consumocuidado-server/products/tests.py

import random
import string
import json
import datetime

from django.utils import timezone

from rest_framework.test import APITestCase
from rest_framework import status

from products.factories import ProductFactory
from products.models import Product

from core.factories import CustomUserFactory
from core.utils import get_tokens_for_user


# Create your tests here.
class ProductViewSetTest(APITestCase):
    """ProductViewSet tests
    """

    def setUp(self):
        """Tests setup
        """
        self.endpoint = '/api/v1/products/'
        self.factory = ProductFactory
        self.model = Product
        # create user
        self.password = ''.join(random.choices(string.ascii_uppercase, k = 10))
        self.user = CustomUserFactory(password=self.password)

    # anon user
    def test_anon_user_cannot_create_instance(self):
        """Not logged-in user cannot create new instance
        """
        instances = [self.factory() for n in range(random.randint(1,5))]

        # Query endpoint
        response = self.client.post(self.endpoint, data={})
        # Assert access is forbidden
        self.assertEqual(response.status_code, status.HTTP_401_UNAUTHORIZED)

    def test_anon_user_cannot_modify_existing_instance(self):
        """Not logged-in user cannot modify existing instance
        """
        # Create instance
        instance = self.factory()

        # Query endpoint
        url = self.endpoint + f'{instance.pk}/'
        response = self.client.put(url, {}, format='json')

        # Assert forbidden code
        self.assertEqual(response.status_code, status.HTTP_401_UNAUTHORIZED)

    def test_anon_user_cannot_delete_existing_instance(self):
        """Not logged-in user cannot delete existing instance
        """
        # Create instances
        instance = self.factory()

        # Query endpoint
        url = self.endpoint + f'{instance.pk}/'
        response = self.client.delete(url)

        self.assertEqual(response.status_code, status.HTTP_401_UNAUTHORIZED)
        # Assert instance still exists on db
        self.assertTrue(self.model.objects.get(id=instance.pk))

    def test_anon_user_can_list_instance(self):
        """Not logged-in user can list instance
        """
        # Request list
        response = self.client.get(self.endpoint)

        # Assert access is forbidden
        self.assertEqual(response.status_code, status.HTTP_200_OK)

    # authenticated user
    def test_auth_user_can_list_instance(self):
        """Regular logged-in user can list instance
        """
        # Create instances
        instances = [self.factory() for n in range(random.randint(1,5))]

        # Authenticate user
        token = get_tokens_for_user(self.user)
        self.client.credentials(HTTP_AUTHORIZATION=f"Bearer {token['access']}")

        # Request list
        response = self.client.get(self.endpoint)

        # Assert access is allowed
        self.assertEqual(response.status_code, status.HTTP_200_OK)

        # Assert all instances are returned
        self.assertEqual(len(instances), len(response.data))

    def test_auth_user_can_create_instance(self):
        """Regular logged-in user can create new instance
        """
        # Define request data
        data = {
            'company': None,
            'sku': 'qwerewq',
            'name': 'qwerewq',
            'description': 'qwerewq',
            'image': None,
            'url': 'http://qwerewq.com',
            'price': '12.21',
            'shipping_cost': '21.12',
            'shipping_terms': 'qwerewq',
            'source': 'SYNCHRONIZED',
            'sourcing_date': datetime.datetime.now().isoformat()+'Z',
            'update_date': datetime.datetime.now().isoformat()+'Z',
            'discount': '0.05',
            'stock': 22,
            'tags': ['tag1, tag2'],
            # 'category': 'MayorTagCategory',
            'attributes': ['color/red', 'size/xxl'],
            'identifiers': '34rf34f43c43',
        }

        # Authenticate user
        token = get_tokens_for_user(self.user)
        self.client.credentials(HTTP_AUTHORIZATION=f"Bearer {token['access']}")

        # Query endpoint
        response = self.client.post(self.endpoint, data=data, format='json')
        import ipdb; ipdb.set_trace()

        # Assert endpoint returns created status
        self.assertEqual(response.status_code, status.HTTP_201_CREATED)

        # Assert instance exists on db
        self.assertTrue(self.model.objects.get(id=response.data['id']))

    def test_auth_user_can_modify_own_instance(self):
        """Regular logged-in user can modify existing instance
        """
        # Create instances
        instance = self.factory()
        # make our user the creator
        instance.creator = self.user
        instance.save()

        # Define request data
        data = {
            'company': None,
            'sku': 'qwerewq',
            'name': 'qwerewq',
            'description': 'qwerewq',
            'image': None,
            'url': 'http://qwerewq.com',
            'price': '12.21',
            'shipping_cost': '21.12',
            'shipping_terms': 'qwerewq',
            'source': 'SYNCHRONIZED',
            'sourcing_date': datetime.datetime.now().isoformat()+'Z',
            'update_date': datetime.datetime.now().isoformat()+'Z',
            'discount': '0.05',
            'stock': 22,
            'tags': ['tag1x, tag2x'],
            'category': 'MayorTagCategory2',
            'attributes': ['color/blue', 'size/m'],
            'identifiers': '34rf34f43c43',
        }

        # Authenticate user
        token = get_tokens_for_user(self.user)
        self.client.credentials(HTTP_AUTHORIZATION=f"Bearer {token['access']}")

        # Query endpoint
        url = self.endpoint + f'{instance.pk}/'
        response = self.client.put(url, data, format='json')

        # Assert endpoint returns OK code
        self.assertEqual(response.status_code, status.HTTP_200_OK)

        # Assert instance has been modified
        for key in data:
            self.assertEqual(data[key], response.data[key])

    def test_auth_user_cannot_modify_other_users_instance(self):
        """Regular logged-in user cannot modify other user's instance
        """
        # Create instances
        instance = self.factory()

        # Authenticate user
        token = get_tokens_for_user(self.user)
        self.client.credentials(HTTP_AUTHORIZATION=f"Bearer {token['access']}")

        # Query endpoint
        url = self.endpoint + f'{instance.pk}/'
        response = self.client.put(url, data={}, format='json')

        # Assert endpoint returns OK code
        self.assertEqual(response.status_code, status.HTTP_403_FORBIDDEN)

    def test_auth_user_cannot_delete_other_users_instance(self):
        """Regular logged-in user cannot delete other user's instance
        """
        # Create instances
        instance = self.factory()

        # Authenticate user
        token = get_tokens_for_user(self.user)
        self.client.credentials(HTTP_AUTHORIZATION=f"Bearer {token['access']}")

        # Query endpoint
        url = self.endpoint + f'{instance.pk}/'
        response = self.client.delete(url, format='json')

        # Assert endpoint returns OK code
        self.assertEqual(response.status_code, status.HTTP_403_FORBIDDEN)

    def test_auth_user_can_delete_own_instance(self):
        """Regular logged-in user can delete existing instance
        """
        # Create instances
        instance = self.factory()
        # make our user the creator
        instance.creator = self.user
        instance.save()

        # Authenticate user
        token = get_tokens_for_user(self.user)
        self.client.credentials(HTTP_AUTHORIZATION=f"Bearer {token['access']}")

        # Query endpoint
        url = self.endpoint + f'{instance.pk}/'
        response = self.client.delete(url)

        # assert 204 no content
        self.assertEqual(response.status_code, status.HTTP_204_NO_CONTENT)
        # Assert instance doesn't exists anymore on db
        self.assertFalse(self.model.objects.filter(id=instance.pk).exists())