added user-specific endpoints

2021-02-04 10:14:28 +00:00
parent ea8cd97baf
commit 77acc668b8
7 changed files with 145 additions and 9 deletions
--- a/products/tests.py
+++ b/products/tests.py
@@ -368,3 +368,37 @@ class ProductSearchTest(TestCase):
        # check for object creation
        self.assertEquals(5, self.model.objects.count())

+
+class MyProductsViewTest(APITestCase):
+    """my_products tests
+    """
+
+    def setUp(self):
+        """Tests setup
+        """
+        self.endpoint = '/api/v1/my_products/'
+        self.factory = ProductFactory
+        self.model = Product
+        # create user
+        self.email = f"user@mail.com"
+        self.password = ''.join(random.choices(string.ascii_uppercase, k = 10))
+        self.user = CustomUserFactory(email=self.email, is_active=True)
+        self.user.set_password(self.password)
+        self.user.save()
+
+    def test_auth_user_gets_data(self):
+        # Authenticate
+        token = get_tokens_for_user(self.user)
+        self.client.credentials(HTTP_AUTHORIZATION=f"Bearer {token['access']}")
+
+        # Query endpoint
+        response = self.client.get(self.endpoint)
+        # Assert forbidden code
+        self.assertEqual(response.status_code, status.HTTP_200_OK)
+
+    def test_anon_user_cannot_access(self):
+        # send in request
+        response = self.client.get(self.endpoint)
+
+        # check response
+        self.assertEqual(response.status_code, status.HTTP_401_UNAUTHORIZED)
--- a/products/views.py
+++ b/products/views.py
@@ -3,11 +3,12 @@ import csv

 from django.shortcuts import render
 from django.conf import settings
+from django.core import serializers

 # Create your views here.
 from rest_framework import viewsets
 from rest_framework.response import Response
-from rest_framework.permissions import IsAuthenticatedOrReadOnly, IsAdminUser
+from rest_framework.permissions import IsAuthenticatedOrReadOnly, IsAdminUser, IsAuthenticated
 from rest_framework.decorators import api_view, permission_classes

 import requests
@@ -33,6 +34,14 @@ class ProductViewSet(viewsets.ModelViewSet):
      permission_classes = [IsAuthenticatedOrReadOnly, IsCreator]


+@api_view(['GET',])
+@permission_classes([IsAuthenticated,])
+def my_products(request):
+      qs = Product.objects.filter(creator=request.user)
+      data = serializers.serialize('json', qs)
+      return Response(data=data)
+
+
@api_view(['POST',])
@permission_classes([IsAdminUser,])
 def load_coop_products(request):