class IsStaffOrOwnerTests(TestCase): """ Tests for IsStaffOrOwner permission class. """ def setUp(self): super(IsStaffOrOwnerTests, self).setUp() self.permission = IsStaffOrOwner() self.request = RequestFactory().get('/') self.obj = TestObject() def assert_user_has_object_permission(self, user, permitted): """ Asserts whether or not the user has permission to access an object. Arguments user (User) permitted (boolean) """ self.request.user = user self.assertEqual( self.permission.has_object_permission(self.request, None, self.obj), permitted) def test_staff_user(self): """ Staff users should be permitted. """ user = UserFactory.create(is_staff=True) self.assert_user_has_object_permission(user, True) def test_owner(self): """ Owners should be permitted. """ user = UserFactory.create() self.obj.user = user self.assert_user_has_object_permission(user, True) def test_non_staff_test_non_owner_or_staff_user(self): """ Non-staff and non-owner users should not be permitted. """ user = UserFactory.create() self.assert_user_has_object_permission(user, False) def test_has_permission_as_staff(self): """ Staff users always have permission. """ self.request.user = UserFactory.create(is_staff=True) self.assertTrue(self.permission.has_permission(self.request, None)) def test_has_permission_as_owner(self): """ Owners always have permission. """ user = UserFactory.create() request = RequestFactory().get('/?username={}'.format(user.username)) request.user = user self.assertTrue(self.permission.has_permission(request, None)) def test_has_permission_as_non_owner(self): """ Non-owners should not have permission. """ user = UserFactory.create() request = RequestFactory().get('/?username={}'.format(user.username)) request.user = UserFactory.create() self.assertFalse(self.permission.has_permission(request, None))
class IsStaffOrOwnerTests(TestCase): """ Tests for IsStaffOrOwner permission class. """ def setUp(self): super(IsStaffOrOwnerTests, self).setUp() self.permission = IsStaffOrOwner() self.request = RequestFactory().get('/') self.obj = TestObject() def assert_user_has_object_permission(self, user, permitted): """ Asserts whether or not the user has permission to access an object. Arguments user (User) permitted (boolean) """ self.request.user = user self.assertEqual(self.permission.has_object_permission(self.request, None, self.obj), permitted) def test_staff_user(self): """ Staff users should be permitted. """ user = UserFactory.create(is_staff=True) self.assert_user_has_object_permission(user, True) def test_owner(self): """ Owners should be permitted. """ user = UserFactory.create() self.obj.user = user self.assert_user_has_object_permission(user, True) def test_non_staff_test_non_owner_or_staff_user(self): """ Non-staff and non-owner users should not be permitted. """ user = UserFactory.create() self.assert_user_has_object_permission(user, False) def test_has_permission_as_staff(self): """ Staff users always have permission. """ self.request.user = UserFactory.create(is_staff=True) self.assertTrue(self.permission.has_permission(self.request, None)) def test_has_permission_as_owner(self): """ Owners always have permission. """ user = UserFactory.create() request = RequestFactory().get('/?username={}'.format(user.username)) request.user = user self.assertTrue(self.permission.has_permission(request, None)) def test_has_permission_as_non_owner(self): """ Non-owners should not have permission. """ user = UserFactory.create() request = RequestFactory().get('/?username={}'.format(user.username)) request.user = UserFactory.create() self.assertFalse(self.permission.has_permission(request, None))
def setUp(self): super(IsStaffOrOwnerTests, self).setUp() self.permission = IsStaffOrOwner() self.request = RequestFactory().get("/") self.obj = TestObject()
class IsStaffOrOwnerTests(TestCase): """ Tests for IsStaffOrOwner permission class. """ def setUp(self): super(IsStaffOrOwnerTests, self).setUp() self.permission = IsStaffOrOwner() self.request = RequestFactory().get("/") self.obj = TestObject() def assert_user_has_object_permission(self, user, permitted): """ Asserts whether or not the user has permission to access an object. Arguments user (User) permitted (boolean) """ self.request.user = user self.assertEqual(self.permission.has_object_permission(self.request, None, self.obj), permitted) def test_staff_user(self): """ Staff users should be permitted. """ user = UserFactory.create(is_staff=True) self.assert_user_has_object_permission(user, True) def test_owner(self): """ Owners should be permitted. """ user = UserFactory.create() self.obj.user = user self.assert_user_has_object_permission(user, True) def test_non_staff_test_non_owner_or_staff_user(self): """ Non-staff and non-owner users should not be permitted. """ user = UserFactory.create() self.assert_user_has_object_permission(user, False) def test_has_permission_as_staff(self): """ Staff users always have permission. """ self.request.user = UserFactory.create(is_staff=True) self.assertTrue(self.permission.has_permission(self.request, None)) def test_has_permission_as_owner_with_get(self): """ Owners always have permission to make GET actions. """ user = UserFactory.create() request = RequestFactory().get("/?username={}".format(user.username)) request.user = user self.assertTrue(self.permission.has_permission(request, None)) @ddt.data("patch", "post", "put") def test_has_permission_as_owner_with_edit(self, action): """ Owners always have permission to edit. """ user = UserFactory.create() data = {"username": user.username} request = getattr(RequestFactory(), action)("/", data, format="json") request.user = user request.data = data # Note (CCB): This is a hack that should be fixed. (ECOM-3171) self.assertTrue(self.permission.has_permission(request, None)) def test_has_permission_as_non_owner(self): """ Non-owners should not have permission. """ user = UserFactory.create() request = RequestFactory().get("/?username={}".format(user.username)) request.user = UserFactory.create() self.assertFalse(self.permission.has_permission(request, None))
def setUp(self): super(IsStaffOrOwnerTests, self).setUp() self.permission = IsStaffOrOwner() self.request = RequestFactory().get('/') self.obj = TestObject()
class IsStaffOrOwnerTests(TestCase): """ Tests for IsStaffOrOwner permission class. """ def setUp(self): super(IsStaffOrOwnerTests, self).setUp() self.permission = IsStaffOrOwner() self.request = RequestFactory().get('/') self.obj = TestObject() def assert_user_has_object_permission(self, user, permitted): """ Asserts whether or not the user has permission to access an object. Arguments user (User) permitted (boolean) """ self.request.user = user self.assertEqual( self.permission.has_object_permission(self.request, None, self.obj), permitted) def test_staff_user(self): """ Staff users should be permitted. """ user = UserFactory(is_staff=True) self.assert_user_has_object_permission(user, True) def test_owner(self): """ Owners should be permitted. """ user = UserFactory() self.obj.user = user self.assert_user_has_object_permission(user, True) def test_non_staff_test_non_owner_or_staff_user(self): """ Non-staff and non-owner users should not be permitted. """ user = UserFactory() self.assert_user_has_object_permission(user, False) def test_has_permission_as_staff(self): """ Staff users always have permission. """ self.request.user = UserFactory(is_staff=True) self.assertTrue(self.permission.has_permission(self.request, None)) def test_has_permission_as_owner_with_get(self): """ Owners always have permission to make GET actions. """ user = UserFactory() request = RequestFactory().get('/?username={}'.format(user.username)) request.user = user self.assertTrue(self.permission.has_permission(request, None)) def test_has_permission_with_view_kwargs_as_owner_with_get(self): """ Owners always have permission to make GET actions. """ user = UserFactory() self.request.user = user view = GenericAPIView() view.kwargs = {'username': user.username} self.assertTrue(self.permission.has_permission(self.request, view)) @ddt.data('patch', 'post', 'put') def test_has_permission_as_owner_with_edit(self, action): """ Owners always have permission to edit. """ user = UserFactory() data = {'username': user.username} request = getattr(RequestFactory(), action)('/', data, format='json') request.user = user request.data = data # Note (CCB): This is a hack that should be fixed. (ECOM-3171) self.assertTrue(self.permission.has_permission(request, None)) def test_has_permission_as_non_owner(self): """ Non-owners should not have permission. """ user = UserFactory() request = RequestFactory().get('/?username={}'.format(user.username)) request.user = UserFactory() self.assertFalse(self.permission.has_permission(request, None)) def test_has_permission_with_view_kwargs_as_non_owner(self): """ Non-owners should not have permission. """ user = UserFactory() self.request.user = user view = GenericAPIView() view.kwargs = {'username': UserFactory().username} self.assertFalse(self.permission.has_permission(self.request, view))
class IsStaffOrOwnerTests(TestCase): """ Tests for IsStaffOrOwner permission class. """ shard = 2 def setUp(self): super(IsStaffOrOwnerTests, self).setUp() self.permission = IsStaffOrOwner() self.request = RequestFactory().get('/') self.obj = TestObject() def assert_user_has_object_permission(self, user, permitted): """ Asserts whether or not the user has permission to access an object. Arguments user (User) permitted (boolean) """ self.request.user = user self.assertEqual(self.permission.has_object_permission(self.request, None, self.obj), permitted) def test_staff_user(self): """ Staff users should be permitted. """ user = UserFactory(is_staff=True) self.assert_user_has_object_permission(user, True) def test_owner(self): """ Owners should be permitted. """ user = UserFactory() self.obj.user = user self.assert_user_has_object_permission(user, True) def test_non_staff_test_non_owner_or_staff_user(self): """ Non-staff and non-owner users should not be permitted. """ user = UserFactory() self.assert_user_has_object_permission(user, False) def test_has_permission_as_staff(self): """ Staff users always have permission. """ self.request.user = UserFactory(is_staff=True) self.assertTrue(self.permission.has_permission(self.request, None)) def test_has_permission_as_owner_with_get(self): """ Owners always have permission to make GET actions. """ user = UserFactory() request = RequestFactory().get('/?username={}'.format(user.username)) request.user = user self.assertTrue(self.permission.has_permission(request, None)) def test_has_permission_with_view_kwargs_as_owner_with_get(self): """ Owners always have permission to make GET actions. """ user = UserFactory() self.request.user = user view = GenericAPIView() view.kwargs = {'username': user.username} self.assertTrue(self.permission.has_permission(self.request, view)) @ddt.data('patch', 'post', 'put') def test_has_permission_as_owner_with_edit(self, action): """ Owners always have permission to edit. """ user = UserFactory() data = {'username': user.username} request = getattr(RequestFactory(), action)('/', data, format='json') request.user = user request.data = data # Note (CCB): This is a hack that should be fixed. (ECOM-3171) self.assertTrue(self.permission.has_permission(request, None)) def test_has_permission_as_non_owner(self): """ Non-owners should not have permission. """ user = UserFactory() request = RequestFactory().get('/?username={}'.format(user.username)) request.user = UserFactory() self.assertFalse(self.permission.has_permission(request, None)) def test_has_permission_with_view_kwargs_as_non_owner(self): """ Non-owners should not have permission. """ user = UserFactory() self.request.user = user view = GenericAPIView() view.kwargs = {'username': UserFactory().username} self.assertFalse(self.permission.has_permission(self.request, view))
def setUp(self): super(IsStaffOrOwnerTests, self).setUp() # lint-amnesty, pylint: disable=super-with-arguments self.permission = IsStaffOrOwner() self.request = RequestFactory().get('/') self.obj = TestObject()