From 7ed976dec0a906b604abaaebcb620ccb93968389 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=D0=92=D0=B8=D0=BA=D1=82=D0=BE=D1=80=20=D0=93=D0=BB=D0=B0?= =?UTF-8?q?=D0=B4=D0=BA=D0=B8=D1=85?= Date: Wed, 9 Oct 2019 16:28:14 +0300 Subject: [PATCH] Test --- apps/account/tests/tests_back.py | 5 -- apps/comment/permissions.py | 9 ++-- apps/comment/tests.py | 83 +++++++++++++++++++++++++++++--- apps/comment/urls/back.py | 2 +- apps/comment/views/back.py | 3 +- 5 files changed, 85 insertions(+), 17 deletions(-) diff --git a/apps/account/tests/tests_back.py b/apps/account/tests/tests_back.py index 56c0cd3a..8adc6b35 100644 --- a/apps/account/tests/tests_back.py +++ b/apps/account/tests/tests_back.py @@ -71,11 +71,6 @@ class UserRoleTests(APITestCase): def test_user_role_post(self): url = reverse('back:account:user-role-list-create') - # userRole = UserRole.objects.create( - # user=self.user_test, - # role=self.role - # ) - # userRole.save() data = { "user": self.user_test.id, diff --git a/apps/comment/permissions.py b/apps/comment/permissions.py index aa57eaca..09860c2c 100644 --- a/apps/comment/permissions.py +++ b/apps/comment/permissions.py @@ -14,14 +14,17 @@ class IsCommentModerator(permissions.BasePermission): if request.method in permissions.SAFE_METHODS: return True + if obj.user == request.user: + return True + # Instance must have an attribute named `user`. role = Role.objects.get(role=2) # 'Comments moderator' is_access = UserRole.objects.filter(user=request.user, role=role).exists() - if obj.user == request.user and is_access: + if obj.user != request.user and is_access: return True - # User is super-user? - if User.objects.filter(pk=request.user.pk).exists(): + super_user=User.objects.filter(pk=request.user.pk, is_superuser=True).exists() + if super_user: return True return False diff --git a/apps/comment/tests.py b/apps/comment/tests.py index 09287225..0b053cb8 100644 --- a/apps/comment/tests.py +++ b/apps/comment/tests.py @@ -2,18 +2,15 @@ from rest_framework.test import APITestCase from rest_framework import status from authorization.tests.tests_authorization import get_tokens_for_user from django.urls import reverse +from django.contrib.contenttypes.models import ContentType from http.cookies import SimpleCookie from location.models import Country from account.models import Role, User, UserRole +from comment.models import Comment class CommentModeratorPermissionTests(APITestCase): def setUp(self): - self.data = get_tokens_for_user() - - self.client.cookies = SimpleCookie( - {'access_token': self.data['tokens'].get('access_token'), - 'refresh_token': self.data['tokens'].get('access_token')}) self.country_ru = Country.objects.create( name='{"ru-RU":"Russia"}', @@ -47,11 +44,83 @@ class CommentModeratorPermissionTests(APITestCase): ) self.userRole.save() + content_type = ContentType.objects.get(app_label='location', model='country') + + self.user_test = get_tokens_for_user() + self.comment = Comment.objects.create(text='Test comment', mark=1, + user=self.user_test["user"], + object_id= self.country_ru.pk, + content_type_id=content_type.id + ) + self.comment.save() + + def test_get(self): + url = reverse('back:comment:comment-crud', kwargs={"id": 1}) + response = self.client.get(url, format='json') + self.assertEqual(response.status_code, status.HTTP_200_OK) + + def test_put_moderator(self): + url = reverse('back:comment:comment-crud', kwargs={"id": self.comment.id}) + tokens = User.create_jwt_tokens(self.moderator) + self.client.cookies = SimpleCookie( + {'access_token': tokens.get('access_token'), + 'refresh_token': tokens.get('access_token')}) + + data = { + "id": self.comment.id, + "text": "test text moderator", + "mark": 1, + "user": self.moderator.id + } + + response = self.client.put(url, data=data, format='json') + self.assertEqual(response.status_code, status.HTTP_200_OK) + + def test_put_other_user(self): + url = reverse('back:comment:comment-crud', kwargs={"id": self.comment.id}) + other_user = User.objects.create_user(username='test', + email='test@mail.com', + password='passwordtest') + + tokens = User.create_jwt_tokens(other_user) self.client.cookies = SimpleCookie( {'access_token': tokens.get('access_token'), 'refresh_token': tokens.get('access_token')}) - def test_permission(self): - self.assertTrue(True) \ No newline at end of file + data = { + "id": self.comment.id, + "text": "test text moderator", + "mark": 1, + "user": other_user.id + } + + response = self.client.put(url, data=data, format='json') + self.assertEqual(response.status_code, status.HTTP_403_FORBIDDEN) + + def test_put_super_user(self): + url = reverse('back:comment:comment-crud', kwargs={"id": self.comment.id}) + super_user = User.objects.create_user(username='super', + email='super@mail.com', + password='passwordtestsuper', + is_superuser=True) + + tokens = User.create_jwt_tokens(super_user) + + self.client.cookies = SimpleCookie( + {'access_token': tokens.get('access_token'), + 'refresh_token': tokens.get('access_token')}) + + data = { + "id": self.comment.id, + "text": "test text moderator", + "mark": 1, + "user": super_user.id + } + + response = self.client.put(url, data=data, format='json') + self.assertEqual(response.status_code, status.HTTP_200_OK) + + + diff --git a/apps/comment/urls/back.py b/apps/comment/urls/back.py index a1f2e010..214eab48 100644 --- a/apps/comment/urls/back.py +++ b/apps/comment/urls/back.py @@ -7,5 +7,5 @@ app_name = 'comment' urlpatterns = [ path('', views.CommentLstView.as_view(), name='comment-list-create'), - path('/', views.CommentRUDView.as_view(), name='comment-crud'), + path('/', views.CommentRUDView.as_view(), name='comment-crud'), ] diff --git a/apps/comment/views/back.py b/apps/comment/views/back.py index 1420ebc2..16450d03 100644 --- a/apps/comment/views/back.py +++ b/apps/comment/views/back.py @@ -13,4 +13,5 @@ class CommentLstView(generics.ListCreateAPIView): class CommentRUDView(generics.RetrieveUpdateDestroyAPIView): serializer_class = serializers.CommentBaseSerializer queryset = models.Comment.objects.all() - permission_classes = [permissions.IsAuthenticatedOrReadOnly, IsCommentModerator] \ No newline at end of file + permission_classes = [permissions.IsAuthenticatedOrReadOnly,IsCommentModerator] + lookup_field = 'id'