test_permissions.py

import json
from django.urls import reverse
from rest_framework import status
from rest_framework.authtoken.models import Token
from rest_framework.test import APITestCase, APIClient

from apps.accounts.tests.factories.accounts import AccountFactory, UserFactory
from apps.commons.permissions import (
    CreateOnly,
    IsAuthenticated,
)
from apps.constants import HEADER_PREFIX


class IsAuthenticatedPermissionTest(APITestCase):
    @classmethod
    def setUpTestData(cls):
        cls.permission = IsAuthenticated()
        cls.user_1 = UserFactory(username="user_1", password="justpass")
        cls.user_2 = UserFactory(username="user_2", password="justpass")
        cls.user_3 = UserFactory(username="user_3", password="justpass")

        cls.account_1 = AccountFactory(
            admin=True,
            user=cls.user_1,
            is_active=True,
            is_verified=True
        )
        cls.account_2 = AccountFactory(
            admin=False,
            user=cls.user_2,
            is_active=False,
            is_verified=True
        )
        cls.account_2 = AccountFactory(
            admin=False,
            user=cls.user_3,
            is_active=True,
            is_verified=False
        )

        cls.token_1, _ = Token.objects.get_or_create(user=cls.user_1)
        cls.token_2, _ = Token.objects.get_or_create(user=cls.user_2)
        cls.token_3, _ = Token.objects.get_or_create(user=cls.user_3)

    def test_has_permission_true_for_active_and_verified_user(self):
        self.client = APIClient(HTTP_AUTHORIZATION=HEADER_PREFIX + self.token_1.key)
        request = self.client.get("/").wsgi_request
        request.user = self.user_1

        self.assertTrue(self.permission.has_permission(request, None))

    def test_has_permission_false_for_inactive_user(self):
        self.client = APIClient(HTTP_AUTHORIZATION=HEADER_PREFIX + self.token_2.key)
        request = self.client.get("/").wsgi_request
        request.user = self.user_2
        self.assertFalse(self.permission.has_permission(request, None))

    def test_has_permission_false_for_unverified_user(self):
        self.client = APIClient(HTTP_AUTHORIZATION=HEADER_PREFIX + self.token_3.key)
        request = self.client.get("/").wsgi_request
        request.user = self.user_3
        self.assertFalse(self.permission.has_permission(request, None))


class CreateOnlyPermissionTest(APITestCase):
    @classmethod
    def setUpTestData(cls):
        cls.permission = CreateOnly()
        cls.client = APIClient()

    def test_has_permission_true_for_post_request(self):
        request = self.client.post("/").wsgi_request

        self.assertTrue(self.permission.has_permission(request, None))

    def test_has_permission_false_for_non_post_request(self):
        request = self.client.get("/").wsgi_request
        self.assertFalse(self.permission.has_permission(request, None))

        request = self.client.put("/").wsgi_request
        self.assertFalse(self.permission.has_permission(request, None))

        request = self.client.patch("/").wsgi_request
        self.assertFalse(self.permission.has_permission(request, None))

        request = self.client.delete("/").wsgi_request
        self.assertFalse(self.permission.has_permission(request, None))