Model Permissions Change Test Cases

---

Source code in app/api/tests/abstract/api_permissions.py

class APIPermissionChange:


    model: object
    """ Item Model to test """

    app_namespace: str = None
    """ URL namespace """

    url_name: str
    """ URL name of the view to test """

    url_view_kwargs: dict = None
    """ URL kwargs of the item page """

    change_data: dict = None


    def test_change_user_anon_denied(self):
        """ Check correct permission for change

        Attempt to change as anon
        """

        client = Client()
        url = reverse(self.app_namespace + ':' + self.url_name, kwargs=self.url_view_kwargs)


        response = client.patch(url, data=self.change_data, content_type='application/json')

        assert response.status_code == 401


    def test_change_no_permission_denied(self):
        """ Ensure permission view cant make change

        Attempt to make change as user without permissions
        """

        client = Client()
        url = reverse(self.app_namespace + ':' + self.url_name, kwargs=self.url_view_kwargs)


        client.force_login(self.no_permissions_user)
        response = client.patch(url, data=self.change_data, content_type='application/json')

        assert response.status_code == 403


    def test_change_different_organization_denied(self):
        """ Ensure permission view cant make change

        Attempt to make change as user from different organization
        """

        client = Client()
        url = reverse(self.app_namespace + ':' + self.url_name, kwargs=self.url_view_kwargs)


        client.force_login(self.different_organization_user)
        response = client.patch(url, data=self.change_data, content_type='application/json')

        assert response.status_code == 403


    def test_change_permission_view_denied(self):
        """ Ensure permission view cant make change

        Attempt to make change as user with view permission
        """

        client = Client()
        url = reverse(self.app_namespace + ':' + self.url_name, kwargs=self.url_view_kwargs)


        client.force_login(self.view_user)
        response = client.patch(url, data=self.change_data, content_type='application/json')

        assert response.status_code == 403


    def test_change_permission_add_denied(self):
        """ Ensure permission view cant make change

        Attempt to make change as user with add permission
        """

        client = Client()
        url = reverse(self.app_namespace + ':' + self.url_name, kwargs=self.url_view_kwargs)


        client.force_login(self.add_user)
        response = client.patch(url, data=self.change_data, content_type='application/json')

        assert response.status_code == 403


    def test_change_has_permission(self):
        """ Check correct permission for change

        Make change with user who has change permission
        """

        client = Client()
        url = reverse(self.app_namespace + ':' + self.url_name, kwargs=self.url_view_kwargs)


        client.force_login(self.change_user)
        response = client.patch(url, data=self.change_data, content_type='application/json')

        assert response.status_code == 200

Attributes

model: object

Item Model to test

app_namespace: str = None

URL namespace

url_name: str

URL name of the view to test

url_view_kwargs: dict = None

URL kwargs of the item page

change_data: dict = None

Functions

test_change_user_anon_denied()

Check correct permission for change

Attempt to change as anon

Source code in app/api/tests/abstract/api_permissions.py

def test_change_user_anon_denied(self):
    """ Check correct permission for change

    Attempt to change as anon
    """

    client = Client()
    url = reverse(self.app_namespace + ':' + self.url_name, kwargs=self.url_view_kwargs)


    response = client.patch(url, data=self.change_data, content_type='application/json')

    assert response.status_code == 401

test_change_no_permission_denied()

Ensure permission view cant make change

Attempt to make change as user without permissions

Source code in app/api/tests/abstract/api_permissions.py

def test_change_no_permission_denied(self):
    """ Ensure permission view cant make change

    Attempt to make change as user without permissions
    """

    client = Client()
    url = reverse(self.app_namespace + ':' + self.url_name, kwargs=self.url_view_kwargs)


    client.force_login(self.no_permissions_user)
    response = client.patch(url, data=self.change_data, content_type='application/json')

    assert response.status_code == 403

test_change_different_organization_denied()

Ensure permission view cant make change

Attempt to make change as user from different organization

Source code in app/api/tests/abstract/api_permissions.py

def test_change_different_organization_denied(self):
    """ Ensure permission view cant make change

    Attempt to make change as user from different organization
    """

    client = Client()
    url = reverse(self.app_namespace + ':' + self.url_name, kwargs=self.url_view_kwargs)


    client.force_login(self.different_organization_user)
    response = client.patch(url, data=self.change_data, content_type='application/json')

    assert response.status_code == 403

test_change_permission_view_denied()

Ensure permission view cant make change

Attempt to make change as user with view permission

Source code in app/api/tests/abstract/api_permissions.py

def test_change_permission_view_denied(self):
    """ Ensure permission view cant make change

    Attempt to make change as user with view permission
    """

    client = Client()
    url = reverse(self.app_namespace + ':' + self.url_name, kwargs=self.url_view_kwargs)


    client.force_login(self.view_user)
    response = client.patch(url, data=self.change_data, content_type='application/json')

    assert response.status_code == 403

test_change_permission_add_denied()

Ensure permission view cant make change

Attempt to make change as user with add permission

Source code in app/api/tests/abstract/api_permissions.py

def test_change_permission_add_denied(self):
    """ Ensure permission view cant make change

    Attempt to make change as user with add permission
    """

    client = Client()
    url = reverse(self.app_namespace + ':' + self.url_name, kwargs=self.url_view_kwargs)


    client.force_login(self.add_user)
    response = client.patch(url, data=self.change_data, content_type='application/json')

    assert response.status_code == 403

test_change_has_permission()

Check correct permission for change

Make change with user who has change permission

Source code in app/api/tests/abstract/api_permissions.py

def test_change_has_permission(self):
    """ Check correct permission for change

    Make change with user who has change permission
    """

    client = Client()
    url = reverse(self.app_namespace + ':' + self.url_name, kwargs=self.url_view_kwargs)


    client.force_login(self.change_user)
    response = client.patch(url, data=self.change_data, content_type='application/json')

    assert response.status_code == 200

About:

This page forms part of our Project Centurion ERP.

Page Metadata

Version: ToDo: place files short git commit here
Date Created: 2024-06-15
Date Edited: 2024-07-09

Contribution:

Would You like to contribute to our Centurion ERP project? You can assist in the following ways:

• Edit This Page If there is a mistake or a way you can improve it.
• Add a Page to the Manual if you would like to add an item to our manual
• Raise an Issue if there is something about this page you would like to improve, and git is unfamiliar to you.

 

ToDo: Add the page list of contributors