def test_should_not_allow_unicef_viewers_to_view_users(self): user = UserFactory() self.log_unicef_viewer_in() response = self.client.get(ENDPOINT_URL + str(user.id) + '/') self.assertEqual(response.status_code, 403)
def test_should_not_allow_implementing_partner_editors_to_view_users(self): user = UserFactory() self.log_ip_editor_in() response = self.client.get(ENDPOINT_URL + str(user.id) + '/') self.assertEqual(response.status_code, 403)
def test_should_not_allow_unicef_editors_to_edit_users(self): user = UserFactory() self.log_unicef_editor_in() response = self.client.put( ENDPOINT_URL + str(user.id) + '/', { 'id': str(user.id), 'username': '******', 'email': '*****@*****.**', 'first_name': 'f name', 'last_name': 'l name' }) self.assertEqual(response.status_code, 403)