예제 #1
0
def test_employments_delete(employment: Employment, other_user: User,
                            other_employment: Employment):
    """ Ensures admins can delete employments but non-admin employees cannot.
    """

    assert employment.role == Employment.ROLE_ADMIN
    user = employment.user
    company = employment.company
    target_employment = Employment.objects.create(company=company,
                                                  user=other_user,
                                                  role=Employment.ROLE_NORMAL)

    client = APIClient()
    client.force_authenticate(user)

    # Part one - delete the company where the user is admin
    resp = client.delete(
        client.reverse('employment-detail', pk=target_employment.id))
    validate_response_status_code(resp, 204)
    assert not Employment.objects.filter(id=target_employment.id).exists()

    # Part two - try to delete an unrelated company - this should not be allowed
    resp = client.delete(
        client.reverse('employment-detail', pk=other_employment.id))
    validate_jsonapi_error_response(resp, expected_status_code=404)
    assert Employment.objects.filter(id=other_employment.id).exists()
예제 #2
0
def test_companies_delete(employment: Employment, other_company: Company):
    """ Ensures admins can delete companies but non-admin employees cannot.
    """

    assert employment.role == Employment.ROLE_ADMIN
    user = employment.user
    company = employment.company

    client = APIClient()
    client.force_authenticate(user)

    # Part one - delete the company where the user is admin
    resp = client.delete(client.reverse('company-detail', pk=company.id))
    validate_response_status_code(resp, 204)
    assert not Company.objects.filter(id=company.id).exists()

    # Part two - try to delete an unrelated company - this should not be allowed
    resp = client.delete(client.reverse('company-detail', pk=other_company.id))
    validate_jsonapi_error_response(resp, expected_status_code=403)
    assert Company.objects.filter(id=other_company.id).exists()