matthias/mayan-edms
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
Files
cd9d51db9e72e48cc448f64e5967009fa8acc381
mayan-edms/mayan/apps/document_comments/tests/test_api.py
Roberto Rosario cd9d51db9e Improve document comment app 
Add keyword arguments to URL definitions and reverse resolution.
Raise HTTP error 404 instead of 403 to reduce the information
divulged. Add view tests.

Signed-off-by: Roberto Rosario <Roberto.Rosario@mayan-edms.com>
2018-12-30 02:26:23 -04:00

114 lines
4.1 KiB
Python
Raw Blame History

from __future__ import unicode_literals
from rest_framework import status
from mayan.apps.documents.tests import DocumentTestMixin
from mayan.apps.rest_api.tests import BaseAPITestCase
from ..models import Comment
from ..permissions import (
permission_comment_create, permission_comment_delete,
permission_comment_view
)
from .literals import TEST_COMMENT_TEXT
class CommentAPITestCase(DocumentTestMixin, BaseAPITestCase):
def setUp(self):
super(CommentAPITestCase, self).setUp()
self.login_user()
def _create_comment(self):
return self.document.comments.create(
comment=TEST_COMMENT_TEXT, user=self.admin_user
)
def _request_comment_create_view(self):
return self.post(
viewname='rest_api:comment-list', kwargs={'document_pk': self.document.pk},
data={
'comment': TEST_COMMENT_TEXT
}
)
def test_comment_create_view_no_access(self):
response = self._request_comment_create_view()
self.assertEqual(response.status_code, status.HTTP_403_FORBIDDEN)
self.assertEqual(Comment.objects.count(), 0)
def test_comment_create_view_with_access(self):
self.grant_access(permission=permission_comment_create, obj=self.document)
response = self._request_comment_create_view()
self.assertEqual(response.status_code, status.HTTP_201_CREATED)
comment = Comment.objects.first()
self.assertEqual(Comment.objects.count(), 1)
self.assertEqual(response.data['id'], comment.pk)
def _request_comment_delete_view(self):
return self.delete(
viewname='rest_api:comment-detail', kwargs={
'document_pk': self.document.pk,
'comment_pk': self.comment.pk
}
)
def test_comment_delete_view_no_access(self):
self.comment = self._create_comment()
response = self._request_comment_delete_view()
self.assertEqual(response.status_code, status.HTTP_403_FORBIDDEN)
self.assertTrue(self.comment in Comment.objects.all())
def test_comment_delete_view_with_access(self):
self.comment = self._create_comment()
self.grant_access(
permission=permission_comment_delete, obj=self.document
)
response = self._request_comment_delete_view()
self.assertEqual(response.status_code, status.HTTP_204_NO_CONTENT)
self.assertFalse(self.comment in Comment.objects.all())
def _request_comment_view(self):
return self.get(
viewname='rest_api:comment-detail', kwargs={
'document_pk': self.document.pk,
'comment_pk': self.comment.pk
}
)
def test_comment_detail_view_no_access(self):
self.comment = self._create_comment()
response = self._request_comment_view()
self.assertEqual(response.status_code, status.HTTP_403_FORBIDDEN)
def test_comment_detail_view_with_access(self):
self.comment = self._create_comment()
self.grant_access(
permission=permission_comment_view, obj=self.document
)
response = self._request_comment_view()
self.assertEqual(response.status_code, status.HTTP_200_OK)
self.assertEqual(response.data['comment'], self.comment.comment)
def _request_comment_list_view(self):
return self.get(
viewname='rest_api:comment-list',
kwargs={'document_pk': self.document.pk}
)
def test_comment_list_view_no_access(self):
self.comment = self._create_comment()
response = self._request_comment_list_view()
self.assertEqual(response.status_code, status.HTTP_403_FORBIDDEN)
def test_comment_list_view_with_access(self):
self.comment = self._create_comment()
self.grant_access(
permission=permission_comment_view, obj=self.document
)
response = self._request_comment_list_view()
self.assertEqual(response.status_code, status.HTTP_200_OK)
self.assertEqual(
response.data['results'][0]['comment'], self.comment.comment
)
Reference in New Issue View Git Blame Copy Permalink