Exemple #1
0
    def test_proposal_delete_attachment(self, app, db_session):
        pers = PersonFactory()
        prop = ProposalFactory()
        pers.proposals.append(prop)
        atta = AttachmentFactory(proposal=prop)
        db_session.commit()

        # we're logged in and this is ours
        do_login(app, pers)
        resp = app.get(
            url_for(controller='proposal', action='view', id=prop.id))
        resp = resp.click('delete')

        f = resp.form
        resp = f.submit()

        resp = resp.follow()

        assert resp.request.path == url_for(controller='proposal',
                                            action='view',
                                            id=prop.id)

        db_session.expunge_all()

        atts = Attachment.find_all()
        assert atts == []
Exemple #2
0
    def test_proposal_with_attachment(self, db_session):
        proposal = ProposalFactory()
        attachment = AttachmentFactory(proposal_id=proposal.id)
        db_session.flush()

        proposal.attachments.append(attachment)
        db_session.flush()

        proposal = Proposal.find_by_id(proposal.id)
        attachment = Attachment.find_by_id(attachment.id)
        assert proposal.attachments[0] == attachment
    def test_proposal_with_attachment(self, db_session):
        proposal = ProposalFactory()
        attachment = AttachmentFactory(proposal_id = proposal.id)
        db_session.flush()

        proposal.attachments.append(attachment)
        db_session.flush()

        proposal = Proposal.find_by_id(proposal.id)
        attachment = Attachment.find_by_id(attachment.id)
        assert proposal.attachments[0] == attachment
Exemple #4
0
    def test_proposal_attach_more(self, app, db_session):
        pers = PersonFactory()
        prop = ProposalFactory(people = [pers])
        ProposalStatusFactory(name='Withdrawn') # Required by code
        db_session.commit()
        
        # we're logged in and this is ours
        do_login(app, pers)
        resp = app.get(url_for(controller='proposal', action='view', id=prop.id))
        resp = resp.click('Add an attachment')

        f = resp.form
        f['attachment'] = Upload("test.ini")
        resp = f.submit()
        resp = resp.follow()

        db_session.expunge_all()

        atts = Attachment.find_all();
        assert len(atts) == 1
        assert '[app:main]' in atts[0].content
Exemple #5
0
    def test_proposal_attach_more(self, app, db_session):
        pers = PersonFactory()
        prop = ProposalFactory(people=[pers])
        ProposalStatusFactory(name='Withdrawn')  # Required by code
        db_session.commit()

        # we're logged in and this is ours
        do_login(app, pers)
        resp = app.get(
            url_for(controller='proposal', action='view', id=prop.id))
        resp = resp.click('Add an attachment')

        f = resp.form
        f['attachment'] = Upload("test.ini")
        resp = f.submit()
        resp = resp.follow()

        db_session.expunge_all()

        atts = Attachment.find_all()
        assert len(atts) == 1
        assert '[app:main]' in atts[0].content
Exemple #6
0
    def test_proposal_delete_attachment(self, app, db_session):
        pers = PersonFactory()
        prop = ProposalFactory()
        pers.proposals.append(prop)
        atta = AttachmentFactory(proposal=prop)
        db_session.commit()
        
        # we're logged in and this is ours
        do_login(app, pers)
        resp = app.get(url_for(controller='proposal', action='view', id=prop.id))
        resp = resp.click('delete')

        f = resp.form
        resp = f.submit()

        resp = resp.follow()

        assert resp.request.path == url_for(controller='proposal', action='view', id=prop.id)

        db_session.expunge_all()

        atts = Attachment.find_all();
        assert atts == []
Exemple #7
0
    def test_permissions(self, app, db_session):
        pers = PersonFactory()
        sec_pers = PersonFactory()
        rev_pers = PersonFactory(roles=[RoleFactory(name='reviewer')])
        org_pers = PersonFactory(roles=[RoleFactory(name='organiser')])
        other_pers = PersonFactory()
        ProposalStatusFactory(name='Withdrawn')  # Required by code
        # Multiple attachments for deletion testing
        prop = ProposalFactory(people=[pers, sec_pers])
        att1 = AttachmentFactory(proposal=prop)
        att2 = AttachmentFactory(proposal=prop)
        att3 = AttachmentFactory(proposal=prop)
        att4 = AttachmentFactory(proposal=prop)
        db_session.commit()

        # we're logged in and this is ours
        do_login(app, pers)
        resp = app.get(
            url_for(controller='attachment', action='view', id=att1.id))
        assert resp.content_type == "application/octet-stream"
        resp = app.get(
            url_for(controller='attachment', action='delete', id=att1.id))
        assert "Are you sure you want to delete this attachment" in unicode(
            resp.body, 'utf-8')
        resp = app.post(url_for(controller='attachment',
                                action='delete',
                                id=att1.id),
                        status=302)

        # this is also ours
        do_login(app, sec_pers)
        resp = app.get(
            url_for(controller='attachment', action='view', id=att2.id))
        assert resp.content_type == "application/octet-stream"
        resp = app.get(
            url_for(controller='attachment', action='delete', id=att2.id))
        assert "Are you sure you want to delete this attachment" in unicode(
            resp.body, 'utf-8')
        resp = app.post(url_for(controller='attachment',
                                action='delete',
                                id=att2.id),
                        status=302)

        # we're organiser/admin
        do_login(app, org_pers)
        resp = app.get(
            url_for(controller='attachment', action='view', id=att3.id))
        assert resp.content_type == "application/octet-stream"
        resp = app.get(
            url_for(controller='attachment', action='delete', id=att3.id))
        assert "Are you sure you want to delete this attachment" in unicode(
            resp.body, 'utf-8')
        resp = app.post(url_for(controller='attachment',
                                action='delete',
                                id=att3.id),
                        status=302)

        # we're a reviewer
        do_login(app, rev_pers)
        resp = app.get(url_for(controller='attachment',
                               action='view',
                               id=att4.id),
                       status=403)
        assert resp.content_type == "text/html"
        resp = app.get(url_for(controller='attachment',
                               action='delete',
                               id=att4.id),
                       status=403)
        resp = app.post(url_for(controller='attachment',
                                action='delete',
                                id=att4.id),
                        status=403)

        # we're logged in and this isn't ours
        do_login(app, other_pers)
        resp = app.get(url_for(controller='attachment',
                               action='view',
                               id=att4.id),
                       status=403)
        assert resp.content_type == "text/html"
        resp = app.get(url_for(controller='attachment',
                               action='delete',
                               id=att4.id),
                       status=403)
        resp = app.post(url_for(controller='attachment',
                                action='delete',
                                id=att4.id),
                        status=403)

        # we're not logged in
        app.get('/person/signout')
        assert not isSignedIn(app)
        resp = app.get(
            url_for(controller='attachment', action='view',
                    id=att4.id))  #, status=404)
        assert resp.content_type == "text/html"
        assert "User doesn't have any of the specified roles" in unicode(
            resp.body, 'utf-8')
        resp = app.get(
            url_for(controller='attachment', action='delete', id=att4.id))
        assert "Don't have an account?" in unicode(resp.body, 'utf-8')
        resp = app.post(
            url_for(controller='attachment', action='delete', id=att4.id))
        assert "Don't have an account?" in unicode(resp.body, 'utf-8')

        db_session.expunge_all()
        atts = Attachment.find_all()
        assert len(atts) == 1
        assert atts[0].id == att4.id
    def test_permissions(self, app, db_session):
        pers = PersonFactory()
        sec_pers = PersonFactory()
        rev_pers = PersonFactory(roles = [RoleFactory(name = 'reviewer')])
        org_pers = PersonFactory(roles = [RoleFactory(name = 'organiser')])
        other_pers = PersonFactory()
        ProposalStatusFactory(name='Withdrawn') # Required by code
        # Multiple attachments for deletion testing
        prop = ProposalFactory(people = [pers, sec_pers])
        att1 = AttachmentFactory(proposal=prop)
        att2 = AttachmentFactory(proposal=prop)
        att3 = AttachmentFactory(proposal=prop)
        att4 = AttachmentFactory(proposal=prop)
        db_session.commit()
        
        # we're logged in and this is ours
        do_login(app, pers)
        resp = app.get(url_for(controller='attachment', action='view', id=att1.id))
        assert resp.content_type == "application/octet-stream"
        resp = app.get(url_for(controller='attachment', action='delete', id=att1.id))
        assert "Are you sure you want to delete this attachment" in unicode(resp.body, 'utf-8')
        resp = app.post(url_for(controller='attachment', action='delete', id=att1.id), status=302)

        # this is also ours
        do_login(app, sec_pers)
        resp = app.get(url_for(controller='attachment', action='view', id=att2.id))
        assert resp.content_type == "application/octet-stream"
        resp = app.get(url_for(controller='attachment', action='delete', id=att2.id))
        assert "Are you sure you want to delete this attachment" in unicode(resp.body, 'utf-8')
        resp = app.post(url_for(controller='attachment', action='delete', id=att2.id), status=302)

        # we're organiser/admin
        do_login(app, org_pers)
        resp = app.get(url_for(controller='attachment', action='view', id=att3.id))
        assert resp.content_type == "application/octet-stream"
        resp = app.get(url_for(controller='attachment', action='delete', id=att3.id))
        assert "Are you sure you want to delete this attachment" in unicode(resp.body, 'utf-8')
        resp = app.post(url_for(controller='attachment', action='delete', id=att3.id), status=302)

        # we're a reviewer
        do_login(app, rev_pers)
        resp = app.get(url_for(controller='attachment', action='view', id=att4.id), status=403)
        assert resp.content_type == "text/html"
        resp = app.get(url_for(controller='attachment', action='delete', id=att4.id), status=403)
        resp = app.post(url_for(controller='attachment', action='delete', id=att4.id), status=403)

        # we're logged in and this isn't ours
        do_login(app, other_pers)
        resp = app.get(url_for(controller='attachment', action='view', id=att4.id), status=403)
        assert resp.content_type == "text/html"
        resp = app.get(url_for(controller='attachment', action='delete', id=att4.id), status=403)
        resp = app.post(url_for(controller='attachment', action='delete', id=att4.id), status=403)

        # we're not logged in
        app.get('/person/signout')
        assert not isSignedIn(app)
        resp = app.get(url_for(controller='attachment', action='view', id=att4.id))#, status=404)
        assert resp.content_type == "text/html"
        assert "User doesn't have any of the specified roles" in unicode(resp.body, 'utf-8')
        resp = app.get(url_for(controller='attachment', action='delete', id=att4.id))
        assert "Don't have an account?" in unicode(resp.body, 'utf-8')
        resp = app.post(url_for(controller='attachment', action='delete', id=att4.id))
        assert "Don't have an account?" in unicode(resp.body, 'utf-8')

        db_session.expunge_all()
        atts = Attachment.find_all();
        assert len(atts) == 1
        assert atts[0].id == att4.id