def test_allow_user_to_see_their_own(self): self.client.logout() attr = self.user_profile_attr.copy() attr['phone'] = '+2555837295789' user = User(username='******', email='*****@*****.**') user.group = None user.set_password('weak_password') attr['user'] = user profile = UserProfile(**attr) profile.photo.put(open(settings.PROJECT_ROOT + '/../dms/tests/test.jpg', 'rb'), content_type='image/content_type') profile.save() self.client.login(username='******', password='******') response = self.client.get(self.PROFILE_IMAGE_ENDPOINT + str(profile.id) + '/') self.assertEquals(response.status_code, 200)
def test_not_raising_403_if_user_only_wants_access_to_their_profile(self): self.client.logout() attr = self.mobile_user.copy() attr['email'] = '*****@*****.**' attr['phone'] = '+256775029500' user = User(username='******', email='*****@*****.**') user.group = None user.set_password('hahahah') attr['user'] = user profile = UserProfile(**attr).save() self.client.login(username='******', password='******') response = self.client.get(self.API_ENDPOINT + str(profile.id) + '/') self.assertEquals(response.status_code, 200) response = self.client.post(self.API_ENDPOINT + str(profile.id) + '/') self.assertEquals(response.status_code, 200)