From ef5771461cc19c6f27a03c5399f1655aea2f20f7 Mon Sep 17 00:00:00 2001 From: Sam Date: Wed, 3 Mar 2021 12:25:54 +0000 Subject: [PATCH] advances in TrackUserViewTest --- stats/tests.py | 43 ++++++++++++++++++++++++++++++++----------- stats/views.py | 28 +++++++++++++++++----------- 2 files changed, 49 insertions(+), 22 deletions(-) diff --git a/stats/tests.py b/stats/tests.py index 2178ddb..5af4e78 100644 --- a/stats/tests.py +++ b/stats/tests.py @@ -7,6 +7,9 @@ from rest_framework import status from core.factories import CustomUserFactory from core.utils import get_tokens_for_user +from products.factories import ProductFactory +from companies.factories import CompanyFactory + from .models import StatsLog from .factories import StatsLogFactory @@ -28,40 +31,58 @@ class TrackUserViewTest(APITestCase): # anon user def test_anon_user_can_only_post(self): - """Not logged-in user cannot create new instance + """Not logged-in user can only POST data """ + # Create instance + product = ProductFactory() + + data = { + 'action': 'VIEW', + 'action_object': { + 'model': 'product', + 'id': product.id, + }, + } + # Query endpoint - response = self.client.get(self.endpoint, data={}) + response = self.client.get(self.endpoint) # Assert access is forbidden - self.assertEqual(response.status_code, status.HTTP_401_UNAUTHORIZED) + self.assertEqual(response.status_code, status.HTTP_405_METHOD_NOT_ALLOWED) # Query endpoint response = self.client.put(self.endpoint, data={}) # Assert access is forbidden - self.assertEqual(response.status_code, status.HTTP_401_UNAUTHORIZED) + self.assertEqual(response.status_code, status.HTTP_405_METHOD_NOT_ALLOWED) # Query endpoint response = self.client.delete(self.endpoint, data={}) # Assert access is forbidden - self.assertEqual(response.status_code, status.HTTP_401_UNAUTHORIZED) + self.assertEqual(response.status_code, status.HTTP_405_METHOD_NOT_ALLOWED) # Query endpoint - response = self.client.post(self.endpoint, data={}) + response = self.client.post(self.endpoint, data=data, format='json') # Assert access is forbidden - self.assertEqual(response.status_code, status.HTTP_401_UNAUTHORIZED) + self.assertEqual(response.status_code, status.HTTP_201_CREATED) def test_anon_user_can_register_product_action(self): """Not logged-in user cannot modify existing instance """ # Create instance - instance = self.factory() + product = ProductFactory() + + data = { + 'action': 'VIEW', + 'action_object': { + 'model': 'product', + 'id': product.id, + }, + } # Query endpoint - url = self.endpoint + f'{instance.pk}/' - response = self.client.put(url, {}, format='json') + response = self.client.post(self.endpoint, data=data, format='json') # Assert forbidden code - self.assertEqual(response.status_code, status.HTTP_401_UNAUTHORIZED) + self.assertEqual(response.status_code, status.HTTP_201_CREATED) def test_anon_user_can_register_company_action(self): """Not logged-in user cannot modify existing instance diff --git a/stats/views.py b/stats/views.py index cd0cf78..0bd9c91 100644 --- a/stats/views.py +++ b/stats/views.py @@ -3,9 +3,10 @@ import logging # Create your views here. from rest_framework import viewsets -from rest_framework.decorators import api_view +from rest_framework.decorators import api_view, permission_classes from rest_framework.response import Response from rest_framework import status +from rest_framework.permissions import AllowAny from ipware import get_client_ip from django.contrib.gis.geoip2 import GeoIP2 @@ -26,13 +27,14 @@ class StatsLogViewSet(viewsets.ModelViewSet): @api_view(['POST']) +@permission_classes([AllowAny,]) def track_user(request): """Track user actions on the site Params: { action: view, - object: { + action_object: { model: name, id: 1, }, @@ -44,21 +46,23 @@ def track_user(request): # geoip stuff client_ip, is_routable = get_client_ip(request) g = GeoIP2() + geo = None + if client_ip != '127.0.0.1': + geo = g.geos(client_ip) # gather instance data instance_data = { - 'action': data.get('action'), - 'user': request.user, + 'action_object': data.get('action_object'), + 'user': None if request.user.is_anonymous else request.user, 'anonymous': request.user.is_anonymous, 'ip_address': client_ip, - 'geo': g.geos(client_ip), - # 'contact' ??? + 'geo': geo, } - if data['object'].get('name') == 'product': - instance_data['action_object'] = Product.objects.get(id=data['object'].get('id')) - elif data['object'].get('name') == 'company': - instance_data['action_object'] = Company.objects.get(id=data['object'].get('id')) + if data['action_object'].get('model') == 'product': + instance_data['action_object'] = Product.objects.get(id=data['action_object'].get('id')) + elif data['action_object'].get('model') == 'company': + instance_data['action_object'] = Company.objects.get(id=data['action_object'].get('id')) if instance_data['action_object'].shop is True: instance_data['shop'] = True @@ -66,5 +70,7 @@ def track_user(request): new_stat = StatsLog.objects.create(**instance_data) return Response(status=status.HTTP_201_CREATED) except Exception as e: + import ipdb; ipdb.set_trace() + logging.error(f"Stats could not be created: {str(e)}") - return Response(f"Process could not be registered: {str(type(e))}") + return Response(f"Process could not be registered: {str(type(e))}", status=status.HTTP_406_NOT_ACCEPTABLE)