Test cases for adding project, removing project and leaving project.

hc/accounts/tests/test_add_project.py

@@ -0,0 +1,27 @@
+from hc.accounts.models import Project
+from hc.test import BaseTestCase
+
+
+class RemoveProjectTestCase(BaseTestCase):
+
+    def setUp(self):
+        super(RemoveProjectTestCase, self).setUp()
+
+        self.url = "/projects/%s/remove/" % self.project.code
+
+    def test_it_works(self):
+        self.client.login(username="alice@example.org", password="password")
+        r = self.client.post("/projects/add/", {"name": "My Second Project"})
+
+        p = Project.objects.get(owner=self.alice, name="My Second Project")
+        self.assertRedirects(r, "/projects/%s/checks/" % p.code)
+        self.assertEqual(str(p.code), p.badge_key)
+
+        # Alice's current project should be the just created one
+        self.profile.refresh_from_db()
+        self.assertEqual(self.profile.current_project, p)
+
+    def test_it_rejects_get(self):
+        self.client.login(username="alice@example.org", password="password")
+        r = self.client.get("/projects/add/")
+        self.assertEqual(r.status_code, 405)

hc/accounts/tests/test_close_account.py

@@ -20,10 +20,6 @@ class CloseAccountTestCase(BaseTestCase):
         alices = User.objects.filter(username="alice")
         self.assertFalse(alices.exists())
 
-        # Alice should be gone
-        alices = User.objects.filter(username="alice")
-        self.assertFalse(alices.exists())
-
         # Bob's current team should now be None
         self.bobs_profile.refresh_from_db()
         self.assertIsNone(self.bobs_profile.current_project)

hc/accounts/tests/test_profile.py

@@ -108,3 +108,22 @@ class ProfileTestCase(BaseTestCase):
         self.assertEqual(len(mail.outbox), 1)
         expected_subject = "Change email address on %s" % settings.SITE_NAME
         self.assertEqual(mail.outbox[0].subject, expected_subject)
+
+    def test_leaving_works(self):
+        self.client.login(username="bob@example.org", password="password")
+
+        form = {"code": str(self.project.code), "leave_project": "1"}
+        r = self.client.post("/accounts/profile/", form)
+        self.assertContains(r, "Left project")
+        self.assertNotContains(r, "Alice's Project")
+
+        self.bobs_profile.refresh_from_db()
+        self.assertIsNone(self.bobs_profile.current_project)
+        self.assertFalse(self.bob.memberships.exists())
+
+    def test_leaving_checks_membership(self):
+        self.client.login(username="charlie@example.org", password="password")
+
+        form = {"code": str(self.project.code), "leave_project": "1"}
+        r = self.client.post("/accounts/profile/", form)
+        self.assertEqual(r.status_code, 400)

hc/accounts/tests/test_project.py

@@ -11,6 +11,11 @@ class ProfileTestCase(BaseTestCase):
 
         self.url = "/projects/%s/settings/" % self.project.code
 
+    def test_it_checks_access(self):
+        self.client.login(username="bob@example.org", password="password")
+        r = self.client.get(self.url)
+        self.assertEqual(r.status_code, 404)
+
     def test_it_shows_api_keys(self):
         self.project.api_key_readonly = "R" * 32
         self.project.save()
@@ -44,7 +49,7 @@ class ProfileTestCase(BaseTestCase):
 
         form = {"revoke_api_keys": "1"}
         r = self.client.post(self.url, form)
-        assert r.status_code == 200
+        self.assertEqual(r.status_code, 200)
 
         self.project.refresh_from_db()
         self.assertEqual(self.project.api_key, "")
@@ -69,8 +74,8 @@ class ProfileTestCase(BaseTestCase):
         self.assertFalse(member.user.project_set.exists())
 
         # And an email should have been sent
-        subj = ('You have been invited to join'
+        subj = ("You have been invited to join"
-                ' alice@example.org on %s' % settings.SITE_NAME)
+                " Alice's Project on %s" % settings.SITE_NAME)
         self.assertEqual(mail.outbox[0].subject, subj)
 
     def test_it_checks_team_size(self):

hc/accounts/tests/test_remove_project.py

@@ -0,0 +1,37 @@
+from hc.api.models import Check
+from hc.test import BaseTestCase
+
+
+class RemoveProjectTestCase(BaseTestCase):
+
+    def setUp(self):
+        super(RemoveProjectTestCase, self).setUp()
+
+        self.url = "/projects/%s/remove/" % self.project.code
+
+    def test_it_works(self):
+        Check.objects.create(project=self.project, tags="foo a-B_1  baz@")
+
+        self.client.login(username="alice@example.org", password="password")
+        r = self.client.post(self.url)
+        self.assertRedirects(r, "/")
+
+        # Alice's current project should be not set
+        self.profile.refresh_from_db()
+        self.assertEqual(self.profile.current_project, None)
+
+        # Alice should not own any projects
+        self.assertFalse(self.alice.project_set.exists())
+
+        # Check should be gone
+        self.assertFalse(Check.objects.exists())
+
+    def test_it_rejects_get(self):
+        self.client.login(username="alice@example.org", password="password")
+        r = self.client.get(self.url)
+        self.assertEqual(r.status_code, 405)
+
+    def test_it_checks_access(self):
+        self.client.login(username="bob@example.org", password="password")
+        r = self.client.post(self.url)
+        self.assertEqual(r.status_code, 404)

hc/accounts/views.py

@@ -11,7 +11,7 @@ from django.contrib.auth.decorators import login_required
 from django.contrib.auth.models import User
 from django.core import signing
 from django.http import HttpResponseForbidden, HttpResponseBadRequest
-from django.shortcuts import redirect, render
+from django.shortcuts import get_object_or_404, redirect, render
 from django.utils.timezone import now
 from django.urls import resolve, Resolver404
 from django.views.decorators.csrf import csrf_exempt
@@ -238,7 +238,7 @@ def add_project(request):
 
 @login_required
 def project(request, code):
-    project = Project.objects.get(code=code, owner_id=request.user.id)
+    project = get_object_or_404(Project, code=code, owner=request.user)
 
     ctx = {
         "page": "project",
@@ -483,6 +483,6 @@ def close(request):
 @require_POST
 @login_required
 def remove_project(request, code):
-    project = Project.objects.get(code=code, owner=request.user)
+    project = get_object_or_404(Project, code=code, owner=request.user)
     project.delete()
-    return redirect("hc-profile")
+    return redirect("hc-index")

hc/front/views.py

@@ -83,7 +83,7 @@ def _get_project_for_user(request, project_code):
     """ Return true if current user has access to the specified account. """
 
     if request.user.is_superuser:
-        q = Project.objects.all()
+        q = Project.objects
     else:
         q = request.profile.projects()
 

hc/test.py

@@ -15,6 +15,7 @@ class BaseTestCase(TestCase):
         self.alice.save()
 
         self.project = Project(owner=self.alice, api_key="X" * 32)
+        self.project.name = "Alice's Project"
         self.project.badge_key = self.alice.username
         self.project.save()