class ImageDetailAPITest(APITestCase):
def setUp(self):
self.profile = ProfileFactory()
self.other = ProfileFactory()
self.client = APIClient()
client_oauth2 = create_oauth2_client(self.profile.user)
authenticate_client(self.client, client_oauth2, self.profile.user.username, 'hostel77')
self.gallery = GalleryFactory()
UserGalleryFactory(user=self.profile.user, gallery=self.gallery)
self.image = ImageFactory(gallery=self.gallery)
self.gallery_other = GalleryFactory()
UserGalleryFactory(user=self.other.user, gallery=self.gallery_other)
self.image_other = ImageFactory(gallery=self.gallery_other)
self.gallery_shared = GalleryFactory()
UserGalleryFactory(user=self.other.user, gallery=self.gallery_shared)
UserGalleryFactory(user=self.profile.user, gallery=self.gallery_shared, mode=GALLERY_READ)
self.image_shared = ImageFactory(gallery=self.gallery_shared)
def test_get_image(self):
response = self.client.get(
reverse('api:gallery:detail-image', kwargs={'pk_gallery': self.gallery.pk, 'pk': self.image.pk}))
self.assertEqual(response.status_code, status.HTTP_200_OK)
self.assertEqual(response.data.get('id'), self.image.pk)
self.assertEqual(response.data.get('title'), self.image.title)
self.assertEqual(response.data.get('legend'), self.image.legend)
self.assertEqual(response.data.get('slug'), self.image.slug)
self.assertEqual(response.data.get('thumbnail'), self.image.get_thumbnail_url())
self.assertEqual(response.data.get('url'), self.image.get_absolute_url())
self.assertEqual(response.data.get('permissions'), {'read': True, 'write': True})
def test_get_image_read_permissions(self):
response = self.client.get(
reverse(
'api:gallery:detail-image', kwargs={'pk_gallery': self.gallery_shared.pk, 'pk': self.image_shared.pk}))
self.assertEqual(response.status_code, status.HTTP_200_OK)
self.assertEqual(response.data.get('id'), self.image_shared.pk)
self.assertEqual(response.data.get('permissions'), {'read': True, 'write': False})
def test_get_image_fail_permissions(self):
response = self.client.get(
reverse(
'api:gallery:detail-image',
kwargs={'pk_gallery': self.gallery_other.pk, 'pk': self.image_other.pk}))
self.assertEqual(response.status_code, status.HTTP_403_FORBIDDEN)
def test_put_modify_image(self):
title = 'un super titre pour une super image'
legend = 'as-tu vu ma légende?'
response = self.client.put(
reverse('api:gallery:detail-image', kwargs={'pk_gallery': self.gallery.pk, 'pk': self.image.pk}),
{
'title': title,
'legend': legend,
'physical': (settings.BASE_DIR / 'fixtures' / 'noir_black.png').open('rb')
},
format='multipart'
)
self.assertEqual(response.status_code, status.HTTP_200_OK)
image = Image.objects.get(pk=self.image.pk)
self.assertEqual(image.title, title)
self.assertEqual(image.legend, legend)
def test_put_fail_modify_image_not_an_image(self):
title = 'un super titre pour une super image'
legend = 'en vrai je peux pas'
response = self.client.put(
reverse(
'api:gallery:detail-image', kwargs={'pk_gallery': self.gallery.pk, 'pk': self.image.pk}),
{
'title': title,
'legend': legend,
'physical': (settings.BASE_DIR / 'assets' / 'licenses' / '0.svg').open('rb')
}
)
self.assertEqual(response.status_code, status.HTTP_400_BAD_REQUEST)
image = Image.objects.get(pk=self.image.pk)
self.assertNotEqual(image.title, title)
self.assertNotEqual(image.legend, legend)
def test_put_fail_modify_image_no_permissions(self):
title = 'un super titre pour une super image'
legend = 'en vrai je peux pas'
response = self.client.put(
reverse(
'api:gallery:detail-image', kwargs={'pk_gallery': self.gallery_other.pk, 'pk': self.image_other.pk}),
{
'title': title,
'legend': legend
}
)
self.assertEqual(response.status_code, status.HTTP_403_FORBIDDEN)
def test_put_fail_modify_image_read_permissions(self):
title = 'un super titre pour une super image'
legend = 'en vrai je peux toujours pas :p'
response = self.client.put(
reverse(
'api:gallery:detail-image', kwargs={'pk_gallery': self.gallery_shared.pk, 'pk': self.image_shared.pk}),
{
'title': title,
'legend': legend
}
)
self.assertEqual(response.status_code, status.HTTP_403_FORBIDDEN)
def test_delete_image(self):
response = self.client.delete(
reverse('api:gallery:detail-image', kwargs={'pk_gallery': self.gallery.pk, 'pk': self.image.pk}))
self.assertEqual(response.status_code, status.HTTP_204_NO_CONTENT)
self.assertEqual(Image.objects.filter(gallery=self.gallery).count(), 0)
def test_delete_image_fail_no_permissions(self):
response = self.client.delete(
reverse(
'api:gallery:detail-image',
kwargs={'pk_gallery': self.gallery_other.pk, 'pk': self.image_other.pk}))
self.assertEqual(response.status_code, status.HTTP_403_FORBIDDEN)
self.assertEqual(Image.objects.filter(gallery=self.gallery_other).count(), 1)
def test_delete_image_fail_read_permissions(self):
response = self.client.delete(
reverse(
'api:gallery:detail-image',
kwargs={'pk_gallery': self.gallery_shared.pk, 'pk': self.image_shared.pk}))
self.assertEqual(response.status_code, status.HTTP_403_FORBIDDEN)
self.assertEqual(Image.objects.filter(gallery=self.gallery_shared).count(), 1)
class ImageDetailAPITest(APITestCase):
def setUp(self):
self.profile = ProfileFactory()
self.other = ProfileFactory()
self.client = APIClient()
client_oauth2 = create_oauth2_client(self.profile.user)
authenticate_client(self.client, client_oauth2, self.profile.user.username, "hostel77")
self.gallery = GalleryFactory()
UserGalleryFactory(user=self.profile.user, gallery=self.gallery)
self.image = ImageFactory(gallery=self.gallery)
self.gallery_other = GalleryFactory()
UserGalleryFactory(user=self.other.user, gallery=self.gallery_other)
self.image_other = ImageFactory(gallery=self.gallery_other)
self.gallery_shared = GalleryFactory()
UserGalleryFactory(user=self.other.user, gallery=self.gallery_shared)
UserGalleryFactory(user=self.profile.user, gallery=self.gallery_shared, mode=GALLERY_READ)
self.image_shared = ImageFactory(gallery=self.gallery_shared)
def test_get_image(self):
response = self.client.get(
reverse("api:gallery:detail-image", kwargs={"pk_gallery": self.gallery.pk, "pk": self.image.pk})
)
self.assertEqual(response.status_code, status.HTTP_200_OK)
self.assertEqual(response.data.get("id"), self.image.pk)
self.assertEqual(response.data.get("title"), self.image.title)
self.assertEqual(response.data.get("legend"), self.image.legend)
self.assertEqual(response.data.get("slug"), self.image.slug)
self.assertEqual(response.data.get("thumbnail"), self.image.get_thumbnail_url())
self.assertEqual(response.data.get("url"), self.image.get_absolute_url())
self.assertEqual(response.data.get("permissions"), {"read": True, "write": True})
def test_get_image_read_permissions(self):
response = self.client.get(
reverse(
"api:gallery:detail-image", kwargs={"pk_gallery": self.gallery_shared.pk, "pk": self.image_shared.pk}
)
)
self.assertEqual(response.status_code, status.HTTP_200_OK)
self.assertEqual(response.data.get("id"), self.image_shared.pk)
self.assertEqual(response.data.get("permissions"), {"read": True, "write": False})
def test_get_image_fail_permissions(self):
response = self.client.get(
reverse("api:gallery:detail-image", kwargs={"pk_gallery": self.gallery_other.pk, "pk": self.image_other.pk})
)
self.assertEqual(response.status_code, status.HTTP_403_FORBIDDEN)
def test_put_modify_image(self):
title = "un super titre pour une super image"
legend = "as-tu vu ma légende?"
response = self.client.put(
reverse("api:gallery:detail-image", kwargs={"pk_gallery": self.gallery.pk, "pk": self.image.pk}),
{
"title": title,
"legend": legend,
"physical": (settings.BASE_DIR / "fixtures" / "noir_black.png").open("rb"),
},
format="multipart",
)
self.assertEqual(response.status_code, status.HTTP_200_OK)
image = Image.objects.get(pk=self.image.pk)
self.assertEqual(image.title, title)
self.assertEqual(image.legend, legend)
def test_put_fail_modify_image_not_an_image(self):
title = "un super titre pour une super image"
legend = "en vrai je peux pas"
response = self.client.put(
reverse("api:gallery:detail-image", kwargs={"pk_gallery": self.gallery.pk, "pk": self.image.pk}),
{
"title": title,
"legend": legend,
"physical": (settings.BASE_DIR / "assets" / "licenses" / "0.svg").open("rb"),
},
)
self.assertEqual(response.status_code, status.HTTP_400_BAD_REQUEST)
image = Image.objects.get(pk=self.image.pk)
self.assertNotEqual(image.title, title)
self.assertNotEqual(image.legend, legend)
def test_put_fail_modify_image_no_permissions(self):
title = "un super titre pour une super image"
legend = "en vrai je peux pas"
response = self.client.put(
reverse(
"api:gallery:detail-image", kwargs={"pk_gallery": self.gallery_other.pk, "pk": self.image_other.pk}
),
{"title": title, "legend": legend},
)
self.assertEqual(response.status_code, status.HTTP_403_FORBIDDEN)
def test_put_fail_modify_image_read_permissions(self):
title = "un super titre pour une super image"
legend = "en vrai je peux toujours pas :p"
response = self.client.put(
reverse(
"api:gallery:detail-image", kwargs={"pk_gallery": self.gallery_shared.pk, "pk": self.image_shared.pk}
),
{"title": title, "legend": legend},
)
self.assertEqual(response.status_code, status.HTTP_403_FORBIDDEN)
def test_delete_image(self):
response = self.client.delete(
reverse("api:gallery:detail-image", kwargs={"pk_gallery": self.gallery.pk, "pk": self.image.pk})
)
self.assertEqual(response.status_code, status.HTTP_204_NO_CONTENT)
self.assertEqual(Image.objects.filter(gallery=self.gallery).count(), 0)
def test_delete_image_fail_no_permissions(self):
response = self.client.delete(
reverse("api:gallery:detail-image", kwargs={"pk_gallery": self.gallery_other.pk, "pk": self.image_other.pk})
)
self.assertEqual(response.status_code, status.HTTP_403_FORBIDDEN)
self.assertEqual(Image.objects.filter(gallery=self.gallery_other).count(), 1)
def test_delete_image_fail_read_permissions(self):
response = self.client.delete(
reverse(
"api:gallery:detail-image", kwargs={"pk_gallery": self.gallery_shared.pk, "pk": self.image_shared.pk}
)
)
self.assertEqual(response.status_code, status.HTTP_403_FORBIDDEN)
self.assertEqual(Image.objects.filter(gallery=self.gallery_shared).count(), 1)