def test_auth_edit(self): self.create_messages() message_data = {'content': 'edited'} serialized = json.dumps(message_data) url = '/api/message/%s/' % self.normal_message.id # this request is not authorized resp = self.app.put(url, data=serialized) self.assertEqual(resp.status_code, 401) # authorized, but user does not exist in database resp = self.app.put(url, data=serialized, headers=self.auth_headers('xxx', 'xxx')) self.assertEqual(resp.status_code, 401) # authorized, user in database, but not owner resp = self.app.put(url, data=serialized, headers=self.auth_headers('admin', 'admin')) self.assertEqual(resp.status_code, 403) # authorized, user in database, is owner resp = self.app.put(url, data=serialized, headers=self.auth_headers('normal', 'normal')) self.assertEqual(resp.status_code, 200) obj = Message.get(id=self.normal_message.id) self.assertEqual(obj.content, 'edited')
def test_create(self): message_data = {'content': 'test'} serialized = json.dumps(message_data) # authorized as an admin self.login(self.normal) resp = self.app.post('/api/message', data=serialized) self.assertEqual(resp.status_code, 200) new_message = Message.get(content='test') self.assertEqual(new_message.user, self.normal) self.assertAPIMessage(resp.get_json(), new_message)
def test_create(self): message_data = {'content': 'test'} serialized = json.dumps(message_data) # authorized as an admin resp = self.app.post('/api/message/', data=serialized, headers=self.auth_headers('normal', 'normal')) self.assertEqual(resp.status_code, 200) new_message = Message.get(content='test') self.assertEqual(new_message.user, self.normal) resp_json = self.response_json(resp) self.assertAPIMessage(resp_json, new_message)
def test_edit(self): self.create_messages() message_data = {'content': 'edited'} serialized = json.dumps(message_data) url = '/api/message/%s' % self.normal_message.id # authorized as normal self.login(self.normal) resp = self.app.put(url, data=serialized) self.assertEqual(resp.status_code, 200) message = Message.get(id=self.normal_message.id) self.assertEqual(message.content, 'edited') self.assertAPIMessage(resp.get_json(), message)
def test_edit(self): self.create_messages() message_data = {'content': 'edited'} serialized = json.dumps(message_data) url = '/api/message/%s/' % self.normal_message.id # authorized as normal resp = self.app.put(url, data=serialized, headers=self.auth_headers('normal', 'normal')) self.assertEqual(resp.status_code, 200) message = Message.get(id=self.normal_message.id) self.assertEqual(message.content, 'edited') resp_json = self.response_json(resp) self.assertAPIMessage(resp_json, message)
def test_auth_edit(self): self.create_messages() message_data = {'content': 'edited'} serialized = json.dumps(message_data) url = '/api/message/%s' % self.normal_message.id # this request is not authorized resp = self.app.put(url, data=serialized) self.assertEqual(resp.status_code, 403) # authorized, user in database, but not owner self.login(self.inactive) resp = self.app.put(url, data=serialized) self.assertEqual(resp.status_code, 403) # authorized, user in database, is owner self.login(self.normal) resp = self.app.put(url, data=serialized) self.assertEqual(resp.status_code, 200) obj = Message.get(id=self.normal_message.id) self.assertEqual(obj.content, 'edited')