✨(aliases) delete aliases
add feature to delete aliases
This commit is contained in:
Marie PUPO JEAMMET
committed by
Marie
Marie
parent
b79e12b4be
commit
53d0336755
@@ -395,9 +395,10 @@ class MailDomainInvitationViewset(
|
|||||||
|
|
||||||
|
|
||||||
class AliasViewSet(
|
class AliasViewSet(
|
||||||
|
viewsets.GenericViewSet,
|
||||||
mixins.CreateModelMixin,
|
mixins.CreateModelMixin,
|
||||||
mixins.ListModelMixin,
|
mixins.ListModelMixin,
|
||||||
viewsets.GenericViewSet,
|
mixins.DestroyModelMixin,
|
||||||
):
|
):
|
||||||
"""API ViewSet for aliases.
|
"""API ViewSet for aliases.
|
||||||
|
|
||||||
@@ -405,6 +406,9 @@ class AliasViewSet(
|
|||||||
- local_part: str
|
- local_part: str
|
||||||
- destination: str
|
- destination: str
|
||||||
Return a newly created alias
|
Return a newly created alias
|
||||||
|
|
||||||
|
DELETE /api/<version>/mail-domains/<domain_slug>/accesses/<alias-local-part>/
|
||||||
|
Delete targeted alias
|
||||||
"""
|
"""
|
||||||
|
|
||||||
lookup_field = "id"
|
lookup_field = "id"
|
||||||
|
|||||||
@@ -0,0 +1,65 @@
|
|||||||
|
"""
|
||||||
|
Tests for aliases API endpoint in People's app mailbox_manager.
|
||||||
|
Focus on "list" action.
|
||||||
|
"""
|
||||||
|
|
||||||
|
import pytest
|
||||||
|
from rest_framework import status
|
||||||
|
from rest_framework.test import APIClient
|
||||||
|
|
||||||
|
from core import factories as core_factories
|
||||||
|
|
||||||
|
from mailbox_manager import enums, factories, models
|
||||||
|
|
||||||
|
pytestmark = pytest.mark.django_db
|
||||||
|
|
||||||
|
|
||||||
|
def test_api_aliases_delete__anonymous():
|
||||||
|
"""Anonymous user should not be able to delete aliases."""
|
||||||
|
alias = factories.AliasFactory()
|
||||||
|
|
||||||
|
response = APIClient().delete(
|
||||||
|
f"/api/v1.0/mail-domains/{alias.domain.slug}/aliases/{alias.local_part}/",
|
||||||
|
)
|
||||||
|
assert response.status_code == status.HTTP_401_UNAUTHORIZED
|
||||||
|
assert models.Alias.objects.count() == 1
|
||||||
|
|
||||||
|
|
||||||
|
def test_api_aliases_delete__no_access_forbidden():
|
||||||
|
"""
|
||||||
|
Authenticated users should not be allowed to delete an alias in a
|
||||||
|
mail domain to which they are not related.
|
||||||
|
"""
|
||||||
|
authenticated_user = core_factories.UserFactory()
|
||||||
|
alias = factories.AliasFactory()
|
||||||
|
|
||||||
|
client = APIClient()
|
||||||
|
client.force_login(authenticated_user)
|
||||||
|
response = client.delete(
|
||||||
|
f"/api/v1.0/mail-domains/{alias.domain.slug}/aliases/{alias.local_part}/",
|
||||||
|
)
|
||||||
|
|
||||||
|
assert response.status_code == status.HTTP_403_FORBIDDEN
|
||||||
|
assert models.Alias.objects.count() == 1
|
||||||
|
|
||||||
|
|
||||||
|
def test_api_aliases_delete__viewer_forbidden():
|
||||||
|
"""
|
||||||
|
Authenticated users should not be allowed to delete a mail domain access for a
|
||||||
|
mail domain in which they are a simple viewer.
|
||||||
|
"""
|
||||||
|
authenticated_user = core_factories.UserFactory()
|
||||||
|
mail_domain = factories.MailDomainFactory(
|
||||||
|
users=[(authenticated_user, enums.MailDomainRoleChoices.VIEWER)]
|
||||||
|
)
|
||||||
|
access = factories.MailDomainAccessFactory(domain=mail_domain)
|
||||||
|
|
||||||
|
client = APIClient()
|
||||||
|
client.force_login(authenticated_user)
|
||||||
|
response = client.delete(
|
||||||
|
f"/api/v1.0/mail-domains/{mail_domain.slug}/accesses/{access.id!s}/",
|
||||||
|
)
|
||||||
|
|
||||||
|
assert response.status_code == status.HTTP_403_FORBIDDEN
|
||||||
|
assert models.MailDomainAccess.objects.count() == 2
|
||||||
|
assert models.MailDomainAccess.objects.filter(user=access.user).exists()
|
||||||
Reference in New Issue
Block a user