GroupTests.test_create_association_group_forbidden() - Code Metrics - Inspection of "Merge pull request #24 from ProjetSigma/feature/13..." - ProjetSigma/backend - Measure and Improve Code Quality continuously with Scrutinizer

Completed

Push — master ( 463532...ebb95c )

unknown

created 2016-02-15 13:10 UTC

test_create_association_group_forbidden() A

↳ Parent: GroupTests

Complexity

Conditions

Size

Total Lines

Duplication

Lines	0
Ratio	0 %

Code Coverage

Tests	0
CRAP Score	2

Metric	Value
cc	1
dl	0
loc	5
ccs	0
cts	0
cp	0
crap	2
rs	9.4285

import json

from rest_framework import status
from rest_framework.test import APITestCase, force_authenticate

from sigma_core.models.group import Group
from sigma_core.serializers.group import GroupSerializer
from sigma_core.tests.factories import UserFactory, GroupFactory, GroupMemberFactory, ClusterFactory


def reload(obj):
    return obj.__class__.objects.get(pk=obj.pk)


class GroupTests(APITestCase):
    @classmethod
    def setUpTestData(self):
        super(GroupTests, self).setUpTestData()

        # Schools
        self.schools = ClusterFactory.create_batch(1)

        # Groups
        self.groups = [GroupFactory(private=False), GroupFactory(private=True, req_rank_invite=5)]

        # Users
        self.users = UserFactory.create_batch(3)

        # Memberships
        self.member1 = GroupMemberFactory(user=self.users[1], group=self.groups[1], perm_rank=1)
        self.member2 = GroupMemberFactory(user=self.users[2], group=self.groups[1], perm_rank=Group.ADMINISTRATOR_RANK)
        self.student1 = GroupMemberFactory(user=self.users[0], group=self.schools[0], perm_rank=1)
        self.student2 = GroupMemberFactory(user=self.users[1], group=self.schools[0], perm_rank=Group.ADMINISTRATOR_RANK) # School admin
        self.student3 = GroupMemberFactory(user=self.users[2], group=self.schools[0], perm_rank=1)

        serializer = GroupSerializer(self.groups[0])
        self.group_data = serializer.data
        self.update_group_data = self.group_data.copy()
        self.update_group_data['name'] = "Another name"
        self.groups_url = "/group/"
        self.group_url = self.groups_url + "%d/"

        self.new_private_group_data = {"name": "New group", "private": True}
        self.new_public_group_data = {"name": "New group", "private": False, "resp_group": self.schools[0].id}
        self.invite_data = {"user": self.users[0].id}

    #### List requests
    def test_get_groups_list_unauthed(self):
        # Client not authenticated
        response = self.client.get(self.groups_url)
        self.assertEqual(response.status_code, status.HTTP_401_UNAUTHORIZED)

    def test_get_groups_list_limited(self):

        # Client authenticated and can see public groups
        self.client.force_authenticate(user=self.users[0])
        response = self.client.get(self.groups_url)
        self.assertEqual(response.status_code, status.HTTP_200_OK)
        self.assertIn(self.groups[0].id, [d['id'] for d in response.data]) # User can only see groups[0]
        self.assertNotIn(self.groups[1].id, [d['id'] for d in response.data])

    def test_get_groups_list_ok(self):

        # Client has permissions
        self.client.force_authenticate(user=self.users[1])
        response = self.client.get(self.groups_url)
        self.assertEqual(response.status_code, status.HTTP_200_OK)
        self.assertIn(self.groups[0].id, [d['id'] for d in response.data]) # groups[0] is public and user is member of groups[1]
        self.assertIn(self.groups[1].id, [d['id'] for d in response.data])

    #### Get requests
    def test_get_group_unauthed(self):
        # Client is not authenticated
        response = self.client.get(self.group_url % self.groups[0].id)
        self.assertEqual(response.status_code, status.HTTP_401_UNAUTHORIZED)

    def test_get_group_forbidden(self):
        # Non-member wants to see a private group
        self.client.force_authenticate(user=self.users[0])
        response = self.client.get(self.group_url % self.groups[1].id)
        self.assertEqual(response.status_code, status.HTTP_404_NOT_FOUND)

    def test_get_group_ok(self):
        # Client wants to see a public group
        self.client.force_authenticate(user=self.users[0])
        response = self.client.get(self.group_url % self.groups[0].id)
        self.assertEqual(response.status_code, status.HTTP_200_OK)
        self.assertEqual(response.data, self.group_data)

    #### Invitation requests
    def test_invite_unauthed(self):
        response = self.client.put((self.group_url + "invite/") % self.groups[1].id, self.invite_data)
        self.assertEqual(response.status_code, status.HTTP_401_UNAUTHORIZED)

    def test_invite_forbidden(self):
        # Client has not perms to invite
        self.client.force_authenticate(user=self.users[1])
        response = self.client.put((self.group_url + "invite/") % self.groups[1].id, self.invite_data)
        self.assertEqual(response.status_code, status.HTTP_403_FORBIDDEN)

    def test_invite_ok(self):
        # Client has perms to invite
        self.client.force_authenticate(user=self.users[2])
        response = self.client.put((self.group_url + "invite/") % self.groups[1].id, self.invite_data)
        self.assertEqual(response.status_code, status.HTTP_200_OK)
        self.assertIn(self.groups[1], reload(self.users[0]).invited_to_groups.all())

    def test_invite_duplicate(self):
        self.test_invite_ok()
        response = self.client.put((self.group_url + "invite/") % self.groups[1].id, self.invite_data)
        self.assertEqual(response.status_code, status.HTTP_200_OK)

    #### Create requests
    def test_create_unauthed(self):
        # Client is not authenticated
        response = self.client.post(self.groups_url, self.new_private_group_data)
        self.assertEqual(response.status_code, status.HTTP_401_UNAUTHORIZED)

    def test_create_private_group(self):
        # Everybody can create a private group
        self.client.force_authenticate(user=self.users[0])
        response = self.client.post(self.groups_url, self.new_private_group_data)
        self.assertEqual(response.status_code, status.HTTP_201_CREATED)
        self.assertEqual(response.data['name'], self.new_private_group_data['name'])
        self.assertEqual(response.data['private'], True)
        Group.objects.get(pk=response.data['id']).delete()

    def test_create_public_group_ok(self):
        # Only school andmins and Sigma admins can create association groups
        self.client.force_authenticate(user=self.users[0])
        response = self.client.post(self.groups_url, self.new_public_group_data)
        self.assertEqual(response.status_code, status.HTTP_201_CREATED)
        self.assertEqual(response.data['private'], False)

    #### Modification requests
    def test_update_unauthed(self):
        response = self.client.put(self.group_url % self.groups[1].id, self.update_group_data)
        self.assertEqual(response.status_code, status.HTTP_401_UNAUTHORIZED)

    def test_update_forbidden(self):
        self.client.force_authenticate(user=self.users[1])
        response = self.client.put(self.group_url % self.groups[1].id, self.update_group_data)
        self.assertEqual(response.status_code, status.HTTP_403_FORBIDDEN)

    def test_update_ok(self):
        self.client.force_authenticate(user=self.users[2])
        response = self.client.put(self.group_url % self.groups[1].id, self.update_group_data)
        self.assertEqual(response.status_code, status.HTTP_200_OK)
        self.assertEqual(reload(self.groups[1]).name, self.update_group_data['name'])

    #### Deletion requests


1	1	import json
2
3	1	from rest_framework import status
4	1	from rest_framework.test import APITestCase, force_authenticate
5
6	1	from sigma_core.models.group import Group
7	1	from sigma_core.serializers.group import GroupSerializer
8	1	from sigma_core.tests.factories import UserFactory, GroupFactory, GroupMemberFactory, ClusterFactory
9
10
11	1	def reload(obj):
12	1	return obj.__class__.objects.get(pk=obj.pk)
13
14	1
15		class GroupTests(APITestCase):
16	1	@classmethod
17	1	def setUpTestData(self):
18		super(GroupTests, self).setUpTestData()
19	1
20	1	# Schools
21	1	self.schools = ClusterFactory.create_batch(1)
22
23	1	# Groups
24		self.groups = [GroupFactory(private=False), GroupFactory(private=True, req_rank_invite=5)]
25	1
26		# Users
27		self.users = UserFactory.create_batch(3)
28	1
29		# Memberships
30	1	self.member1 = GroupMemberFactory(user=self.users[1], group=self.groups[1], perm_rank=1)
31	1	self.member2 = GroupMemberFactory(user=self.users[2], group=self.groups[1], perm_rank=Group.ADMINISTRATOR_RANK)
32		self.student1 = GroupMemberFactory(user=self.users[0], group=self.schools[0], perm_rank=1)
33		self.student2 = GroupMemberFactory(user=self.users[1], group=self.schools[0], perm_rank=Group.ADMINISTRATOR_RANK) # School admin
34		self.student3 = GroupMemberFactory(user=self.users[2], group=self.schools[0], perm_rank=1)
35
36		serializer = GroupSerializer(self.groups[0])
37		self.group_data = serializer.data
38		self.update_group_data = self.group_data.copy()
39	1	self.update_group_data['name'] = "Another name"
40		self.groups_url = "/group/"
41	1	self.group_url = self.groups_url + "%d/"
42	1
43	1	self.new_private_group_data = {"name": "New group", "private": True}
44	1	self.new_public_group_data = {"name": "New group", "private": False, "resp_group": self.schools[0].id}
45		self.invite_data = {"user": self.users[0].id}
46
47	1	#### List requests
48		def test_get_groups_list_unauthed(self):
49	1	# Client not authenticated
50	1	response = self.client.get(self.groups_url)
51		self.assertEqual(response.status_code, status.HTTP_401_UNAUTHORIZED)
52
53		def test_get_groups_list_limited(self):
		0 ignored issues – show Duplication introduced 2016-01-31 21:25 UTC by Report Bug Copy Issue Report This code seems to be duplicated in your project. Duplicated code is one of the most pungent code smells. If you need to duplicate the same code in three or more different places, we strongly encourage you to look into extracting the code into a single class or operation. You can also find more detailed suggestions in the “Code” section of your repository. Loading history...
54		# Client authenticated and can see public groups
55		self.client.force_authenticate(user=self.users[0])
56	1	response = self.client.get(self.groups_url)
57		self.assertEqual(response.status_code, status.HTTP_200_OK)
58	1	self.assertIn(self.groups[0].id, [d['id'] for d in response.data]) # User can only see groups[0]
59	1	self.assertNotIn(self.groups[1].id, [d['id'] for d in response.data])
60	1
61	1	def test_get_groups_list_ok(self):
		0 ignored issues – show Duplication introduced 2016-01-31 21:25 UTC by Report Bug Copy Issue Report This code seems to be duplicated in your project. Duplicated code is one of the most pungent code smells. If you need to duplicate the same code in three or more different places, we strongly encourage you to look into extracting the code into a single class or operation. You can also find more detailed suggestions in the “Code” section of your repository. Loading history...
62		# Client has permissions
63		self.client.force_authenticate(user=self.users[1])
64		response = self.client.get(self.groups_url)
65		self.assertEqual(response.status_code, status.HTTP_200_OK)
66		self.assertIn(self.groups[0].id, [d['id'] for d in response.data]) # groups[0] is public and user is member of groups[1]
67		self.assertIn(self.groups[1].id, [d['id'] for d in response.data])
68
69		#### Get requests
70		def test_get_group_unauthed(self):
71		# Client is not authenticated
72		response = self.client.get(self.group_url % self.groups[0].id)
73		self.assertEqual(response.status_code, status.HTTP_401_UNAUTHORIZED)
74
75		def test_get_group_forbidden(self):
76		# Non-member wants to see a private group
77		self.client.force_authenticate(user=self.users[0])
78		response = self.client.get(self.group_url % self.groups[1].id)
79		self.assertEqual(response.status_code, status.HTTP_404_NOT_FOUND)
80
81		def test_get_group_ok(self):
82		# Client wants to see a public group
83		self.client.force_authenticate(user=self.users[0])
84		response = self.client.get(self.group_url % self.groups[0].id)
85		self.assertEqual(response.status_code, status.HTTP_200_OK)
86		self.assertEqual(response.data, self.group_data)
87
88		#### Invitation requests
89		def test_invite_unauthed(self):
90		response = self.client.put((self.group_url + "invite/") % self.groups[1].id, self.invite_data)
91		self.assertEqual(response.status_code, status.HTTP_401_UNAUTHORIZED)
92
93		def test_invite_forbidden(self):
94		# Client has not perms to invite
95		self.client.force_authenticate(user=self.users[1])
96		response = self.client.put((self.group_url + "invite/") % self.groups[1].id, self.invite_data)
97		self.assertEqual(response.status_code, status.HTTP_403_FORBIDDEN)
98
99		def test_invite_ok(self):
100		# Client has perms to invite
101		self.client.force_authenticate(user=self.users[2])
102		response = self.client.put((self.group_url + "invite/") % self.groups[1].id, self.invite_data)
103		self.assertEqual(response.status_code, status.HTTP_200_OK)
104		self.assertIn(self.groups[1], reload(self.users[0]).invited_to_groups.all())
105
106		def test_invite_duplicate(self):
107		self.test_invite_ok()
108		response = self.client.put((self.group_url + "invite/") % self.groups[1].id, self.invite_data)
109		self.assertEqual(response.status_code, status.HTTP_200_OK)
110
111		#### Create requests
112		def test_create_unauthed(self):
113		# Client is not authenticated
114		response = self.client.post(self.groups_url, self.new_private_group_data)
115		self.assertEqual(response.status_code, status.HTTP_401_UNAUTHORIZED)
116
117		def test_create_private_group(self):
118		# Everybody can create a private group
119		self.client.force_authenticate(user=self.users[0])
120		response = self.client.post(self.groups_url, self.new_private_group_data)
121		self.assertEqual(response.status_code, status.HTTP_201_CREATED)
122		self.assertEqual(response.data['name'], self.new_private_group_data['name'])
123		self.assertEqual(response.data['private'], True)
124		Group.objects.get(pk=response.data['id']).delete()
125
126		def test_create_public_group_ok(self):
127		# Only school andmins and Sigma admins can create association groups
128		self.client.force_authenticate(user=self.users[0])
129		response = self.client.post(self.groups_url, self.new_public_group_data)
130		self.assertEqual(response.status_code, status.HTTP_201_CREATED)
131		self.assertEqual(response.data['private'], False)
132
133		#### Modification requests
134		def test_update_unauthed(self):
135		response = self.client.put(self.group_url % self.groups[1].id, self.update_group_data)
136		self.assertEqual(response.status_code, status.HTTP_401_UNAUTHORIZED)
137
138		def test_update_forbidden(self):
139		self.client.force_authenticate(user=self.users[1])
140		response = self.client.put(self.group_url % self.groups[1].id, self.update_group_data)
141		self.assertEqual(response.status_code, status.HTTP_403_FORBIDDEN)
142
143		def test_update_ok(self):
144		self.client.force_authenticate(user=self.users[2])
145		response = self.client.put(self.group_url % self.groups[1].id, self.update_group_data)
146		self.assertEqual(response.status_code, status.HTTP_200_OK)
147		self.assertEqual(reload(self.groups[1]).name, self.update_group_data['name'])
148
149		#### Deletion requests
150

ProjetSigma / backend

Push — master ( 463532...ebb95c )

test_create_association_group_forbidden() A

Complexity

Size

Duplication

Code Coverage

Duplication Side-by-Side

Filter issues like