mirror of
https://github.com/encode/django-rest-framework.git
synced 2024-11-25 11:04:02 +03:00
parent
f8a03b096b
commit
e7af8d662b
|
@ -1,7 +1,8 @@
|
||||||
from django.urls import path
|
from django.urls import path
|
||||||
|
|
||||||
from .views import MockView
|
from .views import BasicModelWithUsersViewSet, MockView
|
||||||
|
|
||||||
urlpatterns = [
|
urlpatterns = [
|
||||||
path('', MockView.as_view()),
|
path('', MockView.as_view()),
|
||||||
|
path('basicviewset', BasicModelWithUsersViewSet.as_view({'get': 'list'})),
|
||||||
]
|
]
|
||||||
|
|
8
tests/browsable_api/serializers.py
Normal file
8
tests/browsable_api/serializers.py
Normal file
|
@ -0,0 +1,8 @@
|
||||||
|
from rest_framework.serializers import ModelSerializer
|
||||||
|
from tests.models import BasicModelWithUsers
|
||||||
|
|
||||||
|
|
||||||
|
class BasicSerializer(ModelSerializer):
|
||||||
|
class Meta:
|
||||||
|
model = BasicModelWithUsers
|
||||||
|
fields = '__all__'
|
|
@ -1,8 +1,35 @@
|
||||||
from django.contrib.auth.models import User
|
from django.contrib.auth.models import User
|
||||||
from django.test import TestCase, override_settings
|
from django.test import TestCase, override_settings
|
||||||
|
|
||||||
|
from rest_framework.permissions import IsAuthenticated
|
||||||
from rest_framework.test import APIClient
|
from rest_framework.test import APIClient
|
||||||
|
|
||||||
|
from .views import BasicModelWithUsersViewSet, OrganizationPermissions
|
||||||
|
|
||||||
|
|
||||||
|
@override_settings(ROOT_URLCONF='tests.browsable_api.no_auth_urls')
|
||||||
|
class AnonymousUserTests(TestCase):
|
||||||
|
"""Tests correct handling of anonymous user request on endpoints with IsAuthenticated permission class."""
|
||||||
|
|
||||||
|
def setUp(self):
|
||||||
|
self.client = APIClient(enforce_csrf_checks=True)
|
||||||
|
|
||||||
|
def tearDown(self):
|
||||||
|
self.client.logout()
|
||||||
|
|
||||||
|
def test_get_raises_typeerror_when_anonymous_user_in_queryset_filter(self):
|
||||||
|
with self.assertRaises(TypeError):
|
||||||
|
self.client.get('/basicviewset')
|
||||||
|
|
||||||
|
def test_get_returns_http_forbidden_when_anonymous_user(self):
|
||||||
|
old_permissions = BasicModelWithUsersViewSet.permission_classes
|
||||||
|
BasicModelWithUsersViewSet.permission_classes = [IsAuthenticated, OrganizationPermissions]
|
||||||
|
|
||||||
|
response = self.client.get('/basicviewset')
|
||||||
|
|
||||||
|
BasicModelWithUsersViewSet.permission_classes = old_permissions
|
||||||
|
self.assertEqual(response.status_code, 403)
|
||||||
|
|
||||||
|
|
||||||
@override_settings(ROOT_URLCONF='tests.browsable_api.auth_urls')
|
@override_settings(ROOT_URLCONF='tests.browsable_api.auth_urls')
|
||||||
class DropdownWithAuthTests(TestCase):
|
class DropdownWithAuthTests(TestCase):
|
||||||
|
|
|
@ -1,6 +1,16 @@
|
||||||
from rest_framework import authentication, renderers
|
from rest_framework import authentication, renderers
|
||||||
|
from rest_framework.permissions import BasePermission
|
||||||
from rest_framework.response import Response
|
from rest_framework.response import Response
|
||||||
from rest_framework.views import APIView
|
from rest_framework.views import APIView
|
||||||
|
from rest_framework.viewsets import ModelViewSet
|
||||||
|
|
||||||
|
from ..models import BasicModelWithUsers
|
||||||
|
from .serializers import BasicSerializer
|
||||||
|
|
||||||
|
|
||||||
|
class OrganizationPermissions(BasePermission):
|
||||||
|
def has_object_permission(self, request, view, obj):
|
||||||
|
return request.user.is_staff or (request.user == obj.owner.organization_user.user)
|
||||||
|
|
||||||
|
|
||||||
class MockView(APIView):
|
class MockView(APIView):
|
||||||
|
@ -9,3 +19,15 @@ class MockView(APIView):
|
||||||
|
|
||||||
def get(self, request):
|
def get(self, request):
|
||||||
return Response({'a': 1, 'b': 2, 'c': 3})
|
return Response({'a': 1, 'b': 2, 'c': 3})
|
||||||
|
|
||||||
|
|
||||||
|
class BasicModelWithUsersViewSet(ModelViewSet):
|
||||||
|
queryset = BasicModelWithUsers.objects.all()
|
||||||
|
serializer_class = BasicSerializer
|
||||||
|
permission_classes = [OrganizationPermissions]
|
||||||
|
# permission_classes = [IsAuthenticated, OrganizationPermissions]
|
||||||
|
renderer_classes = (renderers.BrowsableAPIRenderer, renderers.JSONRenderer)
|
||||||
|
|
||||||
|
def get_queryset(self):
|
||||||
|
qs = super().get_queryset().filter(users=self.request.user)
|
||||||
|
return qs
|
||||||
|
|
|
@ -1,5 +1,6 @@
|
||||||
import uuid
|
import uuid
|
||||||
|
|
||||||
|
from django.contrib.auth.models import User
|
||||||
from django.db import models
|
from django.db import models
|
||||||
from django.utils.translation import gettext_lazy as _
|
from django.utils.translation import gettext_lazy as _
|
||||||
|
|
||||||
|
@ -33,6 +34,10 @@ class ManyToManySource(RESTFrameworkModel):
|
||||||
targets = models.ManyToManyField(ManyToManyTarget, related_name='sources')
|
targets = models.ManyToManyField(ManyToManyTarget, related_name='sources')
|
||||||
|
|
||||||
|
|
||||||
|
class BasicModelWithUsers(RESTFrameworkModel):
|
||||||
|
users = models.ManyToManyField(User)
|
||||||
|
|
||||||
|
|
||||||
# ForeignKey
|
# ForeignKey
|
||||||
class ForeignKeyTarget(RESTFrameworkModel):
|
class ForeignKeyTarget(RESTFrameworkModel):
|
||||||
name = models.CharField(max_length=100)
|
name = models.CharField(max_length=100)
|
||||||
|
|
Loading…
Reference in New Issue
Block a user