1818from django .contrib .auth .models import User , Permission
1919from tastypie .authorization import (Authorization , ReadOnlyAuthorization ,
2020 DjangoAuthorization )
21- from tastypie .exceptions import ImmediateHttpResponse
21+ from tastypie .exceptions import ImmediateHttpResponse , Unauthorized
2222from tastypie .models import ApiKey , create_api_key
2323from tastypie .http import HttpUnauthorized
2424from tastypie .authentication import ApiKeyAuthentication
@@ -45,6 +45,20 @@ def setUp(self):
4545 self .api_user .api_key .key )
4646 self .post_auth = {'HTTP_AUTHORIZATION' : authorization }
4747
48+ def generic_test_authorized (self , method , request , function_list , function_detail ):
49+ bundle = self .resource .build_bundle (request = request )
50+ bundle .request .method = method
51+ self .assertTrue (function_detail (self .resource .get_object_list (bundle .request )[0 ],
52+ bundle ))
53+
54+ def generic_test_unauthorized (self , method , request , function_list , function_detail ):
55+ bundle = self .resource .build_bundle (request = request )
56+ bundle .request .method = method
57+ self .assertRaises (Unauthorized , function_detail ,
58+ self .resource .get_object_list (bundle .request )[0 ], bundle )
59+
60+
61+
4862
4963class ApiKeyAuthenticationTestCase (FixtureTestCase ):
5064
@@ -177,6 +191,8 @@ def setUp(self):
177191 [(k , getattr (env_db1 , k )) for k in self .env1_data .keys ()]
178192 )
179193 self .client = Client ()
194+ self .resource = EnvironmentResource ()
195+ self .auth = self .resource ._meta .authorization
180196
181197 def test_no_perms (self ):
182198 """User() should have only GET permission"""
@@ -186,15 +202,18 @@ def test_no_perms(self):
186202 request = HttpRequest ()
187203 request .method = 'GET'
188204 request .user = self .api_user
205+
206+
189207 # with no permissions, api is read-only
190- self .assertTrue ( EnvironmentResource (). _meta . authorization . is_authorized (
191- request ) )
208+ self .generic_test_authorized ( 'GET' , request , self . auth . read_list ,
209+ self . auth . read_detail )
192210
193- for method in ('POST' , 'PUT' , 'DELETE' ):
194- request .method = method
195- self .assertFalse (
196- EnvironmentResource ()._meta .authorization .is_authorized (request )
197- )
211+ for method , function_list , function_detail in \
212+ (('POST' ,self .auth .create_list , self .auth .create_detail ),
213+ ('PUT' ,self .auth .update_list , self .auth .update_detail ),
214+ ('DELETE' ,self .auth .delete_list , self .auth .delete_detail )):
215+ self .generic_test_unauthorized (method , request , function_list ,
216+ function_detail )
198217
199218 def test_add_perm (self ):
200219 """User() should have add permission granted."""
@@ -203,9 +222,9 @@ def test_add_perm(self):
203222
204223 # give add permission
205224 request .user .user_permissions .add (self .add )
206- request . method = 'POST'
207- self .assertTrue (
208- EnvironmentResource (). _meta . authorization . is_authorized ( request ) )
225+
226+ self .generic_test_authorized ( 'POST' , request , self . auth . create_list ,
227+ self . auth . create_detail )
209228
210229 def test_change_perm (self ):
211230 """User() should have change permission granted."""
@@ -214,9 +233,9 @@ def test_change_perm(self):
214233
215234 # give change permission
216235 request .user .user_permissions .add (self .change )
217- request . method = 'PUT'
218- self .assertTrue (
219- EnvironmentResource (). _meta . authorization . is_authorized ( request ) )
236+
237+ self .generic_test_authorized ( 'PUT' , request , self . auth . update_list ,
238+ self . auth . update_detail )
220239
221240 def test_delete_perm (self ):
222241 """User() should have delete permission granted."""
@@ -225,9 +244,9 @@ def test_delete_perm(self):
225244
226245 # give delete permission
227246 request .user .user_permissions .add (self .delete )
228- request . method = 'DELETE'
229- self .assertTrue (
230- EnvironmentResource (). _meta . authorization . is_authorized ( request ) )
247+
248+ self .generic_test_authorized ( 'DELETE' , request , self . auth . delete_list ,
249+ self . auth . delete_detail )
231250
232251 def test_all (self ):
233252 """User() should have add, change, delete permissions granted."""
@@ -238,12 +257,19 @@ def test_all(self):
238257 request .user .user_permissions .add (self .change )
239258 request .user .user_permissions .add (self .delete )
240259
241- for method in ('GET' , 'OPTIONS' , 'HEAD' , 'POST' , 'PUT' , 'DELETE' ,
242- 'PATCH' ):
243- request .method = method
244- self .assertTrue (
245- EnvironmentResource ()._meta .authorization .is_authorized (request )
246- )
260+ for method , function_list , function_detail in \
261+ (('GET' ,self .auth .read_list , self .auth .read_detail ),
262+ ('OPTIONS' ,self .auth .read_list , self .auth .read_detail ),
263+ ('HEAD' ,self .auth .read_list , self .auth .read_detail ),
264+ ('POST' ,self .auth .create_list , self .auth .create_detail ),
265+ ('PUT' ,self .auth .update_list , self .auth .update_detail ),
266+ ('PATCH' ,self .auth .read_list , self .auth .read_detail ),
267+ ('PATCH' ,self .auth .update_list , self .auth .update_detail ),
268+ ('PATCH' ,self .auth .delete_list , self .auth .delete_detail ),
269+ ('DELETE' ,self .auth .delete_list , self .auth .delete_detail )):
270+ self .generic_test_authorized (method , request , function_list ,
271+ function_detail )
272+
247273
248274 def test_patch_perms (self ):
249275 """User() should have patch (add, change, delete) permissions granted."""
@@ -253,20 +279,22 @@ def test_patch_perms(self):
253279
254280 # Not enough.
255281 request .user .user_permissions .add (self .add )
256- self .assertFalse (
257- EnvironmentResource ()._meta .authorization .is_authorized (request ))
282+ self .generic_test_unauthorized ('PATCH' , request , self .auth .update_list ,
283+ self .auth .update_detail )
284+ self .generic_test_unauthorized ('PATCH' , request , self .auth .delete_list ,
285+ self .auth .delete_detail )
258286
259287 # Still not enough.
260288 request .user .user_permissions .add (self .change )
261- self .assertFalse (
262- EnvironmentResource (). _meta . authorization . is_authorized ( request ) )
289+ self .generic_test_unauthorized ( 'PATCH' , request , self . auth . delete_list ,
290+ self . auth . delete_detail )
263291
264292 # Much better.
265293 request .user .user_permissions .add (self .delete )
266294 # Nuke the perm cache. :/
267295 del request .user ._perm_cache
268- self .assertTrue (
269- EnvironmentResource (). _meta . authorization . is_authorized ( request ) )
296+ self .generic_test_authorized ( 'PATCH' , request , self . auth . delete_list ,
297+ self . auth . delete_detail )
270298
271299 def test_unrecognized_method (self ):
272300 """User() should not have the permission to call non-existent method."""
@@ -276,8 +304,8 @@ def test_unrecognized_method(self):
276304
277305 # Check a non-existent HTTP method.
278306 request .method = 'EXPLODE'
279- self .assertFalse (
280- EnvironmentResource (). _meta . authorization . is_authorized ( request ) )
307+ self .generic_test_unauthorized ( 'EXPLODE' , request , self . auth . update_list ,
308+ self . auth . update_detail )
281309
282310 def test_get_environment (self ):
283311 """Should get an environment when given an existing ID"""
@@ -439,6 +467,8 @@ def setUp(self):
439467 self .project = Project (** self .project_data )
440468 self .project .save ()
441469 self .client = Client ()
470+ self .resource = ProjectResource ()
471+ self .auth = self .resource ._meta .authorization
442472
443473 def test_all (self ):
444474 """User should have all permissions granted."""
@@ -449,13 +479,18 @@ def test_all(self):
449479 request .user .user_permissions .add (self .change )
450480 request .user .user_permissions .add (self .delete )
451481
452- for method in ('GET' , 'OPTIONS' , 'HEAD' , 'POST' , 'PUT' , 'DELETE' ,
453- 'PATCH' ):
454- request .method = method
455- self .assertTrue (
456- ProjectResource ()._meta .authorization .is_authorized (request )
457- )
458-
482+ for method , function_list , function_detail in \
483+ (('GET' ,self .auth .read_list , self .auth .read_detail ),
484+ ('OPTIONS' ,self .auth .read_list , self .auth .read_detail ),
485+ ('HEAD' ,self .auth .read_list , self .auth .read_detail ),
486+ ('POST' ,self .auth .create_list , self .auth .create_detail ),
487+ ('PUT' ,self .auth .update_list , self .auth .update_detail ),
488+ ('PATCH' ,self .auth .read_list , self .auth .read_detail ),
489+ ('PATCH' ,self .auth .update_list , self .auth .update_detail ),
490+ ('PATCH' ,self .auth .delete_list , self .auth .delete_detail ),
491+ ('DELETE' ,self .auth .delete_list , self .auth .delete_detail )):
492+ self .generic_test_authorized (method , request , function_list ,
493+ function_detail )
459494 def test_get_project (self ):
460495 """Should get an existing project"""
461496 response = self .client .get ('/api/v1/project/{0}/' .format (
0 commit comments