def check_retrieve_permissions(self, user, instance): response = self.client.get(instance.get_absolute_url(), HTTP_ACCEPT='application/json', format='json') has_perm = user.has_perm(create_perm_str(self.model_class(), 'view'), obj=instance) if has_perm: self.assertResponseOk(response) else: self.assertResponseNoPermission(instance, response)
def check_update_permissions(self, user, instance): serialized = self.serializer_class(instance) response = self.client.put(instance.get_absolute_url(), serialized.data, HTTP_ACCEPT='application/json', format='json') has_perm = user.has_perm(create_perm_str(instance, 'change'), obj=instance) if has_perm: self.assertResponseOk(response) elif instance.live: self.assertResponsePermissionDenied(response) else: self.assertResponseNotFound(response)
def check_update(self): for user in self.users_able_to_login: codebase = self.instance_factory.create() codebase.create_release(initialize=False) codebase = Codebase.objects.get(pk=codebase.id) self.with_logged_in(user, codebase, self.check_update_permissions) assign_perm(create_perm_str(self.instance, 'change'), user_or_group=user, obj=codebase) self.with_logged_in(user, codebase, self.check_update_permissions) codebase = self.instance_factory.create() codebase.create_release(initialize=False) codebase = Codebase.objects.get(pk=codebase.id) self.check_update_permissions(self.anonymous_user, codebase)
def check_destroy(self): for user in self.users_able_to_login: codebase = self.instance_factory.create() self.instance.create_release(initialize=False) codebase = Codebase.objects.get(pk=codebase.id) self.with_logged_in(user, codebase, self.check_destroy_method_not_allowed) other_codebase = self.instance_factory.create() other_codebase.create_release(initialize=False) other_codebase = Codebase.objects.get(pk=other_codebase.id) assign_perm(create_perm_str(other_codebase, 'delete'), user_or_group=user, obj=other_codebase) self.with_logged_in(user, other_codebase, self.check_destroy_method_not_allowed) codebase = self.instance_factory.create() codebase.create_release(initialize=False) codebase = Codebase.objects.get(pk=codebase.id) response = self.client.delete(codebase.get_absolute_url()) self.assertResponseMethodNotAllowed(response)