added unittests for permission check of exposing actions via OPTIONS

7f1cc82f · Nikolaus Schlemm · 5ab7cc6e · 7f1cc82f
Commit 7f1cc82f authored May 18, 2013 by Nikolaus Schlemm
Hide whitespace changes
Inline Side-by-side

Showing with 45 additions and 0 deletions

rest_framework/tests/permissions.py
+45 -0

No files found.
--- a/rest_framework/tests/permissions.py
+++ b/rest_framework/tests/permissions.py
@@ -108,6 +108,51 @@ class ModelPermissionsIntegrationTests(TestCase):
        response = instance_view(request, pk='2')
        self.assertEqual(response.status_code, status.HTTP_403_FORBIDDEN)
+    def test_options_permitted(self):
+        request = factory.options('/', content_type='application/json',
+                               HTTP_AUTHORIZATION=self.permitted_credentials)
+        response = root_view(request, pk='1')
+        self.assertEqual(response.status_code, status.HTTP_200_OK)
+        self.assertIn('actions', response.data)
+        self.assertEquals(response.data['actions'].keys(), ['POST', 'GET',])
+        request = factory.options('/1', content_type='application/json',
+                               HTTP_AUTHORIZATION=self.permitted_credentials)
+        response = instance_view(request, pk='1')
+        self.assertEqual(response.status_code, status.HTTP_200_OK)
+        self.assertIn('actions', response.data)
+        self.assertEquals(response.data['actions'].keys(), ['PUT', 'PATCH', 'DELETE', 'GET',])
+    def test_options_disallowed(self):
+        request = factory.options('/', content_type='application/json',
+                               HTTP_AUTHORIZATION=self.disallowed_credentials)
+        response = root_view(request, pk='1')
+        self.assertEqual(response.status_code, status.HTTP_200_OK)
+        self.assertIn('actions', response.data)
+        self.assertEquals(response.data['actions'].keys(), ['GET',])
+        request = factory.options('/1', content_type='application/json',
+                               HTTP_AUTHORIZATION=self.disallowed_credentials)
+        response = instance_view(request, pk='1')
+        self.assertEqual(response.status_code, status.HTTP_200_OK)
+        self.assertIn('actions', response.data)
+        self.assertEquals(response.data['actions'].keys(), ['GET',])
+    def test_options_updateonly(self):
+        request = factory.options('/', content_type='application/json',
+                               HTTP_AUTHORIZATION=self.updateonly_credentials)
+        response = root_view(request, pk='1')
+        self.assertEqual(response.status_code, status.HTTP_200_OK)
+        self.assertIn('actions', response.data)
+        self.assertEquals(response.data['actions'].keys(), ['GET',])
+        request = factory.options('/1', content_type='application/json',
+                               HTTP_AUTHORIZATION=self.updateonly_credentials)
+        response = instance_view(request, pk='1')
+        self.assertEqual(response.status_code, status.HTTP_200_OK)
+        self.assertIn('actions', response.data)
+        self.assertEquals(response.data['actions'].keys(), ['PUT', 'PATCH', 'GET',])
 class OwnerModel(models.Model):
    text = models.CharField(max_length=100)