TandoorRecipes/cookbook/tests/api/test_api_userspace.py

import json

import pytest
from django.contrib import auth
from django.db.models import OuterRef, Subquery
from django.urls import reverse
from django_scopes import scopes_disabled

from cookbook.models import Ingredient, Step

LIST_URL = 'api:userspace-list'
DETAIL_URL = 'api:userspace-detail'


@pytest.mark.parametrize("arg", [
    ['a_u', 403, 0],
    ['g1_s1', 200, 1],  # sees only own user space
    ['u1_s1', 200, 1],
    ['a1_s1', 200, 3],  # sees user space of all users in space
    ['a2_s1', 200, 1],
])
def test_list_permission(arg, request, space_1, g1_s1, u1_s1, a1_s1):
    space_1.created_by = auth.get_user(a1_s1)
    space_1.save()

    c = request.getfixturevalue(arg[0])
    result = c.get(reverse(LIST_URL))
    assert result.status_code == arg[1]
    if arg[1] == 200:
        assert len(json.loads(result.content)) == arg[2]


@pytest.mark.parametrize("arg", [
    ['a_u', 403],
    ['g1_s1', 403],
    ['u1_s1', 403],
    ['a1_s1', 200],
    ['g1_s2', 403],
    ['u1_s2', 403],
    ['a1_s2', 403],
])
def test_update(arg, request, space_1, u1_s1, a1_s1):
    with scopes_disabled():
        space_1.created_by = auth.get_user(a1_s1)
        space_1.save()

        user_space = auth.get_user(u1_s1).userspace_set.first()

        c = request.getfixturevalue(arg[0])
        r = c.patch(
            reverse(
                DETAIL_URL,
                args={user_space.id}
            ),
            {'groups': [{'id': 3, 'name': 'admin'}]},
            content_type='application/json'
        )
        response = json.loads(r.content)
        assert r.status_code == arg[1]
        if r.status_code == 200:
            assert response['groups'] == [{'id': 3, 'name': 'admin'}]


def test_update_space_owner(a1_s1, space_1):
    # space owners cannot modify their own permission so that they can't lock themselves out
    space_1.created_by = auth.get_user(a1_s1)
    space_1.save()
    r = a1_s1.patch(
        reverse(
            DETAIL_URL,
            args={auth.get_user(a1_s1).userspace_set.first().id}
        ),
        {'groups': [{'id': 2, 'name': 'user'}]},
        content_type='application/json'
    )
    assert r.status_code == 400


@pytest.mark.parametrize("arg", [
    ['a_u', 403],
    ['g1_s1', 403],
    ['u1_s1', 403],
    ['a1_s1', 403],
])
def test_add(arg, request, u1_s1, space_1):
    c = request.getfixturevalue(arg[0])
    r = c.post(
        reverse(LIST_URL),
        {'user': {'id': auth.get_user(u1_s1).id, 'space': space_1.id}},
        content_type='application/json'
    )
    assert r.status_code == arg[1]


def test_delete(u1_s1, u1_s2, a1_s1, space_1):
    space_1.created_by = auth.get_user(a1_s1)
    space_1.save()

    r = u1_s1.delete(
        reverse(
            DETAIL_URL,
            args={auth.get_user(u1_s1).userspace_set.first().id}
        )
    )
    assert r.status_code == 403

    r = a1_s1.delete(
        reverse(
            DETAIL_URL,
            args={auth.get_user(u1_s1).userspace_set.first().id}
        )
    )
    assert r.status_code == 204