
"""Testing that a user can display the profile list if they are a customer"""
self.client.login(self.customer.email)
# check that client can access the profile list
response = self.client.get(reverse('wl_main:list_profiles'))
self.assertEqual(200, response.status_code)
def test_profile_list_non_customer(self):
"""Testing that a user cannot display the profile list if they are not a customer"""
self.client.login(self.officer.email)
# check that client gets redirected if they try to access the profile list
response = self.client.get(reverse('wl_main:list_profiles'))
self.assertEqual(403, response.status_code)
def test_create_profile(self):
"""Testing that a user can create a profile"""
self.client.login(self.customer.email)
original_profile_count = Profile.objects.filter(
user=self.customer).count()
# check that client can access the create profile page
response = self.client.get(reverse('wl_main:create_profile'))
self.assertEqual(200, response.status_code)
post_params = {
'user': self.customer.pk,
'name': 'Test Profile',
'email': '*****@*****.**',
'institution': 'Test Institution',
'line1': '1 Test Street',
'locality': 'Test Suburb',
'state': 'WA',
'country': 'AU',
'postcode': '0001'
}
response = self.client.post(reverse('wl_main:create_profile'),
post_params)
self.assertEqual(302, response.status_code)
# check that a new profile has been created
self.assertEquals(
Profile.objects.filter(user=self.customer).count(),
original_profile_count + 1)
def test_edit_profile(self):
"""Testing that a user can edit an existing profile"""
self.client.login(self.customer.email)
# check no profile
self.assertEquals(0,
Profile.objects.filter(user=self.customer).count())
# create original profile
# address = Address.objects.create(line1='1 Test Street', locality='Test Suburb', state='WA', postcode='0001')
# profile = Profile.objects.create(user=self.customer, name='Test Profile', email='*****@*****.**',
# institution='Test Institution', postal_address=address)
post_params = {
'user': self.customer.pk,
'name': 'Test Profile',
'email': '*****@*****.**',
'institution': 'Test Institution',
'line1': '1 Test Street',
'locality': 'Test Suburb',
'state': 'WA',
'country': 'AU',
'postcode': '0001'
}
response = self.client.post(reverse('wl_main:create_profile'),
post_params)
self.assertEqual(302, response.status_code)
# check that one profile has been created
self.assertEquals(1,
Profile.objects.filter(user=self.customer).count())
profile = Profile.objects.filter(user=self.customer).first()
# check that client can access the edit profile page
response = self.client.get(
reverse('wl_main:edit_profile', args=(profile.pk, )))
self.assertEqual(200, response.status_code)
# updated profile
post_params['name'] = 'Updated Profile'
post_params['line1'] = 'New Line 1'
response = self.client.post(
reverse('wl_main:edit_profile', args=(profile.pk, )), post_params)
self.assertEqual(302, response.status_code)
# get updated profile
self.assertEquals(1,
Profile.objects.filter(user=self.customer).count())
profile = Profile.objects.filter(user=self.customer).first()
# check that the profile has been edited
self.assertEquals(profile.name, 'Updated Profile')
self.assertEquals(profile.postal_address.line1, 'New Line 1')
def test_manage_id(self):
"""Testing that a user can access the manage identification page"""
self.client.login(self.customer.email)
# check that client can access the manage identification page
response = self.client.get(reverse('wl_main:identification'))
self.assertEqual(200, response.status_code)
def test_upload_id(self):
"""Testing that a user can upload an ID image"""
self.client.login(self.customer.email)
self.assertIsNone(self.customer.identification)
response = self.client.get(reverse('wl_main:identification'))
self.assertEqual(200, response.status_code)
response = upload_id(self.customer)
self.assertEqual(200, response.status_code)
# update customer
self.customer.refresh_from_db()
self.assertIsNotNone(self.customer.identification)
class TestViewAccess(TestCase):
def setUp(self):
self.client = SocialClient()
self.user = get_or_create_default_customer()
self.officer = get_or_create_default_officer()
self.application = create_and_lodge_application(self.user, **{
'data': {
'title': 'My Application'
}
})
self.process_urls_get = [
reverse('wl_applications:process', args=[self.application.pk]),
]
self.process_urls_post = [
{
'url': reverse('wl_applications:process', args=[self.application.pk]),
'data': {
'applicationID': self.application.pk,
}
},
{
'url': reverse('wl_applications:assign_officer'),
'data': {
'applicationID': self.application.pk,
'userID': self.officer.pk,
}
},
{
'url': reverse('wl_applications:set_id_check_status'),
'data': {
'applicationID': self.application.pk,
'status': 'accepted',
}
},
{
'url': reverse('wl_applications:id_request'),
'data': {
'applicationID': self.application.pk,
}
},
{
'url': reverse('wl_applications:set_character_check_status'),
'data': {
'applicationID': self.application.pk,
'status': 'accepted',
}
},
{
'url': reverse('wl_applications:set_review_status'),
'data': {
'applicationID': self.application.pk,
'status': 'accepted',
}
},
{
'url': reverse('wl_applications:amendment_request'),
'data': {
'applicationID': self.application.pk,
}
},
{
'url': reverse('wl_applications:send_for_assessment'),
'data': {
'applicationID': self.application.pk,
'assGroupID': get_or_create_default_assessor_group().pk,
'status': 'awaiting_assessment'
}
},
{
'url': reverse('wl_applications:remind_assessment'),
'data': {
'applicationID': self.application.pk,
'assessmentID': get_or_create_assessment(self.application).pk
}
},
]
def tearDown(self):
self.client.logout()
def test_customer_access(self):
"""
A Customer cannot access any URL
"""
# not logged-in
for url in self.process_urls_get:
response = self.client.get(url, follow=True)
self.assertTrue(is_login_page(response))
for url in self.process_urls_post:
response = self.client.post(url['url'], url['data'], follow=True)
self.assertTrue(is_login_page(response))
# logged-in. Should get a 403
self.client.login(self.user.email)
for url in self.process_urls_get:
response = self.client.get(url, follow=True)
self.assertEqual(response.status_code, 403)
for url in self.process_urls_post:
response = self.client.post(url['url'], url['data'], follow=True)
self.assertEqual(response.status_code, 403)
def test_officer_access(self):
self.client.login(self.officer.email)
for url in self.process_urls_get:
response = self.client.get(url, follow=False)
self.assertEqual(200, response.status_code)
for url in self.process_urls_post:
response = self.client.post(url['url'], url['data'], follow=True)
self.assertEquals(200, response.status_code)
class ApplicationEntrySecurity(TransactionTestCase):
fixtures = ['licences.json']
serialized_rollback = True
def setUp(self):
self.client = SocialClient()
def tearDown(self):
self.client.logout()
def test_user_access_other_user(self):
"""
Test that a user cannot edit/view another user application
"""
customer1 = create_random_customer()
customer2 = create_random_customer()
self.assertNotEqual(customer1, customer2)
application1 = helpers.create_application(user=customer1)
application2 = helpers.create_application(user=customer2)
self.assertNotEqual(application1, application2)
# login as user1
self.client.login(customer1.email)
my_url = reverse('wl_applications:edit_application', args=[application1.pk])
response = self.client.get(my_url)
self.assertEqual(302, response.status_code)
forbidden_urls = [
reverse('wl_applications:edit_application', args=[application2.pk]),
]
for forbidden_url in forbidden_urls:
response = self.client.get(forbidden_url, follow=True)
self.assertEqual(403, response.status_code)
def test_user_access_lodged(self):
"""
Once the application if lodged the user should not be able to edit it
"""
customer1 = create_random_customer()
self.client.login(customer1)
self.client.get(reverse('wl_applications:new_application'))
self.client.get(reverse('wl_applications:select_licence_type', args=(1,)))
application = Application.objects.first()
self.assertIsNotNone(application)
self.assertIsNotNone(application.applicant)
# check that the state of the application is temp
self.assertEqual(application.processing_status, 'temp')
response = self.client.post(reverse('wl_applications:preview'))
# check that client is redirected to checkout
self.assertRedirects(response, reverse('wl_payments:checkout_application', args=(application.pk,)),
status_code=302, target_status_code=200, fetch_redirect_response=False)
application.refresh_from_db()
# check that the state of the application is new/underreview
self.assertEqual(application.processing_status, 'new')
self.assertEqual('under_review', application.customer_status)
response = self.client.get(reverse('wl_applications:edit_application', args=[application.pk]), follow=True)
self.assertEqual(403, response.status_code)
def test_user_not_logged_is_redirected_to_login(self):
"""
A user not logged in should be redirected to the login page and not see a 403
"""
customer1 = create_random_customer()
self.client.login(customer1)
self.client.get(reverse('wl_applications:new_application'))
self.client.get(reverse('wl_applications:select_licence_type', args=(1,)))
application = Application.objects.first()
self.assertIsNotNone(application)
# check that the state of the application is temp
self.assertEqual(application.processing_status, 'temp')
response = self.client.post(reverse('wl_applications:preview'))
# check that client is redirected to checkout
self.assertRedirects(response, reverse('wl_payments:checkout_application', args=(application.pk,)),
status_code=302, target_status_code=200, fetch_redirect_response=False)
application.refresh_from_db()
# check that the state of the application is new/underreview
self.assertEqual(application.processing_status, 'new')
self.assertEqual('under_review', application.customer_status)
# logout
self.client.logout()
response = self.client.get(reverse('wl_applications:edit_application', args=[application.pk]), follow=True)
self.assertEqual(200, response.status_code)
self.assertTrue(is_login_page(response))
class ReturnsTestCase(TestCase):
fixtures = [
'licences.json', 'countries.json', 'catalogue.json', 'partner.json',
'returns.json'
]
def setUp(self):
self.customer = get_or_create_default_customer(
include_default_profile=True)
self.officer = get_or_create_default_officer()
self.client = SocialClient()
self.licence = create_licence(self.customer,
self.officer,
product_title='regulation-17')
self.ret = create_return(self.licence)
def tearDown(self):
self.client.logout()
def test_returns_lodgement_page(self):
"""Testing that a user can access the returns lodgement page"""
self.client.login(self.customer.email)
# check that client can access the licence type selection list
response = self.client.get(
reverse('wl_returns:enter_return', args=(self.ret.pk, )))
self.assertEqual(200, response.status_code)
def test_lodge_nil_return(self):
"""Testing that a user can log a nil return"""
self.client.login(self.customer.email)
post_params = {'nil': True, 'comments': 'No survey taken'}
response = self.client.post(
reverse('wl_returns:enter_return', args=(self.ret.pk, )),
post_params)
self.assertRedirects(response,
reverse('home'),
status_code=302,
target_status_code=200,
fetch_redirect_response=False)
def test_upload_return_spreadsheet(self):
"""Testing that a user can upload a return spreadsheet"""
self.client.login(self.customer.email)
with open(TEST_SPREADSHEET_PATH, 'rb') as fp:
post_params = {'upload': True, 'spreadsheet_file': fp}
response = self.client.post(
reverse('wl_returns:enter_return', args=(self.ret.pk, )),
post_params)
self.assertEqual(200, response.status_code)
# assert values in the response context match those in the spreadsheet
for key, value in response.context['tables'][0]['data'][0].items():
self.assertEqual(value['value'], TEST_VALUES[key])
def test_lodge_return(self):
"""Testing that a user can lodge a return"""
self.client.login(self.customer.email)
# check return status is intially 'current'
self.assertEqual(self.ret.status, 'current')
post_params = {
'lodge': True,
}
for key, value in TEST_VALUES.items():
post_params['regulation-17::{}'.format(key)] = value
response = self.client.post(
reverse('wl_returns:enter_return', args=(self.ret.pk, )),
post_params)
self.assertRedirects(response,
reverse('home'),
status_code=302,
target_status_code=200,
fetch_redirect_response=False)
self.ret.refresh_from_db()
# check return status is 'submitted'
self.assertEqual(self.ret.status, 'submitted')
# assert values in the return is what is expected
for key, value in self.ret.returntable_set.first().returnrow_set.first(
).data.items():
self.assertEqual(value, str(TEST_VALUES[key]))
class TestLifeCycle(TestCase):
fixtures = ['licences.json', 'countries.json', 'catalogue.json', 'partner.json', 'returns.json']
def setUp(self):
self.customer = get_or_create_default_customer(include_default_profile=True)
self.officer = get_or_create_default_officer()
self.assessor = get_or_create_default_assessor()
self.not_allowed_customer = create_random_customer()
self.assertNotEqual(self.not_allowed_customer, self.customer)
self.client = SocialClient()
self.licence_type = get_or_create_licence_type('regulation-17')
self.return_type = get_or_create_return_type(self.licence_type)
def tearDown(self):
self.client.logout()
def _issue_licence(self, licence_data, **kwargs):
application = app_helpers.create_and_lodge_application(self.customer, **{
'applicant': kwargs.get('applicant', self.customer),
'licence_type': kwargs.get('licence_type', self.licence_type)
})
self.assertIsNotNone(application)
self.assertEqual(application.applicant, self.customer)
self.assertIsNone(application.proxy_applicant)
licence = app_helpers.issue_licence(
application,
kwargs.get('issuer', self.officer),
licence_data=licence_data
)
self.assertEqual(licence.holder, self.customer)
self.assertIsNotNone(licence)
return licence
def _lodge_reg17_return(self, ret, data=None):
post_params = {
'lodge': True,
}
data = data or TEST_VALUES
for key, value in data.items():
post_params['regulation-17::{}'.format(key)] = value
holder = ret.licence.holder
self.client.login(holder.email)
response = self.client.post(reverse('wl_returns:enter_return', args=(ret.pk,)), post_params)
self.assertRedirects(response, reverse('home'),
status_code=302, target_status_code=200, fetch_redirect_response=False)
ret.refresh_from_db()
self.client.logout()
return data
def _create_and_lodge_return(self):
start_date = date.today()
end_date = start_date + relativedelta(months=2) # 2 months licence
licence_data = {
'return_frequency': -1, # one off
'start_date': str(start_date),
'end_date': str(end_date)
}
licence = self._issue_licence(licence_data)
self.assertIsNotNone(licence)
ret = Return.objects.first()
expected_status = 'current'
self.assertEqual(ret.status, expected_status)
data = self._lodge_reg17_return(ret)
expected_status = 'submitted'
self.assertEqual(ret.status, expected_status)
return ret, data
def _create_lodge_and_amend_return(self):
ret, data = self._create_and_lodge_return()
expected_status = 'submitted'
self.assertEqual(ret.status, expected_status)
url = reverse('wl_returns:amendment_request')
curator = self.officer
self.client.login(curator.email)
payload = {
'ret': ret.pk,
'officer': curator.pk,
'reason': 'Chubby bat is not a valid species'
}
resp = self.client.post(url, data=payload)
self.assertEqual(resp.status_code, 200)
ret.refresh_from_db()
expected_status = 'amendment_required'
self.assertEqual(ret.status, expected_status)
self.assertEqual(ret.pending_amendments_qs.count(), 1)
self.client.logout()
return ret
def test_initial_states_with_future(self):
"""
Test that after the licence has been created some returns has been created according to the return frequency
and the licence end date
"""
# issue licence
# use a one year licence with a monthly return
start_date = today = date.today()
end_date = start_date + timedelta(days=366)
licence_data = {
'return_frequency': 1,
'start_date': str(start_date),
'end_date': str(end_date)
}
licence = self._issue_licence(licence_data)
self.assertIsNotNone(licence)
# 12 returns should have been created
rets = Return.objects.all().order_by('due_date')
self.assertEqual(rets.count(), 12)
# the first one should be in a month with status 'current'
current = rets.first()
self.assertEqual(current.status, 'current')
next_month = today + relativedelta(months=1)
self.assertEqual(current.due_date, next_month)
# the next ones should have the status 'future'
futures = rets[1:]
for i, future in enumerate(futures, start=1):
self.assertEqual(future.status, 'future')
expected_due_date = next_month + relativedelta(months=i)
self.assertEqual(future.due_date, expected_due_date)
def test_initial_one_off(self):
"""
Test one off. One return due at the licence end date
"""
start_date = date.today()
end_date = start_date + relativedelta(months=2) # 2 months licence
licence_data = {
'return_frequency': -1, # one off
'start_date': str(start_date),
'end_date': str(end_date)
}
licence = self._issue_licence(licence_data)
self.assertIsNotNone(licence)
rets = Return.objects.all()
self.assertEqual(rets.count(), 1)
# the first one should be in a month with status 'current'
current = rets.first()
self.assertEqual(current.status, 'current')
# due date should match the licence end date
expected_due_date = end_date
self.assertEqual(current.due_date, expected_due_date)
def test_enter_return_happy_path(self):
start_date = date.today()
end_date = start_date + relativedelta(months=2) # 2 months licence
licence_data = {
'return_frequency': -1, # one off
'start_date': str(start_date),
'end_date': str(end_date)
}
licence = self._issue_licence(licence_data)
self.assertIsNotNone(licence)
ret = Return.objects.first()
expected_status = 'current'
self.assertEqual(ret.status, expected_status)
self._lodge_reg17_return(ret)
expected_status = 'submitted'
self.assertEqual(ret.status, expected_status)
def test_curate_happy_path(self):
ret, data = self._create_and_lodge_return()
expected_status = 'submitted'
self.assertEqual(ret.status, expected_status)
url = reverse('wl_returns:curate_return', args=(ret.pk,))
curator = self.officer
self.client.login(curator.email)
# get method
response = self.client.get(url)
self.assertEqual(response.status_code, 200)
# the return data is in a 'tables' context (one per return type).
ctx = response.context
self.assertTrue('tables' in ctx)
# this return (reg-17) has only one table.
tables = ctx['tables']
self.assertEqual(len(tables), 1)
table = tables[0]
self.assertIsInstance(table, dict)
self.assertEqual(sorted(['headers', 'data', 'name', 'title']), sorted(table.keys()))
# verify data
sent_data = table['data']
# should be a list of rows
self.assertIsInstance(sent_data, list)
# we expect only one row
self.assertEqual(len(sent_data), 1)
sent_first_row = sent_data[0]
self.assertIsInstance(sent_first_row, dict)
# the values should match what the customer submitted
expected_data = TEST_VALUES
for expected_key, expected_value in expected_data.items():
self.assertTrue(expected_key in sent_first_row, "{} not in sent data".format(expected_key))
# each returned 'cell' contains the value and an error
sent_cell = sent_first_row.get(expected_key)
self.assertTrue('value' in sent_cell)
self.assertTrue('error' in sent_cell)
sent_value = sent_cell.get('value')
sent_error = sent_cell.get('error')
# we don't expect any error
self.assertIsNone(sent_error)
# all sent values are string
expected_value = str(expected_value)
self.assertEqual(sent_value, expected_value)
# post method
# changed the species name
new_species = 'Chubby bat'
data = TEST_VALUES
data['SPECIES_NAME'] = new_species
payload = {
'accept': True
}
for key, value in data.items():
payload['regulation-17::{}'.format(key)] = value
response = self.client.post(url, data=payload)
self.assertRedirects(response, reverse('home'),
status_code=302, target_status_code=200, fetch_redirect_response=False)
ret.refresh_from_db()
expected_status = 'accepted'
self.assertEqual(ret.status, expected_status)
# check value
data = ret.returntable_set.first().returnrow_set.first().data
self.assertEqual(data.get('SPECIES_NAME'), new_species)
def test_curate_request_amendments(self):
"""
Test workflow when an officer requests a amendment to a return, especially the status change and verify that
an email is sent to the user.
"""
ret, data = self._create_and_lodge_return()
expected_status = 'submitted'
self.assertEqual(ret.status, expected_status)
pending_amendments = ret.pending_amendments_qs
self.assertEqual(pending_amendments.count(), 0)
url = reverse('wl_returns:amendment_request')
curator = self.officer
self.client.login(curator.email)
# important clear mailbox
clear_mailbox()
self.assertEqual(len(mail.outbox), 0)
payload = {
'ret': ret.pk,
'officer': curator.pk,
'reason': 'Chubby bat is not a valid species'
}
resp = self.client.post(url, data=payload)
self.assertEqual(resp.status_code, 200)
# expect a json response with the return amendment serialized
resp_data = resp.json()
self.assertTrue('amendment_request' in resp_data)
# the reason should be returned
self.assertEqual(resp_data['amendment_request'].get('reason'), payload['reason'])
ret.refresh_from_db()
expected_status = 'amendment_required'
self.assertEqual(ret.status, expected_status)
# we should have a pending amendment
pending_amendments = ret.pending_amendments_qs
self.assertEqual(pending_amendments.count(), 1)
pending_amendment = pending_amendments.first()
self.assertEqual(pending_amendment.status, 'requested')
self.assertEqual(pending_amendment.officer, curator)
self.assertEqual(pending_amendment.reason, payload['reason'])
self.assertEqual(pending_amendment.ret, ret)
# an email must have been sent to the applicant
self.assertEqual(len(mail.outbox), 1)
email = mail.outbox[0]
self.assertEqual(len(email.to), 1)
expected_address = ret.licence.profile.email
self.assertEqual(email.to[0], expected_address)
# the email body should contain a link to the edit return page
# due to test environment we cannot use reverse or even host_reverse
expected_url = "/returns/enter-return/{}".format(ret.pk)
self.assertTrue(str(email.body).find(expected_url) > 0)
def test_user_edit_after_amendments(self):
"""
The user can edit and loge (amend) the return
:return:
"""
ret = self._create_lodge_and_amend_return()
self._lodge_reg17_return(ret)
expected_status = 'amended'
self.assertEqual(ret.status, expected_status)
self.assertEqual(ret.pending_amendments_qs.count(), 0)
def test_curate_amended(self):
"""
The officer can curate and accept an amended return
:return:
"""
# create/amend ...
ret = self._create_lodge_and_amend_return()
self._lodge_reg17_return(ret)
expected_status = 'amended'
self.assertEqual(ret.status, expected_status)
self.assertEqual(ret.pending_amendments_qs.count(), 0)
# officer curates: changed the species name
url = reverse('wl_returns:curate_return', args=(ret.pk,))
curator = self.officer
self.client.login(curator.email)
new_species = 'Chubby bat'
data = TEST_VALUES
data['SPECIES_NAME'] = new_species
payload = {
'accept': True
}
for key, value in data.items():
payload['regulation-17::{}'.format(key)] = value
response = self.client.post(url, data=payload)
self.assertRedirects(response, reverse('home'),
status_code=302, target_status_code=200, fetch_redirect_response=False)
ret.refresh_from_db()
expected_status = 'accepted'
self.assertEqual(ret.status, expected_status)
def test_declined_amended(self):
"""
Test decline an amended return
"""
# create/amend ...
ret = self._create_lodge_and_amend_return()
self._lodge_reg17_return(ret)
expected_status = 'amended'
self.assertEqual(ret.status, expected_status)
self.assertEqual(ret.pending_amendments_qs.count(), 0)
url = reverse('wl_returns:curate_return', args=(ret.pk,))
curator = self.officer
self.client.login(curator.email)
payload = {
'decline': True
}
response = self.client.post(url, data=payload)
self.assertRedirects(response, reverse('home'),
status_code=302, target_status_code=200, fetch_redirect_response=False)
ret.refresh_from_db()
expected_status = 'declined'
self.assertEqual(ret.status, expected_status)
class TestViewAccess(TestCase):
fixtures = ['licences.json', 'conditions.json', 'returns.json']
def setUp(self):
self.client = SocialClient()
self.user = get_or_create_default_customer()
self.officer = get_or_create_default_officer()
self.application = app_helpers.create_and_lodge_application(self.user, **{
'data': {
'title': 'My Application'
}
})
self.assessment = app_helpers.get_or_create_assessment(self.application)
self.condition = Condition.objects.first()
self.assessment_condition = AssessmentCondition.objects.create(assessment=self.assessment,
condition=self.condition,
order=1)
self.urls_get = [
reverse('wl_applications:enter_conditions', args=[self.application.pk]),
reverse('wl_applications:search_conditions')
]
self.urls_post = [
{
'url': reverse('wl_applications:create_condition', args=[self.application.pk]),
'data': {
'code': '123488374',
'text': 'condition text'
}
},
{
'url': reverse('wl_applications:set_assessment_condition_state'),
'data': {
'assessmentConditionID': self.assessment_condition.pk,
'acceptanceStatus': 'accepted',
}
},
{
'url': reverse('wl_applications:enter_conditions', args=[self.application.pk]),
'data': {
'conditionID': [self.condition.pk],
}
},
]
def tearDown(self):
self.client.logout()
def test_customer_access(self):
"""
A Customer cannot access any URL
"""
# not logged-in
for url in self.urls_get:
response = self.client.get(url, follow=True)
self.assertTrue(is_login_page(response))
for url in self.urls_post:
response = self.client.post(url['url'], url['data'], follow=True)
self.assertTrue(is_login_page(response))
# logged-in. Should throw a 403 or redirect to login
self.client.login(self.user.email)
for url in self.urls_get:
response = self.client.get(url, follow=True)
if response.status_code != 403:
self.assertRedirects(response, reverse('wl_dashboard:tables_customer'), status_code=302,
target_status_code=200)
for url in self.urls_post:
response = self.client.post(url['url'], url['data'], follow=True)
if response.status_code != 403:
self.assertRedirects(response, reverse('wl_dashboard:tables_customer'), status_code=302,
target_status_code=200)
def test_officer_access(self):
"""
Officer should be able to access any views
"""
self.client.login(self.officer.email)
for url in self.urls_get:
response = self.client.get(url, follow=False)
self.assertEqual(200, response.status_code)
for url in self.urls_post:
response = self.client.post(url['url'], url['data'], follow=True)
self.assertEquals(200, response.status_code)
def test_assessor_access_limited(self):
"""
Test that an assessor cannot edit an assessment that doesn't belong to their group
All accessor can search conditions
"""
assessor = get_or_create_default_assessor()
self.client.login(assessor.email)
# This assessor doesn't belong to a group
self.assertTrue(is_assessor(assessor))
self.assertFalse(get_user_assessor_groups(assessor))
# forbidden
urls_get_forbidden = [
reverse('wl_applications:enter_conditions', args=[self.application.pk]),
reverse('wl_applications:enter_conditions_assessor', args=[self.application.pk, self.assessment.pk]),
]
urls_post_forbidden = [
{
'url': reverse('wl_applications:create_condition', args=[self.application.pk]),
'data': {
'code': '123488374',
'text': 'condition text'
}
},
{
'url': reverse('wl_applications:set_assessment_condition_state'),
'data': {
'assessmentConditionID': self.assessment_condition.pk,
'acceptanceStatus': 'accepted',
}
},
{
'url': reverse('wl_applications:enter_conditions', args=[self.application.pk]),
'data': {
'conditionID': [self.condition.pk],
}
},
{
'url': reverse('wl_applications:enter_conditions_assessor',
args=[self.application.pk, self.assessment.pk]),
'data': {
'conditionID': [self.condition.pk],
}
},
]
# Allowed
urls_get_allowed = [
reverse('wl_applications:search_conditions')
]
urls_post_allowed = [
]
for url in urls_get_forbidden:
response = self.client.get(url, follow=True)
if response.status_code != 403:
self.assertRedirects(response, reverse('wl_dashboard:tables_assessor'), status_code=302,
target_status_code=200)
for url in urls_post_forbidden:
response = self.client.post(url['url'], url['data'], follow=True)
if response.status_code != 403:
self.assertRedirects(response, reverse('wl_dashboard:tables_assessor'), status_code=302,
target_status_code=200)
for url in urls_get_allowed:
response = self.client.get(url, follow=True)
self.assertEqual(200, response.status_code)
for url in urls_post_allowed:
response = self.client.post(url['url'], url['data'], follow=True)
self.assertEqual(200, response.status_code)
def test_assessor_access_normal(self):
"""
Test that an assessor can edit an assessment that belongs to their group
"""
assessor = get_or_create_default_assessor()
self.client.login(assessor.email)
# This assessor doesn't belong to a group
self.assertTrue(is_assessor(assessor))
# add the assessor to the assessment group
self.assertTrue(Assessment.objects.filter(application=self.application).count() > 0)
for assessment in Assessment.objects.filter(application=self.application):
add_assessor_to_assessor_group(assessor, assessment.assessor_group)
# forbidden
urls_get_forbidden = [
reverse('wl_applications:enter_conditions', args=[self.application.pk]),
]
urls_post_forbidden = [
{
'url': reverse('wl_applications:create_condition', args=[self.application.pk]),
'data': {
'code': '123488374',
'text': 'condition text'
}
},
{
'url': reverse('wl_applications:set_assessment_condition_state'),
'data': {
'assessmentConditionID': self.assessment_condition.pk,
'acceptanceStatus': 'accepted',
}
},
{
'url': reverse('wl_applications:enter_conditions', args=[self.application.pk]),
'data': {
'conditionID': [self.condition.pk],
}
},
]
# Allowed
urls_get_allowed = [
reverse('wl_applications:search_conditions'),
reverse('wl_applications:enter_conditions_assessor', args=[self.application.pk, self.assessment.pk]),
]
urls_post_allowed = [
{
'url': reverse('wl_applications:enter_conditions_assessor',
args=[self.application.pk, self.assessment.pk]),
'data': {
'conditionID': [self.condition.pk],
}
},
]
for url in urls_get_forbidden:
response = self.client.get(url, follow=True)
if response.status_code != 403:
self.assertRedirects(response, reverse('wl_dashboard:tables_assessor'), status_code=302,
target_status_code=200)
for url in urls_post_forbidden:
response = self.client.post(url['url'], url['data'], follow=True)
if response.status_code != 403:
self.assertRedirects(response, reverse('wl_dashboard:tables_assessor'), status_code=302,
target_status_code=200)
for url in urls_get_allowed:
response = self.client.get(url, follow=True)
self.assertEqual(200, response.status_code)
for url in urls_post_allowed:
response = self.client.post(url['url'], url['data'], follow=True)
self.assertEqual(200, response.status_code)