def test_destroy_demand_not_using_owner(self): request = self.factory.delete(self.url) force_authenticate(request, user=self.user) view = DemandViewSet.as_view({'delete': 'destroy'}) response = view(request, pk=self.demand2.id) demands_count = len(Demand.objects.all()) self.assertEqual(response.status_code, status.HTTP_403_FORBIDDEN) self.assertEqual(demands_count, 2)
def test_destroy_demand_using_admin_user(self): request = self.factory.delete(self.url) force_authenticate(request, user=self.admin_user) view = DemandViewSet.as_view({'delete': 'destroy'}) response = view(request, pk=self.demand1.id) demands_count = len(Demand.objects.all()) self.assertEqual(response.status_code, status.HTTP_204_NO_CONTENT) self.assertEqual(demands_count, 1)
def test_edit_demand_using_owner(self): status_before = self.demand1.status request = self.factory.patch(self.url, self.demand_data, format='json') force_authenticate(request, user=self.user) view = DemandViewSet.as_view({'patch': 'partial_update'}) response = view(request, pk=self.demand1.id) status_after = Demand.objects.filter(id=self.demand1.id)[0].status self.assertEqual(response.status_code, status.HTTP_200_OK) self.assertNotEqual(status_before, status_after)
def test_retrieve_demand_not_using_owner(self): request = self.factory.get(self.url) force_authenticate(request, user=self.user) view = DemandViewSet.as_view({'get': 'retrieve'}) response = view(request, pk=self.demand2.id) self.assertEqual(response.status_code, status.HTTP_403_FORBIDDEN)
def test_get_demands_with_authenticated_adim_user(self): request = self.factory.get(self.url) force_authenticate(request, user=self.admin_user) view = DemandViewSet.as_view({'get': 'list'}) response = view(request) self.assertEqual(response.status_code, status.HTTP_200_OK)
def test_get_demand_without_authenticated_user(self): request = self.factory.get(self.url) view = DemandViewSet.as_view({'get': 'list'}) response = view(request) self.assertEqual(response.status_code, status.HTTP_401_UNAUTHORIZED)