def test_schema_security_drf_condition():
"""
Checks for security objects with DRF bitwise conditional operators
"""
class DRF_Cond_ViewSet(OauthProtectedAuthorViewSet):
# this is a crazy example just to make sure all the recursive code is covered
permission_classes = [(IsAuthenticated & DjangoModelPermissions)
| ~(TokenMatchesOASRequirements & AllowAny),
~AllowAny | (IsAdminUser & IsAuthenticated),
(TokenMatchesOASRequirements & AllowAny) |
(IsAuthenticated & DjangoModelPermissions),
~TokenMatchesOASRequirements]
path = '/authors/'
method = 'GET'
view = create_view_with_kw(DRF_Cond_ViewSet, method, create_request(path),
{'get': 'list'})
inspector = AutoSchema()
inspector.view = view
with override_settings(OAUTH2_CONFIG=oauth2_config):
operation = inspector.get_operation(path, method)
assert 'security' in operation
assert {'oauth': ['scope1', 'scope2']} in operation['security']
assert {'oauth': ['scope3', 'scope4']} in operation['security']
assert {'basicAuth': []} in operation['security']
assert {'cookieAuth': []} in operation['security']
def test_schema_security_rest_condition():
"""
Checks for security objects with rest_condition operator methods
"""
class Rest_Cond_ViewSet(OauthProtectedAuthorViewSet):
permission_classes = [
Or(And(IsAuthenticated, DjangoModelPermissions),
And(Not(TokenMatchesOASRequirements), AllowAny)),
]
path = '/authors/'
method = 'GET'
view = create_view_with_kw(Rest_Cond_ViewSet, method, create_request(path),
{'get': 'list'})
inspector = AutoSchema()
inspector.view = view
with override_settings(OAUTH2_CONFIG=oauth2_config):
operation = inspector.get_operation(path, method)
assert 'security' in operation
assert {'oauth': ['scope1', 'scope2']} in operation['security']
assert {'oauth': ['scope3', 'scope4']} in operation['security']
assert {'basicAuth': []} in operation['security']
assert {'cookieAuth': []} in operation['security']
def test_delete_request(snapshot):
method = "DELETE"
path = "/authors/{id}"
view = create_view_with_kw(
views.AuthorViewSet, method, create_request(path), {"delete": "delete"}
)
inspector = AutoSchema()
inspector.view = view
operation = inspector.get_operation(path, method)
snapshot.assert_match(json.dumps(operation, indent=2, sort_keys=True))
def test_path_with_id_parameter(snapshot):
path = "/authors/{id}/"
method = "GET"
view = create_view_with_kw(
views.AuthorViewSet, method, create_request(path), {"get": "retrieve"}
)
inspector = AutoSchema()
inspector.view = view
operation = inspector.get_operation(path, method)
snapshot.assert_match(json.dumps(operation, indent=2, sort_keys=True))
def test_patch_request(snapshot):
method = "PATCH"
path = "/authors/{id}"
view = create_view_with_kw(
views.AuthorViewSet, method, create_request(path), {"patch": "update"}
)
inspector = AutoSchema()
inspector.view = view
operation = inspector.get_operation(path, method)
assert snapshot == json.dumps(operation, indent=2, sort_keys=True)
def test_path_without_parameters(snapshot):
path = "/authors/"
method = "GET"
view = create_view_with_kw(
views.AuthorViewSet, method, create_request(path), {"get": "list"}
)
inspector = AutoSchema()
inspector.view = view
operation = inspector.get_operation(path, method)
assert snapshot == json.dumps(operation, indent=2, sort_keys=True)
def test_patch_request(snapshot):
method = 'PATCH'
path = '/authors/{id}'
view = create_view_with_kw(
views.AuthorViewSet,
method,
create_request(path),
{'patch': 'update'}
)
inspector = AutoSchema()
inspector.view = view
operation = inspector.get_operation(path, method)
snapshot.assert_match(json.dumps(operation, indent=2, sort_keys=True))
def test_path_without_parameters(snapshot):
path = '/authors/'
method = 'GET'
view = create_view_with_kw(
views.AuthorViewSet,
method,
create_request(path),
{'get': 'list'}
)
inspector = AutoSchema()
inspector.view = view
operation = inspector.get_operation(path, method)
snapshot.assert_match(json.dumps(operation, indent=2, sort_keys=True))
def test_schema_security_list():
"""
Checks for security objects
"""
path = '/authors/'
method = 'GET'
view = create_view_with_kw(OauthProtectedAuthorViewSet, method,
create_request(path), {'get': 'list'})
inspector = AutoSchema()
inspector.view = view
with override_settings(OAUTH2_CONFIG=oauth2_config):
operation = inspector.get_operation(path, method)
assert 'security' in operation
assert len(operation['security']) == 4
assert operation['security'][0] == {'oauth': ['scope1', 'scope2']}
assert operation['security'][1] == {'oauth': ['scope3', 'scope4']}
assert operation['security'][2] == {'basicAuth': []}
assert operation['security'][3] == {'cookieAuth': []}
