Add tests

kartoza · Dec 8, 2023 · 30b6904 · 30b6904
1 parent 72e6135
commit 30b6904
Show file tree

Hide file tree

Showing 4 changed files with 87 additions and 4 deletions.
diff --git a/bims/api_urls.py b/bims/api_urls.py
@@ -157,7 +157,7 @@
     re_path(r'^list-user-boundary/$',
         UserBoundaryDetailList.as_view(), name='list-user-boundary'),
     re_path(r'^delete-user-boundary/(?P<id>[\w-]+)/$',
-        DeleteUserBoundary.as_view(), name='delete-user-boundary'),
+        DeleteUserBoundary.as_view(), name='delete_user_boundary'),
     re_path(r'^user-boundaries/$',
         UserBoundaryList.as_view(),
         name='list_user_boundary'),

diff --git a/bims/api_views/user_boundary.py b/bims/api_views/user_boundary.py
@@ -47,7 +47,8 @@ def get(self, request, *args, **kwargs):
             raise Http404('Missing id')
         user_boundary = get_object_or_404(
             UserBoundary,
-            pk=user_boundary_id
+            pk=user_boundary_id,
+            user_id=request.user.id
         )
         return Response(
             UserDetailBoundarySerializer(user_boundary).data)

diff --git a/bims/tests/model_factories.py b/bims/tests/model_factories.py
@@ -10,7 +10,7 @@
 
 from bims.models.upload_session import UploadSession
 from django.conf import settings
-from django.contrib.gis.geos import Point
+from django.contrib.gis.geos import Point, GEOSGeometry
 from django.utils import timezone
 from django.db.models import signals
 from django.contrib.auth.models import Permission, Group
@@ -44,7 +44,8 @@
     ChemicalRecord,
     SiteImage,
     WaterTemperature,
-    WaterTemperatureThreshold
+    WaterTemperatureThreshold,
+    UserBoundary
 )
 from sass.models import River
 
@@ -469,3 +470,14 @@ class Meta:
         model = River
 
     name = factory.Sequence(lambda n: u'river %s' % n)
+
+
+class UserBoundaryF(factory.django.DjangoModelFactory):
+    """
+    User boundary factory
+    """
+    class Meta:
+        model = UserBoundary
+
+    name = factory.Sequence(lambda n: u'name %s' % n)
+    geometry = GEOSGeometry('MULTIPOLYGON(((0 0, 4 0, 4 4, 0 4, 0 0), (10 10, 14 10, 14 14, 10 14, 10 10)))')
diff --git a/bims/tests/test_user_boundary.py b/bims/tests/test_user_boundary.py
@@ -0,0 +1,70 @@
+from django.test import TestCase
+from django.urls import reverse
+from rest_framework import status
+from rest_framework.test import APIClient
+from django.contrib.auth import get_user_model
+from bims.models.user_boundary import UserBoundary
+from bims.tests.model_factories import UserBoundaryF
+
+User = get_user_model()
+
+
+class UserBoundaryAPITest(TestCase):
+    def setUp(self):
+        self.user = User.objects.create_user(username='testuser', password='12345')
+        self.other_user = User.objects.create_user(username='otheruser', password='12345')
+        self.client = APIClient()
+
+        self.user_boundary = UserBoundaryF.create(
+            user=self.user
+        )
+        self.other_user_boundary = UserBoundaryF.create(
+            user=self.other_user
+        )
+
+    def test_unauthorized_access_list(self):
+        url = reverse('list_user_boundary')
+        response = self.client.get(url)
+        self.assertEqual(
+            response.status_code,
+            status.HTTP_302_FOUND)
+
+    def test_empty_user_boundary_list(self):
+        self.client.login(
+            username=self.user.username,
+            password='12345'
+        )
+        UserBoundary.objects.filter(user=self.user).delete()
+        url = reverse('list_user_boundary')
+        response = self.client.get(url)
+        self.assertEqual(response.status_code, status.HTTP_200_OK)
+
+    def test_unauthorized_access_detail(self):
+        url = reverse('detail_user_boundary', kwargs={'id': self.user_boundary.id})
+        response = self.client.get(url)
+        self.assertEqual(response.status_code, status.HTTP_302_FOUND)
+
+    def test_access_other_user_boundary(self):
+        self.client.login(
+            username=self.user.username,
+            password='12345'
+        )
+        url = reverse(
+            'detail_user_boundary',
+            kwargs={'id': self.other_user_boundary.id})
+        response = self.client.get(url)
+        self.assertEqual(response.status_code, status.HTTP_404_NOT_FOUND)
+
+    def test_delete_unauthorized_user_boundary(self):
+        url = reverse('delete_user_boundary', kwargs={'id': self.user_boundary.id})
+        response = self.client.delete(url)
+        self.assertEqual(response.status_code, status.HTTP_302_FOUND)
+
+    def test_delete_other_user_boundary(self):
+        self.client.login(
+            username=self.user.username,
+            password='12345'
+        )
+        url = reverse('delete_user_boundary', kwargs={'id': self.other_user_boundary.id})
+        response = self.client.delete(url)
+        self.assertEqual(response.status_code, status.HTTP_404_NOT_FOUND)