mirror of
https://github.com/encode/django-rest-framework.git
synced 2025-07-13 01:32:34 +03:00
Add custom field validators and permission classes with tests
This commit is contained in:
parent
d3dd45b3f4
commit
b47bff0db5
|
@ -882,6 +882,38 @@ class IPAddressField(CharField):
|
||||||
return super().to_internal_value(data)
|
return super().to_internal_value(data)
|
||||||
|
|
||||||
|
|
||||||
|
class AlphabeticFieldValidator:
|
||||||
|
"""
|
||||||
|
Custom validator to ensure that a field only contains alphabetic characters and spaces.
|
||||||
|
"""
|
||||||
|
def __call__(self, value):
|
||||||
|
if not re.match(r'^[A-Za-z ]*$', value):
|
||||||
|
raise ValueError("This field must contain only alphabetic characters and spaces.")
|
||||||
|
|
||||||
|
class AlphanumericFieldValidator:
|
||||||
|
"""
|
||||||
|
Custom validator to ensure the field contains only alphanumeric characters (letters and numbers).
|
||||||
|
"""
|
||||||
|
def __call__(self, value):
|
||||||
|
if not re.match(r'^[A-Za-z0-9]*$', value):
|
||||||
|
raise ValueError("This field must contain only alphanumeric characters (letters and numbers).")
|
||||||
|
|
||||||
|
class CustomLengthValidator:
|
||||||
|
"""
|
||||||
|
Custom validator to ensure the length of a string is within specified limits.
|
||||||
|
"""
|
||||||
|
def __init__(self, min_length=0, max_length=None):
|
||||||
|
self.min_length = min_length
|
||||||
|
self.max_length = max_length
|
||||||
|
|
||||||
|
def __call__(self, value):
|
||||||
|
if len(value) < self.min_length:
|
||||||
|
raise ValueError(f"This field must be at least {self.min_length} characters long.")
|
||||||
|
|
||||||
|
if self.max_length is not None and len(value) > self.max_length:
|
||||||
|
raise ValueError(f"This field must be no more than {self.max_length} characters long.")
|
||||||
|
|
||||||
|
|
||||||
# Number types...
|
# Number types...
|
||||||
|
|
||||||
class IntegerField(Field):
|
class IntegerField(Field):
|
||||||
|
|
|
@ -173,6 +173,32 @@ class IsAuthenticatedOrReadOnly(BasePermission):
|
||||||
)
|
)
|
||||||
|
|
||||||
|
|
||||||
|
class IsAdminUserOrReadOnly(BasePermission):
|
||||||
|
"""
|
||||||
|
Custom permission to only allow admin users to edit an object.
|
||||||
|
"""
|
||||||
|
|
||||||
|
def has_permission(self, request, view):
|
||||||
|
# Allow any user to view the object
|
||||||
|
if request.method in ['GET', 'HEAD', 'OPTIONS']:
|
||||||
|
return True
|
||||||
|
# Only allow admin users to modify the object
|
||||||
|
return request.user and request.user.is_staff
|
||||||
|
|
||||||
|
|
||||||
|
class IsOwner(BasePermission):
|
||||||
|
"""
|
||||||
|
Custom permission to only allow owners of an object to edit it.
|
||||||
|
"""
|
||||||
|
|
||||||
|
def has_object_permission(self, request, view, obj):
|
||||||
|
# Allow read-only access to any request
|
||||||
|
if request.method in ['GET', 'HEAD', 'OPTIONS']:
|
||||||
|
return True
|
||||||
|
# Write permissions are only allowed to the owner of the object
|
||||||
|
return obj.owner == request.user
|
||||||
|
|
||||||
|
|
||||||
class DjangoModelPermissions(BasePermission):
|
class DjangoModelPermissions(BasePermission):
|
||||||
"""
|
"""
|
||||||
The request is authenticated using `django.contrib.auth` permissions.
|
The request is authenticated using `django.contrib.auth` permissions.
|
||||||
|
|
|
@ -25,7 +25,7 @@ from django.utils.timezone import activate, deactivate, override
|
||||||
import rest_framework
|
import rest_framework
|
||||||
from rest_framework import exceptions, serializers
|
from rest_framework import exceptions, serializers
|
||||||
from rest_framework.fields import (
|
from rest_framework.fields import (
|
||||||
BuiltinSignatureError, DjangoImageField, SkipField, empty,
|
AlphabeticFieldValidator, AlphanumericFieldValidator, BuiltinSignatureError, CustomLengthValidator, DjangoImageField, SkipField, empty,
|
||||||
is_simple_callable
|
is_simple_callable
|
||||||
)
|
)
|
||||||
from tests.models import UUIDForeignKeyTarget
|
from tests.models import UUIDForeignKeyTarget
|
||||||
|
@ -1061,6 +1061,88 @@ class TestFilePathField(FieldValues):
|
||||||
)
|
)
|
||||||
|
|
||||||
|
|
||||||
|
class TestAlphabeticField:
|
||||||
|
"""
|
||||||
|
Valid and invalid values for `AlphabeticFieldValidator`.
|
||||||
|
"""
|
||||||
|
valid_inputs = {
|
||||||
|
'John Doe': 'John Doe',
|
||||||
|
'Alice': 'Alice',
|
||||||
|
'Bob Marley': 'Bob Marley',
|
||||||
|
}
|
||||||
|
invalid_inputs = {
|
||||||
|
'John123': ['This field must contain only alphabetic characters and spaces.'],
|
||||||
|
'Alice!': ['This field must contain only alphabetic characters and spaces.'],
|
||||||
|
'': ['This field must contain only alphabetic characters and spaces.'],
|
||||||
|
}
|
||||||
|
field = str # Placeholder for the field type
|
||||||
|
|
||||||
|
def test_valid_inputs(self):
|
||||||
|
validator = AlphabeticFieldValidator()
|
||||||
|
for value in self.valid_inputs.keys():
|
||||||
|
validator(value) # Should not raise ValueError
|
||||||
|
|
||||||
|
def test_invalid_inputs(self):
|
||||||
|
validator = AlphabeticFieldValidator()
|
||||||
|
for value, expected_errors in self.invalid_inputs.items():
|
||||||
|
with pytest.raises(ValueError) as excinfo:
|
||||||
|
validator(value)
|
||||||
|
assert str(excinfo.value) == expected_errors[0]
|
||||||
|
|
||||||
|
class TestAlphanumericField:
|
||||||
|
"""
|
||||||
|
Valid and invalid values for `AlphanumericFieldValidator`.
|
||||||
|
"""
|
||||||
|
valid_inputs = {
|
||||||
|
'John123': 'John123',
|
||||||
|
'Alice007': 'Alice007',
|
||||||
|
'Bob1990': 'Bob1990',
|
||||||
|
}
|
||||||
|
invalid_inputs = {
|
||||||
|
'John!': ['This field must contain only alphanumeric characters (letters and numbers).'],
|
||||||
|
'Alice 007': ['This field must contain only alphanumeric characters (letters and numbers).'],
|
||||||
|
'': ['This field must contain only alphanumeric characters (letters and numbers).'],
|
||||||
|
}
|
||||||
|
field = str # Placeholder for the field type
|
||||||
|
|
||||||
|
def test_valid_inputs(self):
|
||||||
|
validator = AlphanumericFieldValidator()
|
||||||
|
for value in self.valid_inputs.keys():
|
||||||
|
validator(value) # Should not raise ValueError
|
||||||
|
|
||||||
|
def test_invalid_inputs(self):
|
||||||
|
validator = AlphanumericFieldValidator()
|
||||||
|
for value, expected_errors in self.invalid_inputs.items():
|
||||||
|
with pytest.raises(ValueError) as excinfo:
|
||||||
|
validator(value)
|
||||||
|
assert str(excinfo.value) == expected_errors[0]
|
||||||
|
|
||||||
|
class TestCustomLengthField:
|
||||||
|
"""
|
||||||
|
Valid and invalid values for `CustomLengthValidator`.
|
||||||
|
"""
|
||||||
|
valid_inputs = {
|
||||||
|
'abc': 'abc', # 3 characters
|
||||||
|
'abcdefghij': 'abcdefghij', # 10 characters
|
||||||
|
}
|
||||||
|
invalid_inputs = {
|
||||||
|
'ab': ['This field must be at least 3 characters long.'], # Too short
|
||||||
|
'abcdefghijk': ['This field must be no more than 10 characters long.'], # Too long
|
||||||
|
}
|
||||||
|
field = str # Placeholder for the field type
|
||||||
|
|
||||||
|
def test_valid_inputs(self):
|
||||||
|
validator = CustomLengthValidator(min_length=3, max_length=10)
|
||||||
|
for value in self.valid_inputs.keys():
|
||||||
|
validator(value) # Should not raise ValueError
|
||||||
|
|
||||||
|
def test_invalid_inputs(self):
|
||||||
|
validator = CustomLengthValidator(min_length=3, max_length=10)
|
||||||
|
for value, expected_errors in self.invalid_inputs.items():
|
||||||
|
with pytest.raises(ValueError) as excinfo:
|
||||||
|
validator(value)
|
||||||
|
assert str(excinfo.value) == expected_errors[0]
|
||||||
|
|
||||||
# Number types...
|
# Number types...
|
||||||
|
|
||||||
class TestIntegerField(FieldValues):
|
class TestIntegerField(FieldValues):
|
||||||
|
|
|
@ -772,3 +772,58 @@ class PermissionsCompositionTests(TestCase):
|
||||||
]
|
]
|
||||||
|
|
||||||
assert filtered_permissions == expected_permissions
|
assert filtered_permissions == expected_permissions
|
||||||
|
|
||||||
|
|
||||||
|
class PermissionTests(TestCase):
|
||||||
|
def setUp(self):
|
||||||
|
self.factory = APIRequestFactory()
|
||||||
|
self.admin_user = User.objects.create_user(username='admin', password='password', is_staff=True)
|
||||||
|
self.regular_user = User.objects.create_user(username='user', password='password')
|
||||||
|
self.anonymous_user = AnonymousUser()
|
||||||
|
|
||||||
|
def test_is_admin_user_or_read_only_allow_read(self):
|
||||||
|
# Test that all users can read
|
||||||
|
request = self.factory.get('/1', format='json')
|
||||||
|
request.user = self.anonymous_user
|
||||||
|
permission = permissions.IsAdminUserOrReadOnly()
|
||||||
|
self.assertTrue(permission.has_permission(request, None)) # Allow read access
|
||||||
|
|
||||||
|
request.user = self.admin_user # Admin user
|
||||||
|
self.assertTrue(permission.has_permission(request, None)) # Allow read access for admin
|
||||||
|
|
||||||
|
def test_is_admin_user_or_read_only_allow_write(self):
|
||||||
|
# Test that only admin users can write
|
||||||
|
request = self.factory.post('/1', format='json')
|
||||||
|
request.user = self.admin_user # Admin user
|
||||||
|
permission = permissions.IsAdminUserOrReadOnly()
|
||||||
|
self.assertTrue(permission.has_permission(request, None)) # Allow write access for admin
|
||||||
|
|
||||||
|
request.user = self.regular_user # Non-admin user
|
||||||
|
self.assertFalse(permission.has_permission(request, None)) # Deny write access for non-admin
|
||||||
|
|
||||||
|
def test_is_owner_permission(self):
|
||||||
|
# Setup mock object with owner
|
||||||
|
obj = BasicModel(owner=self.admin_user) # Assuming BasicModel has an owner field
|
||||||
|
|
||||||
|
# Test that the owner can modify
|
||||||
|
request = self.factory.post('/1', format='json')
|
||||||
|
request.user = self.admin_user
|
||||||
|
permission = permissions.IsOwner()
|
||||||
|
self.assertTrue(permission.has_object_permission(request, None, obj)) # Owner should have access
|
||||||
|
|
||||||
|
# Test that a non-owner cannot modify
|
||||||
|
request.user = self.regular_user # Another user
|
||||||
|
self.assertFalse(permission.has_object_permission(request, None, obj)) # Another user should not have access
|
||||||
|
|
||||||
|
def test_is_owner_read_access(self):
|
||||||
|
# Setup mock object with owner
|
||||||
|
obj = BasicModel(owner=self.admin_user) # Assuming BasicModel has an owner field
|
||||||
|
|
||||||
|
# Test read access for any user
|
||||||
|
request = self.factory.get('/1', format='json')
|
||||||
|
request.user = self.regular_user # Another user
|
||||||
|
permission = permissions.IsOwner()
|
||||||
|
self.assertTrue(permission.has_object_permission(request, None, obj)) # Any user can read
|
||||||
|
|
||||||
|
request.user = self.admin_user # The owner
|
||||||
|
self.assertTrue(permission.has_object_permission(request, None, obj)) # Owner can read
|
||||||
|
|
Loading…
Reference in New Issue
Block a user