Fix PATCH tests

1e040026 · Valentin Rigal · Valentin Rigal · 4608cfeb · 1e040026
Commit 1e040026 authored 5 years ago by Valentin Rigal Committed by Valentin Rigal 5 years ago
--- a/arkindex/documents/tests/test_elements_api.py
+++ b/arkindex/documents/tests/test_elements_api.py
@@ -18,7 +18,6 @@ class TestElementsAPI(FixtureAPITestCase):
        cls.volume_type = cls.corpus.types.get(slug='volume')
        cls.page_type = cls.corpus.types.get(slug='page')
        cls.act_type = cls.corpus.types.get(slug='act')
-        cls.private_corpus = Corpus.objects.create(name='private')
        cls.vol = cls.corpus.elements.get(name='Volume 1')
        cls.element = Element.objects.get(name='Volume 1, page 2r')
        cls.image = ImageServer.objects.local.images.create(
@@ -27,6 +26,8 @@ class TestElementsAPI(FixtureAPITestCase):
            width=42,
            height=42,
        )
+        cls.private_corpus = Corpus.objects.create(name='private', public=False)
+        cls.private_elt = cls.private_corpus.elements.create(type=cls.private_corpus.types.create(slug='type'))

    def setUp(self):
        self.page = self.corpus.elements.get(name='Volume 1, page 1r')
@@ -142,16 +143,37 @@ class TestElementsAPI(FixtureAPITestCase):
            format='json',
        )
        self.assertEqual(response.status_code, status.HTTP_403_FORBIDDEN)
+        self.assertDictEqual(
+            response.json(),
+            {'detail': 'You do not have permission to perform this action.'}
+        )

-    def test_patch_element_acl(self):
+    def test_patch_no_write_access(self):
+        # Create read_only corpus right
+        self.private_corpus.corpus_right.create(user_id=self.user.id)
+        self.assertTrue(self.user.verified_email)
+        self.client.force_login(self.user)
+        response = self.client.patch(
+            reverse('api:element-retrieve', kwargs={'pk': str(self.private_elt.id)}),
+            data={'name': 'Untitled (2)'},
+            format='json',
+        )
+        self.assertEqual(response.status_code, status.HTTP_403_FORBIDDEN)
+        self.assertDictEqual(
+            response.json(),
+            {'detail': 'You do not have write access to this element.'}
+        )
+
+    def test_patch_element_no_read_access(self):
        """
        Check patching an element as anonymous user is not possible
        """
-        self.user.corpus_right.get(corpus=self.corpus).delete()
-        self.assertTrue(self.user.verified_email)
-        self.client.force_login(self.user)
+        ext_user = User.objects.create_user(email='ark@ark.net')
+        ext_user.verified_email = True
+        ext_user.save()
+        self.client.force_login(ext_user)
        response = self.client.patch(
-            reverse('api:element-retrieve', kwargs={'pk': str(self.vol.id)}),
+            reverse('api:element-retrieve', kwargs={'pk': str(self.private_elt.id)}),
            data={'name': 'Untitled (2)'},
            format='json',
        )