Merge pull request 'Added tests for the dashboard events filter' (#144) from filter-admin-dashboard-tests into release

Reviewed-on: https://gitea.pangea.org/trustchain-oc1-orchestral/IdHub/pulls/144

idhub/tests/test_views.py

@@ -1,7 +1,8 @@
-from django.urls import reverse
 from django.test import TestCase, RequestFactory
+from django.urls import reverse
 
 from idhub_auth.models import User
+from idhub.models import Event
 from idhub.admin.views import PeopleListView
 
 
@@ -59,6 +60,41 @@ class AdminDashboardViewTest(TestCase):
 
         self.assertTemplateUsed(response, 'idhub/admin/dashboard.html')
 
+    def test_admin_event_filtering(self):
+        # Create a test admin user
+        admin_user = User.objects.create_superuser(email='admin@example.org', password='test')
+        admin_user.accept_gdpr = True
+        admin_user.save()
+        self.client.login(email='admin@example.org', password='test')
+
+        # Create test events, including some that should not be visible to admins
+        Event.objects.create(type=Event.Types.EV_USR_REGISTERED, message="User registered")
+        Event.objects.create(type=Event.Types.EV_USR_WELCOME, message="User welcomed")  # Should not appear
+
+        # Fetch the dashboard view
+        response = self.client.get('/admin/dashboard/')
+        events = response.context['event_list']
+
+        # Check that only admin-visible events are included
+        self.assertIn(Event.Types.EV_USR_REGISTERED, [event.type for event in events])
+        self.assertNotIn(Event.Types.EV_USR_WELCOME, [event.type for event in events])
+
+    def test_access_control_redirects_when_normal_user(self):
+        # Attempt to access the dashboard as a non-admin user
+        regular_user = User.objects.create_user(email='user', password='test')
+        self.client.login(email='user@example.org', password='test')
+        response = self.client.get('/admin/dashboard/')
+        self.assertEqual(response.status_code, 302)  # Or 403 if not redirected
+
+    def test_access_control_accepted_when_admin(self):
+        # Access as an admin
+        admin_user = User.objects.create_superuser(email='admin@example.org', password='test')
+        admin_user.accept_gdpr=True
+        admin_user.save()
+        self.client.login(email='admin@example.org', password='test')
+        response = self.client.get('/admin/dashboard/')
+        self.assertEqual(response.status_code, 200)
+
 
 class PeopleListViewTest(TestCase):
 
@@ -104,3 +140,67 @@ class PeopleListViewTest(TestCase):
 
         # Assuming 2 users in the database
         self.assertEqual(queryset.count(), 2)
+
+
+class UserDashboardViewTests(TestCase):
+    def setUp(self):
+        # Create test users
+        self.admin_user = User.objects.create_superuser('admin@example.org', 'password')
+        self.admin_user.accept_gdpr=True
+        self.admin_user.save()
+        self.regular_user = User.objects.create_user('regular@example.org', 'password')
+        self.regular_user.accept_gdpr=True
+        self.regular_user.save()
+        
+        # Create events visible to users
+        self.visible_events_types = [
+            Event.Types.EV_USR_WELCOME,
+            Event.Types.EV_USR_UPDATED,
+            Event.Types.EV_DID_CREATED,
+            Event.Types.EV_DID_DELETED,
+            Event.Types.EV_CREDENTIAL_DELETED,
+            Event.Types.EV_CREDENTIAL_ISSUED,
+            Event.Types.EV_CREDENTIAL_PRESENTED,
+            Event.Types.EV_CREDENTIAL_CAN_BE_REQUESTED,
+            Event.Types.EV_CREDENTIAL_REVOKED,
+        ]
+        
+        # Create events for both users
+        for event_type in self.visible_events_types:
+            Event.objects.create(type=event_type, message=f"Test event for {event_type.label}", user=self.regular_user)
+        
+        # Create an event that should not be visible to a regular user
+        Event.objects.create(type=Event.Types.EV_USR_REGISTERED, message="Admin only event", user=self.regular_user)
+
+    def test_events_visibility_for_regular_user(self):
+        self.client.login(email='regular@example.org', password='password')
+        response = self.client.get(reverse('idhub:user_dashboard'))
+        # Ensure the response contains only the events that should be visible
+        for event in Event.objects.filter(user=self.regular_user, type__in=self.visible_events_types):
+            self.assertContains(response, event.message)
+        # Ensure the response does not contain the admin only event
+        self.assertNotContains(response, "Admin only event")
+
+    def test_no_events_for_regular_user(self):
+        # Delete all events for the setup user
+        Event.objects.filter(user=self.regular_user).delete()
+        self.client.login(email='regular@example.org', password='password')
+        response = self.client.get(reverse('idhub:user_dashboard'))
+        # Verify that the response indicates no events are available
+        self.assertContains(response, "No events available")  # Adjust based on your actual no-events message
+
+    def test_events_visibility_for_new_user(self):
+        # Create a new user who has no events
+        new_user = User.objects.create_user('new@example.org', 'password')
+        new_user.accept_gdpr = True
+        new_user.save()
+        self.client.login(email='new@example.org', password='password')
+        response = self.client.get(reverse('idhub:user_dashboard'))
+        # Verify that the response correctly indicates no events for the new user
+        self.assertContains(response, "No events available")  # Adjust based on your actual no-events message
+
+    def test_unauthorized_access(self):
+        # Attempt to access the dashboard without logging in
+        response = self.client.get(reverse('idhub:user_dashboard'), follow=True)
+        # Ensure the response redirects to the login page
+        self.assertTemplateUsed(response, 'auth/login.html')