get statement coverage for the first class in permissions.py

b5dab063 · Haakon Gunleiksrud · ec8d745f · b5dab063
Commit b5dab063 authored 4 years ago by Haakon Gunleiksrud
--- a/backend/secfit/workouts/tests.py
+++ b/backend/secfit/workouts/tests.py
@@ -4,9 +4,10 @@ Tests for the workouts application.
 from django.test import TestCase
 from workouts.models import Workout
 from users.models import User
-from rest_framework.test import RequestsClient
+from rest_framework.test import APIClient
 from requests.auth import HTTPBasicAuth
 import requests
+import json

 # Create your tests here.
 """
@@ -19,33 +20,34 @@ class IsOwnerTestCase(TestCase):
        User.objects.create(id="2",username="Alice",password="supersecret")
        Workout.objects.create(id="1",name="workout",date="2021-02-23 14:00",owner_id="1")

+        self.user_1 = User.objects.get(id="1")
+        self.user_2 = User.objects.get(id="2")
+        self.workout = Workout.objects.get(name="workout")
+
+        self.client_1 = APIClient()
+        self.client_2 = APIClient()
+
    def test_has_object_permission(self):
-        user_1 = User.objects.get(id="1")
-        user_2 = User.objects.get(id="2")
-        workout = Workout.objects.get(name="workout")
-
-        client_1 = RequestsClient()
-        #client_1.auth = HTTPBasicAuth('user', 'pass')
-        #print("client_1.headers:\n\n",client_1.headers,"\n\n")
-        #client_1.headers.update({'Cookie': 'access=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJ0b2tlbl90eXBlIjoiYWNjZXNzIiwiZXhwIjoxNjE0MzI3ODA4LCJqdGkiOiI2N2JmNzQ5YjQ1ZWY0Njg1YTM4MTc1MDMwZTZiNTNiMSIsInVzZXJfaWQiOjJ9.I7hOEFPqmWSgCa7CMa5INmeUhAuerIpBD3ps4WBykZ0; refresh=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJ0b2tlbl90eXBlIjoicmVmcmVzaCIsImV4cCI6MTYxNDQxMzkwOCwianRpIjoiN2E3ZjQ1ODFhOWQ3NGU4NmE5NWUzYzlhZWIwNTExMWYiLCJ1c2VyX2lkIjoyfQ.FCHh4rKkKr4AhnC_ZGk3dvn3EyJeu7-thhbevD4u9WM'})
-        #client_1.headers.update({'authorization': 'Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJ0b2tlbl90eXBlIjoiYWNjZXNzIiwiZXhwIjoxNjE0MzI3ODA4LCJqdGkiOiI2N2JmNzQ5YjQ1ZWY0Njg1YTM4MTc1MDMwZTZiNTNiMSIsInVzZXJfaWQiOjJ9.I7hOEFPqmWSgCa7CMa5INmeUhAuerIpBD3ps4WBykZ0'})
-        #print("client_1.headers:\n\n",client_1.headers,"\n\n")
-        
-        #client2 = RequestsClient()
-        #client2.login(username="Alice",password="supersecret")
-
-        #Disse må fort endres når vi setter de inn i CI.
-        request_1 = client_1.get("http://testserver/api/workouts/1/", auth=('Bill','secret'))
-        #request2 = client2.get("/api/workouts/1")¨
-        #print(request_1.__dict__)
-
-        #self.assertEqual(user_1.username,client1.)
-        print("request1.status_code:",request_1.status_code)
-        print("request_1:\n\n",request_1.__dict__,"\n\n")
+
+        self.client_1.login(username="Bill", password="secret")
+        self.client_2.login(username="Alice", password="supersecret")
+
+        self.client_1.force_authenticate(user=self.user_1)
+        self.client_2.force_authenticate(user=self.user_2)  
+
+        #Disse må kanskje endres når vi setter de inn i CI.
+        request_1 = self.client_1.get("http://testserver/api/workouts/1/")
+        request_2 = self.client_2.get("http://testserver/api/workouts/1/")
+
+        #Asserting that the owner of the workout (user 1) gets access and that others do not
        self.assertTrue(request_1.status_code == 200) 
-        #self.assertEqual(request_1.client, client_1)
-        self.assertTrue(workout.owner_id == user_1.id)
-        self.assertFalse(workout.owner_id == user_2.id)
-    
+        self.assertTrue(request_2.status_code == 403)
+
+        #Formating the response data
+        response_data_1 = json.loads(json.dumps(request_1.data))
+
+        #Asserting that the owner of the fetched workout is user 1, which created the workout in the setup method.
+        self.assertEqual(response_data_1["owner"], "http://testserver/api/users/"+str(self.user_1.id)+"/")
+        self.assertNotEqual(response_data_1["owner"], "http://testserver/api/users/"+str(self.user_2.id)+"/")