def test_authenticated_whitelisted(self):
""" An authenticated, un-whitelisted IP address should be granted permission"""
factory = APIRequestFactory()
request = factory.get('api/users')
request.user = self.user
permission = permissions.IsAuthenticatedOrWhitelist()
view = ModelViewSet()
view.action = 'retrieve'
self.assertEqual(permission.has_permission(request, view), True)
def test_has_object_permission_admin_on_admin(self):
""" Makes sure an admin user has permissions to access themselves"""
factory = APIRequestFactory()
request = factory.get('api/users')
request.user = self.admin
permission = permissions.IsStaffOrTargetUser()
view = ModelViewSet()
view.action = 'retrieve'
self.assertEqual(
permission.has_object_permission(request, view, self.admin), True)
def test_unauthenticated_not_whitelisted(self):
""" An unauthenticated, un-whitelisted IP address should not be granted permission"""
factory = APIRequestFactory()
request = factory.get('api/users')
request.META['REMOTE_ADDR'] = '255.255.255.0'
request.user = False
permission = permissions.IsAuthenticatedOrWhitelist()
view = ModelViewSet()
view.action = 'retrieve'
self.assertEqual(permission.has_permission(request, view), False)
def test_has_object_permission_user_on_admin(self):
""" Makes sure a regular user cannot access other users"""
factory = APIRequestFactory()
request = factory.get('api/users')
request.user = self.user
permission = permissions.IsStaffOrTargetUser()
view = ModelViewSet()
view.action = 'retrieve'
self.assertEqual(
permission.has_object_permission(request, view, self.admin), False)
def test_has_permission_no_auth(self):
"""View level returns true if the request is a retrieve, otherwise false"""
factory = APIRequestFactory()
request = factory.get('api/users')
permission = permissions.IsStaffOrTargetUser()
view = ModelViewSet()
view.action = 'retrieve'
self.assertEqual(permission.has_permission(request, view), True)
view.action = 'list'
self.assertEqual(permission.has_permission(request, view), False)
view.action = 'create'
self.assertEqual(permission.has_permission(request, view), False)
view.action = 'update'
self.assertEqual(permission.has_permission(request, view), False)
view.action = 'partial_update'
self.assertEqual(permission.has_permission(request, view), False)
view.action = 'destroy'
self.assertEqual(permission.has_permission(request, view), False)
def test_has_permission_admin_user(self):
"""View level returns true if the user is staff """
factory = APIRequestFactory()
request = factory.get('api/users')
request.user = self.admin
permission = permissions.IsStaffOrTargetUser()
force_authenticate(request, self.admin)
view = ModelViewSet()
view.action = 'retrieve'
self.assertEqual(permission.has_permission(request, view), True)
view.action = 'list'
self.assertEqual(permission.has_permission(request, view), True)
view.action = 'create'
self.assertEqual(permission.has_permission(request, view), True)
view.action = 'update'
self.assertEqual(permission.has_permission(request, view), True)
view.action = 'partial_update'
self.assertEqual(permission.has_permission(request, view), True)
view.action = 'destroy'
self.assertEqual(permission.has_permission(request, view), True)
