def test_proposal_delete_attachment(self, app, db_session):
pers = PersonFactory()
prop = ProposalFactory()
pers.proposals.append(prop)
atta = AttachmentFactory(proposal=prop)
db_session.commit()
# we're logged in and this is ours
do_login(app, pers)
resp = app.get(
url_for(controller='proposal', action='view', id=prop.id))
resp = resp.click('delete')
f = resp.form
resp = f.submit()
resp = resp.follow()
assert resp.request.path == url_for(controller='proposal',
action='view',
id=prop.id)
db_session.expunge_all()
atts = Attachment.find_all()
assert atts == []
def test_proposal_with_attachment(self, db_session):
proposal = ProposalFactory()
attachment = AttachmentFactory(proposal_id=proposal.id)
db_session.flush()
proposal.attachments.append(attachment)
db_session.flush()
proposal = Proposal.find_by_id(proposal.id)
attachment = Attachment.find_by_id(attachment.id)
assert proposal.attachments[0] == attachment
def test_proposal_with_attachment(self, db_session):
proposal = ProposalFactory()
attachment = AttachmentFactory(proposal_id = proposal.id)
db_session.flush()
proposal.attachments.append(attachment)
db_session.flush()
proposal = Proposal.find_by_id(proposal.id)
attachment = Attachment.find_by_id(attachment.id)
assert proposal.attachments[0] == attachment
def test_proposal_attach_more(self, app, db_session):
pers = PersonFactory()
prop = ProposalFactory(people = [pers])
ProposalStatusFactory(name='Withdrawn') # Required by code
db_session.commit()
# we're logged in and this is ours
do_login(app, pers)
resp = app.get(url_for(controller='proposal', action='view', id=prop.id))
resp = resp.click('Add an attachment')
f = resp.form
f['attachment'] = Upload("test.ini")
resp = f.submit()
resp = resp.follow()
db_session.expunge_all()
atts = Attachment.find_all();
assert len(atts) == 1
assert '[app:main]' in atts[0].content
def test_proposal_attach_more(self, app, db_session):
pers = PersonFactory()
prop = ProposalFactory(people=[pers])
ProposalStatusFactory(name='Withdrawn') # Required by code
db_session.commit()
# we're logged in and this is ours
do_login(app, pers)
resp = app.get(
url_for(controller='proposal', action='view', id=prop.id))
resp = resp.click('Add an attachment')
f = resp.form
f['attachment'] = Upload("test.ini")
resp = f.submit()
resp = resp.follow()
db_session.expunge_all()
atts = Attachment.find_all()
assert len(atts) == 1
assert '[app:main]' in atts[0].content
def test_proposal_delete_attachment(self, app, db_session):
pers = PersonFactory()
prop = ProposalFactory()
pers.proposals.append(prop)
atta = AttachmentFactory(proposal=prop)
db_session.commit()
# we're logged in and this is ours
do_login(app, pers)
resp = app.get(url_for(controller='proposal', action='view', id=prop.id))
resp = resp.click('delete')
f = resp.form
resp = f.submit()
resp = resp.follow()
assert resp.request.path == url_for(controller='proposal', action='view', id=prop.id)
db_session.expunge_all()
atts = Attachment.find_all();
assert atts == []
def test_permissions(self, app, db_session):
pers = PersonFactory()
sec_pers = PersonFactory()
rev_pers = PersonFactory(roles=[RoleFactory(name='reviewer')])
org_pers = PersonFactory(roles=[RoleFactory(name='organiser')])
other_pers = PersonFactory()
ProposalStatusFactory(name='Withdrawn') # Required by code
# Multiple attachments for deletion testing
prop = ProposalFactory(people=[pers, sec_pers])
att1 = AttachmentFactory(proposal=prop)
att2 = AttachmentFactory(proposal=prop)
att3 = AttachmentFactory(proposal=prop)
att4 = AttachmentFactory(proposal=prop)
db_session.commit()
# we're logged in and this is ours
do_login(app, pers)
resp = app.get(
url_for(controller='attachment', action='view', id=att1.id))
assert resp.content_type == "application/octet-stream"
resp = app.get(
url_for(controller='attachment', action='delete', id=att1.id))
assert "Are you sure you want to delete this attachment" in unicode(
resp.body, 'utf-8')
resp = app.post(url_for(controller='attachment',
action='delete',
id=att1.id),
status=302)
# this is also ours
do_login(app, sec_pers)
resp = app.get(
url_for(controller='attachment', action='view', id=att2.id))
assert resp.content_type == "application/octet-stream"
resp = app.get(
url_for(controller='attachment', action='delete', id=att2.id))
assert "Are you sure you want to delete this attachment" in unicode(
resp.body, 'utf-8')
resp = app.post(url_for(controller='attachment',
action='delete',
id=att2.id),
status=302)
# we're organiser/admin
do_login(app, org_pers)
resp = app.get(
url_for(controller='attachment', action='view', id=att3.id))
assert resp.content_type == "application/octet-stream"
resp = app.get(
url_for(controller='attachment', action='delete', id=att3.id))
assert "Are you sure you want to delete this attachment" in unicode(
resp.body, 'utf-8')
resp = app.post(url_for(controller='attachment',
action='delete',
id=att3.id),
status=302)
# we're a reviewer
do_login(app, rev_pers)
resp = app.get(url_for(controller='attachment',
action='view',
id=att4.id),
status=403)
assert resp.content_type == "text/html"
resp = app.get(url_for(controller='attachment',
action='delete',
id=att4.id),
status=403)
resp = app.post(url_for(controller='attachment',
action='delete',
id=att4.id),
status=403)
# we're logged in and this isn't ours
do_login(app, other_pers)
resp = app.get(url_for(controller='attachment',
action='view',
id=att4.id),
status=403)
assert resp.content_type == "text/html"
resp = app.get(url_for(controller='attachment',
action='delete',
id=att4.id),
status=403)
resp = app.post(url_for(controller='attachment',
action='delete',
id=att4.id),
status=403)
# we're not logged in
app.get('/person/signout')
assert not isSignedIn(app)
resp = app.get(
url_for(controller='attachment', action='view',
id=att4.id)) #, status=404)
assert resp.content_type == "text/html"
assert "User doesn't have any of the specified roles" in unicode(
resp.body, 'utf-8')
resp = app.get(
url_for(controller='attachment', action='delete', id=att4.id))
assert "Don't have an account?" in unicode(resp.body, 'utf-8')
resp = app.post(
url_for(controller='attachment', action='delete', id=att4.id))
assert "Don't have an account?" in unicode(resp.body, 'utf-8')
db_session.expunge_all()
atts = Attachment.find_all()
assert len(atts) == 1
assert atts[0].id == att4.id
def test_permissions(self, app, db_session):
pers = PersonFactory()
sec_pers = PersonFactory()
rev_pers = PersonFactory(roles = [RoleFactory(name = 'reviewer')])
org_pers = PersonFactory(roles = [RoleFactory(name = 'organiser')])
other_pers = PersonFactory()
ProposalStatusFactory(name='Withdrawn') # Required by code
# Multiple attachments for deletion testing
prop = ProposalFactory(people = [pers, sec_pers])
att1 = AttachmentFactory(proposal=prop)
att2 = AttachmentFactory(proposal=prop)
att3 = AttachmentFactory(proposal=prop)
att4 = AttachmentFactory(proposal=prop)
db_session.commit()
# we're logged in and this is ours
do_login(app, pers)
resp = app.get(url_for(controller='attachment', action='view', id=att1.id))
assert resp.content_type == "application/octet-stream"
resp = app.get(url_for(controller='attachment', action='delete', id=att1.id))
assert "Are you sure you want to delete this attachment" in unicode(resp.body, 'utf-8')
resp = app.post(url_for(controller='attachment', action='delete', id=att1.id), status=302)
# this is also ours
do_login(app, sec_pers)
resp = app.get(url_for(controller='attachment', action='view', id=att2.id))
assert resp.content_type == "application/octet-stream"
resp = app.get(url_for(controller='attachment', action='delete', id=att2.id))
assert "Are you sure you want to delete this attachment" in unicode(resp.body, 'utf-8')
resp = app.post(url_for(controller='attachment', action='delete', id=att2.id), status=302)
# we're organiser/admin
do_login(app, org_pers)
resp = app.get(url_for(controller='attachment', action='view', id=att3.id))
assert resp.content_type == "application/octet-stream"
resp = app.get(url_for(controller='attachment', action='delete', id=att3.id))
assert "Are you sure you want to delete this attachment" in unicode(resp.body, 'utf-8')
resp = app.post(url_for(controller='attachment', action='delete', id=att3.id), status=302)
# we're a reviewer
do_login(app, rev_pers)
resp = app.get(url_for(controller='attachment', action='view', id=att4.id), status=403)
assert resp.content_type == "text/html"
resp = app.get(url_for(controller='attachment', action='delete', id=att4.id), status=403)
resp = app.post(url_for(controller='attachment', action='delete', id=att4.id), status=403)
# we're logged in and this isn't ours
do_login(app, other_pers)
resp = app.get(url_for(controller='attachment', action='view', id=att4.id), status=403)
assert resp.content_type == "text/html"
resp = app.get(url_for(controller='attachment', action='delete', id=att4.id), status=403)
resp = app.post(url_for(controller='attachment', action='delete', id=att4.id), status=403)
# we're not logged in
app.get('/person/signout')
assert not isSignedIn(app)
resp = app.get(url_for(controller='attachment', action='view', id=att4.id))#, status=404)
assert resp.content_type == "text/html"
assert "User doesn't have any of the specified roles" in unicode(resp.body, 'utf-8')
resp = app.get(url_for(controller='attachment', action='delete', id=att4.id))
assert "Don't have an account?" in unicode(resp.body, 'utf-8')
resp = app.post(url_for(controller='attachment', action='delete', id=att4.id))
assert "Don't have an account?" in unicode(resp.body, 'utf-8')
db_session.expunge_all()
atts = Attachment.find_all();
assert len(atts) == 1
assert atts[0].id == att4.id