def test_create_with_existing_user_credential(self):
""" Verify that, if a user has already been issued a credential, further attempts to issue the same credential
will NOT create a new credential, but update the attributes of the existing credential.
"""
user_credential = UserCredentialFactory(credential__site=self.site)
self.authenticate_user(self.user)
self.add_user_permission(self.user, 'add_usercredential')
# POSTing the exact data that exists in the database should not change the UserCredential
data = self.serialize_user_credential(user_credential)
response = self.client.post(self.list_path,
data=JSONRenderer().render(data),
content_type=JSON_CONTENT_TYPE)
self.assertEqual(response.status_code, 201)
# POSTing with modified status/attributes should update the existing UserCredential
data = self.serialize_user_credential(user_credential)
expected_attribute = UserCredentialAttributeFactory.build()
data['status'] = 'revoked'
data['attributes'] = [
UserCredentialAttributeSerializer(expected_attribute).data
]
response = self.client.post(self.list_path,
data=JSONRenderer().render(data),
content_type=JSON_CONTENT_TYPE)
self.assertEqual(response.status_code, 201)
user_credential.refresh_from_db()
self.assertEqual(response.data,
self.serialize_user_credential(user_credential))
self.assertEqual(user_credential.attributes.count(), 1)
actual_attribute = user_credential.attributes.first()
self.assertEqual(actual_attribute.name, expected_attribute.name)
self.assertEqual(actual_attribute.value, expected_attribute.value)
def test_destroy(self):
""" Verify the endpoint does NOT support the DELETE operation. """
credential = UserCredentialFactory(credential__site=self.site,
status=UserCredential.AWARDED,
username=self.user.username)
path = reverse('api:v2:credentials-detail',
kwargs={'uuid': credential.uuid})
# Verify users without the view permission are denied access
self.assert_access_denied(self.user, 'delete', path)
self.authenticate_user(self.user)
self.add_user_permission(self.user, 'delete_usercredential')
response = self.client.delete(path)
credential.refresh_from_db()
self.assertEqual(credential.status, UserCredential.REVOKED)
self.assertEqual(response.status_code, 200)
self.assertEqual(response.data,
self.serialize_user_credential(credential))
def test_update(self, method):
""" Verify the endpoint supports updating the status of a UserCredential, but no other fields. """
credential = UserCredentialFactory(credential__site=self.site,
username=self.user.username)
path = reverse('api:v2:credentials-detail',
kwargs={'uuid': credential.uuid})
expected_status = UserCredential.REVOKED
data = {'status': expected_status}
# Verify users without the change permission are denied access
self.assert_access_denied(self.user, method, path, data=data)
self.authenticate_user(self.user)
self.add_user_permission(self.user, 'change_usercredential')
response = getattr(self.client, method)(path, data=data)
credential.refresh_from_db()
self.assertEqual(credential.status, expected_status)
self.assertEqual(response.status_code, 200)
self.assertEqual(response.data,
self.serialize_user_credential(credential))
