def test_has_permission_with_view_kwargs_as_non_owner(self):
""" Non-owners should not have permission. """
user = UserFactory()
self.request.user = user
view = GenericAPIView()
view.kwargs = {'username': UserFactory().username}
self.assertFalse(self.permission.has_permission(self.request, view))
def test_has_permission_with_view_kwargs_as_owner_with_get(self):
""" Owners always have permission to make GET actions. """
user = UserFactory()
self.request.user = user
view = GenericAPIView()
view.kwargs = {'username': user.username}
self.assertTrue(self.permission.has_permission(self.request, view))
def test_get_resource_name_from_model_serializer_class_custom_resource_name(
settings, format_type, pluralize_type):
class BasicModelSerializer(serializers.ModelSerializer):
class Meta:
fields = ("text", )
model = BasicModel
settings.JSON_API_FORMAT_TYPES = format_type
settings.JSON_API_PLURALIZE_TYPES = pluralize_type
view = GenericAPIView()
view.serializer_class = BasicModelSerializer
view.serializer_class.Meta.resource_name = "custom"
context = {"view": view}
assert "custom" == get_resource_name(context)
def test_get_resource_name():
view = APIView()
context = {'view': view}
setattr(settings, 'JSON_API_FORMAT_RELATION_KEYS', None)
assert 'APIViews' == utils.get_resource_name(context), 'not formatted'
context = {'view': view}
setattr(settings, 'JSON_API_FORMAT_RELATION_KEYS', 'dasherize')
assert 'api-views' == utils.get_resource_name(context), 'derived from view'
view.model = get_user_model()
assert 'users' == utils.get_resource_name(
context), 'derived from view model'
view.resource_name = 'custom'
assert 'custom' == utils.get_resource_name(context), 'manually set on view'
view.response = Response(status=403)
assert 'errors' == utils.get_resource_name(context), 'handles 4xx error'
view.response = Response(status=500)
assert 'errors' == utils.get_resource_name(context), 'handles 500 error'
view = GenericAPIView()
view.serializer_class = ResourceSerializer
context = {'view': view}
assert 'users' == utils.get_resource_name(
context), 'derived from serializer'
view.serializer_class.Meta.resource_name = 'rcustom'
assert 'rcustom' == utils.get_resource_name(context), 'set on serializer'
def setUp(self):
super(TestCanBeHeroAuthorization, self).setUp()
self.collection = self.make_collection()
self.auth = CanBeHeroAuthorization()
self.user = UserProfile.objects.get(pk=2519)
self.profile = self.user
self.view = GenericAPIView()
def setUp(self):
super(TestCuratorAuthorization, self).setUp()
self.collection = self.make_collection()
self.auth = self.auth_class()
self.user = User.objects.get(pk=2519)
self.profile = self.user.get_profile()
self.view = GenericAPIView()
def get_queryset(self):
wkt = self.request.query_params.get('polygon', None)
queryset = GenericAPIView.get_queryset(self)
if wkt is not None:
polygon = GEOSGeometry(wkt)
queryset = queryset.filter(
train_object__the_geom__intersects=polygon)
return queryset
def get_serializer_class(self):
"""
Override default to allow serializer class per method.
For example, to use a different serializer in post you should define:
serializer_class_post = MyPostSerializer
"""
serializer_class = getattr(self, 'serializer_class_%s' % self.request.method.lower(), None)
if serializer_class is None:
serializer_class = GenericAPIView.get_serializer_class(self)
return serializer_class
def get_serializer_class(self):
"""
Override default to allow serializer class per method.
For example, to use a different serializer in post you should define:
serializer_class_post = MyPostSerializer
"""
serializer_class = getattr(
self, 'serializer_class_%s' % self.request.method.lower(), None)
if serializer_class is None:
serializer_class = GenericAPIView.get_serializer_class(self)
return serializer_class
def check_api_user_permissions(view: GenericAPIView) -> bool:
if view.request.user.is_superuser:
return True
queryset: QuerySet = view.get_queryset()
app: str = queryset.model._meta.app_label
model: str = queryset.model._meta.model_name
action: str = PERMISSION_ACTIONS_BY_METHOD[view.request.method]
permission: str = f"{app}.{action}_{model}"
return permission in view.request.user.get_all_permissions()
def get_filterset_class(view: GenericAPIView,
filter_map: dict) -> Type[FilterMapFilterSet]:
"""
build own filterset class for the filter
"""
model_class = view.get_queryset().model
filter_map = filter_map or dict()
# plain filter map, no tuples
plain_filter_map = {
key: "__".join(val) if isinstance(val, tuple) else val
for key, val in filter_map.items()
}
class Filterset(FilterMapFilterSet):
class Meta:
model = model_class
# clean filed map for proper fields with expressions
fields = FilterMapBackend.clean_field_names(
filter_map.values())
fil_map = plain_filter_map
def get_form_class(self):
val_to_name = inverse_mapping(plain_filter_map)
fields = OrderedDict()
for name, filter_ in self.filters.items():
f = filter_.field
# set label for field using filter_map
# eg. if map is {"name": "profile__name"} then set label to "Name", by default it is "Profile Name"
f.label = pretty_name(val_to_name[name])
fields.update({val_to_name[name]: f})
return type(str('%sForm' % self.__class__.__name__),
(self._meta.form, ), fields)
return Filterset
def get_raise_exception(self, view: GenericAPIView) -> bool:
"""Should return True/False, decides to raise ValidationError when bad data are sent to filter"""
if hasattr(view, "get_raise_filter_exception"):
return view.get_raise_filter_exceptions()
return getattr(view, "raise_filter_exception", True)
def _view(self) -> GenericAPIView.as_view():
return RatingCreateApi.as_view()
def setUp(self):
super(TestFeedAuthorization, self).setUp()
self.auth = self.auth_class()
self.user = UserProfile.objects.get(pk=2519)
self.profile = self.user
self.view = GenericAPIView()
def _view(self) -> GenericAPIView.as_view():
"""Abstract method that returns YourApiToTest.as_view()"""
pass
def _view(self) -> GenericAPIView.as_view():
return CarListCreateApi.as_view()
def setUp(self):
super(TestIsOperatorPermission, self).setUp()
self.auth = IsOperatorPermission()
self.user = UserProfile.objects.get(pk=2519)
self.profile = self.user
self.view = GenericAPIView()
def setUp(self):
super(BaseTestOperatorAuthorization, self).setUp()
self.auth = self.auth_class()
self.user = UserProfile.objects.get(pk=2519)
self.view = GenericAPIView()
def _view(self) -> GenericAPIView.as_view():
return CarPopularityApi.as_view()