Develop tests and document '/api/groups/group_info/'

HadleyKing · HadleyKing · commit d811fa443ec6 · 2023-10-17T15:05:06.000-04:00
Fix #176 Changes to be committed: modified: api/model/groups.py modified: api/views.py new file: tests/test_views/test_api_groups_group_info.py
diff --git a/api/model/groups.py b/api/model/groups.py
@@ -41,37 +41,41 @@ def post_api_groups_info(request):
     """Retrieve Group information by user"""
 
     user = usr_utils.user_from_request(request=request)
-    bulk_request = request.data["POST_api_groups_info"]
-    group_info = []
 
-    for index, value in enumerate(bulk_request["names"]):
-        group = Group.objects.get(name=value)
+    try:
+        bulk_request = request.data["POST_api_groups_info"]
+    
+        group_info = []
 
-        try:
-            admin = GroupInfo.objects.get(group=value).owner_user == user
-            description = GroupInfo.objects.get(group=value).description
-        except GroupInfo.DoesNotExist:
-            admin = False
-            description = "N/A"
+        for index, value in enumerate(bulk_request["names"]):
+            group = Group.objects.get(name=value)
 
-        group_permissions = list(
-            group.permissions.all().values_list("codename", flat=True)
-        )
-        group_members = list(group.user_set.all().values_list("username", flat=True))
-        group_info.append(
-            {
-                "name": group.name,
-                "permissions": group_permissions,
-                "members": group_members,
-                "admin": admin,
-                "description": description,
-            }
+            try:
+                admin = GroupInfo.objects.get(group=value).owner_user == user
+                description = GroupInfo.objects.get(group=value).description
+            except GroupInfo.DoesNotExist:
+                admin = False
+                description = "N/A"
+
+            group_permissions = list(
+                group.permissions.all().values_list("codename", flat=True)
+            )
+            group_members = list(group.user_set.all().values_list("username", flat=True))
+            group_info.append(
+                {
+                    "name": group.name,
+                    "permissions": group_permissions,
+                    "members": group_members,
+                    "admin": admin,
+                    "description": description,
+                }
+            )
+    except Exception as error:
+        return Response(
+            status=status.HTTP_400_BAD_REQUEST,
+            data={"message": "Bad request. Request is not formatted correctly."}
         )
 
-    #  print(usr_utils.get_user_groups_by_username(un=username))
-    # user.get_all_permissions()
-    # user.get_group_permissions()
-    print(group_info)
     return Response(status=status.HTTP_200_OK, data=group_info)
 
 
diff --git a/api/views.py b/api/views.py
@@ -252,7 +252,17 @@ class ApiGroupsInfo(APIView):
     --------------------
 
     This API call checks a user's groups and permissions in ths system.  The User token is
-    required but all other parameters are optional.
+    required.
+    
+    ```JSON
+    {
+        "POST_api_groups_info": {
+            "names": [
+                "bco_drafter", "bco_publisher"
+            ]
+        }
+    }
+    ```
     """
 
     POST_api_groups_info_schema = openapi.Schema(
@@ -279,14 +289,13 @@ class ApiGroupsInfo(APIView):
     @swagger_auto_schema(
         request_body=request_body,
         responses={
-            200: "Authorization is successful. Group permissions returned",
-            400: "Bad request.  Authorization is not provided in the request headers.",
-            401: "Unauthorized. Authentication credentials were not valid.",
+            200: "Success. Group permissions returned",
+            400: "Bad request. Request is not formatted correctly.",
+            403: "Forbidden. Invalid token or authentication credentials were not provided.",
         },
         tags=["Group Management"],
     )
     def post(self, request):
-        """Post?"""
         return check_post_and_process(request, post_api_groups_info)
 
 
diff --git a/tests/test_views/test_api_groups_group_info.py b/tests/test_views/test_api_groups_group_info.py
@@ -0,0 +1,89 @@
+#!/usr/bin/env python3
+
+"""Group info
+Tests for 'Success. Group permissions returned (200)', 'Forbidden. Invalid
+token. (403)', Forbidden response (400)
+"""
+
+
+from django.test import TestCase
+from rest_framework.test import APIClient
+from rest_framework.authtoken.models import Token
+from django.contrib.auth.models import User
+from api.model.groups import GroupInfo, Group
+
+
+class GroupInfoAPITestCase(TestCase):
+    fixtures = ['tests/fixtures/test_data']
+
+    def setUp(self):
+        self.client = APIClient()
+
+    def test_success_response(self):
+        """Tests for 'Success. Group permissions returned (200)'
+        """
+
+        token = Token.objects.get(user=User.objects.get(username='test50')).key
+
+        data = {
+            "POST_api_groups_info": {
+                "names": [
+                    "bco_drafter", "bco_publisher", "test50", "test_drafter", "other_drafter"
+                ]
+            }
+        }
+        
+        self.client.credentials(HTTP_AUTHORIZATION='Token ' + token)
+        response = self.client.post('/api/groups/group_info/', data=data, format='json')
+
+        self.assertEqual(response.status_code, 200)
+        self.assertEqual(len(response.json()), 5)
+
+    def test_unauthorized(self):
+        """Tests for 'Forbidden. Invalid token. (403)'
+        """
+
+        data = {
+            "POST_api_groups_info": {
+                "names": [
+                    "bco_drafter", "bco_publisher", "test50", "test_drafter"
+                ]
+            }
+        }
+
+        response = self.client.post('/api/groups/group_info/', data=data, format='json')
+        self.assertEqual(response.status_code, 403)
+
+    def test_unauthorized_response(self):
+        """
+        """
+
+        data = {
+            "POST_api_groups_info": {
+                "names": [
+                    "bco_drafter", "bco_publisher", "test50", "test_drafter"
+                ]
+            }
+        }
+
+        self.client.credentials(HTTP_AUTHORIZATION='Token InvalidToken')
+        response = self.client.post('/api/groups/group_info/', data=data, format='json')
+        self.assertEqual(response.status_code, 403)
+
+    def test_bad_request(self):
+        """
+        """
+        
+        token = Token.objects.get(user=User.objects.get(username='test50')).key
+        
+        data = {
+            "POST_api_groups_info": {
+                "bad_names": {
+                    "bco_drafter", "bco_publisher", "test50", "test_drafter"
+                }
+            }
+        }
+
+        self.client.credentials(HTTP_AUTHORIZATION='Token ' + token)
+        response = self.client.post('/api/groups/group_info/', data=data, format='json')
+        self.assertEqual(response.status_code, 400)
