Skip to content
Snippets Groups Projects
Commit d49ebb95 authored by Haakon Gunleiksrud's avatar Haakon Gunleiksrud
Browse files

get coverage package and the rest of tests for permissions.py to get 100 percent test coverage

parent 73c6b9c5
No related branches found
No related tags found
3 merge requests!15Dev,!10Dev,!9Fr5 bb testing
Hide whitespace changes
Inline Side-by-side
backend/secfit/.coverage 0 → 100644
+ 0
0
View file @ d49ebb95
File added
backend/secfit/workouts/tests.py
+ 214
15
View file @ d49ebb95
......@@ -31,14 +31,9 @@ class IsOwnerTestCase(TestCase):
self.client_2 = APIClient()
def test_has_object_permission(self):
self.client_1.login(username="Bill", password="secret")
self.client_2.login(username="Alice", password="supersecret")
self.client_1.force_authenticate(user=self.user_1)
self.client_2.force_authenticate(user=self.user_2)
#Disse må kanskje endres når vi setter de inn i CI.
request_1 = self.client_1.get("http://testserver/api/workouts/1/")
request_2 = self.client_2.get("http://testserver/api/workouts/1/")
......@@ -79,13 +74,9 @@ class IsOwnerOfWorkoutTestCase(TestCase):
self.client_2 = APIClient()
def test_has_permission(self):
self.client_1.login(username="Bill", password="secret")
self.client_2.login(username="Alice", password="supersecret")
self.client_1.force_authenticate(user=self.user_1)
self.client_2.force_authenticate(user=self.user_2)
#Disse må kanskje endres når vi setter de inn i CI.
get_request_1 = self.client_1.get("http://testserver/api/workouts/1/")
get_request_2 = self.client_2.get("http://testserver/api/workouts/1/")
post_request_1 = self.client_1.post("http://testserver/api/workouts/",{\
......@@ -112,13 +103,9 @@ class IsOwnerOfWorkoutTestCase(TestCase):
self.assertTrue(IsOwnerOfWorkout.has_permission(self,post_request_1,None))
def test_has_object_permission(self):
self.client_1.login(username="Bill", password="secret")
self.client_2.login(username="Alice", password="supersecret")
self.client_1.force_authenticate(user=self.user_1)
self.client_2.force_authenticate(user=self.user_2)
#Disse må kanskje endres når vi setter de inn i CI.
request_1 = self.client_1.get("http://testserver/api/workouts/1/")
request_2 = self.client_2.get("http://testserver/api/workouts/1/")
......@@ -145,10 +132,222 @@ class IsOwnerOfWorkoutTestCase(TestCase):
class IsCoachAndVisibleToCoachTestCase(TestCase):
def setUp(self):
pass
User.objects.create(id="1",username="Bill",password="secret")
User.objects.create(id="2",username="Alice",password="supersecret")
self.user_1 = User.objects.get(id="1")
self.user_2 = User.objects.get(id="2")
#Sets up Bill to be Alice's coach but not Allice to be Bill's coach
self.user_2.coach = self.user_1
Workout.objects.create(id="1",name="Bill's workout",date=timezone.now(),owner=self.user_1,visibility="CO")
Workout.objects.create(id="2",name="Allice's workout",date=timezone.now(),owner=self.user_2,visibility="CO")
self.workout_1 = Workout.objects.get(name="Bill's workout")
self.workout_2 = Workout.objects.get(name="Allice's workout")
self.workout_2.owner.coach = self.user_1
Workout.objects.create(id="3",name="Bill's public workout",date=timezone.now(),owner=self.user_1,visibility="PU")
Workout.objects.create(id="4",name="Allice's public workout",date=timezone.now(),owner=self.user_2,visibility="PU")
self.workout_3 = Workout.objects.get(name="Bill's public workout")
self.workout_4 = Workout.objects.get(name="Allice's public workout")
self.client_1 = APIClient()
self.client_2 = APIClient()
def test_has_object_permission(self):
self.client_1.force_authenticate(user=self.user_1)
self.client_2.force_authenticate(user=self.user_2)
request_1 = self.client_1.get("http://testserver/api/workouts/2/")
request_2 = self.client_2.get("http://testserver/api/workouts/1/")
request_3 = self.client_1.get("http://testserver/api/workouts/4/")
request_4 = self.client_2.get("http://testserver/api/workouts/3/")
request_1.user = self.user_1
request_2.user = self.user_2
request_3.user = self.user_1
request_4.user = self.user_2
#Bill, who is Allice's coach and sends request 1 for workout 2 (Alice's workout) should receive access
self.assertTrue(IsCoachAndVisibleToCoach.has_object_permission(self,request_1,None,self.workout_2))
#Allice should not be able to see Bill's workout since she is not Bill's coach
self.assertFalse(IsCoachAndVisibleToCoach.has_object_permission(self,request_2,None,self.workout_1))
#Both of the public workouts should be available
self.assertEqual(request_3.status_code,200)
self.assertEqual(request_4.status_code,200)
def tearDown(self):
return super().tearDown()
class IsCoachOfOwrkoutAndVisibleToCoachTestCase(TestCase):
def setUp(self):
User.objects.create(id="1",username="Bill",password="secret")
User.objects.create(id="2",username="Alice",password="supersecret")
self.user_1 = User.objects.get(id="1")
self.user_2 = User.objects.get(id="2")
#Sets up Bill to be Alice's coach but not Allice to be Bill's coach
self.user_2.coach = self.user_1
Workout.objects.create(id="1",name="Bill's workout",date=timezone.now(),owner=self.user_1,visibility="CO")
Workout.objects.create(id="2",name="Allice's workout",date=timezone.now(),owner=self.user_2,visibility="CO")
self.workout_1 = Workout.objects.get(name="Bill's workout")
self.workout_2 = Workout.objects.get(name="Allice's workout")
self.workout_2.owner.coach = self.user_1
self.client_1 = APIClient()
self.client_2 = APIClient()
def test_has_object_permission(self):
self.client_1.force_authenticate(user=self.user_1)
self.client_2.force_authenticate(user=self.user_2)
request_1 = self.client_1.get("http://testserver/api/workouts/2/")
request_2 = self.client_2.get("http://testserver/api/workouts/1/")
request_3 = self.client_1.get("http://testserver/api/workouts/4/")
request_4 = self.client_2.get("http://testserver/api/workouts/3/")
request_1.user = self.user_1
request_2.user = self.user_2
class WorkOutClass:
def __init__(self,workout):
self.workout = workout
workout_obj_1 = WorkOutClass(self.workout_1)
workout_obj_2 = WorkOutClass(self.workout_2)
#Bill, who is Allice's coach and sends request 1 for workout 2 (Alice's workout) should receive access
self.assertTrue(IsCoachOfWorkoutAndVisibleToCoach.has_object_permission(self,request_1,None,workout_obj_2))
#Allice should not be able to see Bill's workout since she is not Bill's coach
self.assertFalse(IsCoachOfWorkoutAndVisibleToCoach.has_object_permission(self,request_2,None,workout_obj_1))
def tearDown(self):
return super().tearDown()
class IsPublicTestCase(TestCase):
def setUp(self):
User.objects.create(id="1",username="Bill",password="secret")
self.user_1 = User.objects.get(id="1")
Workout.objects.create(id="1",name="Bill's public workout",date=timezone.now(),owner=self.user_1,visibility="PU")
Workout.objects.create(id="2",name="Bill's workout",date=timezone.now(),owner=self.user_1,visibility="CO")
Workout.objects.create(id="3",name="Bill's private workout",date=timezone.now(),owner=self.user_1,visibility="PR")
self.workout_1 = Workout.objects.get(name="Bill's public workout")
self.workout_2 = Workout.objects.get(name="Bill's workout")
self.workout_3 = Workout.objects.get(name="Bill's private workout")
self.client_1 = APIClient()
def test_has_object_permission(self):
self.client_1.force_authenticate(user=self.user_1)
request_1 = self.client_1.get("http://testserver/api/workouts/1/")
request_2 = self.client_1.get("http://testserver/api/workouts/2/")
request_3 = self.client_1.get("http://testserver/api/workouts/2/")
request_1.user = self.user_1
request_2.user = self.user_1
request_3.user = self.user_1
#Bill, who is Allice's coach and sends request 1 for workout 2 (Alice's workout) should receive access
self.assertTrue(IsPublic.has_object_permission(self,request_1,None,self.workout_1))
self.assertFalse(IsPublic.has_object_permission(self,request_2,None,self.workout_2))
self.assertFalse(IsPublic.has_object_permission(self,request_3,None,self.workout_3))
def tearDown(self):
return super().tearDown()
class IsWorkoutPublicTestCase(TestCase):
def setUp(self):
User.objects.create(id="1",username="Bill",password="secret")
self.user_1 = User.objects.get(id="1")
Workout.objects.create(id="1",name="Bill's workout",date=timezone.now(),owner=self.user_1,visibility="PU")
Workout.objects.create(id="2",name="Bill's public workout",date=timezone.now(),owner=self.user_1,visibility="CO")
Workout.objects.create(id="3",name="Bill's private workout",date=timezone.now(),owner=self.user_1,visibility="PR")
self.workout_1 = Workout.objects.get(name="Bill's workout")
self.workout_2 = Workout.objects.get(name="Bill's public workout")
self.workout_3 = Workout.objects.get(name="Bill's private workout")
self.client_1 = APIClient()
def test_has_object_permission(self):
self.client_1.force_authenticate(user=self.user_1)
request_1 = self.client_1.get("http://testserver/api/workouts/1/")
request_2 = self.client_1.get("http://testserver/api/workouts/2/")
request_3 = self.client_1.get("http://testserver/api/workouts/2/")
request_1.user = self.user_1
request_2.user = self.user_1
request_3.user = self.user_1
class WorkOutClass:
def __init__(self,workout):
self.workout = workout
workout_obj_1 = WorkOutClass(self.workout_1)
workout_obj_2 = WorkOutClass(self.workout_2)
workout_obj_3 = WorkOutClass(self.workout_3)
#The first
self.assertTrue(IsWorkoutPublic.has_object_permission(self,request_1,None,workout_obj_1))
self.assertFalse(IsWorkoutPublic.has_object_permission(self,request_2,None,workout_obj_2))
self.assertFalse(IsWorkoutPublic.has_object_permission(self,request_3,None,workout_obj_3))
def tearDown(self):
return super().tearDown()
class IsReadOnlyTestCase(TestCase):
def setUp(self):
User.objects.create(id="1",username="Bill",password="secret")
self.user_1 = User.objects.get(id="1")
Workout.objects.create(id="1",name="Bill's public workout",date=timezone.now(),owner=self.user_1,visibility="PU")
self.workout_1 = Workout.objects.get(name="Bill's public workout")
self.client_1 = APIClient()
def test_has_object_permission(self):
pass
self.client_1.force_authenticate(user=self.user_1)
get_request = self.client_1.get("http://testserver/api/workouts/1/")
head_request = self.client_1.head("http://testserver/api/workouts/1/")
options_request = self.client_1.options("http://testserver/api/workouts/1/")
put_request = self.client_1.post("http://testserver/api/workouts/",{\
'name':'myeditedworkout', 'date':timezone.now(), 'notes':'QWERTY', 'exercise_instances':[], 'visbility':'PR'},format='json')
post_request = self.client_1.post("http://testserver/api/workouts/",{\
'name':'myworkout', 'date':timezone.now(), 'notes':'qwerty', 'exercise_instances':[], 'visbility':'PR'},format='json')
delete_request = self.client_1.delete("http://testserver/api/workouts/2/")
get_request.method = get_request.request.get("REQUEST_METHOD")
head_request.method = head_request.request.get("REQUEST_METHOD")
options_request.method = options_request.request.get("REQUEST_METHOD")
put_request.method = put_request.request.get("REQUEST_METHOD")
post_request.method = post_request.request.get("REQUEST_METHOD")
delete_request.method = delete_request.request.get("REQUEST_METHOD")
#Checks that GET, HEAD and OPTIONS requests return true.
self.assertTrue(IsReadOnly.has_object_permission(self,get_request,None,None))
self.assertTrue(IsReadOnly.has_object_permission(self,head_request,None,None))
self.assertTrue(IsReadOnly.has_object_permission(self,options_request,None,None))
#Checks that PUT, POST and DELETE requests fail this permission
self.assertFalse(IsReadOnly.has_object_permission(self,put_request,None,None))
self.assertFalse(IsReadOnly.has_object_permission(self,post_request,None,None))
self.assertFalse(IsReadOnly.has_object_permission(self,delete_request,None,None))
def tearDown(self):
return super().tearDown()
\ No newline at end of file
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment