mayan-edms/mayan/apps/checkouts/tests/test_views.py

from __future__ import unicode_literals

import datetime

from django.contrib.auth.models import User
from django.core.files import File
from django.core.urlresolvers import reverse
from django.test.client import Client
from django.test import TestCase
from django.utils.timezone import now

from common.literals import TIME_DELTA_UNIT_DAYS
from documents.models import DocumentType
from documents.tests.literals import (
    TEST_DOCUMENT_TYPE, TEST_SMALL_DOCUMENT_PATH
)
from documents.tests.test_views import GenericDocumentViewTestCase
from sources.links import link_upload_version
from user_management.tests import (
    TEST_USER_PASSWORD, TEST_USER_USERNAME, TEST_ADMIN_EMAIL,
    TEST_ADMIN_PASSWORD, TEST_ADMIN_USERNAME,
)

from ..models import DocumentCheckout
from ..permissions import (
    permission_document_checkin, permission_document_checkin_override,
    permission_document_checkout
)


class DocumentCheckoutViewTestCase(GenericDocumentViewTestCase):
    def test_checkin_document_view_no_permission(self):
        self.login(
            username=TEST_USER_USERNAME, password=TEST_USER_PASSWORD
        )

        expiration_datetime = now() + datetime.timedelta(days=1)

        DocumentCheckout.objects.checkout_document(
            document=self.document, expiration_datetime=expiration_datetime,
            user=self.user, block_new_version=True
        )

        self.assertTrue(self.document.is_checked_out())

        response = self.post(
            'checkouts:checkin_document', args=(self.document.pk,), follow=True
        )

        self.assertEquals(response.status_code, 403)

        self.assertTrue(self.document.is_checked_out())

    def test_checkin_document_view_with_permission(self):
        self.login(
            username=TEST_USER_USERNAME, password=TEST_USER_PASSWORD
        )

        expiration_datetime = now() + datetime.timedelta(days=1)

        DocumentCheckout.objects.checkout_document(
            document=self.document, expiration_datetime=expiration_datetime,
            user=self.user, block_new_version=True
        )

        self.assertTrue(self.document.is_checked_out())

        self.role.permissions.add(
            permission_document_checkin.stored_permission
        )

        response = self.post(
            'checkouts:checkin_document', args=(self.document.pk,), follow=True
        )

        self.assertEquals(response.status_code, 200)

        self.assertFalse(self.document.is_checked_out())

        self.assertFalse(
            DocumentCheckout.objects.is_document_checked_out(
                document=self.document
            )
        )

    def test_checkout_document_view_no_permission(self):
        self.login(
            username=TEST_USER_USERNAME, password=TEST_USER_PASSWORD
        )

        response = self.post(
            'checkouts:checkout_document', args=(self.document.pk,), data={
                'expiration_datetime_0': 2,
                'expiration_datetime_1': TIME_DELTA_UNIT_DAYS,
                'block_new_version': True
            }, follow=True
        )

        self.assertEquals(response.status_code, 403)

        self.assertFalse(self.document.is_checked_out())

    def test_checkout_document_view_with_permission(self):
        self.login(
            username=TEST_USER_USERNAME, password=TEST_USER_PASSWORD
        )
        self.role.permissions.add(
            permission_document_checkout.stored_permission
        )

        response = self.post(
            'checkouts:checkout_document', args=(self.document.pk,), data={
                'expiration_datetime_0': 2,
                'expiration_datetime_1': TIME_DELTA_UNIT_DAYS,
                'block_new_version': True
            }, follow=True
        )

        self.assertEquals(response.status_code, 200)

        self.assertTrue(self.document.is_checked_out())

    def test_document_new_version_after_checkout(self):
        """
        Gitlab issue #231
        User shown option to upload new version of a document even though it
        is blocked by checkout - v2.0.0b2

        Expected results:
            - Link to upload version view should not resolve
            - Upload version view should reject request
        """

        self.login(
            username=TEST_ADMIN_USERNAME, password=TEST_ADMIN_PASSWORD
        )

        expiration_datetime = now() + datetime.timedelta(days=1)

        DocumentCheckout.objects.checkout_document(
            document=self.document, expiration_datetime=expiration_datetime,
            user=self.admin_user, block_new_version=True
        )

        self.assertTrue(self.document.is_checked_out())

        response = self.post(
            'sources:upload_version', args=(self.document.pk,),
            follow=True
        )

        self.assertContains(
            response, text='blocked from uploading',
            status_code=200
        )

        response = self.get(
            'documents:document_version_list', args=(self.document.pk,),
            follow=True
        )

        #Needed by the url view resolver
        response.context.current_app = None
        resolved_link = link_upload_version.resolve(context=response.context)

        self.assertEqual(resolved_link, None)

    def test_forcefull_check_in_document_view_no_permission(self):
        # Gitlab issue #237
        # Forcefully checking in a document by a user without adequate
        # permissions throws out an error

        expiration_datetime = now() + datetime.timedelta(days=1)

        DocumentCheckout.objects.checkout_document(
            document=self.document, expiration_datetime=expiration_datetime,
            user=self.admin_user, block_new_version=True
        )

        self.assertTrue(self.document.is_checked_out())

        self.login(
            username=TEST_USER_USERNAME, password=TEST_USER_PASSWORD
        )

        self.role.permissions.add(
            permission_document_checkin.stored_permission
        )
        self.role.permissions.add(
            permission_document_checkout.stored_permission
        )

        response = self.post(
            'checkouts:checkin_document', args=(self.document.pk,), follow=True
        )

        self.assertContains(
            response, text='Insufficient permissions', status_code=403
        )

        self.assertTrue(self.document.is_checked_out())

    def test_forcefull_check_in_document_view_with_permission(self):
        expiration_datetime = now() + datetime.timedelta(days=1)

        DocumentCheckout.objects.checkout_document(
            document=self.document, expiration_datetime=expiration_datetime,
            user=self.admin_user, block_new_version=True
        )

        self.assertTrue(self.document.is_checked_out())

        self.login(
            username=TEST_USER_USERNAME, password=TEST_USER_PASSWORD
        )

        self.role.permissions.add(
            permission_document_checkin.stored_permission
        )
        self.role.permissions.add(
            permission_document_checkin.stored_permission
        )
        self.role.permissions.add(
            permission_document_checkin_override.stored_permission
        )

        response = self.post(
            'checkouts:checkin_document', args=(self.document.pk,), follow=True
        )

        self.assertContains(
            response, text='hecked in successfully', status_code=200
        )

        self.assertFalse(self.document.is_checked_out())