Skip to content

API Model Permission add Test Cases


Source code in app/api/tests/abstract/api_permissions.py
class APIPermissionAdd:


    model: object
    """ Item Model to test """

    app_namespace: str = None
    """ URL namespace """

    url_list: str
    """ URL view name of the item list page """

    url_kwargs: dict = None
    """ URL view kwargs for the item list page """

    add_data: dict = None


    def test_add_user_anon_denied(self):
        """ Check correct permission for add 

        Attempt to add as anon user
        """

        client = Client()
        if self.url_kwargs:

            url = reverse(self.app_namespace + ':' + self.url_list, kwargs = self.url_kwargs)

        else:

            url = reverse(self.app_namespace + ':' + self.url_list)


        response = client.put(url, data=self.add_data)

        assert response.status_code == 401

    # @pytest.mark.skip(reason="ToDO: figure out why fails")
    def test_add_no_permission_denied(self):
        """ Check correct permission for add

        Attempt to add as user with no permissions
        """

        client = Client()
        if self.url_kwargs:

            url = reverse(self.app_namespace + ':' + self.url_list, kwargs = self.url_kwargs)

        else:

            url = reverse(self.app_namespace + ':' + self.url_list)


        client.force_login(self.no_permissions_user)
        response = client.post(url, data=self.add_data)

        assert response.status_code == 403


    # @pytest.mark.skip(reason="ToDO: figure out why fails")
    def test_add_different_organization_denied(self):
        """ Check correct permission for add

        attempt to add as user from different organization
        """

        client = Client()
        if self.url_kwargs:

            url = reverse(self.app_namespace + ':' + self.url_list, kwargs = self.url_kwargs)

        else:

            url = reverse(self.app_namespace + ':' + self.url_list)


        client.force_login(self.different_organization_user)
        response = client.post(url, data=self.add_data)

        assert response.status_code == 403


    def test_add_permission_view_denied(self):
        """ Check correct permission for add

        Attempt to add a user with view permission
        """

        client = Client()
        if self.url_kwargs:

            url = reverse(self.app_namespace + ':' + self.url_list, kwargs = self.url_kwargs)

        else:

            url = reverse(self.app_namespace + ':' + self.url_list)


        client.force_login(self.view_user)
        response = client.post(url, data=self.add_data)

        assert response.status_code == 403


    def test_add_has_permission(self):
        """ Check correct permission for add 

        Attempt to add as user with no permission
        """

        client = Client()
        if self.url_kwargs:

            url = reverse(self.app_namespace + ':' + self.url_list, kwargs = self.url_kwargs)

        else:

            url = reverse(self.app_namespace + ':' + self.url_list)


        client.force_login(self.add_user)
        response = client.post(url, data=self.add_data)

        assert response.status_code == 201

Attributes

model: object

Item Model to test

app_namespace: str = None

URL namespace

url_list: str

URL view name of the item list page

url_kwargs: dict = None

URL view kwargs for the item list page

add_data: dict = None

Functions

test_add_user_anon_denied()

Check correct permission for add

Attempt to add as anon user

Source code in app/api/tests/abstract/api_permissions.py
def test_add_user_anon_denied(self):
    """ Check correct permission for add 

    Attempt to add as anon user
    """

    client = Client()
    if self.url_kwargs:

        url = reverse(self.app_namespace + ':' + self.url_list, kwargs = self.url_kwargs)

    else:

        url = reverse(self.app_namespace + ':' + self.url_list)


    response = client.put(url, data=self.add_data)

    assert response.status_code == 401

test_add_no_permission_denied()

Check correct permission for add

Attempt to add as user with no permissions

Source code in app/api/tests/abstract/api_permissions.py
def test_add_no_permission_denied(self):
    """ Check correct permission for add

    Attempt to add as user with no permissions
    """

    client = Client()
    if self.url_kwargs:

        url = reverse(self.app_namespace + ':' + self.url_list, kwargs = self.url_kwargs)

    else:

        url = reverse(self.app_namespace + ':' + self.url_list)


    client.force_login(self.no_permissions_user)
    response = client.post(url, data=self.add_data)

    assert response.status_code == 403

test_add_different_organization_denied()

Check correct permission for add

attempt to add as user from different organization

Source code in app/api/tests/abstract/api_permissions.py
def test_add_different_organization_denied(self):
    """ Check correct permission for add

    attempt to add as user from different organization
    """

    client = Client()
    if self.url_kwargs:

        url = reverse(self.app_namespace + ':' + self.url_list, kwargs = self.url_kwargs)

    else:

        url = reverse(self.app_namespace + ':' + self.url_list)


    client.force_login(self.different_organization_user)
    response = client.post(url, data=self.add_data)

    assert response.status_code == 403

test_add_permission_view_denied()

Check correct permission for add

Attempt to add a user with view permission

Source code in app/api/tests/abstract/api_permissions.py
def test_add_permission_view_denied(self):
    """ Check correct permission for add

    Attempt to add a user with view permission
    """

    client = Client()
    if self.url_kwargs:

        url = reverse(self.app_namespace + ':' + self.url_list, kwargs = self.url_kwargs)

    else:

        url = reverse(self.app_namespace + ':' + self.url_list)


    client.force_login(self.view_user)
    response = client.post(url, data=self.add_data)

    assert response.status_code == 403

test_add_has_permission()

Check correct permission for add

Attempt to add as user with no permission

Source code in app/api/tests/abstract/api_permissions.py
def test_add_has_permission(self):
    """ Check correct permission for add 

    Attempt to add as user with no permission
    """

    client = Client()
    if self.url_kwargs:

        url = reverse(self.app_namespace + ':' + self.url_list, kwargs = self.url_kwargs)

    else:

        url = reverse(self.app_namespace + ':' + self.url_list)


    client.force_login(self.add_user)
    response = client.post(url, data=self.add_data)

    assert response.status_code == 201

About:

This page forms part of our Project Centurion ERP.

Page Metadata
Version: ToDo: place files short git commit here
Date Created: 2024-06-16
Date Edited: 2024-07-09

Contribution:

Would You like to contribute to our Centurion ERP project? You can assist in the following ways:

 

ToDo: Add the page list of contributors