Hopiu/django-admin2
1
0
Fork 0
mirror of https://github.com/jazzband/django-admin2.git synced 2026-04-25 09:04:45 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

Fix permission denied errors for API views.

Browse source
This commit is contained in:
Gregor Müllegger 2013-05-26 17:09:22 +02:00
parent 42d89a7585
commit c0a3df680c
2 changed files with 10 additions and 7 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
djadmin2/apiviews.py
View file

@ -19,6 +19,8 @@ class Admin2APISerializer(serializers.HyperlinkedModelSerializer):
class Admin2APIMixin(Admin2Mixin):
raise_exception = True
def get_serializer_class(self):
if self.serializer_class is None:
model_class = self.get_model()

15
example/blog/tests/test_apiviews.py
View file

@ -1,4 +1,5 @@
from django.contrib.auth.models import User
from django.contrib.auth.models import AnonymousUser, User
from django.core.exceptions import PermissionDenied
from django.core.urlresolvers import reverse
from django.test import TestCase
from django.test.client import RequestFactory
@ -34,9 +35,9 @@ class IndexAPIViewTest(APITestCase):
def test_view_permission(self):
request = self.factory.get(reverse('admin2:api-index'))
request.user = AnonymousUser()
view = apiviews.IndexAPIView.as_view(**default.get_api_index_kwargs())
response = view(request)
self.assertEqual(response.status_code, 403)
self.assertRaises(PermissionDenied, view, request)
class ListCreateAPIViewTest(APITestCase):
def test_response_ok(self):
@ -50,11 +51,11 @@ class ListCreateAPIViewTest(APITestCase):
def test_view_permission(self):
request = self.factory.get(reverse('admin2:blog_post_api-list'))
request.user = AnonymousUser()
model_admin = self.get_model_admin(Post)
view = apiviews.ListCreateAPIView.as_view(
**model_admin.get_api_list_kwargs())
response = view(request)
self.assertEqual(response.status_code, 403)
self.assertRaises(PermissionDenied, view, request)
def test_list_includes_unicode_field(self):
Post.objects.create(title='Foo', body='Bar')
@ -107,8 +108,8 @@ class RetrieveUpdateDestroyAPIViewTest(APITestCase):
request = self.factory.get(
reverse('admin2:blog_post_api-detail',
kwargs={'pk': post.pk}))
request.user = AnonymousUser()
model_admin = self.get_model_admin(Post)
view = apiviews.RetrieveUpdateDestroyAPIView.as_view(
**model_admin.get_api_detail_kwargs())
response = view(request, pk=post.pk)
self.assertEqual(response.status_code, 403)
self.assertRaises(PermissionDenied, view, request, pk=post.pk)