From b50f14fd3b57fcd3fd77090f0cba329174fbfaee Mon Sep 17 00:00:00 2001
From: zandercymatics <141044360+zandercymatics@users.noreply.github.com>
Date: Wed, 1 May 2024 08:40:55 -0600
Subject: [PATCH] Unit tests

---
 src/registrar/tests/test_feature_flags.py | 128 +++++++++++++++++-----
 1 file changed, 100 insertions(+), 28 deletions(-)

diff --git a/src/registrar/tests/test_feature_flags.py b/src/registrar/tests/test_feature_flags.py
index ef0a1daf5..c24a07ee8 100644
--- a/src/registrar/tests/test_feature_flags.py
+++ b/src/registrar/tests/test_feature_flags.py
@@ -4,7 +4,8 @@ from django.test import TestCase, Client, RequestFactory
 from registrar.models import (
     WaffleFlag,
     User,
-    Contact
+    Contact,
+    UserGroup,
 )
 from registrar.tests.common import create_superuser, create_staffuser, create_user
 
@@ -23,6 +24,24 @@ class TestFeatureFlags(TestCase):
         User.objects.all().delete()
         Contact.objects.all().delete()
 
+    def assert_flag_active(self, request_user, flag_name, location="/"):
+        """
+        Checks if the given `request_user` has `flag_name` active
+        using waffles `flag_is_active` function.
+        """
+        request = self.factory.get(location)
+        request.user = request_user
+        self.assertTrue(flag_is_active(request, flag_name))
+    
+    def assert_flag_not_active(self, request_user, flag_name, location="/"):
+        """
+        Checks if the given `request_user` has `flag_name` not active
+        using waffles `flag_is_active` function.
+        """
+        request = self.factory.get(location)
+        request.user = request_user
+        self.assertFalse(flag_is_active(request, flag_name))
+
     def test_flag_active_for_superuser(self):
         """
         Tests flag_is_active for a flag with `superuser = True`
@@ -33,57 +52,110 @@ class TestFeatureFlags(TestCase):
             staff=False,
         )
         # Test if superusers can access this flag
-        request = self.factory.get("/")
-        request.user = self.superuser
-        self.assertTrue(flag_is_active(request, flag.name))
+        self.assert_flag_active(request_user=self.superuser, flag_name=flag.name)
 
         # Ensure that regular staff cannot access this flag
-        request_staff = self.factory.get("/")
-        request_staff.user = self.staffuser
-        self.assertFalse(flag_is_active(request_staff, flag.name))
+        self.assert_flag_not_active(request_user=self.staffuser, flag_name=flag.name)
 
         # Ensure that a normal user also can't access this flag
-        request_normal = self.factory.get("/")
-        request_normal.user = self.user
-        self.assertFalse(flag_is_active(request_normal, flag.name))
+        self.assert_flag_not_active(request_user=self.user, flag_name=flag.name)
     
-    @skip("not implemented yet")
     def test_flag_active_for_is_staff(self):
         """
         Tests flag_is_active for a flag with `is_staff = True`
         """
-        # Test if staff can access this flag
-        # Ensure that superusers cannot
-        raise
-    
-    @skip("not implemented yet")
+        # We should actually expect superusers
+        # to not see this feature - otherwise the two distinct booleans aren't useful.
+        # In practice, we would usually use groups for toggling features.
+        flag, _ = WaffleFlag.objects.get_or_create(
+            name="test_superuser_flag",
+            superusers=False,
+            staff=True,
+        )
+
+        # Ensure that regular staff can access this flag
+        self.assert_flag_active(request_user=self.staffuser, flag_name=flag.name)
+
+        # Ensure that superusers cannot access this flag
+        self.assert_flag_not_active(request_user=self.superuser, flag_name=flag.name)
+
+        # Ensure that a normal user also can't access this flag
+        self.assert_flag_not_active(request_user=self.user, flag_name=flag.name)
+
     def test_flag_active_for_everyone(self):
         """
         Tests flag_is_active for a flag with `everyone = True`
         """
-        # Test if superuser, analyst, and a normal user can access
-        raise
-    
-    @skip("not implemented yet")
+        flag, _ = WaffleFlag.objects.get_or_create(
+            name="test_superuser_flag",
+            everyone=True,
+        )
+
+        # Ensure that regular staff can access this flag
+        self.assert_flag_active(request_user=self.staffuser, flag_name=flag.name)
+
+        # Ensure that superusers can access this flag
+        self.assert_flag_active(request_user=self.superuser, flag_name=flag.name)
+
+        # Ensure that normal users can access this flag
+        self.assert_flag_active(request_user=self.user, flag_name=flag.name)
+
     def test_flag_active_for_everyone_is_false(self):
         """
         Tests flag_is_active for a flag with `everyone = False`
         """
-        # Test if no user type can access
-        raise
+        flag, _ = WaffleFlag.objects.get_or_create(
+            name="test_superuser_flag",
+            everyone=False,
+        )
+
+        # Ensure that regular staff cannot access this flag
+        self.assert_flag_not_active(request_user=self.staffuser, flag_name=flag.name)
+
+        # Ensure that superusers cannot access this flag
+        self.assert_flag_not_active(request_user=self.superuser, flag_name=flag.name)
+
+        # Ensure that normal users cannot access this flag
+        self.assert_flag_not_active(request_user=self.user, flag_name=flag.name)
 
-    @skip("not implemented yet")
     def test_admin_group(self):
         """
         Tests flag_is_active for the admin user group
         """
-        # Test if no user type can access
-        raise
+        flag, _ = WaffleFlag.objects.get_or_create(
+            name="test_superuser_flag",
+        )
+
+        # Add the full access group to this flag
+        group, _ = UserGroup.objects.get_or_create(name="full_access_group")
+        flag.groups.set([group])
+
+        # Ensure that regular staff cannot access this flag
+        self.assert_flag_not_active(request_user=self.staffuser, flag_name=flag.name)
+
+        # Ensure that superusers can access this flag
+        self.assert_flag_active(request_user=self.superuser, flag_name=flag.name)
+
+        # Ensure that normal users cannot access this flag
+        self.assert_flag_not_active(request_user=self.user, flag_name=flag.name)
 
-    @skip("not implemented yet")
     def test_staff_group(self):
         """
         Tests flag_is_active for the staff user group
         """
-        # Test if no user type can access
-        raise
\ No newline at end of file
+        flag, _ = WaffleFlag.objects.get_or_create(
+            name="test_superuser_flag",
+        )
+
+        # Add the analyst group to this flag
+        analyst_group, _ = UserGroup.objects.get_or_create(name="cisa_analysts_group")
+        flag.groups.set([analyst_group])
+
+        # Ensure that regular staff can access this flag
+        self.assert_flag_active(request_user=self.staffuser, flag_name=flag.name)
+
+        # Ensure that superusers cannot access this flag
+        self.assert_flag_not_active(request_user=self.superuser, flag_name=flag.name)
+
+        # Ensure that normal users cannot access this flag
+        self.assert_flag_not_active(request_user=self.user, flag_name=flag.name)
\ No newline at end of file