Testcases for questionnaire response api

[nandkishorr]

ohcnetwork/roadmap#252

Merge Checklist

• Tests added/fixed
• Update docs in /docs
• Linting Complete
• Any other necessary step

Only PR's with test cases included and passing lint and test pipelines will be reviewed

@ohcnetwork/care-backend-maintainers @ohcnetwork/care-backend-admins

Summary by CodeRabbit

Tests

• Added comprehensive test coverage for questionnaire response API endpoints, including retrieval, listing with filters (by questionnaire slug and unstructured flag), and status updates
• Added validation tests for permission enforcement (encounter and patient-level access control) and time-based edit restrictions on questionnaire responses
• Added tests for error handling with invalid encounter and patient identifiers

[greptile-apps]

Your free trial has ended. If you'd like to continue receiving code reviews, you can add a payment method here.

[coderabbitai]

📝 Walkthrough

Walkthrough

Introduces a comprehensive test module for the questionnaire response API, providing a base test class with full end-to-end data provisioning and 14 test cases covering retrieval, filtering, listing, updating operations, plus permission and validation edge cases.

Changes

Cohort / File(s)	Summary
Questionnaire Response API Tests care/emr/tests/test_questionnaire_response_api.py	New test module with QuestionnaireTestBase class providing setup infrastructure for test data (superuser, organization, facility, patient, encounter, questionnaire) and helper methods. Includes 14 test cases validating retrieval, filtering, listing, and status update operations with granular permission and error validation scenarios.

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~20 minutes

🚥 Pre-merge checks | ✅ 2 | ❌ 1

❌ Failed checks (1 inconclusive)

Check name	Status	Explanation	Resolution
Description check	❓ Inconclusive	The description references the associated issue but lacks the 'Proposed Changes' section with a brief explanation of what was implemented and why.	Add a 'Proposed Changes' section describing what test cases were added and how they validate the questionnaire response API functionality.

✅ Passed checks (2 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title accurately summarizes the main change: adding test cases for the questionnaire response API, which aligns with the 586 lines of new test code.
Docstring Coverage	✅ Passed	Docstring coverage is 80.95% which is sufficient. The required threshold is 80.00%.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

📝 Generate docstrings

• Create stacked PR
• Commit on current branch

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch feat/test/questionnaire_response

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 4

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@care/emr/tests/test_questionnaire_response_api.py`:
- Around line 379-413: The two tests
(test_retrieve_questionnaire_response_with_questionnaire_slug_filter and
test_retrieve_questionnaire_response_with_only_unstructured_filter) are too weak
because only one QuestionnaireResponse exists in fixtures; modify the tests to
create or attach a second QuestionnaireResponse that should be excluded by the
filter (or query using a non-matching slug) and then assert the filtered results
length is 1 and that the excluded response is not present; specifically, in each
test set up a second response (e.g., another QuestionnaireResponse object with a
different questionnaire slug or with structured answers) before calling
self.client.get(self.get_url(), ...) and then assert the
response.json()["results"] contains only self.questionnaire_response["id"] and
not the second response's id so the filter behavior in the view is actually
exercised.
- Around line 348-377: Both tests
(test_retrieve_questionnaire_response_without_encounter_permission and
test_retrieve_questionnaire_response_without_patient_permission) create a
brand-new user which may lack multiple prerequisites, so change each to grant
the user all required roles/permissions/facility access except the specific
permission under test: for the encounter-permission test, create a user, attach
the same role/facility and patient-level permissions used by other successful
tests but do NOT grant encounter access, authenticate via
self.client.force_authenticate, then call
get_detail_url(self.questionnaire_response["id"]) with {"encounter":
self.encounter.external_id} and assert 403; for the patient-permission test,
give the user all required encounter and facility permissions but omit the
patient-level permission, call get_detail_url(self.questionnaire_response["id"])
and assert the same 403; apply the same pattern for the related tests at the
other block (lines 434-460) to ensure each failure isolates a single missing
permission.
- Around line 555-585: The test is hitting the authorize_update guard that
rejects "entered_in_error" before the created_date check in authorize_update (in
questionnaire_response.py), so change
test_update_questionnaire_response_status_after_time_limit to backdate the
QuestionnaireResponse while its status is still "completed" (fetch
QuestionnaireResponse via QuestionnaireResponse.objects.get(external_id=...),
decrement created_date by settings.QUESTIONNAIRE_ERRORED_TIME_LIMIT_MINUTES + 1,
save and refresh_from_db), then perform the PUT to change status to
"entered_in_error" and assert a 403 with "Questionnaire Response cannot be
edited" so the time-limit branch is exercised instead of the entered_in_error
guard.
- Around line 63-201: The tests define mutable fixtures named questions (and
responses) at class scope which creates shared state across test instances; move
their initialization into setUp() or into factory/helper functions (e.g.,
make_questions() / make_responses()) and assign to instance attributes like
self.questions/self.responses so each test gets a fresh copy; update any tests
that reference the class-level questions/responses to use the instance
attributes or call the helper to avoid RUF012 shared-mutable-state issues.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Repository UI

Review profile: CHILL

Plan: Pro

Run ID: e3f30b04-fa49-4741-ba3c-4ccc34748023

📥 Commits

Reviewing files that changed from the base of the PR and between c691750 and 8ba8b53.

📒 Files selected for processing (1)

• care/emr/tests/test_questionnaire_response_api.py

[coderabbitai]

⚠️ Potential issue | 🟡 Minor

🧩 Analysis chain

🏁 Script executed:

find . -name "test_questionnaire_response_api.py" -type f

Repository: ohcnetwork/care

Length of output: 110

---

🏁 Script executed:

head -n 310 ./care/emr/tests/test_questionnaire_response_api.py | tail -n +50

Repository: ohcnetwork/care

Length of output: 9722

---

🏁 Script executed:

wc -l ./care/emr/tests/test_questionnaire_response_api.py

Repository: ohcnetwork/care

Length of output: 114

---

🏁 Script executed:

head -n 80 ./care/emr/tests/test_questionnaire_response_api.py

Repository: ohcnetwork/care

Length of output: 3040

---

🏁 Script executed:

grep -n "^    questions = \|^    responses = " ./care/emr/tests/test_questionnaire_response_api.py

Repository: ohcnetwork/care

Length of output: 101

---

🏁 Script executed:

cd ./care/emr/tests && ruff check test_questionnaire_response_api.py

Repository: ohcnetwork/care

Length of output: 15072

---

Move these shared fixtures to setUp() or helper methods.

questions and responses are mutable class attributes flagged by Ruff (RUF012). Defining them at the class body level creates shared state across all test instances—any in-place mutation bleeds across the entire test suite. Initialize fresh copies in setUp() or return them from helper methods instead.

🧰 Tools

🪛 Ruff (0.15.7)

[warning] 63-201: Mutable default value for class attribute

(RUF012)

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@care/emr/tests/test_questionnaire_response_api.py` around lines 63 - 201, The
tests define mutable fixtures named questions (and responses) at class scope
which creates shared state across test instances; move their initialization into
setUp() or into factory/helper functions (e.g., make_questions() /
make_responses()) and assign to instance attributes like
self.questions/self.responses so each test gets a fresh copy; update any tests
that reference the class-level questions/responses to use the instance
attributes or call the helper to avoid RUF012 shared-mutable-state issues.

[coderabbitai]

⚠️ Potential issue | 🟠 Major

These 403 cases don’t prove which permission failed.

Each test uses a brand-new user with no attached role or facility access, so the denial can come from several missing prerequisites at once. If the encounter-specific or patient-specific guard disappeared, these would still stay green. Give the user every other required permission and omit only the one under test.

As per coding guidelines, **/tests/**/*.py: Use Django’s built-in tools for testing (unittest and pytest-django) to ensure code quality and reliability.

Also applies to: 434-460

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@care/emr/tests/test_questionnaire_response_api.py` around lines 348 - 377,
Both tests (test_retrieve_questionnaire_response_without_encounter_permission
and test_retrieve_questionnaire_response_without_patient_permission) create a
brand-new user which may lack multiple prerequisites, so change each to grant
the user all required roles/permissions/facility access except the specific
permission under test: for the encounter-permission test, create a user, attach
the same role/facility and patient-level permissions used by other successful
tests but do NOT grant encounter access, authenticate via
self.client.force_authenticate, then call
get_detail_url(self.questionnaire_response["id"]) with {"encounter":
self.encounter.external_id} and assert 403; for the patient-permission test,
give the user all required encounter and facility permissions but omit the
patient-level permission, call get_detail_url(self.questionnaire_response["id"])
and assert the same 403; apply the same pattern for the related tests at the
other block (lines 434-460) to ensure each failure isolates a single missing
permission.

[coderabbitai]

⚠️ Potential issue | 🟠 Major

These filter tests are a bit too easy to satisfy.

There is only one questionnaire response in the fixture set, so both assertions still pass if questionnaire_slugs or only_unstructured is ignored entirely. Add a second response that should be excluded, or use a non-matching slug case, so the filter behavior is actually exercised.

As per coding guidelines, **/tests/**/*.py: Use Django’s built-in tools for testing (unittest and pytest-django) to ensure code quality and reliability.

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@care/emr/tests/test_questionnaire_response_api.py` around lines 379 - 413,
The two tests
(test_retrieve_questionnaire_response_with_questionnaire_slug_filter and
test_retrieve_questionnaire_response_with_only_unstructured_filter) are too weak
because only one QuestionnaireResponse exists in fixtures; modify the tests to
create or attach a second QuestionnaireResponse that should be excluded by the
filter (or query using a non-matching slug) and then assert the filtered results
length is 1 and that the excluded response is not present; specifically, in each
test set up a second response (e.g., another QuestionnaireResponse object with a
different questionnaire slug or with structured answers) before calling
self.client.get(self.get_url(), ...) and then assert the
response.json()["results"] contains only self.questionnaire_response["id"] and
not the second response's id so the filter behavior in the view is actually
exercised.

[coderabbitai]

⚠️ Potential issue | 🟠 Major

The time-limit test never reaches the time-limit branch.

In care/emr/api/viewsets/questionnaire_response.py:37-49, authorize_update rejects entered_in_error before it checks created_date. This test flips the response to entered_in_error first, so the final 403 is satisfied by the wrong guard. Backdate the still-completed response, then make the first update attempt and expect 403.

Suggested fix

         update_url = self.get_detail_url(self.questionnaire_response["id"])
-        response = self.client.put(
-            update_url, {"status": "entered_in_error"}, format="json"
-        )
-        self.assertEqual(response.status_code, 200)
-        # Simulate time passing beyond the allowed limit
         questionnaire_response_obj = QuestionnaireResponse.objects.get(
             external_id=self.questionnaire_response["id"]
         )
         questionnaire_response_obj.created_date -= timedelta(
             minutes=settings.QUESTIONNAIRE_ERRORED_TIME_LIMIT_MINUTES + 1
         )
-        questionnaire_response_obj.save()
-        # Ensure the object is refreshed from DB to avoid stale data
-        questionnaire_response_obj.refresh_from_db()
-        response = self.client.put(update_url, {"status": "completed"}, format="json")
+        questionnaire_response_obj.save(update_fields=["created_date"])
+
+        response = self.client.put(
+            update_url, {"status": "entered_in_error"}, format="json"
+        )
         self.assertEqual(response.status_code, 403)

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@care/emr/tests/test_questionnaire_response_api.py` around lines 555 - 585,
The test is hitting the authorize_update guard that rejects "entered_in_error"
before the created_date check in authorize_update (in
questionnaire_response.py), so change
test_update_questionnaire_response_status_after_time_limit to backdate the
QuestionnaireResponse while its status is still "completed" (fetch
QuestionnaireResponse via QuestionnaireResponse.objects.get(external_id=...),
decrement created_date by settings.QUESTIONNAIRE_ERRORED_TIME_LIMIT_MINUTES + 1,
save and refresh_from_db), then perform the PUT to change status to
"entered_in_error" and assert a 403 with "Questionnaire Response cannot be
edited" so the time-limit branch is exercised instead of the entered_in_error
guard.

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 77.32%. Comparing base (c691750) to head (4a394e0).

Additional details and impacted files

@@             Coverage Diff             @@
##           develop    #3609      +/-   ##
===========================================
+ Coverage    77.20%   77.32%   +0.12%     
===========================================
  Files          474      474              
  Lines        22421    22421              
  Branches      2348     2348              
===========================================
+ Hits         17310    17338      +28     
+ Misses        4531     4501      -30     
- Partials       580      582       +2     

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.