def create_messages(self): messages = [ Message.create(user=self.admin, content='admin'), Message.create(user=self.normal, content='normal'), ] self.admin_message, self.normal_message = messages return messages
def setUp(self): Note.drop_table(True) Message.drop_table(True) User.drop_table(True) User.create_table() Message.create_table() Note.create_table() self.flask_app = test_app.app self.flask_app._template_context = {} self.app = test_app.app.test_client()
def test_auth_edit(self): self.create_messages() message_data = {'content': 'edited'} serialized = json.dumps(message_data) url = '/api/message/%s/' % self.normal_message.id # this request is not authorized resp = self.app.put(url, data=serialized) self.assertEqual(resp.status_code, 401) # authorized, but user does not exist in database resp = self.app.put(url, data=serialized, headers=self.auth_headers('xxx', 'xxx')) self.assertEqual(resp.status_code, 401) # authorized, user in database, but not owner resp = self.app.put(url, data=serialized, headers=self.auth_headers('admin', 'admin')) self.assertEqual(resp.status_code, 403) # authorized, user in database, is owner resp = self.app.put(url, data=serialized, headers=self.auth_headers('normal', 'normal')) self.assertEqual(resp.status_code, 200) obj = Message.get(id=self.normal_message.id) self.assertEqual(obj.content, 'edited')
def test_delete(self): self.create_messages() url = '/api/message/%s' % self.normal_message.id # authorized as an admin self.login(self.normal) resp = self.app.delete(url) self.assertEqual(resp.status_code, 200) self.assertEqual(Message.select().count(), 1) self.assertEqual(resp.get_json(), {'deleted': 1})
def test_create(self): message_data = {'content': 'test'} serialized = json.dumps(message_data) # authorized as an admin self.login(self.normal) resp = self.app.post('/api/message', data=serialized) self.assertEqual(resp.status_code, 200) new_message = Message.get(content='test') self.assertEqual(new_message.user, self.normal) self.assertAPIMessage(resp.get_json(), new_message)
def test_create(self): message_data = {'content': 'test'} serialized = json.dumps(message_data) # authorized as an admin resp = self.app.post('/api/message/', data=serialized, headers=self.auth_headers('normal', 'normal')) self.assertEqual(resp.status_code, 200) new_message = Message.get(content='test') self.assertEqual(new_message.user, self.normal) resp_json = self.response_json(resp) self.assertAPIMessage(resp_json, new_message)
def test_delete(self): self.create_messages() url = '/api/message/%s/' % self.normal_message.id # authorized as an admin resp = self.app.delete(url, headers=self.auth_headers('normal', 'normal')) self.assertEqual(resp.status_code, 200) self.assertEqual(Message.select().count(), 1) resp_json = self.response_json(resp) self.assertEqual(resp_json, {'deleted': 1})
def test_edit(self): self.create_messages() message_data = {'content': 'edited'} serialized = json.dumps(message_data) url = '/api/message/%s' % self.normal_message.id # authorized as normal self.login(self.normal) resp = self.app.put(url, data=serialized) self.assertEqual(resp.status_code, 200) message = Message.get(id=self.normal_message.id) self.assertEqual(message.content, 'edited') self.assertAPIMessage(resp.get_json(), message)
def test_edit(self): self.create_messages() message_data = {'content': 'edited'} serialized = json.dumps(message_data) url = '/api/message/%s/' % self.normal_message.id # authorized as normal resp = self.app.put(url, data=serialized, headers=self.auth_headers('normal', 'normal')) self.assertEqual(resp.status_code, 200) message = Message.get(id=self.normal_message.id) self.assertEqual(message.content, 'edited') resp_json = self.response_json(resp) self.assertAPIMessage(resp_json, message)
def test_auth_edit(self): self.create_messages() message_data = {'content': 'edited'} serialized = json.dumps(message_data) url = '/api/message/%s' % self.normal_message.id # this request is not authorized resp = self.app.put(url, data=serialized) self.assertEqual(resp.status_code, 403) # authorized, user in database, but not owner self.login(self.inactive) resp = self.app.put(url, data=serialized) self.assertEqual(resp.status_code, 403) # authorized, user in database, is owner self.login(self.normal) resp = self.app.put(url, data=serialized) self.assertEqual(resp.status_code, 200) obj = Message.get(id=self.normal_message.id) self.assertEqual(obj.content, 'edited')
def test_model_admin_recursive_delete(self): self.create_users() m1 = Message.create(user=self.normal, content='test1') m2 = Message.create(user=self.normal, content='test2') m3 = Message.create(user=self.admin, content='test3') n1 = Note.create(user=self.normal, message='test1') n2 = Note.create(user=self.normal, message='test2') n3 = Note.create(user=self.admin, message='test3') a1 = AModel.create(a_field='a1') a2 = AModel.create(a_field='a2') b1 = BModel.create(b_field='b1', a=a1) b2 = BModel.create(b_field='b2', a=a2) bd1= BDetails.create(b=b1) bd2= BDetails.create(b=b2) c1 = CModel.create(c_field='c1', b=b1) c2 = CModel.create(c_field='c2', b=b2) d1 = DModel.create(d_field='d1', c=c1) d2 = DModel.create(d_field='d2', c=c2) with self.flask_app.test_client() as c: self.login(c) resp = c.get('/admin/amodel/delete/?id=%d' % (a1.id)) self.assertEqual(resp.status_code, 200) collected = self.get_context('collected') self.assertEqual(collected, { a1.id: [ (1, BModel, 'a', [b1]), (2, BDetails, 'a', [bd1]), (2, CModel, 'a', [c1]), (3, DModel, 'a', [d1]), ] }) resp = c.post('/admin/amodel/delete/', data={'id': a1.id}) self.assertEqual(resp.status_code, 302) self.assertEqual(AModel.select().count(), 1) self.assertEqual(BModel.select().count(), 1) self.assertEqual(BDetails.select().count(), 1) self.assertEqual(CModel.select().count(), 1) self.assertEqual(DModel.select().count(), 1) # send it a single id resp = c.get('/admin/user/delete/?id=%d' % (self.normal.id)) self.assertEqual(resp.status_code, 200) query = self.get_context('query') self.assertEqual(list(query), [self.normal]) collected = self.get_context('collected') self.assertEqual(len(collected), 1) u_k = collected[self.normal.id] self.assertEqual(len(u_k), 2) self.assertEqual(u_k, [ (1, Message, 'user', [m1, m2]), (1, Note, 'user', [n1, n2]), ]) # post to it, get a redirect on success resp = c.post('/admin/user/delete/', data={'id': self.normal.id}) self.assertEqual(resp.status_code, 302) self.assertEqual(User.select().count(), 2) self.assertEqual(Message.select().count(), 1) self.assertEqual(Note.select().count(), 1) resp = c.get('/admin/user/delete/?id=%d&id=%d' % (self.admin.id, self.inactive.id)) self.assertEqual(resp.status_code, 200) collected = self.get_context('collected') self.assertEqual(len(collected), 2) u_k = collected[self.admin.id] self.assertEqual(len(u_k), 2) self.assertEqual(u_k, [ (1, Message, 'user', [m3]), (1, Note, 'user', [n3]), ]) u_k = collected[self.inactive.id] self.assertEqual(len(u_k), 0) # post to it, get a redirect on success resp = c.post('/admin/user/delete/', data={'id': [self.admin.id, self.inactive.id]}) self.assertEqual(resp.status_code, 302) self.assertEqual(User.select().count(), 0) self.assertEqual(Message.select().count(), 0) self.assertEqual(Note.select().count(), 0)
def create_message(self, user, content, **kwargs): return Message.create(user=user, content=content, **kwargs)