def test_post_with_permission(self):
request = self.factory.post('/api/project', {
'title': 'test',
'description': 'some text',
'technology': 'django'
})
request.user = self.admin_user
permission_check = IsAdminUser()
permission = permission_check.has_permission(request, None)
self.assertTrue(permission)
def print_debug_message(self, request):
print('============ {}: {}'.format(request.method,
request.build_absolute_uri()))
print('header --%s--' % request.META.get('HTTP_AUTHORIZATION'))
print('AllowAny:', AllowAny.has_permission(self, request, view))
print('IsAuthenticatedOrReadOnly:',
IsAuthenticatedOrReadOnly.has_permission(self, request, view))
print('IsAuthenticated:',
IsAuthenticated.has_permission(self, request, view))
print('IsAdminUser:'******'request.user', request.user)
print('request user is auth', request.user.is_authenticated)
print('request user is staff', request.user.is_staff)
print('request user is super', request.user.is_superuser)
def test_access_user_permission(self):
request = self.factory.get('/api/project')
request.user = self.random_user
permission_check = IsAdminUser()
permission = permission_check.has_permission(request, None)
self.assertFalse(permission)
def update(self, request, *args, **kwargs):
if not IsAdminUser.has_permission(None, request, self):
if request.data.get('issuer', None):
del request.data['issuer']
return super().update(request, *args, **kwargs)
def has_permission(self, request, view):
return (IsClientOwner.has_permission(self, request, view)
or IsAdminUser.has_permission(self, request, view))
def get_queryset(self):
if IsAdminUser.has_permission(None, self.request, self):
return self.queryset.all()
else:
return self.queryset.filter(pk=self.request.user.id)
