def create_messages(self):
messages = [
Message.create(user=self.admin, content='admin'),
Message.create(user=self.normal, content='normal'),
]
self.admin_message, self.normal_message = messages
return messages
def test_auth_edit(self):
self.create_messages()
message_data = {'content': 'edited'}
serialized = json.dumps(message_data)
url = '/api/message/%s/' % self.normal_message.id
# this request is not authorized
resp = self.app.put(url, data=serialized)
self.assertEqual(resp.status_code, 401)
# authorized, but user does not exist in database
resp = self.app.put(url, data=serialized, headers=self.auth_headers('xxx', 'xxx'))
self.assertEqual(resp.status_code, 401)
# authorized, user in database, but not owner
resp = self.app.put(url, data=serialized, headers=self.auth_headers('admin', 'admin'))
self.assertEqual(resp.status_code, 403)
# authorized, user in database, is owner
resp = self.app.put(url, data=serialized, headers=self.auth_headers('normal', 'normal'))
self.assertEqual(resp.status_code, 200)
obj = Message.get(id=self.normal_message.id)
self.assertEqual(obj.content, 'edited')
def setUp(self):
Note.drop_table(True)
Message.drop_table(True)
User.drop_table(True)
User.create_table()
Message.create_table()
Note.create_table()
FModel.drop_table(True)
EModel.drop_table(True)
EModel.create_table()
FModel.create_table()
self.flask_app = test_app.app
self.flask_app._template_context = {}
self.app = test_app.app.test_client()
def test_delete(self):
self.create_messages()
url = '/api/message/%s/' % self.normal_message.id
# authorized as an admin
resp = self.app.delete(url, headers=self.auth_headers('normal', 'normal'))
self.assertEqual(resp.status_code, 200)
self.assertEqual(Message.select().count(), 1)
resp_json = self.response_json(resp)
self.assertEqual(resp_json, {'deleted': 1})
def test_create(self):
message_data = {'content': 'test'}
serialized = json.dumps(message_data)
# authorized as an admin
resp = self.app.post('/api/message/', data=serialized, headers=self.auth_headers('normal', 'normal'))
self.assertEqual(resp.status_code, 200)
new_message = Message.get(content='test')
self.assertEqual(new_message.user, self.normal)
resp_json = self.response_json(resp)
self.assertAPIMessage(resp_json, new_message)
def test_edit(self):
self.create_messages()
message_data = {'content': 'edited'}
serialized = json.dumps(message_data)
url = '/api/message/%s/' % self.normal_message.id
# authorized as normal
resp = self.app.put(url, data=serialized, headers=self.auth_headers('normal', 'normal'))
self.assertEqual(resp.status_code, 200)
message = Message.get(id=self.normal_message.id)
self.assertEqual(message.content, 'edited')
resp_json = self.response_json(resp)
self.assertAPIMessage(resp_json, message)
def create_message(self, user, content, **kwargs):
return Message.create(user=user, content=content, **kwargs)
def test_model_admin_recursive_delete(self):
self.create_users()
m1 = Message.create(user=self.normal, content='test1')
m2 = Message.create(user=self.normal, content='test2')
m3 = Message.create(user=self.admin, content='test3')
n1 = Note.create(user=self.normal, message='test1')
n2 = Note.create(user=self.normal, message='test2')
n3 = Note.create(user=self.admin, message='test3')
a1 = AModel.create(a_field='a1')
a2 = AModel.create(a_field='a2')
b1 = BModel.create(b_field='b1', a=a1)
b2 = BModel.create(b_field='b2', a=a2)
bd1= BDetails.create(b=b1)
bd2= BDetails.create(b=b2)
c1 = CModel.create(c_field='c1', b=b1)
c2 = CModel.create(c_field='c2', b=b2)
d1 = DModel.create(d_field='d1', c=c1)
d2 = DModel.create(d_field='d2', c=c2)
with self.flask_app.test_client() as c:
self.login(c)
resp = c.get('/admin/amodel/delete/?id=%d' % (a1.id))
self.assertEqual(resp.status_code, 200)
collected = self.get_context('collected')
self.assertEqual(collected, {
a1.id: [
(0, BDetails, [bd1]),
(0, BModel, [b1]),
(0, CModel, [c1]),
(0, DModel, [d1]),
]
})
resp = c.post('/admin/amodel/delete/', data={'id': a1.id})
self.assertEqual(resp.status_code, 302)
self.assertEqual(AModel.select().count(), 1)
self.assertEqual(BModel.select().count(), 1)
self.assertEqual(BDetails.select().count(), 1)
self.assertEqual(CModel.select().count(), 1)
self.assertEqual(DModel.select().count(), 1)
# send it a single id
resp = c.get('/admin/user/delete/?id=%d' % (self.normal.id))
self.assertEqual(resp.status_code, 200)
query = self.get_context('query')
self.assertEqual(list(query), [self.normal])
collected = self.get_context('collected')
self.assertEqual(len(collected), 1)
u_k = collected[self.normal.id]
self.assertEqual(len(u_k), 2)
self.assertEqual(u_k, [
(0, Message, [m1, m2]),
(0, Note, [n1, n2]),
])
# post to it, get a redirect on success
resp = c.post('/admin/user/delete/', data={'id': self.normal.id})
self.assertEqual(resp.status_code, 302)
self.assertEqual(User.select().count(), 2)
self.assertEqual(Message.select().count(), 1)
self.assertEqual(Note.select().count(), 1)
resp = c.get('/admin/user/delete/?id=%d&id=%d' % (self.admin.id, self.inactive.id))
self.assertEqual(resp.status_code, 200)
collected = self.get_context('collected')
self.assertEqual(len(collected), 2)
u_k = collected[self.admin.id]
self.assertEqual(len(u_k), 2)
self.assertEqual(u_k, [
(0, Message, [m3]),
(0, Note, [n3]),
])
u_k = collected[self.inactive.id]
self.assertEqual(len(u_k), 0)
# post to it, get a redirect on success
resp = c.post('/admin/user/delete/', data={'id': [self.admin.id, self.inactive.id]})
self.assertEqual(resp.status_code, 302)
self.assertEqual(User.select().count(), 0)
self.assertEqual(Message.select().count(), 0)
self.assertEqual(Note.select().count(), 0)
