def test_workflow_detail_delete(self): pk_workflow = self.workflow1.id request = self._build_delete('/api/workflows/%d/' % pk_workflow, user=self.user) response = workflow_detail(request, workflow_id=pk_workflow) self.assertIs(response.status_code, status.HTTP_204_NO_CONTENT) self.assertEqual(Workflow.objects.filter(name='Workflow 1').count(), 0)
def test_workflow_detail_delete_unauthorized_is_403(self): count_before = Workflow.objects.count() pk_workflow = self.workflow1.id request = self._build_delete('/api/workflows/%d/' % pk_workflow, user=self.otheruser) # has no permission response = workflow_detail(request, workflow_id=pk_workflow) self.assertIs(response.status_code, status.HTTP_403_FORBIDDEN) self.assertEqual(Workflow.objects.count(), count_before)
def test_workflow_public_post(self): pk_workflow = self.workflow1.id request = self._build_post('/api/workflows/%d' % pk_workflow, {'public': True}, user=self.user) response = workflow_detail(request, workflow_id=pk_workflow) self.assertIs(response.status_code, status.HTTP_204_NO_CONTENT) self.workflow1.refresh_from_db() self.assertEqual(self.workflow1.public, True)
def test_workflow_detail_delete_missing_is_404(self): # It's okay because the thing that leads to this might be a user # double-clicking on a "delete" button. count_before = Workflow.objects.count() pk_workflow = self.workflow1.id + 999 # does not exist request = self._build_delete("/api/workflows/%d/" % pk_workflow, user=self.user) response = workflow_detail(request, workflow_id=pk_workflow) self.assertIs(response.status_code, status.HTTP_404_NOT_FOUND) self.assertEqual(Workflow.objects.count(), count_before)