Fakultas Ilmu Komputer UI

test_permissions.py 3.52 KB
Newer Older
1
2
3
4
5
6
7
8
9
10
11
import json
from django.urls import reverse
from rest_framework import status
from rest_framework.authtoken.models import Token
from rest_framework.test import APITestCase, APIClient

from apps.accounts.tests.factories.accounts import AccountFactory, UserFactory
from apps.commons.permissions import (
    CreateOnly,
    IsAuthenticated,
)
12
from apps.constants import HEADER_PREFIX
13

14

15
16
class IsAuthenticatedPermissionTest(APITestCase):
    @classmethod
17
18
19
20
21
    def setUpTestData(cls):
        cls.permission = IsAuthenticated()
        cls.user_1 = UserFactory(username="user_1", password="justpass")
        cls.user_2 = UserFactory(username="user_2", password="justpass")
        cls.user_3 = UserFactory(username="user_3", password="justpass")
22
        cls.user_4 = UserFactory(username="user_4", password="justpass")
23

24
        cls.account_1 = AccountFactory(
25
            admin=True,
26
            user=cls.user_1,
27
28
29
            is_active=True,
            is_verified=True
        )
30
        cls.account_2 = AccountFactory(
31
            admin=False,
32
            user=cls.user_2,
33
34
35
            is_active=False,
            is_verified=True
        )
36
        cls.account_3 = AccountFactory(
37
            admin=False,
38
            user=cls.user_3,
39
40
41
            is_active=True,
            is_verified=False
        )
42

43
44
45
        cls.token_1, _ = Token.objects.get_or_create(user=cls.user_1)
        cls.token_2, _ = Token.objects.get_or_create(user=cls.user_2)
        cls.token_3, _ = Token.objects.get_or_create(user=cls.user_3)
46

47
    def test_has_permission_true_for_active_and_verified_user(self):
48
        self.client = APIClient(HTTP_AUTHORIZATION=HEADER_PREFIX + self.token_1.key)
49
50
51
52
53
        request = self.client.get("/").wsgi_request
        request.user = self.user_1

        self.assertTrue(self.permission.has_permission(request, None))

54
    def test_has_permission_false_for_inactive_user(self):
55
        self.client = APIClient(HTTP_AUTHORIZATION=HEADER_PREFIX + self.token_2.key)
56
57
58
59
        request = self.client.get("/").wsgi_request
        request.user = self.user_2
        self.assertFalse(self.permission.has_permission(request, None))

60
61
62
63
64
65
    def test_has_permission_false_for_unverified_user(self):
        self.client = APIClient(HTTP_AUTHORIZATION=HEADER_PREFIX + self.token_3.key)
        request = self.client.get("/").wsgi_request
        request.user = self.user_3
        self.assertFalse(self.permission.has_permission(request, None))

66
67
68
69
70
71
    def test_has_permission_false_for_anonymous_user(self):
        self.client = APIClient()
        request = self.client.get("/").wsgi_request
        request.user = self.user_4
        self.assertFalse(self.permission.has_permission(request, None))

72
73
74

class CreateOnlyPermissionTest(APITestCase):
    @classmethod
75
76
77
    def setUpTestData(cls):
        cls.permission = CreateOnly()
        cls.client = APIClient()
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95

    def test_has_permission_true_for_post_request(self):
        request = self.client.post("/").wsgi_request

        self.assertTrue(self.permission.has_permission(request, None))

    def test_has_permission_false_for_non_post_request(self):
        request = self.client.get("/").wsgi_request
        self.assertFalse(self.permission.has_permission(request, None))

        request = self.client.put("/").wsgi_request
        self.assertFalse(self.permission.has_permission(request, None))

        request = self.client.patch("/").wsgi_request
        self.assertFalse(self.permission.has_permission(request, None))

        request = self.client.delete("/").wsgi_request
        self.assertFalse(self.permission.has_permission(request, None))