def test_does_not_have_object_permission(self):
permission = permissions.IsMemberOfBrewingCompany()
user = User.objects.create(username="******")
group = Group.objects.create(name="group")
request = Mock()
request.user = user
view = None
brewing_company = models.BrewingCompany(group=group)
brewery = models.Brewery(company=brewing_company)
self.assertFalse(
permission.has_object_permission(request, view, brewery))
def test_has_permission_not_member_of_company(self):
permission = permissions.IsMemberOfBrewingCompany()
user = User.objects.create(username="******")
group = Group.objects.create(name="group")
brewing_company = models.BrewingCompany.objects.create(group=group)
request = Mock()
request.user = user
request.method = "POST"
request.POST = {
"company": brewing_company.pk,
}
view = None
self.assertFalse(permission.has_permission(request, view))
def post(request):
brewhouse_pk = http.get_data_value_or_400(request, 'brewhouse')
recipe_pk = http.get_data_value_or_400(request, 'recipe')
brewhouse = http.get_object_or_404(models.Brewhouse, brewhouse_pk)
if not permissions.IsMemberOfBrewery().has_object_permission(
request, None, brewhouse):
raise http.HTTP403("No permission to access requested brewhouse.")
recipe = http.get_object_or_404(models.Recipe, recipe_pk)
if not permissions.IsMemberOfBrewingCompany().has_object_permission(
request, None, recipe):
raise http.HTTP403("No permission to access requested recipe.")
recipe_instance = models.RecipeInstance.objects.create(
brewhouse=brewhouse, recipe=recipe, active=True)
return JsonResponse({"id": recipe_instance.pk})
def test_has_permission_safe_method(self):
permission = permissions.IsMemberOfBrewingCompany()
request = Mock()
request.method = "GET"
view = None
self.assertTrue(permission.has_permission(request, view))