def test_should_not_allow_unicef_viewers_to_view_users(self):
user = UserFactory()
self.log_unicef_viewer_in()
response = self.client.get(ENDPOINT_URL + str(user.id) + '/')
self.assertEqual(response.status_code, 403)
def test_should_not_allow_implementing_partner_editors_to_view_users(self):
user = UserFactory()
self.log_ip_editor_in()
response = self.client.get(ENDPOINT_URL + str(user.id) + '/')
self.assertEqual(response.status_code, 403)
def test_should_not_allow_unicef_editors_to_edit_users(self):
user = UserFactory()
self.log_unicef_editor_in()
response = self.client.put(
ENDPOINT_URL + str(user.id) + '/', {
'id': str(user.id),
'username': '******',
'email': '*****@*****.**',
'first_name': 'f name',
'last_name': 'l name'
})
self.assertEqual(response.status_code, 403)