我们从Python开源项目中,提取了以下50个代码示例,用于说明如何使用rest_framework.status.HTTP_405_METHOD_NOT_ALLOWED。
def process_request(self, request): """ Return a 405 "Not Allowed" if the request's client major version doesn't match this controller's REST API major version (currently "1"). """ try: client_version = request.META['HTTP_DEIS_VERSION'] server_version = __version__.rsplit('.', 2)[0] if client_version != server_version: message = { 'error': 'Client and server versions do not match. ' + 'Client version: {} '.format(client_version) + 'Server version: {}'.format(server_version) } return HttpResponse( json.dumps(message), content_type='application/json', status=status.HTTP_405_METHOD_NOT_ALLOWED ) except KeyError: pass
def test_forbidden_actions(self): """ <api root>/sites/ should not permit POST, PUT or DELETE operations """ url = urljoin(urlroot, 'sites/securethe.news/') response1 = self.client.post( url, json={'name': 'Insecure the News?', 'domain': 'insecurethe.news'}) self.assertEqual(response1.status_code, status.HTTP_405_METHOD_NOT_ALLOWED) response2 = self.client.delete(url) self.assertEqual(response2.status_code, status.HTTP_405_METHOD_NOT_ALLOWED) url = urljoin(urlroot, 'sites/insecurethe.news/') response3 = self.client.put( url, json={'name': 'Insecure the News?', 'domain': 'insecurethe.news'}) self.assertEqual(response3.status_code, status.HTTP_405_METHOD_NOT_ALLOWED)
def test_permissions(self, *args, **kwargs): address = self.create_address() # User trying to delete address url = '/v1/addresses/{address}/'.format(address=address['address']) response = self.client.delete(url, format='json') self.assertEqual(response.status_code, HTTP_405_METHOD_NOT_ALLOWED) # Create hacker user User = get_user_model() hacker = User(username="hacker") hacker.save() # Authenticate hacker self.client.force_authenticate(hacker) # Hacker trying access info of normal user address url = '/v1/addresses/{address}/'.format(address=address['address']) response = self.client.get(url, format='json') self.assertEqual(response.status_code, HTTP_404_NOT_FOUND)
def test_create(self): admin = User.objects.get(username='admin') self.client.force_authenticate(user=admin) url = reverse('api:persons:physicaladdress-list') data = { 'street_address': '9 de Julio 2454', 'floor_number': '', 'apartment_number': '', 'locality': reverse( 'api:geo:locality-detail', args=[ models.Locality.objects.get(default_name='Santa Fe').pk ] ), 'postal_code': '3000' } response = self.client.post(url, data) self.assertEqual( response.status_code, status.HTTP_405_METHOD_NOT_ALLOWED )
def test_study_delete(self): """ Check that study deletion is not allowed via the API. """ url = reverse('rest:studies-detail', args=[self.study.pk]) # No user self.client.logout() self._check_status(self.client.delete(url), status.HTTP_403_FORBIDDEN) # Unprivileged user self.client.force_login(self.unprivileged_user) self._check_status(self.client.delete(url), status.HTTP_405_METHOD_NOT_ALLOWED) # Staff user self.client.force_login(self.staffuser) self._check_status(self.client.delete(url), status.HTTP_405_METHOD_NOT_ALLOWED) # Superuser self.client.force_login(self.superuser) self._check_status(self.client.delete(url), status.HTTP_405_METHOD_NOT_ALLOWED)
def test_post_special_endpoints(self): ''' Tests that it's not possible to POST to the special endpoints ''' for endpoint in self.special_endpoints: url = self.url_detail + endpoint + '/' response = self.client.post(url, self.data) if self.private_resource: self.assertEqual(response.status_code, status.HTTP_403_FORBIDDEN) else: self.assertEqual(response.status_code, status.HTTP_405_METHOD_NOT_ALLOWED) # Logged in owner user self.get_credentials() response = self.client.post(url, self.data) self.assertEqual(response.status_code, status.HTTP_405_METHOD_NOT_ALLOWED) # Different logged in user self.get_credentials(self.user_fail) response = self.client.post(url, self.data) self.assertEqual(response.status_code, status.HTTP_405_METHOD_NOT_ALLOWED)
def test_patch(self): ''' PATCHING to the overview is not allowed ''' if self.private_resource: # Anonymous user response = self.client.patch(self.url, data=self.data) self.assertEqual(response.status_code, status.HTTP_403_FORBIDDEN) else: # Anonymous user response = self.client.patch(self.url, data=self.data) self.assertEqual(response.status_code, status.HTTP_405_METHOD_NOT_ALLOWED) # Logged in user self.get_credentials() response = self.client.patch(self.url, data=self.data) self.assertEqual(response.status_code, status.HTTP_405_METHOD_NOT_ALLOWED) # Different logged in user self.get_credentials(self.user_fail) response = self.client.patch(self.url, data=self.data) self.assertEqual(response.status_code, status.HTTP_405_METHOD_NOT_ALLOWED)
def test_put(self): ''' Tests PUTTING (adding) a new object ''' if self.private_resource: # Anonymous user response = self.client.put(self.url, data=self.data) self.assertEqual(response.status_code, status.HTTP_403_FORBIDDEN) else: # Anonymous user response = self.client.put(self.url, data=self.data) self.assertEqual(response.status_code, status.HTTP_405_METHOD_NOT_ALLOWED) # Authorized user (owner) self.get_credentials() response = self.client.put(self.url, data=self.data) self.assertEqual(response.status_code, status.HTTP_405_METHOD_NOT_ALLOWED) # Different logged in user self.get_credentials(self.user_fail) response = self.client.put(self.url, data=self.data) self.assertEqual(response.status_code, status.HTTP_405_METHOD_NOT_ALLOWED)
def test_put_special_endpoints(self): ''' Tests that it's not possible to PUT to the special endpoints ''' for endpoint in self.special_endpoints: url = self.url_detail + endpoint + '/' response = self.client.put(url, self.data) if self.private_resource: self.assertEqual(response.status_code, status.HTTP_403_FORBIDDEN) else: self.assertEqual(response.status_code, status.HTTP_405_METHOD_NOT_ALLOWED) # Logged in owner user self.get_credentials() response = self.client.put(url, self.data) self.assertEqual(response.status_code, status.HTTP_405_METHOD_NOT_ALLOWED) # Different logged in user self.get_credentials(self.user_fail) response = self.client.put(url, self.data) self.assertEqual(response.status_code, status.HTTP_405_METHOD_NOT_ALLOWED)
def test_question_vote_get_auth(self): """ Assert GET /api/question/:id/vote returns a 400 """ question = Question.objects.create(**fixtures['question']) endpoint = question.get_api_detail_url() + "vote/" response = self.client.get(endpoint) self.assertEqual(response.status_code, status.HTTP_403_FORBIDDEN) self.login() response = self.client.get(endpoint) self.assertEqual(response.status_code, status.HTTP_405_METHOD_NOT_ALLOWED)
def test_skip_financial_aid_only_put_allowed(self): """ Tests that methods other than PUT/PATCH are not allowed for skipping financial aid """ self.make_http_request(self.client.get, self.skip_url, status.HTTP_405_METHOD_NOT_ALLOWED) self.make_http_request(self.client.post, self.skip_url, status.HTTP_405_METHOD_NOT_ALLOWED) self.make_http_request(self.client.head, self.skip_url, status.HTTP_405_METHOD_NOT_ALLOWED) self.make_http_request(self.client.delete, self.skip_url, status.HTTP_405_METHOD_NOT_ALLOWED)
def testExpectUnauthorizedOnGet(self): url = reverse('donation') response = self.client.get(url, format='json') self.assertEqual(response.status_code, status.HTTP_405_METHOD_NOT_ALLOWED)
def testExpectUnauthorizedOnPut(self): url = reverse('donation') response = self.client.put(url, format='json') self.assertEqual(response.status_code, status.HTTP_405_METHOD_NOT_ALLOWED)
def testExpectUnauthorizedOnDelete(self): url = reverse('donation') response = self.client.delete(url, format='json') self.assertEqual(response.status_code, status.HTTP_405_METHOD_NOT_ALLOWED)
def test_transcript_credentials_get_not_allowed(self): """ Tests that GET method is not allowed. """ response = self.client.get(self.url) self.assertEqual(response.status_code, status.HTTP_405_METHOD_NOT_ALLOWED)
def destroy(self, request, pk=None): if self._is_message_editable_state(pk): return super().destroy(request, pk) else: return Response({'error': 'Cannot delete a sending campaign'}, status=status.HTTP_405_METHOD_NOT_ALLOWED)
def update(self, request, pk=None, *args, **kwargs): if self._is_message_editable_state(pk): return super().update(request, pk, *args, **kwargs) else: return Response({'error': 'Cannot update a sending campaign'}, status=status.HTTP_405_METHOD_NOT_ALLOWED)
def partial_update(self, request, pk=None): if self._is_message_editable_state(pk): return super().partial_update(request, pk) else: return Response({'error': 'Cannot update a sending campaign'}, status=status.HTTP_405_METHOD_NOT_ALLOWED)
def partial_update(self, request, *args, **kwargs): return Response(status=status.HTTP_405_METHOD_NOT_ALLOWED, data={'detail': 'Method not allowed'})
def partial_update(self, request, *args, **kwargs): return Response(status=status.HTTP_405_METHOD_NOT_ALLOWED, data={'detail': 'Partial update not provided'})
def test_update(self, user1, node1): client = APIClient() client.force_authenticate(user=user1) response = client.patch( reverse('node-detail', kwargs={"pk": node1.id}), data={ "meta": "different whatever", "enc_version": 2, }) assert response.status_code == status.HTTP_405_METHOD_NOT_ALLOWED response = client.put( reverse('node-detail', kwargs={"pk": node1.id}), data={ "name": "whatever", "meta": "different whatever", "type": 1, "enc_version": 2, }) assert response.status_code == status.HTTP_200_OK response = client.put( reverse('node-detail', kwargs={"pk": 9999}), data={ "name": "whatever", "meta": "different whatever", "type": 1, "enc_version": 2, }) assert response.status_code == status.HTTP_404_NOT_FOUND
def test_cannot_post(self): url = '/v1/locations/' response = self.client.post(url, self.data) self.assertEqual(response.status_code, status.HTTP_405_METHOD_NOT_ALLOWED)
def test_cannot_put(self): location = LocationBuilder(self.organization).build() location.save() url = '/v1/locations/{0}/'.format(location.pk) response = self.client.put(url, self.data) self.assertEqual(response.status_code, status.HTTP_405_METHOD_NOT_ALLOWED)
def test_cannot_delete(self): location = LocationBuilder(self.organization).build() location.save() url = '/v1/locations/{0}/'.format(location.pk) response = self.client.delete(url) self.assertEqual(response.status_code, status.HTTP_405_METHOD_NOT_ALLOWED)
def test_cannot_post_to_organization(self): url = '/v1/organizations/{0}/locations/'.format(self.organization_id) response = self.client.post(url, self.data) self.assertEqual(response.status_code, status.HTTP_405_METHOD_NOT_ALLOWED)
def test_cannot_put_to_organization(self): location = LocationBuilder(self.organization).build() location.save() url = '/v1/organizations/{0}/locations/{1}/'.format(self.organization_id, location.pk) response = self.client.put(url, self.data) self.assertEqual(response.status_code, status.HTTP_405_METHOD_NOT_ALLOWED)
def test_cannot_post(self): url = '/v1/organizations/' response = self.client.post(url, self.data) self.assertEqual(response.status_code, status.HTTP_405_METHOD_NOT_ALLOWED)
def test_cannot_put(self): organization = OrganizationBuilder().build() organization.save() url = '/v1/organizations/{0}/'.format(organization.pk) response = self.client.put(url, self.data) self.assertEqual(response.status_code, status.HTTP_405_METHOD_NOT_ALLOWED)
def test_cannot_delete(self): organization = OrganizationBuilder().build() organization.save() url = '/v1/organizations/{0}/'.format(organization.pk) response = self.client.delete(url) self.assertEqual(response.status_code, status.HTTP_405_METHOD_NOT_ALLOWED)
def test_cannot_post(self): response = self.client.post(SEARCH_URL, {}) self.assertEqual(response.status_code, status.HTTP_405_METHOD_NOT_ALLOWED)
def test_feed_create_failure_post_not_allowed(self): self.client.login(username=self.username, password=self.password) # try to create a new feed with a POST request to the list of feeds post = json.dumps({"template": {"data": [{"name": "name", "value": "Feed2"}]}}) response = self.client.post(self.list_url, data=post, content_type=self.content_type) self.assertEqual(response.status_code, status.HTTP_405_METHOD_NOT_ALLOWED)
def test_feedfile_create_failure_post_not_allowed(self): self.client.login(username=self.username, password=self.password) # try to create a new feed file with a POST request to the list # POST request using multipart/form-data to be able to upload file with open(self.test_file) as f: post = {"fname": f} response = self.client.post(self.list_url, data=post) self.assertEqual(response.status_code, status.HTTP_405_METHOD_NOT_ALLOWED)
def test_admin_create(self): self._asAdmin() new_codontable = {"species": self._mouse.id, "codons": {"name": "AGT", "value": 1.34} } response = self._client.post("/codonusage/", new_codontable, format='json') self.assertEqual(response.status_code, status.HTTP_405_METHOD_NOT_ALLOWED) # DB is read-only for codons self.assertEqual(CodonUsageTable.objects.count(), 2)
def test_admin_edit(self): self._asAdmin() updated_codontable = {"species": self._mouse.id} response = self._client.patch("/codonusage/%d/" % self._human_codontable.id, updated_codontable, format='json') self.assertEqual(response.status_code, status.HTTP_405_METHOD_NOT_ALLOWED) # DB is read-only for codons self.assertIs(CodonUsageTable.objects.filter(species=self._human).exists(), True) self.assertIs(CodonUsageTable.objects.filter(species=self._mouse).exists(), False)
def test_admin_delete(self): self._asAdmin() response = self._client.delete("/codonusage/%d/" % self._cow_codontable.id) self.assertEqual(response.status_code, status.HTTP_405_METHOD_NOT_ALLOWED) # DB is read-only for codons self.assertIs(CodonUsageTable.objects.filter(species=self._cow).exists(), True)
def test_user_create(self): self._asJaneDoe() new_permission = {"name": "Test permission", "codename": "test_permission", "content_type": ContentType.objects.get(model="equipment").id} response = self._client.post("/permissions/", new_permission, format='json') self.assertEqual(response.status_code, status.HTTP_405_METHOD_NOT_ALLOWED) self.assertIs(Permission.objects.filter(name="Test permission").exists(), False)
def test_admin_create(self): self._asAdmin() new_permission = {"name": "Test permission", "codename": "test_permission", "content_type": ContentType.objects.get(model="equipment").id} response = self._client.post("/permissions/", new_permission, format='json') self.assertEqual(response.status_code, status.HTTP_405_METHOD_NOT_ALLOWED) self.assertIs(Permission.objects.filter(name="Test permission").exists(), False)
def test_admin_edit_any(self): self._asAdmin() updated_permission = {"codename": "silly_test"} response = self._client.patch("/permissions/%d/" % self._changeEquipPermission.id, updated_permission, format='json') self.assertEqual(response.status_code, status.HTTP_405_METHOD_NOT_ALLOWED)
def test_user_delete_any(self): self._asJoeBloggs() response = self._client.delete("/permissions/%d/" % self._changeEquipPermission.id) self.assertEqual(response.status_code, status.HTTP_405_METHOD_NOT_ALLOWED) self.assertIs(Permission.objects.filter(name="Can change equipment").exists(), True)
def test_admin_delete_any(self): # Others not permitted self._asAdmin() response = self._client.delete("/permissions/%d/" % self._changeEquipPermission.id) self.assertEqual(response.status_code, status.HTTP_405_METHOD_NOT_ALLOWED) self.assertIs(Permission.objects.filter(name="Can change equipment").exists(), True)
def test_admin_create_alert(self): self._asAdmin() new_alert = {"user": self._adminUser.id, "status": TriggerAlertStatus.ACTIVE, "last_updated_by": self._adminUser.id } response = self._client.post("/alerts/", new_alert, format='json') self.assertEqual(response.status_code, status.HTTP_405_METHOD_NOT_ALLOWED) self.assertEqual(TriggerAlertStatus.objects.count(), 0)
def test_admin_edit_alert(self): self._fire_alerts() self._asAdmin() joe_alert_id = self._joeBloggsTriggerSet.alerts.all()[0].statuses.all()[0].id updated_alert = {"status": TriggerAlertStatus.DISMISSED} response = self._client.patch("/alerts/%d/" % joe_alert_id, updated_alert, format='json') self.assertEqual(response.status_code, status.HTTP_405_METHOD_NOT_ALLOWED) self.assertEqual( TriggerAlertStatus.objects.filter(status=TriggerAlertStatus.DISMISSED).count(), 0)
def test_user_create_alert(self): self._asJaneDoe() new_alert = {"user": self._janeDoe.id, "status": TriggerAlertStatus.ACTIVE, "last_updated_by": self._adminUser.id } response = self._client.post("/alerts/", new_alert, format='json') self.assertEqual(response.status_code, status.HTTP_405_METHOD_NOT_ALLOWED) self.assertEqual(TriggerAlertStatus.objects.count(), 0)
def test_user_edit_alert(self): self._fire_alerts() self._asJaneDoe() joe_alert_id = self._joeBloggsTriggerSet.alerts.all()[0].statuses.all()[0].id updated_alert = {"status": TriggerAlertStatus.DISMISSED} response = self._client.patch("/alerts/%d/" % joe_alert_id, updated_alert, format='json') self.assertEqual(response.status_code, status.HTTP_405_METHOD_NOT_ALLOWED) self.assertEqual( TriggerAlertStatus.objects.filter(status=TriggerAlertStatus.DISMISSED).count(), 0)
def test_user_delete_alert(self): self._fire_alerts() self._asJoeBloggs() joe_alert_id = self._joeBloggsTriggerSet.alerts.all()[0].statuses.all()[0].id response = self._client.delete("/alerts/%d/" % joe_alert_id) self.assertEqual(response.status_code, status.HTTP_405_METHOD_NOT_ALLOWED) self.assertIs(TriggerAlertStatus.objects.filter(id=joe_alert_id).exists(), True)
def test_malformed(self): trash_address_address = "19087698021" # User trying to delete not created address url = '/v1/addresses/{address}/'.format(address=trash_address_address) response = self.client.delete(url, format='json') self.assertEqual(response.status_code, HTTP_405_METHOD_NOT_ALLOWED) # User trying to get not created account url = '/v1/addresses/{address}/'.format(address=trash_address_address) response = self.client.get(url, format='json') self.assertEqual(response.status_code, HTTP_404_NOT_FOUND)
def test_info_endpoint_post(self): # HTTP Post is not allowed response = self.api_client.post(path='/info/',) self.assertEqual(response.status_code, status.HTTP_405_METHOD_NOT_ALLOWED)
def test_info_endpoint_put(self): # HTTP Put is not allowed response = self.api_client.put(path='/info/',) self.assertEqual(response.status_code, status.HTTP_405_METHOD_NOT_ALLOWED)
def test_info_endpoint_delete(self): # HTTP Put is not allowed response = self.api_client.delete(path='/info/',) self.assertEqual(response.status_code, status.HTTP_405_METHOD_NOT_ALLOWED)
