improvement to custom user endpoint

2021-01-25 12:28:46 +00:00
parent f94d822d5e
commit c3c9f54c54
4 changed files with 35 additions and 5 deletions
--- a/back_latienda/permissions.py
+++ b/back_latienda/permissions.py
@@ -31,6 +31,24 @@ class IsStaff(permissions.BasePermission):
                return True
        return False

+
 class ReadOnly(permissions.BasePermission):
    def has_permission(self, request, view):
        return request.method in permissions.SAFE_METHODS
+
+
+class CustomUserPermissions(permissions.BasePermission):
+    """
+    Custom permissions for managing custom user instances
+    """
+    def has_permission(self, request, view):
+        # allow anon users to create new CustomUser (inactive)
+        if request.method == 'POST' and request.user.is_anonymous is True:
+            return True
+
+        # only admins can change or delete
+        if request.user.is_staff is True:
+            return True
+
+        # for everything else
+        return False
--- a/core/management/commands/addgeo.py
+++ b/core/management/commands/addgeo.py
@@ -79,7 +79,6 @@ class Command(BaseCommand):
                logging.info(f"Creating Province instance {location['fields']['name']}...")
                name = location['fields']['name']
                # get parent region
-                # import ipdb; ipdb.set_trace()
                parent_region = Region.objects.get(id=location['fields']['region'])
                Province.objects.create(name=name, region=parent_region, id=location['pk'])
                province_counter += 1
--- a/core/tests.py
+++ b/core/tests.py
@@ -1,5 +1,6 @@
 import random
 import string
+import json

 from django.test import TestCase

@@ -36,11 +37,21 @@ class CustomUserViewSetTest(APITestCase):
        """Not logged-in user can create new instance of User but it's inactive
            TODO: should create inactive user
        """
+        data = {
+            'email': 'test@email.com',
+            'full_name': 'TEST NAME',
+            'password1': 'VENTILADORES1234499.89',
+            'password2': 'VENTILADORES1234499.89',
+        }

        # Query endpoint
-        response = self.client.post(self.endpoint, data={})
-        # Assert access is forbidden
-        self.assertEqual(response.status_code, status.HTTP_401_UNAUTHORIZED)
+        response = self.client.post(self.endpoint, data=data)
+
+        # Assert creation is successful
+        self.assertEqual(response.status_code, status.HTTP_201_CREATED)
+        # assert instance is inactive
+        info = json.loads(response.content)
+        self.assertFalse(info['is_active'])

    def test_anon_user_cannot_modify_existing_instance(self):
        """Not logged-in user cannot modify existing instance
--- a/core/views.py
+++ b/core/views.py
@@ -8,6 +8,8 @@ from rest_framework.permissions import IsAdminUser

 from . import models
 from . import serializers
+
+from back_latienda.permissions import CustomUserPermissions
 # Create your views here.

 class CustomUserViewSet(viewsets.ModelViewSet):
@@ -16,4 +18,4 @@ class CustomUserViewSet(viewsets.ModelViewSet):
    serializer_class = serializers.CustomUserSerializer
    model_name = 'custom_user'
    queryset = models.CustomUser.objects.all()
-    permission_classes = [IsAdminUser,]
+    permission_classes = [CustomUserPermissions,]