def test_post_with_permission(self): request = self.factory.post('/api/project', { 'title': 'test', 'description': 'some text', 'technology': 'django' }) request.user = self.admin_user permission_check = IsAdminUser() permission = permission_check.has_permission(request, None) self.assertTrue(permission)
def print_debug_message(self, request): print('============ {}: {}'.format(request.method, request.build_absolute_uri())) print('header --%s--' % request.META.get('HTTP_AUTHORIZATION')) print('AllowAny:', AllowAny.has_permission(self, request, view)) print('IsAuthenticatedOrReadOnly:', IsAuthenticatedOrReadOnly.has_permission(self, request, view)) print('IsAuthenticated:', IsAuthenticated.has_permission(self, request, view)) print('IsAdminUser:'******'request.user', request.user) print('request user is auth', request.user.is_authenticated) print('request user is staff', request.user.is_staff) print('request user is super', request.user.is_superuser)
def test_access_user_permission(self): request = self.factory.get('/api/project') request.user = self.random_user permission_check = IsAdminUser() permission = permission_check.has_permission(request, None) self.assertFalse(permission)
def update(self, request, *args, **kwargs): if not IsAdminUser.has_permission(None, request, self): if request.data.get('issuer', None): del request.data['issuer'] return super().update(request, *args, **kwargs)
def has_permission(self, request, view): return (IsClientOwner.has_permission(self, request, view) or IsAdminUser.has_permission(self, request, view))
def get_queryset(self): if IsAdminUser.has_permission(None, self.request, self): return self.queryset.all() else: return self.queryset.filter(pk=self.request.user.id)