codecov[bot]
commented
4 years ago Codecov Report
Merging #134 into master will not change coverage. The diff coverage is
100.00%.
@@ Coverage Diff @@
## master #134 +/- ##
=======================================
Coverage 81.44% 81.44%
=======================================
Files 29 29
Lines 469 469
=======================================
Hits 382 382
Misses 87 87 | Impacted Files | Coverage Δ | |
|---|---|---|
| project/resources/views.py | 68.18% <100.00%> (ø) |
Continue to review full report at Codecov.
Legend - Click here to learn more
Δ = absolute <relative> (impact),ø = not affected,? = missing dataPowered by Codecov. Last update 56c7c90...b7ca81e. Read the comment docs.
lpatmo
Context
The GET /resources and a GET /resources/{id} required user authorization. But ideally, we want non-logged-in-users to be able to search and look at resources. They should only have to be logged in if they want to delete, create, or edit a resource.
@chris48s and @BethanyG did most of the heavy lifting with tests already; I only followed the same pattern.
Feedback welcome!
Note: I left POSTing a resource as a later todo, since it is blocked by https://github.com/codebuddies/backend/issues/125.
Before & After
Before: GET /resources and GET /resources/{id} hidden under a token
After: GET /resources and GET /resources/{id} available to users without a token
Implementation
[x] Make GET /resources not protected by authorization [x] Change setup for tests to make sure we're not authed for the GET requests, but are authed for PATCH, and search. [x] Add test to make sure GET /api/v1/resources/{{guid}}/ and GET /api/v1/resources/ requests and search work without a token [x] Add/alter tests for GET GET /api/v1/resources/{{guid}}/ and GET /api/v1/resources/ requests and search to ensure that they also work with a token [x] Add tests to make sure PATCH and POST fail without a token [x] Add test to make sure DEL fails without a token