✅ added tests for put and patch action for document api, and updated …

…the DocumentApiAuthorizationAndPermissionTests to include the unsafe actions
GPP-Woo · Nov 14, 2024 · b17d733 · b17d733
1 parent 9d57078
commit b17d733
Show file tree

Hide file tree

Showing 2 changed files with 142 additions and 0 deletions.
diff --git a/src/woo_publications/publications/tests/test_api_logging.py b/src/woo_publications/publications/tests/test_api_logging.py
@@ -352,6 +352,66 @@ def test_detail_logging(self):
         }
         self.assertEqual(log.extra_data, expected_data)
 
+    def test_update_documentation(self):
+        assert not TimelineLogProxy.objects.exists()
+        publication = PublicationFactory.create()
+        with freeze_time("2024-09-27T12:00:00-00:00"):
+            document = DocumentFactory.create(
+                publicatie=publication,
+                publicatiestatus=PublicationStatusOptions.concept,
+                identifier="document-1",
+                officiele_titel="title one",
+                verkorte_titel="one",
+                omschrijving="Lorem ipsum dolor sit amet, consectetur adipiscing elit.",
+                creatiedatum="2024-01-01",
+            )
+
+        detail_url = reverse(
+            "api:document-detail",
+            kwargs={"uuid": str(document.uuid)},
+        )
+
+        data = {
+            "officieleTitel": "changed officiele_title",
+            "verkorteTitel": "changed verkorte_title",
+            "omschrijving": "changed omschrijving",
+            "publicatiestatus": PublicationStatusOptions.published,
+        }
+
+        with freeze_time("2024-09-27T12:00:00-00:00"):
+            response = self.client.put(detail_url, data, headers=AUDIT_HEADERS)
+
+        self.assertEqual(response.status_code, status.HTTP_200_OK)
+        log = TimelineLogProxy.objects.get()
+        expected_data = {
+            "event": Events.update,
+            "remarks": "remark",
+            "acting_user": {"identifier": "id", "display_name": "username"},
+            "object_data": {
+                "bestandsformaat": "unknown",
+                "bestandsnaam": "unknown.bin",
+                "bestandsomvang": 0,
+                "creatiedatum": "2024-01-01",
+                "document_service": None,
+                "document_uuid": None,
+                "id": document.pk,
+                "identifier": "document-1",
+                "laatst_gewijzigd_datum": "2024-09-27T12:00:00Z",
+                "lock": "",
+                "officiele_titel": "changed officiele_title",
+                "omschrijving": "changed omschrijving",
+                "publicatie": publication.pk,
+                "publicatiestatus": PublicationStatusOptions.published,
+                "registratiedatum": "2024-09-27T12:00:00Z",
+                "soort_handeling": DocumentActionTypeOptions.declared,
+                "uuid": str(document.uuid),
+                "verkorte_titel": "changed verkorte_title",
+            },
+            "_cached_object_repr": "changed officiele_title",
+        }
+
+        self.assertEqual(log.extra_data, expected_data)
+
     @patch("woo_publications.publications.api.viewsets.get_client")
     def test_download_logging(self, mock_get_client):
         # mock out the actual download, we don't care about the main result, only about

diff --git a/src/woo_publications/publications/tests/test_document_api_endpoints.py b/src/woo_publications/publications/tests/test_document_api_endpoints.py
@@ -51,6 +51,21 @@ def test_403_when_audit_headers_are_missing(self):
 
             self.assertEqual(response.status_code, status.HTTP_403_FORBIDDEN)
 
+        with self.subTest(action="put"):
+            response = self.client.put(detail_endpoint, headers={})
+
+            self.assertEqual(response.status_code, status.HTTP_403_FORBIDDEN)
+
+        with self.subTest(action="patch"):
+            response = self.client.patch(detail_endpoint, headers={})
+
+            self.assertEqual(response.status_code, status.HTTP_403_FORBIDDEN)
+
+        with self.subTest(action="post"):
+            response = self.client.post(detail_endpoint, headers={})
+
+            self.assertEqual(response.status_code, status.HTTP_403_FORBIDDEN)
+
     def test_api_key_result_in_301_with_wrong_credentials(self):
         document = DocumentFactory.create()
         list_url = reverse("api:document-list")
@@ -61,6 +76,9 @@ def test_api_key_result_in_301_with_wrong_credentials(self):
 
         self.assertWrongApiKeyProhibitsGetEndpointAccess(list_url)
         self.assertWrongApiKeyProhibitsGetEndpointAccess(detail_url)
+        self.assertWrongApiKeyProhibitsPutEndpointAccess(detail_url)
+        self.assertWrongApiKeyProhibitsPatchEndpointAccess(detail_url)
+        self.assertWrongApiKeyProhibitsPostEndpointAccess(list_url)
 
 
 class DocumentApiReadTests(TokenAuthMixin, APITestCase):
@@ -457,6 +475,70 @@ def test_read_endpoints_document_registered_in_documenten_api(self):
             self.assertIsNone(response.json()["bestandsdelen"])
 
 
+class DocumentApiMetaDataUpdateTests(TokenAuthMixin, APITestCase):
+    def test_update_document(self):
+        document = DocumentFactory.create(
+            publicatiestatus=PublicationStatusOptions.concept,
+            identifier="document-1",
+            officiele_titel="title one",
+            verkorte_titel="one",
+            omschrijving="Lorem ipsum dolor sit amet, consectetur adipiscing elit.",
+            creatiedatum="2024-01-01",
+        )
+
+        body = {
+            "officieleTitel": "changed officiele_title",
+            "verkorteTitel": "changed verkorte_title",
+            "omschrijving": "changed omschrijving",
+            "publicatiestatus": PublicationStatusOptions.published,
+        }
+
+        detail_url = reverse(
+            "api:document-detail",
+            kwargs={"uuid": str(document.uuid)},
+        )
+
+        response = self.client.put(detail_url, data=body, headers=AUDIT_HEADERS)
+
+        self.assertEqual(response.status_code, status.HTTP_200_OK)
+
+        response_data = response.json()
+
+        self.assertEqual(response_data["officieleTitel"], "changed officiele_title")
+        self.assertEqual(response_data["verkorteTitel"], "changed verkorte_title")
+        self.assertEqual(response_data["omschrijving"], "changed omschrijving")
+        self.assertEqual(
+            response_data["publicatiestatus"], PublicationStatusOptions.published
+        )
+
+    def test_partial_update_document(self):
+        document = DocumentFactory.create(
+            publicatiestatus=PublicationStatusOptions.concept,
+            identifier="document-1",
+            officiele_titel="title one",
+            verkorte_titel="one",
+            omschrijving="Lorem ipsum dolor sit amet, consectetur adipiscing elit.",
+            creatiedatum="2024-01-01",
+        )
+
+        body = {
+            "officieleTitel": "changed officiele_title",
+        }
+
+        detail_url = reverse(
+            "api:document-detail",
+            kwargs={"uuid": str(document.uuid)},
+        )
+
+        response = self.client.patch(detail_url, data=body, headers=AUDIT_HEADERS)
+
+        self.assertEqual(response.status_code, status.HTTP_200_OK)
+
+        response_data = response.json()
+
+        self.assertEqual(response_data["officieleTitel"], "changed officiele_title")
+
+
 @override_settings(ALLOWED_HOSTS=["testserver", "host.docker.internal"])
 class DocumentApiCreateTests(VCRMixin, TokenAuthMixin, APITestCase):
     """