class OTIUserTestCase(TestCase):
""" Tests behavior of OTIUser model."""
def setUp(self):
self.client = OTIAPIClient()
self.list_url = reverse('users-list', {})
self.data = {
'username': '******',
'password': '******',
'email': '*****@*****.**',
'first_name': '',
'last_name': '',
'is_staff': False,
'is_active': True,
'is_superuser': False
}
# Password and is_superuser not returned by response
self.response_data = {
key: self.data[key]
for key in self.data if key not in ['is_superuser', 'password']
}
def test_users_crud(self):
"""Test admin user CRUD operations on OTIUser
Admin user should have full read/write permissions
"""
self.client.authenticate(admin=True)
num_users = OTIUser.objects.count()
# CREATE
response = self.client.post(self.list_url, self.data, format='json')
self.assertEqual(response.status_code, status.HTTP_201_CREATED)
self.assertDictContainsSubset(self.response_data, response.data)
user_id = response.data['id']
detail_url = reverse('users-detail', [user_id])
# READ
response = self.client.get(detail_url)
self.assertEqual(response.status_code, status.HTTP_200_OK)
self.assertDictContainsSubset(self.response_data, response.data)
# UPDATE
new_first_name = 'Jerry'
patch_data = dict(first_name=new_first_name)
response = self.client.patch(detail_url, patch_data, format='json')
self.assertEqual(response.status_code, status.HTTP_200_OK)
self.assertEqual(new_first_name, response.data['first_name'])
# DELETE
response = self.client.delete(detail_url)
self.assertEqual(response.status_code, status.HTTP_204_NO_CONTENT)
self.assertEqual(0, OTIUser.objects.filter(id=user_id).count())
def test_permissions(self):
"""Test CRUD operation permissions on OTIUser
Standard user should only have read permissions
Anonymous user should have no permissions
"""
test_user = OTIUser.objects.create_user('test-1',
password='******',
email='*****@*****.**')
user_id = test_user.id
detail_url = reverse('users-detail', [user_id])
# Standard User
self.client.authenticate(admin=False)
# CREATE
response = self.client.post(self.list_url, self.data, format='json')
self.assertEqual(response.status_code, status.HTTP_403_FORBIDDEN)
# READ
response = self.client.get(detail_url)
self.assertEqual(response.status_code, status.HTTP_200_OK)
self.assertDictContainsSubset(self.response_data, response.data)
# UPDATE
new_first_name = 'Jerry'
patch_data = dict(first_name=new_first_name)
response = self.client.patch(detail_url, patch_data, format='json')
self.assertEqual(response.status_code, status.HTTP_403_FORBIDDEN)
# DELETE
response = self.client.delete(detail_url)
self.assertEqual(response.status_code, status.HTTP_403_FORBIDDEN)
# Anonymous user
self.client.force_authenticate(user=None)
# CREATE
response = self.client.post(self.list_url, self.data, format='json')
self.assertEqual(response.status_code, status.HTTP_401_UNAUTHORIZED)
# READ
response = self.client.get(detail_url)
self.assertEqual(response.status_code, status.HTTP_401_UNAUTHORIZED)
# UPDATE
new_first_name = 'Jerry'
patch_data = dict(first_name=new_first_name)
response = self.client.patch(detail_url, patch_data, format='json')
self.assertEqual(response.status_code, status.HTTP_401_UNAUTHORIZED)
# DELETE
response = self.client.delete(detail_url)
self.assertEqual(response.status_code, status.HTTP_401_UNAUTHORIZED)
class OTIUserTestCase(TestCase):
""" Tests behavior of OTIUser model."""
def setUp(self):
self.client = OTIAPIClient()
self.list_url = reverse('users-list', {})
self.data = {'username': '******',
'password': '******',
'email': '*****@*****.**',
'first_name': '',
'last_name': '',
'is_staff': False,
'is_active': True,
'is_superuser': False}
# Password and is_superuser not returned by response
self.response_data = {key: self.data[key] for key in self.data
if key not in ['is_superuser','password']}
def test_users_crud(self):
"""Test admin user CRUD operations on OTIUser
Admin user should have full read/write permissions
"""
self.client.authenticate(admin=True)
num_users = OTIUser.objects.count()
# CREATE
response = self.client.post(self.list_url, self.data, format='json')
self.assertEqual(response.status_code, status.HTTP_201_CREATED)
self.assertDictContainsSubset(self.response_data, response.data)
user_id = response.data['id']
detail_url = reverse('users-detail', [user_id])
# READ
response = self.client.get(detail_url)
self.assertEqual(response.status_code, status.HTTP_200_OK)
self.assertDictContainsSubset(self.response_data, response.data)
# UPDATE
new_first_name = 'Jerry'
patch_data = dict(first_name=new_first_name)
response = self.client.patch(detail_url, patch_data, format='json')
self.assertEqual(response.status_code, status.HTTP_200_OK)
self.assertEqual(new_first_name, response.data['first_name'])
# DELETE
response = self.client.delete(detail_url)
self.assertEqual(response.status_code, status.HTTP_204_NO_CONTENT)
self.assertEqual(0, OTIUser.objects.filter(id=user_id).count())
def test_permissions(self):
"""Test CRUD operation permissions on OTIUser
Standard user should only have read permissions
Anonymous user should have no permissions
"""
test_user = OTIUser.objects.create_user('test-1', password='******', email='*****@*****.**')
user_id = test_user.id
detail_url = reverse('users-detail', [user_id])
# Standard User
self.client.authenticate(admin=False)
# CREATE
response = self.client.post(self.list_url, self.data, format='json')
self.assertEqual(response.status_code, status.HTTP_403_FORBIDDEN)
# READ
response = self.client.get(detail_url)
self.assertEqual(response.status_code, status.HTTP_200_OK)
self.assertDictContainsSubset(self.response_data, response.data)
# UPDATE
new_first_name = 'Jerry'
patch_data = dict(first_name=new_first_name)
response = self.client.patch(detail_url, patch_data, format='json')
self.assertEqual(response.status_code, status.HTTP_403_FORBIDDEN)
# DELETE
response = self.client.delete(detail_url)
self.assertEqual(response.status_code, status.HTTP_403_FORBIDDEN)
# Anonymous user
self.client.force_authenticate(user=None)
# CREATE
response = self.client.post(self.list_url, self.data, format='json')
self.assertEqual(response.status_code, status.HTTP_401_UNAUTHORIZED)
# READ
response = self.client.get(detail_url)
self.assertEqual(response.status_code, status.HTTP_401_UNAUTHORIZED)
# UPDATE
new_first_name = 'Jerry'
patch_data = dict(first_name=new_first_name)
response = self.client.patch(detail_url, patch_data, format='json')
self.assertEqual(response.status_code, status.HTTP_401_UNAUTHORIZED)
# DELETE
response = self.client.delete(detail_url)
self.assertEqual(response.status_code, status.HTTP_401_UNAUTHORIZED)
