You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Currently the tests code for access control and for actual functionality testing are intermingled throughout the test suite. This makes the test code very noisy, and it is difficult to get an overview and see if we got correct control tests for all endpoints.
So this ticket separates this and moves all authentication and permission checks to their own test classes that only test for this and ignore actual functionality (like message bodies, responses, side effects etc).
The functionality tests will then use a superuser to test the actual endpoint functionality, without authentication/permissions code noise.
Ideally the authentication tests would be based on a base class that provides some helpers like custom assertions to make this compact and readable.
This particular case is for the Form API tests from issue #1000 and PR #1137 but applies to any API in the project.
Create a base test class with helpers for API authentication and permission checks
Implement authentication/permission tests for all API view(set) endpoints in the openforms.forms app (focused and minimal: ignore message bodies, side effects etc). Make sure to cover these user variations:
anonymous user
authenticated user
authenticated user with appropriate permissions
staff user
staff user with appropriate permissions
Remove all authentication/permission code from API functionality tests and replace authentication with a superuser.
The text was updated successfully, but these errors were encountered:
Currently the tests code for access control and for actual functionality testing are intermingled throughout the test suite. This makes the test code very noisy, and it is difficult to get an overview and see if we got correct control tests for all endpoints.
So this ticket separates this and moves all authentication and permission checks to their own test classes that only test for this and ignore actual functionality (like message bodies, responses, side effects etc).
The functionality tests will then use a superuser to test the actual endpoint functionality, without authentication/permissions code noise.
Ideally the authentication tests would be based on a base class that provides some helpers like custom assertions to make this compact and readable.
This particular case is for the Form API tests from issue #1000 and PR #1137 but applies to any API in the project.
openforms.formsapp (focused and minimal: ignore message bodies, side effects etc). Make sure to cover these user variations:The text was updated successfully, but these errors were encountered: