From e677f3ee5c9435594ce58a3256a119c08bdc1e42 Mon Sep 17 00:00:00 2001
From: Krzysztof Jurewicz
Date: Tue, 13 Aug 2013 13:26:30 +0200
Subject: PATCH requests should not be able to create objects.

---
 rest_framework/tests/test_generics.py | 11 +++++++++++
 1 file changed, 11 insertions(+)

(limited to 'rest_framework/tests/test_generics.py')

diff --git a/rest_framework/tests/test_generics.py b/rest_framework/tests/test_generics.py
index 1550880b..7a87d389 100644
--- a/rest_framework/tests/test_generics.py
+++ b/rest_framework/tests/test_generics.py
@@ -338,6 +338,17 @@ class TestInstanceView(TestCase):
         new_obj = SlugBasedModel.objects.get(slug='test_slug')
         self.assertEqual(new_obj.text, 'foobar')
 
+    def test_patch_cannot_create_an_object(self):
+        """
+        PATCH requests should not be able to create objects.
+        """
+        data = {'text': 'foobar'}
+        request = factory.patch('/999', data, format='json')
+        with self.assertNumQueries(1):
+            response = self.view(request, pk=999).render()
+        self.assertEqual(response.status_code, status.HTTP_404_NOT_FOUND)
+        self.assertFalse(self.objects.filter(id=999).exists())
+
 
 class TestOverriddenGetObject(TestCase):
     """
-- 
cgit v1.2.3


From 6e7e4fc01c5ddaf668f17f1d1f201a14a26f72f3 Mon Sep 17 00:00:00 2001
From: Edmond Wong
Date: Tue, 3 Sep 2013 12:30:18 -0700
Subject: Added test for OPTIONS before object creation from a PUT

---
 rest_framework/tests/test_generics.py | 42 +++++++++++++++++++++++++++++++++++
 1 file changed, 42 insertions(+)

(limited to 'rest_framework/tests/test_generics.py')

diff --git a/rest_framework/tests/test_generics.py b/rest_framework/tests/test_generics.py
index 7a87d389..79cd99ac 100644
--- a/rest_framework/tests/test_generics.py
+++ b/rest_framework/tests/test_generics.py
@@ -272,6 +272,48 @@ class TestInstanceView(TestCase):
         self.assertEqual(response.status_code, status.HTTP_200_OK)
         self.assertEqual(response.data, expected)
 
+    def test_options_before_instance_create(self):
+        """
+        OPTIONS requests to RetrieveUpdateDestroyAPIView should return metadata
+        before the instance has been created
+        """
+        request = factory.options('/999')
+        with self.assertNumQueries(1):
+            response = self.view(request, pk=999).render()
+        expected = {
+            'parses': [
+                'application/json',
+                'application/x-www-form-urlencoded',
+                'multipart/form-data'
+            ],
+            'renders': [
+                'application/json',
+                'text/html'
+            ],
+            'name': 'Instance',
+            'description': 'Example description for OPTIONS.',
+            'actions': {
+                'PUT': {
+                    'text': {
+                        'max_length': 100,
+                        'read_only': False,
+                        'required': True,
+                        'type': 'string',
+                        'label': 'Text comes here',
+                        'help_text': 'Text description.'
+                    },
+                    'id': {
+                        'read_only': True,
+                        'required': False,
+                        'type': 'integer',
+                        'label': 'ID',
+                    },
+                }
+            }
+        }
+        self.assertEqual(response.status_code, status.HTTP_200_OK)
+        self.assertEqual(response.data, expected)
+
     def test_get_instance_view_incorrect_arg(self):
         """
         GET requests with an incorrect pk type, should raise 404, not 500.
-- 
cgit v1.2.3