Commit a5aed3d6 authored by Jean-Baptiste Pasquier's avatar Jean-Baptiste Pasquier

update: fix test model & rewrite test_user_permissions

parent e67821fe
Pipeline #4667 failed with stage
in 1 minute and 17 seconds
from rest_framework.permissions import DjangoObjectPermissions
from rest_framework.permissions import BasePermission
from django.core.exceptions import PermissionDenied
class LDPPermissions(DjangoObjectPermissions):
class LDPPermissions(BasePermission):
"""
Default permissions
......@@ -50,8 +50,8 @@ class LDPPermissions(DjangoObjectPermissions):
perms_map = {
'GET': ['%(app_label)s.view_%(model_name)s'],
'OPTIONS': [],
'HEAD': [],
'OPTIONS': ['%(app_label)s.view_%(model_name)s'],
'HEAD': ['%(app_label)s.view_%(model_name)s'],
'POST': ['%(app_label)s.add_%(model_name)s'],
'PUT': ['%(app_label)s.change_%(model_name)s'],
'PATCH': ['%(app_label)s.change_%(model_name)s'],
......@@ -80,10 +80,9 @@ class LDPPermissions(DjangoObjectPermissions):
perms = self.get_permissions(request.method, view.model)
# A bit tricky, but feels redondant to redeclarate perms_map
requested = self.get_permissions(request.method, view.model)[0].split('.')[1].split('_')[0]
if not requested in self.user_permissions(request.user, view.model):
return False
for perm in perms:
if not perm.split('.')[1].split('_')[0] in self.user_permissions(request.user, view.model):
return False
return True
......@@ -95,9 +94,9 @@ class LDPPermissions(DjangoObjectPermissions):
"""
perms = self.get_permissions(request.method, obj)
if not request.user.has_perms(perms, obj):
read_perms = self.get_permissions('GET', obj)
return PermissionDenied
# A bit tricky, but feels redondant to redeclarate perms_map
for perm in perms:
if not perm.split('.')[1].split('_')[0] in self.user_permissions(request.user, obj):
return False
return True
......@@ -34,8 +34,8 @@ class JobOffer(Model):
class Meta:
anonymous_perms = ['view']
authenticated_perms = ['inherit', 'add']
owner_perms = ['inherit', 'change', 'delete', 'control']
authenticated_perms = ['inherit', 'change', 'add']
owner_perms = ['inherit', 'delete', 'control']
nested_fields = ["skills"]
serializer_fields = ["@id", "title", "skills", "recent_skills"]
container_path = "job-offers/"
......
from django.contrib.auth.models import User
from rest_framework.test import APIRequestFactory, APIClient, APITestCase
from rest_framework.test import APIClient, APITestCase
from djangoldp.permissions import LDPPermissions
from .models import JobOffer
......@@ -11,48 +11,27 @@ import json
class TestUserPermissions(APITestCase):
def setUp(self):
self.factory = APIRequestFactory()
self.client = APIClient()
self.user = User.objects.create_user(username='john', email='jlennon@beatles.com', password='glass onion')
user = User.objects.create_user(username='john', email='jlennon@beatles.com', password='glass onion')
self.client = APIClient(enforce_csrf_checks=True)
self.client.force_authenticate(user=user)
self.job = JobOffer.objects.create(title="job")
def tearDown(self):
self.user.delete()
def test_get_for_authenticated_user(self):
request = self.factory.get('/job-offers/')
request.user = self.user
my_view = LDPViewSet.as_view({'get': 'list'}, model=JobOffer)
my_view.cls.permission_classes = [LDPPermissions]
response = my_view(request)
response = self.client.get('/job-offers/')
self.assertEqual(response.status_code, 200)
def test_post_request_for_authenticated_user(self):
data = {'title': 'new idea'}
request = self.factory.post('/job-offers/', json.dumps(data), content_type='application/ld+json')
request.user = self.user
my_view = LDPViewSet.as_view({'post': 'create'}, model=JobOffer, nested_fields=["skills"])
my_view.cls.permission_classes = [LDPPermissions]
response = my_view(request, pk=1)
post = {'title': "job_created"}
response = self.client.post('/job-offers/', data=json.dumps(post), content_type='application/ld+json')
self.assertEqual(response.status_code, 201)
# def test_put_request_for_authenticated_user(self):
# data = {'title':"job_updated"}
# request = self.factory.put('/job-offers/' + str(self.job.pk) + "/", data)
# request.user = self.user
# my_view = LDPViewSet.as_view({'put': 'update'}, model=JobOffer)
# my_view.cls.permission_classes = [LDPPermissions]
#
# response = my_view(request, pk=self.job.pk)
# self.assertEqual(response.status_code, 200)
#
# def test_request_patch_for_authenticated_user(self):
# request = self.factory.patch('/job-offers/' + str(self.job.pk) + "/")
# request.user = self.user
# my_view = LDPViewSet.as_view({'patch': 'partial_update'}, model=JobOffer)
# my_view.cls.permission_classes = [LDPPermissions]
#
# response = my_view(request, pk=self.job.pk)
# self.assertEqual(response.status_code, 200)
def test_put_request_for_authenticated_user(self):
body = {'title':"job_updated"}
response = self.client.put('/job-offers/{}/'.format(self.job.pk), data=json.dumps(body),
content_type='application/ld+json')
self.assertEqual(response.status_code, 200)
def test_request_patch_for_authenticated_user(self):
response = self.client.patch('/job-offers/' + str(self.job.pk) + "/",
content_type='application/ld+json')
self.assertEqual(response.status_code, 200)
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment