arthexis 0.1.8__py3-none-any.whl → 0.1.10__py3-none-any.whl

core/tests.py

@@ -2,42 +2,59 @@ import os
 
 os.environ.setdefault("DJANGO_SETTINGS_MODULE", "config.settings")
 import django
+
 django.setup()
 
-from django.test import Client, TestCase, RequestFactory
+from django.test import Client, TestCase, RequestFactory, override_settings
 from django.urls import reverse
 from django.http import HttpRequest
 import json
+from decimal import Decimal
 from unittest import mock
+from unittest.mock import patch
 from pathlib import Path
 import subprocess
+from glob import glob
+from datetime import timedelta
+import tempfile
+from urllib.parse import quote
 
 from django.utils import timezone
+from django.contrib.auth.models import Permission
+from django.contrib.messages import get_messages
 from .models import (
     User,
+    UserPhoneNumber,
     EnergyAccount,
     ElectricVehicle,
     EnergyCredit,
-    Address,
     Product,
-    Subscription,
     Brand,
     EVModel,
     RFID,
-    FediverseProfile,
     SecurityGroup,
     Package,
     PackageRelease,
+    ReleaseManager,
+    Todo,
+    PublicWifiAccess,
 )
 from django.contrib.admin.sites import AdminSite
-from core.admin import PackageReleaseAdmin, PackageAdmin
+from core.admin import (
+    PackageReleaseAdmin,
+    PackageAdmin,
+    UserAdmin,
+    USER_PROFILE_INLINES,
+)
 from ocpp.models import Transaction, Charger
 
 from django.core.exceptions import ValidationError
 from django.core.management import call_command
 from django.db import IntegrityError
 from .backends import LocalhostAdminBackend
-from core.views import _step_check_pypi, _step_promote_build, _step_publish
+from core.views import _step_check_version, _step_promote_build, _step_publish
+from core import views as core_views
+from core import public_wifi
 
 
 class DefaultAdminTests(TestCase):
@@ -78,6 +95,205 @@ class DefaultAdminTests(TestCase):
         )
 
 
+class UserOperateAsTests(TestCase):
+    @classmethod
+    def setUpTestData(cls):
+        cls.permission = Permission.objects.get(codename="view_todo")
+
+    def test_staff_user_delegates_permissions(self):
+        delegate = User.objects.create_user(username="delegate", password="secret")
+        delegate.user_permissions.add(self.permission)
+        operator = User.objects.create_user(
+            username="operator", password="secret", is_staff=True
+        )
+        self.assertFalse(operator.has_perm("core.view_todo"))
+        operator.operate_as = delegate
+        operator.full_clean()
+        operator.save()
+        operator.refresh_from_db()
+        self.assertTrue(operator.has_perm("core.view_todo"))
+
+    def test_only_staff_may_operate_as(self):
+        delegate = User.objects.create_user(username="delegate", password="secret")
+        operator = User.objects.create_user(username="operator", password="secret")
+        operator.operate_as = delegate
+        with self.assertRaises(ValidationError):
+            operator.full_clean()
+
+    def test_non_superuser_cannot_operate_as_staff(self):
+        staff_delegate = User.objects.create_user(
+            username="delegate", password="secret", is_staff=True
+        )
+        operator = User.objects.create_user(
+            username="operator", password="secret", is_staff=True
+        )
+        operator.operate_as = staff_delegate
+        with self.assertRaises(ValidationError):
+            operator.full_clean()
+
+    def test_recursive_chain_and_cycle_detection(self):
+        base = User.objects.create_user(username="base", password="secret")
+        base.user_permissions.add(self.permission)
+        middle = User.objects.create_user(
+            username="middle", password="secret", is_staff=True
+        )
+        middle.operate_as = base
+        middle.full_clean()
+        middle.save()
+        top = User.objects.create_superuser(
+            username="top", email="top@example.com", password="secret"
+        )
+        top.operate_as = middle
+        top.full_clean()
+        top.save()
+        top.refresh_from_db()
+        self.assertTrue(top.has_perm("core.view_todo"))
+
+        first = User.objects.create_superuser(
+            username="first", email="first@example.com", password="secret"
+        )
+        second = User.objects.create_superuser(
+            username="second", email="second@example.com", password="secret"
+        )
+        first.operate_as = second
+        first.full_clean()
+        first.save()
+        second.operate_as = first
+        second.full_clean()
+        second.save()
+        self.assertFalse(first._check_operate_as_chain(lambda user: False))
+
+    def test_module_permissions_fall_back(self):
+        delegate = User.objects.create_user(username="helper", password="secret")
+        delegate.user_permissions.add(self.permission)
+        operator = User.objects.create_user(
+            username="mod", password="secret", is_staff=True
+        )
+        operator.operate_as = delegate
+        operator.full_clean()
+        operator.save()
+        self.assertTrue(operator.has_module_perms("core"))
+
+    def test_has_profile_via_delegate(self):
+        delegate = User.objects.create_user(
+            username="delegate", password="secret", is_staff=True
+        )
+        ReleaseManager.objects.create(user=delegate)
+        operator = User.objects.create_superuser(
+            username="operator",
+            email="operator@example.com",
+            password="secret",
+        )
+        operator.operate_as = delegate
+        operator.full_clean()
+        operator.save()
+        profile = operator.get_profile(ReleaseManager)
+        self.assertIsNotNone(profile)
+        self.assertEqual(profile.user, delegate)
+        self.assertTrue(operator.has_profile(ReleaseManager))
+
+    def test_has_profile_via_group_membership(self):
+        member = User.objects.create_user(username="member", password="secret")
+        group = SecurityGroup.objects.create(name="Managers")
+        group.user_set.add(member)
+        profile = ReleaseManager.objects.create(group=group)
+        self.assertEqual(member.get_profile(ReleaseManager), profile)
+        self.assertTrue(member.has_profile(ReleaseManager))
+
+    def test_release_manager_property_uses_delegate_profile(self):
+        delegate = User.objects.create_user(
+            username="delegate-property", password="secret", is_staff=True
+        )
+        profile = ReleaseManager.objects.create(user=delegate)
+        operator = User.objects.create_superuser(
+            username="operator-property",
+            email="operator-property@example.com",
+            password="secret",
+        )
+        operator.operate_as = delegate
+        operator.full_clean()
+        operator.save()
+        self.assertEqual(operator.release_manager, profile)
+
+
+class UserPhoneNumberTests(TestCase):
+    def test_get_phone_numbers_by_priority(self):
+        user = User.objects.create_user(username="phone-user", password="secret")
+        later = UserPhoneNumber.objects.create(
+            user=user, number="+15555550101", priority=10
+        )
+        earlier = UserPhoneNumber.objects.create(
+            user=user, number="+15555550100", priority=1
+        )
+        immediate = UserPhoneNumber.objects.create(
+            user=user, number="+15555550099", priority=0
+        )
+
+        phones = user.get_phones_by_priority()
+        self.assertEqual(phones, [immediate, earlier, later])
+
+    def test_get_phone_numbers_by_priority_orders_by_id_when_equal(self):
+        user = User.objects.create_user(username="phone-order", password="secret")
+        first = UserPhoneNumber.objects.create(
+            user=user, number="+19995550000", priority=0
+        )
+        second = UserPhoneNumber.objects.create(
+            user=user, number="+19995550001", priority=0
+        )
+
+        phones = user.get_phones_by_priority()
+        self.assertEqual(phones, [first, second])
+
+    def test_get_phone_numbers_by_priority_alias(self):
+        user = User.objects.create_user(username="phone-alias", password="secret")
+        phone = UserPhoneNumber.objects.create(
+            user=user, number="+14445550000", priority=3
+        )
+
+        self.assertEqual(user.get_phone_numbers_by_priority(), [phone])
+
+
+class ProfileValidationTests(TestCase):
+    def test_system_user_cannot_receive_profiles(self):
+        system_user = User.objects.get(username=User.SYSTEM_USERNAME)
+        profile = ReleaseManager(user=system_user)
+        with self.assertRaises(ValidationError) as exc:
+            profile.full_clean()
+        self.assertIn("user", exc.exception.error_dict)
+
+
+class UserAdminInlineTests(TestCase):
+    def setUp(self):
+        self.site = AdminSite()
+        self.factory = RequestFactory()
+        self.admin = UserAdmin(User, self.site)
+        self.system_user = User.objects.get(username=User.SYSTEM_USERNAME)
+        self.superuser = User.objects.create_superuser(
+            username="inline-super",
+            email="inline-super@example.com",
+            password="secret",
+        )
+
+    def test_profile_inlines_hidden_for_system_user(self):
+        request = self.factory.get("/")
+        request.user = self.superuser
+        system_inlines = self.admin.get_inline_instances(request, self.system_user)
+        system_profiles = [
+            inline
+            for inline in system_inlines
+            if inline.__class__ in USER_PROFILE_INLINES
+        ]
+        self.assertFalse(system_profiles)
+
+        other_inlines = self.admin.get_inline_instances(request, self.superuser)
+        other_profiles = [
+            inline
+            for inline in other_inlines
+            if inline.__class__ in USER_PROFILE_INLINES
+        ]
+        self.assertEqual(len(other_profiles), len(USER_PROFILE_INLINES))
+
+
 class RFIDLoginTests(TestCase):
     def setUp(self):
         self.client = Client()
@@ -112,7 +328,7 @@ class RFIDBatchApiTests(TestCase):
         self.client.force_login(self.user)
 
     def test_export_rfids(self):
-        tag_black = RFID.objects.create(rfid="CARD999")
+        tag_black = RFID.objects.create(rfid="CARD999", custom_label="Main Tag")
         tag_white = RFID.objects.create(rfid="CARD998", color=RFID.WHITE)
         self.account.rfids.add(tag_black, tag_white)
         response = self.client.get(reverse("rfid-batch"))
@@ -123,6 +339,7 @@ class RFIDBatchApiTests(TestCase):
                 "rfids": [
                     {
                         "rfid": "CARD999",
+                        "custom_label": "Main Tag",
                         "energy_accounts": [self.account.id],
                         "allowed": True,
                         "color": "B",
@@ -141,6 +358,7 @@ class RFIDBatchApiTests(TestCase):
                 "rfids": [
                     {
                         "rfid": "CARD111",
+                        "custom_label": "",
                         "energy_accounts": [],
                         "allowed": True,
                         "color": "W",
@@ -160,6 +378,7 @@ class RFIDBatchApiTests(TestCase):
                 "rfids": [
                     {
                         "rfid": "CARD112",
+                        "custom_label": "",
                         "energy_accounts": [],
                         "allowed": True,
                         "color": "B",
@@ -174,6 +393,7 @@ class RFIDBatchApiTests(TestCase):
             "rfids": [
                 {
                     "rfid": "A1B2C3D4",
+                    "custom_label": "Imported Tag",
                     "energy_accounts": [self.account.id],
                     "allowed": True,
                     "color": "W",
@@ -191,6 +411,7 @@ class RFIDBatchApiTests(TestCase):
         self.assertTrue(
             RFID.objects.filter(
                 rfid="A1B2C3D4",
+                custom_label="Imported Tag",
                 energy_accounts=self.account,
                 color=RFID.WHITE,
                 released=True,
@@ -237,6 +458,11 @@ class RFIDValidationTests(TestCase):
         found = RFID.get_account_by_rfid("abcd1234")
         self.assertEqual(found, acc)
 
+    def test_custom_label_length(self):
+        tag = RFID(rfid="FACE1234", custom_label="x" * 33)
+        with self.assertRaises(ValidationError):
+            tag.full_clean()
+
 
 class RFIDAssignmentTests(TestCase):
     def setUp(self):
@@ -279,7 +505,9 @@ class EnergyAccountTests(TestCase):
 
     def test_service_account_ignores_balance(self):
         user = User.objects.create_user(username="service", password="x")
-        acc = EnergyAccount.objects.create(user=user, service_account=True, name="SERVICE")
+        acc = EnergyAccount.objects.create(
+            user=user, service_account=True, name="SERVICE"
+        )
         self.assertTrue(acc.can_authorize())
 
     def test_account_without_user(self):
@@ -331,7 +559,43 @@ class AddressTests(TestCase):
         self.assertEqual(user.address, addr)
 
 
-class SubscriptionTests(TestCase):
+class PublicWifiUtilitiesTests(TestCase):
+    def setUp(self):
+        self.user = User.objects.create_user(username="wifi", password="pwd")
+
+    def test_grant_public_access_records_allowlist(self):
+        with tempfile.TemporaryDirectory() as tmp:
+            base = Path(tmp)
+            allow_file = base / "locks" / "public_wifi_allow.list"
+            with override_settings(BASE_DIR=base):
+                with patch("core.public_wifi._iptables_available", return_value=False):
+                    public_wifi.grant_public_access(self.user, "AA:BB:CC:DD:EE:FF")
+            self.assertTrue(allow_file.exists())
+            content = allow_file.read_text()
+            self.assertIn("aa:bb:cc:dd:ee:ff", content)
+            self.assertTrue(
+                PublicWifiAccess.objects.filter(
+                    user=self.user, mac_address="aa:bb:cc:dd:ee:ff"
+                ).exists()
+            )
+
+    def test_revoke_public_access_for_user_updates_allowlist(self):
+        with tempfile.TemporaryDirectory() as tmp:
+            base = Path(tmp)
+            allow_file = base / "locks" / "public_wifi_allow.list"
+            with override_settings(BASE_DIR=base):
+                with patch("core.public_wifi._iptables_available", return_value=False):
+                    access = public_wifi.grant_public_access(
+                        self.user, "AA:BB:CC:DD:EE:FF"
+                    )
+                    public_wifi.revoke_public_access_for_user(self.user)
+            access.refresh_from_db()
+            self.assertIsNotNone(access.revoked_on)
+            if allow_file.exists():
+                self.assertNotIn("aa:bb:cc:dd:ee:ff", allow_file.read_text())
+
+
+class LiveSubscriptionTests(TestCase):
     def setUp(self):
         self.client = Client()
         self.user = User.objects.create_user(username="bob", password="pwd")
@@ -339,22 +603,41 @@ class SubscriptionTests(TestCase):
         self.product = Product.objects.create(name="Gold", renewal_period=30)
         self.client.force_login(self.user)
 
-    def test_create_and_list_subscription(self):
+    def test_create_and_list_live_subscription(self):
         response = self.client.post(
-            reverse("add-subscription"),
+            reverse("add-live-subscription"),
             data={"account_id": self.account.id, "product_id": self.product.id},
             content_type="application/json",
         )
         self.assertEqual(response.status_code, 200)
-        self.assertEqual(Subscription.objects.count(), 1)
+        self.account.refresh_from_db()
+        self.assertEqual(
+            self.account.live_subscription_product,
+            self.product,
+        )
+        self.assertIsNotNone(self.account.live_subscription_start_date)
+        self.assertEqual(
+            self.account.live_subscription_start_date,
+            timezone.localdate(),
+        )
+        self.assertEqual(
+            self.account.live_subscription_next_renewal,
+            self.account.live_subscription_start_date
+            + timedelta(days=self.product.renewal_period),
+        )
 
         list_resp = self.client.get(
-            reverse("subscription-list"), {"account_id": self.account.id}
+            reverse("live-subscription-list"), {"account_id": self.account.id}
         )
         self.assertEqual(list_resp.status_code, 200)
         data = list_resp.json()
-        self.assertEqual(len(data["subscriptions"]), 1)
-        self.assertEqual(data["subscriptions"][0]["product__name"], "Gold")
+        self.assertEqual(len(data["live_subscriptions"]), 1)
+        self.assertEqual(data["live_subscriptions"][0]["product__name"], "Gold")
+        self.assertEqual(data["live_subscriptions"][0]["id"], self.account.id)
+        self.assertEqual(
+            data["live_subscriptions"][0]["next_renewal"],
+            str(self.account.live_subscription_next_renewal),
+        )
 
     def test_product_list(self):
         response = self.client.get(reverse("product-list"))
@@ -394,8 +677,8 @@ class EVBrandFixtureTests(TestCase):
     def test_ev_brand_fixture_loads(self):
         call_command(
             "loaddata",
-            "core/fixtures/ev_brands.json",
-            "core/fixtures/ev_models.json",
+            *sorted(glob("core/fixtures/ev_brands__*.json")),
+            *sorted(glob("core/fixtures/ev_models__*.json")),
             verbosity=0,
         )
         porsche = Brand.objects.get(name="Porsche")
@@ -408,11 +691,14 @@ class EVBrandFixtureTests(TestCase):
         )
         self.assertTrue(EVModel.objects.filter(brand=porsche, name="Taycan").exists())
         self.assertTrue(EVModel.objects.filter(brand=audi, name="e-tron GT").exists())
+        self.assertTrue(EVModel.objects.filter(brand=porsche, name="Macan").exists())
+        model3 = EVModel.objects.get(brand__name="Tesla", name="Model 3 RWD")
+        self.assertEqual(model3.est_battery_kwh, Decimal("57.50"))
 
     def test_brand_from_vin(self):
         call_command(
             "loaddata",
-            "core/fixtures/ev_brands.json",
+            *sorted(glob("core/fixtures/ev_brands__*.json")),
             verbosity=0,
         )
         self.assertEqual(Brand.from_vin("WP0ZZZ12345678901").name, "Porsche")
@@ -424,9 +710,9 @@ class RFIDFixtureTests(TestCase):
     def test_fixture_assigns_gelectriic_rfid(self):
         call_command(
             "loaddata",
-            "core/fixtures/users.json",
-            "core/fixtures/energy_accounts.json",
-            "core/fixtures/rfids.json",
+            "core/fixtures/users__arthexis.json",
+            "core/fixtures/energy_accounts__gelectriic.json",
+            "core/fixtures/rfids__ffffffff.json",
             verbosity=0,
         )
         account = EnergyAccount.objects.get(name="GELECTRIIC")
@@ -458,37 +744,6 @@ class SecurityGroupTests(TestCase):
         self.assertIn(user, child.user_set.all())
 
 
-class FediverseProfileTests(TestCase):
-    def setUp(self):
-        self.user = User.objects.create_user(username="fed", password="secret")
-
-    @mock.patch("requests.get")
-    def test_connection_success_sets_verified(self, mock_get):
-        mock_get.return_value.ok = True
-        mock_get.return_value.raise_for_status.return_value = None
-        profile = FediverseProfile.objects.create(
-            user=self.user,
-            service=FediverseProfile.MASTODON,
-            host="example.com",
-            handle="fed",
-            access_token="tok",
-        )
-        self.assertTrue(profile.test_connection())
-        self.assertIsNotNone(profile.verified_on)
-
-    @mock.patch("requests.get", side_effect=Exception("boom"))
-    def test_connection_failure_raises(self, mock_get):
-        profile = FediverseProfile.objects.create(
-            user=self.user,
-            service=FediverseProfile.MASTODON,
-            host="example.com",
-            handle="fed",
-        )
-        with self.assertRaises(ValidationError):
-            profile.test_connection()
-        self.assertIsNone(profile.verified_on)
-
-
 class ReleaseProcessTests(TestCase):
     def setUp(self):
         self.package = Package.objects.create(name="pkg")
@@ -499,14 +754,14 @@ class ReleaseProcessTests(TestCase):
     @mock.patch("core.views.release_utils._git_clean", return_value=False)
     def test_step_check_requires_clean_repo(self, git_clean):
         with self.assertRaises(Exception):
-            _step_check_pypi(self.release, {}, Path("rel.log"))
+            _step_check_version(self.release, {}, Path("rel.log"))
 
     @mock.patch("core.views.release_utils._git_clean", return_value=True)
     @mock.patch("core.views.release_utils.network_available", return_value=False)
     def test_step_check_keeps_repo_clean(self, network_available, git_clean):
         version_path = Path("VERSION")
         original = version_path.read_text(encoding="utf-8")
-        _step_check_pypi(self.release, {}, Path("rel.log"))
+        _step_check_version(self.release, {}, Path("rel.log"))
         proc = subprocess.run(
             ["git", "status", "--porcelain", str(version_path)],
             capture_output=True,
@@ -524,9 +779,7 @@ class ReleaseProcessTests(TestCase):
     @mock.patch("core.views.subprocess.run")
     @mock.patch("core.views.PackageRelease.dump_fixture")
     @mock.patch("core.views.release_utils.promote", side_effect=Exception("boom"))
-    def test_promote_cleans_repo_on_failure(
-        self, promote, dump_fixture, run
-    ):
+    def test_promote_cleans_repo_on_failure(self, promote, dump_fixture, run):
         with self.assertRaises(Exception):
             _step_promote_build(self.release, {}, Path("rel.log"))
         dump_fixture.assert_not_called()
@@ -651,6 +904,139 @@ class ReleaseProcessTests(TestCase):
             self.assertEqual(count_file.read_text(), "1")
 
 
+class ReleaseProgressSyncTests(TestCase):
+    def setUp(self):
+        self.client = Client()
+        self.user = User.objects.create_superuser("admin", "admin@example.com", "pw")
+        self.client.force_login(self.user)
+        self.package = Package.objects.get(name="arthexis")
+        self.version_path = Path("VERSION")
+        self.original_version = self.version_path.read_text(encoding="utf-8")
+        self.version_path.write_text("1.2.3", encoding="utf-8")
+
+    def tearDown(self):
+        self.version_path.write_text(self.original_version, encoding="utf-8")
+
+    @mock.patch("core.views.PackageRelease.dump_fixture")
+    @mock.patch("core.views.revision.get_revision", return_value="abc123")
+    def test_unpublished_release_syncs_version_and_revision(
+        self, get_revision, dump_fixture
+    ):
+        release = PackageRelease.objects.create(
+            package=self.package,
+            version="1.0.0",
+        )
+        release.revision = "oldrev"
+        release.save(update_fields=["revision"])
+
+        url = reverse("release-progress", args=[release.pk, "publish"])
+        response = self.client.get(url)
+
+        self.assertEqual(response.status_code, 200)
+        release.refresh_from_db()
+        self.assertEqual(release.version, "1.2.4")
+        self.assertEqual(release.revision, "abc123")
+        dump_fixture.assert_called_once()
+
+    def test_published_release_not_current_returns_404(self):
+        release = PackageRelease.objects.create(
+            package=self.package,
+            version="1.2.4",
+            pypi_url="https://example.com",
+        )
+
+        url = reverse("release-progress", args=[release.pk, "publish"])
+        response = self.client.get(url)
+
+        self.assertEqual(response.status_code, 404)
+
+
+class ReleaseProgressFixtureVisibilityTests(TestCase):
+    def setUp(self):
+        self.client = Client()
+        self.user = User.objects.create_superuser(
+            "fixture-check", "fixture@example.com", "pw"
+        )
+        self.client.force_login(self.user)
+        current_version = Path("VERSION").read_text(encoding="utf-8").strip()
+        package = Package.objects.filter(is_active=True).first()
+        if package is None:
+            package = Package.objects.create(name="fixturepkg", is_active=True)
+        try:
+            self.release = PackageRelease.objects.get(
+                package=package, version=current_version
+            )
+        except PackageRelease.DoesNotExist:
+            self.release = PackageRelease.objects.create(
+                package=package, version=current_version
+            )
+        self.session_key = f"release_publish_{self.release.pk}"
+        self.log_name = f"{self.release.package.name}-{self.release.version}.log"
+        self.lock_path = Path("locks") / f"{self.session_key}.json"
+        self.restart_path = Path("locks") / f"{self.session_key}.restarts"
+        self.log_path = Path("logs") / self.log_name
+        for path in (self.lock_path, self.restart_path, self.log_path):
+            if path.exists():
+                path.unlink()
+        try:
+            self.fixture_step_index = next(
+                idx
+                for idx, (name, _) in enumerate(core_views.PUBLISH_STEPS)
+                if name == core_views.FIXTURE_REVIEW_STEP_NAME
+            )
+        except StopIteration:  # pragma: no cover - defensive guard
+            self.fail("Fixture review step not configured in publish steps")
+        self.url = reverse("release-progress", args=[self.release.pk, "publish"])
+
+    def tearDown(self):
+        session = self.client.session
+        if self.session_key in session:
+            session.pop(self.session_key)
+            session.save()
+        for path in (self.lock_path, self.restart_path, self.log_path):
+            if path.exists():
+                path.unlink()
+        super().tearDown()
+
+    def _set_session(self, step: int, fixtures: list[dict]):
+        session = self.client.session
+        session[self.session_key] = {
+            "step": step,
+            "fixtures": fixtures,
+            "log": self.log_name,
+            "started": True,
+        }
+        session.save()
+
+    def test_fixture_summary_visible_until_migration_step(self):
+        fixtures = [
+            {
+                "path": "core/fixtures/example.json",
+                "count": 2,
+                "models": ["core.Model"],
+            }
+        ]
+        self._set_session(self.fixture_step_index, fixtures)
+        response = self.client.get(self.url)
+        self.assertEqual(response.status_code, 200)
+        self.assertEqual(response.context["fixtures"], fixtures)
+        self.assertContains(response, "Fixture changes")
+
+    def test_fixture_summary_hidden_after_migration_step(self):
+        fixtures = [
+            {
+                "path": "core/fixtures/example.json",
+                "count": 2,
+                "models": ["core.Model"],
+            }
+        ]
+        self._set_session(self.fixture_step_index + 1, fixtures)
+        response = self.client.get(self.url)
+        self.assertEqual(response.status_code, 200)
+        self.assertIsNone(response.context["fixtures"])
+        self.assertNotContains(response, "Fixture changes")
+
+
 class PackageReleaseAdminActionTests(TestCase):
     def setUp(self):
         self.factory = RequestFactory()
@@ -688,12 +1074,9 @@ class PackageReleaseAdminActionTests(TestCase):
         mock_get.return_value.json.return_value = {
             "releases": {"1.0.0": [], "1.1.0": []}
         }
-        self.admin.refresh_from_pypi(
-            self.request, PackageRelease.objects.none()
-        )
-        self.assertTrue(
-            PackageRelease.objects.filter(version="1.1.0").exists()
-        )
+        self.admin.refresh_from_pypi(self.request, PackageRelease.objects.none())
+        new_release = PackageRelease.objects.get(version="1.1.0")
+        self.assertEqual(new_release.revision, "")
         dump.assert_called_once()
 
 
@@ -735,6 +1118,40 @@ class PackageReleaseCurrentTests(TestCase):
         self.assertFalse(self.release.is_current)
 
 
+class PackageReleaseChangelistTests(TestCase):
+    def setUp(self):
+        self.client = Client()
+        User.objects.create_superuser("admin", "admin@example.com", "pw")
+        self.client.force_login(User.objects.get(username="admin"))
+
+    def test_prepare_next_release_button_present(self):
+        response = self.client.get(reverse("admin:core_packagerelease_changelist"))
+        prepare_url = reverse(
+            "admin:core_packagerelease_actions", args=["prepare_next_release"]
+        )
+        self.assertContains(response, prepare_url, html=False)
+
+    def test_refresh_from_pypi_button_present(self):
+        response = self.client.get(reverse("admin:core_packagerelease_changelist"))
+        refresh_url = reverse(
+            "admin:core_packagerelease_actions", args=["refresh_from_pypi"]
+        )
+        self.assertContains(response, refresh_url, html=False)
+
+    def test_prepare_next_release_action_creates_release(self):
+        package = Package.objects.get(name="arthexis")
+        PackageRelease.all_objects.filter(package=package).delete()
+        response = self.client.post(
+            reverse(
+                "admin:core_packagerelease_actions", args=["prepare_next_release"]
+            )
+        )
+        self.assertEqual(response.status_code, 302)
+        self.assertTrue(
+            PackageRelease.all_objects.filter(package=package).exists()
+        )
+
+
 class PackageAdminPrepareNextReleaseTests(TestCase):
     def setUp(self):
         self.factory = RequestFactory()
@@ -753,22 +1170,176 @@ class PackageAdminPrepareNextReleaseTests(TestCase):
         )
 
 
-class PackageReleaseChangelistTests(TestCase):
+class PackageAdminChangeViewTests(TestCase):
     def setUp(self):
         self.client = Client()
         User.objects.create_superuser("admin", "admin@example.com", "pw")
         self.client.force_login(User.objects.get(username="admin"))
+        self.package = Package.objects.get(name="arthexis")
 
-    def test_prepare_next_release_button_present(self):
-        response = self.client.get(reverse("admin:core_packagerelease_changelist"))
-        self.assertContains(
-            response, reverse("admin:core_package_prepare_next_release"), html=False
+    def test_prepare_next_release_button_visible_on_change_view(self):
+        response = self.client.get(
+            reverse("admin:core_package_change", args=[self.package.pk])
         )
+        self.assertContains(response, "Prepare next Release")
 
-    def test_refresh_from_pypi_button_present(self):
-        response = self.client.get(reverse("admin:core_packagerelease_changelist"))
-        refresh_url = reverse(
-            "admin:core_packagerelease_actions", args=["refresh_from_pypi"]
+
+class TodoDoneTests(TestCase):
+    def setUp(self):
+        self.client = Client()
+        User.objects.create_superuser("admin", "admin@example.com", "pw")
+        self.client.force_login(User.objects.get(username="admin"))
+
+    def test_mark_done_sets_timestamp(self):
+        todo = Todo.objects.create(request="Task", is_seed_data=True)
+        resp = self.client.post(reverse("todo-done", args=[todo.pk]))
+        self.assertRedirects(resp, reverse("admin:index"))
+        todo.refresh_from_db()
+        self.assertIsNotNone(todo.done_on)
+        self.assertFalse(todo.is_deleted)
+
+    def test_mark_done_condition_failure_shows_message(self):
+        todo = Todo.objects.create(
+            request="Task",
+            on_done_condition="1 = 0",
         )
-        self.assertContains(response, refresh_url, html=False)
+        resp = self.client.post(reverse("todo-done", args=[todo.pk]))
+        self.assertRedirects(resp, reverse("admin:index"))
+        messages = [m.message for m in get_messages(resp.wsgi_request)]
+        self.assertTrue(messages)
+        self.assertIn("1 = 0", messages[0])
+        todo.refresh_from_db()
+        self.assertIsNone(todo.done_on)
+
+    def test_mark_done_condition_invalid_expression(self):
+        todo = Todo.objects.create(
+            request="Task",
+            on_done_condition="1; SELECT 1",
+        )
+        resp = self.client.post(reverse("todo-done", args=[todo.pk]))
+        self.assertRedirects(resp, reverse("admin:index"))
+        messages = [m.message for m in get_messages(resp.wsgi_request)]
+        self.assertTrue(messages)
+        self.assertIn("Semicolons", messages[0])
+        todo.refresh_from_db()
+        self.assertIsNone(todo.done_on)
+
+    def test_mark_done_condition_resolves_sigils(self):
+        todo = Todo.objects.create(
+            request="Task",
+            on_done_condition="[TEST]",
+        )
+        with mock.patch.object(Todo, "resolve_sigils", return_value="1 = 1") as resolver:
+            resp = self.client.post(reverse("todo-done", args=[todo.pk]))
+        self.assertRedirects(resp, reverse("admin:index"))
+        resolver.assert_called_once_with("on_done_condition")
+        todo.refresh_from_db()
+        self.assertIsNotNone(todo.done_on)
+
+    def test_mark_done_respects_next_parameter(self):
+        todo = Todo.objects.create(request="Task")
+        next_url = reverse("admin:index") + "?section=todos"
+        resp = self.client.post(
+            reverse("todo-done", args=[todo.pk]),
+            {"next": next_url},
+        )
+        self.assertRedirects(resp, next_url, target_status_code=200)
+        todo.refresh_from_db()
+        self.assertIsNotNone(todo.done_on)
+
+    def test_mark_done_rejects_external_next(self):
+        todo = Todo.objects.create(request="Task")
+        resp = self.client.post(
+            reverse("todo-done", args=[todo.pk]),
+            {"next": "https://example.com/"},
+        )
+        self.assertRedirects(resp, reverse("admin:index"))
+        todo.refresh_from_db()
+        self.assertIsNotNone(todo.done_on)
+
+
+class TodoFocusViewTests(TestCase):
+    def setUp(self):
+        self.client = Client()
+        User.objects.create_superuser("admin", "admin@example.com", "pw")
+        self.client.force_login(User.objects.get(username="admin"))
+
+    def test_focus_view_renders_requested_page(self):
+        todo = Todo.objects.create(request="Task", url="/docs/")
+        next_url = reverse("admin:index")
+        resp = self.client.get(
+            f"{reverse('todo-focus', args=[todo.pk])}?next={quote(next_url)}"
+        )
+        self.assertEqual(resp.status_code, 200)
+        self.assertContains(resp, todo.request)
+        self.assertEqual(resp["X-Frame-Options"], "SAMEORIGIN")
+        self.assertContains(resp, f'src="{todo.url}"')
+        self.assertContains(resp, "Done")
+        self.assertContains(resp, "Back")
+
+    def test_focus_view_uses_admin_change_when_no_url(self):
+        todo = Todo.objects.create(request="Task")
+        resp = self.client.get(reverse("todo-focus", args=[todo.pk]))
+        change_url = reverse("admin:core_todo_change", args=[todo.pk])
+        self.assertContains(resp, f'src="{change_url}"')
+
+    def test_focus_view_sanitizes_loopback_absolute_url(self):
+        todo = Todo.objects.create(
+            request="Task",
+            url="http://127.0.0.1:8000/docs/?section=chart",
+        )
+        resp = self.client.get(reverse("todo-focus", args=[todo.pk]))
+        self.assertContains(resp, 'src="/docs/?section=chart"')
+
+    def test_focus_view_rejects_external_absolute_url(self):
+        todo = Todo.objects.create(
+            request="Task",
+            url="https://outside.invalid/external/",
+        )
+        resp = self.client.get(reverse("todo-focus", args=[todo.pk]))
+        change_url = reverse("admin:core_todo_change", args=[todo.pk])
+        self.assertContains(resp, f'src="{change_url}"')
+
+    def test_focus_view_redirects_if_todo_completed(self):
+        todo = Todo.objects.create(request="Task")
+        todo.done_on = timezone.now()
+        todo.save(update_fields=["done_on"])
+        next_url = reverse("admin:index")
+        resp = self.client.get(
+            f"{reverse('todo-focus', args=[todo.pk])}?next={quote(next_url)}"
+        )
+        self.assertRedirects(resp, next_url, target_status_code=200)
+
+
+class TodoUrlValidationTests(TestCase):
+    def test_relative_url_valid(self):
+        todo = Todo(request="Task", url="/path")
+        todo.full_clean()  # should not raise
+
+    def test_absolute_url_invalid(self):
+        todo = Todo(request="Task", url="https://example.com/path")
+        with self.assertRaises(ValidationError):
+            todo.full_clean()
+
+
+class TodoUniqueTests(TestCase):
+    def test_request_unique_case_insensitive(self):
+        Todo.objects.create(request="Task")
+        with self.assertRaises(IntegrityError):
+            Todo.objects.create(request="task")
+
+
+class TodoAdminPermissionTests(TestCase):
+    def setUp(self):
+        self.client = Client()
+        User.objects.create_superuser("admin", "admin@example.com", "pw")
+        self.client.force_login(User.objects.get(username="admin"))
+
+    def test_add_view_disallowed(self):
+        resp = self.client.get(reverse("admin:core_todo_add"))
+        self.assertEqual(resp.status_code, 403)
 
+    def test_change_form_loads(self):
+        todo = Todo.objects.create(request="Task")
+        resp = self.client.get(reverse("admin:core_todo_change", args=[todo.pk]))
+        self.assertEqual(resp.status_code, 200)