def test_blogpost_title_length(self): """Test BLOGPOST model title length has a limit""" self.configure_fixtures() valid_title = 'a' * 255 invalid_title = 'a' * 256 blogpost = Blogpost(title=valid_title, body="body", app=self.app) db.session.add(blogpost) assert_not_raises(DataError, db.session.commit) blogpost.title = invalid_title assert_raises(DataError, db.session.commit)
def test_blogpost_public_json(self): """Test BLOGPOST to public json works.""" self.configure_fixtures() owner = User( email_addr="*****@*****.**", name="johndoe2", fullname="John Doe2", locale="en") blogpost = Blogpost(title='title', body="body", project=self.project, owner=owner) db.session.add(blogpost) db.session.commit() tmp = blogpost.to_public_json() assert tmp.keys().sort() == Blogpost().public_attributes().sort() assert Blogpost().public_info_keys() == []
def test_blogpost_update_by_non_owner(self): """Test blogpost update by non owner of the app is forbidden""" user = self.create_users()[1] app = self.create_app(info=None) app.owner = user blogpost = Blogpost(owner=user, app=app, title='thisisatitle', body='body') db.session.add_all([user, app, blogpost]) db.session.commit() url = "/app/%s/%s/update" % (app.short_name, blogpost.id) self.register() res = self.app.get(url, follow_redirects=True) assert res.status_code == 403, res.status_code res = self.app.post(url, data={ 'title': 'new title', 'body': 'body' }, follow_redirects=True) assert res.status_code == 403, res.status_code blogpost = db.session.query(Blogpost).first() assert blogpost.title == 'thisisatitle', blogpost.title
def test_blogpost_belongs_to_app(self): """Test BLOGPOSTS must belong to an app""" self.configure_fixtures() blogpost = Blogpost(title='title', app=None) db.session.add(blogpost) assert_raises(IntegrityError, db.session.commit)
def test_blogpost_title_presence(self): """Test BLOGPOST a blogpost must have a title""" self.configure_fixtures() blogpost = Blogpost(title=None, body="body", project=self.project) db.session.add(blogpost) assert_raises(IntegrityError, db.session.commit)
def test_blogpost_delete_errors(self): """Test blogposts delete for non existing apps raises errors""" self.register() user = db.session.query(User).get(1) app1 = App(name='app1', short_name='app1', description=u'description') app2 = self.create_app(info=None) app1.owner = user app2.owner = user blogpost = Blogpost(owner=user, app=app1, title='thisisatitle', body='body') db.session.add_all([app1, app2, blogpost]) db.session.commit() # To a non-existing app url = "/app/non-existing-app/%s/delete" % blogpost.id res = self.app.post(url, follow_redirects=True) assert res.status_code == 404, res.status_code # To a non-existing post url = "/app/%s/999999/delete" % app1.short_name res = self.app.post(url, follow_redirects=True) assert res.status_code == 404, res.status_code # To an existing post but with a project in the URL it does not belong to url = "/app/%s/%s/delete" % (app2.short_name, blogpost.id) res = self.app.post(url, follow_redirects=True) assert res.status_code == 404, res.status_code
def test_blogpost_update_by_anonymous(self): """Test blogpost update, anonymous users are redirected to signin""" user = self.create_users()[1] app = self.create_app(info=None) app.owner = user blogpost = Blogpost(owner=user, app=app, title='thisisatitle', body='body') db.session.add_all([user, app, blogpost]) db.session.commit() url = "/app/%s/%s/update" % (app.short_name, blogpost.id) res = self.app.get(url, follow_redirects=True) assert res.status_code == 200, res.status_code assert "Please sign in to access this page" in res.data, res.data res = self.app.post(url, data={ 'id': blogpost.id, 'title': 'new title', 'body': 'new body' }, follow_redirects=True) assert res.status_code == 200, res.status_code assert "Please sign in to access this page" in res.data blogpost = db.session.query(Blogpost).first() assert blogpost.title == 'thisisatitle', blogpost.title
def test_blogpost_update_by_owner(self, mock_redirect): """Test blogposts, app owners can update""" self.register() user = db.session.query(User).get(1) app = self.create_app(info=None) app.owner = user blogpost = Blogpost(owner=user, app=app, title='thisisatitle', body='body') db.session.add_all([app, blogpost]) db.session.commit() url = "/app/%s/%s/update" % (app.short_name, blogpost.id) res = self.app.get(url, follow_redirects=True) assert res.status_code == 200, res.status_code res = self.app.post(url, data={ 'id': blogpost.id, 'title': 'blogpost title', 'body': 'new body' }, follow_redirects=True) assert res.status_code == 200, res.status_code mock_redirect.assert_called_with('/app/%s/blog' % app.short_name) blogpost = db.session.query(Blogpost).first() assert blogpost.title == 'blogpost title', blogpost.title assert blogpost.body == 'new body', blogpost.body
def test_blogpost_body_presence(self): """Test BLOGPOST a blogpost must have a body""" self.configure_fixtures() blogpost = Blogpost(title='title', body=None, app=self.app) db.session.add(blogpost) assert_raises(IntegrityError, db.session.commit)
def test_anonymous_user_create_given_blogpost(self): """Test anonymous users cannot create a given blogpost""" with self.flask_app.test_request_context('/'): app = db.session.query(App).first() blogpost = Blogpost(title='title', app_id=app.id, owner=None) assert_raises(Unauthorized, getattr(require, 'blogpost').create, blogpost)
def test_blogpost_owner_is_nullable(self): """Test BLOGPOST a blogpost owner can be none (if the user is removed from the system)""" self.configure_fixtures() blogpost = Blogpost(title='title', body="body", project=self.project, owner=None) db.session.add(blogpost) assert_not_raises(IntegrityError, db.session.commit)
def test_anonymous_user_delete_blogpost(self): """Test anonymous users cannot delete blogposts""" with self.flask_app.test_request_context('/'): app = db.session.query(App).first() blogpost = Blogpost(title='title', body='body', app_id=app.id, owner=None) db.session.add(blogpost) db.session.commit() assert_raises(Unauthorized, getattr(require, 'blogpost').delete, blogpost)
def test_anonymous_user_read_given_blogpost(self): """Test anonymous users can read a given blogpost""" with self.flask_app.test_request_context('/'): app = db.session.query(App).first() blogpost = Blogpost(title='title', body='body', app_id=app.id, owner=None) db.session.add(blogpost) db.session.commit() assert_not_raises(Exception, getattr(require, 'blogpost').read, blogpost)
def test_owner_create_given_blogpost(self): """Test authenticated user can create a given blogpost if is app owner""" with self.flask_app.test_request_context('/'): app = db.session.query(App).first() user1 = db.session.query(User).get(2) blogpost = Blogpost(title='title', body='body', app_id=app.id, user_id=user1.id) assert_not_raises(Exception, getattr(require, 'blogpost').create, blogpost)
def test_anonymous_user_read_given_blogpost_hidden_app(self): """Test anonymous users cannot read a given blogpost of a hidden app""" with self.flask_app.test_request_context('/'): app = db.session.query(App).first() app.hidden = 1 blogpost = Blogpost(title='title', body='body', app_id=app.id, owner=None) db.session.add(blogpost) db.session.commit() assert_raises(Unauthorized, getattr(require, 'blogpost').read, blogpost)
def test_admin_authenticated_user_delete_blogpost(self): """Test authenticated user can delete a blogpost if is admin""" with self.flask_app.test_request_context('/'): app = db.session.query(App).first() user1 = db.session.query(User).get(2) blogpost = Blogpost(title='title', body='body', app_id=app.id, user_id=user1.id) db.session.add(blogpost) db.session.commit() assert_not_raises(Exception, getattr(require, 'blogpost').delete, blogpost)
def test_owner_create_blogpost_as_other_user(self): """Test authenticated user cannot create blogpost if is app owner but sets another person as the author of the blogpost""" with self.flask_app.test_request_context('/'): app = db.session.query(App).first() user2 = db.session.query(User).get(3) blogpost = Blogpost(title='title', body='body', app_id=app.id, user_id=user2.id) assert_raises(Forbidden, getattr(require, 'blogpost').create, blogpost)
def test_non_owner_authenticated_user_create_given_blogpost(self): """Test authenticated user cannot create a given blogpost if is not the app owner, even if is admin""" with self.flask_app.app_context(): app = db.session.query(App).first() root = db.session.query(User).first() blogpost = Blogpost(title='title', body='body', app_id=app.id, user_id=root.id) assert_raises(Forbidden, getattr(require, 'blogpost').create, blogpost)
def test_non_owner_authenticated_user_delete_blogpost(self): """Test authenticated user cannot delete a blogpost if is not the post owner or is not admin""" with self.flask_app.test_request_context('/'): app = db.session.query(App).first() root = db.session.query(User).get(1) blogpost = Blogpost(title='title', body='body', app_id=app.id, user_id=root.id) db.session.add(blogpost) db.session.commit() assert_raises(Forbidden, getattr(require, 'blogpost').delete, blogpost)
def test_admin_read_given_blogpost_hidden_app(self): """Test admin can read a given blogpost of a hidden app""" with self.flask_app.test_request_context('/'): app = db.session.query(App).first() app.hidden = 1 user1 = db.session.query(User).get(2) blogpost = Blogpost(title='title', body='body', app_id=app.id, user_id=user1.id) db.session.add(blogpost) db.session.commit() assert_not_raises(Exception, getattr(require, 'blogpost').read, blogpost)
def test_non_owner_authenticated_user_read_given_blogpost(self): """Test authenticated user can read a given blogpost if is not the app owner""" with self.flask_app.test_request_context('/'): app = db.session.query(App).first() root = db.session.query(User).get(1) app.owner = root blogpost = Blogpost(title='title', body='body', app_id=app.id, user_id=root.id) db.session.add(blogpost) db.session.commit() assert_not_raises(Exception, getattr(require, 'blogpost').read, blogpost)
def test_blogpost_deletion_doesnt_delete_app(self): """Test BLOGPOST when deleting a blogpost it's parent app is not affected""" self.configure_fixtures() blogpost = Blogpost(title='title', body="body", app=self.app) db.session.add(blogpost) db.session.commit() assert self.app in db.session assert blogpost in db.session db.session.delete(blogpost) db.session.commit() assert self.app in db.session assert blogpost not in db.session
def test_blogpost_is_deleted_after_app_deletion(self): """Test BLOGPOST no blogposts can exist after it's app has been removed""" self.configure_fixtures() blogpost = Blogpost(title='title', body="body", app=self.app) db.session.add(blogpost) db.session.commit() assert self.app in db.session assert blogpost in db.session db.session.delete(self.app) db.session.commit() assert self.app not in db.session assert blogpost not in db.session
def test_blogpost_delete_by_owner(self, mock_redirect): """Test blogposts, app owners can delete""" self.register() user = db.session.query(User).get(1) app = self.create_app(info=None) app.owner = user blogpost = Blogpost(owner=user, app=app, title='thisisatitle', body='body') db.session.add_all([app, blogpost]) db.session.commit() url = "/app/%s/blog/%s/delete" % (app.short_name, blogpost.id) redirect_url = '/app/%s/blog' % app.short_name res = self.app.post(url, follow_redirects=True) assert res.status_code == 200, res.status_code mock_redirect.assert_called_with(redirect_url) blogpost = db.session.query(Blogpost).first() assert blogpost is None, blogpost
def test_blogpost_is_not_deleted_after_owner_deletion(self): """Test BLOGPOST a blogpost remains when its owner user is removed from the system""" self.configure_fixtures() owner = User( email_addr="*****@*****.**", name="johndoe2", fullname="John Doe2", locale="en") blogpost = Blogpost(title='title', body="body", project=self.project, owner=owner) db.session.add(blogpost) db.session.commit() assert owner in db.session assert blogpost in db.session db.session.delete(owner) db.session.commit() assert owner not in db.session assert blogpost in db.session assert blogpost.owner == None, blogpost.owner
def test_blogposts_get_all_with_hidden_app(self): """Test blogpost GET does not show hidden projects""" self.register() admin = db.session.query(User).get(1) self.signout() self.register(name='user', email='*****@*****.**') user = db.session.query(User).get(2) app = self.create_app(info=None) app.owner = user app.hidden = 1 blogpost = Blogpost(owner=user, app=app, title='thisisatitle', body='body') db.session.add_all([app, blogpost]) db.session.commit() url = "/app/%s/blog" % app.short_name # As app owner res = self.app.get(url, follow_redirects=True) assert res.status_code == 200, res.status_code assert 'thisisatitle' in res.data # As authenticated self.signout() self.register(name='notowner', email='*****@*****.**') res = self.app.get(url, follow_redirects=True) assert res.status_code == 403, res.status_code # As anonymous self.signout() res = self.app.get(url, follow_redirects=True) assert res.status_code == 401, res.status_code # As admin self.signin() res = self.app.get(url, follow_redirects=True) assert res.status_code == 200, res.status_code assert 'thisisatitle' in res.data
def test_blogposts_get_all(self): """Test blogpost GET all blogposts""" user = self.create_users()[1] app = self.create_app(info=None) app.owner = user blogpost = Blogpost(owner=user, app=app, title='thisisatitle', body='body') db.session.add_all([user, app, blogpost]) db.session.commit() url = "/app/%s/blog" % app.short_name # As anonymous res = self.app.get(url, follow_redirects=True) assert res.status_code == 200, res.status_code assert 'thisisatitle' in res.data # As authenticated self.register() res = self.app.get(url, follow_redirects=True) assert res.status_code == 200, res.status_code assert 'thisisatitle' in res.data
def test_blogpost_belongs_to_app(self): """Test BLOGPOSTS must belong to an app""" self.configure_fixtures() blogpost = Blogpost(title='title', body="body", app=None)
def test_blogpost_belongs_to_project(self): """Test BLOGPOSTS must belong to a project""" self.configure_fixtures() blogpost = Blogpost(title='title', body="body", project=None)