adapt CanAccessLookup to api key auth

2025-07-10 20:09:25 +00:00 · 2025-05-20 21:04:49 +02:00
parent b5d65133f3
commit 52e53da9ef
10 changed files with 75 additions and 9 deletions
--- a/club/api.py
+++ b/club/api.py
@ -8,7 +8,7 @@ from ninja_extra.schemas import PaginatedResponseSchema

 from apikey.auth import ApiKeyAuth
 from club.models import Club
-from club.schemas import ClubSchema
+from club.schemas import ClubSchema, SimpleClubSchema
 from core.auth.api_permissions import CanAccessLookup, HasPerm


@ -16,8 +16,10 @@ from core.auth.api_permissions import CanAccessLookup, HasPerm
 class ClubController(ControllerBase):
    @route.get(
        "/search",
-        response=PaginatedResponseSchema[ClubSchema],
+        response=PaginatedResponseSchema[SimpleClubSchema],
+        auth=[SessionAuth(), ApiKeyAuth()],
        permissions=[CanAccessLookup],
+        url_name="search_club",
    )
    @paginate(PageNumberPaginationExtra, page_size=50)
    def search_club(self, search: Annotated[str, MinLen(1)]):
@ -28,6 +30,7 @@ class ClubController(ControllerBase):
        response=ClubSchema,
        auth=[SessionAuth(), ApiKeyAuth()],
        permissions=[HasPerm("club.view_club")],
+        url_name="fetch_club",
    )
    def fetch_club(self, club_id: int):
        return self.get_object_or_exception(
--- a/club/tests/test_club_controller.py
+++ b/club/tests/test_club_controller.py
@ -1,16 +1,21 @@
 import pytest
+from django.test import Client
+from django.urls import reverse
 from model_bakery import baker
-from ninja_extra.testing import TestClient
 from pytest_django.asserts import assertNumQueries

-from club.api import ClubController
 from club.models import Club, Membership
+from core.baker_recipes import subscriber_user


@pytest.mark.django_db
-def test_fetch_club():
+def test_fetch_club(client: Client):
    club = baker.make(Club)
    baker.make(Membership, club=club, _quantity=10, _bulk_create=True)
-    with assertNumQueries(3):
-        res = TestClient(ClubController).get(f"/{club.id}")
+    user = subscriber_user.make()
+    client.force_login(user)
+    with assertNumQueries(7):
+        # - 4 queries for authentication
+        # - 3 queries for the actual data
+        res = client.get(reverse("api:fetch_club", kwargs={"club_id": club.id}))
        assert res.status_code == 200