class DropDownMenuServiceTest(unittest.TestCase):
layer = VOLTO_DROPDOWNMENU_API_FUNCTIONAL_TESTING
def setUp(self):
self.app = self.layer["app"]
self.portal = self.layer["portal"]
self.request = self.layer["request"]
self.portal_url = self.portal.absolute_url()
self.controlpanel_url = "/@controlpanels/dropdown-menu-settings"
setRoles(self.portal, TEST_USER_ID, ["Manager"])
self.api_session = RelativeSession(self.portal_url)
self.api_session.headers.update({"Accept": "application/json"})
self.api_session.auth = (SITE_OWNER_NAME, SITE_OWNER_PASSWORD)
def tearDown(self):
self.api_session.close()
def test_controlpanel_listed(self):
response = self.api_session.get("/@controlpanels")
titles = [x.get("title") for x in response.json()]
self.assertIn("Dropdown Menu settings", titles)
def test_route_exists(self):
response = self.api_session.get(
"/@controlpanels/dropdown-menu-settings")
self.assertEqual(response.status_code, 200)
self.assertEqual(response.headers.get("Content-Type"),
"application/json")
class SocialSettingsControlpanelTest(unittest.TestCase):
layer = VOLTO_SOCIALSETTINGS_API_FUNCTIONAL_TESTING
def setUp(self):
self.app = self.layer["app"]
self.portal = self.layer["portal"]
self.portal_url = self.portal.absolute_url()
self.api_session = RelativeSession(self.portal_url)
self.api_session.headers.update({"Accept": "application/json"})
self.api_session.auth = (SITE_OWNER_NAME, SITE_OWNER_PASSWORD)
setRoles(self.portal, TEST_USER_ID, ["Manager"])
def test_controlpanel_exists(self):
response = self.api_session.get("/@controlpanels/social-settings")
self.assertEqual(response.status_code, 200)
self.assertEqual(response.headers.get("Content-Type"),
"application/json")
def test_controlpanel_listed(self):
response = self.api_session.get("/@controlpanels")
titles = [x.get("title") for x in response.json()]
self.assertIn("Social settings", titles)
class TestRolesGet(unittest.TestCase):
layer = PLONE_RESTAPI_DX_FUNCTIONAL_TESTING
def setUp(self):
self.portal = self.layer['portal']
self.portal_url = self.portal.absolute_url()
self.api_session = RelativeSession(self.portal_url)
self.api_session.headers.update({'Accept': 'application/json'})
self.api_session.auth = (SITE_OWNER_NAME, SITE_OWNER_PASSWORD)
def test_roles_endpoint_lists_roles(self):
response = self.api_session.get('/@roles')
self.assertItemsEqual([{
u'@id': self.portal_url + u'/@roles/Contributor',
u'@type': u'role',
u'id': u'Contributor',
u'title': u'Contributor'
}, {
u'@id': self.portal_url + u'/@roles/Editor',
u'@type': u'role',
u'id': u'Editor',
u'title': u'Editor'
}, {
u'@id': self.portal_url + u'/@roles/Member',
u'@type': u'role',
u'id': u'Member',
u'title': u'Member'
}, {
u'@id': self.portal_url + u'/@roles/Reader',
u'@type': u'role',
u'id': u'Reader',
u'title': u'Reader'
}, {
u'@id': self.portal_url + u'/@roles/Reviewer',
u'@type': u'role',
u'id': u'Reviewer',
u'title': u'Reviewer'
}, {
u'@id': self.portal_url + u'/@roles/Site Administrator',
u'@type': u'role',
u'id': u'Site Administrator',
u'title': u'Site Administrator'
}, {
u'@id': self.portal_url + u'/@roles/Manager',
u'@type': u'role',
u'id': u'Manager',
u'title': u'Manager'
}], response.json())
def test_roles_endpoint_translates_role_titles(self):
self.api_session.headers.update({'Accept-Language': 'de'})
response = self.api_session.get('/@roles')
self.assertItemsEqual([
u'Hinzuf\xfcgen', u'Bearbeiten', u'Benutzer', u'Ansehen',
u'Ver\xf6ffentlichen', u'Website-Administrator', u'Verwalten'
], [item['title'] for item in response.json()])
class TestContentTypesSchema(unittest.TestCase):
layer = REDTURTLE_VOLTO_API_FUNCTIONAL_TESTING
def setUp(self):
self.app = self.layer["app"]
self.portal = self.layer["portal"]
self.portal_url = self.portal.absolute_url()
setRoles(self.portal, TEST_USER_ID, ["Manager"])
self.api_session = RelativeSession(self.portal_url)
self.api_session.headers.update({"Accept": "application/json"})
self.api_session.auth = (SITE_OWNER_NAME, SITE_OWNER_PASSWORD)
def tearDown(self):
self.api_session.close()
def test_link_remoteUrl_return_proper_widget(self):
response = self.api_session.get("/@types/Link")
res = response.json()
self.assertEqual(res["properties"]["remoteUrl"]["widget"], "url")
def test_link_remoteUrl_return_proper_description(self):
response = self.api_session.get("/@types/Link")
res = response.json()
self.assertEqual(
res["properties"]["remoteUrl"]["description"],
"Insert an external link directly into the field,or select an internal link clicking on the icon.", # noqa
)
class SocialLinksServiceTest(unittest.TestCase):
layer = VOLTO_SOCIALSETTINGS_API_FUNCTIONAL_TESTING
def setUp(self):
self.app = self.layer["app"]
self.portal = self.layer["portal"]
self.portal_url = self.portal.absolute_url()
self.api_session = RelativeSession(self.portal_url)
self.api_session.headers.update({"Accept": "application/json"})
self.api_session.auth = (SITE_OWNER_NAME, SITE_OWNER_PASSWORD)
setRoles(self.portal, TEST_USER_ID, ["Manager"])
def test_route_exists(self):
response = self.api_session.get("/@social-links")
self.assertEqual(response.status_code, 200)
self.assertEqual(response.headers.get("Content-Type"),
"application/json")
def test_return_empty_list_if_not_set(self):
response = self.api_session.get("/@social-links")
results = response.json()
self.assertEqual(results, [])
def test_right_data(self):
test_data = [
{
"title": "foo",
"icon": "bar",
"url": "baz"
},
{
"title": "xxx",
"icon": "yyy",
"url": "zzz"
},
]
api.portal.set_registry_record("social_links",
json.dumps(test_data),
interface=ISocialSettings)
commit()
response = self.api_session.get("/@social-links")
results = response.json()
self.assertEqual(len(results), 2)
self.assertEqual(results[0], {
"title": "foo",
"icon": "bar",
"url": "baz"
})
self.assertEqual(results[1], {
"title": "xxx",
"icon": "yyy",
"url": "zzz"
})
class TestTranslationExpansionFunctional(unittest.TestCase):
layer = PLONE_RESTAPI_DX_PAM_FUNCTIONAL_TESTING
def setUp(self):
self.app = self.layer["app"]
self.portal = self.layer["portal"]
self.portal_url = self.portal.absolute_url()
setRoles(self.portal, TEST_USER_ID, ["Manager"])
self.api_session = RelativeSession(self.portal_url, test=self)
self.api_session.headers.update({"Accept": "application/json"})
self.api_session.auth = (SITE_OWNER_NAME, SITE_OWNER_PASSWORD)
alsoProvides(self.layer["request"], IPloneAppMultilingualInstalled)
login(self.portal, SITE_OWNER_NAME)
self.en_content = createContentInContainer(self.portal["en"],
"Document",
title="Test document")
self.en_folder = createContentInContainer(self.portal["en"],
"Folder",
title="Test folder")
self.es_content = createContentInContainer(self.portal["es"],
"Document",
title="Test document")
ITranslationManager(self.en_content).register_translation(
"es", self.es_content)
transaction.commit()
def tearDown(self):
self.api_session.close()
def test_translations_is_expandable(self):
response = self.api_session.get("/en/test-document")
self.assertEqual(response.status_code, 200)
self.assertIn("translations", list(response.json().get("@components")))
def test_translations_expanded(self):
response = self.api_session.get("/en/test-document",
params={"expand": "translations"})
self.assertEqual(response.status_code, 200)
translation_dict = {
"@id": self.es_content.absolute_url(),
"language": "es"
}
self.assertIn(translation_dict,
response.json()["@components"]["translations"]["items"])
def test_expansions_no_fullobjects_do_not_modify_id(self):
response = self.api_session.get("/en/test-folder",
params={"expand": "translations"})
self.assertEqual(response.status_code, 200)
self.assertEqual(response.json()["@id"], self.en_folder.absolute_url())
class TestComponents(unittest.TestCase):
layer = PLONE_RESTAPI_DX_FUNCTIONAL_TESTING
def setUp(self):
self.app = self.layer['app']
self.portal = self.layer['portal']
self.portal_url = self.portal.absolute_url()
setRoles(self.portal, TEST_USER_ID, ['Manager'])
self.api_session = RelativeSession(self.portal_url)
self.api_session.headers.update({'Accept': 'application/json'})
self.api_session.auth = (SITE_OWNER_NAME, SITE_OWNER_PASSWORD)
self.folder = createContentInContainer(self.portal,
u'Folder',
id=u'folder',
title=u'Some Folder')
createContentInContainer(self.folder,
u'Document',
id=u'doc1',
title=u'A document')
transaction.commit()
def test_breadcrumb(self):
response = self.api_session.get('/folder/doc1/@components/breadcrumbs')
self.assertEqual(response.status_code, 200)
self.assertEqual(response.json(), [{
u'@id':
u'http://*****:*****@components/breadcrumbs',
u'items': [{
u'url': u'http://*****:*****@components/navigation')
self.assertEqual(response.status_code, 200)
self.assertEqual(response.json(), [{
u'@id':
u'http://*****:*****@components/'
'navigation',
u'items': [{
u'title': u'Home',
u'url': u'http://localhost:55001/plone'
}, {
u'title': u'Some Folder',
u'url': u'http://localhost:55001/plone/folder'
}],
}])
class TestHistoryEndpointTranslatedMessages(unittest.TestCase):
layer = PLONE_RESTAPI_DX_FUNCTIONAL_TESTING
def setUp(self):
self.app = self.layer['app']
self.portal = self.layer['portal']
self.portal_url = self.portal.absolute_url()
setRoles(self.portal, TEST_USER_ID, ['Manager'])
self.api_session = RelativeSession(self.portal_url)
self.api_session.headers.update({'Accept': 'application/json'})
self.api_session.headers.update({'Accept-Language': 'es'})
self.api_session.auth = (SITE_OWNER_NAME, SITE_OWNER_PASSWORD)
self.portal.invokeFactory('Document',
id='doc_with_history',
title='My Document')
self.doc = self.portal.doc_with_history
self.doc.setTitle('Current version')
api.content.transition(self.doc, 'publish')
self.endpoint_url = '{}/@history'.format(self.doc.absolute_url())
transaction.commit()
def tearDown(self):
self.api_session.close()
def test_actions_are_translated(self):
url = self.doc.absolute_url() + '/@history'
response = self.api_session.get(url)
first_action = response.json()[-1]
self.assertEqual(
u'Crear',
first_action['action'],
)
def test_state_titles_are_translated(self):
url = self.doc.absolute_url() + '/@history'
response = self.api_session.get(url)
first_action = response.json()[-1]
self.assertEqual(
u'Privado',
first_action['state_title'],
)
def test_transition_titles_are_translated(self):
url = self.doc.absolute_url() + '/@history'
response = self.api_session.get(url)
first_action = response.json()[-1]
self.assertEqual(
u'Crear',
first_action['transition_title'],
)
class TestTranslationExpansionFunctional(unittest.TestCase):
layer = PLONE_RESTAPI_DX_PAM_FUNCTIONAL_TESTING
def setUp(self):
self.app = self.layer['app']
self.portal = self.layer['portal']
self.portal_url = self.portal.absolute_url()
setRoles(self.portal, TEST_USER_ID, ['Manager'])
self.api_session = RelativeSession(self.portal_url)
self.api_session.headers.update({'Accept': 'application/json'})
self.api_session.auth = (SITE_OWNER_NAME, SITE_OWNER_PASSWORD)
alsoProvides(self.layer['request'], IPloneAppMultilingualInstalled)
login(self.portal, SITE_OWNER_NAME)
self.en_content = createContentInContainer(
self.portal['en'], 'Document', title=u'Test document')
self.es_content = createContentInContainer(
self.portal['es'], 'Document', title=u'Test document')
ITranslationManager(self.en_content).register_translation(
'es', self.es_content)
transaction.commit()
def tearDown(self):
self.api_session.close()
def test_translations_is_expandable(self):
response = self.api_session.get('/en/test-document')
self.assertEqual(response.status_code, 200)
self.assertIn(
'translations',
list(response.json().get('@components'))
)
def test_translations_expanded(self):
response = self.api_session.get(
'/en/test-document',
params={
"expand": "translations"
}
)
self.assertEqual(response.status_code, 200)
translation_dict = {
'@id': self.es_content.absolute_url(),
'language': 'es'
}
self.assertIn(
translation_dict,
response.json()['@components']['translations']['items']
)
class RSSServiceTest(unittest.TestCase):
layer = REDTURTLE_RSSSERVICE_API_FUNCTIONAL_TESTING
def setUp(self):
self.app = self.layer["app"]
self.portal = self.layer["portal"]
self.portal_url = self.portal.absolute_url()
self.api_session = RelativeSession(self.portal_url)
self.api_session.headers.update({"Accept": "application/rss+xml"})
self.api_session.auth = (SITE_OWNER_NAME, SITE_OWNER_PASSWORD)
setRoles(self.portal, TEST_USER_ID, ["Manager"])
def tearDown(self):
self.api_session.close()
def test_feed_parameter_is_required(self):
response = self.api_session.get("/@get_rss_feed")
self.assertEqual(response.status_code, 400)
self.assertEqual(response.text, 'Missing required parameter: feed')
@mock.patch('requests.get', side_effect=mocked_requests_get)
def test_feed_not_found(self, mock_get):
response = self.api_session.get(
"/@get_rss_feed?feed=http://test.com/notfound/RSS")
self.assertEqual(response.status_code, 404)
self.assertEqual(response.text, 'Not Found')
@mock.patch('requests.get', side_effect=mocked_requests_get)
def test_feed_error(self, mock_get):
response = self.api_session.get(
"/@get_rss_feed?feed=http://test.com/toomany/RSS")
self.assertEqual(response.status_code, 429)
self.assertEqual(response.text, 'Too Many Requests')
@mock.patch('requests.get', side_effect=mocked_requests_get)
def test_feed_result(self, mock_get):
response = self.api_session.get(
"/@get_rss_feed?feed=http://test.com/RSS")
self.assertEqual(response.status_code, 200)
self.assertEqual(response.text, EXAMPLE_FEED)
@mock.patch('requests.get', side_effect=mocked_requests_get)
def test_feed_timeout(self, mock_get):
response = self.api_session.get(
"/@get_rss_feed?feed=http://test.com/timeout/RSS")
self.assertEqual(response.status_code, 408)
self.assertEqual(
response.text,
'Unable to fetch RSS feed at this moment: timeout. Retry later.',
)
class TestPermissions(unittest.TestCase):
layer = PLONE_RESTAPI_DX_FUNCTIONAL_TESTING
def setUp(self):
self.app = self.layer["app"]
self.portal = self.layer["portal"]
self.portal_url = self.portal.absolute_url()
self.api_session = RelativeSession(self.portal_url, test=self)
self.api_session.headers.update({"Accept": "application/json"})
self.api_session.auth = (TEST_USER_NAME, TEST_USER_PASSWORD)
def tearDown(self):
self.api_session.close()
def test_anonymous_allowed_to_use_api_by_default(self):
setRoles(self.portal, TEST_USER_ID, ["Anonymous"])
transaction.commit()
response = self.api_session.get(self.portal_url)
self.assertEqual(response.status_code, 200)
def test_authenticated_allowed_to_use_api_by_default(self):
setRoles(self.portal, TEST_USER_ID, ["Authenticated"])
transaction.commit()
response = self.api_session.get(self.portal_url)
self.assertEqual(response.status_code, 200)
def test_manager_allowed_to_use_api_by_default(self):
setRoles(self.portal, TEST_USER_ID, ["Manager"])
transaction.commit()
response = self.api_session.get(self.portal_url)
self.assertEqual(response.status_code, 200)
def test_unauthorized_if_missing_permission(self):
# Unmap the 'plone.restapi: Use REST API'
# permission from any roles
self.portal.manage_permission(UseRESTAPI, roles=[])
transaction.commit()
response = self.api_session.get(self.portal_url)
self.assertEqual(response.status_code, 401)
self.assertDictContainsSubset(
{
"type": "Unauthorized",
"message": "Missing 'plone.restapi: Use REST API' permission",
},
response.json(),
)
def test_gestore_comunicati_can_get_data(self):
api_session = RelativeSession(self.portal_url)
api_session.headers.update({"Accept": "application/json"})
api_session.auth = ("memberuser", "secret")
url = "{}/@subscriptions".format(self.portal_url)
self.assertEqual(api_session.get(url).status_code, 401)
setRoles(self.portal, "memberuser", ["Gestore Comunicati"])
transaction.commit()
self.assertEqual(api_session.get(url).status_code, 200)
api_session.close()
class TestAABatchingArchetypes(unittest.TestCase):
"""This is a dummy test to work around a nasty test-isolation issue.
It does the same requests as TestBatchingArchetypes (see below).
When run with the robot-tests in plone.app.widgets (without isolation)
they return rendered templates since 'mark_as_api_request' is not hit.
Doing the exact same calls here before actually running the tests
fixes the issue. Don't ask why, I do not know.
See https://github.com/plone/Products.CMFPlone/issues/2592 for details.
"""
layer = PLONE_RESTAPI_AT_FUNCTIONAL_TESTING
def setUp(self):
if not HAS_AT:
raise unittest.SkipTest('Skip tests if Archetypes is not present')
self.portal = self.layer['portal']
self.portal_url = self.portal.absolute_url()
setRoles(self.portal, TEST_USER_ID, ['Member', 'Contributor'])
self.api_session = RelativeSession(self.portal_url)
self.api_session.headers.update({'Accept': 'application/json'})
self.api_session.auth = (SITE_OWNER_NAME, SITE_OWNER_PASSWORD)
self.portal[self.portal.invokeFactory(
'Folder',
id='folder',
title='Some Folder',
)]
transaction.commit()
def test_contains_canonical_url(self):
# Fetch the second page of the batch
self.api_session.get('/folder?b_start=2&b_size=2')
def test_contains_batching_links(self):
# Fetch the second page of the batch
self.api_session.get('/folder?b_start=2&b_size=2')
def test_contains_correct_batch_of_items(self):
# Fetch the second page of the batch
self.api_session.get('/folder?b_start=2&b_size=2')
def test_total_item_count_is_correct(self):
# Fetch the second page of the batch
self.api_session.get('/folder?b_start=2&b_size=2')
def test_batching_links_omitted_if_resulset_fits_in_single_batch(self):
self.api_session.get('/folder?b_size=100')
def test_api_do_not_return_related_items_with_effective_date_in_future_for_users_that_cant_edit_context(
self,
):
api.user.create(
email="*****@*****.**",
username="******",
password="******",
)
api_session = RelativeSession(self.portal_url)
api_session.headers.update({"Accept": "application/json"})
api_session.auth = ("foo", "secret")
present = api.content.create(
container=self.portal, type="Document", title="present"
)
future = api.content.create(
container=self.portal, type="Document", title="future"
)
present.setEffectiveDate(DateTime())
future.setEffectiveDate(DateTime() + 1)
api.content.transition(obj=present, transition="publish")
api.content.transition(obj=future, transition="publish")
page = api.content.create(
container=self.portal,
type="Document",
title="Page",
relatedItems=[
RelationValue(self.intids.getId(present)),
RelationValue(self.intids.getId(future)),
],
)
api.content.transition(obj=page, transition="publish")
commit()
setRoles(self.portal, "foo", ["Reader"])
commit()
res = api_session.get(page.absolute_url()).json()
relatedItems = res.get("relatedItems", [])
self.assertEqual(len(relatedItems), 1)
setRoles(self.portal, "foo", ["Editor"])
commit()
res = api_session.get(page.absolute_url()).json()
relatedItems = res.get("relatedItems", [])
self.assertEqual(len(relatedItems), 2)
class TestHistoryVersioning(unittest.TestCase):
layer = PLONE_RESTAPI_DX_FUNCTIONAL_TESTING
def setUp(self):
self.app = self.layer['app']
self.portal = self.layer['portal']
self.portal_url = self.portal.absolute_url()
setRoles(self.portal, TEST_USER_ID, ['Manager'])
self.api_session = RelativeSession(self.portal_url)
self.api_session.headers.update({'Accept': 'application/json'})
self.api_session.auth = (SITE_OWNER_NAME, SITE_OWNER_PASSWORD)
self.portal.invokeFactory(
'Document',
id='doc_with_history',
title='My Document'
)
self.doc = self.portal.doc_with_history
self.doc.setTitle('Current version')
transaction.commit()
def test_response(self):
response = self.api_session.get(self.doc.absolute_url())
self.assertIn('version', response.json())
class TestServicesTypesTranslatedTitles(unittest.TestCase):
layer = PLONE_RESTAPI_DX_FUNCTIONAL_TESTING
def setUp(self):
self.app = self.layer['app']
self.portal = self.layer['portal']
self.portal_url = self.portal.absolute_url()
setRoles(self.portal, TEST_USER_ID, ['Manager'])
self.api_session = RelativeSession(self.portal_url)
self.api_session.headers.update({'Accept': 'application/json'})
self.api_session.headers.update({'Accept-Language': 'es'})
self.api_session.auth = (SITE_OWNER_NAME, SITE_OWNER_PASSWORD)
transaction.commit()
def test_get_types_translated(self):
response = self.api_session.get('{}/@types'.format(
self.portal.absolute_url()))
self.assertEqual(response.status_code, 200)
self.assertEqual(
{
u'Archivo', u'Carpeta', u'Colección', u'DX Test Document',
u'Enlace', u'Evento', u'Imagen', u'Noticia', u'Página'
}, set(item['title'] for item in response.json()))
class TestDatabaseServiceFunctional(unittest.TestCase):
layer = PLONE_RESTAPI_DX_FUNCTIONAL_TESTING
def setUp(self):
self.app = self.layer["app"]
self.portal = self.layer["portal"]
self.portal_url = self.portal.absolute_url()
self.request = self.portal.REQUEST
self.catalog = getToolByName(self.portal, "portal_catalog")
self.api_session = RelativeSession(self.portal_url)
self.api_session.headers.update({"Accept": "application/json"})
self.api_session.auth = (SITE_OWNER_NAME, SITE_OWNER_PASSWORD)
def tearDown(self):
self.api_session.close()
def test_get_system(self):
response = self.api_session.get("/@database")
self.assertEqual(response.status_code, 200)
self.assertEqual(response.headers.get("Content-Type"),
"application/json")
results = response.json()
self.assertEqual(results[u"@id"],
self.portal.absolute_url() + "/@database")
self.assertTrue("cache_length" in results.keys())
self.assertTrue("cache_length_bytes" in results.keys())
self.assertTrue("cache_detail_length" in results.keys())
self.assertTrue("cache_size" in results.keys())
self.assertTrue("database_size" in results.keys())
self.assertTrue("db_name" in results.keys())
self.assertTrue("db_size" in results.keys())
class SerializerFunctionalTest(unittest.TestCase):
""" """
layer = PLONE_APP_JSON_FIELD_FUNCTIONAL_TESTING
def setUp(self):
""" """
self.portal = self.layer['portal']
self.portal_url = self.portal.absolute_url()
self.api_session = RelativeSession(self.portal_url)
self.api_session.headers.update({'Accept': 'application/json'})
self.api_session.auth = (SITE_OWNER_NAME, SITE_OWNER_PASSWORD)
def test_serializer(self):
"""" """
id_ = 'test-hospital'
json_body = {
'@type': 'TestToken',
'title': 'Test Organization xxx',
'id': id_
}
with open(os.path.join(FHIR_FIXTURE_PATH, 'Organization.json'), 'r') as f:
json_body['resource'] = json.load(f)
response = self.api_session.post(
self.portal_url,
json=json_body,
)
self.assertEqual(201, response.status_code)
response = self.api_session.get(self.portal_url + '/' + id_)
self.assertEqual(200, response.status_code)
self.assertEqual(response.json()['resource']['resourceType'], json_body['resource']['resourceType'])
def test_get_other_user_info_when_logged_in(self):
noam_api_session = RelativeSession(self.portal_url)
noam_api_session.headers.update({'Accept': 'application/json'})
noam_api_session.auth = ('noam', 'password')
response = noam_api_session.get('/@users/otheruser')
self.assertEqual(response.status_code, 401)
def test_list_users_without_being_manager(self):
noam_api_session = RelativeSession(self.portal_url)
noam_api_session.headers.update({'Accept': 'application/json'})
noam_api_session.auth = ('noam', 'password')
response = noam_api_session.get('/@users')
self.assertEqual(response.status_code, 401)
class TestHistoryVersioning(unittest.TestCase):
layer = PLONE_RESTAPI_DX_FUNCTIONAL_TESTING
def setUp(self):
self.app = self.layer["app"]
self.portal = self.layer["portal"]
self.portal_url = self.portal.absolute_url()
setRoles(self.portal, TEST_USER_ID, ["Manager"])
self.api_session = RelativeSession(self.portal_url)
self.api_session.headers.update({"Accept": "application/json"})
self.api_session.auth = (SITE_OWNER_NAME, SITE_OWNER_PASSWORD)
self.portal.invokeFactory("Document",
id="doc_with_history",
title="My Document")
self.doc = self.portal.doc_with_history
self.doc.setTitle("Current version")
transaction.commit()
def tearDown(self):
self.api_session.close()
def test_response(self):
response = self.api_session.get(self.doc.absolute_url())
self.assertIn("version", response.json())
class TestPermissions(unittest.TestCase):
layer = PLONE_RESTAPI_DX_FUNCTIONAL_TESTING
def setUp(self):
self.app = self.layer['app']
self.portal = self.layer['portal']
self.portal_url = self.portal.absolute_url()
self.api_session = RelativeSession(self.portal_url)
self.api_session.headers.update({'Accept': 'application/json'})
self.api_session.auth = (TEST_USER_NAME, TEST_USER_PASSWORD)
def test_anonymous_allowed_to_use_api_by_default(self):
setRoles(self.portal, TEST_USER_ID, ['Anonymous'])
transaction.commit()
response = self.api_session.get(self.portal_url)
self.assertEqual(response.status_code, 200)
def test_authenticated_allowed_to_use_api_by_default(self):
setRoles(self.portal, TEST_USER_ID, ['Authenticated'])
transaction.commit()
response = self.api_session.get(self.portal_url)
self.assertEqual(response.status_code, 200)
def test_manager_allowed_to_use_api_by_default(self):
setRoles(self.portal, TEST_USER_ID, ['Manager'])
transaction.commit()
response = self.api_session.get(self.portal_url)
self.assertEqual(response.status_code, 200)
def test_unauthorized_if_missing_permission(self):
# Unmap the 'plone.restapi: Use REST API'
# permission from any roles
self.portal.manage_permission(UseRESTAPI, roles=[])
transaction.commit()
response = self.api_session.get(self.portal_url)
self.assertEqual(response.status_code, 401)
self.assertDictContainsSubset(
{
u'type': u'Unauthorized',
u'message': u"Missing 'plone.restapi: Use REST API' permission"
}, response.json())
class TestServicesMultilingualBreadcrumbs(unittest.TestCase):
layer = PLONE_RESTAPI_DX_PAM_FUNCTIONAL_TESTING
def setUp(self):
self.portal = self.layer["portal"]
self.portal_url = self.portal.absolute_url()
self.request = self.layer["request"]
self.api_session = RelativeSession(self.portal_url, test=self)
self.api_session.headers.update({"Accept": "application/json"})
self.api_session.auth = (SITE_OWNER_NAME, SITE_OWNER_PASSWORD)
alsoProvides(self.layer["request"], IPloneAppMultilingualInstalled)
login(self.portal, SITE_OWNER_NAME)
self.en_content = createContentInContainer(self.portal["en"],
"Document",
title="Test document")
self.es_content = createContentInContainer(self.portal["es"],
"Document",
title="Test document")
ITranslationManager(self.en_content).register_translation(
"es", self.es_content)
self.folder = createContentInContainer(self.portal["es"],
"Folder",
id="folder",
title="Some Folder")
createContentInContainer(self.folder,
"Document",
id="doc1",
title="A document")
transaction.commit()
def tearDown(self):
self.api_session.close()
def test_breadcrumbs_multilingual(self):
response = self.api_session.get("/es/folder/doc1/@breadcrumbs")
self.assertEqual(response.status_code, 200)
self.assertEqual(
response.json(),
{
"@id":
self.portal_url + "/es/folder/doc1/@breadcrumbs",
"root":
self.portal_url + "/es",
"items": [
{
"@id": self.portal_url + "/es/folder",
"title": "Some Folder",
},
{
"@id": self.portal_url + "/es/folder/doc1",
"title": "A document",
},
],
},
)
class TestHistoryEndpointTranslatedMessages(unittest.TestCase):
layer = PLONE_RESTAPI_DX_FUNCTIONAL_TESTING
def setUp(self):
self.app = self.layer["app"]
self.portal = self.layer["portal"]
self.portal_url = self.portal.absolute_url()
setRoles(self.portal, TEST_USER_ID, ["Manager"])
self.api_session = RelativeSession(self.portal_url)
self.api_session.headers.update({"Accept": "application/json"})
self.api_session.headers.update({"Accept-Language": "es"})
self.api_session.auth = (SITE_OWNER_NAME, SITE_OWNER_PASSWORD)
self.portal.invokeFactory("Document",
id="doc_with_history",
title="My Document")
self.doc = self.portal.doc_with_history
self.doc.setTitle("Current version")
api.content.transition(self.doc, "publish")
self.endpoint_url = "{}/@history".format(self.doc.absolute_url())
transaction.commit()
def tearDown(self):
self.api_session.close()
def test_actions_are_translated(self):
url = self.doc.absolute_url() + "/@history"
response = self.api_session.get(url)
first_action = response.json()[-1]
self.assertEqual(u"Crear", first_action["action"])
def test_state_titles_are_translated(self):
url = self.doc.absolute_url() + "/@history"
response = self.api_session.get(url)
first_action = response.json()[-1]
self.assertEqual(u"Privado", first_action["state_title"])
def test_transition_titles_are_translated(self):
url = self.doc.absolute_url() + "/@history"
response = self.api_session.get(url)
first_action = response.json()[-1]
self.assertEqual(u"Crear", first_action["transition_title"])
def test_list_users_without_being_manager(self):
noam_api_session = RelativeSession(self.portal_url)
noam_api_session.headers.update({"Accept": "application/json"})
noam_api_session.auth = ("noam", "password")
response = noam_api_session.get("/@users")
self.assertEqual(response.status_code, 401)
noam_api_session.close()
def test_get_other_user_info_when_logged_in(self):
noam_api_session = RelativeSession(self.portal_url)
noam_api_session.headers.update({"Accept": "application/json"})
noam_api_session.auth = ("noam", "password")
response = noam_api_session.get("/@users/otheruser")
self.assertEqual(response.status_code, 401)
noam_api_session.close()
class TestBaseSerializer(unittest.TestCase):
"""Test that design.plone.contenttypes is properly installed."""
layer = DESIGN_PLONE_CONTENTTYPES_API_FUNCTIONAL_TESTING
def setUp(self):
self.app = self.layer["app"]
self.portal = self.layer["portal"]
self.portal_url = self.portal.absolute_url()
setRoles(self.portal, TEST_USER_ID, ["Manager"])
self.api_session = RelativeSession(self.portal_url)
self.api_session.headers.update({"Accept": "application/json"})
self.api_session.auth = (SITE_OWNER_NAME, SITE_OWNER_PASSWORD)
self.news = api.content.create(container=self.portal,
type="News Item",
title="TestNews")
self.news.tipologia_notizia = "Comunicati stampa"
self.service = api.content.create(container=self.portal,
type="Servizio",
title="TestService")
commit()
def tearDown(self):
self.api_session.close()
def test_design_italia_meta_type_with_news(self):
"""
News should return the news type (tipologia_notizia field)
Other types shoule return their own portal_type.
"""
response_news = self.api_session.get(self.news.absolute_url() +
"?fullobjects")
self.assertTrue(response_news.json()["design_italia_meta_type"] ==
"Comunicati stampa")
def test_design_italia_meta_type_with_type_different_from_news(self):
"""
News should return the news type (tipologia_notizia field)
Other types shoule return their own portal_type.
"""
response_service = self.api_session.get(self.service.absolute_url() +
"?fullobjects")
self.assertTrue(
response_service.json()["design_italia_meta_type"] == "Servizio")
class TestPermissions(unittest.TestCase):
layer = PLONE_RESTAPI_DX_FUNCTIONAL_TESTING
def setUp(self):
self.app = self.layer['app']
self.portal = self.layer['portal']
self.portal_url = self.portal.absolute_url()
self.api_session = RelativeSession(self.portal_url)
self.api_session.headers.update({'Accept': 'application/json'})
self.api_session.auth = (TEST_USER_NAME, TEST_USER_PASSWORD)
def test_anonymous_allowed_to_use_api_by_default(self):
setRoles(self.portal, TEST_USER_ID, ['Anonymous'])
transaction.commit()
response = self.api_session.get(self.portal_url)
self.assertEqual(response.status_code, 200)
def test_authenticated_allowed_to_use_api_by_default(self):
setRoles(self.portal, TEST_USER_ID, ['Authenticated'])
transaction.commit()
response = self.api_session.get(self.portal_url)
self.assertEqual(response.status_code, 200)
def test_manager_allowed_to_use_api_by_default(self):
setRoles(self.portal, TEST_USER_ID, ['Manager'])
transaction.commit()
response = self.api_session.get(self.portal_url)
self.assertEqual(response.status_code, 200)
def test_unauthorized_if_missing_permission(self):
# Unmap the 'plone.restapi: Use REST API'
# permission from any roles
self.portal.manage_permission(UseRESTAPI, roles=[])
transaction.commit()
response = self.api_session.get(self.portal_url)
self.assertEqual(response.status_code, 401)
self.assertDictContainsSubset(
{u'type': u'Unauthorized',
u'message': u"Missing 'plone.restapi: Use REST API' permission"},
response.json())
def test_anonymous_cant_get_other_vocabularies(self):
api_session = RelativeSession(self.portal_url)
api_session.headers.update({"Accept": "application/json"})
response = api_session.get("/@vocabularies/plone.app.vocabularies.Users")
self.assertEqual(response.status_code, 401)
api_session.close()
def test_anonymous_can_get_list_of_vocabularies(self):
api_session = RelativeSession(self.portal_url)
api_session.headers.update({"Accept": "application/json"})
# api_session.auth = (SITE_OWNER_NAME, SITE_OWNER_PASSWORD)
response = api_session.get("/@vocabularies")
self.assertEqual(response.status_code, 200)
api_session.close()
def test_users_can_get_list_of_vocabularies(self):
api_session = RelativeSession(self.portal_url)
api_session.headers.update({"Accept": "application/json"})
api_session.auth = ("member", "secret")
response = api_session.get("/@vocabularies")
self.assertEqual(response.status_code, 200)
api_session.auth = ("contributor", "secret")
response = api_session.get("/@vocabularies")
self.assertEqual(response.status_code, 200)
api_session.auth = ("editor", "secret")
response = api_session.get("/@vocabularies")
self.assertEqual(response.status_code, 200)
api_session.close()
class TestRegistry(unittest.TestCase):
layer = PLONE_RESTAPI_DX_FUNCTIONAL_TESTING
def setUp(self):
self.app = self.layer['app']
self.portal = self.layer['portal']
self.portal_url = self.portal.absolute_url()
setRoles(self.portal, TEST_USER_ID, ['Manager'])
self.api_session = RelativeSession(self.portal_url)
self.api_session.headers.update({'Accept': 'application/json'})
self.api_session.auth = (SITE_OWNER_NAME, SITE_OWNER_PASSWORD)
registry = getUtility(IRegistry)
record = Record(field.TextLine(title=u"Foo Bar"), u"Lorem Ipsum")
registry.records['foo.bar'] = record
transaction.commit()
def test_get_registry_record(self):
response = self.api_session.get('/@registry/foo.bar')
self.assertEqual(response.status_code, 200)
self.assertEqual(response.json(), 'Lorem Ipsum')
def test_update_registry_record(self):
registry = getUtility(IRegistry)
payload = {'foo.bar': 'lorem ipsum'}
response = self.api_session.patch('/@registry', json=payload)
transaction.commit()
self.assertEqual(response.status_code, 204)
self.assertEqual(registry['foo.bar'], 'lorem ipsum')
def test_update_several_registry_records(self):
registry = getUtility(IRegistry)
record = Record(field.TextLine(title=u"Foo Bar Baz"),
u"Lorem Ipsum Dolor")
registry.records['foo.bar.baz'] = record
transaction.commit()
payload = {'foo.bar': 'lorem ipsum',
'foo.bar.baz': 'lorem ipsum dolor'}
response = self.api_session.patch('/@registry', json=payload)
transaction.commit()
self.assertEqual(response.status_code, 204)
self.assertEqual(registry['foo.bar'], 'lorem ipsum')
self.assertEqual(registry['foo.bar.baz'], 'lorem ipsum dolor')
def test_update_non_existing_registry_record(self):
payload = {'foo.bar.baz': 'lorem ipsum'}
response = self.api_session.patch('/@registry', json=payload)
self.assertEqual(response.status_code, 500)
class TestTraversal(unittest.TestCase):
layer = PLONE_RESTAPI_DX_FUNCTIONAL_TESTING
def setUp(self):
self.app = self.layer['app']
self.portal = self.layer['portal']
self.portal_url = self.portal.absolute_url()
setRoles(self.portal, TEST_USER_ID, ['Manager'])
self.api_session = RelativeSession(self.portal_url)
self.api_session.headers.update({'Accept': 'application/json'})
self.api_session.auth = (SITE_OWNER_NAME, SITE_OWNER_PASSWORD)
def test_get_document(self):
self.portal.invokeFactory(
'Document',
id='doc1',
title='My Document'
)
self.portal.doc1.description = u"This is a document"
self.portal.doc1.text = RichTextValue(
u"Lorem ipsum",
'text/plain',
'text/html'
)
transaction.commit()
response = self.api_session.get(self.portal.doc1.absolute_url())
self.assertEqual(response.status_code, 200)
self.assertEqual(
response.headers.get('Content-Type'),
'application/json',
'When sending a GET request with Accept: application/json ' +
'the server should respond with sending back application/json: ' +
'{}'.format(response.headers.get('Content-Type'))
)
self.assertEqual(
'Document',
response.json().get('@type'),
"Response should be @type 'Document', not '{}'".format(
response.json().get('@type')
)
)
self.assertEqual(
response.json().get('@id'),
self.portal.doc1.absolute_url(),
'@id attribute != {}: {}'.format(
self.portal.doc1.absolute_url(),
response.json()
)
)
self.assertEqual(
'My Document',
response.json().get('title'),
)
self.assertEqual(
'This is a document',
response.json().get('description')
)
self.assertEqual(
'<p>Lorem ipsum</p>',
response.json().get('text')
)
def test_get_news_item(self):
self.portal.invokeFactory(
'News Item',
id='news1',
title='News Item 1'
)
image_file = os.path.join(os.path.dirname(__file__), u'image.png')
self.portal.news1.image = NamedBlobImage(
data=open(image_file, 'r').read(),
contentType='image/png',
filename=u'image.png'
)
self.portal.news1.image_caption = u'This is an image caption.'
transaction.commit()
response = self.api_session.get(self.portal.news1.absolute_url())
self.assertEqual(response.status_code, 200)
self.assertEqual(
response.headers.get('Content-Type'),
'application/json',
'When sending a GET request with Content-Type: application/json ' +
'the server should respond with sending back application/json.'
)
self.assertEqual(
'News Item',
response.json().get('@type'),
"Response should be @type 'News Item', not '{}'".format(
response.json().get('@type')
)
)
self.assertEqual(
response.json().get('@id'),
self.portal.news1.absolute_url()
)
self.assertEqual(
'News Item 1',
response.json().get('title')
)
self.assertEqual(
u'This is an image caption.',
response.json()['image_caption']
)
self.assertDictContainsSubset(
{'original': u'http://*****:*****@@images/image'},
response.json()['image']
)
def test_get_folder(self):
self.portal.invokeFactory(
'Folder',
id='folder1',
title='My Folder'
)
transaction.commit()
response = self.api_session.get(self.portal.folder1.absolute_url())
self.assertEqual(response.status_code, 200)
self.assertEqual(
response.headers.get('Content-Type'),
'application/json',
'When sending a GET request with Content-Type: application/json ' +
'the server should respond with sending back application/json.'
)
self.assertEqual(
'Folder',
response.json().get('@type'),
"Response should be @type 'Folder', not '{}'".format(
response.json().get('@type')
)
)
self.assertEqual(
self.portal.folder1.absolute_url(),
response.json().get('@id')
)
self.assertEqual(
'My Folder',
response.json().get('title')
)
def test_get_site_root(self):
response = self.api_session.get(self.portal_url)
self.assertEqual(response.status_code, 200)
self.assertEqual(
response.headers.get('Content-Type'),
'application/json',
'When sending a GET request with Content-Type: application/json ' +
'the server should respond with sending back application/json.'
)
self.assertEqual(
self.portal_url,
response.json().get('@id')
)
self.assertEqual(
'SiteRoot',
response.json().get('@type')
)
def test_get_site_root_with_default_page(self):
self.portal.invokeFactory('Document', id='front-page')
self.portal.setDefaultPage('front-page')
transaction.commit()
response = self.api_session.get(self.portal_url)
self.assertEqual(response.status_code, 200)
self.assertEqual(
response.headers.get('Content-Type'),
'application/json',
'When sending a GET request with Content-Type: application/json ' +
'the server should respond with sending back application/json.'
)
self.assertEqual(
response.json().get('@id'),
self.portal_url
)
self.assertEqual(
'SiteRoot',
response.json().get('@type')
)
@unittest.skip('Not implemented yet.')
def test_get_file(self): # pragma: no cover
self.portal.invokeFactory('File', id='file1')
self.portal.file1.title = 'File'
self.portal.file1.description = u'A file'
pdf_file = os.path.join(
os.path.dirname(__file__), u'file.pdf'
)
self.portal.file1.file = NamedBlobFile(
data=open(pdf_file, 'r').read(),
contentType='application/pdf',
filename=u'file.pdf'
)
intids = getUtility(IIntIds)
file_id = intids.getId(self.portal.file1)
self.portal.file1.file = RelationValue(file_id)
transaction.commit()
response = self.api_session.get(self.portal.file1.absolute_url())
self.assertEqual(response.status_code, 200)
self.assertEqual(
response.headers.get('Content-Type'),
'application/json',
'When sending a GET request with Content-Type: application/json ' +
'the server should respond with sending back application/json.'
)
self.assertEqual(
response.json()['@id'],
self.portal.file1.absolute_url()
)
@unittest.skip('Not implemented yet.')
def test_get_image(self): # pragma: no cover
self.portal.invokeFactory('Image', id='img1')
self.portal.img1.title = 'Image'
self.portal.img1.description = u'An image'
image_file = os.path.join(os.path.dirname(__file__), u'image.png')
self.portal.img1.image = NamedBlobImage(
data=open(image_file, 'r').read(),
contentType='image/png',
filename=u'image.png'
)
transaction.commit()
response = self.api_session.get(self.portal.img1.absolute_url())
self.assertEqual(response.status_code, 200)
self.assertEqual(
response.headers.get('Content-Type'),
'application/json',
'When sending a GET request with Content-Type: application/json ' +
'the server should respond with sending back application/json.'
)
self.assertEqual(
response.json()['@id'],
self.portal.img1.absolute_url()
)
class TestSearchFunctional(unittest.TestCase):
layer = PLONE_RESTAPI_DX_FUNCTIONAL_TESTING
def setUp(self):
self.app = self.layer['app']
self.portal = self.layer['portal']
self.portal_url = self.portal.absolute_url()
self.request = self.portal.REQUEST
self.catalog = getToolByName(self.portal, 'portal_catalog')
self.api_session = RelativeSession(self.portal_url)
self.api_session.headers.update({'Accept': 'application/json'})
self.api_session.auth = (SITE_OWNER_NAME, SITE_OWNER_PASSWORD)
# /plone/folder
self.folder = createContentInContainer(
self.portal, u'Folder',
id=u'folder',
title=u'Some Folder')
# /plone/folder/doc
self.doc = createContentInContainer(
self.folder, u'DXTestDocument',
id='doc',
title=u'Lorem Ipsum',
created=DateTime(1950, 1, 1, 0, 0),
effective=DateTime(1995, 1, 1, 0, 0),
expires=DateTime(1999, 1, 1, 0, 0),
test_int_field=42,
test_list_field=['Keyword1', 'Keyword2', 'Keyword3'],
test_bool_field=True,
)
IMutableUUID(self.doc).set('77779ffa110e45afb1ba502f75f77777')
self.doc.reindexObject()
# /plone/folder/other-document
self.doc2 = createContentInContainer(
self.folder, u'DXTestDocument',
id='other-document',
title=u'Other Document',
description=u'\xdcbersicht',
created=DateTime(1975, 1, 1, 0, 0),
effective=DateTime(2015, 1, 1, 0, 0),
expires=DateTime(2020, 1, 1, 0, 0),
test_list_field=['Keyword2', 'Keyword3'],
test_bool_field=False,
)
# /plone/doc-outside-folder
createContentInContainer(
self.portal, u'DXTestDocument',
id='doc-outside-folder',
title=u'Doc outside folder',
)
transaction.commit()
def test_overall_response_format(self):
response = self.api_session.get('/search')
self.assertEqual(response.status_code, 200)
self.assertEqual(
response.headers.get('Content-Type'),
'application/json',
)
results = response.json()
self.assertEqual(
results[u'items_count'],
len(results[u'member']),
'items_count property should match actual item count.'
)
def test_search_on_context_constrains_query_by_path(self):
response = self.api_session.get('/folder/search')
self.assertSetEqual(
{u'/plone/folder',
u'/plone/folder/doc',
u'/plone/folder/other-document'},
set(result_paths(response.json())))
def test_partial_metadata_retrieval(self):
query = {'SearchableText': 'lorem',
'metadata_fields': ['portal_type', 'review_state']}
response = self.api_session.get('/search', params=query)
self.assertDictContainsSubset(
{u'@id': u'http://*****:*****@id': u'http://localhost:55001/plone/folder/doc',
u'Creator': u'test_user_1_',
u'Description': u'',
u'EffectiveDate': u'None',
u'ExpirationDate': u'None',
u'Subject': [],
u'Title': u'Lorem Ipsum',
u'Type': u'DX Test Document',
u'UID': u'77779ffa110e45afb1ba502f75f77777',
u'author_name': None,
u'cmf_uid': None,
u'commentators': [],
u'description': u'',
u'effective': u'1995-01-01T00:00:00+00:00',
u'end': None,
u'exclude_from_nav': False,
u'expires': u'1999-01-01T00:00:00+00:00',
u'getId': u'doc',
u'getObjSize': u'0 KB',
u'getPath': u'/plone/folder/doc',
u'getRemoteUrl': None,
u'getURL': u'http://localhost:55001/plone/folder/doc',
u'id': u'doc',
u'in_response_to': None,
u'is_folderish': False,
u'last_comment_date': None,
u'listCreators': [u'test_user_1_'],
u'location': None,
u'meta_type': u'Dexterity Item',
u'portal_type': u'DXTestDocument',
u'review_state': u'private',
u'start': None,
u'sync_uid': None,
u'title': u'Lorem Ipsum',
u'total_comments': 0},
response.json()['member'][0])
# ZCTextIndex
def test_fulltext_search(self):
query = {'SearchableText': 'lorem'}
response = self.api_session.get('/search', params=query)
self.assertEqual(
[u'/plone/folder/doc'],
result_paths(response.json())
)
def test_fulltext_search_with_non_ascii_characters(self):
query = {'SearchableText': u'\xfcbersicht'}
response = self.api_session.get('/search', params=query)
self.assertEqual(
[u'/plone/folder/other-document'],
result_paths(response.json())
)
# KeywordIndex
def test_keyword_index_str_query(self):
query = {'test_list_field': 'Keyword1'}
response = self.api_session.get('/search', params=query)
self.assertEqual(
[u'/plone/folder/doc'],
result_paths(response.json())
)
def test_keyword_index_str_query_or(self):
query = {'test_list_field': ['Keyword2', 'Keyword3']}
response = self.api_session.get('/search', params=query)
self.assertEqual(
[u'/plone/folder/doc',
u'/plone/folder/other-document'],
result_paths(response.json())
)
def test_keyword_index_str_query_and(self):
query = {
'test_list_field.query': ['Keyword1', 'Keyword2'],
'test_list_field.operator': 'and',
}
response = self.api_session.get('/search', params=query)
self.assertEqual(
[u'/plone/folder/doc'],
result_paths(response.json())
)
def test_keyword_index_int_query(self):
self.doc.test_list_field = [42, 23]
self.doc.reindexObject()
transaction.commit()
query = {'test_list_field:int': 42}
response = self.api_session.get('/search', params=query)
self.assertEqual(
[u'/plone/folder/doc'],
result_paths(response.json())
)
# BooleanIndex
def test_boolean_index_query(self):
query = {'test_bool_field': True, 'portal_type': 'DXTestDocument'}
response = self.api_session.get('/folder/search', params=query)
self.assertEqual(
[u'/plone/folder/doc'],
result_paths(response.json())
)
query = {'test_bool_field': False, 'portal_type': 'DXTestDocument'}
response = self.api_session.get('/folder/search', params=query)
self.assertEqual(
[u'/plone/folder/other-document'],
result_paths(response.json())
)
# FieldIndex
def test_field_index_int_query(self):
query = {'test_int_field:int': 42}
response = self.api_session.get('/search', params=query)
self.assertEqual(
[u'/plone/folder/doc'],
result_paths(response.json())
)
def test_field_index_int_range_query(self):
query = {
'test_int_field.query:int': [41, 43],
'test_int_field.range': 'min:max',
}
response = self.api_session.get('/search', params=query)
self.assertEqual(
[u'/plone/folder/doc'],
result_paths(response.json())
)
# ExtendedPathIndex
def test_extended_path_index_query(self):
query = {'path': '/'.join(self.folder.getPhysicalPath())}
response = self.api_session.get('/search', params=query)
self.assertEqual(
[u'/plone/folder',
u'/plone/folder/doc',
u'/plone/folder/other-document'],
result_paths(response.json())
)
def test_extended_path_index_depth_limiting(self):
lvl1 = createContentInContainer(self.portal, u'Folder', id=u'lvl1')
lvl2 = createContentInContainer(lvl1, u'Folder', id=u'lvl2')
createContentInContainer(lvl2, u'Folder', id=u'lvl3')
transaction.commit()
path = '/plone/lvl1'
# Depth 0 - only object identified by path
query = {'path.query': path, 'path.depth': 0}
response = self.api_session.get('/search', params=query)
self.assertEqual(
[u'/plone/lvl1'],
result_paths(response.json()))
# Depth 1 - immediate children
query = {'path.query': path, 'path.depth': 1}
response = self.api_session.get('/search', params=query)
self.assertEqual(
[u'/plone/lvl1/lvl2'],
result_paths(response.json()))
# No depth - object itself and all children
query = {'path': path}
response = self.api_session.get('/search', params=query)
self.assertSetEqual(
{u'/plone/lvl1', u'/plone/lvl1/lvl2', u'/plone/lvl1/lvl2/lvl3'},
set(result_paths(response.json())))
# DateIndex
def test_date_index_query(self):
query = {'created': date(1950, 1, 1).isoformat()}
response = self.api_session.get('/search', params=query)
self.assertEqual(
[u'/plone/folder/doc'],
result_paths(response.json())
)
def test_date_index_ranged_query(self):
query = {
'created.query': [date(1949, 1, 1).isoformat(),
date(1951, 1, 1).isoformat()],
'created.range': 'min:max',
}
response = self.api_session.get('/search', params=query)
self.assertEqual(
[u'/plone/folder/doc'],
result_paths(response.json())
)
# DateRangeIndex
def test_date_range_index_query(self):
query = {'effectiveRange': date(1997, 1, 1).isoformat()}
response = self.api_session.get('/folder/search', params=query)
self.assertEqual(
[u'/plone/folder',
u'/plone/folder/doc'],
result_paths(response.json())
)
# DateRecurringIndex
def test_date_recurring_index_query(self):
from datetime import datetime
createContentInContainer(
self.folder, u'Event', id=u'event',
title=u'Event',
start=datetime(2013, 1, 1, 0, 0),
end=datetime(2013, 1, 1, 23, 59),
whole_day=True,
recurrence='FREQ=DAILY;COUNT=10;INTERVAL=2',
timezone='UTC',
)
import transaction
transaction.commit()
# First occurrence
query = {'start': date(2013, 1, 1).isoformat()}
response = self.api_session.get('/folder/search', params=query)
self.assertEqual(
[u'/plone/folder/event'],
result_paths(response.json())
)
# No event that day
query = {'start': date(2013, 1, 2).isoformat()}
response = self.api_session.get('/folder/search', params=query)
self.assertEqual(
[],
result_paths(response.json())
)
# Second occurrence
query = {'start': date(2013, 1, 3).isoformat()}
response = self.api_session.get('/folder/search', params=query)
self.assertEqual(
[u'/plone/folder/event'],
result_paths(response.json())
)
# Ranged query
query = {
'start.query': [date(2013, 1, 1).isoformat(),
date(2013, 1, 5).isoformat()],
'start.range': 'min:max',
}
response = self.api_session.get('/folder/search', params=query)
self.assertEqual(
[u'/plone/folder/event'],
result_paths(response.json())
)
# UUIDIndex
def test_uuid_index_query(self):
IMutableUUID(self.doc).set('7777a074cb4240d08c9a129e3a837777')
self.doc.reindexObject()
transaction.commit()
query = {'UID': '7777a074cb4240d08c9a129e3a837777'}
response = self.api_session.get('/search', params=query)
self.assertEqual(
[u'/plone/folder/doc'],
result_paths(response.json())
)
class TestTraversal(unittest.TestCase):
layer = PLONE_RESTAPI_DX_FUNCTIONAL_TESTING
def setUp(self):
self.app = self.layer['app']
self.request = self.layer['request']
self.portal = self.layer['portal']
self.portal_url = self.portal.absolute_url()
self.api_session = RelativeSession(self.portal_url)
self.api_session.headers.update({'Accept': 'application/json'})
self.api_session.auth = (SITE_OWNER_NAME, SITE_OWNER_PASSWORD)
setRoles(self.portal, TEST_USER_ID, ['Manager'])
self.portal.invokeFactory('Document', id='front-page')
self.document = self.portal['front-page']
self.document.title = u"Welcome to Plone"
self.document.description = \
u"Congratulations! You have successfully installed Plone."
self.document.text = RichTextValue(
u"If you're seeing this instead of the web site you were " +
u"expecting, the owner of this web site has just installed " +
u"Plone. Do not contact the Plone Team or the Plone mailing " +
u"lists about this.",
'text/plain',
'text/html'
)
self.document.creation_date = DateTime('2016-01-21T01:14:48+00:00')
IMutableUUID(self.document).set('1f699ffa110e45afb1ba502f75f7ec33')
self.document.reindexObject()
self.document.modification_date = DateTime('2016-01-21T01:24:11+00:00')
import transaction
transaction.commit()
self.browser = Browser(self.app)
self.browser.handleErrors = False
self.browser.addHeader(
'Authorization',
'Basic %s:%s' % (SITE_OWNER_NAME, SITE_OWNER_PASSWORD,)
)
def test_documentation_document(self):
response = self.api_session.get(self.document.absolute_url())
save_response_for_documentation('document.json', response)
def test_documentation_news_item(self):
self.portal.invokeFactory('News Item', id='newsitem')
self.portal.newsitem.title = 'My News Item'
self.portal.newsitem.description = u'This is a news item'
self.portal.newsitem.text = RichTextValue(
u"Lorem ipsum",
'text/plain',
'text/html'
)
image_file = os.path.join(os.path.dirname(__file__), u'image.png')
self.portal.newsitem.image = NamedBlobImage(
data=open(image_file, 'r').read(),
contentType='image/png',
filename=u'image.png'
)
self.portal.newsitem.image_caption = u'This is an image caption.'
self.portal.newsitem.creation_date = DateTime(
'2016-01-21T02:14:48+00:00')
self.portal.newsitem.modification_date = DateTime(
'2016-01-21T02:24:11+00:00')
IMutableUUID(self.portal.newsitem).set(
'80c2a074cb4240d08c9a129e3a834c74')
import transaction
transaction.commit()
response = self.api_session.get(self.portal.newsitem.absolute_url())
save_response_for_documentation('newsitem.json', response)
def test_documentation_event(self):
self.portal.invokeFactory('Event', id='event')
self.portal.event.title = 'Event'
self.portal.event.description = u'This is an event'
self.portal.event.start = datetime(2013, 1, 1, 10, 0)
self.portal.event.end = datetime(2013, 1, 1, 12, 0)
self.portal.event.creation_date = DateTime('2016-01-21T03:14:48+00:00')
self.portal.event.modification_date = DateTime(
'2016-01-21T03:24:11+00:00')
IMutableUUID(self.portal.event).set('846d632bc0854c5aa6d3dcae171ed2db')
import transaction
transaction.commit()
response = self.api_session.get(self.portal.event.absolute_url())
save_response_for_documentation('event.json', response)
def test_documentation_link(self):
self.portal.invokeFactory('Link', id='link')
self.portal.link.title = 'My Link'
self.portal.link.description = u'This is a link'
self.portal.remoteUrl = 'http://plone.org'
self.portal.link.creation_date = DateTime('2016-01-21T04:14:48+00:00')
self.portal.link.modification_date = DateTime(
'2016-01-21T04:24:11+00:00')
IMutableUUID(self.portal.link).set('6ff48d27762143a0ae8d63cee73d9fc2')
import transaction
transaction.commit()
response = self.api_session.get(self.portal.link.absolute_url())
save_response_for_documentation('link.json', response)
def test_documentation_file(self):
self.portal.invokeFactory('File', id='file')
self.portal.file.title = 'My File'
self.portal.file.description = u'This is a file'
pdf_file = os.path.join(
os.path.dirname(__file__), u'file.pdf'
)
self.portal.file.file = NamedBlobFile(
data=open(pdf_file, 'r').read(),
contentType='application/pdf',
filename=u'file.pdf'
)
intids = getUtility(IIntIds)
file_id = intids.getId(self.portal.file)
self.portal.file.file = RelationValue(file_id)
self.portal.file.creation_date = DateTime('2016-01-21T05:14:48+00:00')
self.portal.file.modification_date = DateTime(
'2016-01-21T05:24:11+00:00')
IMutableUUID(self.portal.file).set('9b6a4eadb9074dde97d86171bb332ae9')
import transaction
transaction.commit()
response = self.api_session.get(self.portal.file.absolute_url())
save_response_for_documentation('file.json', response)
def test_documentation_image(self):
self.portal.invokeFactory('Image', id='image')
self.portal.image.title = 'My Image'
self.portal.image.description = u'This is an image'
image_file = os.path.join(os.path.dirname(__file__), u'image.png')
self.portal.image.image = NamedBlobImage(
data=open(image_file, 'r').read(),
contentType='image/png',
filename=u'image.png'
)
self.portal.image.creation_date = DateTime('2016-01-21T06:14:48+00:00')
self.portal.image.modification_date = DateTime(
'2016-01-21T06:24:11+00:00')
IMutableUUID(self.portal.image).set('2166e81a0c224fe3b62e197c7fdc9c3e')
import transaction
transaction.commit()
response = self.api_session.get(self.portal.image.absolute_url())
save_response_for_documentation('image.json', response)
def test_documentation_folder(self):
self.portal.invokeFactory('Folder', id='folder')
self.portal.folder.title = 'My Folder'
self.portal.folder.description = u'This is a folder with two documents'
self.portal.folder.invokeFactory(
'Document',
id='doc1',
title='A document within a folder'
)
self.portal.folder.invokeFactory(
'Document',
id='doc2',
title='A document within a folder'
)
self.portal.folder.creation_date = DateTime(
'2016-01-21T07:14:48+00:00')
self.portal.folder.modification_date = DateTime(
'2016-01-21T07:24:11+00:00')
IMutableUUID(self.portal.folder).set(
'fc7881c46d61452db4177bc059d9dcb5')
import transaction
transaction.commit()
response = self.api_session.get(self.portal.folder.absolute_url())
save_response_for_documentation('folder.json', response)
def test_documentation_collection(self):
self.portal.invokeFactory('Collection', id='collection')
self.portal.collection.title = 'My Collection'
self.portal.collection.description = \
u'This is a collection with two documents'
self.portal.collection.query = [{
'i': 'portal_type',
'o': 'plone.app.querystring.operation.string.is',
'v': 'Document',
}]
self.portal.invokeFactory(
'Document',
id='doc1',
title='Document 1'
)
self.portal.invokeFactory(
'Document',
id='doc2',
title='Document 2'
)
self.portal.collection.creation_date = DateTime(
'2016-01-21T08:14:48+00:00')
self.portal.collection.modification_date = DateTime(
'2016-01-21T08:24:11+00:00')
IMutableUUID(self.portal.collection).set(
'd0c89bc77f874ce1aad5720921d875c0')
import transaction
transaction.commit()
response = self.api_session.get(self.portal.collection.absolute_url())
save_response_for_documentation('collection.json', response)
def test_documentation_siteroot(self):
response = self.api_session.get(self.portal.absolute_url())
save_response_for_documentation('siteroot.json', response)
def test_documentation_404_not_found(self):
response = self.api_session.get('non-existing-resource')
save_response_for_documentation('404_not_found.json', response)
def test_documentation_search(self):
query = {'sort_on': 'path'}
response = self.api_session.get('/search', params=query)
save_response_for_documentation('search.json', response)
class TestBatchingArchetypes(unittest.TestCase):
layer = PLONE_RESTAPI_AT_FUNCTIONAL_TESTING
def setUp(self):
self.app = self.layer['app']
self.portal = self.layer['portal']
self.portal_url = self.portal.absolute_url()
self.request = self.portal.REQUEST
setRoles(self.portal, TEST_USER_ID, ['Member', 'Contributor'])
self.api_session = RelativeSession(self.portal_url)
self.api_session.headers.update({'Accept': 'application/json'})
self.api_session.auth = (SITE_OWNER_NAME, SITE_OWNER_PASSWORD)
folder = self.portal[self.portal.invokeFactory(
'Folder',
id='folder',
title='Some Folder',
)]
for i in range(5):
self._create_doc(folder, i)
transaction.commit()
def _create_doc(self, container, number):
container.invokeFactory(
'Document',
id='doc-%s' % str(number + 1),
title='Document %s' % str(number + 1),
)
def test_contains_canonical_url(self):
# Fetch the second page of the batch
response = self.api_session.get('/folder?b_start=2&b_size=2')
# Response should contain canonical URL without batching params
self.assertEqual(
response.json()['@id'],
self.portal_url + '/folder')
def test_contains_batching_links(self):
# Fetch the second page of the batch
response = self.api_session.get('/folder?b_start=2&b_size=2')
# Batch info in response should contain appropriate batching links
batch_info = response.json()['batching']
self.assertDictEqual(
{u'@id': self.portal_url + '/folder?b_start=2&b_size=2',
u'first': self.portal_url + '/folder?b_size=2&b_start=0',
u'next': self.portal_url + '/folder?b_size=2&b_start=4',
u'prev': self.portal_url + '/folder?b_size=2&b_start=0',
u'last': self.portal_url + '/folder?b_size=2&b_start=4',
},
batch_info)
def test_contains_correct_batch_of_items(self):
# Fetch the second page of the batch
response = self.api_session.get('/folder?b_start=2&b_size=2')
# Response should contain second batch of items
self.assertEquals([
u'/plone/folder/doc-3',
u'/plone/folder/doc-4'],
result_paths(response.json()))
def test_total_item_count_is_correct(self):
# Fetch the second page of the batch
response = self.api_session.get('/folder?b_start=2&b_size=2')
# Total count of items should be in items_total
self.assertEqual(5, response.json()['items_total'])
def test_batching_links_omitted_if_resulset_fits_in_single_batch(self):
response = self.api_session.get('/folder?b_size=100')
self.assertNotIn('batching', response.json().keys())
class TestUsersEndpoint(unittest.TestCase):
layer = PLONE_RESTAPI_DX_FUNCTIONAL_TESTING
def setUp(self):
self.app = self.layer['app']
self.portal = self.layer['portal']
self.portal_url = self.portal.absolute_url()
setRoles(self.portal, TEST_USER_ID, ['Manager'])
self.api_session = RelativeSession(self.portal_url)
self.api_session.headers.update({'Accept': 'application/json'})
self.api_session.auth = (SITE_OWNER_NAME, SITE_OWNER_PASSWORD)
properties = {
'email': '*****@*****.**',
'username': '******',
'fullname': 'Noam Avram Chomsky',
'home_page': 'web.mit.edu/chomsky',
'description': 'Professor of Linguistics',
'location': 'Cambridge, MA'
}
api.user.create(
email='*****@*****.**',
username='******',
properties=properties
)
transaction.commit()
def test_list_users(self):
response = self.api_session.get('/@users')
self.assertEqual(200, response.status_code)
self.assertEqual(3, len(response.json()))
user_ids = [user['id'] for user in response.json()]
self.assertIn('admin', user_ids)
self.assertIn('test_user_1_', user_ids)
self.assertIn('noam', user_ids)
noam = [x for x in response.json() if x.get('username') == 'noam'][0]
self.assertEqual('noam', noam.get('id'))
self.assertEqual(
self.portal.absolute_url() + '/@users/noam',
noam.get('@id')
)
self.assertEqual('*****@*****.**', noam.get('email'))
self.assertEqual('Noam Avram Chomsky', noam.get('fullname'))
self.assertEqual('web.mit.edu/chomsky', noam.get('home_page')) # noqa
self.assertEqual('Professor of Linguistics', noam.get('description')) # noqa
self.assertEqual('Cambridge, MA', noam.get('location'))
def test_add_user(self):
response = self.api_session.post(
'/@users',
json={
"username": "******",
"email": "*****@*****.**",
"password": "******"
},
)
transaction.commit()
self.assertEqual(201, response.status_code)
howard = api.user.get(userid='howard')
self.assertEqual(
"*****@*****.**", howard.getProperty('email')
)
def test_add_user_username_is_required(self):
response = self.api_session.post(
'/@users',
json={
"password": "******"
},
)
transaction.commit()
self.assertEqual(400, response.status_code)
self.assertTrue('"Property \'username\' is required' in response.text)
def test_add_user_password_is_required(self):
response = self.api_session.post(
'/@users',
json={
"username": "******"
},
)
transaction.commit()
self.assertEqual(400, response.status_code)
self.assertTrue('"Property \'password\' is required' in response.text)
def test_add_user_email_is_required_if_email_login_is_enabled(self):
# enable use_email_as_login
security_settings = getAdapter(self.portal, ISecuritySchema)
security_settings.use_email_as_login = True
transaction.commit()
response = self.api_session.post(
'/@users',
json={
"username": "******",
"password": "******"
},
)
self.assertEqual(400, response.status_code)
self.assertTrue('"Property \'email\' is required' in response.text)
def test_add_user_email_with_email_login_enabled(self):
# enable use_email_as_login
security_settings = getAdapter(self.portal, ISecuritySchema)
security_settings.use_email_as_login = True
transaction.commit()
response = self.api_session.post(
'/@users',
json={
"email": "*****@*****.**",
"password": "******"
},
)
transaction.commit()
self.assertEqual(201, response.status_code)
self.assertTrue(api.user.get(userid='*****@*****.**'))
def test_add_user_with_email_login_enabled(self):
# enable use_email_as_login
security_settings = getAdapter(self.portal, ISecuritySchema)
security_settings.use_email_as_login = True
transaction.commit()
response = self.api_session.post(
'/@users',
json={
"username": "******",
"email": "*****@*****.**",
"password": "******"
},
)
transaction.commit()
self.assertEqual(201, response.status_code)
user = api.user.get(userid='*****@*****.**')
self.assertTrue(user)
self.assertEqual('*****@*****.**', user.getUserName())
self.assertEqual('*****@*****.**', user.getProperty('email'))
def test_get_user(self):
response = self.api_session.get('/@users/noam')
self.assertEqual(response.status_code, 200)
self.assertEqual('noam', response.json().get('id'))
self.assertEqual(
self.portal.absolute_url() + '/@users/noam',
response.json().get('@id')
)
self.assertEqual(
'*****@*****.**',
response.json().get('email')
)
self.assertEqual('Noam Avram Chomsky', response.json().get('fullname'))
self.assertEqual('web.mit.edu/chomsky', response.json().get('home_page')) # noqa
self.assertEqual('Professor of Linguistics', response.json().get('description')) # noqa
self.assertEqual('Cambridge, MA', response.json().get('location'))
def test_get_search_user_with_filter(self):
response = self.api_session.post(
'/@users',
json={
"username": "******",
"email": "*****@*****.**",
"password": "******"
},
)
transaction.commit()
response = self.api_session.get('/@users', params={'query': 'noa'})
self.assertEqual(response.status_code, 200)
self.assertEqual(len(response.json()), 1)
self.assertEqual('noam', response.json()[0].get('id'))
self.assertEqual(
self.portal.absolute_url() + '/@users/noam',
response.json()[0].get('@id')
)
self.assertEqual(
'*****@*****.**',
response.json()[0].get('email')
)
self.assertEqual('Noam Avram Chomsky', response.json()[0].get('fullname')) # noqa
response = self.api_session.get('/@users', params={'query': 'howa'})
self.assertEqual(response.status_code, 200)
self.assertEqual(len(response.json()), 1)
self.assertEqual('howard', response.json()[0].get('id'))
def test_get_non_existing_user(self):
response = self.api_session.get('/@users/non-existing-user')
self.assertEqual(response.status_code, 404)
def test_update_user(self):
payload = {
'fullname': 'Noam A. Chomsky',
'username': '******',
'email': '*****@*****.**'
}
response = self.api_session.patch('/@users/noam', json=payload)
transaction.commit()
self.assertEqual(response.status_code, 204)
noam = api.user.get(userid='noam')
self.assertEqual('noam', noam.getUserId()) # user id never changes
self.assertEqual('avram', noam.getUserName())
self.assertEqual('Noam A. Chomsky', noam.getProperty('fullname'))
self.assertEqual(
'*****@*****.**',
noam.getProperty('email')
)
def test_update_user_password(self):
old_password_hashes = dict(
self.portal.acl_users.source_users._user_passwords
)
payload = {'password': '******'}
self.api_session.patch('/@users/noam', json=payload)
transaction.commit()
new_password_hashes = dict(
self.portal.acl_users.source_users._user_passwords
)
self.assertNotEqual(
old_password_hashes['noam'], new_password_hashes['noam']
)
def test_delete_user(self):
response = self.api_session.delete('/@users/noam')
transaction.commit()
self.assertEqual(response.status_code, 204)
self.assertEqual(None, api.user.get(userid='noam'))
def test_delete_non_existing_user(self):
response = self.api_session.delete('/@users/non-existing-user')
transaction.commit()
self.assertEqual(response.status_code, 404)
class TestTraversal(unittest.TestCase):
layer = PLONE_RESTAPI_DX_FUNCTIONAL_TESTING
def setUp(self):
self.app = self.layer['app']
self.request = self.layer['request']
self.portal = self.layer['portal']
self.portal_url = self.portal.absolute_url()
self.api_session = RelativeSession(self.portal_url)
self.api_session.headers.update({'Accept': 'application/json'})
self.api_session.auth = (SITE_OWNER_NAME, SITE_OWNER_PASSWORD)
setRoles(self.portal, TEST_USER_ID, ['Manager'])
self.portal.invokeFactory('Document', id='front-page')
self.document = self.portal['front-page']
self.document.title = u"Welcome to Plone"
self.document.description = \
u"Congratulations! You have successfully installed Plone."
self.document.text = RichTextValue(
u"If you're seeing this instead of the web site you were " +
u"expecting, the owner of this web site has just installed " +
u"Plone. Do not contact the Plone Team or the Plone mailing " +
u"lists about this.",
'text/plain',
'text/html'
)
import transaction
transaction.commit()
self.browser = Browser(self.app)
self.browser.handleErrors = False
self.browser.addHeader(
'Authorization',
'Basic %s:%s' % (SITE_OWNER_NAME, SITE_OWNER_PASSWORD,)
)
def test_documentation_document(self):
response = self.api_session.get(self.document.absolute_url())
save_response_for_documentation('document.json', response)
def test_documentation_news_item(self):
self.portal.invokeFactory('News Item', id='newsitem')
self.portal.newsitem.title = 'My News Item'
self.portal.newsitem.description = u'This is a news item'
self.portal.newsitem.text = RichTextValue(
u"Lorem ipsum",
'text/plain',
'text/html'
)
image_file = os.path.join(os.path.dirname(__file__), u'image.png')
self.portal.newsitem.image = NamedBlobImage(
data=open(image_file, 'r').read(),
contentType='image/png',
filename=u'image.png'
)
self.portal.newsitem.image_caption = u'This is an image caption.'
import transaction
transaction.commit()
response = self.api_session.get(self.portal.newsitem.absolute_url())
save_response_for_documentation('newsitem.json', response)
def test_documentation_event(self):
self.portal.invokeFactory('Event', id='event')
self.portal.event.title = 'Event'
self.portal.event.description = u'This is an event'
self.portal.event.start = datetime(2013, 1, 1, 10, 0)
self.portal.event.end = datetime(2013, 1, 1, 12, 0)
import transaction
transaction.commit()
response = self.api_session.get(self.portal.event.absolute_url())
save_response_for_documentation('event.json', response)
def test_documentation_link(self):
self.portal.invokeFactory('Link', id='link')
self.portal.link.title = 'My Link'
self.portal.link.description = u'This is a link'
self.portal.remoteUrl = 'http://plone.org'
import transaction
transaction.commit()
response = self.api_session.get(self.portal.link.absolute_url())
save_response_for_documentation('link.json', response)
def test_documentation_file(self):
self.portal.invokeFactory('File', id='file')
self.portal.file.title = 'My File'
self.portal.file.description = u'This is a file'
pdf_file = os.path.join(
os.path.dirname(__file__), u'file.pdf'
)
self.portal.file.file = NamedBlobFile(
data=open(pdf_file, 'r').read(),
contentType='application/pdf',
filename=u'file.pdf'
)
intids = getUtility(IIntIds)
file_id = intids.getId(self.portal.file)
self.portal.file.file = RelationValue(file_id)
import transaction
transaction.commit()
response = self.api_session.get(self.portal.file.absolute_url())
save_response_for_documentation('file.json', response)
def test_documentation_image(self):
self.portal.invokeFactory('Image', id='image')
self.portal.image.title = 'My Image'
self.portal.image.description = u'This is an image'
image_file = os.path.join(os.path.dirname(__file__), u'image.png')
self.portal.image.image = NamedBlobImage(
data=open(image_file, 'r').read(),
contentType='image/png',
filename=u'image.png'
)
import transaction
transaction.commit()
response = self.api_session.get(self.portal.image.absolute_url())
save_response_for_documentation('image.json', response)
def test_documentation_folder(self):
self.portal.invokeFactory('Folder', id='folder')
self.portal.folder.title = 'My Folder'
self.portal.folder.description = u'This is a folder with two documents'
self.portal.folder.invokeFactory(
'Document',
id='doc1',
title='A document within a folder'
)
self.portal.folder.invokeFactory(
'Document',
id='doc2',
title='A document within a folder'
)
import transaction
transaction.commit()
response = self.api_session.get(self.portal.folder.absolute_url())
save_response_for_documentation('folder.json', response)
def test_documentation_collection(self):
self.portal.invokeFactory('Collection', id='collection')
self.portal.collection.title = 'My Collection'
self.portal.collection.description = \
u'This is a collection with two documents'
self.portal.collection.query = [{
'i': 'portal_type',
'o': 'plone.app.querystring.operation.string.is',
'v': 'Document',
}]
self.portal.invokeFactory(
'Document',
id='doc1',
title='Document 1'
)
self.portal.invokeFactory(
'Document',
id='doc2',
title='Document 2'
)
import transaction
transaction.commit()
response = self.api_session.get(self.portal.collection.absolute_url())
save_response_for_documentation('collection.json', response)
def test_documentation_siteroot(self):
response = self.api_session.get(self.portal.absolute_url())
save_response_for_documentation('siteroot.json', response)
def test_documentation_404_not_found(self):
response = self.api_session.get('non-existing-resource')
save_response_for_documentation('404_not_found.json', response)
class TestErrorHandling(unittest.TestCase):
layer = PLONE_RESTAPI_DX_FUNCTIONAL_TESTING
def setUp(self):
self.app = self.layer["app"]
self.request = self.layer["request"]
self.portal = self.layer["portal"]
self.portal_url = self.portal.absolute_url()
self.api_session = RelativeSession(self.portal_url)
self.api_session.headers.update({"Accept": "application/json"})
self.api_session.auth = (SITE_OWNER_NAME, SITE_OWNER_PASSWORD)
setRoles(self.portal, TEST_USER_ID, ["Manager"])
self.portal.invokeFactory("Document", id="document1")
self.document = self.portal.document1
self.document_url = self.document.absolute_url()
self.portal.invokeFactory("Folder", id="folder1")
self.folder = self.portal.folder1
self.folder_url = self.folder.absolute_url()
transaction.commit()
@unittest.skip("Not working since we moved to plone.rest")
def test_404_not_found(self):
response = self.api_session.get("non-existing-resource")
self.assertEqual(response.status_code, 404)
self.assertEqual(
response.headers.get("Content-Type"),
"application/json",
"When sending a GET request with Accept: application/json "
+ "the server should respond with sending back application/json.",
)
self.assertTrue(json.loads(response.content))
self.assertEqual("NotFound", response.json()["type"])
@unittest.skip("Not working since we moved to plone.rest")
def test_401_unauthorized(self):
response = self.api_session.get(self.document_url)
self.assertEqual(response.status_code, 401)
self.assertEqual(
response.headers.get("Content-Type"),
"application/json",
"When sending a GET request with Accept: application/json "
+ "the server should respond with sending back application/json.",
)
self.assertTrue(json.loads(response.content))
self.assertEqual("Unauthorized", response.json()["type"])
@unittest.skip("Not working since we moved to plone.rest")
def test_500_internal_server_error(self):
provideAdapter(
InternalServerErrorView,
adapts=(Interface, IBrowserRequest),
provides=Interface,
name="internal_server_error",
)
import transaction
transaction.commit()
response = self.api_session.get("internal_server_error")
self.assertEqual(response.status_code, 500)
self.assertEqual(
response.headers.get("Content-Type"),
"application/json",
"When sending a GET request with Accept: application/json "
+ "the server should respond with sending back application/json.",
)
self.assertTrue(json.loads(response.content))
self.assertEqual("HTTPError", response.json()["type"])
class TestServicesTypes(unittest.TestCase):
layer = PLONE_RESTAPI_DX_FUNCTIONAL_TESTING
def setUp(self):
self.app = self.layer['app']
self.portal = self.layer['portal']
self.portal_url = self.portal.absolute_url()
setRoles(self.portal, TEST_USER_ID, ['Manager'])
self.api_session = RelativeSession(self.portal_url)
self.api_session.headers.update({'Accept': 'application/json'})
self.api_session.auth = (SITE_OWNER_NAME, SITE_OWNER_PASSWORD)
def test_get_types(self):
response = self.api_session.get(
'{}/@types'.format(self.portal.absolute_url())
)
self.assertEqual(response.status_code, 200)
self.assertEqual(
response.headers.get('Content-Type'),
'application/json',
'Sending a GET request to @types endpoint should respond with ' +
'Content-Type: "application/json", not ' +
'"{}"'.format(response.headers.get('Content-Type'))
)
self.assertTrue(
{
u'@id': u'http://*****:*****@types/Collection',
u'title': u'Collection'
} in response.json()
)
self.assertTrue(
{
u'@id': u'http://*****:*****@types/Discussion Item',
u'title': u'Discussion Item'
} in response.json()
)
self.assertTrue(
{
u'@id': u'http://*****:*****@types/Event',
u'title': u'Event'
} in response.json()
)
self.assertTrue(
{
u'@id': u'http://*****:*****@types/File',
u'title': u'File'
} in response.json()
)
self.assertTrue(
{
u'@id': u'http://*****:*****@types/Folder',
u'title': u'Folder'
} in response.json()
)
self.assertTrue(
{
u'@id': u'http://*****:*****@types/Image',
u'title': u'Image'
} in response.json()
)
def test_get_types_document(self):
response = self.api_session.get(
'{}/@types/Document'.format(self.portal.absolute_url())
)
self.assertEqual(response.status_code, 200)
self.assertEqual(
response.headers.get('Content-Type'),
'application/json+schema',
'Sending a GET request to @types endpoint should respond with ' +
'Content-Type: "application/json+schema", not ' +
'"{}"'.format(response.headers.get('Content-Type'))
)
def test_get_types_with_unknown_type(self):
response = self.api_session.get(
'{}/@types/UnknownType'.format(self.portal.absolute_url())
)
self.assertEqual(response.status_code, 404)
self.assertEqual(
'application/json',
response.headers.get('Content-Type'),
'Sending a GET request to @types endpoint should respond with ' +
'Content-Type: "application/json", not ' +
'"{}"'.format(response.headers.get('Content-Type'))
)
class TestTraversal(unittest.TestCase):
layer = PLONE_RESTAPI_DX_FUNCTIONAL_TESTING
def setUp(self):
self.app = self.layer['app']
self.request = self.layer['request']
self.portal = self.layer['portal']
self.portal_url = self.portal.absolute_url()
self.time_freezer = freeze_time("2016-10-21 19:00:00")
self.frozen_time = self.time_freezer.start()
self.api_session = RelativeSession(self.portal_url)
self.api_session.headers.update({'Accept': 'application/json'})
self.api_session.auth = (SITE_OWNER_NAME, SITE_OWNER_PASSWORD)
setRoles(self.portal, TEST_USER_ID, ['Manager'])
self.portal.invokeFactory('Document', id='front-page')
self.document = self.portal['front-page']
self.document.title = u"Welcome to Plone"
self.document.description = \
u"Congratulations! You have successfully installed Plone."
self.document.text = RichTextValue(
u"If you're seeing this instead of the web site you were " +
u"expecting, the owner of this web site has just installed " +
u"Plone. Do not contact the Plone Team or the Plone mailing " +
u"lists about this.",
'text/plain',
'text/html'
)
self.document.creation_date = DateTime('2016-01-21T01:14:48+00:00')
IMutableUUID(self.document).set('1f699ffa110e45afb1ba502f75f7ec33')
self.document.reindexObject()
self.document.modification_date = DateTime('2016-01-21T01:24:11+00:00')
import transaction
transaction.commit()
self.browser = Browser(self.app)
self.browser.handleErrors = False
self.browser.addHeader(
'Authorization',
'Basic %s:%s' % (SITE_OWNER_NAME, SITE_OWNER_PASSWORD,)
)
def tearDown(self):
self.time_freezer.stop()
def test_documentation_document(self):
response = self.api_session.get(self.document.absolute_url())
save_response_for_documentation('document.json', response)
def test_documentation_news_item(self):
self.portal.invokeFactory('News Item', id='newsitem')
self.portal.newsitem.title = 'My News Item'
self.portal.newsitem.description = u'This is a news item'
self.portal.newsitem.text = RichTextValue(
u"Lorem ipsum",
'text/plain',
'text/html'
)
image_file = os.path.join(os.path.dirname(__file__), u'image.png')
self.portal.newsitem.image = NamedBlobImage(
data=open(image_file, 'r').read(),
contentType='image/png',
filename=u'image.png'
)
self.portal.newsitem.image_caption = u'This is an image caption.'
self.portal.newsitem.creation_date = DateTime(
'2016-01-21T02:14:48+00:00')
self.portal.newsitem.modification_date = DateTime(
'2016-01-21T02:24:11+00:00')
IMutableUUID(self.portal.newsitem).set(
'80c2a074cb4240d08c9a129e3a834c74')
import transaction
transaction.commit()
response = self.api_session.get(self.portal.newsitem.absolute_url())
save_response_for_documentation('newsitem.json', response)
def test_documentation_event(self):
self.portal.invokeFactory('Event', id='event')
self.portal.event.title = 'Event'
self.portal.event.description = u'This is an event'
self.portal.event.start = datetime(2013, 1, 1, 10, 0)
self.portal.event.end = datetime(2013, 1, 1, 12, 0)
self.portal.event.creation_date = DateTime('2016-01-21T03:14:48+00:00')
self.portal.event.modification_date = DateTime(
'2016-01-21T03:24:11+00:00')
IMutableUUID(self.portal.event).set('846d632bc0854c5aa6d3dcae171ed2db')
import transaction
transaction.commit()
response = self.api_session.get(self.portal.event.absolute_url())
save_response_for_documentation('event.json', response)
def test_documentation_link(self):
self.portal.invokeFactory('Link', id='link')
self.portal.link.title = 'My Link'
self.portal.link.description = u'This is a link'
self.portal.remoteUrl = 'http://plone.org'
self.portal.link.creation_date = DateTime('2016-01-21T04:14:48+00:00')
self.portal.link.modification_date = DateTime(
'2016-01-21T04:24:11+00:00')
IMutableUUID(self.portal.link).set('6ff48d27762143a0ae8d63cee73d9fc2')
import transaction
transaction.commit()
response = self.api_session.get(self.portal.link.absolute_url())
save_response_for_documentation('link.json', response)
def test_documentation_file(self):
self.portal.invokeFactory('File', id='file')
self.portal.file.title = 'My File'
self.portal.file.description = u'This is a file'
pdf_file = os.path.join(
os.path.dirname(__file__), u'file.pdf'
)
self.portal.file.file = NamedBlobFile(
data=open(pdf_file, 'r').read(),
contentType='application/pdf',
filename=u'file.pdf'
)
self.portal.file.creation_date = DateTime('2016-01-21T05:14:48+00:00')
self.portal.file.modification_date = DateTime(
'2016-01-21T05:24:11+00:00')
IMutableUUID(self.portal.file).set('9b6a4eadb9074dde97d86171bb332ae9')
import transaction
transaction.commit()
response = self.api_session.get(self.portal.file.absolute_url())
save_response_for_documentation('file.json', response)
def test_documentation_image(self):
self.portal.invokeFactory('Image', id='image')
self.portal.image.title = 'My Image'
self.portal.image.description = u'This is an image'
image_file = os.path.join(os.path.dirname(__file__), u'image.png')
self.portal.image.image = NamedBlobImage(
data=open(image_file, 'r').read(),
contentType='image/png',
filename=u'image.png'
)
self.portal.image.creation_date = DateTime('2016-01-21T06:14:48+00:00')
self.portal.image.modification_date = DateTime(
'2016-01-21T06:24:11+00:00')
IMutableUUID(self.portal.image).set('2166e81a0c224fe3b62e197c7fdc9c3e')
import transaction
transaction.commit()
response = self.api_session.get(self.portal.image.absolute_url())
save_response_for_documentation('image.json', response)
def test_documentation_folder(self):
self.portal.invokeFactory('Folder', id='folder')
self.portal.folder.title = 'My Folder'
self.portal.folder.description = u'This is a folder with two documents'
self.portal.folder.invokeFactory(
'Document',
id='doc1',
title='A document within a folder'
)
self.portal.folder.invokeFactory(
'Document',
id='doc2',
title='A document within a folder'
)
self.portal.folder.creation_date = DateTime(
'2016-01-21T07:14:48+00:00')
self.portal.folder.modification_date = DateTime(
'2016-01-21T07:24:11+00:00')
IMutableUUID(self.portal.folder).set(
'fc7881c46d61452db4177bc059d9dcb5')
import transaction
transaction.commit()
response = self.api_session.get(self.portal.folder.absolute_url())
save_response_for_documentation('folder.json', response)
def test_documentation_collection(self):
self.portal.invokeFactory('Collection', id='collection')
self.portal.collection.title = 'My Collection'
self.portal.collection.description = \
u'This is a collection with two documents'
self.portal.collection.query = [{
'i': 'portal_type',
'o': 'plone.app.querystring.operation.string.is',
'v': 'Document',
}]
self.portal.invokeFactory(
'Document',
id='doc1',
title='Document 1'
)
self.portal.invokeFactory(
'Document',
id='doc2',
title='Document 2'
)
self.portal.collection.creation_date = DateTime(
'2016-01-21T08:14:48+00:00')
self.portal.collection.modification_date = DateTime(
'2016-01-21T08:24:11+00:00')
IMutableUUID(self.portal.collection).set(
'd0c89bc77f874ce1aad5720921d875c0')
import transaction
transaction.commit()
response = self.api_session.get(self.portal.collection.absolute_url())
save_response_for_documentation('collection.json', response)
def test_documentation_siteroot(self):
response = self.api_session.get(self.portal.absolute_url())
save_response_for_documentation('siteroot.json', response)
def test_documentation_404_not_found(self):
response = self.api_session.get('non-existing-resource')
save_response_for_documentation('404_not_found.json', response)
def test_documentation_search(self):
query = {'sort_on': 'path'}
response = self.api_session.get('/@search', params=query)
save_response_for_documentation('search.json', response)
def test_documentation_workflow(self):
response = self.api_session.get(
'{}/@workflow'.format(self.document.absolute_url()))
save_response_for_documentation('workflow_get.json', response)
def test_documentation_workflow_transition(self):
self.frozen_time.tick(timedelta(minutes=5))
response = self.api_session.post(
'{}/@workflow/publish'.format(self.document.absolute_url()))
save_response_for_documentation('workflow_post.json', response)
def test_documentation_registry_get(self):
response = self.api_session.get(
'/@registry/plone.app.querystring.field.path.title')
save_response_for_documentation('registry_get.json', response)
def test_documentation_registry_update(self):
response = self.api_session.patch(
'/@registry/',
json={'plone.app.querystring.field.path.title': 'Value'})
save_response_for_documentation('registry_update.json', response)
def test_documentation_types(self):
response = self.api_session.get('/@types')
save_response_for_documentation('types.json', response)
def test_documentation_types_document(self):
response = self.api_session.get('@types/Document')
save_response_for_documentation('types_document.json', response)
def test_documentation_login(self):
self.portal.acl_users.jwt_auth._secret = 'secret'
self.portal.acl_users.jwt_auth.use_keyring = False
self.portal.acl_users.jwt_auth.token_timeout = 0
import transaction
transaction.commit()
self.api_session.auth = None
response = self.api_session.post(
'{}/@login'.format(self.portal.absolute_url()),
json={'login': SITE_OWNER_NAME, 'password': SITE_OWNER_PASSWORD})
save_response_for_documentation('login.json', response)
def test_documentation_login_renew(self):
self.portal.acl_users.jwt_auth._secret = 'secret'
self.portal.acl_users.jwt_auth.use_keyring = False
self.portal.acl_users.jwt_auth.token_timeout = 0
import transaction
transaction.commit()
self.api_session.auth = None
response = self.api_session.post(
'{}/@login'.format(self.portal.absolute_url()),
json={'login': SITE_OWNER_NAME, 'password': SITE_OWNER_PASSWORD})
token = json.loads(response.content)['token']
response = self.api_session.post(
'{}/@login-renew'.format(self.portal.absolute_url()),
headers={'Authorization': 'Bearer {}'.format(token)})
save_response_for_documentation('login_renew.json', response)
def test_documentation_logout(self):
self.portal.acl_users.jwt_auth._secret = 'secret'
self.portal.acl_users.jwt_auth.use_keyring = False
self.portal.acl_users.jwt_auth.token_timeout = 0
self.portal.acl_users.jwt_auth.store_tokens = True
import transaction
transaction.commit()
self.api_session.auth = None
response = self.api_session.post(
'{}/@login'.format(self.portal.absolute_url()),
json={'login': SITE_OWNER_NAME, 'password': SITE_OWNER_PASSWORD})
token = json.loads(response.content)['token']
response = self.api_session.post(
'{}/@logout'.format(self.portal.absolute_url()),
headers={'Authorization': 'Bearer {}'.format(token)})
save_response_for_documentation('logout.json', response)
def test_documentation_batching(self):
folder = self.portal[self.portal.invokeFactory(
'Folder',
id='folder',
title='Folder'
)]
for i in range(7):
folder.invokeFactory(
'Document',
id='doc-%s' % str(i + 1),
title='Document %s' % str(i + 1)
)
transaction.commit()
query = {'sort_on': 'path'}
response = self.api_session.get(
'/folder/@search?b_size=5', params=query)
save_response_for_documentation('batching.json', response)
def test_documentation_users(self):
test_user = api.user.get(username=TEST_USER_ID)
properties = {
"description": "This is a test user",
"email": "*****@*****.**",
"fullname": "Test User",
"home_page": "http://www.example.com",
"location": "Bonn",
"username": "******"
}
test_user.setMemberProperties(mapping=properties)
admin = api.user.get(username='******')
properties = {
"description": "This is an admin user",
"email": "*****@*****.**",
"fullname": "Administrator",
"home_page": "http://www.example.com",
"location": "Berlin",
"username": "******"
}
admin.setMemberProperties(mapping=properties)
transaction.commit()
response = self.api_session.get('/@users')
save_response_for_documentation('users.json', response)
def test_documentation_users_get(self):
properties = {
'email': '*****@*****.**',
'username': '******',
'fullname': 'Noam Avram Chomsky',
'home_page': 'web.mit.edu/chomsky',
'description': 'Professor of Linguistics',
'location': 'Cambridge, MA'
}
api.user.create(
email='*****@*****.**',
username='******',
properties=properties
)
transaction.commit()
response = self.api_session.get('@users/noam')
save_response_for_documentation('users_get.json', response)
def test_documentation_users_filtered_get(self):
properties = {
'email': '*****@*****.**',
'username': '******',
'fullname': 'Noam Avram Chomsky',
'home_page': 'web.mit.edu/chomsky',
'description': 'Professor of Linguistics',
'location': 'Cambridge, MA'
}
api.user.create(
email='*****@*****.**',
username='******',
properties=properties
)
transaction.commit()
response = self.api_session.get('@users', params={'query': 'noa'})
save_response_for_documentation('users_filtered_by_username.json', response) # noqa
def test_documentation_users_created(self):
response = self.api_session.post(
'/@users',
json={
'username': '******',
'email': '*****@*****.**',
'password': '******',
'username': '******',
'fullname': 'Noam Avram Chomsky',
'home_page': 'web.mit.edu/chomsky',
'description': 'Professor of Linguistics',
'location': 'Cambridge, MA'
},
)
save_response_for_documentation('users_created.json', response)
def test_documentation_users_update(self):
properties = {
'email': '*****@*****.**',
'username': '******',
'fullname': 'Noam Avram Chomsky',
'home_page': 'web.mit.edu/chomsky',
'description': 'Professor of Linguistics',
'location': 'Cambridge, MA'
}
api.user.create(
email='*****@*****.**',
username='******',
properties=properties
)
transaction.commit()
response = self.api_session.patch(
'/@users/noam',
json={
'email': '*****@*****.**',
},
)
save_response_for_documentation('users_update.json', response)
def test_documentation_users_delete(self):
properties = {
'email': '*****@*****.**',
'username': '******',
'fullname': 'Noam Avram Chomsky',
'home_page': 'web.mit.edu/chomsky',
'description': 'Professor of Linguistics',
'location': 'Cambridge, MA'
}
api.user.create(
email='*****@*****.**',
username='******',
properties=properties
)
transaction.commit()
response = self.api_session.delete(
'/@users/noam')
save_response_for_documentation('users_delete.json', response)
def test_documentation_breadcrumbs(self):
response = self.api_session.get(
'{}/@components/breadcrumbs'.format(self.document.absolute_url()))
save_response_for_documentation('breadcrumbs.json', response)
def test_documentation_navigation(self):
response = self.api_session.get(
'{}/@components/navigation'.format(self.document.absolute_url()))
save_response_for_documentation('navigation.json', response)
class TestComponents(unittest.TestCase):
layer = PLONE_RESTAPI_DX_FUNCTIONAL_TESTING
def setUp(self):
self.app = self.layer['app']
self.portal = self.layer['portal']
self.portal_url = self.portal.absolute_url()
setRoles(self.portal, TEST_USER_ID, ['Manager'])
self.api_session = RelativeSession(self.portal_url)
self.api_session.headers.update({'Accept': 'application/json'})
self.api_session.auth = (SITE_OWNER_NAME, SITE_OWNER_PASSWORD)
self.folder = createContentInContainer(
self.portal, u'Folder',
id=u'folder',
title=u'Some Folder')
createContentInContainer(
self.folder, u'Document',
id=u'doc1',
title=u'A document')
transaction.commit()
def test_breadcrumb(self):
response = self.api_session.get('/folder/doc1/@components/breadcrumbs')
self.assertEqual(response.status_code, 200)
self.assertEqual(
response.json(),
[{
u'@id': u'http://*****:*****@components/breadcrumbs',
u'items': [{
u'url': u'http://*****:*****@components/navigation')
self.assertEqual(response.status_code, 200)
self.assertEqual(
response.json(),
[{
u'@id': u'http://*****:*****@components/'
'navigation',
u'items': [{
u'title': u'Home',
u'url': u'http://localhost:55001/plone'
}, {
u'title': u'Some Folder',
u'url': u'http://localhost:55001/plone/folder'
}],
}]
)