c3lf-system-3/core/authentication/tests/v2/test_permissions.py

from django.test import TestCase
from django.contrib.auth.models import Permission

from authentication.models import EventPermission, ExtendedUser
from inventory.models import Event


class PermissionsTestCase(TestCase):
    def setUp(self):
        super().setUp()
        self.user = ExtendedUser.objects.create_user('testuser', 'test', 'test')
        event1 = Event.objects.create(slug='testevent1', name='testevent1')
        event2 = Event.objects.create(slug='testevent2', name='testevent2')
        permission1 = Permission.objects.get(codename='view_event')
        EventPermission.objects.create(user=self.user, permission=permission1, event=event1)
        EventPermission.objects.create(user=self.user, permission=permission1, event=event2)

    def test_user_permissions(self):
        """
        Test that a user can only access their own data.
        """
        self.client.force_login(self.user)
        response = self.client.get('/api/2/users/')
        self.assertEqual(response.status_code, 200)
        self.assertEqual(len(response.json()), 2)
        self.assertEqual(response.json()[0]['username'], 'testuser')
        self.assertEqual(response.json()[0]['email'], 'test')
        self.assertEqual(response.json()[0]['first_name'], '')
        self.assertEqual(response.json()[0]['last_name'], '')
        self.assertEqual(response.json()[0]['id'], 1)
        self.assertEqual(response.json()[1]['username'], 'testuser')
        self.assertEqual(response.json()[1]['email'], 'test')
        self.assertEqual(response.json()[1]['first_name'], '')
        self.assertEqual(response.json()[1]['last_name'], '')
stash 2023-12-11 21:18:33 +00:00			`from django.test import TestCase`
			`from django.contrib.auth.models import Permission`

			`from authentication.models import EventPermission, ExtendedUser`
			`from inventory.models import Event`


			`class PermissionsTestCase(TestCase):`
			`def setUp(self):`
			`super().setUp()`
			`self.user = ExtendedUser.objects.create_user('testuser', 'test', 'test')`
			`event1 = Event.objects.create(slug='testevent1', name='testevent1')`
			`event2 = Event.objects.create(slug='testevent2', name='testevent2')`
			`permission1 = Permission.objects.get(codename='view_event')`
			`EventPermission.objects.create(user=self.user, permission=permission1, event=event1)`
			`EventPermission.objects.create(user=self.user, permission=permission1, event=event2)`

			`def test_user_permissions(self):`
			`"""`
			`Test that a user can only access their own data.`
			`"""`
			`self.client.force_login(self.user)`
			`response = self.client.get('/api/2/users/')`
			`self.assertEqual(response.status_code, 200)`
			`self.assertEqual(len(response.json()), 2)`
			`self.assertEqual(response.json()[0]['username'], 'testuser')`
			`self.assertEqual(response.json()[0]['email'], 'test')`
			`self.assertEqual(response.json()[0]['first_name'], '')`
			`self.assertEqual(response.json()[0]['last_name'], '')`
			`self.assertEqual(response.json()[0]['id'], 1)`
			`self.assertEqual(response.json()[1]['username'], 'testuser')`
			`self.assertEqual(response.json()[1]['email'], 'test')`
			`self.assertEqual(response.json()[1]['first_name'], '')`
			`self.assertEqual(response.json()[1]['last_name'], '')`