2. 질의 응답
  3. 테스트에서 DRF 권한에 도달 할 수 없습니다.

테스트에서 DRF 권한에 도달 할 수 없습니다.

2017-09-09 5 views
0

학생에게 안전하지 않은 방법을 사용할 수 없어야합니다. 나는 그것을 시험해 보려고하지만, AssertionError: 201 != 403으로 실패한다. 반면에 post 방법은 금지되어있다.테스트에서 DRF 권한에 도달 할 수 없습니다.

class IsTeacherOrReadOnly(permissions.BasePermission): 
    def has_object_permission(self, request, view, obj): 
     print (request.method) 
     print (request.user) 
     if request.method in permissions.SAFE_METHODS: 
      return True 
     print(request.user.staff) 
     return request.user.staff == 'T'

설정 : 내 기능 권한 (코드에서 강조) 이유를 이해 할 수없는, 단 하나의 특별한 경우에 사용 권한에 도달

REST_FRAMEWORK = { 
'DEFAULT_AUTHENTICATION_CLASSES': (
    # 'rest_framework.authentication.BasicAuthentication', 
    # 'rest_framework.authentication.SessionAuthentication', 
    'rest_framework.authentication.TokenAuthentication', 
), 
'DEFAULT_PERMISSION_CLASSES': (
    'core.permissions.IsTeacherOrReadOnly', 
    'rest_framework.permissions.IsAuthenticated', 
), 
'DEFAULT_FILTER_BACKENDS': (
    'django_filters.rest_framework.DjangoFilterBackend', 
), 
'TEST_REQUEST_DEFAULT_FORMAT': 'json' 

}

테스트 (나는 아니다 반드시 정확히 무엇을 유용 할 것이다, 그래서 전체 기능) 작성하는거야 :

def test_student_API(self): 
    factory = APIRequestFactory() 
    User(username='student1', password='qwert1234', staff="S").save() 
    student = User.objects.get(username='student1') 

    Token.objects.create(user=student) 

    self.student_list_api(factory, student) 
    self.student_detail_api(factory, student) 

def student_list_api(self, factory, student): 
    class_time_list = ClassTimeViewSet.as_view({'get': 'list'}) 
    self._student_list_api_request(factory, student, class_time_list, 'api/v0/classtimes', 8) 


def _student_list_api_request(self, factory, student, class_time_list, 
           url, resp_len): 
    student_request = factory.get(url) 
    response_unauthenticated = class_time_list(student_request) 
    self.assertEqual(response_unauthenticated.status_code, 
        status.HTTP_401_UNAUTHORIZED) 
    force_authenticate(student_request, student, token=student.auth_token) 
    response = class_time_list(student_request) 
    self.assertEqual(response.status_code, status.HTTP_200_OK) 
    self.assertEqual(len(response.data), resp_len) 

def student_detail_api(self, factory, student): 
    class_time_detail = ClassTimeViewSet.as_view({'get': 'retrieve'}) 
    student_request = factory.get('api/v0/classtimes') 
    response_unauthenticated = class_time_detail(student_request, pk=1) 
    self.assertEqual(response_unauthenticated.status_code, status.HTTP_401_UNAUTHORIZED) 
    force_authenticate(student_request, student, student.auth_token) 

    print('--------------') 
    print('Only in this case permissions is reached') 
    response = class_time_detail(student_request, pk=1) 
    print('---------------') 

    response.render() 
    self.assertEqual(response.status_code, status.HTTP_200_OK) 
    self.assertEqual(json.loads(response.content), { 
     "id": 1, 
     "lesson_start": "08:30:00", 
     "lesson_end": "09:15:00" 
    }) 
    class_time_detail = ClassTimeViewSet.as_view({'post':'create'}) 

    student_request = factory.post('api/v0/classtimes',{'lesson_start':'20:00:00','lesson_end':'20:45:00'},format='json') 
    force_authenticate(student_request,student,student.auth_token) 
    response = class_time_detail(student_request) 
    response.render() 
    self.assertEqual(response.status_code, status.HTTP_403_FORBIDDEN)

출력 :

Creating test database for alias 'default'... 
System check identified no issues (0 silenced). 
---- 
Only in this case permissions is reached 
GET 
student1 
--- 

Failure 
Traceback (most recent call last): 
    File "D:\PyProjects\DjangoReact\classtime\tests.py", line 33, in test_student_API 
    self.student_detail_api(factory, student) 
    File "D:\PyProjects\DjangoReact\classtime\tests.py", line 83, in student_detail_api 
    self.assertEqual(response.status_code, status.HTTP_403_FORBIDDEN) 
AssertionError: 201 != 403 

Destroying test database for alias 'default'...

출처

2017-09-09 Микита Черненко

답변

0

이유는 잘못된 기능을 재정의하는 것이 었습니다. 내가 재정의해야합니다 : "def has_permission (self, request, view)"가 아닌 "def has_object_permission (self, request, view, obj)

출처

2017-09-09 19:31:06

관련 문제

 관련 문제