def get(self, request: HttpRequest, *args, **kwargs) -> HttpResponse:
"""Return wind direction as JSON"""
activity = self.get_object()
verify_private_owner(activity, request)
return HttpResponse(json.dumps(
dict(wind_direction=activity.wind_direction)),
content_type="application/json")
def test_verify_private_owner_with_private_activity_other_user(self):
# Given a private activity mock for another user
activity = Mock(private=True, user=sentinel.other, spec=Activity)
# and a request mock
request = Mock(user=sentinel.user)
# When verifying private owner, Then a permission denied is raised
with pytest.raises(PermissionDenied):
verify_private_owner(activity, request)
def test_verify_private_owner_with_private_activity_same_user(self):
# Given an private activity mock for user
activity = Mock(private=True, user=sentinel.user, spec=Activity)
# and a request mock
request = Mock(user=sentinel.user)
# When verifying private owner
nothing = verify_private_owner(activity, request)
# Then nothing is returned (i.e., no exception thrown)
assert nothing is None
def get_object(self, queryset: QuerySet = None) -> Activity:
"""Get activity, only allowing owner to see private activities"""
activity = super().get_object(queryset)
verify_private_owner(activity, self.request)
return activity
def get_object(self, queryset=None):
"""Get the object"""
the_object = super(BaseJSONView, self).get_object(queryset=queryset)
verify_private_owner(the_object, self.request)
return the_object