Skip to content

Commit 8de4c85

Browse files
summerhensonsummerhenson
committed
Test PublishedState delete method
1 parent c94125e commit 8de4c85

2 files changed

Lines changed: 31 additions & 1 deletion

File tree

sasdata/fair_database/data/test/test_published_state.py

Lines changed: 30 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -457,6 +457,36 @@ def test_update_private_published_state_unauthorized(self):
457457
self.assertFalse(PublishedState.objects.get(id=2).published)
458458

459459
# Test deleting a published state - session not deleted
460+
def test_delete_private_published_state(self):
461+
request = self.auth_client1.delete("/v1/data/published/2/")
462+
self.assertEqual(request.status_code, status.HTTP_200_OK)
463+
self.assertEqual(len(PublishedState.objects.all()), 2)
464+
self.assertEqual(len(Session.objects.all()), 3)
465+
self.assertRaises(PublishedState.DoesNotExist, PublishedState.objects.get, id=2)
466+
self.private_ps = PublishedState.objects.create(
467+
id=2,
468+
doi=doi_generator(2),
469+
published=False,
470+
session=self.private_session,
471+
)
472+
473+
def test_delete_private_published_state_unauthorized(self):
474+
request1 = self.auth_client2.delete("/v1/data/published/2/")
475+
self.private_session.users.add(self.user2)
476+
request2 = self.auth_client2.delete("/v1/data/published/2/")
477+
self.private_session.users.remove(self.user2)
478+
request3 = self.client.delete("/v1/data/published/2/")
479+
self.assertEqual(request1.status_code, status.HTTP_403_FORBIDDEN)
480+
self.assertEqual(request2.status_code, status.HTTP_403_FORBIDDEN)
481+
self.assertEqual(request3.status_code, status.HTTP_401_UNAUTHORIZED)
482+
483+
def test_cant_delete_public_published_state(self):
484+
request = self.auth_client1.delete("/v1/data/published/1/")
485+
self.assertEqual(request.status_code, status.HTTP_403_FORBIDDEN)
486+
487+
def test_delete_unowned_published_state(self):
488+
request = self.auth_client1.delete("/v1/data/published/3/")
489+
self.assertEqual(request.status_code, status.HTTP_403_FORBIDDEN)
460490

461491
@classmethod
462492
def tearDownClass(cls):

sasdata/fair_database/data/views.py

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -618,7 +618,7 @@ def put(self, request, ps_id, version=None):
618618
# Delete a published state
619619
def delete(self, request, ps_id, version=None):
620620
db = get_object_or_404(PublishedState, id=ps_id)
621-
if not permissions.check_permissions(request, db):
621+
if not permissions.check_permissions(request, db.session):
622622
if not request.user.is_authenticated:
623623
return HttpResponse(
624624
"Must be authenticated to delete a published state", status=401

0 commit comments

Comments
 (0)