Changeset View
Changeset View
Standalone View
Standalone View
swh/deposit/tests/api/test_collection.py
# Copyright (C) 2017-2021 The Software Heritage developers | # Copyright (C) 2017-2021 The Software Heritage developers | ||||
# See the AUTHORS file at the top-level directory of this distribution | # See the AUTHORS file at the top-level directory of this distribution | ||||
# License: GNU General Public License version 3, or any later version | # License: GNU General Public License version 3, or any later version | ||||
# See top-level LICENSE file for more information | # See top-level LICENSE file for more information | ||||
import hashlib | import hashlib | ||||
from io import BytesIO | from io import BytesIO | ||||
from django.urls import reverse_lazy as reverse | from django.urls import reverse_lazy as reverse | ||||
from rest_framework import status | from rest_framework import status | ||||
from swh.deposit.config import COL_IRI, DEPOSIT_STATUS_REJECTED | from swh.deposit.config import COL_IRI, DEPOSIT_STATUS_REJECTED | ||||
from swh.deposit.parsers import parse_xml | from swh.deposit.parsers import parse_xml | ||||
def test_deposit_post_will_fail_with_401(client): | def test_deposit_post_will_fail_with_401(unauthorized_client): | ||||
"""Without authentication, endpoint refuses access with 401 response | """Without authentication, endpoint refuses access with 401 response | ||||
""" | """ | ||||
url = reverse(COL_IRI, args=["hal"]) | url = reverse(COL_IRI, args=["hal"]) | ||||
response = client.post(url) | response = unauthorized_client.post(url) | ||||
assert response.status_code == status.HTTP_401_UNAUTHORIZED | assert response.status_code == status.HTTP_401_UNAUTHORIZED | ||||
def test_deposit_post_insufficient_permission(insufficient_perm_client): | |||||
"""With connection ok but insufficient permission, endpoint refuses access""" | |||||
url = reverse(COL_IRI, args=["hal"]) | |||||
response = insufficient_perm_client.post(url) | |||||
assert response.status_code == status.HTTP_403_FORBIDDEN | |||||
assert b"permission" in response.content | |||||
def test_access_to_another_user_collection_is_forbidden( | def test_access_to_another_user_collection_is_forbidden( | ||||
authenticated_client, deposit_another_collection, deposit_user | authenticated_client, deposit_another_collection, deposit_user | ||||
): | ): | ||||
"""Access to another user collection should return a 403 | """Access to another user collection should return a 403 | ||||
""" | """ | ||||
coll2 = deposit_another_collection | coll2 = deposit_another_collection | ||||
url = reverse(COL_IRI, args=[coll2.name]) | url = reverse(COL_IRI, args=[coll2.name]) | ||||
▲ Show 20 Lines • Show All 43 Lines • Show Last 20 Lines |