def test_unauthorized_access(self): """ 1. Try access to permissions controllers with wrong api key """ api = AuthService(self.API_URL, auth=(self.application.id, 'wrong-secret-token'), append_slash=True) self.assertEqual(401, api.permissions.GET().status_code) self.assertEqual(401, api.permissions(self.permission.id).GET().status_code) self.assertEqual(401, api.users(self.user.id).permissions.POST(data=dict(code=self.permission.code)).status_code) self.assertEqual(401, api.users(self.user.id).permissions(self.permission.code).DELETE().status_code)
def test_application_permissions(self): """ 1. Create one more application 2. Access to application permissions with first app 3. Access to application permissions with second app 4. Access to application permission details """ # Step 1 second_application = CampusApplication.objects.create(title='Student service', access_token='secret-token') second_permission = CampusPermission.objects.create(application=second_application, code='add-student', title='Add student', description='Indicate can user add students or not') CampusPermission.objects.create(application=second_application, code='edit-student', title='Edit student') # Step 2 first_app_api = AuthService(self.API_URL, auth=(self.application.id, 'secret-token'), append_slash=True) response = first_app_api.permissions.GET() self.assertEqual(200, response.status_code) self.assertEqual(1, response.json().get('meta').get('total_count')) self.assertEqual('add-entrant', response.json().get('objects')[0]['code']) # Step 3 second_app_api = AuthService(self.API_URL, auth=(second_application.id, 'secret-token'), append_slash=True) response = second_app_api.permissions.GET() self.assertEqual(200, response.status_code) self.assertEqual(2, response.json().get('meta').get('total_count')) self.assertSetEqual( {'add-student', 'edit-student'}, {response.json().get('objects')[0]['code'], response.json().get('objects')[1]['code']} ) # Step 4 response = second_app_api.permissions(second_permission.code).GET() self.assertEqual(200, response.status_code) self.assertEqual(second_permission.title, response.json()['title']) self.assertEqual(second_permission.description, response.json()['description']) self.assertEqual(second_permission.code, response.json()['code'])