#19 Tests

* adds EcoAccount tests
* fixes bugs found by testing

compensation/tests/test_views.py

@@ -17,8 +17,6 @@ class CompensationViewTestCase(BaseViewTestCase):
     These tests focus on proper returned views depending on the user's groups privileges and login status
 
     """
-    comp_state = None
-    comp_action = None
 
     @classmethod
     def setUpTestData(cls) -> None:
@@ -224,3 +222,185 @@ class CompensationViewTestCase(BaseViewTestCase):
         ]
         self.assert_url_fail(client, fail_urls)
         self.assert_url_success(client, success_urls)
+
+
+class EcoAccountViewTestCase(CompensationViewTestCase):
+    """
+    These tests focus on proper returned views depending on the user's groups privileges and login status
+
+    EcoAccounts can inherit the same tests used for compensations.
+
+    """
+    comp_state = None
+    comp_action = None
+
+    @classmethod
+    def setUpTestData(cls) -> None:
+        super().setUpTestData()
+        state = cls.create_dummy_states()
+        cls.eco_account.before_states.set([state])
+        cls.eco_account.after_states.set([state])
+
+        action = cls.create_dummy_action()
+        cls.eco_account.actions.set([action])
+
+        # Prepare urls
+        cls.index_url = reverse("compensation:acc-index", args=())
+        cls.new_url = reverse("compensation:acc-new", args=())
+        cls.new_id_url = reverse("compensation:acc-new-id", args=())
+        cls.detail_url = reverse("compensation:acc-detail", args=(cls.eco_account.id,))
+        cls.log_url = reverse("compensation:acc-log", args=(cls.eco_account.id,))
+        cls.edit_url = reverse("compensation:acc-edit", args=(cls.eco_account.id,))
+        cls.remove_url = reverse("compensation:acc-remove", args=(cls.eco_account.id,))
+        cls.report_url = reverse("compensation:acc-report", args=(cls.eco_account.id,))
+        cls.state_new_url = reverse("compensation:acc-new-state", args=(cls.eco_account.id,))
+        cls.action_new_url = reverse("compensation:acc-new-action", args=(cls.eco_account.id,))
+        cls.deadline_new_url = reverse("compensation:acc-new-deadline", args=(cls.eco_account.id,))
+        cls.new_doc_url = reverse("compensation:acc-new-doc", args=(cls.eco_account.id,))
+        cls.state_remove_url = reverse("compensation:acc-state-remove", args=(cls.eco_account.id, cls.comp_state.id,))
+        cls.action_remove_url = reverse("compensation:acc-action-remove", args=(cls.eco_account.id, cls.comp_action.id,))
+
+    def test_logged_in_no_groups_shared(self):
+        """ Check correct status code for all requests
+
+        Assumption: User logged in and has no groups and data is shared
+
+        Returns:
+
+        """
+        client = Client()
+        client.login(username=self.superuser.username, password=self.superuser_pw)
+        self.superuser.groups.set([])
+        self.eco_account.users.set([self.superuser])
+
+        # Since the user has no groups, it does not matter that data has been shared. There SHOULD not be any difference
+        # to a user without access, since the important permissions are missing
+        success_urls = [
+            self.index_url,
+            self.detail_url,
+            self.report_url,
+        ]
+        fail_urls = [
+            self.new_url,
+            self.new_id_url,
+            self.log_url,
+            self.edit_url,
+            self.remove_url,
+            self.state_new_url,
+            self.action_new_url,
+            self.deadline_new_url,
+            self.state_remove_url,
+            self.action_remove_url,
+            self.new_doc_url,
+        ]
+
+        self.assert_url_success(client, success_urls)
+        self.assert_url_fail(client, fail_urls)
+
+    def test_logged_in_no_groups_unshared(self):
+        """ Check correct status code for all requests
+
+        Assumption: User logged in and has no groups and data is shared
+
+        Returns:
+
+        """
+        client = Client()
+        client.login(username=self.superuser.username, password=self.superuser_pw)
+        self.superuser.groups.set([])
+        self.eco_account.users.set([])
+
+        # Since the user has no groups, it does not matter that data is unshared. There SHOULD not be any difference
+        # to a user having shared access, since all important permissions are missing
+        success_urls = [
+            self.index_url,
+            self.detail_url,
+            self.report_url,
+        ]
+        fail_urls = [
+            self.new_url,
+            self.new_id_url,
+            self.log_url,
+            self.edit_url,
+            self.remove_url,
+            self.state_new_url,
+            self.action_new_url,
+            self.deadline_new_url,
+            self.state_remove_url,
+            self.action_remove_url,
+            self.new_doc_url,
+        ]
+
+        self.assert_url_success(client, success_urls)
+        self.assert_url_fail(client, fail_urls)
+
+    def test_logged_in_default_group_shared(self):
+        """ Check correct status code for all requests
+
+        Assumption: User logged in, is default group member and data is shared
+        --> Default group necessary since all base functionalities depend on this group membership
+
+        Returns:
+
+        """
+        client = Client()
+        client.login(username=self.superuser.username, password=self.superuser_pw)
+        group = self.groups.get(name=DEFAULT_GROUP)
+        self.superuser.groups.set([group])
+        # Sharing is inherited by base intervention for compensation. Therefore configure the interventions share state
+        self.eco_account.users.set([self.superuser])
+
+        success_urls = [
+            self.index_url,
+            self.detail_url,
+            self.report_url,
+            self.new_url,
+            self.new_id_url,
+            self.edit_url,
+            self.state_new_url,
+            self.action_new_url,
+            self.deadline_new_url,
+            self.state_remove_url,
+            self.action_remove_url,
+            self.new_doc_url,
+            self.log_url,
+            self.remove_url,
+        ]
+        self.assert_url_success(client, success_urls)
+
+    def test_logged_in_default_group_unshared(self):
+        """ Check correct status code for all requests
+
+        Assumption: User logged in, is default group member and data is NOT shared
+        --> Default group necessary since all base functionalities depend on this group membership
+
+        Returns:
+
+        """
+        client = Client()
+        client.login(username=self.superuser.username, password=self.superuser_pw)
+        group = self.groups.get(name=DEFAULT_GROUP)
+        self.superuser.groups.set([group])
+        self.eco_account.users.set([])
+
+        success_urls = [
+            self.index_url,
+            self.detail_url,
+            self.report_url,
+            self.new_id_url,
+            self.new_url,
+        ]
+        fail_urls = [
+            self.edit_url,
+            self.state_new_url,
+            self.action_new_url,
+            self.deadline_new_url,
+            self.state_remove_url,
+            self.action_remove_url,
+            self.new_doc_url,
+            self.log_url,
+            self.remove_url,
+        ]
+        self.assert_url_fail(client, fail_urls)
+        self.assert_url_success(client, success_urls)
+

compensation/views/eco_account_views.py

@@ -26,7 +26,8 @@ from konova.forms import RemoveModalForm, SimpleGeomForm, NewDocumentForm, Recor
 from konova.settings import DEFAULT_GROUP, ZB_GROUP, ETS_GROUP
 from konova.utils.documents import get_document, remove_document
 from konova.utils.generators import generate_qr_code
-from konova.utils.message_templates import IDENTIFIER_REPLACED, FORM_INVALID, DATA_UNSHARED, DATA_UNSHARED_EXPLANATION
+from konova.utils.message_templates import IDENTIFIER_REPLACED, FORM_INVALID, DATA_UNSHARED, DATA_UNSHARED_EXPLANATION, \
+    CANCEL_ACC_RECORDED_OR_DEDUCTED
 from konova.utils.user_checks import in_group
 
 
@@ -120,6 +121,7 @@ def new_id_view(request: HttpRequest):
 
 @login_required
 @default_group_required
+@shared_access_required(EcoAccount, "id")
 def edit_view(request: HttpRequest, id: str):
     """
     Renders a view for editing compensations
@@ -225,6 +227,8 @@ def detail_view(request: HttpRequest, id: str):
 
 
 @login_required
+@default_group_required
+@shared_access_required(EcoAccount, "id")
 def remove_view(request: HttpRequest, id: str):
     """ Renders a modal view for removing the eco account
 
@@ -236,6 +240,15 @@ def remove_view(request: HttpRequest, id: str):
 
     """
     acc = get_object_or_404(EcoAccount, id=id)
+
+    # If the eco account has already been recorded OR there are already deductions, it can not be deleted by a regular
+    # default group user
+    if acc.recorded is not None or acc.deductions.exists():
+        user = request.user
+        if not in_group(user, ETS_GROUP):
+            messages.info(request, CANCEL_ACC_RECORDED_OR_DEDUCTED)
+            return redirect("compensation:acc-detail", id=id)
+
     form = RemoveModalForm(request.POST or None, instance=acc, user=request.user)
     return form.process_request(
         request=request,
@@ -246,6 +259,7 @@ def remove_view(request: HttpRequest, id: str):
 
 @login_required
 @default_group_required
+@shared_access_required(EcoAccount, "id")
 def deduction_remove_view(request: HttpRequest, id: str, deduction_id: str):
     """ Renders a modal view for removing deductions
 
@@ -272,6 +286,7 @@ def deduction_remove_view(request: HttpRequest, id: str, deduction_id: str):
 
 @login_required
 @default_group_required
+@shared_access_required(EcoAccount, "id")
 def log_view(request: HttpRequest, id: str):
     """ Renders a log view using modal
 
@@ -297,6 +312,7 @@ def log_view(request: HttpRequest, id: str):
 
 @login_required
 @conservation_office_group_required
+@shared_access_required(EcoAccount, "id")
 def record_view(request: HttpRequest, id:str):
     """ Renders a modal form for recording an eco account
 
@@ -318,6 +334,8 @@ def record_view(request: HttpRequest, id:str):
 
 
 @login_required
+@default_group_required
+@shared_access_required(EcoAccount, "id")
 def state_new_view(request: HttpRequest, id: str):
     """ Renders a form for adding new states for an eco account
 
@@ -337,6 +355,8 @@ def state_new_view(request: HttpRequest, id: str):
 
 
 @login_required
+@default_group_required
+@shared_access_required(EcoAccount, "id")
 def action_new_view(request: HttpRequest, id: str):
     """ Renders a form for adding new actions for an eco account
 
@@ -400,6 +420,8 @@ def action_remove_view(request: HttpRequest, id: str, action_id: str):
 
 
 @login_required
+@default_group_required
+@shared_access_required(EcoAccount, "id")
 def deadline_new_view(request: HttpRequest, id: str):
     """ Renders a form for adding new states for an eco account
 
@@ -419,6 +441,8 @@ def deadline_new_view(request: HttpRequest, id: str):
 
 
 @login_required
+@default_group_required
+@shared_access_required(EcoAccount, "id")
 def new_document_view(request: HttpRequest, id: str):
     """ Renders a form for uploading new documents
 
@@ -437,6 +461,7 @@ def new_document_view(request: HttpRequest, id: str):
 
 
 @login_required
+@default_group_required
 def get_document_view(request: HttpRequest, doc_id: str):
     """ Returns the document as downloadable file
 
@@ -463,6 +488,8 @@ def get_document_view(request: HttpRequest, doc_id: str):
 
 
 @login_required
+@default_group_required
+@shared_access_required(EcoAccount, "id")
 def remove_document_view(request: HttpRequest, doc_id: str):
     """ Removes the document from the database and file system
 
@@ -484,6 +511,7 @@ def remove_document_view(request: HttpRequest, doc_id: str):
 
 @login_required
 @default_group_required
+@shared_access_required(EcoAccount, "id")
 def new_deduction_view(request: HttpRequest, id: str):
     """ Renders a modal form view for creating deductions
 
@@ -601,6 +629,7 @@ def share_view(request: HttpRequest, id: str, token: str):
 
 @login_required
 @default_group_required
+@shared_access_required(EcoAccount, "id")
 def create_share_view(request: HttpRequest, id: str):
     """ Renders sharing form for an eco account
 

konova/tests/test_views.py

@@ -11,7 +11,7 @@ from django.contrib.auth.models import User, Group
 from django.test import TestCase, Client
 from django.urls import reverse
 
-from compensation.models import Compensation, CompensationState, CompensationAction
+from compensation.models import Compensation, CompensationState, CompensationAction, EcoAccount
 from intervention.models import LegalData, ResponsibilityData, Intervention
 from konova.management.commands.setup_data import GROUPS_DATA
 from konova.models import Geometry
@@ -66,6 +66,7 @@ class BaseViewTestCase(BaseTestCase):
     login_url = None
     intervention = None
     compensation = None
+    eco_account = None
     comp_state = None
     comp_action = None
 
@@ -75,6 +76,7 @@ class BaseViewTestCase(BaseTestCase):
         cls.create_groups()
         cls.create_dummy_intervention()
         cls.create_dummy_compensation()
+        cls.create_dummy_eco_account()
         cls.login_url = reverse("simple-sso-login")
 
     def assert_url_success(self, client: Client, urls: list):
@@ -151,10 +153,11 @@ class BaseViewTestCase(BaseTestCase):
             comment="Test",
         )
         cls.intervention.generate_access_token(make_unique=True)
+        return cls.intervention
 
     @classmethod
     def create_dummy_compensation(cls):
-        """ Creates an intervention which can be used for tests
+        """ Creates a compensation which can be used for tests
 
         Returns:
 
@@ -178,6 +181,36 @@ class BaseViewTestCase(BaseTestCase):
             comment="Test",
         )
         cls.intervention.generate_access_token(make_unique=True)
+        return cls.compensation
+
+    @classmethod
+    def create_dummy_eco_account(cls):
+        """ Creates an eco account which can be used for tests
+
+        Returns:
+
+        """
+        # Create dummy data
+        # Create log entry
+        action = UserActionLogEntry.objects.create(
+            user=cls.superuser,
+            action=UserAction.CREATED,
+        )
+        geometry = Geometry.objects.create()
+        # Create responsible data object
+        lega_data = LegalData.objects.create()
+        responsible_data = ResponsibilityData.objects.create()
+        # Finally create main object, holding the other objects
+        cls.eco_account = EcoAccount.objects.create(
+            identifier="TEST",
+            title="Test_title",
+            legal=lega_data,
+            responsible=responsible_data,
+            created=action,
+            geometry=geometry,
+            comment="Test",
+        )
+        return cls.eco_account
 
     @classmethod
     def create_dummy_states(cls):

konova/utils/message_templates.py

@@ -16,4 +16,7 @@ DATA_UNSHARED = _("This data is not shared with you")
 DATA_UNSHARED_EXPLANATION = _("Remember: This data has not been shared with you, yet. This means you can only read but can not edit or perform any actions like running a check or recording.")
 MISSING_GROUP_PERMISSION = _("You need to be part of another user group.")
 
-CHECKED_RECORDED_RESET = _("Status of Checked and Recorded reseted")
+CHECKED_RECORDED_RESET = _("Status of Checked and Recorded reseted")
+
+# ECO ACCOUNT
+CANCEL_ACC_RECORDED_OR_DEDUCTED = _("Action canceled. Eco account is recorded or deductions exist. Only conservation office member can perform this action.")