Преглед изворни кода

Feature: Add permission tests for pin-pravicy option

pull/178/head
winkidney пре 4 година
родитељ
комит
d303e7aa26
1 измењених фајлова са 77 додато и 5 уклоњено
  1. +77
    -5
      core/tests/api.py

+ 77
- 5
core/tests/api.py Прегледај датотеку

@@ -5,11 +5,17 @@ import mock
from rest_framework import status
from rest_framework.test import APITestCase

from django_images.models import Thumbnail
from taggit.models import Tag

from .helpers import create_image, create_user, create_pin
from core.models import Pin, Image
from core.models import Pin, Image, Board


def _teardown_models():
Pin.objects.all().delete()
Image.objects.all().delete()
Tag.objects.all().delete()
Board.objects.all().delete()


def mock_requests_get(url, **kwargs):
@@ -29,6 +35,73 @@ class ImageTests(APITestCase):
self.assertEqual(response.status_code, 403, response.data)


class PrivacyTests(APITestCase):
_JSON_TYPE = "application/json"

def setUp(self):
super(PrivacyTests, self).setUp()
self.owner = create_user("default")
self.non_owner = create_user("non_owner")

with mock.patch('requests.get', mock_requests_get):
image = Image.objects.create_for_url('http://a.com/b.png')
self.private_pin = Pin.objects.create(
submitter=self.owner,
image=image,
private=True,
)
self.private_pin_url = reverse("pin-detail", kwargs={"pk": self.private_pin.pk})

self.board = Board.objects.create(name="test_board", submitter=self.owner)
self.board.pins.add(self.private_pin)
self.board.save()
self.board_url = reverse("board-detail", kwargs={"pk": self.board.pk})

def tearDown(self):
_teardown_models()

def test_should_non_owner_and_anonymous_user_has_no_permission_to_list_private_pin(self):
resp = self.client.get(reverse("pin-list"))
self.assertEqual(len(resp.data['results']), 0, resp.data)

self.client.login(username=self.non_owner.username, password='password')
resp = self.client.get(reverse("pin-list"))
self.assertEqual(len(resp.data['results']), 0, resp.data)

def test_should_non_owner_and_anonymous_user_has_no_permission_to_list_private_pin_in_board(self):
resp = self.client.get(self.board_url)
self.assertEqual(len(resp.data['pins_detail']), 0, resp.data)
self.client.login(username=self.non_owner.username, password='password')

resp = self.client.get(self.board_url)
self.assertEqual(len(resp.data['pins_detail']), 0, resp.data)

def test_should_owner_user_has_permission_to_list_private_pin_in_board(self):
self.client.login(username=self.owner.username, password='password')
resp = self.client.get(self.board_url)
self.assertEqual(len(resp.data['pins_detail']), 1, resp.data)

def test_should_owner_user_has_permission_to_list_private_pin(self):
self.client.login(username=self.owner.username, password='password')
resp = self.client.get(reverse("pin-list"))
self.assertEqual(len(resp.data['results']), 1, resp.data)

def test_should_owner_has_permission_to_view_private_pin(self):
self.client.login(username=self.owner.username, password='password')
resp = self.client.get(self.private_pin_url)
self.assertEqual(resp.status_code, 200)
self.assertEqual(resp.data['id'], self.private_pin.id)

def test_should_anonymous_user_has_no_permission_to_view_private_pin(self):
resp = self.client.get(self.private_pin_url)
self.assertEqual(resp.status_code, 404)

def test_should_non_owner_has_no_permission_to_view_private_pin(self):
self.client.login(username=self.non_owner.username, password='password')
resp = self.client.get(self.private_pin_url)
self.assertEqual(resp.status_code, 404)


class PinTests(APITestCase):
_JSON_TYPE = "application/json"

@@ -38,9 +111,7 @@ class PinTests(APITestCase):
self.client.login(username=self.user.username, password='password')

def tearDown(self):
Pin.objects.all().delete()
Image.objects.all().delete()
Tag.objects.all().delete()
_teardown_models()

@mock.patch('requests.get', mock_requests_get)
def test_should_create_pin(self):
@@ -49,6 +120,7 @@ class PinTests(APITestCase):
referer = 'http://testserver.com/'
post_data = {
'url': url,
'private': False,
'referer': referer,
'description': 'That\'s an Apple!'
}


Loading…
Откажи
Сачувај