From 269d8fb5b36f01235e8da68fd91bdad644fe8fd2 Mon Sep 17 00:00:00 2001
From: Roberto Rosario <roberto.rosario.gonzalez@gmail.com>
Date: Sun, 1 May 2016 17:06:37 -0400
Subject: [PATCH] Remove 'is_staff' and 'is_superadmin' from views and
 serializers. Add user API tests.

---
 mayan/apps/common/forms.py                   |   4 +-
 mayan/apps/user_management/serializers.py    |  32 ++++--
 mayan/apps/user_management/tests/literals.py |   1 +
 mayan/apps/user_management/tests/test_api.py | 114 +++++++++++++++++++
 4 files changed, 142 insertions(+), 9 deletions(-)
 create mode 100644 mayan/apps/user_management/tests/test_api.py

diff --git a/mayan/apps/common/forms.py b/mayan/apps/common/forms.py
index de1b8ec89e..fa0c16d258 100644
--- a/mayan/apps/common/forms.py
+++ b/mayan/apps/common/forms.py
@@ -158,7 +158,7 @@ class UserForm_view(DetailForm):
 
     class Meta:
         fields = (
-            'username', 'first_name', 'last_name', 'email', 'is_staff',
-            'is_superuser', 'last_login', 'date_joined', 'groups'
+            'username', 'first_name', 'last_name', 'email', 'last_login',
+            'date_joined', 'groups'
         )
         model = get_user_model()
diff --git a/mayan/apps/user_management/serializers.py b/mayan/apps/user_management/serializers.py
index 74a116aca4..dbe030719f 100644
--- a/mayan/apps/user_management/serializers.py
+++ b/mayan/apps/user_management/serializers.py
@@ -23,21 +23,39 @@ class GroupSerializer(serializers.HyperlinkedModelSerializer):
 class UserSerializer(serializers.HyperlinkedModelSerializer):
     groups = GroupSerializer(many=True)
 
+    password = serializers.CharField(
+        required=False, style={'input_type': 'password'}
+    )
+
     class Meta:
         extra_kwargs = {
             'url': {'view_name': 'rest_api:user-detail'}
         }
         fields = (
-            'first_name', 'date_joined', 'email', 'groups', 'id', 'is_staff',
-            'is_active', 'is_superuser', 'last_login', 'last_name',
-            'password', 'url', 'username',
+            'first_name', 'date_joined', 'email', 'groups', 'id', 'is_active',
+            'last_login', 'last_name', 'url', 'username', 'password'
         )
         model = get_user_model()
         read_only_fields = ('last_login', 'date_joined')
         write_only_fields = ('password',)
 
-    def restore_object(self, attrs, instance=None):
-        user = super(UserSerializer, self).restore_object(attrs, instance)
-        if 'password' in attrs:
-            user.set_password(attrs['password'])
+    def create(self, validated_data):
+        groups = validated_data.pop('groups')
+        is_active = validated_data.pop('is_active')
+        user = get_user_model().objects.create_user(**validated_data)
+
         return user
+
+    def update(self, instance, validated_data):
+        groups = validated_data.pop('groups')
+
+        if 'password' in validated_data:
+            instance.set_password(validated_data['password'])
+            validated_data.pop('password')
+
+        for attr, value in validated_data.items():
+            setattr(instance, attr, value)
+
+        instance.save()
+
+        return instance
diff --git a/mayan/apps/user_management/tests/literals.py b/mayan/apps/user_management/tests/literals.py
index a67dd43a7a..bc25327f10 100644
--- a/mayan/apps/user_management/tests/literals.py
+++ b/mayan/apps/user_management/tests/literals.py
@@ -15,3 +15,4 @@ TEST_USER_EMAIL = 'user@example.com'
 TEST_USER_PASSWORD = 'test user password'
 TEST_USER_PASSWORD_EDITED = 'test user password edited'
 TEST_USER_USERNAME = 'test_user'
+TEST_USER_USERNAME_EDITED = 'test_user_edited'
diff --git a/mayan/apps/user_management/tests/test_api.py b/mayan/apps/user_management/tests/test_api.py
new file mode 100644
index 0000000000..1864960744
--- /dev/null
+++ b/mayan/apps/user_management/tests/test_api.py
@@ -0,0 +1,114 @@
+from __future__ import unicode_literals
+
+from django.contrib.auth import get_user_model
+
+from django.core.urlresolvers import reverse
+
+from rest_framework import status
+from rest_framework.test import APITestCase
+
+from ..tests.literals import (
+    TEST_ADMIN_EMAIL, TEST_ADMIN_PASSWORD, TEST_ADMIN_USERNAME
+)
+
+from .literals import (
+    TEST_GROUP, TEST_USER_EMAIL, TEST_USER_PASSWORD, TEST_USER_PASSWORD_EDITED,
+    TEST_USER_USERNAME, TEST_USER_USERNAME_EDITED
+)
+
+
+class UserManagementAPITestCase(APITestCase):
+    """
+    Test the document type API endpoints
+    """
+
+    def setUp(self):
+        self.admin_user = get_user_model().objects.create_superuser(
+            username=TEST_ADMIN_USERNAME, email=TEST_ADMIN_EMAIL,
+            password=TEST_ADMIN_PASSWORD
+        )
+
+        self.client.login(
+            username=TEST_ADMIN_USERNAME, password=TEST_ADMIN_PASSWORD
+        )
+
+    def tearDown(self):
+        get_user_model().objects.all().delete()
+
+    def test_user_create(self):
+        response = self.client.post(
+            reverse('rest_api:user-list'), data={
+                'email': TEST_USER_EMAIL, 'password': TEST_USER_PASSWORD,
+                'username': TEST_USER_USERNAME,
+            }
+        )
+
+        self.assertEqual(response.status_code, 201)
+
+        user = get_user_model().objects.get(pk=response.data['id'])
+        self.assertEqual(user.username, TEST_USER_USERNAME)
+
+    def test_user_create_login(self):
+        response = self.client.post(
+            reverse('rest_api:user-list'), data={
+                'email': TEST_USER_EMAIL, 'password': TEST_USER_PASSWORD,
+                'username': TEST_USER_USERNAME,
+            }
+        )
+
+        self.assertEqual(response.status_code, 201)
+
+        get_user_model().objects.get(pk=response.data['id'])
+
+        self.assertTrue(
+            self.client.login(
+                username=TEST_USER_USERNAME, password=TEST_USER_PASSWORD
+            )
+        )
+
+    def test_user_edit_via_put(self):
+        user = get_user_model().objects.create_user(
+            email=TEST_USER_EMAIL, password=TEST_USER_PASSWORD,
+            username=TEST_USER_USERNAME
+        )
+
+        response = self.client.put(
+            reverse('rest_api:user-detail', args=(user.pk,)),
+            data={'username': TEST_USER_USERNAME_EDITED}
+        )
+
+        self.assertEqual(response.status_code, 200)
+
+        user.refresh_from_db()
+        self.assertEqual(user.username, TEST_USER_USERNAME_EDITED)
+
+    def test_document_type_edit_via_patch(self):
+        user = get_user_model().objects.create_user(
+            email=TEST_USER_EMAIL, password=TEST_USER_PASSWORD,
+            username=TEST_USER_USERNAME
+        )
+
+        response = self.client.patch(
+            reverse('rest_api:user-detail', args=(user.pk,)),
+            data={'username': TEST_USER_USERNAME_EDITED}
+        )
+
+        self.assertEqual(response.status_code, 200)
+
+        user.refresh_from_db()
+        self.assertEqual(user.username, TEST_USER_USERNAME_EDITED)
+
+    def test_document_type_delete(self):
+        user = get_user_model().objects.create_user(
+            email=TEST_USER_EMAIL, password=TEST_USER_PASSWORD,
+            username=TEST_USER_USERNAME
+        )
+
+        response = self.client.delete(
+            reverse('rest_api:user-detail', args=(user.pk,))
+        )
+
+        self.assertEqual(response.status_code, 204)
+
+        with self.assertRaises(get_user_model().DoesNotExist):
+            get_user_model().objects.get(pk=user.pk)