Unit tests for new role view

InvenTree/InvenTree/api_tester.py

@@ -0,0 +1,40 @@
+"""
+Helper functions for performing API unit tests
+"""
+
+from django.contrib.auth import get_user_model
+from rest_framework.test import APITestCase
+
+
+class InvenTreeAPITestCase(APITestCase):
+    """
+    Base class for running InvenTree API tests
+    """
+
+    # User information 
+    username = 'testuser'
+    password = 'mypassword'
+    email = 'test@testing.com'
+
+    auto_login = True
+
+    def setUp(self):
+
+        super().setUp()
+
+        # Create a user to log in with
+        self.user = get_user_model().objects.create_user(
+            username=self.username,
+            password=self.password,
+            email=self.email
+        )
+
+        if self.auto_login:
+            self.client.login(username=self.username, password=self.password)
+
+    def setRoles(self, roles):
+        """
+        Set the user roles for the registered user
+        """
+
+        pass

InvenTree/InvenTree/test_api.py

@@ -6,10 +6,14 @@ from rest_framework import status
 from django.urls import reverse
 from django.contrib.auth import get_user_model
 
+from InvenTree.api_tester import InvenTreeAPITestCase
+
+from users.models import RuleSet
+
 from base64 import b64encode
 
 
-class APITests(APITestCase):
+class APITests(InvenTreeAPITestCase):
     """ Tests for the InvenTree API """
 
     fixtures = [
@@ -19,15 +23,13 @@ class APITests(APITestCase):
         'category',
     ]
 
-    username = 'test_user'
-    password = 'test_pass'
-
     token = None
 
+    auto_login = False
+
     def setUp(self):
 
-        # Create a user (but do not log in!)
+        super().setUp()
-        get_user_model().objects.create_user(self.username, 'user@email.com', self.password)
 
     def basicAuth(self):
         # Use basic authentication
@@ -78,3 +80,42 @@ class APITests(APITestCase):
         self.assertIn('instance', data)
 
         self.assertEquals('InvenTree', data['server'])
+
+    def test_role_view(self):
+        """
+        Test that we can access the 'roles' view for the logged in user.
+
+        Also tests that it is *not* accessible if the client is not logged in.
+        """
+
+        url = reverse('api-user-roles')
+
+        response = self.client.get(url, format='json')
+
+        # Not logged in, so cannot access user role data
+        self.assertTrue(response.status_code in [401, 403])
+
+        # Now log in!
+        self.basicAuth()
+
+        response = self.client.get(url, format='json')
+
+        self.assertEqual(response.status_code, 200)
+
+        data = response.data
+
+        self.assertIn('user', data)
+        self.assertIn('username', data)
+        self.assertIn('is_staff', data)
+        self.assertIn('is_superuser', data)
+        self.assertIn('roles', data)
+
+        roles = data['roles']
+
+        role_names = roles.keys()
+
+        # By default, no roles are assigned to the user...
+        for rule in RuleSet.RULESET_NAMES:
+            self.assertIn(rule, role_names)
+            self.assertIsNone(roles[rule])
+    

InvenTree/users/api.py

@@ -1,9 +1,6 @@
-
 # -*- coding: utf-8 -*-
 from __future__ import unicode_literals
 
-from rest_framework import generics
-
 from rest_framework import generics, permissions
 from django.contrib.auth.models import User
 from django.core.exceptions import ObjectDoesNotExist
@@ -14,8 +11,6 @@ from rest_framework.authtoken.models import Token
 from rest_framework.response import Response
 from rest_framework import status
 
-
-
 from .models import RuleSet, check_user_role
 
 

InvenTree/users/urls.py

@@ -5,7 +5,7 @@ from . import api
 user_urls = [
     url(r'^(?P<pk>[0-9]+)/?$', api.UserDetail.as_view(), name='user-detail'),
 
-    url(r'roles', api.RoleDetails.as_view(), name='api-roles'),
+    url(r'roles', api.RoleDetails.as_view(), name='api-user-roles'),
     url(r'token', api.GetAuthToken.as_view(), name='api-token'),
 
     url(r'^$', api.UserList.as_view()),