class ContextACLTests(unittest.TestCase, MaxTestBase):
def setUp(self):
conf_dir = os.path.dirname(os.path.dirname(__file__))
self.app = loadapp('config:tests.ini', relative_to=conf_dir)
self.app.registry.max_store.drop_collection('users')
self.app.registry.max_store.drop_collection('activity')
self.app.registry.max_store.drop_collection('contexts')
self.app.registry.max_store.drop_collection('security')
self.app.registry.max_store.drop_collection('conversations')
self.app.registry.max_store.drop_collection('messages')
self.app.registry.max_store.security.insert(test_default_security)
self.patched_post = patch('requests.post', new=partial(mock_post, self))
self.patched_post.start()
self.testapp = MaxTestApp(self)
# Add context tests
def test_add_context_as_manager(self):
"""
Given a user that has the Manager role
When i try to get create a context
I succeed
"""
from max.tests.mockers import create_context
self.create_user(test_manager)
self.testapp.post('/contexts', json.dumps(create_context), oauth2Header(test_manager), status=201)
def test_add_context_as_non_manager(self):
"""
Given a user that doesn't have the Manager role
When i try to create a context
I get a Forbidden exception
"""
from max.tests.mockers import create_context
username = '******'
self.create_user(username)
self.testapp.post('/contexts', json.dumps(create_context), oauth2Header(username), status=403)
# View context tests
def test_view_context_as_manager_with_acls(self):
"""
Given i'm a user that has the Manager role
When i try to update any context
I succeed
And I get the acls for that context
"""
from max.tests.mockers import create_context
self.create_user(test_manager)
res = self.create_context(create_context)
chash = res.json['hash']
res = self.testapp.get('/contexts/%s?show_acls=1' % chash, "", oauth2Header(test_manager), status=200)
self.assertGreater(len(res.json['acls']), 0)
def test_view_context_as_manager(self):
"""
Given i'm a user that has the Manager role
When i try to update any context
I succeed
"""
from max.tests.mockers import create_context
self.create_user(test_manager)
res = self.create_context(create_context)
chash = res.json['hash']
self.testapp.get('/contexts/%s' % chash, "", oauth2Header(test_manager), status=200)
def test_view_context_as_non_manager(self):
"""
Given i'm a user that has the Manager role
When i try to update any context
I succeed
"""
from max.tests.mockers import create_context
username = '******'
self.create_user(test_manager)
self.create_user(username)
res = self.create_context(create_context)
chash = res.json['hash']
self.testapp.get('/contexts/%s' % chash, "", oauth2Header(username), status=200)
# Get all contexts tests
def test_get_all_contexts_as_manager(self):
"""
Given a user that has the Manager role
When i try to get all contexts
I succeed
"""
from max.tests.mockers import create_context
self.create_user(test_manager)
self.create_context(create_context)
self.testapp.get('/contexts', "", oauth2Header(test_manager), status=200)
def test_get_all_contexts_as_non_manager(self):
"""
Given a user that doesn't have the Manager role
When i try to get all contexts
I get a Forbidden exception
"""
from max.tests.mockers import create_context
username = '******'
self.create_user(test_manager)
self.create_user(username)
self.create_context(create_context)
self.testapp.get('/contexts', "", oauth2Header(username), status=403)
# Modify context tests
def test_modify_context_as_manager(self):
"""
Given i'm a user that has the Manager role
When i try to update any context
I succeed
"""
from max.tests.mockers import create_context
self.create_user(test_manager)
res = self.create_context(create_context)
chash = res.json['hash']
self.testapp.put('/contexts/%s' % chash, json.dumps({"twitterHashtag": "testhashtag"}), oauth2Header(test_manager), status=200)
def test_modify_context_as_manager_non_owner(self):
"""
Given i'm a user that has the Manager role
And i'm not the owner of the context
When i try to update any context
I succeed
"""
from max.tests.mockers import create_context
self.create_user(test_manager)
self.create_user(test_manager2)
res = self.create_context(create_context)
chash = res.json['hash']
self.testapp.put('/contexts/%s' % chash, json.dumps({"twitterHashtag": "testhashtag"}), oauth2Header(test_manager2), status=200)
def test_modify_context_as_owner(self):
"""
Given i'm a user that don't jave the Manager role
And is the owner of the context
When i try to update the context
I succeed
"""
from max.tests.mockers import create_context
username = '******'
self.create_user(test_manager)
self.create_user(username)
res = self.create_context(create_context, owner=username)
chash = res.json['hash']
self.testapp.put('/contexts/%s' % chash, json.dumps({"twitterHashtag": "testhashtag"}), oauth2Header(username), status=200)
def test_modify_context_as_non_owner_non_manager(self):
"""
Given i'm a user that don't jave the Manager role
And is the owner of the context
When i try to update the context
I succeed
"""
from max.tests.mockers import create_context
username = '******'
self.create_user(test_manager)
self.create_user(username)
res = self.create_context(create_context)
chash = res.json['hash']
self.testapp.put('/contexts/%s' % chash, json.dumps({"twitterHashtag": "testhashtag"}), oauth2Header(username), status=403)
# Delete context tests
def test_delete_context_as_manager(self):
"""
Given a user that has the Manager role
When i try to remove a context
I succeed
"""
from max.tests.mockers import create_context
self.create_user(test_manager)
res = self.create_context(create_context)
chash = res.json['hash']
self.testapp.delete('/contexts/%s' % (chash,), "", oauth2Header(test_manager), status=204)
def test_delete_context_as_manager_non_owner(self):
"""
Given a user that has the Manager role
And is not the owner of the context
When i try to remove a context
I succeed
"""
from max.tests.mockers import create_context
self.create_user(test_manager)
self.create_user(test_manager2)
res = self.create_context(create_context)
chash = res.json['hash']
self.testapp.delete('/contexts/%s' % (chash,), "", oauth2Header(test_manager2), status=204)
def test_delete_context_as_owner(self):
"""
Given a user that has doesn't have the Manager role
And is the owner of the context
When i try to remove a context
I succeed
"""
from max.tests.mockers import create_context
username = '******'
self.create_user(test_manager)
self.create_user(username)
res = self.create_context(create_context, owner=username)
chash = res.json['hash']
self.testapp.delete('/contexts/%s' % (chash,), "", oauth2Header(username), status=204)
def test_delete_context_as_non_manager_neither_owner(self):
"""
Given a user that has doesn't have the Manager role
And is not the owner of the context
When i try to remove a context
I get a Forbidden
"""
from max.tests.mockers import create_context
username = '******'
self.create_user(test_manager)
self.create_user(username)
res = self.create_context(create_context)
chash = res.json['hash']
self.testapp.delete('/contexts/%s' % (chash,), "", oauth2Header(username), status=403)
# Test context authors
def test_get_context_authors_as_manager(self):
"""
Given a user that is Manager
When i try to list context activity authors
I succeed
"""
from max.tests.mockers import create_context
self.create_user(test_manager)
res = self.create_context(create_context)
chash = res.json['hash']
self.testapp.get('/contexts/%s/activities/authors' % (chash,), "", oauth2Header(test_manager), status=200)
def test_get_context_authors_as_non_manager(self):
"""
Given a user that is not Manager
When i try to list context activity authors
I get a Forbidden
"""
from max.tests.mockers import create_context
username = '******'
self.create_user(test_manager)
self.create_user(username)
res = self.create_context(create_context, permissions={'read': 'subscribed'})
chash = res.json['hash']
self.testapp.get('/contexts/%s/activities/authors' % (chash,), "", oauth2Header(username), status=403)
def test_get_context_authors_as_non_manager_public_context(self):
"""
Given a user that is not Manager
When i try to list context activity authors
I get a Forbidden
"""
from max.tests.mockers import create_context
username = '******'
self.create_user(test_manager)
self.create_user(username)
res = self.create_context(create_context, permissions={'read': 'public'})
chash = res.json['hash']
self.testapp.get('/contexts/%s/activities/authors' % (chash,), "", oauth2Header(username), status=200)
def test_get_count_context_authors_as_non_manager(self):
"""
Given a user that is not Manager
When i try to list the count of context activity authors
I succeed
"""
from max.tests.mockers import create_context, subscribe_context
username = '******'
self.create_user(test_manager)
self.create_user(username)
res = self.create_context(create_context)
self.admin_subscribe_user_to_context(username, subscribe_context)
chash = res.json['hash']
self.testapp.head('/contexts/%s/activities/authors' % (chash,), oauth2Header(username), status=200)
class FunctionalTests(unittest.TestCase, MaxTestBase):
def setUp(self):
conf_dir = os.path.dirname(__file__)
self.app = loadapp('config:tests.ini', relative_to=conf_dir)
self.reset_database(self.app)
self.app.registry.max_store.security.insert(test_default_security)
self.patched_post = patch('requests.post', new=partial(mock_post, self))
self.patched_post.start()
self.testapp = MaxTestApp(self)
self.create_user(test_manager)
# BEGIN TESTS
def test_head_without_permissions(self):
"""
Given a user that is not Manager
And a GET endpoint protected with Manager role
When i try to call that endpoint with HEAD method
Then i can access the results count
And the same endpoint with GET returns a Forbidden
"""
from .mockers import user_status
username = '******'
self.create_user(username)
for i in range(11):
self.create_activity(username, user_status, note=str(i))
res = self.testapp.get('/activities', '', oauth2Header(username), status=403)
res = self.testapp.head('/activities', oauth2Header(username), status=200)
self.assertEqual(res.headers.get('X-totalItems'), '11')
def test_user_activities_stats(self):
from .mockers import user_status
username = '******'
self.create_user(username)
for i in range(11):
self.create_activity(username, user_status, note=str(i))
res = self.testapp.get('/people/%s/activities' % username, '', oauth2Header(username), status=200)
self.assertEqual(len(res.json), 10)
res = self.testapp.head('/people/%s/activities' % username, oauth2Header(username), status=200)
self.assertEqual(res.headers.get('X-totalItems'), '11')
def test_user_activities_stats_per_year(self):
from .mockers import user_status
username = '******'
self.create_user(username)
self.create_activity(username, user_status)
old_activity = deepcopy(user_status)
old_activity['published'] = '2010-01-01T00:01:30.000Z'
for i in range(11):
self.create_activity(username, old_activity, note=str(i))
res = self.testapp.get('/people/%s/activities?date_filter=2010' % username, '', oauth2Header(username), status=200)
self.assertEqual(len(res.json), 10)
res = self.testapp.head('/people/%s/activities?date_filter=2010' % username, oauth2Header(username), status=200)
self.assertEqual(res.headers.get('X-totalItems'), '11')
def test_user_activities_stats_without_activity(self):
username = '******'
self.create_user(username)
res = self.testapp.get('/people/%s/activities' % username, '', oauth2Header(username), status=200)
self.assertEqual(len(res.json), 0)
res = self.testapp.head('/people/%s/activities' % username, oauth2Header(username), status=200)
self.assertEqual(res.headers.get('X-totalItems'), '0')
def test_user_activities_stats_context_only(self):
from .mockers import user_status
username = '******'
self.create_user(username)
for i in range(11):
self.create_activity(username, user_status, note=str(i))
from .mockers import user_status_context
from .mockers import create_context
from .mockers import subscribe_context
from hashlib import sha1
self.create_context(create_context)
url_hash = sha1(create_context['url']).hexdigest()
self.admin_subscribe_user_to_context(username, subscribe_context)
self.create_activity(username, user_status_context)
res = self.testapp.head('/people/%s/activities?context=%s' % (username, url_hash), oauth2Header(username), status=200)
self.assertEqual(res.headers.get('X-totalItems'), '1')
def test_activities_stats_on_context(self):
from .mockers import user_status_context
from .mockers import create_context
from .mockers import subscribe_context
from hashlib import sha1
username = '******'
self.create_user(username)
self.create_context(create_context)
url_hash = sha1(create_context['url']).hexdigest()
self.admin_subscribe_user_to_context(username, subscribe_context)
for i in range(11):
self.create_activity(username, user_status_context, note=str(i))
res = self.testapp.get('/contexts/%s/activities' % (url_hash), '', oauth2Header(username), status=200)
self.assertEqual(len(res.json), 10)
res = self.testapp.head('/contexts/%s/activities' % (url_hash), oauth2Header(username), status=200)
self.assertEqual(res.headers.get('X-totalItems'), '11')
def test_global_activities_stats(self):
from .mockers import user_status
username = '******'
self.create_user(username)
for i in range(11):
self.create_activity(username, user_status, note=str(i))
res = self.testapp.get('/activities', '', oauth2Header(test_manager), status=200)
self.assertEqual(len(res.json), 10)
res = self.testapp.head('/activities', oauth2Header(test_manager), status=200)
self.assertEqual(res.headers.get('X-totalItems'), '11')
def test_global_comments_stats(self):
from .mockers import user_status, user_comment
username = '******'
self.create_user(username)
for i in range(11):
res = self.create_activity(username, user_status, note=str(i))
self.testapp.post('/activities/%s/comments' % res.json['id'], json.dumps(user_comment), oauth2Header(username), status=201)
res = self.testapp.get('/activities', '', oauth2Header(test_manager), status=200)
self.assertEqual(len(res.json), 10)
res = self.testapp.head('/activities/comments', oauth2Header(test_manager), status=200)
self.assertEqual(res.headers.get('X-totalItems'), '11')
def test_context_comments_stats(self):
from .mockers import user_status_context
from .mockers import create_context
from .mockers import subscribe_context
from .mockers import user_status_contextA
from .mockers import create_contextA
from .mockers import subscribe_contextA
from .mockers import user_comment
from hashlib import sha1
username = '******'
self.create_user(username)
self.create_context(create_context)
self.create_context(create_contextA)
self.admin_subscribe_user_to_context(username, subscribe_context)
self.admin_subscribe_user_to_context(username, subscribe_contextA)
url_hash = sha1(create_context['url']).hexdigest()
# These 2 comments MUST NOT be present on the results
for i in range(2):
res = self.create_activity(username, user_status_contextA, note=str(i))
self.testapp.post('/activities/%s/comments' % res.json['id'], json.dumps(user_comment), oauth2Header(username), status=201)
for i in range(11):
res = self.create_activity(username, user_status_context, note=str(i))
self.testapp.post('/activities/%s/comments' % res.json['id'], json.dumps(user_comment), oauth2Header(username), status=201)
res = self.testapp.head('/contexts/%s/comments' % url_hash, oauth2Header(test_manager), status=200)
self.assertEqual(res.headers.get('X-totalItems'), '11')
def test_get_comments_for_user_stats(self):
"""
Test get all comments for a user, both timeline and context
"""
from .mockers import user_status, user_comment
from .mockers import subscribe_context, create_context, user_status_context
username = '******'
self.create_user(username)
self.create_context(create_context)
self.admin_subscribe_user_to_context(username, subscribe_context)
activity = self.create_activity(username, user_status)
activity = activity.json
res = self.testapp.post('/activities/%s/comments' % str(activity.get('id')), json.dumps(user_comment), oauth2Header(username), status=201)
activity2 = self.create_activity(username, user_status_context)
activity2 = activity2.json
res = self.testapp.post('/activities/%s/comments' % str(activity2.get('id')), json.dumps(user_comment), oauth2Header(username), status=201)
res = self.testapp.head('/people/%s/comments' % username, oauth2Header(username), status=200)
self.assertEqual(res.headers.get('X-totalItems'), '2')
def test_timeline_authors(self):
"""
As a plain user
When i query the last eight authors that appear in my timeline
Then I get a list of persons
And I'm in that list
"""
from .mockers import user_status_context
from .mockers import create_context
from .mockers import subscribe_context
self.create_context(create_context)
# Create 20 users and subscribe to context
for i in range(20):
self.create_user('user-{}'.format(i))
self.admin_subscribe_user_to_context('user-{}'.format(i), subscribe_context)
# Create 2 consecutive activities for each user (backwards)
# The last user to post will be the first-created user
for usern in range(20)[::-1]:
for count in range(2):
self.create_activity('user-{}'.format(usern), user_status_context, note='user {}, note {}'.format(usern, count))
res = self.testapp.get('/people/{}/timeline/authors'.format('user-0'), '', oauth2Header('user-0'), status=200)
self.assertEqual(len(res.json), 8)
self.assertEqual(res.json[0]['username'], 'user-0')
self.assertEqual(res.json[7]['username'], 'user-7')
def test_timeline_authors_with_limit(self):
"""
As a plain user
When i query the last eight authors that appear in my timeline
Then I get a list of persons
And I'm in that list
"""
from .mockers import user_status_context
from .mockers import create_context
from .mockers import subscribe_context
self.create_context(create_context)
# Create 20 users and subscribe to context
for i in range(20):
self.create_user('user-{}'.format(i))
self.admin_subscribe_user_to_context('user-{}'.format(i), subscribe_context)
# Create 2 consecutive activities for each user (backwards)
# The last user to post will be the first-created user
for usern in range(20)[::-1]:
for count in range(2):
self.create_activity('user-{}'.format(usern), user_status_context, note='user {}, note {}'.format(usern, count))
res = self.testapp.get('/people/{}/timeline/authors?limit=3'.format('user-0'), '', oauth2Header('user-0'), status=200)
self.assertEqual(len(res.json), 3)
def test_timeline_authors_not_enough(self):
"""
As a plain user
When i query the last eight authors that appear in my timeline
Then I get a list of persons
And that list is smaller than the minimum expected
And I'm in that list
"""
from .mockers import user_status_context
from .mockers import create_context
from .mockers import subscribe_context
self.create_context(create_context)
# Create 20 users and subscribe to context
for i in range(3):
self.create_user('user-{}'.format(i))
self.admin_subscribe_user_to_context('user-{}'.format(i), subscribe_context)
# Create 2 consecutive activities for each user (backwards)
# The last user to post will be the first-created user
for usern in range(3)[::-1]:
for count in range(2):
self.create_activity('user-{}'.format(usern), user_status_context, note='user {}, note {}'.format(usern, count))
res = self.testapp.get('/people/{}/timeline/authors'.format('user-0'), '', oauth2Header('user-0'), status=200)
self.assertEqual(len(res.json), 3)
self.assertEqual(res.json[0]['username'], 'user-0')
self.assertEqual(res.json[2]['username'], 'user-2')
def test_context_authors(self):
"""
As a plain user
When i query the last eight authors that published in a context
Then I get a list of persons
And I am in that list
"""
from .mockers import user_status_context
from .mockers import create_context
from .mockers import subscribe_context
from hashlib import sha1
self.create_context(create_context)
url_hash = sha1(create_context['url']).hexdigest()
# Create 20 users and subscribe to context
# The last user to post will be the first-created user
for i in range(20):
self.create_user('user-{}'.format(i))
self.admin_subscribe_user_to_context('user-{}'.format(i), subscribe_context)
# Create 2 consecutive activities for each user
for usern in range(20)[::-1]:
for count in range(2):
self.create_activity('user-{}'.format(usern), user_status_context, note='user {}, note {}'.format(usern, count))
res = self.testapp.get('/contexts/{}/activities/authors'.format(url_hash), '', oauth2Header('user-0'), status=200)
self.assertEqual(len(res.json), 8)
self.assertEqual(res.json[0]['username'], 'user-0')
self.assertEqual(res.json[7]['username'], 'user-7')
def test_context_authors_with_limit(self):
"""
As a plain user
When i query the last three authors that published in a context
Then I get a list of 3 persons
"""
from .mockers import user_status_context
from .mockers import create_context
from .mockers import subscribe_context
from hashlib import sha1
self.create_context(create_context)
url_hash = sha1(create_context['url']).hexdigest()
# Create 20 users and subscribe to context
# The last user to post will be the first-created user
for i in range(20):
self.create_user('user-{}'.format(i))
self.admin_subscribe_user_to_context('user-{}'.format(i), subscribe_context)
# Create 2 consecutive activities for each user
for usern in range(20)[::-1]:
for count in range(2):
self.create_activity('user-{}'.format(usern), user_status_context, note='user {}, note {}'.format(usern, count))
res = self.testapp.get('/contexts/{}/activities/authors?limit=3'.format(url_hash), '', oauth2Header('user-0'), status=200)
self.assertEqual(len(res.json), 3)
def test_context_authors_not_enough(self):
"""
As a plain user
When i query the last eight authors that published in a context
Then I get a list of persons
And that list is smaller than the minimum expected
And I am in that list
"""
from .mockers import user_status_context
from .mockers import create_context
from .mockers import subscribe_context
from hashlib import sha1
self.create_context(create_context)
url_hash = sha1(create_context['url']).hexdigest()
# Create 20 users and subscribe to context
# The last user to post will be the first-created user
for i in range(3):
self.create_user('user-{}'.format(i))
self.admin_subscribe_user_to_context('user-{}'.format(i), subscribe_context)
# Create 2 consecutive activities for each user
for usern in range(3)[::-1]:
for count in range(2):
self.create_activity('user-{}'.format(usern), user_status_context, note='user {}, note {}'.format(usern, count))
res = self.testapp.get('/contexts/{}/activities/authors'.format(url_hash), '', oauth2Header('user-0'), status=200)
self.assertEqual(len(res.json), 3)
self.assertEqual(res.json[0]['username'], 'user-0')
self.assertEqual(res.json[2]['username'], 'user-2')
def test_context_authors_not_subscribed(self):
"""
As a plain user
When i query the last eight authors that published in a context
And i'm not subscribed to that context
Then I get a Forbidden error
"""
from .mockers import create_context
from hashlib import sha1
self.create_context(create_context, permissions={'read': 'subscribed'})
url_hash = sha1(create_context['url']).hexdigest()
username = '******'
self.create_user(username)
self.testapp.get('/contexts/{}/activities/authors'.format(url_hash), '', oauth2Header(username), status=403)