2016-10-12 14:44:14 +00:00
|
|
|
from .classes import BootTestCase
|
2016-10-07 23:07:47 +00:00
|
|
|
from rest_framework.test import APIClient
|
|
|
|
from rest_framework import status
|
|
|
|
|
2016-10-13 16:21:12 +00:00
|
|
|
from app.models import Project, Task
|
2016-10-07 23:07:47 +00:00
|
|
|
from django.contrib.auth.models import User
|
|
|
|
|
2016-10-12 14:13:48 +00:00
|
|
|
class TestApi(BootTestCase):
|
2016-10-07 23:07:47 +00:00
|
|
|
def setUp(self):
|
2016-10-08 03:15:43 +00:00
|
|
|
pass
|
2016-10-07 23:07:47 +00:00
|
|
|
|
|
|
|
def tearDown(self):
|
|
|
|
pass
|
|
|
|
|
2016-10-13 16:21:12 +00:00
|
|
|
def test_projects(self):
|
2016-10-07 23:07:47 +00:00
|
|
|
client = APIClient()
|
2016-10-11 22:08:01 +00:00
|
|
|
|
2016-10-12 14:13:48 +00:00
|
|
|
user = User.objects.get(username="testuser")
|
|
|
|
self.assertFalse(user.is_superuser)
|
2016-10-11 22:08:01 +00:00
|
|
|
|
2016-10-08 03:15:43 +00:00
|
|
|
project = Project.objects.create(
|
2016-10-12 14:13:48 +00:00
|
|
|
owner=user,
|
2016-10-08 03:15:43 +00:00
|
|
|
name="test project"
|
|
|
|
)
|
2016-10-11 22:08:01 +00:00
|
|
|
other_project = Project.objects.create(
|
2016-10-12 14:13:48 +00:00
|
|
|
owner=User.objects.get(username="testuser2"),
|
2016-10-11 22:08:01 +00:00
|
|
|
name="another test project"
|
|
|
|
)
|
2016-10-07 23:07:47 +00:00
|
|
|
|
|
|
|
# Forbidden without credentials
|
|
|
|
res = client.get('/api/projects/')
|
|
|
|
self.assertEqual(res.status_code, status.HTTP_403_FORBIDDEN)
|
2016-10-11 22:08:01 +00:00
|
|
|
|
2016-10-12 14:13:48 +00:00
|
|
|
client.login(username="testuser", password="test1234")
|
2016-10-07 23:07:47 +00:00
|
|
|
res = client.get('/api/projects/')
|
|
|
|
self.assertEqual(res.status_code, status.HTTP_200_OK)
|
2016-10-08 00:46:19 +00:00
|
|
|
self.assertTrue(len(res.data["results"]) > 0)
|
2016-10-07 23:07:47 +00:00
|
|
|
|
2016-10-08 03:15:43 +00:00
|
|
|
res = client.get('/api/projects/{}/'.format(project.id))
|
2016-10-07 23:07:47 +00:00
|
|
|
self.assertEqual(res.status_code, status.HTTP_200_OK)
|
|
|
|
|
|
|
|
res = client.get('/api/projects/dasjkldas/')
|
|
|
|
self.assertEqual(res.status_code, status.HTTP_404_NOT_FOUND)
|
2016-10-11 22:08:01 +00:00
|
|
|
|
|
|
|
res = client.get('/api/projects/{}/'.format(other_project.id))
|
2016-10-12 14:13:48 +00:00
|
|
|
self.assertEqual(res.status_code, status.HTTP_404_NOT_FOUND)
|
2016-10-11 22:08:01 +00:00
|
|
|
|
|
|
|
# Can filter
|
2016-10-13 16:21:12 +00:00
|
|
|
res = client.get('/api/projects/?owner=999')
|
2016-10-11 22:08:01 +00:00
|
|
|
self.assertEqual(res.status_code, status.HTTP_200_OK)
|
|
|
|
self.assertTrue(len(res.data["results"]) == 0)
|
|
|
|
|
|
|
|
# Cannot list somebody else's project without permission
|
|
|
|
res = client.get('/api/projects/?id={}'.format(other_project.id))
|
|
|
|
self.assertEqual(res.status_code, status.HTTP_200_OK)
|
|
|
|
self.assertTrue(len(res.data["results"]) == 0)
|
2016-10-13 16:21:12 +00:00
|
|
|
|
|
|
|
# Can access individual project
|
|
|
|
res = client.get('/api/projects/{}/'.format(project.id))
|
|
|
|
self.assertEqual(res.status_code, status.HTTP_200_OK)
|
|
|
|
self.assertTrue(res.data["id"] == project.id)
|
|
|
|
|
|
|
|
# Cannot access project for which we have no access to
|
|
|
|
res = client.get('/api/projects/{}/'.format(other_project.id))
|
|
|
|
self.assertEqual(res.status_code, status.HTTP_404_NOT_FOUND)
|
|
|
|
|
|
|
|
|
|
|
|
# Create some tasks
|
|
|
|
task = Task.objects.create(project=project)
|
|
|
|
task2 = Task.objects.create(project=project)
|
|
|
|
other_task = Task.objects.create(project=other_project)
|
|
|
|
|
|
|
|
# Can list project tasks to a project we have access to
|
|
|
|
res = client.get('/api/projects/{}/tasks/'.format(project.id))
|
|
|
|
self.assertEqual(res.status_code, status.HTTP_200_OK)
|
|
|
|
self.assertTrue(len(res.data) == 2)
|
|
|
|
|
|
|
|
# Cannot list project tasks for a project we don't have access to
|
|
|
|
res = client.get('/api/projects/{}/tasks/'.format(other_project.id))
|
|
|
|
self.assertEqual(res.status_code, status.HTTP_404_NOT_FOUND)
|
|
|
|
|
|
|
|
# Cannot list project tasks for a project that doesn't exist
|
|
|
|
res = client.get('/api/projects/999/tasks/')
|
|
|
|
self.assertEqual(res.status_code, status.HTTP_404_NOT_FOUND)
|
|
|
|
|
|
|
|
# Can list task details for a task belonging to a project we have access to
|
|
|
|
res = client.get('/api/projects/{}/tasks/{}/'.format(project.id, task.id))
|
|
|
|
self.assertEqual(res.status_code, status.HTTP_200_OK)
|
|
|
|
self.assertTrue(res.data["id"] == task.id)
|
|
|
|
|
|
|
|
# Cannot list task details for a task belonging to a project we don't have access to
|
|
|
|
res = client.get('/api/projects/{}/tasks/{}/'.format(other_project.id, other_task.id))
|
|
|
|
self.assertEqual(res.status_code, status.HTTP_404_NOT_FOUND)
|
|
|
|
|
|
|
|
# As above, but by trying to trick the API by using a project we have access to
|
|
|
|
res = client.get('/api/projects/{}/tasks/{}/'.format(project.id, other_task.id))
|
|
|
|
self.assertEqual(res.status_code, status.HTTP_404_NOT_FOUND)
|
|
|
|
|
|
|
|
# Cannot access task details for a task that doesn't exist
|
|
|
|
res = client.get('/api/projects/{}/tasks/999/'.format(project.id, other_task.id))
|
|
|
|
self.assertEqual(res.status_code, status.HTTP_404_NOT_FOUND)
|