def test_add_product_rating_second_time(client):
category = categories.add(Category(name='Men'))
product = Product(name='Super Small Product', price=0.99)
categories.add_product(category, product)
user = users.add(User(email='*****@*****.**', password='******'))
user.active = True
r = client.post('/api/auth/login',
data=json.dumps({
'email': '*****@*****.**',
'password': '******'
}),
content_type='application/json')
payload = r.json
access_token = payload['access_token']
client.post(f'/api/products/{product.id}/ratings',
data=json.dumps({'rating': 5}),
headers={'Authorization': f'Bearer {access_token}'},
content_type='application/json')
assert product.ratings[0].user == user
r = client.post(f'/api/products/{product.id}/ratings',
data=json.dumps({'rating': 5}),
headers={'Authorization': f'Bearer {access_token}'},
content_type='application/json')
payload = r.json
assert r.status_code == status.HTTP_400_BAD_REQUEST
assert payload['message'] == 'This user already rated this product.'
def test_update_category_no_admin_or_worker(client):
category = categories.add(Category(name='Mans'))
user = users.add(User(email='*****@*****.**', password='******'))
user.active = True
assert category.id
assert user.role != UserRole.ADMIN and user.role != UserRole.WORKER
r = client.post(
'/api/auth/login',
data=json.dumps({
'email': '*****@*****.**',
'password': '******'
}),
content_type='application/json'
)
payload = r.json
access_token = payload['access_token']
r = client.put(f'/api/categories/{category.id}',
data=json.dumps({
'name': 'Men'
}),
headers={'Authorization': f'Bearer {access_token}'})
payload = r.json
assert r.status_code == status.HTTP_403_FORBIDDEN
assert payload['message'] == 'You do not have permission to perform this action.'
def test_update_product_missing_category_id(client):
category = categories.add(Category(name='Men'))
product = Product(name='Super Small Product', price=0.99)
categories.add_product(category, product)
user = users.add(User(email='*****@*****.**', password='******'))
user.active = True
user.role = UserRole.ADMIN
r = client.post('/api/auth/login',
data=json.dumps({
'email': '*****@*****.**',
'password': '******'
}),
content_type='application/json')
payload = r.json
access_token = payload['access_token']
assert product.name == 'Super Small Product'
r = client.put(f'/api/products/{product.id}',
data=json.dumps({
'name': 'Super Big Product',
'price': 0.99
}),
headers={'Authorization': f'Bearer {access_token}'},
content_type='application/json')
payload = r.json
assert r.status_code == status.HTTP_400_BAD_REQUEST
assert payload['message'] == 'Invalid payload.'
def test_delete_category(client):
category = categories.add(Category(name='Men'))
user = users.add(User(email='*****@*****.**', password='******'))
user.active = True
user.role = UserRole.ADMIN
assert category.id
r = client.post(
'/api/auth/login',
data=json.dumps({
'email': '*****@*****.**',
'password': '******'
}),
content_type='application/json'
)
payload = r.json
access_token = payload['access_token']
r = client.delete(f'/api/categories/{category.id}',
headers={'Authorization': f'Bearer {access_token}'})
payload = r.json
assert r.status_code == status.HTTP_200_OK
assert payload['message'] == 'Category was successfully deleted.'
assert categories.get(category.id) is None
def test_update_category_empty_json(client):
category = categories.add(Category(name='Mans'))
user = users.add(User(email='*****@*****.**', password='******'))
user.active = True
user.role = UserRole.ADMIN
r = client.post(
'/api/auth/login',
data=json.dumps({
'email': '*****@*****.**',
'password': '******'
}),
content_type='application/json'
)
payload = r.json
access_token = payload['access_token']
assert category.name == 'Mans'
r = client.put(
f'/api/categories/{category.id}',
data=json.dumps({}),
headers={'Authorization': f'Bearer {access_token}'},
content_type='application/json'
)
payload = r.json
assert r.status_code == status.HTTP_400_BAD_REQUEST
assert payload['message'] == 'Invalid payload.'
def test_get_all_products(client):
category = categories.add(Category(name='Men'))
categories.add_product(category, Product(name='Product One', price=13.99))
product = Product(name='Product Two', price=23.99, description='blah')
categories.add_product(category, product)
categories.add_product(category, Product(name='Product Three', price=3.99))
categories.add_product(category, Product(name='Product Four', price=68.99))
products.delete(product)
r = client.get('/api/products/')
payload = r.json
all_products = payload
assert r.status_code == status.HTTP_200_OK
assert len(all_products) == 3
sorted_products = sorted(all_products, key=lambda product_: product_['id'])
assert sorted_products[0]['name'] == 'Product One'
assert sorted_products[1]['name'] == 'Product Three'
assert sorted_products[2]['name'] == 'Product Four'
assert sorted_products[0]['price'] == 13.99
assert sorted_products[1]['price'] == 3.99
assert sorted_products[2]['price'] == 68.99
assert sorted_products[0]['description'] is None
assert sorted_products[1]['description'] is None
assert sorted_products[2]['description'] is None
def test_delete_image_of_product_no_admin_or_worker(client):
category = categories.add(Category(name='Men'))
product = Product(name='Super Small Product', price=0.99)
categories.add_product(category, product)
image = products.add_image(product, url='fake_url.jpg')
user = users.add(User(email='*****@*****.**', password='******'))
user.active = True
assert product.id
assert user.role != UserRole.ADMIN and user.role != UserRole.WORKER
r = client.post('/api/auth/login',
data=json.dumps({
'email': '*****@*****.**',
'password': '******'
}),
content_type='application/json')
payload = r.json
access_token = payload['access_token']
r = client.delete(f'/api/products/{product.id}/images/{image.id}',
headers={'Authorization': f'Bearer {access_token}'})
payload = r.json
assert r.status_code == status.HTTP_403_FORBIDDEN
assert payload[
'message'] == 'You do not have permission to perform this action.'
def test_delete_category_with_products(client):
category = categories.add(Category(name='Men'))
categories.add_product(category, Product(name='Product 1', price=1.99))
categories.add_product(category, Product(name='Product 2', price=2.99))
categories.add_product(category, Product(name='Product 3', price=3.99))
user = users.add(User(email='*****@*****.**', password='******'))
user.active = True
user.role = UserRole.ADMIN
assert category.id
r = client.post(
'/api/auth/login',
data=json.dumps({
'email': '*****@*****.**',
'password': '******'
}),
content_type='application/json'
)
payload = r.json
access_token = payload['access_token']
r = client.delete(f'/api/categories/{category.id}',
headers={'Authorization': f'Bearer {access_token}'})
payload = r.json
assert r.status_code == status.HTTP_400_BAD_REQUEST
assert payload['message'] == 'Category contains products.'
def test_delete_image_of_product(client):
category = categories.add(Category(name='Men'))
product = Product(name='Super Small Product', price=0.99)
categories.add_product(category, product)
image = products.add_image(product, url='fake_url.jpg')
user = users.add(User(email='*****@*****.**', password='******'))
user.active = True
user.role = UserRole.ADMIN
assert product.id
r = client.post('/api/auth/login',
data=json.dumps({
'email': '*****@*****.**',
'password': '******'
}),
content_type='application/json')
payload = r.json
access_token = payload['access_token']
r = client.delete(f'/api/products/{product.id}/images/{image.id}',
headers={'Authorization': f'Bearer {access_token}'})
payload = r.json
assert r.status_code == status.HTTP_200_OK
assert payload['message'] == 'Image was successfully deleted.'
def test_delete_image_not_existing(client):
category = categories.add(Category(name='Men'))
product = Product(name='Super Small Product', price=0.99)
categories.add_product(category, product)
user = users.add(User(email='*****@*****.**', password='******'))
user.active = True
user.role = UserRole.ADMIN
assert product.id
r = client.post('/api/auth/login',
data=json.dumps({
'email': '*****@*****.**',
'password': '******'
}),
content_type='application/json')
payload = r.json
access_token = payload['access_token']
not_existing_image_id = 99
r = client.delete(
f'/api/products/{product.id}/images/{not_existing_image_id}',
headers={'Authorization': f'Bearer {access_token}'})
payload = r.json
assert r.status_code == status.HTTP_404_NOT_FOUND
assert payload['message'] == 'Image not found.'
def test_add_product_image_not_allowed_file_ext(client):
user = users.add(User(email='*****@*****.**', password='******'))
user.active = True
user.role = UserRole.ADMIN
category = categories.add(Category(name='Men'))
product = Product(name='Super Small Product', price=0.99)
categories.add_product(category, product)
assert product.id
r = client.post('/api/auth/login',
data=json.dumps({
'email': '*****@*****.**',
'password': '******'
}),
content_type='application/json')
payload = r.json
access_token = payload['access_token']
with open(testing_image_png_path, 'rb') as f:
r = client.post(f'/api/products/{product.id}/images',
data={'file': (f, f.name)},
headers={'Authorization': f'Bearer {access_token}'},
content_type='multipart/form-data')
payload = r.json
assert r.status_code == status.HTTP_400_BAD_REQUEST
assert payload['message'] == 'File extension not allowed.'
def test_delete_product_rating(client):
category = categories.add(Category(name='Men'))
product = Product(name='Super Small Product', price=0.99)
categories.add_product(category, product)
user = users.add(User(email='*****@*****.**', password='******'))
user.active = True
products.add_rating(product, user, 5)
r = client.post('/api/auth/login',
data=json.dumps({
'email': '*****@*****.**',
'password': '******'
}),
content_type='application/json')
payload = r.json
access_token = payload['access_token']
assert len(product.ratings) == 1
r = client.delete(f'/api/products/{product.id}/ratings',
headers={'Authorization': f'Bearer {access_token}'})
payload = r.json
assert r.status_code == status.HTTP_200_OK
assert payload['message'] == 'Rating was successfully deleted.'
assert len(product.ratings) == 0
def test_add_product_image_not_admin_or_worker(client):
user = users.add(User(email='*****@*****.**', password='******'))
user.active = True
category = categories.add(Category(name='Men'))
product = Product(name='Super Small Product', price=0.99)
categories.add_product(category, product)
assert product.id
r = client.post('/api/auth/login',
data=json.dumps({
'email': '*****@*****.**',
'password': '******'
}),
content_type='application/json')
payload = r.json
access_token = payload['access_token']
assert user.role != UserRole.WORKER and user.role != UserRole.ADMIN
with open(testing_image_jpg_path, 'rb') as f:
r = client.post(f'/api/products/{product.id}/images',
data={'file': (f, f.name)},
headers={'Authorization': f'Bearer {access_token}'},
content_type='multipart/form-data')
payload = r.json
assert r.status_code == status.HTTP_403_FORBIDDEN
assert payload[
'message'] == 'You do not have permission to perform this action.'
def test_add_product(client):
category = categories.add(Category(name='Men'))
user = users.add(User(email='*****@*****.**', password='******'))
user.active = True
user.role = UserRole.ADMIN
r = client.post('/api/auth/login',
data=json.dumps({
'email': '*****@*****.**',
'password': '******'
}),
content_type='application/json')
payload = r.json
access_token = payload['access_token']
r = client.post(f'/api/categories/{category.id}/products',
data=json.dumps({
'name': 'New Super Product',
'price': 213.99,
'description': 'blah blah blah'
}),
headers={'Authorization': f'Bearer {access_token}'},
content_type='application/json')
payload = r.json
assert r.status_code == status.HTTP_201_CREATED
assert payload['message'] == 'Product was successfully added.'
def test_add_product_image(client):
user = users.add(User(email='*****@*****.**', password='******'))
user.active = True
user.role = UserRole.ADMIN
category = categories.add(Category(name='Men'))
product = Product(name='Super Small Product', price=0.99)
categories.add_product(category, product)
assert product.id
r = client.post('/api/auth/login',
data=json.dumps({
'email': '*****@*****.**',
'password': '******'
}),
content_type='application/json')
payload = r.json
access_token = payload['access_token']
with open(testing_image_jpg_path, 'rb') as f:
r = client.post(f'/api/products/{product.id}/images',
data={'file': (f, f.name)},
headers={'Authorization': f'Bearer {access_token}'},
content_type='multipart/form-data')
payload = r.json
assert r.status_code == status.HTTP_201_CREATED
assert payload['message'] == 'Image was successfully uploaded.'
assert len(product.images) == 1
assert isinstance(product.images[0], ProductImage)
assert product.images[0].url
def post(self):
data = request.get_json()
if not data:
raise InvalidPayload
name = data.get('name')
if name is None:
raise InvalidPayload
categories.add(Category(name=name))
return {
'message': 'Category was successfully added.'
}, status.HTTP_201_CREATED
def test_get_single_product(client):
category = categories.add(Category(name='Men'))
product = Product(name='Super Product', price=99.99)
categories.add_product(category, product)
r = client.get(f'/api/products/{product.id}')
payload = r.json
assert r.status_code == status.HTTP_200_OK
assert payload['name'] == 'Super Product'
assert payload['price'] == 99.99
assert payload['description'] is None
def seed_db():
from project.business import users
user = users.add(User(email='*****@*****.**', password='******'))
user.active = True
user.role = UserRole.ADMIN
from project.business import categories
category = categories.add(Category('Men'))
categories.add_product(category, Product(name='Super product',
price=19.99))
categories.add_product(category,
Product(name='Very bad product', price=2.99))
def test_delete_category_not_logged_in(client):
category = categories.add(Category(name='Men'))
user = users.add(User(email='*****@*****.**', password='******'))
user.active = True
user.role = UserRole.ADMIN
assert category.id
r = client.delete(f'/api/categories/{category.id}')
payload = r.json
assert r.status_code == status.HTTP_403_FORBIDDEN
assert payload['message'] == 'You do not have permission to perform this action.'
def test_get_single_already_deleted_product(client):
category = categories.add(Category(name='Men'))
product = Product(name='Super Product', price=99.99)
categories.add_product(category, product)
products.delete(product)
assert product.is_deleted
r = client.get(f'/api/products/{product.id}')
payload = r.json
assert r.status_code == status.HTTP_404_NOT_FOUND
assert payload['message'] == 'Product not found.'
def test_add_product_rating_not_logged_in(client):
category = categories.add(Category(name='Men'))
product = Product(name='Super Small Product', price=0.99)
categories.add_product(category, product)
r = client.post(f'/api/products/{product.id}/ratings',
data=json.dumps({'rating': 5}),
content_type='application/json')
payload = r.json
assert r.status_code == status.HTTP_403_FORBIDDEN
assert payload[
'message'] == 'You do not have permission to perform this action.'
def test_add_product_not_logged_in(client):
category = categories.add(Category(name='Men'))
r = client.post(f'/api/categories/{category.id}/products',
data=json.dumps({
'name': 'New Super Product',
'price': 213.99,
'description': 'blah blah blah'
}),
content_type='application/json')
payload = r.json
assert r.status_code == status.HTTP_403_FORBIDDEN
assert payload[
'message'] == 'You do not have permission to perform this action.'
def test_delete_product_not_logged_in(client):
category = categories.add(Category(name='Men'))
product = Product(name='Super Small Product', price=0.99)
categories.add_product(category, product)
user = users.add(User(email='*****@*****.**', password='******'))
user.active = True
user.role = UserRole.ADMIN
assert product.id
r = client.delete(f'/api/products/{product.id}')
payload = r.json
assert r.status_code == status.HTTP_403_FORBIDDEN
assert payload[
'message'] == 'You do not have permission to perform this action.'
def test_get_product_ratings(client):
category = categories.add(Category(name='Men'))
product = Product(name='Super Small Product', price=0.99)
categories.add_product(category, product)
user1 = users.add(User(email='*****@*****.**', password='******'))
user2 = users.add(User(email='*****@*****.**', password='******'))
user3 = users.add(User(email='*****@*****.**', password='******'))
assert user1.id == 1
assert user2.id == 2
assert user3.id == 3
products.add_rating(product, user1, 5)
products.add_rating(product, user2, 4)
products.add_rating(product, user3, 3)
r = client.get(f'/api/products/{product.id}/ratings')
payload = r.json
product_ratings = payload
assert r.status_code == status.HTTP_200_OK
assert len(product_ratings) == 3
sorted_product_ratings = sorted(product_ratings,
key=lambda rating: rating['user']['id'])
assert sorted_product_ratings[0]['user']['id'] == 1
assert sorted_product_ratings[1]['user']['id'] == 2
assert sorted_product_ratings[2]['user']['id'] == 3
assert sorted_product_ratings[0]['user']['email'] == '*****@*****.**'
assert sorted_product_ratings[1]['user']['email'] == '*****@*****.**'
assert sorted_product_ratings[2]['user']['email'] == '*****@*****.**'
assert sorted_product_ratings[0]['product']['id'] == product.id
assert sorted_product_ratings[1]['product']['id'] == product.id
assert sorted_product_ratings[2]['product']['id'] == product.id
assert sorted_product_ratings[0]['rating'] == 5
assert sorted_product_ratings[1]['rating'] == 4
assert sorted_product_ratings[2]['rating'] == 3
def test_add_product_not_existing_user(client):
not_existing_user_id = 99
access_token = create_access_token(not_existing_user_id)
category = categories.add(Category(name='Men'))
r = client.post(f'/api/categories/{category.id}/products',
data=json.dumps({
'name': 'New Super Product',
'price': 213.99,
'description': 'blah blah blah'
}),
headers={'Authorization': f'Bearer {access_token}'},
content_type='application/json')
payload = r.json
assert r.status_code == status.HTTP_401_UNAUTHORIZED
assert payload['message'] == 'Incorrect authentication credentials.'
def test_get_all_categories(client):
categories.add(Category(name='Men'))
categories.add(Category(name='Women'))
categories.add(Category(name='Kids'))
categories.add(Category(name='Shirts'))
r = client.get('/api/categories/')
payload = r.json
all_categories = payload
assert r.status_code == status.HTTP_200_OK
assert len(all_categories) == 4
sorted_categories = sorted(all_categories, key=lambda category: category['id'])
assert sorted_categories[0]['name'] == 'Men'
assert sorted_categories[1]['name'] == 'Women'
assert sorted_categories[2]['name'] == 'Kids'
assert sorted_categories[3]['name'] == 'Shirts'
def test_get_images_of_product(client):
category = categories.add(Category(name='Men'))
product = Product(name='Super Small Product', price=0.99)
categories.add_product(category, product)
products.add_image(product, url='fake_url.jpg')
products.add_image(product, url='fake_url2.jpg')
products.add_image(product, url='fake_url3.jpg')
r = client.get(f'/api/products/{product.id}/images')
payload = r.json
assert r.status_code == status.HTTP_200_OK
images = payload
assert len(images) == 3
for image in images:
assert 'fake_url' in image['url']
def test_add_product_image_not_logged_in(client):
user = users.add(User(email='*****@*****.**', password='******'))
user.active = True
user.role = UserRole.ADMIN
category = categories.add(Category(name='Men'))
product = Product(name='Super Small Product', price=0.99)
categories.add_product(category, product)
assert product.id
with open(testing_image_jpg_path, 'rb') as f:
r = client.post(f'/api/products/{product.id}/images',
data={'file': (f, f.name)},
content_type='multipart/form-data')
payload = r.json
assert r.status_code == status.HTTP_403_FORBIDDEN
assert payload[
'message'] == 'You do not have permission to perform this action.'
def test_add_product_not_active_user(client):
category = categories.add(Category(name='Men'))
user = users.add(User(email='*****@*****.**', password='******'))
user.role = UserRole.ADMIN
access_token = create_access_token(user.id)
r = client.post(f'/api/categories/{category.id}/products',
data=json.dumps({
'name': 'New Super Product',
'price': 213.99,
'description': 'blah blah blah'
}),
headers={'Authorization': f'Bearer {access_token}'},
content_type='application/json')
payload = r.json
assert r.status_code == status.HTTP_403_FORBIDDEN
assert payload['message'] == 'You have not active account.'
