| 12345678910111213141516171819202122232425262728293031323334 |
- from rest_framework import status
- from desecapi.tests.base import DomainOwnerTestCase
- class TokenPoliciesTestCase(DomainOwnerTestCase):
- def setUp(self):
- super().setUp()
- self.client.credentials() # remove default credential (corresponding to domain owner)
- self.token_manage = self.create_token(self.owner, perm_manage_tokens=True)
- self.other_token = self.create_token(self.user)
- def test_policies(self):
- url = DomainOwnerTestCase.reverse(
- "v1:token-policies-root", token_id=self.token.id
- )
- kwargs = {}
- response = self.client.get(url, **kwargs)
- self.assertStatus(response, status.HTTP_401_UNAUTHORIZED)
- kwargs.update(HTTP_AUTHORIZATION=f"Token {self.token_manage.plain}")
- response = self.client.get(url, **kwargs)
- self.assertStatus(response, status.HTTP_200_OK)
- kwargs.update(HTTP_AUTHORIZATION=f"Token {self.token.plain}")
- response = self.client.get(url, **kwargs)
- self.assertStatus(response, status.HTTP_200_OK)
- url = DomainOwnerTestCase.reverse(
- "v1:token-policies-root", token_id=self.token_manage.id
- )
- response = self.client.get(url, **kwargs)
- self.assertStatus(response, status.HTTP_403_FORBIDDEN)
|
