From ee36e4ab0c0508a590c6b73a23ec82b7f1e49bd0 Mon Sep 17 00:00:00 2001
From: Tom Christie
Date: Thu, 27 Sep 2012 21:51:46 +0100
Subject: Only display forms when user has permissions.  #159

---
 rest_framework/tests/renderers.py | 31 ++++++++++++++++++++++++++++++-
 1 file changed, 30 insertions(+), 1 deletion(-)

(limited to 'rest_framework/tests')

diff --git a/rest_framework/tests/renderers.py b/rest_framework/tests/renderers.py
index b7c386a3..751f548f 100644
--- a/rest_framework/tests/renderers.py
+++ b/rest_framework/tests/renderers.py
@@ -2,8 +2,9 @@ import re
 
 from django.conf.urls.defaults import patterns, url, include
 from django.test import TestCase
+from django.test.client import RequestFactory
 
-from rest_framework import status
+from rest_framework import status, permissions
 from rest_framework.compat import yaml
 from rest_framework.response import Response
 from rest_framework.views import APIView
@@ -89,6 +90,34 @@ urlpatterns = patterns('',
 )
 
 
+class POSTDeniedPermission(permissions.BasePermission):
+    def has_permission(self, request, obj=None):
+        return request.method != 'POST'
+
+
+class POSTDeniedView(APIView):
+    renderer_classes = (DocumentingHTMLRenderer,)
+    permission_classes = (POSTDeniedPermission,)
+
+    def get(self, request):
+        return Response()
+
+    def post(self, request):
+        return Response()
+
+    def put(self, request):
+        return Response()
+
+
+class DocumentingRendererTests(TestCase):
+    def test_only_permitted_forms_are_displayed(self):
+        view = POSTDeniedView.as_view()
+        request = RequestFactory().get('/')
+        response = view(request).render()
+        self.assertNotContains(response, '>POST<')
+        self.assertContains(response, '>PUT<')
+
+
 class RendererEndToEndTests(TestCase):
     """
     End-to-end testing of renderers using an RendererMixin on a generic view.
-- 
cgit v1.2.3