def test_return_forbidden_status__when_request_user_is_not_owner(self): user = create_user_with_email(email='*****@*****.**') user2 = create_user_with_email('*****@*****.**') self.client.credentials(HTTP_AUTHORIZATION='JWT ' + generate_token_for_user(user2)) response = self.client.delete(path='/users/' + str(user.pk) + '/') self.assertEqual(response.status_code, HTTP_403_FORBIDDEN)
def test_return_forbidden_status__when_request_user_is_not_owner(self): owner = create_user_with_email(email='*****@*****.**') device = create_device_with_owner(owner=owner) track = create_track_with_device(device=device) response = self.client.delete(path='/devices/' + str(device.did) + '/tracks/' + str(track.tid) + '/') self.assertEqual(response.status_code, HTTP_403_FORBIDDEN)
def test_return_403_status_when_user_has_not_permissions(self): owner = create_user_with_email('owner') device = create_device_with_owner(owner) track = create_track_with_device(device) response = self.client.patch( '/devices/' + str(device.did) + '/tracks/' + str(track.tid) + '/', {}) self.assertEqual(HTTP_403_FORBIDDEN, response.status_code)
def test_return_403_status__when_owner_different_than_user_authenticated( self): owner = create_user_with_email(email='*****@*****.**') device = create_device_with_owner(owner=owner) response = self.client.get(path='/devices/' + str(device.did) + '/actualLocation/', format='json') self.assertEqual(response.status_code, HTTP_403_FORBIDDEN)
def setUp(self): self.client = APIClient() self.user = create_user_with_email('user_test') self.token = generate_token_for_user(self.user) self.client.credentials(HTTP_AUTHORIZATION='JWT ' + self.token)
def setUp(self): self.client = APIClient() self.user = create_user_with_email(email='*****@*****.**') self.token = generate_token_for_user(user=self.user) self.device = create_device_with_owner(owner=self.user) self.client.credentials(HTTP_AUTHORIZATION='JWT ' + self.token)
def test_return_not_found_status_when__user_does_not_exists(self): user = create_user_with_email('*****@*****.**') self.client.credentials(HTTP_AUTHORIZATION='JWT ' + generate_token_for_user(user)) response = self.client.delete(path='/users/100/') self.assertEqual(response.status_code, HTTP_404_NOT_FOUND)
def test_return_403_status_when_user_is_not_self(self): new_user = create_user_with_email('*****@*****.**') response = self.client.get(path='/users/' + str(new_user.pk) + '/') self.assertEqual(HTTP_403_FORBIDDEN, response.status_code)
def test_return_no_content_status__when_delete_is_done(self): user = create_user_with_email('*****@*****.**') self.client.credentials(HTTP_AUTHORIZATION='JWT ' + generate_token_for_user(user)) response = self.client.delete(path='/users/' + str(user.pk) + '/') self.assertEqual(response.status_code, HTTP_204_NO_CONTENT)