Merge branch 'master' into request-creator-name
This commit is contained in:
richard-dds
GitHub
@@ -48,3 +48,11 @@ def test_dont_auto_approve_if_no_dollar_value_specified(new_request):
|
||||
request = Requests.submit(new_request)
|
||||
|
||||
assert request.status == RequestStatus.PENDING_CCPO_APPROVAL
|
||||
|
||||
|
||||
def test_exists(session):
|
||||
user_allowed = UserFactory.create()
|
||||
user_denied = UserFactory.create()
|
||||
request = RequestFactory.create(creator=user_allowed.id)
|
||||
assert Requests.exists(request.id, user_allowed.id)
|
||||
assert not Requests.exists(request.id, user_denied.id)
|
||||
|
||||
@@ -1,3 +1,5 @@
|
||||
import random
|
||||
import string
|
||||
import factory
|
||||
from uuid import uuid4
|
||||
|
||||
@@ -7,6 +9,8 @@ from atst.models.pe_number import PENumber
|
||||
from atst.models.task_order import TaskOrder
|
||||
from atst.models.user import User
|
||||
from atst.models.role import Role
|
||||
from atst.models.request_status_event import RequestStatusEvent
|
||||
from atst.domain.roles import Roles
|
||||
|
||||
|
||||
|
||||
@@ -16,22 +20,26 @@ class RoleFactory(factory.alchemy.SQLAlchemyModelFactory):
|
||||
|
||||
permissions = []
|
||||
|
||||
|
||||
|
||||
class UserFactory(factory.alchemy.SQLAlchemyModelFactory):
|
||||
class Meta:
|
||||
model = User
|
||||
|
||||
id = factory.Sequence(lambda x: uuid4())
|
||||
email = "fake.user@mail.com"
|
||||
first_name = "Fake"
|
||||
last_name = "User"
|
||||
email = factory.Faker("email")
|
||||
first_name = factory.Faker("first_name")
|
||||
last_name = factory.Faker("last_name")
|
||||
atat_role = factory.SubFactory(RoleFactory)
|
||||
dod_id = factory.LazyFunction(lambda: "".join(random.choices(string.digits, k=10)))
|
||||
|
||||
|
||||
class RequestStatusFactory(factory.alchemy.SQLAlchemyModelFactory):
|
||||
class RequestStatusEventFactory(factory.alchemy.SQLAlchemyModelFactory):
|
||||
|
||||
class Meta:
|
||||
model = RequestStatusEvent
|
||||
|
||||
id = factory.Sequence(lambda x: uuid4())
|
||||
|
||||
|
||||
class RequestFactory(factory.alchemy.SQLAlchemyModelFactory):
|
||||
class Meta:
|
||||
@@ -84,7 +92,6 @@ class RequestFactory(factory.alchemy.SQLAlchemyModelFactory):
|
||||
}
|
||||
|
||||
|
||||
|
||||
class PENumberFactory(factory.alchemy.SQLAlchemyModelFactory):
|
||||
class Meta:
|
||||
model = PENumber
|
||||
@@ -93,4 +100,3 @@ class PENumberFactory(factory.alchemy.SQLAlchemyModelFactory):
|
||||
class TaskOrderFactory(factory.alchemy.SQLAlchemyModelFactory):
|
||||
class Meta:
|
||||
model = TaskOrder
|
||||
|
||||
|
||||
@@ -2,7 +2,8 @@ import re
|
||||
import pytest
|
||||
import urllib
|
||||
from tests.mocks import MOCK_USER, MOCK_REQUEST
|
||||
from tests.factories import RequestFactory
|
||||
from tests.factories import RequestFactory, UserFactory
|
||||
from atst.domain.roles import Roles
|
||||
|
||||
|
||||
ERROR_CLASS = "alert--error"
|
||||
@@ -27,3 +28,41 @@ def test_submit_valid_request_form(monkeypatch, client, user_session):
|
||||
data="meaning=42",
|
||||
)
|
||||
assert "/requests/new/2" in response.headers.get("Location")
|
||||
|
||||
|
||||
def test_owner_can_view_request(client, user_session):
|
||||
user = UserFactory.create()
|
||||
user_session(user)
|
||||
request = RequestFactory.create(creator=user.id)
|
||||
|
||||
response = client.get("/requests/new/1/{}".format(request.id), follow_redirects=True)
|
||||
|
||||
assert response.status_code == 200
|
||||
|
||||
|
||||
def test_non_owner_cannot_view_request(client, user_session):
|
||||
user = UserFactory.create()
|
||||
user_session(user)
|
||||
request = RequestFactory.create()
|
||||
|
||||
response = client.get("/requests/new/1/{}".format(request.id), follow_redirects=True)
|
||||
|
||||
assert response.status_code == 404
|
||||
|
||||
|
||||
def test_ccpo_can_view_request(client, user_session):
|
||||
ccpo = Roles.get("ccpo")
|
||||
user = UserFactory.create(atat_role=ccpo)
|
||||
user_session(user)
|
||||
request = RequestFactory.create()
|
||||
|
||||
response = client.get("/requests/new/1/{}".format(request.id), follow_redirects=True)
|
||||
|
||||
assert response.status_code == 200
|
||||
|
||||
|
||||
def test_nonexistent_request(client, user_session):
|
||||
user_session()
|
||||
response = client.get("/requests/new/1/foo", follow_redirects=True)
|
||||
|
||||
assert response.status_code == 404
|
||||
|
||||
@@ -27,8 +27,7 @@ def test_successful_login_redirect(client, monkeypatch):
|
||||
def test_unsuccessful_login_redirect(client, monkeypatch):
|
||||
resp = client.get("/login-redirect")
|
||||
|
||||
assert resp.status_code == 302
|
||||
assert "unauthorized" in resp.headers["Location"]
|
||||
assert resp.status_code == 401
|
||||
assert "user_id" not in session
|
||||
|
||||
|
||||
@@ -55,7 +54,6 @@ def test_routes_are_protected(client, app):
|
||||
|
||||
|
||||
UNPROTECTED_ROUTES = ["/", "/login-dev", "/login-redirect", "/unauthorized"]
|
||||
|
||||
# this implicitly relies on the test config and test CRL in tests/fixtures/crl
|
||||
|
||||
|
||||
@@ -72,8 +70,7 @@ def test_crl_validation_on_login(client):
|
||||
"HTTP_X_SSL_CLIENT_CERT": bad_cert.decode(),
|
||||
},
|
||||
)
|
||||
assert resp.status_code == 302
|
||||
assert "unauthorized" in resp.headers["Location"]
|
||||
assert resp.status_code == 401
|
||||
assert "user_id" not in session
|
||||
|
||||
# good cert is not on the test CRL, passes
|
||||
|
||||
Reference in New Issue
Block a user