pk/atst
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Add tests to check the TO nested routes

Browse Source
This commit is contained in:
leigh-mil 2019-03-26 12:01:44 -04:00
parent 0d30b81ec5
commit 81635ae979
1 changed files with 152 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

152
tests/routes/portfolios/test_task_orders.py
View File

@ -128,6 +128,20 @@ class TestPortfolioFunding:
assert context["funding_end_date"] is expiring_to.end_date assert context["funding_end_date"] is expiring_to.end_date
assert context["funded"] == False assert context["funded"] == False
def test_user_can_only_access_to_in_their_portfolio(
self, app, user_session, portfolio
):
other_task_order = TaskOrderFactory.create()
user_session(portfolio.owner)
response = app.test_client().get(
url_for(
"portfolios.view_task_order",
portfolio_id=portfolio.id,
task_order_id=other_task_order.id,
)
)
assert response.status_code == 404
class TestTaskOrderInvitations: class TestTaskOrderInvitations:
def setup(self): def setup(self):
@ -227,6 +241,54 @@ class TestTaskOrderInvitations:
assert len(queue.get_queue()) == queue_length assert len(queue.get_queue()) == queue_length
assert response.status_code == 400 assert response.status_code == 400
def test_user_can_only_invite_to_task_order_in_their_portfolio(
self, user_session, client, portfolio
):
other_task_order = TaskOrderFactory.create()
user_session(portfolio.owner)
# user can't see invites
response = client.get(
url_for(
"portfolios.task_order_invitations",
portfolio_id=portfolio.id,
task_order_id=other_task_order.id,
)
)
assert response.status_code == 404
# user can't send invites
time_updated = other_task_order.time_updated
response = client.post(
url_for(
"portfolios.edit_task_order_invitations",
portfolio_id=portfolio.id,
task_order_id=other_task_order.id,
),
data={
"contracting_officer-first_name": "Luke",
"contracting_officer-last_name": "Skywalker",
"contracting_officer-dod_id": "0123456789",
"contracting_officer-email": "luke@skywalker.mil",
"contracting_officer-phone_number": "0123456789",
"contracting_officer-invite": "y",
},
)
assert response.status_code == 404
assert time_updated == other_task_order.time_updated
# user can't resend invites
response = client.post(
url_for(
"portfolios.resend_invite",
portfolio_id=portfolio.id,
task_order_id=other_task_order.id,
invite_type="ko_invite",
)
)
assert response.status_code == 404
assert time_updated == other_task_order.time_updated
def test_ko_can_view_task_order(client, user_session, portfolio, user): def test_ko_can_view_task_order(client, user_session, portfolio, user):
PortfolioRoleFactory.create( PortfolioRoleFactory.create(
@ -464,6 +526,57 @@ def test_submit_completed_ko_review_page_as_ko(
assert task_order.loas == loa_list assert task_order.loas == loa_list
def test_ko_can_only_access_their_to(app, user_session, client, portfolio, pdf_upload):
ko = UserFactory.create()
PortfolioRoleFactory.create(
portfolio=portfolio,
user=ko,
status=PortfolioStatus.ACTIVE,
permission_sets=[
PermissionSets.get(PermissionSets.VIEW_PORTFOLIO),
PermissionSets.get(PermissionSets.VIEW_PORTFOLIO_FUNDING),
],
)
task_order = TaskOrderFactory.create(portfolio=portfolio, contracting_officer=ko)
dd_254 = DD254Factory.create()
TaskOrders.add_dd_254(task_order, dd_254.to_dictionary())
other_task_order = TaskOrderFactory.create()
user_session(ko)
# KO can't see TO
response = client.get(
url_for(
"portfolios.ko_review",
portfolio_id=portfolio.id,
task_order_id=other_task_order.id,
)
)
assert response.status_code == 404
# KO can't submit review for TO
form_data = {
"start_date": "02/10/2019",
"end_date": "03/10/2019",
"number": "1938745981",
"loas-0": "1231231231",
"custom_clauses": "hi im a custom clause",
"pdf": pdf_upload,
}
response = client.post(
url_for(
"portfolios.submit_ko_review",
portfolio_id=portfolio.id,
task_order_id=other_task_order.id,
),
data=form_data,
)
assert response.status_code == 404
assert not TaskOrders.is_signed_by_ko(other_task_order)
def test_so_review_page(app, client, user_session, portfolio): def test_so_review_page(app, client, user_session, portfolio):
so = UserFactory.create() so = UserFactory.create()
PortfolioRoleFactory.create( PortfolioRoleFactory.create(
@ -541,6 +654,45 @@ def test_submit_so_review(app, client, user_session, portfolio):
assert task_order.dd_254.certifying_official == dd_254_data["certifying_official"] assert task_order.dd_254.certifying_official == dd_254_data["certifying_official"]
def test_so_can_only_access_their_to(app, client, user_session, portfolio):
so = UserFactory.create()
PortfolioRoleFactory.create(
portfolio=portfolio,
user=so,
status=PortfolioStatus.ACTIVE,
permission_sets=[
PermissionSets.get(PermissionSets.VIEW_PORTFOLIO),
PermissionSets.get(PermissionSets.VIEW_PORTFOLIO_FUNDING),
],
)
task_order = TaskOrderFactory.create(portfolio=portfolio, security_officer=so)
dd_254_data = DD254Factory.dictionary()
other_task_order = TaskOrderFactory.create()
user_session(so)
# SO can't view dd254
response = client.get(
url_for(
"portfolios.so_review",
portfolio_id=portfolio.id,
task_order_id=other_task_order.id,
)
)
assert response.status_code == 404
# SO can't submit dd254
response = client.post(
url_for(
"portfolios.submit_so_review",
portfolio_id=portfolio.id,
task_order_id=other_task_order.id,
),
data=dd_254_data,
)
assert response.status_code == 404
assert not other_task_order.dd_254
def test_resend_invite_when_invalid_invite_officer( def test_resend_invite_when_invalid_invite_officer(
app, client, user_session, portfolio, user app, client, user_session, portfolio, user
): ):