def test_get_by_id_user_without_read_access_raises_error(
self, get_all_workspaces_with_read_access_by_user):
blob_id = self.fixture.blob_collection[
fixture_blob.USER_1_WORKSPACE_1].id
get_all_workspaces_with_read_access_by_user.return_value = []
mock_user = _create_user('2')
with self.assertRaises(AccessControlError):
blob_api.get_by_id(blob_id, mock_user)
def validate_id(self, id):
"""Validate id field
Args:
id:
Returns:
"""
request = self.context.get("request")
try:
blob_api.get_by_id(id, request.user)
except DoesNotExist:
raise Http404
return id
def _get_blobs(blob_ids, request_user_is_superuser, request_user_id):
""" Get all the blobs from the list of ids.
Args:
blob_ids:
request_user_is_superuser:
request_user_id:
Returns:
list form
"""
list_blobs = []
try:
for blob_id in blob_ids:
# Get the blob
blob = blob_api.get_by_id(blob_id)
# Check the rights
_check_rights_document(request_user_is_superuser, request_user_id,
blob.user_id)
list_blobs.append(blob)
except DoesNotExist:
raise Exception('It seems a blob is missing. Please refresh the page.')
except Exception, e:
raise Exception(e.message)
def patch(self, request):
""" Delete a list of Blob
Parameters:
[
{
"id": "blob_id",
},
{
"id": "blob_id",
}
]
Args:
request: HTTP request
Returns:
- code: 204
content: Deletion succeed
- code: 400
content: Validation error
- code: 403
content: Authentication error
- code: 500
content: Internal server error
"""
try:
# Serialize data
serializer = DeleteBlobsSerializer(data=request.data,
many=True,
context={'request': request})
# Validate data
serializer.is_valid(True)
# Get list of unique ids
blob_ids = set([blob['id'] for blob in serializer.validated_data])
for blob_id in blob_ids:
# Get blob with its id
blob = blob_api.get_by_id(blob_id)
# Delete blob
blob_api.delete(blob)
# Return the serialized data
return Response(status=status.HTTP_204_NO_CONTENT)
except ValidationError as validation_exception:
content = {'message': validation_exception.detail}
return Response(content, status=status.HTTP_400_BAD_REQUEST)
except AccessControlError as access_control_error:
content = {'message': access_control_error.message}
return Response(content, status=status.HTTP_403_FORBIDDEN)
except Exception as api_exception:
content = {'message': api_exception.message}
return Response(content,
status=status.HTTP_500_INTERNAL_SERVER_ERROR)
def get_object(self, pk):
""" Get blob from db
Args:
pk:
Returns:
"""
try:
return blob_api.get_by_id(pk)
except exceptions.DoesNotExist:
raise Http404
def get_object(self, request, pk):
""" Get Blob from db
Args:
request: HTTP request
pk: ObjectId
Returns:
Blob
"""
try:
return blob_api.get_by_id(pk, request.user)
except exceptions.DoesNotExist:
raise Http404
def validate_id(self, id):
""" Validate id field
Args:
id:
Returns:
"""
request = self.context.get('request')
try:
blob_object = blob_api.get_by_id(id)
except DoesNotExist:
raise Http404
if request.user.is_superuser is False and str(request.user.id) != blob_object.user_id:
raise AccessControlError("You don't have the permission to delete this id: {0}".format(id))
return id
def patch(self, request):
""" Delete a list of blobs.
/rest/blobs/delete/
Data:
[{"id":"<blob_id>"},{"id":"<blob_id>"}]
Args:
request:
Returns:
"""
try:
# Serialize data
serializer = DeleteBlobsSerializer(data=request.data, many=True, context={'request': request})
# Validate data
serializer.is_valid(True)
# Get list of unique ids
blob_ids = set([blob['id'] for blob in serializer.validated_data])
for blob_id in blob_ids:
# Get blob with its id
blob = blob_api.get_by_id(blob_id)
# Delete blob
blob_api.delete(blob)
# Return the serialized data
return Response(status=status.HTTP_204_NO_CONTENT)
except ValidationError as validation_exception:
content = {'message': validation_exception.detail}
return Response(content, status=status.HTTP_400_BAD_REQUEST)
except AccessControlError as access_control_error:
content = {'message': access_control_error.message}
return Response(content, status=status.HTTP_403_FORBIDDEN)
except Exception as api_exception:
content = {'message': api_exception.message}
return Response(content, status=status.HTTP_500_INTERNAL_SERVER_ERROR)
def test_get_by_id_not_owner_no_workspace_raises_error(self):
blob_id = self.fixture.blob_collection[
fixture_blob.USER_1_NO_WORKSPACE].id
mock_user = _create_user('2')
with self.assertRaises(AccessControlError):
blob_api.get_by_id(blob_id, mock_user)
def test_get_by_id_owner_no_workspace_read_access_returns_blob(self):
blob_id = self.fixture.blob_collection[
fixture_blob.USER_1_NO_WORKSPACE].id
mock_user = _create_user('1')
blob = blob_api.get_by_id(blob_id, mock_user)
self.assertTrue(isinstance(blob, Blob))
def test_get_by_id_owner_without_read_access_returns_blob(self):
blob_id = self.fixture.blob_collection[
fixture_blob.USER_1_WORKSPACE_1].id
mock_user = _create_user('1')
with self.assertRaises(AccessControlError):
blob_api.get_by_id(blob_id, mock_user)
def test_get_by_id_owner_without_read_access_returns_blob(self):
blob_id = self.fixture.blob_collection[
fixture_blob.USER_1_WORKSPACE_1].id
mock_user = _create_user("1")
blob = blob_api.get_by_id(blob_id, mock_user)
self.assertTrue(isinstance(blob, Blob))
