def test_admin_can_update_managers_task(self):
token = login(self, '*****@*****.**', 'password')
create_task(self, token, msg='manager')
# update
token = login(self, '*****@*****.**', 'password')
resp = self.update_task(1, {'title': 'toptal'}, token=token)
self.assertIn('toptal', resp.data.decode('utf-8'))
def test_user_cannot_update_others_task(self):
token = login(self, '*****@*****.**', 'password')
resp = create_task(self, token, msg='manager', user_id=6)
# update fail
token = login(self, '*****@*****.**', 'password')
resp = self.update_task(1, {'title': 'toptal'}, token=token)
self.assertEqual(resp.status_code, 403) # unauthorized
def test_normal_cannot_delete_others(self):
token = login(self, '*****@*****.**', 'password')
resp = create_task(self, token, msg='normal')
self.assertEqual(resp.status_code, 200)
token = login(self, '*****@*****.**', 'password')
resp = self.delete_task(1, token=token)
self.assertEqual(resp.status_code, 403)
def test_admin_can_delete_managers_task(self):
token = login(self, '*****@*****.**', 'password')
resp = create_task(self, token, msg='manager')
self.assertEqual(resp.status_code, 200)
token = login(self, '*****@*****.**', 'password')
resp = self.delete_task(1, token=token)
self.check_task_deleted(1)
def test_admin_can_create_managers_task(self):
token = login(self, '*****@*****.**', 'password')
resp = create_task(self, token, msg='manager', user_id=3)
self.assertIn('manager', resp.data.decode('utf-8'))
# read to verify
token = login(self, '*****@*****.**', 'password')
resp = send_get_request(self, 'api/v1/tasks/1', token=token)
self.assertIn('manager', resp.data.decode('utf-8'))
def test_user_can_update_own(self):
token = login(self, '*****@*****.**', 'password')
create_task(self, token, msg='normal')
resp = self.update_task(1, {'title': 'toptal'}, token=token)
self.assertIn('toptal', resp.data.decode('utf-8'))
def test_user_can_create_own(self):
token = login(self, '*****@*****.**', 'password')
resp = create_task(self, token, msg='normal')
self.assertIn('normal', resp.data.decode('utf-8'))
def test_manager_cannot_create_others_task(self):
token = login(self, '*****@*****.**', 'password')
resp = create_task(self, token, msg='normal', user_id=5)
data = json.loads(resp.data.decode('utf-8'))
self.assertNotEqual(data['user_id'], 5)
self.assertEqual(data['user_id'], 3)
def test_user_can_delete_own(self):
token = login(self, '*****@*****.**', 'password')
resp = create_task(self, token, msg='normal')
self.assertEqual(resp.status_code, 200)
resp = self.delete_task(1, token=token)
self.check_task_deleted(1)
def test_user_cannot_read_all(self):
token = login(self, '*****@*****.**', 'password')
resp = create_task(self, token, msg='normal')
resp = send_get_request(self, 'api/v1/tasks/all', token=token)
self.assertNotIn('normal', resp.data.decode('utf-8'))
def test_man_can_read_own(self):
token = login(self, '*****@*****.**', 'password')
resp = create_task(self, token, msg='man')
self.assertIn('70', resp.data.decode('utf-8'))
resp = send_get_request(self, 'api/v1/tasks/1', token=token)
self.assertIn('man', resp.data.decode('utf-8'))
def test_admin_can_read_normals_task(self):
token = login(self, '*****@*****.**', 'password')
resp = create_task(self, token, msg='normal')
token = login(self, '*****@*****.**', 'password')
resp = send_get_request(self, 'api/v1/tasks/1', token=token)
self.assertIn('normal', resp.data.decode('utf-8'))
