this repo has no description
0
fork

Configure Feed

Select the types of activity you want to include in your feed.

Api test cases for organisation apis (#3091)

* feat:implemenetd testcases for creating organizations

* feat:update and delete test cases are implemented

* feat:implemented testcases for listing filtered organizations

* feat:implemented testcases for adding users to org

* feat:implemented testcases for delete,listing and update organization users

* removed some merge codes

* fix a typo

* fix:added some minor suggestions

* fix:added some minor changes

* fix:updated minor change

---------

Co-authored-by: Prafful Sharma <115104695+praffq@users.noreply.github.com>
Co-authored-by: Prafful Sharma <praffulsharma1230@gmail.com>
Co-authored-by: Aakash Singh <mail@singhaakash.dev>

authored by

Nandkishor R
Prafful Sharma
Prafful Sharma
Aakash Singh
and committed by
GitHub
bd89cee8 610a4b91

+1006 -1
+1 -1
care/emr/api/viewsets/organization.py
··· 105 105 "can_manage_organization_obj", self.request.user, instance 106 106 ): 107 107 raise PermissionDenied( 108 - "User does not have the required permissions to update organizations" 108 + "User does not have the required permissions to delete organizations" 109 109 ) 110 110 # TODO delete should not be allowed if there are any children left 111 111
+1005
care/emr/tests/test_organization_api.py
··· 1 + from django.conf import settings 2 + from django.urls import reverse 3 + 4 + from care.security.permissions.organization import ( 5 + OrganizationPermissions, 6 + ) 7 + from care.security.roles.role import ADMINISTRATOR, STAFF_ROLE 8 + from care.utils.tests.base import CareAPITestBase 9 + 10 + 11 + class OrganizationAPITestCase(CareAPITestBase): 12 + def setUp(self): 13 + super().setUp() 14 + self.super_user = self.create_super_user() 15 + self.user = self.create_user() 16 + self.administrator_role = self.create_role_with_permissions( 17 + role_name=ADMINISTRATOR.name, 18 + permissions=[ 19 + OrganizationPermissions.can_view_organization.name, 20 + OrganizationPermissions.can_manage_organization_users.name, 21 + OrganizationPermissions.can_list_organization_users.name, 22 + ], 23 + ) 24 + self.root_organization = self.create_organization( 25 + user=self.super_user, name="Parent Organization", org_type="govt" 26 + ) 27 + 28 + self.url = reverse("organization-list") 29 + 30 + def get_detail_url(self, org_external_id): 31 + return reverse( 32 + "organization-detail", 33 + kwargs={"external_id": org_external_id}, 34 + ) 35 + 36 + # Organization List API Tests 37 + 38 + def test_list_organizations_as_super_user(self): 39 + """Test that a super user can list organizations.""" 40 + self.client.force_authenticate(user=self.super_user) 41 + response = self.client.get(self.url) 42 + self.assertEqual(response.status_code, 200) 43 + self.assertEqual( 44 + len(response.data["results"]), 1, "Super user should see one organization" 45 + ) 46 + self.assertEqual( 47 + response.data["results"][0]["id"], 48 + str(self.root_organization.external_id), 49 + "Super user should see the root organization", 50 + ) 51 + 52 + def test_list_organizations_as_user(self): 53 + """Test that a regular user can list organizations.""" 54 + self.client.force_authenticate(user=self.user) 55 + response = self.client.get(self.url) 56 + self.assertEqual(response.status_code, 200) 57 + self.assertEqual( 58 + response.data["results"][0]["id"], str(self.root_organization.external_id) 59 + ) 60 + 61 + # Organization Create API Tests 62 + 63 + def test_create_root_organization_as_super_user(self): 64 + """Test that a super user can create root organization.""" 65 + self.client.force_authenticate(user=self.super_user) 66 + data = { 67 + "name": "New Govt Organization", 68 + "description": "This is a new govt organization.", 69 + "org_type": "govt", 70 + } 71 + response = self.client.post(self.url, data, format="json") 72 + org_id = response.data.get("id") 73 + get_response = self.client.get(self.url) 74 + self.assertEqual(response.status_code, 200) 75 + self.assertEqual( 76 + len( 77 + [ 78 + org 79 + for org in get_response.data["results"] 80 + if org["id"] == str(org_id) 81 + ] 82 + ), 83 + 1, 84 + ) 85 + 86 + def test_create_root_organization_as_user(self): 87 + """Test that a user other than super user cannot create a root organization.""" 88 + self.attach_role_organization_user( 89 + self.root_organization, self.user, self.administrator_role 90 + ) 91 + self.client.force_authenticate(user=self.user) 92 + data = { 93 + "name": "New Govt Organization", 94 + "description": "This is a new govt organization.", 95 + "org_type": "govt", 96 + } 97 + response = self.client.post(self.url, data, format="json") 98 + self.assertEqual(response.status_code, 403) 99 + self.assertContains( 100 + response, 101 + "Root Organizations can only be created by the superadmin", 102 + status_code=403, 103 + ) 104 + 105 + def test_create_child_organization_as_super_user(self): 106 + """Test that a super user can create a child organization.""" 107 + self.client.force_authenticate(user=self.super_user) 108 + data = { 109 + "name": "Child Organization", 110 + "description": "This is a child organization.", 111 + "org_type": "govt", 112 + "parent": str(self.root_organization.external_id), 113 + } 114 + response = self.client.post(self.url, data, format="json") 115 + self.assertEqual(response.status_code, 200) 116 + self.assertEqual( 117 + response.data["parent"]["id"], str(self.root_organization.external_id) 118 + ) 119 + get_response = self.client.get(self.get_detail_url(response.data["id"])) 120 + self.assertEqual(get_response.status_code, 200) 121 + self.assertEqual( 122 + get_response.data["parent"]["id"], str(self.root_organization.external_id) 123 + ) 124 + 125 + def test_create_organization_with_org_type_as_user(self): 126 + """Test that a user cannot create a organization with org_type (govt/role).""" 127 + self.attach_role_organization_user( 128 + self.root_organization, self.user, self.administrator_role 129 + ) 130 + self.client.force_authenticate(user=self.user) 131 + data = { 132 + "name": "New Govt Organization", 133 + "description": "This is a new govt organization.", 134 + "org_type": "govt", 135 + "parent": str(self.root_organization.external_id), 136 + } 137 + response = self.client.post(self.url, data, format="json") 138 + self.assertEqual(response.status_code, 403) 139 + self.assertContains( 140 + response, "Organization Type cannot be created", status_code=403 141 + ) 142 + 143 + def test_create_child_organization_as_user(self): 144 + """Test that a user other than super user cannot create a child organization.""" 145 + self.attach_role_organization_user( 146 + self.root_organization, self.user, self.administrator_role 147 + ) 148 + self.client.force_authenticate(user=self.user) 149 + data = { 150 + "name": "Child Organization", 151 + "description": "This is a child organization.", 152 + "org_type": "team", 153 + "parent": str(self.root_organization.external_id), 154 + } 155 + response = self.client.post(self.url, data, format="json") 156 + self.assertEqual(response.status_code, 403) 157 + self.assertContains( 158 + response, 159 + "User does not have the required permissions to create organizations", 160 + status_code=403, 161 + ) 162 + 163 + def test_create_organization_with_duplicate_name(self): 164 + """Test that a user cannot create a organization with a duplicate name.""" 165 + self.client.force_authenticate(user=self.super_user) 166 + data = { 167 + "name": "Parent Organization", 168 + "description": "This is a duplicate organization.", 169 + "org_type": "govt", 170 + } 171 + response = self.client.post(self.url, data, format="json") 172 + self.assertEqual(response.status_code, 400) 173 + self.assertContains( 174 + response, "Organization already exists with same name", status_code=400 175 + ) 176 + 177 + def test_create_organizations_exceeding_max_depth(self): 178 + """Test that a user cannot create an organization exceeding max depth.""" 179 + self.client.force_authenticate(user=self.super_user) 180 + parent_org = self.create_organization( 181 + user=self.super_user, name="Parent Org", org_type="govt" 182 + ) 183 + for i in range(settings.ORGANIZATION_MAX_DEPTH): 184 + child_org = self.create_organization( 185 + user=self.super_user, 186 + name=f"Child Org {i}", 187 + org_type="govt", 188 + parent=parent_org, 189 + ) 190 + parent_org = child_org 191 + response = self.client.post( 192 + self.url, 193 + { 194 + "name": "New Child Organization", 195 + "description": "This is a new child organization.", 196 + "org_type": "govt", 197 + "parent": str(parent_org.external_id), 198 + }, 199 + format="json", 200 + ) 201 + self.assertEqual(response.status_code, 400) 202 + self.assertContains( 203 + response, 204 + f"Max depth reached ({settings.ORGANIZATION_MAX_DEPTH})", 205 + status_code=400, 206 + ) 207 + 208 + # Organization Update API Tests 209 + 210 + def test_update_organization_as_super_user(self): 211 + """Test that a super user can update an organization.""" 212 + self.client.force_authenticate(user=self.super_user) 213 + data = { 214 + "active": True, 215 + "name": "Updated Organization", 216 + "description": "This is an updated organization.", 217 + "org_type": "govt", 218 + } 219 + response = self.client.put( 220 + self.get_detail_url(self.root_organization.external_id), data, format="json" 221 + ) 222 + self.assertEqual(response.status_code, 200) 223 + get_update_response = self.client.get( 224 + self.get_detail_url(self.root_organization.external_id) 225 + ) 226 + self.assertEqual(get_update_response.status_code, 200) 227 + self.assertEqual(get_update_response.data["name"], response.data["name"]) 228 + 229 + def test_update_organization_with_org_type_as_user(self): 230 + """Test that a user cannot update an organization.""" 231 + self.attach_role_organization_user( 232 + self.root_organization, self.user, self.administrator_role 233 + ) 234 + self.client.force_authenticate(user=self.user) 235 + data = { 236 + "active": True, 237 + "name": "Updated Organization", 238 + "description": "This is an updated organization.", 239 + "org_type": "govt", 240 + } 241 + response = self.client.put( 242 + self.get_detail_url(self.root_organization.external_id), data, format="json" 243 + ) 244 + self.assertEqual(response.status_code, 403) 245 + self.assertContains( 246 + response, 247 + "Organization Type cannot be updated", 248 + status_code=403, 249 + ) 250 + 251 + def test_update_organization_without_permission(self): 252 + """Test that a user without permission cannot update an organization.""" 253 + self.attach_role_organization_user( 254 + self.root_organization, self.user, self.administrator_role 255 + ) 256 + self.child_organization = self.create_organization( 257 + user=self.super_user, 258 + name="Child Organization", 259 + org_type="team", 260 + parent=self.root_organization, 261 + ) 262 + self.client.force_authenticate(user=self.user) 263 + data = { 264 + "active": True, 265 + "name": "Updated Organization", 266 + "description": "This is an updated organization.", 267 + "org_type": "team", 268 + } 269 + response = self.client.put( 270 + self.get_detail_url(self.child_organization.external_id), 271 + data, 272 + format="json", 273 + ) 274 + self.assertEqual(response.status_code, 403) 275 + self.assertContains( 276 + response, 277 + "User does not have the required permissions to update organizations", 278 + status_code=403, 279 + ) 280 + 281 + # Organization Delete API Tests 282 + 283 + def test_delete_organization_as_super_user(self): 284 + """Test that a super user can delete an organization.""" 285 + self.client.force_authenticate(user=self.super_user) 286 + response = self.client.delete( 287 + self.get_detail_url(self.root_organization.external_id) 288 + ) 289 + self.assertEqual(response.status_code, 204) 290 + get_response = self.client.get( 291 + self.get_detail_url(self.root_organization.external_id) 292 + ) 293 + self.assertEqual(get_response.status_code, 404) 294 + self.assertContains( 295 + get_response, "No Organization matches the given query.", status_code=404 296 + ) 297 + 298 + def test_delete_organization_with_org_type_as_user(self): 299 + """Test that a user cannot delete an organization.""" 300 + self.attach_role_organization_user( 301 + self.root_organization, self.user, self.administrator_role 302 + ) 303 + self.client.force_authenticate(user=self.user) 304 + response = self.client.delete( 305 + self.get_detail_url(self.root_organization.external_id) 306 + ) 307 + self.assertEqual(response.status_code, 403) 308 + self.assertContains( 309 + response, 310 + "Organization Type cannot be deleted", 311 + status_code=403, 312 + ) 313 + 314 + def test_delete_organization_without_permission(self): 315 + """Test that a user without permission cannot delete an organization.""" 316 + self.attach_role_organization_user( 317 + self.root_organization, self.user, self.administrator_role 318 + ) 319 + self.child_organization = self.create_organization( 320 + user=self.super_user, 321 + name="Child Organization", 322 + org_type="team", 323 + parent=self.root_organization, 324 + ) 325 + self.client.force_authenticate(user=self.user) 326 + response = self.client.delete( 327 + self.get_detail_url(self.child_organization.external_id) 328 + ) 329 + self.assertEqual(response.status_code, 403) 330 + self.assertContains( 331 + response, 332 + "User does not have the required permissions to delete organizations", 333 + status_code=403, 334 + ) 335 + 336 + def test_delete_organization_with_children(self): 337 + """Test that a user cannot delete an organization with children.""" 338 + self.client.force_authenticate(user=self.super_user) 339 + self.create_organization( 340 + user=self.super_user, 341 + name="Child Organization", 342 + org_type="team", 343 + parent=self.root_organization, 344 + ) 345 + response = self.client.delete( 346 + self.get_detail_url(self.root_organization.external_id) 347 + ) 348 + self.assertEqual(response.status_code, 403) 349 + self.assertContains( 350 + response, "Cannot delete organization with children", status_code=403 351 + ) 352 + 353 + # Organization Filtering Tests 354 + 355 + def test_otp_user_can_only_access_govt_organizations(self): 356 + """Test that OTP users can only access government organizations.""" 357 + # Create a user with is_alternative_login flag 358 + otp_user = self.create_user() 359 + otp_user.is_alternative_login = True 360 + otp_user.save() 361 + 362 + self.create_organization(user=self.super_user, name="Govt Org", org_type="govt") 363 + self.create_organization(user=self.super_user, name="Team Org", org_type="team") 364 + 365 + self.client.force_authenticate(user=otp_user) 366 + response = self.client.get(self.url) 367 + self.assertEqual(response.status_code, 200) 368 + 369 + org_types = [org["org_type"] for org in response.data["results"]] 370 + self.assertTrue(all(org_type == "govt" for org_type in org_types)) 371 + self.assertNotIn("team", org_types) 372 + 373 + def test_filter_organizations_by_parent(self): 374 + """Test that organizations can be filtered by parent.""" 375 + self.client.force_authenticate(user=self.super_user) 376 + self.create_organization( 377 + user=self.super_user, name="Parent Org 1", org_type="govt" 378 + ) 379 + child_org = self.create_organization( 380 + user=self.super_user, 381 + name="Child Org 1", 382 + org_type="team", 383 + parent=self.root_organization, 384 + ) 385 + response = self.client.get( 386 + f"{self.url}?parent={self.root_organization.external_id}" 387 + ) 388 + self.assertEqual(response.status_code, 200) 389 + self.assertEqual(len(response.data["results"]), 1) 390 + self.assertEqual(response.data["results"][0]["id"], str(child_org.external_id)) 391 + 392 + def test_list_organizations_filtered_by_permission(self): 393 + """Test that organizations can be filtered by user permissions.""" 394 + org1 = self.create_organization( 395 + user=self.super_user, name="Org 1", org_type="govt" 396 + ) 397 + self.create_organization(user=self.super_user, name="Org 2", org_type="team") 398 + role = self.create_role_with_permissions( 399 + permissions=[ 400 + OrganizationPermissions.can_view_organization.name, 401 + ], 402 + role_name=STAFF_ROLE.name, 403 + ) 404 + # Assign permissions to the user 405 + self.attach_role_organization_user(org1, self.user, role) 406 + self.client.force_authenticate(user=self.user) 407 + response = self.client.get( 408 + f"{self.url}?permission={OrganizationPermissions.can_view_organization.name}" 409 + ) 410 + self.assertEqual(response.status_code, 200) 411 + self.assertIn( 412 + str(org1.external_id), [org["id"] for org in response.data["results"]] 413 + ) 414 + 415 + def test_list_organizations_filtered_by_org_type(self): 416 + """Test that organizations can be filtered by org_type.""" 417 + self.client.force_authenticate(user=self.user) 418 + self.create_organization(user=self.super_user, name="Govt Org", org_type="govt") 419 + self.create_organization(user=self.super_user, name="Team Org", org_type="team") 420 + response = self.client.get(f"{self.url}?org_type=govt") 421 + self.assertEqual(response.status_code, 200) 422 + org_types = [org["org_type"] for org in response.data["results"]] 423 + self.assertTrue(all(org_type == "govt" for org_type in org_types)) 424 + 425 + def test_list_organizations_filtered_by_name(self): 426 + """Test that organizations can be filtered by name.""" 427 + self.client.force_authenticate(user=self.user) 428 + response = self.client.get(f"{self.url}?name=Parent Organization") 429 + self.assertEqual(response.status_code, 200) 430 + self.assertEqual(len(response.data["results"]), 1) 431 + self.assertEqual( 432 + response.data["results"][0]["id"], str(self.root_organization.external_id) 433 + ) 434 + 435 + def test_list_organizations_filtered_by_parent(self): 436 + """Test that organizations can be filtered by parent.""" 437 + self.client.force_authenticate(user=self.super_user) 438 + self.create_organization( 439 + user=self.super_user, name="Unrelated Org", org_type="team" 440 + ) 441 + child_org = self.create_organization( 442 + user=self.super_user, 443 + name="Child Org 1", 444 + org_type="team", 445 + parent=self.root_organization, 446 + ) 447 + response = self.client.get( 448 + f"{self.url}?parent={self.root_organization.external_id}" 449 + ) 450 + self.assertEqual(response.status_code, 200) 451 + self.assertEqual(len(response.data["results"]), 1) 452 + self.assertEqual(response.data["results"][0]["id"], str(child_org.external_id)) 453 + 454 + def test_list_organizations_filtered_by_level_cache(self): 455 + """Test that organizations can be filtered by level_cache.""" 456 + self.client.force_authenticate(user=self.super_user) 457 + org2 = self.create_organization( 458 + user=self.super_user, 459 + name="Child Org 1", 460 + org_type="team", 461 + parent=self.root_organization, 462 + ) 463 + response = self.client.get(f"{self.url}?level_cache=1") 464 + self.assertEqual(response.status_code, 200) 465 + self.assertIn( 466 + str(org2.external_id), [org["id"] for org in response.data["results"]] 467 + ) 468 + self.assertNotIn( 469 + str(self.root_organization.external_id), 470 + [org["id"] for org in response.data["results"]], 471 + ) 472 + 473 + def test_list_organizations_filtered_by_mine(self): 474 + """Test that organizations can be filtered by mine.""" 475 + self.client.force_authenticate(user=self.user) 476 + org1 = self.create_organization( 477 + user=self.super_user, name="Govt Org", org_type="govt" 478 + ) 479 + self.create_organization(user=self.super_user, name="Team Org", org_type="team") 480 + self.attach_role_organization_user(org1, self.user, self.administrator_role) 481 + response = self.client.get(f"{self.url}mine/") 482 + self.assertEqual(response.status_code, 200) 483 + self.assertIn( 484 + str(org1.external_id), [org["id"] for org in response.data["results"]] 485 + ) 486 + 487 + 488 + class OrganizationUsersTestCase(CareAPITestBase): 489 + def setUp(self): 490 + super().setUp() 491 + self.super_user = self.create_super_user() 492 + self.user = self.create_user() 493 + self.administrator_role = self.create_role_with_permissions( 494 + role_name=ADMINISTRATOR.name, 495 + permissions=[ 496 + OrganizationPermissions.can_view_organization.name, 497 + OrganizationPermissions.can_manage_organization_users.name, 498 + OrganizationPermissions.can_list_organization_users.name, 499 + ], 500 + ) 501 + self.root_organization = self.create_organization( 502 + user=self.super_user, name="Parent Organization", org_type="govt" 503 + ) 504 + 505 + def get_url(self, organization_external_id): 506 + """Get the URL for the organization users API.""" 507 + return reverse( 508 + "organization-users-list", 509 + kwargs={"organization_external_id": str(organization_external_id)}, 510 + ) 511 + 512 + def get_detail_url(self, organization_external_id, user_external_id): 513 + """Get the URL for a specific organization user.""" 514 + return reverse( 515 + "organization-users-detail", 516 + kwargs={ 517 + "organization_external_id": str(organization_external_id), 518 + "external_id": str(user_external_id), 519 + }, 520 + ) 521 + 522 + # Adding Users to Organization 523 + 524 + def test_add_user_to_organization_as_super_user(self): 525 + """Test that a super user can add a user to an organization.""" 526 + self.client.force_authenticate(user=self.super_user) 527 + data = { 528 + "user": str(self.user.external_id), 529 + "role": str(self.administrator_role.external_id), 530 + } 531 + response = self.client.post( 532 + self.get_url(self.root_organization.external_id), data, format="json" 533 + ) 534 + self.assertEqual(response.status_code, 200) 535 + self.assertEqual(response.data["user"]["id"], str(self.user.external_id)) 536 + self.assertEqual( 537 + response.data["role"]["id"], str(self.administrator_role.external_id) 538 + ) 539 + get_response = self.client.get(self.get_url(self.root_organization.external_id)) 540 + self.assertEqual(get_response.status_code, 200) 541 + self.assertIn( 542 + str(self.user.external_id), 543 + [user["user"]["id"] for user in get_response.data["results"]], 544 + ) 545 + 546 + def test_add_user_to_organization_as_user_with_permission(self): 547 + """Test that a user with permission can add a user to an organization.""" 548 + self.attach_role_organization_user( 549 + self.root_organization, self.user, self.administrator_role 550 + ) 551 + new_user = self.create_user() 552 + self.client.force_authenticate(user=self.user) 553 + data = { 554 + "user": str(new_user.external_id), 555 + "role": str(self.administrator_role.external_id), 556 + } 557 + response = self.client.post( 558 + self.get_url(self.root_organization.external_id), data, format="json" 559 + ) 560 + self.assertEqual(response.status_code, 200) 561 + self.assertEqual(response.data["user"]["id"], str(new_user.external_id)) 562 + self.assertEqual( 563 + response.data["role"]["id"], str(self.administrator_role.external_id) 564 + ) 565 + get_response = self.client.get(self.get_url(self.root_organization.external_id)) 566 + self.assertEqual(get_response.status_code, 200) 567 + self.assertIn( 568 + str(new_user.external_id), 569 + [user["user"]["id"] for user in get_response.data["results"]], 570 + ) 571 + 572 + def test_add_user_to_organization_as_user_without_permission(self): 573 + """Test that a user without permission cannot add a user to an organization.""" 574 + self.client.force_authenticate(user=self.user) 575 + new_user = self.create_user() 576 + data = { 577 + "user": str(new_user.external_id), 578 + "role": str(self.administrator_role.external_id), 579 + } 580 + response = self.client.post( 581 + self.get_url(self.root_organization.external_id), data, format="json" 582 + ) 583 + self.assertEqual(response.status_code, 403) 584 + self.assertContains( 585 + response, 586 + "User does not have permission for this action", 587 + status_code=403, 588 + ) 589 + 590 + def test_add_user_to_organization_with_higher_role(self): 591 + """Test that a user cannot add another user with a higher role.""" 592 + self.attach_role_organization_user( 593 + self.root_organization, self.user, self.administrator_role 594 + ) 595 + new_user = self.create_user() 596 + higher_role = self.create_role_with_permissions( 597 + permissions=[ 598 + OrganizationPermissions.can_manage_organization.name, 599 + ], 600 + role_name="Higher Role", 601 + ) 602 + self.client.force_authenticate(user=self.user) 603 + data = { 604 + "user": str(new_user.external_id), 605 + "role": str(higher_role.external_id), 606 + } 607 + response = self.client.post( 608 + self.get_url(self.root_organization.external_id), data, format="json" 609 + ) 610 + self.assertEqual(response.status_code, 403) 611 + self.assertContains( 612 + response, 613 + "User does not have permission for this action", 614 + status_code=403, 615 + ) 616 + 617 + def test_add_user_to_the_same_organization(self): 618 + """Test that a user cannot add a user to the same organization twice.""" 619 + self.client.force_authenticate(user=self.super_user) 620 + self.attach_role_organization_user( 621 + self.root_organization, self.user, self.administrator_role 622 + ) 623 + data = { 624 + "user": str(self.user.external_id), 625 + "role": str(self.administrator_role.external_id), 626 + } 627 + response = self.client.post( 628 + self.get_url(self.root_organization.external_id), data, format="json" 629 + ) 630 + self.assertEqual(response.status_code, 400) 631 + self.assertContains( 632 + response, 633 + "User association already exists", 634 + status_code=400, 635 + ) 636 + 637 + def test_add_user_to_child_organization_already_linked_to_parent(self): 638 + """Test that cannot add a user to a child organization already linked to parent.""" 639 + self.client.force_authenticate(user=self.super_user) 640 + child_organization = self.create_organization( 641 + user=self.super_user, 642 + name="Child Organization", 643 + org_type="team", 644 + parent=self.root_organization, 645 + ) 646 + self.attach_role_organization_user( 647 + self.root_organization, self.user, self.administrator_role 648 + ) 649 + data = { 650 + "user": str(self.user.external_id), 651 + "role": str(self.administrator_role.external_id), 652 + } 653 + response = self.client.post( 654 + self.get_url(child_organization.external_id), data, format="json" 655 + ) 656 + self.assertEqual(response.status_code, 400) 657 + self.assertContains( 658 + response, 659 + "User is already linked to a parent organization", 660 + status_code=400, 661 + ) 662 + 663 + def test_add_user_to_parent_organization_already_linked_to_child(self): 664 + """Test that cannot add a user to a parent organization already linked to child.""" 665 + self.client.force_authenticate(user=self.super_user) 666 + child_organization = self.create_organization( 667 + user=self.super_user, 668 + name="Child Organization", 669 + org_type="team", 670 + parent=self.root_organization, 671 + ) 672 + self.attach_role_organization_user( 673 + child_organization, self.user, self.administrator_role 674 + ) 675 + data = { 676 + "user": str(self.user.external_id), 677 + "role": str(self.administrator_role.external_id), 678 + } 679 + response = self.client.post( 680 + self.get_url(self.root_organization.external_id), data, format="json" 681 + ) 682 + self.assertEqual(response.status_code, 400) 683 + self.assertContains( 684 + response, "User has association to some child organization", status_code=400 685 + ) 686 + 687 + # Removing Users from Organization 688 + 689 + def test_remove_user_from_organization_as_super_user(self): 690 + """Test that a super user can remove a user from an organization.""" 691 + org_user = self.attach_role_organization_user( 692 + self.root_organization, self.user, self.administrator_role 693 + ) 694 + self.client.force_authenticate(user=self.super_user) 695 + response = self.client.delete( 696 + self.get_detail_url( 697 + self.root_organization.external_id, org_user.external_id 698 + ) 699 + ) 700 + self.assertEqual(response.status_code, 204) 701 + get_response = self.client.get( 702 + self.get_detail_url( 703 + self.root_organization.external_id, org_user.external_id 704 + ) 705 + ) 706 + self.assertEqual(get_response.status_code, 404) 707 + 708 + def test_remove_user_from_organization_as_user_with_permission(self): 709 + """Test that a user with permission can remove a user from an organization.""" 710 + self.attach_role_organization_user( 711 + self.root_organization, self.user, self.administrator_role 712 + ) 713 + user = self.create_user() 714 + org_user2 = self.attach_role_organization_user( 715 + self.root_organization, user, self.administrator_role 716 + ) 717 + self.client.force_authenticate(user=self.user) 718 + response = self.client.delete( 719 + self.get_detail_url( 720 + self.root_organization.external_id, org_user2.external_id 721 + ) 722 + ) 723 + self.assertEqual(response.status_code, 204) 724 + get_response = self.client.get( 725 + self.get_detail_url( 726 + self.root_organization.external_id, org_user2.external_id 727 + ) 728 + ) 729 + self.assertEqual(get_response.status_code, 404) 730 + 731 + def test_remove_user_from_organization_as_user_without_permission(self): 732 + """Test that a user without permission cannot remove a user from an organization.""" 733 + role = self.create_role_with_permissions( 734 + role_name=STAFF_ROLE.name, 735 + permissions=[ 736 + OrganizationPermissions.can_view_organization.name, 737 + OrganizationPermissions.can_list_organization_users.name, 738 + ], 739 + ) 740 + new_user = self.create_user() 741 + org_user = self.attach_role_organization_user( 742 + self.root_organization, new_user, role 743 + ) 744 + self.attach_role_organization_user(self.root_organization, self.user, role) 745 + self.client.force_authenticate(user=self.user) 746 + response = self.client.delete( 747 + self.get_detail_url( 748 + self.root_organization.external_id, org_user.external_id 749 + ) 750 + ) 751 + self.assertEqual(response.status_code, 403) 752 + self.assertContains( 753 + response, 754 + "User does not have permission for this action", 755 + status_code=403, 756 + ) 757 + 758 + # getting User Details in Organization 759 + 760 + def test_get_users_in_organization_as_super_user(self): 761 + """Test that a super user can get users in an organization.""" 762 + self.client.force_authenticate(user=self.super_user) 763 + org_user = self.attach_role_organization_user( 764 + self.root_organization, self.user, self.administrator_role 765 + ) 766 + response = self.client.get( 767 + self.get_detail_url( 768 + self.root_organization.external_id, org_user.external_id 769 + ) 770 + ) 771 + self.assertEqual(response.status_code, 200) 772 + self.assertEqual(response.data["user"]["id"], str(self.user.external_id)) 773 + 774 + def test_get_users_in_organization_as_user_with_permission(self): 775 + """Test that a user with permission can get users in an organization.""" 776 + self.attach_role_organization_user( 777 + self.root_organization, self.user, self.administrator_role 778 + ) 779 + self.client.force_authenticate(user=self.user) 780 + new_user = self.create_user() 781 + org_user = self.attach_role_organization_user( 782 + self.root_organization, new_user, self.administrator_role 783 + ) 784 + 785 + response = self.client.get( 786 + self.get_detail_url( 787 + self.root_organization.external_id, org_user.external_id 788 + ) 789 + ) 790 + self.assertEqual(response.status_code, 200) 791 + self.assertEqual(response.data["user"]["id"], str(new_user.external_id)) 792 + 793 + def test_get_users_in_organization_as_user_without_permission(self): 794 + """Test that a user without permission cannot get users in an organization.""" 795 + 796 + new_user = self.create_user() 797 + role = self.create_role_with_permissions( 798 + role_name=STAFF_ROLE.name, 799 + permissions=[ 800 + OrganizationPermissions.can_view_organization.name, 801 + ], 802 + ) 803 + self.client.force_authenticate(user=self.user) 804 + org_user = self.attach_role_organization_user( 805 + self.root_organization, new_user, role 806 + ) 807 + response = self.client.get( 808 + self.get_detail_url( 809 + self.root_organization.external_id, org_user.external_id 810 + ) 811 + ) 812 + self.assertEqual(response.status_code, 403) 813 + self.assertContains( 814 + response, 815 + "User does not have the required permissions to list users", 816 + status_code=403, 817 + ) 818 + 819 + # getting User List in Organization 820 + 821 + def test_list_users_in_organization_as_super_user(self): 822 + """Test that a super user can list users in an organization.""" 823 + org_user = self.attach_role_organization_user( 824 + self.root_organization, self.user, self.administrator_role 825 + ) 826 + self.client.force_authenticate(user=self.super_user) 827 + response = self.client.get(self.get_url(self.root_organization.external_id)) 828 + self.assertEqual(response.status_code, 200) 829 + self.assertIn( 830 + str(org_user.external_id), 831 + [user["id"] for user in response.data["results"]], 832 + ) 833 + 834 + def test_list_users_in_organization_as_user_with_permission(self): 835 + """Test that a user with permission can list users in an organization.""" 836 + self.attach_role_organization_user( 837 + self.root_organization, self.user, self.administrator_role 838 + ) 839 + new_user = self.create_user() 840 + org_user = self.attach_role_organization_user( 841 + self.root_organization, new_user, self.administrator_role 842 + ) 843 + self.client.force_authenticate(user=self.user) 844 + response = self.client.get(self.get_url(self.root_organization.external_id)) 845 + self.assertEqual(response.status_code, 200) 846 + self.assertIn( 847 + str(org_user.external_id), 848 + [user["id"] for user in response.data["results"]], 849 + ) 850 + 851 + def test_list_users_in_organization_as_user_without_permission(self): 852 + """Test that a user without permission cannot list users in an organization.""" 853 + new_user = self.create_user() 854 + role = self.create_role_with_permissions( 855 + role_name=STAFF_ROLE.name, 856 + permissions=[ 857 + OrganizationPermissions.can_view_organization.name, 858 + ], 859 + ) 860 + self.attach_role_organization_user(self.root_organization, new_user, role) 861 + self.client.force_authenticate(user=self.user) 862 + response = self.client.get(self.get_url(self.root_organization.external_id)) 863 + self.assertEqual(response.status_code, 403) 864 + self.assertContains( 865 + response, 866 + "User does not have the required permissions to list users", 867 + status_code=403, 868 + ) 869 + 870 + # getting User update in Organization 871 + 872 + def test_update_user_in_organization_as_super_user(self): 873 + """Test that a super user can update a user in an organization.""" 874 + self.create_role_with_permissions( 875 + role_name=STAFF_ROLE.name, 876 + permissions=[ 877 + OrganizationPermissions.can_view_organization.name, 878 + ], 879 + ) 880 + org_user = self.attach_role_organization_user( 881 + self.root_organization, self.user, self.administrator_role 882 + ) 883 + self.client.force_authenticate(user=self.super_user) 884 + updated_data = { 885 + "role": str(self.administrator_role.external_id), 886 + } 887 + response = self.client.put( 888 + self.get_detail_url( 889 + self.root_organization.external_id, org_user.external_id 890 + ), 891 + updated_data, 892 + format="json", 893 + ) 894 + self.assertEqual(response.status_code, 200) 895 + get_response = self.client.get( 896 + self.get_detail_url( 897 + self.root_organization.external_id, org_user.external_id 898 + ) 899 + ) 900 + self.assertEqual(get_response.status_code, 200) 901 + self.assertEqual( 902 + get_response.data["role"]["id"], str(self.administrator_role.external_id) 903 + ) 904 + 905 + def test_update_user_in_organization_as_user_with_permission(self): 906 + """Test that a user with permission can update a user in an organization.""" 907 + self.attach_role_organization_user( 908 + self.root_organization, self.user, self.administrator_role 909 + ) 910 + new_user = self.create_user( 911 + username="NewUser", 912 + ) 913 + role = self.create_role_with_permissions( 914 + role_name=STAFF_ROLE.name, 915 + permissions=[ 916 + OrganizationPermissions.can_view_organization.name, 917 + OrganizationPermissions.can_list_organization_users.name, 918 + ], 919 + ) 920 + org_user = self.attach_role_organization_user( 921 + self.root_organization, new_user, role 922 + ) 923 + self.client.force_authenticate(user=self.user) 924 + updated_data = { 925 + "role": str(self.administrator_role.external_id), 926 + } 927 + response = self.client.put( 928 + self.get_detail_url( 929 + self.root_organization.external_id, org_user.external_id 930 + ), 931 + updated_data, 932 + format="json", 933 + ) 934 + self.assertEqual(response.status_code, 200) 935 + get_response = self.client.get( 936 + self.get_detail_url( 937 + self.root_organization.external_id, org_user.external_id 938 + ) 939 + ) 940 + self.assertEqual(get_response.status_code, 200) 941 + self.assertEqual( 942 + get_response.data["role"]["id"], str(self.administrator_role.external_id) 943 + ) 944 + 945 + def test_update_user_in_organization_as_user_without_permission(self): 946 + """Test that a user without permission cannot update a user in an organization.""" 947 + new_user = self.create_user() 948 + role = self.create_role_with_permissions( 949 + role_name=STAFF_ROLE.name, 950 + permissions=[ 951 + OrganizationPermissions.can_view_organization.name, 952 + ], 953 + ) 954 + org_user = self.attach_role_organization_user( 955 + self.root_organization, new_user, role 956 + ) 957 + self.client.force_authenticate(user=self.user) 958 + updated_data = { 959 + "role": str(self.administrator_role.external_id), 960 + } 961 + response = self.client.put( 962 + self.get_detail_url( 963 + self.root_organization.external_id, org_user.external_id 964 + ), 965 + updated_data, 966 + format="json", 967 + ) 968 + self.assertEqual(response.status_code, 403) 969 + self.assertContains( 970 + response, 971 + "User does not have the required permissions to list users", 972 + status_code=403, 973 + ) 974 + 975 + def test_update_user_in_organization_with_higher_role(self): 976 + """Test that a user cannot update another user with a higher role.""" 977 + role = self.create_role_with_permissions( 978 + role_name=STAFF_ROLE.name, 979 + permissions=[ 980 + OrganizationPermissions.can_view_organization.name, 981 + OrganizationPermissions.can_list_organization_users.name, 982 + ], 983 + ) 984 + self.attach_role_organization_user(self.root_organization, self.user, role) 985 + new_user = self.create_user() 986 + org_user = self.attach_role_organization_user( 987 + self.root_organization, new_user, role 988 + ) 989 + self.client.force_authenticate(user=self.user) 990 + updated_data = { 991 + "role": str(self.administrator_role.external_id), 992 + } 993 + response = self.client.put( 994 + self.get_detail_url( 995 + self.root_organization.external_id, org_user.external_id 996 + ), 997 + updated_data, 998 + format="json", 999 + ) 1000 + self.assertEqual(response.status_code, 403) 1001 + self.assertContains( 1002 + response, 1003 + "User does not have permission for this action", 1004 + status_code=403, 1005 + )