def test_delete_page(self, mock_delete):
"""Test API Pagepost delete post (DEL)."""
mock_delete.return_value = True
admin, owner, user = UserFactory.create_batch(3)
project = ProjectFactory.create(owner=owner)
file_info = {'file_name': 'name.jpg', 'container': 'user_3'}
page = PageFactory.create(project_id=project.id, info=file_info)
page2 = PageFactory.create(project_id=project.id)
# As anon
url = '/api/page/%s' % page.id
res = self.app.delete(url)
assert res.status_code == 401, res.status_code
# As user
url = '/api/page/%s?api_key=%s' % (page.id, user.api_key)
res = self.app.delete(url)
assert res.status_code == 403, res.status_code
# As owner
url = '/api/page/%s?api_key=%s' % (page.id, owner.api_key)
res = self.app.delete(url)
assert res.status_code == 204, res.status_code
mock_delete.assert_called_with(file_info['file_name'],
file_info['container'])
# As admin
url = '/api/page/%s?api_key=%s' % (page2.id, admin.api_key)
res = self.app.delete(url)
assert res.status_code == 204, res.status_code
def test_get_by_returns_none_if_no_page(self):
"""Test get_by returns None if no page matches the query"""
PageFactory.create()
page = self.page_repo.get_by(project_id=10000)
assert page is None, page
def test_filter_by_no_matches(self):
"""Test filter_by returns an empty list if no pages match the query"""
PageFactory.create()
retrieved_pages = self.page_repo.filter_by(project_id=100)
assert isinstance(retrieved_pages, list)
assert len(retrieved_pages) == 0, retrieved_pages
def test_filter_by_multiple_conditions(self):
"""Test filter_by supports multiple-condition queries"""
h1 = PageFactory.create(slug='url')
h2 = PageFactory.create(slug='url')
retrieved_pages = self.page_repo.filter_by(project_id=h2.project_id,
slug='url')
assert len(retrieved_pages) == 1, retrieved_pages
assert h2 in retrieved_pages, retrieved_pages
def test_filter_by_one_condition(self):
"""Test filter_by returns a list of pages that meet the filtering
condition"""
PageFactory.create_batch(3, slug="algo")
should_be_missing = PageFactory.create(slug="new")
retrieved_pages = self.page_repo.filter_by(slug="algo")
assert len(retrieved_pages) == 3, retrieved_pages
assert should_be_missing not in retrieved_pages, retrieved_pages
def test_filter_by_limit_offset(self):
"""Test that filter_by supports limit and offset options"""
PageFactory.create_batch(4)
all_pages = self.page_repo.filter_by()
first_two = self.page_repo.filter_by(limit=2)
last_two = self.page_repo.filter_by(limit=2, offset=2)
assert len(first_two) == 2, first_two
assert len(last_two) == 2, last_two
assert first_two == all_pages[:2]
assert last_two == all_pages[2:]
def test_anonymous_user_create_given_page(self):
"""Test anonymous users cannot create pages for a project"""
project = ProjectFactory.create()
page = PageFactory.build(project_id=project.id)
assert_raises(Unauthorized, ensure_authorized_to, 'create', page)
def test_anonymous_user_read_given_page(self):
"""Test anonymous users can read a given page"""
project = ProjectFactory.create(published=True)
page = PageFactory.create(project_id=project.id)
assert_not_raises(Exception, ensure_authorized_to, 'read', page)
def test_get_nr_of_questions_with_3_questions(self):
nrq = 3 # number of questions to be created
questionnaire = QuestionnaireFactory()
page = PageFactory(questionnaire=questionnaire)
for _ in range(nrq):
QuestionFactory(page=page)
self.assertEqual(questionnaire.get_nr_of_questions(), nrq)
def test_save_fails_if_integrity_error(self):
"""Test save raises a DBIntegrityError if the instance to be saved lacks
a required value"""
page = PageFactory.build(project_id=None)
assert_raises(DBIntegrityError, self.page_repo.save, page)
def test_anonymous_user_delete_page(self):
"""Test anonymous users cannot delete pages"""
project = ProjectFactory.create(published=True)
page = PageFactory.create(project_id=project.id)
assert_raises(Unauthorized, ensure_authorized_to, 'delete', page)
def test_anonymous_user_read_given_page_draft_project(self):
"""Test anonymous users cannot read a given page of
a draft project"""
project = ProjectFactory.create(published=False)
page = PageFactory.create(project_id=project.id)
assert_raises(Unauthorized, ensure_authorized_to, 'read', page)
def test_get_by(self):
"""Test get_by returns a page with the specified attribute"""
page = PageFactory.create(slug="algo")
retrieved_page = self.page_repo.get_by(slug="algo")
assert page == retrieved_page, retrieved_page
def test_get_returns_page(self):
"""Test get method returns a page if exists"""
page = PageFactory.create()
retrieved_page = self.page_repo.get(page.id)
assert page == retrieved_page, retrieved_page
def test_update_fails_if_integrity_error(self):
"""Test update raises a DBIntegrityError if the instance to be updated
lacks a required value"""
page = PageFactory.create()
page.project_id = None
assert_raises(DBIntegrityError, self.page_repo.update, page)
def test_owner_update_page(self):
"""Test authenticated user can update page
if it's the project's page owner"""
owner = UserFactory.create(id=2)
project = ProjectFactory.create(owner=owner)
page = PageFactory.create(project_id=project.id)
assert_not_raises(Exception, ensure_authorized_to, 'update', page)
def test_admin_read_given_page_draft_project(self):
"""Test admin can read a given page of a draft project"""
owner = UserFactory.create(id=5)
project = ProjectFactory.create(owner=owner, published=False)
page = PageFactory.create(project_id=project.id)
assert self.mock_admin.id != project.owner.id
assert_not_raises(Exception, ensure_authorized_to, 'read', page)
def test_delete(self):
"""Test delete removes the page instance"""
page = PageFactory.create()
self.page_repo.delete(page)
deleted = self.page_repo.get(page.id)
assert deleted is None, deleted
def test_non_owner_authenticated_user_read_given_page_draft_project(self):
"""Test authenticated user cannot read a given page of a
draft project if is not the project owner"""
project = ProjectFactory.create(published=False)
page = PageFactory.create(project_id=project.id)
assert self.mock_authenticated.id != project.owner.id
assert_raises(Forbidden, ensure_authorized_to, 'read', page)
def test_admin_update_page(self):
"""Test admins can update page
even if it's not the post owner"""
owner = UserFactory.create(id=5)
project = ProjectFactory.create(owner=owner)
page = PageFactory.create(project_id=project.id)
assert_not_raises(Exception, ensure_authorized_to, 'update', page)
def test_non_owner_authenticated_user_read_given_page(self):
"""Test authenticated user can read a given page
if is not the project owner"""
project = ProjectFactory.create(published=True)
page = PageFactory.create(project_id=project.id)
assert self.mock_authenticated.id != project.owner.id
assert_not_raises(Exception, ensure_authorized_to, 'read', page)
def test_non_owner_authenticated_user_create_given_page(self):
"""Test authenticated user cannot create a given page if is not the
project owner"""
project = ProjectFactory.create()
page = PageFactory.build(project_id=project.id)
assert self.mock_authenticated.id != project.owner_id
assert_raises(Forbidden, ensure_authorized_to, 'create', page)
def test_owner_read_given_page_draft_project(self):
"""Test authenticated user can read a given page
of a draft project if it's the project owner"""
owner = UserFactory.create(id=2)
project = ProjectFactory.create(owner=owner, published=False)
page = PageFactory.create(project_id=project.id)
assert self.mock_authenticated.id == project.owner.id
assert_not_raises(Exception, ensure_authorized_to, 'read', page)
def test_owner_create_given_page(self):
"""Test authenticated user can create a given page
if it's project owner"""
owner = UserFactory.create(id=2)
project = ProjectFactory.create(owner=owner)
page = PageFactory.build(project_id=project.id)
assert self.mock_authenticated.id == project.owner_id
assert_not_raises(Exception, ensure_authorized_to, 'create', page)
def test_admin_authenticated_user_delete_page(self):
"""Test authenticated user can delete any page if
it's admin"""
owner = UserFactory.create(id=5)
project = ProjectFactory.create(owner=owner)
page = PageFactory.create(project_id=project.id)
assert self.mock_admin.id != owner.id
assert_not_raises(Exception, ensure_authorized_to, 'delete', page)
def test_owner_delete_page(self):
"""Test authenticated user can delete a page if is the page
owner"""
owner = UserFactory.create(id=2)
project = ProjectFactory.create(owner=owner)
page = PageFactory.create(project_id=project.id)
assert self.mock_authenticated.id == owner.id
assert_not_raises(Exception, ensure_authorized_to, 'delete', page)
def test_non_owner_authenticated_user_delete_page(self):
"""Test authenticated user cannot delete a page if is not the page's
owner and is not admin"""
owner = UserFactory.create(id=5)
project = ProjectFactory.create(owner=owner, published=True)
page = PageFactory.create(project_id=project.id)
assert self.mock_authenticated.id != owner.id
assert not self.mock_authenticated.admin
assert_raises(Forbidden, ensure_authorized_to, 'delete', page)
def test_update(self):
"""Test update persists the changes made to the page"""
info = {'key': 'val'}
page = PageFactory.create(info=info)
info_new = {'f': 'v'}
page.info = info_new
self.page_repo.update(page)
updated_page = self.page_repo.get(page.id)
assert updated_page.info == info_new, updated_page
def test_save(self):
"""Test save persist the page"""
page = PageFactory.build()
project = ProjectFactory.create()
page.project_id = project.id
assert self.page_repo.get(page.id) is None
self.page_repo.save(page)
assert self.page_repo.get(
page.id) == page, "Helping material not saved"
def test_update_page(self):
"""Test API Pagepost update post (PUT)."""
admin, user, owner = UserFactory.create_batch(3)
project = ProjectFactory.create(owner=owner)
page = PageFactory.create(project_id=project.id)
# As anon
page.slug = 'new'
url = '/api/page/%s' % page.id
res = self.app.put(url, data=json.dumps(page.dictize()))
data = json.loads(res.data)
assert res.status_code == 401, res.status_code
# As user
url = '/api/page/%s?api_key=%s' % (page.id, user.api_key)
res = self.app.put(url, data=json.dumps(page.dictize()))
data = json.loads(res.data)
assert res.status_code == 403, res.status_code
# As owner
url = '/api/page/%s?api_key=%s' % (page.id, owner.api_key)
payload = page.dictize()
del payload['created']
del payload['id']
res = self.app.put(url, data=json.dumps(payload))
data = json.loads(res.data)
assert res.status_code == 200, res.status_code
assert data['slug'] == 'new', data
# as owner with reserved key
page.slug = 'new'
page.created = 'today'
url = '/api/page/%s?api_key=%s' % (page.id, owner.api_key)
payload = page.dictize()
del payload['id']
res = self.app.put(url, data=json.dumps(payload))
data = json.loads(res.data)
assert res.status_code == 400, res.status_code
assert data['exception_msg'] == 'Reserved keys in payload', data
# as owner with wrong key
page.slug = 'new-slug'
url = '/api/page/%s?api_key=%s' % (page.id, owner.api_key)
payload = page.dictize()
del payload['created']
del payload['id']
payload['foo'] = 'bar'
res = self.app.put(url, data=json.dumps(payload))
data = json.loads(res.data)
assert res.status_code == 415, res.status_code
assert 'foo' in data['exception_msg'], data
