import pytest from django.contrib.auth import get_user_model from django.contrib.auth.models import Group, Permission from django.test import RequestFactory from django.urls import reverse from ctrack.caf.tests.factories import PersonFactory from ctrack.organisations.tests.factories import ( OrganisationFactory, SingleDateTimeEventFactory, ) from ctrack.organisations.views import IncidentReportCreateView, OrganisationDetailView, oes_list from ..utils import filter_private_events from ..views import OrganisationListView pytestmark = pytest.mark.django_db def test_organisation_by_inspector_view(inspector1, inspector2, client, submode): org = OrganisationFactory(submode=submode, lead_inspector=inspector1, deputy_lead_inspector=inspector2) client.force_login(inspector1) response = client.get(reverse("organisations:list_by_inspector", args=[inspector1.id])) assert response.status_code == 200 def test_meetings_in_organisation_detail_view(user, client, org_with_people): org_list_permission = Permission.objects.get(name="Can view organisation") assert user.user_permissions.count() == 0 user.user_permissions.add(org_list_permission) assert user.has_perm("organisations.view_organisation") user.save() person = org_with_people.person_set.first() e1 = SingleDateTimeEventFactory.create( type_descriptor="MEETING", short_description="First Meeting" ) e2 = SingleDateTimeEventFactory.create( type_descriptor="MEETING", short_description="Second Meeting" ) e1.participants.add(person) e1.save() e2.participants.add(person) e2.save() client.force_login(user) response = client.get( reverse("organisations:detail", kwargs={"slug": org_with_people.slug}) ) assert response.status_code == 200 html = response.content.decode("utf-8") assert "First Meeting" in html def test_private_event_filter(user, org_with_people): """ In this test we are creating five events, using two different users. Each event will be set to either private or not private. We are testing a function that will only allow private notes belonging to the logged in, or request.user user to be added to the view context. The context is not referred to here - only the utility function under test. The output from that filter function will go forward into the view context. """ person = org_with_people.person_set.first() e1_user = SingleDateTimeEventFactory( type_descriptor="MEETING", short_description="First Event with user", private=True, user=user, ) e2_user = SingleDateTimeEventFactory( type_descriptor="MEETING", short_description="Second Event with user", private=False, user=user, ) e3_user = SingleDateTimeEventFactory( type_descriptor="MEETING", short_description="Third Event with user", private=True, user=user, ) e1_user.participants.add(person) e1_user.save() e2_user.participants.add(person) e2_user.save() e3_user.participants.add(person) e3_user.save() user2 = get_user_model().objects.create(username="sam", email="asd@asdsd.com", password="123") e1_user2 = SingleDateTimeEventFactory( type_descriptor="MEETING", short_description="First Event with user2", private=False, user=user2, ) e2_user2 = SingleDateTimeEventFactory( type_descriptor="MEETING", short_description="Second Event with user2", private=True, user=user2, ) e1_user2.participants.add(person) e1_user2.save() e2_user2.participants.add(person) e2_user2.save() # This user needs permission to access the list view org_list_permission = Permission.objects.get(name="Can view organisation") assert user.user_permissions.count() == 0 user.user_permissions.add(org_list_permission) assert user.has_perm("organisations.view_organisation") user.save() factory = RequestFactory() request = factory.get(reverse("organisations:detail", args=[org_with_people.slug])) request.user = user response = OrganisationDetailView.as_view()(request, slug=org_with_people.slug) assert response.status_code == 200 events = person.get_single_datetime_events() assert events.count() == 5 assert len(filter_private_events(events, user2)) == 3 def test_logged_in_user_can_only_see_their_private_events( user, org_with_people, client ): org_list_permission = Permission.objects.get(name="Can view organisation") assert user.user_permissions.count() == 0 user.user_permissions.add(org_list_permission) assert user.has_perm("organisations.view_organisation") user.save() person = org_with_people.person_set.first() # This user creates three events e1 = SingleDateTimeEventFactory( type_descriptor="MEETING", short_description="First Event", private=True, user=user, ) e2 = SingleDateTimeEventFactory( type_descriptor="MEETING", short_description="Second Event", private=False, user=user, ) e3 = SingleDateTimeEventFactory( type_descriptor="MEETING", short_description="Third Event", private=True, user=user, ) e1.participants.add(person) e1.save() e2.participants.add(person) e2.save() e3.participants.add(person) e3.save() response = client.get( reverse("organisations:detail", kwargs={"slug": org_with_people.slug}) ) assert response.status_code == 200 html = response.content.decode("utf-8") assert "First Event" in html assert "Second Event" in html assert "Third Event" in html assert "PRIVATE" in html # A second user adds events based on this person/organisation user2 = get_user_model().objects.create( username="bobbins", email="bobbins@gog.com", password="bobbins123345" ) user2.user_permissions.add(org_list_permission) assert user2.has_perm("organisations.view_organisation") user2.save() client.logout() client.force_login(user2) response2 = client.get( reverse("organisations:detail", kwargs={"slug": org_with_people.slug}) ) html2 = response2.content.decode("utf-8") assert response2.status_code == 200 # They should not be able to see First Event which was created by another # user and marked private. assert "First Event" not in html2 assert "Second Event" in html2 assert "Third Event" not in html2 # https://docs.djangoproject.com/en/3.0/topics/testing/advanced/#example def test_organisation_list_view(): OrganisationFactory.create() OrganisationFactory.create() OrganisationFactory.create() factory = RequestFactory() user = get_user_model().objects.create_user( username="testy", email="testy@test.com", password="test1020" ) # This user needs permission to acccess the list view org_list_permission = Permission.objects.get(name="Can view organisation") assert user.user_permissions.count() == 0 user.user_permissions.add(org_list_permission) assert user.has_perm("organisations.view_organisation") user.save() request = factory.get("/organisations") request.user = user response = OrganisationListView.as_view()(request) assert response.status_code == 200 assert len(response.context_data["organisation_list"]) == 3 def test_oes_list_view(): OrganisationFactory.create(oes=True) OrganisationFactory.create(oes=True) OrganisationFactory.create(oes=True) factory = RequestFactory() user = get_user_model().objects.create_user( username="testy", email="testy@test.com", password="test1020" ) # This user needs permission to acccess the list view org_list_permission = Permission.objects.get(name="Can view organisation") assert user.user_permissions.count() == 0 user.user_permissions.add(org_list_permission) assert user.has_perm("organisations.view_organisation") user.save() request = factory.get("/organisations/oes") request.user = user response = oes_list(request) assert response.status_code == 200 html = response.content.decode("utf-8") assert "OES" in html def test_only_member_of_cct_user_group_can_view_org_list(): OrganisationFactory.create() OrganisationFactory.create() OrganisationFactory.create() group = Group.objects.create(name="cct_user") factory = RequestFactory() user = get_user_model().objects.create_user( username="testy", email="testy@test.com", password="test1020" ) user.groups.add(group) org_list_permission = Permission.objects.get(name="Can view organisation") group.permissions.add(org_list_permission) # They get this permisson via the cct_user group assert user.has_perm("organisations.view_organisation") def test_incident_report_create_view(stakeholder_user): org = OrganisationFactory.create() factory = RequestFactory() request = factory.get(f"{org.name}/create-incident-report") request.user = stakeholder_user response = IncidentReportCreateView.as_view()(request, org.slug) assert response.status_code == 200 def test_only_member_of_cct_user_group_can_view_a_single_person( stakeholder_user, org_with_people, client, role, submode ): PersonFactory.create( role=role, predecessor=None, organisation__submode=submode, organisation=org_with_people, ) PersonFactory.create( role=role, predecessor=None, organisation__submode=submode, organisation=org_with_people, ) group = Group.objects.create(name="cct_user") stakeholder_user.groups.add(group) person_list_permission = Permission.objects.get(name="Can view person") group.permissions.add(person_list_permission) client.force_login(stakeholder_user) response = client.get(reverse("organisations:people")) # They get this permisson via the cct_user group assert stakeholder_user.has_perm("organisations.view_person") assert response.status_code == 200