def test_user_delete_other_user_as_staff_user(client, staff):
client.force_login(staff)
user = UserFactory()
response = client.delete(reverse('api:user-detail', args=[user.pk]))
assert response.status_code == 403
def create_sample_data(
num_films: int,
num_reviews: int,
num_users: int,
) -> None:
"""
Populates the database with random data.
"""
for _ in range(num_users):
user = UserFactory()
logger.info('User created: %s' % user)
for _ in range(num_films):
film = FilmFactory()
logger.info('Film created: %s' % film)
users = User.objects.filter(is_superuser=False)
films = Film.objects.all()
for _ in range(num_reviews):
user_not_reviewed = False
user, film = None, None
while not user_not_reviewed:
user = users[random.randint(0, users.count()-1)]
film = films[random.randint(0, films.count()-1)]
user_not_reviewed = not bool(
Review.objects.filter(user=user, film=film).count()
)
review = ReviewFactory(user=user, film=film)
logger.info('Review created: %s' % review)
def test_user_delete_other_user_as_authenticated_user(client, user):
client.force_login(user)
user_to_delete = UserFactory()
response = client.delete(
reverse('api:user-detail', args=[user_to_delete.pk]))
assert response.status_code == 403
def test_review_post_as_unauthenticated_user(client):
user = UserFactory()
film = FilmFactory(poster=None)
review = {
'user': user.pk,
'film': film.pk,
'rating': 10,
'review': 'Thumbs up.'
}
response = client.post(reverse('api:review-list'), data=review)
assert response.status_code == 403
def test_user_patch_other_user_as_authenticated_user(client, user):
client.force_login(user)
user_to_patch = UserFactory()
edit = {'first_name': 'first_name'}
response = client.patch(
reverse('api:user-detail', args=[user_to_patch.pk]),
data=edit,
content_type='application/json',
)
assert response.status_code == 403
def test_user_patch_other_user_as_superuser(client, admin):
client.force_login(admin)
user = UserFactory()
edit = {'first_name': 'first_name'}
response = client.patch(
reverse('api:user-detail', args=[user.pk]),
data=edit,
content_type='application/json',
)
assert response.status_code == 200
def test_user_get_as_superuser(client, admin):
client.force_login(admin)
user = UserFactory()
superuser = User.objects.create_superuser(username='******')
response = client.get(reverse('api:user-list'))
assert response.status_code == 200
response = client.get(reverse('api:user-detail', args=[user.pk]))
assert response.status_code == 200
response = client.get(reverse('api:user-detail', args=[admin.pk]))
assert response.status_code == 200
response = client.get(reverse('api:user-detail', args=[superuser.pk]))
assert response.status_code == 200
def test_user_get_as_authenticated_user(client, user):
client.force_login(user)
user_to_get = UserFactory()
superuser_to_get = User.objects.create_superuser(username='******')
response = client.get(reverse('api:user-list'))
assert response.status_code == 200
response = client.get(reverse('api:user-detail', args=[user_to_get.pk]))
assert response.status_code == 200
response = client.get(reverse('api:user-detail', args=[user.pk]))
assert response.status_code == 200
response = client.get(
reverse('api:user-detail', args=[superuser_to_get.pk]))
assert response.status_code == 404
def admin():
admin = UserFactory()
admin.is_superuser = True
admin.save()
return admin
def user():
return UserFactory()
def staff():
staff = UserFactory()
staff.is_staff = True
staff.save()
return staff