-
Notifications
You must be signed in to change notification settings - Fork 40
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
Showing
1 changed file
with
82 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,82 @@ | ||
#!/usr/bin/env python | ||
# encoding: utf-8 | ||
|
||
from django.contrib.auth.models import AnonymousUser, User | ||
from django.test import TestCase, RequestFactory | ||
from v1.list.permissions import IsListOwner, IsItemOwner | ||
from v1.list.models import GroceryList, GroceryItem | ||
|
||
|
||
class PermissionTest(TestCase): | ||
def setUp(self): | ||
# Every test needs access to the request factory. | ||
self.factory = RequestFactory() | ||
# Create a staff user. | ||
self.staff = User.objects.create_user( | ||
username='staff', email='staff@gmail.com', password='top_secret', is_superuser=True | ||
) | ||
self.user = User.objects.create_user( | ||
username='jacob', email='jacob@gmail.com', password='top_secret' | ||
) | ||
self.list = GroceryList.objects.create(title='food', author=self.user) | ||
self.item = GroceryItem.objects.create(title='bacon', list=self.list) | ||
|
||
def test_is_list_owner_or_read_only(self): | ||
# Try and access something as an admin user. | ||
# Both get and post should have access. | ||
request = self.factory.get('/admin') | ||
request.user = self.staff | ||
self.assertTrue(IsListOwner().has_object_permission(request, None, None)) | ||
self.assertTrue(IsListOwner().has_object_permission(request, None, self.list)) | ||
request = self.factory.post('/admin') | ||
request.user = self.staff | ||
self.assertTrue(IsListOwner().has_object_permission(request, None, None)) | ||
self.assertTrue(IsListOwner().has_object_permission(request, None, self.list)) | ||
|
||
# Try and access something as an user who created th lists. | ||
# Both get and post should have access. | ||
request = self.factory.get('/admin') | ||
request.user = self.user | ||
self.assertTrue(IsListOwner().has_object_permission(request, None, self.list)) | ||
request = self.factory.post('/admin') | ||
request.user = self.user | ||
self.assertTrue(IsListOwner().has_object_permission(request, None, self.list)) | ||
|
||
# Try and access something as an anonymous user. | ||
# Both get and post should not have access. | ||
request = self.factory.get('/admin') | ||
request.user = AnonymousUser() | ||
self.assertFalse(IsListOwner().has_object_permission(request, None, self.list)) | ||
request = self.factory.post('/admin') | ||
request.user = AnonymousUser() | ||
self.assertFalse(IsListOwner().has_object_permission(request, None, self.list)) | ||
|
||
def test_is_item_owner_or_read_only(self): | ||
# Try and access something as an admin user. | ||
# Both get and post should have access. | ||
request = self.factory.get('/admin') | ||
request.user = self.staff | ||
self.assertTrue(IsItemOwner().has_object_permission(request, None, None)) | ||
self.assertTrue(IsItemOwner().has_object_permission(request, None, self.item)) | ||
request = self.factory.post('/admin') | ||
request.user = self.staff | ||
self.assertTrue(IsItemOwner().has_object_permission(request, None, None)) | ||
self.assertTrue(IsItemOwner().has_object_permission(request, None, self.item)) | ||
|
||
# Try and access something as an user who created th lists. | ||
# Both get and post should have access. | ||
request = self.factory.get('/admin') | ||
request.user = self.user | ||
self.assertTrue(IsItemOwner().has_object_permission(request, None, self.item)) | ||
request = self.factory.post('/admin') | ||
request.user = self.user | ||
self.assertTrue(IsItemOwner().has_object_permission(request, None, self.item)) | ||
|
||
# Try and access something as an anonymous user. | ||
# Both get and post should not have access. | ||
request = self.factory.get('/admin') | ||
request.user = AnonymousUser() | ||
self.assertFalse(IsItemOwner().has_object_permission(request, None, self.item)) | ||
request = self.factory.post('/admin') | ||
request.user = AnonymousUser() | ||
self.assertFalse(IsItemOwner().has_object_permission(request, None, self.item)) |