first stab at admin_stats endpoint

2021-03-12 11:10:51 +00:00
parent 341ea2d54d
commit 7a2e80b43e
3 changed files with 110 additions and 2 deletions
--- a/core/tests.py
+++ b/core/tests.py
@@ -635,3 +635,86 @@ class CreateCompanyUserTest(APITestCase):
        self.assertEquals(response.status_code, 406)
        self.assertEquals(len(mail.outbox), 0)

+
+class AdminStatsTest(APITestCase):
+
+    def setUp(self):
+        self.endpoint = '/api/v1/admin_stats/'
+        self.factory = factories.CustomUserFactory
+        self.model = models.CustomUser
+        # create user
+        self.email = "user@mail.com"
+        self.password = ''.join(random.choices(string.ascii_uppercase, k = 10))
+        self.user = self.factory(email=self.email, is_active=True)
+        self.user.set_password(self.password)
+        self.user.save()
+
+    # anonymous user
+    def test_anon_user_cannot_crud(self):
+        """Not logged-in user cannot access endpoint at all
+        """
+
+        # Query endpoint
+        response = self.client.get(self.endpoint)
+        # Assert access is forbidden
+        self.assertEqual(response.status_code, status.HTTP_401_UNAUTHORIZED)
+
+        # Query endpoint
+        response = self.client.post(self.endpoint, data={})
+        # Assert access is forbidden
+        self.assertEqual(response.status_code, status.HTTP_401_UNAUTHORIZED)
+
+        # Query endpoint
+        response = self.client.put(self.endpoint, data={})
+        # Assert access is forbidden
+        self.assertEqual(response.status_code, status.HTTP_401_UNAUTHORIZED)
+
+        # Query endpoint
+        response = self.client.delete(self.endpoint)
+        # Assert access is forbidden
+        self.assertEqual(response.status_code, status.HTTP_401_UNAUTHORIZED)
+
+    # authenticated user
+    def test_auth_user_cannot_crud(self):
+        """Authenticated user cannot access endpoint at all
+        """
+        # Authenticate user
+        token = get_tokens_for_user(self.user)
+        self.client.credentials(HTTP_AUTHORIZATION=f"Bearer {token['access']}")
+
+        # Query endpoint
+        response = self.client.get(self.endpoint)
+        # Assert access is forbidden
+        self.assertEqual(response.status_code, status.HTTP_403_FORBIDDEN)
+
+        # Query endpoint
+        response = self.client.post(self.endpoint, data={})
+        # Assert access is forbidden
+        self.assertEqual(response.status_code, status.HTTP_403_FORBIDDEN)
+
+        # Query endpoint
+        response = self.client.put(self.endpoint, data={})
+        # Assert access is forbidden
+        self.assertEqual(response.status_code, status.HTTP_403_FORBIDDEN)
+
+        # Query endpoint
+        response = self.client.delete(self.endpoint)
+        # Assert access is forbidden
+        self.assertEqual(response.status_code, status.HTTP_403_FORBIDDEN)
+
+    def test_admin_can_get_data(self):
+        # make user admin
+        self.user.is_staff = True
+        self.user.save()
+
+        # Authenticate
+        token = get_tokens_for_user(self.user)
+        self.client.credentials(HTTP_AUTHORIZATION=f"Bearer {token['access']}")
+
+        response = self.client.get(self.endpoint)
+        self.assertEquals(response.status_code, 200)
+        payload = response.json()
+        expected_entries = ['company_count', 'product_count', 'companies_per_region', 'products_per_region']
+        for name in expected_entries:
+            self.assertTrue(name in payload)
+