0001-api-restrict-API-to-authenticated-admin-users-fixes-.patch
tests/conftest.py | ||
---|---|---|
277 | 277 | |
278 | 278 | |
279 | 279 |
@pytest.fixture |
280 |
def app(request): |
|
280 |
def app(request, admin):
|
|
281 | 281 |
wtm = django_webtest.WebTestMixin() |
282 | 282 |
wtm._patch_settings() |
283 | 283 |
request.addfinalizer(wtm._unpatch_settings) |
284 |
return django_webtest.DjangoTestApp(extra_environ={'HTTP_HOST': 'localhost'}) |
|
284 |
app = django_webtest.DjangoTestApp(extra_environ={'HTTP_HOST': 'localhost'}) |
|
285 |
app.authorization = ('Basic', ('admin', 'admin')) |
|
286 |
return app |
|
287 | ||
288 | ||
289 |
@pytest.fixture |
|
290 |
def app_noauth(request, admin): |
|
291 |
wtm = django_webtest.WebTestMixin() |
|
292 |
wtm._patch_settings() |
|
293 |
request.addfinalizer(wtm._unpatch_settings) |
|
294 |
app = django_webtest.DjangoTestApp(extra_environ={'HTTP_HOST': 'localhost'}) |
|
295 |
return app |
|
285 | 296 | |
286 | 297 | |
287 | 298 |
@pytest.fixture |
tests/test_nanterre.py | ||
---|---|---|
67 | 67 |
assert any(data['id'] == rsu[0].id for data in response.json['data']) |
68 | 68 | |
69 | 69 | |
70 |
def test_create_individu(settings, transactional_db, app, rsu_schema): |
|
70 |
def test_create_individu(settings, transactional_db, app, app_noauth, rsu_schema):
|
|
71 | 71 | |
72 | 72 |
def get_reseau(identifier): |
73 | 73 |
reseau_url = reverse('rsu-api-reseau', kwargs={ |
... | ... | |
791 | 791 | |
792 | 792 |
# test obtention de clés de fédération |
793 | 793 |
def get_federation(uuid, **kwargs): |
794 |
return app.get('/rsu/individu/%s/federation/technocarte/' % uuid, **kwargs).json |
|
794 |
return app_noauth.get('/rsu/individu/%s/federation/technocarte/' % uuid, **kwargs).json
|
|
795 | 795 |
first = Entity.objects.get(id=first_id) |
796 | 796 |
first.content['cles_de_federation']['authentic'] = 'abcd' |
797 | 797 |
first.save() |
zoo/settings.py | ||
---|---|---|
187 | 187 |
# Rest Framework |
188 | 188 |
REST_FRAMEWORK = { |
189 | 189 |
# 'EXCEPTION_HANDLER': 'zoo.utils.rest_exception_handler', |
190 |
'DEFAULT_AUTHENTICATION_CLASSES': (), |
|
191 |
'DEFAULT_PERMISSION_CLASSES': (), |
|
190 |
'DEFAULT_AUTHENTICATION_CLASSES': ( |
|
191 |
'rest_framework.authentication.BasicAuthentication', |
|
192 |
'rest_framework.authentication.SessionAuthentication', |
|
193 |
), |
|
194 |
'DEFAULT_PERMISSION_CLASSES': ('rest_framework.permissions.IsAdminUser',), |
|
192 | 195 |
} |
193 | 196 | |
194 | 197 |
ZOO_NANTERRE_APPLICATIONS = { |
zoo/zoo_nanterre/api_views.py | ||
---|---|---|
1464 | 1464 | |
1465 | 1465 | |
1466 | 1466 |
class Federation(IndividuViewMixin, APIView): |
1467 |
permission_classes = () |
|
1468 | ||
1467 | 1469 |
def get(self, request, identifier, application, format=None): |
1468 | 1470 |
app_dfn = utils.get_application(application) |
1469 | 1471 |
if not app_dfn: |
1470 |
- |