From 2f17516893c33296e3ac90fe84d7db496018419e Mon Sep 17 00:00:00 2001 From: shamoon <4887959+shamoon@users.noreply.github.com> Date: Sun, 14 Apr 2024 00:05:22 -0700 Subject: [PATCH] Coverage --- src/documents/tests/test_api_documents.py | 23 +++++++++++++++++++++++ src/documents/views.py | 2 +- 2 files changed, 24 insertions(+), 1 deletion(-) diff --git a/src/documents/tests/test_api_documents.py b/src/documents/tests/test_api_documents.py index de95a71bf..9ae0b8bc3 100644 --- a/src/documents/tests/test_api_documents.py +++ b/src/documents/tests/test_api_documents.py @@ -420,6 +420,29 @@ class TestDocumentApi(DirectoriesMixin, DocumentConsumeDelayMixin, APITestCase): response = self.client.get(f"/api/documents/{doc.pk}/history/") self.assertEqual(response.status_code, status.HTTP_400_BAD_REQUEST) + def test_document_history_insufficient_perms(self): + """ + GIVEN: + - Audit log is disabled + WHEN: + - Document is updated + - Audit log is requested + THEN: + - Audit log returns HTTP 400 Bad Request + """ + user = User.objects.create_user(username="test") + user.user_permissions.add(*Permission.objects.filter(codename="view_document")) + self.client.force_login(user=user) + doc = Document.objects.create( + title="First title", + checksum="123", + mime_type="application/pdf", + owner=user, + ) + + response = self.client.get(f"/api/documents/{doc.pk}/history/") + self.assertEqual(response.status_code, status.HTTP_403_FORBIDDEN) + def test_document_filters(self): doc1 = Document.objects.create( title="none1", diff --git a/src/documents/views.py b/src/documents/views.py index 1890d0479..9504aabe7 100644 --- a/src/documents/views.py +++ b/src/documents/views.py @@ -743,7 +743,7 @@ class DocumentViewSet( return HttpResponseForbidden( "Insufficient permissions", ) - except Document.DoesNotExist: + except Document.DoesNotExist: # pragma: no cover raise Http404 if request.method == "GET":