def retrieve(self, request, pk=None):
post = get_object_or_404(self.queryset, pk=pk)
access = UserAccess(request.user)
if access.can_view(post.project):
serializer = self.serializer_class(post)
return Response(serializer.data, status=status.HTTP_200_OK)
else:
return Response(status=status.HTTP_404_NOT_FOUND)
def test_create_project_access_owner(self):
path = self.access_url.format(self.owned_project.id)
data = {'user': self.other_user.id, 'can_edit': True}
resp = self.client.post(path, data=data)
self.assertEqual(resp.status_code, 201)
self.assertIn('can_edit', resp.data)
self.assertTrue(resp.data['can_edit'])
user = UserAccess(self.other_user)
self.assertTrue(user.can_edit(self.owned_project))
self.assertTrue(user.can_view(self.owned_project))
ProjectAccess.objects.get(
user=self.other_user,
project=self.owned_project,
).delete()
def test_create_project_access_owner(self):
path = self.access_url.format(self.owned_project.id)
data = {'user': self.other_user.id, 'can_edit': True}
resp = self.client.post(path, data=data)
self.assertEqual(resp.status_code, 201)
self.assertIn('can_edit', resp.data)
self.assertTrue(resp.data['can_edit'])
user = UserAccess(self.other_user)
self.assertTrue(user.can_edit(self.owned_project))
self.assertTrue(user.can_view(self.owned_project))
ProjectAccess.objects.get(
user=self.other_user,
project=self.owned_project,
).delete()