def test_destroy_demand_not_using_owner(self):
request = self.factory.delete(self.url)
force_authenticate(request, user=self.user)
view = DemandViewSet.as_view({'delete': 'destroy'})
response = view(request, pk=self.demand2.id)
demands_count = len(Demand.objects.all())
self.assertEqual(response.status_code, status.HTTP_403_FORBIDDEN)
self.assertEqual(demands_count, 2)
def test_destroy_demand_using_admin_user(self):
request = self.factory.delete(self.url)
force_authenticate(request, user=self.admin_user)
view = DemandViewSet.as_view({'delete': 'destroy'})
response = view(request, pk=self.demand1.id)
demands_count = len(Demand.objects.all())
self.assertEqual(response.status_code, status.HTTP_204_NO_CONTENT)
self.assertEqual(demands_count, 1)
def test_edit_demand_using_owner(self):
status_before = self.demand1.status
request = self.factory.patch(self.url, self.demand_data, format='json')
force_authenticate(request, user=self.user)
view = DemandViewSet.as_view({'patch': 'partial_update'})
response = view(request, pk=self.demand1.id)
status_after = Demand.objects.filter(id=self.demand1.id)[0].status
self.assertEqual(response.status_code, status.HTTP_200_OK)
self.assertNotEqual(status_before, status_after)
def test_retrieve_demand_not_using_owner(self):
request = self.factory.get(self.url)
force_authenticate(request, user=self.user)
view = DemandViewSet.as_view({'get': 'retrieve'})
response = view(request, pk=self.demand2.id)
self.assertEqual(response.status_code, status.HTTP_403_FORBIDDEN)
def test_get_demands_with_authenticated_adim_user(self):
request = self.factory.get(self.url)
force_authenticate(request, user=self.admin_user)
view = DemandViewSet.as_view({'get': 'list'})
response = view(request)
self.assertEqual(response.status_code, status.HTTP_200_OK)
def test_get_demand_without_authenticated_user(self):
request = self.factory.get(self.url)
view = DemandViewSet.as_view({'get': 'list'})
response = view(request)
self.assertEqual(response.status_code, status.HTTP_401_UNAUTHORIZED)