test_api_permissions.py 2.7 KB

12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061626364656667686970
  1. from django.urls import reverse
  2. from model_bakery import baker
  3. from glitchtip.test_utils.test_case import APIPermissionTestCase
  4. from organizations_ext.models import OrganizationUserRole
  5. class AlertsAPIPermissionTests(APIPermissionTestCase):
  6. def setUp(self):
  7. self.create_user_org()
  8. self.set_client_credentials(self.auth_token.token)
  9. self.team = baker.make("teams.Team", organization=self.organization)
  10. self.team.members.add(self.org_user)
  11. self.project = baker.make("projects.Project", organization=self.organization)
  12. self.project.team_set.add(self.team)
  13. self.alert = baker.make("alerts.ProjectAlert", project=self.project)
  14. self.list_url = reverse(
  15. "project-alerts-list",
  16. kwargs={"project_pk": self.organization.slug + "/" + self.project.slug},
  17. )
  18. self.detail_url = reverse(
  19. "project-alerts-detail",
  20. kwargs={
  21. "project_pk": self.organization.slug + "/" + self.project.slug,
  22. "pk": self.alert.pk,
  23. },
  24. )
  25. def test_list(self):
  26. self.assertGetReqStatusCode(self.list_url, 403)
  27. self.auth_token.add_permission("project:read")
  28. self.assertGetReqStatusCode(self.list_url, 200)
  29. def test_retrieve(self):
  30. self.assertGetReqStatusCode(self.detail_url, 403)
  31. self.auth_token.add_permission("project:read")
  32. self.assertGetReqStatusCode(self.detail_url, 200)
  33. def test_create(self):
  34. self.auth_token.add_permission("project:read")
  35. data = {"timespan_minutes": 1, "quantity": 1}
  36. self.assertPostReqStatusCode(self.list_url, data, 403)
  37. self.auth_token.add_permission("project:write")
  38. self.assertPostReqStatusCode(self.list_url, data, 201)
  39. def test_destroy(self):
  40. self.auth_token.add_permissions(["project:read", "project:write"])
  41. self.assertDeleteReqStatusCode(self.detail_url, 403)
  42. self.auth_token.add_permission("project:admin")
  43. self.assertDeleteReqStatusCode(self.detail_url, 204)
  44. def test_user_destroy(self):
  45. self.client.force_login(self.user)
  46. self.set_user_role(OrganizationUserRole.MEMBER)
  47. self.assertDeleteReqStatusCode(self.detail_url, 403)
  48. self.set_user_role(OrganizationUserRole.OWNER)
  49. self.assertDeleteReqStatusCode(self.detail_url, 204)
  50. def test_update(self):
  51. self.auth_token.add_permission("project:read")
  52. data = {"timespan_minutes": 1, "quantity": 1}
  53. self.assertPutReqStatusCode(self.detail_url, data, 403)
  54. self.auth_token.add_permission("project:write")
  55. self.assertPutReqStatusCode(self.detail_url, data, 200)