def test_unshare_resource_with_group_bad_request(self):
# here we are testing the unshare_resource_with_group view function
# test unshare resource with test_group by unauthorized_user
# test test_group has no view permission
self.assertNotIn(self.test_group, self.gen_res.raccess.view_groups)
# grant view access to test_group
self.owner.uaccess.share_resource_with_group(self.gen_res,
self.test_group,
PrivilegeCodes.VIEW)
# test test_group has now view permission
self.gen_res.raccess.refresh_from_db()
self.assertIn(self.test_group, self.gen_res.raccess.view_groups)
url_params = {
'shortkey': self.gen_res.short_id,
'group_id': self.test_group.id
}
url = reverse('unshare_resource_with_group', kwargs=url_params)
request = self.factory.post(url, data={})
# unauthorized user trying to remove access of test_group
request.user = self.unauthorized_user
# make it a ajax request
request.META['HTTP_X_REQUESTED_WITH'] = 'XMLHttpRequest'
with self.assertRaises(PermissionDenied):
unshare_resource_with_group(request,
shortkey=self.gen_res.short_id,
group_id=self.test_group.id)
self.gen_res.raccess.refresh_from_db()
self.assertIn(self.test_group, self.gen_res.raccess.view_groups)
def test_unshare_resource_with_group(self):
# create a group to share/unshare with a resource
new_group = self._create_group()
# first share the resource with the group
self.john.uaccess.share_resource_with_group(self.resource, new_group,
PrivilegeCodes.VIEW)
self.assertIn(self.resource, new_group.gaccess.view_resources)
# now unshare the resource with the group
url_params = {
'shortkey': self.resource.short_id,
'group_id': new_group.id
}
url = reverse('unshare_resource_with_group', kwargs=url_params)
request = self.factory.post(url)
request.user = self.john
response = unshare_resource_with_group(request,
shortkey=self.resource.short_id,
group_id=new_group.id)
self.assertEqual(response.status_code, status.HTTP_200_OK)
response_content = json.loads(response.content.decode())
self.assertEqual(response_content['status'], 'success')
self.assertNotIn(self.resource, new_group.gaccess.view_resources)
# test group member (non-owner) unsharing a resource with a group
# returns response status as 'error' and the group is not unshared
# let make mike a member of group
self.john.uaccess.share_group_with_user(new_group, self.mike,
PrivilegeCodes.VIEW)
self.assertIn(new_group, self.mike.uaccess.view_groups)
# let john share the resource with group
self.john.uaccess.share_resource_with_group(self.resource, new_group,
PrivilegeCodes.VIEW)
self.assertIn(self.resource, new_group.gaccess.view_resources)
# let mike unshare the resource with group
request.user = self.mike
response = unshare_resource_with_group(request,
shortkey=self.resource.short_id,
group_id=new_group.id)
self.assertEqual(response.status_code, status.HTTP_200_OK)
response_content = json.loads(response.content.decode())
self.assertEqual(response_content['status'], 'error')
self.assertIn(self.resource, new_group.gaccess.view_resources)
def test_unshare_resource_with_group(self):
# create a group to share/unshare with a resource
new_group = self._create_group()
# first share the resource with the group
self.john.uaccess.share_resource_with_group(self.resource, new_group, PrivilegeCodes.VIEW)
self.assertIn(self.resource, new_group.gaccess.view_resources)
# now unshare the resource with the group
url_params = {'shortkey': self.resource.short_id, 'group_id': new_group.id}
url = reverse('unshare_resource_with_group', kwargs=url_params)
request = self.factory.post(url)
request.user = self.john
response = unshare_resource_with_group(request, shortkey=self.resource.short_id,
group_id=new_group.id)
self.assertEqual(response.status_code, status.HTTP_200_OK)
response_content = json.loads(response.content)
self.assertEqual(response_content['status'], 'success')
self.assertNotIn(self.resource, new_group.gaccess.view_resources)
# test group member (non-owner) unsharing a resource with a group
# returns response status as 'error' and the group is not unshared
# let make mike a member of group
self.john.uaccess.share_group_with_user(new_group, self.mike, PrivilegeCodes.VIEW)
self.assertIn(new_group, self.mike.uaccess.view_groups)
# let john share the resource with group
self.john.uaccess.share_resource_with_group(self.resource, new_group, PrivilegeCodes.VIEW)
self.assertIn(self.resource, new_group.gaccess.view_resources)
# let mike unshare the resource with group
request.user = self.mike
response = unshare_resource_with_group(request, shortkey=self.resource.short_id,
group_id=new_group.id)
self.assertEqual(response.status_code, status.HTTP_200_OK)
response_content = json.loads(response.content)
self.assertEqual(response_content['status'], 'error')
self.assertIn(self.resource, new_group.gaccess.view_resources)
def _check_unshare_with_group(self):
url_params = {
'shortkey': self.gen_res.short_id,
'group_id': self.test_group.id
}
url = reverse('unshare_resource_with_group', kwargs=url_params)
request = self.factory.post(url, data={})
request.user = self.owner
# make it a ajax request
request.META['HTTP_X_REQUESTED_WITH'] = 'XMLHttpRequest'
response = unshare_resource_with_group(request,
shortkey=self.gen_res.short_id,
group_id=self.test_group.id)
self.assertEqual(response.status_code, status.HTTP_200_OK)
response_data = json.loads(response.content.decode())
self.assertEqual(response_data['status'], 'success')
self.gen_res.raccess.refresh_from_db()