def test_create_with_existing_user_credential(self): """ Verify that, if a user has already been issued a credential, further attempts to issue the same credential will NOT create a new credential, but update the attributes of the existing credential. """ user_credential = UserCredentialFactory(credential__site=self.site) self.authenticate_user(self.user) self.add_user_permission(self.user, 'add_usercredential') # POSTing the exact data that exists in the database should not change the UserCredential data = self.serialize_user_credential(user_credential) response = self.client.post(self.list_path, data=JSONRenderer().render(data), content_type=JSON_CONTENT_TYPE) self.assertEqual(response.status_code, 201) # POSTing with modified status/attributes should update the existing UserCredential data = self.serialize_user_credential(user_credential) expected_attribute = UserCredentialAttributeFactory.build() data['status'] = 'revoked' data['attributes'] = [ UserCredentialAttributeSerializer(expected_attribute).data ] response = self.client.post(self.list_path, data=JSONRenderer().render(data), content_type=JSON_CONTENT_TYPE) self.assertEqual(response.status_code, 201) user_credential.refresh_from_db() self.assertEqual(response.data, self.serialize_user_credential(user_credential)) self.assertEqual(user_credential.attributes.count(), 1) actual_attribute = user_credential.attributes.first() self.assertEqual(actual_attribute.name, expected_attribute.name) self.assertEqual(actual_attribute.value, expected_attribute.value)
def test_destroy(self): """ Verify the endpoint does NOT support the DELETE operation. """ credential = UserCredentialFactory(credential__site=self.site, status=UserCredential.AWARDED, username=self.user.username) path = reverse('api:v2:credentials-detail', kwargs={'uuid': credential.uuid}) # Verify users without the view permission are denied access self.assert_access_denied(self.user, 'delete', path) self.authenticate_user(self.user) self.add_user_permission(self.user, 'delete_usercredential') response = self.client.delete(path) credential.refresh_from_db() self.assertEqual(credential.status, UserCredential.REVOKED) self.assertEqual(response.status_code, 200) self.assertEqual(response.data, self.serialize_user_credential(credential))
def test_update(self, method): """ Verify the endpoint supports updating the status of a UserCredential, but no other fields. """ credential = UserCredentialFactory(credential__site=self.site, username=self.user.username) path = reverse('api:v2:credentials-detail', kwargs={'uuid': credential.uuid}) expected_status = UserCredential.REVOKED data = {'status': expected_status} # Verify users without the change permission are denied access self.assert_access_denied(self.user, method, path, data=data) self.authenticate_user(self.user) self.add_user_permission(self.user, 'change_usercredential') response = getattr(self.client, method)(path, data=data) credential.refresh_from_db() self.assertEqual(credential.status, expected_status) self.assertEqual(response.status_code, 200) self.assertEqual(response.data, self.serialize_user_credential(credential))