def test_03_search(self): routes = self.routes['Products'] url = self.url + get_route_by_name(routes, 'search') + '&find=' response = requests.get(url + "голень") print(response.content)
def test_01_get_global_orders(self): """only admin has permission to get global orders""" routes = self.routes['Orders'] url = self.url + get_route_by_name(routes, '/orders') for user in self.users: response_login = login(email=user.email, password=self.password) cookie = getCookiesFromResponse(response_login) content = json.loads(response_login.text) response = requests.session().get(url, cookies=cookie) if content['entity'] == 'admin': self.assertNotIn( 'reject access', response.text.lower(), '{} must have ability to GET global orders'.format( content['entity'])) else: self.assertIn( 'reject access', response.text.lower(), '{} must not have ability to GET global orders'.format( content['entity'])) logout() response = requests.get(url) self.assertNotEqual(200, response.status_code) self.assertIn( 'reject access', response.text.lower(), 'unauthorized user must not have ability to GET global orders')
def test_04_password_recovery(self): routes = self.routes['Password'] url = self.url + get_route_by_name(routes, '/password/recovery') for user in self.users: response = requests.Session().post(url, data={"email": user.email}) try: self.assertEqual(200, response.status_code) except AssertionError: print('password recovery doesnt work. {}'.format( response.status_code, user.email))
def test_05_delete_orders(self): routes = self.routes['Orders'] url_route = self.url + get_route_by_name(routes, '/orders/<int:order_id>') if not self.orders: print( 'There is no orders to test DELETE method. Please add orders to the Database.' ) for order in self.orders: url = url_route.replace('<int:order_id>', str(order.id)) for user in self.users: logout() response_login = login(email=user.email, password=self.password) cookie = getCookiesFromResponse(response_login) response_delete = requests.Session().delete(url, cookies=cookie) if order.producer_id == user.id: if 'reject access' not in response_delete.text.lower(): break try: self.assertEqual(202, response_delete.status_code) except AssertionError: print( 'producer with id {} must have ability to DELETE order #{}' .format(order.producer_id, order.id)) else: try: self.assertNotEqual( 202, response_delete.status_code, 'producer with id {} must not have ability to DELETE order #{}' .format(order.producer_id, order.id)) except AssertionError: print( '{} with id {} must not have ability to DELETE order #{}' .format(user.entity, user.id, order.id))
def test_03_get_orders(self): routes = self.routes['Orders'] url_route = self.url + get_route_by_name(routes, '/orders/<int:order_id>') for order in self.orders: url = url_route.replace('<int:order_id>', str(order.id)) for user in self.users: response_login = login(email=user.email, password=self.password) cookie = getCookiesFromResponse(response_login) content = json.loads(response_login.text) response_get = requests.Session().get(url, cookies=cookie) if user.id == order.consumer_id: self.assertEqual(content['id'], order.consumer_id) elif user.id == order.producer_id: self.assertEqual(content['id'], order.producer_id) elif user.id != order.consumer_id: self.assertIn( 'reject access', response_get.text.lower(), 'order #{} with consumer id: {} must not be visible user with id {}' .format(order.id, order.consumer_id, content['id'])) self.assertNotEqual(user.email, order.consumer_email) self.assertNotEqual(content['id'], order.consumer_id) else: self.assertIn( 'reject access', response_get.text.lower(), 'order #{} with producer_id: {} must not be visible user with id {}' .format(order.id, order.producer_id, content['id'])) self.assertNotEqual(user.email, order.producer_email) self.assertNotEqual(content['id'], order.producer_id) logout() response = requests.get(url) self.assertIn( 'reject access', response.text.lower(), 'unauthorized user must not browse order #{}'.format(order.id))
def test_02_post_global_orders(self): routes = self.routes['Orders'] url = self.url + get_route_by_name(routes, '/orders') post_args = { 'orders': '[{"producer_id": "21", "delivery_method": "Самовывоз"}]', 'delivery_address': 'new address', 'phone': '+7(123)123-23-21', 'email': None, 'consumer_id': None, 'status': None, 'total_cost': '9 999.00 ₽', 'first_name': 'sasas', 'last_name': 'smara' } for user in self.users: response_login = login(email=user.email, password=self.password) cookie = getCookiesFromResponse(response_login) content = json.loads(response_login.text) post_args['email'] = user.email post_args['consumer_id'] = content['id'] response_post = requests.Session().post(url, data=post_args, cookies=cookie) if content['entity'] == 'consumer': self.assertEqual( 201, response_post.status_code, '{} must have ability to POST global order'.format( content['entity'])) else: self.assertEqual( 404, response_post.status_code, '{} must not have ability to POST global order'.format( content['entity'])) logout() response_logout = requests.post(url, data=post_args) self.assertNotEqual( 201, response_logout.status_code, 'unauthorized user must not have ability to POST global order')