experiENS/avisstage/tests.py

from authens.tests.cas_utils import FakeCASClient
from authens.models import CASAccount, OldCASAccount

from datetime import date, timedelta

from django.test import TestCase
from django.urls import reverse
from django.conf import settings
from django.utils import timezone

from unittest import mock

from .models import User, Normalien, Lieu, Stage, StageMatiere, AvisLieu

class ExperiENSTestCase(TestCase):
    
    # Dummy database

    def setUp(self):
        self.u_conscrit = User.objects.create_user('conscrit',
                                                   'conscrit@ens.fr',
                                                   'conscrit')
        self.p_conscrit = self.u_conscrit.profil
        self.p_conscrit.nom = "Petit conscrit"
        self.p_conscrit.promotion = "Serpentard 2020"
        self.p_conscrit.bio = "Je suis un petit conscrit"
        self.p_conscrit.save()

        self.sa_conscrit = CASAccount(
            user=self.u_conscrit,
            cas_login="conscrit",
            entrance_year=2020,
        )
        self.sa_conscrit.save()
        
        self.u_archi = User.objects.create_user('archicube',
                                                'archicube@ens.fr',
                                                'archicube')
        self.p_archi = self.u_archi.profil
        self.p_archi.nom="Vieil archicube"
        self.p_archi.promotion="Gryffondor 2014"
        self.p_archi.bio="Je suis un vieil archicube"

        self.lieu1 = Lieu(nom="Beaux-Bâtons", type_lieu="universite",
                          ville="Brocéliande", pays="FR",
                          coord="POINT(-1.63971 48.116382)")
        self.lieu1.save()
        self.lieu2 = Lieu(nom="Durmstrang", type_lieu="universite",
                          ville="Edimbourg", pays="GB",
                          coord="POINT(56.32153 -1.259715)")
        self.lieu2.save()

        self.matiere1 = StageMatiere(nom="Arithmancie", slug="arithmancie")
        self.matiere1.save()
        self.matiere2 = StageMatiere(nom="Sortilège", slug="sortilege")
        self.matiere2.save()
        
        self.cstage1 = Stage(auteur=self.p_conscrit, sujet="Wingardium Leviosa",
                             date_debut=date(2020, 5, 10),
                             date_fin=date(2020, 8, 26),
                             type_stage="recherche",
                             niveau_scol="M1", public=True)
        self.cstage1.save()
        self.cstage1.matieres.add(self.matiere1)
        alieu1 = AvisLieu(stage=self.cstage1, lieu=self.lieu1,
                          chapo="Trop bien")
        alieu1.save()

        self.cstage2 = Stage(auteur=self.p_conscrit, sujet="Avada Kedavra",
                             date_debut=date(2021, 5, 10),
                             date_fin=date(2021, 8, 26),
                             type_stage="sejour_dri",
                             niveau_scol="M2", public=False)
        self.cstage2.save()
        self.cstage2.matieres.add(self.matiere2)
        alieu2 = AvisLieu(stage=self.cstage2, lieu=self.lieu2,
                          chapo="Trop nul")
        alieu2.save()

        
        self.astage1 = Stage(auteur=self.p_archi, sujet="Alohomora",
                             date_debut=date(2014, 5, 10),
                             date_fin=date(2014, 8, 26),
                             type_stage="recherche",
                             niveau_scol="M2", public=True)
        self.astage1.save()
        self.astage1.matieres.add(self.matiere2)
        alieu3 = AvisLieu(stage=self.astage1, lieu=self.lieu1,
                          chapo="Trop moyen")
        alieu3.save()

    def assertRedirectToLogin(self, testurl):
        r = self.client.get(testurl)
        return self.assertRedirects(r, settings.LOGIN_URL+"?next="+testurl)

    def assertPageNotFound(self, testurl):
        r = self.client.get(testurl)
        self.assertEqual(r.status_code, 404)


"""
ACCÈS PUBLIC
"""
class PublicViewsTest(ExperiENSTestCase):
    """
    Vérifie que les fiches de stages ne sont pas visibles hors connexion
    """
    def test_stage_visibility_public(self):
        self.assertRedirectToLogin(reverse('avisstage:stage',
                                           kwargs={'pk':self.cstage1.id}))
        
        self.assertRedirectToLogin(reverse('avisstage:stage',
                                           kwargs={'pk':self.cstage2.id}))
        
        self.assertRedirectToLogin(reverse('avisstage:stage',
                                           kwargs={'pk':self.astage1.id}))


    """
    Vérifie que les profils de normaliens ne sont pas visibles hors connexion
    """
    def test_profil_visibility_public(self):
        self.assertRedirectToLogin(reverse(
            'avisstage:profil', kwargs={'username': self.u_conscrit.username}))

        self.assertRedirectToLogin(reverse(
            'avisstage:profil', kwargs={'username': self.u_archi.username}))

                                   
    """
    Vérifie que la recherche n'est pas accessible hors connexion
    """
    def test_pages_visibility_public(self):
        self.assertRedirectToLogin(reverse('avisstage:recherche'))

        self.assertRedirectToLogin(reverse('avisstage:recherche_resultats'))

        self.assertRedirectToLogin(reverse('avisstage:stage_items'))

        self.assertRedirectToLogin(reverse('avisstage:feedback'))

        self.assertRedirectToLogin(reverse('avisstage:moderation'))

    """
    Vérifie que l'API n'est pas accessible hors connexion
    """
    def test_api_visibility_public(self):
        testurl = reverse('avisstage:api_dispatch_list',
                          kwargs={"resource_name": "lieu",
                                  "api_name": "v1"})
        r = self.client.get(testurl)
        self.assertEqual(r.status_code, 401)
        
        testurl = reverse('avisstage:api_dispatch_list',
                          kwargs={"resource_name": "stage",
                                  "api_name": "v1"})
        r = self.client.get(testurl)
        self.assertEqual(r.status_code, 401)
        
        testurl = reverse('avisstage:api_dispatch_list',
                          kwargs={"resource_name": "profil",
                                  "api_name": "v1"})
        r = self.client.get(testurl)
        self.assertEqual(r.status_code, 401)

    
    """
    Vérifie que les pages d'édition ne sont pas accessible hors connexion
    """
    def test_edit_visibility_public(self):
        self.assertRedirectToLogin(reverse(
            'avisstage:stage_edit', kwargs={'pk':self.cstage1.id}))
        
        self.assertRedirectToLogin(reverse(
            'avisstage:stage_edit', kwargs={'pk':self.astage1.id}))

        self.assertRedirectToLogin(reverse(
            'avisstage:stage_publication', kwargs={'pk':self.cstage1.id}))

        self.assertRedirectToLogin(reverse(
            'avisstage:stage_publication', kwargs={'pk':self.astage1.id}))

        self.assertRedirectToLogin(reverse('avisstage:stage_ajout'))

        self.assertRedirectToLogin(reverse('avisstage:profil_edit'))


"""
ACCÈS ARCHICUBE
"""
class ArchicubeViewsTest(ExperiENSTestCase):
    def setUp(self):
        super().setUp()
        # Connexion with password
        self.client.login(username='archicube', password='archicube')

    def assert403Archicubes(self, testurl):
        r = self.client.get(testurl)
        return self.assertRedirects(r, reverse('avisstage:403-archicubes'))

    """
    Vérifie que les seules fiches de stages visibles sont les siennes
    """
    def test_stage_visibility_archi(self):
        self.assertPageNotFound(reverse('avisstage:stage',
                                        kwargs={'pk':self.cstage1.id}))
        
        self.assertPageNotFound(reverse('avisstage:stage',
                                        kwargs={'pk':self.cstage2.id}))
        
        testurl = reverse('avisstage:stage',
                          kwargs={'pk':self.astage1.id})
        r = self.client.get(testurl)
        self.assertEqual(r.status_code, 200)


    """
    Vérifie que le seul profil visible est le sien
    """
    def test_profil_visibility_archi(self):
        self.assertPageNotFound(reverse(
            'avisstage:profil', kwargs={'username': self.u_conscrit.username}))

        testurl = reverse('avisstage:profil',
                          kwargs={'username': self.u_archi.username})
        r = self.client.get(testurl)
        self.assertEqual(r.status_code, 200)

                                   
    """
    Vérifie que la recherche n'est pas accessible
    """
    def test_pages_visibility_archi(self):
        self.assert403Archicubes(reverse('avisstage:recherche'))
        
        self.assert403Archicubes(reverse('avisstage:recherche_resultats'))

        self.assert403Archicubes(reverse('avisstage:stage_items'))

        testurl = reverse('avisstage:feedback')
        r = self.client.post(testurl, {"objet": "Contact",
                                       "message": "Ceci est un texte"})
        self.assertRedirects(r, reverse('avisstage:index'))

        testurl = reverse('avisstage:moderation')
        r = self.client.get(testurl)
        self.assertRedirects(r, reverse('admin:login')+"?next="+testurl)


    """
    Vérifie que la seule API accessible est celle des lieux
    """
    def test_api_visibility_archi(self):
        testurl = reverse('avisstage:api_dispatch_list',
                          kwargs={"resource_name": "lieu",
                                  "api_name": "v1"})
        r = self.client.get(testurl)
        self.assertEqual(r.status_code, 200)
        
        testurl = reverse('avisstage:api_dispatch_list',
                          kwargs={"resource_name": "stage",
                                  "api_name": "v1"})
        r = self.client.get(testurl)
        self.assertEqual(r.status_code, 401)
        
        testurl = reverse('avisstage:api_dispatch_list',
                          kwargs={"resource_name": "profil",
                                  "api_name": "v1"})
        r = self.client.get(testurl)
        self.assertEqual(r.status_code, 401)

    
    """
    Vérifie que le seul stage modifiable est le sien
    """
    def test_edit_visibility_archi(self):
        testurl = reverse('avisstage:stage_edit', kwargs={'pk':self.cstage1.id})
        r = self.client.get(testurl)
        self.assertEqual(r.status_code, 403)

        testurl = reverse('avisstage:stage_edit', kwargs={'pk':self.astage1.id})
        r = self.client.get(testurl)
        self.assertEqual(r.status_code, 200)

        testurl = reverse('avisstage:stage_publication',
                          kwargs={'pk':self.cstage1.id})
        r = self.client.post(testurl, {"publier": True})
        self.assertEqual(r.status_code, 403)

        testurl = reverse('avisstage:stage_publication',
                          kwargs={'pk':self.astage1.id})
        r = self.client.post(testurl, {"publier": True})
        self.assertRedirects(r, reverse('avisstage:stage',
                                        kwargs={"pk": self.astage1.id}))
        
        testurl = reverse('avisstage:stage_ajout')
        r = self.client.get(testurl)
        self.assertEqual(r.status_code, 200)
        
        testurl = reverse('avisstage:profil_edit')
        r = self.client.get(testurl)
        self.assertEqual(r.status_code, 200)

        # TODO : test post()


class DeprecatedArchicubeViewsTest(ArchicubeViewsTest):
    @mock.patch("authens.backends.get_cas_client")
    def setUp(self, mock_cas_client):
        super().setUp()

        fake_cas_client = FakeCASClient(cas_login="archicube", entrance_year=2012)
        mock_cas_client.return_value = fake_cas_client
    
        self.sa_archi = OldCASAccount(
            user=self.u_archi,
            cas_login="archicube",
            entrance_year=2012,
        )
        self.sa_archi.save()

        # First connexion through CAS
        self.client.login(ticket="dummy")
        self.client.logout()

        # Time flies
        self.p_archi.last_cas_login = (timezone.now() - timedelta(days=365)).date()
        self.p_archi.save()

        # New connexion with password
        self.client.login(username='archicube', password='archicube')


"""
ACCÈS EN SCOLARITE
"""
class ScolariteViewsTest(ExperiENSTestCase):
    @mock.patch("authens.backends.get_cas_client")
    def setUp(self, mock_cas_client):
        super().setUp()

        fake_cas_client = FakeCASClient(cas_login="vieuxcon", entrance_year=2017)
        mock_cas_client.return_value = fake_cas_client
        
        self.u_vieuxcon = User.objects.create_user(
            'vieuxcon',
            'vieuxcon@ens.fr',
            'vieuxcon'
        )
        self.p_vieuxcon = self.u_vieuxcon.profil
        self.p_vieuxcon.nom="Vieux con"
        self.p_vieuxcon.promotion="Poufsouffle 2017"
        self.p_vieuxcon.bio="Je suis un vieux con encore en scolarité"
        self.p_vieuxcon.save()

        self.sa_vieuxcon = CASAccount(
            user=self.u_vieuxcon,
            cas_login="vieuxcon",
            entrance_year=2017,
        )
        self.sa_vieuxcon.save()
        
        self.vstage1 = Stage(auteur=self.p_vieuxcon, sujet="Oubliettes",
                             date_debut=date(2018, 5, 10),
                             date_fin=date(2018, 8, 26),
                             type_stage="recherche",
                             niveau_scol="M1", public=False)
        self.vstage1.save()
        self.vstage1.matieres.add(self.matiere2)
        alieu1 = AvisLieu(stage=self.vstage1, lieu=self.lieu2,
                          chapo="Pas si mal")
        alieu1.save()

        # Connexion through CAS
        self.client.login(ticket="dummy")

    """
    Vérifie que les seules fiches de stages visibles sont les siennes ou celles
    publiques
    """
    def test_stage_visibility_scolarite(self):
        testurl = reverse('avisstage:stage',
                          kwargs={'pk':self.cstage1.id})
        r = self.client.get(testurl)
        self.assertEqual(r.status_code, 200)

        self.assertPageNotFound(reverse('avisstage:stage',
                                        kwargs={'pk':self.cstage2.id}))
        
        testurl = reverse('avisstage:stage',
                          kwargs={'pk':self.vstage1.id})
        r = self.client.get(testurl)
        self.assertEqual(r.status_code, 200)


    """
    Vérifie que tous les profils sont visibles
    """
    def test_profil_visibility_scolarite(self):
        testurl = reverse('avisstage:profil',
                          kwargs={'username': self.u_conscrit.username})
        r = self.client.get(testurl)
        self.assertEqual(r.status_code, 200)
        self.assertContains(r, "Wingardium Leviosa") # Public
        self.assertNotContains(r, "Avada Kedavra") # Brouillon

        testurl = reverse('avisstage:profil',
                          kwargs={'username': self.u_archi.username})
        r = self.client.get(testurl)
        self.assertEqual(r.status_code, 200)

        testurl = reverse('avisstage:profil',
                          kwargs={'username': self.u_vieuxcon.username})
        r = self.client.get(testurl)
        self.assertEqual(r.status_code, 200)

                                   
    """
    Vérifie que la recherche et les autres pages sont accessibles
    """
    def test_pages_visibility_scolarite(self):
        testurl = reverse('avisstage:recherche')
        r = self.client.get(testurl)
        self.assertEqual(r.status_code, 200)

        testurl = reverse('avisstage:recherche_resultats')
        r = self.client.get(testurl)
        self.assertEqual(r.status_code, 200)
        self.assertContains(r, "Wingardium Leviosa") # Public
        self.assertNotContains(r, "Avada Kedavra") # Brouillon

        testurl = reverse('avisstage:stage_items') + "?ids=" \
                  + ";".join(("%d" % k.id) for k in [self.cstage1,
                                                     self.cstage2,
                                                     self.astage1])
        r = self.client.get(testurl)
        self.assertEqual(r.status_code, 200)
        self.assertContains(r, "Wingardium Leviosa") # Public
        self.assertNotContains(r, "Avada Kedavra") # Brouillon

        testurl = reverse('avisstage:feedback')
        r = self.client.post(testurl, {"objet": "Contact",
                                       "message": "Ceci est un texte"})
        self.assertRedirects(r, reverse('avisstage:index'))

        testurl = reverse('avisstage:moderation')
        r = self.client.get(testurl)
        self.assertRedirects(r, reverse('admin:login')+"?next="+testurl)


    """
    Vérifie que toutes les API sont accessibles et qu'elles ne montrent que les
    stages publics
    """
    def test_api_visibility_scolarite(self):
        testurl = reverse('avisstage:api_dispatch_list',
                          kwargs={"resource_name": "lieu",
                                  "api_name": "v1"})
        r = self.client.get(testurl)
        self.assertEqual(r.status_code, 200)
        
        testurl = reverse('avisstage:api_dispatch_list',
                          kwargs={"resource_name": "stage",
                                  "api_name": "v1"})
        r = self.client.get(testurl)
        self.assertEqual(r.status_code, 200)
        self.assertContains(r, "Wingardium Leviosa") # Public
        self.assertNotContains(r, "Avada Kedavra") # Brouillon
        
        testurl = reverse('avisstage:api_dispatch_list',
                          kwargs={"resource_name": "profil",
                                  "api_name": "v1"})
        r = self.client.get(testurl)
        self.assertEqual(r.status_code, 200)

    
    """
    Vérifie que le seul stage modifiable est le sien
    """
    def test_edit_visibility_scolarite(self):
        testurl = reverse('avisstage:stage_edit', kwargs={'pk':self.cstage1.id})
        r = self.client.get(testurl)
        self.assertEqual(r.status_code, 403)

        testurl = reverse('avisstage:stage_edit', kwargs={'pk':self.astage1.id})
        r = self.client.get(testurl)
        self.assertEqual(r.status_code, 403)
        
        testurl = reverse('avisstage:stage_edit', kwargs={'pk':self.vstage1.id})
        r = self.client.get(testurl)
        self.assertEqual(r.status_code, 200)

        testurl = reverse('avisstage:stage_publication',
                          kwargs={'pk':self.cstage1.id})
        r = self.client.post(testurl, {"publier": True})
        self.assertEqual(r.status_code, 403)

        testurl = reverse('avisstage:stage_publication',
                          kwargs={'pk':self.vstage1.id})
        r = self.client.post(testurl, {"publier": True})
        self.assertRedirects(r, reverse('avisstage:stage',
                                        kwargs={"pk": self.vstage1.id}))
        
        testurl = reverse('avisstage:stage_ajout')
        r = self.client.get(testurl)
        self.assertEqual(r.status_code, 200)
        
        testurl = reverse('avisstage:profil_edit')
        r = self.client.get(testurl)
        self.assertEqual(r.status_code, 200)

        # TODO : test post()
Mise à jour 2021 2021-02-07 18:23:24 +01:00			`from authens.tests.cas_utils import FakeCASClient`
			`from authens.models import CASAccount, OldCASAccount`
Tests de visibilité 2018-12-29 23:23:36 +01:00
Mise à jour 2021 2021-02-07 18:23:24 +01:00			`from datetime import date, timedelta`
Tests de visibilité 2018-12-29 23:23:36 +01:00
Début du renouveau 2017-04-04 00:31:50 +02:00			`from django.test import TestCase`
Tests de visibilité 2018-12-29 23:23:36 +01:00			`from django.urls import reverse`
			`from django.conf import settings`
Mise à jour 2021 2021-02-07 18:23:24 +01:00			`from django.utils import timezone`

			`from unittest import mock`
Tests de visibilité 2018-12-29 23:23:36 +01:00
			`from .models import User, Normalien, Lieu, Stage, StageMatiere, AvisLieu`

Mise à jour 2021 2021-02-07 18:23:24 +01:00			`class ExperiENSTestCase(TestCase):`
Tests de visibilité 2018-12-29 23:23:36 +01:00
			`# Dummy database`
Mise à jour 2021 2021-02-07 18:23:24 +01:00
Tests de visibilité 2018-12-29 23:23:36 +01:00			`def setUp(self):`
			`self.u_conscrit = User.objects.create_user('conscrit',`
			`'conscrit@ens.fr',`
			`'conscrit')`
			`self.p_conscrit = self.u_conscrit.profil`
Mise à jour 2021 2021-02-07 18:23:24 +01:00			`self.p_conscrit.nom = "Petit conscrit"`
			`self.p_conscrit.promotion = "Serpentard 2020"`
			`self.p_conscrit.bio = "Je suis un petit conscrit"`
Tests de visibilité 2018-12-29 23:23:36 +01:00			`self.p_conscrit.save()`

Mise à jour 2021 2021-02-07 18:23:24 +01:00			`self.sa_conscrit = CASAccount(`
			`user=self.u_conscrit,`
			`cas_login="conscrit",`
			`entrance_year=2020,`
			`)`
Tests de visibilité 2018-12-29 23:23:36 +01:00			`self.sa_conscrit.save()`

			`self.u_archi = User.objects.create_user('archicube',`
			`'archicube@ens.fr',`
			`'archicube')`
			`self.p_archi = self.u_archi.profil`
			`self.p_archi.nom="Vieil archicube"`
Mise à jour 2021 2021-02-07 18:23:24 +01:00			`self.p_archi.promotion="Gryffondor 2014"`
Tests de visibilité 2018-12-29 23:23:36 +01:00			`self.p_archi.bio="Je suis un vieil archicube"`

			`self.lieu1 = Lieu(nom="Beaux-Bâtons", type_lieu="universite",`
			`ville="Brocéliande", pays="FR",`
			`coord="POINT(-1.63971 48.116382)")`
			`self.lieu1.save()`
			`self.lieu2 = Lieu(nom="Durmstrang", type_lieu="universite",`
			`ville="Edimbourg", pays="GB",`
			`coord="POINT(56.32153 -1.259715)")`
			`self.lieu2.save()`

			`self.matiere1 = StageMatiere(nom="Arithmancie", slug="arithmancie")`
			`self.matiere1.save()`
			`self.matiere2 = StageMatiere(nom="Sortilège", slug="sortilege")`
			`self.matiere2.save()`

			`self.cstage1 = Stage(auteur=self.p_conscrit, sujet="Wingardium Leviosa",`
Mise à jour 2021 2021-02-07 18:23:24 +01:00			`date_debut=date(2020, 5, 10),`
			`date_fin=date(2020, 8, 26),`
Tests de visibilité 2018-12-29 23:23:36 +01:00			`type_stage="recherche",`
			`niveau_scol="M1", public=True)`
			`self.cstage1.save()`
			`self.cstage1.matieres.add(self.matiere1)`
			`alieu1 = AvisLieu(stage=self.cstage1, lieu=self.lieu1,`
			`chapo="Trop bien")`
			`alieu1.save()`

			`self.cstage2 = Stage(auteur=self.p_conscrit, sujet="Avada Kedavra",`
Mise à jour 2021 2021-02-07 18:23:24 +01:00			`date_debut=date(2021, 5, 10),`
			`date_fin=date(2021, 8, 26),`
Tests de visibilité 2018-12-29 23:23:36 +01:00			`type_stage="sejour_dri",`
			`niveau_scol="M2", public=False)`
			`self.cstage2.save()`
			`self.cstage2.matieres.add(self.matiere2)`
			`alieu2 = AvisLieu(stage=self.cstage2, lieu=self.lieu2,`
			`chapo="Trop nul")`
			`alieu2.save()`


			`self.astage1 = Stage(auteur=self.p_archi, sujet="Alohomora",`
Mise à jour 2021 2021-02-07 18:23:24 +01:00			`date_debut=date(2014, 5, 10),`
			`date_fin=date(2014, 8, 26),`
Tests de visibilité 2018-12-29 23:23:36 +01:00			`type_stage="recherche",`
			`niveau_scol="M2", public=True)`
			`self.astage1.save()`
			`self.astage1.matieres.add(self.matiere2)`
			`alieu3 = AvisLieu(stage=self.astage1, lieu=self.lieu1,`
			`chapo="Trop moyen")`
			`alieu3.save()`

			`def assertRedirectToLogin(self, testurl):`
			`r = self.client.get(testurl)`
			`return self.assertRedirects(r, settings.LOGIN_URL+"?next="+testurl)`

			`def assertPageNotFound(self, testurl):`
			`r = self.client.get(testurl)`
			`self.assertEqual(r.status_code, 404)`







			`"""`
Mise à jour 2021 2021-02-07 18:23:24 +01:00			`ACCÈS PUBLIC`
Tests de visibilité 2018-12-29 23:23:36 +01:00			`"""`
			`class PublicViewsTest(ExperiENSTestCase):`
			`"""`
			`Vérifie que les fiches de stages ne sont pas visibles hors connexion`
			`"""`
			`def test_stage_visibility_public(self):`
			`self.assertRedirectToLogin(reverse('avisstage:stage',`
			`kwargs={'pk':self.cstage1.id}))`

			`self.assertRedirectToLogin(reverse('avisstage:stage',`
			`kwargs={'pk':self.cstage2.id}))`

			`self.assertRedirectToLogin(reverse('avisstage:stage',`
			`kwargs={'pk':self.astage1.id}))`


			`"""`
			`Vérifie que les profils de normaliens ne sont pas visibles hors connexion`
			`"""`
			`def test_profil_visibility_public(self):`
			`self.assertRedirectToLogin(reverse(`
			`'avisstage:profil', kwargs={'username': self.u_conscrit.username}))`

			`self.assertRedirectToLogin(reverse(`
			`'avisstage:profil', kwargs={'username': self.u_archi.username}))`


			`"""`
			`Vérifie que la recherche n'est pas accessible hors connexion`
			`"""`
			`def test_pages_visibility_public(self):`
			`self.assertRedirectToLogin(reverse('avisstage:recherche'))`

			`self.assertRedirectToLogin(reverse('avisstage:recherche_resultats'))`

			`self.assertRedirectToLogin(reverse('avisstage:stage_items'))`

			`self.assertRedirectToLogin(reverse('avisstage:feedback'))`

			`self.assertRedirectToLogin(reverse('avisstage:moderation'))`

			`"""`
			`Vérifie que l'API n'est pas accessible hors connexion`
			`"""`
			`def test_api_visibility_public(self):`
			`testurl = reverse('avisstage:api_dispatch_list',`
			`kwargs={"resource_name": "lieu",`
			`"api_name": "v1"})`
			`r = self.client.get(testurl)`
			`self.assertEqual(r.status_code, 401)`

			`testurl = reverse('avisstage:api_dispatch_list',`
			`kwargs={"resource_name": "stage",`
			`"api_name": "v1"})`
			`r = self.client.get(testurl)`
			`self.assertEqual(r.status_code, 401)`

			`testurl = reverse('avisstage:api_dispatch_list',`
			`kwargs={"resource_name": "profil",`
			`"api_name": "v1"})`
			`r = self.client.get(testurl)`
			`self.assertEqual(r.status_code, 401)`


			`"""`
			`Vérifie que les pages d'édition ne sont pas accessible hors connexion`
			`"""`
			`def test_edit_visibility_public(self):`
			`self.assertRedirectToLogin(reverse(`
			`'avisstage:stage_edit', kwargs={'pk':self.cstage1.id}))`

			`self.assertRedirectToLogin(reverse(`
			`'avisstage:stage_edit', kwargs={'pk':self.astage1.id}))`

			`self.assertRedirectToLogin(reverse(`
			`'avisstage:stage_publication', kwargs={'pk':self.cstage1.id}))`

			`self.assertRedirectToLogin(reverse(`
			`'avisstage:stage_publication', kwargs={'pk':self.astage1.id}))`

			`self.assertRedirectToLogin(reverse('avisstage:stage_ajout'))`

			`self.assertRedirectToLogin(reverse('avisstage:profil_edit'))`






			`"""`
			`ACCÈS ARCHICUBE`
			`"""`
			`class ArchicubeViewsTest(ExperiENSTestCase):`
			`def setUp(self):`
			`super().setUp()`
Mise à jour 2021 2021-02-07 18:23:24 +01:00			`# Connexion with password`
Tests de visibilité 2018-12-29 23:23:36 +01:00			`self.client.login(username='archicube', password='archicube')`

			`def assert403Archicubes(self, testurl):`
			`r = self.client.get(testurl)`
			`return self.assertRedirects(r, reverse('avisstage:403-archicubes'))`

			`"""`
			`Vérifie que les seules fiches de stages visibles sont les siennes`
			`"""`
			`def test_stage_visibility_archi(self):`
			`self.assertPageNotFound(reverse('avisstage:stage',`
			`kwargs={'pk':self.cstage1.id}))`

			`self.assertPageNotFound(reverse('avisstage:stage',`
			`kwargs={'pk':self.cstage2.id}))`

			`testurl = reverse('avisstage:stage',`
			`kwargs={'pk':self.astage1.id})`
			`r = self.client.get(testurl)`
			`self.assertEqual(r.status_code, 200)`


			`"""`
			`Vérifie que le seul profil visible est le sien`
			`"""`
			`def test_profil_visibility_archi(self):`
			`self.assertPageNotFound(reverse(`
			`'avisstage:profil', kwargs={'username': self.u_conscrit.username}))`

			`testurl = reverse('avisstage:profil',`
			`kwargs={'username': self.u_archi.username})`
			`r = self.client.get(testurl)`
			`self.assertEqual(r.status_code, 200)`


			`"""`
			`Vérifie que la recherche n'est pas accessible`
			`"""`
			`def test_pages_visibility_archi(self):`
			`self.assert403Archicubes(reverse('avisstage:recherche'))`

			`self.assert403Archicubes(reverse('avisstage:recherche_resultats'))`

			`self.assert403Archicubes(reverse('avisstage:stage_items'))`

			`testurl = reverse('avisstage:feedback')`
			`r = self.client.post(testurl, {"objet": "Contact",`
			`"message": "Ceci est un texte"})`
			`self.assertRedirects(r, reverse('avisstage:index'))`

			`testurl = reverse('avisstage:moderation')`
			`r = self.client.get(testurl)`
			`self.assertRedirects(r, reverse('admin:login')+"?next="+testurl)`


			`"""`
			`Vérifie que la seule API accessible est celle des lieux`
			`"""`
			`def test_api_visibility_archi(self):`
			`testurl = reverse('avisstage:api_dispatch_list',`
			`kwargs={"resource_name": "lieu",`
			`"api_name": "v1"})`
			`r = self.client.get(testurl)`
			`self.assertEqual(r.status_code, 200)`

			`testurl = reverse('avisstage:api_dispatch_list',`
			`kwargs={"resource_name": "stage",`
			`"api_name": "v1"})`
			`r = self.client.get(testurl)`
			`self.assertEqual(r.status_code, 401)`

			`testurl = reverse('avisstage:api_dispatch_list',`
			`kwargs={"resource_name": "profil",`
			`"api_name": "v1"})`
			`r = self.client.get(testurl)`
			`self.assertEqual(r.status_code, 401)`


			`"""`
			`Vérifie que le seul stage modifiable est le sien`
			`"""`
			`def test_edit_visibility_archi(self):`
			`testurl = reverse('avisstage:stage_edit', kwargs={'pk':self.cstage1.id})`
			`r = self.client.get(testurl)`
			`self.assertEqual(r.status_code, 403)`

			`testurl = reverse('avisstage:stage_edit', kwargs={'pk':self.astage1.id})`
			`r = self.client.get(testurl)`
			`self.assertEqual(r.status_code, 200)`

			`testurl = reverse('avisstage:stage_publication',`
			`kwargs={'pk':self.cstage1.id})`
			`r = self.client.post(testurl, {"publier": True})`
			`self.assertEqual(r.status_code, 403)`

			`testurl = reverse('avisstage:stage_publication',`
			`kwargs={'pk':self.astage1.id})`
			`r = self.client.post(testurl, {"publier": True})`
			`self.assertRedirects(r, reverse('avisstage:stage',`
			`kwargs={"pk": self.astage1.id}))`

			`testurl = reverse('avisstage:stage_ajout')`
			`r = self.client.get(testurl)`
			`self.assertEqual(r.status_code, 200)`

			`testurl = reverse('avisstage:profil_edit')`
			`r = self.client.get(testurl)`
			`self.assertEqual(r.status_code, 200)`

			`# TODO : test post()`


Test obsolescence des comptes 2018-12-30 16:29:36 +01:00			`class DeprecatedArchicubeViewsTest(ArchicubeViewsTest):`
Mise à jour 2021 2021-02-07 18:23:24 +01:00			`@mock.patch("authens.backends.get_cas_client")`
			`def setUp(self, mock_cas_client):`
Test obsolescence des comptes 2018-12-30 16:29:36 +01:00			`super().setUp()`
Mise à jour 2021 2021-02-07 18:23:24 +01:00
			`fake_cas_client = FakeCASClient(cas_login="archicube", entrance_year=2012)`
			`mock_cas_client.return_value = fake_cas_client`

			`self.sa_archi = OldCASAccount(`
			`user=self.u_archi,`
			`cas_login="archicube",`
			`entrance_year=2012,`
			`)`
Test obsolescence des comptes 2018-12-30 16:29:36 +01:00			`self.sa_archi.save()`
Tests de visibilité 2018-12-29 23:23:36 +01:00
Mise à jour 2021 2021-02-07 18:23:24 +01:00			`# First connexion through CAS`
			`self.client.login(ticket="dummy")`
			`self.client.logout()`

			`# Time flies`
			`self.p_archi.last_cas_login = (timezone.now() - timedelta(days=365)).date()`
			`self.p_archi.save()`

			`# New connexion with password`
Test obsolescence des comptes 2018-12-30 16:29:36 +01:00			`self.client.login(username='archicube', password='archicube')`
Tests de visibilité 2018-12-29 23:23:36 +01:00



			`"""`
			`ACCÈS EN SCOLARITE`
			`"""`
			`class ScolariteViewsTest(ExperiENSTestCase):`
Mise à jour 2021 2021-02-07 18:23:24 +01:00			`@mock.patch("authens.backends.get_cas_client")`
			`def setUp(self, mock_cas_client):`
Tests de visibilité 2018-12-29 23:23:36 +01:00			`super().setUp()`
Mise à jour 2021 2021-02-07 18:23:24 +01:00
			`fake_cas_client = FakeCASClient(cas_login="vieuxcon", entrance_year=2017)`
			`mock_cas_client.return_value = fake_cas_client`
Tests de visibilité 2018-12-29 23:23:36 +01:00
Mise à jour 2021 2021-02-07 18:23:24 +01:00			`self.u_vieuxcon = User.objects.create_user(`
			`'vieuxcon',`
			`'vieuxcon@ens.fr',`
			`'vieuxcon'`
			`)`
Tests de visibilité 2018-12-29 23:23:36 +01:00			`self.p_vieuxcon = self.u_vieuxcon.profil`
			`self.p_vieuxcon.nom="Vieux con"`
Mise à jour 2021 2021-02-07 18:23:24 +01:00			`self.p_vieuxcon.promotion="Poufsouffle 2017"`
Tests de visibilité 2018-12-29 23:23:36 +01:00			`self.p_vieuxcon.bio="Je suis un vieux con encore en scolarité"`
			`self.p_vieuxcon.save()`

Mise à jour 2021 2021-02-07 18:23:24 +01:00			`self.sa_vieuxcon = CASAccount(`
			`user=self.u_vieuxcon,`
			`cas_login="vieuxcon",`
			`entrance_year=2017,`
			`)`
Tests de visibilité 2018-12-29 23:23:36 +01:00			`self.sa_vieuxcon.save()`

			`self.vstage1 = Stage(auteur=self.p_vieuxcon, sujet="Oubliettes",`
Mise à jour 2021 2021-02-07 18:23:24 +01:00			`date_debut=date(2018, 5, 10),`
			`date_fin=date(2018, 8, 26),`
Tests de visibilité 2018-12-29 23:23:36 +01:00			`type_stage="recherche",`
			`niveau_scol="M1", public=False)`
			`self.vstage1.save()`
			`self.vstage1.matieres.add(self.matiere2)`
			`alieu1 = AvisLieu(stage=self.vstage1, lieu=self.lieu2,`
			`chapo="Pas si mal")`
			`alieu1.save()`
Mise à jour 2021 2021-02-07 18:23:24 +01:00
			`# Connexion through CAS`
			`self.client.login(ticket="dummy")`
Tests de visibilité 2018-12-29 23:23:36 +01:00
			`"""`
			`Vérifie que les seules fiches de stages visibles sont les siennes ou celles`
			`publiques`
			`"""`
			`def test_stage_visibility_scolarite(self):`
			`testurl = reverse('avisstage:stage',`
			`kwargs={'pk':self.cstage1.id})`
			`r = self.client.get(testurl)`
			`self.assertEqual(r.status_code, 200)`

			`self.assertPageNotFound(reverse('avisstage:stage',`
			`kwargs={'pk':self.cstage2.id}))`

			`testurl = reverse('avisstage:stage',`
			`kwargs={'pk':self.vstage1.id})`
			`r = self.client.get(testurl)`
			`self.assertEqual(r.status_code, 200)`


			`"""`
			`Vérifie que tous les profils sont visibles`
			`"""`
			`def test_profil_visibility_scolarite(self):`
			`testurl = reverse('avisstage:profil',`
			`kwargs={'username': self.u_conscrit.username})`
			`r = self.client.get(testurl)`
			`self.assertEqual(r.status_code, 200)`
Test obsolescence des comptes 2018-12-30 16:29:36 +01:00			`self.assertContains(r, "Wingardium Leviosa") # Public`
			`self.assertNotContains(r, "Avada Kedavra") # Brouillon`
Tests de visibilité 2018-12-29 23:23:36 +01:00
			`testurl = reverse('avisstage:profil',`
			`kwargs={'username': self.u_archi.username})`
			`r = self.client.get(testurl)`
			`self.assertEqual(r.status_code, 200)`

			`testurl = reverse('avisstage:profil',`
			`kwargs={'username': self.u_vieuxcon.username})`
			`r = self.client.get(testurl)`
			`self.assertEqual(r.status_code, 200)`


			`"""`
Mise à jour 2021 2021-02-07 18:23:24 +01:00			`Vérifie que la recherche et les autres pages sont accessibles`
Tests de visibilité 2018-12-29 23:23:36 +01:00			`"""`
			`def test_pages_visibility_scolarite(self):`
			`testurl = reverse('avisstage:recherche')`
			`r = self.client.get(testurl)`
			`self.assertEqual(r.status_code, 200)`

			`testurl = reverse('avisstage:recherche_resultats')`
			`r = self.client.get(testurl)`
			`self.assertEqual(r.status_code, 200)`
			`self.assertContains(r, "Wingardium Leviosa") # Public`
			`self.assertNotContains(r, "Avada Kedavra") # Brouillon`

			`testurl = reverse('avisstage:stage_items') + "?ids=" \`
			`+ ";".join(("%d" % k.id) for k in [self.cstage1,`
			`self.cstage2,`
			`self.astage1])`
			`r = self.client.get(testurl)`
			`self.assertEqual(r.status_code, 200)`
			`self.assertContains(r, "Wingardium Leviosa") # Public`
			`self.assertNotContains(r, "Avada Kedavra") # Brouillon`

			`testurl = reverse('avisstage:feedback')`
			`r = self.client.post(testurl, {"objet": "Contact",`
			`"message": "Ceci est un texte"})`
			`self.assertRedirects(r, reverse('avisstage:index'))`

			`testurl = reverse('avisstage:moderation')`
			`r = self.client.get(testurl)`
			`self.assertRedirects(r, reverse('admin:login')+"?next="+testurl)`


			`"""`
			`Vérifie que toutes les API sont accessibles et qu'elles ne montrent que les`
			`stages publics`
			`"""`
			`def test_api_visibility_scolarite(self):`
			`testurl = reverse('avisstage:api_dispatch_list',`
			`kwargs={"resource_name": "lieu",`
			`"api_name": "v1"})`
			`r = self.client.get(testurl)`
			`self.assertEqual(r.status_code, 200)`

			`testurl = reverse('avisstage:api_dispatch_list',`
			`kwargs={"resource_name": "stage",`
			`"api_name": "v1"})`
			`r = self.client.get(testurl)`
			`self.assertEqual(r.status_code, 200)`
			`self.assertContains(r, "Wingardium Leviosa") # Public`
			`self.assertNotContains(r, "Avada Kedavra") # Brouillon`

			`testurl = reverse('avisstage:api_dispatch_list',`
			`kwargs={"resource_name": "profil",`
			`"api_name": "v1"})`
			`r = self.client.get(testurl)`
			`self.assertEqual(r.status_code, 200)`


			`"""`
			`Vérifie que le seul stage modifiable est le sien`
			`"""`
			`def test_edit_visibility_scolarite(self):`
			`testurl = reverse('avisstage:stage_edit', kwargs={'pk':self.cstage1.id})`
			`r = self.client.get(testurl)`
			`self.assertEqual(r.status_code, 403)`

			`testurl = reverse('avisstage:stage_edit', kwargs={'pk':self.astage1.id})`
			`r = self.client.get(testurl)`
			`self.assertEqual(r.status_code, 403)`

			`testurl = reverse('avisstage:stage_edit', kwargs={'pk':self.vstage1.id})`
			`r = self.client.get(testurl)`
			`self.assertEqual(r.status_code, 200)`

			`testurl = reverse('avisstage:stage_publication',`
			`kwargs={'pk':self.cstage1.id})`
			`r = self.client.post(testurl, {"publier": True})`
			`self.assertEqual(r.status_code, 403)`

			`testurl = reverse('avisstage:stage_publication',`
			`kwargs={'pk':self.vstage1.id})`
			`r = self.client.post(testurl, {"publier": True})`
			`self.assertRedirects(r, reverse('avisstage:stage',`
			`kwargs={"pk": self.vstage1.id}))`

			`testurl = reverse('avisstage:stage_ajout')`
			`r = self.client.get(testurl)`
			`self.assertEqual(r.status_code, 200)`

			`testurl = reverse('avisstage:profil_edit')`
			`r = self.client.get(testurl)`
			`self.assertEqual(r.status_code, 200)`
Début du renouveau 2017-04-04 00:31:50 +02:00
Tests de visibilité 2018-12-29 23:23:36 +01:00			`# TODO : test post()`