def test_return_forbidden_status__when_request_user_is_not_owner(self):
user = create_user_with_email(email='*****@*****.**')
user2 = create_user_with_email('*****@*****.**')
self.client.credentials(HTTP_AUTHORIZATION='JWT ' +
generate_token_for_user(user2))
response = self.client.delete(path='/users/' + str(user.pk) + '/')
self.assertEqual(response.status_code, HTTP_403_FORBIDDEN)
def test_return_forbidden_status__when_request_user_is_not_owner(self):
owner = create_user_with_email(email='*****@*****.**')
device = create_device_with_owner(owner=owner)
track = create_track_with_device(device=device)
response = self.client.delete(path='/devices/' + str(device.did) +
'/tracks/' + str(track.tid) + '/')
self.assertEqual(response.status_code, HTTP_403_FORBIDDEN)
def test_return_403_status_when_user_has_not_permissions(self):
owner = create_user_with_email('owner')
device = create_device_with_owner(owner)
track = create_track_with_device(device)
response = self.client.patch(
'/devices/' + str(device.did) + '/tracks/' + str(track.tid) + '/',
{})
self.assertEqual(HTTP_403_FORBIDDEN, response.status_code)
def test_return_403_status__when_owner_different_than_user_authenticated(
self):
owner = create_user_with_email(email='*****@*****.**')
device = create_device_with_owner(owner=owner)
response = self.client.get(path='/devices/' + str(device.did) +
'/actualLocation/',
format='json')
self.assertEqual(response.status_code, HTTP_403_FORBIDDEN)
def setUp(self):
self.client = APIClient()
self.user = create_user_with_email('user_test')
self.token = generate_token_for_user(self.user)
self.client.credentials(HTTP_AUTHORIZATION='JWT ' + self.token)
def setUp(self):
self.client = APIClient()
self.user = create_user_with_email(email='*****@*****.**')
self.token = generate_token_for_user(user=self.user)
self.device = create_device_with_owner(owner=self.user)
self.client.credentials(HTTP_AUTHORIZATION='JWT ' + self.token)
def test_return_not_found_status_when__user_does_not_exists(self):
user = create_user_with_email('*****@*****.**')
self.client.credentials(HTTP_AUTHORIZATION='JWT ' +
generate_token_for_user(user))
response = self.client.delete(path='/users/100/')
self.assertEqual(response.status_code, HTTP_404_NOT_FOUND)
def test_return_403_status_when_user_is_not_self(self):
new_user = create_user_with_email('*****@*****.**')
response = self.client.get(path='/users/' + str(new_user.pk) + '/')
self.assertEqual(HTTP_403_FORBIDDEN, response.status_code)
def test_return_no_content_status__when_delete_is_done(self):
user = create_user_with_email('*****@*****.**')
self.client.credentials(HTTP_AUTHORIZATION='JWT ' +
generate_token_for_user(user))
response = self.client.delete(path='/users/' + str(user.pk) + '/')
self.assertEqual(response.status_code, HTTP_204_NO_CONTENT)
