Esempio n. 1
0
    def test_user_with_permission_should_do_allowed_operations(self):
        self.sync_permissions()
        issue = self.create_issue()
        user = self.create_user('new_user', 'password', '*****@*****.**')

        logged_user = self.logged_user.user

        issue_read_permission = Perm.objects.get(
            codename='{}__{}'.format('issue', 'read'))
        issue_create_permission = Perm.objects.get(
            codename='{}__{}'.format('issue', 'create'))
        user_delete_permission = Perm.objects.get(
            codename='{}__{}'.format('user', 'delete'))
        user_update_permission = Perm.objects.get(
            codename='{}__{}'.format('user', 'update'))

        logged_user.fperms.add(issue_read_permission, issue_create_permission,
                               user_delete_permission, user_update_permission)

        # API
        # Generic read, post
        assert_http_forbidden(self.get('/api/user/'))
        assert_http_ok(self.get('/api/issue/'))
        assert_http_forbidden(self.post('/api/user/', {}))
        assert_http_bad_request(self.post('/api/issue/', {}))

        # API
        # Generic read, put, patch, delete
        assert_http_forbidden(self.get('/api/user/{}/'.format(user.pk)))
        assert_http_ok(self.get('/api/issue/{}/'.format(issue.pk)))
        assert_http_bad_request(self.put('/api/user/{}/'.format(user.pk), {}))
        assert_http_forbidden(self.put('/api/issue/{}/'.format(issue.pk), {}))
        assert_http_accepted(self.delete('/api/user/{}/'.format(user.pk)))
        assert_http_forbidden(self.delete('/api/issue/{}/'.format(issue.pk)))
    def test_delete_user(self, number, data):
        resp = self.post(self.USER_API_URL, data=data)
        assert_valid_JSON_created_response(resp)

        pk = self.get_pk(resp)
        resp = self.delete('%s%s/' % (self.USER_API_URL, pk))
        assert_http_accepted(resp)

        resp = self.get(self.USER_API_URL)
        assert_equal(len(self.deserialize(resp)), 0)

        resp = self.delete('%s%s/' % (self.USER_API_URL, pk))
        assert_http_not_found(resp)
Esempio n. 3
0
    def test_superuser_should_do_all_operations(self):
        issue = self.create_issue()
        user = self.create_user('new_user', 'password', '*****@*****.**')

        # Generic read, post
        assert_http_ok(self.get('/api/user/'))
        assert_http_ok(self.get('/api/issue/'))
        assert_http_bad_request(self.post('/api/user/', {}))
        assert_http_bad_request(self.post('/api/issue/', {}))

        # Generic read, put, patch, delete
        assert_http_ok(self.get('/api/user/{}/'.format(user.pk)))
        assert_http_ok(self.get('/api/issue/{}/'.format(issue.pk)))
        assert_http_bad_request(self.put('/api/user/{}/'.format(user.pk), {}))
        assert_http_bad_request(self.put('/api/issue/{}/'.format(issue.pk),
                                         {}))
        assert_http_accepted(self.delete('/api/user/{}/'.format(user.pk)))
        assert_http_accepted(self.delete('/api/issue/{}/'.format(issue.pk)))
Esempio n. 4
0
 def test_user_should_be_logged_out_via_http_header(self, user):
     resp = self.post(self.API_LOGIN_URL, {
         'username': '******',
         'password': '******'
     })
     assert_http_ok(resp)
     token = resp.json()['token']
     assert_http_ok(
         self.get(self.INDEX_URL,
                  headers={'HTTP_AUTHORIZATION':
                           'Bearer {}'.format(token)}))
     assert_http_accepted(
         self.delete(
             self.API_LOGIN_URL,
             headers={'HTTP_AUTHORIZATION': 'Bearer {}'.format(token)}))
     assert_http_redirect(
         self.get(self.INDEX_URL,
                  headers={'HTTP_AUTHORIZATION':
                           'Bearer {}'.format(token)}))
    def test_should_delete_data_from_resource(self, resource_name, resource,
                                              model):
        for i in range(self.iteration):
            inst = self.new_instance(model)

            url = resource._resource_url(inst.pk)

            if not resource(
                    self.get_request_with_user(
                        self.r_factory.delete(url))).has_delete_permission(
                            obj=inst):
                break

            resp = self.delete(url)
            assert_http_accepted(
                resp,
                'REST delete of model: {}\n response: {}'.format(model, resp))
            resp = self.get(url)
            assert_http_not_found(
                resp,
                'REST get (should not found) of model: {}\n response: {}'.
                format(model, resp))
Esempio n. 6
0
 def test_superuser_can_delete_new_user(self):
     user = self.get_user_obj()
     resp = self.delete('%s%s/' % (self.USER_API_URL, user.pk))
     assert_http_accepted(resp)