From bfa7950d6ad8cc0efa4b58acbebbc24ecde0ca42 Mon Sep 17 00:00:00 2001 From: Michael Price Date: Mon, 19 Feb 2018 20:02:02 -0400 Subject: [PATCH] Update the MOTD app API tests to test with and without permissions. Update the API tests to conform with the API test class interface. Signed-off-by: Michael Price --- mayan/apps/motd/tests/test_api.py | 137 ++++++++++++++++++++---------- 1 file changed, 91 insertions(+), 46 deletions(-) diff --git a/mayan/apps/motd/tests/test_api.py b/mayan/apps/motd/tests/test_api.py index c8f49ffd15..d1170aea36 100644 --- a/mayan/apps/motd/tests/test_api.py +++ b/mayan/apps/motd/tests/test_api.py @@ -1,15 +1,16 @@ from __future__ import unicode_literals -from django.contrib.auth import get_user_model from django.test import override_settings -from django.urls import reverse + +from rest_framework import status from rest_api.tests import BaseAPITestCase -from user_management.tests.literals import ( - TEST_ADMIN_EMAIL, TEST_ADMIN_PASSWORD, TEST_ADMIN_USERNAME -) from ..models import Message +from ..permissions import ( + permission_message_create, permission_message_delete, + permission_message_edit, permission_message_view +) from .literals import ( TEST_LABEL, TEST_LABEL_EDITED, TEST_MESSAGE, TEST_MESSAGE_EDITED @@ -20,28 +21,30 @@ from .literals import ( class MOTDAPITestCase(BaseAPITestCase): def setUp(self): super(MOTDAPITestCase, self).setUp() - - self.admin_user = get_user_model().objects.create_superuser( - username=TEST_ADMIN_USERNAME, email=TEST_ADMIN_EMAIL, - password=TEST_ADMIN_PASSWORD - ) - - self.client.login( - username=TEST_ADMIN_USERNAME, password=TEST_ADMIN_PASSWORD - ) + self.login_user() def _create_message(self): return Message.objects.create( label=TEST_LABEL, message=TEST_MESSAGE ) - def test_message_create_view(self): - response = self.client.post( - reverse('rest_api:message-list'), { + def _request_message_create_view(self): + return self.post( + viewname='rest_api:message-list', data={ 'label': TEST_LABEL, 'message': TEST_MESSAGE } ) + def test_message_create_view_no_permission(self): + response = self._request_message_create_view() + self.assertEqual(response.status_code, status.HTTP_403_FORBIDDEN) + self.assertEqual(Message.objects.count(), 0) + + def test_message_create_view_with_permission(self): + self.grant_permission(permission=permission_message_create) + response = self._request_message_create_view() + self.assertEqual(response.status_code, status.HTTP_201_CREATED) + message = Message.objects.first() self.assertEqual(response.data['id'], message.pk) self.assertEqual(response.data['label'], TEST_LABEL) @@ -51,54 +54,96 @@ class MOTDAPITestCase(BaseAPITestCase): self.assertEqual(message.label, TEST_LABEL) self.assertEqual(message.message, TEST_MESSAGE) - def test_message_delete_view(self): - message = self._create_message() - - self.client.delete( - reverse('rest_api:message-detail', args=(message.pk,)) + def _request_message_delete_view(self): + return self.delete( + viewname='rest_api:message-detail', args=(self.message.pk,) ) + def test_message_delete_view_no_access(self): + self.message = self._create_message() + response = self._request_message_delete_view() + self.assertEqual(response.status_code, status.HTTP_404_NOT_FOUND) + self.assertEqual(Message.objects.count(), 1) + + def test_message_delete_view_with_access(self): + self.message = self._create_message() + self.grant_access(permission=permission_message_delete, obj=self.message) + response = self._request_message_delete_view() + self.assertEqual(response.status_code, status.HTTP_204_NO_CONTENT) self.assertEqual(Message.objects.count(), 0) - def test_message_detail_view(self): - message = self._create_message() - - response = self.client.get( - reverse('rest_api:message-detail', args=(message.pk,)) + def _request_message_detail_view(self): + return self.get( + viewname='rest_api:message-detail', args=(self.message.pk,) ) - self.assertEqual( - response.data['label'], TEST_LABEL - ) + def test_message_detail_view_no_access(self): + self.message = self._create_message() + response = self._request_message_detail_view() + self.assertEqual(response.status_code, status.HTTP_404_NOT_FOUND) - def test_message_patch_view(self): - message = self._create_message() + def test_message_detail_view_with_access(self): + self.message = self._create_message() + self.grant_access(permission=permission_message_view, obj=self.message) + response = self._request_message_detail_view() + self.assertEqual(response.status_code, status.HTTP_200_OK) - self.client.patch( - reverse('rest_api:message-detail', args=(message.pk,)), - { + self.assertEqual(response.data['label'], TEST_LABEL) + + def _request_message_edit_via_patch_view(self): + return self.patch( + viewname='rest_api:message-detail', args=(self.message.pk,), + data={ 'label': TEST_LABEL_EDITED, 'message': TEST_MESSAGE_EDITED } ) - message.refresh_from_db() + def test_message_edit_via_patch_view_no_access(self): + self.message = self._create_message() + response = self._request_message_edit_via_patch_view() + self.assertEqual(response.status_code, status.HTTP_404_NOT_FOUND) - self.assertEqual(message.label, TEST_LABEL_EDITED) - self.assertEqual(message.message, TEST_MESSAGE_EDITED) + self.message.refresh_from_db() - def test_message_put_view(self): - message = self._create_message() + self.assertEqual(self.message.label, TEST_LABEL) + self.assertEqual(self.message.message, TEST_MESSAGE) - self.client.put( - reverse('rest_api:message-detail', args=(message.pk,)), - { + def test_message_edit_via_patch_view_with_access(self): + self.message = self._create_message() + self.grant_access(permission=permission_message_edit, obj=self.message) + response = self._request_message_edit_via_patch_view() + self.assertEqual(response.status_code, status.HTTP_200_OK) + + self.message.refresh_from_db() + self.assertEqual(self.message.label, TEST_LABEL_EDITED) + self.assertEqual(self.message.message, TEST_MESSAGE_EDITED) + + def _request_message_edit_via_put_view(self): + return self.put( + viewname='rest_api:message-detail', args=(self.message.pk,), + data={ 'label': TEST_LABEL_EDITED, 'message': TEST_MESSAGE_EDITED } ) - message.refresh_from_db() + def test_message_edit_via_put_view_no_access(self): + self.message = self._create_message() + response = self._request_message_edit_via_put_view() + self.assertEqual(response.status_code, status.HTTP_404_NOT_FOUND) - self.assertEqual(message.label, TEST_LABEL_EDITED) - self.assertEqual(message.message, TEST_MESSAGE_EDITED) + self.message.refresh_from_db() + + self.assertEqual(self.message.label, TEST_LABEL) + self.assertEqual(self.message.message, TEST_MESSAGE) + + def test_message_edit_via_put_view_with_access(self): + self.message = self._create_message() + self.grant_access(permission=permission_message_edit, obj=self.message) + response = self._request_message_edit_via_put_view() + self.assertEqual(response.status_code, status.HTTP_200_OK) + + self.message.refresh_from_db() + self.assertEqual(self.message.label, TEST_LABEL_EDITED) + self.assertEqual(self.message.message, TEST_MESSAGE_EDITED)