test(core): Notes Meta Models API Permissions Test cases for All Notes Models

ref: #948 closes #778
2025-08-14 15:13:17 +09:30
parent 594e77fc77
commit 1b004bee2d
3 changed files with 328 additions and 0 deletions
--- a/app/access/tests/functional/additional_meta_model_note_tenant_permissions_api.py
+++ b/app/access/tests/functional/additional_meta_model_note_tenant_permissions_api.py
@ -0,0 +1,104 @@
+import pytest
+
+from django.test import Client
+
+
+
+class AdditionalTestCases:
+
+
+    def test_permission_change(self, model_instance, api_request_permissions):
+        """ Check correct permission for change
+
+        Make change with user who has change permission
+        """
+
+        client = Client()
+
+        client.force_login( api_request_permissions['user']['change'] )
+
+        kwargs = self.kwargs_create_item.copy()
+        kwargs.update({
+            'organization': api_request_permissions['tenancy']['user'],
+            'model': api_request_permissions['tenancy']['user']
+        })
+
+        change_item = model_instance(
+            kwargs_create = kwargs,
+        )
+
+        response = client.patch(
+            path = change_item.get_url( many = False ),
+            data = self.change_data,
+            content_type = 'application/json'
+        )
+
+        if response.status_code == 405:
+            pytest.xfail( reason = 'ViewSet does not have this request method.' )
+
+        assert response.status_code == 200, response.content
+
+
+
+    def test_permission_delete(self, model_instance, api_request_permissions):
+        """ Check correct permission for delete
+
+        Delete item as user with delete permission
+        """
+
+        client = Client()
+
+        client.force_login( api_request_permissions['user']['delete'] )
+
+        kwargs = self.kwargs_create_item
+        kwargs.update({
+            'organization': api_request_permissions['tenancy']['user'],
+            'model': api_request_permissions['tenancy']['user']
+        })
+
+        delete_item = model_instance(
+            kwargs_create = kwargs
+        )
+
+        response = client.delete(
+            path = delete_item.get_url( many = False ),
+        )
+
+        if response.status_code == 405:
+            pytest.xfail( reason = 'ViewSet does not have this request method.' )
+
+        assert response.status_code == 204, response.content
+
+    def test_permission_view(self, model_instance, api_request_permissions):
+        """ Check correct permission for view
+
+        Attempt to view as user with view permission
+        """
+
+        client = Client()
+
+        client.force_login( api_request_permissions['user']['view'] )
+
+        kwargs = self.kwargs_create_item
+        kwargs.update({
+            'organization': api_request_permissions['tenancy']['user'],
+            'model': api_request_permissions['tenancy']['user']
+        })
+
+        view_item = model_instance(
+            kwargs_create = kwargs
+        )
+
+        response = client.get(
+            path = view_item.get_url( many = False )
+        )
+
+        if response.status_code == 405:
+            pytest.xfail( reason = 'ViewSet does not have this request method.' )
+
+        assert response.status_code == 200, response.content
+
+
+    @pytest.mark.xfail( reason = 'model is not global based')
+    def test_returned_data_from_user_and_global_organizations_only(self ):
+        assert False