paradizelost/paperless-ngx
1
0
Fork 0
mirror of https://github.com/paperless-ngx/paperless-ngx.git synced 2025-07-28 18:24:38 -05:00
Code Issues Packages Projects Releases Wiki Activity

add api permissions test

Browse Source
This commit is contained in:
Michael Shamoon
2022-11-24 14:26:32 -08:00
parent 9d4e59423a
commit bc2b36234c
3 changed files with 44 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

36
src/documents/tests/test_api.py
View File

@@ -20,6 +20,7 @@ except ImportError:
import pytest
from django.conf import settings
from django.contrib.auth.models import Group
from django.contrib.auth.models import Permission
from django.contrib.auth.models import User
from django.test import override_settings
from django.utils import timezone
@@ -2540,6 +2541,41 @@ class TestApiAuth(DirectoriesMixin, APITestCase):
self.assertIn("X-Api-Version", response)
self.assertIn("X-Version", response)
def test_api_insufficient_permissions(self):
user = User.objects.create_user(username="test")
self.client.force_authenticate(user)
d = Document.objects.create(title="Test")
self.assertEqual(self.client.get("/api/documents/").status_code, 403)
self.assertEqual(self.client.get(f"/api/documents/{d.id}/").status_code, 403)
self.assertEqual(self.client.get("/api/tags/").status_code, 403)
self.assertEqual(self.client.get("/api/correspondents/").status_code, 403)
self.assertEqual(self.client.get("/api/document_types/").status_code, 403)
self.assertEqual(self.client.get("/api/logs/").status_code, 403)
self.assertEqual(self.client.get("/api/saved_views/").status_code, 403)
def test_api_sufficient_permissions(self):
user = User.objects.create_user(username="test")
user.user_permissions.add(*Permission.objects.all())
self.client.force_authenticate(user)
d = Document.objects.create(title="Test")
self.assertEqual(self.client.get("/api/documents/").status_code, 200)
self.assertEqual(self.client.get(f"/api/documents/{d.id}/").status_code, 200)
self.assertEqual(self.client.get("/api/tags/").status_code, 200)
self.assertEqual(self.client.get("/api/correspondents/").status_code, 200)
self.assertEqual(self.client.get("/api/document_types/").status_code, 200)
self.assertEqual(self.client.get("/api/logs/").status_code, 200)
self.assertEqual(self.client.get("/api/saved_views/").status_code, 200)
class TestApiRemoteVersion(DirectoriesMixin, APITestCase):
ENDPOINT = "/api/remote_version/"