[test] Added reusable tests for multi-tenant API

pandafy · pandafy · commit 80e742f580ac · 2025-05-26T22:37:11.000+05:30
diff --git a/openwisp_users/tests/test_api/__init__.py b/openwisp_users/tests/test_api/__init__.py
@@ -12,5 +12,159 @@ def _obtain_auth_token(self, username="operator", password="tester"):
         return response.data["token"]
 
 
-class APITestCase(TestMultitenantAdminMixin, AuthenticationMixin, TestCase):
+class TestMultitenantApiMixin(TestMultitenantAdminMixin):
+    def _test_access_shared_object(
+        self,
+        token,
+        listview_name=None,
+        listview_path=None,
+        detailview_name=None,
+        detailview_path=None,
+        create_payload=None,
+        update_payload=None,
+        expected_count=0,
+        expected_status_codes=None,
+    ):
+        auth = dict(HTTP_AUTHORIZATION=f'Bearer {token}')
+        create_payload = create_payload or {}
+        update_payload = update_payload or {}
+        expected_status_codes = expected_status_codes or {}
+
+        if listview_name or listview_path:
+            listview_path = listview_path or reverse(listview_name)
+            with self.subTest('HEAD and OPTION methods'):
+                response = self.client.head(listview_path, **auth)
+                self.assertEqual(response.status_code, expected_status_codes['head'])
+
+                response = self.client.options(listview_path, **auth)
+                self.assertEqual(response.status_code, expected_status_codes['option'])
+
+            with self.subTest('Create shared object'):
+                response = self.client.post(
+                    listview_path,
+                    data=create_payload,
+                    content_type='application/json',
+                    **auth,
+                )
+                self.assertEqual(response.status_code, expected_status_codes['create'])
+                if expected_status_codes['create'] == 400:
+                    self.assertEqual(
+                        str(response.data['organization'][0]),
+                        'This field may not be null.',
+                    )
+
+            with self.subTest('List all shared objects'):
+                response = self.client.get(listview_path, **auth)
+                self.assertEqual(response.status_code, expected_status_codes['list'])
+                data = response.data
+                if not isinstance(response.data, list):
+                    data = data.get('results', data)
+                self.assertEqual(len(data), expected_count)
+
+        if detailview_name or detailview_path:
+            if not detailview_path and listview_name and expected_count > 0:
+                detailview_path = reverse(detailview_name, args=[data[0]['id']])
+
+            with self.subTest('Retrieve shared object'):
+                response = self.client.get(detailview_path, **auth)
+                self.assertEqual(
+                    response.status_code, expected_status_codes['retrieve']
+                )
+
+            with self.subTest('Update shared object'):
+                response = self.client.put(
+                    detailview_path,
+                    data=update_payload,
+                    content_type='application/json',
+                    **auth,
+                )
+                self.assertEqual(response.status_code, expected_status_codes['update'])
+
+            with self.subTest('Delete shared object'):
+                response = self.client.delete(detailview_path, **auth)
+                self.assertEqual(response.status_code, expected_status_codes['delete'])
+
+    def _test_org_user_access_shared_object(
+        self,
+        listview_name=None,
+        listview_path=None,
+        detailview_name=None,
+        detailview_path=None,
+        create_payload=None,
+        update_payload=None,
+        expected_count=0,
+        expected_status_codes=None,
+        token=None,
+    ):
+        """
+        Non-superusers can only view shared objects.
+        They cannot create, update, or delete them.
+        """
+        if not token:
+            user = self._create_administrator(organizations=[self._get_org()])
+            token = self._obtain_auth_token(user.username, 'tester')
+        if not expected_status_codes:
+            expected_status_codes = {
+                'create': 400,
+                'list': 200,
+                'retrieve': 200,
+                'update': 403,
+                'delete': 403,
+                'head': 200,
+                'option': 200,
+            }
+        self._test_access_shared_object(
+            token=token,
+            listview_name=listview_name,
+            listview_path=listview_path,
+            detailview_name=detailview_name,
+            detailview_path=detailview_path,
+            create_payload=create_payload,
+            update_payload=update_payload,
+            expected_count=expected_count,
+            expected_status_codes=expected_status_codes,
+        )
+
+    def _test_superuser_access_shared_object(
+        self,
+        token,
+        listview_path=None,
+        listview_name=None,
+        detailview_path=None,
+        detailview_name=None,
+        create_payload=None,
+        update_payload=None,
+        expected_count=1,
+        expected_status_codes=None,
+    ):
+        """
+        Superusers can perform all operations on shared objects.
+        """
+        if not token:
+            user = self._create_admin()
+            token = self._obtain_auth_token(user.username, 'tester')
+        if not expected_status_codes:
+            expected_status_codes = {
+                'create': 201,
+                'list': 200,
+                'retrieve': 200,
+                'update': 200,
+                'delete': 204,
+                'head': 200,
+                'option': 200,
+            }
+        self._test_access_shared_object(
+            token=token,
+            listview_name=listview_name,
+            listview_path=listview_path,
+            detailview_name=detailview_name,
+            detailview_path=detailview_path,
+            create_payload=create_payload,
+            update_payload=update_payload,
+            expected_count=expected_count,
+            expected_status_codes=expected_status_codes,
+        )
+
+
+class APITestCase(TestMultitenantApiMixin, AuthenticationMixin, TestCase):
     pass
diff --git a/openwisp_users/tests/utils.py b/openwisp_users/tests/utils.py
@@ -240,7 +240,14 @@ def _test_recoverlist_operator_403(self, app_label, model_label):
         self.assertEqual(response.status_code, 403)
 
     def _test_org_admin_create_shareable_object(
-        self, path, payload, model, expected_count=0, error_message=None, user=None
+        self,
+        path,
+        payload,
+        model,
+        expected_count=0,
+        user=None,
+        error_message=None,
+        raises_error=True,
     ):
         """
         Verifies a non-superuser cannot create a shareable object
@@ -253,12 +260,13 @@ def _test_org_admin_create_shareable_object(
             data=payload,
             follow=True,
         )
-        error_message = error_message or (
-            '<div class="form-row errors field-organization">\n'
-            '            <ul class="errorlist"{}>'
-            '<li>This field is required.</li></ul>'
-        ).format(' id="id_organization_error"' if django.VERSION >= (5, 2) else '')
-        self.assertContains(response, error_message)
+        if raises_error:
+            error_message = error_message or (
+                '<div class="form-row errors field-organization">\n'
+                '            <ul class="errorlist"{}>'
+                '<li>This field is required.</li></ul>'
+            ).format(' id="id_organization_error"' if django.VERSION >= (5, 2) else '')
+            self.assertContains(response, error_message)
         self.assertEqual(model.objects.count(), expected_count)
 
     def _test_org_admin_view_shareable_object(
diff --git a/tests/testapp/tests/mixins.py b/tests/testapp/tests/mixins.py
@@ -1,10 +1,7 @@
-from openwisp_users.tests.test_api import AuthenticationMixin
-from openwisp_users.tests.utils import TestMultitenantAdminMixin
+from openwisp_users.tests.test_api import AuthenticationMixin, TestMultitenantApiMixin
 
 from .. import CreateMixin
 
 
-class TestMultitenancyMixin(
-    CreateMixin, TestMultitenantAdminMixin, AuthenticationMixin
-):
+class TestMultitenancyMixin(CreateMixin, TestMultitenantApiMixin, AuthenticationMixin):
     pass
diff --git a/tests/testapp/tests/test_filter_classes.py b/tests/testapp/tests/test_filter_classes.py
@@ -1,22 +1,22 @@
 from django.contrib.auth import get_user_model
-from django.test import TestCase
 from django.urls import reverse
 from packaging.version import parse as version_parse
 from rest_framework import VERSION as REST_FRAMEWORK_VERSION
 from swapper import load_model
 
 from openwisp_users.api.throttling import AuthRateThrottle
+from openwisp_users.tests.test_api import APITestCase
 from openwisp_utils.tests import AssertNumQueriesSubTestMixin
 
+from .. import CreateMixin
 from ..models import Book, Library, Shelf, Tag
-from .mixins import TestMultitenancyMixin
 
 OrganizationUser = load_model("openwisp_users", "OrganizationUser")
 OrganizationOwner = load_model("openwisp_users", "OrganizationOwner")
 User = get_user_model()
 
 
-class TestFilterClasses(AssertNumQueriesSubTestMixin, TestMultitenancyMixin, TestCase):
+class TestFilterClasses(AssertNumQueriesSubTestMixin, CreateMixin, APITestCase):
     def setUp(self):
         AuthRateThrottle.rate = 0
         self.shelf_model = Shelf
diff --git a/tests/testapp/tests/test_permission_classes.py b/tests/testapp/tests/test_permission_classes.py
