Пример #1
0
    def setUp(self):            

        self.mock_request = MockRequest()
        self.mock_view = MockView()
        self.perms = IsSelfOrSuperUser()
        self.normal_user = User.objects.create_user(
            username="******", password="******", email="*****@*****.**")
        self.superuser = User.objects.create_superuser(
            username="******", password="******", email="*****@*****.**")
Пример #2
0
class PermissionsTestCase(TestCase):

    def setUp(self):            

        self.mock_request = MockRequest()
        self.mock_view = MockView()
        self.perms = IsSelfOrSuperUser()
        self.normal_user = User.objects.create_user(
            username="******", password="******", email="*****@*****.**")
        self.superuser = User.objects.create_superuser(
            username="******", password="******", email="*****@*****.**")

    def test_normal_user_cant_create_or_delete(self):
        """An normal user should not be able to create or delete a user"""

        normal_user_cant = ['create', 'delete']

        self.mock_request.user = self.normal_user 

        for action in normal_user_cant:
            self.mock_view.action = action

            result = self.perms.has_permission(self.mock_request, self.mock_view)
            assert result == False, \
                'Expect normal user doesnt not have access to CREATE.'

    def test_normal_user_can_view_and_update(self):

        normal_user_can = ['list', 'detail', 'retrieve', 'update', 'partial_update']

        self.mock_request.user = self.normal_user 

        for action in normal_user_can:
            self.mock_view.action = action

            result = self.perms.has_permission(self.mock_request, self.mock_view)
            assert result == True, \
                'Expect normal user can view and update records'


    def test_not_loggedin_user_cannot_access_anything(self):

        self.mock_request.user = AnonymousUser()
        result = self.perms.has_permission(self.mock_request, self.mock_view)
        assert result == False, \
            'Not logged in always returns False. Got: {}' . format (result)

    def test_superuser_can_do_anything(self):

        self.mock_request.user = self.superuser
        all_actions = ['list', 'detail', 'create', 'retrieve', 'destroy', 'update', 'partial_update']
        for action in all_actions:
            self.mock_view.action = action
            result = self.perms.has_permission(self.mock_request, self.mock_view)
            assert result is True, \
              'Expect superuser can access anything. got: {}' . format (result)

    def test_can_edit_self(self):

        self.mock_request.user = self.normal_user
        
        result = self.perms.has_object_permission(self.mock_request, None, self.normal_user)
        assert result is True    

    def test_cannot_edit_other_user(self):

        self.mock_request.user = self.normal_user
        
        result = self.perms.has_object_permission(self.mock_request, None, self.superuser)
        assert result is False