def test_admin_default(client, add_user):
"""
Checks that admin can update other user's files
"""
user = add_user(role=ROLE_MANAGER)
_ = add_user(role=ROLE_ADMIN, log_him_in=True)
file = add_content(created_by=user.id, publisher_id=user.publisher_id)
previous_src = file.src
comment = get_random_str()
resp = client.put(endpoint=endpoint,
content_type='multipart/form-data',
file_id=file.id,
data=dict(
file=open('tests/data/FaceImage.jpg', 'rb'),
comment=comment,
))
assert 'id' in resp
file = File.query.get(resp['id'])
assert file and os.path.isfile(file.src)
assert file.src != previous_src
assert file.status == STATUS_CREATED
assert 'comment' in resp
assert resp['comment'] == file.comment == comment
def test_not_auth_failure(client, add_user):
"""
Checks that anonymous user can not delete files
"""
user = add_user(role=ROLE_MANAGER, log_him_in=False)
file = add_content(created_by=user.id, publisher_id=user.publisher_id)
_ = client.delete(endpoint=endpoint, file_id=file.id, check_status=403)
def test_not_admin_failure(client, add_user):
"""
Checks that ordinary user can not delete other user's files
"""
user = add_user(role=ROLE_MANAGER, log_him_in=False)
_ = add_user(role=ROLE_MANAGER, log_him_in=True)
file = add_content(created_by=user.id, publisher_id=user.publisher_id)
_ = client.delete(endpoint=endpoint, file_id=file.id, check_status=403)
def test_default(client, add_user):
user = add_user(role=ROLE_MANAGER)
content = add_content(created_by=user.id, publisher_id=user.publisher_id)
device = add_device()
resp = client.post(
endpoint=endpoint,
file_id=content.id,
headers={
AUTH_TOKEN_HEADER_NAME: f'{device.id}:{device.access_token}',
},
)
assert resp == 'ok'
def test_wrong_id_failure(client, add_user):
"""
Checks that we get 404 response if the file_id is wrong
"""
user = add_user(role=ROLE_MANAGER, log_him_in=False)
_ = add_user(role=ROLE_ADMIN, log_him_in=True)
file = add_content(created_by=user.id, publisher_id=user.publisher_id)
_ = client.delete(endpoint=endpoint,
file_id=129129129129192,
check_status=404)
assert File.query.get(file.id)
def test_default(client, add_user):
user = add_user(role=ROLE_MANAGER, log_him_in=True)
ids = [
add_content(created_by=user.id, publisher_id=user.publisher_id).id
for _ in range(3)
]
# add some noise
user2 = add_user(role=ROLE_MANAGER)
for _ in range(10):
add_content(created_by=user2.id, publisher_id=user2.publisher_id)
resp = client.get(endpoint=endpoint)
assert 'total' in resp
assert resp['total'] == len(ids)
assert 'results' in resp
assert len(resp['results']) == len(ids)
for item in resp['results']:
assert 'id' in item
assert item['id'] in ids
assert 'publisher' in item
assert user.publisher_id == item['publisher']['id']
def test_malformed_params_failure(client, add_user, file, comment):
"""
Checks that user can not update files with malformed params
"""
user = add_user(role=ROLE_MANAGER, log_him_in=True)
file = add_content(created_by=user.id, publisher_id=user.publisher_id)
resp = client.put(endpoint=endpoint,
content_type='multipart/form-data',
file_id=file.id,
data=dict(comment=comment, file=file),
check_status=400)
assert 'errors' in resp
assert len(resp['errors']) == 1
def test_not_auth_failure(client, add_user):
"""
Checks that anonymous user can not update files
"""
user = add_user(role=ROLE_MANAGER)
file = add_content(created_by=user.id, publisher_id=user.publisher_id)
resp = client.put(endpoint=endpoint,
content_type='multipart/form-data',
file_id=file.id,
data=dict(comment=get_random_str(), ),
check_status=403)
assert 'errors' in resp
assert len(resp['errors']) == 1
def test_default(client, add_user):
"""
Checks that ordinary user can delete its own files
"""
user = add_user(role=ROLE_MANAGER, log_him_in=True)
file = add_content(created_by=user.id, publisher_id=user.publisher_id)
resp = client.delete(
endpoint=endpoint,
file_id=file.id,
)
assert 'id' in resp
assert resp['id'] == file.id
assert not File.query.get(resp['id'])
assert not os.path.isfile(file.src)
def test_malformed_status_change(client, add_user, role, status):
"""
Checks that user can not change status to not allowed
"""
user = add_user(role=role, log_him_in=True)
file = add_content(created_by=user.id,
publisher_id=user.publisher_id,
status=STATUS_MODERATION)
resp = client.put(endpoint=endpoint,
file_id=file.id,
data=dict(status=status, ),
check_status=400)
assert 'errors' in resp
assert len(resp['errors']) == 1
assert 'status' in resp['errors'][0]
def test_default(client, add_user):
user = add_user(role=ROLE_MANAGER)
_ = add_content(created_by=user.id, publisher_id=user.publisher_id)
device = add_device()
resp = client.get(
endpoint=endpoint,
headers={
AUTH_TOKEN_HEADER_NAME: f'{device.id}:{device.access_token}',
},
)
assert 'results' in resp
assert resp['results']
for file in resp['results']:
assert 'id' in file
assert 'src' in file
def test_status_change(client, add_user, role, status):
"""
Checks that status changed correctly
"""
if role == ROLE_MANAGER:
user = add_user(role=role, log_him_in=True)
else:
user = add_user(role=ROLE_MANAGER)
_ = add_user(role=role, log_him_in=True)
file = add_content(created_by=user.id, publisher_id=user.publisher_id)
resp = client.put(endpoint=endpoint,
file_id=file.id,
data=dict(status=status, ))
assert 'status' in resp
assert resp['status'] == status
def test_not_admin_failure(client, add_user):
"""
Checks that ordinary user can not update other user's files
"""
user = add_user(role=ROLE_MANAGER)
_ = add_user(role=ROLE_MANAGER, log_him_in=True)
file = add_content(created_by=user.id, publisher_id=user.publisher_id)
comment = get_random_str()
resp = client.put(endpoint=endpoint,
content_type='multipart/form-data',
file_id=file.id,
check_status=403,
data=dict(
file=open('tests/data/FaceImage.jpg', 'rb'),
comment=comment,
))
assert 'errors' in resp
assert len(resp['errors']) == 1
def test_default(client, add_user, file, comment):
"""
Checks that regular user can update its own files
"""
user = add_user(role=ROLE_MANAGER, log_him_in=True)
content = add_content(created_by=user.id, publisher_id=user.publisher_id)
previous_src = content.src
resp = client.put(endpoint=endpoint,
content_type='multipart/form-data',
file_id=content.id,
data=dict(
file=file,
comment=comment,
))
assert 'id' in resp
f = File.query.get(resp['id'])
assert f
if file:
assert os.path.isfile(f.src)
assert f.src != previous_src
assert 'comment' in resp
assert resp['comment'] == f.comment == comment