def test_custom_base_url(self):
app = Flask(__name__)
add_resource(app, Cartoon, "animations")
assert_allowed_methods("/animations", ["GET", "POST"], app)
assert_allowed_methods("/animations/1", ["GET", "DELETE", "PATCH"],
app)
def test_resource_with_composite_ident(self):
app = Flask(__name__)
add_resource(app, OrderLine)
assert_allowed_methods("/order-line", ["GET", "POST"], app)
assert_allowed_methods("/order-line/3,14", ["GET", "DELETE", "PATCH"],
app)
def test_update_resource(self, app, client):
_id = self.insert_data().id
add_resource(app, Todo)
# Request to R.R. Inc endpoint with the same id
token = login("RoadRunner", "rrinc", scope={"todo": ["write"]})
rv = client.patch(
f"/orgs/rrinc/todo/{_id}",
data=dumps({"task": "Do something"}),
content_type="application/json",
headers={"Authorization": token},
)
assert rv.status_code == 404, (
f"The status code should be 404 because the model id ({_id})"
" used in the URL belongs to another organization account.")
# Request to Acme endpoint
token = login("coyote", "acme", scope={"todo": ["write"]})
rv = client.patch(
f"/orgs/acme/todo/{_id}",
data=dumps({"task": "Do something"}),
content_type="application/json",
headers={"Authorization": token},
)
data = rv.get_json()
assert rv.status_code == 200
assert "org_id" not in data
todo = Todo.query.filter_by(id=_id).one()
assert todo.task == "Do something"
def test_resource_with_custom_ident(self):
app = Flask(__name__)
add_resource(app, Cartoon, ident="nickname")
assert_allowed_methods("/cartoon", ["GET", "POST"], app)
assert_allowed_methods("/cartoon/coyote", ["GET", "DELETE", "PATCH"],
app)
def test_delete(self, app, client):
add_resource(app, Cartoon, "cartoons", secure=False)
rv = client.delete("/cartoons/1")
assert rv.status_code == 200
rv = client.get("/cartoons/1")
assert rv.status_code == 404
def test_resource_with_composite_ident(self, app, client):
add_resource(app, OrderLine, secure=False)
rv = client.get("/order-line/1,2")
assert rv.status_code == 200
data = rv.get_json()
assert data["product_id"] == 2
def test_invalid_payload(self, app, client):
add_resource(app, Cartoon, secure=False)
rv = client.patch(
"/cartoon/1",
data=dumps({"unknown": "Fried chicken"}),
content_type="application/json",
)
assert rv.status_code == 400
def test_list_endpoint(self, app, client):
add_resource(app, Cartoon, secure=False)
rv = client.get("/cartoon")
assert rv.status_code == 200
data = rv.get_json()
assert len(data) == 3
def test_exclude_http_methods(self):
app = Flask(__name__)
add_resource(app,
Cartoon,
methods={
"list": ["GET"],
"item": ["GET", "PATCH"]
})
assert_allowed_methods("/cartoon", ["GET"], app)
assert_allowed_methods("/cartoon/1", ["GET", "PATCH"], app)
def test_add_item_endpoint(self, client, app, secure=False):
add_resource(app, Cartoon, secure=False)
rv = client.post(
"/cartoon",
data=dumps({"name": "Yosemite Sam"}),
content_type="application/json",
)
assert rv.status_code == 201
data = rv.get_json()
assert data["name"] == "Yosemite Sam"
def test_custom_authorized_parent_resource(self, app, client):
_id = self.insert_data().id
add_resource(app, Todo, parent_resource="theboss")
# manually collect resource/action registered using require_auth.
app.auth._collect_metadata()
token = login("coyote", "acme", scope={"theboss": ["read"]})
headers = {"Authorization": token}
rv = client.get(f"/orgs/acme/todo/{_id}", headers=headers)
assert rv.status_code == 200
def test_endpoint_name(self):
app = Flask(__name__)
add_resource(app, Cartoon)
adapter = app.url_map.bind("")
list_endpoint = adapter.match("/cartoon")
add_endpoint = adapter.match("/cartoon", method="POST")
get_endpoint = adapter.match("/cartoon/1")
update_endpoint = adapter.match("/cartoon/1", method="PATCH")
delete_endpoint = adapter.match("/cartoon/1", method="DELETE")
assert list_endpoint[0] == "list_cartoon"
assert add_endpoint[0] == "add_cartoon"
assert get_endpoint[0] == "get_cartoon"
assert update_endpoint[0] == "update_cartoon"
assert delete_endpoint[0] == "delete_cartoon"
def test_custom_resource_name(self):
app = Flask(__name__)
add_resource(app, Cartoon, resource_name="film")
func = get_view_function("/cartoon", app=app)[0]
assert func._auth_metadata["resource"] == "film"
func = get_view_function("/cartoon", method="POST", app=app)[0]
assert func._auth_metadata["resource"] == "film"
func = get_view_function("/cartoon/1", method="PATCH", app=app)[0]
assert func._auth_metadata["resource"] == "film"
func = get_view_function("/cartoon/1", method="DELETE", app=app)[0]
assert func._auth_metadata["resource"] == "film"
def test_update(self, app, client):
add_resource(app, Cartoon, secure=False)
rv = client.patch(
"/cartoon/1",
data=dumps({"name": "Super H."}),
content_type="application/json",
)
data = rv.get_json()
assert rv.status_code == 200
assert data["name"] == "Super H."
rv = client.get("/cartoon/1")
data = rv.get_json()
assert rv.status_code == 200
assert data["name"] == "Super H."
def test_delete_resource(self, app, client):
_id = self.insert_data().id
add_resource(app, Todo)
# Request to R.R. Inc.
token = login("RoadRunner", "rrinc", scope={"todo": ["delete"]})
headers = {"Authorization": token}
rv = client.delete(f"/orgs/rrinc/todo/{_id}", headers=headers)
assert rv.status_code == 404, (
f"The status code should be 404 because the model id ({_id})"
" used in the URL belongs to another organization account.")
# Request to Acme
token = login("coyote", "acme", scope={"todo": ["delete"]})
headers = {"Authorization": token}
rv = client.delete(f"/orgs/acme/todo/{_id}", headers=headers)
assert rv.status_code == 200
assert Todo.query.get(_id) is None
def test_add_resource(self, app, client):
add_resource(app, Todo)
token = login("coyote", "acme", scope={"todo": ["write"]})
rv = client.post(
"/orgs/acme/todo",
data=dumps({"task": "Do something"}),
content_type="application/json",
headers={"Authorization": token},
)
data = rv.get_json()
assert rv.status_code == 201
assert "org_id" not in data
org = Org.query.filter_by(orgname="acme").one()
todo = Todo.query.get(data["id"])
assert org.id == todo.org_id
def test_list_resource(self, app, client):
_id = self.insert_data().id
add_resource(app, Todo)
# Request to Acme endpoint
token = login("coyote", "acme", scope={"todo": ["read"]})
rv = client.get(f"/orgs/acme/todo", headers={"Authorization": token})
data = rv.get_json()
assert rv.status_code == 200
assert data[0]["id"] == _id
assert "org_id" not in data[0]
# Request to R.R. Inc endpoint
token = login("RoadRunner", "rrinc", scope={"todo": ["read"]})
rv = client.get(f"/orgs/rrinc/todo", headers={"Authorization": token})
data = rv.get_json()
assert rv.status_code == 200
assert len(data) == 0
def test_get_resource(self, app, client):
_id = self.insert_data().id
add_resource(app, Todo)
# Request to R.R. Inc endpoint
token = login("RoadRunner", "rrinc", scope={"todo": ["read"]})
rv = client.get(f"/orgs/rrinc/todo/{_id}",
headers={"Authorization": token})
assert rv.status_code == 404, (
f"The status code should be 404 because the model id ({_id})"
" used in the URL belongs to another organization account.")
# Request to Acme endpoint
token = login("coyote", "acme", scope={"todo": ["read"]})
rv = client.get(f"/orgs/acme/todo/{_id}",
headers={"Authorization": token})
data = rv.get_json()
assert rv.status_code == 200
assert data["id"] == _id
assert data["task"] == "Stop being lazy"
assert "org_id" not in data
def test_get_resource_list(self, app, client):
add_resource(app, Cartoon)
token = login("coyote", scope={"cartoon": ["read"]})
rv = client.get("/cartoon", headers={"Authorization": token})
assert rv.status_code != 401
def test_add_organization_resource(self, app):
add_resource(app, Todo, "todos")
assert_allowed_methods("/orgs/acme/todos", ["GET", "POST"], app)
assert_allowed_methods("/orgs/acme/todos/1",
["GET", "DELETE", "PATCH"], app)
def test_get_resource(self, app, client):
add_resource(app, Cartoon, secure=False)
rv = client.get("/cartoon/1")
assert rv.status_code == 200
def test_unknown_resource_with_custom_ident(self, app, client):
add_resource(app, Cartoon, ident="nickname", secure=False)
rv = client.get("/cartoon/unknown")
assert rv.status_code == 404
def test_unknown_resource(self, app, client):
add_resource(app, Cartoon, "cartoons", secure=False)
rv = client.patch("/cartoons/100")
assert rv.status_code == 404
def test_basic_usage(self):
app = Flask(__name__)
add_resource(app, Cartoon)
assert_allowed_methods("/cartoon", ["GET", "POST"], app)
assert_allowed_methods("/cartoon/1", ["GET", "DELETE", "PATCH"], app)
def test_endpoint_with_same_resource_name(self):
app = Flask(__name__)
add_resource(app, Cartoon, resource_name="catalog")
add_resource(app, Product, resource_name="catalog")
def test_delete_resource_item(self, app, client):
add_resource(app, Cartoon)
token = login("coyote", scope={"cartoon": ["delete"]})
rv = client.delete("/cartoon", headers={"Authorization": token})
assert rv.status_code != 401
def add_resource(self, modelcls, base_url=None, **options):
add_resource(self, modelcls, base_url=base_url, **options)
