From 851ba7f9ddf43b7a26e15553480da25a09d2930b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=D0=92=D0=B8=D0=BA=D1=82=D0=BE=D1=80=20=D0=93=D0=BB=D0=B0?= =?UTF-8?q?=D0=B4=D0=BA=D0=B8=D1=85?= Date: Fri, 25 Oct 2019 10:14:50 +0300 Subject: [PATCH] Test edit --- apps/comment/tests.py | 44 ++++++++++++++++++++++++++++++++++---- apps/comment/views/back.py | 2 +- apps/utils/permissions.py | 35 ++++++++++++++++++++++++++++++ 3 files changed, 76 insertions(+), 5 deletions(-) diff --git a/apps/comment/tests.py b/apps/comment/tests.py index 9b060f4e..87b7d32f 100644 --- a/apps/comment/tests.py +++ b/apps/comment/tests.py @@ -5,8 +5,9 @@ from django.urls import reverse from django.contrib.contenttypes.models import ContentType from http.cookies import SimpleCookie from account.models import Role, User, UserRole +from account.serializers.common import UserSerializer from comment.models import Comment - +import json class CommentModeratorPermissionTests(BasePermissionTests): def setUp(self): @@ -28,18 +29,53 @@ class CommentModeratorPermissionTests(BasePermissionTests): ) self.userRole.save() - content_type = ContentType.objects.get(app_label='location', model='country') + self.content_type = ContentType.objects.get(app_label='location', model='country') self.user_test = get_tokens_for_user() self.comment = Comment.objects.create(text='Test comment', mark=1, user=self.user_test["user"], - object_id= self.country_ru.pk, - content_type_id=content_type.id, + object_id=self.country_ru.pk, + content_type_id=self.content_type.id, country=self.country_ru ) self.comment.save() self.url = reverse('back:comment:comment-crud', kwargs={"id": self.comment.id}) + def test_post(self): + self.url = reverse('back:comment:comment-list-create') + + comment = { + "text": "Test comment POST", + "user_id": self.user_test["user"].id, + "object_id": self.country_ru.pk, + "content_type_id": self.content_type.id, + "country_id": self.country_ru.id + } + # + # response = self.client.post(self.url, format='json', data=comment) + # self.assertEqual(response.status_code, status.HTTP_401_UNAUTHORIZED) + json_user = json.dumps(self.moderator) + user = UserSerializer(data=self.moderator) + user.is_valid() + u_data = user.data + self.assertFalse(user.is_valid()) + # comment = { + # "text": "Test comment POST moder", + # "user": user, + # "object_id": self.country_ru.pk, + # "content_type_id": self.content_type.id, + # "country_id": self.country_ru.id + # } + # # + # tokens = User.create_jwt_tokens(self.moderator) + # self.client.cookies = SimpleCookie( + # {'access_token': tokens.get('access_token'), + # 'refresh_token': tokens.get('access_token')}) + # + # response = self.client.post(self.url, format='json', data=comment) + # self.assertEqual(response.status_code, status.HTTP_201_CREATED) + + # self.assertTrue(True) def test_put_moderator(self): tokens = User.create_jwt_tokens(self.moderator) diff --git a/apps/comment/views/back.py b/apps/comment/views/back.py index 2895fdbe..25c10a62 100644 --- a/apps/comment/views/back.py +++ b/apps/comment/views/back.py @@ -8,7 +8,7 @@ class CommentLstView(generics.ListCreateAPIView): """Comment list create view.""" serializer_class = serializers.CommentBaseSerializer queryset = models.Comment.objects.all() - permission_classes = [permissions.IsAuthenticatedOrReadOnly,] + permission_classes = [permissions.IsAuthenticatedOrReadOnly|IsCommentModerator] class CommentRUDView(generics.RetrieveUpdateDestroyAPIView): diff --git a/apps/utils/permissions.py b/apps/utils/permissions.py index 45d978a0..aee2ab57 100644 --- a/apps/utils/permissions.py +++ b/apps/utils/permissions.py @@ -72,6 +72,20 @@ class IsStandardUser(IsGuest): Object-level permission to only allow owners of an object to edit it. Assumes the model instance has an `owner` attribute. """ + def has_permission(self, request, view): + rules = [ + super().has_permission(request, view) + ] + + # and request.user.email_confirmed, + if hasattr(request, 'user'): + rules = [ + request.user.is_authenticated, + super().has_permission(request, view) + ] + + return any(rules) + def has_object_permission(self, request, view, obj): # Read permissions are allowed to any request rules = [ @@ -131,6 +145,27 @@ class IsCommentModerator(IsStandardUser): Object-level permission to only allow owners of an object to edit it. Assumes the model instance has an `owner` attribute. """ + + def has_permission(self, request, view): + rules = [ + super().has_permission(request, view) + ] + + # and request.user.email_confirmed, + if hasattr(request.data, 'user') and hasattr(request.data, 'country_id'): + # Read permissions are allowed to any request. + + role = Role.objects.filter(role=Role.COMMENTS_MODERATOR, + country_id=request.data.country_id) \ + .first() # 'Comments moderator' + + rules = [ + UserRole.objects.filter(user=request.user, role=role).exists(), + super().has_permission(request, view) + ] + + return any(rules) + def has_object_permission(self, request, view, obj): # Read permissions are allowed to any request. role = Role.objects.filter(role=Role.COMMENTS_MODERATOR,