paradizelost/paperless-ngx
1
0
Fork 0
mirror of https://github.com/paperless-ngx/paperless-ngx.git synced 2025-07-28 18:24:38 -05:00
Code Issues Packages Projects Releases Wiki Activity

API object permissions retrieval, grant and revoke

Browse Source
This commit is contained in:
Michael Shamoon
2022-12-06 01:45:33 -08:00
parent c72f295ed6
commit c0bf77f2f8
3 changed files with 182 additions and 11 deletions
Download Patch File Download Diff File Expand all files Collapse all files

26
src/documents/tests/test_api.py
View File

@@ -2549,8 +2549,6 @@ class TestApiAuth(DirectoriesMixin, APITestCase):
self.assertEqual(self.client.get("/api/documents/").status_code, 403)
self.assertEqual(self.client.get(f"/api/documents/{d.id}/").status_code, 403)
self.assertEqual(self.client.get("/api/tags/").status_code, 403)
self.assertEqual(self.client.get("/api/correspondents/").status_code, 403)
self.assertEqual(self.client.get("/api/document_types/").status_code, 403)
@@ -2567,8 +2565,6 @@ class TestApiAuth(DirectoriesMixin, APITestCase):
self.assertEqual(self.client.get("/api/documents/").status_code, 200)
self.assertEqual(self.client.get(f"/api/documents/{d.id}/").status_code, 200)
self.assertEqual(self.client.get("/api/tags/").status_code, 200)
self.assertEqual(self.client.get("/api/correspondents/").status_code, 200)
self.assertEqual(self.client.get("/api/document_types/").status_code, 200)
@@ -2576,6 +2572,28 @@ class TestApiAuth(DirectoriesMixin, APITestCase):
self.assertEqual(self.client.get("/api/logs/").status_code, 200)
self.assertEqual(self.client.get("/api/saved_views/").status_code, 200)
def test_object_permissions(self):
user1 = User.objects.create_user(username="test1")
user2 = User.objects.create_user(username="test2")
user1.user_permissions.add(*Permission.objects.filter(codename="view_document"))
self.client.force_authenticate(user1)
self.assertEqual(self.client.get("/api/documents/").status_code, 200)
d = Document.objects.create(title="Test", content="the content 1", checksum="1")
# no owner
self.assertEqual(self.client.get(f"/api/documents/{d.id}/").status_code, 200)
d2 = Document.objects.create(
title="Test 2",
content="the content 2",
checksum="2",
owner=user2,
)
self.assertEqual(self.client.get(f"/api/documents/{d2.id}/").status_code, 404)
class TestApiRemoteVersion(DirectoriesMixin, APITestCase):
ENDPOINT = "/api/remote_version/"