Promo-Code-API/promo_code/business/tests/promocodes/test_permissions.py at 55241c6b6e86feec0abd09126a0e4ca50b33ee8f · RandomProgramm3r/Promo-Code-API · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
import django.contrib.auth
import rest_framework.status
import rest_framework.test

import business.models
import business.permissions
import business.tests.promocodes.base
import user.models


class TestIsCompanyUserPermission(
    business.tests.promocodes.base.BasePromoTestCase,
):
    @classmethod
    def setUpClass(cls):
        super().setUpClass()

        cls.unique_payload = {
            'description': 'Complimentary Pudge Skin on Registration!',
            'target': {},
            'max_count': 1,
            'mode': 'UNIQUE',
            'active_from': '2030-08-08',
            'promo_unique': ['dota-arena', 'coda-core', 'warcraft3'],
        }

    def setUp(self):
        self.factory = rest_framework.test.APIRequestFactory()
        self.permission = business.permissions.IsCompanyUser()
        get_user_model = django.contrib.auth.get_user_model
        self.regular_user = get_user_model().objects.create_user(
            name='regular',
            password='SecurePass123!',
            surname='adadioa',
            email='example@gmail.com',
        )

    def create_promo(self, token, payload):
        self.client.credentials(HTTP_AUTHORIZATION='Bearer ' + token)
        response = self.client.post(
            self.promo_list_create_url,
            payload,
            format='json',
        )
        self.assertEqual(
            response.status_code,
            rest_framework.status.HTTP_201_CREATED,
        )
        return response.data['id']

    def tearDown(self):
        business.models.Company.objects.all().delete()
        user.models.User.objects.all().delete()

    def test_has_permission_for_company_user(self):
        request = self.factory.get(self.promo_list_create_url)
        request.user = self.company1
        self.assertTrue(self.permission.has_permission(request, None))

    def test_has_permission_for_regular_user(self):
        request = self.factory.get(self.promo_list_create_url)
        request.user = self.regular_user
        self.assertFalse(self.permission.has_permission(request, None))

    def test_has_permission_for_anonymous_user(self):
        request = self.factory.get(self.promo_list_create_url)
        request.user = None
        self.assertFalse(self.permission.has_permission(request, None))

    def test_has_permission_to_foreign_promo(self):
        promo_id = self.create_promo(self.company2_token, self.unique_payload)
        self.client.credentials(
            HTTP_AUTHORIZATION='Bearer ' + self.company1_token,
        )
        url = self.promo_detail_url(promo_id)
        patch_payload = {'description': '100% Cashback'}
        response = self.client.patch(url, patch_payload, format='json')
        self.assertEqual(
            response.status_code,
            rest_framework.status.HTTP_403_FORBIDDEN,
        )