1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
|
import pytest
from django.contrib.auth import get_user_model
from django.contrib.auth.models import Group, Permission
from django.test import RequestFactory
from django.urls import reverse
from ctrack.caf.tests.factories import PersonFactory
from ctrack.organisations.tests.factories import (
OrganisationFactory,
SingleDateTimeEventFactory,
)
from ctrack.organisations.views import IncidentReportCreateView, OrganisationDetailView
from ..utils import filter_private_events
from ..views import OrganisationListView
pytestmark = pytest.mark.django_db
def test_organisation_by_inspector_view(inspector1, inspector2, client, submode):
org = OrganisationFactory(submode=submode, lead_inspector=inspector1, deputy_lead_inspector=inspector2)
client.force_login(inspector1)
response = client.get(reverse("organisations:list_by_inspector", args=[inspector1.id]))
assert response.status_code == 200
def test_meetings_in_organisation_detail_view(user, client, org_with_people):
org_list_permission = Permission.objects.get(name="Can view organisation")
assert user.user_permissions.count() == 0
user.user_permissions.add(org_list_permission)
assert user.has_perm("organisations.view_organisation")
user.save()
person = org_with_people.person_set.first()
e1 = SingleDateTimeEventFactory.create(
type_descriptor="MEETING", short_description="First Meeting"
)
e2 = SingleDateTimeEventFactory.create(
type_descriptor="MEETING", short_description="Second Meeting"
)
e1.participants.add(person)
e1.save()
e2.participants.add(person)
e2.save()
client.force_login(user)
response = client.get(
reverse("organisations:detail", kwargs={"slug": org_with_people.slug})
)
assert response.status_code == 200
html = response.content.decode("utf-8")
assert "First Meeting" in html
def test_private_event_filter(user, org_with_people):
"""
In this test we are creating five events, using two different users.
Each event will be set to either private or not private. We are testing
a function that will only allow private notes belonging to the logged in,
or request.user user to be added to the view context. The context is not
referred to here - only the utility function under test. The output from
that filter function will go forward into the view context.
"""
person = org_with_people.person_set.first()
e1_user = SingleDateTimeEventFactory(
type_descriptor="MEETING",
short_description="First Event with user",
private=True,
user=user,
)
e2_user = SingleDateTimeEventFactory(
type_descriptor="MEETING",
short_description="Second Event with user",
private=False,
user=user,
)
e3_user = SingleDateTimeEventFactory(
type_descriptor="MEETING",
short_description="Third Event with user",
private=True,
user=user,
)
e1_user.participants.add(person)
e1_user.save()
e2_user.participants.add(person)
e2_user.save()
e3_user.participants.add(person)
e3_user.save()
user2 = get_user_model().objects.create(username="sam", email="asd@asdsd.com", password="123")
e1_user2 = SingleDateTimeEventFactory(
type_descriptor="MEETING",
short_description="First Event with user2",
private=False,
user=user2,
)
e2_user2 = SingleDateTimeEventFactory(
type_descriptor="MEETING",
short_description="Second Event with user2",
private=True,
user=user2,
)
e1_user2.participants.add(person)
e1_user2.save()
e2_user2.participants.add(person)
e2_user2.save()
# This user needs permission to access the list view
org_list_permission = Permission.objects.get(name="Can view organisation")
assert user.user_permissions.count() == 0
user.user_permissions.add(org_list_permission)
assert user.has_perm("organisations.view_organisation")
user.save()
factory = RequestFactory()
request = factory.get(reverse("organisations:detail", args=[org_with_people.slug]))
request.user = user
response = OrganisationDetailView.as_view()(request, slug=org_with_people.slug)
assert response.status_code == 200
events = person.get_single_datetime_events()
assert events.count() == 5
assert len(filter_private_events(events, user2)) == 3
def test_logged_in_user_can_only_see_their_private_events(
user, org_with_people, client
):
org_list_permission = Permission.objects.get(name="Can view organisation")
assert user.user_permissions.count() == 0
user.user_permissions.add(org_list_permission)
assert user.has_perm("organisations.view_organisation")
user.save()
person = org_with_people.person_set.first()
# This user creates three events
e1 = SingleDateTimeEventFactory(
type_descriptor="MEETING",
short_description="First Event",
private=True,
user=user,
)
e2 = SingleDateTimeEventFactory(
type_descriptor="MEETING",
short_description="Second Event",
private=False,
user=user,
)
e3 = SingleDateTimeEventFactory(
type_descriptor="MEETING",
short_description="Third Event",
private=True,
user=user,
)
e1.participants.add(person)
e1.save()
e2.participants.add(person)
e2.save()
e3.participants.add(person)
e3.save()
response = client.get(
reverse("organisations:detail", kwargs={"slug": org_with_people.slug})
)
assert response.status_code == 200
html = response.content.decode("utf-8")
assert "First Event" in html
assert "Second Event" in html
assert "Third Event" in html
assert "PRIVATE" in html
# A second user adds events based on this person/organisation
user2 = get_user_model().objects.create(
username="bobbins", email="bobbins@gog.com", password="bobbins123345"
)
user2.user_permissions.add(org_list_permission)
assert user2.has_perm("organisations.view_organisation")
user2.save()
client.logout()
client.force_login(user2)
response2 = client.get(
reverse("organisations:detail", kwargs={"slug": org_with_people.slug})
)
html2 = response2.content.decode("utf-8")
assert response2.status_code == 200
# They should not be able to see First Event which was created by another
# user and marked private.
assert "First Event" not in html2
assert "Second Event" in html2
assert "Third Event" not in html2
# https://docs.djangoproject.com/en/3.0/topics/testing/advanced/#example
def test_organisation_list_view():
OrganisationFactory.create()
OrganisationFactory.create()
OrganisationFactory.create()
factory = RequestFactory()
user = get_user_model().objects.create_user(
username="testy", email="testy@test.com", password="test1020"
)
# This user needs permission to acccess the list view
org_list_permission = Permission.objects.get(name="Can view organisation")
assert user.user_permissions.count() == 0
user.user_permissions.add(org_list_permission)
assert user.has_perm("organisations.view_organisation")
user.save()
request = factory.get("/organisations")
request.user = user
response = OrganisationListView.as_view()(request)
assert response.status_code == 200
assert len(response.context_data["organisation_list"]) == 3
def test_only_member_of_cct_user_group_can_view_org_list():
OrganisationFactory.create()
OrganisationFactory.create()
OrganisationFactory.create()
group = Group.objects.create(name="cct_user")
factory = RequestFactory()
user = get_user_model().objects.create_user(
username="testy", email="testy@test.com", password="test1020"
)
user.groups.add(group)
org_list_permission = Permission.objects.get(name="Can view organisation")
group.permissions.add(org_list_permission)
# They get this permisson via the cct_user group
assert user.has_perm("organisations.view_organisation")
def test_incident_report_create_view(stakeholder_user):
org = OrganisationFactory.create()
factory = RequestFactory()
request = factory.get(f"{org.name}/create-incident-report")
request.user = stakeholder_user
response = IncidentReportCreateView.as_view()(request, org.slug)
assert response.status_code == 200
def test_only_member_of_cct_user_group_can_view_a_single_person(
stakeholder_user, org_with_people, client, role, submode
):
PersonFactory.create(
role=role,
predecessor=None,
organisation__submode=submode,
organisation=org_with_people,
)
PersonFactory.create(
role=role,
predecessor=None,
organisation__submode=submode,
organisation=org_with_people,
)
group = Group.objects.create(name="cct_user")
stakeholder_user.groups.add(group)
person_list_permission = Permission.objects.get(name="Can view person")
group.permissions.add(person_list_permission)
client.force_login(stakeholder_user)
response = client.get(reverse("organisations:people"))
# They get this permisson via the cct_user group
assert stakeholder_user.has_perm("organisations.view_person")
assert response.status_code == 200
|
