def test_metadata_view_for_owner_only(self):
request = APIRequestFactory().get('/')
alice_data = {'username': '******', 'email': '*****@*****.**'}
bob_profile = self._create_user_profile()
alice_profile = self._create_user_profile(extra_post_data=alice_data)
request.user = bob_profile.user
bob_serializer = UserProfileSerializer(instance=bob_profile,
context={'request': request})
self.assertIn('metadata', bob_serializer.data.keys())
alice_serializer = UserProfileSerializer(instance=alice_profile,
context={'request': request})
self.assertNotIn('metadata', alice_serializer.data.keys())
self.assertEqual(bob_profile.user.username,
bob_serializer.data['username'])
self.assertEqual(alice_profile.user.username,
alice_serializer.data['username'])
def star(self, request, *args, **kwargs):
user = request.user
project = get_object_or_404(Project, pk=kwargs.get('pk'))
if request.method == 'DELETE':
project.user_stars.remove(user)
elif request.method == 'POST':
project.user_stars.add(user)
elif request.method == 'GET':
users = project.user_stars.values('pk')
user_profiles = UserProfile.objects.filter(user__in=users)
serializer = UserProfileSerializer(user_profiles,
context={'request': request},
many=True)
return Response(serializer.data)
return Response(status=status.HTTP_204_NO_CONTENT)