def test_user_can_only_see_Comments_created_by_own_user(self): """ Tests whether the user can only see Comments created by the own user, not by other users :return: """ # add permission for creating Comments to user1 self.user1.user_permissions.add( self.add_comment_without_project_permission) # add permission for creating Comments to user2 self.user2.user_permissions.add( self.add_comment_without_project_permission) # there should be zero Comments self.assertEquals(Comment.objects.all().count(), 0, msg="There should be zero Comments to begin with") # try creating a comment without a project for user1 (token1) response = self.rest_create_comment(self.token1, None, "Test Description", HTTP_USER_AGENT, REMOTE_ADDR) self.assertEqual(response.status_code, status.HTTP_201_CREATED) # try creating a comment without a project for user2 (token2) response = self.rest_create_comment(self.token2, None, "Test Description", HTTP_USER_AGENT, REMOTE_ADDR) self.assertEqual(response.status_code, status.HTTP_201_CREATED) # there should be two Comments self.assertEqual(Comment.objects.all().count(), 2, msg="There should be two Comments") # try quering the rest endpoint for user1 - there should only be one comment response = self.rest_get_comments(self.token1, HTTP_USER_AGENT, REMOTE_ADDR) self.assertEqual(response.status_code, status.HTTP_200_OK) # check the response decoded = json.loads(response.content.decode()) decoded = test_utils.get_paginated_results(decoded) # should contain exactly no Comments self.assertEqual( len(decoded), 1, msg="There should only be one comment visible for user1") # try quering the rest endpoint for user2 - there should only be one comment response = self.rest_get_comments(self.token2, HTTP_USER_AGENT, REMOTE_ADDR) self.assertEqual(response.status_code, status.HTTP_200_OK) # check the response decoded = json.loads(response.content.decode()) decoded = test_utils.get_paginated_results(decoded) # should contain exactly no Comments self.assertEqual( len(decoded), 1, msg="There should only be one comment visible for user2")
def test_user_can_see_assigned_tasks(self): """ Tests whether a user can see tasks that he does not own, but are assigned to them """ # add permission for creating Tasks to user1 self.user1.user_permissions.add( self.add_task_without_project_permission) # add permission for creating Tasks to user2 self.user2.user_permissions.add( self.add_task_without_project_permission) # there should be zero Tasks self.assertEquals(Task.objects.all().count(), 0, msg="There should be zero Tasks to begin with") # try creating a task without a project for user1 (token1) response = self.rest_create_task( self.token1, None, "Test Task", "Test Description", Task.TASK_STATE_NEW, Task.TASK_PRIORITY_HIGH, datetime.now(), datetime.now() + timedelta(days=30), self.user1.pk, HTTP_USER_AGENT, REMOTE_ADDR) self.assertEqual(response.status_code, status.HTTP_201_CREATED) # try creating a task without a project for user1 (token1), but assigned to user2 response = self.rest_create_task( self.token1, None, "Test Task", "Test Description", Task.TASK_STATE_NEW, Task.TASK_PRIORITY_HIGH, datetime.now(), datetime.now() + timedelta(days=30), self.user2.pk, HTTP_USER_AGENT, REMOTE_ADDR) self.assertEqual(response.status_code, status.HTTP_201_CREATED) # there should be two Tasks self.assertEqual(Task.objects.all().count(), 2, msg="There should be two Tasks") # try quering the rest endpoint for user1 - there should only be one task response = self.rest_get_tasks(self.token1, HTTP_USER_AGENT, REMOTE_ADDR) self.assertEqual(response.status_code, status.HTTP_200_OK) # check the response decoded = json.loads(response.content.decode()) decoded = test_utils.get_paginated_results(decoded) # should contain exactly no Tasks self.assertEqual( len(decoded), 2, msg="There should only be two tasks visible for user1") # try quering the rest endpoint for user2 - there should only be one task response = self.rest_get_tasks(self.token2, HTTP_USER_AGENT, REMOTE_ADDR) self.assertEqual(response.status_code, status.HTTP_200_OK) # check the response decoded = json.loads(response.content.decode()) decoded = test_utils.get_paginated_results(decoded) # should contain exactly no Tasks self.assertEqual(len(decoded), 1, msg="There should only be one task visible for user2")
def test_create_and_get_notes(self): """ Test getting all users and finding specific users """ project = self.create_project(self.token1, "My Own Project", "Nobody else has access to this project", Project.STARTED, HTTP_USER_AGENT, REMOTE_ADDR) # get all Notes from rest api for this project response = self.rest_get_notes_for_project(self.token1, project.pk, HTTP_USER_AGENT, REMOTE_ADDR) self.assertEqual(response.status_code, status.HTTP_200_OK) # check the response decoded = json.loads(response.content.decode()) decoded = test_utils.get_paginated_results(decoded) # should contain exactly no Notes self.assertEqual(len(decoded), 0) # create a note note, response = self.create_note_orm(self.token1, project.pk, "Test Note", "Test Description", HTTP_USER_AGENT, REMOTE_ADDR) self.assertEqual(response.status_code, status.HTTP_201_CREATED) self.assertEqual(note.subject, "Test Note") # get all Notes from rest api for this project response = self.rest_get_notes_for_project(self.token1, project.pk, HTTP_USER_AGENT, REMOTE_ADDR) self.assertEqual(response.status_code, status.HTTP_200_OK) # check the response decoded = json.loads(response.content.decode()) decoded = test_utils.get_paginated_results(decoded) # should contain exactly one Notes self.assertEqual(len(decoded), 1) # create another note response = self.rest_create_note(self.token1, project.pk, "Another Test Note", "Another Test Description", HTTP_USER_AGENT, REMOTE_ADDR) self.assertEqual(response.status_code, status.HTTP_201_CREATED) # get all Notes from rest api for this project response = self.rest_get_notes_for_project(self.token1, project.pk, HTTP_USER_AGENT, REMOTE_ADDR) self.assertEqual(response.status_code, status.HTTP_200_OK) # check the response decoded = json.loads(response.content.decode()) decoded = test_utils.get_paginated_results(decoded) # should contain exactly two Notes self.assertEqual(len(decoded), 2) # update first note response = self.rest_update_note(self.token1, note.pk, project.pk, "Test Note Title", "Test Note Description", HTTP_USER_AGENT, REMOTE_ADDR) decoded = json.loads(response.content.decode()) self.assertEqual(response.status_code, status.HTTP_200_OK) # get note object from db note = Note.objects.get(pk=decoded['pk']) self.assertEqual(note.subject, "Test Note Title")
def test_can_not_assign_directory_if_directory_is_not_editable(self): """ Tests that the current user can not assign a file to a directory that is not editable :return: """ # create drive drive, response = self.create_drive_orm(self.token1, None, "Some title", HTTP_USER_AGENT, REMOTE_ADDR) self.assertEquals(response.status_code, status.HTTP_201_CREATED) # get root directory of the drive root_dir = drive.sub_directories.all()[0].pk # create a directory within the drive response = self.rest_drive_create_directory(self.token1, str(drive.pk), "My dir", root_dir, HTTP_USER_AGENT, REMOTE_ADDR) self.assertEquals(response.status_code, status.HTTP_201_CREATED) decoded_directory = json.loads(response.content.decode()) # get all files within this drive (should be none) response = self.rest_drive_get_files(self.token1, str(drive.pk), HTTP_USER_AGENT, REMOTE_ADDR) self.assertEquals(response.status_code, status.HTTP_200_OK) decoded_files = json.loads(response.content.decode()) decoded_files = test_utils.get_paginated_results(decoded_files) self.assertEquals(len(decoded_files), 0) # give user2 view privileges for the drive response = self.rest_create_privilege(self.token1, "drives", str(drive.pk), self.user2.pk, HTTP_USER_AGENT, REMOTE_ADDR) self.assertEquals(response.status_code, status.HTTP_201_CREATED) decoded_privilege = json.loads(response.content.decode()) # update privilege decoded_privilege['view_privilege'] = ModelPrivilege.ALLOW response = self.rest_update_privilege(self.token1, "drives", str(drive.pk), self.user2.pk, decoded_privilege, HTTP_USER_AGENT, REMOTE_ADDR) self.assertEquals(response.status_code, status.HTTP_200_OK) # create a file with user2 response = self.rest_create_file(self.token2, None, "User2 file", "description", "my_file.txt", 1024, HTTP_USER_AGENT, REMOTE_ADDR) self.assertEquals(response.status_code, status.HTTP_201_CREATED) decoded_file = json.loads(response.content.decode()) # let user2 assign the file to the directory of drive of user1 (should not work) response = self.rest_update_file_set_directory(self.token2, decoded_file['pk'], decoded_directory['pk'], HTTP_USER_AGENT, REMOTE_ADDR) self.assertEquals(response.status_code, status.HTTP_400_BAD_REQUEST) # get all files within this drive (should be none) response = self.rest_drive_get_files(self.token1, str(drive.pk), HTTP_USER_AGENT, REMOTE_ADDR) self.assertEquals(response.status_code, status.HTTP_200_OK) decoded_files = json.loads(response.content.decode()) decoded_files = test_utils.get_paginated_results(decoded_files) self.assertEquals(len(decoded_files), 0)
def test_assign_file_to_directory(self): """ Tests that files can be assigned to directories """ # create drive drive, response = self.create_drive_orm(self.token1, None, "Some title", HTTP_USER_AGENT, REMOTE_ADDR) self.assertEquals(response.status_code, status.HTTP_201_CREATED) # get root directory of the drive root_dir = drive.sub_directories.all()[0].pk # create a directory within the drive response = self.rest_drive_create_directory(self.token1, str(drive.pk), "My dir", root_dir, HTTP_USER_AGENT, REMOTE_ADDR) self.assertEquals(response.status_code, status.HTTP_201_CREATED) decoded_directory = json.loads(response.content.decode()) # create a file response = self.rest_create_file(self.token1, None, "My file", "M description", "my_file.txt", 1024, HTTP_USER_AGENT, REMOTE_ADDR) self.assertEquals(response.status_code, status.HTTP_201_CREATED) decoded_file = json.loads(response.content.decode()) # assign file to directory response = self.rest_update_file_set_directory(self.token1, decoded_file['pk'], decoded_directory['pk'], HTTP_USER_AGENT, REMOTE_ADDR) self.assertEquals(response.status_code, status.HTTP_200_OK) # get all files within this drive (should be one) response = self.rest_drive_get_files(self.token1, str(drive.pk), HTTP_USER_AGENT, REMOTE_ADDR) self.assertEquals(response.status_code, status.HTTP_200_OK) decoded_files = json.loads(response.content.decode()) decoded_files = test_utils.get_paginated_results(decoded_files) self.assertEquals(len(decoded_files), 1) self.assertEquals(decoded_files[0]['pk'], decoded_file['pk'])
def test_can_not_create_directory_without_permission(self): """ Tests that creating a directory fails when the user does not have the proper privilege/permission """ # create drive drive, response = self.create_drive_orm(self.token1, None, "Some title", HTTP_USER_AGENT, REMOTE_ADDR) self.assertEquals(response.status_code, status.HTTP_201_CREATED) # get root directory of the drive root_dir = drive.sub_directories.all()[0].pk # create a directory within the drive response = self.rest_drive_create_directory(self.token1, str(drive.pk), "My dir", root_dir, HTTP_USER_AGENT, REMOTE_ADDR) self.assertEquals(response.status_code, status.HTTP_201_CREATED) decoded_directory = json.loads(response.content.decode()) # get all files within this drive (should be none) response = self.rest_drive_get_files(self.token1, str(drive.pk), HTTP_USER_AGENT, REMOTE_ADDR) self.assertEquals(response.status_code, status.HTTP_200_OK) decoded_files = json.loads(response.content.decode()) decoded_files = test_utils.get_paginated_results(decoded_files) self.assertEquals(len(decoded_files), 0) # give user2 view privileges for the drive response = self.rest_create_privilege(self.token1, "drives", str(drive.pk), self.user2.pk, HTTP_USER_AGENT, REMOTE_ADDR) self.assertEquals(response.status_code, status.HTTP_201_CREATED) decoded_privilege = json.loads(response.content.decode()) decoded_privilege['view_privilege'] = ModelPrivilege.ALLOW response = self.rest_update_privilege(self.token1, "drives", str(drive.pk), self.user2.pk, decoded_privilege, HTTP_USER_AGENT, REMOTE_ADDR) self.assertEquals(response.status_code, status.HTTP_200_OK) decoded_privilege = json.loads(response.content.decode()) # now user2 tries to create a directory within this drive (should not work) response = self.rest_drive_create_directory(self.token2, str(drive.pk), "My Subdir", root_dir, HTTP_USER_AGENT, REMOTE_ADDR) self.assertEquals(response.status_code, status.HTTP_403_FORBIDDEN) # give user2 the edit privilege for the drive decoded_privilege['edit_privilege'] = ModelPrivilege.ALLOW response = self.rest_update_privilege(self.token1, "drives", str(drive.pk), self.user2.pk, decoded_privilege, HTTP_USER_AGENT, REMOTE_ADDR) self.assertEquals(response.status_code, status.HTTP_200_OK) decoded_privilege = json.loads(response.content.decode()) # now user2 should be able to create a directory within this drive response = self.rest_drive_create_directory(self.token2, str(drive.pk), "My Subdir", root_dir, HTTP_USER_AGENT, REMOTE_ADDR) self.assertEquals(response.status_code, status.HTTP_201_CREATED)
def test_kanbanboard_privileges_for_project_members(self): """ Tests that Project Members get view, edit, trash and restore privileges :return: """ # create a new kanbanboard with user1 response = self.rest_create_kanbanboard(self.token1, HTTP_USER_AGENT=HTTP_USER_AGENT, REMOTE_ADDR=REMOTE_ADDR, **self.data[10]) self.assertEquals(response.status_code, status.HTTP_201_CREATED) decoded_response = json.loads(response.content.decode()) kanbanboard = KanbanBoard.objects.filter(pk=decoded_response['pk']).first() # user2 should see the kanbanboard response = self.rest_get_kanbanboards(self.token2, HTTP_USER_AGENT, REMOTE_ADDR) self.assertEquals(response.status_code, status.HTTP_200_OK) decoded_list = json.loads(response.content.decode()) decoded_list = test_utils.get_paginated_results(decoded_list) self.assertEquals(len(decoded_list), 1, msg="User 2 should see 1 kanbanboard") # and there should be a view, edit, trash and restore privilege listed for user 2 response = self.rest_get_privileges(self.token1, "kanbanboards", kanbanboard.pk, HTTP_USER_AGENT, REMOTE_ADDR) self.assertEquals(response.status_code, status.HTTP_200_OK) decoded_privileges = json.loads(response.content.decode()) self.assertEquals(len(decoded_privileges), 2, msg="There should be two privileges for this kanbanboard") # privilege 0 should be for user1 self.assertEquals(decoded_privileges[0]['user']['pk'], self.user1.pk) # and privilege 1 should be for user2 self.assertEquals(decoded_privileges[1]['user']['pk'], self.user2.pk) # verify that user1 is the owner self.assertEquals(decoded_privileges[0]['full_access_privilege'], ModelPrivilege.ALLOW) # verify that user2 has view, edit, trash and restore privilege self.assertEquals(decoded_privileges[1]['full_access_privilege'], ModelPrivilege.NEUTRAL) self.assertEquals(decoded_privileges[1]['view_privilege'], ModelPrivilege.ALLOW) self.assertEquals(decoded_privileges[1]['edit_privilege'], ModelPrivilege.ALLOW) self.assertEquals(decoded_privileges[1]['delete_privilege'], ModelPrivilege.NEUTRAL) self.assertEquals(decoded_privileges[1]['trash_privilege'], ModelPrivilege.ALLOW) self.assertEquals(decoded_privileges[1]['restore_privilege'], ModelPrivilege.ALLOW)
def test_task_privileges_for_assigned_users(self): """ Tests that assigned users of a task automatically get the view and edit privilege :return: """ # create a new task with user1 (should work) response = self.rest_create_task(self.token1, HTTP_USER_AGENT=HTTP_USER_AGENT, REMOTE_ADDR=REMOTE_ADDR, **self.data[0]) self.assertEquals(response.status_code, status.HTTP_201_CREATED) decoded_response = json.loads(response.content.decode()) task = Task.objects.filter(pk=decoded_response['pk']).first() # query all tasks with user2 (should be zero tasks) response = self.rest_get_tasks(self.token2, HTTP_USER_AGENT, REMOTE_ADDR) self.assertEquals(response.status_code, status.HTTP_200_OK) decoded_list = json.loads(response.content.decode()) decoded_list = test_utils.get_paginated_results(decoded_list) self.assertEquals(len(decoded_list), 0, msg="User 2 should see 0 tasks") # add user2 as an assigned user of the task response = self.rest_update_task_assigned_users(self.token1, task.pk, [self.user2.pk], HTTP_USER_AGENT, REMOTE_ADDR) self.assertEquals(response.status_code, status.HTTP_200_OK) # now user2 should see the task response = self.rest_get_tasks(self.token2, HTTP_USER_AGENT, REMOTE_ADDR) self.assertEquals(response.status_code, status.HTTP_200_OK) decoded_list = json.loads(response.content.decode()) decoded_list = test_utils.get_paginated_results(decoded_list) self.assertEquals(len(decoded_list), 1, msg="User 2 should see 1 task") # and there should be a view and edit privilege listed for user 2 response = self.rest_get_privileges(self.token1, "tasks", task.pk, HTTP_USER_AGENT, REMOTE_ADDR) self.assertEquals(response.status_code, status.HTTP_200_OK) decoded_privileges = json.loads(response.content.decode()) self.assertEquals(len(decoded_privileges), 2, msg="There should be two privileges for this task") # privilege 0 should be for user1 self.assertEquals(decoded_privileges[0]['user']['pk'], self.user1.pk) # and privilege 1 should be for user2 self.assertEquals(decoded_privileges[1]['user']['pk'], self.user2.pk) # verify that user1 is the owner self.assertEquals(decoded_privileges[0]['full_access_privilege'], ModelPrivilege.ALLOW) # verify that user2 only has view and edit privilege self.assertEquals(decoded_privileges[1]['full_access_privilege'], ModelPrivilege.NEUTRAL) self.assertEquals(decoded_privileges[1]['view_privilege'], ModelPrivilege.ALLOW) self.assertEquals(decoded_privileges[1]['edit_privilege'], ModelPrivilege.ALLOW) self.assertEquals(decoded_privileges[1]['delete_privilege'], ModelPrivilege.NEUTRAL) self.assertEquals(decoded_privileges[1]['restore_privilege'], ModelPrivilege.NEUTRAL) # now override the view_privilege for user2 decoded_privileges[1]['view_privilege'] = ModelPrivilege.DENY decoded_privileges[1]['edit_privilege'] = ModelPrivilege.DENY decoded_privileges[1]['trash_privilege'] = ModelPrivilege.DENY decoded_privileges[1]['delete_privilege'] = ModelPrivilege.DENY decoded_privileges[1]['restore_privilege'] = ModelPrivilege.DENY response = self.rest_update_privilege(self.token1, "tasks", task.pk, self.user2.pk, decoded_privileges[1], HTTP_USER_AGENT, REMOTE_ADDR) self.assertEquals(response.status_code, status.HTTP_200_OK) # now user2 should not be able to see the task response = self.rest_get_task(self.token2, task.pk, HTTP_USER_AGENT, REMOTE_ADDR) self.assertEquals(response.status_code, status.HTTP_404_NOT_FOUND) # querying the privileges endpoint should show that the view privilege has been denied for user2 response = self.rest_get_privileges(self.token1, "tasks", task.pk, HTTP_USER_AGENT, REMOTE_ADDR) self.assertEquals(response.status_code, status.HTTP_200_OK) decoded_privileges = json.loads(response.content.decode()) self.assertEquals(len(decoded_privileges), 2, msg="There should be two privileges for this task") # privilege 0 should be for user1 self.assertEquals(decoded_privileges[0]['user']['pk'], self.user1.pk) # and privilege 1 should be for user2 self.assertEquals(decoded_privileges[1]['user']['pk'], self.user2.pk) # verify that user1 is the owner self.assertEquals(decoded_privileges[0]['full_access_privilege'], ModelPrivilege.ALLOW) # verify that user2 only has no privileges self.assertEquals(decoded_privileges[1]['full_access_privilege'], ModelPrivilege.NEUTRAL) self.assertEquals(decoded_privileges[1]['view_privilege'], ModelPrivilege.DENY) self.assertEquals(decoded_privileges[1]['edit_privilege'], ModelPrivilege.DENY) self.assertEquals(decoded_privileges[1]['delete_privilege'], ModelPrivilege.DENY) self.assertEquals(decoded_privileges[1]['restore_privilege'], ModelPrivilege.DENY)
def test_create_task_with_and_without_permission(self): """ Tests creating a task with and without the appropriate permission :return: """ # there should be zero Tasks to begin with self.assertEquals(Task.objects.all().count(), 0, msg="There should be zero Tasks to begin with") # try creating a task without a project and without having the proper permission response = self.rest_create_task(self.token3, None, "Test Task", "Test Description", Task.TASK_STATE_NEW, Task.TASK_PRIORITY_HIGH, datetime.now(), datetime.now() + timedelta(days=30), self.user3.pk, HTTP_USER_AGENT, REMOTE_ADDR) self.assertIn(response.status_code, [status.HTTP_403_FORBIDDEN, status.HTTP_400_BAD_REQUEST]) # there should still be zero Tasks self.assertEquals(Task.objects.all().count(), 0, msg="There should still be zero Tasks") # however, creating a task for a project1 should work, as user1 has created project1 (and therefore should have # the needed permissions) response = self.rest_create_task(self.token3, self.project1.pk, "Test Task", "Test Description", Task.TASK_STATE_NEW, Task.TASK_PRIORITY_HIGH, datetime.now(), datetime.now() + timedelta(days=30), self.user3.pk, HTTP_USER_AGENT, REMOTE_ADDR) self.assertEqual(response.status_code, status.HTTP_201_CREATED) # now give the user the global add_task permission self.user3.user_permissions.add(self.add_task_without_project_permission) # try creating a task without a project now, and it should work response = self.rest_create_task(self.token3, None, "Test Task", "Test Description", Task.TASK_STATE_NEW, Task.TASK_PRIORITY_HIGH, datetime.now(), datetime.now() + timedelta(days=30), self.user3.pk, HTTP_USER_AGENT, REMOTE_ADDR) self.assertEqual(response.status_code, status.HTTP_201_CREATED) # there should now be two Tasks self.assertEquals(Task.objects.all().count(), 2, msg="There should be two Tasks in the database") # and those two should be viewable by the current user response = self.rest_get_tasks(self.token3, HTTP_USER_AGENT, REMOTE_ADDR) self.assertEqual(response.status_code, status.HTTP_200_OK) # check the response decoded = json.loads(response.content.decode()) decoded = test_utils.get_paginated_results(decoded) # should contain exactly no Tasks self.assertEqual(len(decoded), 2, msg="There should be two Tasks viewable by the user") # revoke add_task_permission of user self.user3.user_permissions.remove(self.add_task_permission) # and give the user the add_task_without_project permission self.user3.user_permissions.add(self.add_task_without_project_permission) # try creating a task without a project now, and it should work response = self.rest_create_task(self.token3, None, "Test Task", "Test Description", Task.TASK_STATE_NEW, Task.TASK_PRIORITY_HIGH, datetime.now(), datetime.now() + timedelta(days=30), self.user3.pk, HTTP_USER_AGENT, REMOTE_ADDR) self.assertEqual(response.status_code, status.HTTP_201_CREATED) # there should now be three Tasks self.assertEquals(Task.objects.all().count(), 3, msg="There should be three Tasks in the database") # and those two should be viewable by the current user response = self.rest_get_tasks(self.token3, HTTP_USER_AGENT, REMOTE_ADDR) self.assertEqual(response.status_code, status.HTTP_200_OK) # check the response decoded = json.loads(response.content.decode()) decoded = test_utils.get_paginated_results(decoded) # should contain exactly no Tasks self.assertEqual(len(decoded), 3, msg="There should be three Tasks viewable by the user")
def test_create_and_get_tasks(self): """ Tests creating a new task within a project """ project = self.create_project(self.token1, "My Own Project", "Nobody else has access to this project", Project.STARTED, HTTP_USER_AGENT, REMOTE_ADDR) # get all Tasks from rest api for this project response = self.rest_get_tasks_for_project(self.token1, project.pk, HTTP_USER_AGENT, REMOTE_ADDR) self.assertEqual(response.status_code, status.HTTP_200_OK) # check the response decoded = json.loads(response.content.decode()) decoded = test_utils.get_paginated_results(decoded) # should contain exactly no Tasks self.assertEqual(len(decoded), 0) # create a task task, response = self.create_task_orm(self.token1, project.pk, "Test Task", "Test Description", Task.TASK_STATE_NEW, Task.TASK_PRIORITY_HIGH, datetime.now(), datetime.now() + timedelta(days=30), self.user1.pk, HTTP_USER_AGENT, REMOTE_ADDR) self.assertEqual(response.status_code, status.HTTP_201_CREATED) self.assertEqual(task.title, "Test Task") # get all Tasks from rest api for this project response = self.rest_get_tasks_for_project(self.token1, project.pk, HTTP_USER_AGENT, REMOTE_ADDR) self.assertEqual(response.status_code, status.HTTP_200_OK) # check the response decoded = json.loads(response.content.decode()) decoded = test_utils.get_paginated_results(decoded) # should contain exactly one Tasks self.assertEqual(len(decoded), 1) # create another task response = self.rest_create_task(self.token1, project.pk, "Another Test Task", "Another Test Description", Task.TASK_STATE_NEW, Task.TASK_PRIORITY_HIGH, datetime.now(), datetime.now() + timedelta(days=30), self.user1.pk, HTTP_USER_AGENT, REMOTE_ADDR) self.assertEqual(response.status_code, status.HTTP_201_CREATED) # get all Tasks from rest api for this project response = self.rest_get_tasks_for_project(self.token1, project.pk, HTTP_USER_AGENT, REMOTE_ADDR) self.assertEqual(response.status_code, status.HTTP_200_OK) # check the response decoded = json.loads(response.content.decode()) decoded = test_utils.get_paginated_results(decoded) # should contain exactly two Tasks self.assertEqual(len(decoded), 2) # update first task response = self.rest_update_task(self.token1, task.pk, project.pk, "Test Task Title", "Test Task Description", Task.TASK_STATE_DONE, Task.TASK_PRIORITY_VERY_HIGH, datetime.now(), datetime.now() + timedelta(days=30), self.user1.pk, HTTP_USER_AGENT, REMOTE_ADDR) decoded = json.loads(response.content.decode()) self.assertEqual(response.status_code, status.HTTP_200_OK) # get task object from db task = Task.objects.get(pk=decoded['pk']) self.assertEqual(task.title, "Test Task Title")
def test_get_tasks_with_filter(self): """ Tests creating and retrieving Tasks that are not associated to a project :return: """ # add permission for creating Tasks to the current user self.user1.user_permissions.add(self.add_task_without_project_permission) # there should be zero Tasks self.assertEquals(Task.objects.all().count(), 0, msg="There should be zero Tasks to begin with") # get all existing Tasks (there should be zero Tasks) response = self.rest_get_tasks(self.token1, HTTP_USER_AGENT, REMOTE_ADDR) self.assertEqual(response.status_code, status.HTTP_200_OK) # check the response decoded = json.loads(response.content.decode()) decoded = test_utils.get_paginated_results(decoded) # should contain exactly no Tasks self.assertEqual(len(decoded), 0, msg="/Tasks/ endpoint should return zero Tasks") # try to query the same endpoint with a project_pk (should still be zero Tasks) response = self.rest_get_tasks_for_project(self.token1, self.project1.pk, HTTP_USER_AGENT, REMOTE_ADDR) self.assertEqual(response.status_code, status.HTTP_200_OK) # check the response decoded = json.loads(response.content.decode()) decoded = test_utils.get_paginated_results(decoded) # should contain exactly no Tasks self.assertEqual(len(decoded), 0, msg="/Tasks/?project=1234-abcd endpoint should return zero Tasks") # create a task without depending on a project response = self.rest_create_task(self.token1, None, "Test Task", "Test Description", Task.TASK_STATE_NEW, Task.TASK_PRIORITY_HIGH, datetime.now(), datetime.now() + timedelta(days=30), self.user1.pk, HTTP_USER_AGENT, REMOTE_ADDR) self.assertEqual(response.status_code, status.HTTP_201_CREATED) # decode response decoded = json.loads(response.content.decode()) # get task object from db task = Task.objects.get(pk=decoded['pk']) # verify that the task object was stored and returned properly self.assertEquals(decoded['pk'], str(task.pk)) self.assertEquals(decoded['title'], "Test Task") self.assertEqual(task.title, "Test Task") ######## # create a task for project1 ######## response = self.rest_create_task(self.token1, self.project1.pk, "Test Task", "Test Description", Task.TASK_STATE_NEW, Task.TASK_PRIORITY_HIGH, datetime.now(), datetime.now() + timedelta(days=30), self.user1.pk, HTTP_USER_AGENT, REMOTE_ADDR) self.assertEqual(response.status_code, status.HTTP_201_CREATED) # decode response decoded = json.loads(response.content.decode()) # get task object from db task = Task.objects.get(pk=decoded['pk']) # verify that the task object was stored and returned properly self.assertEquals(decoded['pk'], str(task.pk)) self.assertEquals(decoded['title'], "Test Task") self.assertEqual(task.title, "Test Task") # and there should be two Tasks "viewable" by the current user response = self.rest_get_tasks(self.token1, HTTP_USER_AGENT, REMOTE_ADDR) self.assertEqual(response.status_code, status.HTTP_200_OK) # check the response decoded = json.loads(response.content.decode()) decoded = test_utils.get_paginated_results(decoded) # should contain exactly no Tasks self.assertEqual(len(decoded), 2, msg="There should be two Tasks viewable by the user") # and also three Tasks returned from the endpoint response = self.rest_get_tasks(self.token1, HTTP_USER_AGENT, REMOTE_ADDR) self.assertEqual(response.status_code, status.HTTP_200_OK) # check the response decoded = json.loads(response.content.decode()) decoded = test_utils.get_paginated_results(decoded) # should contain exactly no Tasks self.assertEqual(len(decoded), 2, msg="/Tasks/ endpoint should return two Tasks")
def test_get_notes_with_filter(self): """ Tests creating and retrieving Notes that are not associated to a project :return: """ # add permission for creating Notes to the current user self.user1.user_permissions.add(self.add_note_without_project_permission) # there should be zero Notes self.assertEquals(Note.objects.all().count(), 0, msg="There should be zero Notes to begin with") # get all existing Notes (there should be zero Notes) response = self.rest_get_notes(self.token1, HTTP_USER_AGENT, REMOTE_ADDR) self.assertEqual(response.status_code, status.HTTP_200_OK) # check the response decoded = json.loads(response.content.decode()) decoded = test_utils.get_paginated_results(decoded) # should contain exactly no Notes self.assertEqual(len(decoded), 0, msg="/Notes/ endpoint should return zero Notes") # try to query the same endpoint with a project_pk (should still be zero Notes) response = self.rest_get_notes_for_project(self.token1, self.project1.pk, HTTP_USER_AGENT, REMOTE_ADDR) self.assertEqual(response.status_code, status.HTTP_200_OK) # check the response decoded = json.loads(response.content.decode()) decoded = test_utils.get_paginated_results(decoded) # should contain exactly no Notes self.assertEqual(len(decoded), 0, msg="/Notes/?project=1234-abcd endpoint should return zero Notes") # create a note without depending on a project response = self.rest_create_note(self.token1, None, "Test Note", "Test Description", HTTP_USER_AGENT, REMOTE_ADDR) self.assertEqual(response.status_code, status.HTTP_201_CREATED) # decode response decoded = json.loads(response.content.decode()) # get note object from db note = Note.objects.get(pk=decoded['pk']) # verify that the note object was stored and returned properly self.assertEquals(decoded['pk'], str(note.pk)) self.assertEquals(decoded['subject'], "Test Note") self.assertEqual(note.subject, "Test Note") ######## # create a note for project1 ######## response = self.rest_create_note(self.token1, self.project1.pk, "Test Note", "Test Description", HTTP_USER_AGENT, REMOTE_ADDR) self.assertEqual(response.status_code, status.HTTP_201_CREATED) # decode response decoded = json.loads(response.content.decode()) # get note object from db note = Note.objects.get(pk=decoded['pk']) # verify that the note object was stored and returned properly self.assertEquals(decoded['pk'], str(note.pk)) self.assertEquals(decoded['subject'], "Test Note") self.assertEqual(note.subject, "Test Note") # and there should be two Notes "viewable" by the current user response = self.rest_get_notes(self.token1, HTTP_USER_AGENT, REMOTE_ADDR) self.assertEqual(response.status_code, status.HTTP_200_OK) # check the response decoded = json.loads(response.content.decode()) decoded = test_utils.get_paginated_results(decoded) # should contain exactly no Notes self.assertEqual(len(decoded), 2, msg="There should be two Notes viewable by the user") # and also three Notes returned from the endpoint response = self.rest_get_notes(self.token1, HTTP_USER_AGENT, REMOTE_ADDR) self.assertEqual(response.status_code, status.HTTP_200_OK) # check the response decoded = json.loads(response.content.decode()) decoded = test_utils.get_paginated_results(decoded) # should contain exactly no Notes self.assertEqual(len(decoded), 2, msg="/Notes/ endpoint should return two Notes")
def test_download_file_with_permission(self): """ Tests the download file endpoint """ project = self.create_project( self.token1, "My Own Project", "Nobody else has access to this project", Project.STARTED, HTTP_USER_AGENT, REMOTE_ADDR) # get all files from rest api for this project response = self.rest_get_files_for_project(self.token1, project.pk, HTTP_USER_AGENT, REMOTE_ADDR) self.assertEqual(response.status_code, status.HTTP_200_OK) # check the response decoded = json.loads(response.content.decode()) decoded = test_utils.get_paginated_results(decoded) # should contain exactly no files self.assertEqual(len(decoded), 0) # create a file with 1024 bytes response = self.rest_create_file(self.token1, project.pk, 'Test Title', 'Test Description', 'somefile.txt', 1024, HTTP_USER_AGENT, REMOTE_ADDR) self.assertEqual(response.status_code, status.HTTP_201_CREATED) # decode response decoded = json.loads(response.content.decode()) # get file object from db file = File.objects.get(pk=decoded['pk']) # Download file response = self.rest_download_file(self.token1, file.file_entries.last().pk, HTTP_USER_AGENT, REMOTE_ADDR) self.assertEqual(response.status_code, status.HTTP_200_OK) self.assertEqual(response.get('Content-Type'), 'text/plain;') self.assertTrue( 'attachment; filename=' in response.get('Content-Disposition')) # get all files from rest api for this project response = self.rest_get_files_for_project(self.token1, project.pk, HTTP_USER_AGENT, REMOTE_ADDR) self.assertEqual(response.status_code, status.HTTP_200_OK) # update first file and check file_entries response = self.rest_update_file(self.token1, file.pk, project.pk, 'Test Title', 'Test Description', 'yetanother.txt', 2048, HTTP_USER_AGENT, REMOTE_ADDR) self.assertEqual(response.status_code, status.HTTP_200_OK) # decode response decoded = json.loads(response.content.decode()) # get file object from db file = File.objects.get(pk=decoded['pk']) self.assertEqual(file.title, 'Test Title') self.assertEqual(file.file_size, 2048) # check file entries (= history) self.assertEqual(len(file.file_entries.all()), 2) self.assertEqual( file.file_entries.all()[0].file_size + file.file_entries.all()[1].file_size, 1024 + 2048) # Download file entry 0 response = self.rest_download_file(self.token1, file.file_entries.all()[0].pk, HTTP_USER_AGENT, REMOTE_ADDR) self.assertEqual(response.status_code, status.HTTP_200_OK) self.assertEqual(response.get('Content-Type'), 'text/plain;') self.assertTrue( 'attachment; filename=' in response.get('Content-Disposition')) # Download file entry 1 response = self.rest_download_file(self.token1, file.file_entries.all()[1].pk, HTTP_USER_AGENT, REMOTE_ADDR) self.assertEqual(response.status_code, status.HTTP_200_OK) self.assertEqual(response.get('Content-Type'), 'text/plain;') self.assertTrue( 'attachment; filename=' in response.get('Content-Disposition')) # try to to do the same with another user which does not have access to the project response = self.rest_download_file(self.token2, file.file_entries.all()[0].pk, HTTP_USER_AGENT, REMOTE_ADDR) self.assertEqual(response.status_code, status.HTTP_404_NOT_FOUND) # add the user to the project without file download permission response = self.rest_assign_user_to_project(self.token1, project, self.user2, self.student_role, HTTP_USER_AGENT, REMOTE_ADDR) assignment = json.loads(response.content.decode()) response = self.rest_download_file(self.token2, file.file_entries.all()[0].pk, HTTP_USER_AGENT, REMOTE_ADDR) self.assertEqual(response.status_code, status.HTTP_404_NOT_FOUND) # make the user a project manager self.rest_edit_user_project_assignment(self.token1, project, assignment['pk'], self.user2, self.pm_role, HTTP_USER_AGENT, REMOTE_ADDR) response = self.rest_download_file(self.token2, file.file_entries.all()[0].pk, HTTP_USER_AGENT, REMOTE_ADDR) self.assertEqual(response.status_code, status.HTTP_200_OK)
def test_create_file_with_and_without_permission(self): """ Tests creating a file with and without the appropriate permission :return: """ # there should be zero files to begin with self.assertEquals(File.objects.all().count(), 0, msg="There should be zero files to begin with") # try creating a file without a project and without having the proper permission response = self.rest_create_file(self.token3, None, 'Test Title', 'Test Description', 'somefile.txt', 1024, HTTP_USER_AGENT, REMOTE_ADDR) self.assertIn(response.status_code, [status.HTTP_403_FORBIDDEN, status.HTTP_400_BAD_REQUEST]) # there should still be zero files self.assertEquals(File.objects.all().count(), 0, msg="There should still be zero files") # however, creating a file for a project1 should work, as user1 has created project1 (and therefore should have # the needed permissions) response = self.rest_create_file(self.token3, self.project1.pk, 'Test Title', 'Test Description', 'somefile.txt', 1024, HTTP_USER_AGENT, REMOTE_ADDR) self.assertEqual(response.status_code, status.HTTP_201_CREATED) # now give the user the global add_file permission self.user3.user_permissions.add( self.add_file_without_project_permission) # try creating a file without a project now, and it should work response = self.rest_create_file(self.token3, None, 'Test Title', 'Test Description', 'somefile.txt', 1024, HTTP_USER_AGENT, REMOTE_ADDR) self.assertEqual(response.status_code, status.HTTP_201_CREATED) # there should now be two files self.assertEquals(File.objects.all().count(), 2, msg="There should be two files in the database") # and those two should be viewable by the current user response = self.rest_get_files(self.token3, HTTP_USER_AGENT, REMOTE_ADDR) self.assertEqual(response.status_code, status.HTTP_200_OK) # check the response decoded = json.loads(response.content.decode()) decoded = test_utils.get_paginated_results(decoded) # should contain exactly no files self.assertEqual(len(decoded), 2, msg="There should be two files viewable by the user") # revoke add_file_permission of user self.user3.user_permissions.remove(self.add_file_permission) # and give the user the add_file_without_project permission self.user3.user_permissions.add( self.add_file_without_project_permission) # try creating a file without a project now, and it should work response = self.rest_create_file(self.token3, None, 'Test Title', 'Test Description', 'somefile.txt', 1024, HTTP_USER_AGENT, REMOTE_ADDR) self.assertEqual(response.status_code, status.HTTP_201_CREATED) # there should now be three files self.assertEquals(File.objects.all().count(), 3, msg="There should be three files in the database") # and those two should be viewable by the current user response = self.rest_get_files(self.token3, HTTP_USER_AGENT, REMOTE_ADDR) self.assertEqual(response.status_code, status.HTTP_200_OK) # check the response decoded = json.loads(response.content.decode()) decoded = test_utils.get_paginated_results(decoded) # should contain exactly no files self.assertEqual( len(decoded), 3, msg="There should be three files viewable by the user")
def test_general_usage_setting(self): # there should be zero Resources to begin with self.assertEquals(Resource.objects.all().count(), 0, msg="There should be zero Resources to begin with") ## GLOBAL # create 2 global resources in different projects response = self.rest_create_resource( auth_token=self.token1, project_pks=self.project1.pk, name="Test Resource 1", description="Test Description", resource_type=Resource.ROOM, general_usage_setting=Resource.GLOBAL, **HTTP_INFO) self.assertEqual(response.status_code, status.HTTP_201_CREATED) response = self.rest_create_resource( auth_token=self.token2, project_pks=self.project2.pk, name="Test Resource 2", description="Test Description", resource_type=Resource.ROOM, general_usage_setting=Resource.GLOBAL, **HTTP_INFO) self.assertEqual(response.status_code, status.HTTP_201_CREATED) # all users should be able to see 2 resources self.assertEqual( len( test_utils.get_paginated_results( json.loads( self.rest_get_resources( auth_token=self.token1, **HTTP_INFO).content.decode()))), 2) self.assertEqual( len( test_utils.get_paginated_results( json.loads( self.rest_get_resources( auth_token=self.token2, **HTTP_INFO).content.decode()))), 2) self.assertEqual( len( test_utils.get_paginated_results( json.loads( self.rest_get_resources( auth_token=self.token3, **HTTP_INFO).content.decode()))), 2) ## SELECTED GROUPS resource = Resource.objects.create( name='Test Resource 3', description='Test', type=Resource.ROOM, general_usage_setting=Resource.SELECTED_GROUPS) resource.usage_setting_selected_user_groups.add(self.user_group) # user1 and user2 should see 3 and user3 still has 2 resources self.assertEqual( len( test_utils.get_paginated_results( json.loads( self.rest_get_resources( auth_token=self.token1, **HTTP_INFO).content.decode()))), 3) self.assertEqual( len( test_utils.get_paginated_results( json.loads( self.rest_get_resources( auth_token=self.token2, **HTTP_INFO).content.decode()))), 3) self.assertEqual( len( test_utils.get_paginated_results( json.loads( self.rest_get_resources( auth_token=self.token3, **HTTP_INFO).content.decode()))), 2)