Tests for REST API - Githubissues

openteamsinc / django-scoped-rbac

A rich and flexible Django application for role-based access control within distinct access control scopes supporting Django Rest Framework.

0 stars 0 forks source link

Tests for REST API #1

Open dcharbon opened 4 years ago

dcharbon commented 4 years ago

These tests should exercise:

GET of the Roles collection
POST of a Role to a collection
PUT of a Role to update it
DELETE of a role

And the same for the Role Assignments, Contexts, etc.

utabe commented 4 years ago

Do we want this for the users models as well?

utabe commented 4 years ago

A project is an rbac context test model. A blog is associated with a project and is access controlled. The tests verify the test resources can be created and that their access is allowed or denied based on what roles the user has, e.g. an author can create and edit a blog.

dcharbon commented 4 years ago

A project is an rbac context test model. A blog is associated with a project and is access controlled. The tests verify the test resources can be created and that their access is allowed or denied based on what roles the user has been assigned for that project, e.g. a user with a role assignment for the author role can create and edit a blog entry belonging to that project, but can't do the same for other projects.