Improve cascade robustness#150
Merged
dwilding merged 9 commits intocanonical:next-releasefrom Apr 26, 2026
Merged
Conversation
This allows tests in environments that haven't loaded OIDC to continue running. See https://docs.pytest.org/en/latest/reference/fixtures.html#conftest-py-sharing-fixtures-across-multiple-files for notes on shared fixtures.
Updated: test_toggle_condition_url_patterns (Simplified, and now only checks the reversed route, rather than the string) New checks for user permissions: * test_action_toggle_commitment_denies_user_without_permission * test_action_toggle_condition_denies_user_without_permission * test_action_select_reason_denies_user_without_permission New checks for HTTP methods: * test_action_toggle_commitment_rejects_non_put_method * test_action_toggle_condition_rejects_non_put_method * test_action_select_reason_rejects_non_put_method New checks for expected results: new: test_action_toggle_commitment_allows_authorized_put_and_updates_commitment new: test_action_toggle_condition_allows_authorized_put_and_updates_status new: test_action_select_reason_allows_authorized_put_and_sets_reason I used Copilot to help create these tests.
This fixes an auth issue. It was possible to POST a
change to a project, without even being authenticated.
The only safeguard was the user interface, that didn't
offer make it possible.
This adds @permission_required("projects.change_project")
to the view, and some tests.
* added a fixture for a user with permission to change a project
* added a test: do we reject changes from unauthenticated users?
* added a test: do we reject changes from unauthorised users?
* added a test: do we allow and save changes from users with the right permissions?
I used Copilot to uncover the issue and help create the tests.
If a new Level and Condition are added, these do not cascade to relationships with Commitments.
Fixes a failing test for Commitments that don't get created properly.
dwilding
approved these changes
Apr 26, 2026
Collaborator
dwilding
left a comment
dwilding
left a comment
There was a problem hiding this comment.
Great, thanks! I verified that the new test fails without the fix to framework/models.py.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Based on #148, merge after merging that.
Test and fix for an issue: when adding a new condition/level, it would not be acquired by existing projects; in particular, the relation to commitments was missing.