public/coins-demo
1
0
Fork 0
Code Issues Pull requests Releases Wiki Activity
coins-demo/todo/tests/test_views.py
Scot Hacker 3ecf4e58cb Change default list identifier
2018-04-05 22:46:58 -07:00

164 lines
5.6 KiB
Python
Raw Blame History

import pytest
from django.contrib.auth.models import Group
from django.urls import reverse
from todo.models import Task, TaskList
"""
First the "smoketests" - do they respond at all for a logged in admin user?
Next permissions tests - some views should respond for staffers only.
After that, view contents and behaviors.
"""
# ### SMOKETESTS ###
@pytest.mark.django_db
def test_todo_setup(todo_setup):
assert Task.objects.all().count() == 6
def test_view_list_lists(todo_setup, admin_client):
url = reverse('todo:lists')
response = admin_client.get(url)
assert response.status_code == 200
def test_view_reorder(todo_setup, admin_client):
url = reverse('todo:reorder_tasks')
response = admin_client.get(url)
assert response.status_code == 201 # Special case return value expected
def test_view_external_add(todo_setup, admin_client, settings):
default_list = TaskList.objects.first()
settings.TODO_DEFAULT_LIST_SLUG = default_list.slug
assert settings.TODO_DEFAULT_LIST_SLUG == default_list.slug
url = reverse('todo:external_add')
response = admin_client.get(url)
assert response.status_code == 200
def test_view_mine(todo_setup, admin_client):
url = reverse('todo:mine')
response = admin_client.get(url)
assert response.status_code == 200
def test_view_list_completed(todo_setup, admin_client):
tlist = TaskList.objects.get(slug="zip")
url = reverse('todo:list_detail_completed', kwargs={'list_id': tlist.id, 'list_slug': tlist.slug})
response = admin_client.get(url)
assert response.status_code == 200
def test_view_list(todo_setup, admin_client):
tlist = TaskList.objects.get(slug="zip")
url = reverse('todo:list_detail', kwargs={'list_id': tlist.id, 'list_slug': tlist.slug})
response = admin_client.get(url)
assert response.status_code == 200
def test_del_list(todo_setup, admin_client):
tlist = TaskList.objects.get(slug="zip")
url = reverse('todo:del_list', kwargs={'list_id': tlist.id, 'list_slug': tlist.slug})
response = admin_client.get(url)
assert response.status_code == 200
def test_view_add_list(todo_setup, admin_client):
url = reverse('todo:add_list')
response = admin_client.get(url)
assert response.status_code == 200
def test_view_task_detail(todo_setup, admin_client):
task = Task.objects.first()
url = reverse('todo:task_detail', kwargs={'task_id': task.id})
response = admin_client.get(url)
assert response.status_code == 200
def test_view_search(todo_setup, admin_client):
url = reverse('todo:search')
response = admin_client.get(url)
assert response.status_code == 200
# ### PERMISSIONS ###
"""
Some views are for staff users only.
We've already smoke-tested with Admin user - try these with normal user.
These exercise our custom @staff_only decorator without calling that function explicitly.
"""
def test_view_add_list_nonadmin(todo_setup, client):
url = reverse('todo:add_list')
client.login(username="you", password="password")
response = client.get(url)
assert response.status_code == 403
def test_view_del_list_nonadmin(todo_setup, client):
tlist = TaskList.objects.get(slug="zip")
url = reverse('todo:del_list', kwargs={'list_id': tlist.id, 'list_slug': tlist.slug})
client.login(username="you", password="password")
response = client.get(url)
assert response.status_code == 403
def test_view_list_mine(todo_setup, client):
"""View a list in a group I belong to.
"""
tlist = TaskList.objects.get(slug="zip") # User u1 is in this group's list
url = reverse('todo:list_detail', kwargs={'list_id': tlist.id, 'list_slug': tlist.slug})
client.login(username="u1", password="password")
response = client.get(url)
assert response.status_code == 200
def test_view_list_not_mine(todo_setup, client):
"""View a list in a group I don't belong to.
"""
tlist = TaskList.objects.get(slug="zip") # User u1 is in this group, user u2 is not.
url = reverse('todo:list_detail', kwargs={'list_id': tlist.id, 'list_slug': tlist.slug})
client.login(username="u2", password="password")
response = client.get(url)
assert response.status_code == 403
def test_view_task_mine(todo_setup, client):
# Users can always view their own tasks
task = Task.objects.filter(created_by__username="u1").first()
client.login(username="u1", password="password")
url = reverse('todo:task_detail', kwargs={'task_id': task.id})
response = client.get(url)
assert response.status_code == 200
def test_view_task_my_group(todo_setup, client, django_user_model):
# User can always view tasks that are NOT theirs IF the task is in a shared group.
# u1 and u2 are in different groups in the fixture -
# Put them in the same group.
g1 = Group.objects.get(name="Workgroup One")
u2 = django_user_model.objects.get(username="u2")
u2.groups.add(g1)
# Now u2 should be able to view one of u1's tasks.
task = Task.objects.filter(created_by__username="u1").first()
url = reverse('todo:task_detail', kwargs={'task_id': task.id})
client.login(username="u2", password="password")
response = client.get(url)
assert response.status_code == 200
def test_view_task_not_in_my_group(todo_setup, client):
# User canNOT view a task that isn't theirs if the two users are not in a shared group.
# For this we can use the fixture data as-is.
task = Task.objects.filter(created_by__username="u1").first()
url = reverse('todo:task_detail', kwargs={'task_id': task.id})
client.login(username="u2", password="password")
response = client.get(url)
assert response.status_code == 403
Reference in a new issue View git blame Copy permalink