diff options
Diffstat (limited to 'rest_framework/tests/generics.py')
| -rw-r--r-- | rest_framework/tests/generics.py | 39 |
1 files changed, 35 insertions, 4 deletions
diff --git a/rest_framework/tests/generics.py b/rest_framework/tests/generics.py index fee6e3a6..76662373 100644 --- a/rest_framework/tests/generics.py +++ b/rest_framework/tests/generics.py @@ -13,6 +13,7 @@ class RootView(generics.RootAPIView): Example description for OPTIONS. """ model = BasicModel + paginate_by = None class InstanceView(generics.InstanceAPIView): @@ -51,7 +52,8 @@ class TestRootView(TestCase): POST requests to RootAPIView should create a new object. """ content = {'text': 'foobar'} - request = factory.post('/', json.dumps(content), content_type='application/json') + request = factory.post('/', json.dumps(content), + content_type='application/json') response = self.view(request).render() self.assertEquals(response.status_code, status.HTTP_201_CREATED) self.assertEquals(response.data, {'id': 4, 'text': u'foobar'}) @@ -63,7 +65,8 @@ class TestRootView(TestCase): PUT requests to RootAPIView should not be allowed """ content = {'text': 'foobar'} - request = factory.put('/', json.dumps(content), content_type='application/json') + request = factory.put('/', json.dumps(content), + content_type='application/json') response = self.view(request).render() self.assertEquals(response.status_code, status.HTTP_405_METHOD_NOT_ALLOWED) self.assertEquals(response.data, {"detail": "Method 'PUT' not allowed."}) @@ -99,6 +102,19 @@ class TestRootView(TestCase): self.assertEquals(response.status_code, status.HTTP_200_OK) self.assertEquals(response.data, expected) + def test_post_cannot_set_id(self): + """ + POST requests to create a new object should not be able to set the id. + """ + content = {'id': 999, 'text': 'foobar'} + request = factory.post('/', json.dumps(content), + content_type='application/json') + response = self.view(request).render() + self.assertEquals(response.status_code, status.HTTP_201_CREATED) + self.assertEquals(response.data, {'id': 4, 'text': u'foobar'}) + created = self.objects.get(id=4) + self.assertEquals(created.text, 'foobar') + class TestInstanceView(TestCase): def setUp(self): @@ -129,7 +145,8 @@ class TestInstanceView(TestCase): POST requests to InstanceAPIView should not be allowed """ content = {'text': 'foobar'} - request = factory.post('/', json.dumps(content), content_type='application/json') + request = factory.post('/', json.dumps(content), + content_type='application/json') response = self.view(request).render() self.assertEquals(response.status_code, status.HTTP_405_METHOD_NOT_ALLOWED) self.assertEquals(response.data, {"detail": "Method 'POST' not allowed."}) @@ -139,7 +156,8 @@ class TestInstanceView(TestCase): PUT requests to InstanceAPIView should update an object. """ content = {'text': 'foobar'} - request = factory.put('/1', json.dumps(content), content_type='application/json') + request = factory.put('/1', json.dumps(content), + content_type='application/json') response = self.view(request, pk=1).render() self.assertEquals(response.status_code, status.HTTP_200_OK) self.assertEquals(response.data, {'id': 1, 'text': 'foobar'}) @@ -178,3 +196,16 @@ class TestInstanceView(TestCase): } self.assertEquals(response.status_code, status.HTTP_200_OK) self.assertEquals(response.data, expected) + + def test_put_cannot_set_id(self): + """ + POST requests to create a new object should not be able to set the id. + """ + content = {'id': 999, 'text': 'foobar'} + request = factory.put('/1', json.dumps(content), + content_type='application/json') + response = self.view(request, pk=1).render() + self.assertEquals(response.status_code, status.HTTP_200_OK) + self.assertEquals(response.data, {'id': 1, 'text': 'foobar'}) + updated = self.objects.get(id=1) + self.assertEquals(updated.text, 'foobar') |