From 37f222e6c90109d2ef2f427f7156087261be0544 Mon Sep 17 00:00:00 2001
From: Sam <samuel.molina@enreda.coop>
Date: Fri, 12 Mar 2021 10:22:23 +0000
Subject: [PATCH] changes for my endpoints

---
 companies/views.py |  2 +-
 products/tests.py  | 12 ++++++++++++
 2 files changed, 13 insertions(+), 1 deletion(-)

diff --git a/companies/views.py b/companies/views.py
index 010c4b4..62c4767 100644
--- a/companies/views.py
+++ b/companies/views.py
@@ -171,7 +171,7 @@ class MyCompanyViewSet(viewsets.ModelViewSet):
     permission_classes = [IsAuthenticated]
 
     def get_queryset(self):
-        return self.model.objects.filter(creator=self.request.user)
+        return self.model.objects.filter(company=self.request.user.company)
 
     def perform_create(self, serializer):
         serializer.save(creator=self.request.user)
diff --git a/products/tests.py b/products/tests.py
index 194fee3..d9db3ea 100644
--- a/products/tests.py
+++ b/products/tests.py
@@ -1004,6 +1004,18 @@ class MyProductsViewTest(APITestCase):
         # check response
         self.assertEqual(response.status_code, status.HTTP_401_UNAUTHORIZED)
 
+    def test_auth_user_without_company(self):
+        # Authenticate
+        token = get_tokens_for_user(self.user)
+        self.client.credentials(HTTP_AUTHORIZATION=f"Bearer {token['access']}")
+
+        # Query endpoint
+        response = self.client.get(self.endpoint)
+        payload = response.json()
+        # Assert forbidden code
+        self.assertEqual(response.status_code, status.HTTP_200_OK)
+        self.assertEquals([], payload)
+
 
 class AdminProductViewSetTest(APITestCase):