def test_web_user_retrieve_loan(self): from ...api import LoanEndpoint from ...models import Loan from ...serializers import LoanSerializer from util.util import ordered_dict from dynamicfixtures import _djroot_user, _alice, _bob, _registered_edition_alice _djroot_user() alice = _alice() bob = _bob() edition_alice = _registered_edition_alice() loan = Loan.create(edition_alice, loanee=bob, owner=alice) loan.save() factory = APIRequestFactory() url = reverse('api:ownership:loan-detail', kwargs={'pk': loan.pk}) request = factory.get(url) force_authenticate(request, user=alice) view = LoanEndpoint.as_view({'get': 'retrieve'}) response = view(request, pk=loan.pk) serializer = LoanSerializer(loan, context={'request': request}) response_db = json.loads(json.dumps(serializer.data)) self.assertEqual(ordered_dict(response.data['loan']), ordered_dict(response_db)) self.assertIs(response.status_code, status.HTTP_200_OK) self.assertIn('edition', response.data['loan']) self.assertNotIn('piece', response.data['loan'])
def testListWeb(self): from ...api import TransferEndpoint from ...models import OwnershipTransfer from ...serializers import OwnershipEditionSerializer from util.util import ordered_dict self._create_transfers() view = TransferEndpoint.as_view({'get': 'list'}) request = self.factory.get('/api/ownership/transfers/') force_authenticate(request, user=self.web_user) response = view(request) self.assertIs(response.status_code, status.HTTP_200_OK) qs = OwnershipTransfer.objects.filter(Q(prev_owner=self.web_user) | Q(new_owner=self.web_user)) serializer = OwnershipEditionSerializer(qs, many=True, context={'request': request}) response_db = json.loads(json.dumps({'success': True, 'count': len(qs), 'unfiltered_count': len(qs), 'next': None, 'previous': None, 'transfers': serializer.data})) self.assertEqual(ordered_dict(response.data), ordered_dict(response_db)) for transfer in response.data['transfers']: self.assertIn('edition', transfer) self.assertNotIn('piece', transfer)
def testRetrieveWeb(self): """ Test that a user can retrieve registrations from himself. """ from ...api import TransferEndpoint from ...models import OwnershipTransfer from ...serializers import OwnershipEditionSerializer from util.util import ordered_dict self._create_transfers() view = TransferEndpoint.as_view({'get': 'retrieve'}) url = '/api/ownership/transfers/{0}/'.format(self.transfers_web.id) request = self.factory.get(url) force_authenticate(request, user=self.web_user) response = view(request, pk=self.transfers_web.id) self.assertIs(response.status_code, status.HTTP_200_OK) qs = OwnershipTransfer.objects.get(id=self.transfers_web.id) serializer = OwnershipEditionSerializer(qs, context={'request': request}) response_db = json.loads(json.dumps({'success': True, 'transfer': serializer.data})) self.assertEqual(ordered_dict(response.data), ordered_dict(response_db)) self.assertIn('edition', response.data['transfer']) self.assertNotIn('piece', response.data['transfer'])
def test_web_user_list_consignments(self): from ...api import ConsignEndpoint from ...models import Consignment from ...serializers import OwnershipEditionSerializer from util.util import ordered_dict from dynamicfixtures import _djroot_user, _alice, _bob, _registered_edition_alice _djroot_user() alice = _alice() bob = _bob() edition_alice = _registered_edition_alice() consignment = Consignment.create(edition_alice, consignee=bob, owner=alice) consignment.save() url = reverse('api:ownership:consignment-list') factory = APIRequestFactory() request = factory.get(url) force_authenticate(request, user=alice) view = ConsignEndpoint.as_view({'get': 'list'}) response = view(request) qs = Consignment.objects.filter(Q(prev_owner=alice) | Q(new_owner=bob)) serializer = OwnershipEditionSerializer(qs, many=True, context={'request': request}) response_db = json.loads(json.dumps({'success': True, 'count': len(qs), 'unfiltered_count': len(qs), 'next': None, 'previous': None, 'consignments': serializer.data})) self.assertEqual(ordered_dict(response.data), ordered_dict(response_db)) self.assertIs(response.status_code, status.HTTP_200_OK) for consignment in response.data['consignments']: self.assertIn('edition', consignment) self.assertNotIn('piece', consignment)
def test_web_user_retrieve_share(self, alice, bob, registered_edition_alice): from ..api import ShareEndpoint from ..models import Share from ..serializers import OwnershipEditionSerializer from util.util import ordered_dict share = Share.create(registered_edition_alice, sharee=bob) share.save() factory = APIRequestFactory() url = reverse('api:ownership:share-detail', kwargs={'pk': share.pk}) request = factory.get(url) force_authenticate(request, user=alice) view = ShareEndpoint.as_view({'get': 'retrieve'}) response = view(request, pk=share.pk) response.render() response_json = json.loads(response.content) serializer = OwnershipEditionSerializer(share, context={'request': request}) response_db = json.loads(json.dumps(serializer.data)) assert ordered_dict( response_json['share']) == ordered_dict(response_db) assert response.status_code is status.HTTP_200_OK assert 'edition' in response_json['share'] assert 'piece' not in response_json['share']
def testRetrieveOtherWeb(self): """ Test that a user can't retrieve the ownership when he didnt participate if he knows the ID """ from ...api import TransferEndpoint from ...models import OwnershipTransfer from ...serializers import OwnershipEditionSerializer from util.util import ordered_dict self._create_transfers() view = TransferEndpoint.as_view({'get': 'retrieve'}) url = '/api/ownership/transfers/{0}/'.format(self.transfers_other.id) request = self.factory.get(url) force_authenticate(request, user=self.other_user) response = view(request, pk=self.transfers_other.id) self.assertIs(response.status_code, status.HTTP_200_OK) qs = OwnershipTransfer.objects.get(id=self.transfers_other.id) serializer = OwnershipEditionSerializer(qs, context={'request': request}) response_db = json.loads(json.dumps({'success': True, 'transfer': serializer.data})) self.assertEqual(ordered_dict(response.data), ordered_dict(response_db)) self.assertIn('edition', response.data['transfer']) self.assertNotIn('piece', response.data['transfer']) # transferred from web to other : access granted to other url = '/api/ownership/transfers/{0}/'.format(self.transfers_web.id) request = self.factory.get(url) force_authenticate(request, user=self.other_user) response = view(request, pk=self.transfers_web.id) self.assertIs(response.status_code, status.HTTP_200_OK) # transferred from other to oauth : access not granted to web url = '/api/ownership/transfers/{0}/'.format(self.transfers_web.id) request = self.factory.get(url) force_authenticate(request, user=self.web_user) response = view(request, pk=self.transfers_oauth.id) self.assertIs(response.status_code, status.HTTP_404_NOT_FOUND)
def testListWeb(self): """ Test that a web user can list his digitalworks. He should not have access to the files of others in the db. """ view = ContractBlobEndpoint.as_view({'get': 'list'}) request = self.factory.get('/api/blob/contracts/') force_authenticate(request, user=self.web_user) response = view(request) self.assertIs(response.status_code, status.HTTP_200_OK) # render the response so that we get the serialized json response_json = response.data['contractblobs'] # get serialize the contract form the db qs = OtherData.objects.filter(id__in=[d.id for d in self.contracts_web]) serializer = FileSerializer(qs, many=True) response_db = json.loads(json.dumps(serializer.data)) self.assertEqual(len(response_json), len(response_db)) self.assertEqual(ordered_dict(response_json), ordered_dict(response_db))
def test_web_user_list_shares_piece(self, alice, bob, registered_piece_alice): from ..api import SharePieceEndpoint from ..models import SharePiece from ..serializers import OwnershipPieceSerializer from util.util import ordered_dict share = SharePiece.create(registered_piece_alice, sharee=bob) share.save() url = reverse('api:ownership:sharepiece-list') factory = APIRequestFactory() request = factory.get(url) force_authenticate(request, user=alice) view = SharePieceEndpoint.as_view({'get': 'list'}) response = view(request) response.render() response_json = json.loads(response.content) qs = SharePiece.objects.filter(Q(prev_owner=alice) | Q(new_owner=bob)) serializer = OwnershipPieceSerializer(qs, many=True, context={'request': request}) response_db = json.loads( json.dumps({ 'success': True, 'count': len(qs), 'unfiltered_count': len(qs), 'next': None, 'previous': None, 'shares': serializer.data })) assert ordered_dict(response_json) == ordered_dict(response_db) assert response.status_code is status.HTTP_200_OK for share in response_json['shares']: assert 'piece' in share assert 'edition' not in share