Remove remaining permissions from the viewer role and update tests ac…

…cordingly

temba/contacts/tests/test_contact.py

@@ -41,7 +41,7 @@ def setUp(self):
 
         # create an deleted contact
         self.jim = self.create_contact(name="Jim")
-        self.jim.release(self.user, deindex=False)
+        self.jim.release(self.admin, deindex=False)
 
         # create contact in other org
         self.other_org_contact = self.create_contact(name="Fred", phone="+250768111222", org=self.org2)
@@ -51,7 +51,7 @@ def test_contact_notes(self):
 
         # create 10 notes
         for i in range(10):
-            self.joe.set_note(self.user, f"{note_text} {i+1}")
+            self.joe.set_note(self.admin, f"{note_text} {i+1}")
 
         notes = self.joe.notes.all().order_by("id")
 
@@ -255,7 +255,7 @@ def test_status_changes_and_release(self, mr_mocks):
         self.assertEqual(set(label.msgs.all()), {msg1, msg2, msg3})
         self.assertEqual(set(static_group.contacts.all()), {self.joe})
 
-        self.joe.stop(self.user)
+        self.joe.stop(self.admin)
 
         # check that joe is now stopped
         self.joe = Contact.objects.get(pk=self.joe.pk)
@@ -274,7 +274,7 @@ def test_status_changes_and_release(self, mr_mocks):
         )
         self.assertEqual(set(static_group.contacts.all()), set())
 
-        self.joe.block(self.user)
+        self.joe.block(self.admin)
 
         # check that joe is now blocked instead of stopped
         self.joe.refresh_from_db()
@@ -337,7 +337,7 @@ def test_status_changes_and_release(self, mr_mocks):
             },
         )
 
-        self.joe.release(self.user)
+        self.joe.release(self.admin)
 
         # check that joe has been released (doesn't change his status)
         self.joe = Contact.objects.get(pk=self.joe.pk)
@@ -371,8 +371,8 @@ def test_status_changes_and_release(self, mr_mocks):
         self.assertEqual(0, ContactURN.objects.filter(contact=self.joe).count())
 
         # blocking and failing an inactive contact won't change groups
-        self.joe.block(self.user)
-        self.joe.stop(self.user)
+        self.joe.block(self.admin)
+        self.joe.stop(self.admin)
 
         self.assertEqual(
             Contact.get_status_counts(self.org),
@@ -783,7 +783,7 @@ def test_contact_model(self, mr_mocks):
 
         contact5 = self.create_contact(name="Jimmy", phone="+250788333555")
         mods = contact5.update_urns(["twitter:jimmy_woot", "tel:0788333666"])
-        contact5.modify(self.user, mods)
+        contact5.modify(self.editor, mods)
 
         # check old phone URN still existing but was detached
         self.assertIsNone(ContactURN.objects.get(identity="tel:+250788333555").contact)

temba/contacts/tests/test_contactcrudl.py

@@ -93,7 +93,7 @@ def test_menu(self):
     def test_create(self, mr_mocks):
         create_url = reverse("contacts.contact_create")
 
-        self.assertRequestDisallowed(create_url, [None, self.agent, self.user])
+        self.assertRequestDisallowed(create_url, [None, self.agent])
         self.assertCreateFetch(create_url, [self.editor, self.admin], form_fields=("name", "phone"))
 
         # simulate validation failing because phone number taken
@@ -137,22 +137,25 @@ def test_create(self, mr_mocks):
 
     @mock_mailroom
     def test_list(self, mr_mocks):
-        self.login(self.user)
         list_url = reverse("contacts.contact_list")
 
+        self.assertRequestDisallowed(list_url, [None, self.agent])
+
         joe = self.create_contact("Joe", phone="123", fields={"age": "20", "home": "Kigali"})
         frank = self.create_contact("Frank", phone="124", fields={"age": "18"})
 
         mr_mocks.contact_search('name != ""', contacts=[])
         self.create_group("No Name", query='name = ""')
 
+        self.login(self.editor)
+
         with self.assertNumQueries(16):
             response = self.client.get(list_url)
 
         self.assertEqual([frank, joe], list(response.context["object_list"]))
         self.assertIsNone(response.context["search_error"])
-        self.assertEqual([], list(response.context["actions"]))
-        self.assertContentMenu(list_url, self.user, ["Export"])
+        self.assertEqual(["block", "archive", "send", "start-flow"], list(response.context["actions"]))
+        self.assertContentMenu(list_url, self.editor, ["New Contact", "New Group", "Export"])
 
         active_contacts = self.org.active_contacts_group
 
@@ -276,8 +279,6 @@ def test_blocked(self, mr_mocks):
         frank.block(self.admin)
         billy.block(self.admin)
 
-        self.login(self.user)
-
         blocked_url = reverse("contacts.contact_blocked")
 
         self.assertRequestDisallowed(blocked_url, [None, self.agent])
@@ -314,14 +315,10 @@ def test_stopped(self, mr_mocks):
         frank.stop(self.admin)
         billy.stop(self.admin)
 
-        self.login(self.user)
-
         stopped_url = reverse("contacts.contact_stopped")
 
         self.assertRequestDisallowed(stopped_url, [None, self.agent])
-        response = self.assertListFetch(
-            stopped_url, [self.user, self.editor, self.admin], context_objects=[billy, frank, joe]
-        )
+        response = self.assertListFetch(stopped_url, [self.editor, self.admin], context_objects=[billy, frank, joe])
         self.assertEqual(["restore", "archive"], list(response.context["actions"]))
         self.assertContentMenu(stopped_url, self.admin, ["Export"])
 
@@ -355,14 +352,10 @@ def test_archived(self, mr_mocks):
         frank.archive(self.admin)
         billy.archive(self.admin)
 
-        self.login(self.user)
-
         archived_url = reverse("contacts.contact_archived")
 
         self.assertRequestDisallowed(archived_url, [None, self.agent])
-        response = self.assertListFetch(
-            archived_url, [self.user, self.editor, self.admin], context_objects=[billy, frank, joe]
-        )
+        response = self.assertListFetch(archived_url, [self.editor, self.admin], context_objects=[billy, frank, joe])
         self.assertEqual(["restore", "delete"], list(response.context["actions"]))
         self.assertContentMenu(archived_url, self.admin, ["Export", "Delete All"])
 
@@ -397,7 +390,7 @@ def test_archived(self, mr_mocks):
         # for larger numbers of contacts, a background task is used
         for c in range(6):
             contact = self.create_contact(f"Bob{c}", urns=[f"twitter:bob{c}"])
-            contact.archive(self.user)
+            contact.archive(self.admin)
 
         response = self.client.get(archived_url)
         self.assertEqual(6, len(response.context["object_list"]))
@@ -427,7 +420,7 @@ def test_group(self, mr_mocks):
         open_tickets_url = reverse("contacts.contact_group", args=[open_tickets.uuid])
 
         self.assertRequestDisallowed(group1_url, [None, self.agent, self.admin2])
-        response = self.assertReadFetch(group1_url, [self.user, self.editor, self.admin])
+        response = self.assertReadFetch(group1_url, [self.editor, self.admin])
 
         self.assertEqual([frank, joe], list(response.context["object_list"]))
         self.assertEqual(["block", "unlabel", "send", "start-flow"], list(response.context["actions"]))
@@ -475,20 +468,13 @@ def test_read(self, mr_mocks):
 
         self.assertRequestDisallowed(read_url, [None, self.agent])
 
-        self.assertContentMenu(read_url, self.user, [])
         self.assertContentMenu(read_url, self.editor, ["Edit", "Start Flow", "Open Ticket"])
         self.assertContentMenu(read_url, self.admin, ["Edit", "Start Flow", "Open Ticket"])
 
         # if there's an open ticket already, don't show open ticket option
         self.create_ticket(joe)
         self.assertContentMenu(read_url, self.editor, ["Edit", "Start Flow"])
 
-        # login as viewer
-        self.login(self.user)
-
-        response = self.client.get(read_url)
-        self.assertContains(response, "Joe")
-
         # login as admin
         self.login(self.admin)
 
@@ -534,7 +520,7 @@ def test_history(self):
 
         history_url = reverse("contacts.contact_history", args=[joe.uuid])
 
-        self.create_broadcast(self.user, {"eng": {"text": "A beautiful broadcast"}}, contacts=[joe])
+        self.create_broadcast(self.editor, {"eng": {"text": "A beautiful broadcast"}}, contacts=[joe])
         self.create_campaign(joe)
 
         # add a message with some attachments
@@ -685,7 +671,7 @@ def assertHistoryEvent(events, index, expected_type, **kwargs):
         assertHistoryEvent(history, 9, "flow_entered", flow__name="Colors")
         assertHistoryEvent(history, 10, "msg_received", msg__text="Message caption")
         assertHistoryEvent(
-            history, 11, "msg_created", msg__text="A beautiful broadcast", created_by__email="viewer@textit.com"
+            history, 11, "msg_created", msg__text="A beautiful broadcast", created_by__email="editor@textit.com"
         )
         assertHistoryEvent(history, 12, "campaign_fired", campaign__name="Planting Reminders")
         assertHistoryEvent(history, -1, "msg_received", msg__text="Inbound message 11")
@@ -835,7 +821,7 @@ def test_history_session_events(self):
             .save()
         )
 
-        self.login(self.user)
+        self.login(self.editor)
 
         response = self.client.get(history_url)
         self.assertEqual(200, response.status_code)
@@ -874,7 +860,7 @@ def test_update(self, mr_mocks):
 
         update_url = reverse("contacts.contact_update", args=[contact.id])
 
-        self.assertRequestDisallowed(update_url, [None, self.user, self.agent, self.admin2])
+        self.assertRequestDisallowed(update_url, [None, self.agent, self.admin2])
         self.assertUpdateFetch(
             update_url,
             [self.editor, self.admin],
@@ -1135,7 +1121,7 @@ def test_scheduled(self):
         schedule_url = reverse("contacts.contact_scheduled", args=[contact1.uuid])
 
         self.assertRequestDisallowed(schedule_url, [None, self.agent, self.admin2])
-        response = self.assertReadFetch(schedule_url, [self.user, self.editor, self.admin])
+        response = self.assertReadFetch(schedule_url, [self.editor, self.admin])
         self.assertEqual({"results": []}, response.json())
 
         # create a campaign and event fires for this contact
@@ -1242,7 +1228,7 @@ def test_open_ticket(self, mr_mocks):
         general = self.org.default_ticket_topic
         open_url = reverse("contacts.contact_open_ticket", args=[contact.id])
 
-        self.assertRequestDisallowed(open_url, [None, self.user, self.agent, self.admin2])
+        self.assertRequestDisallowed(open_url, [None, self.agent, self.admin2])
         self.assertUpdateFetch(open_url, [self.editor, self.admin], form_fields=("topic", "assignee", "note"))
 
         # can submit with no assignee
@@ -1281,14 +1267,9 @@ def test_interrupt(self, mr_mocks):
         response = self.client.post(interrupt_url)
         self.assertLoginRedirect(response)
 
-        self.login(self.user)
-
-        # can't interrupt if just regular user
-        response = self.client.post(interrupt_url)
-        self.assertLoginRedirect(response)
-
-        self.login(self.admin)
+        self.login(self.agent)
 
+        # can interrupt if agent
         response = self.client.post(interrupt_url)
         self.assertEqual(302, response.status_code)
 
@@ -1315,9 +1296,9 @@ def test_delete(self, mr_mocks):
         response = self.client.post(delete_url, {"id": contact.id})
         self.assertLoginRedirect(response)
 
-        self.login(self.user)
+        self.login(self.agent)
 
-        # can't delete if just regular user
+        # can't delete if just agent
         response = self.client.post(delete_url, {"id": contact.id})
         self.assertLoginRedirect(response)
 
@@ -1350,7 +1331,7 @@ def test_start(self, mr_mocks):
         contact = self.create_contact("Joe", phone="+593979000111")
         start_url = f"{reverse('flows.flow_start', args=[])}?flow={sample_flows[0].id}&c={contact.uuid}"
 
-        self.assertRequestDisallowed(start_url, [None, self.user, self.agent])
+        self.assertRequestDisallowed(start_url, [None, self.agent])
         response = self.assertUpdateFetch(start_url, [self.editor, self.admin], form_fields=["flow", "contact_search"])
 
         self.assertEqual([background_flow] + sample_flows, list(response.context["form"].fields["flow"].queryset))

temba/contacts/tests/test_fieldcrudl.py

@@ -23,7 +23,7 @@ def setUp(self):
     def test_create(self):
         create_url = reverse("contacts.contactfield_create")
 
-        self.assertRequestDisallowed(create_url, [None, self.user, self.agent])
+        self.assertRequestDisallowed(create_url, [None, self.agent])
 
         # for a deploy that doesn't have locations feature, don't show location field types
         with override_settings(FEATURES={}):
@@ -117,7 +117,7 @@ def test_create(self):
     def test_update(self):
         update_url = reverse("contacts.contactfield_update", args=[self.age.key])
 
-        self.assertRequestDisallowed(update_url, [None, self.user, self.agent, self.admin2])
+        self.assertRequestDisallowed(update_url, [None, self.agent, self.admin2])
 
         # for a deploy that doesn't have locations feature, don't show location field types
         with override_settings(FEATURES={}):
@@ -237,10 +237,8 @@ def test_list(self):
         list_url = reverse("contacts.contactfield_list")
 
         self.assertRequestDisallowed(list_url, [None, self.agent])
-        self.assertListFetch(
-            list_url, [self.user, self.editor, self.admin], context_objects=[self.age, self.gender, self.state]
-        )
-        self.assertContentMenu(list_url, self.user, [])
+        self.assertListFetch(list_url, [self.editor, self.admin], context_objects=[self.age, self.gender, self.state])
+        self.assertContentMenu(list_url, self.editor, ["New"])
         self.assertContentMenu(list_url, self.admin, ["New"])
 
     def test_create_warnings(self):
@@ -300,7 +298,7 @@ def test_usages(self, mr_mocks):
         usages_url = reverse("contacts.contactfield_usages", args=[field.key])
 
         self.assertRequestDisallowed(usages_url, [None, self.agent, self.admin2])
-        response = self.assertReadFetch(usages_url, [self.user, self.editor, self.admin], context_object=field)
+        response = self.assertReadFetch(usages_url, [self.editor, self.admin], context_object=field)
 
         self.assertEqual(
             {"flow": [flow], "group": [group], "campaign_event": [event1]},
@@ -326,7 +324,7 @@ def test_delete(self):
         delete_joined_url = reverse("contacts.contactfield_delete", args=[joined_on.key])
         delete_age_url = reverse("contacts.contactfield_delete", args=[self.age.key])
 
-        self.assertRequestDisallowed(delete_gender_url, [None, self.user, self.agent, self.admin2])
+        self.assertRequestDisallowed(delete_gender_url, [None, self.agent, self.admin2])
 
         # a field with no dependents can be deleted
         response = self.assertDeleteFetch(delete_gender_url, [self.editor, self.admin])

temba/contacts/tests/test_group.py

@@ -85,15 +85,15 @@ def test_create_smart(self, mr_mocks):
             group.update_query("age = 18")
 
     def test_get_or_create(self):
-        group = ContactGroup.get_or_create(self.org, self.user, "first")
+        group = ContactGroup.get_or_create(self.org, self.editor, "first")
         self.assertEqual(group.name, "first")
         self.assertFalse(group.is_smart)
 
         # name look up is case insensitive
-        self.assertEqual(ContactGroup.get_or_create(self.org, self.user, "FIRST"), group)
+        self.assertEqual(ContactGroup.get_or_create(self.org, self.editor, "FIRST"), group)
 
         # fetching by id shouldn't modify original group
-        self.assertEqual(ContactGroup.get_or_create(self.org, self.user, "Kigali", uuid=group.uuid), group)
+        self.assertEqual(ContactGroup.get_or_create(self.org, self.editor, "Kigali", uuid=group.uuid), group)
 
         group.refresh_from_db()
         self.assertEqual(group.name, "first")
@@ -148,14 +148,14 @@ def test_member_count(self, mr_mocks):
         self.assertEqual(ContactGroup.objects.get(pk=group.pk).get_member_count(), 2)
 
         # blocking a contact removes them from all user groups
-        self.joe.block(self.user)
+        self.joe.block(self.editor)
 
         group = ContactGroup.objects.get(pk=group.pk)
         self.assertEqual(group.get_member_count(), 1)
         self.assertEqual(set(group.contacts.all()), {self.frank})
 
         # releasing removes from all user groups
-        self.frank.release(self.user)
+        self.frank.release(self.editor)
 
         group = ContactGroup.objects.get(pk=group.pk)
         self.assertEqual(group.get_member_count(), 0)
@@ -196,11 +196,11 @@ def test_status_group_counts(self, mr_mocks):
         )
 
         # call methods twice to check counts don't change twice
-        murdock.block(self.user)
-        murdock.block(self.user)
-        face.block(self.user)
-        ba.stop(self.user)
-        ba.stop(self.user)
+        murdock.block(self.editor)
+        murdock.block(self.editor)
+        face.block(self.editor)
+        ba.stop(self.editor)
+        ba.stop(self.editor)
 
         counts = Contact.get_status_counts(self.org)
         self.assertEqual(
@@ -217,12 +217,12 @@ def test_status_group_counts(self, mr_mocks):
         squash_group_counts()
         self.assertEqual(ContactGroupCount.objects.all().count(), 3)
 
-        murdock.release(self.user)
-        murdock.release(self.user)
-        face.restore(self.user)
-        face.restore(self.user)
-        ba.restore(self.user)
-        ba.restore(self.user)
+        murdock.release(self.editor)
+        murdock.release(self.editor)
+        face.restore(self.editor)
+        face.restore(self.editor)
+        ba.restore(self.editor)
+        ba.restore(self.editor)
 
         # squash again, this time we discard zero counts
         squash_group_counts()