mirror of
https://github.com/ae-utbm/sith.git
synced 2025-07-11 04:19:25 +00:00
adapt CanAccessLookup
to api key auth
This commit is contained in:
@ -8,7 +8,7 @@ from ninja_extra.schemas import PaginatedResponseSchema
|
||||
|
||||
from apikey.auth import ApiKeyAuth
|
||||
from club.models import Club
|
||||
from club.schemas import ClubSchema
|
||||
from club.schemas import ClubSchema, SimpleClubSchema
|
||||
from core.auth.api_permissions import CanAccessLookup, HasPerm
|
||||
|
||||
|
||||
@ -16,8 +16,10 @@ from core.auth.api_permissions import CanAccessLookup, HasPerm
|
||||
class ClubController(ControllerBase):
|
||||
@route.get(
|
||||
"/search",
|
||||
response=PaginatedResponseSchema[ClubSchema],
|
||||
response=PaginatedResponseSchema[SimpleClubSchema],
|
||||
auth=[SessionAuth(), ApiKeyAuth()],
|
||||
permissions=[CanAccessLookup],
|
||||
url_name="search_club",
|
||||
)
|
||||
@paginate(PageNumberPaginationExtra, page_size=50)
|
||||
def search_club(self, search: Annotated[str, MinLen(1)]):
|
||||
@ -28,6 +30,7 @@ class ClubController(ControllerBase):
|
||||
response=ClubSchema,
|
||||
auth=[SessionAuth(), ApiKeyAuth()],
|
||||
permissions=[HasPerm("club.view_club")],
|
||||
url_name="fetch_club",
|
||||
)
|
||||
def fetch_club(self, club_id: int):
|
||||
return self.get_object_or_exception(
|
||||
|
@ -1,16 +1,21 @@
|
||||
import pytest
|
||||
from django.test import Client
|
||||
from django.urls import reverse
|
||||
from model_bakery import baker
|
||||
from ninja_extra.testing import TestClient
|
||||
from pytest_django.asserts import assertNumQueries
|
||||
|
||||
from club.api import ClubController
|
||||
from club.models import Club, Membership
|
||||
from core.baker_recipes import subscriber_user
|
||||
|
||||
|
||||
@pytest.mark.django_db
|
||||
def test_fetch_club():
|
||||
def test_fetch_club(client: Client):
|
||||
club = baker.make(Club)
|
||||
baker.make(Membership, club=club, _quantity=10, _bulk_create=True)
|
||||
with assertNumQueries(3):
|
||||
res = TestClient(ClubController).get(f"/{club.id}")
|
||||
user = subscriber_user.make()
|
||||
client.force_login(user)
|
||||
with assertNumQueries(7):
|
||||
# - 4 queries for authentication
|
||||
# - 3 queries for the actual data
|
||||
res = client.get(reverse("api:fetch_club", kwargs={"club_id": club.id}))
|
||||
assert res.status_code == 200
|
||||
|
Reference in New Issue
Block a user