def test_user_can_only_see_Comments_created_by_own_user(self):
"""
Tests whether the user can only see Comments created by the own user, not by other users
:return:
"""
# add permission for creating Comments to user1
self.user1.user_permissions.add(
self.add_comment_without_project_permission)
# add permission for creating Comments to user2
self.user2.user_permissions.add(
self.add_comment_without_project_permission)
# there should be zero Comments
self.assertEquals(Comment.objects.all().count(),
0,
msg="There should be zero Comments to begin with")
# try creating a comment without a project for user1 (token1)
response = self.rest_create_comment(self.token1, None,
"Test Description",
HTTP_USER_AGENT, REMOTE_ADDR)
self.assertEqual(response.status_code, status.HTTP_201_CREATED)
# try creating a comment without a project for user2 (token2)
response = self.rest_create_comment(self.token2, None,
"Test Description",
HTTP_USER_AGENT, REMOTE_ADDR)
self.assertEqual(response.status_code, status.HTTP_201_CREATED)
# there should be two Comments
self.assertEqual(Comment.objects.all().count(),
2,
msg="There should be two Comments")
# try quering the rest endpoint for user1 - there should only be one comment
response = self.rest_get_comments(self.token1, HTTP_USER_AGENT,
REMOTE_ADDR)
self.assertEqual(response.status_code, status.HTTP_200_OK)
# check the response
decoded = json.loads(response.content.decode())
decoded = test_utils.get_paginated_results(decoded)
# should contain exactly no Comments
self.assertEqual(
len(decoded),
1,
msg="There should only be one comment visible for user1")
# try quering the rest endpoint for user2 - there should only be one comment
response = self.rest_get_comments(self.token2, HTTP_USER_AGENT,
REMOTE_ADDR)
self.assertEqual(response.status_code, status.HTTP_200_OK)
# check the response
decoded = json.loads(response.content.decode())
decoded = test_utils.get_paginated_results(decoded)
# should contain exactly no Comments
self.assertEqual(
len(decoded),
1,
msg="There should only be one comment visible for user2")
def test_user_can_see_assigned_tasks(self):
""" Tests whether a user can see tasks that he does not own, but are assigned to them """
# add permission for creating Tasks to user1
self.user1.user_permissions.add(
self.add_task_without_project_permission)
# add permission for creating Tasks to user2
self.user2.user_permissions.add(
self.add_task_without_project_permission)
# there should be zero Tasks
self.assertEquals(Task.objects.all().count(),
0,
msg="There should be zero Tasks to begin with")
# try creating a task without a project for user1 (token1)
response = self.rest_create_task(
self.token1, None, "Test Task", "Test Description",
Task.TASK_STATE_NEW, Task.TASK_PRIORITY_HIGH, datetime.now(),
datetime.now() + timedelta(days=30), self.user1.pk,
HTTP_USER_AGENT, REMOTE_ADDR)
self.assertEqual(response.status_code, status.HTTP_201_CREATED)
# try creating a task without a project for user1 (token1), but assigned to user2
response = self.rest_create_task(
self.token1, None, "Test Task", "Test Description",
Task.TASK_STATE_NEW, Task.TASK_PRIORITY_HIGH, datetime.now(),
datetime.now() + timedelta(days=30), self.user2.pk,
HTTP_USER_AGENT, REMOTE_ADDR)
self.assertEqual(response.status_code, status.HTTP_201_CREATED)
# there should be two Tasks
self.assertEqual(Task.objects.all().count(),
2,
msg="There should be two Tasks")
# try quering the rest endpoint for user1 - there should only be one task
response = self.rest_get_tasks(self.token1, HTTP_USER_AGENT,
REMOTE_ADDR)
self.assertEqual(response.status_code, status.HTTP_200_OK)
# check the response
decoded = json.loads(response.content.decode())
decoded = test_utils.get_paginated_results(decoded)
# should contain exactly no Tasks
self.assertEqual(
len(decoded),
2,
msg="There should only be two tasks visible for user1")
# try quering the rest endpoint for user2 - there should only be one task
response = self.rest_get_tasks(self.token2, HTTP_USER_AGENT,
REMOTE_ADDR)
self.assertEqual(response.status_code, status.HTTP_200_OK)
# check the response
decoded = json.loads(response.content.decode())
decoded = test_utils.get_paginated_results(decoded)
# should contain exactly no Tasks
self.assertEqual(len(decoded),
1,
msg="There should only be one task visible for user2")
def test_create_and_get_notes(self):
""" Test getting all users and finding specific users """
project = self.create_project(self.token1, "My Own Project", "Nobody else has access to this project",
Project.STARTED, HTTP_USER_AGENT, REMOTE_ADDR)
# get all Notes from rest api for this project
response = self.rest_get_notes_for_project(self.token1, project.pk, HTTP_USER_AGENT, REMOTE_ADDR)
self.assertEqual(response.status_code, status.HTTP_200_OK)
# check the response
decoded = json.loads(response.content.decode())
decoded = test_utils.get_paginated_results(decoded)
# should contain exactly no Notes
self.assertEqual(len(decoded), 0)
# create a note
note, response = self.create_note_orm(self.token1, project.pk, "Test Note", "Test Description",
HTTP_USER_AGENT, REMOTE_ADDR)
self.assertEqual(response.status_code, status.HTTP_201_CREATED)
self.assertEqual(note.subject, "Test Note")
# get all Notes from rest api for this project
response = self.rest_get_notes_for_project(self.token1, project.pk, HTTP_USER_AGENT, REMOTE_ADDR)
self.assertEqual(response.status_code, status.HTTP_200_OK)
# check the response
decoded = json.loads(response.content.decode())
decoded = test_utils.get_paginated_results(decoded)
# should contain exactly one Notes
self.assertEqual(len(decoded), 1)
# create another note
response = self.rest_create_note(self.token1, project.pk, "Another Test Note", "Another Test Description",
HTTP_USER_AGENT, REMOTE_ADDR)
self.assertEqual(response.status_code, status.HTTP_201_CREATED)
# get all Notes from rest api for this project
response = self.rest_get_notes_for_project(self.token1, project.pk, HTTP_USER_AGENT, REMOTE_ADDR)
self.assertEqual(response.status_code, status.HTTP_200_OK)
# check the response
decoded = json.loads(response.content.decode())
decoded = test_utils.get_paginated_results(decoded)
# should contain exactly two Notes
self.assertEqual(len(decoded), 2)
# update first note
response = self.rest_update_note(self.token1, note.pk, project.pk, "Test Note Title", "Test Note Description",
HTTP_USER_AGENT, REMOTE_ADDR)
decoded = json.loads(response.content.decode())
self.assertEqual(response.status_code, status.HTTP_200_OK)
# get note object from db
note = Note.objects.get(pk=decoded['pk'])
self.assertEqual(note.subject, "Test Note Title")
def test_can_not_assign_directory_if_directory_is_not_editable(self):
"""
Tests that the current user can not assign a file to a directory that is not editable
:return:
"""
# create drive
drive, response = self.create_drive_orm(self.token1, None, "Some title", HTTP_USER_AGENT, REMOTE_ADDR)
self.assertEquals(response.status_code, status.HTTP_201_CREATED)
# get root directory of the drive
root_dir = drive.sub_directories.all()[0].pk
# create a directory within the drive
response = self.rest_drive_create_directory(self.token1, str(drive.pk), "My dir", root_dir, HTTP_USER_AGENT,
REMOTE_ADDR)
self.assertEquals(response.status_code, status.HTTP_201_CREATED)
decoded_directory = json.loads(response.content.decode())
# get all files within this drive (should be none)
response = self.rest_drive_get_files(self.token1, str(drive.pk), HTTP_USER_AGENT, REMOTE_ADDR)
self.assertEquals(response.status_code, status.HTTP_200_OK)
decoded_files = json.loads(response.content.decode())
decoded_files = test_utils.get_paginated_results(decoded_files)
self.assertEquals(len(decoded_files), 0)
# give user2 view privileges for the drive
response = self.rest_create_privilege(self.token1, "drives", str(drive.pk), self.user2.pk, HTTP_USER_AGENT, REMOTE_ADDR)
self.assertEquals(response.status_code, status.HTTP_201_CREATED)
decoded_privilege = json.loads(response.content.decode())
# update privilege
decoded_privilege['view_privilege'] = ModelPrivilege.ALLOW
response = self.rest_update_privilege(self.token1, "drives", str(drive.pk), self.user2.pk, decoded_privilege, HTTP_USER_AGENT, REMOTE_ADDR)
self.assertEquals(response.status_code, status.HTTP_200_OK)
# create a file with user2
response = self.rest_create_file(self.token2, None, "User2 file", "description", "my_file.txt", 1024,
HTTP_USER_AGENT, REMOTE_ADDR)
self.assertEquals(response.status_code, status.HTTP_201_CREATED)
decoded_file = json.loads(response.content.decode())
# let user2 assign the file to the directory of drive of user1 (should not work)
response = self.rest_update_file_set_directory(self.token2, decoded_file['pk'], decoded_directory['pk'],
HTTP_USER_AGENT, REMOTE_ADDR)
self.assertEquals(response.status_code, status.HTTP_400_BAD_REQUEST)
# get all files within this drive (should be none)
response = self.rest_drive_get_files(self.token1, str(drive.pk), HTTP_USER_AGENT, REMOTE_ADDR)
self.assertEquals(response.status_code, status.HTTP_200_OK)
decoded_files = json.loads(response.content.decode())
decoded_files = test_utils.get_paginated_results(decoded_files)
self.assertEquals(len(decoded_files), 0)
def test_assign_file_to_directory(self):
"""
Tests that files can be assigned to directories
"""
# create drive
drive, response = self.create_drive_orm(self.token1, None, "Some title", HTTP_USER_AGENT, REMOTE_ADDR)
self.assertEquals(response.status_code, status.HTTP_201_CREATED)
# get root directory of the drive
root_dir = drive.sub_directories.all()[0].pk
# create a directory within the drive
response = self.rest_drive_create_directory(self.token1, str(drive.pk), "My dir", root_dir, HTTP_USER_AGENT,
REMOTE_ADDR)
self.assertEquals(response.status_code, status.HTTP_201_CREATED)
decoded_directory = json.loads(response.content.decode())
# create a file
response = self.rest_create_file(self.token1, None, "My file", "M description", "my_file.txt", 1024, HTTP_USER_AGENT, REMOTE_ADDR)
self.assertEquals(response.status_code, status.HTTP_201_CREATED)
decoded_file = json.loads(response.content.decode())
# assign file to directory
response = self.rest_update_file_set_directory(self.token1, decoded_file['pk'], decoded_directory['pk'], HTTP_USER_AGENT, REMOTE_ADDR)
self.assertEquals(response.status_code, status.HTTP_200_OK)
# get all files within this drive (should be one)
response = self.rest_drive_get_files(self.token1, str(drive.pk), HTTP_USER_AGENT, REMOTE_ADDR)
self.assertEquals(response.status_code, status.HTTP_200_OK)
decoded_files = json.loads(response.content.decode())
decoded_files = test_utils.get_paginated_results(decoded_files)
self.assertEquals(len(decoded_files), 1)
self.assertEquals(decoded_files[0]['pk'], decoded_file['pk'])
def test_can_not_create_directory_without_permission(self):
"""
Tests that creating a directory fails when the user does not have the proper privilege/permission
"""
# create drive
drive, response = self.create_drive_orm(self.token1, None, "Some title", HTTP_USER_AGENT, REMOTE_ADDR)
self.assertEquals(response.status_code, status.HTTP_201_CREATED)
# get root directory of the drive
root_dir = drive.sub_directories.all()[0].pk
# create a directory within the drive
response = self.rest_drive_create_directory(self.token1, str(drive.pk), "My dir", root_dir, HTTP_USER_AGENT,
REMOTE_ADDR)
self.assertEquals(response.status_code, status.HTTP_201_CREATED)
decoded_directory = json.loads(response.content.decode())
# get all files within this drive (should be none)
response = self.rest_drive_get_files(self.token1, str(drive.pk), HTTP_USER_AGENT, REMOTE_ADDR)
self.assertEquals(response.status_code, status.HTTP_200_OK)
decoded_files = json.loads(response.content.decode())
decoded_files = test_utils.get_paginated_results(decoded_files)
self.assertEquals(len(decoded_files), 0)
# give user2 view privileges for the drive
response = self.rest_create_privilege(self.token1, "drives", str(drive.pk), self.user2.pk, HTTP_USER_AGENT,
REMOTE_ADDR)
self.assertEquals(response.status_code, status.HTTP_201_CREATED)
decoded_privilege = json.loads(response.content.decode())
decoded_privilege['view_privilege'] = ModelPrivilege.ALLOW
response = self.rest_update_privilege(self.token1, "drives", str(drive.pk), self.user2.pk, decoded_privilege,
HTTP_USER_AGENT, REMOTE_ADDR)
self.assertEquals(response.status_code, status.HTTP_200_OK)
decoded_privilege = json.loads(response.content.decode())
# now user2 tries to create a directory within this drive (should not work)
response = self.rest_drive_create_directory(self.token2, str(drive.pk), "My Subdir", root_dir,
HTTP_USER_AGENT, REMOTE_ADDR)
self.assertEquals(response.status_code, status.HTTP_403_FORBIDDEN)
# give user2 the edit privilege for the drive
decoded_privilege['edit_privilege'] = ModelPrivilege.ALLOW
response = self.rest_update_privilege(self.token1, "drives", str(drive.pk), self.user2.pk, decoded_privilege,
HTTP_USER_AGENT, REMOTE_ADDR)
self.assertEquals(response.status_code, status.HTTP_200_OK)
decoded_privilege = json.loads(response.content.decode())
# now user2 should be able to create a directory within this drive
response = self.rest_drive_create_directory(self.token2, str(drive.pk), "My Subdir", root_dir,
HTTP_USER_AGENT, REMOTE_ADDR)
self.assertEquals(response.status_code, status.HTTP_201_CREATED)
def test_kanbanboard_privileges_for_project_members(self):
"""
Tests that Project Members get view, edit, trash and restore privileges
:return:
"""
# create a new kanbanboard with user1
response = self.rest_create_kanbanboard(self.token1,
HTTP_USER_AGENT=HTTP_USER_AGENT, REMOTE_ADDR=REMOTE_ADDR, **self.data[10])
self.assertEquals(response.status_code, status.HTTP_201_CREATED)
decoded_response = json.loads(response.content.decode())
kanbanboard = KanbanBoard.objects.filter(pk=decoded_response['pk']).first()
# user2 should see the kanbanboard
response = self.rest_get_kanbanboards(self.token2, HTTP_USER_AGENT, REMOTE_ADDR)
self.assertEquals(response.status_code, status.HTTP_200_OK)
decoded_list = json.loads(response.content.decode())
decoded_list = test_utils.get_paginated_results(decoded_list)
self.assertEquals(len(decoded_list), 1, msg="User 2 should see 1 kanbanboard")
# and there should be a view, edit, trash and restore privilege listed for user 2
response = self.rest_get_privileges(self.token1, "kanbanboards", kanbanboard.pk, HTTP_USER_AGENT, REMOTE_ADDR)
self.assertEquals(response.status_code, status.HTTP_200_OK)
decoded_privileges = json.loads(response.content.decode())
self.assertEquals(len(decoded_privileges), 2, msg="There should be two privileges for this kanbanboard")
# privilege 0 should be for user1
self.assertEquals(decoded_privileges[0]['user']['pk'], self.user1.pk)
# and privilege 1 should be for user2
self.assertEquals(decoded_privileges[1]['user']['pk'], self.user2.pk)
# verify that user1 is the owner
self.assertEquals(decoded_privileges[0]['full_access_privilege'], ModelPrivilege.ALLOW)
# verify that user2 has view, edit, trash and restore privilege
self.assertEquals(decoded_privileges[1]['full_access_privilege'], ModelPrivilege.NEUTRAL)
self.assertEquals(decoded_privileges[1]['view_privilege'], ModelPrivilege.ALLOW)
self.assertEquals(decoded_privileges[1]['edit_privilege'], ModelPrivilege.ALLOW)
self.assertEquals(decoded_privileges[1]['delete_privilege'], ModelPrivilege.NEUTRAL)
self.assertEquals(decoded_privileges[1]['trash_privilege'], ModelPrivilege.ALLOW)
self.assertEquals(decoded_privileges[1]['restore_privilege'], ModelPrivilege.ALLOW)
def test_task_privileges_for_assigned_users(self):
"""
Tests that assigned users of a task automatically get the view and edit privilege
:return:
"""
# create a new task with user1 (should work)
response = self.rest_create_task(self.token1,
HTTP_USER_AGENT=HTTP_USER_AGENT, REMOTE_ADDR=REMOTE_ADDR, **self.data[0])
self.assertEquals(response.status_code, status.HTTP_201_CREATED)
decoded_response = json.loads(response.content.decode())
task = Task.objects.filter(pk=decoded_response['pk']).first()
# query all tasks with user2 (should be zero tasks)
response = self.rest_get_tasks(self.token2, HTTP_USER_AGENT, REMOTE_ADDR)
self.assertEquals(response.status_code, status.HTTP_200_OK)
decoded_list = json.loads(response.content.decode())
decoded_list = test_utils.get_paginated_results(decoded_list)
self.assertEquals(len(decoded_list), 0, msg="User 2 should see 0 tasks")
# add user2 as an assigned user of the task
response = self.rest_update_task_assigned_users(self.token1, task.pk, [self.user2.pk],
HTTP_USER_AGENT, REMOTE_ADDR)
self.assertEquals(response.status_code, status.HTTP_200_OK)
# now user2 should see the task
response = self.rest_get_tasks(self.token2, HTTP_USER_AGENT, REMOTE_ADDR)
self.assertEquals(response.status_code, status.HTTP_200_OK)
decoded_list = json.loads(response.content.decode())
decoded_list = test_utils.get_paginated_results(decoded_list)
self.assertEquals(len(decoded_list), 1, msg="User 2 should see 1 task")
# and there should be a view and edit privilege listed for user 2
response = self.rest_get_privileges(self.token1, "tasks", task.pk, HTTP_USER_AGENT, REMOTE_ADDR)
self.assertEquals(response.status_code, status.HTTP_200_OK)
decoded_privileges = json.loads(response.content.decode())
self.assertEquals(len(decoded_privileges), 2, msg="There should be two privileges for this task")
# privilege 0 should be for user1
self.assertEquals(decoded_privileges[0]['user']['pk'], self.user1.pk)
# and privilege 1 should be for user2
self.assertEquals(decoded_privileges[1]['user']['pk'], self.user2.pk)
# verify that user1 is the owner
self.assertEquals(decoded_privileges[0]['full_access_privilege'], ModelPrivilege.ALLOW)
# verify that user2 only has view and edit privilege
self.assertEquals(decoded_privileges[1]['full_access_privilege'], ModelPrivilege.NEUTRAL)
self.assertEquals(decoded_privileges[1]['view_privilege'], ModelPrivilege.ALLOW)
self.assertEquals(decoded_privileges[1]['edit_privilege'], ModelPrivilege.ALLOW)
self.assertEquals(decoded_privileges[1]['delete_privilege'], ModelPrivilege.NEUTRAL)
self.assertEquals(decoded_privileges[1]['restore_privilege'], ModelPrivilege.NEUTRAL)
# now override the view_privilege for user2
decoded_privileges[1]['view_privilege'] = ModelPrivilege.DENY
decoded_privileges[1]['edit_privilege'] = ModelPrivilege.DENY
decoded_privileges[1]['trash_privilege'] = ModelPrivilege.DENY
decoded_privileges[1]['delete_privilege'] = ModelPrivilege.DENY
decoded_privileges[1]['restore_privilege'] = ModelPrivilege.DENY
response = self.rest_update_privilege(self.token1, "tasks", task.pk,
self.user2.pk, decoded_privileges[1], HTTP_USER_AGENT, REMOTE_ADDR)
self.assertEquals(response.status_code, status.HTTP_200_OK)
# now user2 should not be able to see the task
response = self.rest_get_task(self.token2, task.pk, HTTP_USER_AGENT, REMOTE_ADDR)
self.assertEquals(response.status_code, status.HTTP_404_NOT_FOUND)
# querying the privileges endpoint should show that the view privilege has been denied for user2
response = self.rest_get_privileges(self.token1, "tasks", task.pk, HTTP_USER_AGENT, REMOTE_ADDR)
self.assertEquals(response.status_code, status.HTTP_200_OK)
decoded_privileges = json.loads(response.content.decode())
self.assertEquals(len(decoded_privileges), 2, msg="There should be two privileges for this task")
# privilege 0 should be for user1
self.assertEquals(decoded_privileges[0]['user']['pk'], self.user1.pk)
# and privilege 1 should be for user2
self.assertEquals(decoded_privileges[1]['user']['pk'], self.user2.pk)
# verify that user1 is the owner
self.assertEquals(decoded_privileges[0]['full_access_privilege'], ModelPrivilege.ALLOW)
# verify that user2 only has no privileges
self.assertEquals(decoded_privileges[1]['full_access_privilege'], ModelPrivilege.NEUTRAL)
self.assertEquals(decoded_privileges[1]['view_privilege'], ModelPrivilege.DENY)
self.assertEquals(decoded_privileges[1]['edit_privilege'], ModelPrivilege.DENY)
self.assertEquals(decoded_privileges[1]['delete_privilege'], ModelPrivilege.DENY)
self.assertEquals(decoded_privileges[1]['restore_privilege'], ModelPrivilege.DENY)
def test_create_task_with_and_without_permission(self):
"""
Tests creating a task with and without the appropriate permission
:return:
"""
# there should be zero Tasks to begin with
self.assertEquals(Task.objects.all().count(), 0, msg="There should be zero Tasks to begin with")
# try creating a task without a project and without having the proper permission
response = self.rest_create_task(self.token3, None, "Test Task", "Test Description",
Task.TASK_STATE_NEW, Task.TASK_PRIORITY_HIGH, datetime.now(),
datetime.now() + timedelta(days=30),
self.user3.pk,
HTTP_USER_AGENT, REMOTE_ADDR)
self.assertIn(response.status_code, [status.HTTP_403_FORBIDDEN, status.HTTP_400_BAD_REQUEST])
# there should still be zero Tasks
self.assertEquals(Task.objects.all().count(), 0, msg="There should still be zero Tasks")
# however, creating a task for a project1 should work, as user1 has created project1 (and therefore should have
# the needed permissions)
response = self.rest_create_task(self.token3, self.project1.pk, "Test Task", "Test Description",
Task.TASK_STATE_NEW, Task.TASK_PRIORITY_HIGH, datetime.now(),
datetime.now() + timedelta(days=30),
self.user3.pk,
HTTP_USER_AGENT, REMOTE_ADDR)
self.assertEqual(response.status_code, status.HTTP_201_CREATED)
# now give the user the global add_task permission
self.user3.user_permissions.add(self.add_task_without_project_permission)
# try creating a task without a project now, and it should work
response = self.rest_create_task(self.token3, None,
"Test Task", "Test Description",
Task.TASK_STATE_NEW, Task.TASK_PRIORITY_HIGH, datetime.now(),
datetime.now() + timedelta(days=30),
self.user3.pk,
HTTP_USER_AGENT, REMOTE_ADDR)
self.assertEqual(response.status_code, status.HTTP_201_CREATED)
# there should now be two Tasks
self.assertEquals(Task.objects.all().count(), 2, msg="There should be two Tasks in the database")
# and those two should be viewable by the current user
response = self.rest_get_tasks(self.token3, HTTP_USER_AGENT, REMOTE_ADDR)
self.assertEqual(response.status_code, status.HTTP_200_OK)
# check the response
decoded = json.loads(response.content.decode())
decoded = test_utils.get_paginated_results(decoded)
# should contain exactly no Tasks
self.assertEqual(len(decoded), 2, msg="There should be two Tasks viewable by the user")
# revoke add_task_permission of user
self.user3.user_permissions.remove(self.add_task_permission)
# and give the user the add_task_without_project permission
self.user3.user_permissions.add(self.add_task_without_project_permission)
# try creating a task without a project now, and it should work
response = self.rest_create_task(self.token3, None,
"Test Task", "Test Description",
Task.TASK_STATE_NEW, Task.TASK_PRIORITY_HIGH, datetime.now(),
datetime.now() + timedelta(days=30),
self.user3.pk,
HTTP_USER_AGENT, REMOTE_ADDR)
self.assertEqual(response.status_code, status.HTTP_201_CREATED)
# there should now be three Tasks
self.assertEquals(Task.objects.all().count(), 3, msg="There should be three Tasks in the database")
# and those two should be viewable by the current user
response = self.rest_get_tasks(self.token3, HTTP_USER_AGENT, REMOTE_ADDR)
self.assertEqual(response.status_code, status.HTTP_200_OK)
# check the response
decoded = json.loads(response.content.decode())
decoded = test_utils.get_paginated_results(decoded)
# should contain exactly no Tasks
self.assertEqual(len(decoded), 3, msg="There should be three Tasks viewable by the user")
def test_create_and_get_tasks(self):
"""
Tests creating a new task within a project
"""
project = self.create_project(self.token1, "My Own Project", "Nobody else has access to this project",
Project.STARTED, HTTP_USER_AGENT, REMOTE_ADDR)
# get all Tasks from rest api for this project
response = self.rest_get_tasks_for_project(self.token1, project.pk, HTTP_USER_AGENT, REMOTE_ADDR)
self.assertEqual(response.status_code, status.HTTP_200_OK)
# check the response
decoded = json.loads(response.content.decode())
decoded = test_utils.get_paginated_results(decoded)
# should contain exactly no Tasks
self.assertEqual(len(decoded), 0)
# create a task
task, response = self.create_task_orm(self.token1, project.pk, "Test Task", "Test Description",
Task.TASK_STATE_NEW, Task.TASK_PRIORITY_HIGH,
datetime.now(), datetime.now() + timedelta(days=30),
self.user1.pk,
HTTP_USER_AGENT, REMOTE_ADDR)
self.assertEqual(response.status_code, status.HTTP_201_CREATED)
self.assertEqual(task.title, "Test Task")
# get all Tasks from rest api for this project
response = self.rest_get_tasks_for_project(self.token1, project.pk, HTTP_USER_AGENT, REMOTE_ADDR)
self.assertEqual(response.status_code, status.HTTP_200_OK)
# check the response
decoded = json.loads(response.content.decode())
decoded = test_utils.get_paginated_results(decoded)
# should contain exactly one Tasks
self.assertEqual(len(decoded), 1)
# create another task
response = self.rest_create_task(self.token1, project.pk, "Another Test Task", "Another Test Description",
Task.TASK_STATE_NEW, Task.TASK_PRIORITY_HIGH, datetime.now(),
datetime.now() + timedelta(days=30),
self.user1.pk,
HTTP_USER_AGENT, REMOTE_ADDR)
self.assertEqual(response.status_code, status.HTTP_201_CREATED)
# get all Tasks from rest api for this project
response = self.rest_get_tasks_for_project(self.token1, project.pk, HTTP_USER_AGENT, REMOTE_ADDR)
self.assertEqual(response.status_code, status.HTTP_200_OK)
# check the response
decoded = json.loads(response.content.decode())
decoded = test_utils.get_paginated_results(decoded)
# should contain exactly two Tasks
self.assertEqual(len(decoded), 2)
# update first task
response = self.rest_update_task(self.token1, task.pk, project.pk, "Test Task Title", "Test Task Description",
Task.TASK_STATE_DONE, Task.TASK_PRIORITY_VERY_HIGH, datetime.now(),
datetime.now() + timedelta(days=30), self.user1.pk, HTTP_USER_AGENT,
REMOTE_ADDR)
decoded = json.loads(response.content.decode())
self.assertEqual(response.status_code, status.HTTP_200_OK)
# get task object from db
task = Task.objects.get(pk=decoded['pk'])
self.assertEqual(task.title, "Test Task Title")
def test_get_tasks_with_filter(self):
"""
Tests creating and retrieving Tasks that are not associated to a project
:return:
"""
# add permission for creating Tasks to the current user
self.user1.user_permissions.add(self.add_task_without_project_permission)
# there should be zero Tasks
self.assertEquals(Task.objects.all().count(), 0, msg="There should be zero Tasks to begin with")
# get all existing Tasks (there should be zero Tasks)
response = self.rest_get_tasks(self.token1, HTTP_USER_AGENT, REMOTE_ADDR)
self.assertEqual(response.status_code, status.HTTP_200_OK)
# check the response
decoded = json.loads(response.content.decode())
decoded = test_utils.get_paginated_results(decoded)
# should contain exactly no Tasks
self.assertEqual(len(decoded), 0, msg="/Tasks/ endpoint should return zero Tasks")
# try to query the same endpoint with a project_pk (should still be zero Tasks)
response = self.rest_get_tasks_for_project(self.token1, self.project1.pk, HTTP_USER_AGENT, REMOTE_ADDR)
self.assertEqual(response.status_code, status.HTTP_200_OK)
# check the response
decoded = json.loads(response.content.decode())
decoded = test_utils.get_paginated_results(decoded)
# should contain exactly no Tasks
self.assertEqual(len(decoded), 0, msg="/Tasks/?project=1234-abcd endpoint should return zero Tasks")
# create a task without depending on a project
response = self.rest_create_task(self.token1, None, "Test Task", "Test Description",
Task.TASK_STATE_NEW, Task.TASK_PRIORITY_HIGH, datetime.now(),
datetime.now() + timedelta(days=30),
self.user1.pk,
HTTP_USER_AGENT, REMOTE_ADDR)
self.assertEqual(response.status_code, status.HTTP_201_CREATED)
# decode response
decoded = json.loads(response.content.decode())
# get task object from db
task = Task.objects.get(pk=decoded['pk'])
# verify that the task object was stored and returned properly
self.assertEquals(decoded['pk'], str(task.pk))
self.assertEquals(decoded['title'], "Test Task")
self.assertEqual(task.title, "Test Task")
########
# create a task for project1
########
response = self.rest_create_task(self.token1, self.project1.pk, "Test Task", "Test Description",
Task.TASK_STATE_NEW, Task.TASK_PRIORITY_HIGH, datetime.now(),
datetime.now() + timedelta(days=30),
self.user1.pk,
HTTP_USER_AGENT, REMOTE_ADDR)
self.assertEqual(response.status_code, status.HTTP_201_CREATED)
# decode response
decoded = json.loads(response.content.decode())
# get task object from db
task = Task.objects.get(pk=decoded['pk'])
# verify that the task object was stored and returned properly
self.assertEquals(decoded['pk'], str(task.pk))
self.assertEquals(decoded['title'], "Test Task")
self.assertEqual(task.title, "Test Task")
# and there should be two Tasks "viewable" by the current user
response = self.rest_get_tasks(self.token1, HTTP_USER_AGENT, REMOTE_ADDR)
self.assertEqual(response.status_code, status.HTTP_200_OK)
# check the response
decoded = json.loads(response.content.decode())
decoded = test_utils.get_paginated_results(decoded)
# should contain exactly no Tasks
self.assertEqual(len(decoded), 2, msg="There should be two Tasks viewable by the user")
# and also three Tasks returned from the endpoint
response = self.rest_get_tasks(self.token1, HTTP_USER_AGENT, REMOTE_ADDR)
self.assertEqual(response.status_code, status.HTTP_200_OK)
# check the response
decoded = json.loads(response.content.decode())
decoded = test_utils.get_paginated_results(decoded)
# should contain exactly no Tasks
self.assertEqual(len(decoded), 2, msg="/Tasks/ endpoint should return two Tasks")
def test_get_notes_with_filter(self):
"""
Tests creating and retrieving Notes that are not associated to a project
:return:
"""
# add permission for creating Notes to the current user
self.user1.user_permissions.add(self.add_note_without_project_permission)
# there should be zero Notes
self.assertEquals(Note.objects.all().count(), 0, msg="There should be zero Notes to begin with")
# get all existing Notes (there should be zero Notes)
response = self.rest_get_notes(self.token1, HTTP_USER_AGENT, REMOTE_ADDR)
self.assertEqual(response.status_code, status.HTTP_200_OK)
# check the response
decoded = json.loads(response.content.decode())
decoded = test_utils.get_paginated_results(decoded)
# should contain exactly no Notes
self.assertEqual(len(decoded), 0, msg="/Notes/ endpoint should return zero Notes")
# try to query the same endpoint with a project_pk (should still be zero Notes)
response = self.rest_get_notes_for_project(self.token1, self.project1.pk, HTTP_USER_AGENT, REMOTE_ADDR)
self.assertEqual(response.status_code, status.HTTP_200_OK)
# check the response
decoded = json.loads(response.content.decode())
decoded = test_utils.get_paginated_results(decoded)
# should contain exactly no Notes
self.assertEqual(len(decoded), 0, msg="/Notes/?project=1234-abcd endpoint should return zero Notes")
# create a note without depending on a project
response = self.rest_create_note(self.token1, None, "Test Note", "Test Description",
HTTP_USER_AGENT, REMOTE_ADDR)
self.assertEqual(response.status_code, status.HTTP_201_CREATED)
# decode response
decoded = json.loads(response.content.decode())
# get note object from db
note = Note.objects.get(pk=decoded['pk'])
# verify that the note object was stored and returned properly
self.assertEquals(decoded['pk'], str(note.pk))
self.assertEquals(decoded['subject'], "Test Note")
self.assertEqual(note.subject, "Test Note")
########
# create a note for project1
########
response = self.rest_create_note(self.token1, self.project1.pk, "Test Note", "Test Description",
HTTP_USER_AGENT, REMOTE_ADDR)
self.assertEqual(response.status_code, status.HTTP_201_CREATED)
# decode response
decoded = json.loads(response.content.decode())
# get note object from db
note = Note.objects.get(pk=decoded['pk'])
# verify that the note object was stored and returned properly
self.assertEquals(decoded['pk'], str(note.pk))
self.assertEquals(decoded['subject'], "Test Note")
self.assertEqual(note.subject, "Test Note")
# and there should be two Notes "viewable" by the current user
response = self.rest_get_notes(self.token1, HTTP_USER_AGENT, REMOTE_ADDR)
self.assertEqual(response.status_code, status.HTTP_200_OK)
# check the response
decoded = json.loads(response.content.decode())
decoded = test_utils.get_paginated_results(decoded)
# should contain exactly no Notes
self.assertEqual(len(decoded), 2, msg="There should be two Notes viewable by the user")
# and also three Notes returned from the endpoint
response = self.rest_get_notes(self.token1, HTTP_USER_AGENT, REMOTE_ADDR)
self.assertEqual(response.status_code, status.HTTP_200_OK)
# check the response
decoded = json.loads(response.content.decode())
decoded = test_utils.get_paginated_results(decoded)
# should contain exactly no Notes
self.assertEqual(len(decoded), 2, msg="/Notes/ endpoint should return two Notes")
def test_download_file_with_permission(self):
""" Tests the download file endpoint """
project = self.create_project(
self.token1, "My Own Project",
"Nobody else has access to this project", Project.STARTED,
HTTP_USER_AGENT, REMOTE_ADDR)
# get all files from rest api for this project
response = self.rest_get_files_for_project(self.token1, project.pk,
HTTP_USER_AGENT,
REMOTE_ADDR)
self.assertEqual(response.status_code, status.HTTP_200_OK)
# check the response
decoded = json.loads(response.content.decode())
decoded = test_utils.get_paginated_results(decoded)
# should contain exactly no files
self.assertEqual(len(decoded), 0)
# create a file with 1024 bytes
response = self.rest_create_file(self.token1, project.pk, 'Test Title',
'Test Description', 'somefile.txt',
1024, HTTP_USER_AGENT, REMOTE_ADDR)
self.assertEqual(response.status_code, status.HTTP_201_CREATED)
# decode response
decoded = json.loads(response.content.decode())
# get file object from db
file = File.objects.get(pk=decoded['pk'])
# Download file
response = self.rest_download_file(self.token1,
file.file_entries.last().pk,
HTTP_USER_AGENT, REMOTE_ADDR)
self.assertEqual(response.status_code, status.HTTP_200_OK)
self.assertEqual(response.get('Content-Type'), 'text/plain;')
self.assertTrue(
'attachment; filename=' in response.get('Content-Disposition'))
# get all files from rest api for this project
response = self.rest_get_files_for_project(self.token1, project.pk,
HTTP_USER_AGENT,
REMOTE_ADDR)
self.assertEqual(response.status_code, status.HTTP_200_OK)
# update first file and check file_entries
response = self.rest_update_file(self.token1, file.pk, project.pk,
'Test Title', 'Test Description',
'yetanother.txt', 2048,
HTTP_USER_AGENT, REMOTE_ADDR)
self.assertEqual(response.status_code, status.HTTP_200_OK)
# decode response
decoded = json.loads(response.content.decode())
# get file object from db
file = File.objects.get(pk=decoded['pk'])
self.assertEqual(file.title, 'Test Title')
self.assertEqual(file.file_size, 2048)
# check file entries (= history)
self.assertEqual(len(file.file_entries.all()), 2)
self.assertEqual(
file.file_entries.all()[0].file_size +
file.file_entries.all()[1].file_size, 1024 + 2048)
# Download file entry 0
response = self.rest_download_file(self.token1,
file.file_entries.all()[0].pk,
HTTP_USER_AGENT, REMOTE_ADDR)
self.assertEqual(response.status_code, status.HTTP_200_OK)
self.assertEqual(response.get('Content-Type'), 'text/plain;')
self.assertTrue(
'attachment; filename=' in response.get('Content-Disposition'))
# Download file entry 1
response = self.rest_download_file(self.token1,
file.file_entries.all()[1].pk,
HTTP_USER_AGENT, REMOTE_ADDR)
self.assertEqual(response.status_code, status.HTTP_200_OK)
self.assertEqual(response.get('Content-Type'), 'text/plain;')
self.assertTrue(
'attachment; filename=' in response.get('Content-Disposition'))
# try to to do the same with another user which does not have access to the project
response = self.rest_download_file(self.token2,
file.file_entries.all()[0].pk,
HTTP_USER_AGENT, REMOTE_ADDR)
self.assertEqual(response.status_code, status.HTTP_404_NOT_FOUND)
# add the user to the project without file download permission
response = self.rest_assign_user_to_project(self.token1, project,
self.user2,
self.student_role,
HTTP_USER_AGENT,
REMOTE_ADDR)
assignment = json.loads(response.content.decode())
response = self.rest_download_file(self.token2,
file.file_entries.all()[0].pk,
HTTP_USER_AGENT, REMOTE_ADDR)
self.assertEqual(response.status_code, status.HTTP_404_NOT_FOUND)
# make the user a project manager
self.rest_edit_user_project_assignment(self.token1, project,
assignment['pk'], self.user2,
self.pm_role, HTTP_USER_AGENT,
REMOTE_ADDR)
response = self.rest_download_file(self.token2,
file.file_entries.all()[0].pk,
HTTP_USER_AGENT, REMOTE_ADDR)
self.assertEqual(response.status_code, status.HTTP_200_OK)
def test_create_file_with_and_without_permission(self):
"""
Tests creating a file with and without the appropriate permission
:return:
"""
# there should be zero files to begin with
self.assertEquals(File.objects.all().count(),
0,
msg="There should be zero files to begin with")
# try creating a file without a project and without having the proper permission
response = self.rest_create_file(self.token3, None, 'Test Title',
'Test Description', 'somefile.txt',
1024, HTTP_USER_AGENT, REMOTE_ADDR)
self.assertIn(response.status_code,
[status.HTTP_403_FORBIDDEN, status.HTTP_400_BAD_REQUEST])
# there should still be zero files
self.assertEquals(File.objects.all().count(),
0,
msg="There should still be zero files")
# however, creating a file for a project1 should work, as user1 has created project1 (and therefore should have
# the needed permissions)
response = self.rest_create_file(self.token3, self.project1.pk,
'Test Title', 'Test Description',
'somefile.txt', 1024, HTTP_USER_AGENT,
REMOTE_ADDR)
self.assertEqual(response.status_code, status.HTTP_201_CREATED)
# now give the user the global add_file permission
self.user3.user_permissions.add(
self.add_file_without_project_permission)
# try creating a file without a project now, and it should work
response = self.rest_create_file(self.token3, None, 'Test Title',
'Test Description', 'somefile.txt',
1024, HTTP_USER_AGENT, REMOTE_ADDR)
self.assertEqual(response.status_code, status.HTTP_201_CREATED)
# there should now be two files
self.assertEquals(File.objects.all().count(),
2,
msg="There should be two files in the database")
# and those two should be viewable by the current user
response = self.rest_get_files(self.token3, HTTP_USER_AGENT,
REMOTE_ADDR)
self.assertEqual(response.status_code, status.HTTP_200_OK)
# check the response
decoded = json.loads(response.content.decode())
decoded = test_utils.get_paginated_results(decoded)
# should contain exactly no files
self.assertEqual(len(decoded),
2,
msg="There should be two files viewable by the user")
# revoke add_file_permission of user
self.user3.user_permissions.remove(self.add_file_permission)
# and give the user the add_file_without_project permission
self.user3.user_permissions.add(
self.add_file_without_project_permission)
# try creating a file without a project now, and it should work
response = self.rest_create_file(self.token3, None, 'Test Title',
'Test Description', 'somefile.txt',
1024, HTTP_USER_AGENT, REMOTE_ADDR)
self.assertEqual(response.status_code, status.HTTP_201_CREATED)
# there should now be three files
self.assertEquals(File.objects.all().count(),
3,
msg="There should be three files in the database")
# and those two should be viewable by the current user
response = self.rest_get_files(self.token3, HTTP_USER_AGENT,
REMOTE_ADDR)
self.assertEqual(response.status_code, status.HTTP_200_OK)
# check the response
decoded = json.loads(response.content.decode())
decoded = test_utils.get_paginated_results(decoded)
# should contain exactly no files
self.assertEqual(
len(decoded),
3,
msg="There should be three files viewable by the user")
def test_general_usage_setting(self):
# there should be zero Resources to begin with
self.assertEquals(Resource.objects.all().count(),
0,
msg="There should be zero Resources to begin with")
## GLOBAL
# create 2 global resources in different projects
response = self.rest_create_resource(
auth_token=self.token1,
project_pks=self.project1.pk,
name="Test Resource 1",
description="Test Description",
resource_type=Resource.ROOM,
general_usage_setting=Resource.GLOBAL,
**HTTP_INFO)
self.assertEqual(response.status_code, status.HTTP_201_CREATED)
response = self.rest_create_resource(
auth_token=self.token2,
project_pks=self.project2.pk,
name="Test Resource 2",
description="Test Description",
resource_type=Resource.ROOM,
general_usage_setting=Resource.GLOBAL,
**HTTP_INFO)
self.assertEqual(response.status_code, status.HTTP_201_CREATED)
# all users should be able to see 2 resources
self.assertEqual(
len(
test_utils.get_paginated_results(
json.loads(
self.rest_get_resources(
auth_token=self.token1,
**HTTP_INFO).content.decode()))), 2)
self.assertEqual(
len(
test_utils.get_paginated_results(
json.loads(
self.rest_get_resources(
auth_token=self.token2,
**HTTP_INFO).content.decode()))), 2)
self.assertEqual(
len(
test_utils.get_paginated_results(
json.loads(
self.rest_get_resources(
auth_token=self.token3,
**HTTP_INFO).content.decode()))), 2)
## SELECTED GROUPS
resource = Resource.objects.create(
name='Test Resource 3',
description='Test',
type=Resource.ROOM,
general_usage_setting=Resource.SELECTED_GROUPS)
resource.usage_setting_selected_user_groups.add(self.user_group)
# user1 and user2 should see 3 and user3 still has 2 resources
self.assertEqual(
len(
test_utils.get_paginated_results(
json.loads(
self.rest_get_resources(
auth_token=self.token1,
**HTTP_INFO).content.decode()))), 3)
self.assertEqual(
len(
test_utils.get_paginated_results(
json.loads(
self.rest_get_resources(
auth_token=self.token2,
**HTTP_INFO).content.decode()))), 3)
self.assertEqual(
len(
test_utils.get_paginated_results(
json.loads(
self.rest_get_resources(
auth_token=self.token3,
**HTTP_INFO).content.decode()))), 2)
