from django.test import TestCase from common.models import * from django.contrib.auth.models import User from django.urls import reverse from django.core import mail class UserManagerTests(TestCase): def setUp(self): institute = Institute.objects.create(name="CNRS",quota=999.0) period = Period.objects.create() sp1 = ScientificProgram.objects.create(name="sp1",institute=institute,quota=10,priority=10) sp2 = ScientificProgram.objects.create(name="sp2",institute=institute,quota=10,priority=10) sp3 = ScientificProgram.objects.create(name="sp3",institute=institute,quota=10,priority=10) sp4 = ScientificProgram.objects.create(name="sp4",institute=institute,quota=10,priority=10) SP_Period.objects.create(scientific_program=sp1,period=period) SP_Period.objects.create(scientific_program=sp2,period=period) SP_Period.objects.create(scientific_program=sp3,period=period) SP_Period.objects.create(scientific_program=sp4,period=period) UserLevel.objects.create(name="Visitor",desc="Visitor description",priority=0,quota=0.0) UserLevel.objects.create(name="Observer",desc="Observer description",priority=2,quota=10.0) UserLevel.objects.create(name="Unit-PI",desc="Unit-PI description",priority=6,quota=100.0) UserLevel.objects.create(name="TAC",desc="TAC description",priority=3,quota=0) UserLevel.objects.create(name="Admin",desc="Admin description",priority=7,quota=1000.0) Country.objects.create(name="France") self.assertEqual(PyrosUser.objects.count(), 0, "There should be no User") path = reverse("user_signup_validation") response = self.client.post(path, {"email": "toto@titi.fr", "password": "aze", "password_confirm": "aze", "first_name": "toto", "last_name": "titi", "tel": "0123456789", "laboratory": "IRAP", "address": "ici","institute":institute.id,"reason":"this is a test", "roles":"Admin" }) self.assertTrue("success" in response.context.keys(), "There should be a success") self.assertEqual(PyrosUser.objects.count(), 1, "Theroue shld be one User") def test_creation(self): self.assertEqual(Country.objects.count(), 1, "There should be 1 Country") self.assertEqual(UserLevel.objects.count(), 5, "There should be 5 UserLevel") self.assertEqual(PyrosUser.objects.all()[0].first_name, 'toto') self.assertEqual(PyrosUser.objects.all()[0].email, 'toto@titi.fr') self.assertEqual(PyrosUser.objects.all()[0].user_level.filter(name="Visitor").count(),1,"There should be one UserLevel (=Visitor)") def test_login(self): self.assertEqual(Country.objects.count(), 1, "There should be 1 Country") self.assertEqual(UserLevel.objects.count(), 5, "There should be 5 UserLevel") # Activate user # La variable qui régit l'activation d'un compte est contenue dans pyrosUsers # et s'appelle is_active, il suffit de passer cette variable à True current_user = PyrosUser.objects.all()[0] current_user.is_active=True current_user.save() self.assertEqual(PyrosUser.objects.all()[0].is_active, True, "user should be active") # Log user path = "/user_manager/login" response = self.client.post(path, {"email": "toto@titi.fr", "password": "aze"}) self.assertTrue(response.context.get("success")) self.assertIn('_auth_user_id', self.client.session, "The user should be logged in") def test_login_not_active(self): self.assertEqual(Country.objects.count(), 1, "There should be 1 Country") self.assertEqual(UserLevel.objects.count(), 5, "There should be 5 UserLevel") # Activate user # La variable qui régit l'activation d'un compte est contenue dans pyrosUsers # et s'appelle is_active, il suffit de passer cette variable à True self.assertEqual(PyrosUser.objects.all()[0].is_active, False, "user should not be active") # Log user path = "/user_manager/login" response = self.client.post(path, {"email": "toto@titi.fr", "password": "aze"}) self.assertFalse(response.context.get("success")) self.assertNotIn('_auth_user_id', self.client.session, "The user should be logged in") def test_wrong_email(self): path = "/user_manager/login" response = self.client.post(path, {"email": "toto@tti.fr", "password": "aze"}) self.assertIn("error", response.context.keys(), "There should be an error") self.assertNotIn('_auth_user_id', self.client.session, "There shouldn't be an authentified user") def test_wrong_password(self): path = "/user_manager/login" response = self.client.post(path, {"email": "toto@titi.fr", "password": "azee"}) self.assertIn("error", response.context.keys(), "There should be an error") self.assertNotIn('_auth_user_id', self.client.session, "There shouldn't be an authentified user") def test_logout(self): self.client.login(username="toto@titi.fr", password="aze") path = "/user_manager/logout" self.client.get(path) self.assertNotIn('_auth_user_id', self.client.session, "There shouldn't be an authentified user") def test_get_user_priority(self): user = PyrosUser.objects.all()[0] # add Unit-PI role to user UserLevel.objects.get(name="Unit-PI").pyros_users.add(user) self.assertEqual(user.get_priority(),UserLevel.objects.get(name="Unit-PI").priority,"The priority should be equal to Unit-PI's priority") def test_wrong_get_user_priority(self): user = PyrosUser.objects.all()[0] # add Unit-PI role to user UserLevel.objects.get(name="Unit-PI").pyros_users.add(user) self.assertNotEqual(user.get_priority(),UserLevel.objects.get(name="Visitor").priority,"The priority shouldn't be equal to Visitor's priority") def test_get_roles_str(self): user = PyrosUser.objects.all()[0] # add Unit-PI role to user UserLevel.objects.get(name="Unit-PI").pyros_users.add(user) roles_str = user.get_roles_str() for role in user.user_level.all(): self.assertIn(role.name,roles_str,f"The role {role} should be in the str representation") def test_wrong_get_roles_str(self): user = PyrosUser.objects.all()[0] # add Unit-PI role to user UserLevel.objects.get(name="Unit-PI").pyros_users.add(user) roles_str = user.get_roles_str() self.assertNotIn(UserLevel.objects.get(name="Admin").name,roles_str,"The role Admin shouldn't be in the str representation") def test_max_priority_desc(self): user = PyrosUser.objects.all()[0] # add Unit-PI role to user UserLevel.objects.get(name="Unit-PI").pyros_users.add(user) self.assertEqual(user.get_max_priority_desc(),UserLevel.objects.get(name="Unit-PI").desc,"The desc of user_level should be 'Unit-PI description' ") def test_wrong_max_priority_desc(self): user = PyrosUser.objects.all()[0] # add Unit-PI role to user UserLevel.objects.get(name="Unit-PI").pyros_users.add(user) # add Admin role to user (has a greatier priority than Unit-PI and Visitor roles) UserLevel.objects.get(name="Admin").pyros_users.add(user) self.assertNotEqual(user.get_max_priority_desc(),UserLevel.objects.get(name="Unit-PI").desc,"The desc of user_level shouldn't be 'Unit-PI description' ") def test_max_priority_quota(self): user = PyrosUser.objects.all()[0] # add Unit-PI role to user UserLevel.objects.get(name="Unit-PI").pyros_users.add(user) self.assertEqual(user.get_max_priority_quota(),UserLevel.objects.get(name="Unit-PI").quota,"The quota of user_level should be 100.0 ") def test_wrong_max_priority_quota(self): user = PyrosUser.objects.all()[0] # add Unit-PI role to user UserLevel.objects.get(name="Unit-PI").pyros_users.add(user) # add Admin role to user (has a greatier priority than Unit-PI and Visitor roles) UserLevel.objects.get(name="Admin").pyros_users.add(user) self.assertNotEqual(user.get_max_priority_quota(),UserLevel.objects.get(name="Unit-PI").desc,"The quota of user_level shouldn't be 1000.0 ") # new test of 2021 def test_USR_can_register(self): institute = Institute.objects.get(name="CNRS") path = reverse("user_signup_validation") response = self.client.post(path, {"email": "unit_pi@toto.fr", "password": "aze", "password_confirm": "aze", "first_name": "unit", "last_name": "pi", "tel": "0123456789", "laboratory": "IRAP", "address": "ici","institute":institute.id,"reason":"this is a test", "roles":"Admin" }) # We need to create an Unit-PI user unit_pi = PyrosUser.objects.get(username="unit_pi@toto.fr") unit_pi.user_level.set([UserLevel.objects.get(name="Unit-PI")]) unit_pi.is_active = True unit_pi.set_password("password") unit_pi.save() path = reverse("user_signup_validation") response = self.client.post(path, {"email": "toto@titi.fr", "password": "aze", "password_confirm": "aze", "first_name": "toto", "last_name": "titi", "tel": "0123456789", "laboratory": "IRAP", "address": "ici","institute":institute.id,"reason":"this is a test", "roles":"Admin" }) new_user = PyrosUser.objects.filter(username="toto@titi.fr").order_by('-id')[0] #new_user = PyrosUser.objects.get(username="toto@titi.fr") self.assertEqual(new_user.get_roles_str(),"Visitor") self.assertEqual(len(mail.outbox),2) self.assertIn("toto@titi.fr",mail.outbox[0].recipients()) self.assertIn("unit_pi@toto.fr",mail.outbox[1].recipients()) # log in as unit pi self.client.post(reverse("login_validation"),{"email":"unit_pi@toto.fr","password":"password"}) self.assertEqual(int(self.client.session['_auth_user_id']), unit_pi.pk) path = reverse("user-edit",kwargs={"pk":new_user.id}) response = self.client.post(path, {"username":new_user.username,"first_name":new_user.first_name,"last_name":new_user.last_name,"email":new_user.email,"country":Country.objects.all()[0].id,"institute":institute.id,"roles":[UserLevel.objects.get(name="Observer").id],"desc":"","tel":"","adress":"","laboratory":"test"}) # new user should be Observer now self.assertIn("Observer",new_user.get_roles_str()) # set new user to active path = reverse("change_activate",kwargs={"pk":new_user.id,"current_user_id":unit_pi.id}) response = self.client.get(path) new_user = PyrosUser.objects.filter(username="toto@titi.fr").order_by('-id')[0] self.assertEqual(response.status_code,302) self.assertTrue(new_user.is_active) # log out as unit_pi path = reverse("user_logout") self.client.get(path) # log in as new user (toto) response = self.client.post(reverse("login_validation"),{"email":"toto@titi.fr","password":"aze"}) self.assertEqual(int(self.client.session['_auth_user_id']), new_user.pk) response = self.client.get(reverse("scientific_program_list")) # new user has access to the page self.assertEqual(response.status_code,200) def test_USR_user_cannot_connect_with_bad_login(self): user = PyrosUser.objects.get(username="toto@titi.fr") user.is_active = True user.save() # user password is hashed in database, we need to use the raw password user_password = "aze" response = self.client.post(reverse("login_validation"),{"email":user.email+"bad","password":user_password}) self.assertEqual(response.status_code,200) self.assertContains(response,"Your email and/or password were incorrect.") def test_USR_user_cannot_connect_with_bad_pass(self): user = PyrosUser.objects.get(username="toto@titi.fr") user.is_active = True user.save() # user password is hashed in database, we need to use the raw password user_password = "aze" response = self.client.post(reverse("login_validation"),{"email":user.email,"password":user_password+"bad"}) self.assertEqual(response.status_code,200) self.assertContains(response,"Your email and/or password were incorrect.") def test_USR_can_connect_and_disconnect(self): user = PyrosUser.objects.get(username="toto@titi.fr") user.is_active = True user.save() response = self.client.post(reverse("login_validation"),{"email":"toto@titi.fr","password":"aze"}) self.assertEqual(int(self.client.session['_auth_user_id']), user.pk) self.assertEqual(response.status_code,200) self.assertNotContains(response,"Your email and/or password were incorrect.") # test if user can access his profile page response = self.client.get(reverse("profile")) self.assertEqual(response.status_code,200) # disconnect response = self.client.get(reverse("user_logout")) self.assertEqual(response.status_code,200) self.assertNotIn('_auth_user_id',self.client.session.keys()) def test_USR_view_user_list(self): france = Country.objects.get(name="France") institute = Institute.objects.get(name="CNRS") for i in range(1,6): response = self.client.post(reverse("user_signup_validation"), {"email":f"u{i}@test.fr", "password": "password123", "password_confirm": "password123", "first_name": f"u{i}", "last_name": "test", "tel": "0123456789", "laboratory": "IRAP", "address": "ici","institute":institute.id,"reason":"this is a test", "roles":"Admin" }) user = PyrosUser.objects.get(username=f"u{i}@test.fr") user.is_active = True user.user_level.set([UserLevel.objects.get(name="Observer")]) user.save() PyrosUser.objects.get(username="u2@test.fr").user_level.set([UserLevel.objects.get(name="Unit-PI")]) # SP 1 SP_Period_User.objects.create(SP_Period=SP_Period.objects.get(scientific_program=ScientificProgram.objects.get(name="sp1")),user=PyrosUser.objects.get(username="u2@test.fr"),is_SP_PI=True) SP_Period_User.objects.create(SP_Period=SP_Period.objects.get(scientific_program=ScientificProgram.objects.get(name="sp1")),user=PyrosUser.objects.get(username="u1@test.fr"),is_SP_PI=False) # SP 2 SP_Period_User.objects.create(SP_Period=SP_Period.objects.get(scientific_program=ScientificProgram.objects.get(name="sp2")),user=PyrosUser.objects.get(username="u2@test.fr"),is_SP_PI=True) SP_Period_User.objects.create(SP_Period=SP_Period.objects.get(scientific_program=ScientificProgram.objects.get(name="sp2")),user=PyrosUser.objects.get(username="u4@test.fr"),is_SP_PI=False) # SP 3 SP_Period_User.objects.create(SP_Period=SP_Period.objects.get(scientific_program=ScientificProgram.objects.get(name="sp3")),user=PyrosUser.objects.get(username="u1@test.fr"),is_SP_PI=True) SP_Period_User.objects.create(SP_Period=SP_Period.objects.get(scientific_program=ScientificProgram.objects.get(name="sp3")),user=PyrosUser.objects.get(username="u3@test.fr"),is_SP_PI=False) # SP 4 SP_Period_User.objects.create(SP_Period=SP_Period.objects.get(scientific_program=ScientificProgram.objects.get(name="sp4")),user=PyrosUser.objects.get(username="u4@test.fr"),is_SP_PI=True) u1 = PyrosUser.objects.get(username="u1@test.fr") response = self.client.post(reverse("login_validation"),{"email":u1.email,"password":"password123"}) self.assertEqual(response.status_code,200) self.assertNotContains(response,"Your email and/or password were incorrect.") response = self.client.get(reverse("users")) self.assertEqual(response.status_code,200) self.assertContains(response,"u2") self.assertContains(response,"u3") self.assertNotContains(response,"u4") self.assertNotContains(response,"u5") # disconnect u1 self.client.get(reverse("user_logout")) # connect as u2 u2 = PyrosUser.objects.get(username="u2@test.fr") response = self.client.post(reverse("login_validation"),{"email":u2.email,"password":"password123"}) self.assertEqual(response.status_code,200) self.assertNotContains(response,"Your email and/or password were incorrect.") response = self.client.get(reverse("users")) self.assertEqual(response.status_code,200) for i in range(1,6): self.assertContains(response,f"u{i}") def test_USR_can_view_himself(self): user = PyrosUser.objects.get(username="toto@titi.fr") user.is_active = True user.save() response = self.client.post(reverse("login_validation"),{"email":user.email,"password":"aze"}) self.assertEqual(response.status_code,200) self.assertNotContains(response,"Your email and/or password were incorrect.") # test if user can access his profile page response = self.client.get(reverse("profile")) self.assertEqual(response.status_code,200) self.assertContains(response,"toto") def test_USR_can_view_another_user(self): # create u1 to u5 france = Country.objects.get(name="France") institute = Institute.objects.get(name="CNRS") for i in range(1,6): response = self.client.post(reverse("user_signup_validation"), {"email":f"u{i}@test.fr", "password": "password123", "password_confirm": "password123", "first_name": f"u{i}", "last_name": "test", "tel": "0123456789", "laboratory": "IRAP", "address": "ici","institute":institute.id,"reason":"this is a test", "roles":"Admin" }) user = PyrosUser.objects.get(username=f"u{i}@test.fr") user.is_active = True user.user_level.set([UserLevel.objects.get(name="Observer")]) user.save() PyrosUser.objects.get(username="u2@test.fr").user_level.set([UserLevel.objects.get(name="Unit-PI")]) # SP 1 SP_Period_User.objects.create(SP_Period=SP_Period.objects.get(scientific_program=ScientificProgram.objects.get(name="sp1")),user=PyrosUser.objects.get(username="u2@test.fr"),is_SP_PI=True) SP_Period_User.objects.create(SP_Period=SP_Period.objects.get(scientific_program=ScientificProgram.objects.get(name="sp1")),user=PyrosUser.objects.get(username="u1@test.fr"),is_SP_PI=False) # SP 2 SP_Period_User.objects.create(SP_Period=SP_Period.objects.get(scientific_program=ScientificProgram.objects.get(name="sp2")),user=PyrosUser.objects.get(username="u2@test.fr"),is_SP_PI=True) SP_Period_User.objects.create(SP_Period=SP_Period.objects.get(scientific_program=ScientificProgram.objects.get(name="sp2")),user=PyrosUser.objects.get(username="u4@test.fr"),is_SP_PI=False) # SP 3 SP_Period_User.objects.create(SP_Period=SP_Period.objects.get(scientific_program=ScientificProgram.objects.get(name="sp3")),user=PyrosUser.objects.get(username="u1@test.fr"),is_SP_PI=True) SP_Period_User.objects.create(SP_Period=SP_Period.objects.get(scientific_program=ScientificProgram.objects.get(name="sp3")),user=PyrosUser.objects.get(username="u3@test.fr"),is_SP_PI=False) # SP 4 SP_Period_User.objects.create(SP_Period=SP_Period.objects.get(scientific_program=ScientificProgram.objects.get(name="sp4")),user=PyrosUser.objects.get(username="u4@test.fr"),is_SP_PI=True) u1 = PyrosUser.objects.get(username="u1@test.fr") response = self.client.post(reverse("login_validation"),{"email":u1.email,"password":"password123"}) self.assertEqual(response.status_code,200) self.assertNotContains(response,"Your email and/or password were incorrect.") # test if user can access u2 profile page response = self.client.get(reverse("user_detail",kwargs={"pk":PyrosUser.objects.get(username="u2@test.fr").id})) self.assertEqual(response.status_code,200) self.assertContains(response,"u2") # test if user can access u3 profile page response = self.client.get(reverse("user_detail",kwargs={"pk":PyrosUser.objects.get(username="u3@test.fr").id})) self.assertEqual(response.status_code,200) self.assertContains(response,"u3") def test_USR_can_update_himself(self): # create u1 france = Country.objects.get(name="France") institute = Institute.objects.get(name="CNRS") response = self.client.post(reverse("user_signup_validation"), {"email":"u1@test.fr", "password": "password123", "password_confirm": "password123", "first_name": "u1", "last_name": "test", "tel": "0123456789", "laboratory": "IRAP", "address": "ici","institute":institute.id,"reason":"this is a test", "roles":"Admin" }) user = PyrosUser.objects.get(username="u1@test.fr") user.is_active = True user.user_level.set([UserLevel.objects.get(name="Observer")]) user.save() response = self.client.post(reverse("login_validation"),{"email":user.email,"password":"password123"}) self.assertEqual(response.status_code,200) self.assertNotContains(response,"Your email and/or password were incorrect.") response = self.client.post(reverse("user-edit",kwargs={"pk":user.id}),{"username":user.username,"first_name":user.first_name,"last_name":user.last_name,"email":user.email,"country":france.id,"institute":institute.id,"roles":[UserLevel.objects.get(name="Observer").id],"desc":"I am user 1","tel":"","adress":"","laboratory":"test"}) # if successful, user is redirected to his profile page self.assertEqual(response.status_code,302) user = PyrosUser.objects.get(username="u1@test.fr") self.assertEqual(user.desc,"I am user 1") def test_USR_can_update_another_user(self): france = Country.objects.get(name="France") institute = Institute.objects.get(name="CNRS") # U1 creation response = self.client.post(reverse("user_signup_validation"), {"email":"u1@test.fr", "password": "password123", "password_confirm": "password123", "first_name": "u1", "last_name": "test", "tel": "0123456789", "laboratory": "IRAP", "address": "ici","institute":institute.id,"reason":"this is a test", "roles":"Admin" }) user = PyrosUser.objects.get(username="u1@test.fr") user.is_active = True user.user_level.set([UserLevel.objects.get(name="Observer")]) user.save() # U2 creation response = self.client.post(reverse("user_signup_validation"), {"email":"u2@test.fr", "password": "password123", "password_confirm": "password123", "first_name": "u2", "last_name": "test", "tel": "0123456789", "laboratory": "IRAP", "address": "ici","institute":institute.id,"reason":"this is a test", "roles":"Admin" }) user = PyrosUser.objects.get(username="u2@test.fr") user.is_active = True user.user_level.set([UserLevel.objects.get(name="Unit-PI")]) user.save() user = PyrosUser.objects.get(username="u1@test.fr") user2 = PyrosUser.objects.get(username="u2@test.fr") # connect as u1 response = self.client.post(reverse("login_validation"),{"email":user.email,"password":"password123"}) self.assertEqual(response.status_code,200) self.assertNotContains(response,"Your email and/or password were incorrect.") response = self.client.post(reverse("user-edit",kwargs={"pk":user2.id}),{"username":user2.username,"first_name":user2.first_name,"last_name":user2.last_name,"email":user2.email,"country":france.id,"institute":institute.id,"roles":[UserLevel.objects.get(name="Observer").id],"desc":"I am user 2","tel":"","adress":"","laboratory":"test"}) self.assertNotEqual(response.status_code,200) # When a user attempt to modify another user's attribute, he will be redirected self.assertEqual(response.status_code,302) # log out as u1 self.client.get(reverse("user_logout")) # log in as u2 response = self.client.post(reverse("login_validation"),{"email":user2.email,"password":"password123"}) self.assertEqual(response.status_code,200) self.assertNotContains(response,"Your email and/or password were incorrect.") response = self.client.post(reverse("user-edit",kwargs={"pk":user.id}),{"username":user.username,"first_name":user.first_name,"last_name":user.last_name,"email":user.email,"country":france.id,"institute":institute.id,"roles":[UserLevel.objects.get(name="Observer").id],"desc":"I am user 1 version 2","tel":"","adress":"","laboratory":"test"}) # if successful, user is redirected to his profile page self.assertEqual(response.status_code,302) self.assertEqual(PyrosUser.objects.get(username="u1@test.fr").desc,"I am user 1 version 2") def test_USR_can_activate_or_desactivate_another_user(self): france = Country.objects.get(name="France") institute = Institute.objects.get(name="CNRS") # U1 creation response = self.client.post(reverse("user_signup_validation"), {"email":"u1@test.fr", "password": "password123", "password_confirm": "password123", "first_name": "u1", "last_name": "test", "tel": "0123456789", "laboratory": "IRAP", "address": "ici","institute":institute.id,"reason":"this is a test", "roles":"Admin" }) user = PyrosUser.objects.get(username="u1@test.fr") user.is_active = True user.user_level.set([UserLevel.objects.get(name="Observer")]) user.save() # U2 creation response = self.client.post(reverse("user_signup_validation"), {"email":"u2@test.fr", "password": "password123", "password_confirm": "password123", "first_name": "u2", "last_name": "test", "tel": "0123456789", "laboratory": "IRAP", "address": "ici","institute":institute.id,"reason":"this is a test", "roles":"Admin" }) user = PyrosUser.objects.get(username="u2@test.fr") user.is_active = True user.user_level.set([UserLevel.objects.get(name="Unit-PI")]) user.save() user = PyrosUser.objects.get(username="u1@test.fr") user2 = PyrosUser.objects.get(username="u2@test.fr") # log in as u2 response = self.client.post(reverse("login_validation"),{"email":user2.email,"password":"password123"}) self.assertEqual(response.status_code,200) self.assertNotContains(response,"Your email and/or password were incorrect.") # deactivate u1 path = reverse("change_activate",kwargs={"pk":user.id,"current_user_id":user2.id}) response = self.client.get(path) user = PyrosUser.objects.get(username="u1@test.fr") self.assertEqual(response.status_code,302) self.assertFalse(user.is_active) # log out as u2 self.client.get(reverse("user_logout")) # u1 attempt to connect on PyROS response = self.client.post(reverse("login_validation"),{"email":user.email,"password":"password123"}) self.assertEqual(response.status_code,200) self.assertContains(response,"Your account is not active, please contact the Unit-PI.") # log in as u2 response = self.client.post(reverse("login_validation"),{"email":user2.email,"password":"password123"}) self.assertEqual(response.status_code,200) self.assertNotContains(response,"Your email and/or password were incorrect.") # activate u1 path = reverse("change_activate",kwargs={"pk":user.id,"current_user_id":user2.id}) response = self.client.get(path) user = PyrosUser.objects.get(username="u1@test.fr") self.assertEqual(response.status_code,302) self.assertTrue(user.is_active) # log out as u2 self.client.get(reverse("user_logout")) # connect as u1 response = self.client.post(reverse("login_validation"),{"email":user.email,"password":"password123"}) self.assertEqual(response.status_code,200) self.assertNotContains(response,"Your email and/or password were incorrect.") # u1 try to deactivate u2... and fail path = reverse("change_activate",kwargs={"pk":user2.id,"current_user_id":user.id}) response = self.client.get(path) user2 = PyrosUser.objects.get(username="u2@test.fr") self.assertEqual(response.status_code,403) self.assertTrue(user2.is_active) def test_USR_can_change_another_user_roles(self): france = Country.objects.get(name="France") institute = Institute.objects.get(name="CNRS") # U1 creation response = self.client.post(reverse("user_signup_validation"), {"email":"u1@test.fr", "password": "password123", "password_confirm": "password123", "first_name": "u1", "last_name": "test", "tel": "0123456789", "laboratory": "IRAP", "address": "ici","institute":institute.id,"reason":"this is a test", "roles":"Admin" }) user = PyrosUser.objects.get(username="u1@test.fr") user.is_active = True user.user_level.set([UserLevel.objects.get(name="Observer")]) user.save() # U2 creation response = self.client.post(reverse("user_signup_validation"), {"email":"u2@test.fr", "password": "password123", "password_confirm": "password123", "first_name": "u2", "last_name": "test", "tel": "0123456789", "laboratory": "IRAP", "address": "ici","institute":institute.id,"reason":"this is a test", "roles":"Admin" }) user = PyrosUser.objects.get(username="u2@test.fr") user.is_active = True user.user_level.set([UserLevel.objects.get(name="Unit-PI")]) user.save() user = PyrosUser.objects.get(username="u1@test.fr") user2 = PyrosUser.objects.get(username="u2@test.fr") # SP 1 SP_Period_User.objects.create(SP_Period=SP_Period.objects.get(scientific_program=ScientificProgram.objects.get(name="sp1")),user=PyrosUser.objects.get(username="u2@test.fr"),is_SP_PI=True) SP_Period_User.objects.create(SP_Period=SP_Period.objects.get(scientific_program=ScientificProgram.objects.get(name="sp1")),user=PyrosUser.objects.get(username="u1@test.fr"),is_SP_PI=False) # log in as u1 self.client.post(reverse("login_validation"),{"email":user,"password":"password123"}) self.assertEqual(response.status_code,200) # try to modify roles of u2 path = reverse("user-edit",kwargs={"pk":user2.id}) response = self.client.post(path, {"username":user2.username,"first_name":user2.first_name,"last_name":user2.last_name,"email":user2.email,"country":Country.objects.all()[0].id,"institute":institute.id,"roles":[UserLevel.objects.get(name="Observer").id],"desc":"","tel":"","adress":"","laboratory":"test"}) # user2 should only be Unit-PI self.assertEqual("Unit-PI",user2.get_roles_str()) # log out as u1 self.client.get(reverse("user_logout")) # log in a u2 response = self.client.post(reverse("login_validation"),{"email":user2.email,"password":"password123"}) self.assertEqual(response.status_code,200) # u2 modify roles of u1 path = reverse("user-edit",kwargs={"pk":user.id}) response = self.client.post(path, {"username":user.username,"first_name":user.first_name,"last_name":user.last_name,"email":user.email,"country":Country.objects.all()[0].id,"institute":institute.id,"roles":[UserLevel.objects.get(name="TAC").id],"desc":"","tel":"","adress":"","laboratory":"test"}) # user 1 should only be TAC self.assertEqual("TAC",user.get_roles_str()) def test_USR_user_can_change_his_current_role(self): france = Country.objects.get(name="France") institute = Institute.objects.get(name="CNRS") # U1 creation response = self.client.post(reverse("user_signup_validation"), {"email":"u1@test.fr", "password": "password123", "password_confirm": "password123", "first_name": "u1", "last_name": "test", "tel": "0123456789", "laboratory": "IRAP", "address": "ici","institute":institute.id,"reason":"this is a test", "roles":"Admin" }) user = PyrosUser.objects.get(username="u1@test.fr") user.is_active = True user.user_level.set([UserLevel.objects.get(name="Observer"),UserLevel.objects.get(name="Unit-PI")]) user.save() # log in self.client.post(reverse("login_validation"),{"email":user,"password":"password123"}) self.assertEqual(response.status_code,200) # user should be log in with his higher priority role (= Unit-PI) self.assertEqual(self.client.session.get("role"),"Unit-PI") # test that Unit PI can access to an Unit-PI page response = self.client.get(reverse("period_list")) self.assertEqual(response.status_code,200) # user change his role to observer response = self.client.post(reverse("set_active_role"),{"role":"Observer"}) self.assertEqual(response.status_code,200) self.assertEqual(self.client.session.get("role"),"Observer") # test if user as an Observer can access to an Unit-PI page response = self.client.get(reverse("period_list")) # user should not have access to this page as an Observer. self.assertEqual(response.status_code,403) def test_USR_user_cannot_delete_himself(self): france = Country.objects.get(name="France") institute = Institute.objects.get(name="CNRS") response = self.client.post(reverse("user_signup_validation"), {"email":"u1@test.fr", "password": "password123", "password_confirm": "password123", "first_name": "u1", "last_name": "test", "tel": "0123456789", "laboratory": "IRAP", "address": "ici","institute":institute.id,"reason":"this is a test", "roles":"Admin" }) user = PyrosUser.objects.get(username="u1@test.fr") user.is_active = True user.user_level.set([UserLevel.objects.get(name="Unit-PI")]) user.save() # log in self.client.post(reverse("login_validation"),{"email":user,"password":"password123"}) self.assertEqual(response.status_code,200) # u1 try to delete himself (however he can't see the delete button on the page) response = self.client.post(reverse("user-delete",kwargs={"pk":user.id})) # user shouldn't be deleted and is redirected to his page self.assertEqual(response.status_code,302) try: is_user_delete = PyrosUser.objects.get(username=user.username) except: is_user_delete = True self.assertNotEqual(is_user_delete,True) def test_USR_user_can_delete_another_user(self): fraznce = Country.objects.get(name="France") institute = Institute.objects.get(name="CNRS") # U1 creation response = self.client.post(reverse("user_signup_validation"), {"email":"u1@test.fr", "password": "password123", "password_confirm": "password123", "first_name": "u1", "last_name": "test", "tel": "0123456789", "laboratory": "IRAP", "address": "ici","institute":institute.id,"reason":"this is a test", "roles":"Admin" }) user = PyrosUser.objects.get(username="u1@test.fr") user.is_active = True user.user_level.set([UserLevel.objects.get(name="Observer")]) user.save() # U2 creation response = self.client.post(reverse("user_signup_validation"), {"email":"u2@test.fr", "password": "password123", "password_confirm": "password123", "first_name": "u2", "last_name": "test", "tel": "0123456789", "laboratory": "IRAP", "address": "ici","institute":institute.id,"reason":"this is a test", "roles":"Admin" }) user = PyrosUser.objects.get(username="u2@test.fr") user.is_active = True user.user_level.set([UserLevel.objects.get(name="Unit-PI")]) user.save() user = PyrosUser.objects.get(username="u1@test.fr") user2 = PyrosUser.objects.get(username="u2@test.fr") # SP 1 SP_Period_User.objects.create(SP_Period=SP_Period.objects.get(scientific_program=ScientificProgram.objects.get(name="sp1")),user=PyrosUser.objects.get(username="u2@test.fr"),is_SP_PI=True) SP_Period_User.objects.create(SP_Period=SP_Period.objects.get(scientific_program=ScientificProgram.objects.get(name="sp1")),user=PyrosUser.objects.get(username="u1@test.fr"),is_SP_PI=False) # log in as u1 self.client.post(reverse("login_validation"),{"email":user,"password":"password123"}) self.assertEqual(response.status_code,200) # u1 try to delete u2 response = self.client.post(reverse("user-delete",kwargs={"pk":user2.id})) # u1 has a forbidden response because he isn't an Unit-PI or Admin self.assertEqual(response.status_code,403) try: is_user_delete = PyrosUser.objects.get(username=user2.username) except: is_user_delete = True # user shouldn't be deleted self.assertNotEqual(is_user_delete,True) # log out as u1 self.client.get(reverse("user_logout")) # log in as u2 response = self.client.post(reverse("login_validation"),{"email":user2.email,"password":"password123"}) self.assertEqual(response.status_code,200) # u2 try to delete u1 response = self.client.post(reverse("user-delete",kwargs={"pk":user.id})) # u2 is redirected after deletion of u1 self.assertEqual(response.status_code,302) try: print(PyrosUser.objects.get(id=user.id)) is_user_delete = PyrosUser.objects.get(id=user.id) except: is_user_delete = True # user should be deleted self.assertEqual(is_user_delete,True)