MCPcopy Index your code
hub / github.com/encode/django-rest-framework / test_object_permissions

Method test_object_permissions

tests/test_metadata.py:217–245  ·  view source on GitHub ↗

If a user does not have object permissions on an action, then any metadata associated with it should not be included in OPTION responses.

(self)

Source from the content-addressed store, hash-verified

215 assert list(response.data['actions']) == ['PUT']
216
217 def test_object_permissions(self):
218 """
219 If a user does not have object permissions on an action, then any
220 metadata associated with it should not be included in OPTION responses.
221 """
222 class ExampleSerializer(serializers.Serializer):
223 choice_field = serializers.ChoiceField(['red', 'green', 'blue'])
224 integer_field = serializers.IntegerField(max_value=10)
225 char_field = serializers.CharField(required=False)
226
227 class ExampleView(views.APIView):
228 """Example view."""
229 def post(self, request):
230 pass
231
232 def put(self, request):
233 pass
234
235 def get_serializer(self):
236 return ExampleSerializer()
237
238 def get_object(self):
239 if self.request.method == 'PUT':
240 raise exceptions.PermissionDenied()
241
242 view = ExampleView.as_view()
243 response = view(request=request)
244 assert response.status_code == status.HTTP_200_OK
245 assert list(response.data['actions'].keys()) == ['POST']
246
247 def test_bug_2455_clone_request(self):
248 class ExampleView(views.APIView):

Callers

nothing calls this directly

Calls 3

viewFunction · 0.85
keysMethod · 0.80
as_viewMethod · 0.45

Tested by

no test coverage detected