def test_isownerreadonly_safe(self):
factory = APIRequestFactory()
request = factory.get(reverse('eventlist-listcreate'))
perm = IsOwnerOrReadOnly()
self.assertTrue(perm.has_object_permission(request,None, self.list))
def test_isownerreadonly_non_owner(self):
factory = APIRequestFactory()
request = factory.post(reverse('eventlist-listcreate'))
request.user = self.user2
perm = IsOwnerOrReadOnly()
self.assertFalse(perm.has_object_permission(request, None, self.list))
def test_is_owner(self):
# Get should return true even for unauthenticated requests
request = self.factory.get(reverse('user-detail', args=[self.user.pk]))
view_method = UserViewset.as_view({'get': 'list'})
perm = IsOwnerOrReadOnly()
self.assertTrue(
perm.has_object_permission(request, view_method,
self.user.profile))
# Put should return false if the wrong guest is authenticated
other_user = User.objects.create_user(username="******",
email="*****@*****.**",
password="******")
view = BingoCardViewset.as_view({'put': 'update'})
request = APIRequestFactory().put(
reverse('user-detail', args=[self.user.pk]),
instance=self.user,
data={'username': '******'},
)
force_authenticate(request, user=other_user)
request = APIView().initialize_request(request)
self.assertFalse(
perm.has_object_permission(request, view_method, self.card))