def test_admin_default(client, add_user):
    """
    Checks that admin can update other user's files
    """
    user = add_user(role=ROLE_MANAGER)
    _ = add_user(role=ROLE_ADMIN, log_him_in=True)

    file = add_content(created_by=user.id, publisher_id=user.publisher_id)
    previous_src = file.src
    comment = get_random_str()

    resp = client.put(endpoint=endpoint,
                      content_type='multipart/form-data',
                      file_id=file.id,
                      data=dict(
                          file=open('tests/data/FaceImage.jpg', 'rb'),
                          comment=comment,
                      ))
    assert 'id' in resp
    file = File.query.get(resp['id'])
    assert file and os.path.isfile(file.src)
    assert file.src != previous_src
    assert file.status == STATUS_CREATED

    assert 'comment' in resp
    assert resp['comment'] == file.comment == comment
Example #2
0
def test_not_auth_failure(client, add_user):
    """
    Checks that anonymous user can not delete files
    """
    user = add_user(role=ROLE_MANAGER, log_him_in=False)

    file = add_content(created_by=user.id, publisher_id=user.publisher_id)
    _ = client.delete(endpoint=endpoint, file_id=file.id, check_status=403)
Example #3
0
def test_not_admin_failure(client, add_user):
    """
    Checks that ordinary user can not delete other user's files
    """
    user = add_user(role=ROLE_MANAGER, log_him_in=False)
    _ = add_user(role=ROLE_MANAGER, log_him_in=True)

    file = add_content(created_by=user.id, publisher_id=user.publisher_id)
    _ = client.delete(endpoint=endpoint, file_id=file.id, check_status=403)
Example #4
0
def test_default(client, add_user):
    user = add_user(role=ROLE_MANAGER)
    content = add_content(created_by=user.id, publisher_id=user.publisher_id)
    device = add_device()
    resp = client.post(
        endpoint=endpoint,
        file_id=content.id,
        headers={
            AUTH_TOKEN_HEADER_NAME: f'{device.id}:{device.access_token}',
        },
    )
    assert resp == 'ok'
Example #5
0
def test_wrong_id_failure(client, add_user):
    """
    Checks that we get 404 response if the file_id is wrong
    """
    user = add_user(role=ROLE_MANAGER, log_him_in=False)
    _ = add_user(role=ROLE_ADMIN, log_him_in=True)

    file = add_content(created_by=user.id, publisher_id=user.publisher_id)
    _ = client.delete(endpoint=endpoint,
                      file_id=129129129129192,
                      check_status=404)
    assert File.query.get(file.id)
Example #6
0
def test_default(client, add_user):
    user = add_user(role=ROLE_MANAGER, log_him_in=True)
    ids = [
        add_content(created_by=user.id, publisher_id=user.publisher_id).id
        for _ in range(3)
    ]

    # add some noise
    user2 = add_user(role=ROLE_MANAGER)
    for _ in range(10):
        add_content(created_by=user2.id, publisher_id=user2.publisher_id)

    resp = client.get(endpoint=endpoint)
    assert 'total' in resp
    assert resp['total'] == len(ids)

    assert 'results' in resp
    assert len(resp['results']) == len(ids)
    for item in resp['results']:
        assert 'id' in item
        assert item['id'] in ids
        assert 'publisher' in item
        assert user.publisher_id == item['publisher']['id']
def test_malformed_params_failure(client, add_user, file, comment):
    """
    Checks that user can not update files with malformed params
    """
    user = add_user(role=ROLE_MANAGER, log_him_in=True)
    file = add_content(created_by=user.id, publisher_id=user.publisher_id)

    resp = client.put(endpoint=endpoint,
                      content_type='multipart/form-data',
                      file_id=file.id,
                      data=dict(comment=comment, file=file),
                      check_status=400)
    assert 'errors' in resp
    assert len(resp['errors']) == 1
def test_not_auth_failure(client, add_user):
    """
    Checks that anonymous user can not update files
    """
    user = add_user(role=ROLE_MANAGER)
    file = add_content(created_by=user.id, publisher_id=user.publisher_id)

    resp = client.put(endpoint=endpoint,
                      content_type='multipart/form-data',
                      file_id=file.id,
                      data=dict(comment=get_random_str(), ),
                      check_status=403)
    assert 'errors' in resp
    assert len(resp['errors']) == 1
Example #9
0
def test_default(client, add_user):
    """
    Checks that ordinary user can delete its own files
    """
    user = add_user(role=ROLE_MANAGER, log_him_in=True)

    file = add_content(created_by=user.id, publisher_id=user.publisher_id)
    resp = client.delete(
        endpoint=endpoint,
        file_id=file.id,
    )
    assert 'id' in resp
    assert resp['id'] == file.id
    assert not File.query.get(resp['id'])
    assert not os.path.isfile(file.src)
Example #10
0
def test_malformed_status_change(client, add_user, role, status):
    """
    Checks that user can not change status to not allowed
    """
    user = add_user(role=role, log_him_in=True)
    file = add_content(created_by=user.id,
                       publisher_id=user.publisher_id,
                       status=STATUS_MODERATION)

    resp = client.put(endpoint=endpoint,
                      file_id=file.id,
                      data=dict(status=status, ),
                      check_status=400)
    assert 'errors' in resp
    assert len(resp['errors']) == 1
    assert 'status' in resp['errors'][0]
def test_default(client, add_user):
    user = add_user(role=ROLE_MANAGER)
    _ = add_content(created_by=user.id, publisher_id=user.publisher_id)
    device = add_device()

    resp = client.get(
        endpoint=endpoint,
        headers={
            AUTH_TOKEN_HEADER_NAME: f'{device.id}:{device.access_token}',
        },
    )

    assert 'results' in resp
    assert resp['results']
    for file in resp['results']:
        assert 'id' in file
        assert 'src' in file
Example #12
0
def test_status_change(client, add_user, role, status):
    """
    Checks that status changed correctly
    """
    if role == ROLE_MANAGER:
        user = add_user(role=role, log_him_in=True)
    else:
        user = add_user(role=ROLE_MANAGER)
        _ = add_user(role=role, log_him_in=True)

    file = add_content(created_by=user.id, publisher_id=user.publisher_id)

    resp = client.put(endpoint=endpoint,
                      file_id=file.id,
                      data=dict(status=status, ))

    assert 'status' in resp
    assert resp['status'] == status
Example #13
0
def test_not_admin_failure(client, add_user):
    """
    Checks that ordinary user can not update other user's files
    """
    user = add_user(role=ROLE_MANAGER)
    _ = add_user(role=ROLE_MANAGER, log_him_in=True)

    file = add_content(created_by=user.id, publisher_id=user.publisher_id)
    comment = get_random_str()

    resp = client.put(endpoint=endpoint,
                      content_type='multipart/form-data',
                      file_id=file.id,
                      check_status=403,
                      data=dict(
                          file=open('tests/data/FaceImage.jpg', 'rb'),
                          comment=comment,
                      ))
    assert 'errors' in resp
    assert len(resp['errors']) == 1
Example #14
0
def test_default(client, add_user, file, comment):
    """
    Checks that regular user can update its own files
    """
    user = add_user(role=ROLE_MANAGER, log_him_in=True)
    content = add_content(created_by=user.id, publisher_id=user.publisher_id)
    previous_src = content.src

    resp = client.put(endpoint=endpoint,
                      content_type='multipart/form-data',
                      file_id=content.id,
                      data=dict(
                          file=file,
                          comment=comment,
                      ))
    assert 'id' in resp
    f = File.query.get(resp['id'])
    assert f
    if file:
        assert os.path.isfile(f.src)
        assert f.src != previous_src

    assert 'comment' in resp
    assert resp['comment'] == f.comment == comment