Merge branch 'bugfix/fix-verified-account-on-permission' into 'staging'

Bugfix: Fix is_verified on permission See merge request !27

Merge branch 'bugfix/fix-verified-account-on-permission' into 'staging'
Bugfix: Fix is_verified on permission See merge request !27
4a72c2de · Jonathan Christopher Jakub · e675ad4f · 93ced8ad · 4a72c2de · 4a72c2de
Commit 4a72c2de authored Apr 09, 2020 by Jonathan Christopher Jakub
--- a/apps/accounts/tests/factories/accounts.py
+++ b/apps/accounts/tests/factories/accounts.py
@@ -28,3 +28,4 @@ class AccountFactory(factory.DjangoModelFactory):
    phone_number = faker.phone_number()
    area = faker.city()
    is_active = True
+    is_verified = True
--- a/apps/accounts/tests/test_units/test_accounts.py
+++ b/apps/accounts/tests/test_units/test_accounts.py
@@ -88,9 +88,9 @@ class AccountViewTest(APITestCase):
            "email": self.officer.email,
            "phone_number": self.officer.phone_number,
            "area": self.officer.area,
-            "is_admin": False,
-            "is_verified": False,
-            "is_active": True,
+            "is_admin": self.officer.is_admin,
+            "is_verified": self.officer.is_verified,
+            "is_active": self.officer.is_active,
        }

        self.assertJSONEqual(json.dumps(response.data), data)
@@ -237,9 +237,9 @@ class AccountViewTest(APITestCase):
            "email": self.admin.email,
            "phone_number": self.admin.phone_number,
            "area": self.admin.area,
-            "is_admin": True,
-            "is_verified": False,
-            "is_active": True,
+            "is_admin": self.admin.is_admin,
+            "is_verified": self.admin.is_verified,
+            "is_active": self.admin.is_active,
        }

        self.assertEqual(response.status_code, status.HTTP_200_OK)

--- a/apps/commons/permissions.py
+++ b/apps/commons/permissions.py
@@ -6,7 +6,11 @@ from django.core.exceptions import ObjectDoesNotExist
 class IsAuthenticated(BasePermission):
    def has_permission(self, request, view):
        user = request.user
-        return user.is_authenticated and user.account.is_active
+        return (
+            user.is_authenticated
+            and user.account.is_active
+            and user.account.is_verified
+        )


 class CreateOnly(BasePermission):

--- a/apps/commons/tests/test_permissions.py
+++ b/apps/commons/tests/test_permissions.py
@@ -20,26 +20,50 @@ class IsAuthenticatedPermissionTest(APITestCase):
        self.permission = IsAuthenticated()
        self.user_1 = UserFactory(username="user_1", password="justpass")
        self.user_2 = UserFactory(username="user_2", password="justpass")
+        self.user_3 = UserFactory(username="user_3", password="justpass")

-        self.account_1 = AccountFactory(admin=True, user=self.user_1)
-        self.account_2 = AccountFactory(admin=False, user=self.user_2, is_active=False)
+        self.account_1 = AccountFactory(
+            admin=True,
+            user=self.user_1,
+            is_active=True,
+            is_verified=True
+        )
+        self.account_2 = AccountFactory(
+            admin=False,
+            user=self.user_2,
+            is_active=False,
+            is_verified=True
+        )
+        self.account_2 = AccountFactory(
+            admin=False,
+            user=self.user_3,
+            is_active=True,
+            is_verified=False
+        )

        self.token_1, _ = Token.objects.get_or_create(user=self.user_1)
        self.token_2, _ = Token.objects.get_or_create(user=self.user_2)
+        self.token_3, _ = Token.objects.get_or_create(user=self.user_3)

-    def test_has_permission_true_for_authenticated_user(self):
+    def test_has_permission_true_for_active_and_verified_user(self):
        self.client = APIClient(HTTP_AUTHORIZATION=HEADER_PREFIX + self.token_1.key)
        request = self.client.get("/").wsgi_request
        request.user = self.user_1

        self.assertTrue(self.permission.has_permission(request, None))

-    def test_has_permission_false_for_unauthenticated_user(self):
+    def test_has_permission_false_for_inactive_user(self):
        self.client = APIClient(HTTP_AUTHORIZATION=HEADER_PREFIX + self.token_2.key)
        request = self.client.get("/").wsgi_request
        request.user = self.user_2
        self.assertFalse(self.permission.has_permission(request, None))

+    def test_has_permission_false_for_unverified_user(self):
+        self.client = APIClient(HTTP_AUTHORIZATION=HEADER_PREFIX + self.token_3.key)
+        request = self.client.get("/").wsgi_request
+        request.user = self.user_3
+        self.assertFalse(self.permission.has_permission(request, None))
+

 class CreateOnlyPermissionTest(APITestCase):
    @classmethod

--- a/apps/logs/tests/test_units/test_logs.py
+++ b/apps/logs/tests/test_units/test_logs.py
@@ -82,9 +82,9 @@ class ActivityLogViewTest(APITestCase):
                        "email": self.account.email,
                        "phone_number": self.account.phone_number,
                        "area": self.account.area,
-                        "is_admin": False,
-                        "is_verified": False,
-                        "is_active": True,
+                        "is_admin": self.account.is_admin,
+                        "is_verified": self.account.is_verified,
+                        "is_active": self.account.is_active,
                    },
                },
            ],