def test_allow_user_to_see_their_own(self):
self.client.logout()
attr = self.user_profile_attr.copy()
attr['phone'] = '+2555837295789'
user = User(username='******', email='*****@*****.**')
user.group = None
user.set_password('weak_password')
attr['user'] = user
profile = UserProfile(**attr)
profile.photo.put(open(settings.PROJECT_ROOT + '/../dms/tests/test.jpg', 'rb'), content_type='image/content_type')
profile.save()
self.client.login(username='******', password='******')
response = self.client.get(self.PROFILE_IMAGE_ENDPOINT + str(profile.id) + '/')
self.assertEquals(response.status_code, 200)
def test_not_raising_403_if_user_only_wants_access_to_their_profile(self):
self.client.logout()
attr = self.mobile_user.copy()
attr['email'] = '*****@*****.**'
attr['phone'] = '+256775029500'
user = User(username='******', email='*****@*****.**')
user.group = None
user.set_password('hahahah')
attr['user'] = user
profile = UserProfile(**attr).save()
self.client.login(username='******', password='******')
response = self.client.get(self.API_ENDPOINT + str(profile.id) + '/')
self.assertEquals(response.status_code, 200)
response = self.client.post(self.API_ENDPOINT + str(profile.id) + '/')
self.assertEquals(response.status_code, 200)
def test_not_raising_403_if_user_only_wants_access_to_their_profile(self):
self.client.logout()
attr = self.mobile_user.copy()
attr['email'] = '*****@*****.**'
attr['phone'] = '+256775029500'
user = User(username='******', email='*****@*****.**')
user.group = None
user.set_password('hahahah')
attr['user'] = user
profile = UserProfile(**attr).save()
self.client.login(username='******', password='******')
response = self.client.get(self.API_ENDPOINT + str(profile.id) + '/')
self.assertEquals(response.status_code, 200)
response = self.client.post(self.API_ENDPOINT + str(profile.id) + '/')
self.assertEquals(response.status_code, 200)
