test(add_check): add more tests for add check

- test that team access works when adding a new check for users who are on the same team - test that users who are not on the same team cannot see each other's checks
andela · Sep 5, 2017 · ec71396 · ec71396
1 parent 5b528c6
commit ec71396
Showing 1 changed file with 60 additions and 5 deletions.
diff --git a/hc/front/tests/test_add_check.py b/hc/front/tests/test_add_check.py
@@ -1,4 +1,4 @@
-from hc.api.models import Check
+from hc.api.models import Check, Channel
 from hc.test import BaseTestCase
 
 
@@ -11,10 +11,65 @@ def test_it_works(self):
         self.assertRedirects(r, "/checks/")
         assert Check.objects.count() == 1
 
-    ### Test that team access works
     def test_team_access_works(self):
+        """
+        Test that team access works
+        This method tests if a check added by a user (bob) is accessed by another user (alice) who is on the same team
+        :return:
+        """
+
+        # url to add a check
         url = "/checks/add/"
+
+        # login bob and post the check to be added
         self.client.login(username="bob@example.org", password="password")
-        r = self.client.post(url)
-        self.assertRedirects(r, "/checks/")
-        assert Check.objects.count() == 1
+        self.client.post(url)
+
+        # assert that the check was added
+        assert Check.objects.count() == 1
+
+        # retrieve the recently created check
+        check = Check.objects.get()
+
+        # url to the log of the recently added check
+        url_check_log = "/checks/%s/log/" % check.code
+
+        # Logging in as Alice, not Bob. Alice has team access so this
+        # should work and he should access Bob's logs
+        self.client.login(username="alice@example.org", password="password")
+        r = self.client.get(url_check_log)
+
+        # assert that Alice successfully sees Bob's check's logs
+        self.assertEqual(r.status_code, 200)
+
+    def test_team_access_doesnt_work_for_non_teams(self):
+        """
+        Test that team access doesn't work on users who do not belong to the same team
+        This method tests if a check added by a user (bob) is not accessed by another user (charlie) who is not
+        on the same team
+        :return:
+        """
+
+        # url to add a check
+        url = "/checks/add/"
+
+        # login bob and post the check to be added
+        self.client.login(username="bob@example.org", password="password")
+        self.client.post(url)
+
+        # assert that the check was added
+        assert Check.objects.count() == 1
+
+        # retrieve the recently created check
+        check = Check.objects.get()
+
+        # url to the log of the recently added check
+        url_check_log = "/checks/%s/log/" % check.code
+
+        # Logging in as Charlie, not Bob. Charlie has no team access so this
+        # should not work and he should never access Bob's logs
+        self.client.login(username="charlie@example.org", password="password")
+        r = self.client.get(url_check_log)
+
+        # assert that Charlie gets a 403 when he tries to see Bob's check's logs
+        self.assertEqual(r.status_code, 403)