def test_custom_base_url(self): app = Flask(__name__) add_resource(app, Cartoon, "animations") assert_allowed_methods("/animations", ["GET", "POST"], app) assert_allowed_methods("/animations/1", ["GET", "DELETE", "PATCH"], app)
def test_resource_with_composite_ident(self): app = Flask(__name__) add_resource(app, OrderLine) assert_allowed_methods("/order-line", ["GET", "POST"], app) assert_allowed_methods("/order-line/3,14", ["GET", "DELETE", "PATCH"], app)
def test_update_resource(self, app, client): _id = self.insert_data().id add_resource(app, Todo) # Request to R.R. Inc endpoint with the same id token = login("RoadRunner", "rrinc", scope={"todo": ["write"]}) rv = client.patch( f"/orgs/rrinc/todo/{_id}", data=dumps({"task": "Do something"}), content_type="application/json", headers={"Authorization": token}, ) assert rv.status_code == 404, ( f"The status code should be 404 because the model id ({_id})" " used in the URL belongs to another organization account.") # Request to Acme endpoint token = login("coyote", "acme", scope={"todo": ["write"]}) rv = client.patch( f"/orgs/acme/todo/{_id}", data=dumps({"task": "Do something"}), content_type="application/json", headers={"Authorization": token}, ) data = rv.get_json() assert rv.status_code == 200 assert "org_id" not in data todo = Todo.query.filter_by(id=_id).one() assert todo.task == "Do something"
def test_resource_with_custom_ident(self): app = Flask(__name__) add_resource(app, Cartoon, ident="nickname") assert_allowed_methods("/cartoon", ["GET", "POST"], app) assert_allowed_methods("/cartoon/coyote", ["GET", "DELETE", "PATCH"], app)
def test_delete(self, app, client): add_resource(app, Cartoon, "cartoons", secure=False) rv = client.delete("/cartoons/1") assert rv.status_code == 200 rv = client.get("/cartoons/1") assert rv.status_code == 404
def test_resource_with_composite_ident(self, app, client): add_resource(app, OrderLine, secure=False) rv = client.get("/order-line/1,2") assert rv.status_code == 200 data = rv.get_json() assert data["product_id"] == 2
def test_invalid_payload(self, app, client): add_resource(app, Cartoon, secure=False) rv = client.patch( "/cartoon/1", data=dumps({"unknown": "Fried chicken"}), content_type="application/json", ) assert rv.status_code == 400
def test_list_endpoint(self, app, client): add_resource(app, Cartoon, secure=False) rv = client.get("/cartoon") assert rv.status_code == 200 data = rv.get_json() assert len(data) == 3
def test_exclude_http_methods(self): app = Flask(__name__) add_resource(app, Cartoon, methods={ "list": ["GET"], "item": ["GET", "PATCH"] }) assert_allowed_methods("/cartoon", ["GET"], app) assert_allowed_methods("/cartoon/1", ["GET", "PATCH"], app)
def test_add_item_endpoint(self, client, app, secure=False): add_resource(app, Cartoon, secure=False) rv = client.post( "/cartoon", data=dumps({"name": "Yosemite Sam"}), content_type="application/json", ) assert rv.status_code == 201 data = rv.get_json() assert data["name"] == "Yosemite Sam"
def test_custom_authorized_parent_resource(self, app, client): _id = self.insert_data().id add_resource(app, Todo, parent_resource="theboss") # manually collect resource/action registered using require_auth. app.auth._collect_metadata() token = login("coyote", "acme", scope={"theboss": ["read"]}) headers = {"Authorization": token} rv = client.get(f"/orgs/acme/todo/{_id}", headers=headers) assert rv.status_code == 200
def test_endpoint_name(self): app = Flask(__name__) add_resource(app, Cartoon) adapter = app.url_map.bind("") list_endpoint = adapter.match("/cartoon") add_endpoint = adapter.match("/cartoon", method="POST") get_endpoint = adapter.match("/cartoon/1") update_endpoint = adapter.match("/cartoon/1", method="PATCH") delete_endpoint = adapter.match("/cartoon/1", method="DELETE") assert list_endpoint[0] == "list_cartoon" assert add_endpoint[0] == "add_cartoon" assert get_endpoint[0] == "get_cartoon" assert update_endpoint[0] == "update_cartoon" assert delete_endpoint[0] == "delete_cartoon"
def test_custom_resource_name(self): app = Flask(__name__) add_resource(app, Cartoon, resource_name="film") func = get_view_function("/cartoon", app=app)[0] assert func._auth_metadata["resource"] == "film" func = get_view_function("/cartoon", method="POST", app=app)[0] assert func._auth_metadata["resource"] == "film" func = get_view_function("/cartoon/1", method="PATCH", app=app)[0] assert func._auth_metadata["resource"] == "film" func = get_view_function("/cartoon/1", method="DELETE", app=app)[0] assert func._auth_metadata["resource"] == "film"
def test_update(self, app, client): add_resource(app, Cartoon, secure=False) rv = client.patch( "/cartoon/1", data=dumps({"name": "Super H."}), content_type="application/json", ) data = rv.get_json() assert rv.status_code == 200 assert data["name"] == "Super H." rv = client.get("/cartoon/1") data = rv.get_json() assert rv.status_code == 200 assert data["name"] == "Super H."
def test_delete_resource(self, app, client): _id = self.insert_data().id add_resource(app, Todo) # Request to R.R. Inc. token = login("RoadRunner", "rrinc", scope={"todo": ["delete"]}) headers = {"Authorization": token} rv = client.delete(f"/orgs/rrinc/todo/{_id}", headers=headers) assert rv.status_code == 404, ( f"The status code should be 404 because the model id ({_id})" " used in the URL belongs to another organization account.") # Request to Acme token = login("coyote", "acme", scope={"todo": ["delete"]}) headers = {"Authorization": token} rv = client.delete(f"/orgs/acme/todo/{_id}", headers=headers) assert rv.status_code == 200 assert Todo.query.get(_id) is None
def test_add_resource(self, app, client): add_resource(app, Todo) token = login("coyote", "acme", scope={"todo": ["write"]}) rv = client.post( "/orgs/acme/todo", data=dumps({"task": "Do something"}), content_type="application/json", headers={"Authorization": token}, ) data = rv.get_json() assert rv.status_code == 201 assert "org_id" not in data org = Org.query.filter_by(orgname="acme").one() todo = Todo.query.get(data["id"]) assert org.id == todo.org_id
def test_list_resource(self, app, client): _id = self.insert_data().id add_resource(app, Todo) # Request to Acme endpoint token = login("coyote", "acme", scope={"todo": ["read"]}) rv = client.get(f"/orgs/acme/todo", headers={"Authorization": token}) data = rv.get_json() assert rv.status_code == 200 assert data[0]["id"] == _id assert "org_id" not in data[0] # Request to R.R. Inc endpoint token = login("RoadRunner", "rrinc", scope={"todo": ["read"]}) rv = client.get(f"/orgs/rrinc/todo", headers={"Authorization": token}) data = rv.get_json() assert rv.status_code == 200 assert len(data) == 0
def test_get_resource(self, app, client): _id = self.insert_data().id add_resource(app, Todo) # Request to R.R. Inc endpoint token = login("RoadRunner", "rrinc", scope={"todo": ["read"]}) rv = client.get(f"/orgs/rrinc/todo/{_id}", headers={"Authorization": token}) assert rv.status_code == 404, ( f"The status code should be 404 because the model id ({_id})" " used in the URL belongs to another organization account.") # Request to Acme endpoint token = login("coyote", "acme", scope={"todo": ["read"]}) rv = client.get(f"/orgs/acme/todo/{_id}", headers={"Authorization": token}) data = rv.get_json() assert rv.status_code == 200 assert data["id"] == _id assert data["task"] == "Stop being lazy" assert "org_id" not in data
def test_get_resource_list(self, app, client): add_resource(app, Cartoon) token = login("coyote", scope={"cartoon": ["read"]}) rv = client.get("/cartoon", headers={"Authorization": token}) assert rv.status_code != 401
def test_add_organization_resource(self, app): add_resource(app, Todo, "todos") assert_allowed_methods("/orgs/acme/todos", ["GET", "POST"], app) assert_allowed_methods("/orgs/acme/todos/1", ["GET", "DELETE", "PATCH"], app)
def test_get_resource(self, app, client): add_resource(app, Cartoon, secure=False) rv = client.get("/cartoon/1") assert rv.status_code == 200
def test_unknown_resource_with_custom_ident(self, app, client): add_resource(app, Cartoon, ident="nickname", secure=False) rv = client.get("/cartoon/unknown") assert rv.status_code == 404
def test_unknown_resource(self, app, client): add_resource(app, Cartoon, "cartoons", secure=False) rv = client.patch("/cartoons/100") assert rv.status_code == 404
def test_basic_usage(self): app = Flask(__name__) add_resource(app, Cartoon) assert_allowed_methods("/cartoon", ["GET", "POST"], app) assert_allowed_methods("/cartoon/1", ["GET", "DELETE", "PATCH"], app)
def test_endpoint_with_same_resource_name(self): app = Flask(__name__) add_resource(app, Cartoon, resource_name="catalog") add_resource(app, Product, resource_name="catalog")
def test_delete_resource_item(self, app, client): add_resource(app, Cartoon) token = login("coyote", scope={"cartoon": ["delete"]}) rv = client.delete("/cartoon", headers={"Authorization": token}) assert rv.status_code != 401
def add_resource(self, modelcls, base_url=None, **options): add_resource(self, modelcls, base_url=base_url, **options)