I am working on a app where there are custom permissions for the users of event who created the event.
How can I test the permissions using pytest and django-rest-framework testing tools?
the custom permission
from rest_framework import permissions
class EventPermission(permissions.BasePermission):
def has_permission(self, request, view):
if view.action == 'list':
return request.user.is_authenticated() and request.user.is_admin
elif view.action == 'create':
return True
elif view.action in ['retrieve', 'update', 'partial_update', 'destroy']:
return True
else:
return False
def has_object_permission(self, request, view, obj):
if view.action == 'retrieve':
return request.user.is_authenticated() and (obj == request.user or request.user.is_admin)
elif view.action in ['update', 'partial_update']:
return request.user.is_authenticated() and (obj == request.user or request.user.is_admin)
elif view.action == 'destroy':
return request.user.is_authenticated() and request.user.is_admin
else:
return False
And the viewset
class EventViewSet(viewsets.ModelViewSet):
"""
This viewset automatically provides `list`, `create`, `retrieve`,
`update` and `destroy` actions.
Additionally we also provide an extra `highlight` action.
"""
queryset = Event.objects.all()
serializer_class = EventSerializer
permission_classes = (IsAuthenticatedOrReadOnly, IsAdminUser, EventPermission)
filter_backends = (filters.SearchFilter, DjangoFilterBackend,)
filter_fields = ('title', 'description', 'start_date', 'categories', 'location')
search_fields = ('title', 'description', 'start_date', 'categories', 'location')