Add simple test for credentials list, should not allow POST (for now).

lib/main/base_views.py

@@ -41,6 +41,12 @@ class BaseList(generics.ListCreateAPIView):
     #   model = ModelClass
     #   serializer_class = SerializerClass
 
+    def post(self, request, *args, **kwargs):
+        postable = getattr(self.__class__, 'postable', True)
+        if not postable:
+            return Response(status=status.HTTP_405_METHOD_NOT_ALLOWED)
+        return super(BaseList, self).post(request, *args, **kwargs)
+
     def get_queryset(self):
 
         base = self._get_queryset()

lib/main/tests/projects.py

@@ -20,6 +20,7 @@ import json
 from django.contrib.auth.models import User as DjangoUser
 import django.test
 from django.test.client import Client
+from django.core.urlresolvers import reverse
 from lib.main.models import *
 from lib.main.tests.base import BaseTest
 
@@ -407,6 +408,23 @@ class ProjectsTest(BaseTest):
         self.get(team_creds, expect=403, auth=self.get_other_credentials())
         self.get(team_creds, expect=403, auth=self.get_nobody_credentials())
 
+        # Check /api/v1/credentials (GET)
+        url = reverse('main:credentials_list')
+        with self.current_user(self.super_django_user):
+            self.options(url)
+            self.head(url)
+            response = self.get(url)
+        qs = Credential.objects.all()
+        self.check_pagination_and_size(response, qs.count())
+        self.check_list_ids(response, qs)
+
+        # POST should fail for all users.
+        with self.current_user(self.super_django_user):
+            data = dict(name='xyz', user=self.super_django_user.pk)
+            self.post(url, data, expect=405)
+    
+        # FIXME: Check list as other users.
+
         # can edit a credential
         cred_user = Credential.objects.get(pk=cred_user)
         cred_team = Credential.objects.get(pk=cred_team)