added AdminProductsViewSet for users with role SITE_ADMIN

2021-03-08 12:54:06 +00:00
parent ec27937b85
commit 642688b98d
4 changed files with 190 additions and 7 deletions
--- a/products/tests.py
+++ b/products/tests.py
@@ -979,6 +979,171 @@ class MyProductsViewTest(APITestCase):
        self.assertEqual(response.status_code, status.HTTP_401_UNAUTHORIZED)


+class AdminProductViewSet(APITestCase):
+
+    def setUp(self):
+        """Tests setup
+        """
+        self.endpoint = '/api/v1/admin_products/'
+        self.factory = ProductFactory
+        self.model = Product
+        # create user
+        self.email = f"user@mail.com"
+        self.password = ''.join(random.choices(string.ascii_uppercase, k = 10))
+        self.user = CustomUserFactory(email=self.email, is_active=True)
+        self.user.set_password(self.password)
+        # self.user.role = 'SITE_ADMIN'
+        self.user.save()
+
+    def test_anon_user_cannot_access(self):
+        instance = self.factory()
+        url = f"{self.endpoint}{instance.id}/"
+        # GET
+        response = self.client.get(self.endpoint)
+        # check response
+        self.assertEqual(response.status_code, status.HTTP_401_UNAUTHORIZED)
+        # POST
+        response = self.client.post(self.endpoint, data={})
+        # check response
+        self.assertEqual(response.status_code, status.HTTP_401_UNAUTHORIZED)
+        # PUT
+        response = self.client.get(url, data={})
+        # check response
+        self.assertEqual(response.status_code, status.HTTP_401_UNAUTHORIZED)
+        # delete
+        response = self.client.get(url)
+        # check response
+        self.assertEqual(response.status_code, status.HTTP_401_UNAUTHORIZED)
+
+    def test_auth_user_cannot_access(self):
+        # Authenticate
+        token = get_tokens_for_user(self.user)
+        self.client.credentials(HTTP_AUTHORIZATION=f"Bearer {token['access']}")
+
+        instance = self.factory()
+        url = f"{self.endpoint}{instance.id}/"
+        # GET
+        response = self.client.get(self.endpoint)
+        # check response
+        self.assertEqual(response.status_code, status.HTTP_403_FORBIDDEN)
+        # POST
+        response = self.client.post(self.endpoint, data={})
+        # check response
+        self.assertEqual(response.status_code, status.HTTP_403_FORBIDDEN)
+        # PUT
+        response = self.client.get(url, data={})
+        # check response
+        self.assertEqual(response.status_code, status.HTTP_403_FORBIDDEN)
+        # delete
+        response = self.client.get(url)
+        # check response
+        self.assertEqual(response.status_code, status.HTTP_403_FORBIDDEN)
+
+    def test_admin_user_can_list(self):
+        # make user site amdin
+        self.user.role = 'SITE_ADMIN'
+        self.user.save()
+
+        # Authenticate
+        token = get_tokens_for_user(self.user)
+        self.client.credentials(HTTP_AUTHORIZATION=f"Bearer {token['access']}")
+
+        # create instances
+        instance = [self.factory() for i in range(random.randint(1,5))]
+        # query endpoint
+        response = self.client.get(self.endpoint)
+
+        # assertions
+        self.assertEquals(response.status_code, 200)
+        payload = response.json()
+        self.assertEquals(len(instance), len(payload))
+
+    def test_admin_user_can_get_details(self):
+        # make user site amdin
+        self.user.role = 'SITE_ADMIN'
+        self.user.save()
+
+        # Authenticate
+        token = get_tokens_for_user(self.user)
+        self.client.credentials(HTTP_AUTHORIZATION=f"Bearer {token['access']}")
+
+        # create instances
+        instance = self.factory()
+        url = f"{self.endpoint}{instance.id}/"
+        # query endpoint
+        response = self.client.get(url)
+
+        # assertions
+        self.assertEquals(response.status_code, 200)
+        payload = response.json()
+        self.assertEquals(instance.id, payload['id'])
+
+    def test_admin_can_create_instance(self):
+        # make user site amdin
+        self.user.role = 'SITE_ADMIN'
+        self.user.save()
+
+        # Authenticate
+        token = get_tokens_for_user(self.user)
+        self.client.credentials(HTTP_AUTHORIZATION=f"Bearer {token['access']}")
+
+        # create instances
+        data = {
+            'name': 'test_product_name',
+        }
+        # query endpoint
+        response = self.client.post(self.endpoint, data=data)
+
+        # assertions
+        self.assertEquals(response.status_code, 201)
+        payload = response.json()
+        self.assertEquals(data['name'], payload['name'])
+
+    def test_admin_can_update_instance(self):
+        # make user site amdin
+        self.user.role = 'SITE_ADMIN'
+        self.user.save()
+
+        # Authenticate
+        token = get_tokens_for_user(self.user)
+        self.client.credentials(HTTP_AUTHORIZATION=f"Bearer {token['access']}")
+
+        # create instance
+        instance = self.factory()
+        url = f"{self.endpoint}{instance.id}/"
+
+        # data
+        data = {
+            'name': 'test_product_name',
+        }
+        # query endpoint
+        response = self.client.put(url, data=data)
+
+        # assertions
+        self.assertEquals(response.status_code, 200)
+        payload = response.json()
+        self.assertEquals(data['name'], payload['name'])
+
+    def test_admin_can_delete_instance(self):
+        # make user site amdin
+        self.user.role = 'SITE_ADMIN'
+        self.user.save()
+
+        # Authenticate
+        token = get_tokens_for_user(self.user)
+        self.client.credentials(HTTP_AUTHORIZATION=f"Bearer {token['access']}")
+
+        # create instance
+        instance = self.factory()
+        url = f"{self.endpoint}{instance.id}/"
+
+        # query endpoint
+        response = self.client.delete(url)
+
+        # assertions
+        self.assertEquals(response.status_code, 204)
+
+
 class FindRelatedProductsTest(APITestCase):

    def setUp(self):