Add check for missing Profile. closes #127

AllenAnthes · AllenAnthes · commit abb8fb590ef5 · 2019-08-24T14:00:02.000-05:00
diff --git a/src/core/views.py b/src/core/views.py
@@ -10,6 +10,7 @@
 from drf_yasg.utils import swagger_auto_schema
 from rest_auth.registration.views import RegisterView as BaseRegisterView
 from rest_auth.registration.views import SocialConnectView, SocialLoginView
+from rest_framework.exceptions import NotFound, ValidationError, bad_request
 from rest_framework.generics import RetrieveUpdateAPIView
 from rest_framework.permissions import AllowAny, IsAuthenticated
 
@@ -69,13 +70,17 @@ class AdminUpdateProfile(RetrieveUpdateAPIView):
     }
 
     def get_object(self):
-        email = self.request.query_params["email"]
+        email = self.request.query_params.get("email")
         if email:
-            profile = Profile.objects.get(user__email=email)
+            try:
+                profile = Profile.objects.get(user__email=email)
+            except Profile.DoesNotExist:
+                raise NotFound
+
             self.check_permissions(self.request)
             return profile
 
-        return None
+        raise ValidationError({"error": "Missing email query param"})
 
     @swagger_auto_schema(manual_parameters=[email_param])
     def get(self, request, *args, **kwargs):
diff --git a/src/tests/fixtures.py b/src/tests/fixtures.py
@@ -2,7 +2,7 @@
 
 import factory
 import pytest
-from django.contrib.auth.models import User
+from django.contrib.auth.models import Group, User
 from rest_framework.test import APIClient
 from rest_framework_jwt.settings import api_settings
 
@@ -24,6 +24,20 @@ def user(db) -> User:
     return user
 
 
+@pytest.fixture
+def profile_admin_group(db) -> Group:
+    group = Group(name="ProfileAdmin")
+    group.save()
+    return group
+
+
+@pytest.fixture
+def profile_admin(user: User, profile_admin_group: Group) -> User:
+    user.groups.add(profile_admin_group)
+    user.save()
+    return user
+
+
 @pytest.fixture
 def authed_client(client, user: User):
     payload = jwt_payload_handler(user)
@@ -32,6 +46,22 @@ def authed_client(client, user: User):
     return client
 
 
+@pytest.fixture
+def authed_admin_client(client, admin_user: User):
+    payload = jwt_payload_handler(admin_user)
+    jwt = jwt_encode_handler(payload)
+    client.credentials(HTTP_AUTHORIZATION=f"Bearer {jwt}")
+    return client
+
+
+@pytest.fixture
+def profile_admin_client(client, profile_admin: User):
+    payload = jwt_payload_handler(profile_admin)
+    jwt = jwt_encode_handler(payload)
+    client.credentials(HTTP_AUTHORIZATION=f"Bearer {jwt}")
+    return client
+
+
 @pytest.fixture
 def register_form() -> Dict[str, str]:
     user = f.UserFactory.build()
diff --git a/src/tests/integration/test_profile_admin_view.py b/src/tests/integration/test_profile_admin_view.py
@@ -0,0 +1,68 @@
+import humps
+import pytest
+from django import test
+from django.contrib.auth.models import User
+from django.urls import reverse
+
+
+def test_profile_updates_correctly(
+    profile_admin_client: test.Client, user: User, update_profile_params
+):
+    url = f"{reverse('admin_update_profile')}?email={user.email}"
+    res = profile_admin_client.patch(url, humps.camelize(update_profile_params))
+
+    assert res.status_code == 200
+
+    user.refresh_from_db()
+    profile = user.profile
+
+    for key, val in update_profile_params.items():
+        assert getattr(profile, key) == val
+
+
+@pytest.mark.parametrize(
+    argnames="method, status",
+    argvalues=[("get", 400), ("put", 400), ("post", 405), ("patch", 400)],
+)
+def test_requires_query_param(
+    profile_admin_client: test.Client, method: str, status: int
+):
+    request_method = getattr(profile_admin_client, method)
+    url = f"{reverse('admin_update_profile')}"
+    res = request_method(url)
+
+    assert res.status_code == status
+
+
+def test_missing_profile_returns_404(profile_admin_client: test.Client):
+    url = f"{reverse('admin_update_profile')}?email=abc"
+    res = profile_admin_client.get(url)
+
+    assert res.status_code == 404
+
+
+@pytest.mark.parametrize(
+    argnames="method, status", argvalues=[("get", 200), ("post", 405), ("patch", 200)]
+)
+def test_staff_user_has_access(
+    authed_admin_client: test.Client, user: User, method: str, status: int
+):
+    request_method = getattr(authed_admin_client, method)
+    url = f"{reverse('admin_update_profile')}?email={user.email}"
+    res = request_method(url)
+
+    assert res.status_code == status
+
+
+@pytest.mark.parametrize(
+    argnames="method, status",
+    argvalues=[("get", 403), ("put", 403), ("post", 405), ("patch", 403)],
+)
+def test_view_requires_profile_admin_group(
+    authed_client: test.Client, user: User, method: str, status: int
+):
+    request_method = getattr(authed_client, method)
+    url = f"{reverse('admin_update_profile')}?email={user.email}"
+    res = request_method(url)
+
+    assert res.status_code == status
