def test_is_authorized_works_for_token_resource_too(self, auth_factory): authorizer = Mock() auth_factory.return_value = authorizer user = self.mock_authenticated is_authorized(user, 'read', 'token') auth_factory.assert_called_with('token') authorizer.can.assert_called_with(user, 'read', 'token')
def test_is_authorized_calls_can_with_object_for_instances(self, auth_factory): authorizer = Mock() auth_factory.return_value = authorizer user = self.mock_authenticated instance = User() is_authorized(user, 'read', instance) auth_factory.assert_called_with(instance.__class__.__name__.lower()) authorizer.can.assert_called_with(user, 'read', instance)
def test_is_authorized_calls_can_with_None_for_classes(self, auth_factory): authorizer = Mock() auth_factory.return_value = authorizer user = self.mock_authenticated _class = User is_authorized(user, 'read', _class) auth_factory.assert_called_with(_class.__name__.lower()) authorizer.can.assert_called_with(user, 'read', None)
def test_is_authorized_calls_can_with_object_for_instances( self, auth_factory): authorizer = Mock() auth_factory.return_value = authorizer user = self.mock_authenticated instance = User() is_authorized(user, 'read', instance) auth_factory.assert_called_with(instance.__class__.__name__.lower()) authorizer.can.assert_called_with(user, 'read', instance)
def _file_upload(self, data): """Method that must be overriden by the class to allow file uploads for only a few classes.""" cls_name = self.__class__.__name__.lower() content_type = 'multipart/form-data' if (content_type in request.headers.get('Content-Type') and cls_name in self.allowed_classes_upload): data = dict() for key in request.form.keys(): if key in ['project_id', 'task_id']: data[key] = int(request.form[key]) elif key == 'info': data[key] = json.loads(request.form[key]) else: data[key] = request.form[key] # inst = self._create_instance_from_request(data) data = self.hateoas.remove_links(data) inst = self.__class__(**data) self._add_user_info(inst) is_authorized(current_user, 'create', inst) upload_method = current_app.config.get('UPLOAD_METHOD') if request.files.get('file') is None: raise AttributeError _file = request.files['file'] if current_user.is_authenticated(): container = "user_%s" % current_user.id else: container = "anonymous" if _file.filename == 'blob' or _file.filename is None: _file.filename = "%s.png" % time.time() uploader.upload_file(_file, container=container) avatar_absolute = current_app.config.get('AVATAR_ABSOLUTE') file_url = get_avatar_url(upload_method, _file.filename, container, avatar_absolute) data['media_url'] = file_url if data.get('info') is None: data['info'] = dict() data['info']['container'] = container data['info']['file_name'] = _file.filename return data else: return None
def _file_upload(self, data): """Method that must be overriden by the class to allow file uploads for only a few classes.""" cls_name = self.__class__.__name__.lower() content_type = 'multipart/form-data' request_headers = request.headers.get('Content-Type') if request_headers is None: request_headers = [] if (content_type in request_headers and cls_name in self.allowed_classes_upload): data = dict() for key in list(request.form.keys()): if key in ['project_id', 'task_id']: data[key] = int(request.form[key]) elif key == 'info': data[key] = json.loads(request.form[key]) else: data[key] = request.form[key] # inst = self._create_instance_from_request(data) data = self.hateoas.remove_links(data) inst = self.__class__(**data) self._add_user_info(inst) is_authorized(current_user, 'create', inst) upload_method = current_app.config.get('UPLOAD_METHOD') if request.files.get('file') is None: raise AttributeError _file = request.files['file'] if current_user.is_authenticated: container = "user_%s" % current_user.id else: container = "anonymous" if _file.filename == 'blob' or _file.filename is None: _file.filename = "%s.png" % time.time() uploader.upload_file(_file, container=container) avatar_absolute = current_app.config.get('AVATAR_ABSOLUTE') file_url = get_avatar_url(upload_method, _file.filename, container, avatar_absolute) data['media_url'] = file_url if data.get('info') is None: data['info'] = dict() data['info']['container'] = container data['info']['file_name'] = _file.filename return data else: return None
def _file_upload(self, data): """Method that must be overriden by the class to allow file uploads for only a few classes.""" cls_name = self.__class__.__name__.lower() """Accepting both content types - text or with file""" content_type_file = 'multipart/form-data' content_type_text = 'application/x-www-form-urlencoded' request_headers = request.headers.get('Content-Type') if request_headers is None: request_headers = [] """ check for content type - file or text""" if ( (content_type_file in request_headers or content_type_text in request_headers) and cls_name in self.allowed_classes_upload): data = dict() for key in list(request.form.keys()): #Adding user_id in data if key in ['project_id']: data[key] = int(request.form[key]) elif key == 'info': data[key] = json.loads(request.form[key]) else: data[key] = request.form[key] #Check if task exists tasks = task_repo.getTasks(data['info']['uuid'],data['project_id']) try: #if it exists, add as task id task = [row[0] for row in tasks] data['task_id'] = task[0] except: #if does not exist, add new task info = data['info'] task = Task(project_id=data['project_id'], info=info,n_answers=10) task_repo.save(task) data['task_id'] = task.id """Try to get user by uuid, if not present, add a new user""" user = user_repo.get_by(mykaarma_user_id=data['useruuid']) if(user is None): name = get_mykaarma_username_from_full_name(data["fullname"]) user = user_repo.get_by_name(name) while(user is not None): name = get_mykaarma_username_from_full_name(data["fullname"]) user = user_repo.get_by_name(name) user = User(fullname=data['fullname'], name=name, email_addr=data['email'], mykaarma_user_id=data['useruuid']) user_repo.save(user) """ add user id extracted from user repo""" data['user_id'] = user.id """ delete extra keys to suit Taskrun class format""" del data['useruuid'] del data['fullname'] del data['email'] data = self.hateoas.remove_links(data) inst = self.__class__(**data) self._add_user_info(inst) is_authorized(current_user, 'create', inst) upload_method = current_app.config.get('UPLOAD_METHOD') """Add user id to container""" container = "user_%s" % data['user_id'] if data.get('info') is None: data['info'] = dict() data['info']['container'] = container if(request.files.get('file') is not None): _file = request.files['file'] if _file.filename == 'blob' or _file.filename is None: _file.filename = "%s.png" % time.time() uploader.upload_file(_file, container=container) avatar_absolute = current_app.config.get('AVATAR_ABSOLUTE') file_url = get_avatar_url(upload_method, _file.filename, container, avatar_absolute) data['media_url'] = file_url data['info']['file_name'] = _file.filename return data else: return None