def test_get_boxes_for_staff(self):
user = StaffFactory()
b1 = BoxFactory(visibility=Box.PRIVATE)
b2 = BoxFactory(visibility=Box.PUBLIC)
self.assertCountEqual(list(Box.objects.for_user(user)), [b1, b2])
def test_get_boxes_for_anonymous(self):
user = AnonymousUser()
b1 = BoxFactory(visibility=Box.PRIVATE)
b2 = BoxFactory(visibility=Box.PUBLIC)
self.assertCountEqual(list(Box.objects.for_user(user)), [b2])
def test_get_perms_for_authenticated(self):
user = UserFactory()
box = BoxFactory(visibility=Box.PRIVATE)
self.check_perms(user, box, '')
box = BoxFactory(visibility=Box.PUBLIC)
self.check_perms(user, box, BoxMember.PERM_R)
def test_get_perms_for_anonymous(self):
user = AnonymousUser()
box = BoxFactory(visibility=Box.PRIVATE)
self.check_perms(user, box, '')
box = BoxFactory(visibility=Box.PUBLIC)
self.check_perms(user, box, BoxMember.PERM_R)
def test_box_member_with_read_write_permissions(self):
user = UserFactory()
checks = {
'GET': True,
'PATCH': False,
'POST': False,
'DELETE': False,
}
box = BoxFactory(visibility=Box.PRIVATE)
box.share_with(user, BoxMember.PERM_RW)
self.check_obj_perms(checks, user, box)
def test_get_members_by_anonymous(self):
user1 = AnonymousUser()
user2 = UserFactory()
box = BoxFactory(visibility=Box.PRIVATE)
box.share_with(user2, BoxMember.PERM_R)
request = APIRequestFactory().get('/url/')
request.user = user1
self.serializer.context['request'] = request
members = self.serializer.get_members(box)
self.assertEqual(len(members), 0)
def test_get_members_by_staff(self):
staff = StaffFactory()
user2 = UserFactory()
box = BoxFactory(visibility=Box.PRIVATE)
box.share_with(user2, BoxMember.PERM_R)
request = APIRequestFactory().get('/url/')
request.user = staff
self.serializer.context['request'] = request
members = self.serializer.get_members(box)
self.assertEqual(len(members), 1)
self.assertEqual(members[0]['username'], user2.username)
def check_box_obj_perms(self,
checks,
user,
box_owner=None,
share_with=None,
share_perm=None):
if box_owner is None:
box_owner = UserFactory()
for visibility in [Box.PRIVATE, Box.PUBLIC]:
box = BoxFactory(visibility=visibility, owner=box_owner)
if share_with:
box.share_with(share_with, share_perm)
self.check_obj_perms(checks, user, box)
def test_get_boxes(self):
user1 = UserFactory()
user2 = UserFactory()
b1 = BoxFactory(owner=user1, visibility=Box.PRIVATE)
b2 = BoxFactory(owner=user1, visibility=Box.PUBLIC)
request = APIRequestFactory().get('/url/')
request.user = user2
self.serializer.context['request'] = request
boxes = self.serializer.get_boxes(user1)
self.assertEqual(len(boxes), 1, msg="Private box shouldn't be shown")
self.assertIn(b2.name, boxes[0])
self.assertIn('http://', boxes[0], msg="Should be absolute URL")
def test_user_with_permissions_cannot_read_box_members(self):
user = UserFactory()
box = BoxFactory()
box.share_with(user, BoxMember.PERM_RW)
request = self.factory.get('/url/')
force_authenticate(request, user=user)
response = self.view_list(request,
username=box.owner.username,
box_name=box.name)
self.assertEqual(response.status_code, status.HTTP_200_OK)
self.assertEqual(response.data['count'], 0)
self.assertListEqual(list(box.shared_with.all()), [user])
def test_list_boxes(self):
user = UserFactory()
b1 = BoxFactory(visibility=Box.PRIVATE)
b2 = BoxFactory(visibility=Box.PRIVATE)
b2.share_with(user, BoxMember.PERM_R)
request = self.factory.get('/url/')
force_authenticate(request, user=user)
response = self.view(request)
self.assertEqual(response.status_code, status.HTTP_200_OK)
# only b2; b1 not shared with user
self.assertEqual(response.data['count'], 1)
self.assertEqual(response.data['results'][0]['name'], b2.name)
def test_user_with_permissions_can_view_versions(self):
user = UserFactory()
box = BoxFactory()
box.share_with(user, BoxMember.PERM_R)
BoxVersionFactory(box=box, version='1.0.0')
BoxVersionFactory(box=box, version='1.0.1')
request = self.factory.get('/url/')
force_authenticate(request, user=user)
response = self.view_list(request,
username=box.owner.username,
box_name=box.name)
self.assertEqual(response.status_code, status.HTTP_200_OK)
self.assertEqual(response.data['count'], 2)
def test_box_date_updated(self):
"""Ensures box's `date_updated` changes with new version"""
box = BoxFactory()
version = BoxVersionFactory(box=box)
updated_box = Box.objects.get(pk=box.pk)
self.assertEqual(updated_box.date_updated, version.date_updated)
def test_user_with_permissions_can_view_metadata(self):
user = UserFactory()
box = BoxFactory()
box.share_with(user, BoxMember.PERM_R)
version = BoxVersionFactory(box=box)
BoxProviderFactory(version=version, provider='virtualbox')
BoxProviderFactory(version=version, provider='vmware')
BoxProviderFactory()
request = self.factory.get('/url/')
force_authenticate(request, user=user)
response = self.view_detail(request,
username=box.owner.username,
box_name=box.name)
self.assertEqual(response.status_code, status.HTTP_200_OK)
def test_user_with_permissions_cannot_delete_provider(self):
user = UserFactory()
box = BoxFactory()
box.share_with(user, BoxMember.PERM_R)
version = BoxVersionFactory(box=box)
provider = BoxProviderFactory(version=version)
request = self.factory.delete('/url/')
force_authenticate(request, user=user)
response = self.view_detail(request,
username=box.owner.username,
box_name=box.name,
version=version.version,
provider=provider.provider)
self.assertEqual(response.status_code, status.HTTP_403_FORBIDDEN)
def test_user_with_permissions_can_create_version(self):
user = UserFactory()
box = BoxFactory()
box.share_with(user, BoxMember.PERM_RW)
data = {
'version': '1.0.1',
'changes': 'Initial release',
}
request = self.factory.post('/url/', data=data)
force_authenticate(request, user=user)
response = self.view_list(request,
username=box.owner.username,
box_name=box.name)
self.assertEqual(response.status_code, status.HTTP_201_CREATED)
self.assertTrue(box.versions.filter(**data).exists())
def test_get_perms_for_user_with_push_access(self):
user = UserFactory()
box = BoxFactory(visibility=Box.PRIVATE)
box.share_with(user, BoxMember.PERM_RW)
self.check_perms(user, box, BoxMember.PERM_RW)
box = BoxFactory(visibility=Box.PUBLIC)
box.share_with(user, BoxMember.PERM_RW)
self.check_perms(user, box, BoxMember.PERM_RW)
def test_user_with_permissions_cannot_add_box_member(self):
user = UserFactory()
box = BoxFactory()
box.share_with(user, BoxMember.PERM_RW)
user1 = UserFactory()
data = {
'permissions': BoxMember.PERM_RW,
}
request = self.factory.post('/url/', data=data)
force_authenticate(request, user=user)
response = self.view_detail(request,
username=box.owner.username,
box_name=box.name,
member_username=user1.username)
self.assertEqual(response.status_code, status.HTTP_403_FORBIDDEN)
self.assertListEqual(list(box.shared_with.all()), [user])
def test_box_date_updated(self):
"""Ensures box's and version's `date_updated` changes with new provider"""
box = BoxFactory()
version = BoxVersionFactory(box=box)
provider = BoxProviderFactory(version=version)
updated_version = BoxVersion.objects.get(pk=version.pk)
updated_box = Box.objects.get(pk=box.pk)
self.assertEqual(updated_version.date_updated, provider.date_updated)
self.assertEqual(updated_box.date_updated, provider.date_updated)
def test_anonymous_public_box_object_perms(self):
user = AnonymousUser()
checks = {
'GET': True,
'PATCH': False,
'POST': False,
'DELETE': False,
}
box = BoxFactory(visibility=Box.PUBLIC)
self.check_obj_perms(checks, user, box)
def test_anonymous_private_box_object_perms(self):
user = AnonymousUser()
checks = {
'GET': Http404,
'PATCH': Http404,
'POST': Http404,
'DELETE': Http404,
}
box = BoxFactory(visibility=Box.PRIVATE)
self.check_obj_perms(checks, user, box)
def test_box_owner_cannot_add_already_added_box_member(self):
user = UserFactory()
box = BoxFactory(owner=user)
user1 = UserFactory()
box.share_with(user1, BoxMember.PERM_RW)
data = {
'permissions': BoxMember.PERM_RW,
}
request = self.factory.post('/url/', data=data)
force_authenticate(request, user=user)
# Wrap in atomic transaction because of UNIQUER DB error
with transaction.atomic():
response = self.view_detail(request,
username=user.username,
box_name=box.name,
member_username=user1.username)
self.assertEqual(response.status_code, status.HTTP_400_BAD_REQUEST)
self.assertListEqual(list(box.shared_with.all()), [user1])
def test_user_with_permissions_can_view_uploads(self):
user = UserFactory()
box = BoxFactory()
box.share_with(user, BoxMember.PERM_R)
version = BoxVersionFactory(box=box)
provider = BoxProviderFactory(version=version)
BoxUploadFactory(provider=provider)
BoxUploadFactory(provider=provider, file_content=b'test2')
request = self.factory.get('/url/')
force_authenticate(request, user=user)
response = self.view_list(
request,
username=box.owner.username,
box_name=box.name,
version=version.version,
provider=provider.provider,
)
self.assertEqual(response.status_code, status.HTTP_200_OK)
self.assertEqual(response.data['count'], 2)
def test_anonymous_can_view_public_box_metadata(self):
box = BoxFactory(visibility=Box.PUBLIC)
version = BoxVersionFactory(box=box)
BoxProviderFactory(version=version, provider='virtualbox')
BoxProviderFactory(version=version, provider='vmware')
BoxProviderFactory()
request = self.factory.get('/url/')
response = self.view_detail(request,
username=box.owner.username,
box_name=box.name)
self.assertEqual(response.status_code, status.HTTP_200_OK)
def test_user_with_permissions_can_initiate_upload(self):
user = UserFactory()
box = BoxFactory()
box.share_with(user, BoxMember.PERM_RW)
box_version = BoxVersionFactory(box=box)
box_provider = EmptyBoxProviderFactory(version=box_version)
data = {
'file_size': 100,
'checksum_type': BoxProvider.SHA256,
'checksum': 'asdf',
}
request = self.factory.post('/url/', data=data)
force_authenticate(request, user=user)
response = self.view_list(
request,
username=box.owner.username,
box_name=box.name,
version=box_version.version,
provider=box_provider.provider,
)
self.assertEqual(response.status_code, status.HTTP_201_CREATED)
self.assertTrue(box_provider.uploads.filter(**data).exists())
def test_user_creates_box_with_the_same_name(self):
user = UserFactory()
box = BoxFactory(owner=user, visibility=Box.PRIVATE)
data = {
'name': box.name,
'description': 'some description',
'short_description': 'Test box',
'visibility': Box.PUBLIC,
}
request = self.factory.post('/url/', data=data)
force_authenticate(request, user=user)
# Wrap in atomic transaction because of UNIQUER DB error
with transaction.atomic():
response = self.view_list(request, username=user.username)
self.assertEqual(response.status_code, status.HTTP_400_BAD_REQUEST)
self.assertEqual(Box.objects.count(), 1)
def test_user_has_perms(self, mock_get_perms):
box = BoxFactory()
mock_get_perms.return_value = ''
self.assertFalse(box.user_has_perms('user', 'R'))
mock_get_perms.return_value = BoxMember.PERM_R
self.assertFalse(box.user_has_perms('user', 'RW'))
mock_get_perms.return_value = ''
self.assertTrue(box.user_has_perms('user', ''))
mock_get_perms.return_value = BoxMember.PERM_R
self.assertTrue(box.user_has_perms('user', 'R'))
mock_get_perms.return_value = BoxMember.PERM_RW
self.assertTrue(box.user_has_perms('user', 'R'))
def test_user_updates_own_box(self):
user = UserFactory()
box = BoxFactory(owner=user, visibility=Box.PRIVATE)
data = {
'name': 'testbox1',
'description': 'some description',
'short_description': 'Test box',
'visibility': Box.PUBLIC,
}
request = self.factory.patch('/url/', data=data)
force_authenticate(request, user=user)
response = self.view_detail(request,
username=user.username,
box_name=box.name)
self.assertEqual(response.status_code, status.HTTP_200_OK)
self.assertEqual(Box.objects.count(), 1)
self.assertTrue(Box.objects.filter(**data).exists())
def test_box_owner_can_view_box_members(self):
user = UserFactory()
box = BoxFactory(owner=user)
user1 = UserFactory()
box.share_with(user1, BoxMember.PERM_RW)
user2 = UserFactory()
box.share_with(user2, BoxMember.PERM_R)
request = self.factory.get('/url/')
force_authenticate(request, user=user)
response = self.view_list(request,
username=user.username,
box_name=box.name)
self.assertEqual(response.status_code, status.HTTP_200_OK)
self.assertEqual(response.data['count'], 2)
def test_upload_cannot_be_initiated_for_completed_provider(self):
user = UserFactory()
box = BoxFactory(owner=user)
box_version = BoxVersionFactory(box=box)
box_provider = BoxProviderFactory(version=box_version)
data = {
'file_size': 100,
'checksum_type': BoxProvider.SHA256,
'checksum': 'asdf',
}
request = self.factory.post('/url/', data=data)
force_authenticate(request, user=user)
response = self.view_list(
request,
username=box.owner.username,
box_name=box.name,
version=box_version.version,
provider=box_provider.provider,
)
self.assertEqual(response.status_code, status.HTTP_400_BAD_REQUEST)