class SecurityACLTests(unittest.TestCase, MaxTestBase):
def setUp(self):
conf_dir = os.path.dirname(os.path.dirname(__file__))
self.app = loadapp('config:tests.ini', relative_to=conf_dir)
self.app.registry.max_store.drop_collection('users')
self.app.registry.max_store.drop_collection('activity')
self.app.registry.max_store.drop_collection('contexts')
self.app.registry.max_store.drop_collection('security')
self.app.registry.max_store.drop_collection('conversations')
self.app.registry.max_store.drop_collection('messages')
self.app.registry.max_store.security.insert(test_default_security)
self.patched_post = patch('requests.post', new=partial(mock_post, self))
self.patched_post.start()
self.testapp = MaxTestApp(self)
self.create_user(test_manager)
def test_forbidden_access_to_security_settings(self):
"""
Given i'm a regular user
When i try to interact with security endpoints
Then i get a Forbidden Exception
"""
username = '******'
self.testapp.get('/admin/security', headers=oauth2Header(username), status=403)
self.testapp.get('/admin/security/users', headers=oauth2Header(username), status=403)
self.testapp.get('/admin/security/roles/Manager/users/test_manager', headers=oauth2Header(username), status=403)
self.testapp.post('/admin/security/roles/Manager/users/test_manager', headers=oauth2Header(username), status=403)
self.testapp.delete('/admin/security/roles/Manager/users/test_manager', headers=oauth2Header(username), status=403)
def test_access_to_security_settings(self):
"""
Given i'm a Manager user
When i try to interact with security endpoints
Then i suceed
"""
self.testapp.get('/admin/security', headers=oauth2Header(test_manager), status=200)
self.testapp.get('/admin/security/users', headers=oauth2Header(test_manager), status=200)
self.testapp.get('/admin/security/roles/Manager/users/test_manager', headers=oauth2Header(test_manager), status=200)
self.testapp.post('/admin/security/roles/Manager/users/test_manager', headers=oauth2Header(test_manager), status=200)
self.testapp.delete('/admin/security/roles/Manager/users/test_manager', headers=oauth2Header(test_manager), status=204)
class DeprecationTests(unittest.TestCase, MaxTestBase):
def setUp(self):
conf_dir = os.path.dirname(__file__)
self.app = loadapp('config:tests.ini', relative_to=conf_dir)
self.reset_database(self.app)
self.app.registry.max_store.security.insert(test_default_security)
self.patched_post = patch('requests.post', new=partial(mock_post, self))
self.patched_post.start()
self.testapp = MaxTestApp(self)
self.create_user(test_manager)
# Test deprecated Add people
def test_deprecated_request_create_user(self):
"""
Given a request to the deprecated POST /people/{username}
When the request is processed
Then the request is rewrited as POST /people
And the username is now in the body
And the displayName is preserved in the body
"""
res = self.testapp.post('/people/sheldon', json.dumps({"displayName": 'Sheldon'}), headers=oauth2Header(test_manager), status=201)
rewrited_request = res.request
rewrited_request_url = urlparse.urlparse(rewrited_request.url).path
self.assertEqual(rewrited_request_url, '/people')
self.assertEqual(res.json['username'], 'sheldon')
self.assertEqual(res.json['displayName'], 'Sheldon')
# Test deprecated subscribe user
def test_deprecated_subscribe_user(self):
"""
Given a request to the deprecated POST /people/{username}/subscriptions
When the request is processed
Then the request is rewrited as POST /contexts/{hash}/subscriptions
And the actor now is in the body
"""
from max.tests.mockers import create_context, subscribe_context
username = '******'
self.create_user(username)
res = self.create_context(create_context)
context_hash = res.json['hash']
res = self.testapp.post('/people/%s/subscriptions' % username, json.dumps(subscribe_context), oauth2Header(test_manager), status=201)
rewrited_request = res.request
rewrited_request_url = urlparse.urlparse(rewrited_request.url).path
self.assertEqual(rewrited_request_url, '/contexts/{}/subscriptions'.format(context_hash))
self.assertEqual(res.json['actor']['username'], 'sheldon')
self.assertEqual(res.json['actor']['objectType'], 'person')
# Test deprecated unsubscribe user
def test_deprecated_unsubscribe_user(self):
"""
Given a request to the deprecated DELETE /people/{username}/subscriptions
When the request is processed
Then the request is rewrited as DELETE /contexts/{hash}/subscriptions
And the actor now is in the body
"""
from max.tests.mockers import create_context, subscribe_context
username = '******'
self.create_user(username)
res = self.create_context(create_context)
context_hash = res.json['hash']
self.admin_subscribe_user_to_context(username, subscribe_context)
res = self.testapp.delete('/people/%s/subscriptions/%s' % (username, context_hash), "", oauth2Header(test_manager), status=204)
rewrited_request = res.request
rewrited_request_url = urlparse.urlparse(rewrited_request.url).path
self.assertEqual(rewrited_request_url, '/contexts/{}/subscriptions/{}'.format(context_hash, username))
# Test deprecated create context activity
def test_deprecated_user_post_activity_to_context(self):
"""
Given a request to the deprecated POST /people/{username}/activities
And the request has a "contexts" parameter
When the request is processed
Then the request is rewrited as POST /contexts/{hash}/activities
And the actor is in the body
and object is preserved in the body
"""
from max.tests.mockers import create_context, subscribe_context
from max.tests.mockers import user_status_context as activity
username = '******'
self.create_user(username)
res = self.create_context(create_context)
context_hash = res.json['hash']
self.admin_subscribe_user_to_context(username, subscribe_context)
res = self.testapp.post('/people/%s/activities' % username, json.dumps(activity), oauth2Header(username), status=201)
rewrited_request = res.request
rewrited_request_url = urlparse.urlparse(rewrited_request.url).path
self.assertEqual(rewrited_request_url, '/contexts/{}/activities'.format(context_hash))
self.assertEqual(res.json['actor']['username'], 'sheldon')
self.assertEqual(res.json['actor']['objectType'], 'person')
self.assertIn('object', res.json)
def test_deprecated_user_post_activity_to_context_without_context(self):
"""
Given a request to the deprecated POST /people/{username}/activities
And the request doesn't have a "contexts" parameter
When the request is processed
Then the request remains untouched
"""
from max.tests.mockers import create_context, subscribe_context
from max.tests.mockers import user_status as activity
username = '******'
self.create_user(username)
res = self.create_context(create_context)
context_hash = res.json['hash']
self.admin_subscribe_user_to_context(username, subscribe_context)
res = self.testapp.post('/people/sheldon/activities', json.dumps(activity), oauth2Header(username), status=201)
rewrited_request = res.request
rewrited_request_url = urlparse.urlparse(rewrited_request.url).path
self.assertEqual(rewrited_request_url, '/people/sheldon/activities'.format(context_hash))
self.assertNotIn('contexts', res.json)
# Test depreacted join conversation
def test_deprecated_join_conversation(self):
"""
Given a request to the deprecated POST /people/{user}/conversations/{id}
When the request is processed
Then the request is rewrited as DELETE /conversations/{id}/participants
And the actor is in the body
"""
from max.tests.mockers import group_message as message
sender = 'messi'
recipient = 'xavi'
recipient2 = 'shakira'
recipient3 = 'melendi'
self.create_user(sender)
self.create_user(recipient)
self.create_user(recipient2)
self.create_user(recipient3)
res = self.testapp.post('/conversations', json.dumps(message), oauth2Header(sender), status=201)
cid = str(res.json['contexts'][0]['id'])
res = self.testapp.post('/people/{}/conversations/{}'.format(recipient3, cid), '', oauth2Header(test_manager), status=201)
rewrited_request = res.request
rewrited_request_url = urlparse.urlparse(rewrited_request.url).path
self.assertEqual(rewrited_request_url, '/conversations/{}/participants'.format(cid))
self.assertEqual(res.json['actor']['username'], recipient3)
self.assertEqual(res.json['actor']['objectType'], 'person')
def test_deprecated_leave_conversation(self):
"""
Given a request to the deprecated DELETE /people/{user}/conversations/{id}
When the request is processed
Then the request is rewrited as DELETE /conversations/{id}/participants/{username}
And the url parameters are remapped
"""
from max.tests.mockers import group_message as message
sender = 'messi'
recipient = 'xavi'
recipient2 = 'shakira'
self.create_user(sender)
self.create_user(recipient)
self.create_user(recipient2)
res = self.testapp.post('/conversations', json.dumps(message), oauth2Header(sender), status=201)
cid = str(res.json['contexts'][0]['id'])
res = self.testapp.delete('/people/{}/conversations/{}'.format(recipient2, cid), '', oauth2Header(test_manager), status=204)
rewrited_request = res.request
rewrited_request_url = urlparse.urlparse(rewrited_request.url).path
self.assertEqual(rewrited_request_url, '/conversations/{}/participants/{}'.format(cid, recipient2))
def test_deprecated_add_token(self):
"""
Given a request to the deprecated POST /people/{user}/device/{platform}/{token}
When the request is processed
Then the request is rewrited as POST /tokens
And the token is injected in the request body
And the platform is injected in the reqeust body
And the response contains a Person instead of a Token
"""
username = '******'
self.create_user(username)
token = '000000000000000000'
platform = 'ios'
res = self.testapp.post('/people/{}/device/{}/{}'.format(username, platform, token), '', headers=oauth2Header(username), status=201)
rewrited_request = res.request
rewrited_request_url = urlparse.urlparse(rewrited_request.url).path
self.assertEqual(rewrited_request_url, '/tokens')
self.assertEqual(res.json['username'], username)
self.assertEqual(res.json['objectType'], 'person')
def test_deprecated_delete_token(self):
"""
Given a request to the deprecated DELETE /people/{user}/device/{platform}/{token}
When the request is processed
Then the request is rewrited as DELETE /tokens/{token}
And the token is injected in the body
And the platform is injected in the body
"""
username = '******'
self.create_user(username)
token = '000000000000000000'
platform = 'ios'
self.testapp.post('/people/{}/device/{}/{}'.format(username, platform, token), '', headers=oauth2Header(username), status=201)
res = self.testapp.delete('/people/{}/device/{}/{}'.format(username, platform, token), '', headers=oauth2Header(username), status=204)
rewrited_request = res.request
rewrited_request_url = urlparse.urlparse(rewrited_request.url).path
self.assertEqual(rewrited_request_url, '/tokens/{}'.format(token))
def test_deprecated_sortBy_parameter(self):
"""
Given a plain user
When I query ativities using old sortBy parameter
I get the expected result
THIS TEST IS A DUPLICATE OF max.tests.test_timeline_order_sorted_by_last_comment_publish_date
ONLY TO TEST THE TRANSLATION OF THE SORTBY PARAMETER
"""
from .mockers import user_status, user_comment
username = '******'
self.create_user(username)
activity_ids = []
# Create 7 activities to overpass limit of 5
for i in range(7):
activity_ids.append(self.create_activity(username, user_status, note=str(i)).json['id'])
res = self.testapp.post('/activities/%s/comments' % str(activity_ids[0]), json.dumps(user_comment), oauth2Header(username), status=201)
# Get first 5 results
res = self.testapp.get('/people/%s/timeline?sortBy=comments&limit=5' % username, "", oauth2Header(username), status=200)
self.assertEqual(len(res.json), 5)
self.assertEqual(res.json[0].get('id', None), activity_ids[0])
self.assertEqual(res.json[1].get('id', None), activity_ids[6])
self.assertEqual(res.json[2].get('id', None), activity_ids[5])
self.assertEqual(res.json[3].get('id', None), activity_ids[4])
self.assertEqual(res.json[4].get('id', None), activity_ids[3])
# get next 2 results
res = self.testapp.get('/people/%s/timeline?sortBy=comments&limit=5&before=%s' % (username, activity_ids[3]), "", oauth2Header(username), status=200)
self.assertEqual(len(res.json), 2)
self.assertEqual(res.json[0].get('id', None), activity_ids[2])
self.assertEqual(res.json[1].get('id', None), activity_ids[1])
class FunctionalTests(unittest.TestCase, MaxTestBase):
def setUp(self):
conf_dir = os.path.dirname(__file__)
self.app = loadapp('config:tests.ini', relative_to=conf_dir)
self.reset_database(self.app)
self.app.registry.max_store.security.insert(test_default_security)
self.patched_post = patch('requests.post', new=partial(mock_post, self))
self.patched_post.start()
self.testapp = MaxTestApp(self)
self.create_user(test_manager)
# BEGIN TESTS
def test_get_activities_order_sorted_by_last_comment_publish_date(self):
"""
Given a plain user
When I post activities on a context
and I comment on an old activity
Then in the comment-sorted activities, the commented activity becomes the first
"""
from .mockers import user_comment
from .mockers import user_status_context
from .mockers import subscribe_context, create_context
from .mockers import context_query
username = '******'
self.create_user(username)
self.create_context(create_context)
self.admin_subscribe_user_to_context(username, subscribe_context)
activity_0_id = self.create_activity(username, user_status_context).json['id']
activity_1_id = self.create_activity(username, user_status_context, note='Second').json['id']
activity_2_id = self.create_activity(username, user_status_context, note='Third').json['id']
res = self.testapp.post('/activities/%s/comments' % str(activity_1_id), json.dumps(user_comment), oauth2Header(username), status=201)
res = self.testapp.get('/contexts/%s/activities?sort=published' % (context_query['context']), '', oauth2Header(username), status=200)
self.assertEqual(len(res.json), 3)
self.assertEqual(res.json[0].get('id', None), activity_2_id)
self.assertEqual(res.json[1].get('id', None), activity_1_id)
self.assertEqual(res.json[2].get('id', None), activity_0_id)
def test_timeline_order_sorted_by_last_comment_publish_date(self):
"""
Given a plain user
When I post activities
and I comment on an old activity
Then in the comment-sorted timeline, the commented activity becomes the first
"""
from .mockers import user_status, user_comment
username = '******'
self.create_user(username)
activity_ids = []
# Create 7 activities to overpass limit of 5
for i in range(7):
activity_ids.append(self.create_activity(username, user_status, note=str(i)).json['id'])
res = self.testapp.post('/activities/%s/comments' % str(activity_ids[0]), json.dumps(user_comment), oauth2Header(username), status=201)
# Get first 5 results
res = self.testapp.get('/people/%s/timeline?sort=published&priority=comments&limit=5' % username, "", oauth2Header(username), status=200)
self.assertEqual(len(res.json), 5)
self.assertEqual(res.json[0].get('id', None), activity_ids[0])
self.assertEqual(res.json[1].get('id', None), activity_ids[6])
self.assertEqual(res.json[2].get('id', None), activity_ids[5])
self.assertEqual(res.json[3].get('id', None), activity_ids[4])
self.assertEqual(res.json[4].get('id', None), activity_ids[3])
# get next 2 results
res = self.testapp.get('/people/%s/timeline?sort=published&priority=comments&limit=5&before=%s' % (username, activity_ids[3]), "", oauth2Header(username), status=200)
self.assertEqual(len(res.json), 2)
self.assertEqual(res.json[0].get('id', None), activity_ids[2])
self.assertEqual(res.json[1].get('id', None), activity_ids[1])
def test_timeline_order_sorted_by_last_comment_publish_date_when_delete_comment(self):
"""
Given a plain user
When I post activities
and I comment on an old activity
and I delete comment on an old activity
Then in the comment-sorted timeline
"""
from .mockers import user_status, user_comment
username = '******'
self.create_user(username)
activity_ids = []
# Create 7 activities to overpass limit of 5
for i in range(7):
activity_ids.append(self.create_activity(username, user_status, note=str(i)).json['id'])
res = self.testapp.post('/activities/%s/comments' % str(activity_ids[0]), json.dumps(user_comment), oauth2Header(username), status=201)
comment_id = res.json['id']
# Delete comment
res = self.testapp.delete('/activities/%s/comments/%s' % (str(activity_ids[0]), comment_id), '', oauth2Header(username), status=204)
# Get first 5 results
res = self.testapp.get('/people/%s/timeline?sort=published&priority=comments&limit=5' % username, "", oauth2Header(username), status=200)
self.assertEqual(len(res.json), 5)
self.assertEqual(res.json[0].get('id', None), activity_ids[6])
self.assertEqual(res.json[1].get('id', None), activity_ids[5])
self.assertEqual(res.json[2].get('id', None), activity_ids[4])
self.assertEqual(res.json[3].get('id', None), activity_ids[3])
self.assertEqual(res.json[4].get('id', None), activity_ids[2])
# get next 2 results
res = self.testapp.get('/people/%s/timeline?sort=published&priority=comments&limit=5&before=%s' % (username, activity_ids[3]), "", oauth2Header(username), status=200)
self.assertEqual(len(res.json), 3)
self.assertEqual(res.json[0].get('id', None), activity_ids[2])
self.assertEqual(res.json[1].get('id', None), activity_ids[1])
self.assertEqual(res.json[2].get('id', None), activity_ids[0])
def test_timeline_order_sorted_by_last_comment_publish_date_when_delete_one_comment(self):
"""
Given a plain user
When I post activities
and I comment on an old activity
and I delete comment on an old activity
Then in the comment-sorted timeline
"""
from .mockers import user_status, user_comment
username = '******'
self.create_user(username)
activity_ids = []
# Create 7 activities to overpass limit of 5
for i in range(7):
activity_ids.append(self.create_activity(username, user_status, note=str(i)).json['id'])
res = self.testapp.post('/activities/%s/comments' % str(activity_ids[0]), json.dumps(user_comment), oauth2Header(username), status=201)
comment_id = res.json['id']
self.testapp.post('/activities/%s/comments' % str(activity_ids[0]), json.dumps(user_comment), oauth2Header(username), status=201)
self.testapp.post('/activities/%s/comments' % str(activity_ids[0]), json.dumps(user_comment), oauth2Header(username), status=201)
# Delete comment
res = self.testapp.delete('/activities/%s/comments/%s' % (str(activity_ids[0]), comment_id), '', oauth2Header(username), status=204)
# Get first 5 results
res = self.testapp.get('/people/%s/timeline?sort=published&priority=comments&limit=5' % username, "", oauth2Header(username), status=200)
self.assertEqual(len(res.json), 5)
self.assertEqual(res.json[0].get('id', None), activity_ids[0])
self.assertEqual(res.json[1].get('id', None), activity_ids[6])
self.assertEqual(res.json[2].get('id', None), activity_ids[5])
self.assertEqual(res.json[3].get('id', None), activity_ids[4])
self.assertEqual(res.json[4].get('id', None), activity_ids[3])
# get next 2 results
res = self.testapp.get('/people/%s/timeline?sort=published&priority=comments&limit=5&before=%s' % (username, activity_ids[3]), "", oauth2Header(username), status=200)
self.assertEqual(len(res.json), 2)
self.assertEqual(res.json[0].get('id', None), activity_ids[2])
self.assertEqual(res.json[1].get('id', None), activity_ids[1])
def test_timeline_order_sorted_by_activity_publish_date(self):
"""
Given a plain user
When I post activities
and I comment on an old activity
Then in the activities-sorted timeline, the order equals the activity order
"""
from .mockers import user_status, user_comment
username = '******'
self.create_user(username)
activity_0_id = self.create_activity(username, user_status).json['id']
activity_1_id = self.create_activity(username, user_status, note="second").json['id']
activity_2_id = self.create_activity(username, user_status, note="third").json['id']
res = self.testapp.post('/activities/%s/comments' % str(activity_1_id), json.dumps(user_comment), oauth2Header(username), status=201)
res = self.testapp.get('/people/%s/timeline?sort=published' % username, "", oauth2Header(username), status=200)
self.assertEqual(len(res.json), 3)
self.assertEqual(res.json[0].get('id', None), activity_2_id)
self.assertEqual(res.json[1].get('id', None), activity_1_id)
self.assertEqual(res.json[2].get('id', None), activity_0_id)
class FunctionalTests(unittest.TestCase, MaxTestBase):
def setUp(self):
conf_dir = os.path.dirname(__file__)
self.app = loadapp('config:tests.ini', relative_to=conf_dir)
self.reset_database(self.app)
self.app.registry.max_store.security.insert(test_default_security)
self.patched_post = patch('requests.post', new=partial(mock_post, self))
self.patched_post.start()
self.testapp = MaxTestApp(self)
self.create_user(test_manager)
# BEGIN TESTS
def test_has_remaining_items(self):
"""
Given there are more than 10 users
When i query 10 users
I get a X-Has-Remaining-Items header
"""
# Create 9 users + 1 already existing (test_manager)
for i in range(10):
self.create_user('user-{}'.format(i))
res = self.testapp.get('/people', headers=oauth2Header(test_manager), status=200)
self.assertEqual(len(res.json), 10)
self.assertEqual(res.headers['X-Has-Remaining-Items'], '1')
def test_not_has_remaining_items_wihout_limit(self):
"""
Given there are more than 10 users
When i query unlimited users
I don't get a X-Has-Remaining-Items header
"""
# Create 9 users + 1 already existing (test_manager)
for i in range(10):
self.create_user('user-{}'.format(i))
res = self.testapp.get('/people?limit=0', headers=oauth2Header(test_manager), status=200)
self.assertEqual(len(res.json), 11)
self.assertNotIn('X-Has-Remaining-Items', res.headers)
def test_not_has_remaining_items(self):
"""
Given there are exactly 10 users
When i query 10 users
I don't get a X-Has-Remaining-Items header
"""
# Create 9 users + 1 already existing (test_manager)
for i in range(9):
self.create_user('user-{}'.format(i))
res = self.testapp.get('/people', headers=oauth2Header(test_manager), status=200)
self.assertEqual(len(res.json), 10)
self.assertNotIn('X-Has-Remaining-Items', res.headers)
def test_activities_keyword_generation(self):
"""
Tests that all words passing regex are included in keywords
Tests that username that creates the activity is included in keywords
Tests that displayName of user that creates the activity is included in keywords
Tests that username that creates the comment is included in keywords
Tests that displayName of user that creates the comment is included in keywords
Tests that a keyword of a comment is included in keywords
"""
from .mockers import create_context
from .mockers import subscribe_context, user_status_context, user_comment
username = '******'
username2 = 'xavi'
self.create_user(username, displayName="Lionel Messi")
self.create_user(username2, displayName="Xavi Hernandez")
self.create_context(create_context, permissions=dict(read='public', write='subscribed', subscribe='restricted', invite='restricted'))
self.admin_subscribe_user_to_context(username, subscribe_context)
self.admin_subscribe_user_to_context(username2, subscribe_context)
activity = self.create_activity(username, user_status_context).json
res = self.testapp.post('/activities/%s/comments' % str(activity['id']), json.dumps(user_comment), oauth2Header(username2), status=201)
res = self.testapp.get('/activities/%s' % str(activity['id']), json.dumps({}), oauth2Header(username), status=200)
expected_keywords = [u'activitat', u'canvi', u'comentari', u'creaci\xf3', u'estatus', u'hernandez', u'lionel', u'messi', u'nou', u'testejant', u'una', u'xavi']
response_keywords = res.json['keywords']
response_keywords.sort()
self.assertListEqual(response_keywords, expected_keywords)
def test_activities_keyword_generation_after_comment_delete(self):
"""
test that the keywords supplied by a comment disappers from activity when deleting the comment
"""
from .mockers import create_context
from .mockers import subscribe_context, user_status_context, user_comment
username = '******'
username2 = 'xavi'
self.create_user(username, displayName="Lionel Messi")
self.create_user(username2, displayName="Xavi Hernandez")
self.create_context(create_context, permissions=dict(read='public', write='subscribed', subscribe='restricted', invite='restricted'))
self.admin_subscribe_user_to_context(username, subscribe_context)
self.admin_subscribe_user_to_context(username2, subscribe_context)
activity = self.create_activity(username, user_status_context).json
res = self.testapp.post('/activities/%s/comments' % str(activity['id']), json.dumps(user_comment), oauth2Header(username2), status=201)
comment_id = res.json['id']
res = self.testapp.delete('/activities/%s/comments/%s' % (str(activity['id']), comment_id), "", oauth2Header(username2), status=204)
res = self.testapp.get('/activities/%s' % str(activity['id']), json.dumps({}), oauth2Header(username), status=200)
expected_keywords = [u'canvi', u'creaci\xf3', u'estatus', u'lionel', u'messi', u'testejant']
response_keywords = res.json['keywords']
response_keywords.sort()
self.assertListEqual(response_keywords, expected_keywords)
def test_activities_hashtag_generation(self):
"""
Tests that all hashtags passing regex are included in _hashtags
Tests that a hashtag of a comment is included in hashtags
"""
from .mockers import create_context
from .mockers import subscribe_context, user_status_context_with_hashtag, user_comment_with_hashtag
username = '******'
self.create_user(username)
self.create_context(create_context, permissions=dict(read='public', write='subscribed', subscribe='restricted', invite='restricted'))
self.admin_subscribe_user_to_context(username, subscribe_context)
res = self.create_activity(username, user_status_context_with_hashtag)
activity = json.loads(res.text)
res = self.testapp.post('/activities/%s/comments' % str(activity.get('id')), json.dumps(user_comment_with_hashtag), oauth2Header(username), status=201)
res = self.testapp.get('/activities/%s' % str(activity.get('id')), json.dumps({}), oauth2Header(username), status=200)
result = json.loads(res.text)
expected_hashtags = [u'canvi', u'comentari', u'nou']
self.assertListEqual(result['object']['hashtags'], expected_hashtags)
def test_context_activities_hashtag_search(self):
"""
"""
from .mockers import context_query
from .mockers import create_context
from .mockers import subscribe_context, user_status_context
username = '******'
self.create_user(username)
self.create_context(create_context, permissions=dict(read='public', write='subscribed', subscribe='restricted', invite='restricted'))
self.admin_subscribe_user_to_context(username, subscribe_context)
self.create_activity(username, user_status_context)
self.create_activity(username, user_status_context, note='text with hashtag #test')
res = self.testapp.get('/contexts/%s/activities?hashtag=test' % (context_query['context']), '', oauth2Header(username), status=200)
result = json.loads(res.text)
self.assertEqual(len(result), 1)
def test_context_activities_keyword_search(self):
"""
"""
from .mockers import context_query
from .mockers import context_query_kw_search
from .mockers import create_context
from .mockers import subscribe_context, user_status_context
username = '******'
self.create_user(username)
self.create_context(create_context, permissions=dict(read='public', write='subscribed', subscribe='restricted', invite='restricted'))
self.admin_subscribe_user_to_context(username, subscribe_context)
self.create_activity(username, user_status_context)
res = self.testapp.get('/contexts/%s/activities' % (context_query['context']), context_query_kw_search, oauth2Header(username), status=200)
result = json.loads(res.text)
self.assertEqual(len(result), 1)
def test_context_comments_keyword_search(self):
"""
"""
from .mockers import create_context
from .mockers import subscribe_context, user_status_context
from .mockers import user_comment
username = '******'
self.create_user(username)
self.create_context(create_context, permissions=dict(read='public', write='subscribed', subscribe='restricted', invite='restricted'))
self.admin_subscribe_user_to_context(username, subscribe_context)
self.create_activity(username, user_status_context)
activity_1_id = self.create_activity(username, user_status_context, note='Second activity').json['id']
res = self.testapp.post('/activities/%s/comments' % activity_1_id, json.dumps(user_comment), oauth2Header(username), status=201)
res = self.testapp.get('/activities/comments', {'keyword': ['comentari']}, oauth2Header(test_manager), status=200)
result = json.loads(res.text)
self.assertEqual(len(result), 1)
self.assertEqual(result[0]['object']['inReplyTo'][0]['id'], activity_1_id)
def test_context_activities_actor_search(self):
"""
"""
from .mockers import context_query
from .mockers import create_context
from .mockers import subscribe_context, user_status_context
username = '******'
self.create_user(username)
username2 = 'xavi'
self.create_user(username2)
self.create_context(create_context, permissions=dict(read='public', write='subscribed', subscribe='restricted', invite='restricted'))
self.admin_subscribe_user_to_context(username, subscribe_context)
self.admin_subscribe_user_to_context(username2, subscribe_context)
self.create_activity(username, user_status_context)
self.create_activity(username, user_status_context, note="second")
self.create_activity(username2, user_status_context)
res = self.testapp.get('/contexts/%s/activities?actor=%s' % (context_query['context'], username), '', oauth2Header(username), status=200)
result = json.loads(res.text)
self.assertEqual(len(result), 2)
self.assertEqual(result[0].get('actor', None).get('username'), 'messi')
self.assertEqual(result[1].get('actor', None).get('username'), 'messi')
def test_timeline_activities_actor_search(self):
"""
"""
from .mockers import create_context
from .mockers import subscribe_context, user_status_context
username = '******'
self.create_user(username)
username2 = 'xavi'
self.create_user(username2)
self.create_context(create_context, permissions=dict(read='public', write='subscribed', subscribe='restricted', invite='restricted'))
self.admin_subscribe_user_to_context(username, subscribe_context)
self.admin_subscribe_user_to_context(username2, subscribe_context)
self.create_activity(username, user_status_context)
self.create_activity(username, user_status_context, note="second")
self.create_activity(username2, user_status_context)
self.create_activity(username2, user_status_context, note="second")
res = self.testapp.get('/people/%s/timeline?actor=%s' % (username, username), '', oauth2Header(username), status=200)
result = json.loads(res.text)
self.assertEqual(len(result), 2)
self.assertEqual(result[0].get('actor', None).get('username'), 'messi')
self.assertEqual(result[1].get('actor', None).get('username'), 'messi')
def test_timeline_user_filter_activities_by_other_actor_and_not_permission_in_community(self):
"""
"""
from .mockers import create_context, create_contextA
from .mockers import subscribe_context, user_status_context
username = '******'
self.create_user(username)
username2 = 'xavi'
self.create_user(username2)
self.create_context(create_context, permissions=dict(read='public', write='subscribed', subscribe='restricted', invite='restricted'))
self.admin_subscribe_user_to_context(username, subscribe_context)
self.create_activity(username, user_status_context)
self.create_activity(username, user_status_context, note="second")
res = self.testapp.get('/people/%s/timeline?actor=%s' % (username2, username), '', oauth2Header(username2), status=200)
result = json.loads(res.text)
self.assertEqual(len(result), 0)
def test_timeline_user_filter_activities_by_other_actor_and_have_permission_community(self):
"""
"""
from .mockers import create_context, create_contextA
from .mockers import subscribe_context, user_status_context
username = '******'
self.create_user(username)
username2 = 'xavi'
self.create_user(username2)
self.create_context(create_context, permissions=dict(read='public', write='subscribed', subscribe='restricted', invite='restricted'))
self.admin_subscribe_user_to_context(username, subscribe_context)
self.admin_subscribe_user_to_context(username2, subscribe_context)
self.create_activity(username, user_status_context)
self.create_activity(username, user_status_context, note="second")
res = self.testapp.get('/people/%s/timeline?actor=%s' % (username2, username), '', oauth2Header(username2), status=200)
result = json.loads(res.text)
self.assertEqual(len(result), 2)
self.assertEqual(result[0].get('actor', None).get('username'), 'messi')
self.assertEqual(result[1].get('actor', None).get('username'), 'messi')
def test_contexts_search(self):
"""
Given an admin user
When I search for all contexts
Then I get them all
"""
from .mockers import create_context, create_contextA, create_contextB
self.create_context(create_context)
self.create_context(create_contextA)
self.create_context(create_contextB)
res = self.testapp.get('/contexts', '', oauth2Header(test_manager), status=200)
self.assertEqual(len(res.json), 3)
def test_contexts_search_with_tags(self):
"""
Given an admin user
When I search for contexts with a tag
Then I get tthe ones with that tag
"""
from .mockers import create_context, create_contextA, create_contextB
from .mockers import context_search_by_tags
self.create_context(create_context) # Tagged "Assignatura"
self.create_context(create_contextA) # Tagged "Assignatura"
self.create_context(create_contextB) # Not tagged
res = self.testapp.get('/contexts?tags', context_search_by_tags, oauth2Header(test_manager), status=200)
self.assertEqual(len(res.json), 2)
def test_public_contexts_search_with_tags(self):
"""
Given a plain user
When I search for public contexts with a tag
Then I get the ones with that tag
"""
from .mockers import create_context, create_contextA, create_contextB
from .mockers import context_search_by_tags
username = '******'
self.create_user(username)
self.create_context(create_context)
self.create_context(create_contextA, permissions=dict(read='subscribed', write='subscribed', subscribe='restricted', invite='subscribed'))
self.create_context(create_contextB)
res = self.testapp.get('/contexts/public?tags', context_search_by_tags, oauth2Header(username), status=200)
self.assertEqual(len(res.json), 1)
def test_search_with_invalid_parameters(self):
"""
Given a plain user
When I do a search with invalid parameters
Then I get a Bad Request Error
"""
username = '******'
self.create_user(username)
fake_id = '519200000000000000000000'
self.testapp.get('/people?limit=a', '', oauth2Header(username), status=400)
self.testapp.get('/people?after=0', '', oauth2Header(username), status=400)
self.testapp.get('/people?before=0', '', oauth2Header(username), status=400)
self.testapp.get('/people?before={0}&after={0}'.format(fake_id), '', oauth2Header(username), status=400)
def test_context_timeline_favorites_search(self):
"""
"""
from .mockers import create_context
from .mockers import subscribe_context, user_status_context
username = '******'
self.create_user(username)
username2 = 'xavi'
self.create_user(username2)
self.create_context(create_context, permissions=dict(read='public', write='subscribed', subscribe='restricted', invite='restricted'))
self.admin_subscribe_user_to_context(username, subscribe_context)
self.admin_subscribe_user_to_context(username2, subscribe_context)
res = self.create_activity(username, user_status_context)
activity1_id = res.json['id']
self.create_activity(username, user_status_context, note="second")
res = self.create_activity(username2, user_status_context)
activity3_id = res.json['id']
self.create_activity(username2, user_status_context, note="second")
self.favorite_activity(username, activity1_id)
self.favorite_activity(username, activity3_id)
res = self.testapp.get('/people/%s/timeline?favorites=true' % (username), '', oauth2Header(username), status=200)
self.assertEqual(len(res.json), 2)
self.assertEqual(res.json[0]['id'], activity3_id)
self.assertEqual(res.json[1]['id'], activity1_id)
class FunctionalTests(unittest.TestCase, MaxTestBase):
def setUp(self):
conf_dir = os.path.dirname(__file__)
self.app = loadapp('config:tests.ini', relative_to=conf_dir)
self.reset_database(self.app)
self.app.registry.max_store.security.insert(test_default_security)
self.patched_post = patch('requests.post', new=partial(mock_post, self))
self.patched_post.start()
self.testapp = MaxTestApp(self)
self.create_user(test_manager)
# BEGIN TESTS
def test_favorite_activity(self):
"""
Given a plain user
and a regular context
When i post an activity in a context
Then someone else can favorite this activity
"""
from .mockers import user_status_context
from .mockers import subscribe_context, create_context
username = '******'
username_not_me = 'xavi'
self.create_user(username)
self.create_user(username_not_me)
self.create_context(create_context)
self.admin_subscribe_user_to_context(username, subscribe_context)
self.admin_subscribe_user_to_context(username_not_me, subscribe_context)
res = self.create_activity(username, user_status_context)
activity_id = res.json['id']
res = self.testapp.post('/activities/%s/favorites' % activity_id, '', oauth2Header(username_not_me), status=201)
activity = self.testapp.get('/activities/%s' % activity_id, '', oauth2Header(username), status=200)
self.assertEqual(res.json['object']['favorites'][0]['username'], username_not_me)
self.assertEqual(res.json['object']['favorited'], True)
self.assertEqual(res.json['object']['favoritesCount'], 1)
self.assertEqual(activity.json['favorites'][0]['username'], username_not_me)
self.assertEqual(activity.json['favorited'], False)
self.assertEqual(activity.json['favoritesCount'], 1)
def test_favorite_already_favorited_activity(self):
"""
Given a plain user
and a regular context
When i post an activity in a context
And someone favorites this activity
Then this someone else can't favorite twice this activity
"""
from .mockers import user_status_context
from .mockers import subscribe_context, create_context
username = '******'
username_not_me = 'xavi'
self.create_user(username)
self.create_user(username_not_me)
self.create_context(create_context)
self.admin_subscribe_user_to_context(username, subscribe_context)
self.admin_subscribe_user_to_context(username_not_me, subscribe_context)
res = self.create_activity(username, user_status_context)
activity_id = res.json['id']
res = self.testapp.post('/activities/%s/favorites' % activity_id, '', oauth2Header(username_not_me), status=201)
res = self.testapp.post('/activities/%s/favorites' % activity_id, '', oauth2Header(username_not_me), status=200)
self.assertEqual(res.json['object']['favorites'][0]['username'], username_not_me)
self.assertEqual(res.json['object']['favorited'], True)
self.assertEqual(res.json['object']['favoritesCount'], 1)
def test_unfavorite_activity(self):
"""
Given a plain user
and a regular context
When i post an activity in a context
Then someone else can remove previously favorite mark from this activity
"""
from .mockers import user_status_context
from .mockers import subscribe_context, create_context
username = '******'
username_not_me = 'xavi'
self.create_user(username)
self.create_user(username_not_me)
self.create_context(create_context)
self.admin_subscribe_user_to_context(username, subscribe_context)
self.admin_subscribe_user_to_context(username_not_me, subscribe_context)
res = self.create_activity(username, user_status_context)
activity_id = res.json['id']
res = self.testapp.post('/activities/%s/favorites' % activity_id, '', oauth2Header(username_not_me), status=201)
res = self.testapp.delete('/activities/%s/favorites/%s' % (activity_id, username_not_me), '', oauth2Header(username_not_me), status=200)
activity = self.testapp.get('/activities/%s' % activity_id, '', oauth2Header(username), status=200)
self.assertEqual(res.json['object']['favorites'], [])
self.assertEqual(res.json['object']['favorited'], False)
self.assertEqual(res.json['object']['favoritesCount'], 0)
self.assertEqual(activity.json['favorites'], [])
self.assertEqual(activity.json['favorited'], False)
self.assertEqual(activity.json['favoritesCount'], 0)
def test_favorite_activity_by_various(self):
"""
Given a plain user
and a regular context
When i post an activity in a context
Then someone else can favorite this activity
and i also can favorite it
"""
from .mockers import user_status_context
from .mockers import subscribe_context, create_context
username = '******'
username_not_me = 'xavi'
self.create_user(username)
self.create_user(username_not_me)
self.create_context(create_context)
self.admin_subscribe_user_to_context(username, subscribe_context)
self.admin_subscribe_user_to_context(username_not_me, subscribe_context)
res = self.create_activity(username, user_status_context)
activity_id = res.json['id']
res = self.testapp.post('/activities/%s/favorites' % activity_id, '', oauth2Header(username_not_me), status=201)
res = self.testapp.post('/activities/%s/favorites' % activity_id, '', oauth2Header(username), status=201)
self.assertEqual(res.json['object']['favorites'][0]['username'], username_not_me)
self.assertEqual(res.json['object']['favorites'][1]['username'], username)
self.assertEqual(res.json['object']['favorited'], True)
self.assertEqual(res.json['object']['favoritesCount'], 2)
def test_unfavorite_activity_get_other_favorites(self):
"""
Given a plain user
and a regular context
When i post an activity in a context
And varius users favorite it
And someone unfavorite it
Then someone who unfavorite this activity
and the rest of favorites remains
"""
from .mockers import user_status_context
from .mockers import subscribe_context, create_context
username = '******'
username_not_me = 'xavi'
self.create_user(username)
self.create_user(username_not_me)
self.create_context(create_context)
self.admin_subscribe_user_to_context(username, subscribe_context)
self.admin_subscribe_user_to_context(username_not_me, subscribe_context)
res = self.create_activity(username, user_status_context)
activity_id = res.json['id']
res = self.testapp.post('/activities/%s/favorites' % activity_id, '', oauth2Header(username_not_me), status=201)
res = self.testapp.post('/activities/%s/favorites' % activity_id, '', oauth2Header(username), status=201)
res = self.testapp.delete('/activities/%s/favorites/%s' % (activity_id, username_not_me), '', oauth2Header(username_not_me), status=200)
self.assertEqual(res.json['object']['favorites'][0]['username'], username)
self.assertEqual(res.json['object']['favorited'], False)
self.assertEqual(res.json['object']['favoritesCount'], 1)
class FunctionalTests(unittest.TestCase, MaxTestBase):
def setUp(self):
conf_dir = os.path.dirname(__file__)
self.app = loadapp("config:tests.ini", relative_to=conf_dir)
self.reset_database(self.app)
self.app.registry.max_store.security.insert(test_default_security)
self.patched_post = patch("requests.post", new=partial(mock_post, self))
self.patched_post.start()
self.testapp = MaxTestApp(self)
self.create_user(test_manager)
# BEGIN TESTS
def test_subscribe_user_to_context(self):
from .mockers import create_context
from .mockers import subscribe_context
username = "******"
self.create_user(username)
self.create_context(
create_context,
permissions=dict(read="public", write="restricted", subscribe="restricted", invite="restricted"),
)
self.testapp.post(
"/people/%s/subscriptions" % username, json.dumps(subscribe_context), oauth2Header(test_manager), status=201
)
def test_subscribe_to_context(self):
""" doctest .. http:post:: /people/{username}/subscriptions """
from .mockers import subscribe_context
from .mockers import user_status_context
from .mockers import create_context
username = "******"
self.create_user(username)
self.create_context(create_context)
self.admin_subscribe_user_to_context(username, subscribe_context)
res = self.create_activity(username, user_status_context)
result = json.loads(res.text)
self.assertEqual(result.get("actor", None).get("username", None), "messi")
self.assertEqual(result.get("object", None).get("objectType", None), "note")
self.assertEqual(result.get("contexts", None)[0]["url"], subscribe_context["object"]["url"])
def test_subscribe_to_context_already_subscribed(self):
from .mockers import subscribe_context
from .mockers import user_status_context
from .mockers import create_context
username = "******"
self.create_user(username)
self.create_context(create_context)
self.admin_subscribe_user_to_context(username, subscribe_context)
self.admin_subscribe_user_to_context(username, subscribe_context, expect=200)
res = self.create_activity(username, user_status_context)
result = json.loads(res.text)
self.assertEqual(result.get("actor", None).get("username", None), "messi")
self.assertEqual(result.get("object", None).get("objectType", None), "note")
self.assertEqual(result.get("contexts", None)[0]["url"], subscribe_context["object"]["url"])
def test_subscribe_to_inexistent_context(self):
from .mockers import subscribe_context
username = "******"
self.create_user(username)
res = self.admin_subscribe_user_to_context(username, subscribe_context, expect=404)
result = json.loads(res.text)
self.assertEqual(result.get("error", None), "ObjectNotFound")
def test_get_all_subscribed_contexts_for_user(self):
""" doctest .. http:get:: /people/{username}/subscriptions """
from .mockers import create_context
from .mockers import subscribe_contextA, create_contextA
from .mockers import subscribe_contextB, create_contextB
username = "******"
username_not_me = "xavi"
self.create_user(username)
self.create_user(username_not_me)
self.create_context(
create_context,
permissions=dict(read="public", write="restricted", subscribe="restricted", invite="restricted"),
)
self.create_context(
create_contextA,
permissions=dict(read="subscribed", write="subscribed", subscribe="restricted", invite="restricted"),
)
self.create_context(
create_contextB,
permissions=dict(read="subscribed", write="subscribed", subscribe="restricted", invite="restricted"),
)
self.admin_subscribe_user_to_context(username, subscribe_contextA)
self.admin_subscribe_user_to_context(username_not_me, subscribe_contextA)
self.admin_subscribe_user_to_context(username, subscribe_contextB)
res = self.testapp.get("/people/%s/subscriptions" % username, "", oauth2Header(username), status=200)
result = json.loads(res.text)
self.assertEqual(len(result), 2)
self.assertEqual(result[0].get("url"), "http://atenea.upc.edu/A")
self.assertEqual(result[1].get("url"), "http://atenea.upc.edu/B")
def test_get_all_subscribed_contexts_for_user_by_tag(self):
""" doctest .. http:get:: /people/{username}/subscriptions """
from .mockers import create_context
from .mockers import subscribe_contextA, create_contextA
from .mockers import subscribe_contextB, create_contextB
username = "******"
username_not_me = "xavi"
self.create_user(username)
self.create_user(username_not_me)
self.create_context(
create_context,
permissions=dict(read="public", write="restricted", subscribe="restricted", invite="restricted"),
)
self.create_context(
create_contextA,
permissions=dict(read="subscribed", write="subscribed", subscribe="restricted", invite="restricted"),
)
self.create_context(
create_contextB,
permissions=dict(read="subscribed", write="subscribed", subscribe="restricted", invite="restricted"),
)
self.admin_subscribe_user_to_context(username, subscribe_contextA)
self.admin_subscribe_user_to_context(username_not_me, subscribe_contextA)
self.admin_subscribe_user_to_context(username, subscribe_contextB)
res = self.testapp.get(
"/people/%s/subscriptions" % username, {"tags": ["Assignatura"]}, oauth2Header(username), status=200
)
result = json.loads(res.text)
self.assertEqual(len(result), 1)
self.assertEqual(result[0].get("url"), "http://atenea.upc.edu/A")
def test_get_all_subscribed_contexts_tagged_for_user(self):
""" doctest .. http:get:: /people/{username}/subscriptions """
from .mockers import subscribe_contextA, create_contextA
from .mockers import subscribe_contextB, create_contextB
username = "******"
self.create_user(username)
self.create_context(
create_contextA,
permissions=dict(read="subscribed", write="subscribed", subscribe="restricted", invite="restricted"),
)
self.create_context(
create_contextB,
permissions=dict(read="subscribed", write="subscribed", subscribe="restricted", invite="restricted"),
)
self.admin_subscribe_user_to_context(username, subscribe_contextA)
self.admin_subscribe_user_to_context(username, subscribe_contextB)
res = self.testapp.get(
"/people/%s/subscriptions" % username, {"tags": ["Assignatura"]}, oauth2Header(username), status=200
)
result = json.loads(res.text)
self.assertEqual(len(result), 1)
self.assertEqual(result[0].get("url"), "http://atenea.upc.edu/A")
def test_get_subscriptions_from_another_user(self):
"""
Given a plain user
When I try to get another user subscriptions list
Then i get an Forbidden error
"""
from .mockers import create_context
from .mockers import subscribe_context
username = "******"
self.create_user(username)
username2 = "xavi"
self.create_user(username2)
self.create_context(
create_context,
permissions=dict(read="subscribed", write="subscribed", subscribe="restricted", invite="restricted"),
)
self.admin_subscribe_user_to_context(username, subscribe_context, expect=201)
self.testapp.get("/people/%s/subscriptions" % username, {}, oauth2Header(username2), status=403)
def test_subcribe_to_restricted_context_as_plain_user(self):
"""
Given a plain user
When I subscribe to a public subscription context
Then i get an Forbidden error
"""
from .mockers import create_context
from .mockers import subscribe_context
username = "******"
self.create_user(username)
self.create_context(
create_context,
permissions=dict(read="subscribed", write="subscribed", subscribe="restricted", invite="restricted"),
)
self.user_subscribe_user_to_context(username, subscribe_context, expect=403)
def test_subscribe_to_public_context_as_plain_user(self):
"""
Given a plain user
When I subscribe to a public subscription context
Then the subscription is created
And I will be able to unsubscribe in the future
"""
from .mockers import create_context
from .mockers import subscribe_context
username = "******"
self.create_user(username)
self.create_context(
create_context,
permissions=dict(read="subscribed", write="subscribed", subscribe="public", invite="restricted"),
)
res = self.testapp.post(
"/people/%s/subscriptions" % username, json.dumps(subscribe_context), oauth2Header(username), status=201
)
res = self.testapp.get("/people/%s/subscriptions" % username, "", oauth2Header(username), status=200)
result = json.loads(res.text)
self.assertIn("unsubscribe", result[0]["permissions"])
def test_subscribe_to_public_context_as_plain_user_already_subscribed(self):
"""
Given a plain user
When I subscribe to a public subscription context
And I am already subscribed
Then the subscription is returned
"""
from .mockers import create_context
from .mockers import subscribe_context
username = "******"
self.create_user(username)
self.create_context(
create_context,
permissions=dict(read="subscribed", write="subscribed", subscribe="public", invite="restricted"),
)
self.user_subscribe_user_to_context(username, subscribe_context, expect=201)
self.user_subscribe_user_to_context(username, subscribe_context, expect=200)
def test_list_all_public_subcribable_contexts(self):
"""
Given a plain user
When i look for public contexts
Then i get a list with only the public ones
"""
from .mockers import create_context, create_contextA
username = "******"
self.create_user(username)
self.create_context(
create_context,
permissions=dict(read="subscribed", write="subscribed", subscribe="public", invite="restricted"),
)
self.create_context(
create_contextA,
permissions=dict(read="subscribed", write="subscribed", subscribe="restricted", invite="restricted"),
)
res = self.testapp.get("/contexts/public", {}, oauth2Header(username), status=200)
result = json.loads(res.text)
self.assertEqual(len(result), 1)
def test_unsubscribe_from_inexistent_subscription_as_plain_user(self):
"""
Given a plain user
When I try to unsubscribe from a context
And I'm not subscribed to that context
Then I get a not found error
"""
from .mockers import create_context
username = "******"
self.create_user(username)
self.create_context(
create_context,
permissions=dict(read="subscribed", write="subscribed", subscribe="public", invite="restricted"),
)
url_hash = sha1(create_context["url"]).hexdigest()
self.testapp.delete(
"/people/%s/subscriptions/%s" % (username, url_hash), {}, oauth2Header(username), status=403
)
def test_unsubscribe_from_inexistent_subscription_as_admin(self):
"""
As an admin user
When I try to unsubscribe a user from a context
And the user is not subscribed to that context
Then I get a not found error
"""
from .mockers import create_context
username = "******"
self.create_user(username)
self.create_context(
create_context,
permissions=dict(read="subscribed", write="subscribed", subscribe="public", invite="restricted"),
)
url_hash = sha1(create_context["url"]).hexdigest()
self.testapp.delete(
"/people/%s/subscriptions/%s" % (username, url_hash), {}, oauth2Header(test_manager), status=404
)
def test_unsubscribe_from_restricted_context_as_plain_user(self):
"""
Given a plain user
When I try to unsubscribe from a restricted subscription context
Then i get an authorization error
"""
from .mockers import create_context
from .mockers import subscribe_context
username = "******"
self.create_user(username)
self.create_context(
create_context,
permissions=dict(read="subscribed", write="subscribed", subscribe="restricted", invite="restricted"),
)
self.admin_subscribe_user_to_context(username, subscribe_context, expect=201)
url_hash = sha1(create_context["url"]).hexdigest()
self.testapp.delete(
"/people/%s/subscriptions/%s" % (username, url_hash), {}, oauth2Header(username), status=403
)
def test_unsubscribe_from_restricted_context_as_admin(self):
"""
Given a admin user
When I try to unsubscribe a plain user from a restricted subscription context
Then the user is not subscribed to the context anymore
"""
from .mockers import create_context
from .mockers import subscribe_context
username = "******"
self.create_user(username)
self.create_context(
create_context,
permissions=dict(read="subscribed", write="subscribed", subscribe="restricted", invite="restricted"),
)
self.admin_subscribe_user_to_context(username, subscribe_context, expect=201)
url_hash = sha1(create_context["url"]).hexdigest()
self.testapp.delete(
"/people/%s/subscriptions/%s" % (username, url_hash), {}, oauth2Header(test_manager), status=204
)
res = self.testapp.get("/people/%s/subscriptions" % username, {}, oauth2Header(username), status=200)
result = json.loads(res.text)
self.assertEqual(len(result), 0)
def test_unsubscribe_from_public_context_as_plain_user(self):
"""
Given a plain user
When I try to unsubscribe from a public subscription context
Then I am not subscribed to the context anymore
"""
from .mockers import create_context
from .mockers import subscribe_context
username = "******"
self.create_user(username)
self.create_context(
create_context,
permissions=dict(read="subscribed", write="subscribed", subscribe="public", invite="restricted"),
)
self.user_subscribe_user_to_context(username, subscribe_context, expect=201)
url_hash = sha1(create_context["url"]).hexdigest()
self.user_unsubscribe_user_from_context(username, url_hash, expect=204)
res = self.testapp.get("/people/%s/subscriptions" % username, {}, oauth2Header(username), status=200)
result = json.loads(res.text)
self.assertEqual(len(result), 0)
def test_unsubscribe_from_public_context_as_admin(self):
"""
Given a admin user
When I try to unsubscribe a plain user from a public subscription context
Then I am not subscribed to the context anymore
"""
from .mockers import create_context
from .mockers import subscribe_context
username = "******"
self.create_user(username)
self.create_context(
create_context,
permissions=dict(read="subscribed", write="subscribed", subscribe="public", invite="restricted"),
)
self.user_subscribe_user_to_context(username, subscribe_context, expect=201)
url_hash = sha1(create_context["url"]).hexdigest()
self.admin_unsubscribe_user_from_context(username, url_hash, expect=204)
res = self.testapp.get("/people/%s/subscriptions" % username, {}, oauth2Header(username), status=200)
result = json.loads(res.text)
self.assertEqual(len(result), 0)
def test_change_context_with_same_permissions(self):
"""
Create a public context, user subscribes to context.
Try to update the context with the same permissions.
Permissions remain the same
NOTE: Test added to catch a bug where modifying a context with the same
permissions would crash on a mongodb empty query
"""
from .mockers import create_context
from .mockers import subscribe_context
url_hash = sha1(create_context["url"]).hexdigest()
username = "******"
self.create_user(username)
permissions = dict(read="subscribed", write="subscribed", subscribe="public", invite="restricted")
self.create_context(create_context, permissions=permissions)
self.user_subscribe_user_to_context(username, subscribe_context, expect=201)
data = json.dumps({"permissions": permissions})
res = self.testapp.put("/contexts/%s" % url_hash, data, oauth2Header(test_manager), status=200)
self.assertEqual(res.json["permissions"]["read"], "subscribed")
self.assertEqual(res.json["permissions"]["write"], "subscribed")
self.assertEqual(res.json["permissions"]["subscribe"], "public")
self.assertEqual(res.json["permissions"]["invite"], "restricted")
def test_change_public_context_to_restricted(self):
"""
Create a public context, user subscribes to context.
Change the context to write=restricted, and user fails to write in the context.
"""
from .mockers import create_context
from .mockers import subscribe_context
from .mockers import user_status_context
url_hash = sha1(create_context["url"]).hexdigest()
username = "******"
self.create_user(username)
self.create_context(
create_context,
permissions=dict(read="subscribed", write="subscribed", subscribe="public", invite="restricted"),
)
self.user_subscribe_user_to_context(username, subscribe_context, expect=201)
data = json.dumps({"permissions": {"write": "restricted"}})
res = self.testapp.put("/contexts/%s" % url_hash, data, oauth2Header(test_manager), status=200)
self.assertEqual(res.json["permissions"]["read"], "subscribed")
self.assertEqual(res.json["permissions"]["write"], "restricted")
res = self.create_activity(username, user_status_context, expect=403)
def test_change_public_context_to_restricted_preserve_granted_write_permission(self):
"""
Create a public context, user subscribes to context.
Extra grant write permission to the user
Change the context to write=restricted, and user still have the write permission
"""
from .mockers import create_context
from .mockers import subscribe_context
from .mockers import user_status_context
url_hash = sha1(create_context["url"]).hexdigest()
username = "******"
self.create_user(username)
self.create_context(
create_context,
permissions=dict(read="subscribed", write="subscribed", subscribe="public", invite="restricted"),
)
self.user_subscribe_user_to_context(username, subscribe_context, expect=201)
permission = "write"
res = self.testapp.put(
"/contexts/%s/permissions/%s/%s?permanent=1" % (url_hash, username, permission),
"",
oauth2Header(test_manager),
status=201,
)
data = json.dumps({"permissions": {"write": "restricted"}})
res = self.testapp.put("/contexts/%s" % url_hash, data, oauth2Header(test_manager), status=200)
self.assertEqual(res.json["permissions"]["read"], "subscribed")
self.assertEqual(res.json["permissions"]["write"], "restricted")
res = self.create_activity(username, user_status_context, expect=201)
def test_change_restricted_context_to_susbcribed(self):
"""
Create a write restricted context, admin subscribes the user to context, but he cannot write
Change the context to write subscribed, and user can write to context
"""
from .mockers import create_context
from .mockers import subscribe_context
from .mockers import user_status_context
url_hash = sha1(create_context["url"]).hexdigest()
username = "******"
self.create_user(username)
self.create_context(
create_context,
permissions=dict(read="subscribed", write="restricted", subscribe="restricted", invite="restricted"),
)
self.admin_subscribe_user_to_context(username, subscribe_context, expect=201)
data = json.dumps({"permissions": {"write": "subscribed"}})
res = self.testapp.put("/contexts/%s" % url_hash, data, oauth2Header(test_manager), status=200)
self.assertEqual(res.json["permissions"]["read"], "subscribed")
self.assertEqual(res.json["permissions"]["write"], "subscribed")
res = self.create_activity(username, user_status_context, expect=201)
def test_change_restricted_context_to_susbcribed_maintain_write_veto(self):
"""
Create a write restricted context, admin subscribes the user to context, but he cannot write.
Admin also adds a persistent "don't write" veto to this user.
Change the context to write subscribed, and user still can't write.
"""
from .mockers import create_context
from .mockers import subscribe_context
from .mockers import user_status_context
url_hash = sha1(create_context["url"]).hexdigest()
username = "******"
self.create_user(username)
self.create_context(
create_context,
permissions=dict(read="subscribed", write="restricted", subscribe="restricted", invite="restricted"),
)
self.admin_subscribe_user_to_context(username, subscribe_context, expect=201)
permission = "write"
res = self.testapp.delete(
"/contexts/%s/permissions/%s/%s?permanent=1" % (url_hash, username, permission),
"",
oauth2Header(test_manager),
status=201,
)
data = json.dumps({"permissions": {"write": "subscribed"}})
res = self.testapp.put("/contexts/%s" % url_hash, data, oauth2Header(test_manager), status=200)
self.assertEqual(res.json["permissions"]["read"], "subscribed")
self.assertEqual(res.json["permissions"]["write"], "subscribed")
res = self.create_activity(username, user_status_context, expect=403)
class PeopleACLTests(unittest.TestCase, MaxTestBase):
def setUp(self):
conf_dir = os.path.dirname(os.path.dirname(__file__))
self.app = loadapp('config:tests.ini', relative_to=conf_dir)
self.app.registry.max_store.drop_collection('users')
self.app.registry.max_store.drop_collection('activity')
self.app.registry.max_store.drop_collection('contexts')
self.app.registry.max_store.drop_collection('security')
self.app.registry.max_store.drop_collection('conversations')
self.app.registry.max_store.drop_collection('messages')
self.app.registry.max_store.security.insert(test_default_security)
self.patched_post = patch('requests.post', new=partial(mock_post, self))
self.patched_post.start()
self.testapp = MaxTestApp(self)
# Add people tests
def test_create_person_as_manager(self):
"""
Given i'm a user that has the Manager role
When i try to create a person
I succeed
"""
username = '******'
self.testapp.post('/people', json.dumps({"username": username}), headers=oauth2Header(test_manager), status=201)
def test_create_person_as_non_manager(self):
"""
Given i'm user that doesn't have the Manager role
When i try to create a person
I get a Forbidden exception
"""
username = '******'
other = 'penny'
self.testapp.post('/people', json.dumps({"username": other}), headers=oauth2Header(username), status=403)
def test_create_person_as_oneself(self):
"""
Given i'm user that doesn't have the Manager role
When i try to create a person
I succeed
"""
username = '******'
self.testapp.post('/people', json.dumps({"username": username}), headers=oauth2Header(username), status=201)
# View profile tests
def test_get_person_as_manager(self):
"""
Given i'm a user that has the Manager role
When i try to view a user profile
I succeed
"""
username = '******'
self.create_user(test_manager)
self.create_user(username)
self.testapp.get('/people/{}'.format(username), "", headers=oauth2Header(test_manager), status=200)
def test_get_person_as_non_manager(self):
"""
Given i'm a user that doesn't have the Manager role
When i try to view a user profile
I succeed
"""
username = '******'
self.create_user(test_manager)
self.create_user(username)
self.testapp.get('/people/{}'.format(test_manager), "", headers=oauth2Header(username), status=200)
# Get all people
def test_get_all_people_as_manager(self):
"""
Given i'm a user that has the Manager role
When i try to get all people
I succeed
"""
self.create_user(test_manager)
self.testapp.get('/people', "", headers=oauth2Header(test_manager), status=200)
def test_get_all_people_as_non_manager(self):
"""
Given i'm a user that doesn't have the Manager role
When i try to get a visible people listing
I suceed
"""
username = '******'
self.create_user(test_manager)
self.create_user(username)
self.testapp.get('/people', "", headers=oauth2Header(username), status=200)
# Modify user tests
def test_modify_person_as_manager(self):
"""
Given i'm a user that has the Manager role
When i try to modify a user profile
I succeed
"""
username = '******'
self.create_user(test_manager)
self.create_user(username)
self.testapp.put('/people/{}'.format(username), "", headers=oauth2Header(test_manager), status=200)
def test_modify_person_as_non_manager_neither_owner(self):
"""
Given i'm a user that doesn't have the Manager role
When i try to modify a user profile
And that person is not me
I get a Forbidden Exception
"""
username = '******'
other = 'penny'
self.create_user(test_manager)
self.create_user(username)
self.create_user(other)
self.testapp.put('/people/{}'.format(other), "", headers=oauth2Header(username), status=403)
def test_modify_person_as_owner(self):
"""
Given i'm a user that doesn't have the Manager role
When i try to modify my own profile
I succeed
"""
username = '******'
self.create_user(test_manager)
self.create_user(username)
self.testapp.put('/people/{}'.format(username), "", headers=oauth2Header(username), status=200)
# Delete user tests
def test_delete_person_as_manager(self):
"""
Given i'm a user that has the Manager role
When i try to delete a user
I succeed
"""
username = '******'
self.create_user(test_manager)
self.create_user(username)
self.testapp.delete('/people/{}'.format(username), headers=oauth2Header(test_manager), status=204)
def test_delete_person_as_non_manager_neither_owner(self):
"""
Given i'm a user that doesn't have the Manager role
When i try to delete a user
I get a Forbidden Exception
"""
username = '******'
other = 'penny'
self.create_user(test_manager)
self.create_user(username)
self.create_user(other)
self.testapp.delete('/people/{}'.format(other), headers=oauth2Header(username), status=403)
def test_delete_person_as_owner(self):
"""
Given i'm a user that doesn't have the Manager role
When i try to delete myself
I get a Forbidden Exception
"""
username = '******'
self.create_user(test_manager)
self.create_user(username)
self.testapp.delete('/people/{}'.format(username), headers=oauth2Header(username), status=403)
class FunctionalTests(unittest.TestCase, MaxTestBase):
def setUp(self):
conf_dir = os.path.dirname(__file__)
self.app = loadapp('config:tests.ini', relative_to=conf_dir)
self.reset_database(self.app)
self.app.registry.max_store.security.insert(test_default_security)
self.patched_post = patch('requests.post', new=partial(mock_post, self))
self.patched_post.start()
self.testapp = MaxTestApp(self)
self.create_user(test_manager)
def tearDown(self):
import pyramid.testing
pyramid.testing.tearDown()
# BEGIN TESTS
def test_add_device_token_ios(self):
username = '******'
token = {'platform': 'ios', 'token': '12345678901234567890123456789012'}
self.create_user(username)
res = self.testapp.post('/tokens', json.dumps(token), oauth2Header(username), status=201)
result = json.loads(res.text)
self.assertEqual(result.get('token', ''), token['token'])
self.assertEqual(result.get('platform', ''), token['platform'])
def test_add_device_token_android(self):
username = '******'
self.create_user(username)
token = {'platform': 'android', 'token': '12345678901234567890123456789012klhsdflajshdfkjashdfoq'}
res = self.testapp.post('/tokens', json.dumps(token), oauth2Header(username), status=201)
result = json.loads(res.text)
self.assertEqual(result.get('token', ''), token['token'])
self.assertEqual(result.get('platform', ''), token['platform'])
def test_add_device_invalid_platform(self):
username = '******'
token = {'platform': 'blackberry', 'token': '12345678901234567890123456789012klhsdflajshdfkjashdfoq'}
self.create_user(username)
self.testapp.post('/tokens', json.dumps(token), oauth2Header(username), status=400)
def test_delete_device_token(self):
username = '******'
token = {'platform': 'ios', 'token': '12345678901234567890123456789012'}
self.create_user(username)
self.testapp.post('/tokens', json.dumps(token), oauth2Header(username), status=201)
self.testapp.delete('/tokens/%s' % (token['token']), "", oauth2Header(username), status=204)
def test_add_duplicated_token(self):
"""
Given i'm a regular user
"""
sender = 'messi'
recipient = 'xavi'
self.create_user(sender)
self.create_user(recipient)
token = {'platform': 'ios', 'token': '12345678901234567890123456789012'}
self.testapp.post('/tokens', json.dumps(token), oauth2Header(sender), status=201)
sender_tokens = self.testapp.get('/people/{}/tokens/platforms/{}'.format(sender, token['platform']), "", headers=oauth2Header(sender), status=200).json
self.assertEqual(len(sender_tokens), 1)
self.testapp.post('/tokens', json.dumps(token), oauth2Header(recipient), status=201)
sender_tokens = self.testapp.get('/people/{}/tokens/platforms/{}'.format(sender, token['platform']), "", headers=oauth2Header(sender), status=200).json
recipient_tokens = self.testapp.get('/people/{}/tokens/platforms/{}'.format(recipient, token['platform']), "", headers=oauth2Header(recipient), status=200).json
self.assertEqual(len(sender_tokens), 0)
self.assertEqual(len(recipient_tokens), 1)
def test_get_pushtokens_for_given_conversations(self):
""" doctest .. http:get:: /conversations/{id}/tokens """
from .mockers import message
sender = 'messi'
recipient = 'xavi'
self.create_user(sender)
self.create_user(recipient)
platform = 'ios'
token_sender = '12345678901234567890123456789012'
token_recipient = '12345678901234567890123456789013'
self.testapp.post('/people/%s/device/%s/%s' % (sender, platform, token_sender), "", oauth2Header(sender), status=201)
self.testapp.post('/people/%s/device/%s/%s' % (recipient, platform, token_recipient), "", oauth2Header(recipient), status=201)
res = self.testapp.post('/conversations', json.dumps(message), oauth2Header(sender), status=201)
conversation_id = res.json['contexts'][0]['id']
res = self.testapp.get('/conversations/%s/tokens' % (conversation_id), '', oauth2Header(test_manager), status=200)
self.assertEqual(res.json[0]['platform'], u'ios')
self.assertEqual(res.json[0]['token'], u'12345678901234567890123456789013')
self.assertEqual(res.json[0]['username'], u'xavi')
self.assertEqual(res.json[1]['platform'], u'ios')
self.assertEqual(res.json[1]['token'], u'12345678901234567890123456789012')
self.assertEqual(res.json[1]['username'], u'messi')
self.assertEqual(len(res.json), 2)
def test_get_pushtokens_for_given_context(self):
"""
"""
from .mockers import create_context, subscribe_context
username = '******'
username2 = 'xavi'
self.create_user(username)
self.create_user(username2)
platform = 'ios'
token_1 = '12345678901234567890123456789012'
token_2 = '12345678901234567890123456789013'
self.testapp.post('/people/%s/device/%s/%s' % (username, platform, token_1), "", oauth2Header(username), status=201)
self.testapp.post('/people/%s/device/%s/%s' % (username2, platform, token_2), "", oauth2Header(username2), status=201)
url_hash = self.create_context(create_context).json['hash']
self.admin_subscribe_user_to_context(username, subscribe_context)
res = self.testapp.get('/contexts/%s/tokens' % (url_hash), '', oauth2Header(test_manager), status=200)
self.assertEqual(res.json[0]['platform'], u'ios')
self.assertEqual(res.json[0]['token'], u'12345678901234567890123456789012')
self.assertEqual(res.json[0]['username'], u'messi')
self.assertEqual(len(res.json), 1)
class FunctionalTests(unittest.TestCase, MaxTestBase):
def setUp(self):
conf_dir = os.path.dirname(__file__)
self.app = loadapp('config:tests.ini', relative_to=conf_dir)
self.reset_database(self.app)
self.app.registry.max_store.security.insert(test_default_security)
self.patched_post = patch('requests.post', new=partial(mock_post, self))
self.patched_post.start()
self.testapp = MaxTestApp(self)
self.create_user(test_manager)
# BEGIN TESTS
def test_create_context_with_notifications(self):
""" doctests .. http:post:: /contexts"""
from .mockers import create_context_post_notifications as create_context
new_context = dict(create_context)
res = self.testapp.post('/contexts', json.dumps(new_context), oauth2Header(test_manager), status=201)
self.assertEqual(res.json['notifications'], 'posts')
def test_delete_context_with_notifications_removes_subscriptions(self):
"""
"""
from .mockers import subscribe_context
from .mockers import create_context_post_notifications as create_context
from .mockers import user_status_context
from hashlib import sha1
username = '******'
self.create_user(username)
self.create_context(create_context)
self.admin_subscribe_user_to_context(username, subscribe_context)
self.create_activity(username, user_status_context)
url_hash = sha1(create_context['url']).hexdigest()
self.testapp.delete('/contexts/%s' % url_hash, "", oauth2Header(test_manager), status=204)
res = self.testapp.get('/people/%s' % username, "", oauth2Header(username))
result = json.loads(res.text)
self.assertEqual(result.get('username', None), 'messi')
self.assertEqual(len(result.get('subscribedTo', [])), 0)
return url_hash
def test_subscribe_user_to_context_with_notifications(self):
"""
"""
from .mockers import create_context_post_notifications as create_context
from .mockers import subscribe_context
from hashlib import sha1
username = '******'
url_hash = sha1(create_context['url']).hexdigest()
self.create_user(username)
self.create_context(create_context, permissions=dict(read='public', write='restricted', subscribe='restricted', invite='restricted'))
self.testapp.post('/people/%s/subscriptions' % username, json.dumps(subscribe_context), oauth2Header(test_manager), status=201)
res = self.testapp.get('/people/%s/subscriptions' % username, json.dumps(subscribe_context), oauth2Header(username), status=200)
self.assertEqual(res.json[0]['notifications'], 'posts')
return url_hash, username
def test_unsubscribe_user_from_context_with_notifications(self):
"""
"""
from .mockers import create_context_post_notifications as create_context
from .mockers import subscribe_context
from hashlib import sha1
username = '******'
url_hash = sha1(create_context['url']).hexdigest()
self.create_user(username)
self.create_context(create_context, permissions=dict(read='public', write='restricted', subscribe='restricted', invite='restricted'))
self.testapp.post('/people/%s/subscriptions' % username, json.dumps(subscribe_context), oauth2Header(test_manager), status=201)
res = self.testapp.delete('/people/%s/subscriptions/%s' % (username, url_hash), {}, oauth2Header(test_manager), status=204)
res = self.testapp.get('/people/%s/subscriptions' % username, json.dumps(subscribe_context), oauth2Header(username), status=200)
self.assertEqual(len(res.json), 0)
return url_hash, username
def test_post_activity_on_context_with_notifications(self):
""" Post an activity to a context which needs the user to be subscribed to read and write
and we have previously subscribed the user.
"""
from .mockers import subscribe_context
from .mockers import create_context_post_notifications as create_context
from .mockers import user_status_context
from hashlib import sha1
username = '******'
url_hash = sha1(create_context['url']).hexdigest()
self.create_user(username)
context_permissions = dict(read='subscribed', write='subscribed', subscribe='restricted', invite='restricted')
self.create_context(create_context, permissions=context_permissions)
self.admin_subscribe_user_to_context(username, subscribe_context)
res = self.create_activity(username, user_status_context)
result = json.loads(res.text)
self.assertEqual(result.get('actor', None).get('username', None), 'messi')
self.assertEqual(result.get('object', None).get('objectType', None), 'note')
self.assertEqual(result.get('contexts', None)[0]['url'], subscribe_context['object']['url'])
self.assertEqual(result.get('contexts', None)[0]['notifications'], 'posts')
return url_hash, username, user_status_context
def test_post_comment_with_comments_notification(self):
""" doctest .. http:post:: /activities/{activity}/comments """
from .mockers import user_status_context, user_comment
from .mockers import subscribe_context
from .mockers import create_context_comments_notifications as create_context
from hashlib import sha1
username = '******'
url_hash = sha1(create_context['url']).hexdigest()
self.create_user(username)
self.create_context(create_context)
self.admin_subscribe_user_to_context(username, subscribe_context)
activity = self.create_activity(username, user_status_context)
activity = activity.json
res = self.testapp.post('/activities/%s/comments' % str(activity.get('id')), json.dumps(user_comment), oauth2Header(username), status=201)
result = res.json
self.assertEqual(result.get('actor', None).get('username', None), 'messi')
self.assertEqual(result.get('object', None).get('objectType', None), 'comment')
self.assertEqual(result.get('object', None).get('inReplyTo', None)[0].get('id'), str(activity.get('id')))
# add information needed by rabbit tests
return url_hash, username, activity, result
class ActivitiesACLTests(unittest.TestCase, MaxTestBase):
def setUp(self):
conf_dir = os.path.dirname(os.path.dirname(__file__))
self.app = loadapp('config:tests.ini', relative_to=conf_dir)
self.app.registry.max_store.drop_collection('users')
self.app.registry.max_store.drop_collection('activity')
self.app.registry.max_store.drop_collection('contexts')
self.app.registry.max_store.drop_collection('security')
self.app.registry.max_store.drop_collection('conversations')
self.app.registry.max_store.drop_collection('messages')
self.app.registry.max_store.security.insert(test_default_security)
self.patched_post = patch('requests.post', new=partial(mock_post, self))
self.patched_post.start()
self.testapp = MaxTestApp(self)
self.create_user(test_manager)
# Favorite activities tests
def test_favorite(self):
"""
Given i'm a regular user
When i try to favorite an activity
I succeed
"""
from max.tests.mockers import user_status
username = '******'
username_not_me = 'xavi'
self.create_user(username)
self.create_user(username_not_me)
res = self.create_activity(username, user_status)
activity_id = res.json['id']
self.testapp.post('/activities/%s/favorites' % activity_id, '', oauth2Header(username_not_me), status=201)
def test_favorite_impersonate(self):
"""
Given i'm a regular user
When i try to favorite an activity impersonated as another user
I get a Forbidden Exception
"""
from max.tests.mockers import user_status
username = '******'
username_not_me = 'xavi'
self.create_user(username)
self.create_user(username_not_me)
res = self.create_activity(username, user_status)
activity_id = res.json['id']
impersonated_actor = {'actor': {'objectType': 'person', 'username': username}}
self.testapp.post('/activities/%s/favorites' % activity_id, json.dumps(impersonated_actor), oauth2Header(username_not_me), status=403)
def test_favorite_impersonate_as_manager(self):
"""
Given i'm a Manager user
When i try to favorite an activity impersonated as another user
I get a Forbidden Exception
"""
from max.tests.mockers import user_status
username = '******'
username_not_me = 'xavi'
self.create_user(username)
self.create_user(username_not_me)
res = self.create_activity(username, user_status)
activity_id = res.json['id']
impersonated_actor = {'actor': {'objectType': 'person', 'username': username}}
self.testapp.post('/activities/%s/favorites' % activity_id, json.dumps(impersonated_actor), oauth2Header(test_manager), status=201)
# Unfavorite activities tests
def test_unfavorite(self):
"""
Given i'm a regular user
When i try to unfavorite an activity
I succeed
"""
from max.tests.mockers import user_status
username = '******'
username_not_me = 'xavi'
self.create_user(username)
self.create_user(username_not_me)
res = self.create_activity(username, user_status)
activity_id = res.json['id']
self.testapp.post('/activities/%s/favorites' % activity_id, '', oauth2Header(username_not_me), status=201)
self.testapp.delete('/activities/%s/favorites/%s' % (activity_id, username_not_me), '', oauth2Header(username_not_me), status=200)
def test_unfavorite_impersonate(self):
"""
Given i'm a regular user
When i try to unfavorite an activity imperonsated as another user
I get a Forbidden Exception
"""
from max.tests.mockers import user_status
username = '******'
username_not_me = 'xavi'
self.create_user(username)
self.create_user(username_not_me)
res = self.create_activity(username, user_status)
activity_id = res.json['id']
self.testapp.post('/activities/%s/favorites' % activity_id, '', oauth2Header(username_not_me), status=201)
self.testapp.delete('/activities/%s/favorites/%s' % (activity_id, username_not_me), '', oauth2Header(username), status=403)
def test_unfavorite_impersonate_as_manager(self):
"""
Given i'm a Manager user
When i try to un unfavorite an activity impersonated as another user
I succeed
"""
from max.tests.mockers import user_status
username = '******'
username_not_me = 'xavi'
self.create_user(username)
self.create_user(username_not_me)
res = self.create_activity(username, user_status)
activity_id = res.json['id']
self.testapp.post('/activities/%s/favorites' % activity_id, '', oauth2Header(username_not_me), status=201)
self.testapp.delete('/activities/%s/favorites/%s' % (activity_id, username_not_me), '', oauth2Header(test_manager), status=200)
def test_unfavorite_not_favorited(self):
"""
Given i'm a regular user
When i try to unfavorite an activity
And the activity is not favorited yet
I get a Forbidden Exception
"""
from max.tests.mockers import user_status
username = '******'
username_not_me = 'xavi'
self.create_user(username)
self.create_user(username_not_me)
res = self.create_activity(username, user_status)
activity_id = res.json['id']
self.testapp.delete('/activities/%s/favorites/%s' % (activity_id, username_not_me), '', oauth2Header(username_not_me), status=403)
class FunctionalTests(unittest.TestCase, MaxTestBase):
def setUp(self):
conf_dir = os.path.dirname(__file__)
self.app = loadapp('config:tests.ini', relative_to=conf_dir)
self.reset_database(self.app)
self.app.registry.max_store.security.insert(test_default_security)
self.patched_post = patch('requests.post', new=partial(mock_post, self))
self.patched_post.start()
self.testapp = MaxTestApp(self)
self.create_user(test_manager)
# BEGIN TESTS
def test_like_activity(self):
"""
Given a plain user
and a regular context
When i post an activity in a context
Then someone else can like this activity
"""
from .mockers import user_status_context
from .mockers import subscribe_context, create_context
username = '******'
username_not_me = 'xavi'
self.create_user(username)
self.create_user(username_not_me)
self.create_context(create_context)
self.admin_subscribe_user_to_context(username, subscribe_context)
self.admin_subscribe_user_to_context(username_not_me, subscribe_context)
res = self.create_activity(username, user_status_context)
activity_id = res.json['id']
res = self.testapp.post('/activities/%s/likes' % activity_id, '', oauth2Header(username_not_me), status=201)
activity = self.testapp.get('/activities/%s' % activity_id, '', oauth2Header(username), status=200)
self.assertEqual(res.json['object']['likes'][0]['username'], username_not_me)
self.assertEqual(res.json['object']['liked'], True)
self.assertEqual(res.json['object']['likesCount'], 1)
self.assertEqual(activity.json['likes'][0]['username'], username_not_me)
self.assertEqual(activity.json['liked'], False)
self.assertEqual(activity.json['likesCount'], 1)
def test_like_already_liked_activity(self):
"""
Given a plain user
and a regular context
When i post an activity in a context
And someone likes this activity
Then this someone else can't like twice this activity
"""
from .mockers import user_status_context
from .mockers import subscribe_context, create_context
username = '******'
username_not_me = 'xavi'
self.create_user(username)
self.create_user(username_not_me)
self.create_context(create_context)
self.admin_subscribe_user_to_context(username, subscribe_context)
self.admin_subscribe_user_to_context(username_not_me, subscribe_context)
res = self.create_activity(username, user_status_context)
activity_id = res.json['id']
res = self.testapp.post('/activities/%s/likes' % activity_id, '', oauth2Header(username_not_me), status=201)
res = self.testapp.post('/activities/%s/likes' % activity_id, '', oauth2Header(username_not_me), status=200)
self.assertEqual(res.json['object']['likes'][0]['username'], username_not_me)
self.assertEqual(res.json['object']['liked'], True)
self.assertEqual(res.json['object']['likesCount'], 1)
def test_unlike_activity(self):
"""
Given a plain user
and a regular context
When i post an activity in a context
Then i can remove previously like mark from this activity
"""
from .mockers import user_status_context
from .mockers import subscribe_context, create_context
username = '******'
username_not_me = 'xavi'
self.create_user(username)
self.create_user(username_not_me)
self.create_context(create_context)
self.admin_subscribe_user_to_context(username, subscribe_context)
self.admin_subscribe_user_to_context(username_not_me, subscribe_context)
res = self.create_activity(username, user_status_context)
activity_id = res.json['id']
self.testapp.post('/activities/%s/likes' % activity_id, '', oauth2Header(username_not_me), status=201)
self.testapp.delete('/activities/%s/likes/%s' % (activity_id, username_not_me), '', oauth2Header(username_not_me), status=204)
activity = self.testapp.get('/activities/%s' % activity_id, '', oauth2Header(username), status=200)
self.assertEqual(activity.json['likes'], [])
self.assertEqual(activity.json['liked'], False)
self.assertEqual(activity.json['likesCount'], 0)
def test_like_activity_by_various(self):
"""
Given a plain user
and a regular context
When i post an activity in a context
Then someone else can like this activity
and i also can like it
"""
from .mockers import user_status_context
from .mockers import subscribe_context, create_context
username = '******'
username_not_me = 'xavi'
self.create_user(username)
self.create_user(username_not_me)
self.create_context(create_context)
self.admin_subscribe_user_to_context(username, subscribe_context)
self.admin_subscribe_user_to_context(username_not_me, subscribe_context)
res = self.create_activity(username, user_status_context)
activity_id = res.json['id']
res = self.testapp.post('/activities/%s/likes' % activity_id, '', oauth2Header(username_not_me), status=201)
res = self.testapp.post('/activities/%s/likes' % activity_id, '', oauth2Header(username), status=201)
self.assertEqual(res.json['object']['likes'][0]['username'], username_not_me)
self.assertEqual(res.json['object']['likes'][1]['username'], username)
self.assertEqual(res.json['object']['liked'], True)
self.assertEqual(res.json['object']['likesCount'], 2)
def test_unlike_activity_get_other_likes(self):
"""
Given a plain user
and a regular context
When i post an activity in a context
And varius users like it
And someone unlike it
Then someone who unlike this activity
and the rest of likes remains
"""
from .mockers import user_status_context
from .mockers import subscribe_context, create_context
username = '******'
username_not_me = 'xavi'
self.create_user(username)
self.create_user(username_not_me)
self.create_context(create_context)
self.admin_subscribe_user_to_context(username, subscribe_context)
self.admin_subscribe_user_to_context(username_not_me, subscribe_context)
res = self.create_activity(username, user_status_context)
activity_id = res.json['id']
res = self.testapp.post('/activities/%s/likes' % activity_id, '', oauth2Header(username_not_me), status=201)
res = self.testapp.post('/activities/%s/likes' % activity_id, '', oauth2Header(username), status=201)
res = self.testapp.delete('/activities/%s/likes/%s' % (activity_id, username_not_me), '', oauth2Header(username_not_me), status=204)
activity = self.testapp.get('/activities/%s' % activity_id, '', oauth2Header(username), status=200)
self.assertEqual(activity.json['likes'][0]['username'], username)
self.assertEqual(activity.json['liked'], True)
self.assertEqual(activity.json['likesCount'], 1)
def test_likes_sorting_1(self):
"""
Test without liked objects, sort order must be by descending
published date of the activities
"""
from .mockers import user_status_context
from .mockers import subscribe_context, create_context
page_size = 3
# Store the ids of all created activities. First is the oldest
activities = []
self.create_context(create_context)
for i in range(1, 7):
username = '******'.format(i)
self.create_user(username)
self.admin_subscribe_user_to_context(username, subscribe_context)
res = self.create_activity(username, user_status_context)
activities.append(res.json['id'])
firstpage = self.testapp.get('/people/%s/timeline?limit=%d&sort=likes' % ("user1", page_size), "", oauth2Header("user1"), status=200)
self.assertEqual(len(firstpage.json), 3)
self.assertEqual(firstpage.json[0]['likesCount'], 0)
self.assertEqual(firstpage.json[0]['id'], activities[5])
self.assertEqual(firstpage.json[1]['likesCount'], 0)
self.assertEqual(firstpage.json[1]['id'], activities[4])
self.assertEqual(firstpage.json[2]['likesCount'], 0)
self.assertEqual(firstpage.json[2]['id'], activities[3])
secondpage = self.testapp.get('/people/%s/timeline?sort=likes&limit=%d&before=%s' % ("user1", page_size, activities[3]), "", oauth2Header("user1"), status=200)
self.assertEqual(len(secondpage.json), 3)
self.assertEqual(secondpage.json[0]['likesCount'], 0)
self.assertEqual(secondpage.json[0]['id'], activities[2])
self.assertEqual(secondpage.json[1]['likesCount'], 0)
self.assertEqual(secondpage.json[1]['id'], activities[1])
self.assertEqual(secondpage.json[2]['likesCount'], 0)
self.assertEqual(secondpage.json[2]['id'], activities[0])
def test_likes_sorting_2(self):
"""
Test with all activities liked once, sort order must be by descending
date of the last time that the activity was liked.
"""
from .mockers import user_status_context
from .mockers import subscribe_context, create_context
page_size = 3
# Store the ids of all created activities. First is the oldest
activities = []
self.create_context(create_context)
# Create 6 users, post an activity with each one and self-like it
for i in range(1, 7):
username = '******'.format(i)
self.create_user(username)
self.admin_subscribe_user_to_context(username, subscribe_context)
res = self.create_activity(username, user_status_context)
activities.append(res.json['id'])
self.like_activity(username, activities[0])
self.like_activity(username, activities[3])
self.like_activity(username, activities[1])
self.like_activity(username, activities[5])
self.like_activity(username, activities[4])
self.like_activity(username, activities[2])
firstpage = self.testapp.get('/people/%s/timeline?limit=%d&sort=likes' % ("user1", page_size), "", oauth2Header("user1"), status=200)
self.assertEqual(len(firstpage.json), 3)
self.assertEqual(firstpage.json[0]['likesCount'], 1)
self.assertEqual(firstpage.json[0]['id'], activities[2])
self.assertEqual(firstpage.json[1]['likesCount'], 1)
self.assertEqual(firstpage.json[1]['id'], activities[4])
self.assertEqual(firstpage.json[2]['likesCount'], 1)
self.assertEqual(firstpage.json[2]['id'], activities[5])
secondpage = self.testapp.get('/people/%s/timeline?sort=likes&limit=%d&before=%s' % ("user1", page_size, activities[5]), "", oauth2Header("user1"), status=200)
self.assertEqual(len(secondpage.json), 3)
self.assertEqual(secondpage.json[0]['likesCount'], 1)
self.assertEqual(secondpage.json[0]['id'], activities[1])
self.assertEqual(secondpage.json[1]['likesCount'], 1)
self.assertEqual(secondpage.json[1]['id'], activities[3])
self.assertEqual(secondpage.json[2]['likesCount'], 1)
self.assertEqual(secondpage.json[2]['id'], activities[0])
def test_timeline_by_likes_paginated_same_likes_span(self):
"""
Test likes sorting when activities with the same likes span trough
more than one page, having pages with activities with targeted likeCount
in the bottom of page, and other on top
"""
from .mockers import user_status_context
from .mockers import subscribe_context, create_context
# Store the ids of all created activities. First is the oldest
activities = []
self.create_context(create_context)
# Create 10 users, subscribe to a context and write a post for each one
for i in range(1, 11):
username = '******'.format(i)
self.create_user(username)
self.admin_subscribe_user_to_context(username, subscribe_context)
res = self.create_activity(username, user_status_context)
activities.append(res.json['id'])
# Like activities so activities with 3 likes spans trough pages 1,2 and 3
self.like_activity('user1', activities[0])
self.like_activity('user2', activities[0])
self.like_activity('user3', activities[0])
self.like_activity('user4', activities[0])
self.like_activity('user5', activities[0])
self.like_activity('user1', activities[1])
self.like_activity('user2', activities[1])
self.like_activity('user3', activities[1])
self.like_activity('user4', activities[1])
time.sleep(1)
self.like_activity('user1', activities[2])
self.like_activity('user2', activities[2])
self.like_activity('user3', activities[2])
time.sleep(1)
self.like_activity('user1', activities[3])
self.like_activity('user2', activities[3])
self.like_activity('user3', activities[3])
time.sleep(1)
self.like_activity('user1', activities[4])
self.like_activity('user2', activities[4])
self.like_activity('user3', activities[4])
time.sleep(1)
self.like_activity('user1', activities[5])
self.like_activity('user2', activities[5])
self.like_activity('user3', activities[5])
time.sleep(1)
self.like_activity('user1', activities[6])
self.like_activity('user2', activities[6])
self.like_activity('user3', activities[6])
self.like_activity('user1', activities[7])
self.like_activity('user2', activities[7])
self.like_activity('user1', activities[8])
firstpage = self.testapp.get('/people/%s/timeline?sort=likes&limit=3' % "user1", "", oauth2Header("user1"), status=200)
self.assertEqual(len(firstpage.json), 3)
self.assertEqual(firstpage.json[0]['likesCount'], 5)
self.assertEqual(firstpage.json[0]['id'], activities[0])
self.assertEqual(firstpage.json[1]['likesCount'], 4)
self.assertEqual(firstpage.json[1]['id'], activities[1])
self.assertEqual(firstpage.json[2]['likesCount'], 3)
self.assertEqual(firstpage.json[2]['id'], activities[6])
secondpage = self.testapp.get('/people/%s/timeline?sort=likes&limit=3&before=%s' % ("user1", activities[6]), "", oauth2Header("user1"), status=200)
self.assertEqual(len(secondpage.json), 3)
self.assertEqual(secondpage.json[0]['likesCount'], 3)
self.assertEqual(secondpage.json[0]['id'], activities[5])
self.assertEqual(secondpage.json[1]['likesCount'], 3)
self.assertEqual(secondpage.json[1]['id'], activities[4])
self.assertEqual(secondpage.json[2]['likesCount'], 3)
self.assertEqual(secondpage.json[2]['id'], activities[3])
thirdpage = self.testapp.get('/people/%s/timeline?sort=likes&limit=3&before=%s' % ("user1", activities[3]), "", oauth2Header("user1"), status=200)
self.assertEqual(len(thirdpage.json), 3)
self.assertEqual(thirdpage.json[0]['likesCount'], 3)
self.assertEqual(thirdpage.json[0]['id'], activities[2])
self.assertEqual(thirdpage.json[1]['likesCount'], 2)
self.assertEqual(thirdpage.json[1]['id'], activities[7])
self.assertEqual(thirdpage.json[2]['likesCount'], 1)
self.assertEqual(thirdpage.json[2]['id'], activities[8])
fourthpage = self.testapp.get('/people/%s/timeline?sort=likes&limit=3&before=%s' % ("user1", activities[8]), "", oauth2Header("user1"), status=200)
self.assertEqual(len(fourthpage.json), 1)
self.assertEqual(fourthpage.json[0]['likesCount'], 0)
self.assertEqual(fourthpage.json[0]['id'], activities[9])
class ConversationsACLTests(unittest.TestCase, MaxTestBase):
def setUp(self):
conf_dir = os.path.dirname(os.path.dirname(__file__))
self.app = loadapp('config:tests.ini', relative_to=conf_dir)
self.app.registry.max_store.drop_collection('users')
self.app.registry.max_store.drop_collection('activity')
self.app.registry.max_store.drop_collection('contexts')
self.app.registry.max_store.drop_collection('security')
self.app.registry.max_store.drop_collection('conversations')
self.app.registry.max_store.drop_collection('messages')
self.app.registry.max_store.security.insert(test_default_security)
self.patched_post = patch('requests.post', new=partial(mock_post, self))
self.patched_post.start()
self.testapp = MaxTestApp(self)
self.create_user(test_manager)
# Add conversations tests
def test_create_new_conversation(self):
"""
Given i'm a regular user
When I try to create a new conversation
Then I succeed
"""
from max.tests.mockers import message
sender = 'messi'
recipient = 'xavi'
self.create_user(sender)
self.create_user(recipient)
self.testapp.post('/conversations', json.dumps(message), oauth2Header(sender), status=201)
def test_create_new_conversation_as_manager(self):
"""
Given i'm a Manager
When I try to create a new conversation
And i'm not in the participants list
Then I succeed
"""
from max.tests.mockers import message
sender = 'messi'
recipient = 'xavi'
self.create_user(sender)
self.create_user(recipient)
self.testapp.post('/conversations', json.dumps(message), oauth2Header(test_manager), status=201)
# View conversation tests
def test_view_conversation_as_manager(self):
"""
Given i'm a Manager
When I try to view an existing conversation
Then I succeed
"""
from max.tests.mockers import message
sender = 'messi'
recipient = 'xavi'
self.create_user(sender)
self.create_user(recipient)
res = self.testapp.post('/conversations', json.dumps(message), oauth2Header(sender), status=201)
cid = str(res.json['contexts'][0]['id'])
self.testapp.get('/conversations/{}'.format(cid), '', oauth2Header(test_manager), status=200)
def test_view_conversation_as_owner(self):
"""
Given i'm a regular user
And i'm the owner of the conversation
When I try to view an existing conversation
Then I succeed
"""
from max.tests.mockers import message
sender = 'messi'
recipient = 'xavi'
self.create_user(sender)
self.create_user(recipient)
res = self.testapp.post('/conversations', json.dumps(message), oauth2Header(sender), status=201)
cid = str(res.json['contexts'][0]['id'])
self.testapp.get('/conversations/{}'.format(cid), '', oauth2Header(sender), status=200)
def test_view_conversation_as_participant(self):
"""
Given i'm a regular user
And i'm a regular conversation participant
When I try to view an existing conversation
Then I succeed
"""
from max.tests.mockers import message
sender = 'messi'
recipient = 'xavi'
self.create_user(sender)
self.create_user(recipient)
res = self.testapp.post('/conversations', json.dumps(message), oauth2Header(sender), status=201)
cid = str(res.json['contexts'][0]['id'])
self.testapp.get('/conversations/{}'.format(cid), '', oauth2Header(recipient), status=200)
def test_view_conversation_as_anyone_else(self):
"""
Given i'm a regular user
And i'm not in the conversation
When I try to view an existing conversation
Then I get a Forbidden Exception
"""
from max.tests.mockers import message
sender = 'messi'
recipient = 'xavi'
recipient2 = 'shakira'
self.create_user(sender)
self.create_user(recipient)
self.create_user(recipient2)
res = self.testapp.post('/conversations', json.dumps(message), oauth2Header(sender), status=201)
cid = str(res.json['contexts'][0]['id'])
self.testapp.get('/conversations/{}'.format(cid), '', oauth2Header(recipient2), status=403)
# View conversation subscription tests
def test_view_conversation_subscription_as_manager(self):
"""
Given i'm a Manager
When I try to view an existing conversation subscription
Then I succeed
"""
from max.tests.mockers import message
sender = 'messi'
recipient = 'xavi'
self.create_user(sender)
self.create_user(recipient)
res = self.testapp.post('/conversations', json.dumps(message), oauth2Header(sender), status=201)
cid = str(res.json['contexts'][0]['id'])
self.testapp.get('/people/{}/conversations/{}'.format(sender, cid), '', oauth2Header(test_manager), status=200)
def test_view_conversation_subscription_as_owner(self):
"""
Given i'm a regular user
And i'm the owner of the conversation
When I try to view an existing conversation subscription
Then I succeed
"""
from max.tests.mockers import message
sender = 'messi'
recipient = 'xavi'
self.create_user(sender)
self.create_user(recipient)
res = self.testapp.post('/conversations', json.dumps(message), oauth2Header(sender), status=201)
cid = str(res.json['contexts'][0]['id'])
self.testapp.get('/people/{}/conversations/{}'.format(sender, cid), '', oauth2Header(sender), status=200)
def test_view_conversation_subscription_as_participant(self):
"""
Given i'm a regular user
And i'm a regular conversation participant
When I try to view my conversation subscription
Then I succeed
"""
from max.tests.mockers import message
sender = 'messi'
recipient = 'xavi'
self.create_user(sender)
self.create_user(recipient)
res = self.testapp.post('/conversations', json.dumps(message), oauth2Header(sender), status=201)
cid = str(res.json['contexts'][0]['id'])
self.testapp.get('/people/{}/conversations/{}'.format(recipient, cid), '', oauth2Header(recipient), status=200)
def test_view_conversation_subscription_as_other_participant(self):
"""
Given i'm a regular user
And i'm a regular conversation participant
When I try to view other's conversation subscription
Then I get a Forbidden Exception
"""
from max.tests.mockers import message
sender = 'messi'
recipient = 'xavi'
self.create_user(sender)
self.create_user(recipient)
res = self.testapp.post('/conversations', json.dumps(message), oauth2Header(sender), status=201)
cid = str(res.json['contexts'][0]['id'])
self.testapp.get('/people/{}/conversations/{}'.format(sender, cid), '', oauth2Header(recipient), status=403)
def test_view_conversation_subscription_as_anyone_else(self):
"""
Given i'm a regular user
And i'm not in the conversation
When I try to view an existing conversation subscription
Then I get a Forbidden Exception
"""
from max.tests.mockers import message
sender = 'messi'
recipient = 'xavi'
recipient2 = 'shakira'
self.create_user(sender)
self.create_user(recipient)
self.create_user(recipient2)
res = self.testapp.post('/conversations', json.dumps(message), oauth2Header(sender), status=201)
cid = str(res.json['contexts'][0]['id'])
self.testapp.get('/people/{}/conversations/{}'.format(recipient, cid), '', oauth2Header(recipient2), status=403)
# Get all conversations tests
def test_list_all_conversations(self):
"""
Given i'm a regular user
And i'm a regular conversation participant
When I try to list all conversations
Then I succeed
"""
from max.tests.mockers import message
sender = 'messi'
recipient = 'xavi'
self.create_user(sender)
self.create_user(recipient)
self.testapp.post('/conversations', json.dumps(message), oauth2Header(sender), status=201)
self.testapp.get('/conversations', '', oauth2Header(sender), status=200)
# Modify conversation tests
def test_modify_conversation_as_manager(self):
"""
Given i'm a Manager
When I try to modify a conversation
Then I succeed
"""
from max.tests.mockers import message
sender = 'messi'
recipient = 'xavi'
self.create_user(sender)
self.create_user(recipient)
res = self.testapp.post('/conversations', json.dumps(message), oauth2Header(sender), status=201)
cid = str(res.json['contexts'][0]['id'])
self.testapp.put('/conversations/{}'.format(cid), '{"displayName": "Nou nom"}', oauth2Header(test_manager), status=200)
def test_modify_conversation_as_owner(self):
"""
Given i'm a regular user
And i'm the owner of the conversation
When I try to modify a conversation
Then I succeed
"""
from max.tests.mockers import message
sender = 'messi'
recipient = 'xavi'
self.create_user(sender)
self.create_user(recipient)
res = self.testapp.post('/conversations', json.dumps(message), oauth2Header(sender), status=201)
cid = str(res.json['contexts'][0]['id'])
self.testapp.put('/conversations/{}'.format(cid), '{"displayName": "Nou nom"}', oauth2Header(sender), status=200)
def test_modify_conversation_as_participant(self):
"""
Given i'm a regular user
And i'm a regular conversation participant
When I try to modify a conversation
Then I get a Forbidden Exception
"""
from max.tests.mockers import message
sender = 'messi'
recipient = 'xavi'
self.create_user(sender)
self.create_user(recipient)
res = self.testapp.post('/conversations', json.dumps(message), oauth2Header(sender), status=201)
cid = str(res.json['contexts'][0]['id'])
self.testapp.put('/conversations/{}'.format(cid), '{"displayName": "Nou nom"}', oauth2Header(recipient), status=403)
def test_modify_conversation_as_anyone_else(self):
"""
Given i'm a regular user
And i'm not in the conversation
When I try to modify a conversation
Then I get a Forbidden Exception
"""
from max.tests.mockers import message
sender = 'messi'
recipient = 'xavi'
recipient2 = 'shakira'
self.create_user(sender)
self.create_user(recipient)
self.create_user(recipient2)
res = self.testapp.post('/conversations', json.dumps(message), oauth2Header(sender), status=201)
cid = str(res.json['contexts'][0]['id'])
self.testapp.put('/conversations/{}'.format(cid), '{"displayName": "Nou nom"}', oauth2Header(recipient2), status=403)
# Delete conversation tests
def test_delete_conversation_as_manager(self):
"""
Given i'm a Manager
When I try to delete a conversation
Then I succeed
"""
from max.tests.mockers import message
sender = 'messi'
recipient = 'xavi'
self.create_user(sender)
self.create_user(recipient)
res = self.testapp.post('/conversations', json.dumps(message), oauth2Header(sender), status=201)
cid = str(res.json['contexts'][0]['id'])
self.testapp.delete('/conversations/{}'.format(cid), '', oauth2Header(test_manager), status=204)
def test_delete_conversation_as_owner(self):
"""
Given i'm a regular user
And i'm the owner of the conversation
When I try to delete a conversation
Then I succeed
"""
from max.tests.mockers import message
sender = 'messi'
recipient = 'xavi'
self.create_user(sender)
self.create_user(recipient)
res = self.testapp.post('/conversations', json.dumps(message), oauth2Header(sender), status=201)
cid = str(res.json['contexts'][0]['id'])
self.testapp.delete('/conversations/{}'.format(cid), '', oauth2Header(sender), status=204)
def test_delete_conversation_as_participant(self):
"""
Given i'm a regular user
And i'm a regular conversation participant
When I try to delete a conversation
Then I get a Forbidden Exception
"""
from max.tests.mockers import message
sender = 'messi'
recipient = 'xavi'
self.create_user(sender)
self.create_user(recipient)
res = self.testapp.post('/conversations', json.dumps(message), oauth2Header(sender), status=201)
cid = str(res.json['contexts'][0]['id'])
self.testapp.delete('/conversations/{}'.format(cid), '', oauth2Header(recipient), status=403)
def test_delete_conversation_as_anyone_else(self):
"""
Given i'm a regular user
And i'm not in the conversation
When I try to delete a conversation
Then I get a Forbidden Exception
"""
from max.tests.mockers import message
sender = 'messi'
recipient = 'xavi'
recipient2 = 'shakira'
self.create_user(sender)
self.create_user(recipient)
self.create_user(recipient2)
res = self.testapp.post('/conversations', json.dumps(message), oauth2Header(sender), status=201)
cid = str(res.json['contexts'][0]['id'])
self.testapp.delete('/conversations/{}'.format(cid), '', oauth2Header(recipient2), status=403)
# Purge conversations tests
def test_delete_all_conversations_as_manager(self):
"""
Given i'm a Manager
When I try to purge all existing conversations
Then I succeed
"""
from max.tests.mockers import message
sender = 'messi'
recipient = 'xavi'
self.create_user(sender)
self.create_user(recipient)
self.testapp.post('/conversations', json.dumps(message), oauth2Header(sender), status=201)
self.testapp.delete('/conversations', '', oauth2Header(test_manager), status=204)
def test_delete_all_conversations_as_anyone_else(self):
"""
Given i'm a regular user
When I try to purge all existing conversations
Then I get a Forbidden Exception
"""
from max.tests.mockers import message
sender = 'messi'
recipient = 'xavi'
self.create_user(sender)
self.create_user(recipient)
self.testapp.post('/conversations', json.dumps(message), oauth2Header(sender), status=201)
self.testapp.delete('/conversations', '', oauth2Header(sender), status=403)
# Add participant to conversation tests
def test_add_participant_as_manager(self):
"""
Given i'm a Manager
When I try to add a new participant to an existing conversation
Then I succeed
"""
from max.tests.mockers import group_message as message
sender = 'messi'
recipient = 'xavi'
recipient2 = 'shakira'
recipient3 = 'melendi'
self.create_user(sender)
self.create_user(recipient)
self.create_user(recipient2)
self.create_user(recipient3)
res = self.testapp.post('/conversations', json.dumps(message), oauth2Header(sender), status=201)
cid = str(res.json['contexts'][0]['id'])
self.testapp.post('/people/{}/conversations/{}'.format(recipient3, cid), '', oauth2Header(test_manager), status=201)
def test_add_participant_as_owner(self):
"""
Given i'm a regular user
And i'm the owner of the conversation
When I try to add a new participant to an existing conversation
Then I succeed
"""
from max.tests.mockers import group_message as message
sender = 'messi'
recipient = 'xavi'
recipient2 = 'shakira'
recipient3 = 'melendi'
self.create_user(sender)
self.create_user(recipient)
self.create_user(recipient2)
self.create_user(recipient3)
res = self.testapp.post('/conversations', json.dumps(message), oauth2Header(sender), status=201)
cid = str(res.json['contexts'][0]['id'])
self.testapp.post('/people/{}/conversations/{}'.format(recipient3, cid), '', oauth2Header(sender), status=201)
def test_add_participant_as_participant(self):
"""
Given i'm a regular user
And i'm a regular conversation participant
When I try to add a new participant to an existing conversation
Then I get a Forbidden Exception
"""
from max.tests.mockers import group_message as message
sender = 'messi'
recipient = 'xavi'
recipient2 = 'shakira'
recipient3 = 'melendi'
self.create_user(sender)
self.create_user(recipient)
self.create_user(recipient2)
self.create_user(recipient3)
res = self.testapp.post('/conversations', json.dumps(message), oauth2Header(sender), status=201)
cid = str(res.json['contexts'][0]['id'])
self.testapp.post('/people/{}/conversations/{}'.format(recipient3, cid), '', oauth2Header(recipient), status=403)
def test_auto_join(self):
"""
Given i'm a regular user
When I try to add myself as a new participant to an existing conversation
Then I get a Forbidden Exception
"""
from max.tests.mockers import group_message as message
sender = 'messi'
recipient = 'xavi'
recipient2 = 'shakira'
recipient3 = 'melendi'
self.create_user(sender)
self.create_user(recipient)
self.create_user(recipient2)
self.create_user(recipient3)
res = self.testapp.post('/conversations', json.dumps(message), oauth2Header(sender), status=201)
cid = str(res.json['contexts'][0]['id'])
self.testapp.post('/people/{}/conversations/{}'.format(recipient3, cid), '', oauth2Header(recipient2), status=403)
# Delete participant to group conversation tests
def test_delete_participant_as_manager(self):
"""
Given i'm a Manager
When I try to delete a new participant from an existing conversation
Then I succeed
"""
from max.tests.mockers import group_message as message
sender = 'messi'
recipient = 'xavi'
recipient2 = 'shakira'
self.create_user(sender)
self.create_user(recipient)
self.create_user(recipient2)
res = self.testapp.post('/conversations', json.dumps(message), oauth2Header(sender), status=201)
cid = str(res.json['contexts'][0]['id'])
self.testapp.delete('/people/{}/conversations/{}'.format(recipient, cid), '', oauth2Header(test_manager), status=204)
def test_delete_participant_as_owner(self):
"""
Given i'm a regular user
And i'm the owner of the conversation
When I try to delete a participant from an existing conversation
Then I succeed
"""
from max.tests.mockers import group_message as message
sender = 'messi'
recipient = 'xavi'
recipient2 = 'shakira'
self.create_user(sender)
self.create_user(recipient)
self.create_user(recipient2)
res = self.testapp.post('/conversations', json.dumps(message), oauth2Header(sender), status=201)
cid = str(res.json['contexts'][0]['id'])
self.testapp.delete('/people/{}/conversations/{}'.format(recipient2, cid), '', oauth2Header(sender), status=204)
def test_delete_participant_as_participant(self):
"""
Given i'm a regular user
And i'm a regular conversation participant
When I try to delete a participant from an existing conversation
Then I get a Forbidden Exception
"""
from max.tests.mockers import group_message as message
sender = 'messi'
recipient = 'xavi'
recipient2 = 'shakira'
self.create_user(sender)
self.create_user(recipient)
self.create_user(recipient2)
res = self.testapp.post('/conversations', json.dumps(message), oauth2Header(sender), status=201)
cid = str(res.json['contexts'][0]['id'])
self.testapp.delete('/people/{}/conversations/{}'.format(sender, cid), '', oauth2Header(recipient), status=403)
def test_leave_as_owner(self):
"""
Given i'm the owner of the conversation
When I try to leave an existing conversation
Then I get a Forbidden Exception
"""
from max.tests.mockers import group_message as message
sender = 'messi'
recipient = 'xavi'
recipient2 = 'shakira'
self.create_user(sender)
self.create_user(recipient)
self.create_user(recipient2)
res = self.testapp.post('/conversations', json.dumps(message), oauth2Header(sender), status=201)
cid = str(res.json['contexts'][0]['id'])
self.testapp.delete('/people/{}/conversations/{}'.format(sender, cid), '', oauth2Header(sender), status=403)
def test_leave(self):
"""
Given i'm a regular user
When I try to leave an existing conversation
Then I succeed
"""
from max.tests.mockers import group_message as message
sender = 'messi'
recipient = 'xavi'
recipient2 = 'shakira'
self.create_user(sender)
self.create_user(recipient)
self.create_user(recipient2)
res = self.testapp.post('/conversations', json.dumps(message), oauth2Header(sender), status=201)
cid = str(res.json['contexts'][0]['id'])
self.testapp.delete('/people/{}/conversations/{}'.format(recipient, cid), '', oauth2Header(recipient), status=204)
# Delete participant to two people conversation tests
def test_delete_participant_as_manager_in_two_people_conversation(self):
"""
Given i'm a Manager
When I try to delete a new participant from an existing conversation
Then I succeed
"""
from max.tests.mockers import message as creation_message
sender = 'messi'
recipient = 'xavi'
self.create_user(sender)
self.create_user(recipient)
res = self.testapp.post('/conversations', json.dumps(creation_message), oauth2Header(sender), status=201)
cid = str(res.json['contexts'][0]['id'])
self.testapp.delete('/people/{}/conversations/{}'.format(recipient, cid), '', oauth2Header(test_manager), status=204)
def test_delete_participant_as_owner_in_two_people_conversation(self):
"""
Given i'm a regular user
And i'm the owner of the conversation
When I try to delete a participant from an existing conversation
Then I get a Forbidden Exception
"""
from max.tests.mockers import message as creation_message
sender = 'messi'
recipient = 'xavi'
self.create_user(sender)
self.create_user(recipient)
res = self.testapp.post('/conversations', json.dumps(creation_message), oauth2Header(sender), status=201)
cid = str(res.json['contexts'][0]['id'])
self.testapp.delete('/people/{}/conversations/{}'.format(recipient, cid), '', oauth2Header(sender), status=403)
def test_delete_participant_as_participant_in_two_people_conversation(self):
"""
Given i'm a regular user
And i'm a regular conversation participant
When I try to delete a participant from an existing conversation
Then I get a Forbidden Exception
"""
from max.tests.mockers import message as creation_message
sender = 'messi'
recipient = 'xavi'
self.create_user(sender)
self.create_user(recipient)
res = self.testapp.post('/conversations', json.dumps(creation_message), oauth2Header(sender), status=201)
cid = str(res.json['contexts'][0]['id'])
self.testapp.delete('/people/{}/conversations/{}'.format(sender, cid), '', oauth2Header(recipient), status=403)
def test_leave_as_owner_in_two_people_conversation(self):
"""
Given i'm the owner of the conversation
When I try to leave an existing conversation
Then I get a Forbidden Exception
"""
from max.tests.mockers import message as creation_message
sender = 'messi'
recipient = 'xavi'
self.create_user(sender)
self.create_user(recipient)
res = self.testapp.post('/conversations', json.dumps(creation_message), oauth2Header(sender), status=201)
cid = str(res.json['contexts'][0]['id'])
self.testapp.delete('/people/{}/conversations/{}'.format(sender, cid), '', oauth2Header(sender), status=204)
def test_leave_in_two_people_conversation(self):
"""
Given i'm a regular user
When I try to leave an existing conversation
Then I succeed
"""
from max.tests.mockers import message as creation_message
sender = 'messi'
recipient = 'xavi'
self.create_user(sender)
self.create_user(recipient)
res = self.testapp.post('/conversations', json.dumps(creation_message), oauth2Header(sender), status=201)
cid = str(res.json['contexts'][0]['id'])
self.testapp.delete('/people/{}/conversations/{}'.format(recipient, cid), '', oauth2Header(recipient), status=204)
# Transfer ownership tests
def test_transfer_ownership_as_manager(self):
"""
Given i'm a Manager
When I try to transfer a conversation to another user
Then I succeed
"""
from max.tests.mockers import group_message as message
sender = 'messi'
recipient = 'xavi'
recipient2 = 'shakira'
self.create_user(sender)
self.create_user(recipient)
self.create_user(recipient2)
res = self.testapp.post('/conversations', json.dumps(message), oauth2Header(sender), status=201)
cid = str(res.json['contexts'][0]['id'])
self.testapp.put('/conversations/{}/owner'.format(cid), json.dumps({'actor': {'username': recipient}}), oauth2Header(test_manager), status=200)
def test_transfer_ownership_as_owner(self):
"""
Given i'm a regular user
And i'm the owner of the conversation
When I try to transfer a conversation to another user
Then I succeed
"""
from max.tests.mockers import group_message as message
sender = 'messi'
recipient = 'xavi'
recipient2 = 'shakira'
self.create_user(sender)
self.create_user(recipient)
self.create_user(recipient2)
res = self.testapp.post('/conversations', json.dumps(message), oauth2Header(sender), status=201)
cid = str(res.json['contexts'][0]['id'])
self.testapp.put('/conversations/{}/owner'.format(cid), json.dumps({'actor': {'username': recipient}}), oauth2Header(sender), status=200)
def test_transfer_ownership_as_participant(self):
"""
Given i'm a regular user
And i'm the owner of the conversation
When I try to transfer a conversation to another user
Then I succeed
"""
from max.tests.mockers import group_message as message
sender = 'messi'
recipient = 'xavi'
recipient2 = 'shakira'
self.create_user(sender)
self.create_user(recipient)
self.create_user(recipient2)
res = self.testapp.post('/conversations', json.dumps(message), oauth2Header(sender), status=201)
cid = str(res.json['contexts'][0]['id'])
self.testapp.put('/conversations/{}/owner'.format(cid), json.dumps({'actor': {'username': recipient}}), oauth2Header(recipient), status=403)
def test_transfer_ownership_as_anyone_else(self):
"""
Given i'm a regular user
And i'm not in the conversation
When I try to transfer a conversation to another user
Then I get a Forbidden Exception
"""
from max.tests.mockers import group_message as message
sender = 'messi'
recipient = 'xavi'
recipient2 = 'shakira'
self.create_user(sender)
self.create_user(recipient)
self.create_user(recipient2)
res = self.testapp.post('/conversations', json.dumps(message), oauth2Header(sender), status=201)
cid = str(res.json['contexts'][0]['id'])
self.testapp.put('/conversations/{}/owner'.format(cid), json.dumps({'actor': {'username': recipient}}), oauth2Header(recipient2), status=403)
class FunctionalTests(unittest.TestCase, MaxTestBase):
def setUp(self):
conf_dir = os.path.dirname(__file__)
self.app = loadapp('config:tests.ini', relative_to=conf_dir)
self.reset_database(self.app)
self.app.registry.max_store.security.insert(test_default_security)
self.patched_post = patch('requests.post', new=partial(mock_post, self))
self.patched_post.start()
self.testapp = MaxTestApp(self)
self.create_user(test_manager)
# BEGIN TESTS
def test_create_activity_with_published_date(self):
""" doctest .. http:post:: /people/{username}/activities """
from .mockers import user_status as activity
old_activity = deepcopy(activity)
old_activity['published'] = '2010-01-01T00:01:30.000Z'
username = '******'
self.create_user(username)
res = self.testapp.post('/people/%s/activities' % username, json.dumps(old_activity), oauth2Header(username), status=201)
self.assertEqual(res.json['published'], '2010-01-01T00:01:30Z')
def test_create_activity_with_invalid_json(self):
""" doctest .. http:post:: /people/{username}/activities """
from .mockers import user_status as activity
username = '******'
self.create_user(username)
self.testapp.post('/people/%s/activities' % username, json.dumps(activity)[:-10], oauth2Header(username), status=400)
def test_create_activity_check_ownership(self):
"""
Given a plain user
When I post an activity
And I am authenticated as myself
Then the actor,the creator and the owner must be the same
"""
from .mockers import user_status as activity
username = '******'
self.create_user(username)
res = self.testapp.post('/people/%s/activities' % username, json.dumps(activity), oauth2Header(username), status=201)
self.assertEqual(res.json['actor']['username'], res.json['creator'])
self.assertEqual(res.json['owner'], res.json['creator'])
def test_get_deletable_mark_for_own_activity(self):
"""
Given a plain user
When i post an activity
Then i have the permission to delete it
"""
from .mockers import user_status as activity
username = '******'
self.create_user(username)
res = self.testapp.post('/people/%s/activities' % username, json.dumps(activity), oauth2Header(username), status=201)
res = self.testapp.get('/activities/%s' % res.json['id'], '', oauth2Header(username), status=200)
self.assertEqual(res.json['deletable'], True)
def test_get_deletable_mark_for_own_activity_in_context(self):
"""
Given a plain user
and a regular context
When i post an activity in a context
Then i have the permission to delete it
"""
from .mockers import user_status_context
from .mockers import subscribe_context, create_context
username = '******'
username_not_me = 'xavi'
self.create_user(username)
self.create_user(username_not_me)
self.create_context(create_context)
self.admin_subscribe_user_to_context(username, subscribe_context)
self.admin_subscribe_user_to_context(username_not_me, subscribe_context)
res = self.create_activity(username, user_status_context)
res = self.testapp.get('/activities/%s' % res.json['id'], '', oauth2Header(username), status=200)
self.assertEqual(res.json['deletable'], True)
def test_get_deletable_mark_for_others_activity_in_context(self):
"""
Given a plain user
and a regular context
When i post an activity in a context
Then i don't have the permission to delete it
"""
from .mockers import user_status_context
from .mockers import subscribe_context, create_context
username = '******'
username_not_me = 'xavi'
self.create_user(username)
self.create_user(username_not_me)
self.create_context(create_context)
self.admin_subscribe_user_to_context(username, subscribe_context)
self.admin_subscribe_user_to_context(username_not_me, subscribe_context)
res = self.create_activity(username, user_status_context)
res = self.testapp.get('/activities/%s' % res.json['id'], '', oauth2Header(username_not_me), status=200)
self.assertEqual(res.json['deletable'], False)
def test_get_deletable_mark_for_others_activity_in_context_with_deletable_permission(self):
"""
Given a plain user
and context where everyone can delete
When another one posts an activity
Then i have the permission to delete it
"""
from .mockers import user_status_context
from .mockers import subscribe_context, create_context_deletable_activities
username = '******'
username_not_me = 'xavi'
self.create_user(username)
self.create_user(username_not_me)
self.create_context(create_context_deletable_activities)
self.admin_subscribe_user_to_context(username, subscribe_context)
self.admin_subscribe_user_to_context(username_not_me, subscribe_context)
res = self.create_activity(username, user_status_context)
res = self.testapp.get('/activities/%s' % res.json['id'], '', oauth2Header(username_not_me), status=200)
self.assertEqual(res.json['deletable'], True)
def test_get_deletable_mark_for_others_activity(self):
"""
Given a plain user
When another user posts an activity
Then i don't have the permission to delete it
"""
from .mockers import user_status as activity
username = '******'
username2 = 'xavi'
self.create_user(username)
self.create_user(username2)
res = self.testapp.post('/people/%s/activities' % username, json.dumps(activity), oauth2Header(username), status=201)
res = self.testapp.get('/activities/%s' % res.json['id'], '', oauth2Header(username2), status=200)
self.assertEqual(res.json['deletable'], False)
def test_delete_inexistent_activity(self):
"""
Given a plain user
When I try to delete an inexistent activity
Then I get a notfound error
"""
username = '******'
self.create_user(username)
self.testapp.delete('/activities/%s' % '000000000000000000000000', '', oauth2Header(username), status=404)
def test_delete_activity_invalid_id(self):
"""
Given a plain user
When I try to delete an inexistent activity
Then I get a notfound error
"""
username = '******'
self.create_user(username)
self.testapp.delete('/activities/%s' % 'invalidid', '', oauth2Header(username), status=400)
def test_create_activity_check_impersonated_ownership(self):
"""
Given a admin user
When I post an activity in the name of someone else
And I am authenticated as an admin user
Then the actor and owner will be that someone else
And the creator will be the admin user
"""
from .mockers import user_status as activity
username = '******'
self.create_user(username)
res = self.testapp.post('/people/%s/activities' % username, json.dumps(activity), oauth2Header(test_manager), status=201)
self.assertEqual(res.json['actor']['username'], username)
self.assertEqual(res.json['creator'], test_manager)
self.assertEqual(res.json['owner'], username)
def test_create_activity_check_not_duplicate_activity(self):
"""
Given a admin user
When I post an activity in the name of someone else
And I try to post the same content twice in less than a minute
Then the activity is posted only once
"""
from .mockers import user_status as activity
username = '******'
self.create_user(username)
self.testapp.post('/people/%s/activities' % username, json.dumps(activity), oauth2Header(test_manager), status=201)
self.testapp.post('/people/%s/activities' % username, json.dumps(activity), oauth2Header(test_manager), status=200)
def test_create_activity_on_context_check_duplicate_activity(self):
"""
Given a admin user
When I post an activity in the name of someone else on a context
And I try to post the same content twice on another context in less than a minute
Then the activity is posted again on the new context
"""
from .mockers import subscribe_contextA, create_contextA, user_status_contextA
from .mockers import subscribe_contextB, create_contextB, user_status_contextB
username = '******'
self.create_user(username)
self.create_context(create_contextA, permissions=dict(read='subscribed', write='subscribed', subscribe='restricted', invite='restricted'))
self.create_context(create_contextB, permissions=dict(read='subscribed', write='subscribed', subscribe='restricted', invite='restricted'))
self.admin_subscribe_user_to_context(username, subscribe_contextA)
self.admin_subscribe_user_to_context(username, subscribe_contextB)
self.testapp.post('/people/%s/activities' % username, json.dumps(user_status_contextA), oauth2Header(test_manager), status=201)
self.testapp.post('/people/%s/activities' % username, json.dumps(user_status_contextB), oauth2Header(test_manager), status=201)
def test_create_activity_as_context_check_not_duplicated_activity(self):
"""
Given a admin user
When I post an activity in the name of a context
And I try to post the same content twice in less than a minute
Then the activity is posted only once
"""
from .mockers import user_status_as_context
from .mockers import create_context
from hashlib import sha1
self.create_context(create_context)
url_hash = sha1(create_context['url']).hexdigest()
self.testapp.post('/contexts/%s/activities' % url_hash, json.dumps(user_status_as_context), oauth2Header(test_manager), status=201)
self.testapp.post('/contexts/%s/activities' % url_hash, json.dumps(user_status_as_context), oauth2Header(test_manager), status=200)
def test_create_activity_as_context_check_ownership(self):
"""
Given a admin user
When I post an activity in the name of a context
And I am authenticated as an admin user
Then the actor will be that context
And the creator and owner will be the admin user
"""
from .mockers import user_status_as_context
from .mockers import create_context
from hashlib import sha1
self.create_context(create_context)
url_hash = sha1(create_context['url']).hexdigest()
res = self.testapp.post('/contexts/%s/activities' % url_hash, json.dumps(user_status_as_context), oauth2Header(test_manager), status=201)
self.assertEqual(res.json['actor']['hash'], url_hash)
self.assertEqual(res.json['creator'], test_manager)
self.assertEqual(res.json['owner'], test_manager)
def test_create_activity_default_fields(self):
"""
Given a plain user
When I create an activity
Then non-required fields with defaults are set
"""
from .mockers import user_status as activity
username = '******'
self.create_user(username)
res = self.testapp.post('/people/%s/activities' % username, json.dumps(activity), oauth2Header(username), status=201)
self.assertIn('replies', res.json)
self.assertIn('generator', res.json)
self.assertIn('objectType', res.json)
self.assertEqual(res.json['objectType'], 'activity')
def test_post_activity_without_context(self):
from .mockers import user_status
username = '******'
self.create_user(username)
res = self.create_activity(username, user_status)
result = json.loads(res.text)
self.assertEqual(result.get('actor', None).get('username', None), 'messi')
self.assertEqual(result.get('object', None).get('objectType', None), 'note')
self.assertEqual(result.get('contexts', None), None)
def test_post_activity_with_unauthorized_context(self):
from .mockers import create_contextA
from .mockers import user_status_contextA
username = '******'
self.create_user(username)
self.create_context(create_contextA)
self.create_activity(username, user_status_contextA, expect=403)
def test_post_activity_not_me(self):
from .mockers import user_status
username = '******'
username_not_me = 'xavi'
self.create_user(username)
self.create_user(username_not_me)
self.create_activity(username_not_me, user_status, oauth_username=username, expect=403)
def test_post_activity_non_existent_user(self):
from .mockers import user_status
username = '******'
res = self.create_activity(username, user_status, expect=400)
result = json.loads(res.text)
self.assertEqual(result.get('error', None), 'UnknownUserError')
def test_get_activity(self):
""" doctest .. http:get:: /people/{username}/activities """
from .mockers import user_status
username = '******'
self.create_user(username)
self.create_activity(username, user_status)
res = self.testapp.get('/people/%s/activities' % username, "", oauth2Header(username), status=200)
result = json.loads(res.text)
self.assertEqual(len(result), 1)
self.assertEqual(result[0].get('actor', None).get('username'), 'messi')
self.assertEqual(result[0].get('object', None).get('objectType', None), 'note')
def test_get_activities(self):
from .mockers import context_query
from .mockers import user_status_context
from .mockers import subscribe_context, create_context
username = '******'
username_not_me = 'xavi'
self.create_user(username)
self.create_user(username_not_me)
self.create_context(create_context)
self.admin_subscribe_user_to_context(username, subscribe_context)
self.admin_subscribe_user_to_context(username_not_me, subscribe_context)
self.create_activity(username, user_status_context)
self.create_activity(username_not_me, user_status_context)
res = self.testapp.get('/contexts/%s/activities' % (context_query['context']), '', oauth2Header(username), status=200)
result = json.loads(res.text)
self.assertEqual(len(result), 2)
self.assertEqual(result[0].get('actor', None).get('username'), 'xavi')
self.assertEqual(result[0].get('object', None).get('objectType', None), 'note')
self.assertEqual(result[0].get('contexts', None)[0]['url'], subscribe_context['object']['url'])
self.assertEqual(result[1].get('actor', None).get('username'), 'messi')
self.assertEqual(result[1].get('object', None).get('objectType', None), 'note')
self.assertEqual(result[1].get('contexts', None)[0]['url'], subscribe_context['object']['url'])
def test_get_activities_does_not_show_private_fields(self):
"""
Given a plain user
When I search for activities of a context
Then i don't have to see any private fields
"""
from .mockers import context_query
from .mockers import user_status_context
from .mockers import subscribe_context, create_context
username = '******'
self.create_user(username)
self.create_context(create_context)
self.admin_subscribe_user_to_context(username, subscribe_context)
self.create_activity(username, user_status_context)
res = self.testapp.get('/contexts/%s/activities' % (context_query['context']), '', oauth2Header(username), status=200)
self.assertEqual(len(res.json), 1)
self.assertNotIn('_keywords', res.json[0]['object'])
def test_get_activities_from_inexistent_context(self):
username = '******'
self.create_user(username)
self.testapp.get('/contexts/%s/activities'.format('01234567890abcdef01234567890abcdef012345'), '', oauth2Header(username), status=404)
def test_get_activities_from_recursive_contexts(self):
"""
Create 3 contexts, one parent and two childs
The parent context is public-readable, the two childs require subscription
Create 2 users, messi subscribed to contextA and xavi to both A and B
Messi querying all activities from parent context, should only get the activity created in contextA
Xavi querying all activities from parent context, should get the activities from both contexts
"""
from .mockers import context_query
from .mockers import create_context
from .mockers import subscribe_contextA, create_contextA, user_status_contextA
from .mockers import subscribe_contextB, create_contextB, user_status_contextB
username = '******'
username_not_me = 'xavi'
self.create_user(username)
self.create_user(username_not_me)
self.create_context(create_context, permissions=dict(read='public', write='restricted', subscribe='restricted', invite='restricted'))
self.create_context(create_contextA, permissions=dict(read='subscribed', write='subscribed', subscribe='restricted', invite='restricted'))
self.create_context(create_contextB, permissions=dict(read='subscribed', write='subscribed', subscribe='restricted', invite='restricted'))
self.admin_subscribe_user_to_context(username, subscribe_contextA)
self.admin_subscribe_user_to_context(username_not_me, subscribe_contextA)
self.admin_subscribe_user_to_context(username_not_me, subscribe_contextB)
self.create_activity(username, user_status_contextA)
self.create_activity(username_not_me, user_status_contextA)
self.create_activity(username_not_me, user_status_contextB)
res = self.testapp.get('/contexts/%s/activities' % (context_query['context']), '', oauth2Header(username), status=200)
result = json.loads(res.text)
self.assertEqual(len(result), 2)
self.assertEqual(result[0].get('actor', None).get('username'), 'xavi')
self.assertEqual(result[0].get('object', None).get('objectType', None), 'note')
self.assertEqual(result[0].get('contexts', None)[0]['url'], subscribe_contextA['object']['url'])
self.assertEqual(result[1].get('actor', None).get('username'), 'messi')
self.assertEqual(result[1].get('object', None).get('objectType', None), 'note')
self.assertEqual(result[1].get('contexts', None)[0]['url'], subscribe_contextA['object']['url'])
res = self.testapp.get('/contexts/%s/activities' % (context_query['context']), '', oauth2Header(username_not_me), status=200)
result = json.loads(res.text)
self.assertEqual(len(result), 3)
self.assertEqual(result[0].get('actor', None).get('username'), 'xavi')
self.assertEqual(result[0].get('object', None).get('objectType', None), 'note')
self.assertEqual(result[0].get('contexts', None)[0]['url'], subscribe_contextB['object']['url'])
self.assertEqual(result[1].get('actor', None).get('username'), 'xavi')
self.assertEqual(result[1].get('object', None).get('objectType', None), 'note')
self.assertEqual(result[1].get('contexts', None)[0]['url'], subscribe_contextA['object']['url'])
self.assertEqual(result[2].get('actor', None).get('username'), 'messi')
self.assertEqual(result[2].get('object', None).get('objectType', None), 'note')
self.assertEqual(result[2].get('contexts', None)[0]['url'], subscribe_contextA['object']['url'])
def test_get_activities_from_recursive_public_contexts(self):
from .mockers import context_query
from .mockers import create_context
from .mockers import subscribe_contextA, create_contextA, user_status_contextA
from .mockers import subscribe_contextB, create_contextB, user_status_contextB
username = '******'
username_not_me = 'xavi'
self.create_user(username)
self.create_user(username_not_me)
self.create_context(create_context, permissions=dict(read='public', write='restricted', subscribe='restricted', invite='restricted'))
self.create_context(create_contextA, permissions=dict(read='public', write='subscribed', subscribe='restricted', invite='restricted'))
self.create_context(create_contextB, permissions=dict(read='public', write='subscribed', subscribe='restricted', invite='restricted'))
self.admin_subscribe_user_to_context(username_not_me, subscribe_contextA)
self.admin_subscribe_user_to_context(username_not_me, subscribe_contextB)
self.create_activity(username_not_me, user_status_contextA)
self.create_activity(username_not_me, user_status_contextB)
res = self.testapp.get('/contexts/%s/activities' % (context_query['context']), '', oauth2Header(username), status=200)
result = json.loads(res.text)
self.assertEqual(len(result), 2)
def test_get_activities_from_recursive_public_contexts_filtered_by_tags(self):
from .mockers import context_query
from .mockers import create_context
from .mockers import subscribe_contextA, create_contextA, user_status_contextA
from .mockers import subscribe_contextB, create_contextB, user_status_contextB
username = '******'
username_not_me = 'xavi'
self.create_user(username)
self.create_user(username_not_me)
self.create_context(create_context, permissions=dict(read='public', write='restricted', subscribe='restricted', invite='restricted'))
self.create_context(create_contextA, permissions=dict(read='public', write='subscribed', subscribe='restricted', invite='restricted'))
self.create_context(create_contextB, permissions=dict(read='public', write='subscribed', subscribe='restricted', invite='restricted'))
self.admin_subscribe_user_to_context(username_not_me, subscribe_contextA)
self.admin_subscribe_user_to_context(username_not_me, subscribe_contextB)
self.create_activity(username_not_me, user_status_contextA)
self.create_activity(username_not_me, user_status_contextB)
res = self.testapp.get('/contexts/%s/activities' % (context_query['context']), {'context_tags': ['Assignatura', '']}, oauth2Header(username), status=200)
result = json.loads(res.text)
self.assertEqual(len(result), 1)
def test_get_activities_from_recursive_subscribed_contexts(self):
from .mockers import context_query
from .mockers import create_context
from .mockers import subscribe_contextA, create_contextA, user_status_contextA
from .mockers import subscribe_contextB, create_contextB, user_status_contextB
username = '******'
username_not_me = 'xavi'
self.create_user(username)
self.create_user(username_not_me)
self.create_context(create_context, permissions=dict(read='subscribed', write='restricted', subscribe='restricted', invite='restricted'))
self.create_context(create_contextA, permissions=dict(read='subscribed', write='subscribed', subscribe='restricted', invite='restricted'))
self.create_context(create_contextB, permissions=dict(read='subscribed', write='subscribed', subscribe='restricted', invite='restricted'))
self.admin_subscribe_user_to_context(username_not_me, subscribe_contextA)
self.admin_subscribe_user_to_context(username_not_me, subscribe_contextB)
self.create_activity(username_not_me, user_status_contextA)
self.create_activity(username_not_me, user_status_contextB)
self.testapp.get('/contexts/%s/activities' % (context_query['context']), '', oauth2Header(username), status=403)
def test_post_activity_with_generator(self):
""" Post an activity to a context which allows everyone to read and write
"""
from .mockers import subscribe_context, create_context
from .mockers import user_status_context_generator
username = '******'
self.create_user(username)
self.create_context(create_context)
self.admin_subscribe_user_to_context(username, subscribe_context)
res = self.create_activity(username, user_status_context_generator)
result = json.loads(res.text)
self.assertEqual(result.get('actor', None).get('username', None), 'messi')
self.assertEqual(result.get('object', None).get('objectType', None), 'note')
self.assertEqual(result.get('contexts', None)[0]['url'], subscribe_context['object']['url'])
self.assertEqual(result.get('generator', None), user_status_context_generator['generator'])
def test_get_timeline_no_activities(self):
""" doctest .. http:get:: /people/{username}/timeline """
username = '******'
self.create_user(username)
res = self.testapp.get('/people/%s/timeline' % username, "", oauth2Header(username), status=200)
result = json.loads(res.text)
self.assertEqual(len(result), 0)
def test_get_timeline(self):
""" doctest .. http:get:: /people/{username}/timeline """
from .mockers import user_status, user_status_context, user_status_contextA
from .mockers import subscribe_context, subscribe_contextA
from .mockers import create_context, create_contextA
username = '******'
self.create_user(username)
self.create_context(create_context)
self.create_context(create_contextA)
self.admin_subscribe_user_to_context(username, subscribe_context)
self.admin_subscribe_user_to_context(username, subscribe_contextA)
self.create_activity(username, user_status)
self.create_activity(username, user_status_context)
self.create_activity(username, user_status_contextA)
res = self.testapp.get('/people/%s/timeline' % username, "", oauth2Header(username), status=200)
result = json.loads(res.text)
self.assertEqual(len(result), 3)
self.assertEqual(result[0].get('actor', None).get('username'), 'messi')
self.assertEqual(result[0].get('object', None).get('objectType', None), 'note')
self.assertEqual(result[0].get('contexts', None)[0]['url'], subscribe_contextA['object']['url'])
self.assertEqual(result[1].get('actor', None).get('username'), 'messi')
self.assertEqual(result[1].get('object', None).get('objectType', None), 'note')
self.assertEqual(result[1].get('contexts', None)[0]['url'], subscribe_context['object']['url'])
def test_get_timeline_does_not_show_private_fields(self):
"""
Given a plain user
When I search for activities in timeline
Then i don't have to see any private fields
"""
from .mockers import user_status
username = '******'
self.create_user(username)
self.create_activity(username, user_status)
res = self.testapp.get('/people/%s/timeline' % username, "", oauth2Header(username), status=200)
self.assertEqual(len(res.json), 1)
self.assertNotIn('_keywords', res.json[0]['object'])
def test_get_generated_activities_from_another_user(self):
"""
Given a plain user
When i search for the generated activities of another user
Then i get only the ones posted contextless
And the ones posted to shared contexts
And the ones posted on public-readable contexts
And i don't get any posted on a non-shared context
And i don't get any posted by other users but the requested
"""
from .mockers import user_status, user_status_context, user_status_contextA, user_status_contextB
from .mockers import subscribe_context, subscribe_contextA, subscribe_contextB
from .mockers import create_context, create_contextA, create_contextB
username1 = 'sheldon'
username2 = 'penny'
username3 = 'leonard'
context_permissions = {'write': 'subscribed', 'read': 'subscribed'}
self.create_user(username1)
self.create_user(username2)
self.create_user(username3)
self.create_context(create_context, permissions=context_permissions)
self.create_context(create_contextA, permissions=context_permissions)
self.create_context(create_contextB)
# Shared context betweetn user 1 and 2 and 3
self.admin_subscribe_user_to_context(username1, subscribe_context)
self.admin_subscribe_user_to_context(username2, subscribe_context)
self.admin_subscribe_user_to_context(username3, subscribe_context)
# Contexts only visible by user 1, but B is read-public
self.admin_subscribe_user_to_context(username1, subscribe_contextA)
self.admin_subscribe_user_to_context(username1, subscribe_contextB)
self.create_activity(username1, user_status)
self.create_activity(username1, user_status_context)
self.create_activity(username1, user_status_contextA)
self.create_activity(username1, user_status_contextB)
self.create_activity(username3, user_status)
self.create_activity(username3, user_status_context)
res = self.testapp.get('/people/%s/activities' % username1, "", oauth2Header(username2), status=200)
self.assertEqual(res.json[0]['contexts'][0]['url'], create_contextB['url'])
self.assertEqual(res.json[1]['contexts'][0]['url'], create_context['url'])
self.assertEqual(res.json[2].get('contexts'), None)
self.assertEqual(len(res.json), 3)
class FunctionalTests(unittest.TestCase, MaxTestBase):
def setUp(self):
conf_dir = os.path.dirname(__file__)
self.app = loadapp("config:tests.ini", relative_to=conf_dir)
self.reset_database(self.app)
self.app.registry.max_store.security.insert(test_default_security)
self.patched_post = patch("requests.post", new=partial(mock_post, self))
self.patched_post.start()
self.testapp = MaxTestApp(self)
self.create_user(test_manager)
# BEGIN TESTS
def test_get_deletable_mark_for_own_comment(self):
"""
"""
pass
def test_get_deletable_mark_for_others_comment_in_own_activity(self):
"""
"""
pass
def test_get_deletable_mark_for_others_comment_in_others_activity(self):
"""
"""
pass
def test_post_comment_timeline(self):
""" doctest .. http:post:: /activities/{activity}/comments """
from .mockers import user_status, user_comment
username = "******"
self.create_user(username)
activity = self.create_activity(username, user_status)
activity = activity.json
res = self.testapp.post(
"/activities/%s/comments" % str(activity.get("id")),
json.dumps(user_comment),
oauth2Header(username),
status=201,
)
result = res.json
self.assertEqual(result.get("actor", None).get("username", None), "messi")
self.assertEqual(result.get("object", None).get("objectType", None), "comment")
self.assertEqual(result.get("object", None).get("inReplyTo", None)[0].get("id"), str(activity.get("id")))
def test_post_comment_on_context(self):
""" doctest .. http:post:: /activities/{activity}/comments """
from .mockers import user_status_context, user_comment
from .mockers import subscribe_context, create_context
username = "******"
self.create_user(username)
self.create_context(create_context)
self.admin_subscribe_user_to_context(username, subscribe_context)
activity = self.create_activity(username, user_status_context)
activity = activity.json
res = self.testapp.post(
"/activities/%s/comments" % str(activity.get("id")),
json.dumps(user_comment),
oauth2Header(username),
status=201,
)
result = res.json
self.assertEqual(result.get("actor", None).get("username", None), "messi")
self.assertEqual(result.get("object", None).get("objectType", None), "comment")
self.assertEqual(result.get("object", None).get("inReplyTo", None)[0].get("id"), str(activity.get("id")))
def test_get_comments(self):
""" doctest .. http:get:: /activities/{activity}/comments """
from .mockers import user_status, user_comment
from .mockers import subscribe_context, create_context
username = "******"
self.create_user(username)
self.create_context(create_context)
self.admin_subscribe_user_to_context(username, subscribe_context)
activity = self.create_activity(username, user_status)
activity = activity.json
res = self.testapp.post(
"/activities/%s/comments" % str(activity.get("id")),
json.dumps(user_comment),
oauth2Header(username),
status=201,
)
res = self.testapp.get(
"/activities/%s/comments" % str(activity.get("id")), "", oauth2Header(username), status=200
)
result = res.json
self.assertEqual(len(result), 1)
self.assertEqual(result[0].get("actor", None).get("username"), "messi")
self.assertEqual(result[0].get("objectType", None), "comment")
def test_get_comments_for_user(self):
"""
Test get all comments for a user, both timeline and context
"""
from .mockers import user_status, user_comment
from .mockers import subscribe_context, create_context, user_status_context
username = "******"
self.create_user(username)
self.create_context(create_context)
self.admin_subscribe_user_to_context(username, subscribe_context)
activity = self.create_activity(username, user_status)
activity = activity.json
res = self.testapp.post(
"/activities/%s/comments" % str(activity.get("id")),
json.dumps(user_comment),
oauth2Header(username),
status=201,
)
activity2 = self.create_activity(username, user_status_context)
activity2 = activity2.json
res = self.testapp.post(
"/activities/%s/comments" % str(activity2.get("id")),
json.dumps(user_comment),
oauth2Header(username),
status=201,
)
res = self.testapp.get("/people/%s/comments" % username, "", oauth2Header(username), status=200)
result = res.json
self.assertEqual(len(result), 2)
self.assertEqual(result[0].get("actor", None).get("username"), "messi")
self.assertEqual(result[0].get("verb", None), "comment")
self.assertEqual(result[1].get("actor", None).get("username"), "messi")
self.assertEqual(result[1].get("verb", None), "comment")
def test_delete_own_comment(self):
"""
Given i'm plain user
When i comment an activity
Then i can delete it
"""
from .mockers import user_status, user_comment
username = "******"
self.create_user(username)
activity = self.create_activity(username, user_status)
activity = activity.json
res = self.testapp.post(
"/activities/%s/comments" % str(activity.get("id")),
json.dumps(user_comment),
oauth2Header(username),
status=201,
)
comment_id = res.json["id"]
res = self.testapp.delete(
"/activities/%s/comments/%s" % (str(activity.get("id")), comment_id), "", oauth2Header(username), status=204
)
def test_delete_others_comment_in_own_activity(self):
"""
Given i'm a plain user
When someone else commments on an activity of mine
Then I can delete it, 'cause the activity is mine
"""
from .mockers import user_status, user_comment
username = "******"
username_not_me = "xavi"
self.create_user(username)
self.create_user(username_not_me)
activity = self.create_activity(username, user_status)
activity = activity.json
res = self.testapp.post(
"/activities/%s/comments" % str(activity.get("id")),
json.dumps(user_comment),
oauth2Header(username_not_me),
status=201,
)
comment_id = res.json["id"]
res = self.testapp.delete(
"/activities/%s/comments/%s" % (str(activity.get("id")), comment_id), "", oauth2Header(username), status=204
)
def test_delete_others_comment_in_others_activity(self):
"""
Given i'm a plain user
When someone else comments on someone else's activity
Then i can't delete it
"""
from .mockers import user_status, user_comment
username = "******"
username_not_me = "xavi"
self.create_user(username)
self.create_user(username_not_me)
activity = self.create_activity(username_not_me, user_status)
activity = activity.json
res = self.testapp.post(
"/activities/%s/comments" % str(activity.get("id")),
json.dumps(user_comment),
oauth2Header(username_not_me),
status=201,
)
comment_id = res.json["id"]
res = self.testapp.delete(
"/activities/%s/comments/%s" % (str(activity.get("id")), comment_id), "", oauth2Header(username), status=403
)
class TokenACLTests(unittest.TestCase, MaxTestBase):
def setUp(self):
conf_dir = os.path.dirname(os.path.dirname(__file__))
self.app = loadapp('config:tests.ini', relative_to=conf_dir)
self.app.registry.max_store.drop_collection('users')
self.app.registry.max_store.drop_collection('activity')
self.app.registry.max_store.drop_collection('contexts')
self.app.registry.max_store.drop_collection('security')
self.app.registry.max_store.drop_collection('conversations')
self.app.registry.max_store.drop_collection('messages')
self.app.registry.max_store.drop_collection('tokens')
self.app.registry.max_store.security.insert(test_default_security)
self.patched_post = patch('requests.post', new=partial(mock_post, self))
self.patched_post.start()
self.testapp = MaxTestApp(self)
self.create_user(test_manager)
# Add new token test
def test_add_token(self):
"""
Given i'm a regular user
When i try to add a device token
I succeed
"""
from max.tests.mockers import token
username = '******'
self.create_user(username)
self.testapp.post('/tokens', json.dumps(token), headers=oauth2Header(username), status=201)
def test_add_token_impersonated(self):
"""
Given i'm a Manager user
When i try to add a device token to someone else
I succeed
"""
from max.tests.mockers import token
username = '******'
self.create_user(username)
self.testapp.post('/tokens', json.dumps(impersonate_payload(token, username)), headers=oauth2Header(test_manager), status=201)
def test_add_token_impersonated_no_privileges(self):
"""
Given i'm a regular user
When i try to add a device token to someone else
And i'm impersonated as the other user
I get a Forbidden Exception
"""
from max.tests.mockers import token
username = '******'
username2 = 'penny'
self.create_user(username)
self.create_user(username2)
self.testapp.post('/tokens', json.dumps(impersonate_payload(token, username)), headers=oauth2Header(username2), status=403)
# Get all tokens tests
def test_get_user_tokens(self):
"""
Given i'm a regular user
When i try to get al my tokens
I succeed
"""
username = '******'
self.create_user(username)
self.testapp.get('/people/{}/tokens'.format(username), '', headers=oauth2Header(username), status=200)
def test_get_user_tokens_as_manager(self):
"""
Given i'm a regular user
When i try to get al my tokens
I succeed
"""
username = '******'
self.create_user(username)
self.testapp.get('/people/{}/tokens'.format(username), '', headers=oauth2Header(test_manager), status=200)
def test_get_user_tokens_as_other(self):
"""
Given i'm a regular user
When i try to get al my tokens
I get a Forbidden Exception
"""
username = '******'
other = 'penny'
self.create_user(username)
self.create_user(other)
self.testapp.get('/people/{}/tokens'.format(username), '', headers=oauth2Header(other), status=403)
# Get all tokens by platform tests
def test_get_user_platform_tokens(self):
"""
Given i'm a regular user
When i try to get al my tokens
I succeed
"""
username = '******'
self.create_user(username)
self.testapp.get('/people/{}/tokens/platforms/{}'.format(username, 'ios'), '', headers=oauth2Header(username), status=200)
def test_get_user_platform_tokens_as_manager(self):
"""
Given i'm a regular user
When i try to get al my tokens
I succeed
"""
username = '******'
self.create_user(username)
self.testapp.get('/people/{}/tokens/platforms/{}'.format(username, 'ios'), '', headers=oauth2Header(test_manager), status=200)
def test_get_user_platform_tokens_as_other(self):
"""
Given i'm a regular user
When i try to get al my tokens
I get a Forbidden Exception
"""
username = '******'
other = 'penny'
self.create_user(username)
self.create_user(other)
self.testapp.get('/people/{}/tokens/platforms/{}'.format(username, 'ios'), '', headers=oauth2Header(other), status=403)
# Delete token test
def test_delete_token(self):
"""
Given i'm a regular user
When i try to add delete a device token
I succeed
"""
from max.tests.mockers import token
username = '******'
self.create_user(username)
self.testapp.post('/tokens', json.dumps(token), headers=oauth2Header(username), status=201)
self.testapp.delete('/tokens/{}'.format(token['token']), '', headers=oauth2Header(username), status=204)
def test_delete_ohers_token(self):
"""
Given i'm a regular user
When i try to delete someone else's device token
I get a Forbidden Exception
"""
from max.tests.mockers import token
username = '******'
username2 = 'penny'
self.create_user(username)
self.create_user(username2)
self.testapp.post('/tokens', json.dumps(token), headers=oauth2Header(username), status=201)
self.testapp.delete('/tokens/{}'.format(token['token']), '', headers=oauth2Header(username2), status=403)
def test_delete_token_impersonated(self):
"""
Given i'm a Manager user
When i try to delete someone else's device token
I succeed
"""
from max.tests.mockers import token
username = '******'
self.create_user(username)
self.testapp.post('/tokens', json.dumps(token), headers=oauth2Header(username), status=201)
self.testapp.delete('/tokens/{}'.format(token['token']), json.dumps(impersonate_payload({}, test_manager)), headers=oauth2Header(username), status=204)
def test_delete_token_impersonated_no_privileges(self):
"""
Given i'm a regular user
When i try to delete someone else's device token
And i'm impersonating as the other user
I get a Forbidden Exception
"""
from max.tests.mockers import token
username = '******'
username2 = 'penny'
self.create_user(username)
self.create_user(username2)
self.testapp.post('/tokens', json.dumps(token), headers=oauth2Header(username), status=201)
self.testapp.delete('/tokens/{}'.format(token['token']), json.dumps(impersonate_payload({}, username2)), headers=oauth2Header(username), status=204)
# Delete all user tokens tests
def test_delete_user_tokens(self):
"""
Given i'm a regular user
When i try to delete all my tokens
I succeed
"""
username = '******'
self.create_user(username)
self.testapp.delete('/people/{}/tokens'.format(username), '', headers=oauth2Header(username), status=204)
def test_delete_user_tokens_impersonated(self):
"""
Given i'm a Manager user
When i try to delete another user tokens
I succeed
"""
username = '******'
self.create_user(username)
self.testapp.delete('/people/{}/tokens'.format(username), '', headers=oauth2Header(test_manager), status=204)
def test_delete_user_tokens_impersonated_no_privileges(self):
"""
Given i'm a regular user
When i try to delete another user tokens
I succeed
"""
username = '******'
username2 = 'penny'
self.create_user(username)
self.create_user(username2)
self.testapp.delete('/people/{}/tokens'.format(username), '', headers=oauth2Header(username2), status=403)
# Delete all user tokens by platform tests
def test_delete_user_tokens_by_platform(self):
"""
Given i'm a regular user
When i try to delete all my tokens by platform
I succeed
"""
username = '******'
self.create_user(username)
self.testapp.delete('/people/{}/tokens/platforms/{}'.format(username, 'ios'), '', headers=oauth2Header(username), status=204)
def test_delete_user_tokens_by_platform_impersonated(self):
"""
Given i'm a Manager user
When i try to delete another user tokens by platform
I succeed
"""
username = '******'
self.create_user(username)
self.testapp.delete('/people/{}/tokens/platforms/{}'.format(username, 'ios'), '', headers=oauth2Header(test_manager), status=204)
def test_delete_user_tokens_by_platform_impersonated_no_privileges(self):
"""
Given i'm a regular user
When i try to delete another user tokens by platform
I succeed
"""
username = '******'
username2 = 'penny'
self.create_user(username)
self.create_user(username2)
self.testapp.delete('/people/{}/tokens/platforms/{}'.format(username, 'ios'), '', headers=oauth2Header(username2), status=403)
# Get conversation user's tokens tests
def test_get_conversation_tokens_as_manager(self):
"""
Given i'm a Manager user
When i try to list all tokens of users of a conversation
I succeed
"""
from max.tests.mockers import message
username = '******'
username2 = 'xavi'
self.create_user(username)
self.create_user(username2)
chash = self.testapp.post('/conversations', json.dumps(message), oauth2Header(username), status=201).json['id']
self.testapp.get('/conversations/{}/tokens'.format(chash), '', headers=oauth2Header(test_manager), status=200)
def test_get_conversation_tokens_as_anyone_else(self):
"""
Given i'm a regular user
When i try to list all tokens of users of a conversation
I get a Forbidden Exception
"""
from max.tests.mockers import message
username = '******'
username2 = 'xavi'
self.create_user(username)
self.create_user(username2)
chash = self.testapp.post('/conversations', json.dumps(message), oauth2Header(username), status=201).json['id']
self.testapp.get('/conversations/{}/tokens'.format(chash), '', headers=oauth2Header(username), status=403)
# Get context user's tokens tests
def test_get_context_tokens_as_manager(self):
"""
Given i'm a Manager user
When i try to list all tokens of users subscribed to a context
I succeed
"""
from max.tests.mockers import create_context
chash = self.create_context(create_context).json['hash']
self.testapp.get('/contexts/{}/tokens'.format(chash), '', headers=oauth2Header(test_manager), status=200)
def test_get_context_tokens_as_anyone_else(self):
"""
Given i'm a regular user
When i try to list all tokens of users subscribed to a context
I get a Forbidden Exception
"""
from max.tests.mockers import create_context
username = '******'
self.create_user(username)
chash = self.create_context(create_context).json['hash']
self.testapp.get('/contexts/{}/tokens'.format(chash), '', headers=oauth2Header(username), status=403)
class SubscriptionsACLTests(unittest.TestCase, MaxTestBase):
def setUp(self):
conf_dir = os.path.dirname(os.path.dirname(__file__))
self.app = loadapp('config:tests.ini', relative_to=conf_dir)
self.app.registry.max_store.drop_collection('users')
self.app.registry.max_store.drop_collection('activity')
self.app.registry.max_store.drop_collection('contexts')
self.app.registry.max_store.drop_collection('security')
self.app.registry.max_store.drop_collection('conversations')
self.app.registry.max_store.drop_collection('messages')
self.app.registry.max_store.security.insert(test_default_security)
self.patched_post = patch('requests.post', new=partial(mock_post, self))
self.patched_post.start()
self.testapp = MaxTestApp(self)
self.create_user(test_manager)
# Create subscription tests
def test_subscribe_user_to_context_as_manager(self):
"""
Given i'm a user that has the Manager role
When i try to get subscribe another user to a context
I succeed
"""
from max.tests.mockers import create_context, subscribe_context
username = '******'
self.create_user(username)
self.create_context(create_context)
self.admin_subscribe_user_to_context(username, subscribe_context, expect=201)
def test_subscribe_user_to_context_as_context_owner(self):
"""
Given i'm a user that doesn't have the Manager role
And i'm the owner of the context
When i try to subscribe another user to a context
I succeed
"""
from max.tests.mockers import create_context, subscribe_context
username = '******'
other = 'penny'
self.create_user(username)
self.create_user(other)
self.create_context(create_context, owner=username)
self.user_subscribe_user_to_context(other, subscribe_context, auth_user=username, expect=201)
def test_self_subscribe_to_public_context_as_non_manager(self):
"""
Given i'm a user that doesn't have the Manager role
When i try to subscribe myself to a public subscription context
I succeed
"""
from max.tests.mockers import create_context, subscribe_context
username = '******'
self.create_user(username)
self.create_context(create_context, permissions={'subscribe': 'public'})
self.user_subscribe_user_to_context(username, subscribe_context, expect=201)
def test_self_subscribe_to_restricted_context_as_non_manager(self):
"""
Given i'm a user that doesn't have the Manager role
When i try to subscribe myself to a restricted subscription context
I succeed
"""
from max.tests.mockers import create_context, subscribe_context
username = '******'
self.create_user(username)
self.create_context(create_context, permissions={'subscribe': 'restricted'})
self.user_subscribe_user_to_context(username, subscribe_context, expect=403)
def test_subscribe_user_to_restricted_context_as_non_manager(self):
"""
Given i'm a user that doesn't have the Manager role
When i try to subscribe another user to a restricted subscription context
I get a Forbidden exception
"""
from max.tests.mockers import create_context, subscribe_context
username = '******'
other = 'penny'
self.create_user(username)
self.create_user(other)
self.create_context(create_context, permissions={'subscribe': 'restricted'})
self.user_subscribe_user_to_context(username, subscribe_context, expect=403)
def test_subscribe_user_to_public_context_as_non_manager(self):
"""
Given i'm a user that doesn't have the Manager role
When i try to subscribe another user to a public subscription context
I get a Forbidden exception
"""
from max.tests.mockers import create_context, subscribe_context
username = '******'
other = 'penny'
self.create_user(username)
self.create_user(other)
self.create_context(create_context, permissions={'subscribe': 'public'})
self.user_subscribe_user_to_context(other, subscribe_context, auth_user=username, expect=403)
# Unsubscribe tests
def test_unsubscribe_user_from_context_as_manager(self):
"""
Given i'm a user that has the Manager role
When i try to unsubscribe another user from to a context
I succeed
"""
from max.tests.mockers import create_context, subscribe_context
username = '******'
self.create_user(username)
self.create_context(create_context, permissions={'unsubscribe': 'restricted'})
chash = sha1(subscribe_context['object']['url']).hexdigest()
self.admin_subscribe_user_to_context(username, subscribe_context, expect=201)
self.admin_unsubscribe_user_from_context(username, chash, expect=204)
def test_unsubscribe_user_from_context_as_context_owner(self):
"""
Given i'm a user that doesn't have the Manager role
And i'm the owner of the context
When i try to unsubscribe another user from to a context
I succeed
"""
from max.tests.mockers import create_context, subscribe_context
username = '******'
other = 'penny'
self.create_user(username)
self.create_user(other)
self.create_context(create_context, permissions={'unsubscribe': 'restricted'}, owner=username)
chash = sha1(subscribe_context['object']['url']).hexdigest()
self.admin_subscribe_user_to_context(username, subscribe_context, expect=201)
self.admin_subscribe_user_to_context(other, subscribe_context, expect=201)
self.user_unsubscribe_user_from_context(other, chash, auth_user=username, expect=204)
def test_self_unsubscribe_user_from_context_as_non_manager(self):
"""
Given i'm a user that doesn't have the Manager role
When i try to unsubscribe another user from to a context
I get a Forbidden Exception
"""
from max.tests.mockers import create_context, subscribe_context
username = '******'
other = 'penny'
self.create_user(username)
self.create_user(other)
self.create_context(create_context, permissions={'unsubscribe': 'restricted'})
chash = sha1(subscribe_context['object']['url']).hexdigest()
self.admin_subscribe_user_to_context(username, subscribe_context, expect=201)
self.user_unsubscribe_user_from_context(username, chash, auth_user=other, expect=403)
def test_unsubscribe_user_from_context_allowed_unsubscribe_as_non_manager(self):
"""
Given i'm a user that doesn't have the Manager role
And i have permission to unsubscribe myself
When i try to unsubscribe myself from the context
I succeed
"""
from max.tests.mockers import create_context, subscribe_context
username = '******'
self.create_user(username)
self.create_context(create_context, permissions={'unsubscribe': 'subscribed'})
chash = sha1(subscribe_context['object']['url']).hexdigest()
self.admin_subscribe_user_to_context(username, subscribe_context, expect=201)
self.admin_unsubscribe_user_from_context(username, chash, expect=204)
def test_unsubscribe_another_user_from_context_allowed_unsubscribe_as_non_manager(self):
"""
Given i'm a user that doesn't have the Manager role
And i have permission to unsubscribe myself
When i try to unsubscribe other person from the context
I get a Forbidden Exception
"""
from max.tests.mockers import create_context, subscribe_context
username = '******'
other = 'penny'
self.create_user(username)
self.create_user(other)
self.create_context(create_context, permissions={'unsubscribe': 'subscribed'})
chash = sha1(subscribe_context['object']['url']).hexdigest()
self.admin_subscribe_user_to_context(username, subscribe_context, expect=201)
self.admin_subscribe_user_to_context(other, subscribe_context, expect=201)
self.user_unsubscribe_user_from_context(username, chash, auth_user=other, expect=403)
# Get context subscriptions
def test_get_context_subscriptions_as_manager(self):
"""
Given i'm a user that has the Manager role
When i try to get all subscriptions from a context
I succeed
"""
from max.tests.mockers import create_context, subscribe_context
username = '******'
self.create_user(username)
self.create_context(create_context, permissions={'unsubscribe': 'restricted'})
chash = sha1(subscribe_context['object']['url']).hexdigest()
self.admin_subscribe_user_to_context(username, subscribe_context, expect=201)
self.testapp.get('/contexts/{}/subscriptions'.format(chash), "", headers=oauth2Header(test_manager), status=200)
def test_get_context_subscriptions_as_owner(self):
"""
Given i'm a user that doesn't have the Manager role
And i'm the owner of the context
When i try to get all subscriptions from a context
I succeed
"""
from max.tests.mockers import create_context, subscribe_context
username = '******'
other = 'penny'
self.create_user(username)
self.create_user(other)
self.create_context(create_context, permissions={'unsubscribe': 'restricted'}, owner=username)
chash = sha1(subscribe_context['object']['url']).hexdigest()
self.admin_subscribe_user_to_context(username, subscribe_context, expect=201)
self.admin_subscribe_user_to_context(other, subscribe_context, expect=201)
self.testapp.get('/contexts/{}/subscriptions'.format(chash), "", headers=oauth2Header(username), status=200)
def test_get_context_subscriptions_as_non_manager_neither_owner(self):
"""
Given i'm a user that doesn't have the Manager role
And i'm not the owner of the context
When i try to get all subscriptions from a context
I get a Forbidden Exception
"""
from max.tests.mockers import create_context, subscribe_context
username = '******'
other = 'penny'
self.create_user(username)
self.create_user(other)
self.create_context(create_context, permissions={'unsubscribe': 'restricted'}, owner=username)
chash = sha1(subscribe_context['object']['url']).hexdigest()
self.admin_subscribe_user_to_context(username, subscribe_context, expect=201)
self.admin_subscribe_user_to_context(other, subscribe_context, expect=201)
self.testapp.get('/contexts/{}/subscriptions'.format(chash), "", headers=oauth2Header(other), status=403)
def test_get_user_subscriptions_as_manager(self):
"""
Given i'm a user that has the Manager role
When i try to get all subscriptions from a user
I succeed
"""
from max.tests.mockers import create_context, subscribe_context
username = '******'
self.create_user(username)
self.create_context(create_context, permissions={'unsubscribe': 'restricted'})
self.admin_subscribe_user_to_context(username, subscribe_context, expect=201)
self.testapp.get('/people/{}/subscriptions'.format(username), "", headers=oauth2Header(test_manager), status=200)
def test_get_own_user_subscriptions(self):
"""
Given i'm a user that doesn't have the Manager role
When i try to get all my subscriptions
I succeed
"""
from max.tests.mockers import create_context, subscribe_context
username = '******'
self.create_user(username)
self.create_context(create_context, permissions={'unsubscribe': 'restricted'}, owner=username)
self.admin_subscribe_user_to_context(username, subscribe_context, expect=201)
self.testapp.get('/people/{}/subscriptions'.format(username), "", headers=oauth2Header(username), status=200)
def test_get_user_subscriptions_as_non_manager_neither_own(self):
"""
Given i'm a user that doesn't have the Manager role
When i try to get all subscriptions from another user
I get a Forbidden Exception
"""
from max.tests.mockers import create_context, subscribe_context
username = '******'
other = 'penny'
self.create_user(username)
self.create_user(other)
self.create_context(create_context, permissions={'unsubscribe': 'restricted'}, owner=username)
self.admin_subscribe_user_to_context(username, subscribe_context, expect=201)
self.testapp.get('/people/{}/subscriptions'.format(username), "", headers=oauth2Header(other), status=403)
# Test Grant subscription permissions
def test_grant_permission_on_subscription_as_manager(self):
"""
Given i'm a user that has the Manager role
When i try to grant a permission on a user's suscription
I succeed
"""
from max.tests.mockers import create_context, subscribe_context
url_hash = sha1(create_context['url']).hexdigest()
username = '******'
self.create_user(username)
self.create_context(create_context, permissions={'read': 'subscribed'})
self.admin_subscribe_user_to_context(username, subscribe_context, expect=201)
permission = 'write'
self.testapp.put('/contexts/%s/permissions/%s/%s?permanent=1' % (url_hash, username, permission), "", oauth2Header(test_manager), status=201)
def test_grant_permission_on_subscription_as_context_owner(self):
"""
Given i'm a user that don't have the Manager role
And i'm the owner of the context
When i try to grant a permission on a user's suscription
I succeed
"""
from max.tests.mockers import create_context, subscribe_context
url_hash = sha1(create_context['url']).hexdigest()
username = '******'
other = 'penny'
self.create_user(username)
self.create_user(other)
self.create_context(create_context, permissions={'read': 'subscribed'}, owner=username)
self.admin_subscribe_user_to_context(other, subscribe_context, expect=201)
permission = 'write'
self.testapp.put('/contexts/%s/permissions/%s/%s?permanent=1' % (url_hash, other, permission), "", oauth2Header(username), status=201)
def test_grant_permission_on_subscription_as_non_manager_nor_owner(self):
"""
Given i'm a user that don't have the Manager role
And i'm not the owner of the context
When i try to grant a permission on a user's suscription
I get a Forbidden Exception
"""
from max.tests.mockers import create_context, subscribe_context
url_hash = sha1(create_context['url']).hexdigest()
username = '******'
other = 'penny'
self.create_user(username)
self.create_user(other)
self.create_context(create_context, permissions={'read': 'subscribed'}, owner=username)
self.admin_subscribe_user_to_context(other, subscribe_context, expect=201)
permission = 'write'
self.testapp.put('/contexts/%s/permissions/%s/%s?permanent=1' % (url_hash, other, permission), "", oauth2Header(other), status=403)
# Test revoke subscription permissions
def test_revoke_permission_on_subscription_as_manager(self):
"""
Given i'm a user that has the Manager role
When i try to revoke a permission on a user's suscription
I succeed
"""
from max.tests.mockers import create_context, subscribe_context
url_hash = sha1(create_context['url']).hexdigest()
username = '******'
self.create_user(username)
self.create_context(create_context, permissions={'read': 'subscribed'})
self.admin_subscribe_user_to_context(username, subscribe_context, expect=201)
permission = 'write'
self.testapp.delete('/contexts/%s/permissions/%s/%s?permanent=1' % (url_hash, username, permission), "", oauth2Header(test_manager), status=201)
def test_revoke_permission_on_subscription_as_context_owner(self):
"""
Given i'm a user that don't have the Manager role
And i'm the owner of the context
When i try to revoke a permission on a user's suscription
I succeed
"""
from max.tests.mockers import create_context, subscribe_context
url_hash = sha1(create_context['url']).hexdigest()
username = '******'
other = 'penny'
self.create_user(username)
self.create_user(other)
self.create_context(create_context, permissions={'read': 'subscribed'}, owner=username)
self.admin_subscribe_user_to_context(other, subscribe_context, expect=201)
permission = 'write'
self.testapp.delete('/contexts/%s/permissions/%s/%s?permanent=1' % (url_hash, other, permission), "", oauth2Header(username), status=201)
def test_revoke_permission_on_subscription_as_non_manager_nor_owner(self):
"""
Given i'm a user that don't have the Manager role
And i'm not the owner of the context
When i try to revoke a permission on a user's suscription
I get a Forbidden Exception
"""
from max.tests.mockers import create_context, subscribe_context
url_hash = sha1(create_context['url']).hexdigest()
username = '******'
other = 'penny'
self.create_user(username)
self.create_user(other)
self.create_context(create_context, permissions={'read': 'subscribed'}, owner=username)
self.admin_subscribe_user_to_context(other, subscribe_context, expect=201)
permission = 'write'
self.testapp.delete('/contexts/%s/permissions/%s/%s?permanent=1' % (url_hash, other, permission), "", oauth2Header(other), status=403)
# Test revoke subscription permissions
def test_reset_permission_defaults_on_subscription_as_manager(self):
"""
Given i'm a user that has the Manager role
When i try to reset all permission on a user's suscription to defaults
I succeed
"""
from max.tests.mockers import create_context, subscribe_context
url_hash = sha1(create_context['url']).hexdigest()
username = '******'
self.create_user(username)
self.create_context(create_context, permissions={'read': 'subscribed'})
self.admin_subscribe_user_to_context(username, subscribe_context, expect=201)
self.testapp.post('/contexts/%s/permissions/%s/defaults' % (url_hash, username), "", oauth2Header(test_manager), status=200)
def test_reset_permission_defaults_on_subscription_as_context_owner(self):
"""
Given i'm a user that don't have the Manager role
And i'm the owner of the context
When i try to reset all permission on a user's suscription to defaults
I succeed
"""
from max.tests.mockers import create_context, subscribe_context
url_hash = sha1(create_context['url']).hexdigest()
username = '******'
other = 'penny'
self.create_user(username)
self.create_user(other)
self.create_context(create_context, permissions={'read': 'subscribed'}, owner=username)
self.admin_subscribe_user_to_context(other, subscribe_context, expect=201)
self.testapp.post('/contexts/%s/permissions/%s/defaults' % (url_hash, other), "", oauth2Header(username), status=200)
def test_reset_permission_defaults_on_subscription_as_non_manager_nor_owner(self):
"""
Given i'm a user that don't have the Manager role
And i'm not the owner of the context
When i try to reset all permission on a user's suscription to defaults
I get a Forbidden Exception
"""
from max.tests.mockers import create_context, subscribe_context
url_hash = sha1(create_context['url']).hexdigest()
username = '******'
other = 'penny'
self.create_user(username)
self.create_user(other)
self.create_context(create_context, permissions={'read': 'subscribed'}, owner=username)
self.admin_subscribe_user_to_context(other, subscribe_context, expect=201)
self.testapp.post('/contexts/%s/permissions/%s/defaults' % (url_hash, other), "", oauth2Header(other), status=403)
class ContextACLTests(unittest.TestCase, MaxTestBase):
def setUp(self):
conf_dir = os.path.dirname(os.path.dirname(__file__))
self.app = loadapp('config:tests.ini', relative_to=conf_dir)
self.app.registry.max_store.drop_collection('users')
self.app.registry.max_store.drop_collection('activity')
self.app.registry.max_store.drop_collection('contexts')
self.app.registry.max_store.drop_collection('security')
self.app.registry.max_store.drop_collection('conversations')
self.app.registry.max_store.drop_collection('messages')
self.app.registry.max_store.security.insert(test_default_security)
self.patched_post = patch('requests.post', new=partial(mock_post, self))
self.patched_post.start()
self.testapp = MaxTestApp(self)
# Add context tests
def test_add_context_as_manager(self):
"""
Given a user that has the Manager role
When i try to get create a context
I succeed
"""
from max.tests.mockers import create_context
self.create_user(test_manager)
self.testapp.post('/contexts', json.dumps(create_context), oauth2Header(test_manager), status=201)
def test_add_context_as_non_manager(self):
"""
Given a user that doesn't have the Manager role
When i try to create a context
I get a Forbidden exception
"""
from max.tests.mockers import create_context
username = '******'
self.create_user(username)
self.testapp.post('/contexts', json.dumps(create_context), oauth2Header(username), status=403)
# View context tests
def test_view_context_as_manager_with_acls(self):
"""
Given i'm a user that has the Manager role
When i try to update any context
I succeed
And I get the acls for that context
"""
from max.tests.mockers import create_context
self.create_user(test_manager)
res = self.create_context(create_context)
chash = res.json['hash']
res = self.testapp.get('/contexts/%s?show_acls=1' % chash, "", oauth2Header(test_manager), status=200)
self.assertGreater(len(res.json['acls']), 0)
def test_view_context_as_manager(self):
"""
Given i'm a user that has the Manager role
When i try to update any context
I succeed
"""
from max.tests.mockers import create_context
self.create_user(test_manager)
res = self.create_context(create_context)
chash = res.json['hash']
self.testapp.get('/contexts/%s' % chash, "", oauth2Header(test_manager), status=200)
def test_view_context_as_non_manager(self):
"""
Given i'm a user that has the Manager role
When i try to update any context
I succeed
"""
from max.tests.mockers import create_context
username = '******'
self.create_user(test_manager)
self.create_user(username)
res = self.create_context(create_context)
chash = res.json['hash']
self.testapp.get('/contexts/%s' % chash, "", oauth2Header(username), status=200)
# Get all contexts tests
def test_get_all_contexts_as_manager(self):
"""
Given a user that has the Manager role
When i try to get all contexts
I succeed
"""
from max.tests.mockers import create_context
self.create_user(test_manager)
self.create_context(create_context)
self.testapp.get('/contexts', "", oauth2Header(test_manager), status=200)
def test_get_all_contexts_as_non_manager(self):
"""
Given a user that doesn't have the Manager role
When i try to get all contexts
I get a Forbidden exception
"""
from max.tests.mockers import create_context
username = '******'
self.create_user(test_manager)
self.create_user(username)
self.create_context(create_context)
self.testapp.get('/contexts', "", oauth2Header(username), status=403)
# Modify context tests
def test_modify_context_as_manager(self):
"""
Given i'm a user that has the Manager role
When i try to update any context
I succeed
"""
from max.tests.mockers import create_context
self.create_user(test_manager)
res = self.create_context(create_context)
chash = res.json['hash']
self.testapp.put('/contexts/%s' % chash, json.dumps({"twitterHashtag": "testhashtag"}), oauth2Header(test_manager), status=200)
def test_modify_context_as_manager_non_owner(self):
"""
Given i'm a user that has the Manager role
And i'm not the owner of the context
When i try to update any context
I succeed
"""
from max.tests.mockers import create_context
self.create_user(test_manager)
self.create_user(test_manager2)
res = self.create_context(create_context)
chash = res.json['hash']
self.testapp.put('/contexts/%s' % chash, json.dumps({"twitterHashtag": "testhashtag"}), oauth2Header(test_manager2), status=200)
def test_modify_context_as_owner(self):
"""
Given i'm a user that don't jave the Manager role
And is the owner of the context
When i try to update the context
I succeed
"""
from max.tests.mockers import create_context
username = '******'
self.create_user(test_manager)
self.create_user(username)
res = self.create_context(create_context, owner=username)
chash = res.json['hash']
self.testapp.put('/contexts/%s' % chash, json.dumps({"twitterHashtag": "testhashtag"}), oauth2Header(username), status=200)
def test_modify_context_as_non_owner_non_manager(self):
"""
Given i'm a user that don't jave the Manager role
And is the owner of the context
When i try to update the context
I succeed
"""
from max.tests.mockers import create_context
username = '******'
self.create_user(test_manager)
self.create_user(username)
res = self.create_context(create_context)
chash = res.json['hash']
self.testapp.put('/contexts/%s' % chash, json.dumps({"twitterHashtag": "testhashtag"}), oauth2Header(username), status=403)
# Delete context tests
def test_delete_context_as_manager(self):
"""
Given a user that has the Manager role
When i try to remove a context
I succeed
"""
from max.tests.mockers import create_context
self.create_user(test_manager)
res = self.create_context(create_context)
chash = res.json['hash']
self.testapp.delete('/contexts/%s' % (chash,), "", oauth2Header(test_manager), status=204)
def test_delete_context_as_manager_non_owner(self):
"""
Given a user that has the Manager role
And is not the owner of the context
When i try to remove a context
I succeed
"""
from max.tests.mockers import create_context
self.create_user(test_manager)
self.create_user(test_manager2)
res = self.create_context(create_context)
chash = res.json['hash']
self.testapp.delete('/contexts/%s' % (chash,), "", oauth2Header(test_manager2), status=204)
def test_delete_context_as_owner(self):
"""
Given a user that has doesn't have the Manager role
And is the owner of the context
When i try to remove a context
I succeed
"""
from max.tests.mockers import create_context
username = '******'
self.create_user(test_manager)
self.create_user(username)
res = self.create_context(create_context, owner=username)
chash = res.json['hash']
self.testapp.delete('/contexts/%s' % (chash,), "", oauth2Header(username), status=204)
def test_delete_context_as_non_manager_neither_owner(self):
"""
Given a user that has doesn't have the Manager role
And is not the owner of the context
When i try to remove a context
I get a Forbidden
"""
from max.tests.mockers import create_context
username = '******'
self.create_user(test_manager)
self.create_user(username)
res = self.create_context(create_context)
chash = res.json['hash']
self.testapp.delete('/contexts/%s' % (chash,), "", oauth2Header(username), status=403)
# Test context authors
def test_get_context_authors_as_manager(self):
"""
Given a user that is Manager
When i try to list context activity authors
I succeed
"""
from max.tests.mockers import create_context
self.create_user(test_manager)
res = self.create_context(create_context)
chash = res.json['hash']
self.testapp.get('/contexts/%s/activities/authors' % (chash,), "", oauth2Header(test_manager), status=200)
def test_get_context_authors_as_non_manager(self):
"""
Given a user that is not Manager
When i try to list context activity authors
I get a Forbidden
"""
from max.tests.mockers import create_context
username = '******'
self.create_user(test_manager)
self.create_user(username)
res = self.create_context(create_context, permissions={'read': 'subscribed'})
chash = res.json['hash']
self.testapp.get('/contexts/%s/activities/authors' % (chash,), "", oauth2Header(username), status=403)
def test_get_context_authors_as_non_manager_public_context(self):
"""
Given a user that is not Manager
When i try to list context activity authors
I get a Forbidden
"""
from max.tests.mockers import create_context
username = '******'
self.create_user(test_manager)
self.create_user(username)
res = self.create_context(create_context, permissions={'read': 'public'})
chash = res.json['hash']
self.testapp.get('/contexts/%s/activities/authors' % (chash,), "", oauth2Header(username), status=200)
def test_get_count_context_authors_as_non_manager(self):
"""
Given a user that is not Manager
When i try to list the count of context activity authors
I succeed
"""
from max.tests.mockers import create_context, subscribe_context
username = '******'
self.create_user(test_manager)
self.create_user(username)
res = self.create_context(create_context)
self.admin_subscribe_user_to_context(username, subscribe_context)
chash = res.json['hash']
self.testapp.head('/contexts/%s/activities/authors' % (chash,), oauth2Header(username), status=200)
class FunctionalTests(unittest.TestCase, MaxTestBase):
def setUp(self):
conf_dir = os.path.dirname(__file__)
self.app = loadapp('config:tests.ini', relative_to=conf_dir)
self.reset_database(self.app)
self.app.registry.max_store.security.insert(test_default_security_single)
self.patched_post = patch('requests.post', new=partial(mock_post, self))
self.patched_post.start()
self.testapp = MaxTestApp(self)
self.create_user(test_manager)
def test_get_security(self):
res = self.testapp.get('/admin/security', "", oauth2Header(test_manager), status=200)
result = json.loads(res.text)
self.assertEqual(result.get('roles', None).get('Manager')[0], 'test_manager')
def test_security_add_user_to_role(self):
username = '******'
self.create_user(username)
res = self.testapp.post('/admin/security/roles/%s/users/%s' % ('Manager', username), "", oauth2Header(test_manager), status=201)
self.assertItemsEqual(['messi', 'test_manager'], res.json)
def test_security_add_user_to_non_allowed_role(self):
username = '******'
self.create_user(username)
self.testapp.post('/admin/security/roles/%s/users/%s' % ('WrongRole', username), "", oauth2Header(test_manager), status=400)
def test_security_remove_user_from_non_allowed_role(self):
username = '******'
self.create_user(username)
self.testapp.delete('/admin/security/roles/%s/users/%s' % ('WrongRole', username), "", oauth2Header(test_manager), status=400)
def test_security_add_user_to_role_already_has_role(self):
res = self.testapp.post('/admin/security/roles/%s/users/%s' % ('Manager', 'test_manager'), "", oauth2Header(test_manager), status=200)
self.assertListEqual(['test_manager'], res.json)
def test_security_remove_user_from_role(self):
username = '******'
self.create_user(username)
self.testapp.post('/admin/security/roles/%s/users/%s' % ('Manager', username), "", oauth2Header(test_manager), status=201)
self.testapp.delete('/admin/security/roles/%s/users/%s' % ('Manager', username), "", oauth2Header(test_manager), status=204)
def test_security_remove_user_from_role_user_not_in_role(self):
username = '******'
self.create_user(username)
self.testapp.delete('/admin/security/roles/%s/users/%s' % ('Manager', username), "", oauth2Header(test_manager), status=404)
def test_security_add_user_to_role_check_security_reloaded(self):
test_manager2 = 'messi'
self.create_user(test_manager2)
self.testapp.get('/activities', "", oauth2Header(test_manager2), status=403)
self.testapp.post('/admin/security/roles/%s/users/%s' % ('Manager', test_manager2), "", oauth2Header(test_manager), status=201)
self.testapp.get('/activities', "", oauth2Header(test_manager2), status=200)
def test_security_remove_user_from_role_check_security_reloaded(self):
test_manager2 = 'messi'
self.create_user(test_manager2)
self.testapp.post('/admin/security/roles/%s/users/%s' % ('Manager', test_manager2), "", oauth2Header(test_manager), status=201)
self.testapp.get('/activities', "", oauth2Header(test_manager2), status=200)
self.testapp.delete('/admin/security/roles/%s/users/%s' % ('Manager', test_manager2), "", oauth2Header(test_manager), status=204)
self.testapp.get('/activities', "", oauth2Header(test_manager2), status=403)
class FunctionalTests(unittest.TestCase, MaxTestBase):
def setUp(self):
conf_dir = os.path.dirname(__file__)
self.app = loadapp('config:tests.ini', relative_to=conf_dir)
self.reset_database(self.app)
self.app.registry.max_store.security.insert(test_default_security)
self.patched_post = patch('requests.post', new=partial(mock_post, self))
self.patched_post.start()
self.testapp = MaxTestApp(self)
self.create_user(test_manager)
# BEGIN TESTS
def test_create_context(self):
""" doctests .. http:post:: /contexts"""
from .mockers import create_context
new_context = dict(create_context)
self.testapp.post('/contexts', json.dumps(new_context), oauth2Header(test_manager), status=201)
def test_create_context_creator_is_admin(self):
"""
Given a admin user
When I create a context
Then the creator of the context is the admin user
"""
from .mockers import create_context
res = self.testapp.post('/contexts', json.dumps(create_context), oauth2Header(test_manager), status=201)
self.assertEqual(res.json['creator'], test_manager)
def test_create_context_default_fields(self):
"""
Given an admin user
When I create a context
Then non-required fields with defaults are set
"""
from .mockers import create_context
res = self.testapp.post('/contexts', json.dumps(create_context), oauth2Header(test_manager), status=201)
self.assertIn('permissions', res.json)
self.assertIn('tags', res.json)
self.assertIn('objectType', res.json)
self.assertEqual(res.json['objectType'], 'context')
def test_post_activity_with_public_context(self):
""" Post an activity to a context which allows everyone to read and write
"""
from .mockers import subscribe_context, create_context
from .mockers import user_status_context
username = '******'
self.create_user(username)
self.create_context(create_context)
self.admin_subscribe_user_to_context(username, subscribe_context)
res = self.create_activity(username, user_status_context)
result = json.loads(res.text)
self.assertEqual(result.get('actor', None).get('username', None), 'messi')
self.assertEqual(result.get('object', None).get('objectType', None), 'note')
self.assertEqual(result.get('contexts', None)[0]['url'], subscribe_context['object']['url'])
def test_post_activity_with_private_read_write_context(self):
""" Post an activity to a context which needs the user to be subscribed to read and write
and we have previously subscribed the user.
"""
from .mockers import subscribe_context, create_context
from .mockers import user_status_context
from hashlib import sha1
username = '******'
self.create_user(username)
url_hash = sha1(create_context['url']).hexdigest()
context_permissions = dict(read='subscribed', write='subscribed', subscribe='restricted', invite='restricted')
self.create_context(create_context, permissions=context_permissions)
self.admin_subscribe_user_to_context(username, subscribe_context)
res = self.create_activity(username, user_status_context)
result = json.loads(res.text)
self.assertEqual(result.get('actor', None).get('username', None), 'messi')
self.assertEqual(result.get('object', None).get('objectType', None), 'note')
self.assertEqual(result.get('contexts', None)[0]['url'], subscribe_context['object']['url'])
return url_hash, username, user_status_context
def test_post_activity_with_private_read_context(self):
""" Try to post an activity to a context which needs the user to be subscribed to read
but needs to explicitly give write permission on the user to post and we have previously
subscribed the user but not given write permission.
"""
from .mockers import subscribe_context, create_context
from .mockers import user_status_context
username = '******'
self.create_user(username)
context_permissions = dict(read='subscribed', write='restricted', subscribe='restricted', invite='restricted')
self.create_context(create_context, permissions=context_permissions)
self.admin_subscribe_user_to_context(username, subscribe_context)
self.create_activity(username, user_status_context, expect=403)
def test_add_public_context(self):
from hashlib import sha1
from .mockers import create_context
res = self.testapp.post('/contexts', json.dumps(create_context), oauth2Header(test_manager), status=201)
result = json.loads(res.text)
url_hash = sha1(create_context['url']).hexdigest()
self.assertEqual(result.get('hash', None), url_hash)
def test_add_invalid_context(self):
from .mockers import create_invalid_context
self.create_context(create_invalid_context, expect=400)
def test_add_uri_context_without_displayName(self):
"""
Add a Uri context without a displayName and check that the default displayName is set
with the url from the uri object
"""
from .mockers import create_context_without_displayname
res = self.create_context(create_context_without_displayname, expect=201)
result = json.loads(res.text)
self.assertEqual(result.get('displayName', None), create_context_without_displayname['url'])
def test_add_public_context_with_all_params(self):
from hashlib import sha1
from .mockers import create_context_full
res = self.testapp.post('/contexts', json.dumps(create_context_full), oauth2Header(test_manager), status=201)
result = json.loads(res.text)
url_hash = sha1(create_context_full['url']).hexdigest()
self.assertEqual(result.get('hash', None), url_hash)
self.assertEqual(result.get('displayName', None), create_context_full['displayName'])
self.assertEqual(result.get('twitterHashtag', None), create_context_full['twitterHashtag'])
self.assertEqual(result.get('twitterUsername', None), create_context_full['twitterUsername'])
def test_context_exists(self):
""" doctest .. http:get:: /contexts/{hash} """
from hashlib import sha1
from .mockers import create_context
url_hash = sha1(create_context['url']).hexdigest()
self.create_context(create_context)
res = self.testapp.get('/contexts/%s' % url_hash, "", oauth2Header(test_manager), status=200)
result = json.loads(res.text)
self.assertEqual(result.get('hash', None), url_hash)
def test_context_informs_all_permissions(self):
""" doctest .. http:get:: /contexts/{hash} """
from hashlib import sha1
from .mockers import create_context
from max import DEFAULT_CONTEXT_PERMISSIONS
url_hash = sha1(create_context['url']).hexdigest()
self.create_context(create_context)
res = self.testapp.get('/contexts/%s' % url_hash, "", oauth2Header(test_manager), status=200)
result = json.loads(res.text)
self.assertEqual(result.get('hash', None), url_hash)
self.assertItemsEqual(result['permissions'].keys(), DEFAULT_CONTEXT_PERMISSIONS.keys())
def test_create_context_that_already_exists(self):
""" doctest .. http:get:: /contexts/{hash} """
from hashlib import sha1
from .mockers import create_context
url_hash = sha1(create_context['url']).hexdigest()
self.testapp.post('/contexts', json.dumps(create_context), oauth2Header(test_manager), status=201)
res = self.testapp.post('/contexts', json.dumps(create_context), oauth2Header(test_manager), status=200)
self.assertEqual(res.json.get('hash', None), url_hash)
def test_modify_context(self):
""" doctest .. http:put:: /contexts/{hash} """
from hashlib import sha1
from .mockers import create_context
self.create_context(create_context)
url_hash = sha1(create_context['url']).hexdigest()
res = self.testapp.put('/contexts/%s' % url_hash, json.dumps({"twitterHashtag": "assignatura1"}), oauth2Header(test_manager), status=200)
result = json.loads(res.text)
self.assertEqual(result.get('hash', None), url_hash)
self.assertEqual(result.get('twitterHashtag', None), 'assignatura1')
def test_modify_context_with_owner(self):
""" doctest .. http:put:: /contexts/{hash} """
from hashlib import sha1
from .mockers import create_context
mindundi = 'messi'
self.create_user(mindundi)
self.create_context(create_context, owner=mindundi)
url_hash = sha1(create_context['url']).hexdigest()
res = self.testapp.put('/contexts/%s' % url_hash, json.dumps({"twitterHashtag": "assignatura1"}), oauth2Header(mindundi), status=200)
result = json.loads(res.text)
self.assertEqual(result.get('hash', None), url_hash)
self.assertEqual(result.get('twitterHashtag', None), 'assignatura1')
def test_modify_context_forbidden(self):
""" doctest .. http:put:: /contexts/{hash} """
from hashlib import sha1
from .mockers import create_context
mindundi = 'messi'
self.create_user(mindundi)
self.create_context(create_context)
url_hash = sha1(create_context['url']).hexdigest()
self.testapp.put('/contexts/%s' % url_hash, json.dumps({"twitterHashtag": "assignatura1"}), oauth2Header(mindundi), status=403)
def test_modify_inexistent_context(self):
""" doctest .. http:put:: /contexts/{hash} """
url_hash = '0000000000000'
self.testapp.put('/contexts/%s' % url_hash, json.dumps({"twitterHashtag": "assignatura1"}), oauth2Header(test_manager), status=404)
@httpretty.activate
@patch('tweepy.API', MockTweepyAPI)
def test_modify_context_with_twitter_username(self):
from hashlib import sha1
from .mockers import create_context
self.create_context(create_context)
url_hash = sha1(create_context['url']).hexdigest()
res = self.testapp.put('/contexts/%s' % url_hash, json.dumps({"twitterHashtag": "assignatura1", "twitterUsername": "******"}), oauth2Header(test_manager), status=200)
result = json.loads(res.text)
self.assertEqual(result.get('hash', None), url_hash)
self.assertEqual(result.get('twitterHashtag', None), 'assignatura1')
self.assertEqual(result.get('twitterUsername', None), 'maxupcnet')
self.assertEqual(result.get('twitterUsernameId', None), '526326641')
def test_get_context_tags(self):
from hashlib import sha1
from .mockers import create_context
self.create_context(create_context)
url_hash = sha1(create_context['url']).hexdigest()
res = self.testapp.get('/contexts/%s/tags' % url_hash, "", oauth2Header(test_manager), status=200)
self.assertEqual(res.json, ['Assignatura'])
def test_update_context_tags_updates_existing_tags(self):
from hashlib import sha1
from .mockers import create_context
self.create_context(create_context)
url_hash = sha1(create_context['url']).hexdigest()
res = self.testapp.put('/contexts/%s/tags' % url_hash, json.dumps(['prova']), oauth2Header(test_manager), status=200)
self.assertEqual(res.json, ['Assignatura', 'prova'])
def test_update_context_tags_updates_existing_activites_tags(self):
from hashlib import sha1
from .mockers import create_context, subscribe_context, user_status_context
username = '******'
self.create_user(username)
self.create_context(create_context)
url_hash = sha1(create_context['url']).hexdigest()
self.admin_subscribe_user_to_context(username, subscribe_context)
self.create_activity(username, user_status_context)
self.testapp.put('/contexts/%s/tags' % url_hash, json.dumps(['prova']), oauth2Header(test_manager), status=200)
res = self.testapp.get('/contexts/%s/activities' % url_hash, "", oauth2Header(username), status=200)
self.assertEqual(res.json[0]['contexts'][0]['tags'], ['Assignatura', 'prova'])
def test_update_context_tags_updates_existing_subscription_tags(self):
from hashlib import sha1
from .mockers import create_context, subscribe_context, user_status_context
username = '******'
self.create_user(username)
self.create_context(create_context)
url_hash = sha1(create_context['url']).hexdigest()
self.admin_subscribe_user_to_context(username, subscribe_context)
self.create_activity(username, user_status_context)
self.testapp.put('/contexts/%s/tags' % url_hash, json.dumps(['prova']), oauth2Header(test_manager), status=200)
res = self.testapp.get('/people/%s' % username, "", oauth2Header(username), status=200)
self.assertEqual(res.json['subscribedTo'][0]['tags'], ['Assignatura', 'prova'])
def test_clear_context_tags(self):
from hashlib import sha1
from .mockers import create_context
self.create_context(create_context)
url_hash = sha1(create_context['url']).hexdigest()
res = self.testapp.delete('/contexts/%s/tags' % url_hash, "", oauth2Header(test_manager), status=200)
self.assertEqual(res.json, [])
def test_remove_context_tag(self):
from hashlib import sha1
from .mockers import create_context
self.create_context(create_context)
url_hash = sha1(create_context['url']).hexdigest()
self.testapp.put('/contexts/%s/tags' % url_hash, json.dumps(['prova']), oauth2Header(test_manager), status=200)
self.testapp.delete('/contexts/%s/tags/%s' % (url_hash, 'Assignatura'), "", oauth2Header(test_manager), status=204)
def test_modify_context_displayName_updates_subscription(self):
from hashlib import sha1
from .mockers import create_context, subscribe_context
username = '******'
self.create_user(username)
self.create_context(create_context, permissions=dict(read='subscribed', write='restricted', subscribe='restricted', invite='restricted'))
self.admin_subscribe_user_to_context(username, subscribe_context, expect=201)
url_hash = sha1(create_context['url']).hexdigest()
res = self.testapp.put('/contexts/%s' % url_hash, json.dumps({"displayName": "New Name"}), oauth2Header(test_manager), status=200)
res = self.testapp.get('/people/%s/subscriptions' % username, '', oauth2Header(username), status=200)
self.assertEqual(res.json[0]['displayName'], 'New Name')
def test_modify_context_unsetting_property(self):
from hashlib import sha1
from .mockers import create_context
self.create_context(create_context)
url_hash = sha1(create_context['url']).hexdigest()
self.modify_context(create_context['url'], {"twitterHashtag": "assignatura1", "twitterUsername": "******"})
res = self.testapp.put('/contexts/%s' % url_hash, json.dumps({"twitterHashtag": "", "twitterUsername": ""}), oauth2Header(test_manager), status=200)
result = json.loads(res.text)
self.assertEqual(result.get('hash', None), url_hash)
self.assertEqual(result.get('twitterHashtag', None), None)
self.assertEqual(result.get('twitterUsername', None), None)
self.assertEqual(result.get('twitterUsernameId', None), None)
def test_delete_context(self):
""" doctest .. http:delete:: /contexts/{hash} """
from hashlib import sha1
from .mockers import create_context
url_hash = sha1(create_context['url']).hexdigest()
self.create_context(create_context)
self.testapp.delete('/contexts/%s' % url_hash, "", oauth2Header(test_manager), status=204)
def test_deleted_context_is_really_deleted(self):
from hashlib import sha1
from .mockers import create_context
url_hash = sha1(create_context['url']).hexdigest()
self.create_context(create_context)
self.testapp.delete('/contexts/%s' % url_hash, "", oauth2Header(test_manager), status=204)
res = self.testapp.get('/contexts/%s' % url_hash, "", oauth2Header(test_manager), status=404)
result = json.loads(res.text)
self.assertEqual(result.get('error', None), 'ObjectNotFound')
def test_delete_inexistent_context(self):
""" doctest .. http:delete:: /contexts/{hash} """
url_hash = '00000000000000'
self.testapp.delete('/contexts/%s' % url_hash, "", oauth2Header(test_manager), status=404)
def test_delete_only_deleted_specified_context(self):
from hashlib import sha1
from .mockers import create_context, create_contextA
self.create_context(create_context)
self.create_context(create_contextA)
url_hash = sha1(create_context['url']).hexdigest()
url_hashA = sha1(create_contextA['url']).hexdigest()
self.testapp.delete('/contexts/%s' % url_hash, "", oauth2Header(test_manager), status=204)
res = self.testapp.get('/contexts/%s' % url_hashA, "", oauth2Header(test_manager), status=200)
result = json.loads(res.text)
self.assertEqual(result.get('hash', None), url_hashA)
def test_delete_context_removes_subscription_from_user(self):
"""
"""
from hashlib import sha1
from .mockers import subscribe_context, subscribe_contextA
from .mockers import create_context, create_contextA
from .mockers import user_status_context, user_status_contextA
username = '******'
self.create_user(username)
self.create_context(create_context)
self.create_context(create_contextA)
self.admin_subscribe_user_to_context(username, subscribe_context)
self.admin_subscribe_user_to_context(username, subscribe_contextA)
self.create_activity(username, user_status_context)
self.create_activity(username, user_status_contextA)
url_hash = sha1(create_context['url']).hexdigest()
self.testapp.delete('/contexts/%s' % url_hash, "", oauth2Header(test_manager), status=204)
res = self.testapp.get('/people/%s' % username, "", oauth2Header(username))
result = json.loads(res.text)
self.assertEqual(result.get('username', None), 'messi')
self.assertEqual(len(result.get('subscribedTo', [])), 1)
self.assertEqual(result.get('subscribedTo', [])[0]['url'], subscribe_contextA['object']['url'])
def test_user_cannot_see_activity_from_deleted_context(self):
"""
"""
from hashlib import sha1
from .mockers import subscribe_context
from .mockers import create_context
from .mockers import user_status_context
from .mockers import context_query
username = '******'
self.create_user(username)
self.create_context(create_context)
self.admin_subscribe_user_to_context(username, subscribe_context)
self.create_activity(username, user_status_context)
url_hash = sha1(create_context['url']).hexdigest()
self.testapp.delete('/contexts/%s' % url_hash, "", oauth2Header(test_manager), status=204)
self.testapp.get('/contexts/%s/activities' % (context_query['context']), '', oauth2Header(username), status=404)
def test_user_cannot_see_own_activity_from_deleted_context_in_timeline(self):
"""
"""
from hashlib import sha1
from .mockers import subscribe_context
from .mockers import create_context
from .mockers import user_status_context
username = '******'
self.create_user(username)
self.create_context(create_context)
self.admin_subscribe_user_to_context(username, subscribe_context)
self.create_activity(username, user_status_context)
url_hash = sha1(create_context['url']).hexdigest()
self.testapp.delete('/contexts/%s' % url_hash, "", oauth2Header(test_manager), status=204)
res = self.testapp.get('/people/%s/timeline' % username, {}, oauth2Header(username), status=200)
result = json.loads(res.text)
self.assertEqual(len(result), 0)
def test_add_private_rw_context(self):
from hashlib import sha1
from .mockers import create_context_private_rw
res = self.testapp.post('/contexts', json.dumps(create_context_private_rw), oauth2Header(test_manager), status=201)
result = json.loads(res.text)
url_hash = sha1(create_context_private_rw['url']).hexdigest()
self.assertEqual(result.get('hash', None), url_hash)
self.assertEqual(result.get('permissions', None), create_context_private_rw['permissions'])
def test_add_private_r_context(self):
from hashlib import sha1
from .mockers import create_context_private_r
res = self.testapp.post('/contexts', json.dumps(create_context_private_r), oauth2Header(test_manager), status=201)
result = json.loads(res.text)
url_hash = sha1(create_context_private_r['url']).hexdigest()
self.assertEqual(result.get('hash', None), url_hash)
self.assertEqual(result.get('permissions', None), create_context_private_r['permissions'])
def test_check_permissions_on_subscribed_rw_context(self):
from .mockers import create_context_private_rw, subscribe_context
username = '******'
self.create_user(username)
self.create_context(create_context_private_rw)
self.admin_subscribe_user_to_context(username, subscribe_context)
res = self.testapp.get('/people/%s' % username, "", oauth2Header(username))
result = json.loads(res.text)
self.assertEqual(len(result.get('subscribedTo', [])), 1)
self.assertEqual(result.get('subscribedTo', {})[0]['url'], subscribe_context['object']['url'])
self.assertEqual('read' in result.get('subscribedTo', {})[0]['permissions'], True)
self.assertEqual('write' in result.get('subscribedTo', {})[0]['permissions'], True)
def test_check_permissions_on_subscribed_write_restricted_context(self):
from .mockers import create_context_private_r, subscribe_context
username = '******'
self.create_user(username)
self.create_context(create_context_private_r)
self.admin_subscribe_user_to_context(username, subscribe_context)
res = self.testapp.get('/people/%s' % username, "", oauth2Header(username))
result = json.loads(res.text)
self.assertEqual(len(result.get('subscribedTo', [])), 1)
self.assertEqual(result.get('subscribedTo', {})[0]['url'], subscribe_context['object']['url'])
self.assertEqual('read' in result.get('subscribedTo', {})[0]['permissions'], True)
self.assertEqual('write' not in result.get('subscribedTo', {})[0]['permissions'], True)
def test_post_on_subscribed_write_restricted_context_without_write_permission(self):
from .mockers import create_context_private_r, subscribe_context, user_status_context
username = '******'
self.create_user(username)
self.create_context(create_context_private_r)
self.admin_subscribe_user_to_context(username, subscribe_context)
res = self.create_activity(username, user_status_context, expect=403)
def test_post_on_subscribed_rw_context(self):
from .mockers import create_context_private_rw, subscribe_context, user_status_context
username = '******'
self.create_user(username)
self.create_context(create_context_private_rw)
self.admin_subscribe_user_to_context(username, subscribe_context)
res = self.create_activity(username, user_status_context)
result = json.loads(res.text)
self.assertEqual(result.get('actor', None).get('username', None), 'messi')
self.assertEqual(result.get('object', None).get('objectType', None), 'note')
self.assertEqual(result.get('contexts', None)[0]['url'], user_status_context['contexts'][0]['url'])
def test_grant_write_permission_on_write_restricted_context(self):
""" doctest .. http:put:: /contexts/{hash}/permissions/{username}/{permission} """
from .mockers import create_context_private_r, subscribe_context
from hashlib import sha1
username = '******'
self.create_user(username)
self.create_context(create_context_private_r)
self.admin_subscribe_user_to_context(username, subscribe_context)
chash = sha1(create_context_private_r['url']).hexdigest()
permission = 'write'
res = self.testapp.put('/contexts/%s/permissions/%s/%s' % (chash, username, permission), "", oauth2Header(test_manager), status=201)
result = json.loads(res.text)
self.assertEqual('read' in result['permissions'], True)
self.assertEqual('write' in result['permissions'], True)
def test_revoke_write_permission_on_write_restricted_context(self):
""" doctest .. http:delete:: /contexts/{hash}/permissions/{username}/{permission} """
from .mockers import create_context_private_r, subscribe_context
from hashlib import sha1
username = '******'
self.create_user(username)
self.create_context(create_context_private_r)
self.admin_subscribe_user_to_context(username, subscribe_context)
chash = sha1(create_context_private_r['url']).hexdigest()
permission = 'write'
res = self.testapp.put('/contexts/%s/permissions/%s/%s' % (chash, username, permission), "", oauth2Header(test_manager), status=201)
res = self.testapp.delete('/contexts/%s/permissions/%s/%s' % (chash, username, permission), "", oauth2Header(test_manager), status=201)
result = json.loads(res.text)
self.assertEqual('read' in result['permissions'], True)
self.assertEqual('write' not in result['permissions'], True)
def test_grant_write_permission_on_non_subscribed_context(self):
from .mockers import create_context_private_r
from hashlib import sha1
username = '******'
self.create_user(username)
self.create_context(create_context_private_r)
chash = sha1(create_context_private_r['url']).hexdigest()
permission = 'write'
self.testapp.put('/contexts/%s/permissions/%s/%s' % (chash, username, permission), "", oauth2Header(test_manager), status=404)
def test_grant_invalid_permission_on_subscribed_context(self):
from .mockers import create_context_private_r, subscribe_context
from hashlib import sha1
username = '******'
self.create_user(username)
self.create_context(create_context_private_r)
self.admin_subscribe_user_to_context(username, subscribe_context)
chash = sha1(create_context_private_r['url']).hexdigest()
permission = 'badpermission'
res = self.testapp.put('/contexts/%s/permissions/%s/%s' % (chash, username, permission), "", oauth2Header(test_manager), status=400)
result = json.loads(res.text)
self.assertEqual(result.get('error', None), 'InvalidPermission')
def test_reset_user_subscription_to_default_permissions(self):
from .mockers import create_context_private_r, subscribe_context
from hashlib import sha1
username = '******'
self.create_user(username)
self.create_context(create_context_private_r)
self.admin_subscribe_user_to_context(username, subscribe_context)
chash = sha1(create_context_private_r['url']).hexdigest()
permission = 'write'
self.testapp.put('/contexts/%s/permissions/%s/%s' % (chash, username, permission), "", oauth2Header(test_manager), status=201)
res = self.testapp.post('/contexts/%s/permissions/%s/defaults' % (chash, username), "", oauth2Header(test_manager), status=200)
result = json.loads(res.text)
self.assertEqual('read' in result['permissions'], True)
self.assertEqual('write' in result['permissions'], False)
def test_get_context_subscriptions(self):
from .mockers import create_contextA, subscribe_contextA
from .mockers import create_context_private_r, subscribe_context
from hashlib import sha1
username = '******'
self.create_user(username)
self.create_context(create_contextA)
self.create_context(create_context_private_r)
self.admin_subscribe_user_to_context(username, subscribe_context)
self.admin_subscribe_user_to_context(username, subscribe_contextA)
chash = sha1(create_context_private_r['url']).hexdigest()
res = self.testapp.get('/contexts/%s/subscriptions' % (chash), "", oauth2Header(test_manager), status=200)
result = json.loads(res.text)
self.assertEqual(result[0].get('username', ''), 'messi')
self.assertEqual(result[0].get('hash', ''), chash)
def test_create_context_with_upload_url(self):
""" """
from .mockers import create_context_with_uploadurl
new_context = dict(create_context_with_uploadurl)
res = self.testapp.post('/contexts', json.dumps(new_context), oauth2Header(test_manager), status=201)
self.assertTrue(res.json.get('uploadURL'))
class FunctionalTests(unittest.TestCase, MaxTestBase):
def setUp(self):
conf_dir = os.path.dirname(__file__)
self.app = loadapp('config:tests.ini', relative_to=conf_dir)
self.reset_database(self.app)
self.app.registry.max_store.security.insert(test_default_security)
self.patched_post = patch('requests.post', new=partial(mock_post, self))
self.patched_post.start()
self.testapp = MaxTestApp(self)
self.create_user(test_manager)
def test_maintenance_keywords(self):
from .mockers import user_status
username = '******'
self.create_user(username, displayName='Lionel messi')
self.create_activity(username, user_status)
# Hard modify keywords directly on mongodb to simulate bad keywords
activities = self.exec_mongo_query('activity', 'find', {})
activity = activities[0]
del activity['_keywords']
activity['object']['_keywords'] = []
self.exec_mongo_query('activity', 'update', {'_id': activities[0]['_id']}, activity)
self.testapp.post('/admin/maintenance/keywords', "", oauth2Header(test_manager), status=200)
res = self.testapp.get('/activities/%s' % activity['_id'], "", oauth2Header(username), status=200)
expected_keywords = [u'canvi', u'creaci\xf3', u'estatus', u'lionel', u'messi', u'testejant']
response_keywords = res.json['keywords']
response_keywords.sort()
self.assertListEqual(expected_keywords, response_keywords)
def test_maintenance_dates(self):
from .mockers import user_status, user_comment
username = '******'
self.create_user(username, displayName='Lionel messi')
res = self.create_activity(username, user_status)
self.testapp.post('/activities/%s/comments' % str(res.json['id']), json.dumps(user_comment), oauth2Header(username), status=201)
res = self.testapp.post('/activities/%s/comments' % str(res.json['id']), json.dumps(user_comment), oauth2Header(username), status=201)
# Hard modify keywords directly on mongodb to simulate bad keywords
activities = self.exec_mongo_query('activity', 'find', {'verb': 'post'})
activity = activities[0]
# simulate ancient commented field with wrong date
activity['commented'] = activity['published']
del activity['lastComment']
self.exec_mongo_query('activity', 'update', {'_id': activities[0]['_id']}, activity)
self.testapp.post('/admin/maintenance/dates', "", oauth2Header(test_manager), status=200)
res = self.testapp.get('/activities/%s' % activity['_id'], "", oauth2Header(username), status=200)
self.assertEqual(res.json['lastComment'], res.json['replies'][-1]['id'])
def test_maintenance_subscriptions(self):
from .mockers import create_context
from .mockers import subscribe_context, user_status_context
from hashlib import sha1
username = '******'
self.create_user(username)
self.create_context(create_context, permissions=dict(read='subscribed', write='subscribed', subscribe='restricted', invite='restricted'))
chash = sha1(create_context['url']).hexdigest()
self.admin_subscribe_user_to_context(username, subscribe_context)
self.create_activity(username, user_status_context)
# Hard modify context directly on mongo to simulate changed permissions, displayName and tags
contexts = self.exec_mongo_query('contexts', 'find', {'hash': chash})
context = contexts[0]
context['permissions']['write'] = 'restricted'
context['displayName'] = 'Changed Name'
context['tags'].append('new tag')
self.exec_mongo_query('contexts', 'update', {'_id': context['_id']}, context)
self.testapp.post('/admin/maintenance/subscriptions', "", oauth2Header(test_manager), status=200)
# Check user subscription is updated
res = self.testapp.get('/people/{}'.format(username), "", oauth2Header(username), status=200)
self.assertEqual(res.json['subscribedTo'][0]['displayName'], 'Changed Name')
self.assertListEqual(res.json['subscribedTo'][0]['tags'], ['Assignatura', 'new tag'])
self.assertListEqual(res.json['subscribedTo'][0]['permissions'], ['read'])
# Check user activity is updated
res = self.testapp.get('/people/{}/timeline'.format(username), "", oauth2Header(username), status=200)
self.assertEqual(res.json[0]['contexts'][0]['displayName'], 'Changed Name')
self.assertListEqual(res.json[0]['contexts'][0]['tags'], ['Assignatura', 'new tag'])
def test_maintenance_conversations(self):
from .mockers import group_message as message
sender = 'messi'
recipient = 'xavi'
recipient2 = 'shakira'
self.create_user(sender)
self.create_user(recipient)
self.create_user(recipient2)
res = self.testapp.post('/conversations', json.dumps(message), oauth2Header(sender), status=201)
# Hard modify group conversation directly on mongo to simulate changed permissions, displayName and tags
conversations = self.exec_mongo_query('conversations', 'find', {})
conversation = conversations[0]
conversation['permissions']['write'] = 'restricted'
conversation['displayName'] = 'Changed Name'
conversation['tags'] = []
conversation['participants'] = ['messi', 'xavi', 'shakira'] # Simulate ol'times structure
self.exec_mongo_query('conversations', 'update', {'_id': conversation['_id']}, conversation)
# Hard Put a displayName on a user
users = self.exec_mongo_query('users', 'find', {'username': '******'})
user = users[0]
user['displayName'] = 'Lionel Messi'
self.exec_mongo_query('users', 'update', {'_id': user['_id']}, user)
self.testapp.post('/admin/maintenance/conversations', "", oauth2Header(test_manager), status=200)
# Check user subscription is updated
res = self.testapp.get('/people/{}'.format(sender), "", oauth2Header(sender), status=200)
self.assertEqual(res.json['talkingIn'][0]['displayName'], 'Changed Name')
self.assertEqual(res.json['talkingIn'][0]['participants'][0]['username'], 'messi')
self.assertEqual(res.json['talkingIn'][0]['participants'][1]['username'], 'xavi')
self.assertEqual(res.json['talkingIn'][0]['participants'][2]['username'], 'shakira')
self.assertListEqual(res.json['talkingIn'][0]['permissions'], ['read', 'unsubscribe'])
self.assertListEqual(res.json['talkingIn'][0]['tags'], ['group'])
conversation_id = res.json['talkingIn'][0]['id']
# Check context participants are updated
res = self.testapp.get('/conversations/{}'.format(conversation_id), "", oauth2Header(sender), status=200)
self.assertEqual(res.json['participants'][0]['displayName'], 'Lionel Messi')
# Check user activity is updated
res = self.testapp.get('/conversations/{}/messages'.format(conversation_id), "", oauth2Header(sender), status=200)
self.assertEqual(res.json[0]['contexts'][0]['displayName'], 'Changed Name')
def test_maintenance_conversations_group_one_participant(self):
from .mockers import group_message as message
sender = 'messi'
recipient = 'xavi'
recipient2 = 'shakira'
self.create_user(sender)
self.create_user(recipient)
self.create_user(recipient2)
res = self.testapp.post('/conversations', json.dumps(message), oauth2Header(sender), status=201)
conversation_id = str(res.json['contexts'][0]['id'])
self.testapp.delete('/people/{}/conversations/{}'.format(recipient, conversation_id), '', oauth2Header(recipient), status=204)
self.testapp.delete('/people/{}/conversations/{}'.format(recipient2, conversation_id), '', oauth2Header(recipient2), status=204)
self.testapp.post('/admin/maintenance/conversations', "", oauth2Header(test_manager), status=200)
res = self.testapp.get('/conversations/{}'.format(conversation_id), '', oauth2Header(sender), status=200)
self.assertEqual(len(res.json['participants']), 1)
self.assertIn('archive', res.json['tags'])
def test_maintenance_two_people_conversations(self):
from .mockers import message as creation_message
sender = 'messi'
recipient = 'xavi'
self.create_user(sender)
self.create_user(recipient)
res = self.testapp.post('/conversations', json.dumps(creation_message), oauth2Header(sender), status=201)
conversation_id = str(res.json['contexts'][0]['id'])
self.testapp.post('/admin/maintenance/conversations', "", oauth2Header(test_manager), status=200)
res = self.testapp.get('/conversations/{}'.format(conversation_id), '', oauth2Header(sender), status=200)
self.assertEqual(len(res.json['participants']), 2)
self.assertNotIn('single', res.json['tags'])
def test_maintenance_two_people_conversations_one_leave_conversation(self):
from .mockers import message as creation_message
sender = 'messi'
recipient = 'xavi'
self.create_user(sender)
self.create_user(recipient)
res = self.testapp.post('/conversations', json.dumps(creation_message), oauth2Header(sender), status=201)
conversation_id = str(res.json['contexts'][0]['id'])
self.testapp.delete('/people/{}/conversations/{}'.format(recipient, conversation_id), '', oauth2Header(recipient), status=204)
self.testapp.post('/admin/maintenance/conversations', "", oauth2Header(test_manager), status=200)
res = self.testapp.get('/conversations/{}'.format(conversation_id), '', oauth2Header(sender), status=200)
self.assertEqual(len(res.json['participants']), 2)
self.assertIn('single', res.json['tags'])
def test_maintenance_two_people_conversations_one_user_deleted(self):
from .mockers import message as creation_message
sender = 'messi'
recipient = 'xavi'
self.create_user(sender)
self.create_user(recipient)
res = self.testapp.post('/conversations', json.dumps(creation_message), oauth2Header(sender), status=201)
conversation_id = str(res.json['contexts'][0]['id'])
self.testapp.delete('/people/{}'.format(recipient), headers=oauth2Header(test_manager), status=204)
self.testapp.post('/admin/maintenance/conversations', "", oauth2Header(test_manager), status=200)
res = self.testapp.get('/conversations/{}'.format(conversation_id), '', oauth2Header(sender), status=200)
self.assertEqual(len(res.json['participants']), 2)
self.assertIn('archive', res.json['tags'])
def test_maintenance_two_people_conversations_tagged_archived(self):
from .mockers import message as creation_message
sender = 'messi'
recipient = 'xavi'
self.create_user(sender)
self.create_user(recipient)
res = self.testapp.post('/conversations', json.dumps(creation_message), oauth2Header(sender), status=201)
conversation_id = str(res.json['contexts'][0]['id'])
# Hard modify two people conversation directly on mongo to simulate archive in tags
conversations = self.exec_mongo_query('conversations', 'find', {})
conversation = conversations[0]
conversation['tags'] = ['archive']
self.exec_mongo_query('conversations', 'update', {'_id': conversation['_id']}, conversation)
self.testapp.post('/admin/maintenance/conversations', "", oauth2Header(test_manager), status=200)
res = self.testapp.get('/conversations/{}'.format(conversation_id), '', oauth2Header(sender), status=200)
self.assertEqual(len(res.json['participants']), 2)
self.assertNotIn('single', res.json['tags'])
def test_maintenance_users(self):
username = '******'
self.create_user(username)
# Hard modify user directly on mongo to simulate wrong owner and check is wrong
self.exec_mongo_query('users', 'update', {'username': username}, {'$set': {'_owner': 'test_manager'}})
res = self.testapp.get('/people/{}'.format(username), "", oauth2Header(test_manager), status=200)
self.assertEqual(res.json['owner'], 'test_manager')
self.testapp.post('/admin/maintenance/users', "", oauth2Header(test_manager), status=200)
res = self.testapp.get('/people/{}'.format(username), "", oauth2Header(test_manager), status=200)
self.assertEqual(res.json['owner'], username)
def test_maintenance_tokens(self):
username = '******'
self.create_user(username)
# Hard modify user directly on mongo to simulate old style tokens
self.exec_mongo_query('users', 'update', {'username': username}, {'$set': {'iosDevices': ['token1', 'token2'], 'androidDevices': ['token3', 'token4']}})
user = self.exec_mongo_query('users', 'find', {'username': username})[0]
ios = self.testapp.get('/people/{}/tokens/platforms/{}'.format(username, 'ios'), "", oauth2Header(username), status=200)
android = self.testapp.get('/people/{}/tokens/platforms/{}'.format(username, 'android'), "", oauth2Header(username), status=200)
self.assertEqual(ios.json, [])
self.assertEqual(android.json, [])
self.assertIn('iosDevices', user)
self.assertIn('androidDevices', user)
self.testapp.post('/admin/maintenance/tokens', "", oauth2Header(test_manager), status=200)
user = self.exec_mongo_query('users', 'find', {'username': username})[0]
ios = self.testapp.get('/people/{}/tokens/platforms/{}'.format(username, 'ios'), "", oauth2Header(username), status=200)
android = self.testapp.get('/people/{}/tokens/platforms/{}'.format(username, 'android'), "", oauth2Header(username), status=200)
migrated_ios_tokens = [a['token'] for a in ios.json]
migrated_android_tokens = [a['token'] for a in android.json]
self.assertItemsEqual(migrated_ios_tokens, ['token1', 'token2'])
self.assertItemsEqual(migrated_android_tokens, ['token3', 'token4'])
self.assertNotIn('iosDevices', user)
self.assertNotIn('androidDevices', user)
class FunctionalTests(unittest.TestCase, MaxTestBase):
def setUp(self):
conf_dir = os.path.dirname(__file__)
self.app = loadapp('config:tests.ini', relative_to=conf_dir)
self.reset_database(self.app)
self.app.registry.max_store.security.insert(test_default_security)
self.patched_post = patch('requests.post', new=partial(mock_post, self))
self.patched_post.start()
self.testapp = MaxTestApp(self)
self.create_user(test_manager)
# BEGIN TESTS
def test_get_all_users_admin(self):
username = '******'
self.create_user(username)
res = self.testapp.get('/people', "", oauth2Header(test_manager))
self.assertEqual(len(res.json), 2)
self.assertEqual(res.json[0].get('username'), 'test_manager')
self.assertEqual(res.json[1].get('username'), 'messi')
def test_admin_post_activity_without_context(self):
from .mockers import user_status
username = '******'
self.create_user(username)
res = self.testapp.post('/people/%s/activities' % username, json.dumps(user_status), oauth2Header(test_manager))
result = json.loads(res.text)
self.assertEqual(result.get('actor', None).get('username', None), 'messi')
self.assertEqual(result.get('object', None).get('objectType', None), 'note')
self.assertEqual(result.get('contexts', None), None)
def test_admin_post_activity_with_context(self):
""" doctest .. http:post:: /people/{username}/activities """
from .mockers import subscribe_context
from .mockers import user_status_context
from .mockers import create_context
username = '******'
self.create_user(username)
self.create_context(create_context)
self.admin_subscribe_user_to_context(username, subscribe_context)
res = self.testapp.post('/people/%s/activities' % username, json.dumps(user_status_context), oauth2Header(test_manager))
result = json.loads(res.text)
self.assertEqual(result.get('actor', None).get('username', None), 'messi')
self.assertEqual(result.get('object', None).get('objectType', None), 'note')
self.assertEqual(result.get('contexts', None)[0]['url'], subscribe_context['object']['url'])
def test_admin_post_activity_with_context_as_actor(self):
""" doctest .. http:post:: /contexts/{hash}/activities """
from .mockers import subscribe_context
from .mockers import user_status_as_context
from .mockers import create_context
from hashlib import sha1
self.create_context(create_context)
url_hash = sha1(create_context['url']).hexdigest()
res = self.testapp.post('/contexts/%s/activities' % url_hash, json.dumps(user_status_as_context), oauth2Header(test_manager), status=201)
result = json.loads(res.text)
self.assertEqual(result.get('actor', None).get('hash', None), url_hash)
self.assertEqual(result.get('object', None).get('objectType', None), 'note')
self.assertEqual(result.get('contexts', None)[0]['url'], subscribe_context['object']['url'])
def test_get_other_activities(self):
from .mockers import user_status_context
from .mockers import subscribe_context, create_context
username = '******'
self.create_user(username)
self.create_context(create_context)
self.admin_subscribe_user_to_context(username, subscribe_context)
self.create_activity(username, user_status_context)
self.testapp.get('/people/%s/activities' % (username), '', oauth2Header(test_manager), status=200)
def test_delete_user(self):
username = '******'
self.create_user(username)
self.testapp.delete('/people/%s' % username, '', oauth2Header(test_manager), status=204)
def test_delete_all_conversations(self):
from .mockers import group_message as message
sender = 'messi'
recipient = 'xavi'
recipient2 = 'shakira'
self.create_user(sender)
self.create_user(recipient)
self.create_user(recipient2)
self.testapp.post('/conversations', json.dumps(message), oauth2Header(sender), status=201)
self.testapp.post('/conversations', json.dumps(message), oauth2Header(sender), status=201)
self.testapp.post('/conversations', json.dumps(message), oauth2Header(sender), status=201)
self.testapp.delete('/conversations', '', oauth2Header(test_manager), status=204)
conversations = self.testapp.get('/conversations', '', oauth2Header(sender), status=200)
self.assertEqual(len(conversations.json), 0)
user_data = self.testapp.get('/people/{}'.format(sender), '', oauth2Header(sender), status=200)
self.assertEqual(len(user_data.json['talkingIn']), 0)
def test_delete_inexistent_user(self):
username = '******'
username2 = 'xavi'
self.create_user(username)
self.testapp.delete('/people/%s' % username2, '', oauth2Header(test_manager), status=400)
def test_admin_delete_inexistent_activity(self):
fake_id = '519200000000000000000000'
self.testapp.delete('/activities/%s' % (fake_id), '', oauth2Header(test_manager), status=404)
def test_admin_get_people_activities_by_context(self):
"""
"""
from .mockers import user_status
from .mockers import context_query
from .mockers import create_context
from .mockers import subscribe_context, user_status_context
username = '******'
self.create_user(username)
self.create_context(create_context, permissions=dict(read='subscribed', write='subscribed', subscribe='restricted', invite='restricted'))
self.admin_subscribe_user_to_context(username, subscribe_context)
self.create_activity(username, user_status_context)
self.create_activity(username, user_status)
res = self.testapp.get('/people/%s/activities' % username, context_query, oauth2Header(test_manager), status=200)
result = json.loads(res.text)
self.assertEqual(len(result), 1)
def test_admin_get_all_activities_by_context(self):
"""
XXX This test was here to test the Manager endpoint that didn't search for recursive activities
now this is unified so this feature will have to be refactored to a preset or parameter to
disable recursivity.
The test now is fixed to pass with correct acitivity count asserts
"""
from .mockers import user_status
from .mockers import subscribe_context, subscribe_contextA
from .mockers import create_context, create_contextA
from .mockers import user_status_context, user_status_contextA
from hashlib import sha1
username = '******'
self.create_user(username)
self.create_context(create_context, permissions=dict(read='subscribed', write='subscribed', subscribe='restricted', invite='restricted'))
self.admin_subscribe_user_to_context(username, subscribe_context)
url_hash = sha1(create_context['url']).hexdigest()
self.create_context(create_contextA, permissions=dict(read='subscribed', write='subscribed', subscribe='restricted', invite='restricted'))
self.admin_subscribe_user_to_context(username, subscribe_contextA)
url_hashA = sha1(create_contextA['url']).hexdigest()
self.create_activity(username, user_status_context)
self.create_activity(username, user_status_contextA)
self.create_activity(username, user_status)
res = self.testapp.get('/contexts/%s/activities' % url_hash, {}, oauth2Header(test_manager), status=200)
result = json.loads(res.text)
self.assertEqual(len(result), 2)
res = self.testapp.get('/contexts/%s/activities' % url_hashA, {}, oauth2Header(test_manager), status=200)
result = json.loads(res.text)
self.assertEqual(len(result), 1)
# def test_admin_post_activity_with_unauthorized_context_type_as_actor(self):
# from .mockers import create_unauthorized_context
# from hashlib import sha1
# result = self.create_context(create_invalid_context, expect=201)
# url_hash = sha1(create_invalid_context['object']['url']).hexdigest()
# res = self.testapp.post('/contexts/%s/activities' % url_hash, json.dumps(user_status_context), oauth2Header(test_manager))
# result = json.loads(res.text)
# self.assertEqual(result.get('actor', None).get('hash', None), url_hash)
# self.assertEqual(result.get('object', None).get('objectType', None), 'note')
# self.assertEqual(result.get('contexts', None)[0], subscribe_context['object'])
def test_get_users_twitter_enabled(self):
""" Doctest .. http:get:: /people """
username = '******'
username2 = 'xavi'
self.create_user(username)
self.create_user(username2)
self.modify_user(username, {"twitterUsername": "******"})
res = self.testapp.get('/people', {"twitter_enabled": True}, oauth2Header(test_manager), status=200)
self.assertEqual(len(res.json), 1)
self.assertIn('twitterUsername', res.json[0])
def test_get_context_twitter_enabled(self):
from .mockers import create_context, create_contextA
self.create_context(create_context)
self.create_context(create_contextA)
self.modify_context(create_context['url'], {"twitterHashtag": "assignatura1", "twitterUsername": "******"})
res = self.testapp.get('/contexts', {"twitter_enabled": True}, oauth2Header(test_manager), status=200)
self.assertEqual(len(res.json), 1)
def test_rename_context_url(self):
from .mockers import create_context
from .mockers import subscribe_context, user_status_context
from hashlib import sha1
username = '******'
self.create_user(username)
self.create_context(create_context, permissions=dict(read='subscribed', write='subscribed', subscribe='restricted', invite='restricted'))
self.admin_subscribe_user_to_context(username, subscribe_context)
activity = self.create_activity(username, user_status_context)
url_hash = sha1(create_context['url']).hexdigest()
res = self.testapp.put('/contexts/%s' % url_hash, json.dumps({"url": "http://new.url"}), oauth2Header(test_manager), status=200)
# Test context is updated
new_url_hash = sha1('http://new.url').hexdigest()
res = self.testapp.get('/contexts/%s' % new_url_hash, "", oauth2Header(test_manager), status=200)
self.assertEqual(res.json['url'], 'http://new.url')
self.assertEqual(res.json['hash'], new_url_hash)
# Test user subscription is updated
res = self.testapp.get('/people/%s' % username, "", oauth2Header(test_manager), status=200)
self.assertEqual(res.json['subscribedTo'][0]['url'], 'http://new.url')
self.assertEqual(res.json['subscribedTo'][0]['hash'], new_url_hash)
# Test user original subscription activity is updated
subscription_activity = self.exec_mongo_query('activity', 'find', {'object.hash': new_url_hash, 'object.url': "http://new.url", 'actor.username': username})
self.assertNotEqual(subscription_activity, [])
self.assertEqual(subscription_activity[0]['object']['hash'], new_url_hash)
self.assertEqual(subscription_activity[0]['object']['url'], 'http://new.url')
# Test user activity is updated
res = self.testapp.get('/activities/%s' % activity.json['id'], "", oauth2Header(test_manager), status=200)
self.assertEqual(res.json['contexts'][0]['url'], 'http://new.url')
self.assertEqual(res.json['contexts'][0]['hash'], new_url_hash)
class ConversationsACLTests(unittest.TestCase, MaxTestBase):
def setUp(self):
conf_dir = os.path.dirname(os.path.dirname(__file__))
self.app = loadapp("config:tests.ini", relative_to=conf_dir)
self.app.registry.max_store.drop_collection("users")
self.app.registry.max_store.drop_collection("activity")
self.app.registry.max_store.drop_collection("contexts")
self.app.registry.max_store.drop_collection("security")
self.app.registry.max_store.drop_collection("conversations")
self.app.registry.max_store.drop_collection("messages")
self.app.registry.max_store.security.insert(test_default_security)
self.patched_post = patch("requests.post", new=partial(mock_post, self))
self.patched_post.start()
self.testapp = MaxTestApp(self)
self.create_user(test_manager)
# Add like tests
def test_like_uncontexted_activity(self):
"""
Given i'm a regular user
When I try to like an uncontexted activity
Then I succeed
"""
from max.tests.mockers import user_status
username = "******"
username_not_me = "penny"
self.create_user(username)
self.create_user(username_not_me)
res = self.create_activity(username, user_status)
activity_id = res.json["id"]
self.testapp.post("/activities/%s/likes" % activity_id, "", oauth2Header(username_not_me), status=201)
def test_like_contexted_activity(self):
"""
Given i'm a regular user
And i'm subscribed to the activity contexted
And i have read permission on the context
When I try to like a contexted activity
Then I succeed
"""
from max.tests.mockers import user_status_context
from max.tests.mockers import subscribe_context, create_context
username = "******"
username_not_me = "penny"
self.create_user(username)
self.create_user(username_not_me)
self.create_context(create_context)
self.admin_subscribe_user_to_context(username, subscribe_context)
self.admin_subscribe_user_to_context(username_not_me, subscribe_context)
res = self.create_activity(username, user_status_context)
activity_id = res.json["id"]
self.testapp.post("/activities/%s/likes" % activity_id, "", oauth2Header(username), status=201)
def test_like_contexted_activity_no_subscription(self):
"""
Given i'm a regular user
And i'm not subscribed to the activity context
When I try to like the contexted activity
Then I get a Forbidden Exception
"""
from max.tests.mockers import user_status_context
from max.tests.mockers import subscribe_context, create_context
username = "******"
username_not_me = "penny"
self.create_user(username)
self.create_user(username_not_me)
self.create_context(create_context, permissions={"read": "subscribed"})
self.admin_subscribe_user_to_context(username, subscribe_context)
res = self.create_activity(username, user_status_context)
activity_id = res.json["id"]
self.testapp.post("/activities/%s/likes" % activity_id, "", oauth2Header(username_not_me), status=403)
def test_like_contexted_activity_subscribed_no_read_permission(self):
"""
Given i'm a regular user
And i'm subscribed to the activity context
And i don't have read permission on the context
When I try to like the contexted activity
Then I get a Forbidden Exception
"""
from max.tests.mockers import user_status_context
from max.tests.mockers import subscribe_context, create_context
username = "******"
username_not_me = "penny"
self.create_user(username)
self.create_user(username_not_me)
self.create_context(create_context, permissions={"read": "restricted"})
self.admin_subscribe_user_to_context(username, subscribe_context)
res = self.create_activity(username, user_status_context)
activity_id = res.json["id"]
self.testapp.post("/activities/%s/likes" % activity_id, "", oauth2Header(username_not_me), status=403)
def test_like_uncontexted_activity_impersonating(self):
"""
Given i'm a Manager user
When I try to like an activity impersonating as another user
Then I succeed
"""
from max.tests.mockers import user_status
username = "******"
username_not_me = "penny"
self.create_user(username)
self.create_user(username_not_me)
res = self.create_activity(username, user_status)
activity_id = res.json["id"]
self.testapp.post(
"/activities/%s/likes" % activity_id,
json.dumps(impersonate_payload({}, username)),
oauth2Header(test_manager),
status=201,
)
def test_like_uncontexted_activity_impersonating_no_privileges(self):
"""
Given i'm a regular user
When I try to like an activity impersonating as another user
Then I get a Forbidden Exception
"""
from max.tests.mockers import user_status
username = "******"
username_not_me = "penny"
self.create_user(username)
self.create_user(username_not_me)
res = self.create_activity(username, user_status)
activity_id = res.json["id"]
self.testapp.post(
"/activities/%s/likes" % activity_id,
json.dumps(impersonate_payload({}, username)),
oauth2Header(username_not_me),
status=403,
)
# Add unlike tests
def test_unlike_liked_activity(self):
"""
Given i'm a regular user
When I try to unlike an activity
Then I succeed
"""
from max.tests.mockers import user_status
username = "******"
username_not_me = "penny"
self.create_user(username)
self.create_user(username_not_me)
res = self.create_activity(username, user_status)
activity_id = res.json["id"]
self.testapp.post("/activities/%s/likes" % activity_id, "", oauth2Header(username), status=201)
self.testapp.delete("/activities/%s/likes/%s" % (activity_id, username), "", oauth2Header(username), status=204)
def test_unlike_liked_activity_impersonating(self):
"""
Given i'm a Manager user
When I try to unlike an activity as someone else
Then I succeed
"""
from max.tests.mockers import user_status
username = "******"
username_not_me = "penny"
self.create_user(username)
self.create_user(username_not_me)
res = self.create_activity(username, user_status)
activity_id = res.json["id"]
self.testapp.post("/activities/%s/likes" % activity_id, "", oauth2Header(username), status=201)
self.testapp.delete(
"/activities/%s/likes/%s" % (activity_id, username), "", oauth2Header(test_manager), status=204
)
def test_unlike_liked_activity_impersonating_no_privileges(self):
"""
Given i'm a regular user
When I try to unlike an activity as someone else
Then I get a Forbidden Exception
"""
from max.tests.mockers import user_status
username = "******"
username_not_me = "penny"
self.create_user(username)
self.create_user(username_not_me)
res = self.create_activity(username, user_status)
activity_id = res.json["id"]
self.testapp.post("/activities/%s/likes" % activity_id, "", oauth2Header(username), status=201)
self.testapp.delete(
"/activities/%s/likes/%s" % (activity_id, username), "", oauth2Header(username_not_me), status=403
)
def test_unlike_non_liked_activity(self):
"""
Given i'm a regular user
When I try to unlike an activity
And the activity is not liked
Then I get a Forbidden Exception
"""
from max.tests.mockers import user_status
username = "******"
username_not_me = "penny"
self.create_user(username)
self.create_user(username_not_me)
res = self.create_activity(username, user_status)
activity_id = res.json["id"]
self.testapp.delete("/activities/%s/likes/%s" % (activity_id, username), "", oauth2Header(username), status=403)
# Add flag tests
def test_flag_uncontexted_activity(self):
"""
Given i'm a regular user
When I try to flag an uncontexted activity
Then I get a Forbidden Exception
"""
from max.tests.mockers import user_status
username = "******"
self.create_user(username)
res = self.create_activity(username, user_status)
activity_id = res.json["id"]
res = self.testapp.post("/activities/%s/flag" % activity_id, "", oauth2Header(username), status=403)
def test_flag_contexted_activity(self):
"""
Given i'm a regular user
And i'm subscribed to the activity context
And i have the flag permission on the context
When I try to flag a contexted activity
Then I succeed
"""
from max.tests.mockers import user_status_context
from max.tests.mockers import subscribe_context, create_context
from hashlib import sha1
username = "******"
self.create_user(username)
self.create_context(create_context)
chash = sha1(create_context["url"]).hexdigest()
self.admin_subscribe_user_to_context(username, subscribe_context)
self.grant_permission(chash, username, "flag")
res = self.create_activity(username, user_status_context)
activity_id = res.json["id"]
res = self.testapp.post("/activities/%s/flag" % activity_id, "", oauth2Header(username), status=201)
def test_flag_contexted_activity_no_subscription(self):
"""
Given i'm a regular user
And i'm not subscribed to the activity context
When I try to flag a contexted activity
Then I get a Forbidden Exception
"""
from max.tests.mockers import user_status_context
from max.tests.mockers import subscribe_context, create_context
username = "******"
username_not_me = "penny"
self.create_user(username)
self.create_user(username_not_me)
self.create_context(create_context)
self.admin_subscribe_user_to_context(username, subscribe_context)
res = self.create_activity(username, user_status_context)
activity_id = res.json["id"]
res = self.testapp.post("/activities/%s/flag" % activity_id, "", oauth2Header(username_not_me), status=403)
def test_flag_contexted_activity_subscribed_no_flag_permission(self):
"""
Given i'm a regular user
And i'm subscribed to the activity context
And i don't have the flag permission on the context
When I try to flag a contexted activity
Then I get a Forbidden Exception
"""
from max.tests.mockers import user_status_context
from max.tests.mockers import subscribe_context, create_context
username = "******"
username_not_me = "penny"
self.create_user(username)
self.create_user(username_not_me)
self.create_context(create_context)
self.admin_subscribe_user_to_context(username, subscribe_context)
res = self.create_activity(username, user_status_context)
activity_id = res.json["id"]
res = self.testapp.post("/activities/%s/flag" % activity_id, "", oauth2Header(username), status=403)
def test_flag_contexted_activity_as_manager(self):
"""
Given i'm a regular user
When I try to flag a contexted activity
Then I succeed
"""
from max.tests.mockers import user_status_context
from max.tests.mockers import subscribe_context, create_context
username = "******"
self.create_user(username)
self.create_context(create_context)
self.admin_subscribe_user_to_context(username, subscribe_context)
res = self.create_activity(username, user_status_context)
activity_id = res.json["id"]
res = self.testapp.post("/activities/%s/flag" % activity_id, "", oauth2Header(test_manager), status=201)
# Add unflag tests
def test_unflag_flagged_activity(self):
"""
Given i'm a regular user
And i'm subscribed to the activity context
And i have the flag permission on the context
When I try to unflag a flagged activity
Then I succeed
"""
from max.tests.mockers import user_status_context
from max.tests.mockers import subscribe_context, create_context
from hashlib import sha1
username = "******"
self.create_user(username)
self.create_context(create_context)
chash = sha1(create_context["url"]).hexdigest()
self.admin_subscribe_user_to_context(username, subscribe_context)
self.grant_permission(chash, username, "flag")
res = self.create_activity(username, user_status_context)
activity_id = res.json["id"]
res = self.testapp.post("/activities/%s/flag" % activity_id, "", oauth2Header(username), status=201)
res = self.testapp.delete("/activities/%s/flag" % activity_id, "", oauth2Header(username), status=204)
def test_unflag_flagged_activity_no_subscription(self):
"""
Given i'm a regular user
And i'm not subscribed to the activity context
When I try to unflag a flagged activity
Then I get a Forbidden Exception
"""
from max.tests.mockers import user_status_context
from max.tests.mockers import subscribe_context, create_context
from hashlib import sha1
username = "******"
username_not_me = "penny"
self.create_user(username)
self.create_user(username_not_me)
self.create_context(create_context)
chash = sha1(create_context["url"]).hexdigest()
self.admin_subscribe_user_to_context(username, subscribe_context)
self.grant_permission(chash, username, "flag")
res = self.create_activity(username, user_status_context)
activity_id = res.json["id"]
res = self.testapp.post("/activities/%s/flag" % activity_id, "", oauth2Header(username), status=201)
res = self.testapp.delete("/activities/%s/flag" % activity_id, "", oauth2Header(username_not_me), status=403)
def test_unflag_flagged_activity_subscribed_no_flag_permission(self):
"""
Given i'm a regular user
And i'm subscribed to the activity context
And i don't have the flag permission on the context
When I try to unflag a flagged activity
Then I get a Forbidden Exception
"""
from max.tests.mockers import user_status_context
from max.tests.mockers import subscribe_context, create_context
from hashlib import sha1
username = "******"
username_not_me = "penny"
self.create_user(username)
self.create_user(username_not_me)
self.create_context(create_context)
chash = sha1(create_context["url"]).hexdigest()
self.admin_subscribe_user_to_context(username, subscribe_context)
self.admin_subscribe_user_to_context(username_not_me, subscribe_context)
self.grant_permission(chash, username, "flag")
res = self.create_activity(username, user_status_context)
activity_id = res.json["id"]
res = self.testapp.post("/activities/%s/flag" % activity_id, "", oauth2Header(username), status=201)
res = self.testapp.delete("/activities/%s/flag" % activity_id, "", oauth2Header(username_not_me), status=403)
def test_unflag_flagged_activity_as_manager(self):
"""
Given i'm a Manager user
When I try to unflag a flagged activity
Then I succeed
"""
from max.tests.mockers import user_status_context
from max.tests.mockers import subscribe_context, create_context
username = "******"
self.create_user(username)
self.create_context(create_context)
self.admin_subscribe_user_to_context(username, subscribe_context)
res = self.create_activity(username, user_status_context)
activity_id = res.json["id"]
res = self.testapp.post("/activities/%s/flag" % activity_id, "", oauth2Header(test_manager), status=201)
res = self.testapp.delete("/activities/%s/flag" % activity_id, "", oauth2Header(test_manager), status=204)
def test_unflag_non_flagged_activity(self):
"""
Given i'm a regular user
When I try to unflag a non flagged activity
Then I succeed
"""
from max.tests.mockers import user_status_context
from max.tests.mockers import subscribe_context, create_context
from hashlib import sha1
username = "******"
self.create_user(username)
self.create_context(create_context)
chash = sha1(create_context["url"]).hexdigest()
self.admin_subscribe_user_to_context(username, subscribe_context)
self.grant_permission(chash, username, "flag")
res = self.create_activity(username, user_status_context)
activity_id = res.json["id"]
res = self.testapp.delete("/activities/%s/flag" % activity_id, "", oauth2Header(username), status=204)
