def test_delete_existing_topic(self):
self.topics = [{'id': 1, 'title': 'What is the weather like?'}, {'id': 2, 'title': 'The Most Popular Color in the World'},
{'id': 3, 'title': 'The best programming language'}, {'id': 4, 'title': '10 Best Programming Language to Learn in 2020'}]
self.topics_saved = []
for topic in self.topics:
self.topics_saved.append(Topic.objects.create(**topic))
self.messages = [{'id': 1, 'text': "Hot and sunny day", 'topic': self.topics_saved[0]},
{'id': 2, 'text': "Blue", 'topic': self.topics_saved[1]},
{'id': 3, 'text': "Python", 'topic': self.topics_saved[2]}]
self.messages_saved = []
for msg in self.messages:
temp_msg = Message.objects.create(**msg)
self.messages_saved.append(temp_msg)
factory = APIRequestFactory()
msg_view = MessageViewSet.as_view({'delete': 'destroy'})
request = factory.delete(reverse('messages-detail', args=(2,)))
response = msg_view(request, pk=1)
response.render()
self.assertEqual(response.status_code, status.HTTP_204_NO_CONTENT)
factory = APIRequestFactory()
msg_view = MessageViewSet.as_view({'delete': 'destroy'})
request = factory.delete(reverse('messages-detail', args=(1,)))
response = msg_view(request, pk=1)
response.render()
self.assertEqual(response.status_code, status.HTTP_404_NOT_FOUND)
self.assertEqual(json.loads(response.content), {'detail': 'Not found.'})
self.assertEqual(response['content-type'], 'application/json')
class DeleteSingleCourseTest(TestCase):
def setUp(self):
# Every test needs access to the request factory.
self.factory = APIRequestFactory()
self.newCourse1 = Course.objects.create(name='course1',
description='desc1',
price=1000)
self.invalid_pk = 2
def test_delete_valid_single_course(self):
"""Test the api valid delete new course."""
# Setup.
url = "/courses/" + str(self.newCourse1.pk)
request = self.factory.delete(url)
# Run.
course_detail = CourseViewSet.as_view({'delete': 'destroy'})
response = course_detail(request, pk=self.newCourse1.pk)
# Check.
self.assertEqual(response.status_code, status.HTTP_204_NO_CONTENT)
def test_delete_valid_single_course(self):
"""Test the api valid delete new course."""
# Setup.
url = "/courses/" + str(self.invalid_pk)
request = self.factory.delete(url)
# Run.
course_detail = CourseViewSet.as_view({'delete': 'destroy'})
response = course_detail(request, pk=self.invalid_pk)
# Check.
self.assertEqual(response.status_code, status.HTTP_404_NOT_FOUND)
class DeleteSinglePaymentTest(TestCase):
def setUp(self):
# Every test needs access to the request factory.
self.factory = APIRequestFactory()
self.newPayment = Payment.objects.create(
order_id=3,
amount_paid=14000,
payment_method='CD',
account_number='8736236426351234')
self.invalid_pk = 2
def test_delete_valid_single_payment(self):
"""Test the api valid delete new payment."""
# Setup.
url = "/payments/" + str(self.newPayment.pk)
request = self.factory.delete(url)
# Run.
payment_detail = PaymentViewSet.as_view({'delete': 'destroy'})
response = payment_detail(request, pk=self.newPayment.pk)
# Check.
self.assertEqual(response.status_code, status.HTTP_204_NO_CONTENT)
def test_delete_valid_single_payment(self):
"""Test the api valid delete new payment."""
# Setup.
url = "/payments/" + str(self.invalid_pk)
request = self.factory.delete(url)
# Run.
payment_detail = PaymentViewSet.as_view({'delete': 'destroy'})
response = payment_detail(request, pk=self.invalid_pk)
# Check.
self.assertEqual(response.status_code, status.HTTP_404_NOT_FOUND)
def test_delete_label(self):
# Create a label
self.cidr.labels.create(name='DeleteLabelKey',
value='DeleteLabelValue')
assert self.cidr.labelDict['DeleteLabelKey'] == 'DeleteLabelValue'
factory = APIRequestFactory()
view = LabelViewSet.as_view({'delete': 'destroy'})
request = factory.delete(
reverse('cidr-labels-detail',
kwargs={
'pk': 'DeleteLabelKey',
'cidr_pk': self.cidr.id
}))
force_authenticate(request, user=self.admin, token=self.token)
response = view(request, pk='DeleteLabelKey', cidr_pk=self.cidr.id)
assert response.status_code == 204
assert self.cidr.labelDict.get('DeleteLabelKey', None) is None
# Try to delete a label which does not exist
request = factory.delete(
reverse('cidr-labels-detail',
kwargs={
'pk': 'DeleteNonExistingLabelKey',
'cidr_pk': self.cidr.id
}))
force_authenticate(request, user=self.admin, token=self.token)
response = view(request,
pk='DeleteNonExistingLabelKey',
cidr_pk=self.cidr.id)
assert response.status_code == 404
def test_delete_token(self):
# First we let the user delete a token owned by admin
factory = APIRequestFactory()
view = TokenViewSet.as_view({'delete': 'destroy'})
request = factory.delete(
reverse('token-detail', kwargs={'pk': self.token.key}))
force_authenticate(request, user=self.user)
response = view(request, pk=self.token.key)
# The API pretends not to know this token
assert response.status_code == 404
assert FlaggedToken.objects.get(key=self.token.key)
# Now we actually delete tokens
for user, token in [(self.user, self.rtoken),
(self.admin, self.token)]:
request = factory.delete(
reverse('token-detail', kwargs={'pk': self.token.key}))
force_authenticate(request, user=user)
response = view(request, pk=token.key)
assert response.status_code == 204
assert len(FlaggedToken.objects.filter(key=token.key)) == 0
class RecipeDestroyTestCase(TestCase):
def setUp(self):
super(RecipeDestroyTestCase, self).setUp()
self.rf = APIRequestFactory()
self.view = RecipeRetrieveUpdateDestroyAPIView.as_view()
self.user = mommy.make(settings.AUTH_USER_MODEL)
def test_without_authenticated_user(self):
recipe = mommy.make('Recipe')
request = self.rf.delete(
reverse('recipe_retrieve_update_and_destroy', kwargs={'pk': recipe.pk}
))
raw_response = self.view(request, pk=recipe.pk)
response = raw_response.render()
self.assertEqual(response.status_code, 403)
def test_non_existing_recipe(self):
request = self.rf.delete(
reverse('recipe_retrieve_update_and_destroy', kwargs={'pk': 1}
))
force_authenticate(request, user=self.user)
raw_response = self.view(request, pk=1)
response = raw_response.render()
self.assertEqual(response.status_code, 404)
def test_recipe_by_other_user(self):
other_user = mommy.make(settings.AUTH_USER_MODEL)
recipe = mommy.make('Recipe', created_by=other_user)
request = self.rf.delete(
reverse('recipe_retrieve_update_and_destroy', kwargs={'pk': recipe.pk}
))
force_authenticate(request, user=self.user)
raw_response = self.view(request, pk=recipe.pk)
response = raw_response.render()
self.assertEqual(response.status_code, 403)
def test_recipe_by_user(self):
recipe = mommy.make('Recipe', created_by=self.user)
request = self.rf.delete(
reverse('recipe_retrieve_update_and_destroy', kwargs={'pk': recipe.pk}
))
force_authenticate(request, user=self.user)
raw_response = self.view(request, pk=recipe.pk)
response = raw_response.render()
old_id = recipe.pk
self.assertEqual(response.status_code, 204)
self.assertFalse(Recipe.objects.filter(pk=old_id).exists())
class CrowdfundTest(APITestCase):
def setUp(self):
self.factory = APIRequestFactory()
self.user = get_user_model().objects.create_user(
email='*****@*****.**', name='usertest', password='******')
self.id = self.user.id
self.token = Token.objects.create(user=self.user)
self.token.save()
def test_get(self):
request = self.factory.get('/crowdfund/api/fund/')
force_authenticate(request, token=self.token.key)
view = views.FundraiserViewSet.as_view({'get': 'list'})
response = view(request)
self.assertEqual(response.status_code, 200)
def test_post(self):
data = {
"user": '******',
"title": "mock",
"description": "mock",
"date_goal": '2021-12-22',
"amount_goal": "2000"
}
request = self.factory.post(f'/crowdfund/api/fund/', data)
force_authenticate(request, token=self.token.key)
view = views.FundraiserViewSet.as_view({'post': 'create'})
response = view(request)
self.assertEqual(response.status_code, 200)
def test_edit(self):
request = self.factory.patch(f'/crowdfund/api/fund/', {'title':'edited'})
force_authenticate(request, token=self.token.key)
view = views.FundraiserViewSet.as_view({'patch': 'partial_update'})
response = view(request,pk=self.user.id)
self.assertEqual(response.status_code, 200)
def test_edit_without_auth(self):
request = self.factory.patch(f'/crowdfund/api/fund/', {'title':'edited'})
# force_authenticate(request, token=self.token.key)
view = views.FundraiserViewSet.as_view({'patch': 'partial_update'})
response = view(request,pk=self.user.id)
self.assertEqual(response.status_code, 204)
def test_delete_without_auth(self):
request = self.factory.delete(f'/crowdfund/api/fund/')
# force_authenticate(request, token=self.token.key)
view = views.FundraiserViewSet.as_view({'delete': 'destroy'})
response = view(request,pk=self.user.id)
self.assertEqual(response.status_code, 204)
def test_delete(self):
request = self.factory.delete(f'/crowdfund/api/fund/')
force_authenticate(request, token=self.token.key)
view = views.FundraiserViewSet.as_view({'delete': 'destroy'})
response = view(request,pk=self.user.id)
self.assertEqual(response.status_code, 203)
class PlacesViewsTest(TestCase):
def setUp(self):
self.data = {
"title": "title",
"description": "description",
"coordinates": "SRID=4326;POINT(1 1)",
}
self.baseurl = "/api/places/"
self.factory = APIRequestFactory()
self.view = PlacesViewSet.as_view(
{"get": "list", "post": "create", "patch": "update", "delete": "destroy"}
)
self.user = get_user_model().objects.create(
username="******", password="******"
)
self.place = Places.objects.create(**self.data, user=self.user)
def test_resolve_view_cls(self):
self.assertEqual(resolve("/api/places/").func.cls, PlacesViewSet)
def test_get_method_authed(self):
req = self.factory.get(self.baseurl)
force_authenticate(req, self.user)
res = self.view(req)
self.assertEqual(res.status_code, 200)
def test_create_method_authed(self):
req = self.factory.post(self.baseurl, self.data)
force_authenticate(req, self.user)
res = self.view(req)
self.assertEqual(res.status_code, 201)
def test_update_method_authed(self):
req = self.factory.patch(self.baseurl, self.data)
force_authenticate(req, self.user)
res = self.view(req, pk=self.place.pk)
self.assertEqual(res.status_code, 200)
def test_destroy_method_authed(self):
req = self.factory.delete(self.baseurl)
force_authenticate(req, self.user)
res = self.view(req, pk=self.place.pk)
self.assertEqual(res.status_code, 204)
def test_methods_not_authed(self):
res = [
self.view(self.factory.get(self.baseurl)),
self.view(self.factory.post(self.baseurl, self.data)),
self.view(self.factory.patch(self.baseurl, self.data), pk=self.place.pk),
self.view(self.factory.delete(self.baseurl), pk=self.place.pk),
]
for r in res:
self.assertEqual(r.status_code, 401)
class SingleSuperuserAjaxViewTest(TestCase):
"""Test Ajax API for a single superuser."""
def setUp(self):
"""Set up test."""
self.factory = APIRequestFactory()
self.view = SingleSuperuserAjaxView.as_view()
self.user = UserFactory.create(**{'is_superuser': False})
self.superuser = UserFactory.create(**{'is_superuser': True})
self.user_to_remove = UserFactory.create(**{'is_superuser': True})
def test_delete_with_anonymous_user(self):
"""Test DELETE with anonymous user."""
request = self.factory.delete(
reverse('ajax:superusertools_single_superuser',
kwargs={'user_id': self.user_to_remove.id}))
response = self.view(request, user_id=self.user_to_remove.id).render()
self.assertEqual(response.status_code, 403)
self.assertEqual(User.objects.filter(is_superuser=True).count(), 2)
def test_delete_with_user(self):
"""Test DELETE with user."""
request = self.factory.delete(
reverse('ajax:superusertools_single_superuser',
kwargs={'user_id': self.user_to_remove.id}))
force_authenticate(request, user=self.user)
response = self.view(request, user_id=self.user_to_remove.id).render()
self.assertEqual(response.status_code, 403)
self.assertEqual(User.objects.filter(is_superuser=True).count(), 2)
def test_delete_with_superuser(self):
"""Test DELETE with superuser."""
request = self.factory.delete(
reverse('ajax:superusertools_single_superuser',
kwargs={'user_id': self.user_to_remove.id}))
force_authenticate(request, user=self.superuser)
response = self.view(request, user_id=self.user_to_remove.id).render()
self.assertEqual(response.status_code, 204)
self.assertEqual(User.objects.filter(is_superuser=True).count(), 1)
def test_delete_when_no_superuser(self):
"""Test DELETE with superuser, when superuser does not exist."""
request = self.factory.delete(
reverse('ajax:superusertools_single_superuser',
kwargs={'user_id': 84774358734}))
force_authenticate(request, user=self.superuser)
response = self.view(request, user_id=84774358734).render()
self.assertEqual(response.status_code, 404)
self.assertEqual(User.objects.filter(is_superuser=True).count(), 2)
class WorkflowLevel2SortDeleteViewsTest(TestCase):
def setUp(self):
self.factory = APIRequestFactory()
self.core_user = factories.CoreUser()
factories.Group()
def test_delete_workflowlevel2sort_superuser(self):
self.core_user.is_staff = True
self.core_user.is_superuser = True
self.core_user.save()
workflowlevel2sort = factories.WorkflowLevel2Sort()
request = self.factory.delete('/workflowlevel2sort/')
request.user = self.core_user
view = WorkflowLevel2SortViewSet.as_view({'delete': 'destroy'})
response = view(request, pk=workflowlevel2sort.pk)
self.assertEqual(response.status_code, 204)
self.assertRaises(
WorkflowLevel2Sort.DoesNotExist,
WorkflowLevel2Sort.objects.get, pk=workflowlevel2sort.pk)
def test_delete_workflowlevel2sort_normal_user(self):
wflvl1 = factories.WorkflowLevel1(
organization=self.core_user.organization)
workflowlevel2sort = factories.WorkflowLevel2Sort(
workflowlevel1=wflvl1)
request = self.factory.delete('/workflowlevel2sort/')
request.user = self.core_user
view = WorkflowLevel2SortViewSet.as_view({'delete': 'destroy'})
response = view(request, pk=workflowlevel2sort.pk)
self.assertEqual(response.status_code, 204)
self.assertRaises(
WorkflowLevel2Sort.DoesNotExist,
WorkflowLevel2Sort.objects.get, pk=workflowlevel2sort.pk)
def test_delete_workflowlevel2sort_diff_org_normal_user(self):
group_org_admin = factories.CoreGroup(name='Org Admin', is_org_level=True,
permissions=PERMISSIONS_ORG_ADMIN,
organization=self.core_user.organization)
self.core_user.core_groups.add(group_org_admin)
another_org = factories.Organization(name='Another Org')
wflvl1 = factories.WorkflowLevel1(organization=another_org)
workflowlevel2sort = factories.WorkflowLevel2Sort(
workflowlevel1=wflvl1)
request = self.factory.delete('/workflowlevel2sort/')
request.user = self.core_user
view = WorkflowLevel2SortViewSet.as_view({'delete': 'destroy'})
response = view(request, pk=workflowlevel2sort.pk)
self.assertEqual(response.status_code, 403)
WorkflowLevel2Sort.objects.get(pk=workflowlevel2sort.pk)
class SingleSuperuserAjaxViewTest(TestCase):
"""Test Ajax API for a single superuser."""
def setUp(self):
"""Set up test."""
self.factory = APIRequestFactory()
self.view = SingleSuperuserAjaxView.as_view()
self.user = UserFactory.create(**{"is_superuser": False})
self.superuser = UserFactory.create(**{"is_superuser": True})
self.user_to_remove = UserFactory.create(**{"is_superuser": True})
def test_delete_with_anonymous_user(self):
"""Test DELETE with anonymous user."""
request = self.factory.delete(
reverse("ajax:superusertools_single_superuser", kwargs={"user_id": self.user_to_remove.id})
)
response = self.view(request, user_id=self.user_to_remove.id).render()
self.assertEqual(response.status_code, 403)
self.assertEqual(User.objects.filter(is_superuser=True).count(), 2)
def test_delete_with_user(self):
"""Test DELETE with user."""
request = self.factory.delete(
reverse("ajax:superusertools_single_superuser", kwargs={"user_id": self.user_to_remove.id})
)
force_authenticate(request, user=self.user)
response = self.view(request, user_id=self.user_to_remove.id).render()
self.assertEqual(response.status_code, 403)
self.assertEqual(User.objects.filter(is_superuser=True).count(), 2)
def test_delete_with_superuser(self):
"""Test DELETE with superuser."""
request = self.factory.delete(
reverse("ajax:superusertools_single_superuser", kwargs={"user_id": self.user_to_remove.id})
)
force_authenticate(request, user=self.superuser)
response = self.view(request, user_id=self.user_to_remove.id).render()
self.assertEqual(response.status_code, 204)
self.assertEqual(User.objects.filter(is_superuser=True).count(), 1)
def test_delete_when_no_superuser(self):
"""Test DELETE with superuser, when superuser does not exist."""
request = self.factory.delete(reverse("ajax:superusertools_single_superuser", kwargs={"user_id": 84774358734}))
force_authenticate(request, user=self.superuser)
response = self.view(request, user_id=84774358734).render()
self.assertEqual(response.status_code, 404)
self.assertEqual(User.objects.filter(is_superuser=True).count(), 2)
class InternationalizationDeleteViewTest(TestCase):
def setUp(self):
self.core_user = factories.CoreUser()
self.factory = APIRequestFactory()
def test_delete_unexisting_internationalization(self):
self.core_user.is_staff = True
self.core_user.is_superuser = True
self.core_user.save()
request = self.factory.delete('/internationalization/')
request.user = self.core_user
view = InternationalizationViewSet.as_view({'delete': 'destroy'})
response = view(request, pk=999)
self.assertEqual(response.status_code, 404)
def test_delete_internationalization_superuser(self):
"""
Superusers are able to delete any translation
"""
self.core_user.is_staff = True
self.core_user.is_superuser = True
self.core_user.save()
inter = factories.Internationalization()
request = self.factory.delete('/internationalization/')
request.user = self.core_user
view = InternationalizationViewSet.as_view({'delete': 'destroy'})
response = view(request, pk=inter.pk)
self.assertEqual(response.status_code, 204)
self.assertRaises(Internationalization.DoesNotExist,
Internationalization.objects.get,
pk=inter.pk)
def test_delete_internationalization_normaluser(self):
"""
Normal users aren't able to delete translations
"""
inter = factories.Internationalization()
request = self.factory.delete('/internationalization/')
request.user = self.core_user
view = InternationalizationViewSet.as_view({'delete': 'destroy'})
response = view(request, pk=inter.pk)
self.assertEqual(response.status_code, 403)
def test(self):
creator = UserF.create()
admin = UserF.create()
project = ProjectF(add_admins=[admin])
observation = ObservationFactory.create(**{
'project': project,
'creator': creator
})
comment = CommentFactory.create()
factory = APIRequestFactory()
url = reverse('api:myobservations_single_comment', kwargs={
'project_id': project.id,
'observation_id': observation.id,
'comment_id': comment.id
})
request = factory.delete(url)
force_authenticate(request, user=admin)
view = MyContributionsSingleCommentAPIView.as_view()
response = view(
request,
project_id=project.id,
observation_id=observation.id,
comment_id=comment.id
).render()
self.assertEqual(response.status_code, status.HTTP_404_NOT_FOUND)
def test_delete_comment_with_creator_but_other_comment(self):
comment = CommentFactory.create(**{
'commentto': self.observation
})
factory = APIRequestFactory()
url = reverse('api:myobservations_single_comment', kwargs={
'project_id': self.project.id,
'observation_id': self.observation.id,
'comment_id': self.comment_to_remove.id
})
request = factory.delete(
url,
{'text': 'A comment to the observation'}
)
force_authenticate(request, user=self.creator)
view = MyContributionsSingleCommentAPIView.as_view()
response = view(
request,
project_id=self.project.id,
observation_id=self.observation.id,
comment_id=comment.id
).render()
self.assertEqual(response.status_code, status.HTTP_403_FORBIDDEN)
observation = Observation.objects.get(pk=self.observation.id)
self.assertIn(self.comment, observation.comments.all())
self.assertIn(self.comment_to_remove, observation.comments.all())
class DeleteProjectTests(APITestCase):
def setUp(self):
self.anonymous_user = AnonymousUserFactory()
self.user = UserFactory.create()
self.group = GroupFactory.create(name=self.user.username)
self.project = ProjectFactory.create(owner=self.group)
self.not_user = UserFactory.create()
self.not_group = GroupFactory.create(name=self.not_user.username)
self.view = ProjectViewSet.as_view({"delete": "destroy"})
self.factory = APIRequestFactory()
self.url = reverse("api:v2:project-detail", args=(self.project.id,))
self.request = self.factory.delete(self.url)
def test_anonymous_user_cannot_delete_project(self):
force_authenticate(self.request, user=self.anonymous_user)
response = self.view(self.request)
self.assertEquals(response.status_code, 403)
def test_user_cannot_delete_project_they_do_not_own(self):
force_authenticate(self.request, user=self.not_user)
response = self.view(self.request, pk=self.project.id)
self.assertEquals(response.status_code, 404)
def test_user_can_delete_project_they_own(self):
force_authenticate(self.request, user=self.user)
response = self.view(self.request, pk=self.project.id)
self.assertEquals(response.status_code, 204)
class MaterialViewSetTestCase(APITestCase):
def setUp(self):
self.factory = APIRequestFactory()
self.teacher = create_user(
first_name=fake.first_name(),
last_name=fake.last_name(),
email=fake.email(),
raw_password='******',
registered_as='teacher',
)
self.course = CourseFactory(teacher=self.teacher.teacher_profile)
self.material = MaterialFactory(course=self.course)
def test_get_one_material(self):
instance = self.material
field_set = {
'description', 'document', 'enabled',
}
view = MaterialGetUpdateRemoveViewSet.as_view()
request = self.factory.get('api/materials/<pk:int>')
force_authenticate(request, user=self.teacher)
response = view(request, pk=instance.id)
self.assertEqual(response.status_code, status.HTTP_200_OK)
self.assertEqual(response.data['course'], instance.course.id)
for field in field_set:
self.assertEqual(
str(response.data[field]),
str(getattr(instance, field)),
)
def test_update_material(self):
instance = self.material
data = {
'enabled': fake.boolean(),
'course': self.course.id,
'document': fake.image_url(),
'description': fake.paragraph(),
}
view = MaterialGetUpdateRemoveViewSet.as_view()
request = self.factory.put(
'api/materials/<pk:int>', data, format='json',
)
force_authenticate(request, user=self.teacher)
response = view(request, pk=instance.id)
self.assertEqual(response.status_code, status.HTTP_200_OK)
course_id = data.pop('course')
self.assertEqual(course_id, response.data['course'])
for key, value in data.items():
self.assertEqual(str(response.data[key]), str(value))
def test_delete_material(self):
instance = self.material
view = MaterialGetUpdateRemoveViewSet.as_view()
request = self.factory.delete('api/materials/<pk:int>')
force_authenticate(request, user=self.teacher)
response = view(request, pk=instance.id)
self.assertEqual(response.status_code, status.HTTP_204_NO_CONTENT)
self.assertFalse(
Material.objects.filter(id=instance.id).exists(),
)
class TestActionsList(APITestCase):
fixtures = ['pydnd/fixtures/db_fixture.json']
def setUp(self):
self.factory = APIRequestFactory()
self.view = views.SpecialAbilityList.as_view()
self.uri = 'special_abilities'
def test_list(self):
request = self.factory.get(self.uri)
response = self.view(request)
self.assertEqual(response.status_code, 200,
'Expected Response Code 200, received {0} instead.'
.format(response.status_code))
def test_cannot_delete(self):
request = self.factory.delete(self.uri)
response = self.view(request)
self.assertEqual(response.status_code, 405,
'Expected Response Code 405, received {0} instead.'
.format(response.status_code))
def test_cannot_put(self):
request = self.factory.put(self.uri)
response = self.view(request)
self.assertEqual(response.status_code, 405,
'Expected Response Code 405, received {0} instead.'
.format(response.status_code))
class TestAjaxViews(TestCase):
def setUp(self):
self.coffee = factories.CoffeeFactory.create()
self.coffee._generate_profile()
self.roastprofile = self.coffee.roastprofile_set.all()[0]
self.request_factory = RequestFactory()
self.api_request_factory = APIRequestFactory()
def tearDown(self):
self.coffee.delete()
def test_coffee_delete(self):
"""
Test that this view properly deletes a Coffee based on it's ID
"""
request = self.api_request_factory.delete(
reverse(
'rest-coffee-detail',
args=(self.coffee.id,),
)
)
self.assertEquals(models.Coffee.objects.filter(id=self.coffee.id).exists(), True)
view = views.CoffeeViewSet.as_view(actions={'delete':'destroy'})
response = view(request, pk=self.coffee.id)
self.assertEquals(models.Coffee.objects.filter(id=self.coffee.id).exists(), False)
# Assert that some success code (2xx) was received.
self.assertEquals(str(response.status_code).startswith('2'), True)
def test_get_asn_delete(
self,
hosting_provider_with_sample_user: ac_models.Hostingprovider,
green_asn: gc_models.GreencheckASN,
):
"""
Can we delete an ASN via the API, marking it as 'inactive' in our database?
"""
green_asn.save()
rf = APIRequestFactory()
url_path = reverse("asn-detail", kwargs={"pk": green_asn.id})
user = hosting_provider_with_sample_user.user_set.first()
request = rf.delete(url_path)
request.user = user
# GET end point for IP Ranges
view = gc_viewsets.ASNViewSet.as_view({"delete": "destroy"})
response = view(request, pk=green_asn.id)
# check contents
assert response.status_code == 204
assert gc_models.GreencheckASN.objects.filter(asn=12345).count() == 1
fetched_green_asn = gc_models.GreencheckASN.objects.filter(asn=12345).first()
assert not fetched_green_asn.active
def _test_delete_detail_from_other_bot(self, func_url, view, *args):
new_bot = self.create_bot(owner=self.bot.owner, token=self.mytoken2)
factory = APIRequestFactory()
request = factory.delete(func_url(new_bot.pk))
force_authenticate(request, user=self.bot.owner)
response = view.as_view()(request, new_bot.pk, *args)
self.assertEqual(response.status_code, status.HTTP_404_NOT_FOUND)
def test_delete_app(app: AppFactory, user: settings.AUTH_USER_MODEL,
request_factory: APIRequestFactory, app_view: Callable,
plan: PlanFactory):
request = request_factory.delete(f"/api/v1/apps/{app.id}")
force_authenticate(request, user=user)
response = app_view(request, pk=app.id)
assert response.status_code == 204
def test_articles(self):
article1 = Article.objects.get(article_title = "test title 1")
article2 = Article.objects.get(article_title = "test title 2")
#create necessary views for sending requests
getRequest = ArticleViewSet.as_view(actions = {'get': 'retrieve'})
postRequest = ArticleViewSet.as_view(actions = {'post': 'create'})
updateRequest = ArticleViewSet.as_view(actions = {'put': 'update'})
deleteRequest = ArticleViewSet.as_view(actions = {'delete': 'destroy'})
factory = APIRequestFactory() # to create requests
#test get
self.assertEqual(getRequest(factory.get('articles/'), pk = article1.id).status_code, 200)
self.assertEqual(getRequest(factory.get('articles/'), pk = article2.id).status_code, 200)
#test post
self.assertEqual(postRequest(factory.post('articles/', {"article_title": "test title 3", "article_text": "test text 3"})).status_code, 200)
article3 = Article.objects.get(article_title = "test title 3")
self.assertEqual(getRequest(factory.get('articles/'), pk = article3.id).data["article_text"], "test text 3")
#test delete
self.assertEqual(deleteRequest(factory.delete('articles/'), pk = article2.id).status_code, 204)
self.assertEqual(getRequest(factory.get('articles/'), pk = article2.id).status_code, 404) # should have been deleted
#test update
self.assertEqual(updateRequest(factory.put('articles/', {"article_title": "test title 1 updated", "article_text":"test text 1 updated"}), pk=article1.id).status_code, 200)
self.assertEqual(getRequest(factory.get('articles/'), pk = 1).data["article_text"], "test text 1 updated")
class DeleteProjectTests(APITestCase):
def setUp(self):
self.anonymous_user = AnonymousUserFactory()
self.user = UserFactory.create()
self.group = GroupFactory.create(name=self.user.username)
self.project = ProjectFactory.create(owner=self.group)
self.not_user = UserFactory.create()
self.not_group = GroupFactory.create(name=self.not_user.username)
self.view = ProjectViewSet.as_view({'delete': 'destroy'})
self.factory = APIRequestFactory()
self.url = reverse('api:v2:project-detail', args=(self.project.id, ))
self.request = self.factory.delete(self.url)
def test_anonymous_user_cannot_delete_project(self):
force_authenticate(self.request, user=self.anonymous_user)
response = self.view(self.request)
self.assertEquals(response.status_code, 403)
def test_user_cannot_delete_project_they_do_not_own(self):
force_authenticate(self.request, user=self.not_user)
response = self.view(self.request, pk=self.project.id)
self.assertEquals(response.status_code, 404)
def test_user_can_delete_project_they_own(self):
force_authenticate(self.request, user=self.user)
response = self.view(self.request, pk=self.project.id)
self.assertEquals(response.status_code, 204)
def test_document_detail_delete(db, document):
factory = APIRequestFactory()
pk = document.id
url = reverse_lazy('document', args=(pk, ))
request = factory.delete(url)
response = DocumentDetail.as_view()(request, pk)
assert response.status_code == 204
def test_can_only_destroy_asns_for_own_hosting_provider(
self,
hosting_provider_with_sample_user: ac_models.Hostingprovider,
another_host_user: User,
green_asn: gc_models.GreencheckASN,
):
"""
An user must be associated with a hosting provider to be able
to create or destroy ASNs or IP Ranges for the provider
"""
green_asn.save()
assert gc_models.GreencheckASN.objects.filter(asn=12345).count() == 1
rf = APIRequestFactory()
url_path = reverse("asn-detail", kwargs={"pk": green_asn.id})
hosting_provider_with_sample_user.user_set.first()
request = rf.delete(url_path)
request.user = another_host_user
# GET end point for IP Ranges
view = gc_viewsets.ASNViewSet.as_view({"delete": "destroy"})
response = view(request, pk=green_asn.id)
# check contents
assert response.status_code == 404
assert (
gc_models.GreencheckASN.objects.filter(asn=12345, active=True).count() == 1
)
def test_destroy_mixin(self):
factory = APIRequestFactory()
request = factory.delete("/test_resources/1")
view = TestViewSet.as_view({"delete": "destroy"})
response = view(request, pk=1)
self.assertEqual(response.status_code, 204)
self.assertIsInstance(response.context["resource"], TestModel)
def delete_request(view, user, query_params='', **extra):
factory = APIRequestFactory()
path = ''
if query_params:
path = '?' + urlencode(query_params)
request = factory.delete(path, **get_headers(user))
return view(request, **extra)
def test_apply_user_annotation(self):
url = f'/api/texts/{self.text.pk}/witnesses/{self.witness.pk}/applied_annotations/'
factory = APIRequestFactory()
# add applied annotation
request = factory.post(url, {'annotation_id': self.annotation.pk})
force_authenticate(request, user=self.user)
response = AppliedUserAnnotations.as_view()(request)
self.assertEqual(response.status_code, status.HTTP_204_NO_CONTENT)
applied_annotation = AppliedUserAnnotation.objects.get(
annotation=self.annotation)
request = factory.get(url)
force_authenticate(request, user=self.user)
response = AppliedUserAnnotations.as_view()(request,
self.annotation.witness_id)
self.assertEqual(response.status_code, status.HTTP_200_OK)
self.assertEqual(response.data[0]['annotation'], self.annotation.pk)
url = url + str(self.annotation.pk)
request = factory.delete(url)
force_authenticate(request, user=self.user)
response = AppliedUserAnnotationDetail.as_view()(request,
self.annotation.pk)
self.assertEqual(response.status_code, status.HTTP_204_NO_CONTENT)
self.assertEqual(AppliedUserAnnotation.objects.count(), 0)
def test_comment_destroy(self):
# 유저, 포스트, 코멘트 트랙 생성
user1 = self.create_user()
user2 = self.create_user(email='*****@*****.**',
nickname='testuser2')
post = self.create_post(user=user1)
comment = self.create_comment(post=post, user=user2)
pk = comment.data['id']
# /post/comment/pk/에 DELETE 요청 보냄
factory = APIRequestFactory()
request = factory.delete(f'/post/comment/{pk}/')
view = CommentTrackDetail.as_view()
response = view(request, pk=pk)
# 인증 정보가 없는 경우 삭제 불가능 테스트
self.assertEqual(response.status_code, status.HTTP_401_UNAUTHORIZED)
# 작성자가 아닌 경우 삭제 불가능 테스트
force_authenticate(request, user=user1)
response = view(request, pk=pk)
self.assertEqual(response.status_code, status.HTTP_403_FORBIDDEN)
# 작성자인 경우 삭제 가능 테스트
force_authenticate(request, user=user2)
response = view(request, pk=pk)
self.assertEqual(response.status_code, status.HTTP_204_NO_CONTENT)
# 코멘트가 삭제되었는지 확인
response = self.client.get(f'http://testserver/post/comment/{pk}/')
self.assertEqual(response.status_code, status.HTTP_404_NOT_FOUND)
def solve3(view):
action_name = dec(b'ImVtYWlsIg==')
allow_method = dec(b'WyJnZXQiLCAiZGVsZXRlIl0=')
router = SimpleRouter()
router.register('users', view)
group_by_methods, group_by_actions = get_actions_from_router(router)
assert group_by_actions.get(action_name,
None), 'email action 이 구현되지 않았습니다.'
assert allow_method == group_by_actions.get(
action_name, []
), f'email action 은 GET, DELETE Method 를 허용해야합니다. 현재 email action 은 {", ".join(group_by_actions.get(action_name, []))} 을 허용중입니다.'
factory = APIRequestFactory()
view = view.as_view(actions={'get': action_name})
user = baker.make(User, email='*****@*****.**')
response = view(factory.get(''), pk=user.pk)
assert response.status_code == 200, f'get API 호출 결과의 status_code 가 일치하지 않습니다: 현재: {response.status_code}'
assert response.data == '*****@*****.**', f'get API 호출 결과는 {"*****@*****.**"} 이 되어야 합니다: 현재: {response.data}'
view = view.as_view(actions={'delete': action_name})
response = view(factory.delete(''), pk=user.pk)
user.refresh_from_db()
assert response.status_code == 204, f'delete API 호출 결과의 status_code 가 일치하지 않습니다: 현재: {response.status_code}'
assert not user.email, 'delete API 호출 결과 유저의 email 속성이 지워지지 않았습니다.'
def test_post_destroy(self):
# 포스트 생성
pk = self.create_post().data['id']
# /post/pk/으로 DELETE 요청을 보냄
factory = APIRequestFactory()
request = factory.delete(f'/post/{pk}/')
view = PostDetail.as_view()
response = view(request, pk=pk)
# 인증 데이터가 없을 경우 포스트 삭제 불가 테스트
self.assertEqual(response.status_code, status.HTTP_401_UNAUTHORIZED)
# 작성자가 아닌 경우 포스트 삭제 불가능한지 테스트
user = self.create_user('*****@*****.**', 'testuser2')
force_authenticate(request, user=user)
response = view(request, pk=pk)
self.assertEqual(response.status_code, status.HTTP_403_FORBIDDEN)
# 작성자인 경우 삭제 가능
user = User.objects.get(email='*****@*****.**')
force_authenticate(request, user=user)
response = view(request, pk=pk)
self.assertEqual(response.status_code, status.HTTP_204_NO_CONTENT)
# 포스트가 삭제되었는지 확인
request = factory.get(f'/post/{pk}/')
view = PostDetail.as_view()
response = view(request, pk=pk)
self.assertEqual(response.status_code, status.HTTP_404_NOT_FOUND)
def test_destroy_like_comment_without_params(self):
"""
Ensure we can destroy like comment without params
"""
factory = APIRequestFactory()
user = utils.create_user()
comment = utils.create_comment(user)
view = views.LikeCommentViewSet.as_view({
'post': 'create',
'delete': 'destroy'
})
# Create
url = self.get_url_endpoint
request = factory.post(url, {
'users': str(user.pk),
'comment': comment.pk
})
force_authenticate(request, user=user)
response = view(request)
# Delete
url = self.get_url_endpoint + str(comment.pk) + "/"
request = factory.delete(url)
force_authenticate(request, user=user)
response = view(request, pk=comment.pk)
self.assertEqual(response.status_code == 404, True)
class PostApiTestCase(TestCase):
def setUp(self):
self.data = {
'title': 'Test API',
'content': 'New Content',
'publish': timezone.now().date()
}
self.factory = APIRequestFactory()
self.user = User.objects.create(username='******',
email='*****@*****.**',
password='******',
is_staff=True,
is_superuser=True)
def test_get_data(self):
obj = Post.objects.create(title='Test API Post',
content='New Content',
publish=timezone.now().date())
list_url = reverse('posts-api:list')
detail_url = reverse('posts:detail', kwargs={'slug': obj.slug})
# get list
request = self.factory.get(list_url)
response = PostListAPIView.as_view()(request)
self.assertTrue(response.status_code, 200)
# get detail
request = self.factory.get(detail_url)
response = PostDetailAPIView.as_view()(request, slug=obj.slug)
self.assertTrue(response.status_code, 200)
def test_crud_data(self):
obj = Post.objects.create(title='Test API Post',
content='New Content',
publish=timezone.now().date())
create_url = reverse('posts-api:create')
update_url = reverse('posts-api:update', kwargs={'slug': obj.slug})
delete_url = reverse('posts-api:delete', kwargs={'slug': obj.slug})
request_create = self.factory.post(create_url, data=self.data)
force_authenticate(request_create, self.user)
response_create = PostCreateAPIView.as_view()(request_create,
slug=obj.slug)
self.assertEqual(response_create.status_code, 201)
request_update = self.factory.put(update_url, data=self.data)
force_authenticate(request_update, self.user)
response_update = PostUpdateAPIView.as_view()(request_update,
slug=obj.slug)
self.assertEqual(response_update.status_code, 200)
request_delete = self.factory.delete(delete_url)
force_authenticate(request_delete, self.user)
response_delete = PostDeleteAPIView.as_view()(request_delete,
slug=obj.slug)
self.assertEqual(response_delete.status_code, 204)
def test_destroy_like_topic(self):
"""
Ensure we can destroy like topic
"""
factory = APIRequestFactory()
user = utils.create_user()
topic = utils.create_topic(user)
view = views.LikeTopicViewSet.as_view({
'post': 'create',
'delete': 'destroy'
})
# Create
url = self.get_url_endpoint
request = factory.post(url, {
'users': str(user.pk),
'topic': str(topic.pk)
})
force_authenticate(request, user=user)
response = view(request)
# Delete
url = self.get_url_endpoint + str(topic.pk) + "/"
request = factory.delete(url, {'users': str(user.pk)})
force_authenticate(request, user=user)
response = view(request, pk=topic.pk)
self.assertEqual(response.status_code == 200, True)
def test_delete_task(self):
factory = APIRequestFactory()
view = TaskDetail.as_view()
project = Project.objects.create(title='TestProject')
tasks = Task.objects.bulk_create([(Task(id=1,
title='Test1',
description='d1',
project=project)),
(Task(id=2,
title='Test2',
description='d2',
project=project)),
(Task(id=3,
title='Test3',
description='d3',
project=project))])
task = tasks[0]
request = factory.delete('/api/tasks/1')
force_authenticate(request,
user=self.test_user,
token=self.full_access_token)
response = view(request, pk='1')
self.assertEqual(response.status_code, status.HTTP_204_NO_CONTENT)
self.assertEqual(len(Task.objects.all()), 2)
self.assertNotIn(task, Task.objects.all())
def test_destroy_to_many_valid_iterator(self):
factory = APIRequestFactory()
request = factory.delete("/test_resources/relationships/related_thing",
format="json")
view = self.TestManyView()
request.data = {"data": [{"type": "test_resource", "id": "5"}]}
view.relationship_destroy(request, 1, "related_things")
def _test_delete_detail_from_other_bot(self, func_url, view, *args):
new_bot = self.create_bot(owner=self.bot.owner,
token=self.mytoken2)
factory = APIRequestFactory()
request = factory.delete(func_url(new_bot.pk))
force_authenticate(request, user=self.bot.owner)
response = view.as_view()(request, new_bot.pk, *args)
self.assertEqual(response.status_code, status.HTTP_404_NOT_FOUND)
class TagDestroyTestCase(TestCase):
def setUp(self):
super(TagDestroyTestCase, self).setUp()
self.rf = APIRequestFactory()
self.view = TagRetrieveUpdateDestroyAPIView.as_view()
self.user = mommy.make(settings.AUTH_USER_MODEL)
def test_without_authenticated_user(self):
tag = mommy.make('Tag')
request = self.rf.delete(
reverse('tags_retrieve_update_and_destroy', kwargs={'pk': tag.pk}
))
raw_response = self.view(request, pk=tag.pk)
response = raw_response.render()
self.assertEqual(response.status_code, 403)
def test_non_existing_tag(self):
request = self.rf.delete(
reverse('tags_retrieve_update_and_destroy', kwargs={'pk': 1}
))
force_authenticate(request, user=self.user)
raw_response = self.view(request, pk=1)
response = raw_response.render()
self.assertEqual(response.status_code, 404)
def test_delete_tag(self):
tag = mommy.make('Tag')
request = self.rf.delete(
reverse('tags_retrieve_update_and_destroy', kwargs={'pk': tag.pk}
))
force_authenticate(request, user=self.user)
raw_response = self.view(request, pk=tag.pk)
response = raw_response.render()
old_id = tag.pk
self.assertEqual(response.status_code, 204)
self.assertFalse(Tag.objects.filter(pk=old_id).exists())
def setUp(self):
self.tag = TagFactory.create()
self.anonymous_user = AnonymousUserFactory()
self.user = UserFactory()
self.staff_user = UserFactory(is_staff=True)
factory = APIRequestFactory()
url = reverse('api:v2:tag-detail', args=(self.tag.id,))
self.request = factory.delete(url)
self.view = TagViewSet.as_view({'delete': 'destroy'})
def test_contact_delete_fail(self):
view = v1_views.ContactViewSet.as_view({'get': 'list'})
factory = APIRequestFactory()
request = factory.delete('/api/v1/contact/')
force_authenticate(request, user=self.user)
response = view(request, pk=self.user_contact.id)
# HTTP 405
self.assertEquals(
response.status_code,
status.HTTP_405_METHOD_NOT_ALLOWED,
response.data)
def test_delete_not_existing_user(self):
factory = APIRequestFactory()
user = UserF.create(**{'is_superuser': True})
request = factory.delete(
reverse('ajax:superusers_deleteuser', kwargs={
'user_id': 84774358734
})
)
force_authenticate(request, user=user)
view = DeleteSuperUsersAjaxView.as_view()
response = view(request, user_id=84774358734).render()
self.assertEqual(response.status_code, 404)
self.assertEqual(len(User.objects.filter(is_superuser=True)), 1)
def test_request_delete_fail(self):
view = v1_views.RequestViewSet.as_view({'get': 'list'})
factory = APIRequestFactory()
request = factory.delete('/api/v1/request/')
force_authenticate(request, user=self.user)
requests = self.response.data.get('requests')
response = view(request, pk=requests[0].get('id'))
# HTTP 405
self.assertEquals(
response.status_code,
status.HTTP_405_METHOD_NOT_ALLOWED,
response.data)
def get_response(self, user):
factory = APIRequestFactory()
request = factory.delete(
"/api/projects/%s/contributions/%s/comments/%s/"
% (self.project.id, self.contribution.id, self.comment_to_remove.id),
{"text": "A comment to the contribution."},
)
force_authenticate(request, user=user)
view = SingleCommentAPIView.as_view()
return view(
request,
project_id=self.project.id,
contribution_id=self.contribution.id,
comment_id=self.comment_to_remove.id,
).render()
def test_delete_with_user(self):
factory = APIRequestFactory()
user = UserF.create(**{'is_superuser': False})
user_to_remove = UserF.create(**{'is_superuser': True})
request = factory.delete(
reverse('ajax:superusers_deleteuser', kwargs={
'user_id': user_to_remove.id
})
)
force_authenticate(request, user=user)
view = DeleteSuperUsersAjaxView.as_view()
response = view(request, user_id=user_to_remove.id).render()
self.assertEqual(response.status_code, 403)
self.assertEqual(len(User.objects.filter(is_superuser=True)), 1)
def get_response(self, user):
factory = APIRequestFactory()
request = factory.delete(
'/api/projects/%s/observations/%s/comments/%s/' %
(self.project.id, self.observation.id, self.comment_to_remove.id),
{'text': 'A comment to the observation'}
)
force_authenticate(request, user=user)
view = AllContributionsSingleCommentAPIView.as_view()
return view(
request,
project_id=self.project.id,
observation_id=self.observation.id,
comment_id=self.comment_to_remove.id
).render()
def test(self):
admin = UserFactory.create()
project = ProjectFactory(add_admins=[admin])
contribution = ObservationFactory.create(**{"project": project})
comment = CommentFactory.create()
factory = APIRequestFactory()
request = factory.delete(
"/api/projects/%s/contributions/%s/comments/%s/" % (project.id, contribution.id, comment.id),
{"text": "A comment to the contribution."},
)
force_authenticate(request, user=admin)
view = SingleCommentAPIView.as_view()
response = view(request, project_id=project.id, contribution_id=contribution.id, comment_id=comment.id).render()
self.assertEqual(response.status_code, status.HTTP_404_NOT_FOUND)
def get_response(self, user, comment_to_remove=None):
if not comment_to_remove:
comment_to_remove = self.comment_to_remove
factory = APIRequestFactory()
request = factory.delete(
'/api/projects/%s/contributions/%s/comments/%s/' %
(self.project.id, self.contribution.id, comment_to_remove.id),
{'text': 'A comment to the contribution.'}
)
force_authenticate(request, user=user)
view = SingleCommentAPIView.as_view()
return view(
request,
project_id=self.project.id,
contribution_id=self.contribution.id,
comment_id=comment_to_remove.id
).render()
def makeRequest(self, get=None, post=None, delete=None, data=None):
factory = APIRequestFactory()
prefix = '/' + VERSION
if get is not None:
request = factory.get(prefix + get)
elif post is not None:
request = factory.post(prefix + post, data)
elif delete is not None:
request = factory.delete(prefix + delete)
else:
raise Exception('Unsupported request type')
force_authenticate(request, user=self.user)
return request
def get_response(self, user):
factory = APIRequestFactory()
url = reverse('api:myobservations_single_comment', kwargs={
'project_id': self.project.id,
'observation_id': self.observation.id,
'comment_id': self.comment_to_remove.id
})
request = factory.delete(
url,
{'text': 'A comment to the observation'}
)
force_authenticate(request, user=user)
view = MyContributionsSingleCommentAPIView.as_view()
return view(
request,
project_id=self.project.id,
observation_id=self.observation.id,
comment_id=self.comment_to_remove.id
).render()
def setUp(self):
self.anonymous_user = AnonymousUserFactory()
self.user = UserFactory.create()
self.access_token = create_access_token(
self.user, "Test Token 1", issuer="Testing"
)
factory = APIRequestFactory()
self.create_view = AccessTokenViewSet.as_view({'post': 'create'})
self.create_request = factory.post(
self.url_route, {'name': 'Test Token Creation'}
)
self.invalid_create_request = factory.post(
self.url_route, {'name': {
'Not': 'A String'
}}, format='json'
)
self.list_view = AccessTokenViewSet.as_view({'get': 'list'})
self.list_request = factory.get(self.url_route)
self.delete_view = AccessTokenViewSet.as_view({'delete': 'destroy'})
self.delete_request = factory.delete(
'{}/{}'.format(self.url_route, self.access_token.id)
)
self.edit_view = AccessTokenViewSet.as_view({'put': 'update'})
self.edit_request = factory.put(
'{}/{}'.format(self.url_route, self.access_token.id),
{'name': 'Test Token New Name'}
)
self.invalid_edit_request = factory.put(
'{}/{}'.format(self.url_route, self.access_token.id),
{'name': {
'Not': 'A String'
}},
format='json'
)
class TestDeleteCommitment(APITestCase):
def setUp(self):
self.factory = APIRequestFactory()
self.username = "******"
self.email = "*****@*****.**"
self.password = "******"
self.user = get_user_model().objects.create_user(
username = self.username,
email = self.email,
password = self.password,
)
self.commitment_dict = {'name': 'test commit', 'description':'you know what it is'}
request = self.factory.post('/profile/commitments/', self.commitment_dict)
force_authenticate(request, user=self.user)
response = views.commitments_list(request)
self.id_to_check = response.data['id']
def test_delete_details_endpoint(self):
request_delete = self.factory.delete('/profile/commitments/' + str(self.id_to_check))
force_authenticate(request_delete, user=self.user)
response = views.commitments_detail(request_delete, pk=self.id_to_check)
self.assertEqual(response.status_code, status.HTTP_204_NO_CONTENT)
def test(self):
admin = UserF.create()
project = ProjectF(add_admins=[admin])
category = CategoryFactory(**{'project': project})
view = GroupingFactory(**{'project': project})
RuleFactory(**{'grouping': view, 'category': category})
observation = ObservationFactory.create(**{
'project': project,
'category': category
})
comment = CommentFactory.create()
factory = APIRequestFactory()
factory = APIRequestFactory()
url = reverse(
'api:view_single_comment',
kwargs={
'project_id': project.id,
'view_id': view.id,
'observation_id': observation.id,
'comment_id': comment.id
}
)
request = factory.delete(url)
force_authenticate(request, user=admin)
dataview = GroupingContributionsSingleCommentAPIView.as_view()
response = dataview(
request,
project_id=project.id,
view_id=view.id,
observation_id=observation.id,
comment_id=comment.id
).render()
self.assertEqual(response.status_code, status.HTTP_404_NOT_FOUND)
def test(self):
admin = UserF.create()
project = ProjectF(add_admins=[admin])
observation = ObservationFactory.create(**{
'project': project
})
comment = CommentFactory.create()
factory = APIRequestFactory()
request = factory.delete(
'/api/projects/%s/observations/%s/comments/%s/' %
(project.id, observation.id, comment.id),
{'text': 'A comment to the observation'}
)
force_authenticate(request, user=admin)
view = AllContributionsSingleCommentAPIView.as_view()
response = view(
request,
project_id=project.id,
observation_id=observation.id,
comment_id=comment.id
).render()
self.assertEqual(response.status_code, status.HTTP_404_NOT_FOUND)
class AllContributionsSingleMediaApiViewTest(TestCase):
def setUp(self):
self.factory = APIRequestFactory()
self.admin = UserFactory.create()
self.creator = UserFactory.create()
self.viewer = UserFactory.create()
self.project = ProjectFactory(
add_admins=[self.admin],
add_contributors=[self.creator]
)
self.contribution = ObservationFactory.create(
**{'project': self.project, 'creator': self.creator}
)
self.image_file = ImageFileFactory.create(
**{'contribution': self.contribution, 'creator': self.creator}
)
def tearDown(self):
files = glob.glob(os.path.join(
settings.MEDIA_ROOT,
'user-uploads/images/*'
))
for f in files:
os.remove(f)
def get(self, user):
url = reverse(
'api:project_single_media',
kwargs={
'project_id': self.project.id,
'contribution_id': self.contribution.id,
'file_id': self.image_file.id
}
)
request = self.factory.get(url)
force_authenticate(request, user)
view = AllContributionsSingleMediaApiView.as_view()
return view(
request,
project_id=self.project.id,
contribution_id=self.contribution.id,
file_id=self.image_file.id
).render()
def delete(self, user, image_id=None):
if image_id is None:
image_id = self.image_file.id
url = reverse(
'api:project_single_media',
kwargs={
'project_id': self.project.id,
'contribution_id': self.contribution.id,
'file_id': image_id
}
)
request = self.factory.delete(url)
force_authenticate(request, user)
view = AllContributionsSingleMediaApiView.as_view()
return view(
request,
project_id=self.project.id,
contribution_id=self.contribution.id,
file_id=image_id
).render()
def test_get_image_with_admin(self):
response = self.get(self.admin)
self.assertEqual(response.status_code, 200)
def test_get_image_with_contributor(self):
response = self.get(self.creator)
self.assertEqual(response.status_code, 200)
def test_get_image_with_some_dude(self):
response = self.get(UserFactory.create())
self.assertEqual(response.status_code, 404)
def test_get_image_with_anonymous(self):
response = self.get(AnonymousUser())
self.assertEqual(response.status_code, 404)
def test_delete_image_with_admin(self):
response = self.delete(self.admin)
self.assertEqual(response.status_code, 204)
def test_get_not_existing_image_with_admin(self):
response = self.delete(self.admin, image_id=545487654)
self.assertEqual(response.status_code, 404)
def test_delete_image_with_contributor(self):
response = self.delete(self.creator)
self.assertEqual(response.status_code, 204)
def test_delete_image_with_some_dude(self):
response = self.delete(UserFactory.create())
self.assertEqual(response.status_code, 404)
def test_delete_image_with_anonymous(self):
response = self.delete(AnonymousUser())
self.assertEqual(response.status_code, 404)
class MediaFileSingleAbstractViewTest(TestCase):
def setUp(self):
self.factory = APIRequestFactory()
self.admin = UserFactory.create()
self.creator = UserFactory.create()
self.project = ProjectFactory(
add_admins=[self.admin],
add_contributors=[self.creator]
)
self.contribution = ObservationFactory.create(
**{'project': self.project, 'creator': self.creator}
)
self.image_file = ImageFileFactory.create(
**{'contribution': self.contribution, 'creator': self.creator}
)
def tearDown(self):
files = glob.glob(os.path.join(
settings.MEDIA_ROOT,
'user-uploads/images/*'
))
for f in files:
os.remove(f)
def render(self, response):
response.accepted_renderer = JSONRenderer()
response.accepted_media_type = 'application/json'
response.renderer_context = {'blah': 'blubb'}
return response.render()
def test_get_and_respond(self):
url = reverse(
'api:project_single_media',
kwargs={
'project_id': self.project.id,
'contribution_id': self.contribution.id,
'file_id': self.image_file.id
}
)
request = self.factory.get(url)
view = MediaFileSingleAbstractView()
view.request = request
response = self.render(
view.get_and_respond(
self.admin,
self.image_file
)
)
response_json = json.loads(response.content)
self.assertEqual(response_json.get('id'), self.image_file.id)
@raises(MediaFile.DoesNotExist)
def test_delete_and_respond_with_admin(self):
url = reverse(
'api:project_single_media',
kwargs={
'project_id': self.project.id,
'contribution_id': self.contribution.id,
'file_id': self.image_file.id
}
)
request = self.factory.delete(url)
view = MediaFileSingleAbstractView()
view.request = request
view.delete_and_respond(self.admin, self.image_file)
MediaFile.objects.get(pk=self.image_file.id)
@raises(MediaFile.DoesNotExist)
def test_delete_and_respond_with_contributor(self):
url = reverse(
'api:project_single_media',
kwargs={
'project_id': self.project.id,
'contribution_id': self.contribution.id,
'file_id': self.image_file.id
}
)
request = self.factory.delete(url)
view = MediaFileSingleAbstractView()
view.request = request
view.delete_and_respond(self.creator, self.image_file)
MediaFile.objects.get(pk=self.image_file.id)
@raises(PermissionDenied)
def test_delete_and_respond_with_some_dude(self):
url = reverse(
'api:project_single_media',
kwargs={
'project_id': self.project.id,
'contribution_id': self.contribution.id,
'file_id': self.image_file.id
}
)
request = self.factory.delete(url)
view = MediaFileSingleAbstractView()
view.request = request
view.delete_and_respond(UserFactory.create(), self.image_file)
class PoliciesTestCase(TestCase):
def setUp(self):
# Every test needs access to the request factory.
# Using rest_framework's APIRequestFactory: http://www.django-rest-framework.org/api-guide/testing/
self.r = redis.Redis(connection_pool=settings.REDIS_CON_POOL)
self.factory = APIRequestFactory()
self.create_storlet()
self.upload_filter()
self.deploy_storlet()
self.create_object_type_docs()
self.create_tenant_group_1()
self.create_nodes()
self.create_storage_nodes()
self.create_metric_modules()
self.create_global_controllers()
self.create_acls()
def tearDown(self):
self.r.flushdb()
#
# Static/dynamic policy tests
#
@mock.patch('policies.views.get_project_list')
def test_registry_static_policy(self, mock_get_project_list):
mock_get_project_list.return_value = {'0123456789abcdef': 'tenantA', '2': 'tenantB'}
# Create an instance of a GET request.
request = self.factory.get('/policies/static')
request.META['HTTP_X_AUTH_TOKEN'] = 'fake_token'
request.META['HTTP_HOST'] = 'fake_host'
response = policy_list(request)
self.assertEqual(response.status_code, status.HTTP_200_OK)
json_data = json.loads(response.content)
self.assertEqual(json_data[0]["target_name"], 'tenantA')
def test_registry_dynamic_policy(self):
# Create an instance of a GET request.
request = self.factory.get('/policies/dynamic')
request.META['HTTP_X_AUTH_TOKEN'] = 'fake_token'
request.META['HTTP_HOST'] = 'fake_host'
response = policy_list(request)
self.assertEqual(response.status_code, status.HTTP_200_OK)
json_data = json.loads(response.content)
self.assertEqual(len(json_data), 0) # is empty
@mock.patch('policies.views.deploy_static_policy')
def test_registry_static_policy_create_ok(self, mock_deploy_static_policy):
self.setup_dsl_parser_data()
# Create an instance of a POST request.
data = "FOR TENANT:0123456789abcdef DO SET compression"
request = self.factory.post('/policies/static', data, content_type='text/plain')
request.META['HTTP_X_AUTH_TOKEN'] = 'fake_token'
request.META['HTTP_HOST'] = 'fake_host'
response = policy_list(request)
self.assertEqual(response.status_code, status.HTTP_201_CREATED)
self.assertTrue(mock_deploy_static_policy.called)
@mock.patch('policies.views.get_project_list')
@mock.patch('policies.views.set_filter')
def test_registry_static_policy_create_set_filter_ok(self, mock_set_filter, mock_get_project_list):
self.setup_dsl_parser_data()
self.r.lpush('projects_crystal_enabled', '0123456789abcdef')
mock_get_project_list.return_value = {'0123456789abcdef': 'tenantA', '2': 'tenantB'}
# Create an instance of a POST request.
data = "FOR TENANT:0123456789abcdef DO SET compression WITH bw=2 ON PROXY TO OBJECT_TYPE=DOCS"
request = self.factory.post('/policies/static', data, content_type='text/plain')
request.META['HTTP_X_AUTH_TOKEN'] = 'fake_token'
request.META['HTTP_HOST'] = 'fake_host'
response = policy_list(request)
self.assertEqual(response.status_code, status.HTTP_201_CREATED)
self.assertTrue(mock_set_filter.called)
expected_policy_data = {'object_size': '', 'execution_order': 2, 'object_type': 'DOCS', 'params': mock.ANY,
'execution_server': 'PROXY', 'callable': False, 'object_tag': '', 'policy_id': 2,
'object_name': 'txt, doc, docx'}
mock_set_filter.assert_called_with(mock.ANY, '0123456789abcdef', mock.ANY, expected_policy_data, 'fake_token')
@mock.patch('policies.views.deploy_dynamic_policy')
def test_registry_dynamic_policy_create_ok(self, mock_deploy_dynamic_policy):
self.setup_dsl_parser_data()
# Create an instance of a POST request.
data = "FOR TENANT:0123456789abcdef WHEN metric1 > 5 DO SET compression"
request = self.factory.post('/policies/static', data, content_type='text/plain')
request.META['HTTP_X_AUTH_TOKEN'] = 'fake_token'
request.META['HTTP_HOST'] = 'fake_host'
response = policy_list(request)
self.assertEqual(response.status_code, status.HTTP_201_CREATED)
self.assertTrue(mock_deploy_dynamic_policy.called)
@mock.patch('policies.views.get_project_list')
@mock.patch('policies.views.create_local_host')
def test_registry_dynamic_policy_create_spawn_ok(self, mock_create_local_host, mock_get_project_list):
self.setup_dsl_parser_data()
mock_get_project_list.return_value = {'0123456789abcdef': 'tenantA', '2': 'tenantB'}
self.r.lpush('projects_crystal_enabled', '0123456789abcdef')
# Create an instance of a POST request.
data = "FOR TENANT:0123456789abcdef WHEN metric1 > 5 DO SET compression"
request = self.factory.post('/policies/dynamic', data, content_type='text/plain')
request.META['HTTP_X_AUTH_TOKEN'] = 'fake_token'
request.META['HTTP_HOST'] = 'fake_host'
response = policy_list(request)
self.assertEqual(response.status_code, status.HTTP_201_CREATED)
self.assertTrue(mock_create_local_host.called)
self.assertTrue(mock_create_local_host.return_value.spawn.called)
self.assertTrue(self.r.exists('policy:2'))
policy_data = self.r.hgetall('policy:2')
self.assertEqual(policy_data['target_id'], '0123456789abcdef')
self.assertEqual(policy_data['filter'], 'compression')
self.assertEqual(policy_data['condition'], 'metric1 > 5')
#
# static_policy_detail()
#
@mock.patch('policies.views.get_project_list')
def test_registry_static_policy_detail_ok(self, mock_get_project_list):
mock_get_project_list.return_value = {'0123456789abcdef': 'tenantA', '2': 'tenantB'}
# Create an instance of a GET request.
request = self.factory.get('/policies/static/0123456789abcdef:1')
request.META['HTTP_X_AUTH_TOKEN'] = 'fake_token'
response = static_policy_detail(request, '0123456789abcdef:1')
self.assertEqual(response.status_code, status.HTTP_200_OK)
json_data = json.loads(response.content)
self.assertEqual(json_data["target_name"], 'tenantA')
@mock.patch('policies.views.get_project_list')
def test_registry_static_policy_update(self, mock_get_project_list):
mock_get_project_list.return_value = {'0123456789abcdef': 'tenantA', '2': 'tenantB'}
# Create an instance of a PUT request.
data = {"execution_server": "object", "reverse": "object"}
request = self.factory.put('/policies/static/0123456789abcdef:1', data, format='json')
request.META['HTTP_X_AUTH_TOKEN'] = 'fake_token'
response = static_policy_detail(request, '0123456789abcdef:1')
self.assertEqual(response.status_code, status.HTTP_201_CREATED)
# Create an instance of a GET request.
request = self.factory.get('/policies/static/0123456789abcdef:1')
request.META['HTTP_X_AUTH_TOKEN'] = 'fake_token'
response = static_policy_detail(request, '0123456789abcdef:1')
self.assertEqual(response.status_code, status.HTTP_200_OK)
json_data = json.loads(response.content)
self.assertEqual(json_data["execution_server"], 'object')
self.assertEqual(json_data["reverse"], 'object')
@mock.patch('policies.views.get_project_list')
def test_registry_static_policy_detail_delete(self, mock_get_project_list):
mock_get_project_list.return_value = {'0123456789abcdef': 'tenantA', '2': 'tenantB'}
# Create an instance of a DELETE request.
request = self.factory.delete('/policies/static/0123456789abcdef:1')
request.META['HTTP_X_AUTH_TOKEN'] = 'fake_token'
response = static_policy_detail(request, '0123456789abcdef:1')
self.assertEqual(response.status_code, status.HTTP_204_NO_CONTENT)
# Check there is no policy
request = self.factory.get('/policies/static')
request.META['HTTP_X_AUTH_TOKEN'] = 'fake_token'
response = policy_list(request)
self.assertEqual(response.status_code, status.HTTP_200_OK)
json_data = json.loads(response.content)
self.assertEqual(len(json_data), 0)
#
# dynamic_policy_detail()
#
def test_registry_dynamic_policy_detail_with_method_not_allowed(self):
request = self.factory.get('/policies/dynamic/123')
request.META['HTTP_HOST'] = 'fake_host'
response = dynamic_policy_detail(request, '123')
self.assertEqual(response.status_code, status.HTTP_405_METHOD_NOT_ALLOWED)
#
# Parse tests
#
# To test dsl_parser correctly, we need to have metrics and filters in Redis.
def test_parse_target_tenant_ok(self):
self.setup_dsl_parser_data()
has_condition_list, rule_parsed = parse('FOR TENANT:0123456789abcdef DO SET compression')
self.assertFalse(has_condition_list)
self.assertIsNotNone(rule_parsed)
targets = rule_parsed.target
action_list = rule_parsed.action_list
self.assertEqual(len(targets), 1)
self.assertEqual(len(action_list), 1)
target = targets[0]
self.assertEqual(target.type, 'TENANT')
self.assertEqual(target[1], '0123456789abcdef')
action_info = action_list[0]
self.assertEqual(action_info.action, 'SET')
self.assertEqual(action_info.filter, 'compression')
self.assertEqual(action_info.execution_server, '')
self.assertEqual(action_info.params, '')
def test_parse_target_container_ok(self):
self.setup_dsl_parser_data()
has_condition_list, rule_parsed = parse('FOR CONTAINER:0123456789abcdef/container1 DO SET compression')
self.assertIsNotNone(rule_parsed)
targets = rule_parsed.target
self.assertEqual(len(targets), 1)
target = targets[0]
self.assertEqual(target.type, 'CONTAINER')
self.assertEqual(target[1], '0123456789abcdef/container1')
def test_parse_target_object_ok(self):
self.setup_dsl_parser_data()
has_condition_list, rule_parsed = parse('FOR OBJECT:0123456789abcdef/container1/object.txt DO SET compression')
self.assertIsNotNone(rule_parsed)
targets = rule_parsed.target
self.assertEqual(len(targets), 1)
target = targets[0]
self.assertEqual(target.type, 'OBJECT')
self.assertEqual(target[1], '0123456789abcdef/container1/object.txt')
def test_parse_target_tenant_2_actions_ok(self):
self.setup_dsl_parser_data()
has_condition_list, rule_parsed = parse('FOR TENANT:0123456789abcdef DO SET compression, SET encryption')
self.assertFalse(has_condition_list)
self.assertIsNotNone(rule_parsed)
targets = rule_parsed.target
action_list = rule_parsed.action_list
self.assertEqual(len(targets), 1)
self.assertEqual(len(action_list), 2)
action_info = action_list[0]
self.assertEqual(action_info.action, 'SET')
self.assertEqual(action_info.filter, 'compression')
self.assertEqual(action_info.execution_server, '')
self.assertEqual(action_info.params, '')
action_info = action_list[1]
self.assertEqual(action_info.action, 'SET')
self.assertEqual(action_info.filter, 'encryption')
self.assertEqual(action_info.execution_server, '')
self.assertEqual(action_info.params, '')
def test_parse_target_tenant_to_object_type_ok(self):
self.setup_dsl_parser_data()
has_condition_list, rule_parsed = parse('FOR TENANT:0123456789abcdef DO SET compression TO OBJECT_TYPE=DOCS')
self.assertFalse(has_condition_list)
self.assertIsNotNone(rule_parsed)
object_list = rule_parsed.object_list
self.assertIsNotNone(object_list)
object_type = object_list.object_type
self.assertIsNotNone(object_type)
self.assertIsNotNone(object_type.object_value)
self.assertEqual(object_type.object_value, 'DOCS')
def test_parse_target_tenant_to_object_type_tag_size_ok(self):
self.setup_dsl_parser_data()
rule_str = 'FOR TENANT:0123456789abcdef DO SET compression TO OBJECT_TAG=tagtag, OBJECT_SIZE>10, OBJECT_TYPE=DOCS'
has_condition_list, rule_parsed = parse(rule_str)
self.assertFalse(has_condition_list)
self.assertIsNotNone(rule_parsed)
object_list = rule_parsed.object_list
self.assertIsNotNone(object_list)
object_type = object_list.object_type
self.assertIsNotNone(object_type)
self.assertIsNotNone(object_type.object_value)
self.assertEqual(object_type.object_value, 'DOCS')
object_tag = object_list.object_tag
self.assertIsNotNone(object_tag)
self.assertIsNotNone(object_tag.object_value)
self.assertEqual(object_tag.object_value, 'tagtag')
object_size = object_list.object_size
self.assertIsNotNone(object_size)
self.assertIsNotNone(object_size.object_value)
self.assertEqual(object_size.object_value, '10')
self.assertEqual(object_size.operand, '>')
def test_parse_target_tenant_with_parameters_ok(self):
self.setup_dsl_parser_data()
has_condition_list, rule_parsed = parse('FOR TENANT:0123456789abcdef DO SET compression WITH cparam1=11, cparam2=12, cparam3=13')
self.assertFalse(has_condition_list)
self.assertIsNotNone(rule_parsed)
targets = rule_parsed.target
action_list = rule_parsed.action_list
self.assertEqual(len(targets), 1)
self.assertEqual(len(action_list), 1)
action_info = action_list[0]
self.assertEqual(action_info.action, 'SET')
self.assertEqual(action_info.filter, 'compression')
self.assertEqual(action_info.execution_server, '')
self.assertEqual(len(action_info.params), 6) # ???
def test_parse_group_ok(self):
self.setup_dsl_parser_data()
has_condition_list, rule_parsed = parse('FOR G:1 DO SET compression')
self.assertFalse(has_condition_list)
self.assertIsNotNone(rule_parsed)
targets = rule_parsed.target
action_list = rule_parsed.action_list
self.assertEqual(len(targets), 2)
self.assertEqual(len(action_list), 1)
self.assertEqual(targets[0], 'abcdef0123456789')
self.assertEqual(targets[1], '0123456789abcdef')
def test_parse_rule_not_starting_with_for(self):
self.setup_dsl_parser_data()
with self.assertRaises(ParseException):
parse('TENANT:1234 DO SET compression')
def test_parse_rule_with_invalid_target(self):
self.setup_dsl_parser_data()
with self.assertRaises(ParseException):
parse('FOR xxxxxxx DO SET compression')
def test_parse_callable_ok(self):
self.setup_dsl_parser_data()
has_condition_list, rule_parsed = parse('FOR TENANT:0123456789abcdef DO SET compression CALLABLE')
self.assertFalse(has_condition_list)
self.assertIsNotNone(rule_parsed)
targets = rule_parsed.target
action_list = rule_parsed.action_list
self.assertEqual(len(targets), 1)
self.assertEqual(len(action_list), 1)
target = targets[0]
self.assertEqual(target.type, 'TENANT')
self.assertEqual(target[1], '0123456789abcdef')
action_info = action_list[0]
self.assertEqual(action_info.action, 'SET')
self.assertEqual(action_info.filter, 'compression')
self.assertEqual(action_info.execution_server, '')
self.assertEqual(action_info.params, '')
self.assertEqual(action_info.callable, 'CALLABLE')
def test_parse_not_callable(self):
self.setup_dsl_parser_data()
has_condition_list, rule_parsed = parse('FOR TENANT:0123456789abcdef DO SET compression')
self.assertFalse(has_condition_list)
self.assertIsNotNone(rule_parsed)
action_list = rule_parsed.action_list
self.assertEqual(len(action_list), 1)
action_info = action_list[0]
self.assertEqual(action_info.callable, '')
def test_parse_condition_ok(self):
self.setup_dsl_parser_data()
condition_list = parse_condition("metric1 > 5.0 OR metric1 < 2.0")
self.assertIsNotNone(condition_list)
self.assertEqual(condition_list, [['metric1', '>', '5.0'], 'OR', ['metric1', '<', '2.0']])
#
# object_type tests
#
def test_object_type_list_with_method_not_allowed(self):
request = self.factory.delete('/policies/object_type')
response = object_type_list(request)
self.assertEqual(response.status_code, status.HTTP_405_METHOD_NOT_ALLOWED)
def test_object_type_detail_with_method_not_allowed(self):
name = 'AUDIO'
object_type_data = {'name': name, 'types_list': ['avi', 'mkv']}
request = self.factory.post('/policies/object_type/' + name, object_type_data, format='json')
response = object_type_detail(request, name)
self.assertEqual(response.status_code, status.HTTP_405_METHOD_NOT_ALLOWED)
def test_list_object_types_ok(self):
request = self.factory.get('/policies/object_type')
response = object_type_list(request)
self.assertEqual(response.status_code, status.HTTP_200_OK)
self.assertNotEqual(response.content, "[]")
object_types = json.loads(response.content)
self.assertEqual(object_types[0]['name'], "DOCS")
self.assertEqual(len(object_types[0]['types_list']), 3)
def test_create_object_type_ok(self):
# Create a second object type:
object_type_data = {'name': 'VIDEO', 'types_list': ['avi', 'mkv']}
request = self.factory.post('/policies/object_type', object_type_data, format='json')
response = object_type_list(request)
self.assertEqual(response.status_code, status.HTTP_201_CREATED)
# obtain the list
request = self.factory.get('/policies/object_type')
response = object_type_list(request)
self.assertEqual(response.status_code, status.HTTP_200_OK)
self.assertNotEqual(response.content, "[]")
object_types = json.loads(response.content)
self.assertEqual(len(object_types), 2)
def test_create_object_type_without_name(self):
# Create a second object type without name --> ERROR
object_type_data = {'types_list': ['avi', 'mkv']}
request = self.factory.post('/policies/object_type', object_type_data, format='json')
response = object_type_list(request)
self.assertEqual(response.status_code, status.HTTP_400_BAD_REQUEST)
def test_create_object_type_with_an_existing_name(self):
# Create a second object type with an existing name --> ERROR
object_type_data = {'name': 'DOCS', 'types_list': ['avi', 'mkv']}
request = self.factory.post('/policies/object_type', object_type_data, format='json')
response = object_type_list(request)
self.assertEqual(response.status_code, status.HTTP_400_BAD_REQUEST)
def test_create_object_type_without_types_list(self):
# Create a second object type without_types_list --> ERROR
object_type_data = {'name': 'VIDEO'}
request = self.factory.post('/policies/object_type', object_type_data, format='json')
response = object_type_list(request)
self.assertEqual(response.status_code, status.HTTP_400_BAD_REQUEST)
def test_create_object_type_with_empty_types_list(self):
# Create a second object type with empty types_list --> ERROR
object_type_data = {'name': 'VIDEO', 'types_list': []}
request = self.factory.post('/policies/object_type', object_type_data, format='json')
response = object_type_list(request)
self.assertEqual(response.status_code, status.HTTP_400_BAD_REQUEST)
def test_object_type_detail_ok(self):
name = 'DOCS'
request = self.factory.get('/policies/object_type/' + name)
response = object_type_detail(request, name)
self.assertEqual(response.status_code, status.HTTP_200_OK)
object_type = json.loads(response.content)
self.assertEqual(object_type['name'], name)
self.assertEqual(len(object_type['types_list']), 3)
self.assertTrue('txt' in object_type['types_list'])
def test_object_type_detail_with_non_existent_name(self):
name = 'AUDIO'
request = self.factory.get('/policies/object_type/' + name)
response = object_type_detail(request, name)
self.assertEqual(response.status_code, status.HTTP_404_NOT_FOUND)
def test_delete_object_type_ok(self):
name = 'DOCS'
request = self.factory.delete('/policies/object_type/' + name)
response = object_type_detail(request, name)
self.assertEqual(response.status_code, status.HTTP_200_OK)
request = self.factory.get('/policies/object_type')
response = object_type_list(request)
self.assertEqual(response.status_code, status.HTTP_200_OK)
self.assertEqual(response.content, "[]")
def test_delete_object_type_with_non_existent_name(self):
name = 'AUDIO'
request = self.factory.delete('/policies/object_type/' + name)
response = object_type_detail(request, name)
self.assertEqual(response.status_code, status.HTTP_404_NOT_FOUND)
# Check nothing was deleted
request = self.factory.get('/policies/object_type')
response = object_type_list(request)
self.assertEqual(response.status_code, status.HTTP_200_OK)
self.assertNotEqual(response.content, "[]")
object_types = json.loads(response.content)
self.assertEqual(object_types[0]['name'], "DOCS")
def test_update_object_type_ok(self):
name = 'DOCS'
data = ['txt', 'doc']
request = self.factory.put('/policies/object_type/' + name, data, format='json')
response = object_type_detail(request, name)
self.assertEqual(response.status_code, status.HTTP_201_CREATED)
# Check the object type was updated properly
request = self.factory.get('/policies/object_type')
response = object_type_list(request)
self.assertEqual(response.status_code, status.HTTP_200_OK)
self.assertNotEqual(response.content, "[]")
object_types = json.loads(response.content)
self.assertEqual(len(object_types), 1)
self.assertEqual(object_types[0]['name'], "DOCS")
self.assertEqual(len(object_types[0]['types_list']), 2)
self.assertTrue(data[0] in object_types[0]['types_list'])
self.assertTrue(data[1] in object_types[0]['types_list'])
def test_update_object_type_ok_with_more_extensions(self):
name = 'DOCS'
data = ['txt', 'doc', 'docx', 'odt']
request = self.factory.put('/policies/object_type/' + name, data, format='json')
response = object_type_detail(request, name)
self.assertEqual(response.status_code, status.HTTP_201_CREATED)
# Check the object type was updated properly
request = self.factory.get('/policies/object_type')
response = object_type_list(request)
self.assertEqual(response.status_code, status.HTTP_200_OK)
self.assertNotEqual(response.content, "[]")
object_types = json.loads(response.content)
self.assertEqual(len(object_types), 1)
self.assertEqual(object_types[0]['name'], "DOCS")
self.assertEqual(len(object_types[0]['types_list']), 4)
for extension in data:
self.assertTrue(extension in object_types[0]['types_list'])
def test_update_object_type_with_non_existent_name(self):
name = 'VIDEO'
data = ['avi', 'mkv']
request = self.factory.put('/policies/object_type/' + name, data, format='json')
response = object_type_detail(request, name)
self.assertEqual(response.status_code, status.HTTP_404_NOT_FOUND)
def test_update_object_type_with_empty_list(self):
# It's wrong to send an empty list
name = 'DOCS'
data = []
request = self.factory.put('/policies/object_type/' + name, data, format='json')
response = object_type_detail(request, name)
self.assertEqual(response.status_code, status.HTTP_400_BAD_REQUEST)
#
# ACL's
#
@mock.patch('policies.views.get_project_list')
def test_access_control_get_ok(self, mock_get_project_list):
mock_get_project_list.return_value = {'0123456789abcdef': 'tenantA', 'abcdef0123456789': 'tenantB'}
request = self.factory.get('/policies/acl/')
response = access_control(request)
self.assertEqual(response.status_code, status.HTTP_200_OK)
acls = json.loads(response.content)
self.assertEqual(len(acls), 1)
acl = acls[0]
self.assertEqual(acl['user_id'], 'a1a1a1a1a1a1')
self.assertEqual(acl['target_name'], 'tenantA/container1')
self.assertEqual(acl['target_id'], '0123456789abcdef:container1')
self.assertEqual(acl['write'], True)
self.assertEqual(acl['read'], True)
self.assertEqual(acl['id'], '1')
@mock.patch('policies.views.get_project_list')
def test_access_control_post_list_ok(self, mock_get_project_list):
mock_get_project_list.return_value = {'0123456789abcdef': 'tenantA', 'abcdef0123456789': 'tenantB'}
acl_data = {'project_id': '0123456789abcdef', 'container_id': 'container2', 'identity': 'user_id:a1a1a1a1a1a1', 'access': 'list', 'object_type': 'DOCS'}
request = self.factory.post('/policies/acl/', acl_data, format='json')
response = access_control(request)
self.assertEqual(response.status_code, status.HTTP_201_CREATED)
# check it has been created
request = self.factory.get('/policies/acl/')
response = access_control(request)
self.assertEqual(response.status_code, status.HTTP_200_OK)
acls = json.loads(response.content)
self.assertEqual(len(acls), 2)
@mock.patch('policies.views.get_project_list')
def test_access_control_post_read_group_ok(self, mock_get_project_list):
mock_get_project_list.return_value = {'0123456789abcdef': 'tenantA', 'abcdef0123456789': 'tenantB'}
acl_data = {'project_id': '0123456789abcdef', 'container_id': 'container2', 'identity': 'group_id:g2g2g2', 'access': 'read', 'object_type': 'DOCS'}
request = self.factory.post('/policies/acl/', acl_data, format='json')
response = access_control(request)
self.assertEqual(response.status_code, status.HTTP_201_CREATED)
# check it has been created
policy_id = '0123456789abcdef:container2:2'
request = self.factory.get('/policies/acl/' + policy_id)
response = access_control_detail(request, policy_id)
self.assertEqual(response.status_code, status.HTTP_200_OK)
acl_policy = json.loads(response.content)
self.assertEqual(acl_policy['target_name'], 'tenantA/container2')
self.assertFalse(acl_policy['list'])
self.assertFalse(acl_policy['write'])
self.assertTrue(acl_policy['read'])
self.assertEqual(acl_policy['group_id'], 'g2g2g2')
@mock.patch('policies.views.get_project_list')
def test_access_control_delete_ok(self, mock_get_project_list):
mock_get_project_list.return_value = {'0123456789abcdef': 'tenantA', 'abcdef0123456789': 'tenantB'}
policy_id = '0123456789abcdef:container1:1'
request = self.factory.delete('/policies/acl/' + policy_id)
response = access_control_detail(request, policy_id)
self.assertEqual(response.status_code, status.HTTP_200_OK)
# check it has been deleted
request = self.factory.get('/policies/acl/')
response = access_control(request)
self.assertEqual(response.status_code, status.HTTP_200_OK)
acls = json.loads(response.content)
self.assertEqual(len(acls), 0)
@mock.patch('policies.views.get_project_list')
def test_access_control_update_ok(self, mock_get_project_list):
mock_get_project_list.return_value = {'0123456789abcdef': 'tenantA', 'abcdef0123456789': 'tenantB'}
policy_id = '0123456789abcdef:container1:1'
acl_data = {'access': 'list'}
request = self.factory.put('/policies/acl/' + policy_id, acl_data, format='json')
response = access_control_detail(request, policy_id)
self.assertEqual(response.status_code, status.HTTP_201_CREATED)
# check it has been updated
request = self.factory.get('/policies/acl/' + policy_id)
response = access_control_detail(request, policy_id)
self.assertEqual(response.status_code, status.HTTP_200_OK)
acl_policy = json.loads(response.content)
self.assertTrue(acl_policy['list'])
self.assertFalse(acl_policy['write'])
self.assertFalse(acl_policy['read'])
#
# Aux methods
#
def create_storlet(self):
filter_data = {'filter_type': 'storlet', 'language': 'java', 'dsl_name': 'fake', 'interface_version': '1.0',
'dependencies': '', 'main': 'com.example.FakeMain', 'put': 'False', 'get': 'False',
'valid_parameters': '', 'execution_server': 'proxy', 'reverse': 'proxy'}
request = self.factory.post('/filters/', filter_data, format='json')
response = filter_list(request)
self.assertEqual(response.status_code, status.HTTP_201_CREATED)
def upload_filter(self):
# Upload a filter for the filter "fake"
with open('test_data/test-1.0.jar', 'r') as fp:
request = self.factory.put('/filters/fake/data', {'file': fp})
FilterData.as_view()(request, 'fake')
def mock_put_object_status_created(url, token=None, container=None, name=None, contents=None,
content_length=None, etag=None, chunk_size=None,
content_type=None, headers=None, http_conn=None, proxy=None,
query_string=None, response_dict=None):
response_dict['status'] = status.HTTP_201_CREATED
@mock.patch('policies.views.get_project_list')
@mock.patch('filters.views.swift_client.put_object', side_effect=mock_put_object_status_created)
def deploy_storlet(self, mock_put_object, mock_get_project_list):
mock_get_project_list.return_value = {'0123456789abcdef': 'tenantA', '2': 'tenantB'}
# mock_requests_get.return_value = self.keystone_get_tenants_response()
# mock_get_crystal_token.return_value = settings.SWIFT_URL + settings.SWIFT_API_VERSION + '/AUTH_0123456789abcdef', 'fake_token'
# Call filter_deploy
policy_data = {
"policy_id": "1",
"object_type": '',
"object_size": None,
"object_tag": None,
"object_name": None,
"execution_order": "1",
"params": ""
}
request = self.factory.put('/0123456789abcdef/deploy/fake', policy_data, format='json')
request.META['HTTP_X_AUTH_TOKEN'] = 'fake_token'
response = filter_deploy(request, "fake", "0123456789abcdef")
self.assertEqual(response.status_code, status.HTTP_201_CREATED)
def create_object_type_docs(self):
object_type_data = {'name': 'DOCS', 'types_list': ['txt', 'doc', 'docx']}
request = self.factory.post('/controller/object_type', object_type_data, format='json')
response = object_type_list(request)
self.assertEqual(response.status_code, status.HTTP_201_CREATED)
def setup_dsl_parser_data(self):
# Simplified filter data:
self.r.hmset('filter:compression', {'valid_parameters': '{"cparam1": "integer", "cparam2": "integer", "cparam3": "integer"}'})
self.r.hmset('filter:encryption', {'valid_parameters': '{"eparam1": "integer", "eparam2": "bool", "eparam3": "string"}'})
self.r.hmset('metric:metric1', {'network_location': '?', 'type': 'integer'})
self.r.hmset('metric:metric2', {'network_location': '?', 'type': 'integer'})
def create_tenant_group_1(self):
tenant_group_data = {'name': 'group1', 'attached_projects': json.dumps(['0123456789abcdef', 'abcdef0123456789'])}
request = self.factory.post('/projects/groups', tenant_group_data, format='json')
response = add_projects_group(request)
self.assertEqual(response.status_code, status.HTTP_201_CREATED)
def create_nodes(self):
self.r.hmset('node:controller',
{'ip': '192.168.2.1', 'last_ping': '1467623304.332646', 'type': 'proxy', 'name': 'controller',
'devices': '{"sdb1": {"free": 16832876544, "size": 16832880640}}'})
self.r.hmset('node:storagenode1',
{'ip': '192.168.2.2', 'last_ping': '1467623304.332646', 'type': 'object', 'name': 'storagenode1',
'devices': '{"sdb1": {"free": 16832876544, "size": 16832880640}}'})
self.r.hmset('node:storagenode2',
{'ip': '192.168.2.3', 'last_ping': '1467623304.332646', 'type': 'object', 'name': 'storagenode2',
'devices': '{"sdb1": {"free": 16832876544, "size": 16832880640}}'})
def create_storage_nodes(self):
self.r.incr("storage_nodes:id") # setting autoincrement to 1
self.r.hmset('SN:1', {'name': 'storagenode1', 'location': 'r1z1-192.168.1.5:6000/sdb1', 'type': 'hdd'})
def create_metric_modules(self):
self.r.incr("workload_metrics:id") # setting autoincrement to 1
self.r.hmset('workload_metric:1', {'metric_name': 'm1.py', 'class_name': 'Metric1', 'status': 'Running', 'get': 'False', 'put': 'False',
'execution_server': 'object', 'replicate': 'True', 'ssync': 'True', 'id': '1'})
def create_global_controllers(self):
self.r.incr("controllers:id") # setting autoincrement to 1
self.r.hmset('controller:1', {'class_name': 'MinTenantSLOGlobalSpareBWShare',
'controller_name': 'min_slo_tenant_global_share_spare_bw_v2.py',
'valid_parameters': 'method={put|get}', 'id': '1', 'instances': 0,
'enabled': 'False', 'description': 'Fake description'})
def create_acls(self):
self.r.incr('acls:id')
acl_data = {'user_id': 'a1a1a1a1a1a1', 'read': True, 'object_type': '', 'write': True, 'object_tag': ''}
self.r.hmset('acl:0123456789abcdef:container1', {'1': json.dumps(acl_data)})
class RestaurantAPITest(TestCase):
def setUp(self):
self.factory = APIRequestFactory()
self.user = User.objects.create(
username="******",
password='******',
is_staff=True,
)
self.user.set_password(self.user.password)
self.user.save()
self.user2 = User.objects.create(
username="******",
password='******',
)
self.user2.set_password(self.user2.password)
self.user2.save()
self.user3 = User.objects.create(
username="******",
password='******',
)
self.user3.set_password(self.user3.password)
self.user3.save()
self.restaurant_1 = Restaurant.objects.create(
owner=self.user,
name="Restaurant 1",
description="This is Restaurant 1",
opening_time="00:01:00",
closing_time="23:59:00",
logo="http://icons.veryicon.com/png/Movie%20%26%20TV/Free%20Star%20Wars/Darth%20Vader.png"
)
self.item_1_1 = Item.objects.create(
name="Pizza 1",
description="This is Pizza 1",
price=1.750,
restaurant=self.restaurant_1,
)
self.item_1_2 = Item.objects.create(
name="Pizza 2",
description="This is Pizza 2",
price=1.750,
restaurant=self.restaurant_1,
)
self.restaurant_2 = Restaurant.objects.create(
owner=self.user2,
name="Restaurant 2",
description="This is Restaurant 2",
opening_time="00:01:00",
closing_time="23:59:00",
logo="http://icons.veryicon.com/png/Movie%20%26%20TV/Free%20Star%20Wars/Darth%20Vader.png"
)
self.restaurant_data = {
"owner":self.user,
"name":"Restaurant 1",
"description":"This is Restaurant 1 updated",
"opening_time":"00:01:00",
"closing_time":"23:59:00",
}
def test_restaurant_list_view(self):
list_url = reverse("api-list")
request = self.factory.get(list_url)
response = RestaurantListView.as_view()(request)
expected = [
{
'name':self.restaurant_1.name,
'opening_time': self.restaurant_1.opening_time,
'closing_time': self.restaurant_1.closing_time,
'detail': "http://"+ request.get_host()+reverse("api-detail", kwargs = {"restaurant_id": self.restaurant_1.id}),
'update': "http://"+ request.get_host()+reverse("api-update", kwargs = {"restaurant_id": self.restaurant_1.id}),
'delete': "http://"+ request.get_host()+reverse("api-delete", kwargs = {"restaurant_id": self.restaurant_1.id})
},
{
'name':self.restaurant_2.name,
'opening_time': self.restaurant_2.opening_time,
'closing_time': self.restaurant_2.closing_time,
'detail': "http://"+ request.get_host()+reverse("api-detail", kwargs = {"restaurant_id": self.restaurant_2.id}),
'update': "http://"+ request.get_host()+reverse("api-update", kwargs = {"restaurant_id": self.restaurant_2.id}),
'delete': "http://"+ request.get_host()+reverse("api-delete", kwargs = {"restaurant_id": self.restaurant_2.id})
},
]
self.assertEqual(
expected,
response.data
)
self.assertEqual(response.status_code, 200)
def test_restaurant_detail_view(self):
detail_url = reverse("api-detail", kwargs = {"restaurant_id": self.restaurant_1.id})
request = self.factory.get(detail_url)
response = RestaurantDetailView.as_view()(request, restaurant_id=self.restaurant_1.id)
self.assertEqual(response.status_code, 200)
def test_create_view(self):
create_url = reverse("api-create")
request = self.factory.post(create_url, data=self.restaurant_data)
response = RestaurantCreateView.as_view()(request)
self.assertEqual(response.status_code, 403)
force_authenticate(request, user=self.user)
response = RestaurantCreateView.as_view()(request)
self.assertEqual(response.status_code, 201)
self.assertEqual(Restaurant.objects.count(), 3)
def test_restaurant_update_view(self):
update_url = reverse("api-update", kwargs = {"restaurant_id": self.restaurant_2.id})
request = self.factory.put(update_url, data=self.restaurant_data)
response = RestaurantUpdateView.as_view()(request, restaurant_id=self.restaurant_2.id)
self.assertEqual(response.status_code, 403)
force_authenticate(request, user=self.user)
response = RestaurantUpdateView.as_view()(request, restaurant_id=self.restaurant_2.id)
self.assertEqual(response.status_code, 200)
force_authenticate(request, user=self.user2)
response = RestaurantUpdateView.as_view()(request, restaurant_id=self.restaurant_2.id)
self.assertEqual(response.status_code, 200)
force_authenticate(request, user=self.user3)
response = RestaurantUpdateView.as_view()(request, restaurant_id=self.restaurant_2.id)
self.assertEqual(response.status_code, 403)
def test_restaurant_delete_view(self):
delete_url = reverse("api-delete", kwargs = {"restaurant_id": self.restaurant_2.id})
request = self.factory.delete(delete_url)
response1 = RestaurantDeleteView.as_view()(request, restaurant_id=self.restaurant_2.id)
self.assertEqual(response1.status_code, 403)
force_authenticate(request, user=self.user)
response = RestaurantDeleteView.as_view()(request, restaurant_id=self.restaurant_2.id)
self.assertEqual(response.status_code, 204)
force_authenticate(request, user=self.user2)
response = RestaurantDeleteView.as_view()(request, restaurant_id=self.restaurant_2.id)
self.assertEqual(response.status_code, 403)
class UserGroupSingleUserTest(TestCase):
def setUp(self):
self.factory = APIRequestFactory()
self.admin = UserF.create()
self.contributor = UserF.create()
self.non_member = UserF.create()
self.contrib_to_remove = UserF.create()
self.project = ProjectF.create(add_admins=[
self.admin
])
self.contributors = UserGroupF(add_users=[
self.contributor, self.contrib_to_remove
], **{
'project': self.project,
'can_contribute': True
})
def test_delete_not_existing_user(self):
user = UserF.create()
request = self.factory.delete(
'/ajax/projects/%s/usergroups/%s/users/%s/' %
(self.project.id, self.contributors.id, user.id),
)
force_authenticate(request, user=self.admin)
view = UserGroupSingleUser.as_view()
response = view(
request,
project_id=self.project.id,
group_id=self.contributors.id,
user_id=user.id
).render()
self.assertEqual(response.status_code, 404)
def test_delete_from_not_existing_usergroup(self):
request = self.factory.delete(
'/ajax/projects/%s/usergroups/%s/users/%s/' %
(self.project.id, 455646445484545, self.contrib_to_remove.id),
)
force_authenticate(request, user=self.admin)
view = UserGroupSingleUser.as_view()
response = view(
request,
project_id=self.project.id,
group_id=455646445484545,
user_id=self.contrib_to_remove.id
).render()
self.assertEqual(response.status_code, 404)
def test_delete_contributor_with_admin(self):
request = self.factory.delete(
'/ajax/projects/%s/usergroups/%s/users/%s/' %
(self.project.id, self.contributors.id, self.contrib_to_remove.id),
)
force_authenticate(request, user=self.admin)
view = UserGroupSingleUser.as_view()
response = view(
request,
project_id=self.project.id,
group_id=self.contributors.id,
user_id=self.contrib_to_remove.id
).render()
self.assertEqual(response.status_code, 204)
self.assertNotIn(
self.contrib_to_remove,
self.contributors.users.all()
)
def test_delete_contributor_with_contributor(self):
request = self.factory.delete(
'/ajax/projects/%s/usergroups/%s/users/%s/' %
(self.project.id, self.contributors.id, self.contrib_to_remove.id)
)
force_authenticate(request, user=self.contributor)
view = UserGroupSingleUser.as_view()
response = view(
request,
project_id=self.project.id,
group_id=self.contributors.id,
user_id=self.contrib_to_remove.id
).render()
self.assertEqual(response.status_code, 403)
self.assertIn(
self.contrib_to_remove,
self.contributors.users.all()
)
def test_delete_contributor_with_non_member(self):
request = self.factory.delete(
'/ajax/projects/%s/usergroups/%s/users/%s/' %
(self.project.id, self.contributors.id, self.contrib_to_remove.id)
)
force_authenticate(request, user=self.non_member)
view = UserGroupSingleUser.as_view()
response = view(
request,
project_id=self.project.id,
group_id=self.contributors.id,
user_id=self.contrib_to_remove.id
).render()
self.assertEqual(response.status_code, 404)
self.assertIn(
self.contrib_to_remove,
self.contributors.users.all()
)
class ProjectTests(APITestCase, APISanityTestCase):
url_route = 'api:v2:project'
def setUp(self):
self.anonymous_user = AnonymousUserFactory()
self.user = UserFactory.create()
self.group = GroupFactory.create(name=self.user.username)
self.membership = GroupMembershipFactory.create(
user=self.user, group=self.group, is_leader=True
)
self.group.user_set.add(self.user)
self.project = ProjectFactory.create(
owner=self.group, created_by=self.user
)
self.enddated_instance = InstanceFactory.create(
created_by=self.user, end_date=timezone.now(), project=self.project
)
self.user2 = UserFactory.create()
self.group2 = GroupFactory.create(name=self.user2.username)
self.membership2 = GroupMembershipFactory.create(
user=self.user2, group=self.group2, is_leader=True
)
self.group2.user_set.add(self.user2)
self.project2 = ProjectFactory.create(
owner=self.group2, created_by=self.user2
)
self.not_user = UserFactory.create()
self.not_group = GroupFactory.create(name=self.not_user.username)
self.not_membership = GroupMembershipFactory.create(
user=self.not_user, group=self.not_group, is_leader=True
)
self.not_group.user_set.add(self.not_user)
self.not_project = ProjectFactory.create(
owner=self.not_group, created_by=self.not_user
)
self.unsaved_project = ProjectFactory.build(
owner=self.group, created_by=self.user
)
list_url = reverse('api:v2:project-list')
detail_url = reverse('api:v2:project-detail', args=(self.project.id, ))
self.create_view = ProjectViewSet.as_view({'post': 'create'})
self.delete_view = ProjectViewSet.as_view({'delete': 'destroy'})
self.detail_view = ProjectViewSet.as_view({'get': 'retrieve'})
self.list_view = ProjectViewSet.as_view({'get': 'list'})
self.update_view = ProjectViewSet.as_view({'patch': 'partial_update'})
self.factory = APIRequestFactory()
self.bad_create_request = self.factory.post(list_url)
self.create_request = self.factory.post(
list_url, {
'name': self.unsaved_project.name,
'description': self.unsaved_project.description,
'owner': self.group.name
}
)
self.delete_request = self.factory.delete(detail_url)
self.detail_request = self.factory.get(detail_url)
self.list_request = self.factory.get(list_url)
self.updated_project_data = {
'name': 'updated name',
'description': 'updated description'
}
self.update_request = self.factory.patch(
detail_url, self.updated_project_data
)
def test_list_is_not_public(self):
force_authenticate(self.list_request, user=self.anonymous_user)
response = self.list_view(self.list_request)
self.assertEquals(response.status_code, 403)
def test_list_response_contains_expected_fields(self):
force_authenticate(self.list_request, user=self.user)
response = self.list_view(self.list_request)
data = response.data.get('results')
self.assertTrue(data, "Response contained no results")
project_data = data[0]
self.assertEquals(response.status_code, 200)
self.assertEquals(
len(project_data), EXPECTED_FIELD_COUNT,
"Number of fields does not match (%s != %s)" %
(len(project_data), EXPECTED_FIELD_COUNT)
)
self.assertEquals(project_data['id'], self.project.id)
self.assertIn('url', project_data)
self.assertEquals(project_data['name'], self.project.name)
self.assertEquals(project_data['description'], self.project.description)
self.assertIn('created_by', project_data)
self.assertIn('owner', project_data)
self.assertIn('users', project_data)
self.assertIn('leaders', project_data)
self.assertIn('uuid', project_data)
self.assertIn('instances', project_data)
self.assertIn('volumes', project_data)
self.assertIn('images', project_data)
self.assertIn('links', project_data)
self.assertIn('start_date', project_data)
self.assertIn('end_date', project_data)
def test_detail_is_not_public(self):
force_authenticate(self.detail_request, user=self.anonymous_user)
response = self.detail_view(self.detail_request, pk=self.project.id)
self.assertEquals(response.status_code, 403)
def test_detail_response_contains_expected_fields(self):
force_authenticate(self.detail_request, user=self.user)
response = self.detail_view(self.detail_request, pk=self.project.id)
data = response.data
self.assertEquals(response.status_code, 200)
self.assertEquals(
len(data), EXPECTED_FIELD_COUNT,
"Number of fields does not match (%s != %s)" %
(len(data), EXPECTED_FIELD_COUNT)
)
self.assertEquals(data['id'], self.project.id)
self.assertIn('url', data)
self.assertEquals(data['name'], self.project.name)
self.assertEquals(data['description'], self.project.description)
self.assertIn('created_by', data)
self.assertIn('owner', data)
self.assertIn('users', data)
self.assertIn('leaders', data)
self.assertIn('uuid', data)
self.assertIn('instances', data)
self.assertIn('volumes', data)
self.assertIn('images', data)
self.assertIn('links', data)
self.assertIn('start_date', data)
self.assertIn('end_date', data)
def test_create_project_fails_for_anonymous_user(self):
force_authenticate(self.create_request, user=self.anonymous_user)
response = self.create_view(self.create_request)
self.assertEquals(response.status_code, 403)
def test_create_project_validation(self):
force_authenticate(self.bad_create_request, user=self.user)
response = self.create_view(self.bad_create_request)
data = response.data
self.assertEquals(response.status_code, 400)
self.assertEquals(len(data), 2, "Unexpected error response: %s" % data)
self.assertIn('name', data, "Unexpected error response: %s" % data)
self.assertIn('owner', data, "Unexpected error response: %s" % data)
self.assertEquals(
data['owner'], [u'This field is required.'],
"Unexpected error response: %s" % data
)
self.assertEquals(
data['name'], [u'This field is required.'],
"Unexpected error response: %s" % data
)
def test_create_project_as_authenticated_user(self):
current_count = Project.objects.count()
force_authenticate(self.create_request, user=self.user)
response = self.create_view(self.create_request)
self.assertEquals(
response.status_code, 201,
"Response did not result in a 201-created: (%s) %s" %
(response.status_code, response.data)
)
self.assertEquals(Project.objects.count(), current_count + 1)
def test_update_project_fails_for_anonymous_user(self):
force_authenticate(self.update_request, user=self.anonymous_user)
response = self.update_view(self.update_request)
self.assertEquals(response.status_code, 403)
def test_authenticated_user_cannot_update_project_they_do_not_own(self):
force_authenticate(self.update_request, user=self.user)
response = self.update_view(self.update_request, pk=self.not_project.id)
self.assertEquals(
response.status_code, 404,
"Encountered an unexpected status_code: (%s) %s" %
(response.status_code, response.data)
)
def test_update_project_for_valid_user(self):
current_count = Project.objects.count()
force_authenticate(self.update_request, user=self.user)
response = self.update_view(self.update_request, pk=self.project.id)
self.assertEquals(
response.status_code, 200, "Project update failed: (%s) %s" %
(response.status_code, response.data)
)
self.assertEquals(Project.objects.count(), current_count)
project = Project.objects.first()
self.assertEquals(project.name, self.updated_project_data['name'])
self.assertEquals(
project.description, self.updated_project_data['description']
)
def test_anonymous_user_cannot_delete_project(self):
force_authenticate(self.delete_request, user=self.anonymous_user)
response = self.delete_view(self.delete_request)
self.assertEquals(response.status_code, 403)
def test_user_cannot_delete_project_they_do_not_own(self):
force_authenticate(self.delete_request, user=self.not_user)
response = self.delete_view(self.delete_request, pk=self.project.id)
self.assertEquals(response.status_code, 404)
def test_user_can_delete_project_they_own(self):
force_authenticate(self.delete_request, user=self.user)
response = self.delete_view(self.delete_request, pk=self.project.id)
self.assertEquals(response.status_code, 204)
def test_delete_does_not_cascade_to_enddated_instances(self):
force_authenticate(self.delete_request, user=self.user)
self.delete_view(self.delete_request, pk=self.project.id)
# Assert project is deleted
self.assertFalse(Project.objects.filter(id=self.project.id).exists())
# Assert that instance from the project still exists
enddated_instance = Instance.objects.get(id=self.enddated_instance.id)
# Assert that instance no longer has a project
self.assertEquals(enddated_instance.project, None)
class BaseTestCase(APITransactionTestCase):
"""Common Functionality for all Test cases."""
def setUp(self):
"""Set common stuff up."""
self.user = User.objects.create_user('christian', '*****@*****.**', 'pw')
self.factory = APIRequestFactory()
self.request = self.factory.get('/')
def tearDown(self):
"""Delete all created objects."""
models = [User]
for model in models:
model.objects.all().delete()
def has_access(self, request, view=None, obj=None, *args, **kwargs):
"""A Dummy Object Permission for easy to mock objects."""
try:
return bool(obj.allows_access)
except AttributeError:
return False
def check_permission(self, permission, request):
"""
Test the permission for a request for anonymous, staff and superuser.
Assuming that only staff has the permission.
"""
request.user = AnonymousUser()
self.assertFalse(permission.has_permission(request, None))
self.user.is_superuser = False
self.user.is_staff = True
self.user.save()
request.user = self.user
self.assertTrue(permission.has_permission(request, None))
self.user.is_superuser = True
self.user.is_staff = False
self.user.save()
request.user = self.user
self.assertFalse(permission.has_permission(request, None))
def check_object_permission(self, permission, request):
"""
Test the permission for a request for anonymous, staff and superuser.
Assuming that only staff can access the object when the object itself
forbids access.
"""
obj = mock.Mock()
# allow access
obj.allows_access = True
request.user = AnonymousUser()
self.assertTrue(permission.has_object_permission(request, None, obj))
self.user.is_superuser = False
self.user.is_staff = True
self.user.save()
request.user = self.user
self.assertTrue(permission.has_object_permission(request, None, obj))
self.user.is_superuser = True
self.user.is_staff = False
self.user.save()
request.user = self.user
self.assertTrue(permission.has_object_permission(request, None, obj))
# restrict access
obj.allows_access = False
request.user = AnonymousUser()
self.assertFalse(permission.has_object_permission(request, None, obj))
self.user.is_superuser = False
self.user.is_staff = True
self.user.save()
request.user = self.user
self.assertTrue(permission.has_object_permission(request, None, obj))
self.user.is_superuser = True
self.user.is_staff = False
self.user.save()
request.user = self.user
self.assertFalse(permission.has_object_permission(request, None, obj))
def _test_rw_staff(self):
"""Staff can read and write."""
permission = self.permission()
permission.rw_permissions = (allow_staff, )
request = self.factory.get('/')
self.check_permission(permission, request)
request = self.factory.post('/')
self.check_permission(permission, request)
request = self.factory.put('/')
self.check_permission(permission, request)
request = self.factory.delete('/')
self.check_permission(permission, request)
def _test_rw_object_staff(self):
"""Staff can read and write."""
permission = self.permission()
permission.object_rw_permissions = (allow_staff, self.has_access)
request = self.factory.get('/')
self.check_object_permission(permission, request)
request = self.factory.post('/')
self.check_object_permission(permission, request)
request = self.factory.put('/')
self.check_object_permission(permission, request)
request = self.factory.delete('/')
self.check_object_permission(permission, request)
