Пример #1
0
    def test_delete(self):
        """Test that deleting users is not a semantically valid action"""

        url = "/api/users/{0!s}"

        all_users = self.users

        expected_results = defaultdict(
            lambda: {
                'status': [
                    status.HTTP_405_METHOD_NOT_ALLOWED, status.
                    HTTP_403_FORBIDDEN
                ],
                'reason':
                "Default response should be no access"
            })

        for user in all_users:
            with self.subTest(
                    user=user,
                    expected_statuses=expected_results[(user, )]['status'],
                    reason=expected_results[(user, )]['reason']):
                user_that_exists = DataCreationUtilities.create_test_user()
                response = self.clients[user].delete(
                    url.format(user_that_exists['id']))

                logging.debug(response)

                self.assertIn(response.status_code,
                              expected_results[(user, )]['status'])
Пример #2
0
    def test_put_or_patch_to_other(self):
        """
        Test that put/patch on users is not a semantically valid action
        This will probably change in future versions
        """
        url = "/api/users/{0!s}"

        all_users = self.users

        expected_results = defaultdict(
            lambda: {
                'status': status.HTTP_403_FORBIDDEN,
                'reason': "Default response should be no access"
            })

        expected_results[('gov_admin', )] = ({
            'status':
            status.HTTP_200_OK,
            'reason':
            "Admin should have write access"
        })

        for index, user in enumerate(all_users):
            with self.subTest(
                    user=user,
                    expected_status=expected_results[(user, )]['status'],
                    reason=expected_results[(user, )]['reason']):
                user_that_exists = DataCreationUtilities.create_test_user()

                payload = {
                    'first_name': 'Test',
                    'last_name': 'Pilot',
                    'email': 'test_pilot_{0!s}@test.com'.format(index),
                    'phone': '5558675309',
                    'username': '******'.format(index),
                    'display_name': 'Canary',
                    'roles': (5, 6),
                    'is_active': True
                }

                response = self.clients[user].put(
                    url.format(user_that_exists['id']),
                    content_type='application/json',
                    data=json.dumps(payload))

                logging.debug(response)

                self.assertEqual(response.status_code,
                                 expected_results[(user, )]['status'], "PUT")

                payload = {'first_name': 'Defaced'}

                response = self.clients[user].patch(
                    url.format(user_that_exists['id']),
                    content_type='application/json',
                    data=json.dumps(payload))
                logging.debug(response)

                self.assertEqual(response.status_code,
                                 expected_results[(user, )]['status'], "PATCH")
Пример #3
0
    def test_get_by_username(self):
        """
        Test that getting another user directly is not a valid action
        unless you have an admin role
        """

        url = "/api/users/by_username?username={0!s}"

        all_users = self.users

        user_that_exists = DataCreationUtilities.create_test_user()

        expected_results = defaultdict(
            lambda: {
                'status': status.HTTP_403_FORBIDDEN,
                'reason': "Default response should be no access"
            })

        expected_results[('gov_admin', )] = {
            'status': status.HTTP_200_OK,
            'reason': 'Admin should have read access to users'
        }

        for user in all_users:
            with self.subTest(
                    user=user,
                    expected_status=expected_results[(user, )]['status'],
                    reason=expected_results[(user, )]['reason']):
                response = self.clients[user].get(
                    url.format(user_that_exists['username']))

                logging.debug(response.content.decode('utf-8'))

                self.assertEqual(response.status_code,
                                 expected_results[(user, )]['status'])