如何解决使用令牌身份验证和 IsAdmin 权限的 Django Rest Framework API 测试返回 403、AssertionError
好人,我第一次为我的 django rest 框架 API 编写测试用例。我使用了令牌身份验证并且是管理员权限。我已经编写了一些 api 端点测试。测试运行良好,无需身份验证。我也在 POSTMAN 中做到了这一点,并在标头处提供令牌授权,它在那里运行良好。但是每当我使用令牌身份验证运行单元测试用例并且是管理员权限时,它都会返回 403,断言错误。在过去的两天里,我一直坚持这个。任何人都可以帮我找出我做错了什么吗?
我在下面提供我的代码: 我的模型:
class vendor(models.Model):
user = models.ForeignKey(MyUser,on_delete=models.CASCADE,related_name='myuser')
vendor_name = models.CharField(max_length=100)
vendor_type = models.CharField(max_length=100,choices=vendor_Type)
display_name = models.CharField(max_length=100)
vendor_mail = models.CharField(max_length=255)
vendor_phone = models.CharField(max_length=15)
vendor_address = models.CharField(max_length=255)
def __str__(self):
return self.display_name
我的序列化器:
class vendorSerializer(serializers.ModelSerializer):
address_details = vendorAddressDetailSerializer(read_only=True,source='detaisaddress')
sales_person = vendorContactSerializer(read_only=True,source='contactperson')
social_account = vendorSocialSerializer(read_only=True,source='vendorsocial')
class Meta:
model = vendor
fields = ['id','vendor_name','vendor_type','display_name','vendor_mail','vendor_phone','vendor_address','user','address_details','sales_person','social_account']
我的观点:
class vendorViewSet(viewsets.ModelViewSet):
queryset = vendor.objects.all()
serializer_class = vendorSerializer
authentication_classes = [TokenAuthentication]
permission_classes = [IsAdminUser]
网址格式:
router = DefaultRouter()
router.register('vendors',vendorViewSet,basename='vendors')
urlpatterns = [
path('',include(router.urls)),]
最后我的测试用例代码是:
class TestSetUp(APITestCase):
email = "zzm@abcd.com"
phone = "0122xxxxxxx"
name = "zzm"
address = "zzmkk"
password = "1234xxxx"
def setUp(self):
self.user = MyUser.objects.create_user(self.email,self.phone,self.name,self.address,self.password)
self.user.is_admin = True
self.user.save()
self.token = Token.objects.get(user=self.user)
self.vendor_url = reverse('vendors-list')
self.my_dummy_user = {
"email": "temp@gmail.com","phone": "01222xxx","name": "temp","address": "tempxx","password": "1234xxxxx",}
def _create_my_user(self):
my_user = MyUser.objects.create_user(
**self.my_dummy_user,)
my_user.is_admin = True
my_user.is_superuser = True
my_user.save()
return {
"my_user": my_user,}
def test_vendor_post_201(self):
data = self._create_my_user()
token = Token.objects.get(user__name= data.get('my_user').name)
vendor_data = {
"vendor_name": "lama","vendor_type": "person","display_name": "lama co","vendor_mail": "lama@gmail.com","vendor_phone": "0133xxxxx","vendor_address": "xxxxxxxxx","user": data.get('my_user').id
}
client = apiclient()
client.credentials(HTTP_AUTHORIZATION='Token ' + token.key)
# headers = {'Authorization': 'token ' + token.key}
res = client.post(self.vendor_url,vendor_data,format="json")
self.assertEqual(res.status_code,201)
return res.data
感谢善良的灵魂。这对我很有帮助。
解决方法
感谢您遇到并尝试回答我的问题。但是我发现我使用的是 InAdmin 权限,因此,具有管理员权限的用户可以发帖,在 django 中为用户授予管理员权限,必须这样做:is_stuff=True
而不是 is_admin=True
。所以我的默认用户函数应该是这样的:
def _create_my_user(self):
my_user = MyUser.objects.create_user(
**self.my_dummy_user,)
my_user.is_stuff = True
my_user.save()
return {
"my_user": my_user,}
版权声明:本文内容由互联网用户自发贡献,该文观点与技术仅代表作者本人。本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌侵权/违法违规的内容, 请发送邮件至 dio@foxmail.com 举报,一经查实,本站将立刻删除。