require authentication to get dispatch objects via API

2023-02-28 18:37:05 -06:00
parent ffcdc3f8d8
commit 0ea54a5ee2
3 changed files with 25 additions and 2 deletions
--- a/tests/test_dispatch_api.py
+++ b/tests/test_dispatch_api.py
@@ -1,6 +1,6 @@
 """Test the dispatch package's webservice."""
 from django.contrib.auth.models import User
-from rest_framework.status import HTTP_200_OK
+from rest_framework.status import HTTP_200_OK, HTTP_403_FORBIDDEN
 from rest_framework.test import APITestCase

 from dispatch.models import Dispatcher, DispatcherAction
@@ -27,3 +27,18 @@ class DispatchAPITest(APITestCase):
        resp = self.client.get('/dispatch/api/actions/')
        self.assertEqual(resp.status_code, HTTP_200_OK)
        self.assertEqual(len(resp.json()), DispatcherAction.objects.count())
+
+    def test_unauthed_dispatch_object_retrieval(self):
+        """Test that the list endpoints require authentication."""
+        client = self.client_class()
+        resp = client.get('/dispatch/api/dispatchers/')
+        self.assertEqual(resp.status_code, HTTP_403_FORBIDDEN)
+        resp = client.get('/dispatch/api/dispatchers/111/')
+        self.assertEqual(resp.status_code, HTTP_403_FORBIDDEN)
+        resp = client.get('/dispatch/api/dispatchers/fake/')
+        self.assertEqual(resp.status_code, HTTP_403_FORBIDDEN)
+
+        resp = client.get('/dispatch/api/actions/')
+        self.assertEqual(resp.status_code, HTTP_403_FORBIDDEN)
+        resp = client.get('/dispatch/api/actions/111/')
+        self.assertEqual(resp.status_code, HTTP_403_FORBIDDEN)