Refs #314 -- Read-only REST API (#513)

* initial commit

* API auth

* Hierarchical URLs

* Add session auth

* Strong hierarchy

* Add filters

* Add i18n fields, questions

* More viewsets and serializers

* Ticket download

* Add OrderPosition serializer

* View-level permissions

* More tests

* More tests

* Add basic API docs

* Add REST API to docs frontpage

* Tests for order endpoints

* Add invoice tests

* Voucher and waitinglist tests

* Doc draft

* order docs

* Docs on all viewsets

* Disable DRF docs, style sphinx, style browsable API

* Fix tests

* deprecated imports

* Test foo

* Attendee names

* Fix migration problems

* Remove browsable API, plugin integration

* Doc fixes

src/tests/control/test_teams.py

@@ -76,6 +76,33 @@ def test_team_create_invite(event, admin_user, admin_team, client):
     assert len(djmail.outbox) == 1
 
 
+@pytest.mark.django_db
+def test_team_create_token(event, admin_user, admin_team, client):
+    client.login(email='dummy@dummy.dummy', password='dummy')
+    djmail.outbox = []
+
+    resp = client.post('/control/organizer/dummy/team/{}/'.format(admin_team.pk), {
+        'name': 'Test token'
+    }, follow=True)
+    assert 'Test token' in resp.rendered_content
+    assert admin_team.tokens.first().name == 'Test token'
+    assert admin_team.tokens.first().token in resp.rendered_content
+
+
+@pytest.mark.django_db
+def test_team_remove_token(event, admin_user, admin_team, client):
+    client.login(email='dummy@dummy.dummy', password='dummy')
+
+    tk = admin_team.tokens.create(name='Test token')
+    resp = client.post('/control/organizer/dummy/team/{}/'.format(admin_team.pk), {
+        'remove-token': str(tk.pk)
+    }, follow=True)
+    assert tk.token not in resp.rendered_content
+    assert 'Test token' in resp.rendered_content
+    tk.refresh_from_db()
+    assert not tk.active
+
+
 @pytest.mark.django_db
 def test_team_revoke_invite(event, admin_user, admin_team, client):
     client.login(email='dummy@dummy.dummy', password='dummy')