You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

131 lines
5.1 KiB

  1. from django.conf import settings
  2. from rest_framework import status
  3. from rest_framework.reverse import reverse
  4. from roles.models import Role
  5. from .models import Member
  6. from api.tests.api.utils import (CRUDMixin, prepare_project, make_user)
  7. class TestMemberListAPI(CRUDMixin):
  8. def setUp(self):
  9. self.project = prepare_project()
  10. self.non_member = make_user()
  11. admin_role = Role.objects.get(name=settings.ROLE_PROJECT_ADMIN)
  12. self.data = {'user': self.non_member.id, 'role': admin_role.id, 'project': self.project.item.id}
  13. self.url = reverse(viewname='member_list', args=[self.project.item.id])
  14. def test_allows_project_admin_to_get_mappings(self):
  15. self.assert_fetch(self.project.users[0], status.HTTP_200_OK)
  16. def test_denies_non_project_admin_to_get_mappings(self):
  17. for member in self.project.users[1:]:
  18. self.assert_fetch(member, status.HTTP_403_FORBIDDEN)
  19. def test_denies_non_project_member_to_get_mappings(self):
  20. self.assert_fetch(self.non_member, status.HTTP_403_FORBIDDEN)
  21. def test_denies_unauthenticated_user_to_get_mappings(self):
  22. self.assert_fetch(expected=status.HTTP_403_FORBIDDEN)
  23. def test_allows_project_admin_to_create_mapping(self):
  24. self.assert_create(self.project.users[0], status.HTTP_201_CREATED)
  25. def test_denies_non_project_admin_to_create_mapping(self):
  26. for member in self.project.users[1:]:
  27. self.assert_create(member, status.HTTP_403_FORBIDDEN)
  28. def test_denies_non_project_member_to_create_mapping(self):
  29. self.assert_create(self.non_member, status.HTTP_403_FORBIDDEN)
  30. def test_denies_unauthenticated_user_to_create_mapping(self):
  31. self.assert_create(expected=status.HTTP_403_FORBIDDEN)
  32. def assert_bulk_delete(self, user=None, expected=status.HTTP_403_FORBIDDEN):
  33. if user:
  34. self.client.force_login(user)
  35. ids = [item.id for item in self.project.item.role_mappings.all()]
  36. response = self.client.delete(self.url, data={'ids': ids}, format='json')
  37. self.assertEqual(response.status_code, expected)
  38. def test_allows_project_admin_to_bulk_delete(self):
  39. self.assert_bulk_delete(self.project.users[0], status.HTTP_204_NO_CONTENT)
  40. response = self.client.get(self.url)
  41. self.assertEqual(len(response.data), 1)
  42. def test_denies_non_project_admin_to_bulk_delete(self):
  43. for member in self.project.users[1:]:
  44. self.assert_bulk_delete(member, status.HTTP_403_FORBIDDEN)
  45. def test_denies_non_project_member_to_bulk_delete(self):
  46. self.assert_bulk_delete(self.non_member, status.HTTP_403_FORBIDDEN)
  47. def test_denies_unauthenticated_user_to_bulk_delete(self):
  48. self.assert_bulk_delete(expected=status.HTTP_403_FORBIDDEN)
  49. class TestMemberRoleDetailAPI(CRUDMixin):
  50. def setUp(self):
  51. self.project = prepare_project()
  52. self.non_member = make_user()
  53. admin_role = Role.objects.get(name=settings.ROLE_PROJECT_ADMIN)
  54. mapping = Member.objects.get(user=self.project.users[1])
  55. self.url = reverse(viewname='member_detail', args=[self.project.item.id, mapping.id])
  56. self.data = {'role': admin_role.id}
  57. def test_allows_project_admin_to_get_mapping(self):
  58. self.assert_fetch(self.project.users[0], status.HTTP_200_OK)
  59. def test_denies_non_project_admin_to_get_mapping(self):
  60. for member in self.project.users[1:]:
  61. self.assert_fetch(member, status.HTTP_403_FORBIDDEN)
  62. def test_denies_non_project_member_to_get_mapping(self):
  63. self.assert_fetch(self.non_member, status.HTTP_403_FORBIDDEN)
  64. def test_denies_unauthenticated_user_to_get_mapping(self):
  65. self.assert_fetch(expected=status.HTTP_403_FORBIDDEN)
  66. def test_allows_project_admin_to_update_mapping(self):
  67. self.assert_update(self.project.users[0], status.HTTP_200_OK)
  68. def test_denies_non_project_admin_to_update_mapping(self):
  69. for member in self.project.users[1:]:
  70. self.assert_update(member, status.HTTP_403_FORBIDDEN)
  71. def test_denies_non_project_member_to_update_mapping(self):
  72. self.assert_update(self.non_member, status.HTTP_403_FORBIDDEN)
  73. def test_denies_unauthenticated_user_to_update_mapping(self):
  74. self.assert_update(expected=status.HTTP_403_FORBIDDEN)
  75. class TestMemberFilter(CRUDMixin):
  76. def setUp(self):
  77. self.project = prepare_project()
  78. self.url = reverse(viewname='member_list', args=[self.project.item.id])
  79. self.url += f'?user={self.project.users[0].id}'
  80. def test_filter_role_by_user_id(self):
  81. response = self.assert_fetch(self.project.users[0], status.HTTP_200_OK)
  82. self.assertEqual(len(response.data), 1)
  83. class TestMemberManager(CRUDMixin):
  84. def setUp(self):
  85. pass
  86. def test_has_role(self):
  87. project = prepare_project()
  88. admin = project.users[0]
  89. expected = [
  90. (settings.ROLE_PROJECT_ADMIN, True),
  91. (settings.ROLE_ANNOTATION_APPROVER, False),
  92. (settings.ROLE_ANNOTATOR, False)
  93. ]
  94. for role, expect in expected:
  95. self.assertEqual(Member.objects.has_role(project.item, admin, role), expect)