testes and fixes for space, userspace and invitelink apis

2022-06-09 22:02:58 +02:00
parent 30e4ee855c
commit deeed4b65b
8 changed files with 378 additions and 12 deletions
--- a/cookbook/tests/api/test_api_userspace.py
+++ b/cookbook/tests/api/test_api_userspace.py
@ -0,0 +1,113 @@
+import json
+
+import pytest
+from django.contrib import auth
+from django.db.models import OuterRef, Subquery
+from django.urls import reverse
+from django_scopes import scopes_disabled
+
+from cookbook.models import Ingredient, Step
+
+LIST_URL = 'api:userspace-list'
+DETAIL_URL = 'api:userspace-detail'
+
+
+@pytest.mark.parametrize("arg", [
+    ['a_u', 403, 0],
+    ['g1_s1', 200, 1],  # sees only own user space
+    ['u1_s1', 200, 1],
+    ['a1_s1', 200, 3],  # sees user space of all users in space
+    ['a2_s1', 200, 1],
+])
+def test_list_permission(arg, request, space_1, g1_s1, u1_s1, a1_s1):
+    space_1.created_by = auth.get_user(a1_s1)
+    space_1.save()
+
+    c = request.getfixturevalue(arg[0])
+    result = c.get(reverse(LIST_URL))
+    assert result.status_code == arg[1]
+    if arg[1] == 200:
+        assert len(json.loads(result.content)) == arg[2]
+
+
+@pytest.mark.parametrize("arg", [
+    ['a_u', 403],
+    ['g1_s1', 403],
+    ['u1_s1', 403],
+    ['a1_s1', 200],
+    ['g1_s2', 403],
+    ['u1_s2', 403],
+    ['a1_s2', 403],
+])
+def test_update(arg, request, space_1, u1_s1, a1_s1):
+    with scopes_disabled():
+        space_1.created_by = auth.get_user(a1_s1)
+        space_1.save()
+
+        user_space = auth.get_user(u1_s1).userspace_set.first()
+
+        c = request.getfixturevalue(arg[0])
+        r = c.patch(
+            reverse(
+                DETAIL_URL,
+                args={user_space.id}
+            ),
+            {'groups': [{'id': 3, 'name': 'admin'}]},
+            content_type='application/json'
+        )
+        response = json.loads(r.content)
+        assert r.status_code == arg[1]
+        if r.status_code == 200:
+            assert response['groups'] == [{'id': 3, 'name': 'admin'}]
+
+
+def test_update_space_owner(a1_s1, space_1):
+    # space owners cannot modify their own permission so that they can't lock themselves out
+    space_1.created_by = auth.get_user(a1_s1)
+    space_1.save()
+    r = a1_s1.patch(
+        reverse(
+            DETAIL_URL,
+            args={auth.get_user(a1_s1).userspace_set.first().id}
+        ),
+        {'groups': [{'id': 2, 'name': 'user'}]},
+        content_type='application/json'
+    )
+    assert r.status_code == 400
+
+
+@pytest.mark.parametrize("arg", [
+    ['a_u', 403],
+    ['g1_s1', 405],
+    ['u1_s1', 405],
+    ['a1_s1', 405],
+])
+def test_add(arg, request, u1_s1, space_1):
+    c = request.getfixturevalue(arg[0])
+    r = c.post(
+        reverse(LIST_URL),
+        {'user': {'id': auth.get_user(u1_s1).id, 'space': space_1.id}},
+        content_type='application/json'
+    )
+    assert r.status_code == arg[1]
+
+
+def test_delete(u1_s1, u1_s2, a1_s1, space_1):
+    space_1.created_by = auth.get_user(a1_s1)
+    space_1.save()
+
+    r = u1_s1.delete(
+        reverse(
+            DETAIL_URL,
+            args={auth.get_user(u1_s1).userspace_set.first().id}
+        )
+    )
+    assert r.status_code == 403
+
+    r = a1_s1.delete(
+        reverse(
+            DETAIL_URL,
+            args={auth.get_user(u1_s1).userspace_set.first().id}
+        )
+    )
+    assert r.status_code == 204