diff --git a/djangoldp/permissions.py b/djangoldp/permissions.py
index e61b11ae9be744f392b80fd711bf2eb229bef333..00f75d11e97aa551367d123d963735c7cd70a310 100644
--- a/djangoldp/permissions.py
+++ b/djangoldp/permissions.py
@@ -81,13 +81,15 @@ class AnonymousReadOnly(WACPermissions):
def has_permission(self, request, view):
if view.action in ['list', 'retrieve']:
return True
+ elif view.action == 'create' and request.user.is_authenticated():
+ return True
else:
return super().has_permission(request, view)
def has_object_permission(self, request, view, obj):
if view.action == "create" and request.user.is_authenticated():
return True
- elif view.action == "retrieve":
+ elif view.action == ["list", "retrieve"]:
return True
elif view.action in ['update', 'partial_update', 'destroy']:
if hasattr(obj._meta, 'auto_author'):
diff --git a/djangoldp/tests/tests_anonymous_permissions.py b/djangoldp/tests/tests_anonymous_permissions.py
index 0e7f59c28169dae87b15420eb1ebf39ce70e9f69..79db62f3b40f18e55ac48f2d74b7ad2bfa06115d 100644
--- a/djangoldp/tests/tests_anonymous_permissions.py
+++ b/djangoldp/tests/tests_anonymous_permissions.py
@@ -1,5 +1,6 @@
from django.contrib.auth.models import AnonymousUser
-from django.test import TestCase, RequestFactory
+from django.test import TestCase
+from rest_framework.test import APIRequestFactory
from guardian.shortcuts import get_anonymous_user
@@ -7,49 +8,45 @@ from djangoldp.permissions import AnonymousReadOnly
from djangoldp.tests.models import JobOffer
from djangoldp.views import LDPViewSet
+import json
class TestAnonymousUserPermissions(TestCase):
def setUp(self):
- self.factory = RequestFactory()
+ self.factory = APIRequestFactory()
self.user = get_anonymous_user()
self.job = JobOffer.objects.create(title="job")
- def test_get_request_with_anonymousUser(self):
+ def test_get_request_for_anonymousUser(self):
request = self.factory.get("/job-offers/")
request.user = self.user
my_view = LDPViewSet.as_view({'get': 'list'},
model=JobOffer,
nested_fields=["skills"],
- permission_classes=(AnonymousReadOnly,))
+ permission_classes=[AnonymousReadOnly])
response = my_view(request)
self.assertEqual(response.status_code, 200)
- def test_post_request_with_anonymousUser(self):
- request = self.factory.post("/job-offers/")
- request.user = self.user
- my_view = LDPViewSet.as_view({'post': 'create'},
- model=JobOffer,
- nested_fields=["skills"],
- permission_classes=(AnonymousReadOnly,))
- response = my_view(request)
+ def test_post_request_for_anonymousUser(self):
+ data = {'title': 'new idea'}
+ request = self.factory.post('/job-offers/', json.dumps(data), content_type='application/ld+json')
+ my_view = LDPViewSet.as_view({'post': 'create'}, model=JobOffer, nested_fields=["skills"], permission_classes=[AnonymousReadOnly])
+ response = my_view(request, pk=1)
self.assertEqual(response.status_code, 403)
- def test_put_request_with_anonymousUser(self):
+ def test_put_request_for_anonymousUser(self):
request = self.factory.put("/job-offers/")
- request.user = self.user
my_view = LDPViewSet.as_view({'put': 'update'},
model=JobOffer,
nested_fields=["skills"],
- permission_classes=(AnonymousReadOnly,))
+ permission_classes=[AnonymousReadOnly])
response = my_view(request, pk=self.job.pk)
self.assertEqual(response.status_code, 403)
- def test_patch_request_with_anonymousUser(self):
+ def test_patch_request_for_anonymousUser(self):
request = self.factory.patch("/job-offers/")
- request.user = self.user
my_view = LDPViewSet.as_view({'patch': 'partial_update'},
model=JobOffer,
nested_fields=["skills"],
- permission_classes=(AnonymousReadOnly,))
+ permission_classes=[AnonymousReadOnly])
response = my_view(request, pk=self.job.pk)
self.assertEqual(response.status_code, 403)
\ No newline at end of file
diff --git a/djangoldp/tests/tests_user_permissions.py b/djangoldp/tests/tests_user_permissions.py
index cbe38c43fb65b2c97c9f6f278b241ecd13a43953..9f510926f6146eb85dc3934df149cd1308f33988 100644
--- a/djangoldp/tests/tests_user_permissions.py
+++ b/djangoldp/tests/tests_user_permissions.py
@@ -1,47 +1,49 @@
from django.contrib.auth.models import User
-from django.test import TestCase, RequestFactory
+from rest_framework.test import APIRequestFactory, APIClient, APITestCase
from djangoldp.permissions import AnonymousReadOnly
-from djangoldp.tests.models import JobOffer
+from .models import JobOffer
from djangoldp.views import LDPViewSet
+import json
+
+class TestUserPermissions(APITestCase):
-class TestUserPermissions(TestCase):
def setUp(self):
- self.factory = RequestFactory()
+ self.factory = APIRequestFactory()
+ self.client = APIClient()
self.user = User.objects.create_user(username='john', email='jlennon@beatles.com', password='glass onion')
self.job = JobOffer.objects.create(title="job")
def tearDown(self):
self.user.delete()
- def test_get_with_user(self):
+ def test_get_for_authenticated_user(self):
request = self.factory.get('/job-offers/')
request.user = self.user
- my_view = LDPViewSet.as_view({'get': 'list'}, model=JobOffer, nested_fields=["skills"],
- permission_classes=[AnonymousReadOnly])
- response = my_view(request)
- self.assertEqual(response.status_code, 200)
-
- def test_post_request_with_user(self):
- request = self.factory.options('/job-offers/')
- request.user = self.user
- my_view = LDPViewSet.as_view({'post': 'create'}, model=JobOffer, nested_fields=["skills"],
- permission_classes=[AnonymousReadOnly])
+ my_view = LDPViewSet.as_view({'get': 'list'}, model=JobOffer, permission_classes=[AnonymousReadOnly])
response = my_view(request)
self.assertEqual(response.status_code, 200)
- def test_put_request_with_user(self):
- request = self.factory.options('/job-offers/' + str(self.job.pk) + "/")
- request.user = self.user
- my_view = LDPViewSet.as_view({'put': 'update'}, model=JobOffer, nested_fields=["skills"],
- permission_classes=[AnonymousReadOnly])
- response = my_view(request, pk=self.job.pk)
- self.assertEqual(response.status_code, 200)
-
- def test_request_patch_with_user(self):
- request = self.factory.options('/job-offers/' + str(self.job.pk) + "/")
+ def test_post_request_for_authenticated_user(self):
+ data = {'title': 'new idea'}
+ request = self.factory.post('/job-offers/', json.dumps(data), content_type='application/ld+json')
request.user = self.user
- my_view = LDPViewSet.as_view({'patch': 'partial_update'}, model=JobOffer, nested_fields=["skills"])
- response = my_view(request, pk=self.job.pk)
- self.assertEqual(response.status_code, 200)
\ No newline at end of file
+ my_view = LDPViewSet.as_view({'post': 'create'}, model=JobOffer, nested_fields=["skills"], permission_classes=[AnonymousReadOnly])
+ response = my_view(request, pk=1)
+ self.assertEqual(response.status_code, 201)
+
+ # def test_put_request_for_authenticated_user(self):
+ # data = {'title':"job_updated"}
+ # request = self.factory.put('/job-offers/' + str(self.job.pk) + "/", data)
+ # request.user = self.user
+ # my_view = LDPViewSet.as_view({'put': 'update'}, model=JobOffer, permission_classes=[AnonymousReadOnly])
+ # response = my_view(request, pk=self.job.pk)
+ # self.assertEqual(response.status_code, 200)
+ #
+ # def test_request_patch_for_authenticated_user(self):
+ # request = self.factory.patch('/job-offers/' + str(self.job.pk) + "/")
+ # request.user = self.user
+ # my_view = LDPViewSet.as_view({'patch': 'partial_update'}, model=JobOffer, permission_classes=[AnonymousReadOnly])
+ # response = my_view(request, pk=self.job.pk)
+ # self.assertEqual(response.status_code, 200)
\ No newline at end of file