def test_should_not_list_users(self):
url = reverse("api:user-profile-list")
request = factory.get(url)
force_authenticate(request, user=AnonymousUser())
view = UserProfileViewSet.as_view({'get': 'list'})
response = view(request)
failure_msg = "Users should not have access granted to the list of users"
self.assertEqual(response.status_code, 403, failure_msg)
def test_should_retrieve_profile(self):
"""
This test will attempt to make request as user alice to the profile of user alice.
It is expected that HTTP status code 200 will be returned.
"""
url = reverse("api:user-profile-detail", kwargs={'user__username': self.user1.username})
request = factory.get(url)
force_authenticate(request, user=self.user1)
view = UserProfileViewSet.as_view({'get': 'retrieve'})
response = view(request, user__username=self.user1.username)
failure_msg = "User should be able to access his/her profile"
self.assertEqual(response.status_code, 200, failure_msg)
def test_should_list_profiles(self):
"""
Admin should be able to list all available profiles
"""
url = reverse("api:user-profile-list")
request = factory.get(url)
force_authenticate(request, user=self.admin)
view = UserProfileViewSet.as_view({'get': 'list'})
response = view(request)
failure_msg = "Admin should have access granted to the list of users' profiles."
self.assertEqual(response.status_code, 200, format_failure_message(failure_msg, response.data))
self.assertEqual(len(response.data), UserProfile.objects.all().count())
def test_should_not_retrieve_others_profile(self):
"""
This test will attempt to make request as user bob to the profile of user alice.
It is expected that HTTP status code 403 (Forbidden) will be returned.
"""
url = reverse("api:user-profile-detail", kwargs={'user__username': self.user1.username})
request = factory.get(url)
force_authenticate(request, user=self.user2)
view = UserProfileViewSet.as_view({'get': 'retrieve'})
response = view(request, user__username=self.user1.username)
failure_msg = 'User should not have access to a profile belonging to someone else.'
self.assertEqual(response.status_code, 403, failure_msg)
def test_should_create_profile(self):
"""
Administrator should be able to create new profile for an existing user
"""
new_profile = {
"is_employer": False,
"user": self.user2.username
}
url = reverse("api:user-profile-list")
request = factory.post(url, data=new_profile)
force_authenticate(request, user=self.admin)
view = UserProfileViewSet.as_view({'post': 'create'})
response = view(request)
failure_msg = "Admin should be able to create new profile for an existing user."
self.assertEqual(response.status_code, 201, format_failure_message(failure_msg, response.data))
def test_should_not_update_profile(self):
"""
User should not be able to update others profile
"""
is_employer = self.user1.userprofile.is_employer
update_data = {
'is_employer': not is_employer
}
url = reverse("api:user-profile-detail", kwargs={'user__username': self.user1.username})
request = factory.patch(url, data=update_data)
force_authenticate(request, user=self.user2)
view = UserProfileViewSet.as_view({'patch': 'partial_update'})
response = view(request, user__username=self.user1.username)
failure_msg = "User should not be able to update others profile."
self.assertEqual(response.status_code, 403, format_failure_message(failure_msg, response.data))
def test_should_not_create_profile(self):
"""
User alice should not be able to create a profile for user bob
"""
new_profile = {
"is_employer": False,
"user": self.user2.username
}
url = reverse("api:user-profile-list")
request = factory.post(url, data=new_profile)
force_authenticate(request, user=self.user1)
view = UserProfileViewSet.as_view({'post': 'create'})
response = view(request)
failure_msg = "User should not be able to create a profile for someone else."
self.assertEqual(response.status_code, 403, format_failure_message(failure_msg, response.data))
def test_should_retrieve_matched_profile_in_reverse(self):
"""
This test will attempt to make request as user bob to the profile of user alice when they were matched.
It is expected that HTTP status code 200 (OK) will be returned.
"""
entity1, _ = Entity.objects.get_or_create(user_profile=self.user1_profile)
entity2, _ = Entity.objects.get_or_create(user_profile=self.user2_profile)
entity1.match = entity2
entity1.save()
url = reverse("api:user-profile-detail", kwargs={'user__username': self.user1.username})
request = factory.get(url)
force_authenticate(request, user=self.user2)
view = UserProfileViewSet.as_view({'get': 'retrieve'})
response = view(request, user__username=self.user1.username)
failure_msg = 'User should be able to see who is matching him/her.'
self.assertEqual(response.status_code, 200, failure_msg)
entity1.delete()
entity2.delete()
