Permalink
Browse files

add tests for per user authorization get/delete methods

  • Loading branch information...
1 parent a04b8e6 commit 683bd4b67facd0a908cac2723f9fee01ad1d342c @bmihelac committed Jan 27, 2011
Showing with 11 additions and 1 deletion.
  1. +11 −1 tests/core/tests/resources.py
@@ -1784,6 +1784,16 @@ def test_per_user_authorization(self):
self.assertEqual(punr.obj_get_list(request=authed_request2).count(), 2)
self.assertEqual(list(punr.get_object_list(authed_request).values_list('id', flat=True)), [1, 2])
self.assertEqual(list(punr.get_object_list(authed_request2).values_list('id', flat=True)), [4, 6])
+
+ # Demonstrate that a user cannot get or delete objects he is not
+ # permitted
+ authed_request3 = type('MockRequest', (object,), {'GET': {},
+ 'META': {},
+ 'user': User.objects.get(username='johndoe')})
+ resp = punr.get_detail(authed_request3, pk=4)
+ self.assertEqual(resp.status_code, 410)
+ resp = punr.delete_detail(authed_request3, pk=4)
+ self.assertEqual(resp.status_code, 410)
def test_browser_cache(self):
resource = NoteResource()
@@ -1945,4 +1955,4 @@ def test_debug_off(self):
self.assertEqual(resp.content, '{"error_message": "Oops, you bwoke it."}')
self.assertEqual(len(mail.outbox), 3)
mail.outbox = []
-
+

0 comments on commit 683bd4b

Please sign in to comment.