Fakultas Ilmu Komputer UI

test_permissions.py 3.2 KB
Newer Older
1
2
3
4
5
6
7
8
9
10
11
import json
from django.urls import reverse
from rest_framework import status
from rest_framework.authtoken.models import Token
from rest_framework.test import APITestCase, APIClient

from apps.accounts.tests.factories.accounts import AccountFactory, UserFactory
from apps.commons.permissions import (
    CreateOnly,
    IsAuthenticated,
)
12
from apps.constants import HEADER_PREFIX
13

14

15
16
class IsAuthenticatedPermissionTest(APITestCase):
    @classmethod
17
18
19
20
21
    def setUpTestData(cls):
        cls.permission = IsAuthenticated()
        cls.user_1 = UserFactory(username="user_1", password="justpass")
        cls.user_2 = UserFactory(username="user_2", password="justpass")
        cls.user_3 = UserFactory(username="user_3", password="justpass")
22

23
        cls.account_1 = AccountFactory(
24
            admin=True,
25
            user=cls.user_1,
26
27
28
            is_active=True,
            is_verified=True
        )
29
        cls.account_2 = AccountFactory(
30
            admin=False,
31
            user=cls.user_2,
32
33
34
            is_active=False,
            is_verified=True
        )
35
        cls.account_2 = AccountFactory(
36
            admin=False,
37
            user=cls.user_3,
38
39
40
            is_active=True,
            is_verified=False
        )
41

42
43
44
        cls.token_1, _ = Token.objects.get_or_create(user=cls.user_1)
        cls.token_2, _ = Token.objects.get_or_create(user=cls.user_2)
        cls.token_3, _ = Token.objects.get_or_create(user=cls.user_3)
45

46
    def test_has_permission_true_for_active_and_verified_user(self):
47
        self.client = APIClient(HTTP_AUTHORIZATION=HEADER_PREFIX + self.token_1.key)
48
49
50
51
52
        request = self.client.get("/").wsgi_request
        request.user = self.user_1

        self.assertTrue(self.permission.has_permission(request, None))

53
    def test_has_permission_false_for_inactive_user(self):
54
        self.client = APIClient(HTTP_AUTHORIZATION=HEADER_PREFIX + self.token_2.key)
55
56
57
58
        request = self.client.get("/").wsgi_request
        request.user = self.user_2
        self.assertFalse(self.permission.has_permission(request, None))

59
60
61
62
63
64
    def test_has_permission_false_for_unverified_user(self):
        self.client = APIClient(HTTP_AUTHORIZATION=HEADER_PREFIX + self.token_3.key)
        request = self.client.get("/").wsgi_request
        request.user = self.user_3
        self.assertFalse(self.permission.has_permission(request, None))

65
66
67

class CreateOnlyPermissionTest(APITestCase):
    @classmethod
68
69
70
    def setUpTestData(cls):
        cls.permission = CreateOnly()
        cls.client = APIClient()
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88

    def test_has_permission_true_for_post_request(self):
        request = self.client.post("/").wsgi_request

        self.assertTrue(self.permission.has_permission(request, None))

    def test_has_permission_false_for_non_post_request(self):
        request = self.client.get("/").wsgi_request
        self.assertFalse(self.permission.has_permission(request, None))

        request = self.client.put("/").wsgi_request
        self.assertFalse(self.permission.has_permission(request, None))

        request = self.client.patch("/").wsgi_request
        self.assertFalse(self.permission.has_permission(request, None))

        request = self.client.delete("/").wsgi_request
        self.assertFalse(self.permission.has_permission(request, None))