You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

140 lines
5.5 KiB

  1. from django.conf import settings
  2. from django.test import TestCase
  3. from django.core.exceptions import ValidationError
  4. from rest_framework import status
  5. from rest_framework.reverse import reverse
  6. from model_mommy import mommy
  7. from roles.models import Role
  8. from members.models import Member
  9. from api.tests.api.utils import (CRUDMixin, prepare_project, make_user)
  10. class TestMemberListAPI(CRUDMixin):
  11. def setUp(self):
  12. self.project = prepare_project()
  13. self.non_member = make_user()
  14. admin_role = Role.objects.get(name=settings.ROLE_PROJECT_ADMIN)
  15. self.data = {'user': self.non_member.id, 'role': admin_role.id, 'project': self.project.item.id}
  16. self.url = reverse(viewname='member_list', args=[self.project.item.id])
  17. def test_allows_project_admin_to_know_members(self):
  18. self.assert_fetch(self.project.users[0], status.HTTP_200_OK)
  19. def test_denies_non_project_admin_to_know_members(self):
  20. for member in self.project.users[1:]:
  21. self.assert_fetch(member, status.HTTP_403_FORBIDDEN)
  22. def test_denies_non_project_member_to_know_members(self):
  23. self.assert_fetch(self.non_member, status.HTTP_403_FORBIDDEN)
  24. def test_denies_unauthenticated_user_to_known_members(self):
  25. self.assert_fetch(expected=status.HTTP_403_FORBIDDEN)
  26. def test_allows_project_admin_to_add_member(self):
  27. self.assert_create(self.project.users[0], status.HTTP_201_CREATED)
  28. def test_denies_non_project_admin_to_add_member(self):
  29. for member in self.project.users[1:]:
  30. self.assert_create(member, status.HTTP_403_FORBIDDEN)
  31. def test_denies_non_project_member_to_add_member(self):
  32. self.assert_create(self.non_member, status.HTTP_403_FORBIDDEN)
  33. def test_denies_unauthenticated_user_to_add_member(self):
  34. self.assert_create(expected=status.HTTP_403_FORBIDDEN)
  35. def assert_bulk_delete(self, user=None, expected=status.HTTP_403_FORBIDDEN):
  36. if user:
  37. self.client.force_login(user)
  38. ids = [item.id for item in self.project.item.role_mappings.all()]
  39. response = self.client.delete(self.url, data={'ids': ids}, format='json')
  40. self.assertEqual(response.status_code, expected)
  41. def test_allows_project_admin_to_remove_members(self):
  42. self.assert_bulk_delete(self.project.users[0], status.HTTP_204_NO_CONTENT)
  43. response = self.client.get(self.url)
  44. self.assertEqual(len(response.data), 1)
  45. def test_denies_non_project_admin_to_remove_members(self):
  46. for member in self.project.users[1:]:
  47. self.assert_bulk_delete(member, status.HTTP_403_FORBIDDEN)
  48. def test_denies_non_project_member_to_remove_members(self):
  49. self.assert_bulk_delete(self.non_member, status.HTTP_403_FORBIDDEN)
  50. def test_denies_unauthenticated_user_to_remove_members(self):
  51. self.assert_bulk_delete(expected=status.HTTP_403_FORBIDDEN)
  52. class TestMemberRoleDetailAPI(CRUDMixin):
  53. def setUp(self):
  54. self.project = prepare_project()
  55. self.non_member = make_user()
  56. admin_role = Role.objects.get(name=settings.ROLE_PROJECT_ADMIN)
  57. member = Member.objects.get(user=self.project.users[1])
  58. self.url = reverse(viewname='member_detail', args=[self.project.item.id, member.id])
  59. self.data = {'role': admin_role.id}
  60. def test_allows_project_admin_to_known_member(self):
  61. self.assert_fetch(self.project.users[0], status.HTTP_200_OK)
  62. def test_denies_non_project_admin_to_know_member(self):
  63. for member in self.project.users[1:]:
  64. self.assert_fetch(member, status.HTTP_403_FORBIDDEN)
  65. def test_denies_non_project_member_to_know_member(self):
  66. self.assert_fetch(self.non_member, status.HTTP_403_FORBIDDEN)
  67. def test_denies_unauthenticated_user_to_know_member(self):
  68. self.assert_fetch(expected=status.HTTP_403_FORBIDDEN)
  69. def test_allows_project_admin_to_change_member_role(self):
  70. self.assert_update(self.project.users[0], status.HTTP_200_OK)
  71. def test_denies_non_project_admin_to_change_member_role(self):
  72. for member in self.project.users[1:]:
  73. self.assert_update(member, status.HTTP_403_FORBIDDEN)
  74. def test_denies_non_project_member_to_change_member_role(self):
  75. self.assert_update(self.non_member, status.HTTP_403_FORBIDDEN)
  76. def test_denies_unauthenticated_user_to_change_member_role(self):
  77. self.assert_update(expected=status.HTTP_403_FORBIDDEN)
  78. class TestMemberFilter(CRUDMixin):
  79. def setUp(self):
  80. self.project = prepare_project()
  81. self.url = reverse(viewname='member_list', args=[self.project.item.id])
  82. self.url += f'?user={self.project.users[0].id}'
  83. def test_filter_role_by_user_id(self):
  84. response = self.assert_fetch(self.project.users[0], status.HTTP_200_OK)
  85. self.assertEqual(len(response.data), 1)
  86. class TestMemberManager(CRUDMixin):
  87. def test_has_role(self):
  88. project = prepare_project()
  89. admin = project.users[0]
  90. expected = [
  91. (settings.ROLE_PROJECT_ADMIN, True),
  92. (settings.ROLE_ANNOTATION_APPROVER, False),
  93. (settings.ROLE_ANNOTATOR, False)
  94. ]
  95. for role, expect in expected:
  96. self.assertEqual(Member.objects.has_role(project.item, admin, role), expect)
  97. class TestMember(TestCase):
  98. def test_clean(self):
  99. member = mommy.make('Member')
  100. same_user = Member(project=member.project, user=member.user, role=member.role)
  101. with self.assertRaises(ValidationError):
  102. same_user.clean()