From 9a63ad6c2e778b842e90879b674bb12711b01382 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Markus=20T=C3=B6rnqvist?= Date: Sun, 19 May 2013 15:37:51 +0300 Subject: [PATCH] Explicit permission classes in test cases --- rest_framework/tests/test_decorators.py | 11 ++++++++++- rest_framework/tests/test_generics.py | 5 +++++ rest_framework/tests/test_htmlrenderer.py | 6 +++++- rest_framework/tests/test_hyperlinkedserializers.py | 12 ++++++++++++ rest_framework/tests/test_renderers.py | 6 ++++++ rest_framework/tests/test_request.py | 3 +++ rest_framework/tests/test_response.py | 6 ++++++ rest_framework/tests/test_throttling.py | 4 ++++ rest_framework/tests/test_views.py | 5 ++++- 9 files changed, 55 insertions(+), 3 deletions(-) diff --git a/rest_framework/tests/test_decorators.py b/rest_framework/tests/test_decorators.py index 1016fed3f..4081a53f1 100644 --- a/rest_framework/tests/test_decorators.py +++ b/rest_framework/tests/test_decorators.py @@ -6,7 +6,7 @@ from rest_framework.renderers import JSONRenderer from rest_framework.parsers import JSONParser from rest_framework.authentication import BasicAuthentication from rest_framework.throttling import UserRateThrottle -from rest_framework.permissions import IsAuthenticated +from rest_framework.permissions import IsAuthenticated, AllowAny from rest_framework.views import APIView from rest_framework.decorators import ( api_view, @@ -35,6 +35,7 @@ class DecoratorTestCase(TestCase): """ @api_view + @permission_classes((AllowAny,)) def view(request): return Response() @@ -48,12 +49,14 @@ class DecoratorTestCase(TestCase): with self.assertRaises(AssertionError): @api_view('GET') + @permission_classes((AllowAny,)) def view(request): return Response() def test_calling_method(self): @api_view(['GET']) + @permission_classes((AllowAny,)) def view(request): return Response({}) @@ -68,6 +71,7 @@ class DecoratorTestCase(TestCase): def test_calling_put_method(self): @api_view(['GET', 'PUT']) + @permission_classes((AllowAny,)) def view(request): return Response({}) @@ -82,6 +86,7 @@ class DecoratorTestCase(TestCase): def test_calling_patch_method(self): @api_view(['GET', 'PATCH']) + @permission_classes((AllowAny,)) def view(request): return Response({}) @@ -96,6 +101,7 @@ class DecoratorTestCase(TestCase): def test_renderer_classes(self): @api_view(['GET']) + @permission_classes((AllowAny,)) @renderer_classes([JSONRenderer]) def view(request): return Response({}) @@ -107,6 +113,7 @@ class DecoratorTestCase(TestCase): def test_parser_classes(self): @api_view(['GET']) + @permission_classes((AllowAny,)) @parser_classes([JSONParser]) def view(request): self.assertEqual(len(request.parsers), 1) @@ -120,6 +127,7 @@ class DecoratorTestCase(TestCase): def test_authentication_classes(self): @api_view(['GET']) + @permission_classes((AllowAny,)) @authentication_classes([BasicAuthentication]) def view(request): self.assertEqual(len(request.authenticators), 1) @@ -146,6 +154,7 @@ class DecoratorTestCase(TestCase): rate = '1/day' @api_view(['GET']) + @permission_classes((AllowAny,)) @throttle_classes([OncePerDayUserThrottle]) def view(request): return Response({}) diff --git a/rest_framework/tests/test_generics.py b/rest_framework/tests/test_generics.py index 15d87e866..2f274cfce 100644 --- a/rest_framework/tests/test_generics.py +++ b/rest_framework/tests/test_generics.py @@ -6,6 +6,7 @@ from rest_framework import generics, renderers, serializers, status from rest_framework.tests.utils import RequestFactory from rest_framework.tests.models import BasicModel, Comment, SlugBasedModel from rest_framework.compat import six +from rest_framework.permissions import AllowAny import json factory = RequestFactory() @@ -16,6 +17,7 @@ class RootView(generics.ListCreateAPIView): Example description for OPTIONS. """ model = BasicModel + permission_classes = (AllowAny,) class InstanceView(generics.RetrieveUpdateDestroyAPIView): @@ -23,6 +25,7 @@ class InstanceView(generics.RetrieveUpdateDestroyAPIView): Example description for OPTIONS. """ model = BasicModel + permission_classes = (AllowAny,) class SlugSerializer(serializers.ModelSerializer): @@ -355,6 +358,7 @@ class CommentSerializer(serializers.ModelSerializer): class CommentView(generics.ListCreateAPIView): serializer_class = CommentSerializer + permission_classes = (AllowAny,) model = Comment @@ -486,6 +490,7 @@ class TwoFieldModel(models.Model): class DynamicSerializerView(generics.ListCreateAPIView): model = TwoFieldModel renderer_classes = (renderers.BrowsableAPIRenderer, renderers.JSONRenderer) + permission_classes = (AllowAny,) def get_serializer_class(self): if self.request.method == 'POST': diff --git a/rest_framework/tests/test_htmlrenderer.py b/rest_framework/tests/test_htmlrenderer.py index 8957a43c7..4cb3fd658 100644 --- a/rest_framework/tests/test_htmlrenderer.py +++ b/rest_framework/tests/test_htmlrenderer.py @@ -6,14 +6,16 @@ from django.template import TemplateDoesNotExist, Template import django.template.loader from rest_framework import status from rest_framework.compat import patterns, url -from rest_framework.decorators import api_view, renderer_classes +from rest_framework.decorators import api_view, renderer_classes, permission_classes from rest_framework.renderers import TemplateHTMLRenderer from rest_framework.response import Response from rest_framework.compat import six +from rest_framework.permissions import AllowAny @api_view(('GET',)) @renderer_classes((TemplateHTMLRenderer,)) +@permission_classes((AllowAny,)) def example(request): """ A view that can returns an HTML representation. @@ -24,12 +26,14 @@ def example(request): @api_view(('GET',)) @renderer_classes((TemplateHTMLRenderer,)) +@permission_classes((AllowAny,)) def permission_denied(request): raise PermissionDenied() @api_view(('GET',)) @renderer_classes((TemplateHTMLRenderer,)) +@permission_classes((AllowAny,)) def not_found(request): raise Http404() diff --git a/rest_framework/tests/test_hyperlinkedserializers.py b/rest_framework/tests/test_hyperlinkedserializers.py index 1894ddb27..a80bd2bd3 100644 --- a/rest_framework/tests/test_hyperlinkedserializers.py +++ b/rest_framework/tests/test_hyperlinkedserializers.py @@ -5,6 +5,7 @@ from django.test.client import RequestFactory from rest_framework import generics, status, serializers from rest_framework.compat import patterns, url from rest_framework.tests.models import Anchor, BasicModel, ManyToManyModel, BlogPost, BlogPostComment, Album, Photo, OptionalRelationModel +from rest_framework.permissions import AllowAny factory = RequestFactory() @@ -38,56 +39,67 @@ class AlbumSerializer(serializers.ModelSerializer): class BasicList(generics.ListCreateAPIView): model = BasicModel model_serializer_class = serializers.HyperlinkedModelSerializer + permission_classes = (AllowAny,) class BasicDetail(generics.RetrieveUpdateDestroyAPIView): model = BasicModel model_serializer_class = serializers.HyperlinkedModelSerializer + permission_classes = (AllowAny,) class AnchorDetail(generics.RetrieveAPIView): model = Anchor model_serializer_class = serializers.HyperlinkedModelSerializer + permission_classes = (AllowAny,) class ManyToManyList(generics.ListAPIView): model = ManyToManyModel model_serializer_class = serializers.HyperlinkedModelSerializer + permission_classes = (AllowAny,) class ManyToManyDetail(generics.RetrieveAPIView): model = ManyToManyModel model_serializer_class = serializers.HyperlinkedModelSerializer + permission_classes = (AllowAny,) class BlogPostCommentListCreate(generics.ListCreateAPIView): model = BlogPostComment serializer_class = BlogPostCommentSerializer + permission_classes = (AllowAny,) class BlogPostCommentDetail(generics.RetrieveAPIView): model = BlogPostComment serializer_class = BlogPostCommentSerializer + permission_classes = (AllowAny,) class BlogPostDetail(generics.RetrieveAPIView): model = BlogPost + permission_classes = (AllowAny,) class PhotoListCreate(generics.ListCreateAPIView): model = Photo model_serializer_class = PhotoSerializer + permission_classes = (AllowAny,) class AlbumDetail(generics.RetrieveAPIView): model = Album serializer_class = AlbumSerializer lookup_field = 'title' + permission_classes = (AllowAny,) class OptionalRelationDetail(generics.RetrieveUpdateDestroyAPIView): model = OptionalRelationModel model_serializer_class = serializers.HyperlinkedModelSerializer + permission_classes = (AllowAny,) urlpatterns = patterns('', diff --git a/rest_framework/tests/test_renderers.py b/rest_framework/tests/test_renderers.py index 1584fc9f7..3e1d6bfa1 100644 --- a/rest_framework/tests/test_renderers.py +++ b/rest_framework/tests/test_renderers.py @@ -6,6 +6,7 @@ from django.test.client import RequestFactory from django.utils import unittest from rest_framework import status, permissions from rest_framework.compat import yaml, etree, patterns, url, include +from rest_framework.decorators import permission_classes from rest_framework.response import Response from rest_framework.views import APIView from rest_framework.renderers import BaseRenderer, JSONRenderer, YAMLRenderer, \ @@ -14,6 +15,7 @@ from rest_framework.parsers import YAMLParser, XMLParser from rest_framework.settings import api_settings from rest_framework.compat import StringIO from rest_framework.compat import six +from rest_framework.permissions import AllowAny import datetime import pickle import re @@ -56,6 +58,7 @@ class RendererB(BaseRenderer): class MockView(APIView): renderer_classes = (RendererA, RendererB) + permission_classes = (AllowAny,) def get(self, request, **kwargs): response = Response(DUMMYCONTENT, status=DUMMYSTATUS) @@ -64,12 +67,14 @@ class MockView(APIView): class MockGETView(APIView): + permission_classes = (AllowAny,) def get(self, request, **kwargs): return Response({'foo': ['bar', 'baz']}) class HTMLView(APIView): renderer_classes = (BrowsableAPIRenderer, ) + permission_classes = (AllowAny,) def get(self, request, **kwargs): return Response('text') @@ -77,6 +82,7 @@ class HTMLView(APIView): class HTMLView1(APIView): renderer_classes = (BrowsableAPIRenderer, JSONRenderer) + permission_classes = (AllowAny,) def get(self, request, **kwargs): return Response('text') diff --git a/rest_framework/tests/test_request.py b/rest_framework/tests/test_request.py index a5c5e84ce..9e99a905f 100644 --- a/rest_framework/tests/test_request.py +++ b/rest_framework/tests/test_request.py @@ -16,6 +16,8 @@ from rest_framework.parsers import ( MultiPartParser, JSONParser ) +from rest_framework.decorators import permission_classes +from rest_framework.permissions import AllowAny from rest_framework.request import Request from rest_framework.response import Response from rest_framework.settings import api_settings @@ -241,6 +243,7 @@ class TestContentParsing(TestCase): class MockView(APIView): authentication_classes = (SessionAuthentication,) + permission_classes = (AllowAny,) def post(self, request): if request.POST.get('example') is not None: diff --git a/rest_framework/tests/test_response.py b/rest_framework/tests/test_response.py index e109b0b58..6b2016c4e 100644 --- a/rest_framework/tests/test_response.py +++ b/rest_framework/tests/test_response.py @@ -1,6 +1,8 @@ from __future__ import unicode_literals from django.test import TestCase from rest_framework.compat import patterns, url, include +from rest_framework.decorators import permission_classes +from rest_framework.permissions import AllowAny from rest_framework.response import Response from rest_framework.views import APIView from rest_framework import status @@ -55,6 +57,7 @@ class RendererC(RendererB): class MockView(APIView): renderer_classes = (RendererA, RendererB, RendererC) + permission_classes = (AllowAny,) def get(self, request, **kwargs): return Response(DUMMYCONTENT, status=DUMMYSTATUS) @@ -62,6 +65,7 @@ class MockView(APIView): class MockViewSettingCharset(APIView): renderer_classes = (RendererA, RendererB, RendererC) + permission_classes = (AllowAny,) def get(self, request, **kwargs): return Response(DUMMYCONTENT, status=DUMMYSTATUS, charset='setbyview') @@ -69,6 +73,7 @@ class MockViewSettingCharset(APIView): class HTMLView(APIView): renderer_classes = (BrowsableAPIRenderer, ) + permission_classes = (AllowAny,) def get(self, request, **kwargs): return Response('text') @@ -76,6 +81,7 @@ class HTMLView(APIView): class HTMLView1(APIView): renderer_classes = (BrowsableAPIRenderer, JSONRenderer) + permission_classes = (AllowAny,) def get(self, request, **kwargs): return Response('text') diff --git a/rest_framework/tests/test_throttling.py b/rest_framework/tests/test_throttling.py index 11cbd8eba..ebf426a9a 100644 --- a/rest_framework/tests/test_throttling.py +++ b/rest_framework/tests/test_throttling.py @@ -6,6 +6,8 @@ from django.test import TestCase from django.contrib.auth.models import User from django.core.cache import cache from django.test.client import RequestFactory +from rest_framework.decorators import api_view +from rest_framework.permissions import AllowAny from rest_framework.views import APIView from rest_framework.throttling import UserRateThrottle from rest_framework.response import Response @@ -23,6 +25,7 @@ class User3MinRateThrottle(UserRateThrottle): class MockView(APIView): throttle_classes = (User3SecRateThrottle,) + permission_classes = (AllowAny,) def get(self, request): return Response('foo') @@ -30,6 +33,7 @@ class MockView(APIView): class MockView_MinuteThrottling(APIView): throttle_classes = (User3MinRateThrottle,) + permission_classes = (AllowAny,) def get(self, request): return Response('foo') diff --git a/rest_framework/tests/test_views.py b/rest_framework/tests/test_views.py index 994cf6dc3..951a13153 100644 --- a/rest_framework/tests/test_views.py +++ b/rest_framework/tests/test_views.py @@ -2,7 +2,8 @@ from __future__ import unicode_literals from django.test import TestCase from django.test.client import RequestFactory from rest_framework import status -from rest_framework.decorators import api_view +from rest_framework.decorators import api_view, permission_classes +from rest_framework.permissions import AllowAny from rest_framework.response import Response from rest_framework.settings import api_settings from rest_framework.views import APIView @@ -12,6 +13,7 @@ factory = RequestFactory() class BasicView(APIView): + permission_classes = (AllowAny,) def get(self, request, *args, **kwargs): return Response({'method': 'GET'}) @@ -20,6 +22,7 @@ class BasicView(APIView): @api_view(['GET', 'POST', 'PUT', 'PATCH']) +@permission_classes((AllowAny,)) def basic_view(request): if request.method == 'GET': return {'method': 'GET'}