aboutsummaryrefslogblamecommitdiffstats
path: root/ctrack/organisations/tests/test_views.py
blob: a567fab41ade964fe262011a4fbf5b126b9dcdd0 (plain) (tree)
1
2
3
4
5
6
7
8
9
10
11

                                              
                                                        
                                      
                               
 
                                                    



                                                  

                                                                                       




                                        























                                                                              

 




































































































































                                                                                                  
                                                                        
                                  



                                



                                                                     





                                                                              




                                                               

 
                                                           
















                                                                              
                                                       


                                                               
                                   
                                                                    
                                      


                                                                
                                                            
  

























                                                                           
import pytest
from django.contrib.auth import get_user_model
from django.contrib.auth.models import Group, Permission
from django.test import RequestFactory
from django.urls import reverse

from ctrack.caf.tests.factories import PersonFactory
from ctrack.organisations.tests.factories import (
    OrganisationFactory,
    SingleDateTimeEventFactory,
)
from ctrack.organisations.views import IncidentReportCreateView, OrganisationDetailView
from ..utils import filter_private_events
from ..views import OrganisationListView

pytestmark = pytest.mark.django_db


def test_meetings_in_organisation_detail_view(user, client, org_with_people):
    org_list_permission = Permission.objects.get(name="Can view organisation")
    assert user.user_permissions.count() == 0
    user.user_permissions.add(org_list_permission)
    assert user.has_perm("organisations.view_organisation")
    user.save()
    person = org_with_people.person_set.first()
    e1 = SingleDateTimeEventFactory.create(
        type_descriptor="MEETING", short_description="First Meeting"
    )
    e2 = SingleDateTimeEventFactory.create(
        type_descriptor="MEETING", short_description="Second Meeting"
    )
    e1.participants.add(person)
    e1.save()
    e2.participants.add(person)
    e2.save()
    client.force_login(user)
    response = client.get(
        reverse("organisations:detail", kwargs={"slug": org_with_people.slug})
    )
    assert response.status_code == 200
    html = response.content.decode("utf-8")
    assert "First Meeting" in html


def test_private_event_filter(user, org_with_people):
    """
    In this test we are creating five events, using two different users.
    Each event will be set to either private or not private. We are testing
    a function that will only allow private notes belonging to the logged in,
    or request.user user to be added to the view context. The context is not
    referred to here - only the utility function under test. The output from
    that filter function will go forward into the view context.
    """
    person = org_with_people.person_set.first()
    e1_user = SingleDateTimeEventFactory(
        type_descriptor="MEETING",
        short_description="First Event with user",
        private=True,
        user=user,
    )
    e2_user = SingleDateTimeEventFactory(
        type_descriptor="MEETING",
        short_description="Second Event with user",
        private=False,
        user=user,
    )
    e3_user = SingleDateTimeEventFactory(
        type_descriptor="MEETING",
        short_description="Third Event with user",
        private=True,
        user=user,
    )
    e1_user.participants.add(person)
    e1_user.save()
    e2_user.participants.add(person)
    e2_user.save()
    e3_user.participants.add(person)
    e3_user.save()
    user2 = get_user_model().objects.create(username="sam", email="asd@asdsd.com", password="123")
    e1_user2 = SingleDateTimeEventFactory(
        type_descriptor="MEETING",
        short_description="First Event with user2",
        private=False,
        user=user2,
    )
    e2_user2 = SingleDateTimeEventFactory(
        type_descriptor="MEETING",
        short_description="Second Event with user2",
        private=True,
        user=user2,
    )
    e1_user2.participants.add(person)
    e1_user2.save()
    e2_user2.participants.add(person)
    e2_user2.save()
    # This user needs permission to access the list view
    org_list_permission = Permission.objects.get(name="Can view organisation")
    assert user.user_permissions.count() == 0
    user.user_permissions.add(org_list_permission)
    assert user.has_perm("organisations.view_organisation")
    user.save()
    factory = RequestFactory()
    request = factory.get(reverse("organisations:detail", args=[org_with_people.slug]))
    request.user = user
    response = OrganisationDetailView.as_view()(request, slug=org_with_people.slug)
    assert response.status_code == 200
    events = person.get_single_datetime_events()
    assert events.count() == 5
    assert len(filter_private_events(events, user2)) == 3


def test_logged_in_user_can_only_see_their_private_events(
    user, org_with_people, client
):
    org_list_permission = Permission.objects.get(name="Can view organisation")
    assert user.user_permissions.count() == 0
    user.user_permissions.add(org_list_permission)
    assert user.has_perm("organisations.view_organisation")
    user.save()
    person = org_with_people.person_set.first()

    # This user creates three events
    e1 = SingleDateTimeEventFactory(
        type_descriptor="MEETING",
        short_description="First Event",
        private=True,
        user=user,
    )
    e2 = SingleDateTimeEventFactory(
        type_descriptor="MEETING",
        short_description="Second Event",
        private=False,
        user=user,
    )
    e3 = SingleDateTimeEventFactory(
        type_descriptor="MEETING",
        short_description="Third Event",
        private=True,
        user=user,
    )
    e1.participants.add(person)
    e1.save()
    e2.participants.add(person)
    e2.save()
    e3.participants.add(person)
    e3.save()
    response = client.get(
        reverse("organisations:detail", kwargs={"slug": org_with_people.slug})
    )
    assert response.status_code == 200
    html = response.content.decode("utf-8")
    assert "First Event" in html
    assert "Second Event" in html
    assert "Third Event" in html
    assert "PRIVATE" in html

    # A second user adds events based on this person/organisation
    user2 = get_user_model().objects.create(
        username="bobbins", email="bobbins@gog.com", password="bobbins123345"
    )
    user2.user_permissions.add(org_list_permission)
    assert user2.has_perm("organisations.view_organisation")
    user2.save()
    client.logout()
    client.force_login(user2)
    response2 = client.get(
        reverse("organisations:detail", kwargs={"slug": org_with_people.slug})
    )
    html2 = response2.content.decode("utf-8")
    assert response2.status_code == 200
    # They should not be able to see First Event which was created by another
    # user and marked private.
    assert "First Event" not in html2
    assert "Second Event" in html2
    assert "Third Event" not in html2


# https://docs.djangoproject.com/en/3.0/topics/testing/advanced/#example
def test_organisation_list_view():
    OrganisationFactory.create()
    OrganisationFactory.create()
    OrganisationFactory.create()

    factory = RequestFactory()
    user = get_user_model().objects.create_user(
        username="testy", email="testy@test.com", password="test1020"
    )
    # This user needs permission to acccess the list view
    org_list_permission = Permission.objects.get(name="Can view organisation")
    assert user.user_permissions.count() == 0
    user.user_permissions.add(org_list_permission)
    assert user.has_perm("organisations.view_organisation")
    user.save()
    request = factory.get("/organisations")
    request.user = user
    response = OrganisationListView.as_view()(request)
    assert response.status_code == 200
    assert len(response.context_data["organisation_list"]) == 3


def test_only_member_of_cct_user_group_can_view_org_list():
    OrganisationFactory.create()
    OrganisationFactory.create()
    OrganisationFactory.create()

    group = Group.objects.create(name="cct_user")

    factory = RequestFactory()
    user = get_user_model().objects.create_user(
        username="testy", email="testy@test.com", password="test1020"
    )
    user.groups.add(group)
    org_list_permission = Permission.objects.get(name="Can view organisation")
    group.permissions.add(org_list_permission)
    # They get this permisson via the cct_user group
    assert user.has_perm("organisations.view_organisation")


def test_incident_report_create_view(stakeholder_user):
    org = OrganisationFactory.create()
    factory = RequestFactory()
    request = factory.get(f"{org.name}/create-incident-report")
    request.user = stakeholder_user
    response = IncidentReportCreateView.as_view()(request, org.slug)
    assert response.status_code == 200


def test_only_member_of_cct_user_group_can_view_a_single_person(
    stakeholder_user, org_with_people, client, role, submode
):
    PersonFactory.create(
        role=role,
        predecessor=None,
        organisation__submode=submode,
        organisation=org_with_people,
    )
    PersonFactory.create(
        role=role,
        predecessor=None,
        organisation__submode=submode,
        organisation=org_with_people,
    )
    group = Group.objects.create(name="cct_user")

    stakeholder_user.groups.add(group)

    person_list_permission = Permission.objects.get(name="Can view person")
    group.permissions.add(person_list_permission)

    client.force_login(stakeholder_user)

    response = client.get(reverse("organisations:people"))

    # They get this permisson via the cct_user group
    assert stakeholder_user.has_perm("organisations.view_person")
    assert response.status_code == 200