def test_create_category_permission_denied(self):
user = UserFactory()
api_client = APIClient()
api_client.force_authenticate(user=user)
payload = {
'board_id': 1,
'name': 'category',
}
with \
patch.object(
PermissionsService,
'get_board_permissions',
return_value=Permissions.with_no_permissions(),
) as mocked_get_permissions, \
patch.object(CategoryService, 'create_category') as mocked_create_category:
response = api_client.post('/api/v1/categories',
data=payload,
format='json')
self.assertEqual(response.status_code, 403)
expected_response = {
'error_code': PermissionDeniedException.code,
'error_message': PermissionDeniedException.message,
}
mocked_get_permissions.assert_called_with(
user_id=user.id,
board_id=payload['board_id'],
)
mocked_create_category.assert_not_called()
self.assertDictEqual(response.data, expected_response)
def test_create_invite_permission_denied(self):
user = UserFactory()
api_client = APIClient()
api_client.force_authenticate(user=user)
payload = {
'organization_id': 1,
'email': '*****@*****.**',
'message': 'message',
}
with \
patch.object(
PermissionsService,
'get_organization_permissions',
return_value=Permissions.with_no_permissions(),
) as mocked_get_permissions, \
patch.object(OrganizationInviteService, 'create_organization_invite') as mocked_send_invite:
response = api_client.post('/api/v1/organization-invites', data=payload, format='json')
self.assertEqual(response.status_code, 403)
expected_response = {
'error_code': PermissionDeniedException.code,
'error_message': PermissionDeniedException.message,
}
mocked_get_permissions.assert_called_with(
user_id=user.id,
organization_id=payload['organization_id'],
)
mocked_send_invite.assert_not_called()
self.assertDictEqual(response.data, expected_response)
def test_accept_or_decline_invite_permission_denied(self):
user = UserFactory()
api_client = APIClient()
api_client.force_authenticate(user=user)
payload = {'accept': True}
with \
patch.object(
PermissionsService,
'get_organization_invite_permissions',
return_value=Permissions.with_no_permissions(),
) as mocked_get_permissions, \
patch.object(
OrganizationInviteService,
'accept_or_decline_invite',
) as mocked_accept_or_decline_invite:
response = api_client.patch('/api/v1/organization-invites/1', data=payload, format='json')
self.assertEqual(response.status_code, 403)
mocked_get_permissions.assert_called_with(
user_id=user.id,
organization_invite_id=1,
)
mocked_accept_or_decline_invite.assert_not_called()
expected_response = {
'error_code': PermissionDeniedException.code,
'error_message': PermissionDeniedException.message,
}
self.assertDictEqual(response.data, expected_response)
def test_create_board_permission_denied(self):
user = UserFactory()
api_client = APIClient()
api_client.force_authenticate(user=user)
payload = {
'name': 'Main Board',
'organization_id': 1,
}
with \
patch.object(
PermissionsService,
'get_organization_permissions',
return_value=Permissions.with_no_permissions(),
) as mocked_get_permissions, \
patch.object(BoardService, 'create_board') as mocked_create_board:
response = api_client.post('/api/v1/boards',
data=payload,
format='json')
self.assertEqual(response.status_code, 403)
mocked_create_board.assert_not_called()
mocked_get_permissions.assert_called_with(
user_id=user.id, organization_id=payload['organization_id'])
expected_response = {
'error_code': PermissionDeniedException.code,
'error_message': PermissionDeniedException.message,
}
self.assertDictEqual(response.data, expected_response)