adapt CanAccessLookup to api key auth

This commit is contained in:
imperosol
2025-05-20 21:04:49 +02:00
parent b5d65133f3
commit 52e53da9ef
10 changed files with 75 additions and 9 deletions

View File

@ -8,7 +8,7 @@ from ninja_extra.schemas import PaginatedResponseSchema
from apikey.auth import ApiKeyAuth
from club.models import Club
from club.schemas import ClubSchema
from club.schemas import ClubSchema, SimpleClubSchema
from core.auth.api_permissions import CanAccessLookup, HasPerm
@ -16,8 +16,10 @@ from core.auth.api_permissions import CanAccessLookup, HasPerm
class ClubController(ControllerBase):
@route.get(
"/search",
response=PaginatedResponseSchema[ClubSchema],
response=PaginatedResponseSchema[SimpleClubSchema],
auth=[SessionAuth(), ApiKeyAuth()],
permissions=[CanAccessLookup],
url_name="search_club",
)
@paginate(PageNumberPaginationExtra, page_size=50)
def search_club(self, search: Annotated[str, MinLen(1)]):
@ -28,6 +30,7 @@ class ClubController(ControllerBase):
response=ClubSchema,
auth=[SessionAuth(), ApiKeyAuth()],
permissions=[HasPerm("club.view_club")],
url_name="fetch_club",
)
def fetch_club(self, club_id: int):
return self.get_object_or_exception(

View File

@ -1,16 +1,21 @@
import pytest
from django.test import Client
from django.urls import reverse
from model_bakery import baker
from ninja_extra.testing import TestClient
from pytest_django.asserts import assertNumQueries
from club.api import ClubController
from club.models import Club, Membership
from core.baker_recipes import subscriber_user
@pytest.mark.django_db
def test_fetch_club():
def test_fetch_club(client: Client):
club = baker.make(Club)
baker.make(Membership, club=club, _quantity=10, _bulk_create=True)
with assertNumQueries(3):
res = TestClient(ClubController).get(f"/{club.id}")
user = subscriber_user.make()
client.force_login(user)
with assertNumQueries(7):
# - 4 queries for authentication
# - 3 queries for the actual data
res = client.get(reverse("api:fetch_club", kwargs={"club_id": club.id}))
assert res.status_code == 200