class TestAnonymousReadOnlyAuthorization(TestCase):
fixtures = fixture("user_2519")
def setUp(self):
self.get = RequestFactory().get("/")
self.post = RequestFactory().post("/")
self.auth = AnonymousReadOnlyAuthorization()
self.anon = AnonymousUser()
self.user = User.objects.get(pk=2519)
def test_get_anonymous(self):
self.get.user = self.anon
eq_(self.auth.is_authorized(self.get), True)
def test_get_authenticated(self):
self.get.user = self.user
eq_(self.auth.is_authorized(self.get), True)
def test_post_anonymous(self):
self.post.user = self.anon
eq_(self.auth.is_authorized(self.post), False)
def test_post_authenticated(self):
self.post.user = self.user
eq_(self.auth.is_authorized(self.post), True)
def test_with_authorizer(self):
class LockedOut:
def is_authorized(self, request, object=None):
return False
self.auth = AnonymousReadOnlyAuthorization(authorizer=LockedOut())
self.post.user = self.user
eq_(self.auth.is_authorized(self.post), False)
class TestAnonymousReadOnlyAuthorization(TestCase):
fixtures = fixture('user_2519')
def setUp(self):
self.get = RequestFactory().get('/')
self.post = RequestFactory().post('/')
self.auth = AnonymousReadOnlyAuthorization()
self.anon = AnonymousUser()
self.user = User.objects.get(pk=2519)
def test_get_anonymous(self):
self.get.user = self.anon
eq_(self.auth.is_authorized(self.get), True)
def test_get_authenticated(self):
self.get.user = self.user
eq_(self.auth.is_authorized(self.get), True)
def test_post_anonymous(self):
self.post.user = self.anon
eq_(self.auth.is_authorized(self.post), False)
def test_post_authenticated(self):
self.post.user = self.user
eq_(self.auth.is_authorized(self.post), True)
def test_with_authorizer(self):
class LockedOut:
def is_authorized(self, request, object=None):
return False
self.auth = AnonymousReadOnlyAuthorization(authorizer=LockedOut())
self.post.user = self.user
eq_(self.auth.is_authorized(self.post), False)
def test_with_authorizer(self):
class LockedOut:
def is_authorized(self, request, object=None):
return False
self.auth = AnonymousReadOnlyAuthorization(authorizer=LockedOut())
self.post.user = self.user
eq_(self.auth.is_authorized(self.post), False)
class Meta(MarketplaceResource.Meta):
authentication = OptionalOAuthAuthentication()
authorization = AnonymousReadOnlyAuthorization(
authorizer=PermissionAuthorization('ProductIcon', 'Create'))
detail_allowed_methods = ['get']
fields = ['ext_url', 'ext_size', 'size']
filtering = {
'ext_url': 'exact',
'ext_size': 'exact',
'size': 'exact',
}
list_allowed_methods = ['get', 'post']
queryset = ProductIcon.objects.filter()
resource_name = 'product/icon'
validation = CleanedDataFormValidation(form_class=ProductIconForm)
class Meta:
# Unfortunately, the model class name for ratings is "Review".
queryset = Review.objects.valid()
resource_name = 'rating'
list_allowed_methods = ['get', 'post']
detail_allowed_methods = ['get', 'put', 'delete']
always_return_data = True
authentication = (SharedSecretAuthentication(),
OptionalOAuthAuthentication())
authorization = AnonymousReadOnlyAuthorization()
fields = ['rating', 'body']
filtering = {
'app': ('exact', ),
'user': ('exact', ),
'pk': ('exact', ),
}
ordering = ['created']
def setUp(self):
self.get = RequestFactory().get('/')
self.post = RequestFactory().post('/')
self.auth = AnonymousReadOnlyAuthorization()
self.anon = AnonymousUser()
self.user = User.objects.get(pk=2519)
def setUp(self):
self.get = RequestFactory().get('/')
self.post = RequestFactory().post('/')
self.auth = AnonymousReadOnlyAuthorization()
self.anon = AnonymousUser()
self.user = User.objects.get(pk=2519)
