matthias/mayan-edms
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Add document comment API tests to check with and without access. Update tests to latest API test class interface.

Browse Source 
Signed-off-by: Michael Price <loneviking72@gmail.com>
This commit is contained in:
Michael Price
2018-03-14 15:26:23 -04:00
committed by Roberto Rosario
parent 5d2d821c6e
commit 3fc9a14015
1 changed files with 72 additions and 40 deletions
Download Patch File Download Diff File Expand all files Collapse all files

112
mayan/apps/document_comments/tests/test_api.py
View File

@@ -1,36 +1,29 @@
from __future__ import unicode_literals
from django.contrib.auth import get_user_model
from django.test import override_settings
from django.urls import reverse
from rest_framework.test import APITestCase
from rest_framework import status
from documents.models import DocumentType
from documents.tests.literals import (
TEST_DOCUMENT_TYPE_LABEL, TEST_SMALL_DOCUMENT_PATH
)
from user_management.tests.literals import (
TEST_ADMIN_EMAIL, TEST_ADMIN_PASSWORD, TEST_ADMIN_USERNAME
)
from rest_api.tests import BaseAPITestCase
from ..models import Comment
from ..permissions import (
permission_comment_create, permission_comment_delete,
permission_comment_view
)
from .literals import TEST_COMMENT_TEXT
@override_settings(OCR_AUTO_OCR=False)
class CommentAPITestCase(APITestCase):
class CommentAPITestCase(BaseAPITestCase):
def setUp(self):
self.admin_user = get_user_model().objects.create_superuser(
username=TEST_ADMIN_USERNAME, email=TEST_ADMIN_EMAIL,
password=TEST_ADMIN_PASSWORD
)
self.client.login(
username=TEST_ADMIN_USERNAME, password=TEST_ADMIN_PASSWORD
)
super(CommentAPITestCase, self).setUp()
self.login_user()
self.document_type = DocumentType.objects.create(
label=TEST_DOCUMENT_TYPE_LABEL
)
@@ -43,55 +36,94 @@ class CommentAPITestCase(APITestCase):
def tearDown(self):
if hasattr(self, 'document_type'):
self.document_type.delete()
super(CommentAPITestCase, self).tearDown()
def _create_comment(self):
return self.document.comments.create(
comment=TEST_COMMENT_TEXT, user=self.admin_user
)
def test_comment_create_view(self):
response = self.client.post(
reverse(
'rest_api:comment-list', args=(self.document.pk,)
), {
def _request_comment_create_view(self):
return self.post(
viewname='rest_api:comment-list', args=(self.document.pk,),
data={
'comment': TEST_COMMENT_TEXT
}
)
self.assertEqual(response.status_code, 201)
def test_comment_create_view_no_access(self):
response = self._request_comment_create_view()
self.assertEqual(response.status_code, status.HTTP_403_FORBIDDEN)
self.assertEqual(Comment.objects.count(), 0)
def test_comment_create_view_with_access(self):
self.grant_access(permission=permission_comment_create, obj=self.document)
response = self._request_comment_create_view()
self.assertEqual(response.status_code, status.HTTP_201_CREATED)
comment = Comment.objects.first()
self.assertEqual(Comment.objects.count(), 1)
self.assertEqual(response.data['id'], comment.pk)
def test_comment_delete_view(self):
comment = self._create_comment()
self.client.delete(
reverse(
'rest_api:comment-detail', args=(self.document.pk, comment.pk,)
def _request_comment_delete_view(self):
return self.delete(
viewname='rest_api:comment-detail', args=(
self.document.pk, self.comment.pk,
)
)
self.assertEqual(Comment.objects.count(), 0)
def test_comment_delete_view_no_access(self):
self.comment = self._create_comment()
response = self._request_comment_delete_view()
self.assertEqual(response.status_code, status.HTTP_403_FORBIDDEN)
self.assertTrue(self.comment in Comment.objects.all())
def test_comment_detail_view(self):
comment = self._create_comment()
def test_comment_delete_view_with_access(self):
self.comment = self._create_comment()
self.grant_access(
permission=permission_comment_delete, obj=self.document
)
response = self._request_comment_delete_view()
self.assertEqual(response.status_code, status.HTTP_204_NO_CONTENT)
self.assertFalse(self.comment in Comment.objects.all())
response = self.client.get(
reverse(
'rest_api:comment-detail', args=(self.document.pk, comment.pk,)
def _request_comment_view(self):
return self.get(
viewname='rest_api:comment-detail', args=(
self.document.pk, self.comment.pk,
)
)
self.assertEqual(response.data['comment'], comment.comment)
def test_comment_detail_view_no_access(self):
self.comment = self._create_comment()
response = self._request_comment_view()
self.assertEqual(response.status_code, status.HTTP_403_FORBIDDEN)
def test_comment_list_view(self):
comment = self._create_comment()
def test_comment_detail_view_with_access(self):
self.comment = self._create_comment()
self.grant_access(
permission=permission_comment_view, obj=self.document
)
response = self._request_comment_view()
self.assertEqual(response.status_code, status.HTTP_200_OK)
self.assertEqual(response.data['comment'], self.comment.comment)
response = self.client.get(
reverse('rest_api:comment-list', args=(self.document.pk,))
def _request_comment_list_view(self):
return self.get(
viewname='rest_api:comment-list', args=(self.document.pk,)
)
def test_comment_list_view_no_access(self):
self.comment = self._create_comment()
response = self._request_comment_list_view()
self.assertEqual(response.status_code, status.HTTP_403_FORBIDDEN)
def test_comment_list_view_with_access(self):
self.comment = self._create_comment()
self.grant_access(
permission=permission_comment_view, obj=self.document
)
response = self._request_comment_list_view()
self.assertEqual(response.status_code, status.HTTP_200_OK)
self.assertEqual(
response.data['results'][0]['comment'], comment.comment
response.data['results'][0]['comment'], self.comment.comment
)