-
Notifications
You must be signed in to change notification settings - Fork 3
/
Copy pathtest_async_api_permissions.py
227 lines (190 loc) · 8.55 KB
/
test_async_api_permissions.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
from datetime import datetime, timedelta
import django
import pytest
from asgiref.sync import sync_to_async
from .easy_app.controllers import (
AdminSitePermissionAPIController,
AutoGenCrudAPIController,
PermissionAPIController,
)
from .easy_app.models import Client, Event, Type
from .test_async_other_apis import dummy_data
@pytest.mark.skipif(django.VERSION < (3, 1), reason="requires django 3.1 or higher")
@pytest.mark.django_db
class TestPermissionController:
async def test_demo(self, easy_api_client):
client = easy_api_client(PermissionAPIController)
response = await client.get(
"/must_be_authenticated/?word=authenticated",
content_type="application/json",
)
assert response.status_code == 200
assert response.json().get("data")["says"] == "authenticated"
client = easy_api_client(PermissionAPIController)
response = await client.get(
"/must_be_admin_user/?word=admin",
)
assert response.status_code == 403
with pytest.raises(KeyError):
assert response.json().get("data")["says"] == "admin"
client = easy_api_client(PermissionAPIController, is_staff=True)
response = await client.get(
"/must_be_admin_user/?word=admin",
)
assert response.status_code == 200
assert response.json().get("data")["says"] == "admin"
client = easy_api_client(PermissionAPIController)
response = await client.get(
"/must_be_super_user/?word=superuser",
)
assert response.status_code == 403
with pytest.raises(KeyError):
assert response.json().get("data")["says"] == "superuser"
client = easy_api_client(PermissionAPIController, is_superuser=True)
response = await client.get(
"/must_be_super_user/?word=superuser",
)
assert response.status_code == 200
assert response.json().get("data")["says"] == "superuser"
async def test_perm(self, transactional_db, easy_api_client):
client = easy_api_client(PermissionAPIController)
response = await client.get("/test_perm/", query=dict(word="normal"))
assert response.status_code == 200
assert response.json().get("data")["says"] == "normal"
client = easy_api_client(PermissionAPIController, is_staff=True)
response = await client.get("/test_perm/", query=dict(word="staff"))
assert response.status_code == 200
assert response.json().get("data")["says"] == "staff"
async def test_perm_only_super(self, transactional_db, easy_api_client):
client = easy_api_client(PermissionAPIController)
response = await client.get("/test_perm_only_super/")
assert response.status_code == 403
assert response.json().get("data") == {
"detail": "You do not have permission to perform this action."
}
client = easy_api_client(PermissionAPIController)
response = await client.get("/test_perm_only_super/")
assert response.status_code == 403
assert response.json().get("data") == {
"detail": "You do not have permission to perform this action."
}
client = easy_api_client(PermissionAPIController, is_superuser=True)
response = await client.get("/test_perm_only_super/")
assert response.status_code == 200
assert response.json().get("data")["title"] == "test_event_title"
async def test_perm_admin_site(self, transactional_db, easy_api_client):
# None-admin users
client = easy_api_client(PermissionAPIController)
response = await client.get(
"/test_perm_admin_site/", query=dict(word="non-admin")
)
assert response.status_code == 403
assert response.json().get("data") == {
"detail": "You do not have permission to perform this action."
}
# Staff users
client = easy_api_client(PermissionAPIController, is_staff=True, has_perm=True)
response = await client.get("/test_perm_admin_site/", query=dict(word="staff"))
assert response.status_code == 200
assert response.json()["data"]["says"] == "staff"
@pytest.mark.skipif(django.VERSION < (3, 1), reason="requires django 3.1 or higher")
@pytest.mark.django_db
class TestAdminSitePermissionController:
async def test_perm_auto_apis_delete(self, transactional_db, easy_api_client):
client = easy_api_client(AdminSitePermissionAPIController)
# Test delete
object_data = dummy_data.copy()
object_data.update(title=f"{object_data['title']}_get")
event = await sync_to_async(Event.objects.create)(**object_data)
response = await client.get(
f"/{event.id}",
)
assert response.status_code == 403
response = await client.delete(
f"/{event.id}",
)
assert response.status_code == 403
assert response.json().get("data") == {
"detail": "You do not have permission to perform this action."
}
# Super users
client = easy_api_client(AutoGenCrudAPIController, is_superuser=True)
response = await client.delete(
f"/{event.id}",
)
assert response.status_code == 200
response = await client.get(
f"/{event.id}",
)
assert response.status_code == 200
assert response.json().get("code") == 404
async def test_perm_auto_apis_patch(self, transactional_db, easy_api_client):
client = easy_api_client(AdminSitePermissionAPIController)
object_data = dummy_data.copy()
event = await sync_to_async(Event.objects.create)(**object_data)
response = await client.get(
f"/{event.id}",
)
assert response.status_code == 403
assert response.json().get("data") == {
"detail": "You do not have permission to perform this action."
}
# Staff users
client = easy_api_client(AutoGenCrudAPIController, is_staff=True)
response = await client.get(
f"/{event.id}",
)
assert response.json().get("data")["title"] == f"{object_data['title']}"
client_g = await sync_to_async(Client.objects.create)(
name="Client G for Unit Testings", key="G"
)
client_h = await sync_to_async(Client.objects.create)(
name="Client H for Unit Testings", key="H"
)
new_data = dict(
id=event.id,
title=f"{object_data['title']}_patch",
start_date=str((datetime.now() + timedelta(days=10)).date()),
end_date=str((datetime.now() + timedelta(days=20)).date()),
owner=[client_g.id, client_h.id],
)
client = easy_api_client(AdminSitePermissionAPIController)
response = await client.patch(
f"/{event.id}", json=new_data, content_type="application/json"
)
assert response.status_code == 403
assert response.json().get("data") == {
"detail": "You do not have permission to perform this action."
}
# Super users
client = easy_api_client(AutoGenCrudAPIController, is_superuser=True)
response = await client.patch(
f"/{event.id}", json=new_data, content_type="application/json"
)
assert response.json().get("message") == "Updated."
response = await client.get(
f"/{event.id}",
)
assert response.status_code == 200
assert response.json().get("data")["title"] == "AsyncAPIEvent_patch"
assert response.json().get("data")["start_date"] == str(
(datetime.now() + timedelta(days=10)).date()
)
assert response.json().get("data")["end_date"] == str(
(datetime.now() + timedelta(days=20)).date()
)
async def test_perm_auto_apis_add(self, transactional_db, easy_api_client):
client = easy_api_client(AdminSitePermissionAPIController)
type = await sync_to_async(Type.objects.create)(name="TypeForCreating")
object_data = dummy_data.copy()
object_data.update(title=f"{object_data['title']}_create")
object_data.update(type_id=type.id)
response = await client.put(
"/", json=object_data, content_type="application/json"
)
assert response.status_code == 403
client = easy_api_client(AdminSitePermissionAPIController, is_superuser=True)
response = await client.put(
"/", json=object_data, content_type="application/json"
)
assert response.status_code == 200