From 8f71bdac7aff62c28e275daa242a5c0eedb62309 Mon Sep 17 00:00:00 2001 From: Timothy Hobbs Date: Sun, 26 Nov 2023 12:52:10 +0000 Subject: [PATCH] Add tests for user_tickets api endpoint --- helpdesk/tests/test_api.py | 48 ++++++++++++++++++++++++++++++++++++++ helpdesk/views/api.py | 3 ++- 2 files changed, 50 insertions(+), 1 deletion(-) diff --git a/helpdesk/tests/test_api.py b/helpdesk/tests/test_api.py index 75bf895e..71e3c418 100644 --- a/helpdesk/tests/test_api.py +++ b/helpdesk/tests/test_api.py @@ -359,3 +359,51 @@ class TicketTest(APITestCase): created_followup.followupattachment_set.last().filename, 'file.jpg') self.assertEqual( created_followup.followupattachment_set.last().mime_type, 'image/jpg') + + +class UserTicketTest(APITestCase): + def setUp(self): + self.queue = Queue.objects.create(title='Test queue') + self.user = User.objects.create_user(username='test') + self.client.force_authenticate(self.user) + + def test_get_user_tickets(self): + user = User.objects.create_user(username='test2', email="foo@example.com") + ticket_1 = Ticket.objects.create( + queue=self.queue, title='Test 1', + submitter_email="foo@example.com") + ticket_2 = Ticket.objects.create( + queue=self.queue, title='Test 2', + submitter_email="bar@example.com") + ticket_3 = Ticket.objects.create( + queue=self.queue, title='Test 3', + submitter_email="foo@example.com") + self.client.force_authenticate(user) + response = self.client.get('/api/user_tickets/') + self.assertEqual(response.status_code, HTTP_200_OK) + self.assertEqual(len(response.data["results"]), 2) + self.assertEqual(response.data["results"][0]['id'], ticket_3.id) + self.assertEqual(response.data["results"][1]['id'], ticket_1.id) + + def test_staff_user(self): + staff_user = User.objects.create_user(username='test2', is_staff=True, email="staff@example.com") + ticket_1 = Ticket.objects.create( + queue=self.queue, title='Test 1', + submitter_email="staff@example.com") + ticket_2 = Ticket.objects.create( + queue=self.queue, title='Test 2', + submitter_email="foo@example.com") + self.client.force_authenticate(staff_user) + response = self.client.get('/api/user_tickets/') + self.assertEqual(response.status_code, HTTP_200_OK) + self.assertEqual(len(response.data["results"]), 1) + + def test_not_logged_in_user(self): + ticket_1 = Ticket.objects.create( + queue=self.queue, title='Test 1', + submitter_email="ex@example.com") + self.client.logout() + response = self.client.get('/api/user_tickets/') + self.assertEqual(response.status_code, HTTP_403_FORBIDDEN) + + diff --git a/helpdesk/views/api.py b/helpdesk/views/api.py index 4970e28d..6ee52a7f 100644 --- a/helpdesk/views/api.py +++ b/helpdesk/views/api.py @@ -3,7 +3,7 @@ from helpdesk.models import FollowUp, FollowUpAttachment, Ticket from helpdesk.serializers import FollowUpAttachmentSerializer, FollowUpSerializer, TicketSerializer, UserSerializer, PublicTicketListingSerializer from rest_framework import viewsets from rest_framework.mixins import CreateModelMixin -from rest_framework.permissions import IsAdminUser +from rest_framework.permissions import IsAdminUser, IsAuthenticated from rest_framework.viewsets import GenericViewSet from rest_framework.pagination import PageNumberPagination @@ -21,6 +21,7 @@ class UserTicketViewSet(viewsets.ReadOnlyModelViewSet): """ serializer_class = PublicTicketListingSerializer pagination_class = ConservativePagination + permission_classes = [IsAuthenticated] def get_queryset(self): return Ticket.objects.filter(submitter_email=self.request.user.email).order_by('-created')