def test_filer_ajax_upload_permissions_error(self, extra_headers={}):
self.client.logout()
staff_user = User.objects.create_user(username='******',
password='******',
email='*****@*****.**')
staff_user.is_staff = True
staff_user.save()
self.client.login(username='******', password='******')
self.assertEqual(Image.objects.count(), 0)
folder = Folder.objects.create(name='foo')
file_obj = django.core.files.File(open(self.filename, 'rb'))
with SettingsOverride(filer_settings, FILER_ENABLE_PERMISSIONS=True):
# give permissions over BAR
FolderPermission.objects.create(
folder=folder,
user=staff_user,
type=FolderPermission.THIS,
can_edit=FolderPermission.DENY,
can_read=FolderPermission.ALLOW,
can_add_children=FolderPermission.DENY)
url = reverse('admin:filer-ajax_upload',
kwargs={'folder_id': folder.pk
}) + '?filename={0}'.format(self.image_name)
response = self.client.post(
url,
data=file_obj.read(),
content_type='application/octet-stream',
**{'HTTP_X_REQUESTED_WITH': 'XMLHttpRequest'})
from filer.admin.clipboardadmin import NO_PERMISSIONS_FOR_FOLDER
self.assertContains(response, NO_PERMISSIONS_FOR_FOLDER)
self.assertEqual(Image.objects.count(), 0)
def test_filer_upload_permissions_error(self, extra_headers={}):
self.client.logout()
staff_user = User.objects.create_user(username='******',
password='******',
email='*****@*****.**')
staff_user.is_staff = True
staff_user.save()
self.client.login(username='******', password='******')
self.assertEqual(Image.objects.count(), 0)
folder = Folder.objects.create(name='foo')
file_obj = django.core.files.File(open(self.filename, 'rb'))
with SettingsOverride(filer_settings, FILER_ENABLE_PERMISSIONS=True):
# give permissions over BAR
FolderPermission.objects.create(
folder=folder,
user=staff_user,
type=FolderPermission.THIS,
can_edit=FolderPermission.DENY,
can_read=FolderPermission.ALLOW,
can_add_children=FolderPermission.DENY)
url = reverse('admin:filer-ajax_upload',
kwargs={'folder_id': folder.pk})
post_data = {
'Filename': self.image_name,
'Filedata': file_obj,
'jsessionid': self.client.session.session_key
}
response = self.client.post(url, post_data, **extra_headers)
from filer.admin.clipboardadmin import NO_PERMISSIONS_FOR_FOLDER
self.assertContains(response, NO_PERMISSIONS_FOR_FOLDER)
self.assertEqual(Image.objects.count(), 0)
def test_folder_ownership(self):
with SettingsOverride(filer_settings, FILER_ENABLE_PERMISSIONS=True):
response = self.client.get(
reverse('admin:filer-directory_listing',
kwargs={'folder_id': self.parent.id}))
item_list = response.context['paginated_items'].object_list
# user sees only 1 folder : FOO
# he doesn't see BAR, BAZ and SPAM because he doesn't own them
# and no permission has been given
self.assertEquals(
set(folder.pk for folder, folder_perms in item_list),
set([self.foo_folder.pk]))
def test_with_permissions_disabled(self):
with SettingsOverride(filer_settings, FILER_ENABLE_PERMISSIONS=False):
response = self.client.get(
reverse('admin:filer-directory_listing',
kwargs={'folder_id': self.parent.id}))
item_list = response.context['paginated_items'].object_list
# user sees all items: FOO, BAR, BAZ, SAMP
self.assertEquals(
set(folder.pk for folder, folder_perms in item_list),
set([
self.foo_folder.pk, self.bar_folder.pk, self.baz_folder.pk,
self.spam_file.pk
]))
def test_with_permission_given_to_folder(self):
with SettingsOverride(filer_settings, FILER_ENABLE_PERMISSIONS=True):
# give permissions over BAR
FolderPermission.objects.create(
folder=self.bar_folder,
user=self.staff_user,
type=FolderPermission.THIS,
can_edit=FolderPermission.ALLOW,
can_read=FolderPermission.ALLOW,
can_add_children=FolderPermission.ALLOW)
response = self.client.get(
reverse('admin:filer-directory_listing',
kwargs={'folder_id': self.parent.id}))
item_list = response.context['paginated_items'].object_list
# user sees 2 folder : FOO, BAR
self.assertEquals(
set(folder.pk for folder, folder_perms in item_list),
set([self.foo_folder.pk, self.bar_folder.pk]))
def test_dump_load_data_content(self):
"""
Testing the dump / load with full dump of file content data
"""
with SettingsOverride(filer_settings, FILER_DUMP_PAYLOAD=True):
# Initialize the test data
create_folder_structure(1, 1)
fileobj = self.create_filer_file(Folder.objects.all()[0])
jdata = StringIO()
# Dump the current data
fobj = tempfile.NamedTemporaryFile(suffix=".json", delete=False)
call_command("dumpdata", "filer", stdout=jdata, indent=3)
# Delete database and filesystem data and
complete = os.path.join(fileobj.file.storage.location,
fileobj.path)
os.unlink(complete)
fileobj.delete()
# Dump data to json file
fobj.write(jdata.getvalue().encode('utf-8'))
fobj.seek(0)
# Load data back
call_command("loaddata", fobj.name, stdout=jdata)
# Database data is restored
self.assertEqual(Folder.objects.all().count(), 1)
self.assertEqual(File.objects.all().count(), 1)
self.assertEqual(File.objects.all()[0].original_filename,
self.image_name)
fileobj = File.objects.all()[0]
complete = os.path.join(fileobj.file.storage.location,
fileobj.path)
# Filesystem data too!
self.assertTrue(os.path.exists(complete))
