From 2f4abb22f8ec352932164b17cf3060fd4298fab5 Mon Sep 17 00:00:00 2001 From: Michael Price Date: Tue, 20 Feb 2018 02:16:12 -0400 Subject: [PATCH] Update the metadata app API tests to test with and without the correspoding permissions and accesses. Update the test to the latest API test class interface. --- mayan/apps/metadata/tests/test_api.py | 492 +++++++++++++++----------- 1 file changed, 288 insertions(+), 204 deletions(-) diff --git a/mayan/apps/metadata/tests/test_api.py b/mayan/apps/metadata/tests/test_api.py index 435cf8ba13..3faf586143 100644 --- a/mayan/apps/metadata/tests/test_api.py +++ b/mayan/apps/metadata/tests/test_api.py @@ -1,17 +1,23 @@ from __future__ import unicode_literals -from django.contrib.auth import get_user_model from django.test import override_settings -from django.urls import reverse + +from rest_framework import status from documents.models import DocumentType +from documents.permissions import ( + permission_document_type_edit, permission_document_type_view +) from documents.tests import TEST_DOCUMENT_TYPE_LABEL, TEST_SMALL_DOCUMENT_PATH from rest_api.tests import BaseAPITestCase -from user_management.tests.literals import ( - TEST_ADMIN_EMAIL, TEST_ADMIN_PASSWORD, TEST_ADMIN_USERNAME -) from ..models import DocumentTypeMetadataType, MetadataType +from ..permissions import ( + permission_metadata_document_add, permission_metadata_document_edit, + permission_metadata_document_remove, permission_metadata_document_view, + permission_metadata_type_create, permission_metadata_type_delete, + permission_metadata_type_edit, permission_metadata_type_view +) from .literals import ( TEST_METADATA_TYPE_LABEL, TEST_METADATA_TYPE_LABEL_2, @@ -23,32 +29,32 @@ from .literals import ( class MetadataTypeAPITestCase(BaseAPITestCase): def setUp(self): super(MetadataTypeAPITestCase, self).setUp() - - self.admin_user = get_user_model().objects.create_superuser( - username=TEST_ADMIN_USERNAME, email=TEST_ADMIN_EMAIL, - password=TEST_ADMIN_PASSWORD - ) - - self.client.login( - username=TEST_ADMIN_USERNAME, password=TEST_ADMIN_PASSWORD - ) + self.login_user() def _create_metadata_type(self): self.metadata_type = MetadataType.objects.create( label=TEST_METADATA_TYPE_LABEL, name=TEST_METADATA_TYPE_NAME ) - def test_metadata_type_create(self): - response = self.client.post( - reverse('rest_api:metadatatype-list'), data={ + def _request_metadata_type_create_view(self): + return self.post( + viewname='rest_api:metadatatype-list', data={ 'label': TEST_METADATA_TYPE_LABEL, 'name': TEST_METADATA_TYPE_NAME } ) - metadata_type = MetadataType.objects.first() + def test_metadata_type_create_no_permission(self): + response = self._request_metadata_type_create_view() + self.assertEqual(response.status_code, status.HTTP_403_FORBIDDEN) + self.assertEqual(MetadataType.objects.count(), 0) - self.assertEqual(response.status_code, 201) + def test_metadata_type_create_with_permission(self): + self.grant_permission(permission=permission_metadata_type_create) + response = self._request_metadata_type_create_view() + self.assertEqual(response.status_code, status.HTTP_201_CREATED) + + metadata_type = MetadataType.objects.first() self.assertEqual(response.data['id'], metadata_type.pk) self.assertEqual(response.data['label'], TEST_METADATA_TYPE_LABEL) self.assertEqual(response.data['name'], TEST_METADATA_TYPE_NAME) @@ -56,79 +62,127 @@ class MetadataTypeAPITestCase(BaseAPITestCase): self.assertEqual(metadata_type.label, TEST_METADATA_TYPE_LABEL) self.assertEqual(metadata_type.name, TEST_METADATA_TYPE_NAME) - def test_metadata_type_delete(self): - self._create_metadata_type() - - response = self.client.delete( - reverse( - 'rest_api:metadatatype-detail', - args=(self.metadata_type.pk,) - ) + def _request_metadata_type_delete_view(self): + return self.delete( + viewname='rest_api:metadatatype-detail', + args=(self.metadata_type.pk,) ) - self.assertEqual(response.status_code, 204) + def test_metadata_type_delete_no_access(self): + self._create_metadata_type() + response = self._request_metadata_type_delete_view() + self.assertEqual(response.status_code, status.HTTP_403_FORBIDDEN) + self.assertEqual(MetadataType.objects.count(), 1) + def test_metadata_type_delete_with_access(self): + self._create_metadata_type() + self.grant_access( + permission=permission_metadata_type_delete, obj=self.metadata_type + ) + response = self._request_metadata_type_delete_view() + self.assertEqual(response.status_code, status.HTTP_204_NO_CONTENT) self.assertEqual(MetadataType.objects.count(), 0) - def test_metadata_type_detail_view(self): - self._create_metadata_type() - - response = self.client.get( - reverse( - 'rest_api:metadatatype-detail', - args=(self.metadata_type.pk,) - ) + def _request_metadata_type_detail_view(self): + return self.get( + viewname='rest_api:metadatatype-detail', + args=(self.metadata_type.pk,) ) - self.assertEqual(response.status_code, 200) + + def test_metadata_type_detail_view_no_access(self): + self._create_metadata_type() + response = self._request_metadata_type_detail_view() + self.assertEqual(response.status_code, status.HTTP_403_FORBIDDEN) + + def test_metadata_type_detail_view_with_access(self): + self._create_metadata_type() + self.grant_access( + permission=permission_metadata_type_view, obj=self.metadata_type + ) + response = self._request_metadata_type_detail_view() + self.assertEqual(response.status_code, status.HTTP_200_OK) + self.assertEqual( response.data['label'], TEST_METADATA_TYPE_LABEL ) - def test_metadata_type_patch_view(self): - self._create_metadata_type() - - response = self.client.patch( - reverse( - 'rest_api:metadatatype-detail', - args=(self.metadata_type.pk,) - ), data={ + def _request_metadata_type_edit_view_via_patch(self): + return self.patch( + viewname='rest_api:metadatatype-detail', + args=(self.metadata_type.pk,), data={ 'label': TEST_METADATA_TYPE_LABEL_2, 'name': TEST_METADATA_TYPE_NAME_2 } ) - self.assertEqual(response.status_code, 200) + def test_metadata_type_patch_view_no_access(self): + self._create_metadata_type() + response = self._request_metadata_type_edit_view_via_patch() + self.assertEqual(response.status_code, status.HTTP_403_FORBIDDEN) self.metadata_type.refresh_from_db() + self.assertEqual(self.metadata_type.label, TEST_METADATA_TYPE_LABEL) + self.assertEqual(self.metadata_type.name, TEST_METADATA_TYPE_NAME) + def test_metadata_type_patch_view_with_access(self): + self._create_metadata_type() + self.grant_access( + permission=permission_metadata_type_edit, obj=self.metadata_type + ) + response = self._request_metadata_type_edit_view_via_patch() + self.assertEqual(response.status_code, status.HTTP_200_OK) + + self.metadata_type.refresh_from_db() self.assertEqual(self.metadata_type.label, TEST_METADATA_TYPE_LABEL_2) self.assertEqual(self.metadata_type.name, TEST_METADATA_TYPE_NAME_2) - def test_metadata_type_put_view(self): - self._create_metadata_type() - - response = self.client.put( - reverse( - 'rest_api:metadatatype-detail', - args=(self.metadata_type.pk,) - ), data={ + def _request_metadata_type_edit_view_via_put(self): + return self.put( + viewname='rest_api:metadatatype-detail', + args=(self.metadata_type.pk,), data={ 'label': TEST_METADATA_TYPE_LABEL_2, 'name': TEST_METADATA_TYPE_NAME_2 } ) - self.assertEqual(response.status_code, 200) + def test_metadata_type_put_view_no_access(self): + self._create_metadata_type() + response = self._request_metadata_type_edit_view_via_put() + self.assertEqual(response.status_code, status.HTTP_403_FORBIDDEN) self.metadata_type.refresh_from_db() + self.assertEqual(self.metadata_type.label, TEST_METADATA_TYPE_LABEL) + self.assertEqual(self.metadata_type.name, TEST_METADATA_TYPE_NAME) + def test_metadata_type_put_view_with_access(self): + self._create_metadata_type() + self.grant_access( + permission=permission_metadata_type_edit, obj=self.metadata_type + ) + response = self._request_metadata_type_edit_view_via_put() + self.assertEqual(response.status_code, status.HTTP_200_OK) + + self.metadata_type.refresh_from_db() self.assertEqual(self.metadata_type.label, TEST_METADATA_TYPE_LABEL_2) self.assertEqual(self.metadata_type.name, TEST_METADATA_TYPE_NAME_2) - def test_metadata_type_list_view(self): - self._create_metadata_type() + def _request_metadata_type_list_view(self): + return self.get(viewname='rest_api:metadatatype-list') - response = self.client.get(reverse('rest_api:metadatatype-list')) - self.assertEqual(response.status_code, 200) + def test_metadata_type_list_view_no_access(self): + self._create_metadata_type() + response = self._request_metadata_type_list_view() + + self.assertEqual(response.status_code, status.HTTP_200_OK) + self.assertEqual(response.data['count'], 0) + + def test_metadata_type_list_view_with_access(self): + self._create_metadata_type() + self.grant_access( + permission=permission_metadata_type_view, obj=self.metadata_type + ) + response = self._request_metadata_type_list_view() + self.assertEqual(response.status_code, status.HTTP_200_OK) self.assertEqual( response.data['results'][0]['label'], TEST_METADATA_TYPE_LABEL ) @@ -137,15 +191,7 @@ class MetadataTypeAPITestCase(BaseAPITestCase): class DocumentTypeMetadataTypeAPITestCase(BaseAPITestCase): def setUp(self): super(DocumentTypeMetadataTypeAPITestCase, self).setUp() - - self.admin_user = get_user_model().objects.create_superuser( - username=TEST_ADMIN_USERNAME, email=TEST_ADMIN_EMAIL, - password=TEST_ADMIN_PASSWORD - ) - - self.client.login( - username=TEST_ADMIN_USERNAME, password=TEST_ADMIN_PASSWORD - ) + self.login_user() self.document_type = DocumentType.objects.create( label=TEST_DOCUMENT_TYPE_LABEL @@ -156,7 +202,6 @@ class DocumentTypeMetadataTypeAPITestCase(BaseAPITestCase): ) def tearDown(self): - self.admin_user.delete() self.document_type.delete() super(DocumentTypeMetadataTypeAPITestCase, self).tearDown() @@ -165,108 +210,129 @@ class DocumentTypeMetadataTypeAPITestCase(BaseAPITestCase): metadata_type=self.metadata_type, required=False ) - def test_document_type_metadata_type_create_view(self): - response = self.client.post( - reverse( - 'rest_api:documenttypemetadatatype-list', - args=(self.document_type.pk,) - ), data={ + def _request_document_type_metadata_type_create_view(self): + return self.post( + viewname='rest_api:documenttypemetadatatype-list', + args=(self.document_type.pk,), data={ 'metadata_type_pk': self.metadata_type.pk, 'required': False } ) - self.assertEqual(response.status_code, 201) + def test_document_type_metadata_type_create_view_no_access(self): + response = self._request_document_type_metadata_type_create_view() + self.assertEqual(response.status_code, status.HTTP_403_FORBIDDEN) + self.assertEqual(self.document_type.metadata.count(), 0) + def test_document_type_metadata_type_create_view_with_access(self): + self.grant_access( + permission=permission_document_type_edit, obj=self.document_type + ) + response = self._request_document_type_metadata_type_create_view() + self.assertEqual(response.status_code, status.HTTP_201_CREATED) document_type_metadata_type = DocumentTypeMetadataType.objects.first() - self.assertEqual(response.data['id'], document_type_metadata_type.pk) def test_document_type_metadata_type_create_dupicate_view(self): self._create_document_type_metadata_type() + self.grant_permission(permission=permission_document_type_edit) + response = self._request_document_type_metadata_type_create_view() - response = self.client.post( - reverse( - 'rest_api:documenttypemetadatatype-list', - args=(self.document_type.pk,) - ), data={ - 'metadata_type_pk': self.metadata_type.pk, 'required': False - } - ) - - self.assertEqual(response.status_code, 400) + self.assertEqual(response.status_code, status.HTTP_400_BAD_REQUEST) self.assertEqual(response.data.keys()[0], 'non_field_errors') - def test_document_type_metadata_type_delete_view(self): - self._create_document_type_metadata_type() - - response = self.client.delete( - reverse( - 'rest_api:documenttypemetadatatype-detail', - args=( - self.document_type.pk, self.document_type_metadata_type.pk, - ), + def _request_document_type_metadata_type_delete_view(self): + return self.delete( + viewname='rest_api:documenttypemetadatatype-detail', + args=( + self.document_type.pk, self.document_type_metadata_type.pk, ), ) - self.assertEqual(response.status_code, 204) + def test_document_type_metadata_type_delete_view_no_access(self): + self._create_document_type_metadata_type() + response = self._request_document_type_metadata_type_delete_view() + self.assertEqual(response.status_code, status.HTTP_403_FORBIDDEN) + self.assertEqual(self.document_type.metadata.count(), 1) + def test_document_type_metadata_type_delete_view_with_access(self): + self._create_document_type_metadata_type() + self.grant_access(permission=permission_document_type_edit, obj=self.document_type) + response = self._request_document_type_metadata_type_delete_view() + self.assertEqual(response.status_code, status.HTTP_204_NO_CONTENT) self.assertEqual(self.document_type.metadata.all().count(), 0) - def test_document_type_metadata_type_list_view(self): - self._create_document_type_metadata_type() - - response = self.client.get( - reverse( - 'rest_api:documenttypemetadatatype-list', - args=( - self.document_type.pk, - ), + def _request_document_type_metadata_type_list_view(self): + return self.get( + viewname='rest_api:documenttypemetadatatype-list', + args=( + self.document_type.pk, ), ) - self.assertEqual(response.status_code, 200) + def test_document_type_metadata_type_list_view_no_access(self): + self._create_document_type_metadata_type() + response = self._request_document_type_metadata_type_list_view() + self.assertEqual(response.status_code, status.HTTP_403_FORBIDDEN) + + def test_document_type_metadata_type_list_view_with_access(self): + self._create_document_type_metadata_type() + self.grant_access(permission=permission_document_type_view, obj=self.document_type) + response = self._request_document_type_metadata_type_list_view() + self.assertEqual(response.status_code, status.HTTP_200_OK) self.assertEqual( response.data['results'][0]['id'], self.document_type_metadata_type.pk ) - def test_document_type_metadata_type_patch_view(self): - self._create_document_type_metadata_type() - - response = self.client.patch( - reverse( - 'rest_api:documenttypemetadatatype-detail', - args=( - self.document_type.pk, self.document_type_metadata_type.pk, - ) + def _request_document_type_metadata_type_edit_view_via_patch(self): + return self.patch( + viewname='rest_api:documenttypemetadatatype-detail', + args=( + self.document_type.pk, self.document_type_metadata_type.pk, ), data={ 'required': True } ) + def test_document_type_metadata_type_patch_view_no_access(self): + self._create_document_type_metadata_type() + response = self._request_document_type_metadata_type_edit_view_via_patch() + self.assertEqual(response.status_code, status.HTTP_403_FORBIDDEN) document_type_metadata_type = DocumentTypeMetadataType.objects.first() + self.assertFalse(document_type_metadata_type.required, True) - self.assertEqual(response.status_code, 200) + def test_document_type_metadata_type_patch_view_with_access(self): + self._create_document_type_metadata_type() + self.grant_access(permission=permission_document_type_edit, obj=self.document_type) + response = self._request_document_type_metadata_type_edit_view_via_patch() + self.assertEqual(response.status_code, status.HTTP_200_OK) + document_type_metadata_type = DocumentTypeMetadataType.objects.first() self.assertEqual(document_type_metadata_type.required, True) - def test_document_type_metadata_type_put_view(self): - self._create_document_type_metadata_type() - - response = self.client.put( - reverse( - 'rest_api:documenttypemetadatatype-detail', - args=( - self.document_type.pk, self.document_type_metadata_type.pk, - ) + def _request_document_type_metadata_type_edit_view_via_put(self): + return self.put( + viewname='rest_api:documenttypemetadatatype-detail', + args=( + self.document_type.pk, self.document_type_metadata_type.pk, ), data={ 'required': True } ) + def test_document_type_metadata_type_put_view_no_access(self): + self._create_document_type_metadata_type() + response = self._request_document_type_metadata_type_edit_view_via_put() + self.assertEqual(response.status_code, status.HTTP_403_FORBIDDEN) document_type_metadata_type = DocumentTypeMetadataType.objects.first() + self.assertFalse(document_type_metadata_type.required, True) - self.assertEqual(response.status_code, 200) + def test_document_type_metadata_type_put_view_with_access(self): + self._create_document_type_metadata_type() + self.grant_access(permission=permission_document_type_edit, obj=self.document_type) + response = self._request_document_type_metadata_type_edit_view_via_put() + self.assertEqual(response.status_code, status.HTTP_200_OK) + document_type_metadata_type = DocumentTypeMetadataType.objects.first() self.assertEqual(document_type_metadata_type.required, True) @@ -274,15 +340,7 @@ class DocumentMetadataAPITestCase(BaseAPITestCase): @override_settings(OCR_AUTO_OCR=False) def setUp(self): super(DocumentMetadataAPITestCase, self).setUp() - - self.admin_user = get_user_model().objects.create_superuser( - username=TEST_ADMIN_USERNAME, email=TEST_ADMIN_EMAIL, - password=TEST_ADMIN_PASSWORD - ) - - self.client.login( - username=TEST_ADMIN_USERNAME, password=TEST_ADMIN_PASSWORD - ) + self.login_user() self.document_type = DocumentType.objects.create( label=TEST_DOCUMENT_TYPE_LABEL @@ -302,7 +360,6 @@ class DocumentMetadataAPITestCase(BaseAPITestCase): ) def tearDown(self): - self.admin_user.delete() self.document_type.delete() super(DocumentMetadataAPITestCase, self).tearDown() @@ -311,83 +368,84 @@ class DocumentMetadataAPITestCase(BaseAPITestCase): metadata_type=self.metadata_type, value=TEST_METADATA_VALUE ) - def test_document_metadata_create_view(self): - response = self.client.post( - reverse( - 'rest_api:documentmetadata-list', - args=(self.document.pk,) - ), data={ + def _request_document_metadata_create_view(self): + return self.post( + viewname='rest_api:documentmetadata-list', + args=(self.document.pk,), data={ 'metadata_type_pk': self.metadata_type.pk, 'value': TEST_METADATA_VALUE } ) + def test_document_metadata_create_view_no_access(self): + response = self._request_document_metadata_create_view() + self.assertEqual(response.status_code, status.HTTP_403_FORBIDDEN) + self.assertEqual(self.document.metadata.count(), 0) + + def test_document_metadata_create_view_with_access(self): + self.grant_access(permission=permission_metadata_document_add, obj=self.document) + response = self._request_document_metadata_create_view() + self.assertEqual(response.status_code, status.HTTP_201_CREATED) document_metadata = self.document.metadata.first() - - self.assertEqual(response.status_code, 201) - self.assertEqual(response.data['id'], document_metadata.pk) - self.assertEqual(document_metadata.metadata_type, self.metadata_type) self.assertEqual(document_metadata.value, TEST_METADATA_VALUE) def test_document_metadata_create_duplicate_view(self): self._create_document_metadata() - - response = self.client.post( - reverse( - 'rest_api:documentmetadata-list', - args=(self.document.pk,) - ), data={ - 'metadata_type_pk': self.metadata_type.pk, - 'value': TEST_METADATA_VALUE - } - ) - - self.assertEqual(response.status_code, 400) + self.grant_permission(permission=permission_metadata_document_add) + response = self._request_document_metadata_create_view() + self.assertEqual(response.status_code, status.HTTP_400_BAD_REQUEST) self.assertEqual(response.data.keys()[0], 'non_field_errors') def test_document_metadata_create_invalid_lookup_value_view(self): self.metadata_type.lookup = 'invalid,lookup,values,on,purpose' self.metadata_type.save() - - response = self.client.post( - reverse( - 'rest_api:documentmetadata-list', - args=(self.document.pk,) - ), data={ - 'metadata_type_pk': self.metadata_type.pk, - 'value': TEST_METADATA_VALUE - } - ) - self.assertEqual(response.status_code, 400) + self.grant_permission(permission=permission_metadata_document_add) + response = self._request_document_metadata_create_view() + self.assertEqual(response.status_code, status.HTTP_400_BAD_REQUEST) self.assertEqual(response.data.keys()[0], 'non_field_errors') - def test_document_metadata_delete_view(self): - self._create_document_metadata() - - response = self.client.delete( - reverse( - 'rest_api:documentmetadata-detail', - args=(self.document.pk, self.document_metadata.pk,) - ) + def _request_document_metadata_delete_view(self): + return self.delete( + viewname='rest_api:documentmetadata-detail', + args=(self.document.pk, self.document_metadata.pk,) ) - self.assertEqual(response.status_code, 204) + def test_document_metadata_delete_view_no_access(self): + self._create_document_metadata() + response = self._request_document_metadata_delete_view() + self.assertEqual(response.status_code, status.HTTP_403_FORBIDDEN) + self.assertEqual(self.document.metadata.all().count(), 1) + def test_document_metadata_delete_view_with_access(self): + self._create_document_metadata() + self.grant_access( + permission=permission_metadata_document_remove, obj=self.document + ) + response = self._request_document_metadata_delete_view() + self.assertEqual(response.status_code, status.HTTP_204_NO_CONTENT) self.assertEqual(self.document.metadata.all().count(), 0) - def test_document_metadata_list_view(self): - self._create_document_metadata() - - response = self.client.get( - reverse( - 'rest_api:documentmetadata-list', args=(self.document.pk,) + def _request_document_metadata_list_view(self): + return self.get( + viewname='rest_api:documentmetadata-list', args=( + self.document.pk, ) ) - self.assertEqual(response.status_code, 200) + def test_document_metadata_list_view_no_access(self): + self._create_document_metadata() + response = self._request_document_metadata_list_view() + self.assertEqual(response.status_code, status.HTTP_403_FORBIDDEN) + def test_document_metadata_list_view_with_access(self): + self._create_document_metadata() + self.grant_access( + permission=permission_metadata_document_view, obj=self.document + ) + response = self._request_document_metadata_list_view() + self.assertEqual(response.status_code, status.HTTP_200_OK) self.assertEqual( response.data['results'][0]['document']['id'], self.document.pk ) @@ -402,36 +460,62 @@ class DocumentMetadataAPITestCase(BaseAPITestCase): response.data['results'][0]['id'], self.document_metadata.pk ) - def test_document_metadata_patch_view(self): - self._create_document_metadata() - - response = self.client.patch( - reverse( - 'rest_api:documentmetadata-detail', - args=(self.document.pk, self.document_metadata.pk,) - ), data={ + def _request_document_metadata_edit_view_via_patch(self): + return self.patch( + viewname='rest_api:documentmetadata-detail', + args=(self.document.pk, self.document_metadata.pk,), data={ 'value': TEST_METADATA_VALUE_EDITED } ) - self.assertEqual(response.status_code, 200) + def test_document_metadata_patch_view_no_access(self): + self._create_document_metadata() + response = self._request_document_metadata_edit_view_via_patch() + self.assertEqual(response.status_code, status.HTTP_403_FORBIDDEN) + self.document_metadata.refresh_from_db() + self.assertEqual(self.document_metadata.value, TEST_METADATA_VALUE) + + def test_document_metadata_patch_view_with_access(self): + self._create_document_metadata() + self.grant_access( + permission=permission_metadata_document_edit, obj=self.document + ) + response = self._request_document_metadata_edit_view_via_patch() + self.assertEqual(response.status_code, status.HTTP_200_OK) + self.document_metadata.refresh_from_db() self.assertEqual( response.data['value'], TEST_METADATA_VALUE_EDITED ) + self.assertEqual( + self.document_metadata.value, TEST_METADATA_VALUE_EDITED + ) - def test_document_metadata_put_view(self): - self._create_document_metadata() - - response = self.client.put( - reverse( - 'rest_api:documentmetadata-detail', - args=(self.document.pk, self.document_metadata.pk,) - ), data={ + def _request_document_metadata_edit_view_via_put(self): + return self.put( + viewname='rest_api:documentmetadata-detail', + args=(self.document.pk, self.document_metadata.pk,), data={ 'value': TEST_METADATA_VALUE_EDITED } ) - self.assertEqual(response.status_code, 200) + def test_document_metadata_put_view_no_access(self): + self._create_document_metadata() + response = self._request_document_metadata_edit_view_via_put() + self.assertEqual(response.status_code, status.HTTP_403_FORBIDDEN) + self.document_metadata.refresh_from_db() + self.assertEqual(self.document_metadata.value, TEST_METADATA_VALUE) + + def test_document_metadata_put_view_with_access(self): + self._create_document_metadata() + self.grant_access( + permission=permission_metadata_document_edit, obj=self.document + ) + response = self._request_document_metadata_edit_view_via_put() + self.assertEqual(response.status_code, status.HTTP_200_OK) + self.document_metadata.refresh_from_db() self.assertEqual( response.data['value'], TEST_METADATA_VALUE_EDITED ) + self.assertEqual( + self.document_metadata.value, TEST_METADATA_VALUE_EDITED + )