Esempio n. 1
0
 def test_has_object_permission_admin_on_user(self):
     """ Makes sure an admin user has permissions to access another user"""
     factory = APIRequestFactory()
     request = factory.get("api/users")
     request.user = self.admin
     permission = permissions.IsStaffOrTargetUser()
     view = ModelViewSet()
     view.action = "retrieve"
     self.assertEqual(permission.has_object_permission(request, view, self.user), True)
Esempio n. 2
0
 def test_authenticated_whitelisted(self):
     """ An authenticated, un-whitelisted IP address should be granted permission"""
     factory = APIRequestFactory()
     request = factory.get('api/users')
     request.user = self.user
     permission = permissions.IsAuthenticatedOrWhitelist()
     view = ModelViewSet()
     view.action = 'retrieve'
     self.assertEqual(permission.has_permission(request, view), True)
Esempio n. 3
0
 def test_authenticated_whitelisted(self):
     """ An authenticated, un-whitelisted IP address should be granted permission"""
     factory = APIRequestFactory()
     request = factory.get("api/users")
     request.user = self.user
     permission = permissions.IsAuthenticatedOrWhitelist()
     view = ModelViewSet()
     view.action = "retrieve"
     self.assertEqual(permission.has_permission(request, view), True)
Esempio n. 4
0
 def test_has_object_permission_user_on_admin(self):
     """ Makes sure a regular user cannot access other users"""
     factory = APIRequestFactory()
     request = factory.get("api/users")
     request.user = self.user
     permission = permissions.IsStaffOrTargetUser()
     view = ModelViewSet()
     view.action = "retrieve"
     self.assertEqual(permission.has_object_permission(request, view, self.admin), False)
Esempio n. 5
0
 def test_has_object_permission_admin_on_admin(self):
     """ Makes sure an admin user has permissions to access themselves"""
     factory = APIRequestFactory()
     request = factory.get('api/users')
     request.user = self.admin
     permission = permissions.IsStaffOrTargetUser()
     view = ModelViewSet()
     view.action = 'retrieve'
     self.assertEqual(
         permission.has_object_permission(request, view, self.admin), True)
Esempio n. 6
0
 def test_unauthenticated_not_whitelisted(self):
     """ An unauthenticated, un-whitelisted IP address should not be granted permission"""
     factory = APIRequestFactory()
     request = factory.get('api/users')
     request.META['REMOTE_ADDR'] = '255.255.255.0'
     request.user = False
     permission = permissions.IsAuthenticatedOrWhitelist()
     view = ModelViewSet()
     view.action = 'retrieve'
     self.assertEqual(permission.has_permission(request, view), False)
Esempio n. 7
0
 def test_has_object_permission_user_on_admin(self):
     """ Makes sure a regular user cannot access other users"""
     factory = APIRequestFactory()
     request = factory.get('api/users')
     request.user = self.user
     permission = permissions.IsStaffOrTargetUser()
     view = ModelViewSet()
     view.action = 'retrieve'
     self.assertEqual(
         permission.has_object_permission(request, view, self.admin), False)
Esempio n. 8
0
 def test_unauthenticated_not_whitelisted(self):
     """ An unauthenticated, un-whitelisted IP address should not be granted permission"""
     factory = APIRequestFactory()
     request = factory.get("api/users")
     request.META["REMOTE_ADDR"] = "255.255.255.0"
     request.user = False
     permission = permissions.IsAuthenticatedOrWhitelist()
     view = ModelViewSet()
     view.action = "retrieve"
     self.assertEqual(permission.has_permission(request, view), False)
Esempio n. 9
0
    def test_has_permission_no_auth(self):
        """View level returns true if the request is a retrieve, otherwise false"""
        factory = APIRequestFactory()
        request = factory.get('api/users')
        permission = permissions.IsStaffOrTargetUser()

        view = ModelViewSet()
        view.action = 'retrieve'
        self.assertEqual(permission.has_permission(request, view), True)

        view.action = 'list'
        self.assertEqual(permission.has_permission(request, view), False)

        view.action = 'create'
        self.assertEqual(permission.has_permission(request, view), False)

        view.action = 'update'
        self.assertEqual(permission.has_permission(request, view), False)
        view.action = 'partial_update'
        self.assertEqual(permission.has_permission(request, view), False)
        view.action = 'destroy'
        self.assertEqual(permission.has_permission(request, view), False)
Esempio n. 10
0
    def test_has_permission_no_auth(self):
        """View level returns true if the request is a retrieve, otherwise false"""
        factory = APIRequestFactory()
        request = factory.get("api/users")
        permission = permissions.IsStaffOrTargetUser()

        view = ModelViewSet()
        view.action = "retrieve"
        self.assertEqual(permission.has_permission(request, view), True)

        view.action = "list"
        self.assertEqual(permission.has_permission(request, view), False)

        view.action = "create"
        self.assertEqual(permission.has_permission(request, view), False)

        view.action = "update"
        self.assertEqual(permission.has_permission(request, view), False)
        view.action = "partial_update"
        self.assertEqual(permission.has_permission(request, view), False)
        view.action = "destroy"
        self.assertEqual(permission.has_permission(request, view), False)
Esempio n. 11
0
    def test_has_permission_admin_user(self):
        """View level returns true if the user is staff """
        factory = APIRequestFactory()
        request = factory.get('api/users')
        request.user = self.admin
        permission = permissions.IsStaffOrTargetUser()
        force_authenticate(request, self.admin)

        view = ModelViewSet()
        view.action = 'retrieve'
        self.assertEqual(permission.has_permission(request, view), True)

        view.action = 'list'
        self.assertEqual(permission.has_permission(request, view), True)

        view.action = 'create'
        self.assertEqual(permission.has_permission(request, view), True)

        view.action = 'update'
        self.assertEqual(permission.has_permission(request, view), True)
        view.action = 'partial_update'
        self.assertEqual(permission.has_permission(request, view), True)
        view.action = 'destroy'
        self.assertEqual(permission.has_permission(request, view), True)
Esempio n. 12
0
    def test_has_permission_admin_user(self):
        """View level returns true if the user is staff """
        factory = APIRequestFactory()
        request = factory.get("api/users")
        request.user = self.admin
        permission = permissions.IsStaffOrTargetUser()
        force_authenticate(request, self.admin)

        view = ModelViewSet()
        view.action = "retrieve"
        self.assertEqual(permission.has_permission(request, view), True)

        view.action = "list"
        self.assertEqual(permission.has_permission(request, view), True)

        view.action = "create"
        self.assertEqual(permission.has_permission(request, view), True)

        view.action = "update"
        self.assertEqual(permission.has_permission(request, view), True)
        view.action = "partial_update"
        self.assertEqual(permission.has_permission(request, view), True)
        view.action = "destroy"
        self.assertEqual(permission.has_permission(request, view), True)