def __init__(self, pool, request):
"""
Creates a new query observer.
:param pool: QueryObserverPool instance
:param request: A `queryobserver.request.Request` instance
"""
self.status = QueryObserver.STATUS_NEW
self._pool = pool
# Obtain a serializer by asking the viewset to provide one. We instantiate the
# viewset with a fake request, so that the viewset methods work as expected.
viewset = request.viewset_class()
viewset.request = api_request.Request(request)
viewset.request.method = request.method
viewset.format_kwarg = None
viewset.args = request.args
viewset.kwargs = request.kwargs
self._viewset = viewset
self._request = request
self._viewset_method = getattr(viewset, request.viewset_method)
self._meta = Options(viewset, self._viewset_method)
self._evaluating = 0
self._last_evaluation = None
self._last_results = collections.OrderedDict()
self._subscribers = set()
self._dependencies = set()
self._initialization_future = None
self.id = request.observe_id
def request(self, viewset_class, **kwargs):
request = observer_request.Request(
viewset_class, 'list', api_request.Request(factory.get('/', kwargs))
)
# Simulate serialization.
return pickle.loads(pickle.dumps(request))
def build_drf(params: Dict[str, Any]) -> drf.Request:
"""
Builds rest_framework.request.Request.
:param params: query params
:return: built request
"""
return drf.Request(build_django(params))
def test_get_user_fails_no_authentication(self):
http_request = http.HttpRequest()
http_request.method = api_util.HTTPMethod.GET
rest_request = request.Request(http_request)
expected_permission = self.user_permissions.has_permission(
request=rest_request)
self.assertFalse(expected_permission)
def test_create_new_user_has_permission(self):
http_request = http.HttpRequest()
http_request.method = api_util.HTTPMethod.POST.name
rest_request = request.Request(http_request)
expected_permission = self.user_permissions.has_permission(
request=rest_request)
self.assertTrue(expected_permission)
def test_unauthorized_http_method(self):
http_request = http.HttpRequest()
http_request.method = api_util.HTTPMethod.PUT.name
rest_request = request.Request(http_request)
expected_permission = self.user_permissions.has_permission(
request=rest_request)
self.assertFalse(expected_permission)
def test_search_no_permission(self):
http_request = http.HttpRequest()
http_request.method = api_util.HTTPMethod.POST.name
rest_request = request.Request(http_request)
expected_permission = self.search_permission.has_permission(
request=rest_request)
self.assertFalse(expected_permission)
def test_update_user_no_authentication(self):
http_request = http.HttpRequest()
http_request.method = api_util.HTTPMethod.PUT.name
self._create_test_user()
rest_request = request.Request(http_request)
expected_permission = self.user_permissions.has_permission(
request=rest_request)
self.assertFalse(expected_permission)
def test_search_has_permission(self):
http_request = http.HttpRequest()
http_request.method = api_util.HTTPMethod.POST.name
self._create_test_user()
test.force_authenticate(http_request, user=models.User.objects.first())
rest_request = request.Request(http_request)
expected_permission = self.search_permission.has_permission(
request=rest_request)
self.assertTrue(expected_permission)
def test_staff_shown_instructor_files(self):
get_request = request.Request(APIRequestFactory().get('path'))
get_request.user = self.staff
serializer = ag_serializers.ProjectSerializer(
self.visible_public_project, context={'request': get_request})
self.assertIn('instructor_files', serializer.data)
serializer = ag_serializers.ProjectSerializer(
self.all_projects, many=True, context={'request': get_request})
for item in serializer.data:
self.assertIn('instructor_files', item)
def test_admin_shown_closing_time(self):
get_request = request.Request(APIRequestFactory().get('path'))
get_request.user = self.admin
serializer = ag_serializers.ProjectSerializer(
self.visible_public_project, context={'request': get_request})
self.assertIn('closing_time', serializer.data)
serializer = ag_serializers.ProjectSerializer(
self.all_projects, many=True, context={'request': get_request})
for item in serializer.data:
self.assertIn('closing_time', item)
def test_non_admin_not_shown_closing_time(self):
for user in self.staff, self.enrolled, self.nobody:
get_request = request.Request(APIRequestFactory().get('path'))
get_request.user = user
serializer = ag_serializers.ProjectSerializer(
self.visible_public_project, context={'request': get_request})
self.assertNotIn('closing_time', serializer.data)
serializer = ag_serializers.ProjectSerializer(
self.all_projects, many=True, context={'request': get_request})
for item in serializer.data:
self.assertNotIn('closing_time', item)
def test_get_user_fails_accesses_unauthorized_account(self):
http_request = http.HttpRequest()
http_request.method = api_util.HTTPMethod.GET
self._create_test_user()
test.force_authenticate(http_request, user=models.User.objects.first())
rest_request = request.Request(http_request)
rest_request.context = {
'kwargs': {
'user_id': models.User.objects.first().id + 1,
}
}
expected_permission = self.user_permissions.has_permission(
request=rest_request)
self.assertFalse(expected_permission)
def test_update_user_has_permission(self):
http_request = http.HttpRequest()
http_request.method = api_util.HTTPMethod.PUT.name
self._create_test_user()
test.force_authenticate(http_request, user=models.User.objects.first())
rest_request = request.Request(http_request)
rest_request.context = {
'kwargs': {
'user_id': models.User.objects.first().id
}
}
expected_permission = self.user_permissions.has_permission(
request=rest_request)
self.assertTrue(expected_permission)
def __init__(self, request):
"""Create new query observer.
:param request: A `queryobserver.request.Request` instance
"""
# Obtain a serializer by asking the viewset to provide one. We instantiate the
# viewset with a fake request, so that the viewset methods work as expected.
viewset = request.viewset_class()
viewset.request = api_request.Request(request)
viewset.request.method = request.method
viewset.format_kwarg = None
viewset.args = request.args
viewset.kwargs = request.kwargs
self._viewset = viewset
self._request = request
self._viewset_method = getattr(viewset, request.viewset_method)
self._meta = Options(viewset, self._viewset_method)
def test_browsable_renderer_put_render(self):
"""
Test, that PUT method works with BrowsableAPIRenderer
This was not working in the past, because of `_get_serializer`
didn't allow `instance parameter.
"""
data = {'blah': 'blah'}
method = 'PUT'
request = rest_request.Request(APIRequestFactory().get('blah'))
input_view = (api_view([method]))(self._dummy_view)
output_view = self.decorator(input_view)
wrapper_cls = output_view.cls
test_view_instance = wrapper_cls()
renderer = renderers.BrowsableAPIRenderer()
renderer.accepted_media_type = None
renderer.renderer_context = {}
response = renderer.get_raw_data_form(
data, test_view_instance, method, request,
)
self.assertEqual(response.data, {})
def test_browsable_renderer_put_render(input_put_view, decorator):
"""
Test, that PUT method works with BrowsableAPIRenderer
This was not working in the past, because of `_get_serializer`
didn't allow `instance parameter.
"""
data = {'blah': 'blah'}
method = 'PUT'
request = rest_request.Request(APIRequestFactory().get('blah'))
output_view = decorator(input_put_view)
wrapper_cls = _get_view_class(output_view)
test_view_instance = wrapper_cls()
renderer = renderers.BrowsableAPIRenderer()
renderer.accepted_media_type = None
renderer.renderer_context = {}
response = renderer.get_raw_data_form(
data,
test_view_instance,
method,
request,
)
assert response.data == {}
def test_get_for_viewset_with_drf_request(self):
req = request.Request(self.request)
resp = utils.inline_render('GET', '/test-vs/', req)
assert resp.data == {'data': 'test-vs'}
def create_request(viewset_class, **kwargs):
request = observer_request.Request(
viewset_class, 'list', api_request.Request(factory.get('/', kwargs))
)
return request
