From f795fe8cba2e6a1edc3b6e7284aecaf6cd0fc1de Mon Sep 17 00:00:00 2001
From: "ryan.noelk" <ryannoelk@gmail.com>
Date: Thu, 5 Apr 2018 23:48:52 +0200
Subject: [PATCH] adding some more asserts

---
 v1/common/tests/test_permission.py | 25 ++++++++++++++++---------
 1 file changed, 16 insertions(+), 9 deletions(-)

diff --git a/v1/common/tests/test_permission.py b/v1/common/tests/test_permission.py
index 208f3da..9cbf3a7 100644
--- a/v1/common/tests/test_permission.py
+++ b/v1/common/tests/test_permission.py
@@ -10,31 +10,38 @@ class PermissionTest(TestCase):
     def setUp(self):
         # Every test needs access to the request factory.
         self.factory = RequestFactory()
+        # Create a staff user.
         self.user = User.objects.create_user(
             username='jacob', email='jacob@gmail.com', password='top_secret', is_staff=True
         )
 
-    def test_is_owner_admin(self):
-        # Recall that middleware are not supported. You can simulate a
-        # logged-in user by setting request.user manually.
+    def test_is_owner_or_read_only(self):
+        # Try and access something as an admin user.
+        # Both get and post should have access.
         request = self.factory.get('/admin')
         request.user = self.user
         self.assertTrue(
             IsOwnerOrReadOnly().has_permission(request, None)
         )
+        self.assertTrue(
+            IsOwnerOrReadOnly().has_object_permission(request, None, None)
+        )
         request = self.factory.post('/admin')
         request.user = self.user
         self.assertTrue(
             IsOwnerOrReadOnly().has_permission(request, None)
         )
 
-        # Or you can simulate an anonymous user by setting request.user to
-        # an AnonymousUser instance.
+        # Try and access something as an anonymous user.
+        # Both get should have access but post shouldn't.
         request = self.factory.get('/admin')
         request.user = AnonymousUser()
         self.assertTrue(
             IsOwnerOrReadOnly().has_permission(request, None)
         )
+        self.assertTrue(
+            IsOwnerOrReadOnly().has_object_permission(request, None, None)
+        )
         request = self.factory.post('/admin')
         request.user = AnonymousUser()
         self.assertFalse(
@@ -42,8 +49,8 @@ def test_is_owner_admin(self):
         )
 
     def test_is_admin_or_read_only(self):
-        # Recall that middleware are not supported. You can simulate a
-        # logged-in user by setting request.user manually.
+        # Try and access something as an admin user.
+        # Both get and post should have access.
         request = self.factory.get('/admin')
         request.user = self.user
         self.assertTrue(
@@ -55,8 +62,8 @@ def test_is_admin_or_read_only(self):
             IsAdminOrReadOnly().has_permission(request, None)
         )
 
-        # Or you can simulate an anonymous user by setting request.user to
-        # an AnonymousUser instance.
+        # Try and access something as an anonymous user.
+        # Both get should have access but post shouldn't.
         request = self.factory.get('/admin')
         request.user = AnonymousUser()
         self.assertTrue(