Tests now cover editing permissions

tests/test_events.py

@@ -1,5 +1,3 @@
-from unittest import skip
-
 import flask
 import isodate
 
@@ -134,7 +132,6 @@ def test_post_auth(self):
             self.assertEqual(response.status_code, 201)
 
     def test_put(self):
-        # TODO: test unauthorized user
         response = self.app.get('/events/?start=2017-01-01&end=2017-07-01')
         self.assertEqual(response.status_code, 200)
         event_id = flask.json.loads(response.data)[0]['id']
@@ -146,7 +143,7 @@ def test_put(self):
                 content_type='application/json'
             )
             self.assertEqual(response.status_code, 200)
-            # TODO: test that the event has a new value
+            self.assertEqual(flask.json.loads(response.data)['title'], 'new title')
 
         with self.subTest("fails on invalid id"):
             response = self.app.put(
@@ -181,12 +178,87 @@ def test_put(self):
                                        'invalid_field-2': 'value'}),
                 content_type='application/json'
             )
-            self.assertEqual(response.status_code, 400)
 
-    @skip("Unimplemented test")
+    def test_put_auth(self):
+        response = self.app.get('/events/?start=2017-01-01&end=2017-07-01')
+        self.assertEqual(response.status_code, 200)
+        event_id = flask.json.loads(response.data)[0]['id']
+
+        with self.subTest("fails when the client is not yet authorized"):
+            response = self.app.put(
+                f'/events/{event_id}',
+                data=flask.json.dumps({'title': 'new title'}),
+                content_type='application/json',
+                headers={
+                    'X-Forwarded-For': '192.168.1.1',
+                }
+            )
+            self.assertEqual(response.status_code, 401)
+
+        with self.subTest("succeeds when required fields are present"):
+            response = self.app.put(
+                f'/events/{event_id}',
+                data=flask.json.dumps({'title': 'new title'}),
+                content_type='application/json'
+            )
+            self.assertEqual(response.status_code, 200)
+            self.assertEqual(flask.json.loads(response.data)['title'], 'new title')
+
+        with self.subTest("succeeds due to auth cookie"):
+            response = self.app.put(
+                f'/events/{event_id}',
+                data=flask.json.dumps({'title': 'new title'}),
+                content_type='application/json',
+                headers={
+                    'X-Forwarded-For': '192.168.1.1',
+                }
+            )
+            self.assertEqual(response.status_code, 200)
+
     def test_delete(self):
-        # TODO: test success
-        # TODO: test invalid id
         # TODO: test invalid data
-        # TODO: test unauthorized user
-        pass
+        response = self.app.get('/events/?start=2017-01-01&end=2017-07-01')
+        self.assertEqual(response.status_code, 200)
+        event_id = flask.json.loads(response.data)[0]['id']
+
+        with self.subTest("succeeds on valid id"):
+            response = self.app.delete(
+                f'/events/{event_id}'
+            )
+            self.assertEqual(response.status_code, 200)
+
+        with self.subTest("fails on invalid id"):
+            response = self.app.delete(
+                f'/events/{event_id}x'
+            )
+            # FIXME: why is this not 404?
+            self.assertEqual(response.status_code, 400)
+
+    def test_delete_auth(self):
+        response = self.app.get('/events/?start=2017-01-01&end=2017-07-01')
+        self.assertEqual(response.status_code, 200)
+        event_id = flask.json.loads(response.data)[0]['id']
+
+        with self.subTest("fails when the client is not yet authorized"):
+            response = self.app.delete(
+                f'/events/{event_id}',
+                headers={
+                    'X-Forwarded-For': '192.168.1.1',
+                }
+            )
+            self.assertEqual(response.status_code, 401)
+
+        with self.subTest("succeeds when user is within local network"):
+            response = self.app.delete(
+                f'/events/{event_id}'
+            )
+            self.assertEqual(response.status_code, 200)
+
+        with self.subTest("succeeds due to auth cookie"):
+            response = self.app.delete(
+                f'/events/{event_id}',
+                headers={
+                    'X-Forwarded-For': '192.168.1.1',
+                }
+            )
+            self.assertEqual(response.status_code, 200)