def check_retrieve_permissions(self, user, instance):
response = self.client.get(instance.get_absolute_url(),
HTTP_ACCEPT='application/json',
format='json')
has_perm = user.has_perm(create_perm_str(self.model_class(), 'view'),
obj=instance)
if has_perm:
self.assertResponseOk(response)
else:
self.assertResponseNoPermission(instance, response)
def check_update_permissions(self, user, instance):
serialized = self.serializer_class(instance)
response = self.client.put(instance.get_absolute_url(),
serialized.data,
HTTP_ACCEPT='application/json',
format='json')
has_perm = user.has_perm(create_perm_str(instance, 'change'),
obj=instance)
if has_perm:
self.assertResponseOk(response)
elif instance.live:
self.assertResponsePermissionDenied(response)
else:
self.assertResponseNotFound(response)
def check_update(self):
for user in self.users_able_to_login:
codebase = self.instance_factory.create()
codebase.create_release(initialize=False)
codebase = Codebase.objects.get(pk=codebase.id)
self.with_logged_in(user, codebase, self.check_update_permissions)
assign_perm(create_perm_str(self.instance, 'change'),
user_or_group=user,
obj=codebase)
self.with_logged_in(user, codebase, self.check_update_permissions)
codebase = self.instance_factory.create()
codebase.create_release(initialize=False)
codebase = Codebase.objects.get(pk=codebase.id)
self.check_update_permissions(self.anonymous_user, codebase)
def check_destroy(self):
for user in self.users_able_to_login:
codebase = self.instance_factory.create()
self.instance.create_release(initialize=False)
codebase = Codebase.objects.get(pk=codebase.id)
self.with_logged_in(user, codebase,
self.check_destroy_method_not_allowed)
other_codebase = self.instance_factory.create()
other_codebase.create_release(initialize=False)
other_codebase = Codebase.objects.get(pk=other_codebase.id)
assign_perm(create_perm_str(other_codebase, 'delete'),
user_or_group=user,
obj=other_codebase)
self.with_logged_in(user, other_codebase,
self.check_destroy_method_not_allowed)
codebase = self.instance_factory.create()
codebase.create_release(initialize=False)
codebase = Codebase.objects.get(pk=codebase.id)
response = self.client.delete(codebase.get_absolute_url())
self.assertResponseMethodNotAllowed(response)
