def test_joins(self):
# Create some items so that we get a valid query (otherwise the query would be empty as django-guardian
# would discover that the user doesn't have permissions to get any items).
item = models.ExampleItem()
item.name = 'Example'
item.enabled = False
item.save()
subitem = models.ExampleSubItem(parent=item, enabled=True)
subitem.save()
shortcuts.assign_perm('rest_framework_reactive.view_exampleitem', auth_models.AnonymousUser(), item)
shortcuts.assign_perm('rest_framework_reactive.view_examplesubitem', auth_models.AnonymousUser(), subitem)
observer = QueryObserver(self.request(views.ExampleSubItemViewSet, parent__enabled=True))
items = observer.evaluate()
add_subscriber('test-session', observer.id)
self.assertEquals(observer.id, '009955bdb64c21f679a7dfa2f747d6025ffef3185e5e01805662ebe8ca89c1d3')
self.assertEquals(len(items), 0)
observer_state = observer_models.Observer.objects.get(pk=observer.id)
dependencies = observer_state.dependencies.all().values_list('table', flat=True)
self.assertIn('rest_framework_reactive_tests_exampleitem', dependencies)
self.assertIn('rest_framework_reactive_tests_examplesubitem', dependencies)
def get_user(request):
try:
user_id = request.session[auth.SESSION_KEY]
backend_path = request.session[auth.BACKEND_SESSION_KEY]
backend = auth.load_backend(backend_path)
backend.request = request
user = backend.get_user(user_id) or models.AnonymousUser()
except KeyError:
user = models.AnonymousUser()
return user
def test_order(self):
observer = pool.observe_viewset(self.request(views.ExampleItemViewSet, ordering='name'), 'test-subscriber')
items = observer.evaluate()
self.assertEquals(len(items), 0)
item = models.ExampleItem()
item.name = 'D'
item.enabled = False
item.save()
shortcuts.assign_perm('rest_framework_reactive.view_exampleitem', auth_models.AnonymousUser(), item)
added, changed, removed = observer.evaluate(return_emitted=True)
self.assertEquals(len(added), 1)
self.assertEquals(added[0], {'id': item.pk, 'name': item.name, 'enabled': item.enabled})
self.assertEquals(added[0]._order, 0)
self.assertEquals(len(changed), 0)
self.assertEquals(len(removed), 0)
item2 = models.ExampleItem()
item2.name = 'A'
item2.enabled = True
item2.save()
shortcuts.assign_perm('rest_framework_reactive.view_exampleitem', auth_models.AnonymousUser(), item2)
added, changed, removed = observer.evaluate(return_emitted=True)
self.assertEquals(len(added), 1)
self.assertEquals(added[0], {'id': item2.pk, 'name': item2.name, 'enabled': item2.enabled})
self.assertEquals(added[0]._order, 0)
# Check that the first item has changed, because its order has changed.
self.assertEquals(len(changed), 1)
self.assertEquals(changed[0], {'id': item.pk, 'name': item.name, 'enabled': item.enabled})
self.assertEquals(changed[0]._order, 1)
self.assertEquals(len(removed), 0)
item3 = models.ExampleItem()
item3.name = 'C'
item3.enabled = True
item3.save()
shortcuts.assign_perm('rest_framework_reactive.view_exampleitem', auth_models.AnonymousUser(), item3)
added, changed, removed = observer.evaluate(return_emitted=True)
self.assertEquals(len(added), 1)
self.assertEquals(added[0], {'id': item3.pk, 'name': item3.name, 'enabled': item3.enabled})
self.assertEquals(added[0]._order, 1)
self.assertEquals(len(changed), 1)
self.assertEquals(changed[0], {'id': item.pk, 'name': item.name, 'enabled': item.enabled})
self.assertEquals(changed[0]._order, 2)
self.assertEquals(len(removed), 0)
def get_request_and_strategy(self, auth_entry=None, redirect_uri=None):
"""Gets a fully-configured request and strategy.
These two objects contain circular references, so we create them
together. The references themselves are a mixture of normal __init__
stuff and monkey-patching done by python-social-auth. See, for example,
social.apps.django_apps.utils.strategy().
"""
request = self.request_factory.get(
pipeline.get_complete_url(self.backend_name) +
'?redirect_state=redirect_state_value&code=code_value&state=state_value'
)
request.user = auth_models.AnonymousUser()
request.session = cache.SessionStore()
request.session[self.backend_name + '_state'] = 'state_value'
if auth_entry:
request.session[pipeline.AUTH_ENTRY_KEY] = auth_entry
strategy = social_utils.load_strategy(request=request)
request.social_strategy = strategy
request.backend = social_utils.load_backend(strategy,
self.backend_name,
redirect_uri)
return request, strategy
def show_review(request, review_id=None):
"""
View a review for a product. If no review_id is given, a page for selecting
the review to show is displayed. If no product_id is given, a page for
selecting the product is displayed.
"""
if review_id is None:
return redirect("product-reviews")
review_mgr = reviews.models.Review.objects
if (request.session.get(settings.MASTER_WRITE_KEY, 0) >
time.time() - settings.WRITE_BIND_TIME):
# Tie reads to the master reviews database.
review_mgr = review_mgr.db_manager("reviews")
try:
review = review_mgr.get(id=review_id)
except reviews.models.Review.DoesNotExist:
return http.HttpResponseNotFound(
loader.render_to_string("reviews/missing.html",
context_instance=RequestContext(request)))
if review.author_id == -1:
user = auth_models.AnonymousUser()
else:
user = auth_models.User.objects.get(id=review.author_id)
product = products.models.Product.objects.get(id=review.product_id)
data = {
"title": "Reviews",
"product": product,
"review": review,
"reviewer": user,
}
return render_to_response("reviews/review.html", data,
RequestContext(request))
def show_review(request, review_id=None):
"""
View a review for a product. If no review_id is given, a page for selecting
the review to show is displayed. If no product_id is given, a page for
selecting the product is displayed.
"""
if review_id is None:
return redirect("product-reviews")
alias = "reviews-%d" % reviews.models.get_db_for_id(review_id)
try:
review = reviews.models.Review.objects.using(alias).get(id=review_id)
except reviews.models.Review.DoesNotExist:
return http.HttpResponseNotFound(
loader.render_to_string("reviews/missing.html",
context_instance=RequestContext(request)))
if review.author_id == -1:
user = auth_models.AnonymousUser()
else:
user = auth_models.User.objects.get(id=review.author_id)
product = products.models.Product.objects.get(id=review.product_id)
data = {
"title": "Reviews",
"product": product,
"review": review,
"reviewer": user,
}
return render_to_response("reviews/review.html", data,
RequestContext(request))
def test_conditions(self):
observer = QueryObserver(self.request(views.ExampleItemViewSet, enabled=True))
items = observer.evaluate()
add_subscriber('test-session', observer.id)
self.assertEquals(observer.id, '0c2544b340aeb1919180ee6898a8e117de76b4a09dcedff7d6d172f3caa677c2')
self.assertEquals(len(items), 0)
item = models.ExampleItem()
item.name = 'Example'
item.enabled = False
item.save()
shortcuts.assign_perm('rest_framework_reactive.view_exampleitem', auth_models.AnonymousUser(), item)
added, changed, removed = observer.evaluate(return_emitted=True)
self.assertEquals(len(added), 0)
self.assertEquals(len(changed), 0)
self.assertEquals(len(removed), 0)
item.enabled = True
item.save()
added, changed, removed = observer.evaluate(return_emitted=True)
self.assertEquals(len(added), 1)
self.assertEquals(added[0]['data'], {'id': item.pk, 'name': item.name, 'enabled': item.enabled})
self.assertEquals(len(changed), 0)
self.assertEquals(len(removed), 0)
def test_get_credentials_anon_user(self):
request = self.factory.get('oauth2/oauth2authorize',
data={'return_url': '/return_endpoint'})
request.session = self.session
request.user = django_models.AnonymousUser()
oauth2 = googleoauth2django.UserOAuth2(request)
self.assertIsNone(oauth2.credentials)
def get_user(request):
try:
user_id = request.session[auth.SESSION_KEY]
backend_path = request.session[auth.BACKEND_SESSION_KEY]
backend = auth.load_backend(backend_path)
backend.request = request
#LOG.info(" into try xxx before user = backend.get_user(user_id) or models.AnonymousUser()")
user = backend.get_user(user_id) or models.AnonymousUser()
#LOG.info(user)
except KeyError:
#LOG.info(" into except KeyError xxx before user = models.AnonymousUser()")
user = models.AnonymousUser()
#LOG.info(user)
return user
def test_aggregations(self):
item = models.ExampleItem()
item.name = 'Example'
item.enabled = False
item.save()
m2m_item = models.ExampleM2MItem()
m2m_item.save()
shortcuts.assign_perm(
'rest_framework_reactive.view_exampleitem',
auth_models.AnonymousUser(),
item,
)
observer = QueryObserver(
request(views.AggregationTestViewSet, items=[m2m_item.pk]))
observer.subscribe(
'test-session',
dependencies=[
models.ExampleItem, models.ExampleM2MItem.items.through
],
)
# There should be a dependency on the intermediate table.
observer_state = observer_models.Observer.objects.get(pk=observer.id)
dependencies = observer_state.dependencies.all().values_list('table',
flat=True)
self.assertIn('drfr_test_app_examplem2mitem_items', dependencies)
def test_login_required_permission_denied(self):
@decorators.login_required
def wrapped(info):
"""Decorated function"""
with self.assertRaises(exceptions.PermissionDenied):
wrapped(info_mock(models.AnonymousUser()))
def test_edit_request__unauth(self):
"""Should refuse"""
request = factory.patch('/80001')
request.user = auth_models.AnonymousUser()
view = DummyObjectView(Event.objects.get(pk=80001))
self.assertFalse(ObjectOwnership().has_permission(request, view))
def test_authorize_anonymous_user_redirects_login(self):
request = self.factory.get('oauth2/oauth2authorize')
request.session = self.session
request.user = django_models.AnonymousUser()
response = views.oauth2_authorize(request)
self.assertIsInstance(response, http.HttpResponseRedirect)
# redirects to Django login
self.assertIn(django.conf.settings.LOGIN_URL, response.url)
def get(self, request, *args, **kwargs):
"""
get login page
如果当前用户已经登陆,则跳转到首页
"""
if auth.get_user(request) != auth_models.AnonymousUser():
return redirect('index')
form = forms.LoginForm()
return render(request, 'login.html', {'form': form})
def get(self, request, *args, **kwargs):
"""
get register page
如果当前用户已经登陆,则直接跳转至首页
"""
if auth.get_user(request) != auth_models.AnonymousUser():
return redirect('index')
form = forms.RegisterForm()
return render(request, 'register.html', {'form': form})
def test_item_serialization(self):
item = models.ExampleItem.objects.create(name='Example', enabled=True)
shortcuts.assign_perm(
'rest_framework_reactive.view_exampleitem',
auth_models.AnonymousUser(),
item,
)
observer = QueryObserver(request(views.ExampleItemViewSet))
items = observer.subscribe('test-session')
def test_item_serialization(self):
item = models.ExampleItem.objects.create(name='Example', enabled=True)
shortcuts.assign_perm('rest_framework_reactive.view_exampleitem', auth_models.AnonymousUser(), item)
observer = QueryObserver(self.request(views.ExampleItemViewSet))
items = observer.evaluate()
add_subscriber('test-session', observer.id)
# Ensure items can be serialized into JSON.
json.dumps(items)
def test_joins(self):
# Create some items so that we get a valid query (otherwise the query would be empty as django-guardian
# would discover that the user doesn't have permissions to get any items).
item = models.ExampleItem()
item.name = 'Example'
item.enabled = False
item.save()
subitem = models.ExampleSubItem(parent=item, enabled=True)
subitem.save()
shortcuts.assign_perm('rest_framework_reactive.view_exampleitem', auth_models.AnonymousUser(), item)
shortcuts.assign_perm('rest_framework_reactive.view_examplesubitem', auth_models.AnonymousUser(), subitem)
observer = pool.observe_viewset(self.request(views.ExampleSubItemViewSet, parent__enabled=True), 'test-subscriber')
items = observer.evaluate()
self.assertEquals(observer.id, '009955bdb64c21f679a7dfa2f747d6025ffef3185e5e01805662ebe8ca89c1d3')
self.assertEquals(len(items), 0)
self.assertIn(observer, pool._tables['rest_framework_reactive_exampleitem'])
self.assertIn(observer, pool._tables['rest_framework_reactive_examplesubitem'])
def test_create_with_anonymous_user(self):
"""
Don't allow the creation of datasets by anonymouse users.
"""
with self.assertRaises(ValueError):
upload_file = open(
'data/wgEncodeCaltechRnaSeqHuvecR1x75dTh1014IlnaPlusSignalRep2.hitile',
'r')
tm.Tileset.objects.create(datafile=dcfu.SimpleUploadedFile(
upload_file.name, upload_file.read()),
filetype='hitile',
owner=dcam.AnonymousUser())
def test_joins(self):
# Create some items so that we get a valid query (otherwise the query would be empty as django-guardian
# would discover that the user doesn't have permissions to get any items).
item = models.ExampleItem()
item.name = 'Example'
item.enabled = False
item.save()
subitem = models.ExampleSubItem(parent=item, enabled=True)
subitem.save()
shortcuts.assign_perm(
'rest_framework_reactive.view_exampleitem',
auth_models.AnonymousUser(),
item,
)
shortcuts.assign_perm(
'rest_framework_reactive.view_examplesubitem',
auth_models.AnonymousUser(),
subitem,
)
observer = QueryObserver(
request(views.ExampleSubItemViewSet, parent__enabled=True))
items = observer.subscribe(
'test-session',
dependencies=[models.ExampleSubItem, models.ExampleItem])
self.assertEqual(
observer.id,
'92b1698976bf1e04d155f9c60ac74c054ef872f547a59d771fc3c046998bbba8',
)
self.assertEqual(len(items), 0)
observer_state = observer_models.Observer.objects.get(pk=observer.id)
dependencies = observer_state.dependencies.all().values_list('table',
flat=True)
self.assertIn('drfr_test_app_exampleitem', dependencies)
self.assertIn('drfr_test_app_examplesubitem', dependencies)
def test_redirects_anonymous_to_login(self):
request = self.factory.get('/test')
request.session = self.session
request.user = django_models.AnonymousUser()
@decorators.oauth_required
def test_view(request):
return http.HttpResponse("test") # pragma: NO COVER
response = test_view(request)
self.assertIsInstance(response, http.HttpResponseRedirect)
self.assertEqual(parse.urlparse(response['Location']).path,
django.conf.settings.LOGIN_URL)
def user(self, session):
from django.contrib import auth
from django.contrib.auth import models as auth_models
content = session.get_decoded()
if auth.SESSION_KEY not in content:
return
user_id = content[auth.SESSION_KEY]
if auth.BACKEND_SESSION_KEY not in content:
return
backend_class = content[auth.BACKEND_SESSION_KEY]
backend = auth.load_backend(backend_class)
try:
user = backend.get_user(user_id) or auth_models.AnonymousUser()
except:
user = _('deleted user %r') % user_id
return user
def test_already_authenticated(self):
@decorators.token_auth
def wrapped(root, info, **kwargs):
return {}
headers = {
jwt_settings.JWT_AUTH_HEADER:
'{0} {1}'.format(jwt_settings.JWT_AUTH_HEADER_PREFIX, self.token),
}
info_mock = self.info(models.AnonymousUser(), **headers)
result = wrapped(None,
info_mock,
password='******',
username=self.user.get_username())
self.assertNotIn(jwt_settings.JWT_AUTH_HEADER,
info_mock.context.get('request').META)
def test_conditions(self):
observer = QueryObserver(
request(views.ExampleItemViewSet, enabled=True))
items = observer.subscribe('test-session')
self.assertEqual(
observer.id,
'5333b85599fd24ed4e2f7eeaefb599cbbd39894b437e9b9d3b80d5d21639b4bb',
)
self.assertEqual(len(items), 0)
item = models.ExampleItem()
item.name = 'Example'
item.enabled = False
item.save()
shortcuts.assign_perm(
'rest_framework_reactive.view_exampleitem',
auth_models.AnonymousUser(),
item,
)
added, changed, removed = observer._evaluate()
self.assertEqual(len(added), 0)
self.assertEqual(len(changed), 0)
self.assertEqual(len(removed), 0)
item.enabled = True
item.save()
added, changed, removed = observer._evaluate()
self.assertEqual(len(added), 1)
self.assertEqual(
added[0]['data'],
{
'id': item.pk,
'name': item.name,
'enabled': item.enabled
},
)
self.assertEqual(len(changed), 0)
self.assertEqual(len(removed), 0)
def __call__(self, scope: dict):
query_string: str = bytes(scope["query_string"]).decode("utf-8")
parsed: Dict[str, List[str]] = parse.parse_qs(query_string)
user = None
if "Bearer" in parsed and len(parsed["Bearer"]) == 1:
token: str = parsed["Bearer"][0]
payload: dict = decode(token)
if payload is not None:
try:
user = User.objects.get(pk=payload.get("id"))
except User.DoesNotExist:
pass
finally:
close_old_connections()
user = user or models.AnonymousUser()
return self.inner(dict(scope, user=user))
def test_authorize_anonymous_user(self):
request = self.factory.get('oauth2/oauth2authorize')
request.session = self.session
request.user = django_models.AnonymousUser()
response = views.oauth2_authorize(request)
self.assertIsInstance(response, http.HttpResponseRedirect)
def post(self, request):
auth.logout(request)
user = auth_models.AnonymousUser()
serializer = AuthUserSerializer(instance=user)
return Response(serializer.data)
def setUp(self):
factory = RequestFactory()
self.url = reverse("add-member")
self.request = factory.get(self.url)
self.request.user = auth_models.AnonymousUser()
def test_observe_viewset(self):
# Create a request and an observer for it.
observer = QueryObserver(self.request(views.ExampleItemViewSet))
items = observer.evaluate()
add_subscriber('test-session', observer.id)
self.assertEquals(observer.id, 'fdd1312a8082540528908c32f4a94cac55365ef7acadc8e5ae8d4795cd7b5fa6')
self.assertEquals(len(items), 0)
# Add an item into the database.
item = models.ExampleItem()
item.name = 'Example'
item.enabled = True
item.save()
shortcuts.assign_perm('rest_framework_reactive.view_exampleitem', auth_models.AnonymousUser(), item)
# Evaluate the observer again (in reality this would be done automatically, triggered by signals
# from Django ORM).
added, changed, removed = observer.evaluate(return_emitted=True)
self.assertEquals(len(added), 1)
expected_serialized_item = {'id': item.pk, 'name': item.name, 'enabled': item.enabled}
self.assertEquals(added[0]['data'], expected_serialized_item)
self.assertEquals(len(changed), 0)
self.assertEquals(len(removed), 0)
# Change the existing item.
item.enabled = False
expected_serialized_item['enabled'] = False
item.save()
added, changed, removed = observer.evaluate(return_emitted=True)
self.assertEquals(len(added), 0)
self.assertEquals(len(changed), 1)
self.assertEquals(changed[0]['data'], expected_serialized_item)
self.assertEquals(len(removed), 0)
# Remove the first item.
item.delete()
# Add another two items.
item2 = models.ExampleItem()
item2.name = 'Example 2'
item2.enabled = True
item2.save()
item3 = models.ExampleItem()
item3.name = 'Example 3'
item3.enabled = True
item3.save()
shortcuts.assign_perm('rest_framework_reactive.view_exampleitem', auth_models.AnonymousUser(), item2)
shortcuts.assign_perm('rest_framework_reactive.view_exampleitem', auth_models.AnonymousUser(), item3)
added, changed, removed = observer.evaluate(return_emitted=True)
self.assertEquals(len(added), 2)
self.assertEquals(added[0]['data'], {'id': item2.pk, 'name': item2.name, 'enabled': item2.enabled})
self.assertEquals(added[1]['data'], {'id': item3.pk, 'name': item3.name, 'enabled': item3.enabled})
self.assertEquals(len(changed), 0)
self.assertEquals(len(removed), 1)
self.assertEquals(removed[0]['data'], expected_serialized_item)
def test_order(self):
observer = QueryObserver(self.request(views.ExampleItemViewSet, ordering='name'))
items = observer.evaluate()
add_subscriber('test-session', observer.id)
self.assertEquals(len(items), 0)
item = models.ExampleItem()
item.name = 'D'
item.enabled = False
item.save()
shortcuts.assign_perm('rest_framework_reactive.view_exampleitem', auth_models.AnonymousUser(), item)
added, changed, removed = observer.evaluate(return_emitted=True)
self.assertEquals(len(added), 1)
self.assertEquals(added[0]['data'], {'id': item.pk, 'name': item.name, 'enabled': item.enabled})
self.assertEquals(added[0]['order'], 0)
self.assertEquals(len(changed), 0)
self.assertEquals(len(removed), 0)
item2 = models.ExampleItem()
item2.name = 'A'
item2.enabled = True
item2.save()
shortcuts.assign_perm('rest_framework_reactive.view_exampleitem', auth_models.AnonymousUser(), item2)
added, changed, removed = observer.evaluate(return_emitted=True)
self.assertEquals(len(added), 1)
self.assertEquals(added[0]['data'], {'id': item2.pk, 'name': item2.name, 'enabled': item2.enabled})
self.assertEquals(added[0]['order'], 0)
# Check that the first item has changed, because its order has changed.
self.assertEquals(len(changed), 1)
self.assertEquals(changed[0]['data'], {'id': item.pk, 'name': item.name, 'enabled': item.enabled})
self.assertEquals(changed[0]['order'], 1)
self.assertEquals(len(removed), 0)
item3 = models.ExampleItem()
item3.name = 'C'
item3.enabled = True
item3.save()
shortcuts.assign_perm('rest_framework_reactive.view_exampleitem', auth_models.AnonymousUser(), item3)
added, changed, removed = observer.evaluate(return_emitted=True)
self.assertEquals(len(added), 1)
self.assertEquals(added[0]['data'], {'id': item3.pk, 'name': item3.name, 'enabled': item3.enabled})
self.assertEquals(added[0]['order'], 1)
self.assertEquals(len(changed), 1)
self.assertEquals(changed[0]['data'], {'id': item.pk, 'name': item.name, 'enabled': item.enabled})
self.assertEquals(changed[0]['order'], 2)
self.assertEquals(len(removed), 0)
# Check order change between two existing items.
item.name = 'B'
item.save()
added, changed, removed = observer.evaluate(return_emitted=True)
self.assertEquals(len(added), 0)
self.assertEquals(len(changed), 2)
self.assertEquals(changed[0]['data'], {'id': item3.pk, 'name': item3.name, 'enabled': item3.enabled})
self.assertEquals(changed[0]['order'], 2)
self.assertEquals(changed[1]['data'], {'id': item.pk, 'name': item.name, 'enabled': item.enabled})
self.assertEquals(changed[1]['order'], 1)
self.assertEquals(len(removed), 0)
