Python rest_framework.status.HTTP_403_FORBIDDEN Examples
The following are 30
code examples of rest_framework.status.HTTP_403_FORBIDDEN().
You can vote up the ones you like or vote down the ones you don't like,
and go to the original project or source file by following the links above each example.
You may also want to check out all available functions/classes of the module
rest_framework.status
, or try the search function
.
.
Example #1
| Source File: test_event_auth_api.py From linkedevents with MIT License | 6 votes |
|
def test_regular_user_bulk_create(self):
self.org_1.regular_users.add(self.user)
url = reverse('event-list')
location_id = reverse('place-detail', kwargs={'pk': self.place.id})
data_1 = self.make_complex_event_dict(self.system_data_source, self.org_1, location_id, self.languages)
data_1['name']['fi'] = 'event-data-1'
data_1['publication_status'] = 'public'
data_2 = deepcopy(data_1)
data_2['name']['fi'] = 'event-data-2'
data_2['publication_status'] = 'draft'
self.client.force_authenticate(self.user)
response = self.client.post(url, [data_1, data_2], format='json')
self.assertEqual(response.status_code, status.HTTP_403_FORBIDDEN)
# test creating multiple draft events
data_1['publication_status'] = 'draft'
self.client.force_authenticate(self.user)
response = self.client.post(url, [data_1, data_2], format='json')
self.assertEqual(response.status_code, status.HTTP_201_CREATED)
qs = Event.objects.filter(name_fi__in=['event-data-1', 'event-data-2'])
self.assertEqual(qs.count(), 2)
Example #2
| Source File: tests.py From REST-API with MIT License | 6 votes |
|
def test_other_user_permissions_api(self):
data = self.create_item()
data_id = data.get("id")
user = User.objects.create(username='testjmitch')
payload = jwt_payload_handler(user)
token = jwt_encode_handler(payload)
self.client.credentials(HTTP_AUTHORIZATION='JWT ' + token)
rud_url = api_reverse('api-status:detail', kwargs={"id": data_id})
rud_data = {
'content': "smashing"
}
get_ = self.client.get(rud_url, format='json')
put_ = self.client.put(rud_url, rud_data, format='json')
delete_ = self.client.delete(rud_url, format='json')
self.assertEqual(get_.status_code, status.HTTP_200_OK)
self.assertEqual(put_.status_code, status.HTTP_403_FORBIDDEN)
self.assertEqual(delete_.status_code, status.HTTP_403_FORBIDDEN)
Example #3
| Source File: tests.py From REST-API with MIT License | 6 votes |
|
def test_token_register_api(self):
url = api_reverse('api-auth:login')
data = {
'username': 'cfe',
'password': 'yeahhhcfe',
}
response = self.client.post(url, data, format='json')
self.assertEqual(response.status_code, status.HTTP_200_OK) # 400
token = response.data.get("token", None)
self.client.credentials(HTTP_AUTHORIZATION='JWT ' + token)
url2 = api_reverse('api-auth:register')
data2 = {
'username': 'cfe.doe',
'email': 'cfe.doe@gmail.com',
'password': 'learncode',
'password2': 'learncode'
}
response = self.client.post(url2, data2, format='json')
self.assertEqual(response.status_code, status.HTTP_403_FORBIDDEN) # 403
Example #4
| Source File: test_activities_api.py From karrot-backend with GNU Affero General Public License v3.0 | 6 votes |
|
def test_cannot_get_conversation_as_nonmember(self):
self.client.force_login(user=self.user)
# cannot get via activity
response = self.client.get(self.conversation_url)
self.assertEqual(response.status_code, status.HTTP_404_NOT_FOUND)
# cannot get via conversation info
conversation_id = self.activity.conversation.id
response = self.client.get('/api/conversations/{}/'.format(conversation_id))
self.assertEqual(response.status_code, status.HTTP_404_NOT_FOUND)
# cannot write a message
conversation_id = self.activity.conversation.id
response = self.client.post('/api/messages/', {
'conversation': conversation_id,
'content': 'hey',
})
self.assertEqual(response.status_code, status.HTTP_403_FORBIDDEN, response.data)
self.assertEqual(response.data['detail'], 'You are not in this conversation')
Example #5
| Source File: test_permissions.py From resolwe with Apache License 2.0 | 6 votes |
|
def test_public_user(self):
"""Public user cannot create/edit anything"""
assign_perm("view_collection", self.user1, self.collection)
assign_perm("share_collection", self.user1, self.collection)
data = {"public": {"add": ["view"]}}
resp = self._detail_permissions(self.collection.pk, data, self.user1)
self.assertEqual(resp.status_code, status.HTTP_200_OK)
data = {"public": {"add": ["edit"]}}
resp = self._detail_permissions(self.collection.pk, data, self.user1)
self.assertEqual(resp.status_code, status.HTTP_403_FORBIDDEN)
data = {"public": {"remove": ["edit"]}}
resp = self._detail_permissions(self.collection.pk, data, self.user1)
self.assertEqual(resp.status_code, status.HTTP_403_FORBIDDEN)
Example #6
| Source File: views.py From normandy with Mozilla Public License 2.0 | 6 votes |
|
def add_user(self, request, pk=None):
group = self.get_object()
if not request.data.get("user_id"):
return Response(
{"user_id": "This field is required."}, status=status.HTTP_400_BAD_REQUEST
)
try:
user = User.objects.get(pk=request.data.get("user_id"))
except User.DoesNotExist:
return Response({"user_id": "Invalid user ID."}, status=status.HTTP_400_BAD_REQUEST)
if request.user == user:
return Response(status=status.HTTP_403_FORBIDDEN)
user.groups.add(group)
return Response(status=status.HTTP_204_NO_CONTENT)
Example #7
| Source File: views.py From normandy with Mozilla Public License 2.0 | 6 votes |
|
def reject(self, request, pk=None):
approval_request = self.get_object()
if not request.data.get("comment"):
return Response(
{"comment": "This field is required."}, status=status.HTTP_400_BAD_REQUEST
)
try:
approval_request.reject(approver=request.user, comment=request.data.get("comment"))
except ApprovalRequest.NotActionable:
return Response(
{"error": "This approval request has already been approved or rejected."},
status=status.HTTP_400_BAD_REQUEST,
)
except ApprovalRequest.CannotActOnOwnRequest:
return Response(
{"error": "You cannot reject your own approval request."},
status=status.HTTP_403_FORBIDDEN,
)
return Response(ApprovalRequestSerializer(approval_request).data)
Example #8
| Source File: views.py From normandy with Mozilla Public License 2.0 | 6 votes |
|
def approve(self, request, pk=None):
approval_request = self.get_object()
if not request.data.get("comment"):
return Response(
{"comment": "This field is required."}, status=status.HTTP_400_BAD_REQUEST
)
try:
approval_request.approve(approver=request.user, comment=request.data.get("comment"))
except ApprovalRequest.NotActionable:
return Response(
{"error": "This approval request has already been approved or rejected."},
status=status.HTTP_400_BAD_REQUEST,
)
except ApprovalRequest.CannotActOnOwnRequest:
return Response(
{"error": "You cannot approve your own approval request."},
status=status.HTTP_403_FORBIDDEN,
)
return Response(ApprovalRequestSerializer(approval_request).data)
Example #9
| Source File: test_api.py From karrot-backend with GNU Affero General Public License v3.0 | 5 votes |
|
def test_cannot_create_issue_as_nonmember(self):
self.client.force_login(user=VerifiedUserFactory())
response = self.create_issue_via_API()
self.assertEqual(response.status_code, status.HTTP_403_FORBIDDEN, response.data)
Example #10
| Source File: test_activity_series_api.py From karrot-backend with GNU Affero General Public License v3.0 | 5 votes |
|
def test_create_as_anonymous_fails(self):
response = self.client.post(self.url, self.series_data)
self.assertEqual(response.status_code, status.HTTP_403_FORBIDDEN, response.data)
Example #11
| Source File: test_api.py From karrot-backend with GNU Affero General Public License v3.0 | 5 votes |
|
def test_cannot_create_issue_as_newcomer(self):
self.client.force_login(user=self.newcomer)
response = self.create_issue_via_API()
self.assertEqual(response.status_code, status.HTTP_403_FORBIDDEN, response.data)
Example #12
| Source File: test_api.py From karrot-backend with GNU Affero General Public License v3.0 | 5 votes |
|
def test_cannot_vote_in_expired_voting(self):
issue = self.create_issue()
voting = issue.votings.first()
vote_for_no_change(voting=voting, user=self.affected_member)
self.client.force_login(user=self.member)
with self.fast_forward_to_voting_expiration(voting):
process_expired_votings()
response = self.vote_via_API(issue)
self.assertEqual(response.status_code, status.HTTP_403_FORBIDDEN, response.data)
Example #13
| Source File: test_api.py From karrot-backend with GNU Affero General Public License v3.0 | 5 votes |
|
def test_cannot_change_vote_in_decided_issue(self):
issue = self.create_issue()
voting = issue.votings.first()
vote_for_no_change(voting=voting, user=self.member)
with self.fast_forward_to_voting_expiration(voting):
process_expired_votings()
response = self.vote_via_API(issue)
self.assertEqual(response.status_code, status.HTTP_403_FORBIDDEN, response.data)
Example #14
| Source File: test_api.py From karrot-backend with GNU Affero General Public License v3.0 | 5 votes |
|
def test_cannot_delete_vote_in_decided_issue(self):
issue = self.create_issue()
voting = issue.votings.first()
vote_for_no_change(voting=voting, user=self.member)
with self.fast_forward_to_voting_expiration(voting):
process_expired_votings()
response = self.delete_vote_via_API(issue)
self.assertEqual(response.status_code, status.HTTP_403_FORBIDDEN, response.data)
Example #15
| Source File: test_exception_handler.py From karrot-backend with GNU Affero General Public License v3.0 | 5 votes |
|
def test_reports_error_code(self):
response = self.client.get(
'/api/auth/user/', **{
'HTTP_AUTHORIZATION': 'Token {}'.format('invalidtoken'),
'HTTP_ACCEPT_LANGUAGE': 'de',
}
)
self.assertEqual(response.status_code, status.HTTP_403_FORBIDDEN)
self.assertEqual(response.data['detail'], 'Ungültiges Token')
self.assertEqual(response.data['error_code'], 'authentication_failed')
Example #16
| Source File: views.py From normandy with Mozilla Public License 2.0 | 5 votes |
|
def destroy(self, request, *args, **kwargs):
instance = self.get_object()
# Should not be able to delete self
if request.user == instance:
return Response(status=status.HTTP_403_FORBIDDEN)
return super().destroy(request, *args, **kwargs)
Example #17
| Source File: test_feedback_api.py From karrot-backend with GNU Affero General Public License v3.0 | 5 votes |
|
def test_list_feedback_fails_as_non_user(self):
"""
Non-User is NOT allowed to see list of feedback
"""
response = self.get_results(self.url)
self.assertEqual(response.status_code, status.HTTP_403_FORBIDDEN, response.data)
Example #18
| Source File: test_feedback_api.py From karrot-backend with GNU Affero General Public License v3.0 | 5 votes |
|
def test_create_feedback_fails_as_non_user(self):
"""
Non-User is not allowed to give feedback.
"""
response = self.client.post(self.url, self.feedback_post, format='json')
self.assertEqual(response.status_code, status.HTTP_403_FORBIDDEN, response.data)
Example #19
| Source File: test_api.py From karrot-backend with GNU Affero General Public License v3.0 | 5 votes |
|
def test_cannot_withdraw_application_twice(self):
self.client.force_login(user=self.applicant)
response = self.client.post('/api/applications/{}/withdraw/'.format(self.application.id))
self.assertEqual(response.status_code, status.HTTP_200_OK)
response = self.client.post('/api/applications/{}/withdraw/'.format(self.application.id))
self.assertEqual(response.status_code, status.HTTP_403_FORBIDDEN)
Example #20
| Source File: test_api.py From karrot-backend with GNU Affero General Public License v3.0 | 5 votes |
|
def test_applicant_cannot_decline_application(self):
self.client.force_login(user=self.applicant)
response = self.client.post('/api/applications/{}/decline/'.format(self.application.id))
self.assertEqual(response.status_code, status.HTTP_403_FORBIDDEN)
Example #21
| Source File: test_api.py From karrot-backend with GNU Affero General Public License v3.0 | 5 votes |
|
def test_newcomer_cannot_decline_application(self):
self.client.force_login(user=self.newcomer)
response = self.client.post('/api/applications/{}/decline/'.format(self.application.id))
self.assertEqual(response.status_code, status.HTTP_403_FORBIDDEN)
Example #22
| Source File: test_api.py From karrot-backend with GNU Affero General Public License v3.0 | 5 votes |
|
def test_cannot_decline_application_twice(self):
self.client.force_login(user=self.member)
response = self.client.post('/api/applications/{}/decline/'.format(self.application.id))
self.assertEqual(response.status_code, status.HTTP_200_OK)
response = self.client.post('/api/applications/{}/decline/'.format(self.application.id))
self.assertEqual(response.status_code, status.HTTP_403_FORBIDDEN)
Example #23
| Source File: test_api.py From karrot-backend with GNU Affero General Public License v3.0 | 5 votes |
|
def test_newcomer_cannot_accept_application(self):
self.client.force_login(user=self.newcomer)
response = self.client.post('/api/applications/{}/accept/'.format(self.application.id))
self.assertEqual(response.status_code, status.HTTP_403_FORBIDDEN)
Example #24
| Source File: test_activity_series_api.py From karrot-backend with GNU Affero General Public License v3.0 | 5 votes |
|
def test_create_as_newcomer_fails(self):
newcomer = UserFactory()
self.series.place.group.groupmembership_set.create(user=newcomer)
self.client.force_login(user=newcomer)
response = self.client.post(self.url, self.series_data)
self.assertEqual(response.status_code, status.HTTP_403_FORBIDDEN, response.data)
Example #25
| Source File: test_api.py From karrot-backend with GNU Affero General Public License v3.0 | 5 votes |
|
def test_cannot_apply_with_unverified_account(self):
user = UserFactory()
self.client.force_login(user=user)
response = self.client.post(
'/api/applications/',
{
'group': self.group.id,
'answers': faker.text(),
},
)
self.assertEqual(response.status_code, status.HTTP_403_FORBIDDEN)
Example #26
| Source File: test_trust.py From karrot-backend with GNU Affero General Public License v3.0 | 5 votes |
|
def test_cannot_give_trust_to_self(self):
self.client.force_login(user=self.member1)
url = reverse('group-trust-user', args=(self.group.id, self.member1.id))
response = self.client.post(url)
self.assertEqual(response.status_code, status.HTTP_403_FORBIDDEN)
self.assertFalse(
Trust.objects.filter(
membership__group=self.group,
membership__user=self.member2,
given_by=self.member1,
).exists()
)
Example #27
| Source File: test_api.py From karrot-backend with GNU Affero General Public License v3.0 | 5 votes |
|
def test_normal_user_cannot_group_agreement(self):
self.client.force_login(user=self.normal_member)
response = self.client.patch('/api/groups/{}/'.format(self.group.id), {'active_agreement': self.agreement.id})
self.assertEqual(response.status_code, status.HTTP_403_FORBIDDEN)
Example #28
| Source File: test_api.py From karrot-backend with GNU Affero General Public License v3.0 | 5 votes |
|
def test_normal_member_cannot_create_agreement(self):
self.client.force_login(user=self.normal_member)
response = self.client.post(
'/api/agreements/', {
'title': faker.name(),
'content': faker.text(),
'group': self.group.id
}
)
self.assertEqual(response.status_code, status.HTTP_403_FORBIDDEN)
Example #29
| Source File: test_api.py From karrot-backend with GNU Affero General Public License v3.0 | 5 votes |
|
def test_cannot_create_agreement_for_another_group(self):
self.client.force_login(user=self.agreement_manager)
response = self.client.post(
'/api/agreements/', {
'title': faker.text(),
'content': faker.text(),
'group': self.other_group.id
}
)
self.assertEqual(response.status_code, status.HTTP_403_FORBIDDEN)
Example #30
| Source File: test_activities_api.py From karrot-backend with GNU Affero General Public License v3.0 | 5 votes |
|
def test_create_activity_as_user(self):
self.client.force_login(user=self.user)
response = self.client.post(self.url, self.activity_data, format='json')
self.assertEqual(response.status_code, status.HTTP_403_FORBIDDEN, response.data)
