This commit is contained in:
shamoon 2024-04-14 00:05:22 -07:00
parent e25f361907
commit 2f17516893
2 changed files with 24 additions and 1 deletions

View File

@ -420,6 +420,29 @@ class TestDocumentApi(DirectoriesMixin, DocumentConsumeDelayMixin, APITestCase):
response = self.client.get(f"/api/documents/{doc.pk}/history/")
self.assertEqual(response.status_code, status.HTTP_400_BAD_REQUEST)
def test_document_history_insufficient_perms(self):
"""
GIVEN:
- Audit log is disabled
WHEN:
- Document is updated
- Audit log is requested
THEN:
- Audit log returns HTTP 400 Bad Request
"""
user = User.objects.create_user(username="test")
user.user_permissions.add(*Permission.objects.filter(codename="view_document"))
self.client.force_login(user=user)
doc = Document.objects.create(
title="First title",
checksum="123",
mime_type="application/pdf",
owner=user,
)
response = self.client.get(f"/api/documents/{doc.pk}/history/")
self.assertEqual(response.status_code, status.HTTP_403_FORBIDDEN)
def test_document_filters(self):
doc1 = Document.objects.create(
title="none1",

View File

@ -743,7 +743,7 @@ class DocumentViewSet(
return HttpResponseForbidden(
"Insufficient permissions",
)
except Document.DoesNotExist:
except Document.DoesNotExist: # pragma: no cover
raise Http404
if request.method == "GET":