Update the django_gpg app APIs to check for user access. Update corresponding tests.
Signed-off-by: Michael Price <loneviking72@gmail.com>
This commit is contained in:
Michael Price
committed by
Roberto Rosario
Roberto Rosario
parent
d3e4876511
commit
57bb282dbc
@@ -14,10 +14,8 @@ from .serializers import KeySerializer
|
||||
|
||||
class APIKeyListView(generics.ListCreateAPIView):
|
||||
filter_backends = (MayanObjectPermissionsFilter,)
|
||||
mayan_object_permissions = {
|
||||
'GET': (permission_key_view,),
|
||||
'POST': (permission_key_upload,)
|
||||
}
|
||||
mayan_object_permissions = {'GET': (permission_key_view,)}
|
||||
mayan_view_permissions = {'POST': (permission_key_upload,)}
|
||||
permission_classes = (MayanPermission,)
|
||||
queryset = Key.objects.all()
|
||||
serializer_class = KeySerializer
|
||||
|
||||
@@ -1,15 +1,15 @@
|
||||
from __future__ import unicode_literals
|
||||
|
||||
from django.contrib.auth import get_user_model
|
||||
from django.test import override_settings
|
||||
from django.urls import reverse
|
||||
|
||||
from rest_framework import status
|
||||
|
||||
from rest_api.tests import BaseAPITestCase
|
||||
from user_management.tests.literals import (
|
||||
TEST_ADMIN_EMAIL, TEST_ADMIN_PASSWORD, TEST_ADMIN_USERNAME
|
||||
)
|
||||
|
||||
from ..models import Key
|
||||
from ..permissions import (
|
||||
permission_key_delete, permission_key_upload, permission_key_view
|
||||
)
|
||||
|
||||
from .literals import TEST_KEY_DATA, TEST_KEY_FINGERPRINT
|
||||
|
||||
@@ -18,42 +18,80 @@ from .literals import TEST_KEY_DATA, TEST_KEY_FINGERPRINT
|
||||
class KeyAPITestCase(BaseAPITestCase):
|
||||
def setUp(self):
|
||||
super(KeyAPITestCase, self).setUp()
|
||||
self.admin_user = get_user_model().objects.create_superuser(
|
||||
username=TEST_ADMIN_USERNAME, email=TEST_ADMIN_EMAIL,
|
||||
password=TEST_ADMIN_PASSWORD
|
||||
)
|
||||
|
||||
self.client.login(
|
||||
username=TEST_ADMIN_USERNAME, password=TEST_ADMIN_PASSWORD
|
||||
)
|
||||
self.login_user()
|
||||
|
||||
def _create_key(self):
|
||||
return Key.objects.create(key_data=TEST_KEY_DATA)
|
||||
|
||||
def test_key_create_view(self):
|
||||
response = self.client.post(
|
||||
reverse('rest_api:key-list'), {
|
||||
# Key creation by upload
|
||||
|
||||
def _request_key_create_view(self):
|
||||
return self.post(
|
||||
viewname='rest_api:key-list', data={
|
||||
'key_data': TEST_KEY_DATA
|
||||
}
|
||||
)
|
||||
|
||||
def test_key_create_view_no_permission(self):
|
||||
response = self._request_key_create_view()
|
||||
self.assertEqual(response.status_code, status.HTTP_403_FORBIDDEN)
|
||||
self.assertEqual(Key.objects.all().count(), 0)
|
||||
|
||||
def test_key_create_view_with_permission(self):
|
||||
self.grant_permission(permission=permission_key_upload)
|
||||
|
||||
response = self._request_key_create_view()
|
||||
|
||||
self.assertEqual(response.status_code, status.HTTP_201_CREATED)
|
||||
self.assertEqual(response.data['fingerprint'], TEST_KEY_FINGERPRINT)
|
||||
|
||||
key = Key.objects.first()
|
||||
self.assertEqual(Key.objects.count(), 1)
|
||||
self.assertEqual(key.fingerprint, TEST_KEY_FINGERPRINT)
|
||||
|
||||
def test_key_delete_view(self):
|
||||
key = self._create_key()
|
||||
# Key deletion
|
||||
|
||||
self.client.delete(reverse('rest_api:key-detail', args=(key.pk,)))
|
||||
|
||||
self.assertEqual(Key.objects.count(), 0)
|
||||
|
||||
def test_key_detail_view(self):
|
||||
key = self._create_key()
|
||||
|
||||
response = self.client.get(
|
||||
reverse('rest_api:key-detail', args=(key.pk,))
|
||||
def _request_key_delete_view(self):
|
||||
return self.delete(
|
||||
viewname='rest_api:key-detail', args=(self.key.pk,)
|
||||
)
|
||||
|
||||
self.assertEqual(response.data['fingerprint'], key.fingerprint)
|
||||
def test_key_delete_view_no_access(self):
|
||||
self.key = self._create_key()
|
||||
response = self._request_key_delete_view()
|
||||
self.assertEqual(response.status_code, status.HTTP_404_NOT_FOUND)
|
||||
self.assertEqual(Key.objects.count(), 1)
|
||||
|
||||
def test_key_delete_view_with_access(self):
|
||||
self.key = self._create_key()
|
||||
self.grant_access(
|
||||
permission=permission_key_delete, obj=self.key
|
||||
)
|
||||
response = self._request_key_delete_view()
|
||||
self.assertEqual(response.status_code, status.HTTP_204_NO_CONTENT)
|
||||
self.assertEqual(Key.objects.count(), 0)
|
||||
|
||||
# Key detail
|
||||
|
||||
def _request_key_detail_view(self):
|
||||
return self.get(
|
||||
viewname='rest_api:key-detail', args=(self.key.pk,)
|
||||
)
|
||||
|
||||
def test_key_detail_view_no_access(self):
|
||||
self.key = self._create_key()
|
||||
response = self._request_key_detail_view()
|
||||
|
||||
self.assertEqual(response.status_code, status.HTTP_404_NOT_FOUND)
|
||||
|
||||
def test_key_detail_view_with_access(self):
|
||||
self.key = self._create_key()
|
||||
self.grant_access(
|
||||
permission=permission_key_view, obj=self.key
|
||||
)
|
||||
response = self._request_key_detail_view()
|
||||
self.assertEqual(response.status_code, status.HTTP_200_OK)
|
||||
|
||||
self.assertEqual(
|
||||
response.data['fingerprint'], self.key.fingerprint
|
||||
)
|
||||
|
||||
Reference in New Issue
Block a user