def _set_album_cover(self):
photo = self.object
context = {}
album = Album(settings.PHOTOS_ROOT_DIR, photo.album)
album.set_cover(photo.filename)
self.purge_album_cache(photo.album)
return context
def _change_album_visibility(self, visibility):
photo = self.object
context = {}
album = Album(settings.PHOTOS_ROOT_DIR, photo.album)
album.set_photo_visibility(photo.filename, visibility)
context['visibility'] = album.get_photo_visibility(photo.filename)
self.purge_album_cache(photo.album)
return context
def test_make_picture_public(self):
virtual_folder = Album.get_virtual_base_folder()
album_folder = os.path.join(virtual_folder, "album2")
response1 = self.client.post('/admin/album/api/album2/', {'visibility': 'private'})
self.assertEqual(response1.status_code, 200)
self.assertFalse(os.path.isdir(album_folder))
response = self.client.get('/album/api/album2/')
self.assertEqual(response.status_code, 404)
url = '/admin/photo/album2/photo_2.JPG'
response3 = self.client.post(url, {'visibility': 'public'})
self.assertEqual(response3.status_code, 200)
content = json.loads(response3.content)
self.assertEquals(content['visibility'], BaseAlbum.VISIBILITY_PUBLIC)
response2 = self.client.get('/admin/album/api/album2/')
self.assertEqual(response2.status_code, 200)
content = json.loads(response2.content)
photo = None
for f in content['pictures']:
if f['filename'] == 'photo_2.JPG':
photo = f
self.assertEquals(photo['visibility'], BaseAlbum.VISIBILITY_PUBLIC)
def test_make_parent_album_private(self):
new_album = 'album3/first/second/'
# create album3 with subalbuns
new_real_folder = os.path.join(settings.PHOTOS_ROOT_DIR, new_album)
try:
os.makedirs(new_real_folder)
except:
pass
virtual_base_folder = Album.get_virtual_base_folder()
virtual_folder = os.path.join(virtual_base_folder, new_album)
response1 = self.client.post('/admin/album/api/%s' % new_album, {'visibility': 'public'})
self.assertEqual(response1.status_code, 200)
self.assertTrue(os.path.isdir(virtual_folder))
response2 = self.client.post('/admin/album/api/%s' % new_album, {'visibility': 'private'})
self.assertEqual(response2.status_code, 200)
self.assertFalse(os.path.isdir(virtual_folder))
response3a = self.client.get('/album/api/album3/first/second/')
self.assertEqual(response3a.status_code, 404)
response3b = self.client.get('/album/api/album3/first/')
self.assertEqual(response3b.status_code, 404)
response3c = self.client.get('/album/api/album3/')
self.assertEqual(response3c.status_code, 404)
def is_album_token_valid(request, album=None):
from retrato.album.views import AlbumView
token = str(request.GET.get("token", None))
if album is None:
album_path = request.path.replace("/album", "", 1)
album_base = AlbumView.get_album_base()
album = Album(album_base, album_path)
while album is not None:
config = album.config()
if not config:
return False
token_match = (str(config.get("token")) == token)
if token_match:
return True
album = album.get_parent()
return False
def purge_album_cache_recursively(self, album_path):
parts = album_path.split("/")
partial_path = ''
parts.insert(0, '')
for path in parts:
partial_path = Album.sanitize_path(partial_path + '/%s' % path)
partial_path = partial_path.strip("/")
self.purge_album_cache(partial_path)
def test_get_defaul_album_cover(self):
config_file = os.path.join(Album.get_virtual_base_folder(), "album2", Album.CONFIG_FILE)
if os.path.isfile(config_file):
os.unlink(config_file)
response = self.client.get('/album/api/album2/')
self.assertEqual(response.status_code, 200)
content = json.loads(response.content)
self.assertIsNotNone(content['cover'])
self.assertEquals(content['cover']["filename"], 'photo_1_portrait.JPG')
self.assertIsNotNone(content['cover']["thumb"])
def test_make_album_public(self):
virtual_folder = Album.get_virtual_base_folder()
album_folder = os.path.join(virtual_folder, "album1")
if os.path.isdir(album_folder):
os.rmdir(album_folder)
response = self.client.post('/admin/album/api/album1/', {'visibility': 'public'})
self.assertEqual(response.status_code, 200)
self.assertTrue(os.path.isdir(album_folder))
def test_set_album_cover(self):
config_file = os.path.join(Album.get_virtual_base_folder(), "album2", Album.CONFIG_FILE)
if os.path.isfile(config_file):
os.unlink(config_file)
response = self.client.post('/admin/album/api/album2/', {'visibility': 'public'})
self.assertEqual(response.status_code, 200)
response = self.client.post('/admin/photo/album2/photo_2.JPG', {'cover': True})
self.assertEqual(response.status_code, 200)
response = self.client.get('/album/api/album2/')
content = json.loads(response.content)
self.assertEquals(content['cover']['filename'], 'photo_2.JPG')
def test_public_album_all_pictures_are_public(self):
virtual_folder = Album.get_virtual_base_folder()
album_folder = os.path.join(virtual_folder, "album2")
response1 = self.client.post('/admin/album/api/album2/', {'visibility': 'public'})
self.assertEqual(response1.status_code, 200)
self.assertTrue(os.path.isdir(album_folder))
response = self.client.get('/admin/album/api/album2/')
self.assertEqual(response.status_code, 200)
content = json.loads(response.content)
for picture in content['pictures']:
self.assertEquals(picture['visibility'], BaseAlbum.VISIBILITY_PUBLIC)
def test_make_album_private(self):
virtual_folder = Album.get_virtual_base_folder()
album_folder = os.path.join(virtual_folder, "album1")
response1 = self.client.post('/admin/album/api/album1/', {'visibility': 'public'})
self.assertEqual(response1.status_code, 200)
self.assertTrue(os.path.isdir(album_folder))
response = self.client.post('/admin/album/api/album1/', {'visibility': 'private'})
self.assertEqual(response.status_code, 200)
self.assertFalse(os.path.isdir(album_folder))
response2 = self.client.get('/album/api/album1/')
self.assertEqual(response2.status_code, 404)
def test_make_album_public_with_photos(self):
virtual_folder = Album.get_virtual_base_folder()
album_folder = os.path.join(virtual_folder, "album2")
if os.path.isdir(album_folder):
rmtree(album_folder)
response = self.client.post('/admin/album/api/album2/', {'visibility': 'public'})
self.assertEqual(response.status_code, 200)
self.assertTrue(os.path.isdir(album_folder))
items = os.listdir(album_folder)
self.assertTrue(len(items) > 0)
photo_link = os.path.join(album_folder, items[1]) # 0 is the .retrato config file
self.assertTrue(os.path.islink(photo_link))
def test_make_picture_private(self):
virtual_folder = Album.get_virtual_base_folder()
album_folder = os.path.join(virtual_folder, "album2")
response1 = self.client.post('/admin/album/api/album2/', {'visibility': 'public'})
self.assertEqual(response1.status_code, 200)
self.assertTrue(os.path.isdir(album_folder))
response2 = self.client.get('/admin/album/api/album2/')
self.assertEqual(response2.status_code, 200)
content = json.loads(response2.content)
self.assertEquals(content['pictures'][0]['visibility'], BaseAlbum.VISIBILITY_PUBLIC)
url = '/admin/photo/album2/%s' % content['pictures'][0]['filename']
response3 = self.client.post(url, {'visibility': 'private'})
self.assertEqual(response3.status_code, 200)
content = json.loads(response3.content)
self.assertEquals(content['visibility'], BaseAlbum.VISIBILITY_PRIVATE)
def test_make_album_public_should_create_token(self):
virtual_folder = Album.get_virtual_base_folder()
album_folder = os.path.join(virtual_folder, "album1")
if os.path.isdir(album_folder):
os.rmdir(album_folder)
response = self.client.post('/admin/album/api/album1/', {'visibility': 'public'})
self.assertEqual(response.status_code, 200)
config_file = os.path.join(virtual_folder, "album1", Album.CONFIG_FILE)
self.assertTrue(os.path.isfile(config_file))
with open(config_file, 'r') as f:
content_file = f.read()
config = json.loads(content_file)
content = json.loads(response.content)
self.assertEquals(content['token'], config['token'])
def test_make_album_public_should_return_data_on_api_call(self):
virtual_folder = Album.get_virtual_base_folder()
album_folder = os.path.join(virtual_folder, "album2")
if os.path.isdir(album_folder):
rmtree(album_folder)
response_not_found = self.client.get('/album/api/album2/')
self.assertEqual(response_not_found.status_code, 404)
response1 = self.client.post('/admin/album/api/album2/', {'visibility': 'public'})
self.assertEqual(response1.status_code, 200)
self.assertTrue(os.path.isdir(album_folder))
response2 = self.client.get('/album/api/album2/')
self.assertEqual(response2.status_code, 200)
content = json.loads(response2.content)
self.assert_(content)
self.assertEquals(content['path'], '/album2/')
self.assertEquals(len(content['albuns']), 0)
self.assertEquals(len(content['pictures']), 4)
def test_sanitize_path__remove_two_slashes(self):
path = "album1//album2"
sanitized_path = Album.sanitize_path(path)
self.assertEquals(sanitized_path, 'album1/album2')
def test_sanitize_path__remove_first_slash(self):
path = "/album"
sanitized_path = Album.sanitize_path(path)
self.assertEquals(sanitized_path, 'album')
def test_create_album(self):
PHOTOS_ROOT_DIR = getattr(settings, 'PHOTOS_ROOT_DIR', '/')
album = Album(PHOTOS_ROOT_DIR, '/')
self.assertEquals(album.get_pictures(), [])
self.assertEquals(len(album.get_albuns()), 2)
def test_sanitize_path__potentially_attack2(self):
path = "../../../etc/"
sanitized_path = Album.sanitize_path(path)
self.assertEquals(sanitized_path, 'etc/')
def test_sanitize_path__remove_dot_dot(self):
path = "/../album"
sanitized_path = Album.sanitize_path(path)
self.assertEquals(sanitized_path, 'album')
def test_sanitize_path__remove_first_slash(self):
path = "/album"
sanitized_path = Album.sanitize_path(path)
self.assertEquals(sanitized_path, 'album')
def test_sanitize_path__remove_two_slashes(self):
path = "album1//album2"
sanitized_path = Album.sanitize_path(path)
self.assertEquals(sanitized_path, 'album1/album2')
def test_sanitize_path__potentially_attack2(self):
path = "../../../etc/"
sanitized_path = Album.sanitize_path(path)
self.assertEquals(sanitized_path, 'etc/')
def handle(self, *args, **options):
path = '/'
if len(args) > 0:
path = args[0]
root_album = Album(settings.PHOTOS_ROOT_DIR, path)
self.create_cache_for_album(root_album)
def test_create_album(self):
PHOTOS_ROOT_DIR = getattr(settings, 'PHOTOS_ROOT_DIR', '/')
album = Album(PHOTOS_ROOT_DIR, '/')
self.assertEquals(album.get_pictures(), [])
self.assertEquals(len(album.get_albums()), 2)
def test_sanitize_path__remove_dot_dot(self):
path = "/../album"
sanitized_path = Album.sanitize_path(path)
self.assertEquals(sanitized_path, 'album')
