def create(self): """ Create a new badge in the system """ # Check if user is allowed to create a badge require.badge.create() import shutil label = request.params['badge-label'] description = request.params['badge-description'] image = request.POST['badge-image'] try: # Get upload directory for Badge and generate a random filename upload_dir = h.get_object_upload_dir(Badge) random_filename = h.get_uuid_filename(image.filename) # Open the filename and copy the uploaded image permanent_filename = os.path.join(upload_dir, random_filename) permanent_image = open(permanent_filename, 'w') shutil.copyfileobj(image.file, permanent_image) upload_image_path = h.upload(random_filename, Badge) # Close image files image.file.close() permanent_image.close() except OSError: upload_image_path = '' h.flash_error(_('Uploading files not supported at the moment.')) badge = Badge(label, upload_image_path, description, c.account) db.session.add(badge) db.session.commit() redirect(h.url_for(controller='badge', action='information', id=badge.id))
def test_give_badge(self): """ Test giving dataset a badge. Only administrators should be able to give datasets a badge. """ badge = Badge('give-me', 'testimage', 'give me', self.admin) db.session.add(badge) db.session.commit() # Check if non-user can award badges response = self.app.post(url(controller='badge', action='give', dataset='cra'), params={'badge': badge.id}, expect_errors=True) # Check if it returned Forbidden (which is http status code 403) # This should actually return 401 Unauthorized but that's an # authentication implementation failure (which should be fixed) assert '403' in response.status, \ "Non-user should get an error when trying to give a badge" # Check to see that badge hasn't been awarded to any datasets badge_json = self.app.get( url(controller='badge', action='information', id=badge.id, format='json')) badge_info = json.loads(badge_json.body) assert len(badge_info['badge']['datasets']) == 0, \ "A non-user was able to award a badge" # Check if normal user can award badges response = self.app.post(url(controller='badge', action='give', dataset='cra'), params={'badge': badge.id}, extra_environ={'REMOTE_USER': '******'}, expect_errors=True) # Check if it returned Forbidden (which is http status code 403) assert '403' in response.status, \ "A normal user should get an error when trying to give a badge" # Check to see that badge hasn't been awarded to any datasets badge_json = self.app.get( url(controller='badge', action='information', id=badge.id, format='json')) badge_info = json.loads(badge_json.body) assert len(badge_info['badge']['datasets']) == 0, \ "A normal user was able to award a badge" # Finally we check if admin user can award badges response = self.app.post(url(controller='badge', action='give', dataset='cra'), params={'badge': 'not an id'}, extra_environ={'REMOTE_USER': '******'}, expect_errors=True) # Check to see that badge hasn't been awarded to the dataset badge_json = self.app.get( url(controller='badge', action='information', id=badge.id, format='json')) badge_info = json.loads(badge_json.body) # Check if admin was able to give the badge to a dataset assert len(badge_info['badge']['datasets']) == 0, \ "Admin user was able to award a badge" # Finally we check if admin user can award badges response = self.app.post(url(controller='badge', action='give', dataset='cra'), params={'badge': badge.id}, extra_environ={'REMOTE_USER': '******'}) # Check to see that badge has been awarded to the dataset badge_json = self.app.get( url(controller='badge', action='information', id=badge.id, format='json')) badge_info = json.loads(badge_json.body) # Check if admin was able to give the badge to a dataset assert len(badge_info['badge']['datasets']) == 1, \ "Admin user wasn't able to award a badge" # Check if admin gave it to the write dataset assert self.dataset.name in badge_info['badge']['datasets'], \ "Admin user gave the badge to the incorrect dataset"