def test_relations(self): user2_json = {'username': '******', 'password': '******'} user2 = User.from_json(user2_json) db.session.add(user2) db.session.commit() user2_tasks = [{ 'title': 'destroy the state' }, { 'title': 'form cooperatives' }] user1_tasks = [{ 'title': 'form a proletarian dictatorship' }, { 'title': 'implement the 5 year plan' }, { 'title': 'decide on a successor' }] # we put the tasks 'manually' in order to not login in and out of user1 for task_json in user2_tasks: task = Task.from_json(task_json) task.user_id = user2.id db.session.add(task) db.session.commit() # create task of user1 for task in user1_tasks: response, json_response = self.client.post( url_for('api.create_task'), data=task) # get tasks of user1 response, json_response = self.client.get(url_for('api.get_tasks')) self.assertEquals(response.status_code, 200) # check if only the task of the user is given self.assertEquals(len(json_response['tasks']), 3) response_titles = [task['title'] for task in json_response['tasks']] input_titles = [task['title'] for task in user1_tasks] self.assertEquals(set(input_titles), set(response_titles)) # check if access to the tasks of user2 allowed user2_task = user2.tasks.first() response, json_response = self.client.get( url_for('api.get_task', task_id=user2_task.id)) self.assertEquals(response.status_code, 403)
def setUp(self): self.app = create_app('testing') self.app_context = self.app.app_context() self.app_context.push() db.create_all() for test_user in TEST_USERS: user = User.from_json(test_user) db.session.add(user) for test_task in TEST_TASKS: task = Task.from_json(test_task) username1 = TEST_USERS[0].get('username') user1 = User.query.filter_by(username=username1).first() task.user_id = user1.id db.session.add(task) db.session.commit()