def test_does_not_have_object_permission(self): permission = permissions.IsMemberOfBrewingCompany() user = User.objects.create(username="******") group = Group.objects.create(name="group") request = Mock() request.user = user view = None brewing_company = models.BrewingCompany(group=group) brewery = models.Brewery(company=brewing_company) self.assertFalse( permission.has_object_permission(request, view, brewery))
def test_has_permission_not_member_of_company(self): permission = permissions.IsMemberOfBrewingCompany() user = User.objects.create(username="******") group = Group.objects.create(name="group") brewing_company = models.BrewingCompany.objects.create(group=group) request = Mock() request.user = user request.method = "POST" request.POST = { "company": brewing_company.pk, } view = None self.assertFalse(permission.has_permission(request, view))
def post(request): brewhouse_pk = http.get_data_value_or_400(request, 'brewhouse') recipe_pk = http.get_data_value_or_400(request, 'recipe') brewhouse = http.get_object_or_404(models.Brewhouse, brewhouse_pk) if not permissions.IsMemberOfBrewery().has_object_permission( request, None, brewhouse): raise http.HTTP403("No permission to access requested brewhouse.") recipe = http.get_object_or_404(models.Recipe, recipe_pk) if not permissions.IsMemberOfBrewingCompany().has_object_permission( request, None, recipe): raise http.HTTP403("No permission to access requested recipe.") recipe_instance = models.RecipeInstance.objects.create( brewhouse=brewhouse, recipe=recipe, active=True) return JsonResponse({"id": recipe_instance.pk})
def test_has_permission_safe_method(self): permission = permissions.IsMemberOfBrewingCompany() request = Mock() request.method = "GET" view = None self.assertTrue(permission.has_permission(request, view))