#ref 5616. Add IsAuthenticatedOrOptionsOnly class in permissions, and made tests for that

This commit is contained in:
mkdk 2018-09-21 21:42:17 +03:00
parent 953c29c12d
commit cc7deac767
2 changed files with 44 additions and 0 deletions

View File

@ -51,6 +51,17 @@ class IsAuthenticated(BasePermission):
return request.user and request.user.is_authenticated
class IsAuthenticatedOrOptionsOnly(BasePermission):
"""
Allows access only to authenticated users.
"""
def has_permission(self, request, view):
if request.method == 'OPTIONS':
return True
return request.user and request.user.is_authenticated
class IsAdminUser(BasePermission):
"""
Allows access only to admin users.

View File

@ -522,3 +522,36 @@ class CustomPermissionsTests(TestCase):
detail = response.data.get('detail')
self.assertEqual(response.status_code, status.HTTP_403_FORBIDDEN)
self.assertEqual(detail, self.custom_message)
class IsAuthenticatedOrOptionsOnlyAllowedView(generics.RetrieveUpdateDestroyAPIView):
queryset = BasicModel.objects.all()
serializer_class = BasicSerializer
authentication_classes = [authentication.BasicAuthentication]
permissions_classes = (permissions.IsAuthenticatedOrOptionsOnly,)
options_view = IsAuthenticatedOrOptionsOnlyAllowedView.as_view()
class IsAuthenticatedOrOptionsOnlyAllowedTests(TestCase):
def setUp(self):
BasicModel(text='foo').save()
User.objects.create_user('username', 'username@example.com', 'password')
def test_options_allowed_if_not_authentificated(self):
self.request = factory.options('/1', format='json')
response = options_view(self.request, pk=1)
self.assertEqual(response.status_code, status.HTTP_200_OK)
def test_options_get_not_allowed_if_not_authentificated(self):
credentials = basic_auth_header('username', 'wrongpassword')
self.request = factory.get('/1', format='json', HTTP_AUTHORIZATION=credentials)
response = options_view(self.request, pk=1)
self.assertEqual(response.status_code, status.HTTP_401_UNAUTHORIZED)
def test_options_get_allowed_if_authentificated(self):
credentials = basic_auth_header('username', 'password')
self.request = factory.get('/1', format='json', HTTP_AUTHORIZATION=credentials)
response = options_view(self.request, pk=1)
self.assertEqual(response.status_code, status.HTTP_200_OK)