def setUpClass(cls):
logging.debug('Clearing the db...')
Container.objects.all().delete()
logging.debug('Creating user...')
cls.user = User.objects.get_or_create(username='******')[0]
logging.debug('Adding to the DB two bundles...')
cls.ids = [Container.create('search_test_1', examples.bundles1(), cls.user, False).id,
Container.create('search_test_1_other', examples.bundles2(), cls.user, False).id]
def testUserPermissions(self):
logging.debug('Creating API Key for user test1...')
api_key = ApiKey.objects.create(user=self.users[1]).key
auth = 'ApiKey ' + self.users[1].username + ':' + api_key
bundle = examples.bundles1()
data="""{"rec_id": "#mockup","content": """+bundle.JSONEncoder().encode(bundle)+'}'
logging.debug('Executing POST method with the authentication...')
response = self.client.post('/api/v0/bundle/',data=data,content_type='application/json',
**{'HTTP_AUTHORIZATION': auth})
self.assertEqual(response.status_code, 201)
bundle = Container.objects.get(id=json.JSONDecoder().decode(response.content)['id'])
logging.debug('Bundle created with id '+`bundle.id`)
logging.debug('Checking all raw permissions...')
self.assertTrue(self.users[1].has_perm('provserver.view_container', bundle))
self.assertTrue(self.users[1].has_perm('change_container', bundle))
self.assertTrue(self.users[1].has_perm('delete_container', bundle))
self.assertTrue(self.users[1].has_perm('admin_container', bundle))
self.assertTrue(self.users[1].has_perm('ownership_container', bundle))
destination = '/api/v0/bundle/' + `bundle.id` + '/?format=json'
logging.debug('Checking API permissions...')
response = self.client.get(destination, **{'HTTP_AUTHORIZATION': auth})
self.assertEqual(response.status_code, 200)
# response = self.client.put(destination,data=data,content_type='application/json',
# **{'HTTP_AUTHORIZATION': auth})
# self.assertEqual(response.status_code, 202)
logging.debug('Checking other users raw permissions...')
self.assertFalse(self.users[0].has_perm('view_container', bundle))
self.assertFalse(self.users[0].has_perm('change_container', bundle))
self.assertFalse(self.users[0].has_perm('delete_container', bundle))
self.assertFalse(self.users[0].has_perm('admin_container', bundle))
self.assertFalse(self.users[0].has_perm('ownership_container', bundle))
try:
fake_key = ApiKey.objects.get(user=self.users[0]).key
except ApiKey.DoesNotExist:
fake_key = ApiKey.objects.create(user=self.users[0]).key
fakeauth = 'ApiKey ' + self.users[0].username + ':' + fake_key
logging.debug('Checking API permissions for other user...')
response = self.client.get(destination, **{'HTTP_AUTHORIZATION': fakeauth})
self.assertEqual(response.status_code, 403)
logging.debug('Checking group permissions...')
public = Group.objects.get(name='public')
assign('view_container', public, bundle)
self.assertTrue(self.users[0].has_perm('view_container', bundle))
self.assertFalse(self.users[0].has_perm('change_container', bundle))
self.assertFalse(self.users[0].has_perm('delete_container', bundle))
self.assertFalse(self.users[0].has_perm('admin_container', bundle))
self.assertFalse(self.users[0].has_perm('ownership_container', bundle))
response = self.client.get(destination, **{'HTTP_AUTHORIZATION': fakeauth})
self.assertEqual(response.status_code, 200)
remove_perm('view_container', public, bundle)
self.assertFalse(self.users[0].has_perm('view_container', bundle))
self.assertFalse(self.users[0].has_perm('change_container', bundle))
self.assertFalse(self.users[0].has_perm('delete_container', bundle))
self.assertFalse(self.users[0].has_perm('admin_container', bundle))
self.assertFalse(self.users[0].has_perm('ownership_container', bundle))
logging.debug('Deleteing the bundle from the API...')
response = self.client.delete(destination, **{'HTTP_AUTHORIZATION': auth})
self.assertEqual(response.status_code, 204)
self.assertRaises(Container.DoesNotExist, Container.objects.get, id=bundle.id)