def test_StaffExceptCreate_post(self):
permission = StaffExceptCreate()
factory = APIRequestFactory()
request = factory.post('/test/', data={})
request.user = self.user
self.assertTrue(permission.has_permission(request, None))
# Now run with staff member to get the same result
request.user = self.staff
self.assertTrue(permission.has_permission(request, None))
def test_StaffExceptCreate_get(self):
permission = StaffExceptCreate()
factory = APIRequestFactory()
request = factory.get('/test/')
# First make sure staff can access
request.user = self.staff
self.assertTrue(permission.has_permission(request, None))
# Make sure the user cannot get into the system
request.user = self.user
self.assertFalse(permission.has_permission(request, None))