From c3c9f54c54bdcb6f9ea1622db1eb825238118fce Mon Sep 17 00:00:00 2001 From: Sam Date: Mon, 25 Jan 2021 12:28:46 +0000 Subject: [PATCH] improvement to custom user endpoint --- back_latienda/permissions.py | 18 ++++++++++++++++++ core/management/commands/addgeo.py | 1 - core/tests.py | 17 ++++++++++++++--- core/views.py | 4 +++- 4 files changed, 35 insertions(+), 5 deletions(-) diff --git a/back_latienda/permissions.py b/back_latienda/permissions.py index ccc4bcd..095d56e 100644 --- a/back_latienda/permissions.py +++ b/back_latienda/permissions.py @@ -31,6 +31,24 @@ class IsStaff(permissions.BasePermission): return True return False + class ReadOnly(permissions.BasePermission): def has_permission(self, request, view): return request.method in permissions.SAFE_METHODS + + +class CustomUserPermissions(permissions.BasePermission): + """ + Custom permissions for managing custom user instances + """ + def has_permission(self, request, view): + # allow anon users to create new CustomUser (inactive) + if request.method == 'POST' and request.user.is_anonymous is True: + return True + + # only admins can change or delete + if request.user.is_staff is True: + return True + + # for everything else + return False diff --git a/core/management/commands/addgeo.py b/core/management/commands/addgeo.py index 2e02848..6d47e05 100644 --- a/core/management/commands/addgeo.py +++ b/core/management/commands/addgeo.py @@ -79,7 +79,6 @@ class Command(BaseCommand): logging.info(f"Creating Province instance {location['fields']['name']}...") name = location['fields']['name'] # get parent region - # import ipdb; ipdb.set_trace() parent_region = Region.objects.get(id=location['fields']['region']) Province.objects.create(name=name, region=parent_region, id=location['pk']) province_counter += 1 diff --git a/core/tests.py b/core/tests.py index df75fa2..6765222 100644 --- a/core/tests.py +++ b/core/tests.py @@ -1,5 +1,6 @@ import random import string +import json from django.test import TestCase @@ -36,11 +37,21 @@ class CustomUserViewSetTest(APITestCase): """Not logged-in user can create new instance of User but it's inactive TODO: should create inactive user """ + data = { + 'email': 'test@email.com', + 'full_name': 'TEST NAME', + 'password1': 'VENTILADORES1234499.89', + 'password2': 'VENTILADORES1234499.89', + } # Query endpoint - response = self.client.post(self.endpoint, data={}) - # Assert access is forbidden - self.assertEqual(response.status_code, status.HTTP_401_UNAUTHORIZED) + response = self.client.post(self.endpoint, data=data) + + # Assert creation is successful + self.assertEqual(response.status_code, status.HTTP_201_CREATED) + # assert instance is inactive + info = json.loads(response.content) + self.assertFalse(info['is_active']) def test_anon_user_cannot_modify_existing_instance(self): """Not logged-in user cannot modify existing instance diff --git a/core/views.py b/core/views.py index eecd151..3588a04 100644 --- a/core/views.py +++ b/core/views.py @@ -8,6 +8,8 @@ from rest_framework.permissions import IsAdminUser from . import models from . import serializers + +from back_latienda.permissions import CustomUserPermissions # Create your views here. class CustomUserViewSet(viewsets.ModelViewSet): @@ -16,4 +18,4 @@ class CustomUserViewSet(viewsets.ModelViewSet): serializer_class = serializers.CustomUserSerializer model_name = 'custom_user' queryset = models.CustomUser.objects.all() - permission_classes = [IsAdminUser,] + permission_classes = [CustomUserPermissions,]