fixed tests

SCOAP3 · Oct 9, 2023 · f4d6c5e · f4d6c5e
1 parent 87da60a
commit f4d6c5e
Show file tree

Hide file tree

Showing 4 changed files with 128 additions and 76 deletions.
diff --git a/scoap3/fixtures/custom_groups_and_permissions.json b/scoap3/fixtures/custom_groups_and_permissions.json
@@ -3,90 +3,33 @@
         "model": "auth.group",
         "pk": 1,
         "fields": {
-            "name": "API_user"
+            "name": "API_user",
+            "permissions": [
+                81
+            ]
         }
     },
     {
         "model": "auth.group",
         "pk": 2,
         "fields": {
-            "name": "Advanced_user"
+            "name": "Advanced_user",
+            "permissions": [
+                81,
+                82
+            ]
         }
     },
     {
         "model": "auth.group",
         "pk": 3,
         "fields": {
-            "name": "Admin"
-        }
-    },
-    {
-        "model": "auth.permission",
-        "pk": 1,
-        "fields": {
-            "name": "Can add article",
-            "content_type": 21,
-            "codename": "add_article"
-        }
-    },
-    {
-        "model": "auth.permission",
-        "pk": 2,
-        "fields": {
-            "name": "Can change article",
-            "content_type": 21,
-            "codename": "change_article"
-        }
-    },
-    {
-        "model": "auth.permission",
-        "pk": 3,
-        "fields": {
-            "name": "Can delete article",
-            "content_type": 21,
-            "codename": "delete_article"
-        }
-    },
-    {
-        "model": "auth.group_permissions",
-        "fields": {
-            "group": 1,
-            "permission": 1
-        }
-    },
-    {
-        "model": "auth.group_permissions",
-        "fields": {
-            "group": 2,
-            "permission": 1
-        }
-    },
-    {
-        "model": "auth.group_permissions",
-        "fields": {
-            "group": 2,
-            "permission": 2
-        }
-    },
-    {
-        "model": "auth.group_permissions",
-        "fields": {
-            "group": 3,
-            "permission": 1
-        }
-    },
-    {
-        "model": "auth.group_permissions",
-        "fields": {
-            "group": 3,
-            "permission": 2
-        }
-    },
-    {
-        "model": "auth.group_permissions",
-        "fields": {
-            "group": 3,
-            "permission": 3
+            "name": "Admin",
+            "permissions": [
+                81,
+                82,
+                83
+            ]
         }
     }
 ]
diff --git a/scoap3/management/commands/create_groups.py b/scoap3/management/commands/create_groups.py
@@ -1,6 +1,6 @@
 from django.core.management.base import BaseCommand
 
-from scoap3.utils.create_goups import create_custom_groups
+from scoap3.utils.create_groups import create_custom_groups
 
 
 class Command(BaseCommand):

diff --git a/scoap3/utils/create_groups.py b/scoap3/utils/create_groups.py
@@ -0,0 +1,28 @@
+from django.contrib.auth.models import Group, Permission
+from django.contrib.contenttypes.models import ContentType
+
+
+def create_custom_groups():
+    api_user_group, created = Group.objects.get_or_create(name="API_user")
+    advanced_user_group, created = Group.objects.get_or_create(name="Advanced_user")
+    admin_group, created = Group.objects.get_or_create(name="Admin")
+
+    article_content_type = ContentType.objects.get(
+        app_label="articles", model="article"
+    )
+
+    add_permission = Permission.objects.get(
+        codename="add_article", content_type=article_content_type
+    )
+    change_permission = Permission.objects.get(
+        codename="change_article", content_type=article_content_type
+    )
+    delete_permission = Permission.objects.get(
+        codename="delete_article", content_type=article_content_type
+    )
+
+    api_user_group.permissions.add(add_permission)
+    advanced_user_group.permissions.add(add_permission, change_permission)
+    admin_group.permissions.add(add_permission, change_permission, delete_permission)
+
+    return api_user_group, advanced_user_group, admin_group
diff --git a/scoap3/utils/test_groups.py b/scoap3/utils/test_groups.py
@@ -10,7 +10,7 @@
 User = get_user_model()
 
 
-class TestGroupPermissions(TestCase):
+class TestGroupAdminPermissions(TestCase):
     fixtures = ["custom_groups_and_permissions.json"]
 
     def setUp(self):
@@ -60,8 +60,17 @@ def setUp(self):
         self.article_id = response_article.data["id"]
 
     def test_user_belongs_to_group(self):
-        user = User.objects.get(username="testuser")
-        self.assertTrue(user.groups.filter(name="Admin").exists())
+        self.assertTrue(self.user.groups.filter(name="Admin").exists())
+
+    def test_update_article(self):
+        url_get_article = reverse("api:article-detail", args=[self.article_id])
+        response = self.client.patch(
+            url_get_article,
+            data={"subtitle": "changed subtitle"},
+            HTTP_AUTHORIZATION=f"Token {self.token}",
+            content_type="application/json",
+        )
+        assert response.status_code == 200
 
     def test_delete_article(self):
         url_delete_article = reverse("api:article-detail", args=[self.article_id])
@@ -72,3 +81,75 @@ def test_delete_article(self):
         )
 
         assert response.status_code == 204
+
+
+class TestGroupApiPermissions(TestCase):
+    fixtures = ["custom_groups_and_permissions.json"]
+
+    def setUp(self):
+        self.api_user = User.objects.create_user(
+            username="testapiuser", password="testpassword"
+        )
+        api_user_group = Group.objects.get(name="API_user")
+        self.api_user.groups.add(api_user_group)
+        self.api_user_token = Token.objects.create(user=self.api_user)
+
+        client = APIClient()
+        client.force_authenticate(user=self.api_user)
+
+        license_data = {
+            "url": "https://creativecommons.org/about/cclicenses/",
+            "name": "cc",
+        }
+        url = reverse("api:license-list")
+
+        response_license = client.post(
+            url,
+            data=license_data,
+            format="json",
+            HTTP_AUTHORIZATION=f"Token {self.api_user_token}",
+        )
+        self.license_id = response_license.data["id"]
+        article_data = {
+            "reception_date": "2023-07-11",
+            "acceptance_date": "2023-07-11",
+            "publication_date": "2023-07-11",
+            "first_online_date": "2023-07-11",
+            "title": "string",
+            "subtitle": "string",
+            "abstract": "string",
+            "related_licenses": [self.license_id],
+            "related_materials": [],
+            "_files": [],
+        }
+        url = reverse("api:article-list")
+        response_article = self.client.post(
+            url,
+            data=article_data,
+            format="json",
+            HTTP_AUTHORIZATION=f"Token {self.api_user_token}",
+        )
+        self.article_id = response_article.data["id"]
+
+    def test_user_belongs_to_group(self):
+        self.assertTrue(self.api_user.groups.filter(name="API_user").exists())
+
+    def test_update_article(self):
+        url_get_article = reverse("api:article-detail", args=[self.article_id])
+        response = self.client.patch(
+            url_get_article,
+            data={"subtitle": "changed subtitle"},
+            HTTP_AUTHORIZATION=f"Token {self.api_user_token}",
+            content_type="application/json",
+        )
+        assert response.status_code == 403
+
+    def test_delete_article(self):
+        url_delete_article = reverse("api:article-detail", args=[self.article_id])
+        response = self.client.delete(
+            url_delete_article,
+            format="json",
+            HTTP_AUTHORIZATION=f"Token {self.api_user_token}",
+        )
+
+        assert response.status_code == 403