def setUp(self):
self.mock_request = MockRequest()
self.mock_view = MockView()
self.perms = IsSelfOrSuperUser()
self.normal_user = User.objects.create_user(username="******",
password="******",
email="*****@*****.**")
self.superuser = User.objects.create_superuser(username="******",
password="******",
email="*****@*****.**")
def setUp(self):
self.mock_request = MockRequest()
self.mock_view = MockView()
self.perms = IsSelfOrSuperUser()
self.normal_user = User.objects.create_user(
username="******", password="******", email="*****@*****.**")
self.superuser = User.objects.create_superuser(
username="******", password="******", email="*****@*****.**")
class PermissionsTestCase(TestCase):
def setUp(self):
self.mock_request = MockRequest()
self.mock_view = MockView()
self.perms = IsSelfOrSuperUser()
self.normal_user = User.objects.create_user(username="******",
password="******",
email="*****@*****.**")
self.superuser = User.objects.create_superuser(username="******",
password="******",
email="*****@*****.**")
def test_normal_user_cant_create_or_delete(self):
"""An normal user should not be able to create or delete a user"""
normal_user_cant = ['create', 'delete']
self.mock_request.user = self.normal_user
for action in normal_user_cant:
self.mock_view.action = action
result = self.perms.has_permission(self.mock_request,
self.mock_view)
assert result == False, \
'Expect normal user doesnt not have access to CREATE.'
def test_normal_user_can_view_and_update(self):
normal_user_can = [
'list', 'detail', 'retrieve', 'update', 'partial_update'
]
self.mock_request.user = self.normal_user
for action in normal_user_can:
self.mock_view.action = action
result = self.perms.has_permission(self.mock_request,
self.mock_view)
assert result == True, \
'Expect normal user can view and update records'
def test_not_loggedin_user_cannot_access_anything(self):
self.mock_request.user = AnonymousUser()
result = self.perms.has_permission(self.mock_request, self.mock_view)
assert result == False, \
'Not logged in always returns False. Got: {}' . format (result)
def test_superuser_can_do_anything(self):
self.mock_request.user = self.superuser
all_actions = [
'list', 'detail', 'create', 'retrieve', 'destroy', 'update',
'partial_update'
]
for action in all_actions:
self.mock_view.action = action
result = self.perms.has_permission(self.mock_request,
self.mock_view)
assert result is True, \
'Expect superuser can access anything. got: {}' . format (result)
def test_can_edit_self(self):
self.mock_request.user = self.normal_user
result = self.perms.has_object_permission(self.mock_request, None,
self.normal_user)
assert result is True
def test_cannot_edit_other_user(self):
self.mock_request.user = self.normal_user
result = self.perms.has_object_permission(self.mock_request, None,
self.superuser)
assert result is False
class PermissionsTestCase(TestCase):
def setUp(self):
self.mock_request = MockRequest()
self.mock_view = MockView()
self.perms = IsSelfOrSuperUser()
self.normal_user = User.objects.create_user(
username="******", password="******", email="*****@*****.**")
self.superuser = User.objects.create_superuser(
username="******", password="******", email="*****@*****.**")
def test_normal_user_cant_create_or_delete(self):
"""An normal user should not be able to create or delete a user"""
normal_user_cant = ['create', 'delete']
self.mock_request.user = self.normal_user
for action in normal_user_cant:
self.mock_view.action = action
result = self.perms.has_permission(self.mock_request, self.mock_view)
assert result == False, \
'Expect normal user doesnt not have access to CREATE.'
def test_normal_user_can_view_and_update(self):
normal_user_can = ['list', 'detail', 'retrieve', 'update', 'partial_update']
self.mock_request.user = self.normal_user
for action in normal_user_can:
self.mock_view.action = action
result = self.perms.has_permission(self.mock_request, self.mock_view)
assert result == True, \
'Expect normal user can view and update records'
def test_not_loggedin_user_cannot_access_anything(self):
self.mock_request.user = AnonymousUser()
result = self.perms.has_permission(self.mock_request, self.mock_view)
assert result == False, \
'Not logged in always returns False. Got: {}' . format (result)
def test_superuser_can_do_anything(self):
self.mock_request.user = self.superuser
all_actions = ['list', 'detail', 'create', 'retrieve', 'destroy', 'update', 'partial_update']
for action in all_actions:
self.mock_view.action = action
result = self.perms.has_permission(self.mock_request, self.mock_view)
assert result is True, \
'Expect superuser can access anything. got: {}' . format (result)
def test_can_edit_self(self):
self.mock_request.user = self.normal_user
result = self.perms.has_object_permission(self.mock_request, None, self.normal_user)
assert result is True
def test_cannot_edit_other_user(self):
self.mock_request.user = self.normal_user
result = self.perms.has_object_permission(self.mock_request, None, self.superuser)
assert result is False