Python rest_framework.status.HTTP_405_METHOD_NOT_ALLOWED Examples
The following are 30
code examples of rest_framework.status.HTTP_405_METHOD_NOT_ALLOWED().
You can vote up the ones you like or vote down the ones you don't like,
and go to the original project or source file by following the links above each example.
You may also want to check out all available functions/classes of the module
rest_framework.status
, or try the search function
.
.
Example #1
| Source File: testUserViewSet.py From GenericCDSS with GNU General Public License v3.0 | 6 votes |
|
def test_active_user(self):
'''
Try to activate a user, where only staff is allowed
'''
response = self.client.post('/api/account/register/', self.userData, format='json')
self.assertEqual(response.status_code, status.HTTP_201_CREATED) # Check if response is created
user = User.objects.get(username=self.userName)
#Unauthenticated
response = self.client.post('/api/account/activateUser/', { "email":user.email}, format='json')
#self.assertEqual(response.status_code, status.HTTP_401_UNAUTHORIZED) # Check if response is not authorized
#Normal user authenticated
self.client.force_authenticate(self.simpleUser)
response = self.client.post('/api/account/activateUser/', {"email": user.email}, format='json')
#self.assertEqual(response.status_code, status.HTTP_401_UNAUTHORIZED) # Check if response is not authorized
self.client.logout()
#Staff authenticated
self.client.force_authenticate(self.admin)
response = self.client.post('/api/account/activateUser/', {"email": user.email}, format='json')
self.assertEqual(response.status_code, status.HTTP_200_OK) # Check if response is ok
response = self.client.post('/api/account/activateUser/', {"email": user.email}, format='json')
#self.assertEqual(response.status_code, status.HTTP_405_METHOD_NOT_ALLOWED) # Check if response is method is not allowed
Example #2
| Source File: test_productdb_api_views.py From product-database with MIT License | 6 votes |
|
def test_delete_access_with_permission(self):
id = self.create_test_product_list()
test_user = "user"
u = User.objects.create_user(test_user, "", test_user)
p = Permission.objects.get(codename="delete_productlist")
assert p is not None
u.user_permissions.add(p)
u.save()
assert u.has_perm("productdb.delete_productlist")
client = APIClient()
client.login(username=test_user, password=test_user)
response = client.delete(REST_PRODUCTLIST_DETAIL % id)
assert response.status_code == status.HTTP_405_METHOD_NOT_ALLOWED, "API endpoint is always read only"
assert response.json() == {'detail': 'Method "DELETE" not allowed.'}
assert ProductList.objects.count() == 1, "no product list was deleted"
Example #3
| Source File: test_productdb_api_views.py From product-database with MIT License | 6 votes |
|
def test_add_access_with_permission(self):
"""add action through API for Product List not supported"""
self.create_test_data()
test_user = "user"
test_product_list_id = "Test Product List"
u = User.objects.create_user(test_user, "", test_user)
p = Permission.objects.get(codename="add_productlist")
assert p is not None
u.user_permissions.add(p)
u.save()
assert u.has_perm("productdb.add_productlist")
client = APIClient()
client.login(username=test_user, password=test_user)
# create with name
response = client.post(REST_PRODUCTLIST_LIST, data={"name": test_product_list_id})
assert response.status_code == status.HTTP_405_METHOD_NOT_ALLOWED
assert response.json() == {'detail': 'Method "POST" not allowed.'}
assert ProductList.objects.count() == 0, "no product list was created"
Example #4
| Source File: test_productdb_api_views.py From product-database with MIT License | 6 votes |
|
def test_delete_access_with_permission(self):
test_user = "user"
u = User.objects.create_user(test_user, "", test_user)
p = Permission.objects.get(codename="delete_productmigrationsource")
assert p is not None
u.user_permissions.add(p)
u.save()
assert u.has_perm("productdb.delete_productmigrationsource")
models.ProductMigrationSource.objects.create(name="source")
client = APIClient()
client.login(username=test_user, password=test_user)
response = client.delete(REST_PRODUCTMIGRATIONSOURCE_DETAIL % 1)
assert response.status_code == status.HTTP_405_METHOD_NOT_ALLOWED, "API endpoint is always read only"
assert response.json() == {'detail': 'Method "DELETE" not allowed.'}
assert ProductMigrationSource.objects.count() == 1, "no product migration source was deleted"
Example #5
| Source File: test_productdb_api_views.py From product-database with MIT License | 6 votes |
|
def test_change_access_with_permission(self):
# create a user with permissions
test_user = "user"
u = User.objects.create_user(test_user, "", test_user)
p = Permission.objects.get(codename="change_productmigrationsource")
assert p is not None
u.user_permissions.add(p)
u.save()
assert u.has_perm("productdb.change_productmigrationsource")
models.ProductMigrationSource.objects.create(name="foo")
client = APIClient()
client.login(username=test_user, password=test_user)
response = client.put(REST_PRODUCTMIGRATIONSOURCE_DETAIL % 1, data={"name": "renamed product migration source"})
assert response.status_code == status.HTTP_405_METHOD_NOT_ALLOWED, "API endpoint is always read only"
assert response.json() == {'detail': 'Method "PUT" not allowed.'}
Example #6
| Source File: test_productdb_api_views.py From product-database with MIT License | 6 votes |
|
def test_add_access_with_permission(self):
test_user = "user"
u = User.objects.create_user(test_user, "", test_user)
p = Permission.objects.get(codename="add_productmigrationsource")
assert p is not None
u.user_permissions.add(p)
u.save()
assert u.has_perm("productdb.add_productmigrationsource")
client = APIClient()
client.login(username=test_user, password=test_user)
response = client.post(REST_PRODUCTMIGRATIONSOURCE_LIST, data={"name": "Awesome Product Migration Source"})
assert response.status_code == status.HTTP_405_METHOD_NOT_ALLOWED, "API endpoint is always read only"
assert response.json() == {'detail': 'Method "POST" not allowed.'}
assert ProductMigrationSource.objects.count() == 0, "no additional vendor is created"
Example #7
| Source File: tests.py From securethenews with GNU Affero General Public License v3.0 | 6 votes |
|
def test_forbidden_actions(self):
"""
<api root>/sites/ should not permit POST, PUT or DELETE operations
"""
url = urljoin(urlroot, 'sites/securethe.news/')
response1 = self.client.post(
url, json={'name': 'Insecure the News?',
'domain': 'insecurethe.news'})
self.assertEqual(response1.status_code,
status.HTTP_405_METHOD_NOT_ALLOWED)
response2 = self.client.delete(url)
self.assertEqual(response2.status_code,
status.HTTP_405_METHOD_NOT_ALLOWED)
url = urljoin(urlroot, 'sites/insecurethe.news/')
response3 = self.client.put(
url, json={'name': 'Insecure the News?',
'domain': 'insecurethe.news'})
self.assertEqual(response3.status_code,
status.HTTP_405_METHOD_NOT_ALLOWED)
Example #8
| Source File: test_productdb_api_views.py From product-database with MIT License | 6 votes |
|
def test_delete_access_with_permission(self):
test_user = "user"
u = User.objects.create_user(test_user, "", test_user)
p = Permission.objects.get(codename="delete_productmigrationoption")
assert p is not None
u.user_permissions.add(p)
u.save()
assert u.has_perm("productdb.delete_productmigrationoption")
models.ProductMigrationOption.objects.create(
product=models.Product.objects.create(product_id="test pid"),
migration_source=models.ProductMigrationSource.objects.create(name="test")
)
client = APIClient()
client.login(username=test_user, password=test_user)
response = client.delete(REST_PRODUCTMIGRATIONOPTION_DETAIL % 1)
assert response.status_code == status.HTTP_405_METHOD_NOT_ALLOWED, "API endpoint is always read only"
assert response.json() == {'detail': 'Method "DELETE" not allowed.'}
assert ProductMigrationOption.objects.count() == 1, "no product migration option was deleted"
Example #9
| Source File: test_productdb_api_views.py From product-database with MIT License | 6 votes |
|
def test_add_access_with_permission(self):
test_user = "user"
u = User.objects.create_user(test_user, "", test_user)
p = Permission.objects.get(codename="add_productmigrationoption")
assert p is not None
u.user_permissions.add(p)
u.save()
assert u.has_perm("productdb.add_productmigrationoption")
client = APIClient()
client.login(username=test_user, password=test_user)
response = client.post(REST_PRODUCTMIGRATIONOPTION_LIST,
data={"replacement_id": "Awesome Product Migration Option"})
assert response.status_code == status.HTTP_405_METHOD_NOT_ALLOWED, "API endpoint is always read only"
assert response.json() == {'detail': 'Method "POST" not allowed.'}
assert ProductMigrationOption.objects.count() == 0, "no additional product migration option is created"
Example #10
| Source File: test_productdb_api_views.py From product-database with MIT License | 6 votes |
|
def test_delete_access_with_permission(self):
test_user = "user"
u = User.objects.create_user(test_user, "", test_user)
p = Permission.objects.get(codename="delete_vendor")
assert p is not None
u.user_permissions.add(p)
u.save()
assert u.has_perm("productdb.delete_vendor")
client = APIClient()
client.login(username=test_user, password=test_user)
response = client.delete(REST_VENDOR_DETAIL % 1)
assert response.status_code == status.HTTP_405_METHOD_NOT_ALLOWED, "API endpoint is always read only"
assert response.json() == {'detail': 'Method "DELETE" not allowed.'}
assert Vendor.objects.count() == 3, "no vendor was deleted"
Example #11
| Source File: test_productdb_api_views.py From product-database with MIT License | 6 votes |
|
def test_change_access_with_permission(self):
# create a user with permissions
test_user = "user"
u = User.objects.create_user(test_user, "", test_user)
p = Permission.objects.get(codename="change_vendor")
assert p is not None
u.user_permissions.add(p)
u.save()
assert u.has_perm("productdb.change_vendor")
client = APIClient()
client.login(username=test_user, password=test_user)
response = client.put(REST_VENDOR_DETAIL % 1, data={"name": "renamed vendor"})
assert response.status_code == status.HTTP_405_METHOD_NOT_ALLOWED, "API endpoint is always read only"
assert response.json() == {'detail': 'Method "PUT" not allowed.'}
Example #12
| Source File: views.py From bennedetto with GNU General Public License v3.0 | 6 votes |
|
def membership(self, request, **kwargs):
if request.method == 'POST':
email = request.data.get('email', None)
if not email:
return Response('email required', status=400)
if User.objects.filter(email=email).exists():
return Response('user already has account', status=400)
family = request.user.membership.family
family.invite_user_to_family(email=email)
return Response('user invited', status=201)
elif request.method == 'GET':
family = request.user.membership.family
members = Membership.objects \
.select_related('user') \
.filter(family=family)
data = MembershipSerializer(members, many=True).data
return Response(data)
else:
return Response('Method not allowed', status=status.HTTP_405_METHOD_NOT_ALLOWED)
Example #13
| Source File: test_productdb_api_views.py From product-database with MIT License | 6 votes |
|
def test_add_access_with_permission(self):
test_user = "user"
u = User.objects.create_user(test_user, "", test_user)
p = Permission.objects.get(codename="add_vendor")
assert p is not None
u.user_permissions.add(p)
u.save()
assert u.has_perm("productdb.add_vendor")
client = APIClient()
client.login(username=test_user, password=test_user)
response = client.post(REST_VENDOR_LIST, data={"name": "Awesome Vendor"})
assert response.status_code == status.HTTP_405_METHOD_NOT_ALLOWED, "API endpoint is always read only"
assert response.json() == {'detail': 'Method "POST" not allowed.'}
assert Vendor.objects.count() == 3, "no additional vendor is created"
Example #14
| Source File: views.py From django-project with BSD 3-Clause "New" or "Revised" License | 6 votes |
|
def follow(self, request, pk, **kwargs):
obj = self.queryset.get(id=int(pk))
#follow, created = Follow.objects.get_or_create(request.user, obj)
can_change_follow = True
if hasattr(self, 'can_change_follow'):
can_change_follow = self.can_change_follow(request.user, obj)
if can_change_follow:
if request.method == 'DELETE':
if Follow.objects.is_following(request.user, obj):
fol = follow.utils.unfollow(request.user, obj)
signals.unfollow.send(FollowingModelViewSet, follower=request.user, followee=obj)
return Response(status=status.HTTP_205_RESET_CONTENT)
elif request.method == 'POST':
if not Follow.objects.is_following(request.user, obj):
fol = follow.utils.follow(request.user, obj)
signals.follow.send(FollowingModelViewSet, follower=request.user, followee=obj)
return Response(status=status.HTTP_201_CREATED)
else:
return Response(status=status.HTTP_405_METHOD_NOT_ALLOWED)
Example #15
| Source File: test_api_submissions.py From kpi with GNU Affero General Public License v3.0 | 6 votes |
|
def test_cannot_create_submission(self):
v_uid = self.asset.latest_deployed_version.uid
submission = {
"q1": "a5",
"q2": "a6",
}
# Owner
response = self.client.post(self.submission_url, data=submission)
self.assertEqual(response.status_code, status.HTTP_405_METHOD_NOT_ALLOWED)
# Shared
self._share_with_another_user()
self._log_in_as_another_user()
response = self.client.post(self.submission_url, data=submission)
self.assertEqual(response.status_code, status.HTTP_403_FORBIDDEN)
# Anonymous
self.client.logout()
response = self.client.post(self.submission_url, data=submission)
self.assertEqual(response.status_code, status.HTTP_404_NOT_FOUND)
Example #16
| Source File: test_models.py From rematch with GNU General Public License v3.0 | 6 votes |
|
def test_model_creation(admin_api_client, admin_user, model_name):
model_data = setup_model(model_name, admin_user)
response = admin_api_client.post('/collab/{}/'.format(model_name),
data=model_data,
HTTP_ACCEPT='application/json')
# Manually handle matches, where API does not allow creation or
# modification of objects, as they're read only
if model_name == "matches":
assert_response(response, status.HTTP_405_METHOD_NOT_ALLOWED)
return
assert_response(response, status.HTTP_201_CREATED)
projects_created = [response.data]
response = admin_api_client.get('/collab/{}/'.format(model_name),
HTTP_ACCEPT="application/json")
assert_response(response, status.HTTP_200_OK, projects_created)
Example #17
| Source File: test_api_security_users.py From tfrs with Apache License 2.0 | 6 votes |
|
def test_delete(self):
"""Test that deleting users is not a semantically valid action"""
url = "/api/users/{0!s}"
all_users = self.users
expected_results = defaultdict(lambda: {
'status': [status.HTTP_405_METHOD_NOT_ALLOWED,
status.HTTP_403_FORBIDDEN],
'reason': "Default response should be no access"})
for user in all_users:
with self.subTest(
user=user,
expected_statuses=expected_results[(user,)]['status'],
reason=expected_results[(user,)]['reason']):
user_that_exists = DataCreationUtilities.create_test_user()
response = self.clients[user].delete(
url.format(user_that_exists['id']))
logging.debug(response)
self.assertIn(
response.status_code, expected_results[(user,)]['status'])
Example #18
| Source File: tests.py From product-definition-center with MIT License | 5 votes |
|
def test_delete_sigkey(self):
url = reverse('sigkey-detail', kwargs={'key_id': '1234adbf'})
response = self.client.delete(url, format='json')
self.assertEqual(response.status_code, status.HTTP_405_METHOD_NOT_ALLOWED)
Example #19
| Source File: tests.py From product-definition-center with MIT License | 5 votes |
|
def test_delete_rpm_should_not_be_allowed(self):
url = reverse('rpms-detail', args=[1])
response = self.client.delete(url, format='json')
self.assertEqual(response.status_code, status.HTTP_405_METHOD_NOT_ALLOWED)
Example #20
| Source File: tests.py From product-definition-center with MIT License | 5 votes |
|
def test_import_via_get(self):
data = {'garbage': 'really'}
response = self.client.get(reverse('releaseimportcomposeinfo-list'), data, format='json')
self.assertEqual(response.status_code, status.HTTP_405_METHOD_NOT_ALLOWED)
Example #21
| Source File: tests.py From product-definition-center with MIT License | 5 votes |
|
def test_build_image_test_result_should_not_be_deleted(self):
url = reverse('buildimagertttests-detail', args=['my-server-docker-1.0-27/docker'])
response = self.client.delete(url, format='json')
self.assertEqual(response.status_code, status.HTTP_405_METHOD_NOT_ALLOWED)
Example #22
| Source File: test_object_view.py From DjangoRestMultipleModels with MIT License | 5 votes |
|
def test_post(self):
"""
POST requests should throw a 405 Error
"""
view = BasicObjectView.as_view()
data = {'fake': 'data'}
request = factory.post('/', data, format='json')
with self.assertNumQueries(0):
response = view(request).render()
self.assertEqual(response.status_code, status.HTTP_405_METHOD_NOT_ALLOWED)
self.assertEqual(response.data, {"detail": 'Method "POST" not allowed.'})
Example #23
| Source File: tests.py From product-definition-center with MIT License | 5 votes |
|
def test_build_image_test_result_should_not_be_created(self):
url = reverse('buildimagertttests-list')
data = {'build_nvr': 'fake_nvr', 'format': 'iso', 'test_result': 'untested'}
response = self.client.post(url, data, format='json')
self.assertEqual(response.data, {u'detail': u'Method "POST" not allowed.'})
self.assertEqual(response.status_code, status.HTTP_405_METHOD_NOT_ALLOWED)
Example #24
| Source File: tests.py From product-definition-center with MIT License | 5 votes |
|
def test_can_not_perform_full_update(self):
response = self.client.put(reverse('composeimagertttests-detail',
args=['compose-1/Server/x86_64/image-1']), {})
self.assertEqual(response.status_code, status.HTTP_405_METHOD_NOT_ALLOWED)
Example #25
| Source File: test_productdb_api_views.py From product-database with MIT License | 5 votes |
|
def test_delete_unassigned_vendor_as_superuser(self):
# not possible due to limitations in the model implementation
client = APIClient()
client.login(**SUPER_USER)
response = client.delete(REST_VENDOR_DETAIL % 0)
assert response.status_code == status.HTTP_405_METHOD_NOT_ALLOWED, "API endpoint is always read only"
assert response.json() == {'detail': 'Method "DELETE" not allowed.'}
assert Vendor.objects.count() == 3, "no vendor was deleted"
Example #26
| Source File: tests.py From product-definition-center with MIT License | 5 votes |
|
def test_can_not_perform_full_update(self):
response = self.client.put(reverse('composetreelocations-detail',
args=['compose-1/Server/x86_64/NAY/nfs']), {})
self.assertEqual(response.status_code, status.HTTP_405_METHOD_NOT_ALLOWED)
Example #27
| Source File: tests.py From product-definition-center with MIT License | 5 votes |
|
def test_can_not_perform_full_update(self):
response = self.client.put(reverse('compose-detail', args=['compose-1']), {})
self.assertEqual(response.status_code, status.HTTP_405_METHOD_NOT_ALLOWED)
Example #28
| Source File: tests.py From product-definition-center with MIT License | 5 votes |
|
def test_delete(self):
url = reverse('group-detail', args=[1])
response = self.client.delete(url, format='json')
self.assertEqual(response.status_code, status.HTTP_405_METHOD_NOT_ALLOWED)
Example #29
| Source File: tests.py From product-definition-center with MIT License | 5 votes |
|
def test_create(self):
url = reverse('group-list')
data = {'name': 'new_group'}
response = self.client.post(url, data, format='json')
self.assertEqual(response.status_code, status.HTTP_405_METHOD_NOT_ALLOWED)
Example #30
| Source File: tests.py From product-definition-center with MIT License | 5 votes |
|
def test_deleting_osbs_fails(self):
response = self.client.delete(reverse('osbs-detail', args=['release-1.0/python27']))
self.assertEqual(response.status_code, status.HTTP_405_METHOD_NOT_ALLOWED)
self.assertEqual(2, models.OSBSRecord.objects.count())
