Tests de visibilité
This commit is contained in:
Evarin
parent
04f56ec0af
commit
cb7f9187cf
2 changed files with 482 additions and 3 deletions
|
|
@ -1,3 +1,482 @@
|
|||
from django.test import TestCase
|
||||
from allauth.socialaccount.models import SocialAccount
|
||||
from allauth_cas.test.testcases import CASTestCase
|
||||
|
||||
# Create your tests here.
|
||||
from datetime import date
|
||||
|
||||
from django.test import TestCase
|
||||
from django.urls import reverse
|
||||
from django.conf import settings
|
||||
|
||||
from .models import User, Normalien, Lieu, Stage, StageMatiere, AvisLieu
|
||||
|
||||
class ExperiENSTestCase(CASTestCase):
|
||||
|
||||
# Dummy database
|
||||
|
||||
def setUp(self):
|
||||
self.u_conscrit = User.objects.create_user('conscrit',
|
||||
'conscrit@ens.fr',
|
||||
'conscrit')
|
||||
self.p_conscrit = self.u_conscrit.profil
|
||||
self.p_conscrit.nom="Petit conscrit"
|
||||
self.p_conscrit.promotion="Serpentard 2000"
|
||||
self.p_conscrit.bio="Je suis un petit conscrit"
|
||||
self.p_conscrit.save()
|
||||
|
||||
self.sa_conscrit = SocialAccount(user=self.u_conscrit,
|
||||
provider="clipper",
|
||||
uid="conscrit")
|
||||
self.sa_conscrit.save()
|
||||
|
||||
self.u_archi = User.objects.create_user('archicube',
|
||||
'archicube@ens.fr',
|
||||
'archicube')
|
||||
self.p_archi = self.u_archi.profil
|
||||
self.p_archi.nom="Vieil archicube"
|
||||
self.p_archi.promotion="Gryffondor 1994"
|
||||
self.p_archi.bio="Je suis un vieil archicube"
|
||||
|
||||
self.lieu1 = Lieu(nom="Beaux-Bâtons", type_lieu="universite",
|
||||
ville="Brocéliande", pays="FR",
|
||||
coord="POINT(-1.63971 48.116382)")
|
||||
self.lieu1.save()
|
||||
self.lieu2 = Lieu(nom="Durmstrang", type_lieu="universite",
|
||||
ville="Edimbourg", pays="GB",
|
||||
coord="POINT(56.32153 -1.259715)")
|
||||
self.lieu2.save()
|
||||
|
||||
self.matiere1 = StageMatiere(nom="Arithmancie", slug="arithmancie")
|
||||
self.matiere1.save()
|
||||
self.matiere2 = StageMatiere(nom="Sortilège", slug="sortilege")
|
||||
self.matiere2.save()
|
||||
|
||||
self.cstage1 = Stage(auteur=self.p_conscrit, sujet="Wingardium Leviosa",
|
||||
date_debut=date(2000, 5, 10),
|
||||
date_fin=date(2000, 8, 26),
|
||||
type_stage="recherche",
|
||||
niveau_scol="M1", public=True)
|
||||
self.cstage1.save()
|
||||
self.cstage1.matieres.add(self.matiere1)
|
||||
alieu1 = AvisLieu(stage=self.cstage1, lieu=self.lieu1,
|
||||
chapo="Trop bien")
|
||||
alieu1.save()
|
||||
|
||||
self.cstage2 = Stage(auteur=self.p_conscrit, sujet="Avada Kedavra",
|
||||
date_debut=date(2001, 5, 10),
|
||||
date_fin=date(2001, 8, 26),
|
||||
type_stage="sejour_dri",
|
||||
niveau_scol="M2", public=False)
|
||||
self.cstage2.save()
|
||||
self.cstage2.matieres.add(self.matiere2)
|
||||
alieu2 = AvisLieu(stage=self.cstage2, lieu=self.lieu2,
|
||||
chapo="Trop nul")
|
||||
alieu2.save()
|
||||
|
||||
|
||||
self.astage1 = Stage(auteur=self.p_archi, sujet="Alohomora",
|
||||
date_debut=date(1994, 5, 10),
|
||||
date_fin=date(1994, 8, 26),
|
||||
type_stage="recherche",
|
||||
niveau_scol="M2", public=True)
|
||||
self.astage1.save()
|
||||
self.astage1.matieres.add(self.matiere2)
|
||||
alieu3 = AvisLieu(stage=self.astage1, lieu=self.lieu1,
|
||||
chapo="Trop moyen")
|
||||
alieu3.save()
|
||||
|
||||
def assertRedirectToLogin(self, testurl):
|
||||
r = self.client.get(testurl)
|
||||
return self.assertRedirects(r, settings.LOGIN_URL+"?next="+testurl)
|
||||
|
||||
def assertPageNotFound(self, testurl):
|
||||
r = self.client.get(testurl)
|
||||
self.assertEqual(r.status_code, 404)
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
"""
|
||||
ACCÈS PUBLICS
|
||||
"""
|
||||
class PublicViewsTest(ExperiENSTestCase):
|
||||
"""
|
||||
Vérifie que les fiches de stages ne sont pas visibles hors connexion
|
||||
"""
|
||||
def test_stage_visibility_public(self):
|
||||
self.assertRedirectToLogin(reverse('avisstage:stage',
|
||||
kwargs={'pk':self.cstage1.id}))
|
||||
|
||||
self.assertRedirectToLogin(reverse('avisstage:stage',
|
||||
kwargs={'pk':self.cstage2.id}))
|
||||
|
||||
self.assertRedirectToLogin(reverse('avisstage:stage',
|
||||
kwargs={'pk':self.astage1.id}))
|
||||
|
||||
|
||||
"""
|
||||
Vérifie que les profils de normaliens ne sont pas visibles hors connexion
|
||||
"""
|
||||
def test_profil_visibility_public(self):
|
||||
self.assertRedirectToLogin(reverse(
|
||||
'avisstage:profil', kwargs={'username': self.u_conscrit.username}))
|
||||
|
||||
self.assertRedirectToLogin(reverse(
|
||||
'avisstage:profil', kwargs={'username': self.u_archi.username}))
|
||||
|
||||
|
||||
"""
|
||||
Vérifie que la recherche n'est pas accessible hors connexion
|
||||
"""
|
||||
def test_pages_visibility_public(self):
|
||||
self.assertRedirectToLogin(reverse('avisstage:recherche'))
|
||||
|
||||
self.assertRedirectToLogin(reverse('avisstage:recherche_resultats'))
|
||||
|
||||
self.assertRedirectToLogin(reverse('avisstage:stage_items'))
|
||||
|
||||
self.assertRedirectToLogin(reverse('avisstage:feedback'))
|
||||
|
||||
self.assertRedirectToLogin(reverse('avisstage:moderation'))
|
||||
|
||||
"""
|
||||
Vérifie que l'API n'est pas accessible hors connexion
|
||||
"""
|
||||
def test_api_visibility_public(self):
|
||||
testurl = reverse('avisstage:api_dispatch_list',
|
||||
kwargs={"resource_name": "lieu",
|
||||
"api_name": "v1"})
|
||||
r = self.client.get(testurl)
|
||||
self.assertEqual(r.status_code, 401)
|
||||
|
||||
testurl = reverse('avisstage:api_dispatch_list',
|
||||
kwargs={"resource_name": "stage",
|
||||
"api_name": "v1"})
|
||||
r = self.client.get(testurl)
|
||||
self.assertEqual(r.status_code, 401)
|
||||
|
||||
testurl = reverse('avisstage:api_dispatch_list',
|
||||
kwargs={"resource_name": "profil",
|
||||
"api_name": "v1"})
|
||||
r = self.client.get(testurl)
|
||||
self.assertEqual(r.status_code, 401)
|
||||
|
||||
|
||||
"""
|
||||
Vérifie que les pages d'édition ne sont pas accessible hors connexion
|
||||
"""
|
||||
def test_edit_visibility_public(self):
|
||||
self.assertRedirectToLogin(reverse(
|
||||
'avisstage:stage_edit', kwargs={'pk':self.cstage1.id}))
|
||||
|
||||
self.assertRedirectToLogin(reverse(
|
||||
'avisstage:stage_edit', kwargs={'pk':self.astage1.id}))
|
||||
|
||||
self.assertRedirectToLogin(reverse(
|
||||
'avisstage:stage_publication', kwargs={'pk':self.cstage1.id}))
|
||||
|
||||
self.assertRedirectToLogin(reverse(
|
||||
'avisstage:stage_publication', kwargs={'pk':self.astage1.id}))
|
||||
|
||||
self.assertRedirectToLogin(reverse('avisstage:stage_ajout'))
|
||||
|
||||
self.assertRedirectToLogin(reverse('avisstage:profil_edit'))
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
"""
|
||||
ACCÈS ARCHICUBE
|
||||
"""
|
||||
class ArchicubeViewsTest(ExperiENSTestCase):
|
||||
def setUp(self):
|
||||
super().setUp()
|
||||
self.client.login(username='archicube', password='archicube')
|
||||
|
||||
def assert403Archicubes(self, testurl):
|
||||
r = self.client.get(testurl)
|
||||
return self.assertRedirects(r, reverse('avisstage:403-archicubes'))
|
||||
|
||||
"""
|
||||
Vérifie que les seules fiches de stages visibles sont les siennes
|
||||
"""
|
||||
def test_stage_visibility_archi(self):
|
||||
self.assertPageNotFound(reverse('avisstage:stage',
|
||||
kwargs={'pk':self.cstage1.id}))
|
||||
|
||||
self.assertPageNotFound(reverse('avisstage:stage',
|
||||
kwargs={'pk':self.cstage2.id}))
|
||||
|
||||
testurl = reverse('avisstage:stage',
|
||||
kwargs={'pk':self.astage1.id})
|
||||
r = self.client.get(testurl)
|
||||
self.assertEqual(r.status_code, 200)
|
||||
|
||||
|
||||
"""
|
||||
Vérifie que le seul profil visible est le sien
|
||||
"""
|
||||
def test_profil_visibility_archi(self):
|
||||
self.assertPageNotFound(reverse(
|
||||
'avisstage:profil', kwargs={'username': self.u_conscrit.username}))
|
||||
|
||||
testurl = reverse('avisstage:profil',
|
||||
kwargs={'username': self.u_archi.username})
|
||||
r = self.client.get(testurl)
|
||||
self.assertEqual(r.status_code, 200)
|
||||
|
||||
|
||||
"""
|
||||
Vérifie que la recherche n'est pas accessible
|
||||
"""
|
||||
def test_pages_visibility_archi(self):
|
||||
self.assert403Archicubes(reverse('avisstage:recherche'))
|
||||
|
||||
self.assert403Archicubes(reverse('avisstage:recherche_resultats'))
|
||||
|
||||
self.assert403Archicubes(reverse('avisstage:stage_items'))
|
||||
|
||||
testurl = reverse('avisstage:feedback')
|
||||
r = self.client.post(testurl, {"objet": "Contact",
|
||||
"message": "Ceci est un texte"})
|
||||
self.assertRedirects(r, reverse('avisstage:index'))
|
||||
|
||||
testurl = reverse('avisstage:moderation')
|
||||
r = self.client.get(testurl)
|
||||
self.assertRedirects(r, reverse('admin:login')+"?next="+testurl)
|
||||
|
||||
|
||||
"""
|
||||
Vérifie que la seule API accessible est celle des lieux
|
||||
"""
|
||||
def test_api_visibility_archi(self):
|
||||
testurl = reverse('avisstage:api_dispatch_list',
|
||||
kwargs={"resource_name": "lieu",
|
||||
"api_name": "v1"})
|
||||
r = self.client.get(testurl)
|
||||
self.assertEqual(r.status_code, 200)
|
||||
|
||||
testurl = reverse('avisstage:api_dispatch_list',
|
||||
kwargs={"resource_name": "stage",
|
||||
"api_name": "v1"})
|
||||
r = self.client.get(testurl)
|
||||
self.assertEqual(r.status_code, 401)
|
||||
|
||||
testurl = reverse('avisstage:api_dispatch_list',
|
||||
kwargs={"resource_name": "profil",
|
||||
"api_name": "v1"})
|
||||
r = self.client.get(testurl)
|
||||
self.assertEqual(r.status_code, 401)
|
||||
|
||||
|
||||
"""
|
||||
Vérifie que le seul stage modifiable est le sien
|
||||
"""
|
||||
def test_edit_visibility_archi(self):
|
||||
testurl = reverse('avisstage:stage_edit', kwargs={'pk':self.cstage1.id})
|
||||
r = self.client.get(testurl)
|
||||
self.assertEqual(r.status_code, 403)
|
||||
|
||||
testurl = reverse('avisstage:stage_edit', kwargs={'pk':self.astage1.id})
|
||||
r = self.client.get(testurl)
|
||||
self.assertEqual(r.status_code, 200)
|
||||
|
||||
testurl = reverse('avisstage:stage_publication',
|
||||
kwargs={'pk':self.cstage1.id})
|
||||
r = self.client.post(testurl, {"publier": True})
|
||||
self.assertEqual(r.status_code, 403)
|
||||
|
||||
testurl = reverse('avisstage:stage_publication',
|
||||
kwargs={'pk':self.astage1.id})
|
||||
r = self.client.post(testurl, {"publier": True})
|
||||
self.assertRedirects(r, reverse('avisstage:stage',
|
||||
kwargs={"pk": self.astage1.id}))
|
||||
|
||||
testurl = reverse('avisstage:stage_ajout')
|
||||
r = self.client.get(testurl)
|
||||
self.assertEqual(r.status_code, 200)
|
||||
|
||||
testurl = reverse('avisstage:profil_edit')
|
||||
r = self.client.get(testurl)
|
||||
self.assertEqual(r.status_code, 200)
|
||||
|
||||
# TODO : test post()
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
"""
|
||||
ACCÈS EN SCOLARITE
|
||||
"""
|
||||
class ScolariteViewsTest(ExperiENSTestCase):
|
||||
def setUp(self):
|
||||
super().setUp()
|
||||
|
||||
self.u_vieuxcon = User.objects.create_user('vieuxcon',
|
||||
'vieuxcon@ens.fr',
|
||||
'vieuxcon')
|
||||
self.p_vieuxcon = self.u_vieuxcon.profil
|
||||
self.p_vieuxcon.nom="Vieux con"
|
||||
self.p_vieuxcon.promotion="Poufsouffle 1997"
|
||||
self.p_vieuxcon.bio="Je suis un vieux con encore en scolarité"
|
||||
self.p_vieuxcon.save()
|
||||
|
||||
self.sa_vieuxcon = SocialAccount(user=self.u_vieuxcon,
|
||||
provider="clipper",
|
||||
uid="vieuxcon")
|
||||
self.sa_vieuxcon.save()
|
||||
|
||||
self.vstage1 = Stage(auteur=self.p_vieuxcon, sujet="Oubliettes",
|
||||
date_debut=date(1998, 5, 10),
|
||||
date_fin=date(1998, 8, 26),
|
||||
type_stage="recherche",
|
||||
niveau_scol="M1", public=False)
|
||||
self.vstage1.save()
|
||||
self.vstage1.matieres.add(self.matiere2)
|
||||
alieu1 = AvisLieu(stage=self.vstage1, lieu=self.lieu2,
|
||||
chapo="Pas si mal")
|
||||
alieu1.save()
|
||||
|
||||
self.client.login(username='vieuxcon', password='vieuxcon')
|
||||
|
||||
"""
|
||||
Vérifie que les seules fiches de stages visibles sont les siennes ou celles
|
||||
publiques
|
||||
"""
|
||||
def test_stage_visibility_scolarite(self):
|
||||
testurl = reverse('avisstage:stage',
|
||||
kwargs={'pk':self.cstage1.id})
|
||||
r = self.client.get(testurl)
|
||||
self.assertEqual(r.status_code, 200)
|
||||
|
||||
self.assertPageNotFound(reverse('avisstage:stage',
|
||||
kwargs={'pk':self.cstage2.id}))
|
||||
|
||||
testurl = reverse('avisstage:stage',
|
||||
kwargs={'pk':self.vstage1.id})
|
||||
r = self.client.get(testurl)
|
||||
self.assertEqual(r.status_code, 200)
|
||||
|
||||
|
||||
"""
|
||||
Vérifie que tous les profils sont visibles
|
||||
"""
|
||||
def test_profil_visibility_scolarite(self):
|
||||
testurl = reverse('avisstage:profil',
|
||||
kwargs={'username': self.u_conscrit.username})
|
||||
r = self.client.get(testurl)
|
||||
self.assertEqual(r.status_code, 200)
|
||||
|
||||
testurl = reverse('avisstage:profil',
|
||||
kwargs={'username': self.u_archi.username})
|
||||
r = self.client.get(testurl)
|
||||
self.assertEqual(r.status_code, 200)
|
||||
|
||||
testurl = reverse('avisstage:profil',
|
||||
kwargs={'username': self.u_vieuxcon.username})
|
||||
r = self.client.get(testurl)
|
||||
self.assertEqual(r.status_code, 200)
|
||||
|
||||
|
||||
"""
|
||||
Vérifie que la recherche et les autres pages sont accessible
|
||||
"""
|
||||
def test_pages_visibility_scolarite(self):
|
||||
testurl = reverse('avisstage:recherche')
|
||||
r = self.client.get(testurl)
|
||||
self.assertEqual(r.status_code, 200)
|
||||
|
||||
testurl = reverse('avisstage:recherche_resultats')
|
||||
r = self.client.get(testurl)
|
||||
self.assertEqual(r.status_code, 200)
|
||||
self.assertContains(r, "Wingardium Leviosa") # Public
|
||||
self.assertNotContains(r, "Avada Kedavra") # Brouillon
|
||||
|
||||
testurl = reverse('avisstage:stage_items') + "?ids=" \
|
||||
+ ";".join(("%d" % k.id) for k in [self.cstage1,
|
||||
self.cstage2,
|
||||
self.astage1])
|
||||
r = self.client.get(testurl)
|
||||
self.assertEqual(r.status_code, 200)
|
||||
self.assertContains(r, "Wingardium Leviosa") # Public
|
||||
self.assertNotContains(r, "Avada Kedavra") # Brouillon
|
||||
|
||||
testurl = reverse('avisstage:feedback')
|
||||
r = self.client.post(testurl, {"objet": "Contact",
|
||||
"message": "Ceci est un texte"})
|
||||
self.assertRedirects(r, reverse('avisstage:index'))
|
||||
|
||||
testurl = reverse('avisstage:moderation')
|
||||
r = self.client.get(testurl)
|
||||
self.assertRedirects(r, reverse('admin:login')+"?next="+testurl)
|
||||
|
||||
|
||||
"""
|
||||
Vérifie que toutes les API sont accessibles et qu'elles ne montrent que les
|
||||
stages publics
|
||||
"""
|
||||
def test_api_visibility_scolarite(self):
|
||||
testurl = reverse('avisstage:api_dispatch_list',
|
||||
kwargs={"resource_name": "lieu",
|
||||
"api_name": "v1"})
|
||||
r = self.client.get(testurl)
|
||||
self.assertEqual(r.status_code, 200)
|
||||
|
||||
testurl = reverse('avisstage:api_dispatch_list',
|
||||
kwargs={"resource_name": "stage",
|
||||
"api_name": "v1"})
|
||||
r = self.client.get(testurl)
|
||||
self.assertEqual(r.status_code, 200)
|
||||
self.assertContains(r, "Wingardium Leviosa") # Public
|
||||
self.assertNotContains(r, "Avada Kedavra") # Brouillon
|
||||
|
||||
testurl = reverse('avisstage:api_dispatch_list',
|
||||
kwargs={"resource_name": "profil",
|
||||
"api_name": "v1"})
|
||||
r = self.client.get(testurl)
|
||||
self.assertEqual(r.status_code, 200)
|
||||
|
||||
|
||||
"""
|
||||
Vérifie que le seul stage modifiable est le sien
|
||||
"""
|
||||
def test_edit_visibility_scolarite(self):
|
||||
testurl = reverse('avisstage:stage_edit', kwargs={'pk':self.cstage1.id})
|
||||
r = self.client.get(testurl)
|
||||
self.assertEqual(r.status_code, 403)
|
||||
|
||||
testurl = reverse('avisstage:stage_edit', kwargs={'pk':self.astage1.id})
|
||||
r = self.client.get(testurl)
|
||||
self.assertEqual(r.status_code, 403)
|
||||
|
||||
testurl = reverse('avisstage:stage_edit', kwargs={'pk':self.vstage1.id})
|
||||
r = self.client.get(testurl)
|
||||
self.assertEqual(r.status_code, 200)
|
||||
|
||||
testurl = reverse('avisstage:stage_publication',
|
||||
kwargs={'pk':self.cstage1.id})
|
||||
r = self.client.post(testurl, {"publier": True})
|
||||
self.assertEqual(r.status_code, 403)
|
||||
|
||||
testurl = reverse('avisstage:stage_publication',
|
||||
kwargs={'pk':self.vstage1.id})
|
||||
r = self.client.post(testurl, {"publier": True})
|
||||
self.assertRedirects(r, reverse('avisstage:stage',
|
||||
kwargs={"pk": self.vstage1.id}))
|
||||
|
||||
testurl = reverse('avisstage:stage_ajout')
|
||||
r = self.client.get(testurl)
|
||||
self.assertEqual(r.status_code, 200)
|
||||
|
||||
testurl = reverse('avisstage:profil_edit')
|
||||
r = self.client.get(testurl)
|
||||
self.assertEqual(r.status_code, 200)
|
||||
|
||||
# TODO : test post()
|
||||
|
|
|
|||
|
|
@ -286,7 +286,7 @@ def feedback(request):
|
|||
"errors": form.errors})
|
||||
else:
|
||||
form = FeedbackForm()
|
||||
return render(request, 'avisstage/formulaire/feedback.html', {"form": form})
|
||||
raise Http404()
|
||||
|
||||
|
||||
#
|
||||
|
|
|
|||
Loading…
Reference in a new issue