def post(self, request):
"""
Creates new condition for a user and returns it
"""
serializer = ConditionSerializer(data=request.data)
if serializer.is_valid():
patient = Patient.objects.get(email=request.user.email)
serializer.save(patient=patient)
res = standard_response(data=serializer.data)
return Response(res, status=status.HTTP_201_CREATED)
res = standard_response(errors=serializer.errors)
return Response(res, status=status.HTTP_400_BAD_REQUEST)
def test_update_forbidden_condition(self):
"""
Ensure a user cannot update another's condition
"""
another_user = Patient.objects.create(email='*****@*****.**')
dummy_condition = {
'name': 'Condition 2',
'description': 'Some other description',
'date_of_diagnosis': '2017-12-20',
'background_subtype': 3
}
serializer = ConditionSerializer(data=dummy_condition)
serializer.is_valid()
condition = serializer.save(patient=another_user)
data = {
'name': 'Condition 2',
'description': 'Some updated description',
'date_of_diagnosis': '2017-01-18',
'background_subtype': 3
}
response = self.client.put(
reverse('condition', kwargs={'condition_id': condition.id}), data)
self.assertEqual(response.status_code, status.HTTP_403_FORBIDDEN)
def put(self, request, condition_id):
try:
patient = Patient.objects.get(email=request.user.email)
condition = Condition.objects.get(id=condition_id,
patient=request.user)
serializer = ConditionSerializer(condition, data=request.data)
if serializer.is_valid():
serializer.save(patient=patient)
res = standard_response(data=serializer.data)
return Response(res)
res = standard_response(errors=serializer.errors)
return Response(res, status=status.HTTP_400_BAD_REQUEST)
except Condition.DoesNotExist:
res = standard_response(
errors={
'forbidden': 'You are not the owner of this condition'
})
return Response(res, status=status.HTTP_403_FORBIDDEN)
def test_retrieve_forbidden_condition(self):
"""
Ensure it can only retrieve own conditions
"""
another_user = Patient.objects.create(email='*****@*****.**')
dummy_condition = {
'name': 'Condition 2',
'description': 'Some other description',
'date_of_diagnosis': '2017-12-20',
'background_subtype': 3
}
serializer = ConditionSerializer(data=dummy_condition)
serializer.is_valid()
serializer.save(patient=another_user)
response = self.client.get(
reverse('condition', kwargs={'condition_id': 2}))
self.assertEqual(response.status_code, status.HTTP_403_FORBIDDEN)
def setUp(self):
self.user = Patient.objects.create(email='*****@*****.**')
self.token = Token.objects.get(user=self.user)
self.client = APIClient()
authenticate(self.client, self.token.key)
dummy_condition = {
'name': 'Condition 1',
'description': 'Some description',
'date_of_diagnosis': '2017-01-18',
'background_subtype': 2
}
serializer = ConditionSerializer(data=dummy_condition)
serializer.is_valid()
condition = serializer.save(patient=self.user)
self.url = reverse('condition', kwargs={'condition_id': condition.id})
def test_delete_forbidden_condition(self):
"""
Ensure a condition cannot be deleted by a user different from the owner
"""
another_user = Patient.objects.create(email='*****@*****.**')
dummy_condition = {
'name': 'Condition 2',
'description': 'Some other description',
'date_of_diagnosis': '2017-12-20',
'background_subtype': 3
}
serializer = ConditionSerializer(data=dummy_condition)
serializer.is_valid()
condition = serializer.save(patient=another_user)
response = self.client.delete(
reverse('condition', kwargs={'condition_id': condition.id}))
self.assertEqual(response.status_code, status.HTTP_403_FORBIDDEN)