def test_owner_user(self):
request = self.factory.get('/whatever/')
request.user = self.owner
perm = IsOwner()
self.assertTrue(perm.has_object_permission(request, None, self.entry))
request.user = self.other
self.assertFalse(perm.has_object_permission(request, None, self.entry))
def get_permissions(self):
if self.action == 'create': # create는 로그인 없이도 가능
return [AllowAny()]
elif self.action in ['update',
'destroy']: # update와 destroy는 자기가 등록한 것만 가능
return [IsOwner()]
return super().get_permissions()
def get_permissions(self):
if self.action == 'create':
return [AllowAny()]
elif self.action in ['update', 'destroy']:
return [IsOwner()]
return super().get_permissions()
def test_is_owner_has_object_permission(user_factory, is_user):
user = user_factory.build()
mock_request = mock.MagicMock()
permission = IsOwner()
mock_request.user = user
if is_user:
obj = user
else:
obj = mock.MagicMock()
obj.owner = user
assert permission.has_object_permission(mock_request, mock.MagicMock(), obj)
def test_is_owner_has_permission(user_factory, use_pk, is_authenticated, expected):
user = user_factory.build()
mock_request = mock.MagicMock()
mock_view = mock.MagicMock()
permission = IsOwner()
mock_request.user.is_authenticated = is_authenticated
mock_request.user.pk = user.pk
if use_pk:
mock_view.kwargs = {'pk': user.pk}
else:
mock_view.kwargs = {}
assert expected == permission.has_permission(mock_request, mock_view)
def setUp(self):
self.permission = IsOwner()
self.view = MagicMock()