|
1 | 1 | import unittest |
2 | 2 |
|
3 | 3 | from django.conf.urls import include, url |
| 4 | +from django.core.exceptions import PermissionDenied |
| 5 | +from django.http import Http404 |
4 | 6 | from django.test import TestCase, override_settings |
5 | 7 |
|
6 | 8 | from rest_framework import filters, pagination, permissions, serializers |
7 | 9 | from rest_framework.compat import coreapi |
8 | 10 | from rest_framework.decorators import detail_route, list_route |
| 11 | +from rest_framework.request import Request |
9 | 12 | from rest_framework.routers import DefaultRouter |
10 | 13 | from rest_framework.schemas import SchemaGenerator, get_schema_view |
11 | | -from rest_framework.test import APIClient |
| 14 | +from rest_framework.test import APIClient, APIRequestFactory |
12 | 15 | from rest_framework.views import APIView |
13 | 16 | from rest_framework.viewsets import ModelViewSet |
14 | 17 |
|
| 18 | +factory = APIRequestFactory() |
| 19 | + |
15 | 20 |
|
16 | 21 | class MockUser(object): |
17 | 22 | def is_authenticated(self): |
@@ -215,6 +220,32 @@ def test_authenticated_request(self): |
215 | 220 | self.assertEqual(response.data, expected) |
216 | 221 |
|
217 | 222 |
|
| 223 | +class DenyAllUsingHttp404(permissions.BasePermission): |
| 224 | + |
| 225 | + def has_permission(self, request, view): |
| 226 | + raise Http404() |
| 227 | + |
| 228 | + def has_object_permission(self, request, view, obj): |
| 229 | + raise Http404() |
| 230 | + |
| 231 | + |
| 232 | +class DenyAllUsingPermissionDenied(permissions.BasePermission): |
| 233 | + |
| 234 | + def has_permission(self, request, view): |
| 235 | + raise PermissionDenied() |
| 236 | + |
| 237 | + def has_object_permission(self, request, view, obj): |
| 238 | + raise PermissionDenied() |
| 239 | + |
| 240 | + |
| 241 | +class Http404ExampleViewSet(ExampleViewSet): |
| 242 | + permission_classes = [DenyAllUsingHttp404] |
| 243 | + |
| 244 | + |
| 245 | +class PermissionDeniedExampleViewSet(ExampleViewSet): |
| 246 | + permission_classes = [DenyAllUsingPermissionDenied] |
| 247 | + |
| 248 | + |
218 | 249 | class ExampleListView(APIView): |
219 | 250 | permission_classes = [permissions.IsAuthenticatedOrReadOnly] |
220 | 251 |
|
@@ -337,6 +368,41 @@ def test_schema_for_regular_views(self): |
337 | 368 | self.assertEqual(schema, expected) |
338 | 369 |
|
339 | 370 |
|
| 371 | +@unittest.skipUnless(coreapi, 'coreapi is not installed') |
| 372 | +class TestSchemaGeneratorWithRestrictedViewSets(TestCase): |
| 373 | + def setUp(self): |
| 374 | + router = DefaultRouter() |
| 375 | + router.register('example1', Http404ExampleViewSet, base_name='example1') |
| 376 | + router.register('example2', PermissionDeniedExampleViewSet, base_name='example2') |
| 377 | + self.patterns = [ |
| 378 | + url('^example/?$', ExampleListView.as_view()), |
| 379 | + url(r'^', include(router.urls)) |
| 380 | + ] |
| 381 | + |
| 382 | + def test_schema_for_regular_views(self): |
| 383 | + """ |
| 384 | + Ensure that schema generation works for ViewSet classes |
| 385 | + with permission classes raising exceptions. |
| 386 | + """ |
| 387 | + generator = SchemaGenerator(title='Example API', patterns=self.patterns) |
| 388 | + request = factory.get('/') |
| 389 | + schema = generator.get_schema(Request(request)) |
| 390 | + expected = coreapi.Document( |
| 391 | + url='', |
| 392 | + title='Example API', |
| 393 | + content={ |
| 394 | + 'example': { |
| 395 | + 'list': coreapi.Link( |
| 396 | + url='/example/', |
| 397 | + action='get', |
| 398 | + fields=[] |
| 399 | + ), |
| 400 | + }, |
| 401 | + } |
| 402 | + ) |
| 403 | + self.assertEqual(schema, expected) |
| 404 | + |
| 405 | + |
340 | 406 | @unittest.skipUnless(coreapi, 'coreapi is not installed') |
341 | 407 | class Test4605Regression(TestCase): |
342 | 408 | def test_4605_regression(self): |
|
0 commit comments