def test_delete(self):
"""Test that deleting users is not a semantically valid action"""
url = "/api/users/{0!s}"
all_users = self.users
expected_results = defaultdict(
lambda: {
'status': [
status.HTTP_405_METHOD_NOT_ALLOWED, status.
HTTP_403_FORBIDDEN
],
'reason':
"Default response should be no access"
})
for user in all_users:
with self.subTest(
user=user,
expected_statuses=expected_results[(user, )]['status'],
reason=expected_results[(user, )]['reason']):
user_that_exists = DataCreationUtilities.create_test_user()
response = self.clients[user].delete(
url.format(user_that_exists['id']))
logging.debug(response)
self.assertIn(response.status_code,
expected_results[(user, )]['status'])
def test_put_or_patch_to_other(self):
"""
Test that put/patch on users is not a semantically valid action
This will probably change in future versions
"""
url = "/api/users/{0!s}"
all_users = self.users
expected_results = defaultdict(
lambda: {
'status': status.HTTP_403_FORBIDDEN,
'reason': "Default response should be no access"
})
expected_results[('gov_admin', )] = ({
'status':
status.HTTP_200_OK,
'reason':
"Admin should have write access"
})
for index, user in enumerate(all_users):
with self.subTest(
user=user,
expected_status=expected_results[(user, )]['status'],
reason=expected_results[(user, )]['reason']):
user_that_exists = DataCreationUtilities.create_test_user()
payload = {
'first_name': 'Test',
'last_name': 'Pilot',
'email': 'test_pilot_{0!s}@test.com'.format(index),
'phone': '5558675309',
'username': '******'.format(index),
'display_name': 'Canary',
'roles': (5, 6),
'is_active': True
}
response = self.clients[user].put(
url.format(user_that_exists['id']),
content_type='application/json',
data=json.dumps(payload))
logging.debug(response)
self.assertEqual(response.status_code,
expected_results[(user, )]['status'], "PUT")
payload = {'first_name': 'Defaced'}
response = self.clients[user].patch(
url.format(user_that_exists['id']),
content_type='application/json',
data=json.dumps(payload))
logging.debug(response)
self.assertEqual(response.status_code,
expected_results[(user, )]['status'], "PATCH")
def test_get_by_username(self):
"""
Test that getting another user directly is not a valid action
unless you have an admin role
"""
url = "/api/users/by_username?username={0!s}"
all_users = self.users
user_that_exists = DataCreationUtilities.create_test_user()
expected_results = defaultdict(
lambda: {
'status': status.HTTP_403_FORBIDDEN,
'reason': "Default response should be no access"
})
expected_results[('gov_admin', )] = {
'status': status.HTTP_200_OK,
'reason': 'Admin should have read access to users'
}
for user in all_users:
with self.subTest(
user=user,
expected_status=expected_results[(user, )]['status'],
reason=expected_results[(user, )]['reason']):
response = self.clients[user].get(
url.format(user_that_exists['username']))
logging.debug(response.content.decode('utf-8'))
self.assertEqual(response.status_code,
expected_results[(user, )]['status'])