testing purchase_email but getting 401 with AllowAny

back_latienda/urls.py

@@ -39,9 +39,8 @@ urlpatterns = [
     path('api/v1/search_products/', product_views.product_search, name='product-search'),
     path('api/v1/create_company_user/', core_views.create_company_user, name='create-company-user'),
     path('api/v1/my_user/', core_views.my_user, name='my-user'),
-    # path('api/v1/my_company/', company_views.my_company , name='my-company'),
     path('api/v1/companies/sample/', company_views.random_company_sample , name='company-sample'),
-    # path('api/v1/my_products/', product_views.my_products, name='my-products'),
+    path('api/v1/purchase_email/', product_views.purchase_email, name='purchase-email'),
     path('api/v1/stats/me/', stat_views.track_user, name='user-tracker'),
     path('api/v1/autocomplete/category-tag/', product_views.CategoryTagAutocomplete.as_view(), name='category-autocomplete'),
     path('api/v1/', include(router.urls)),

companies/tests.py

@@ -293,6 +293,7 @@ class CompanyViewSetTest(APITestCase):
         # check order
         self.assertTrue(response.data[0]['id'] > response.data[1]['id'])
 
+    # TODO: test email_manager action
 
 class MyCompanyViewTest(APITestCase):
     """CompanyViewset tests

products/tests.py

@@ -6,6 +6,7 @@ from urllib.parse import quote
 
 from django.utils import timezone
 from django.test import TestCase
+from django.core import mail
 
 from rest_framework.test import APITestCase
 from rest_framework import status
@@ -1195,3 +1196,38 @@ class FindRelatedProductsTest(APITestCase):
         # assert result
         self.assertTrue(len(results) == len(expected_instances))
 
+
+class PurchaseEmailTest(APITestCase):
+
+    def setUp(self):
+        """Tests setup
+        """
+        self.endpoint = '/api/v1/purchase_email/'
+        self.factory = ProductFactory
+        self.model = Product
+        # create user
+        self.email = f"user@mail.com"
+        self.password = ''.join(random.choices(string.ascii_uppercase, k = 10))
+        self.user = CustomUserFactory(email=self.email, is_active=True)
+        self.user.set_password(self.password)
+        # self.user.role = 'SITE_ADMIN'
+        self.user.save()
+
+    def test_anon_user_can_use(self):
+
+        company = CompanyFactory()
+        product = ProductFactory(company=company)
+
+        data = {
+            'email': self.email,
+            'telephone': '123123123',
+            'company': company.id,
+            'product': product.id,
+            'comment': '',
+        }
+        response = self.client.post(self.endpoint, json=data)
+        import ipdb; ipdb.set_trace()
+        # assertions
+        self.assertEquals(response.status_code, 200)
+        self.assertEquals(2, len(mail.outbox))
+

products/views.py

@@ -11,7 +11,7 @@ from django.contrib.auth import get_user_model
 from rest_framework import status
 from rest_framework import viewsets
 from rest_framework.response import Response
-from rest_framework.permissions import IsAuthenticatedOrReadOnly, IsAdminUser, IsAuthenticated
+from rest_framework.permissions import IsAuthenticatedOrReadOnly, IsAdminUser, IsAuthenticated, AllowAny
 from rest_framework.decorators import api_view, permission_classes, action
 from rest_framework.filters import OrderingFilter
 
@@ -247,6 +247,7 @@ class CategoryTagAutocomplete(autocomplete.Select2QuerySetView):
         return qs       # [x.label for x in qs]
 
 
+@permission_classes([AllowAny,])
 @api_view(['POST'])
 def purchase_email(request):
     """Notify coop manager and user about item purchase
@@ -275,7 +276,7 @@ def purchase_email(request):
     if not manager and manager.role != 'COOP_MANAGER':
         return Response({"error": "Company has no managing user"}, status=status.HTTP_406_NOT_ACCEPTABLE)
     # get product
-    product = Product.objects.filter(id=data['product']).first()
+    product = Product.objects.filter(id=data['product'], company=company).first()
     if not product:
         return Response({"error": "Invalid value for product"}, status=status.HTTP_406_NOT_ACCEPTABLE)