nofusscomputing/centurion_erp
1
0
Fork 0
Code Issues Wiki Activity

test: refactor api model permission tests to use an abstract class of test cases

Browse Source 
!27 #15
This commit is contained in:
Jon Lockwood
2024-06-16 03:35:44 +09:30
parent 3613318217
commit 320d3f1a13
17 changed files with 723 additions and 1537 deletions
Download Patch File Download Diff File Expand all files Collapse all files

427
app/access/tests/organization/test_organizaiton_permission_api.py
View File

@ -1,23 +1,35 @@
import pytest
import unittest
from django.contrib.auth import get_user_model
from django.contrib.auth.models import AnonymousUser, User
from django.contrib.contenttypes.models import ContentType
from django.shortcuts import reverse
from django.test import TestCase
from rest_framework.test import APIClient as Client
import pytest
import unittest
import requests
from access.models import Organization, Team, TeamUsers, Permission
class OrganizationPermissionsAPI(TestCase):
from api.tests.abstract.api_permissions import APIPermissionChange, APIPermissionView
class OrganizationPermissionsAPI(TestCase, APIPermissionChange, APIPermissionView):
model = Organization
model_name = 'organization'
app_label = 'access'
app_namespace = 'API'
url_name = '_api_organization'
url_list = 'device-list'
change_data = {'name': 'device'}
# delete_data = {'device': 'device'}
@classmethod
def setUpTestData(self):
"""Setup Test
@ -38,11 +50,18 @@ class OrganizationPermissionsAPI(TestCase):
self.item = organization
self.url_view_kwargs = {'pk': self.item.id}
self.url_kwargs = {'pk': self.item.id}
# self.add_data = {'name': 'device', 'organization': self.organization.id}
view_permissions = Permission.objects.get(
codename = 'view_' + self.model_name,
codename = 'view_' + self.model._meta.model_name,
content_type = ContentType.objects.get(
app_label = self.app_label,
model = self.model_name,
app_label = self.model._meta.app_label,
model = self.model._meta.model_name,
)
)
@ -56,10 +75,10 @@ class OrganizationPermissionsAPI(TestCase):
add_permissions = Permission.objects.get(
codename = 'add_' + self.model_name,
codename = 'add_' + self.model._meta.model_name,
content_type = ContentType.objects.get(
app_label = self.app_label,
model = self.model_name,
app_label = self.model._meta.app_label,
model = self.model._meta.model_name,
)
)
@ -73,10 +92,10 @@ class OrganizationPermissionsAPI(TestCase):
change_permissions = Permission.objects.get(
codename = 'change_' + self.model_name,
codename = 'change_' + self.model._meta.model_name,
content_type = ContentType.objects.get(
app_label = self.app_label,
model = self.model_name,
app_label = self.model._meta.app_label,
model = self.model._meta.model_name,
)
)
@ -90,10 +109,10 @@ class OrganizationPermissionsAPI(TestCase):
delete_permissions = Permission.objects.get(
codename = 'delete_' + self.model_name,
codename = 'delete_' + self.model._meta.model_name,
content_type = ContentType.objects.get(
app_label = self.app_label,
model = self.model_name,
app_label = self.model._meta.app_label,
model = self.model._meta.model_name,
)
)
@ -152,375 +171,3 @@ class OrganizationPermissionsAPI(TestCase):
team = different_organization_team,
user = self.different_organization_user
)
def test_organization_auth_view_user_anon_denied_api(self):
""" Check correct permission for view
Attempt to view as anon user
"""
client = Client()
url = reverse('API:_api_organization', kwargs={'pk': self.item.id})
response = client.get(url)
assert response.status_code == 401
def test_organization_auth_view_no_permission_denied(self):
""" Check correct permission for view
Attempt to view with user missing permission
"""
client = Client()
url = reverse('API:_api_organization', kwargs={'pk': self.item.id})
client.force_login(self.no_permissions_user)
response = client.get(url)
assert response.status_code == 403
def test_organization_auth_view_different_organizaiton_denied(self):
""" Check correct permission for view
Attempt to view with user from different organization
"""
client = Client()
url = reverse('API:_api_organization', kwargs={'pk': self.item.id})
client.force_login(self.different_organization_user)
response = client.get(url)
assert response.status_code == 403
def test_organization_auth_view_has_permission(self):
""" Check correct permission for view
Attempt to view as user with view permission
"""
client = Client()
url = reverse('API:_api_organization', kwargs={'pk': self.item.id})
client.force_login(self.view_user)
response = client.get(url)
assert response.status_code == 200
# @pytest.mark.skip(reason="currently only able to add via admin interface")
# def test_organization_auth_add_user_anon_denied(self):
# """ Check correct permission for add
# Attempt to add as anon user
# """
# client = Client()
# url = reverse('API:_api_orgs')
# response = client.post(url, data={'device': 'device'})
# assert (
# response.status_code == 302
# or
# response.status_code == 403
# )
# @pytest.mark.skip(reason="currently only able to add via admin interface")
# def test_organization_auth_add_no_permission_denied(self):
# """ Check correct permission for add
# Attempt to add as user with no permissions
# """
# client = Client()
# url = reverse('API:_api_orgs')
# client.force_login(self.no_permissions_user)
# response = client.post(url, data={'device': 'device'})
# assert response.status_code == 403
# @pytest.mark.skip(reason="currently only able to add via admin interface")
# def test_organization_auth_add_different_organization_denied(self):
# """ Check correct permission for add
# attempt to add as user from different organization
# """
# client = Client()
# url = reverse('API:_api_orgs')
# client.force_login(self.different_organization_user)
# response = client.post(url, data={'name': 'device', 'organization': self.organization.id})
# assert response.status_code == 403
# @pytest.mark.skip(reason="currently only able to add via admin interface")
# def test_organization_auth_add_permission_view_denied(self):
# """ Check correct permission for add
# Attempt to add a user with view permission
# """
# client = Client()
# url = reverse('API:_api_orgs')
# client.force_login(self.view_user)
# response = client.post(url, data={'device': 'device'})
# assert response.status_code == 403
# @pytest.mark.skip(reason="currently only able to add via admin interface")
# def test_organization_auth_add_has_permission(self):
# """ Check correct permission for add
# Attempt to add as user with no permission
# """
# client = Client()
# url = reverse('API:_api_orgs')
# client.force_login(self.add_user)
# response = client.post(url, data={'device': 'device', 'organization': self.organization.id})
# assert response.status_code == 200
def test_organization_auth_change_user_anon_denied(self):
""" Check correct permission for change
Attempt to change as anon
"""
client = Client()
url = reverse('API:_api_organization', kwargs={'pk': self.item.id})
response = client.patch(url, data={'device': 'device'})
assert response.status_code == 401
def test_organization_auth_change_no_permission_denied(self):
""" Ensure permission view cant make change
Attempt to make change as user without permissions
"""
client = Client()
url = reverse('API:_api_organization', kwargs={'pk': self.item.id})
client.force_login(self.no_permissions_user)
response = client.patch(url, data={'device': 'device'})
assert response.status_code == 403
def test_organization_auth_change_different_organization_denied(self):
""" Ensure permission view cant make change
Attempt to make change as user from different organization
"""
client = Client()
url = reverse('API:_api_organization', kwargs={'pk': self.item.id})
client.force_login(self.different_organization_user)
response = client.patch(url, data={'device': 'device'})
assert response.status_code == 403
def test_organization_auth_change_permission_view_denied(self):
""" Ensure permission view cant make change
Attempt to make change as user with view permission
"""
client = Client()
url = reverse('API:_api_organization', kwargs={'pk': self.item.id})
client.force_login(self.view_user)
response = client.patch(url, data={'device': 'device'})
assert response.status_code == 403
def test_organization_auth_change_permission_add_denied(self):
""" Ensure permission view cant make change
Attempt to make change as user with add permission
"""
client = Client()
url = reverse('API:_api_organization', kwargs={'pk': self.item.id})
client.force_login(self.add_user)
response = client.patch(url, data={'device': 'device'})
assert response.status_code == 403
def test_organization_auth_change_has_permission(self):
""" Check correct permission for change
Make change with user who has change permission
"""
client = Client()
url = reverse('API:_api_organization', kwargs={'pk': self.item.id})
client.force_login(self.change_user)
response = client.patch(url, data={'device': 'device'})
assert response.status_code == 200
# @pytest.mark.skip(reason="currently only able to add via admin interface")
# def test_organization_auth_delete_user_anon_denied(self):
# """ Check correct permission for delete
# Attempt to delete item as anon user
# """
# client = Client()
# url = reverse('API:_api_orgs', kwargs={'pk': self.item.id})
# response = client.delete(url, data={'device': 'device'})
# assert (
# response.status_code == 302
# or
# response.status_code == 403
# )
# @pytest.mark.skip(reason="currently only able to add via admin interface")
# def test_organization_auth_delete_no_permission_denied(self):
# """ Check correct permission for delete
# Attempt to delete as user with no permissons
# """
# client = Client()
# url = reverse('API:_api_organization', kwargs={'pk': self.item.id})
# client.force_login(self.no_permissions_user)
# response = client.delete(url, data={'device': 'device'})
# assert response.status_code == 403
# @pytest.mark.skip(reason="currently only able to add via admin interface")
# def test_organization_auth_delete_different_organization_denied(self):
# """ Check correct permission for delete
# Attempt to delete as user from different organization
# """
# client = Client()
# url = reverse('API:_api_organization', kwargs={'pk': self.item.id})
# client.force_login(self.different_organization_user)
# response = client.delete(url, data={'device': 'device'})
# assert response.status_code == 403
# @pytest.mark.skip(reason="currently only able to add via admin interface")
# def test_organization_auth_delete_permission_view_denied(self):
# """ Check correct permission for delete
# Attempt to delete as user with veiw permission only
# """
# client = Client()
# url = reverse('API:_api_organization', kwargs={'pk': self.item.id})
# client.force_login(self.view_user)
# response = client.delete(url, data={'device': 'device'})
# assert response.status_code == 403
# @pytest.mark.skip(reason="currently only able to add via admin interface")
# def test_organization_auth_delete_permission_add_denied(self):
# """ Check correct permission for delete
# Attempt to delete as user with add permission only
# """
# client = Client()
# url = reverse('API:_api_organization', kwargs={'pk': self.item.id})
# client.force_login(self.add_user)
# response = client.delete(url, data={'device': 'device'})
# assert response.status_code == 403
# @pytest.mark.skip(reason="currently only able to add via admin interface")
# def test_organization_auth_delete_permission_change_denied(self):
# """ Check correct permission for delete
# Attempt to delete as user with change permission only
# """
# client = Client()
# url = reverse('API:_api_organization', kwargs={'pk': self.item.id})
# client.force_login(self.change_user)
# response = client.delete(url, data={'device': 'device'})
# assert response.status_code == 403
# @pytest.mark.skip(reason="currently only able to add via admin interface")
# def test_organization_auth_delete_has_permission(self):
# """ Check correct permission for delete
# Delete item as user with delete permission
# """
# client = Client()
# url = reverse('API:_api_organization', kwargs={'pk': self.item.id})
# client.force_login(self.delete_user)
# response = client.delete(url, data={'device': 'device'})
# assert response.status_code == 302 and response.url == reverse('API:_api_orgs')

413
app/access/tests/team/test_team_permission_api.py
View File

@ -1,26 +1,32 @@
# from django.conf import settings
from django.contrib.auth import get_user_model
from django.contrib.auth.models import AnonymousUser, User
from django.contrib.contenttypes.models import ContentType
from django.shortcuts import reverse
from django.test import TestCase, Client as nClient
from rest_framework.test import APIClient as Client
import pytest
import unittest
import requests
from django.contrib.auth import get_user_model
from django.contrib.auth.models import AnonymousUser, User
from django.contrib.contenttypes.models import ContentType
from django.test import TestCase
from access.models import Organization, Team, TeamUsers, Permission
from api.tests.abstract.api_permissions import APIPermissions
class TeamPermissionsAPI(TestCase):
class TeamPermissionsAPI(TestCase, APIPermissions):
model = Team
model_name = 'team'
app_label = 'access'
app_namespace = 'API'
url_name = '_api_team'
url_list = '_api_organization_teams'
change_data = {'name': 'device'}
delete_data = {'device': 'device'}
@classmethod
def setUpTestData(self):
@ -45,11 +51,19 @@ class TeamPermissionsAPI(TestCase):
name = 'teamone'
)
self.url_kwargs = {'organization_id': self.organization.id}
self.url_view_kwargs = {'organization_id': self.organization.id, 'group_ptr_id': self.item.id}
self.add_data = {'team_name': 'team_post'}
view_permissions = Permission.objects.get(
codename = 'view_' + self.model_name,
codename = 'view_' + self.model._meta.model_name,
content_type = ContentType.objects.get(
app_label = self.app_label,
model = self.model_name,
app_label = self.model._meta.app_label,
model = self.model._meta.model_name,
)
)
@ -63,10 +77,10 @@ class TeamPermissionsAPI(TestCase):
add_permissions = Permission.objects.get(
codename = 'add_' + self.model_name,
codename = 'add_' + self.model._meta.model_name,
content_type = ContentType.objects.get(
app_label = self.app_label,
model = self.model_name,
app_label = self.model._meta.app_label,
model = self.model._meta.model_name,
)
)
@ -80,10 +94,10 @@ class TeamPermissionsAPI(TestCase):
change_permissions = Permission.objects.get(
codename = 'change_' + self.model_name,
codename = 'change_' + self.model._meta.model_name,
content_type = ContentType.objects.get(
app_label = self.app_label,
model = self.model_name,
app_label = self.model._meta.app_label,
model = self.model._meta.model_name,
)
)
@ -97,10 +111,10 @@ class TeamPermissionsAPI(TestCase):
delete_permissions = Permission.objects.get(
codename = 'delete_' + self.model_name,
codename = 'delete_' + self.model._meta.model_name,
content_type = ContentType.objects.get(
app_label = self.app_label,
model = self.model_name,
app_label = self.model._meta.app_label,
model = self.model._meta.model_name,
)
)
@ -159,354 +173,3 @@ class TeamPermissionsAPI(TestCase):
team = different_organization_team,
user = self.different_organization_user
)
def test_team_auth_view_user_anon_denied(self):
""" Check correct permission for view
Attempt to view as anon user
"""
client = Client()
url = reverse('API:_api_team', kwargs={'organization_id': self.organization.id, 'group_ptr_id': self.item.id})
response = client.get(url)
assert response.status_code == 401
def test_team_auth_view_no_permission_denied(self):
""" Check correct permission for view
Attempt to view with user missing permission
"""
client = Client()
url = reverse('API:_api_team', kwargs={'organization_id': self.organization.id, 'group_ptr_id': self.item.id})
client.force_login(self.no_permissions_user)
response = client.get(url)
assert response.status_code == 403
def test_team_auth_view_different_organizaiton_denied(self):
""" Check correct permission for view
Attempt to view with user from different organization
"""
client = Client()
url = reverse('API:_api_team', kwargs={'organization_id': self.organization.id, 'group_ptr_id': self.item.id})
client.force_login(self.different_organization_user)
response = client.get(url)
assert response.status_code == 403
def test_team_auth_view_has_permission(self):
""" Check correct permission for view
Attempt to view as user with view permission
"""
client = Client()
url = reverse('API:_api_team', kwargs={'organization_id': self.organization.id, 'group_ptr_id': self.item.id})
client.force_login(self.view_user)
response = client.get(url)
assert response.status_code == 200
def test_team_auth_add_user_anon_denied(self):
""" Check correct permission for add
Attempt to add as anon user
"""
client = Client()
url = reverse('API:_api_organization_teams', kwargs={'organization_id': self.organization.id})
response = client.post(url, data={'team_name': 'team'})
assert response.status_code == 401
def test_team_auth_add_no_permission_denied(self):
""" Check correct permission for add
Attempt to add as user with no permissions
"""
client = Client()
url = reverse('API:_api_organization_teams', kwargs={'organization_id': self.organization.id})
client.force_login(self.no_permissions_user)
response = client.post(url, data={'team_name': 'team'})
assert response.status_code == 403
def test_team_auth_add_different_organization_denied(self):
""" Check correct permission for add
attempt to add as user from different organization
"""
client = Client()
url = reverse('API:_api_organization_teams', kwargs={'organization_id': self.organization.id})
client.force_login(self.different_organization_user)
response = client.post(url, data={'team_name': 'team'})
assert response.status_code == 403
def test_team_auth_add_permission_view_denied(self):
""" Check correct permission for add
Attempt to add a user with view permission
"""
client = Client()
url = reverse('API:_api_organization_teams', kwargs={'organization_id': self.organization.id})
client.force_login(self.view_user)
response = client.post(url, data={'team_name': 'team'})
assert response.status_code == 403
def test_team_auth_add_has_permission(self):
""" Check correct permission for add
Attempt to add as user with no permission
"""
client = Client()
url = reverse('API:_api_organization_teams', kwargs={'organization_id': self.organization.id})
client.force_login(self.add_user)
response = client.post(url, {'team_name': 'team_post'})
assert response.status_code == 201
def test_team_auth_change_user_anon_denied(self):
""" Check correct permission for change
Attempt to change as anon
"""
client = Client()
url = reverse('API:_api_team', kwargs={'organization_id': self.organization.id, 'group_ptr_id': self.item.id})
response = client.patch(url, data={'team': 'team'})
assert response.status_code == 401
def test_team_auth_change_no_permission_denied(self):
""" Ensure permission view cant make change
Attempt to make change as user without permissions
"""
client = Client()
url = reverse('API:_api_team', kwargs={'organization_id': self.organization.id, 'group_ptr_id': self.item.id})
client.force_login(self.no_permissions_user)
response = client.patch(url, data={'team': 'team'})
assert response.status_code == 403
def test_team_auth_change_different_organization_denied(self):
""" Ensure permission view cant make change
Attempt to make change as user from different organization
"""
client = Client()
url = reverse('API:_api_team', kwargs={'organization_id': self.organization.id, 'group_ptr_id': self.item.id})
client.force_login(self.different_organization_user)
response = client.patch(url, data={'team': 'team'})
assert response.status_code == 403
def test_team_auth_change_permission_view_denied(self):
""" Ensure permission view cant make change
Attempt to make change as user with view permission
"""
client = Client()
url = reverse('API:_api_team', kwargs={'organization_id': self.organization.id, 'group_ptr_id': self.item.id})
client.force_login(self.view_user)
response = client.patch(url, data={'team': 'team'})
assert response.status_code == 403
def test_team_auth_change_permission_add_denied(self):
""" Ensure permission view cant make change
Attempt to make change as user with add permission
"""
client = Client()
url = reverse('API:_api_team', kwargs={'organization_id': self.organization.id, 'group_ptr_id': self.item.id})
client.force_login(self.add_user)
response = client.patch(url, data={'team': 'team'})
assert response.status_code == 403
def test_team_auth_change_has_permission(self):
""" Check correct permission for change
Make change with user who has change permission
"""
client = Client()
url = reverse('API:_api_team', kwargs={'organization_id': self.organization.id, 'group_ptr_id': self.item.id})
client.force_login(self.change_user)
response = client.patch(url, data={'id': self.item.id, 'team_name': 'team'})
assert response.status_code == 200
def test_team_auth_delete_user_anon_denied(self):
""" Check correct permission for delete
Attempt to delete item as anon user
"""
client = Client()
url = reverse('API:_api_team', kwargs={'organization_id': self.organization.id, 'group_ptr_id': self.item.id})
response = client.delete(url, data={'team': 'team'})
assert response.status_code == 401
def test_team_auth_delete_no_permission_denied(self):
""" Check correct permission for delete
Attempt to delete as user with no permissons
"""
client = Client()
url = reverse('API:_api_team', kwargs={'organization_id': self.organization.id, 'group_ptr_id': self.item.id})
client.force_login(self.no_permissions_user)
response = client.delete(url, data={'team': 'team'})
assert response.status_code == 403
def test_team_auth_delete_different_organization_denied(self):
""" Check correct permission for delete
Attempt to delete as user from different organization
"""
client = Client()
url = reverse('API:_api_team', kwargs={'organization_id': self.organization.id, 'group_ptr_id': self.item.id})
client.force_login(self.different_organization_user)
response = client.delete(url, data={'team': 'team'})
assert response.status_code == 403
def test_team_auth_delete_permission_view_denied(self):
""" Check correct permission for delete
Attempt to delete as user with veiw permission only
"""
client = Client()
url = reverse('API:_api_team', kwargs={'organization_id': self.organization.id, 'group_ptr_id': self.item.id})
client.force_login(self.view_user)
response = client.delete(url, data={'team': 'team'})
assert response.status_code == 403
def test_team_auth_delete_permission_add_denied(self):
""" Check correct permission for delete
Attempt to delete as user with add permission only
"""
client = Client()
url = reverse('API:_api_team', kwargs={'organization_id': self.organization.id, 'group_ptr_id': self.item.id})
client.force_login(self.add_user)
response = client.delete(url, data={'team': 'team'})
assert response.status_code == 403
def test_team_auth_delete_permission_change_denied(self):
""" Check correct permission for delete
Attempt to delete as user with change permission only
"""
client = Client()
url = reverse('API:_api_team', kwargs={'organization_id': self.organization.id, 'group_ptr_id': self.item.id})
client.force_login(self.change_user)
response = client.delete(url, data={'team': 'team'})
assert response.status_code == 403
def test_team_auth_delete_has_permission(self):
""" Check correct permission for delete
Delete item as user with delete permission
"""
client = Client()
url = reverse('API:_api_team', kwargs={'organization_id': self.organization.id, 'group_ptr_id': self.item.id})
client.force_login(self.delete_user)
response = client.delete(url, data={'group_ptr_id': self.item.id}, content_type='application/json')
assert response.status_code == 204

29
app/access/tests/team_user/test_team_user_permission_api.py
View File

@ -1,32 +1,15 @@
# from django.conf import settings
# from django.shortcuts import reverse
from django.test import TestCase, Client
import pytest
import unittest
import requests
from django.test import TestCase, Client
from access.models import Organization, Team, TeamUsers, Permission
@pytest.mark.skip(reason="to be written")
def test_team_user_auth_view_api(user):
""" Check correct permission for view """
pass
from api.tests.abstract.api_permissions import APIPermissions
@pytest.mark.skip(reason="to be written")
def test_team_user_auth_add_api(user):
""" Check correct permission for add """
pass
class TeamUsersPermissionsAPI(TestCase, APIPermissions):
@pytest.mark.skip(reason="to be written")
def test_team_user_auth_change_api(user):
""" Check correct permission for change """
pass
@pytest.mark.skip(reason="to be written")
def test_team_user_auth_delete_api(user):
""" Check correct permission for delete """
pass
model = TeamUsers

0
app/api/tests/__init__.py Normal file
View File

0
app/api/tests/abstract/__init__.py Normal file
View File

470
app/api/tests/abstract/api_permissions.py Normal file
View File

@ -0,0 +1,470 @@
import pytest
import unittest
from django.shortcuts import reverse
from django.test import TestCase, Client
class APIPermissionView:
model: object
""" Item Model to test """
app_namespace: str = None
""" URL namespace """
url_name: str
""" URL name of the view to test """
url_view_kwargs: dict = None
""" URL kwargs of the item page """
def test_view_user_anon_denied(self):
""" Check correct permission for view
Attempt to view as anon user
"""
client = Client()
url = reverse(self.app_namespace + ':' + self.url_name, kwargs=self.url_view_kwargs)
response = client.get(url)
assert response.status_code == 401
def test_view_no_permission_denied(self):
""" Check correct permission for view
Attempt to view with user missing permission
"""
client = Client()
url = reverse(self.app_namespace + ':' + self.url_name, kwargs=self.url_view_kwargs)
client.force_login(self.no_permissions_user)
response = client.get(url)
assert response.status_code == 403
def test_view_different_organizaiton_denied(self):
""" Check correct permission for view
Attempt to view with user from different organization
"""
client = Client()
url = reverse(self.app_namespace + ':' + self.url_name, kwargs=self.url_view_kwargs)
client.force_login(self.different_organization_user)
response = client.get(url)
assert response.status_code == 403
def test_view_has_permission(self):
""" Check correct permission for view
Attempt to view as user with view permission
"""
client = Client()
url = reverse(self.app_namespace + ':' + self.url_name, kwargs=self.url_view_kwargs)
client.force_login(self.view_user)
response = client.get(url)
assert response.status_code == 200
class APIPermissionAdd:
model: object
""" Item Model to test """
app_namespace: str = None
""" URL namespace """
url_list: str
""" URL view name of the item list page """
url_kwargs: dict = None
""" URL view kwargs for the item list page """
add_data: dict = None
def test_add_user_anon_denied(self):
""" Check correct permission for add
Attempt to add as anon user
"""
client = Client()
if self.url_kwargs:
url = reverse(self.app_namespace + ':' + self.url_list, kwargs = self.url_kwargs)
else:
url = reverse(self.app_namespace + ':' + self.url_list)
response = client.put(url, data=self.add_data)
assert response.status_code == 401
# @pytest.mark.skip(reason="ToDO: figure out why fails")
def test_add_no_permission_denied(self):
""" Check correct permission for add
Attempt to add as user with no permissions
"""
client = Client()
if self.url_kwargs:
url = reverse(self.app_namespace + ':' + self.url_list, kwargs = self.url_kwargs)
else:
url = reverse(self.app_namespace + ':' + self.url_list)
client.force_login(self.no_permissions_user)
response = client.post(url, data=self.add_data)
assert response.status_code == 403
# @pytest.mark.skip(reason="ToDO: figure out why fails")
def test_add_different_organization_denied(self):
""" Check correct permission for add
attempt to add as user from different organization
"""
client = Client()
if self.url_kwargs:
url = reverse(self.app_namespace + ':' + self.url_list, kwargs = self.url_kwargs)
else:
url = reverse(self.app_namespace + ':' + self.url_list)
client.force_login(self.different_organization_user)
response = client.post(url, data=self.add_data)
assert response.status_code == 403
def test_add_permission_view_denied(self):
""" Check correct permission for add
Attempt to add a user with view permission
"""
client = Client()
if self.url_kwargs:
url = reverse(self.app_namespace + ':' + self.url_list, kwargs = self.url_kwargs)
else:
url = reverse(self.app_namespace + ':' + self.url_list)
client.force_login(self.view_user)
response = client.post(url, data=self.add_data)
assert response.status_code == 403
def test_add_has_permission(self):
""" Check correct permission for add
Attempt to add as user with no permission
"""
client = Client()
if self.url_kwargs:
url = reverse(self.app_namespace + ':' + self.url_list, kwargs = self.url_kwargs)
else:
url = reverse(self.app_namespace + ':' + self.url_list)
client.force_login(self.add_user)
response = client.post(url, data=self.add_data)
assert response.status_code == 201
class APIPermissionChange:
model: object
""" Item Model to test """
app_namespace: str = None
""" URL namespace """
url_name: str
""" URL name of the view to test """
url_view_kwargs: dict = None
""" URL kwargs of the item page """
change_data: dict = None
def test_change_user_anon_denied(self):
""" Check correct permission for change
Attempt to change as anon
"""
client = Client()
url = reverse(self.app_namespace + ':' + self.url_name, kwargs=self.url_view_kwargs)
response = client.patch(url, data=self.change_data, content_type='application/json')
assert response.status_code == 401
def test_change_no_permission_denied(self):
""" Ensure permission view cant make change
Attempt to make change as user without permissions
"""
client = Client()
url = reverse(self.app_namespace + ':' + self.url_name, kwargs=self.url_view_kwargs)
client.force_login(self.no_permissions_user)
response = client.patch(url, data=self.change_data, content_type='application/json')
assert response.status_code == 403
def test_change_different_organization_denied(self):
""" Ensure permission view cant make change
Attempt to make change as user from different organization
"""
client = Client()
url = reverse(self.app_namespace + ':' + self.url_name, kwargs=self.url_view_kwargs)
client.force_login(self.different_organization_user)
response = client.patch(url, data=self.change_data, content_type='application/json')
assert response.status_code == 403
def test_change_permission_view_denied(self):
""" Ensure permission view cant make change
Attempt to make change as user with view permission
"""
client = Client()
url = reverse(self.app_namespace + ':' + self.url_name, kwargs=self.url_view_kwargs)
client.force_login(self.view_user)
response = client.patch(url, data=self.change_data, content_type='application/json')
assert response.status_code == 403
def test_change_permission_add_denied(self):
""" Ensure permission view cant make change
Attempt to make change as user with add permission
"""
client = Client()
url = reverse(self.app_namespace + ':' + self.url_name, kwargs=self.url_view_kwargs)
client.force_login(self.add_user)
response = client.patch(url, data=self.change_data, content_type='application/json')
assert response.status_code == 403
def test_change_has_permission(self):
""" Check correct permission for change
Make change with user who has change permission
"""
client = Client()
url = reverse(self.app_namespace + ':' + self.url_name, kwargs=self.url_view_kwargs)
client.force_login(self.change_user)
response = client.patch(url, data=self.change_data, content_type='application/json')
assert response.status_code == 200
class APIPermissionDelete:
model: object
""" Item Model to test """
app_namespace: str = None
""" URL namespace """
url_name: str
""" URL name of the view to test """
url_view_kwargs: dict = None
""" URL kwargs of the item page """
delete_data: dict = None
def test_delete_user_anon_denied(self):
""" Check correct permission for delete
Attempt to delete item as anon user
"""
client = Client()
url = reverse(self.app_namespace + ':' + self.url_name, kwargs=self.url_view_kwargs)
response = client.delete(url, data=self.delete_data)
assert response.status_code == 401
def test_delete_no_permission_denied(self):
""" Check correct permission for delete
Attempt to delete as user with no permissons
"""
client = Client()
url = reverse(self.app_namespace + ':' + self.url_name, kwargs=self.url_view_kwargs)
client.force_login(self.no_permissions_user)
response = client.delete(url, data=self.delete_data)
assert response.status_code == 403
def test_delete_different_organization_denied(self):
""" Check correct permission for delete
Attempt to delete as user from different organization
"""
client = Client()
url = reverse(self.app_namespace + ':' + self.url_name, kwargs=self.url_view_kwargs)
client.force_login(self.different_organization_user)
response = client.delete(url, data=self.delete_data)
assert response.status_code == 403
def test_delete_permission_view_denied(self):
""" Check correct permission for delete
Attempt to delete as user with veiw permission only
"""
client = Client()
url = reverse(self.app_namespace + ':' + self.url_name, kwargs=self.url_view_kwargs)
client.force_login(self.view_user)
response = client.delete(url, data=self.delete_data)
assert response.status_code == 403
def test_delete_permission_add_denied(self):
""" Check correct permission for delete
Attempt to delete as user with add permission only
"""
client = Client()
url = reverse(self.app_namespace + ':' + self.url_name, kwargs=self.url_view_kwargs)
client.force_login(self.add_user)
response = client.delete(url, data=self.delete_data)
assert response.status_code == 403
def test_delete_permission_change_denied(self):
""" Check correct permission for delete
Attempt to delete as user with change permission only
"""
client = Client()
url = reverse(self.app_namespace + ':' + self.url_name, kwargs=self.url_view_kwargs)
client.force_login(self.change_user)
response = client.delete(url, data=self.delete_data)
assert response.status_code == 403
def test_delete_has_permission(self):
""" Check correct permission for delete
Delete item as user with delete permission
"""
client = Client()
url = reverse(self.app_namespace + ':' + self.url_name, kwargs=self.url_view_kwargs)
client.force_login(self.delete_user)
response = client.delete(url, data=self.delete_data)
assert response.status_code == 204
class APIPermissions(
APIPermissionAdd,
APIPermissionChange,
APIPermissionDelete,
APIPermissionView
):
""" Abstract class containing all API Permission test cases """
model: object
""" Item Model to test """

414
app/itam/tests/device/test_device_permission_api.py
View File

@ -1,24 +1,32 @@
# from django.conf import settings
from django.contrib.auth import get_user_model
from django.contrib.auth.models import AnonymousUser, User
from django.contrib.contenttypes.models import ContentType
from django.shortcuts import reverse
from django.test import TestCase, Client
import pytest
import unittest
import requests
from django.contrib.auth.models import AnonymousUser, User
from django.contrib.contenttypes.models import ContentType
from django.test import TestCase
from access.models import Organization, Team, TeamUsers, Permission
from api.tests.abstract.api_permissions import APIPermissions
from itam.models.device import Device
class DevicePermissionsAPI(TestCase):
class DevicePermissionsAPI(TestCase, APIPermissions):
model = Device
model_name = 'device'
app_label = 'itam'
app_namespace = 'API'
url_name = 'device-detail'
url_list = 'device-list'
change_data = {'name': 'device'}
delete_data = {'device': 'device'}
@classmethod
def setUpTestData(self):
@ -43,11 +51,19 @@ class DevicePermissionsAPI(TestCase):
name = 'deviceone'
)
# self.url_kwargs = {'pk': self.item.id}
self.url_view_kwargs = {'pk': self.item.id}
self.add_data = {'name': 'device', 'organization': self.organization.id}
view_permissions = Permission.objects.get(
codename = 'view_' + self.model_name,
codename = 'view_' + self.model._meta.model_name,
content_type = ContentType.objects.get(
app_label = self.app_label,
model = self.model_name,
app_label = self.model._meta.app_label,
model = self.model._meta.model_name,
)
)
@ -61,10 +77,10 @@ class DevicePermissionsAPI(TestCase):
add_permissions = Permission.objects.get(
codename = 'add_' + self.model_name,
codename = 'add_' + self.model._meta.model_name,
content_type = ContentType.objects.get(
app_label = self.app_label,
model = self.model_name,
app_label = self.model._meta.app_label,
model = self.model._meta.model_name,
)
)
@ -78,10 +94,10 @@ class DevicePermissionsAPI(TestCase):
change_permissions = Permission.objects.get(
codename = 'change_' + self.model_name,
codename = 'change_' + self.model._meta.model_name,
content_type = ContentType.objects.get(
app_label = self.app_label,
model = self.model_name,
app_label = self.model._meta.app_label,
model = self.model._meta.model_name,
)
)
@ -95,10 +111,10 @@ class DevicePermissionsAPI(TestCase):
delete_permissions = Permission.objects.get(
codename = 'delete_' + self.model_name,
codename = 'delete_' + self.model._meta.model_name,
content_type = ContentType.objects.get(
app_label = self.app_label,
model = self.model_name,
app_label = self.model._meta.app_label,
model = self.model._meta.model_name,
)
)
@ -157,355 +173,3 @@ class DevicePermissionsAPI(TestCase):
team = different_organization_team,
user = self.different_organization_user
)
def test_device_auth_view_user_anon_denied(self):
""" Check correct permission for view
Attempt to view as anon user
"""
client = Client()
url = reverse('API:device-detail', kwargs={'pk': self.item.id})
response = client.get(url)
assert response.status_code == 401
def test_device_auth_view_no_permission_denied(self):
""" Check correct permission for view
Attempt to view with user missing permission
"""
client = Client()
url = reverse('API:device-detail', kwargs={'pk': self.item.id})
client.force_login(self.no_permissions_user)
response = client.get(url)
assert response.status_code == 403
def test_device_auth_view_different_organizaiton_denied(self):
""" Check correct permission for view
Attempt to view with user from different organization
"""
client = Client()
url = reverse('API:device-detail', kwargs={'pk': self.item.id})
client.force_login(self.different_organization_user)
response = client.get(url)
assert response.status_code == 403
def test_device_auth_view_has_permission(self):
""" Check correct permission for view
Attempt to view as user with view permission
"""
client = Client()
url = reverse('API:device-detail', kwargs={'pk': self.item.id})
client.force_login(self.view_user)
response = client.get(url)
assert response.status_code == 200
def test_device_auth_add_user_anon_denied(self):
""" Check correct permission for add
Attempt to add as anon user
"""
client = Client()
url = reverse('API:device-list')
response = client.put(url, data={'device': 'device'})
assert response.status_code == 401
# @pytest.mark.skip(reason="ToDO: figure out why fails")
def test_device_auth_add_no_permission_denied(self):
""" Check correct permission for add
Attempt to add as user with no permissions
"""
client = Client()
url = reverse('API:device-list')
client.force_login(self.no_permissions_user)
response = client.post(url, data={'name': 'device', 'organization': self.organization.id})
assert response.status_code == 403
# @pytest.mark.skip(reason="ToDO: figure out why fails")
def test_device_auth_add_different_organization_denied(self):
""" Check correct permission for add
attempt to add as user from different organization
"""
client = Client()
url = reverse('API:device-list')
client.force_login(self.different_organization_user)
response = client.post(url, data={'name': 'device', 'organization': self.organization.id})
assert response.status_code == 403
def test_device_auth_add_permission_view_denied(self):
""" Check correct permission for add
Attempt to add a user with view permission
"""
client = Client()
url = reverse('API:device-list')
client.force_login(self.view_user)
response = client.post(url, data={'name': 'device', 'organization': self.organization.id})
assert response.status_code == 403
def test_device_auth_add_has_permission(self):
""" Check correct permission for add
Attempt to add as user with no permission
"""
client = Client()
url = reverse('API:device-list')
client.force_login(self.add_user)
response = client.post(url, data={'name': 'device', 'organization': self.organization.id})
assert response.status_code == 201
def test_device_auth_change_user_anon_denied(self):
""" Check correct permission for change
Attempt to change as anon
"""
client = Client()
url = reverse('API:device-detail', kwargs={'pk': self.item.id})
response = client.patch(url, data={'device': 'device'})
assert response.status_code == 401
def test_device_auth_change_no_permission_denied(self):
""" Ensure permission view cant make change
Attempt to make change as user without permissions
"""
client = Client()
url = reverse('API:device-detail', kwargs={'pk': self.item.id})
client.force_login(self.no_permissions_user)
response = client.patch(url, data={'device': 'device'})
assert response.status_code == 403
def test_device_auth_change_different_organization_denied(self):
""" Ensure permission view cant make change
Attempt to make change as user from different organization
"""
client = Client()
url = reverse('API:device-detail', kwargs={'pk': self.item.id})
client.force_login(self.different_organization_user)
response = client.patch(url, data={'device': 'device'})
assert response.status_code == 403
def test_device_auth_change_permission_view_denied(self):
""" Ensure permission view cant make change
Attempt to make change as user with view permission
"""
client = Client()
url = reverse('API:device-detail', kwargs={'pk': self.item.id})
client.force_login(self.view_user)
response = client.patch(url, data={'device': 'device'})
assert response.status_code == 403
def test_device_auth_change_permission_add_denied(self):
""" Ensure permission view cant make change
Attempt to make change as user with add permission
"""
client = Client()
url = reverse('API:device-detail', kwargs={'pk': self.item.id})
client.force_login(self.add_user)
response = client.patch(url, data={'name': 'device'})
assert response.status_code == 403
def test_device_auth_change_has_permission(self):
""" Check correct permission for change
Make change with user who has change permission
"""
client = Client()
url = reverse('API:device-detail', kwargs={'pk': self.item.id})
client.force_login(self.change_user)
response = client.patch(url, data={'name': 'device'}, content_type='application/json')
assert response.status_code == 200
def test_device_auth_delete_user_anon_denied(self):
""" Check correct permission for delete
Attempt to delete item as anon user
"""
client = Client()
url = reverse('API:device-detail', kwargs={'pk': self.item.id})
response = client.delete(url, data={'device': 'device'})
assert response.status_code == 401
def test_device_auth_delete_no_permission_denied(self):
""" Check correct permission for delete
Attempt to delete as user with no permissons
"""
client = Client()
url = reverse('API:device-detail', kwargs={'pk': self.item.id})
client.force_login(self.no_permissions_user)
response = client.delete(url, data={'device': 'device'})
assert response.status_code == 403
def test_device_auth_delete_different_organization_denied(self):
""" Check correct permission for delete
Attempt to delete as user from different organization
"""
client = Client()
url = reverse('API:device-detail', kwargs={'pk': self.item.id})
client.force_login(self.different_organization_user)
response = client.delete(url, data={'device': 'device'})
assert response.status_code == 403
def test_device_auth_delete_permission_view_denied(self):
""" Check correct permission for delete
Attempt to delete as user with veiw permission only
"""
client = Client()
url = reverse('API:device-detail', kwargs={'pk': self.item.id})
client.force_login(self.view_user)
response = client.delete(url, data={'device': 'device'})
assert response.status_code == 403
def test_device_auth_delete_permission_add_denied(self):
""" Check correct permission for delete
Attempt to delete as user with add permission only
"""
client = Client()
url = reverse('API:device-detail', kwargs={'pk': self.item.id})
client.force_login(self.add_user)
response = client.delete(url, data={'device': 'device'})
assert response.status_code == 403
def test_device_auth_delete_permission_change_denied(self):
""" Check correct permission for delete
Attempt to delete as user with change permission only
"""
client = Client()
url = reverse('API:device-detail', kwargs={'pk': self.item.id})
client.force_login(self.change_user)
response = client.delete(url, data={'device': 'device'})
assert response.status_code == 403
def test_device_auth_delete_has_permission(self):
""" Check correct permission for delete
Delete item as user with delete permission
"""
client = Client()
url = reverse('API:device-detail', kwargs={'pk': self.item.id})
client.force_login(self.delete_user)
response = client.delete(url, data={'device': 'device'})
assert response.status_code == 204

413
app/itam/tests/software/test_software_permission_api.py
View File

@ -1,24 +1,33 @@
# from django.conf import settings
from django.contrib.auth import get_user_model
from django.contrib.auth.models import AnonymousUser, User
from django.contrib.contenttypes.models import ContentType
from django.shortcuts import reverse
from django.test import TestCase, Client
import pytest
import unittest
import requests
from django.contrib.auth.models import AnonymousUser, User
from django.contrib.contenttypes.models import ContentType
from django.test import TestCase
from access.models import Organization, Team, TeamUsers, Permission
from api.tests.abstract.api_permissions import APIPermissions
from itam.models.software import Software
class SoftwarePermissionsAPI(TestCase):
class SoftwarePermissionsAPI(TestCase, APIPermissions):
model = Software
model_name = 'software'
app_label = 'itam'
app_namespace = 'API'
url_name = 'software-detail'
url_list = 'software-list'
change_data = {'name': 'software'}
delete_data = {'name': 'software'}
@classmethod
def setUpTestData(self):
@ -43,11 +52,19 @@ class SoftwarePermissionsAPI(TestCase):
name = 'softwareone'
)
# self.url_kwargs = {'pk': self.item.id}
self.url_view_kwargs = {'pk': self.item.id}
self.add_data = {'name': 'software', 'organization': self.organization.id}
view_permissions = Permission.objects.get(
codename = 'view_' + self.model_name,
codename = 'view_' + self.model._meta.model_name,
content_type = ContentType.objects.get(
app_label = self.app_label,
model = self.model_name,
app_label = self.model._meta.app_label,
model = self.model._meta.model_name,
)
)
@ -61,10 +78,10 @@ class SoftwarePermissionsAPI(TestCase):
add_permissions = Permission.objects.get(
codename = 'add_' + self.model_name,
codename = 'add_' + self.model._meta.model_name,
content_type = ContentType.objects.get(
app_label = self.app_label,
model = self.model_name,
app_label = self.model._meta.app_label,
model = self.model._meta.model_name,
)
)
@ -78,10 +95,10 @@ class SoftwarePermissionsAPI(TestCase):
change_permissions = Permission.objects.get(
codename = 'change_' + self.model_name,
codename = 'change_' + self.model._meta.model_name,
content_type = ContentType.objects.get(
app_label = self.app_label,
model = self.model_name,
app_label = self.model._meta.app_label,
model = self.model._meta.model_name,
)
)
@ -95,10 +112,10 @@ class SoftwarePermissionsAPI(TestCase):
delete_permissions = Permission.objects.get(
codename = 'delete_' + self.model_name,
codename = 'delete_' + self.model._meta.model_name,
content_type = ContentType.objects.get(
app_label = self.app_label,
model = self.model_name,
app_label = self.model._meta.app_label,
model = self.model._meta.model_name,
)
)
@ -157,355 +174,3 @@ class SoftwarePermissionsAPI(TestCase):
team = different_organization_team,
user = self.different_organization_user
)
def test_software_auth_view_user_anon_denied(self):
""" Check correct permission for view
Attempt to view as anon user
"""
client = Client()
url = reverse('API:software-detail', kwargs={'pk': self.item.id})
response = client.get(url)
assert response.status_code == 401
def test_software_auth_view_no_permission_denied(self):
""" Check correct permission for view
Attempt to view with user missing permission
"""
client = Client()
url = reverse('API:software-detail', kwargs={'pk': self.item.id})
client.force_login(self.no_permissions_user)
response = client.get(url)
assert response.status_code == 403
def test_software_auth_view_different_organizaiton_denied(self):
""" Check correct permission for view
Attempt to view with user from different organization
"""
client = Client()
url = reverse('API:software-detail', kwargs={'pk': self.item.id})
client.force_login(self.different_organization_user)
response = client.get(url)
assert response.status_code == 403
def test_software_auth_view_has_permission(self):
""" Check correct permission for view
Attempt to view as user with view permission
"""
client = Client()
url = reverse('API:software-detail', kwargs={'pk': self.item.id})
client.force_login(self.view_user)
response = client.get(url)
assert response.status_code == 200
def test_software_auth_add_user_anon_denied(self):
""" Check correct permission for add
Attempt to add as anon user
"""
client = Client()
url = reverse('API:software-list')
response = client.post(url, data={'software': 'software'})
assert response.status_code == 401
# @pytest.mark.skip(reason="ToDO: figure out why fails")
def test_software_auth_add_no_permission_denied(self):
""" Check correct permission for add
Attempt to add as user with no permissions
"""
client = Client()
url = reverse('API:software-list')
client.force_login(self.no_permissions_user)
response = client.post(url, data={'name': 'software', 'organization': self.organization.id})
assert response.status_code == 403
# @pytest.mark.skip(reason="ToDO: figure out why fails")
def test_software_auth_add_different_organization_denied(self):
""" Check correct permission for add
attempt to add as user from different organization
"""
client = Client()
url = reverse('API:software-list')
client.force_login(self.different_organization_user)
response = client.post(url, data={'name': 'software', 'organization': self.organization.id})
assert response.status_code == 403
def test_software_auth_add_permission_view_denied(self):
""" Check correct permission for add
Attempt to add a user with view permission
"""
client = Client()
url = reverse('API:software-list')
client.force_login(self.view_user)
response = client.post(url, data={'name': 'software', 'organization': self.organization.id})
assert response.status_code == 403
def test_software_auth_add_has_permission(self):
""" Check correct permission for add
Attempt to add as user with no permission
"""
client = Client()
url = reverse('API:software-list')
client.force_login(self.add_user)
response = client.post(url, data={'name': 'software', 'organization': self.organization.id})
assert response.status_code == 201
def test_software_auth_change_user_anon_denied(self):
""" Check correct permission for change
Attempt to change as anon
"""
client = Client()
url = reverse('API:software-detail', kwargs={'pk': self.item.id})
response = client.patch(url, data={'software': 'software'})
assert response.status_code == 401
def test_software_auth_change_no_permission_denied(self):
""" Ensure permission view cant make change
Attempt to make change as user without permissions
"""
client = Client()
url = reverse('API:software-detail', kwargs={'pk': self.item.id})
client.force_login(self.no_permissions_user)
response = client.patch(url, data={'software': 'software'})
assert response.status_code == 403
def test_software_auth_change_different_organization_denied(self):
""" Ensure permission view cant make change
Attempt to make change as user from different organization
"""
client = Client()
url = reverse('API:software-detail', kwargs={'pk': self.item.id})
client.force_login(self.different_organization_user)
response = client.patch(url, data={'software': 'software'})
assert response.status_code == 403
def test_software_auth_change_permission_view_denied(self):
""" Ensure permission view cant make change
Attempt to make change as user with view permission
"""
client = Client()
url = reverse('API:software-detail', kwargs={'pk': self.item.id})
client.force_login(self.view_user)
response = client.patch(url, data={'software': 'software'})
assert response.status_code == 403
def test_software_auth_change_permission_add_denied(self):
""" Ensure permission view cant make change
Attempt to make change as user with add permission
"""
client = Client()
url = reverse('API:software-detail', kwargs={'pk': self.item.id})
client.force_login(self.add_user)
response = client.patch(url, data={'name': 'software'})
assert response.status_code == 403
def test_software_auth_change_has_permission(self):
""" Check correct permission for change
Make change with user who has change permission
"""
client = Client()
url = reverse('API:software-detail', kwargs={'pk': self.item.id})
client.force_login(self.change_user)
response = client.patch(url, data={'name': 'software'}, content_type='application/json')
assert response.status_code == 200
def test_software_auth_delete_user_anon_denied(self):
""" Check correct permission for delete
Attempt to delete item as anon user
"""
client = Client()
url = reverse('API:software-detail', kwargs={'pk': self.item.id})
response = client.delete(url, data={'software': 'software'})
assert response.status_code == 401
def test_software_auth_delete_no_permission_denied(self):
""" Check correct permission for delete
Attempt to delete as user with no permissons
"""
client = Client()
url = reverse('API:software-detail', kwargs={'pk': self.item.id})
client.force_login(self.no_permissions_user)
response = client.delete(url, data={'software': 'software'})
assert response.status_code == 403
def test_software_auth_delete_different_organization_denied(self):
""" Check correct permission for delete
Attempt to delete as user from different organization
"""
client = Client()
url = reverse('API:software-detail', kwargs={'pk': self.item.id})
client.force_login(self.different_organization_user)
response = client.delete(url, data={'software': 'software'})
assert response.status_code == 403
def test_software_auth_delete_permission_view_denied(self):
""" Check correct permission for delete
Attempt to delete as user with veiw permission only
"""
client = Client()
url = reverse('API:software-detail', kwargs={'pk': self.item.id})
client.force_login(self.view_user)
response = client.delete(url, data={'software': 'software'})
assert response.status_code == 403
def test_software_auth_delete_permission_add_denied(self):
""" Check correct permission for delete
Attempt to delete as user with add permission only
"""
client = Client()
url = reverse('API:software-detail', kwargs={'pk': self.item.id})
client.force_login(self.add_user)
response = client.delete(url, data={'software': 'software'})
assert response.status_code == 403
def test_software_auth_delete_permission_change_denied(self):
""" Check correct permission for delete
Attempt to delete as user with change permission only
"""
client = Client()
url = reverse('API:software-detail', kwargs={'pk': self.item.id})
client.force_login(self.change_user)
response = client.delete(url, data={'software': 'software'})
assert response.status_code == 403
def test_software_auth_delete_has_permission(self):
""" Check correct permission for delete
Delete item as user with delete permission
"""
client = Client()
url = reverse('API:software-detail', kwargs={'pk': self.item.id})
client.force_login(self.delete_user)
response = client.delete(url, data={'software': 'software'})
assert response.status_code == 204