Update the dynamic_search app API tests to conform with the new BaseAPITestCase class interface and
to include pass and fail test for each end point. Signed-off-by: Michael Price <loneviking72@gmail.com>
This commit is contained in:
Michael Price
committed by
Roberto Rosario
Roberto Rosario
parent
4834b9d491
commit
f53350a699
@@ -1,95 +1,121 @@
|
||||
from __future__ import unicode_literals
|
||||
|
||||
from django.contrib.auth import get_user_model
|
||||
from django.contrib.auth.models import Group
|
||||
from django.urls import reverse
|
||||
|
||||
from rest_framework import status
|
||||
|
||||
from rest_api.tests import BaseAPITestCase
|
||||
from user_management.tests.literals import (
|
||||
TEST_ADMIN_EMAIL, TEST_ADMIN_PASSWORD, TEST_ADMIN_USERNAME,
|
||||
TEST_GROUP_NAME
|
||||
)
|
||||
from user_management.tests.literals import TEST_GROUP_2_NAME
|
||||
|
||||
from ..classes import Permission
|
||||
from ..models import Role
|
||||
from ..permissions import permission_role_view
|
||||
from ..permissions import (
|
||||
permission_role_create, permission_role_delete,
|
||||
permission_role_edit, permission_role_view
|
||||
)
|
||||
|
||||
from .literals import TEST_ROLE_LABEL, TEST_ROLE_LABEL_EDITED
|
||||
from .literals import (
|
||||
TEST_ROLE_2_LABEL, TEST_ROLE_LABEL, TEST_ROLE_LABEL_EDITED
|
||||
)
|
||||
|
||||
|
||||
class PermissionAPITestCase(BaseAPITestCase):
|
||||
def setUp(self):
|
||||
super(PermissionAPITestCase, self).setUp()
|
||||
self.admin_user = get_user_model().objects.create_superuser(
|
||||
username=TEST_ADMIN_USERNAME, email=TEST_ADMIN_EMAIL,
|
||||
password=TEST_ADMIN_PASSWORD
|
||||
)
|
||||
|
||||
self.client.login(
|
||||
username=TEST_ADMIN_USERNAME, password=TEST_ADMIN_PASSWORD
|
||||
)
|
||||
|
||||
self.login_user()
|
||||
Permission.invalidate_cache()
|
||||
|
||||
def test_permissions_list_view(self):
|
||||
response = self.client.get(reverse('rest_api:permission-list'))
|
||||
self.assertEqual(response.status_code, 200)
|
||||
response = self.get(viewname='rest_api:permission-list')
|
||||
self.assertEqual(response.status_code, status.HTTP_200_OK)
|
||||
|
||||
def _create_role(self):
|
||||
self.role = Role.objects.create(label=TEST_ROLE_LABEL)
|
||||
# Role view
|
||||
|
||||
def test_roles_list_view(self):
|
||||
self._create_role()
|
||||
def test_roles_list_view_no_access(self):
|
||||
response = self.get(viewname='rest_api:role-list')
|
||||
self.assertEqual(response.status_code, status.HTTP_200_OK)
|
||||
self.assertEqual(response.data['count'], 0)
|
||||
|
||||
response = self.client.get(reverse('rest_api:role-list'))
|
||||
self.assertEqual(response.status_code, 200)
|
||||
self.assertEqual(response.data['results'][0]['label'], TEST_ROLE_LABEL)
|
||||
def test_roles_list_view_with_access(self):
|
||||
self.grant_access(
|
||||
permission=permission_role_view, obj=self.role
|
||||
)
|
||||
response = self.get(viewname='rest_api:role-list')
|
||||
self.assertEqual(response.status_code, status.HTTP_200_OK)
|
||||
self.assertEqual(response.data['count'], 1)
|
||||
self.assertEqual(response.data['results'][0]['label'], self.role.label)
|
||||
|
||||
# Role create
|
||||
|
||||
def _role_create_request(self, extra_data=None):
|
||||
data = {
|
||||
'label': TEST_ROLE_LABEL
|
||||
'label': TEST_ROLE_2_LABEL
|
||||
}
|
||||
|
||||
if extra_data:
|
||||
data.update(extra_data)
|
||||
|
||||
return self.client.post(
|
||||
reverse('rest_api:role-list'), data=data
|
||||
return self.post(
|
||||
viewname='rest_api:role-list', data=data
|
||||
)
|
||||
|
||||
def test_role_create_view(self):
|
||||
def test_role_create_view_no_permission(self):
|
||||
response = self._role_create_request()
|
||||
role = Role.objects.first()
|
||||
|
||||
self.assertEqual(response.status_code, 201)
|
||||
self.assertEqual(response.data, {'label': role.label, 'id': role.pk})
|
||||
self.assertEqual(response.status_code, status.HTTP_403_FORBIDDEN)
|
||||
self.assertEqual(Role.objects.count(), 1)
|
||||
self.assertEqual(role.label, TEST_ROLE_LABEL)
|
||||
|
||||
def test_role_create_view_with_permission(self):
|
||||
self.grant_permission(permission=permission_role_create)
|
||||
response = self._role_create_request()
|
||||
self.assertEqual(response.status_code, status.HTTP_201_CREATED)
|
||||
|
||||
role = Role.objects.get(label=TEST_ROLE_2_LABEL)
|
||||
self.assertEqual(response.data, {'label': role.label, 'id': role.pk})
|
||||
self.assertEqual(Role.objects.count(), 2)
|
||||
self.assertEqual(role.label, TEST_ROLE_2_LABEL)
|
||||
|
||||
def _create_group(self):
|
||||
self.group = Group.objects.create(name=TEST_GROUP_NAME)
|
||||
self.group_2 = Group.objects.create(name=TEST_GROUP_2_NAME)
|
||||
|
||||
def test_role_create_complex_view(self):
|
||||
def _request_role_create_with_extra_data(self):
|
||||
self._create_group()
|
||||
|
||||
response = self._role_create_request(
|
||||
return self._role_create_request(
|
||||
extra_data={
|
||||
'groups_pk_list': '{}'.format(self.group.pk),
|
||||
'groups_pk_list': '{}'.format(self.group_2.pk),
|
||||
'permissions_pk_list': '{}'.format(permission_role_view.pk)
|
||||
}
|
||||
)
|
||||
self.assertEqual(response.status_code, 201)
|
||||
|
||||
def test_role_create_complex_view_no_permission(self):
|
||||
response = self._request_role_create_with_extra_data()
|
||||
|
||||
self.assertEqual(response.status_code, status.HTTP_403_FORBIDDEN)
|
||||
self.assertEqual(Role.objects.count(), 1)
|
||||
self.assertEqual(Role.objects.first().label, TEST_ROLE_LABEL)
|
||||
self.assertEqual(
|
||||
list(Role.objects.values_list('label', flat=True)),
|
||||
[TEST_ROLE_LABEL]
|
||||
)
|
||||
|
||||
def test_role_create_complex_view_with_permission(self):
|
||||
self.grant_permission(permission=permission_role_create)
|
||||
response = self._request_role_create_with_extra_data()
|
||||
|
||||
self.assertEqual(response.status_code, status.HTTP_201_CREATED)
|
||||
self.assertEqual(Role.objects.count(), 2)
|
||||
role = Role.objects.get(label=TEST_ROLE_2_LABEL)
|
||||
self.assertEqual(role.label, TEST_ROLE_2_LABEL)
|
||||
self.assertQuerysetEqual(
|
||||
Role.objects.first().groups.all(), (repr(self.group),)
|
||||
role.groups.all(), (repr(self.group_2),)
|
||||
)
|
||||
self.assertQuerysetEqual(
|
||||
Role.objects.first().permissions.all(),
|
||||
role.permissions.all(),
|
||||
(repr(permission_role_view.stored_permission),)
|
||||
)
|
||||
|
||||
def _role_edit_request(self, extra_data=None, request_type='patch'):
|
||||
# Role edit
|
||||
|
||||
def _request_role_edit(self, extra_data=None, request_type='patch'):
|
||||
data = {
|
||||
'label': TEST_ROLE_LABEL_EDITED
|
||||
}
|
||||
@@ -97,72 +123,125 @@ class PermissionAPITestCase(BaseAPITestCase):
|
||||
if extra_data:
|
||||
data.update(extra_data)
|
||||
|
||||
return getattr(self.client, request_type)(
|
||||
reverse('rest_api:role-detail', args=(self.role.pk,)), data=data
|
||||
return getattr(self, request_type)(
|
||||
viewname='rest_api:role-detail', args=(self.role.pk,),
|
||||
data=data
|
||||
)
|
||||
|
||||
def test_role_edit_via_patch(self):
|
||||
self._create_role()
|
||||
response = self._role_edit_request()
|
||||
self.assertEqual(response.status_code, 200)
|
||||
self.assertEqual(Role.objects.first().label, TEST_ROLE_LABEL_EDITED)
|
||||
def test_role_edit_via_patch_no_access(self):
|
||||
response = self._request_role_edit(request_type='patch')
|
||||
self.assertEqual(response.status_code, status.HTTP_403_FORBIDDEN)
|
||||
self.role.refresh_from_db()
|
||||
self.assertEqual(self.role.label, TEST_ROLE_LABEL)
|
||||
|
||||
def test_role_edit_complex_via_patch(self):
|
||||
Role.objects.all().delete()
|
||||
Group.objects.all().delete()
|
||||
def test_role_edit_via_patch_with_access(self):
|
||||
self.grant_access(permission=permission_role_edit, obj=self.role)
|
||||
response = self._request_role_edit(request_type='patch')
|
||||
self.assertEqual(response.status_code, status.HTTP_200_OK)
|
||||
self.role.refresh_from_db()
|
||||
self.assertEqual(self.role.label, TEST_ROLE_LABEL_EDITED)
|
||||
|
||||
self._create_role()
|
||||
def _request_role_edit_via_patch_with_extra_data(self):
|
||||
self._create_group()
|
||||
|
||||
response = self._role_edit_request(
|
||||
return self._request_role_edit(
|
||||
extra_data={
|
||||
'groups_pk_list': '{}'.format(self.group.pk),
|
||||
'groups_pk_list': '{}'.format(self.group_2.pk),
|
||||
'permissions_pk_list': '{}'.format(permission_role_view.pk)
|
||||
}
|
||||
},
|
||||
request_type='patch'
|
||||
)
|
||||
self.assertEqual(response.status_code, 200)
|
||||
self.assertEqual(Role.objects.first().label, TEST_ROLE_LABEL_EDITED)
|
||||
|
||||
def test_role_edit_complex_via_patch_no_access(self):
|
||||
response = self._request_role_edit_via_patch_with_extra_data()
|
||||
|
||||
self.assertEqual(response.status_code, status.HTTP_403_FORBIDDEN)
|
||||
self.role.refresh_from_db()
|
||||
self.assertEqual(self.role.label, TEST_ROLE_LABEL)
|
||||
|
||||
self.assertQuerysetEqual(
|
||||
Role.objects.first().groups.all(), (repr(self.group),)
|
||||
self.role.groups.all(), (repr(self.group),)
|
||||
)
|
||||
self.assertQuerysetEqual(self.role.permissions.all(), ())
|
||||
|
||||
def test_role_edit_complex_via_patch_with_access(self):
|
||||
self.grant_access(permission=permission_role_edit, obj=self.role)
|
||||
response = self._request_role_edit_via_patch_with_extra_data()
|
||||
|
||||
self.assertEqual(response.status_code, status.HTTP_200_OK)
|
||||
self.role.refresh_from_db()
|
||||
self.assertEqual(self.role.label, TEST_ROLE_LABEL_EDITED)
|
||||
self.assertQuerysetEqual(
|
||||
self.role.groups.all(), (repr(self.group_2),)
|
||||
)
|
||||
self.assertQuerysetEqual(
|
||||
Role.objects.first().permissions.all(),
|
||||
self.role.permissions.all(),
|
||||
(repr(permission_role_view.stored_permission),)
|
||||
)
|
||||
|
||||
def test_role_edit_via_put(self):
|
||||
self._create_role()
|
||||
response = self._role_edit_request(request_type='put')
|
||||
self.assertEqual(response.status_code, 200)
|
||||
self.assertEqual(Role.objects.first().label, TEST_ROLE_LABEL_EDITED)
|
||||
def test_role_edit_via_put_no_access(self):
|
||||
response = self._request_role_edit(request_type='put')
|
||||
self.assertEqual(response.status_code, status.HTTP_403_FORBIDDEN)
|
||||
self.role.refresh_from_db()
|
||||
self.assertEqual(self.role.label, TEST_ROLE_LABEL)
|
||||
|
||||
def test_role_edit_complex_via_put(self):
|
||||
Role.objects.all().delete()
|
||||
Group.objects.all().delete()
|
||||
def test_role_edit_via_put_with_access(self):
|
||||
self.grant_access(permission=permission_role_edit, obj=self.role)
|
||||
response = self._request_role_edit(request_type='put')
|
||||
self.assertEqual(response.status_code, status.HTTP_200_OK)
|
||||
self.role.refresh_from_db()
|
||||
self.assertEqual(self.role.label, TEST_ROLE_LABEL_EDITED)
|
||||
|
||||
self._create_role()
|
||||
def _request_role_edit_via_put_with_extra_data(self):
|
||||
self._create_group()
|
||||
|
||||
response = self._role_edit_request(
|
||||
return self._request_role_edit(
|
||||
extra_data={
|
||||
'groups_pk_list': '{}'.format(self.group.pk),
|
||||
'groups_pk_list': '{}'.format(self.group_2.pk),
|
||||
'permissions_pk_list': '{}'.format(permission_role_view.pk)
|
||||
}, request_type='put'
|
||||
)
|
||||
self.assertEqual(response.status_code, 200)
|
||||
self.assertEqual(Role.objects.first().label, TEST_ROLE_LABEL_EDITED)
|
||||
|
||||
def test_role_edit_complex_via_put_no_access(self):
|
||||
response = self._request_role_edit_via_put_with_extra_data()
|
||||
self.assertEqual(response.status_code, status.HTTP_403_FORBIDDEN)
|
||||
self.role.refresh_from_db()
|
||||
self.assertEqual(self.role.label, TEST_ROLE_LABEL)
|
||||
self.assertQuerysetEqual(
|
||||
Role.objects.first().groups.all(), (repr(self.group),)
|
||||
self.role.groups.all(), (repr(self.group),)
|
||||
)
|
||||
self.assertQuerysetEqual(
|
||||
Role.objects.first().permissions.all(),
|
||||
self.role.permissions.all(),
|
||||
()
|
||||
)
|
||||
|
||||
def test_role_edit_complex_via_put_with_access(self):
|
||||
self.grant_access(permission=permission_role_edit, obj=self.role)
|
||||
response = self._request_role_edit_via_put_with_extra_data()
|
||||
self.assertEqual(response.status_code, status.HTTP_200_OK)
|
||||
self.role.refresh_from_db()
|
||||
self.assertEqual(self.role.label, TEST_ROLE_LABEL_EDITED)
|
||||
self.assertQuerysetEqual(
|
||||
self.role.groups.all(), (repr(self.group_2),)
|
||||
)
|
||||
self.assertQuerysetEqual(
|
||||
self.role.permissions.all(),
|
||||
(repr(permission_role_view.stored_permission),)
|
||||
)
|
||||
|
||||
def test_role_delete_view(self):
|
||||
self._create_role()
|
||||
response = self.client.delete(
|
||||
reverse('rest_api:role-detail', args=(self.role.pk,))
|
||||
# Role delete
|
||||
|
||||
def _request_role_delete_view(self):
|
||||
return self.delete(
|
||||
viewname='rest_api:role-detail', args=(self.role.pk,)
|
||||
)
|
||||
self.assertEqual(response.status_code, 204)
|
||||
|
||||
def test_role_delete_view_no_access(self):
|
||||
response = self._request_role_delete_view()
|
||||
self.assertEqual(response.status_code, status.HTTP_403_FORBIDDEN)
|
||||
self.assertEqual(Role.objects.count(), 1)
|
||||
|
||||
def test_role_delete_view_with_access(self):
|
||||
self.grant_access(permission=permission_role_delete, obj=self.role)
|
||||
response = self._request_role_delete_view()
|
||||
self.assertEqual(response.status_code, status.HTTP_204_NO_CONTENT)
|
||||
self.assertEqual(Role.objects.count(), 0)
|
||||
|
||||
Reference in New Issue
Block a user