def test_update_ok(wa_text):
catch = wa_text
payload = make_jwt_payload()
# requesting user is allowed to update but not admin
catch['permissions']['can_update'].append(payload['userId'])
x = CRUD.create_anno(catch)
original_tags = x.anno_tags.count()
original_targets = x.total_targets
data = catch.copy()
data['body']['items'].append({
'type': 'TextualBody',
'purpose': 'tagging',
'value': 'winsome'
})
assert data['id'] is not None
assert data['creator']['id'] is not None
assert 'context_id' in data['platform']
request = make_json_request(method='put',
anno_id=x.anno_id,
data=json.dumps(data))
request.catchjwt = payload
response = crud_api(request, x.anno_id)
resp = json.loads(response.content.decode('utf-8'))
assert response.status_code == 200
assert 'Location' in response
assert response['Location'] is not None
assert x.anno_id in response['Location']
assert len(resp['body']['items']) == original_tags + 2
assert len(resp['target']['items']) == original_targets
def test_read_ok(wa_audio):
catcha = wa_audio
x = CRUD.create_anno(catcha)
request = make_request(method='get', anno_id=x.anno_id)
response = crud_api(request, x.anno_id)
assert response.status_code == 200
assert response.content is not None
def test_delete_with_override(wa_audio):
catcha = wa_audio
x = CRUD.create_anno(catcha)
# requesting user is not the creator, but has override to delete
payload = make_jwt_payload(user='******', override=['CAN_DELETE'])
request = make_request(method='delete', anno_id=x.anno_id)
request.catchjwt = payload
response = crud_api(request, x.anno_id)
assert response.status_code == 200
assert response.content is not None
request = make_request(method='get', anno_id=x.anno_id)
request.catchjwt = payload
response = crud_api(request, x.anno_id)
assert response.status_code == 404
def test_delete_ok(wa_audio):
catcha = wa_audio
x = CRUD.create_anno(catcha)
payload = make_jwt_payload(user=x.creator_id)
request = make_request(method='delete',
jwt_payload=payload,
anno_id=x.anno_id)
response = crud_api(request, x.anno_id)
assert response.status_code == 200
assert response.content is not None
request = make_request( # try to read deleted anno
method='get',
jwt_payload=payload,
anno_id=x.anno_id)
response = crud_api(request, x.anno_id)
assert response.status_code == 404
def test_update_no_body_in_request(wa_text):
catcha = wa_text
x = CRUD.create_anno(catcha)
payload = make_jwt_payload(user=catcha['creator']['id'])
request = make_request(method='put', anno_id=x.anno_id)
request.catchjwt = payload
response = crud_api(request, x.anno_id)
assert response.status_code == 400
resp = json.loads(response.content.decode('utf-8'))
assert len(resp['payload']) > 0
assert 'missing json' in ','.join(resp['payload'])
def test_create_duplicate(wa_audio):
catch = wa_audio
x = CRUD.create_anno(catch)
payload = make_jwt_payload(user=catch['creator']['id'])
request = make_json_request(method='post',
anno_id=x.anno_id,
data=json.dumps(catch))
request.catchjwt = payload
response = crud_api(request, x.anno_id)
assert response.status_code == 409
resp = json.loads(response.content.decode('utf-8'))
assert 'failed to create' in resp['payload'][0]
def test_create_reply_to_itself():
to_be_created_id = '1234-5678-abcd-efgh'
catch = make_wa_object(age_in_hours=30,
media=ANNO,
reply_to=to_be_created_id)
payload = make_jwt_payload(user=catch['creator']['id'])
request = make_json_request(method='post',
anno_id=to_be_created_id,
data=json.dumps(catch))
request.catchjwt = payload
response = crud_api(request, to_be_created_id)
resp = json.loads(response.content.decode('utf-8'))
assert response.status_code == 409
assert 'cannot be a reply to itself' in resp['payload'][0]
def test_update_invalid_input(wa_video):
catcha = wa_video
x = CRUD.create_anno(catcha)
payload = make_jwt_payload(user=x.creator_id)
data = dict(catcha)
data['body'] = {}
request = make_json_request(method='put',
anno_id=x.anno_id,
data=json.dumps(data))
request.catchjwt = payload
response = crud_api(request, x.anno_id)
assert response.status_code == 400
resp = json.loads(response.content.decode('utf-8'))
assert len(resp['payload']) > 0
def test_create_on_behalf_of_others(wa_image):
to_be_created_id = '1234-5678-abcd-0987'
catch = wa_image
payload = make_jwt_payload()
request = make_json_request(method='post',
anno_id=to_be_created_id,
data=json.dumps(catch))
request.catchjwt = payload
assert catch['id'] != to_be_created_id
assert catch['creator']['id'] != payload['userId']
response = crud_api(request, to_be_created_id)
resp = json.loads(response.content.decode('utf-8'))
assert response.status_code == 409
assert 'conflict in input creator_id' in ','.join(resp['payload'])
def test_delete_back_compat_with_override(wa_audio):
catcha = wa_audio
catcha['id'] = '123' # faking a number id for annotatorjs
x = CRUD.create_anno(catcha)
# requesting user is not the creator
payload = make_jwt_payload(user='******')
# back-compat jwt doesn't have a `override` key
del payload['override']
request = make_request(method='delete', anno_id=x.anno_id)
request.catchjwt = payload
response = crud_compat_api(request, x.anno_id)
assert response.status_code == 200
assert response.content is not None
request = make_request(method='get', anno_id=x.anno_id)
request.catchjwt = payload
response = crud_api(request, x.anno_id)
assert response.status_code == 404
def test_create_reply_missing_target(wa_audio):
to_be_created_id = '1234-5678-abcd-efgh'
x = CRUD.create_anno(wa_audio)
catch = make_wa_object(age_in_hours=30, media=ANNO, reply_to=x.anno_id)
payload = make_jwt_payload(user=catch['creator']['id'])
# remove target item with media type 'ANNO'
catch['target']['items'][0]['type'] = TEXT
request = make_json_request(method='post',
anno_id=to_be_created_id,
data=json.dumps(catch))
request.catchjwt = payload
response = crud_api(request, to_be_created_id)
resp = json.loads(response.content.decode('utf-8'))
assert response.status_code == 409
assert 'missing parent reference' in resp['payload'][0]
with pytest.raises(Anno.DoesNotExist):
x = Anno._default_manager.get(pk=to_be_created_id)
def test_create_reply_internal_target_source_id_ok(wa_audio):
to_be_created_id = '1234-5678-abcd-efgh'
x = CRUD.create_anno(wa_audio)
catch = make_wa_object(age_in_hours=30, media=ANNO, reply_to=x.anno_id)
payload = make_jwt_payload(user=catch['creator']['id'])
# replace target source for internal hxat id
catch['platform']['target_source_id'] = 'internal_id_for_target_{}'.format(
catch['target']['items'][0]['source'])
request = make_json_request(method='post',
anno_id=to_be_created_id,
data=json.dumps(catch))
request.catchjwt = payload
response = crud_api(request, to_be_created_id)
resp = json.loads(response.content.decode('utf-8'))
assert response.status_code == 200
x = Anno._default_manager.get(pk=to_be_created_id)
assert x is not None
assert x.anno_reply_to.anno_id == catch['target']['items'][0]['source']
def test_create_reply(wa_audio):
to_be_created_id = '1234-5678-abcd-efgh'
x = CRUD.create_anno(wa_audio)
catch = make_wa_object(age_in_hours=30, media=ANNO, reply_to=x.anno_id)
payload = make_jwt_payload(user=catch['creator']['id'])
request = make_json_request(method='post',
anno_id=to_be_created_id,
data=json.dumps(catch))
request.catchjwt = payload
response = crud_api(request, to_be_created_id)
resp = json.loads(response.content.decode('utf-8'))
assert response.status_code == 200
assert 'Location' in response
assert response['Location'] is not None
assert to_be_created_id in response['Location']
assert resp['id'] == to_be_created_id
assert resp['creator']['id'] == payload['userId']
x = Anno._default_manager.get(pk=to_be_created_id)
assert x.creator_id == payload['userId']
def test_create_ok(wa_image):
to_be_created_id = '1234-5678-abcd-0987'
catch = wa_image
payload = make_jwt_payload(user=catch['creator']['id'])
request = make_json_request(method='post',
anno_id=to_be_created_id,
data=json.dumps(catch))
request.catchjwt = payload
response = crud_api(request, to_be_created_id)
resp = json.loads(response.content.decode('utf-8'))
assert response.status_code == 200
assert 'Location' in response
assert response['Location'] is not None
assert to_be_created_id in response['Location']
assert resp['id'] == to_be_created_id
assert resp['creator']['id'] == payload['userId']
x = Anno._default_manager.get(pk=to_be_created_id)
assert x.creator_id == payload['userId']
def test_update_denied_can_admin(wa_video):
catch = wa_video
payload = make_jwt_payload()
# requesting user is allowed to update but not admin
catch['permissions']['can_update'].append(payload['userId'])
x = CRUD.create_anno(catch)
data = dict(catch)
# trying to update permissions
data['permissions']['can_delete'].append(payload['userId'])
request = make_json_request(method='put',
anno_id=x.anno_id,
data=json.dumps(data))
request.catchjwt = payload
print('-------------- {}'.format(
json.dumps(catch, sort_keys=True, indent=4)))
response = crud_api(request, x.anno_id)
resp = json.loads(response.content.decode('utf-8'))
assert response.status_code == 403
assert len(resp['payload']) > 0
assert 'not allowed to admin' in ','.join(resp['payload'])
def test_method_not_allowed():
request = make_request(method='patch')
response = crud_api(request, '1234')
assert response.status_code == 405