def test_can_delete(self):
"""
Assert that each user can only delete their own reviews
"""
review1 = factories.ReviewFactory(reviewer=self.user.reviewer)
review2 = factories.ReviewFactory(reviewer=self.user.reviewer)
# first reviewer can delete his review
client = APIClient()
client.credentials(HTTP_AUTHORIZATION='Token ' + self.token.key)
response = client.delete('/api/reviews/{}/'.format(review1.pk))
self.assertEqual(response.status_code, status.HTTP_204_NO_CONTENT)
# second user cannot
client = APIClient()
client.credentials(HTTP_AUTHORIZATION='Token ' + self.token2.key)
response = client.delete('/api/reviews/{}/'.format(review2.pk))
self.assertEqual(response.status_code, status.HTTP_404_NOT_FOUND)
def test_can_get_list(self):
review1 = factories.ReviewFactory(reviewer=self.user.reviewer,
title='reviewer1_title1')
review1b = factories.ReviewFactory(reviewer=self.user.reviewer,
title='reviewer1_title1b')
review2 = factories.ReviewFactory(reviewer=self.user2.reviewer,
title='reviewer2_title1')
# reviewer 1 sees their stuff
client = APIClient()
client.credentials(HTTP_AUTHORIZATION='Token ' + self.token.key)
response = client.get('/api/reviews/')
self.assertEqual(response.status_code, status.HTTP_200_OK)
titles = set([i.get('title') for i in response.data])
self.assertEqual(titles, {review1.title, review1b.title})
# reviewer 2 sees their stuff
client = APIClient()
client.credentials(HTTP_AUTHORIZATION='Token ' + self.token2.key)
response = client.get('/api/reviews/')
self.assertEqual(response.status_code, status.HTTP_200_OK)
titles = set([i.get('title') for i in response.data])
self.assertEqual(titles, {review2.title})
def test_can_get_detail(self):
"""
Assert that each user can only get their own reviews
"""
review1 = factories.ReviewFactory(reviewer=self.user.reviewer,
title='private_review')
# for the first user
client = APIClient()
client.credentials(HTTP_AUTHORIZATION='Token ' + self.token.key)
response = client.get('/api/reviews/{}/'.format(review1.pk))
self.assertEqual(response.status_code, status.HTTP_200_OK)
self.assertEqual(response.data['title'], 'private_review')
# second user -- can't see it
client = APIClient()
client.credentials(HTTP_AUTHORIZATION='Token ' + self.token2.key)
response = client.get('/api/reviews/{}/'.format(review1.pk))
self.assertEqual(response.status_code, status.HTTP_404_NOT_FOUND)
def test_can_edit(self):
"""
Assert that each user can only edit their own reviews
"""
review1 = factories.ReviewFactory(reviewer=self.user.reviewer)
# first reviewer can edit his review
data = {'title': "new_and_improved"}
client = APIClient()
client.credentials(HTTP_AUTHORIZATION='Token ' + self.token.key)
response = client.patch('/api/reviews/{}/'.format(review1.pk),
data,
format='json')
self.assertEqual(response.status_code, status.HTTP_200_OK)
self.assertEqual(response.data['title'], 'new_and_improved')
# second user cannot
data = {'title': "not_mine"}
client = APIClient()
client.credentials(HTTP_AUTHORIZATION='Token ' + self.token2.key)
response = client.patch('/api/reviews/{}/'.format(review1.pk),
data,
format='json')
self.assertEqual(response.status_code, status.HTTP_404_NOT_FOUND)
def test_filter_queryset(self, mock_req):
"""
Assert that reviewers can only see their own reviews
:param mock_req:
:return:
"""
mock_view = mock.Mock()
company = factories.CompanyFactory(name='company1')
company2 = factories.CompanyFactory(name='company2')
user1 = factories.UserFactory(username='******')
user2 = factories.UserFactory(username='******')
user3 = factories.UserFactory(username='******')
user4 = factories.UserFactory(username='******', reviewer=None)
r1 = factories.ReviewFactory(reviewer=user1.reviewer, company=company)
r2 = factories.ReviewFactory(reviewer=user2.reviewer, company=company)
r3 = factories.ReviewFactory(reviewer=user2.reviewer, company=company2)
r4 = factories.ReviewFactory(reviewer=user3.reviewer, company=company)
r5 = factories.ReviewFactory(reviewer=user3.reviewer, company=company)
r6 = factories.ReviewFactory(reviewer=user3.reviewer, company=company2)
queryset = Review.objects.all()
f = IsReviewerFilterBackend()
for i, u in enumerate([user1, user2, user3]):
mock_req.user = u
expected_ret = Review.objects.filter(reviewer=u.reviewer)
ret = f.filter_queryset(mock_req, queryset, mock_view)
self.assertEqual(set(expected_ret), set(ret))
# user without a reviewer
mock_req.user = user4
ret = f.filter_queryset(mock_req, queryset, mock_view)
self.assertEqual(len(ret), 0)