class SecurityACLTests(unittest.TestCase, MaxTestBase): def setUp(self): conf_dir = os.path.dirname(os.path.dirname(__file__)) self.app = loadapp('config:tests.ini', relative_to=conf_dir) self.app.registry.max_store.drop_collection('users') self.app.registry.max_store.drop_collection('activity') self.app.registry.max_store.drop_collection('contexts') self.app.registry.max_store.drop_collection('security') self.app.registry.max_store.drop_collection('conversations') self.app.registry.max_store.drop_collection('messages') self.app.registry.max_store.security.insert(test_default_security) self.patched_post = patch('requests.post', new=partial(mock_post, self)) self.patched_post.start() self.testapp = MaxTestApp(self) self.create_user(test_manager) def test_forbidden_access_to_security_settings(self): """ Given i'm a regular user When i try to interact with security endpoints Then i get a Forbidden Exception """ username = '******' self.testapp.get('/admin/security', headers=oauth2Header(username), status=403) self.testapp.get('/admin/security/users', headers=oauth2Header(username), status=403) self.testapp.get('/admin/security/roles/Manager/users/test_manager', headers=oauth2Header(username), status=403) self.testapp.post('/admin/security/roles/Manager/users/test_manager', headers=oauth2Header(username), status=403) self.testapp.delete('/admin/security/roles/Manager/users/test_manager', headers=oauth2Header(username), status=403) def test_access_to_security_settings(self): """ Given i'm a Manager user When i try to interact with security endpoints Then i suceed """ self.testapp.get('/admin/security', headers=oauth2Header(test_manager), status=200) self.testapp.get('/admin/security/users', headers=oauth2Header(test_manager), status=200) self.testapp.get('/admin/security/roles/Manager/users/test_manager', headers=oauth2Header(test_manager), status=200) self.testapp.post('/admin/security/roles/Manager/users/test_manager', headers=oauth2Header(test_manager), status=200) self.testapp.delete('/admin/security/roles/Manager/users/test_manager', headers=oauth2Header(test_manager), status=204)
class DeprecationTests(unittest.TestCase, MaxTestBase): def setUp(self): conf_dir = os.path.dirname(__file__) self.app = loadapp('config:tests.ini', relative_to=conf_dir) self.reset_database(self.app) self.app.registry.max_store.security.insert(test_default_security) self.patched_post = patch('requests.post', new=partial(mock_post, self)) self.patched_post.start() self.testapp = MaxTestApp(self) self.create_user(test_manager) # Test deprecated Add people def test_deprecated_request_create_user(self): """ Given a request to the deprecated POST /people/{username} When the request is processed Then the request is rewrited as POST /people And the username is now in the body And the displayName is preserved in the body """ res = self.testapp.post('/people/sheldon', json.dumps({"displayName": 'Sheldon'}), headers=oauth2Header(test_manager), status=201) rewrited_request = res.request rewrited_request_url = urlparse.urlparse(rewrited_request.url).path self.assertEqual(rewrited_request_url, '/people') self.assertEqual(res.json['username'], 'sheldon') self.assertEqual(res.json['displayName'], 'Sheldon') # Test deprecated subscribe user def test_deprecated_subscribe_user(self): """ Given a request to the deprecated POST /people/{username}/subscriptions When the request is processed Then the request is rewrited as POST /contexts/{hash}/subscriptions And the actor now is in the body """ from max.tests.mockers import create_context, subscribe_context username = '******' self.create_user(username) res = self.create_context(create_context) context_hash = res.json['hash'] res = self.testapp.post('/people/%s/subscriptions' % username, json.dumps(subscribe_context), oauth2Header(test_manager), status=201) rewrited_request = res.request rewrited_request_url = urlparse.urlparse(rewrited_request.url).path self.assertEqual(rewrited_request_url, '/contexts/{}/subscriptions'.format(context_hash)) self.assertEqual(res.json['actor']['username'], 'sheldon') self.assertEqual(res.json['actor']['objectType'], 'person') # Test deprecated unsubscribe user def test_deprecated_unsubscribe_user(self): """ Given a request to the deprecated DELETE /people/{username}/subscriptions When the request is processed Then the request is rewrited as DELETE /contexts/{hash}/subscriptions And the actor now is in the body """ from max.tests.mockers import create_context, subscribe_context username = '******' self.create_user(username) res = self.create_context(create_context) context_hash = res.json['hash'] self.admin_subscribe_user_to_context(username, subscribe_context) res = self.testapp.delete('/people/%s/subscriptions/%s' % (username, context_hash), "", oauth2Header(test_manager), status=204) rewrited_request = res.request rewrited_request_url = urlparse.urlparse(rewrited_request.url).path self.assertEqual(rewrited_request_url, '/contexts/{}/subscriptions/{}'.format(context_hash, username)) # Test deprecated create context activity def test_deprecated_user_post_activity_to_context(self): """ Given a request to the deprecated POST /people/{username}/activities And the request has a "contexts" parameter When the request is processed Then the request is rewrited as POST /contexts/{hash}/activities And the actor is in the body and object is preserved in the body """ from max.tests.mockers import create_context, subscribe_context from max.tests.mockers import user_status_context as activity username = '******' self.create_user(username) res = self.create_context(create_context) context_hash = res.json['hash'] self.admin_subscribe_user_to_context(username, subscribe_context) res = self.testapp.post('/people/%s/activities' % username, json.dumps(activity), oauth2Header(username), status=201) rewrited_request = res.request rewrited_request_url = urlparse.urlparse(rewrited_request.url).path self.assertEqual(rewrited_request_url, '/contexts/{}/activities'.format(context_hash)) self.assertEqual(res.json['actor']['username'], 'sheldon') self.assertEqual(res.json['actor']['objectType'], 'person') self.assertIn('object', res.json) def test_deprecated_user_post_activity_to_context_without_context(self): """ Given a request to the deprecated POST /people/{username}/activities And the request doesn't have a "contexts" parameter When the request is processed Then the request remains untouched """ from max.tests.mockers import create_context, subscribe_context from max.tests.mockers import user_status as activity username = '******' self.create_user(username) res = self.create_context(create_context) context_hash = res.json['hash'] self.admin_subscribe_user_to_context(username, subscribe_context) res = self.testapp.post('/people/sheldon/activities', json.dumps(activity), oauth2Header(username), status=201) rewrited_request = res.request rewrited_request_url = urlparse.urlparse(rewrited_request.url).path self.assertEqual(rewrited_request_url, '/people/sheldon/activities'.format(context_hash)) self.assertNotIn('contexts', res.json) # Test depreacted join conversation def test_deprecated_join_conversation(self): """ Given a request to the deprecated POST /people/{user}/conversations/{id} When the request is processed Then the request is rewrited as DELETE /conversations/{id}/participants And the actor is in the body """ from max.tests.mockers import group_message as message sender = 'messi' recipient = 'xavi' recipient2 = 'shakira' recipient3 = 'melendi' self.create_user(sender) self.create_user(recipient) self.create_user(recipient2) self.create_user(recipient3) res = self.testapp.post('/conversations', json.dumps(message), oauth2Header(sender), status=201) cid = str(res.json['contexts'][0]['id']) res = self.testapp.post('/people/{}/conversations/{}'.format(recipient3, cid), '', oauth2Header(test_manager), status=201) rewrited_request = res.request rewrited_request_url = urlparse.urlparse(rewrited_request.url).path self.assertEqual(rewrited_request_url, '/conversations/{}/participants'.format(cid)) self.assertEqual(res.json['actor']['username'], recipient3) self.assertEqual(res.json['actor']['objectType'], 'person') def test_deprecated_leave_conversation(self): """ Given a request to the deprecated DELETE /people/{user}/conversations/{id} When the request is processed Then the request is rewrited as DELETE /conversations/{id}/participants/{username} And the url parameters are remapped """ from max.tests.mockers import group_message as message sender = 'messi' recipient = 'xavi' recipient2 = 'shakira' self.create_user(sender) self.create_user(recipient) self.create_user(recipient2) res = self.testapp.post('/conversations', json.dumps(message), oauth2Header(sender), status=201) cid = str(res.json['contexts'][0]['id']) res = self.testapp.delete('/people/{}/conversations/{}'.format(recipient2, cid), '', oauth2Header(test_manager), status=204) rewrited_request = res.request rewrited_request_url = urlparse.urlparse(rewrited_request.url).path self.assertEqual(rewrited_request_url, '/conversations/{}/participants/{}'.format(cid, recipient2)) def test_deprecated_add_token(self): """ Given a request to the deprecated POST /people/{user}/device/{platform}/{token} When the request is processed Then the request is rewrited as POST /tokens And the token is injected in the request body And the platform is injected in the reqeust body And the response contains a Person instead of a Token """ username = '******' self.create_user(username) token = '000000000000000000' platform = 'ios' res = self.testapp.post('/people/{}/device/{}/{}'.format(username, platform, token), '', headers=oauth2Header(username), status=201) rewrited_request = res.request rewrited_request_url = urlparse.urlparse(rewrited_request.url).path self.assertEqual(rewrited_request_url, '/tokens') self.assertEqual(res.json['username'], username) self.assertEqual(res.json['objectType'], 'person') def test_deprecated_delete_token(self): """ Given a request to the deprecated DELETE /people/{user}/device/{platform}/{token} When the request is processed Then the request is rewrited as DELETE /tokens/{token} And the token is injected in the body And the platform is injected in the body """ username = '******' self.create_user(username) token = '000000000000000000' platform = 'ios' self.testapp.post('/people/{}/device/{}/{}'.format(username, platform, token), '', headers=oauth2Header(username), status=201) res = self.testapp.delete('/people/{}/device/{}/{}'.format(username, platform, token), '', headers=oauth2Header(username), status=204) rewrited_request = res.request rewrited_request_url = urlparse.urlparse(rewrited_request.url).path self.assertEqual(rewrited_request_url, '/tokens/{}'.format(token)) def test_deprecated_sortBy_parameter(self): """ Given a plain user When I query ativities using old sortBy parameter I get the expected result THIS TEST IS A DUPLICATE OF max.tests.test_timeline_order_sorted_by_last_comment_publish_date ONLY TO TEST THE TRANSLATION OF THE SORTBY PARAMETER """ from .mockers import user_status, user_comment username = '******' self.create_user(username) activity_ids = [] # Create 7 activities to overpass limit of 5 for i in range(7): activity_ids.append(self.create_activity(username, user_status, note=str(i)).json['id']) res = self.testapp.post('/activities/%s/comments' % str(activity_ids[0]), json.dumps(user_comment), oauth2Header(username), status=201) # Get first 5 results res = self.testapp.get('/people/%s/timeline?sortBy=comments&limit=5' % username, "", oauth2Header(username), status=200) self.assertEqual(len(res.json), 5) self.assertEqual(res.json[0].get('id', None), activity_ids[0]) self.assertEqual(res.json[1].get('id', None), activity_ids[6]) self.assertEqual(res.json[2].get('id', None), activity_ids[5]) self.assertEqual(res.json[3].get('id', None), activity_ids[4]) self.assertEqual(res.json[4].get('id', None), activity_ids[3]) # get next 2 results res = self.testapp.get('/people/%s/timeline?sortBy=comments&limit=5&before=%s' % (username, activity_ids[3]), "", oauth2Header(username), status=200) self.assertEqual(len(res.json), 2) self.assertEqual(res.json[0].get('id', None), activity_ids[2]) self.assertEqual(res.json[1].get('id', None), activity_ids[1])
class FunctionalTests(unittest.TestCase, MaxTestBase): def setUp(self): conf_dir = os.path.dirname(__file__) self.app = loadapp('config:tests.ini', relative_to=conf_dir) self.reset_database(self.app) self.app.registry.max_store.security.insert(test_default_security) self.patched_post = patch('requests.post', new=partial(mock_post, self)) self.patched_post.start() self.testapp = MaxTestApp(self) self.create_user(test_manager) # BEGIN TESTS def test_get_activities_order_sorted_by_last_comment_publish_date(self): """ Given a plain user When I post activities on a context and I comment on an old activity Then in the comment-sorted activities, the commented activity becomes the first """ from .mockers import user_comment from .mockers import user_status_context from .mockers import subscribe_context, create_context from .mockers import context_query username = '******' self.create_user(username) self.create_context(create_context) self.admin_subscribe_user_to_context(username, subscribe_context) activity_0_id = self.create_activity(username, user_status_context).json['id'] activity_1_id = self.create_activity(username, user_status_context, note='Second').json['id'] activity_2_id = self.create_activity(username, user_status_context, note='Third').json['id'] res = self.testapp.post('/activities/%s/comments' % str(activity_1_id), json.dumps(user_comment), oauth2Header(username), status=201) res = self.testapp.get('/contexts/%s/activities?sort=published' % (context_query['context']), '', oauth2Header(username), status=200) self.assertEqual(len(res.json), 3) self.assertEqual(res.json[0].get('id', None), activity_2_id) self.assertEqual(res.json[1].get('id', None), activity_1_id) self.assertEqual(res.json[2].get('id', None), activity_0_id) def test_timeline_order_sorted_by_last_comment_publish_date(self): """ Given a plain user When I post activities and I comment on an old activity Then in the comment-sorted timeline, the commented activity becomes the first """ from .mockers import user_status, user_comment username = '******' self.create_user(username) activity_ids = [] # Create 7 activities to overpass limit of 5 for i in range(7): activity_ids.append(self.create_activity(username, user_status, note=str(i)).json['id']) res = self.testapp.post('/activities/%s/comments' % str(activity_ids[0]), json.dumps(user_comment), oauth2Header(username), status=201) # Get first 5 results res = self.testapp.get('/people/%s/timeline?sort=published&priority=comments&limit=5' % username, "", oauth2Header(username), status=200) self.assertEqual(len(res.json), 5) self.assertEqual(res.json[0].get('id', None), activity_ids[0]) self.assertEqual(res.json[1].get('id', None), activity_ids[6]) self.assertEqual(res.json[2].get('id', None), activity_ids[5]) self.assertEqual(res.json[3].get('id', None), activity_ids[4]) self.assertEqual(res.json[4].get('id', None), activity_ids[3]) # get next 2 results res = self.testapp.get('/people/%s/timeline?sort=published&priority=comments&limit=5&before=%s' % (username, activity_ids[3]), "", oauth2Header(username), status=200) self.assertEqual(len(res.json), 2) self.assertEqual(res.json[0].get('id', None), activity_ids[2]) self.assertEqual(res.json[1].get('id', None), activity_ids[1]) def test_timeline_order_sorted_by_last_comment_publish_date_when_delete_comment(self): """ Given a plain user When I post activities and I comment on an old activity and I delete comment on an old activity Then in the comment-sorted timeline """ from .mockers import user_status, user_comment username = '******' self.create_user(username) activity_ids = [] # Create 7 activities to overpass limit of 5 for i in range(7): activity_ids.append(self.create_activity(username, user_status, note=str(i)).json['id']) res = self.testapp.post('/activities/%s/comments' % str(activity_ids[0]), json.dumps(user_comment), oauth2Header(username), status=201) comment_id = res.json['id'] # Delete comment res = self.testapp.delete('/activities/%s/comments/%s' % (str(activity_ids[0]), comment_id), '', oauth2Header(username), status=204) # Get first 5 results res = self.testapp.get('/people/%s/timeline?sort=published&priority=comments&limit=5' % username, "", oauth2Header(username), status=200) self.assertEqual(len(res.json), 5) self.assertEqual(res.json[0].get('id', None), activity_ids[6]) self.assertEqual(res.json[1].get('id', None), activity_ids[5]) self.assertEqual(res.json[2].get('id', None), activity_ids[4]) self.assertEqual(res.json[3].get('id', None), activity_ids[3]) self.assertEqual(res.json[4].get('id', None), activity_ids[2]) # get next 2 results res = self.testapp.get('/people/%s/timeline?sort=published&priority=comments&limit=5&before=%s' % (username, activity_ids[3]), "", oauth2Header(username), status=200) self.assertEqual(len(res.json), 3) self.assertEqual(res.json[0].get('id', None), activity_ids[2]) self.assertEqual(res.json[1].get('id', None), activity_ids[1]) self.assertEqual(res.json[2].get('id', None), activity_ids[0]) def test_timeline_order_sorted_by_last_comment_publish_date_when_delete_one_comment(self): """ Given a plain user When I post activities and I comment on an old activity and I delete comment on an old activity Then in the comment-sorted timeline """ from .mockers import user_status, user_comment username = '******' self.create_user(username) activity_ids = [] # Create 7 activities to overpass limit of 5 for i in range(7): activity_ids.append(self.create_activity(username, user_status, note=str(i)).json['id']) res = self.testapp.post('/activities/%s/comments' % str(activity_ids[0]), json.dumps(user_comment), oauth2Header(username), status=201) comment_id = res.json['id'] self.testapp.post('/activities/%s/comments' % str(activity_ids[0]), json.dumps(user_comment), oauth2Header(username), status=201) self.testapp.post('/activities/%s/comments' % str(activity_ids[0]), json.dumps(user_comment), oauth2Header(username), status=201) # Delete comment res = self.testapp.delete('/activities/%s/comments/%s' % (str(activity_ids[0]), comment_id), '', oauth2Header(username), status=204) # Get first 5 results res = self.testapp.get('/people/%s/timeline?sort=published&priority=comments&limit=5' % username, "", oauth2Header(username), status=200) self.assertEqual(len(res.json), 5) self.assertEqual(res.json[0].get('id', None), activity_ids[0]) self.assertEqual(res.json[1].get('id', None), activity_ids[6]) self.assertEqual(res.json[2].get('id', None), activity_ids[5]) self.assertEqual(res.json[3].get('id', None), activity_ids[4]) self.assertEqual(res.json[4].get('id', None), activity_ids[3]) # get next 2 results res = self.testapp.get('/people/%s/timeline?sort=published&priority=comments&limit=5&before=%s' % (username, activity_ids[3]), "", oauth2Header(username), status=200) self.assertEqual(len(res.json), 2) self.assertEqual(res.json[0].get('id', None), activity_ids[2]) self.assertEqual(res.json[1].get('id', None), activity_ids[1]) def test_timeline_order_sorted_by_activity_publish_date(self): """ Given a plain user When I post activities and I comment on an old activity Then in the activities-sorted timeline, the order equals the activity order """ from .mockers import user_status, user_comment username = '******' self.create_user(username) activity_0_id = self.create_activity(username, user_status).json['id'] activity_1_id = self.create_activity(username, user_status, note="second").json['id'] activity_2_id = self.create_activity(username, user_status, note="third").json['id'] res = self.testapp.post('/activities/%s/comments' % str(activity_1_id), json.dumps(user_comment), oauth2Header(username), status=201) res = self.testapp.get('/people/%s/timeline?sort=published' % username, "", oauth2Header(username), status=200) self.assertEqual(len(res.json), 3) self.assertEqual(res.json[0].get('id', None), activity_2_id) self.assertEqual(res.json[1].get('id', None), activity_1_id) self.assertEqual(res.json[2].get('id', None), activity_0_id)
class FunctionalTests(unittest.TestCase, MaxTestBase): def setUp(self): conf_dir = os.path.dirname(__file__) self.app = loadapp('config:tests.ini', relative_to=conf_dir) self.reset_database(self.app) self.app.registry.max_store.security.insert(test_default_security) self.patched_post = patch('requests.post', new=partial(mock_post, self)) self.patched_post.start() self.testapp = MaxTestApp(self) self.create_user(test_manager) # BEGIN TESTS def test_has_remaining_items(self): """ Given there are more than 10 users When i query 10 users I get a X-Has-Remaining-Items header """ # Create 9 users + 1 already existing (test_manager) for i in range(10): self.create_user('user-{}'.format(i)) res = self.testapp.get('/people', headers=oauth2Header(test_manager), status=200) self.assertEqual(len(res.json), 10) self.assertEqual(res.headers['X-Has-Remaining-Items'], '1') def test_not_has_remaining_items_wihout_limit(self): """ Given there are more than 10 users When i query unlimited users I don't get a X-Has-Remaining-Items header """ # Create 9 users + 1 already existing (test_manager) for i in range(10): self.create_user('user-{}'.format(i)) res = self.testapp.get('/people?limit=0', headers=oauth2Header(test_manager), status=200) self.assertEqual(len(res.json), 11) self.assertNotIn('X-Has-Remaining-Items', res.headers) def test_not_has_remaining_items(self): """ Given there are exactly 10 users When i query 10 users I don't get a X-Has-Remaining-Items header """ # Create 9 users + 1 already existing (test_manager) for i in range(9): self.create_user('user-{}'.format(i)) res = self.testapp.get('/people', headers=oauth2Header(test_manager), status=200) self.assertEqual(len(res.json), 10) self.assertNotIn('X-Has-Remaining-Items', res.headers) def test_activities_keyword_generation(self): """ Tests that all words passing regex are included in keywords Tests that username that creates the activity is included in keywords Tests that displayName of user that creates the activity is included in keywords Tests that username that creates the comment is included in keywords Tests that displayName of user that creates the comment is included in keywords Tests that a keyword of a comment is included in keywords """ from .mockers import create_context from .mockers import subscribe_context, user_status_context, user_comment username = '******' username2 = 'xavi' self.create_user(username, displayName="Lionel Messi") self.create_user(username2, displayName="Xavi Hernandez") self.create_context(create_context, permissions=dict(read='public', write='subscribed', subscribe='restricted', invite='restricted')) self.admin_subscribe_user_to_context(username, subscribe_context) self.admin_subscribe_user_to_context(username2, subscribe_context) activity = self.create_activity(username, user_status_context).json res = self.testapp.post('/activities/%s/comments' % str(activity['id']), json.dumps(user_comment), oauth2Header(username2), status=201) res = self.testapp.get('/activities/%s' % str(activity['id']), json.dumps({}), oauth2Header(username), status=200) expected_keywords = [u'activitat', u'canvi', u'comentari', u'creaci\xf3', u'estatus', u'hernandez', u'lionel', u'messi', u'nou', u'testejant', u'una', u'xavi'] response_keywords = res.json['keywords'] response_keywords.sort() self.assertListEqual(response_keywords, expected_keywords) def test_activities_keyword_generation_after_comment_delete(self): """ test that the keywords supplied by a comment disappers from activity when deleting the comment """ from .mockers import create_context from .mockers import subscribe_context, user_status_context, user_comment username = '******' username2 = 'xavi' self.create_user(username, displayName="Lionel Messi") self.create_user(username2, displayName="Xavi Hernandez") self.create_context(create_context, permissions=dict(read='public', write='subscribed', subscribe='restricted', invite='restricted')) self.admin_subscribe_user_to_context(username, subscribe_context) self.admin_subscribe_user_to_context(username2, subscribe_context) activity = self.create_activity(username, user_status_context).json res = self.testapp.post('/activities/%s/comments' % str(activity['id']), json.dumps(user_comment), oauth2Header(username2), status=201) comment_id = res.json['id'] res = self.testapp.delete('/activities/%s/comments/%s' % (str(activity['id']), comment_id), "", oauth2Header(username2), status=204) res = self.testapp.get('/activities/%s' % str(activity['id']), json.dumps({}), oauth2Header(username), status=200) expected_keywords = [u'canvi', u'creaci\xf3', u'estatus', u'lionel', u'messi', u'testejant'] response_keywords = res.json['keywords'] response_keywords.sort() self.assertListEqual(response_keywords, expected_keywords) def test_activities_hashtag_generation(self): """ Tests that all hashtags passing regex are included in _hashtags Tests that a hashtag of a comment is included in hashtags """ from .mockers import create_context from .mockers import subscribe_context, user_status_context_with_hashtag, user_comment_with_hashtag username = '******' self.create_user(username) self.create_context(create_context, permissions=dict(read='public', write='subscribed', subscribe='restricted', invite='restricted')) self.admin_subscribe_user_to_context(username, subscribe_context) res = self.create_activity(username, user_status_context_with_hashtag) activity = json.loads(res.text) res = self.testapp.post('/activities/%s/comments' % str(activity.get('id')), json.dumps(user_comment_with_hashtag), oauth2Header(username), status=201) res = self.testapp.get('/activities/%s' % str(activity.get('id')), json.dumps({}), oauth2Header(username), status=200) result = json.loads(res.text) expected_hashtags = [u'canvi', u'comentari', u'nou'] self.assertListEqual(result['object']['hashtags'], expected_hashtags) def test_context_activities_hashtag_search(self): """ """ from .mockers import context_query from .mockers import create_context from .mockers import subscribe_context, user_status_context username = '******' self.create_user(username) self.create_context(create_context, permissions=dict(read='public', write='subscribed', subscribe='restricted', invite='restricted')) self.admin_subscribe_user_to_context(username, subscribe_context) self.create_activity(username, user_status_context) self.create_activity(username, user_status_context, note='text with hashtag #test') res = self.testapp.get('/contexts/%s/activities?hashtag=test' % (context_query['context']), '', oauth2Header(username), status=200) result = json.loads(res.text) self.assertEqual(len(result), 1) def test_context_activities_keyword_search(self): """ """ from .mockers import context_query from .mockers import context_query_kw_search from .mockers import create_context from .mockers import subscribe_context, user_status_context username = '******' self.create_user(username) self.create_context(create_context, permissions=dict(read='public', write='subscribed', subscribe='restricted', invite='restricted')) self.admin_subscribe_user_to_context(username, subscribe_context) self.create_activity(username, user_status_context) res = self.testapp.get('/contexts/%s/activities' % (context_query['context']), context_query_kw_search, oauth2Header(username), status=200) result = json.loads(res.text) self.assertEqual(len(result), 1) def test_context_comments_keyword_search(self): """ """ from .mockers import create_context from .mockers import subscribe_context, user_status_context from .mockers import user_comment username = '******' self.create_user(username) self.create_context(create_context, permissions=dict(read='public', write='subscribed', subscribe='restricted', invite='restricted')) self.admin_subscribe_user_to_context(username, subscribe_context) self.create_activity(username, user_status_context) activity_1_id = self.create_activity(username, user_status_context, note='Second activity').json['id'] res = self.testapp.post('/activities/%s/comments' % activity_1_id, json.dumps(user_comment), oauth2Header(username), status=201) res = self.testapp.get('/activities/comments', {'keyword': ['comentari']}, oauth2Header(test_manager), status=200) result = json.loads(res.text) self.assertEqual(len(result), 1) self.assertEqual(result[0]['object']['inReplyTo'][0]['id'], activity_1_id) def test_context_activities_actor_search(self): """ """ from .mockers import context_query from .mockers import create_context from .mockers import subscribe_context, user_status_context username = '******' self.create_user(username) username2 = 'xavi' self.create_user(username2) self.create_context(create_context, permissions=dict(read='public', write='subscribed', subscribe='restricted', invite='restricted')) self.admin_subscribe_user_to_context(username, subscribe_context) self.admin_subscribe_user_to_context(username2, subscribe_context) self.create_activity(username, user_status_context) self.create_activity(username, user_status_context, note="second") self.create_activity(username2, user_status_context) res = self.testapp.get('/contexts/%s/activities?actor=%s' % (context_query['context'], username), '', oauth2Header(username), status=200) result = json.loads(res.text) self.assertEqual(len(result), 2) self.assertEqual(result[0].get('actor', None).get('username'), 'messi') self.assertEqual(result[1].get('actor', None).get('username'), 'messi') def test_timeline_activities_actor_search(self): """ """ from .mockers import create_context from .mockers import subscribe_context, user_status_context username = '******' self.create_user(username) username2 = 'xavi' self.create_user(username2) self.create_context(create_context, permissions=dict(read='public', write='subscribed', subscribe='restricted', invite='restricted')) self.admin_subscribe_user_to_context(username, subscribe_context) self.admin_subscribe_user_to_context(username2, subscribe_context) self.create_activity(username, user_status_context) self.create_activity(username, user_status_context, note="second") self.create_activity(username2, user_status_context) self.create_activity(username2, user_status_context, note="second") res = self.testapp.get('/people/%s/timeline?actor=%s' % (username, username), '', oauth2Header(username), status=200) result = json.loads(res.text) self.assertEqual(len(result), 2) self.assertEqual(result[0].get('actor', None).get('username'), 'messi') self.assertEqual(result[1].get('actor', None).get('username'), 'messi') def test_timeline_user_filter_activities_by_other_actor_and_not_permission_in_community(self): """ """ from .mockers import create_context, create_contextA from .mockers import subscribe_context, user_status_context username = '******' self.create_user(username) username2 = 'xavi' self.create_user(username2) self.create_context(create_context, permissions=dict(read='public', write='subscribed', subscribe='restricted', invite='restricted')) self.admin_subscribe_user_to_context(username, subscribe_context) self.create_activity(username, user_status_context) self.create_activity(username, user_status_context, note="second") res = self.testapp.get('/people/%s/timeline?actor=%s' % (username2, username), '', oauth2Header(username2), status=200) result = json.loads(res.text) self.assertEqual(len(result), 0) def test_timeline_user_filter_activities_by_other_actor_and_have_permission_community(self): """ """ from .mockers import create_context, create_contextA from .mockers import subscribe_context, user_status_context username = '******' self.create_user(username) username2 = 'xavi' self.create_user(username2) self.create_context(create_context, permissions=dict(read='public', write='subscribed', subscribe='restricted', invite='restricted')) self.admin_subscribe_user_to_context(username, subscribe_context) self.admin_subscribe_user_to_context(username2, subscribe_context) self.create_activity(username, user_status_context) self.create_activity(username, user_status_context, note="second") res = self.testapp.get('/people/%s/timeline?actor=%s' % (username2, username), '', oauth2Header(username2), status=200) result = json.loads(res.text) self.assertEqual(len(result), 2) self.assertEqual(result[0].get('actor', None).get('username'), 'messi') self.assertEqual(result[1].get('actor', None).get('username'), 'messi') def test_contexts_search(self): """ Given an admin user When I search for all contexts Then I get them all """ from .mockers import create_context, create_contextA, create_contextB self.create_context(create_context) self.create_context(create_contextA) self.create_context(create_contextB) res = self.testapp.get('/contexts', '', oauth2Header(test_manager), status=200) self.assertEqual(len(res.json), 3) def test_contexts_search_with_tags(self): """ Given an admin user When I search for contexts with a tag Then I get tthe ones with that tag """ from .mockers import create_context, create_contextA, create_contextB from .mockers import context_search_by_tags self.create_context(create_context) # Tagged "Assignatura" self.create_context(create_contextA) # Tagged "Assignatura" self.create_context(create_contextB) # Not tagged res = self.testapp.get('/contexts?tags', context_search_by_tags, oauth2Header(test_manager), status=200) self.assertEqual(len(res.json), 2) def test_public_contexts_search_with_tags(self): """ Given a plain user When I search for public contexts with a tag Then I get the ones with that tag """ from .mockers import create_context, create_contextA, create_contextB from .mockers import context_search_by_tags username = '******' self.create_user(username) self.create_context(create_context) self.create_context(create_contextA, permissions=dict(read='subscribed', write='subscribed', subscribe='restricted', invite='subscribed')) self.create_context(create_contextB) res = self.testapp.get('/contexts/public?tags', context_search_by_tags, oauth2Header(username), status=200) self.assertEqual(len(res.json), 1) def test_search_with_invalid_parameters(self): """ Given a plain user When I do a search with invalid parameters Then I get a Bad Request Error """ username = '******' self.create_user(username) fake_id = '519200000000000000000000' self.testapp.get('/people?limit=a', '', oauth2Header(username), status=400) self.testapp.get('/people?after=0', '', oauth2Header(username), status=400) self.testapp.get('/people?before=0', '', oauth2Header(username), status=400) self.testapp.get('/people?before={0}&after={0}'.format(fake_id), '', oauth2Header(username), status=400) def test_context_timeline_favorites_search(self): """ """ from .mockers import create_context from .mockers import subscribe_context, user_status_context username = '******' self.create_user(username) username2 = 'xavi' self.create_user(username2) self.create_context(create_context, permissions=dict(read='public', write='subscribed', subscribe='restricted', invite='restricted')) self.admin_subscribe_user_to_context(username, subscribe_context) self.admin_subscribe_user_to_context(username2, subscribe_context) res = self.create_activity(username, user_status_context) activity1_id = res.json['id'] self.create_activity(username, user_status_context, note="second") res = self.create_activity(username2, user_status_context) activity3_id = res.json['id'] self.create_activity(username2, user_status_context, note="second") self.favorite_activity(username, activity1_id) self.favorite_activity(username, activity3_id) res = self.testapp.get('/people/%s/timeline?favorites=true' % (username), '', oauth2Header(username), status=200) self.assertEqual(len(res.json), 2) self.assertEqual(res.json[0]['id'], activity3_id) self.assertEqual(res.json[1]['id'], activity1_id)
class FunctionalTests(unittest.TestCase, MaxTestBase): def setUp(self): conf_dir = os.path.dirname(__file__) self.app = loadapp('config:tests.ini', relative_to=conf_dir) self.reset_database(self.app) self.app.registry.max_store.security.insert(test_default_security) self.patched_post = patch('requests.post', new=partial(mock_post, self)) self.patched_post.start() self.testapp = MaxTestApp(self) self.create_user(test_manager) # BEGIN TESTS def test_favorite_activity(self): """ Given a plain user and a regular context When i post an activity in a context Then someone else can favorite this activity """ from .mockers import user_status_context from .mockers import subscribe_context, create_context username = '******' username_not_me = 'xavi' self.create_user(username) self.create_user(username_not_me) self.create_context(create_context) self.admin_subscribe_user_to_context(username, subscribe_context) self.admin_subscribe_user_to_context(username_not_me, subscribe_context) res = self.create_activity(username, user_status_context) activity_id = res.json['id'] res = self.testapp.post('/activities/%s/favorites' % activity_id, '', oauth2Header(username_not_me), status=201) activity = self.testapp.get('/activities/%s' % activity_id, '', oauth2Header(username), status=200) self.assertEqual(res.json['object']['favorites'][0]['username'], username_not_me) self.assertEqual(res.json['object']['favorited'], True) self.assertEqual(res.json['object']['favoritesCount'], 1) self.assertEqual(activity.json['favorites'][0]['username'], username_not_me) self.assertEqual(activity.json['favorited'], False) self.assertEqual(activity.json['favoritesCount'], 1) def test_favorite_already_favorited_activity(self): """ Given a plain user and a regular context When i post an activity in a context And someone favorites this activity Then this someone else can't favorite twice this activity """ from .mockers import user_status_context from .mockers import subscribe_context, create_context username = '******' username_not_me = 'xavi' self.create_user(username) self.create_user(username_not_me) self.create_context(create_context) self.admin_subscribe_user_to_context(username, subscribe_context) self.admin_subscribe_user_to_context(username_not_me, subscribe_context) res = self.create_activity(username, user_status_context) activity_id = res.json['id'] res = self.testapp.post('/activities/%s/favorites' % activity_id, '', oauth2Header(username_not_me), status=201) res = self.testapp.post('/activities/%s/favorites' % activity_id, '', oauth2Header(username_not_me), status=200) self.assertEqual(res.json['object']['favorites'][0]['username'], username_not_me) self.assertEqual(res.json['object']['favorited'], True) self.assertEqual(res.json['object']['favoritesCount'], 1) def test_unfavorite_activity(self): """ Given a plain user and a regular context When i post an activity in a context Then someone else can remove previously favorite mark from this activity """ from .mockers import user_status_context from .mockers import subscribe_context, create_context username = '******' username_not_me = 'xavi' self.create_user(username) self.create_user(username_not_me) self.create_context(create_context) self.admin_subscribe_user_to_context(username, subscribe_context) self.admin_subscribe_user_to_context(username_not_me, subscribe_context) res = self.create_activity(username, user_status_context) activity_id = res.json['id'] res = self.testapp.post('/activities/%s/favorites' % activity_id, '', oauth2Header(username_not_me), status=201) res = self.testapp.delete('/activities/%s/favorites/%s' % (activity_id, username_not_me), '', oauth2Header(username_not_me), status=200) activity = self.testapp.get('/activities/%s' % activity_id, '', oauth2Header(username), status=200) self.assertEqual(res.json['object']['favorites'], []) self.assertEqual(res.json['object']['favorited'], False) self.assertEqual(res.json['object']['favoritesCount'], 0) self.assertEqual(activity.json['favorites'], []) self.assertEqual(activity.json['favorited'], False) self.assertEqual(activity.json['favoritesCount'], 0) def test_favorite_activity_by_various(self): """ Given a plain user and a regular context When i post an activity in a context Then someone else can favorite this activity and i also can favorite it """ from .mockers import user_status_context from .mockers import subscribe_context, create_context username = '******' username_not_me = 'xavi' self.create_user(username) self.create_user(username_not_me) self.create_context(create_context) self.admin_subscribe_user_to_context(username, subscribe_context) self.admin_subscribe_user_to_context(username_not_me, subscribe_context) res = self.create_activity(username, user_status_context) activity_id = res.json['id'] res = self.testapp.post('/activities/%s/favorites' % activity_id, '', oauth2Header(username_not_me), status=201) res = self.testapp.post('/activities/%s/favorites' % activity_id, '', oauth2Header(username), status=201) self.assertEqual(res.json['object']['favorites'][0]['username'], username_not_me) self.assertEqual(res.json['object']['favorites'][1]['username'], username) self.assertEqual(res.json['object']['favorited'], True) self.assertEqual(res.json['object']['favoritesCount'], 2) def test_unfavorite_activity_get_other_favorites(self): """ Given a plain user and a regular context When i post an activity in a context And varius users favorite it And someone unfavorite it Then someone who unfavorite this activity and the rest of favorites remains """ from .mockers import user_status_context from .mockers import subscribe_context, create_context username = '******' username_not_me = 'xavi' self.create_user(username) self.create_user(username_not_me) self.create_context(create_context) self.admin_subscribe_user_to_context(username, subscribe_context) self.admin_subscribe_user_to_context(username_not_me, subscribe_context) res = self.create_activity(username, user_status_context) activity_id = res.json['id'] res = self.testapp.post('/activities/%s/favorites' % activity_id, '', oauth2Header(username_not_me), status=201) res = self.testapp.post('/activities/%s/favorites' % activity_id, '', oauth2Header(username), status=201) res = self.testapp.delete('/activities/%s/favorites/%s' % (activity_id, username_not_me), '', oauth2Header(username_not_me), status=200) self.assertEqual(res.json['object']['favorites'][0]['username'], username) self.assertEqual(res.json['object']['favorited'], False) self.assertEqual(res.json['object']['favoritesCount'], 1)
class FunctionalTests(unittest.TestCase, MaxTestBase): def setUp(self): conf_dir = os.path.dirname(__file__) self.app = loadapp("config:tests.ini", relative_to=conf_dir) self.reset_database(self.app) self.app.registry.max_store.security.insert(test_default_security) self.patched_post = patch("requests.post", new=partial(mock_post, self)) self.patched_post.start() self.testapp = MaxTestApp(self) self.create_user(test_manager) # BEGIN TESTS def test_subscribe_user_to_context(self): from .mockers import create_context from .mockers import subscribe_context username = "******" self.create_user(username) self.create_context( create_context, permissions=dict(read="public", write="restricted", subscribe="restricted", invite="restricted"), ) self.testapp.post( "/people/%s/subscriptions" % username, json.dumps(subscribe_context), oauth2Header(test_manager), status=201 ) def test_subscribe_to_context(self): """ doctest .. http:post:: /people/{username}/subscriptions """ from .mockers import subscribe_context from .mockers import user_status_context from .mockers import create_context username = "******" self.create_user(username) self.create_context(create_context) self.admin_subscribe_user_to_context(username, subscribe_context) res = self.create_activity(username, user_status_context) result = json.loads(res.text) self.assertEqual(result.get("actor", None).get("username", None), "messi") self.assertEqual(result.get("object", None).get("objectType", None), "note") self.assertEqual(result.get("contexts", None)[0]["url"], subscribe_context["object"]["url"]) def test_subscribe_to_context_already_subscribed(self): from .mockers import subscribe_context from .mockers import user_status_context from .mockers import create_context username = "******" self.create_user(username) self.create_context(create_context) self.admin_subscribe_user_to_context(username, subscribe_context) self.admin_subscribe_user_to_context(username, subscribe_context, expect=200) res = self.create_activity(username, user_status_context) result = json.loads(res.text) self.assertEqual(result.get("actor", None).get("username", None), "messi") self.assertEqual(result.get("object", None).get("objectType", None), "note") self.assertEqual(result.get("contexts", None)[0]["url"], subscribe_context["object"]["url"]) def test_subscribe_to_inexistent_context(self): from .mockers import subscribe_context username = "******" self.create_user(username) res = self.admin_subscribe_user_to_context(username, subscribe_context, expect=404) result = json.loads(res.text) self.assertEqual(result.get("error", None), "ObjectNotFound") def test_get_all_subscribed_contexts_for_user(self): """ doctest .. http:get:: /people/{username}/subscriptions """ from .mockers import create_context from .mockers import subscribe_contextA, create_contextA from .mockers import subscribe_contextB, create_contextB username = "******" username_not_me = "xavi" self.create_user(username) self.create_user(username_not_me) self.create_context( create_context, permissions=dict(read="public", write="restricted", subscribe="restricted", invite="restricted"), ) self.create_context( create_contextA, permissions=dict(read="subscribed", write="subscribed", subscribe="restricted", invite="restricted"), ) self.create_context( create_contextB, permissions=dict(read="subscribed", write="subscribed", subscribe="restricted", invite="restricted"), ) self.admin_subscribe_user_to_context(username, subscribe_contextA) self.admin_subscribe_user_to_context(username_not_me, subscribe_contextA) self.admin_subscribe_user_to_context(username, subscribe_contextB) res = self.testapp.get("/people/%s/subscriptions" % username, "", oauth2Header(username), status=200) result = json.loads(res.text) self.assertEqual(len(result), 2) self.assertEqual(result[0].get("url"), "http://atenea.upc.edu/A") self.assertEqual(result[1].get("url"), "http://atenea.upc.edu/B") def test_get_all_subscribed_contexts_for_user_by_tag(self): """ doctest .. http:get:: /people/{username}/subscriptions """ from .mockers import create_context from .mockers import subscribe_contextA, create_contextA from .mockers import subscribe_contextB, create_contextB username = "******" username_not_me = "xavi" self.create_user(username) self.create_user(username_not_me) self.create_context( create_context, permissions=dict(read="public", write="restricted", subscribe="restricted", invite="restricted"), ) self.create_context( create_contextA, permissions=dict(read="subscribed", write="subscribed", subscribe="restricted", invite="restricted"), ) self.create_context( create_contextB, permissions=dict(read="subscribed", write="subscribed", subscribe="restricted", invite="restricted"), ) self.admin_subscribe_user_to_context(username, subscribe_contextA) self.admin_subscribe_user_to_context(username_not_me, subscribe_contextA) self.admin_subscribe_user_to_context(username, subscribe_contextB) res = self.testapp.get( "/people/%s/subscriptions" % username, {"tags": ["Assignatura"]}, oauth2Header(username), status=200 ) result = json.loads(res.text) self.assertEqual(len(result), 1) self.assertEqual(result[0].get("url"), "http://atenea.upc.edu/A") def test_get_all_subscribed_contexts_tagged_for_user(self): """ doctest .. http:get:: /people/{username}/subscriptions """ from .mockers import subscribe_contextA, create_contextA from .mockers import subscribe_contextB, create_contextB username = "******" self.create_user(username) self.create_context( create_contextA, permissions=dict(read="subscribed", write="subscribed", subscribe="restricted", invite="restricted"), ) self.create_context( create_contextB, permissions=dict(read="subscribed", write="subscribed", subscribe="restricted", invite="restricted"), ) self.admin_subscribe_user_to_context(username, subscribe_contextA) self.admin_subscribe_user_to_context(username, subscribe_contextB) res = self.testapp.get( "/people/%s/subscriptions" % username, {"tags": ["Assignatura"]}, oauth2Header(username), status=200 ) result = json.loads(res.text) self.assertEqual(len(result), 1) self.assertEqual(result[0].get("url"), "http://atenea.upc.edu/A") def test_get_subscriptions_from_another_user(self): """ Given a plain user When I try to get another user subscriptions list Then i get an Forbidden error """ from .mockers import create_context from .mockers import subscribe_context username = "******" self.create_user(username) username2 = "xavi" self.create_user(username2) self.create_context( create_context, permissions=dict(read="subscribed", write="subscribed", subscribe="restricted", invite="restricted"), ) self.admin_subscribe_user_to_context(username, subscribe_context, expect=201) self.testapp.get("/people/%s/subscriptions" % username, {}, oauth2Header(username2), status=403) def test_subcribe_to_restricted_context_as_plain_user(self): """ Given a plain user When I subscribe to a public subscription context Then i get an Forbidden error """ from .mockers import create_context from .mockers import subscribe_context username = "******" self.create_user(username) self.create_context( create_context, permissions=dict(read="subscribed", write="subscribed", subscribe="restricted", invite="restricted"), ) self.user_subscribe_user_to_context(username, subscribe_context, expect=403) def test_subscribe_to_public_context_as_plain_user(self): """ Given a plain user When I subscribe to a public subscription context Then the subscription is created And I will be able to unsubscribe in the future """ from .mockers import create_context from .mockers import subscribe_context username = "******" self.create_user(username) self.create_context( create_context, permissions=dict(read="subscribed", write="subscribed", subscribe="public", invite="restricted"), ) res = self.testapp.post( "/people/%s/subscriptions" % username, json.dumps(subscribe_context), oauth2Header(username), status=201 ) res = self.testapp.get("/people/%s/subscriptions" % username, "", oauth2Header(username), status=200) result = json.loads(res.text) self.assertIn("unsubscribe", result[0]["permissions"]) def test_subscribe_to_public_context_as_plain_user_already_subscribed(self): """ Given a plain user When I subscribe to a public subscription context And I am already subscribed Then the subscription is returned """ from .mockers import create_context from .mockers import subscribe_context username = "******" self.create_user(username) self.create_context( create_context, permissions=dict(read="subscribed", write="subscribed", subscribe="public", invite="restricted"), ) self.user_subscribe_user_to_context(username, subscribe_context, expect=201) self.user_subscribe_user_to_context(username, subscribe_context, expect=200) def test_list_all_public_subcribable_contexts(self): """ Given a plain user When i look for public contexts Then i get a list with only the public ones """ from .mockers import create_context, create_contextA username = "******" self.create_user(username) self.create_context( create_context, permissions=dict(read="subscribed", write="subscribed", subscribe="public", invite="restricted"), ) self.create_context( create_contextA, permissions=dict(read="subscribed", write="subscribed", subscribe="restricted", invite="restricted"), ) res = self.testapp.get("/contexts/public", {}, oauth2Header(username), status=200) result = json.loads(res.text) self.assertEqual(len(result), 1) def test_unsubscribe_from_inexistent_subscription_as_plain_user(self): """ Given a plain user When I try to unsubscribe from a context And I'm not subscribed to that context Then I get a not found error """ from .mockers import create_context username = "******" self.create_user(username) self.create_context( create_context, permissions=dict(read="subscribed", write="subscribed", subscribe="public", invite="restricted"), ) url_hash = sha1(create_context["url"]).hexdigest() self.testapp.delete( "/people/%s/subscriptions/%s" % (username, url_hash), {}, oauth2Header(username), status=403 ) def test_unsubscribe_from_inexistent_subscription_as_admin(self): """ As an admin user When I try to unsubscribe a user from a context And the user is not subscribed to that context Then I get a not found error """ from .mockers import create_context username = "******" self.create_user(username) self.create_context( create_context, permissions=dict(read="subscribed", write="subscribed", subscribe="public", invite="restricted"), ) url_hash = sha1(create_context["url"]).hexdigest() self.testapp.delete( "/people/%s/subscriptions/%s" % (username, url_hash), {}, oauth2Header(test_manager), status=404 ) def test_unsubscribe_from_restricted_context_as_plain_user(self): """ Given a plain user When I try to unsubscribe from a restricted subscription context Then i get an authorization error """ from .mockers import create_context from .mockers import subscribe_context username = "******" self.create_user(username) self.create_context( create_context, permissions=dict(read="subscribed", write="subscribed", subscribe="restricted", invite="restricted"), ) self.admin_subscribe_user_to_context(username, subscribe_context, expect=201) url_hash = sha1(create_context["url"]).hexdigest() self.testapp.delete( "/people/%s/subscriptions/%s" % (username, url_hash), {}, oauth2Header(username), status=403 ) def test_unsubscribe_from_restricted_context_as_admin(self): """ Given a admin user When I try to unsubscribe a plain user from a restricted subscription context Then the user is not subscribed to the context anymore """ from .mockers import create_context from .mockers import subscribe_context username = "******" self.create_user(username) self.create_context( create_context, permissions=dict(read="subscribed", write="subscribed", subscribe="restricted", invite="restricted"), ) self.admin_subscribe_user_to_context(username, subscribe_context, expect=201) url_hash = sha1(create_context["url"]).hexdigest() self.testapp.delete( "/people/%s/subscriptions/%s" % (username, url_hash), {}, oauth2Header(test_manager), status=204 ) res = self.testapp.get("/people/%s/subscriptions" % username, {}, oauth2Header(username), status=200) result = json.loads(res.text) self.assertEqual(len(result), 0) def test_unsubscribe_from_public_context_as_plain_user(self): """ Given a plain user When I try to unsubscribe from a public subscription context Then I am not subscribed to the context anymore """ from .mockers import create_context from .mockers import subscribe_context username = "******" self.create_user(username) self.create_context( create_context, permissions=dict(read="subscribed", write="subscribed", subscribe="public", invite="restricted"), ) self.user_subscribe_user_to_context(username, subscribe_context, expect=201) url_hash = sha1(create_context["url"]).hexdigest() self.user_unsubscribe_user_from_context(username, url_hash, expect=204) res = self.testapp.get("/people/%s/subscriptions" % username, {}, oauth2Header(username), status=200) result = json.loads(res.text) self.assertEqual(len(result), 0) def test_unsubscribe_from_public_context_as_admin(self): """ Given a admin user When I try to unsubscribe a plain user from a public subscription context Then I am not subscribed to the context anymore """ from .mockers import create_context from .mockers import subscribe_context username = "******" self.create_user(username) self.create_context( create_context, permissions=dict(read="subscribed", write="subscribed", subscribe="public", invite="restricted"), ) self.user_subscribe_user_to_context(username, subscribe_context, expect=201) url_hash = sha1(create_context["url"]).hexdigest() self.admin_unsubscribe_user_from_context(username, url_hash, expect=204) res = self.testapp.get("/people/%s/subscriptions" % username, {}, oauth2Header(username), status=200) result = json.loads(res.text) self.assertEqual(len(result), 0) def test_change_context_with_same_permissions(self): """ Create a public context, user subscribes to context. Try to update the context with the same permissions. Permissions remain the same NOTE: Test added to catch a bug where modifying a context with the same permissions would crash on a mongodb empty query """ from .mockers import create_context from .mockers import subscribe_context url_hash = sha1(create_context["url"]).hexdigest() username = "******" self.create_user(username) permissions = dict(read="subscribed", write="subscribed", subscribe="public", invite="restricted") self.create_context(create_context, permissions=permissions) self.user_subscribe_user_to_context(username, subscribe_context, expect=201) data = json.dumps({"permissions": permissions}) res = self.testapp.put("/contexts/%s" % url_hash, data, oauth2Header(test_manager), status=200) self.assertEqual(res.json["permissions"]["read"], "subscribed") self.assertEqual(res.json["permissions"]["write"], "subscribed") self.assertEqual(res.json["permissions"]["subscribe"], "public") self.assertEqual(res.json["permissions"]["invite"], "restricted") def test_change_public_context_to_restricted(self): """ Create a public context, user subscribes to context. Change the context to write=restricted, and user fails to write in the context. """ from .mockers import create_context from .mockers import subscribe_context from .mockers import user_status_context url_hash = sha1(create_context["url"]).hexdigest() username = "******" self.create_user(username) self.create_context( create_context, permissions=dict(read="subscribed", write="subscribed", subscribe="public", invite="restricted"), ) self.user_subscribe_user_to_context(username, subscribe_context, expect=201) data = json.dumps({"permissions": {"write": "restricted"}}) res = self.testapp.put("/contexts/%s" % url_hash, data, oauth2Header(test_manager), status=200) self.assertEqual(res.json["permissions"]["read"], "subscribed") self.assertEqual(res.json["permissions"]["write"], "restricted") res = self.create_activity(username, user_status_context, expect=403) def test_change_public_context_to_restricted_preserve_granted_write_permission(self): """ Create a public context, user subscribes to context. Extra grant write permission to the user Change the context to write=restricted, and user still have the write permission """ from .mockers import create_context from .mockers import subscribe_context from .mockers import user_status_context url_hash = sha1(create_context["url"]).hexdigest() username = "******" self.create_user(username) self.create_context( create_context, permissions=dict(read="subscribed", write="subscribed", subscribe="public", invite="restricted"), ) self.user_subscribe_user_to_context(username, subscribe_context, expect=201) permission = "write" res = self.testapp.put( "/contexts/%s/permissions/%s/%s?permanent=1" % (url_hash, username, permission), "", oauth2Header(test_manager), status=201, ) data = json.dumps({"permissions": {"write": "restricted"}}) res = self.testapp.put("/contexts/%s" % url_hash, data, oauth2Header(test_manager), status=200) self.assertEqual(res.json["permissions"]["read"], "subscribed") self.assertEqual(res.json["permissions"]["write"], "restricted") res = self.create_activity(username, user_status_context, expect=201) def test_change_restricted_context_to_susbcribed(self): """ Create a write restricted context, admin subscribes the user to context, but he cannot write Change the context to write subscribed, and user can write to context """ from .mockers import create_context from .mockers import subscribe_context from .mockers import user_status_context url_hash = sha1(create_context["url"]).hexdigest() username = "******" self.create_user(username) self.create_context( create_context, permissions=dict(read="subscribed", write="restricted", subscribe="restricted", invite="restricted"), ) self.admin_subscribe_user_to_context(username, subscribe_context, expect=201) data = json.dumps({"permissions": {"write": "subscribed"}}) res = self.testapp.put("/contexts/%s" % url_hash, data, oauth2Header(test_manager), status=200) self.assertEqual(res.json["permissions"]["read"], "subscribed") self.assertEqual(res.json["permissions"]["write"], "subscribed") res = self.create_activity(username, user_status_context, expect=201) def test_change_restricted_context_to_susbcribed_maintain_write_veto(self): """ Create a write restricted context, admin subscribes the user to context, but he cannot write. Admin also adds a persistent "don't write" veto to this user. Change the context to write subscribed, and user still can't write. """ from .mockers import create_context from .mockers import subscribe_context from .mockers import user_status_context url_hash = sha1(create_context["url"]).hexdigest() username = "******" self.create_user(username) self.create_context( create_context, permissions=dict(read="subscribed", write="restricted", subscribe="restricted", invite="restricted"), ) self.admin_subscribe_user_to_context(username, subscribe_context, expect=201) permission = "write" res = self.testapp.delete( "/contexts/%s/permissions/%s/%s?permanent=1" % (url_hash, username, permission), "", oauth2Header(test_manager), status=201, ) data = json.dumps({"permissions": {"write": "subscribed"}}) res = self.testapp.put("/contexts/%s" % url_hash, data, oauth2Header(test_manager), status=200) self.assertEqual(res.json["permissions"]["read"], "subscribed") self.assertEqual(res.json["permissions"]["write"], "subscribed") res = self.create_activity(username, user_status_context, expect=403)
class PeopleACLTests(unittest.TestCase, MaxTestBase): def setUp(self): conf_dir = os.path.dirname(os.path.dirname(__file__)) self.app = loadapp('config:tests.ini', relative_to=conf_dir) self.app.registry.max_store.drop_collection('users') self.app.registry.max_store.drop_collection('activity') self.app.registry.max_store.drop_collection('contexts') self.app.registry.max_store.drop_collection('security') self.app.registry.max_store.drop_collection('conversations') self.app.registry.max_store.drop_collection('messages') self.app.registry.max_store.security.insert(test_default_security) self.patched_post = patch('requests.post', new=partial(mock_post, self)) self.patched_post.start() self.testapp = MaxTestApp(self) # Add people tests def test_create_person_as_manager(self): """ Given i'm a user that has the Manager role When i try to create a person I succeed """ username = '******' self.testapp.post('/people', json.dumps({"username": username}), headers=oauth2Header(test_manager), status=201) def test_create_person_as_non_manager(self): """ Given i'm user that doesn't have the Manager role When i try to create a person I get a Forbidden exception """ username = '******' other = 'penny' self.testapp.post('/people', json.dumps({"username": other}), headers=oauth2Header(username), status=403) def test_create_person_as_oneself(self): """ Given i'm user that doesn't have the Manager role When i try to create a person I succeed """ username = '******' self.testapp.post('/people', json.dumps({"username": username}), headers=oauth2Header(username), status=201) # View profile tests def test_get_person_as_manager(self): """ Given i'm a user that has the Manager role When i try to view a user profile I succeed """ username = '******' self.create_user(test_manager) self.create_user(username) self.testapp.get('/people/{}'.format(username), "", headers=oauth2Header(test_manager), status=200) def test_get_person_as_non_manager(self): """ Given i'm a user that doesn't have the Manager role When i try to view a user profile I succeed """ username = '******' self.create_user(test_manager) self.create_user(username) self.testapp.get('/people/{}'.format(test_manager), "", headers=oauth2Header(username), status=200) # Get all people def test_get_all_people_as_manager(self): """ Given i'm a user that has the Manager role When i try to get all people I succeed """ self.create_user(test_manager) self.testapp.get('/people', "", headers=oauth2Header(test_manager), status=200) def test_get_all_people_as_non_manager(self): """ Given i'm a user that doesn't have the Manager role When i try to get a visible people listing I suceed """ username = '******' self.create_user(test_manager) self.create_user(username) self.testapp.get('/people', "", headers=oauth2Header(username), status=200) # Modify user tests def test_modify_person_as_manager(self): """ Given i'm a user that has the Manager role When i try to modify a user profile I succeed """ username = '******' self.create_user(test_manager) self.create_user(username) self.testapp.put('/people/{}'.format(username), "", headers=oauth2Header(test_manager), status=200) def test_modify_person_as_non_manager_neither_owner(self): """ Given i'm a user that doesn't have the Manager role When i try to modify a user profile And that person is not me I get a Forbidden Exception """ username = '******' other = 'penny' self.create_user(test_manager) self.create_user(username) self.create_user(other) self.testapp.put('/people/{}'.format(other), "", headers=oauth2Header(username), status=403) def test_modify_person_as_owner(self): """ Given i'm a user that doesn't have the Manager role When i try to modify my own profile I succeed """ username = '******' self.create_user(test_manager) self.create_user(username) self.testapp.put('/people/{}'.format(username), "", headers=oauth2Header(username), status=200) # Delete user tests def test_delete_person_as_manager(self): """ Given i'm a user that has the Manager role When i try to delete a user I succeed """ username = '******' self.create_user(test_manager) self.create_user(username) self.testapp.delete('/people/{}'.format(username), headers=oauth2Header(test_manager), status=204) def test_delete_person_as_non_manager_neither_owner(self): """ Given i'm a user that doesn't have the Manager role When i try to delete a user I get a Forbidden Exception """ username = '******' other = 'penny' self.create_user(test_manager) self.create_user(username) self.create_user(other) self.testapp.delete('/people/{}'.format(other), headers=oauth2Header(username), status=403) def test_delete_person_as_owner(self): """ Given i'm a user that doesn't have the Manager role When i try to delete myself I get a Forbidden Exception """ username = '******' self.create_user(test_manager) self.create_user(username) self.testapp.delete('/people/{}'.format(username), headers=oauth2Header(username), status=403)
class FunctionalTests(unittest.TestCase, MaxTestBase): def setUp(self): conf_dir = os.path.dirname(__file__) self.app = loadapp('config:tests.ini', relative_to=conf_dir) self.reset_database(self.app) self.app.registry.max_store.security.insert(test_default_security) self.patched_post = patch('requests.post', new=partial(mock_post, self)) self.patched_post.start() self.testapp = MaxTestApp(self) self.create_user(test_manager) def tearDown(self): import pyramid.testing pyramid.testing.tearDown() # BEGIN TESTS def test_add_device_token_ios(self): username = '******' token = {'platform': 'ios', 'token': '12345678901234567890123456789012'} self.create_user(username) res = self.testapp.post('/tokens', json.dumps(token), oauth2Header(username), status=201) result = json.loads(res.text) self.assertEqual(result.get('token', ''), token['token']) self.assertEqual(result.get('platform', ''), token['platform']) def test_add_device_token_android(self): username = '******' self.create_user(username) token = {'platform': 'android', 'token': '12345678901234567890123456789012klhsdflajshdfkjashdfoq'} res = self.testapp.post('/tokens', json.dumps(token), oauth2Header(username), status=201) result = json.loads(res.text) self.assertEqual(result.get('token', ''), token['token']) self.assertEqual(result.get('platform', ''), token['platform']) def test_add_device_invalid_platform(self): username = '******' token = {'platform': 'blackberry', 'token': '12345678901234567890123456789012klhsdflajshdfkjashdfoq'} self.create_user(username) self.testapp.post('/tokens', json.dumps(token), oauth2Header(username), status=400) def test_delete_device_token(self): username = '******' token = {'platform': 'ios', 'token': '12345678901234567890123456789012'} self.create_user(username) self.testapp.post('/tokens', json.dumps(token), oauth2Header(username), status=201) self.testapp.delete('/tokens/%s' % (token['token']), "", oauth2Header(username), status=204) def test_add_duplicated_token(self): """ Given i'm a regular user """ sender = 'messi' recipient = 'xavi' self.create_user(sender) self.create_user(recipient) token = {'platform': 'ios', 'token': '12345678901234567890123456789012'} self.testapp.post('/tokens', json.dumps(token), oauth2Header(sender), status=201) sender_tokens = self.testapp.get('/people/{}/tokens/platforms/{}'.format(sender, token['platform']), "", headers=oauth2Header(sender), status=200).json self.assertEqual(len(sender_tokens), 1) self.testapp.post('/tokens', json.dumps(token), oauth2Header(recipient), status=201) sender_tokens = self.testapp.get('/people/{}/tokens/platforms/{}'.format(sender, token['platform']), "", headers=oauth2Header(sender), status=200).json recipient_tokens = self.testapp.get('/people/{}/tokens/platforms/{}'.format(recipient, token['platform']), "", headers=oauth2Header(recipient), status=200).json self.assertEqual(len(sender_tokens), 0) self.assertEqual(len(recipient_tokens), 1) def test_get_pushtokens_for_given_conversations(self): """ doctest .. http:get:: /conversations/{id}/tokens """ from .mockers import message sender = 'messi' recipient = 'xavi' self.create_user(sender) self.create_user(recipient) platform = 'ios' token_sender = '12345678901234567890123456789012' token_recipient = '12345678901234567890123456789013' self.testapp.post('/people/%s/device/%s/%s' % (sender, platform, token_sender), "", oauth2Header(sender), status=201) self.testapp.post('/people/%s/device/%s/%s' % (recipient, platform, token_recipient), "", oauth2Header(recipient), status=201) res = self.testapp.post('/conversations', json.dumps(message), oauth2Header(sender), status=201) conversation_id = res.json['contexts'][0]['id'] res = self.testapp.get('/conversations/%s/tokens' % (conversation_id), '', oauth2Header(test_manager), status=200) self.assertEqual(res.json[0]['platform'], u'ios') self.assertEqual(res.json[0]['token'], u'12345678901234567890123456789013') self.assertEqual(res.json[0]['username'], u'xavi') self.assertEqual(res.json[1]['platform'], u'ios') self.assertEqual(res.json[1]['token'], u'12345678901234567890123456789012') self.assertEqual(res.json[1]['username'], u'messi') self.assertEqual(len(res.json), 2) def test_get_pushtokens_for_given_context(self): """ """ from .mockers import create_context, subscribe_context username = '******' username2 = 'xavi' self.create_user(username) self.create_user(username2) platform = 'ios' token_1 = '12345678901234567890123456789012' token_2 = '12345678901234567890123456789013' self.testapp.post('/people/%s/device/%s/%s' % (username, platform, token_1), "", oauth2Header(username), status=201) self.testapp.post('/people/%s/device/%s/%s' % (username2, platform, token_2), "", oauth2Header(username2), status=201) url_hash = self.create_context(create_context).json['hash'] self.admin_subscribe_user_to_context(username, subscribe_context) res = self.testapp.get('/contexts/%s/tokens' % (url_hash), '', oauth2Header(test_manager), status=200) self.assertEqual(res.json[0]['platform'], u'ios') self.assertEqual(res.json[0]['token'], u'12345678901234567890123456789012') self.assertEqual(res.json[0]['username'], u'messi') self.assertEqual(len(res.json), 1)
class FunctionalTests(unittest.TestCase, MaxTestBase): def setUp(self): conf_dir = os.path.dirname(__file__) self.app = loadapp('config:tests.ini', relative_to=conf_dir) self.reset_database(self.app) self.app.registry.max_store.security.insert(test_default_security) self.patched_post = patch('requests.post', new=partial(mock_post, self)) self.patched_post.start() self.testapp = MaxTestApp(self) self.create_user(test_manager) # BEGIN TESTS def test_create_context_with_notifications(self): """ doctests .. http:post:: /contexts""" from .mockers import create_context_post_notifications as create_context new_context = dict(create_context) res = self.testapp.post('/contexts', json.dumps(new_context), oauth2Header(test_manager), status=201) self.assertEqual(res.json['notifications'], 'posts') def test_delete_context_with_notifications_removes_subscriptions(self): """ """ from .mockers import subscribe_context from .mockers import create_context_post_notifications as create_context from .mockers import user_status_context from hashlib import sha1 username = '******' self.create_user(username) self.create_context(create_context) self.admin_subscribe_user_to_context(username, subscribe_context) self.create_activity(username, user_status_context) url_hash = sha1(create_context['url']).hexdigest() self.testapp.delete('/contexts/%s' % url_hash, "", oauth2Header(test_manager), status=204) res = self.testapp.get('/people/%s' % username, "", oauth2Header(username)) result = json.loads(res.text) self.assertEqual(result.get('username', None), 'messi') self.assertEqual(len(result.get('subscribedTo', [])), 0) return url_hash def test_subscribe_user_to_context_with_notifications(self): """ """ from .mockers import create_context_post_notifications as create_context from .mockers import subscribe_context from hashlib import sha1 username = '******' url_hash = sha1(create_context['url']).hexdigest() self.create_user(username) self.create_context(create_context, permissions=dict(read='public', write='restricted', subscribe='restricted', invite='restricted')) self.testapp.post('/people/%s/subscriptions' % username, json.dumps(subscribe_context), oauth2Header(test_manager), status=201) res = self.testapp.get('/people/%s/subscriptions' % username, json.dumps(subscribe_context), oauth2Header(username), status=200) self.assertEqual(res.json[0]['notifications'], 'posts') return url_hash, username def test_unsubscribe_user_from_context_with_notifications(self): """ """ from .mockers import create_context_post_notifications as create_context from .mockers import subscribe_context from hashlib import sha1 username = '******' url_hash = sha1(create_context['url']).hexdigest() self.create_user(username) self.create_context(create_context, permissions=dict(read='public', write='restricted', subscribe='restricted', invite='restricted')) self.testapp.post('/people/%s/subscriptions' % username, json.dumps(subscribe_context), oauth2Header(test_manager), status=201) res = self.testapp.delete('/people/%s/subscriptions/%s' % (username, url_hash), {}, oauth2Header(test_manager), status=204) res = self.testapp.get('/people/%s/subscriptions' % username, json.dumps(subscribe_context), oauth2Header(username), status=200) self.assertEqual(len(res.json), 0) return url_hash, username def test_post_activity_on_context_with_notifications(self): """ Post an activity to a context which needs the user to be subscribed to read and write and we have previously subscribed the user. """ from .mockers import subscribe_context from .mockers import create_context_post_notifications as create_context from .mockers import user_status_context from hashlib import sha1 username = '******' url_hash = sha1(create_context['url']).hexdigest() self.create_user(username) context_permissions = dict(read='subscribed', write='subscribed', subscribe='restricted', invite='restricted') self.create_context(create_context, permissions=context_permissions) self.admin_subscribe_user_to_context(username, subscribe_context) res = self.create_activity(username, user_status_context) result = json.loads(res.text) self.assertEqual(result.get('actor', None).get('username', None), 'messi') self.assertEqual(result.get('object', None).get('objectType', None), 'note') self.assertEqual(result.get('contexts', None)[0]['url'], subscribe_context['object']['url']) self.assertEqual(result.get('contexts', None)[0]['notifications'], 'posts') return url_hash, username, user_status_context def test_post_comment_with_comments_notification(self): """ doctest .. http:post:: /activities/{activity}/comments """ from .mockers import user_status_context, user_comment from .mockers import subscribe_context from .mockers import create_context_comments_notifications as create_context from hashlib import sha1 username = '******' url_hash = sha1(create_context['url']).hexdigest() self.create_user(username) self.create_context(create_context) self.admin_subscribe_user_to_context(username, subscribe_context) activity = self.create_activity(username, user_status_context) activity = activity.json res = self.testapp.post('/activities/%s/comments' % str(activity.get('id')), json.dumps(user_comment), oauth2Header(username), status=201) result = res.json self.assertEqual(result.get('actor', None).get('username', None), 'messi') self.assertEqual(result.get('object', None).get('objectType', None), 'comment') self.assertEqual(result.get('object', None).get('inReplyTo', None)[0].get('id'), str(activity.get('id'))) # add information needed by rabbit tests return url_hash, username, activity, result
class ActivitiesACLTests(unittest.TestCase, MaxTestBase): def setUp(self): conf_dir = os.path.dirname(os.path.dirname(__file__)) self.app = loadapp('config:tests.ini', relative_to=conf_dir) self.app.registry.max_store.drop_collection('users') self.app.registry.max_store.drop_collection('activity') self.app.registry.max_store.drop_collection('contexts') self.app.registry.max_store.drop_collection('security') self.app.registry.max_store.drop_collection('conversations') self.app.registry.max_store.drop_collection('messages') self.app.registry.max_store.security.insert(test_default_security) self.patched_post = patch('requests.post', new=partial(mock_post, self)) self.patched_post.start() self.testapp = MaxTestApp(self) self.create_user(test_manager) # Favorite activities tests def test_favorite(self): """ Given i'm a regular user When i try to favorite an activity I succeed """ from max.tests.mockers import user_status username = '******' username_not_me = 'xavi' self.create_user(username) self.create_user(username_not_me) res = self.create_activity(username, user_status) activity_id = res.json['id'] self.testapp.post('/activities/%s/favorites' % activity_id, '', oauth2Header(username_not_me), status=201) def test_favorite_impersonate(self): """ Given i'm a regular user When i try to favorite an activity impersonated as another user I get a Forbidden Exception """ from max.tests.mockers import user_status username = '******' username_not_me = 'xavi' self.create_user(username) self.create_user(username_not_me) res = self.create_activity(username, user_status) activity_id = res.json['id'] impersonated_actor = {'actor': {'objectType': 'person', 'username': username}} self.testapp.post('/activities/%s/favorites' % activity_id, json.dumps(impersonated_actor), oauth2Header(username_not_me), status=403) def test_favorite_impersonate_as_manager(self): """ Given i'm a Manager user When i try to favorite an activity impersonated as another user I get a Forbidden Exception """ from max.tests.mockers import user_status username = '******' username_not_me = 'xavi' self.create_user(username) self.create_user(username_not_me) res = self.create_activity(username, user_status) activity_id = res.json['id'] impersonated_actor = {'actor': {'objectType': 'person', 'username': username}} self.testapp.post('/activities/%s/favorites' % activity_id, json.dumps(impersonated_actor), oauth2Header(test_manager), status=201) # Unfavorite activities tests def test_unfavorite(self): """ Given i'm a regular user When i try to unfavorite an activity I succeed """ from max.tests.mockers import user_status username = '******' username_not_me = 'xavi' self.create_user(username) self.create_user(username_not_me) res = self.create_activity(username, user_status) activity_id = res.json['id'] self.testapp.post('/activities/%s/favorites' % activity_id, '', oauth2Header(username_not_me), status=201) self.testapp.delete('/activities/%s/favorites/%s' % (activity_id, username_not_me), '', oauth2Header(username_not_me), status=200) def test_unfavorite_impersonate(self): """ Given i'm a regular user When i try to unfavorite an activity imperonsated as another user I get a Forbidden Exception """ from max.tests.mockers import user_status username = '******' username_not_me = 'xavi' self.create_user(username) self.create_user(username_not_me) res = self.create_activity(username, user_status) activity_id = res.json['id'] self.testapp.post('/activities/%s/favorites' % activity_id, '', oauth2Header(username_not_me), status=201) self.testapp.delete('/activities/%s/favorites/%s' % (activity_id, username_not_me), '', oauth2Header(username), status=403) def test_unfavorite_impersonate_as_manager(self): """ Given i'm a Manager user When i try to un unfavorite an activity impersonated as another user I succeed """ from max.tests.mockers import user_status username = '******' username_not_me = 'xavi' self.create_user(username) self.create_user(username_not_me) res = self.create_activity(username, user_status) activity_id = res.json['id'] self.testapp.post('/activities/%s/favorites' % activity_id, '', oauth2Header(username_not_me), status=201) self.testapp.delete('/activities/%s/favorites/%s' % (activity_id, username_not_me), '', oauth2Header(test_manager), status=200) def test_unfavorite_not_favorited(self): """ Given i'm a regular user When i try to unfavorite an activity And the activity is not favorited yet I get a Forbidden Exception """ from max.tests.mockers import user_status username = '******' username_not_me = 'xavi' self.create_user(username) self.create_user(username_not_me) res = self.create_activity(username, user_status) activity_id = res.json['id'] self.testapp.delete('/activities/%s/favorites/%s' % (activity_id, username_not_me), '', oauth2Header(username_not_me), status=403)
class FunctionalTests(unittest.TestCase, MaxTestBase): def setUp(self): conf_dir = os.path.dirname(__file__) self.app = loadapp('config:tests.ini', relative_to=conf_dir) self.reset_database(self.app) self.app.registry.max_store.security.insert(test_default_security) self.patched_post = patch('requests.post', new=partial(mock_post, self)) self.patched_post.start() self.testapp = MaxTestApp(self) self.create_user(test_manager) # BEGIN TESTS def test_like_activity(self): """ Given a plain user and a regular context When i post an activity in a context Then someone else can like this activity """ from .mockers import user_status_context from .mockers import subscribe_context, create_context username = '******' username_not_me = 'xavi' self.create_user(username) self.create_user(username_not_me) self.create_context(create_context) self.admin_subscribe_user_to_context(username, subscribe_context) self.admin_subscribe_user_to_context(username_not_me, subscribe_context) res = self.create_activity(username, user_status_context) activity_id = res.json['id'] res = self.testapp.post('/activities/%s/likes' % activity_id, '', oauth2Header(username_not_me), status=201) activity = self.testapp.get('/activities/%s' % activity_id, '', oauth2Header(username), status=200) self.assertEqual(res.json['object']['likes'][0]['username'], username_not_me) self.assertEqual(res.json['object']['liked'], True) self.assertEqual(res.json['object']['likesCount'], 1) self.assertEqual(activity.json['likes'][0]['username'], username_not_me) self.assertEqual(activity.json['liked'], False) self.assertEqual(activity.json['likesCount'], 1) def test_like_already_liked_activity(self): """ Given a plain user and a regular context When i post an activity in a context And someone likes this activity Then this someone else can't like twice this activity """ from .mockers import user_status_context from .mockers import subscribe_context, create_context username = '******' username_not_me = 'xavi' self.create_user(username) self.create_user(username_not_me) self.create_context(create_context) self.admin_subscribe_user_to_context(username, subscribe_context) self.admin_subscribe_user_to_context(username_not_me, subscribe_context) res = self.create_activity(username, user_status_context) activity_id = res.json['id'] res = self.testapp.post('/activities/%s/likes' % activity_id, '', oauth2Header(username_not_me), status=201) res = self.testapp.post('/activities/%s/likes' % activity_id, '', oauth2Header(username_not_me), status=200) self.assertEqual(res.json['object']['likes'][0]['username'], username_not_me) self.assertEqual(res.json['object']['liked'], True) self.assertEqual(res.json['object']['likesCount'], 1) def test_unlike_activity(self): """ Given a plain user and a regular context When i post an activity in a context Then i can remove previously like mark from this activity """ from .mockers import user_status_context from .mockers import subscribe_context, create_context username = '******' username_not_me = 'xavi' self.create_user(username) self.create_user(username_not_me) self.create_context(create_context) self.admin_subscribe_user_to_context(username, subscribe_context) self.admin_subscribe_user_to_context(username_not_me, subscribe_context) res = self.create_activity(username, user_status_context) activity_id = res.json['id'] self.testapp.post('/activities/%s/likes' % activity_id, '', oauth2Header(username_not_me), status=201) self.testapp.delete('/activities/%s/likes/%s' % (activity_id, username_not_me), '', oauth2Header(username_not_me), status=204) activity = self.testapp.get('/activities/%s' % activity_id, '', oauth2Header(username), status=200) self.assertEqual(activity.json['likes'], []) self.assertEqual(activity.json['liked'], False) self.assertEqual(activity.json['likesCount'], 0) def test_like_activity_by_various(self): """ Given a plain user and a regular context When i post an activity in a context Then someone else can like this activity and i also can like it """ from .mockers import user_status_context from .mockers import subscribe_context, create_context username = '******' username_not_me = 'xavi' self.create_user(username) self.create_user(username_not_me) self.create_context(create_context) self.admin_subscribe_user_to_context(username, subscribe_context) self.admin_subscribe_user_to_context(username_not_me, subscribe_context) res = self.create_activity(username, user_status_context) activity_id = res.json['id'] res = self.testapp.post('/activities/%s/likes' % activity_id, '', oauth2Header(username_not_me), status=201) res = self.testapp.post('/activities/%s/likes' % activity_id, '', oauth2Header(username), status=201) self.assertEqual(res.json['object']['likes'][0]['username'], username_not_me) self.assertEqual(res.json['object']['likes'][1]['username'], username) self.assertEqual(res.json['object']['liked'], True) self.assertEqual(res.json['object']['likesCount'], 2) def test_unlike_activity_get_other_likes(self): """ Given a plain user and a regular context When i post an activity in a context And varius users like it And someone unlike it Then someone who unlike this activity and the rest of likes remains """ from .mockers import user_status_context from .mockers import subscribe_context, create_context username = '******' username_not_me = 'xavi' self.create_user(username) self.create_user(username_not_me) self.create_context(create_context) self.admin_subscribe_user_to_context(username, subscribe_context) self.admin_subscribe_user_to_context(username_not_me, subscribe_context) res = self.create_activity(username, user_status_context) activity_id = res.json['id'] res = self.testapp.post('/activities/%s/likes' % activity_id, '', oauth2Header(username_not_me), status=201) res = self.testapp.post('/activities/%s/likes' % activity_id, '', oauth2Header(username), status=201) res = self.testapp.delete('/activities/%s/likes/%s' % (activity_id, username_not_me), '', oauth2Header(username_not_me), status=204) activity = self.testapp.get('/activities/%s' % activity_id, '', oauth2Header(username), status=200) self.assertEqual(activity.json['likes'][0]['username'], username) self.assertEqual(activity.json['liked'], True) self.assertEqual(activity.json['likesCount'], 1) def test_likes_sorting_1(self): """ Test without liked objects, sort order must be by descending published date of the activities """ from .mockers import user_status_context from .mockers import subscribe_context, create_context page_size = 3 # Store the ids of all created activities. First is the oldest activities = [] self.create_context(create_context) for i in range(1, 7): username = '******'.format(i) self.create_user(username) self.admin_subscribe_user_to_context(username, subscribe_context) res = self.create_activity(username, user_status_context) activities.append(res.json['id']) firstpage = self.testapp.get('/people/%s/timeline?limit=%d&sort=likes' % ("user1", page_size), "", oauth2Header("user1"), status=200) self.assertEqual(len(firstpage.json), 3) self.assertEqual(firstpage.json[0]['likesCount'], 0) self.assertEqual(firstpage.json[0]['id'], activities[5]) self.assertEqual(firstpage.json[1]['likesCount'], 0) self.assertEqual(firstpage.json[1]['id'], activities[4]) self.assertEqual(firstpage.json[2]['likesCount'], 0) self.assertEqual(firstpage.json[2]['id'], activities[3]) secondpage = self.testapp.get('/people/%s/timeline?sort=likes&limit=%d&before=%s' % ("user1", page_size, activities[3]), "", oauth2Header("user1"), status=200) self.assertEqual(len(secondpage.json), 3) self.assertEqual(secondpage.json[0]['likesCount'], 0) self.assertEqual(secondpage.json[0]['id'], activities[2]) self.assertEqual(secondpage.json[1]['likesCount'], 0) self.assertEqual(secondpage.json[1]['id'], activities[1]) self.assertEqual(secondpage.json[2]['likesCount'], 0) self.assertEqual(secondpage.json[2]['id'], activities[0]) def test_likes_sorting_2(self): """ Test with all activities liked once, sort order must be by descending date of the last time that the activity was liked. """ from .mockers import user_status_context from .mockers import subscribe_context, create_context page_size = 3 # Store the ids of all created activities. First is the oldest activities = [] self.create_context(create_context) # Create 6 users, post an activity with each one and self-like it for i in range(1, 7): username = '******'.format(i) self.create_user(username) self.admin_subscribe_user_to_context(username, subscribe_context) res = self.create_activity(username, user_status_context) activities.append(res.json['id']) self.like_activity(username, activities[0]) self.like_activity(username, activities[3]) self.like_activity(username, activities[1]) self.like_activity(username, activities[5]) self.like_activity(username, activities[4]) self.like_activity(username, activities[2]) firstpage = self.testapp.get('/people/%s/timeline?limit=%d&sort=likes' % ("user1", page_size), "", oauth2Header("user1"), status=200) self.assertEqual(len(firstpage.json), 3) self.assertEqual(firstpage.json[0]['likesCount'], 1) self.assertEqual(firstpage.json[0]['id'], activities[2]) self.assertEqual(firstpage.json[1]['likesCount'], 1) self.assertEqual(firstpage.json[1]['id'], activities[4]) self.assertEqual(firstpage.json[2]['likesCount'], 1) self.assertEqual(firstpage.json[2]['id'], activities[5]) secondpage = self.testapp.get('/people/%s/timeline?sort=likes&limit=%d&before=%s' % ("user1", page_size, activities[5]), "", oauth2Header("user1"), status=200) self.assertEqual(len(secondpage.json), 3) self.assertEqual(secondpage.json[0]['likesCount'], 1) self.assertEqual(secondpage.json[0]['id'], activities[1]) self.assertEqual(secondpage.json[1]['likesCount'], 1) self.assertEqual(secondpage.json[1]['id'], activities[3]) self.assertEqual(secondpage.json[2]['likesCount'], 1) self.assertEqual(secondpage.json[2]['id'], activities[0]) def test_timeline_by_likes_paginated_same_likes_span(self): """ Test likes sorting when activities with the same likes span trough more than one page, having pages with activities with targeted likeCount in the bottom of page, and other on top """ from .mockers import user_status_context from .mockers import subscribe_context, create_context # Store the ids of all created activities. First is the oldest activities = [] self.create_context(create_context) # Create 10 users, subscribe to a context and write a post for each one for i in range(1, 11): username = '******'.format(i) self.create_user(username) self.admin_subscribe_user_to_context(username, subscribe_context) res = self.create_activity(username, user_status_context) activities.append(res.json['id']) # Like activities so activities with 3 likes spans trough pages 1,2 and 3 self.like_activity('user1', activities[0]) self.like_activity('user2', activities[0]) self.like_activity('user3', activities[0]) self.like_activity('user4', activities[0]) self.like_activity('user5', activities[0]) self.like_activity('user1', activities[1]) self.like_activity('user2', activities[1]) self.like_activity('user3', activities[1]) self.like_activity('user4', activities[1]) time.sleep(1) self.like_activity('user1', activities[2]) self.like_activity('user2', activities[2]) self.like_activity('user3', activities[2]) time.sleep(1) self.like_activity('user1', activities[3]) self.like_activity('user2', activities[3]) self.like_activity('user3', activities[3]) time.sleep(1) self.like_activity('user1', activities[4]) self.like_activity('user2', activities[4]) self.like_activity('user3', activities[4]) time.sleep(1) self.like_activity('user1', activities[5]) self.like_activity('user2', activities[5]) self.like_activity('user3', activities[5]) time.sleep(1) self.like_activity('user1', activities[6]) self.like_activity('user2', activities[6]) self.like_activity('user3', activities[6]) self.like_activity('user1', activities[7]) self.like_activity('user2', activities[7]) self.like_activity('user1', activities[8]) firstpage = self.testapp.get('/people/%s/timeline?sort=likes&limit=3' % "user1", "", oauth2Header("user1"), status=200) self.assertEqual(len(firstpage.json), 3) self.assertEqual(firstpage.json[0]['likesCount'], 5) self.assertEqual(firstpage.json[0]['id'], activities[0]) self.assertEqual(firstpage.json[1]['likesCount'], 4) self.assertEqual(firstpage.json[1]['id'], activities[1]) self.assertEqual(firstpage.json[2]['likesCount'], 3) self.assertEqual(firstpage.json[2]['id'], activities[6]) secondpage = self.testapp.get('/people/%s/timeline?sort=likes&limit=3&before=%s' % ("user1", activities[6]), "", oauth2Header("user1"), status=200) self.assertEqual(len(secondpage.json), 3) self.assertEqual(secondpage.json[0]['likesCount'], 3) self.assertEqual(secondpage.json[0]['id'], activities[5]) self.assertEqual(secondpage.json[1]['likesCount'], 3) self.assertEqual(secondpage.json[1]['id'], activities[4]) self.assertEqual(secondpage.json[2]['likesCount'], 3) self.assertEqual(secondpage.json[2]['id'], activities[3]) thirdpage = self.testapp.get('/people/%s/timeline?sort=likes&limit=3&before=%s' % ("user1", activities[3]), "", oauth2Header("user1"), status=200) self.assertEqual(len(thirdpage.json), 3) self.assertEqual(thirdpage.json[0]['likesCount'], 3) self.assertEqual(thirdpage.json[0]['id'], activities[2]) self.assertEqual(thirdpage.json[1]['likesCount'], 2) self.assertEqual(thirdpage.json[1]['id'], activities[7]) self.assertEqual(thirdpage.json[2]['likesCount'], 1) self.assertEqual(thirdpage.json[2]['id'], activities[8]) fourthpage = self.testapp.get('/people/%s/timeline?sort=likes&limit=3&before=%s' % ("user1", activities[8]), "", oauth2Header("user1"), status=200) self.assertEqual(len(fourthpage.json), 1) self.assertEqual(fourthpage.json[0]['likesCount'], 0) self.assertEqual(fourthpage.json[0]['id'], activities[9])
class ConversationsACLTests(unittest.TestCase, MaxTestBase): def setUp(self): conf_dir = os.path.dirname(os.path.dirname(__file__)) self.app = loadapp('config:tests.ini', relative_to=conf_dir) self.app.registry.max_store.drop_collection('users') self.app.registry.max_store.drop_collection('activity') self.app.registry.max_store.drop_collection('contexts') self.app.registry.max_store.drop_collection('security') self.app.registry.max_store.drop_collection('conversations') self.app.registry.max_store.drop_collection('messages') self.app.registry.max_store.security.insert(test_default_security) self.patched_post = patch('requests.post', new=partial(mock_post, self)) self.patched_post.start() self.testapp = MaxTestApp(self) self.create_user(test_manager) # Add conversations tests def test_create_new_conversation(self): """ Given i'm a regular user When I try to create a new conversation Then I succeed """ from max.tests.mockers import message sender = 'messi' recipient = 'xavi' self.create_user(sender) self.create_user(recipient) self.testapp.post('/conversations', json.dumps(message), oauth2Header(sender), status=201) def test_create_new_conversation_as_manager(self): """ Given i'm a Manager When I try to create a new conversation And i'm not in the participants list Then I succeed """ from max.tests.mockers import message sender = 'messi' recipient = 'xavi' self.create_user(sender) self.create_user(recipient) self.testapp.post('/conversations', json.dumps(message), oauth2Header(test_manager), status=201) # View conversation tests def test_view_conversation_as_manager(self): """ Given i'm a Manager When I try to view an existing conversation Then I succeed """ from max.tests.mockers import message sender = 'messi' recipient = 'xavi' self.create_user(sender) self.create_user(recipient) res = self.testapp.post('/conversations', json.dumps(message), oauth2Header(sender), status=201) cid = str(res.json['contexts'][0]['id']) self.testapp.get('/conversations/{}'.format(cid), '', oauth2Header(test_manager), status=200) def test_view_conversation_as_owner(self): """ Given i'm a regular user And i'm the owner of the conversation When I try to view an existing conversation Then I succeed """ from max.tests.mockers import message sender = 'messi' recipient = 'xavi' self.create_user(sender) self.create_user(recipient) res = self.testapp.post('/conversations', json.dumps(message), oauth2Header(sender), status=201) cid = str(res.json['contexts'][0]['id']) self.testapp.get('/conversations/{}'.format(cid), '', oauth2Header(sender), status=200) def test_view_conversation_as_participant(self): """ Given i'm a regular user And i'm a regular conversation participant When I try to view an existing conversation Then I succeed """ from max.tests.mockers import message sender = 'messi' recipient = 'xavi' self.create_user(sender) self.create_user(recipient) res = self.testapp.post('/conversations', json.dumps(message), oauth2Header(sender), status=201) cid = str(res.json['contexts'][0]['id']) self.testapp.get('/conversations/{}'.format(cid), '', oauth2Header(recipient), status=200) def test_view_conversation_as_anyone_else(self): """ Given i'm a regular user And i'm not in the conversation When I try to view an existing conversation Then I get a Forbidden Exception """ from max.tests.mockers import message sender = 'messi' recipient = 'xavi' recipient2 = 'shakira' self.create_user(sender) self.create_user(recipient) self.create_user(recipient2) res = self.testapp.post('/conversations', json.dumps(message), oauth2Header(sender), status=201) cid = str(res.json['contexts'][0]['id']) self.testapp.get('/conversations/{}'.format(cid), '', oauth2Header(recipient2), status=403) # View conversation subscription tests def test_view_conversation_subscription_as_manager(self): """ Given i'm a Manager When I try to view an existing conversation subscription Then I succeed """ from max.tests.mockers import message sender = 'messi' recipient = 'xavi' self.create_user(sender) self.create_user(recipient) res = self.testapp.post('/conversations', json.dumps(message), oauth2Header(sender), status=201) cid = str(res.json['contexts'][0]['id']) self.testapp.get('/people/{}/conversations/{}'.format(sender, cid), '', oauth2Header(test_manager), status=200) def test_view_conversation_subscription_as_owner(self): """ Given i'm a regular user And i'm the owner of the conversation When I try to view an existing conversation subscription Then I succeed """ from max.tests.mockers import message sender = 'messi' recipient = 'xavi' self.create_user(sender) self.create_user(recipient) res = self.testapp.post('/conversations', json.dumps(message), oauth2Header(sender), status=201) cid = str(res.json['contexts'][0]['id']) self.testapp.get('/people/{}/conversations/{}'.format(sender, cid), '', oauth2Header(sender), status=200) def test_view_conversation_subscription_as_participant(self): """ Given i'm a regular user And i'm a regular conversation participant When I try to view my conversation subscription Then I succeed """ from max.tests.mockers import message sender = 'messi' recipient = 'xavi' self.create_user(sender) self.create_user(recipient) res = self.testapp.post('/conversations', json.dumps(message), oauth2Header(sender), status=201) cid = str(res.json['contexts'][0]['id']) self.testapp.get('/people/{}/conversations/{}'.format(recipient, cid), '', oauth2Header(recipient), status=200) def test_view_conversation_subscription_as_other_participant(self): """ Given i'm a regular user And i'm a regular conversation participant When I try to view other's conversation subscription Then I get a Forbidden Exception """ from max.tests.mockers import message sender = 'messi' recipient = 'xavi' self.create_user(sender) self.create_user(recipient) res = self.testapp.post('/conversations', json.dumps(message), oauth2Header(sender), status=201) cid = str(res.json['contexts'][0]['id']) self.testapp.get('/people/{}/conversations/{}'.format(sender, cid), '', oauth2Header(recipient), status=403) def test_view_conversation_subscription_as_anyone_else(self): """ Given i'm a regular user And i'm not in the conversation When I try to view an existing conversation subscription Then I get a Forbidden Exception """ from max.tests.mockers import message sender = 'messi' recipient = 'xavi' recipient2 = 'shakira' self.create_user(sender) self.create_user(recipient) self.create_user(recipient2) res = self.testapp.post('/conversations', json.dumps(message), oauth2Header(sender), status=201) cid = str(res.json['contexts'][0]['id']) self.testapp.get('/people/{}/conversations/{}'.format(recipient, cid), '', oauth2Header(recipient2), status=403) # Get all conversations tests def test_list_all_conversations(self): """ Given i'm a regular user And i'm a regular conversation participant When I try to list all conversations Then I succeed """ from max.tests.mockers import message sender = 'messi' recipient = 'xavi' self.create_user(sender) self.create_user(recipient) self.testapp.post('/conversations', json.dumps(message), oauth2Header(sender), status=201) self.testapp.get('/conversations', '', oauth2Header(sender), status=200) # Modify conversation tests def test_modify_conversation_as_manager(self): """ Given i'm a Manager When I try to modify a conversation Then I succeed """ from max.tests.mockers import message sender = 'messi' recipient = 'xavi' self.create_user(sender) self.create_user(recipient) res = self.testapp.post('/conversations', json.dumps(message), oauth2Header(sender), status=201) cid = str(res.json['contexts'][0]['id']) self.testapp.put('/conversations/{}'.format(cid), '{"displayName": "Nou nom"}', oauth2Header(test_manager), status=200) def test_modify_conversation_as_owner(self): """ Given i'm a regular user And i'm the owner of the conversation When I try to modify a conversation Then I succeed """ from max.tests.mockers import message sender = 'messi' recipient = 'xavi' self.create_user(sender) self.create_user(recipient) res = self.testapp.post('/conversations', json.dumps(message), oauth2Header(sender), status=201) cid = str(res.json['contexts'][0]['id']) self.testapp.put('/conversations/{}'.format(cid), '{"displayName": "Nou nom"}', oauth2Header(sender), status=200) def test_modify_conversation_as_participant(self): """ Given i'm a regular user And i'm a regular conversation participant When I try to modify a conversation Then I get a Forbidden Exception """ from max.tests.mockers import message sender = 'messi' recipient = 'xavi' self.create_user(sender) self.create_user(recipient) res = self.testapp.post('/conversations', json.dumps(message), oauth2Header(sender), status=201) cid = str(res.json['contexts'][0]['id']) self.testapp.put('/conversations/{}'.format(cid), '{"displayName": "Nou nom"}', oauth2Header(recipient), status=403) def test_modify_conversation_as_anyone_else(self): """ Given i'm a regular user And i'm not in the conversation When I try to modify a conversation Then I get a Forbidden Exception """ from max.tests.mockers import message sender = 'messi' recipient = 'xavi' recipient2 = 'shakira' self.create_user(sender) self.create_user(recipient) self.create_user(recipient2) res = self.testapp.post('/conversations', json.dumps(message), oauth2Header(sender), status=201) cid = str(res.json['contexts'][0]['id']) self.testapp.put('/conversations/{}'.format(cid), '{"displayName": "Nou nom"}', oauth2Header(recipient2), status=403) # Delete conversation tests def test_delete_conversation_as_manager(self): """ Given i'm a Manager When I try to delete a conversation Then I succeed """ from max.tests.mockers import message sender = 'messi' recipient = 'xavi' self.create_user(sender) self.create_user(recipient) res = self.testapp.post('/conversations', json.dumps(message), oauth2Header(sender), status=201) cid = str(res.json['contexts'][0]['id']) self.testapp.delete('/conversations/{}'.format(cid), '', oauth2Header(test_manager), status=204) def test_delete_conversation_as_owner(self): """ Given i'm a regular user And i'm the owner of the conversation When I try to delete a conversation Then I succeed """ from max.tests.mockers import message sender = 'messi' recipient = 'xavi' self.create_user(sender) self.create_user(recipient) res = self.testapp.post('/conversations', json.dumps(message), oauth2Header(sender), status=201) cid = str(res.json['contexts'][0]['id']) self.testapp.delete('/conversations/{}'.format(cid), '', oauth2Header(sender), status=204) def test_delete_conversation_as_participant(self): """ Given i'm a regular user And i'm a regular conversation participant When I try to delete a conversation Then I get a Forbidden Exception """ from max.tests.mockers import message sender = 'messi' recipient = 'xavi' self.create_user(sender) self.create_user(recipient) res = self.testapp.post('/conversations', json.dumps(message), oauth2Header(sender), status=201) cid = str(res.json['contexts'][0]['id']) self.testapp.delete('/conversations/{}'.format(cid), '', oauth2Header(recipient), status=403) def test_delete_conversation_as_anyone_else(self): """ Given i'm a regular user And i'm not in the conversation When I try to delete a conversation Then I get a Forbidden Exception """ from max.tests.mockers import message sender = 'messi' recipient = 'xavi' recipient2 = 'shakira' self.create_user(sender) self.create_user(recipient) self.create_user(recipient2) res = self.testapp.post('/conversations', json.dumps(message), oauth2Header(sender), status=201) cid = str(res.json['contexts'][0]['id']) self.testapp.delete('/conversations/{}'.format(cid), '', oauth2Header(recipient2), status=403) # Purge conversations tests def test_delete_all_conversations_as_manager(self): """ Given i'm a Manager When I try to purge all existing conversations Then I succeed """ from max.tests.mockers import message sender = 'messi' recipient = 'xavi' self.create_user(sender) self.create_user(recipient) self.testapp.post('/conversations', json.dumps(message), oauth2Header(sender), status=201) self.testapp.delete('/conversations', '', oauth2Header(test_manager), status=204) def test_delete_all_conversations_as_anyone_else(self): """ Given i'm a regular user When I try to purge all existing conversations Then I get a Forbidden Exception """ from max.tests.mockers import message sender = 'messi' recipient = 'xavi' self.create_user(sender) self.create_user(recipient) self.testapp.post('/conversations', json.dumps(message), oauth2Header(sender), status=201) self.testapp.delete('/conversations', '', oauth2Header(sender), status=403) # Add participant to conversation tests def test_add_participant_as_manager(self): """ Given i'm a Manager When I try to add a new participant to an existing conversation Then I succeed """ from max.tests.mockers import group_message as message sender = 'messi' recipient = 'xavi' recipient2 = 'shakira' recipient3 = 'melendi' self.create_user(sender) self.create_user(recipient) self.create_user(recipient2) self.create_user(recipient3) res = self.testapp.post('/conversations', json.dumps(message), oauth2Header(sender), status=201) cid = str(res.json['contexts'][0]['id']) self.testapp.post('/people/{}/conversations/{}'.format(recipient3, cid), '', oauth2Header(test_manager), status=201) def test_add_participant_as_owner(self): """ Given i'm a regular user And i'm the owner of the conversation When I try to add a new participant to an existing conversation Then I succeed """ from max.tests.mockers import group_message as message sender = 'messi' recipient = 'xavi' recipient2 = 'shakira' recipient3 = 'melendi' self.create_user(sender) self.create_user(recipient) self.create_user(recipient2) self.create_user(recipient3) res = self.testapp.post('/conversations', json.dumps(message), oauth2Header(sender), status=201) cid = str(res.json['contexts'][0]['id']) self.testapp.post('/people/{}/conversations/{}'.format(recipient3, cid), '', oauth2Header(sender), status=201) def test_add_participant_as_participant(self): """ Given i'm a regular user And i'm a regular conversation participant When I try to add a new participant to an existing conversation Then I get a Forbidden Exception """ from max.tests.mockers import group_message as message sender = 'messi' recipient = 'xavi' recipient2 = 'shakira' recipient3 = 'melendi' self.create_user(sender) self.create_user(recipient) self.create_user(recipient2) self.create_user(recipient3) res = self.testapp.post('/conversations', json.dumps(message), oauth2Header(sender), status=201) cid = str(res.json['contexts'][0]['id']) self.testapp.post('/people/{}/conversations/{}'.format(recipient3, cid), '', oauth2Header(recipient), status=403) def test_auto_join(self): """ Given i'm a regular user When I try to add myself as a new participant to an existing conversation Then I get a Forbidden Exception """ from max.tests.mockers import group_message as message sender = 'messi' recipient = 'xavi' recipient2 = 'shakira' recipient3 = 'melendi' self.create_user(sender) self.create_user(recipient) self.create_user(recipient2) self.create_user(recipient3) res = self.testapp.post('/conversations', json.dumps(message), oauth2Header(sender), status=201) cid = str(res.json['contexts'][0]['id']) self.testapp.post('/people/{}/conversations/{}'.format(recipient3, cid), '', oauth2Header(recipient2), status=403) # Delete participant to group conversation tests def test_delete_participant_as_manager(self): """ Given i'm a Manager When I try to delete a new participant from an existing conversation Then I succeed """ from max.tests.mockers import group_message as message sender = 'messi' recipient = 'xavi' recipient2 = 'shakira' self.create_user(sender) self.create_user(recipient) self.create_user(recipient2) res = self.testapp.post('/conversations', json.dumps(message), oauth2Header(sender), status=201) cid = str(res.json['contexts'][0]['id']) self.testapp.delete('/people/{}/conversations/{}'.format(recipient, cid), '', oauth2Header(test_manager), status=204) def test_delete_participant_as_owner(self): """ Given i'm a regular user And i'm the owner of the conversation When I try to delete a participant from an existing conversation Then I succeed """ from max.tests.mockers import group_message as message sender = 'messi' recipient = 'xavi' recipient2 = 'shakira' self.create_user(sender) self.create_user(recipient) self.create_user(recipient2) res = self.testapp.post('/conversations', json.dumps(message), oauth2Header(sender), status=201) cid = str(res.json['contexts'][0]['id']) self.testapp.delete('/people/{}/conversations/{}'.format(recipient2, cid), '', oauth2Header(sender), status=204) def test_delete_participant_as_participant(self): """ Given i'm a regular user And i'm a regular conversation participant When I try to delete a participant from an existing conversation Then I get a Forbidden Exception """ from max.tests.mockers import group_message as message sender = 'messi' recipient = 'xavi' recipient2 = 'shakira' self.create_user(sender) self.create_user(recipient) self.create_user(recipient2) res = self.testapp.post('/conversations', json.dumps(message), oauth2Header(sender), status=201) cid = str(res.json['contexts'][0]['id']) self.testapp.delete('/people/{}/conversations/{}'.format(sender, cid), '', oauth2Header(recipient), status=403) def test_leave_as_owner(self): """ Given i'm the owner of the conversation When I try to leave an existing conversation Then I get a Forbidden Exception """ from max.tests.mockers import group_message as message sender = 'messi' recipient = 'xavi' recipient2 = 'shakira' self.create_user(sender) self.create_user(recipient) self.create_user(recipient2) res = self.testapp.post('/conversations', json.dumps(message), oauth2Header(sender), status=201) cid = str(res.json['contexts'][0]['id']) self.testapp.delete('/people/{}/conversations/{}'.format(sender, cid), '', oauth2Header(sender), status=403) def test_leave(self): """ Given i'm a regular user When I try to leave an existing conversation Then I succeed """ from max.tests.mockers import group_message as message sender = 'messi' recipient = 'xavi' recipient2 = 'shakira' self.create_user(sender) self.create_user(recipient) self.create_user(recipient2) res = self.testapp.post('/conversations', json.dumps(message), oauth2Header(sender), status=201) cid = str(res.json['contexts'][0]['id']) self.testapp.delete('/people/{}/conversations/{}'.format(recipient, cid), '', oauth2Header(recipient), status=204) # Delete participant to two people conversation tests def test_delete_participant_as_manager_in_two_people_conversation(self): """ Given i'm a Manager When I try to delete a new participant from an existing conversation Then I succeed """ from max.tests.mockers import message as creation_message sender = 'messi' recipient = 'xavi' self.create_user(sender) self.create_user(recipient) res = self.testapp.post('/conversations', json.dumps(creation_message), oauth2Header(sender), status=201) cid = str(res.json['contexts'][0]['id']) self.testapp.delete('/people/{}/conversations/{}'.format(recipient, cid), '', oauth2Header(test_manager), status=204) def test_delete_participant_as_owner_in_two_people_conversation(self): """ Given i'm a regular user And i'm the owner of the conversation When I try to delete a participant from an existing conversation Then I get a Forbidden Exception """ from max.tests.mockers import message as creation_message sender = 'messi' recipient = 'xavi' self.create_user(sender) self.create_user(recipient) res = self.testapp.post('/conversations', json.dumps(creation_message), oauth2Header(sender), status=201) cid = str(res.json['contexts'][0]['id']) self.testapp.delete('/people/{}/conversations/{}'.format(recipient, cid), '', oauth2Header(sender), status=403) def test_delete_participant_as_participant_in_two_people_conversation(self): """ Given i'm a regular user And i'm a regular conversation participant When I try to delete a participant from an existing conversation Then I get a Forbidden Exception """ from max.tests.mockers import message as creation_message sender = 'messi' recipient = 'xavi' self.create_user(sender) self.create_user(recipient) res = self.testapp.post('/conversations', json.dumps(creation_message), oauth2Header(sender), status=201) cid = str(res.json['contexts'][0]['id']) self.testapp.delete('/people/{}/conversations/{}'.format(sender, cid), '', oauth2Header(recipient), status=403) def test_leave_as_owner_in_two_people_conversation(self): """ Given i'm the owner of the conversation When I try to leave an existing conversation Then I get a Forbidden Exception """ from max.tests.mockers import message as creation_message sender = 'messi' recipient = 'xavi' self.create_user(sender) self.create_user(recipient) res = self.testapp.post('/conversations', json.dumps(creation_message), oauth2Header(sender), status=201) cid = str(res.json['contexts'][0]['id']) self.testapp.delete('/people/{}/conversations/{}'.format(sender, cid), '', oauth2Header(sender), status=204) def test_leave_in_two_people_conversation(self): """ Given i'm a regular user When I try to leave an existing conversation Then I succeed """ from max.tests.mockers import message as creation_message sender = 'messi' recipient = 'xavi' self.create_user(sender) self.create_user(recipient) res = self.testapp.post('/conversations', json.dumps(creation_message), oauth2Header(sender), status=201) cid = str(res.json['contexts'][0]['id']) self.testapp.delete('/people/{}/conversations/{}'.format(recipient, cid), '', oauth2Header(recipient), status=204) # Transfer ownership tests def test_transfer_ownership_as_manager(self): """ Given i'm a Manager When I try to transfer a conversation to another user Then I succeed """ from max.tests.mockers import group_message as message sender = 'messi' recipient = 'xavi' recipient2 = 'shakira' self.create_user(sender) self.create_user(recipient) self.create_user(recipient2) res = self.testapp.post('/conversations', json.dumps(message), oauth2Header(sender), status=201) cid = str(res.json['contexts'][0]['id']) self.testapp.put('/conversations/{}/owner'.format(cid), json.dumps({'actor': {'username': recipient}}), oauth2Header(test_manager), status=200) def test_transfer_ownership_as_owner(self): """ Given i'm a regular user And i'm the owner of the conversation When I try to transfer a conversation to another user Then I succeed """ from max.tests.mockers import group_message as message sender = 'messi' recipient = 'xavi' recipient2 = 'shakira' self.create_user(sender) self.create_user(recipient) self.create_user(recipient2) res = self.testapp.post('/conversations', json.dumps(message), oauth2Header(sender), status=201) cid = str(res.json['contexts'][0]['id']) self.testapp.put('/conversations/{}/owner'.format(cid), json.dumps({'actor': {'username': recipient}}), oauth2Header(sender), status=200) def test_transfer_ownership_as_participant(self): """ Given i'm a regular user And i'm the owner of the conversation When I try to transfer a conversation to another user Then I succeed """ from max.tests.mockers import group_message as message sender = 'messi' recipient = 'xavi' recipient2 = 'shakira' self.create_user(sender) self.create_user(recipient) self.create_user(recipient2) res = self.testapp.post('/conversations', json.dumps(message), oauth2Header(sender), status=201) cid = str(res.json['contexts'][0]['id']) self.testapp.put('/conversations/{}/owner'.format(cid), json.dumps({'actor': {'username': recipient}}), oauth2Header(recipient), status=403) def test_transfer_ownership_as_anyone_else(self): """ Given i'm a regular user And i'm not in the conversation When I try to transfer a conversation to another user Then I get a Forbidden Exception """ from max.tests.mockers import group_message as message sender = 'messi' recipient = 'xavi' recipient2 = 'shakira' self.create_user(sender) self.create_user(recipient) self.create_user(recipient2) res = self.testapp.post('/conversations', json.dumps(message), oauth2Header(sender), status=201) cid = str(res.json['contexts'][0]['id']) self.testapp.put('/conversations/{}/owner'.format(cid), json.dumps({'actor': {'username': recipient}}), oauth2Header(recipient2), status=403)
class FunctionalTests(unittest.TestCase, MaxTestBase): def setUp(self): conf_dir = os.path.dirname(__file__) self.app = loadapp('config:tests.ini', relative_to=conf_dir) self.reset_database(self.app) self.app.registry.max_store.security.insert(test_default_security) self.patched_post = patch('requests.post', new=partial(mock_post, self)) self.patched_post.start() self.testapp = MaxTestApp(self) self.create_user(test_manager) # BEGIN TESTS def test_create_activity_with_published_date(self): """ doctest .. http:post:: /people/{username}/activities """ from .mockers import user_status as activity old_activity = deepcopy(activity) old_activity['published'] = '2010-01-01T00:01:30.000Z' username = '******' self.create_user(username) res = self.testapp.post('/people/%s/activities' % username, json.dumps(old_activity), oauth2Header(username), status=201) self.assertEqual(res.json['published'], '2010-01-01T00:01:30Z') def test_create_activity_with_invalid_json(self): """ doctest .. http:post:: /people/{username}/activities """ from .mockers import user_status as activity username = '******' self.create_user(username) self.testapp.post('/people/%s/activities' % username, json.dumps(activity)[:-10], oauth2Header(username), status=400) def test_create_activity_check_ownership(self): """ Given a plain user When I post an activity And I am authenticated as myself Then the actor,the creator and the owner must be the same """ from .mockers import user_status as activity username = '******' self.create_user(username) res = self.testapp.post('/people/%s/activities' % username, json.dumps(activity), oauth2Header(username), status=201) self.assertEqual(res.json['actor']['username'], res.json['creator']) self.assertEqual(res.json['owner'], res.json['creator']) def test_get_deletable_mark_for_own_activity(self): """ Given a plain user When i post an activity Then i have the permission to delete it """ from .mockers import user_status as activity username = '******' self.create_user(username) res = self.testapp.post('/people/%s/activities' % username, json.dumps(activity), oauth2Header(username), status=201) res = self.testapp.get('/activities/%s' % res.json['id'], '', oauth2Header(username), status=200) self.assertEqual(res.json['deletable'], True) def test_get_deletable_mark_for_own_activity_in_context(self): """ Given a plain user and a regular context When i post an activity in a context Then i have the permission to delete it """ from .mockers import user_status_context from .mockers import subscribe_context, create_context username = '******' username_not_me = 'xavi' self.create_user(username) self.create_user(username_not_me) self.create_context(create_context) self.admin_subscribe_user_to_context(username, subscribe_context) self.admin_subscribe_user_to_context(username_not_me, subscribe_context) res = self.create_activity(username, user_status_context) res = self.testapp.get('/activities/%s' % res.json['id'], '', oauth2Header(username), status=200) self.assertEqual(res.json['deletable'], True) def test_get_deletable_mark_for_others_activity_in_context(self): """ Given a plain user and a regular context When i post an activity in a context Then i don't have the permission to delete it """ from .mockers import user_status_context from .mockers import subscribe_context, create_context username = '******' username_not_me = 'xavi' self.create_user(username) self.create_user(username_not_me) self.create_context(create_context) self.admin_subscribe_user_to_context(username, subscribe_context) self.admin_subscribe_user_to_context(username_not_me, subscribe_context) res = self.create_activity(username, user_status_context) res = self.testapp.get('/activities/%s' % res.json['id'], '', oauth2Header(username_not_me), status=200) self.assertEqual(res.json['deletable'], False) def test_get_deletable_mark_for_others_activity_in_context_with_deletable_permission(self): """ Given a plain user and context where everyone can delete When another one posts an activity Then i have the permission to delete it """ from .mockers import user_status_context from .mockers import subscribe_context, create_context_deletable_activities username = '******' username_not_me = 'xavi' self.create_user(username) self.create_user(username_not_me) self.create_context(create_context_deletable_activities) self.admin_subscribe_user_to_context(username, subscribe_context) self.admin_subscribe_user_to_context(username_not_me, subscribe_context) res = self.create_activity(username, user_status_context) res = self.testapp.get('/activities/%s' % res.json['id'], '', oauth2Header(username_not_me), status=200) self.assertEqual(res.json['deletable'], True) def test_get_deletable_mark_for_others_activity(self): """ Given a plain user When another user posts an activity Then i don't have the permission to delete it """ from .mockers import user_status as activity username = '******' username2 = 'xavi' self.create_user(username) self.create_user(username2) res = self.testapp.post('/people/%s/activities' % username, json.dumps(activity), oauth2Header(username), status=201) res = self.testapp.get('/activities/%s' % res.json['id'], '', oauth2Header(username2), status=200) self.assertEqual(res.json['deletable'], False) def test_delete_inexistent_activity(self): """ Given a plain user When I try to delete an inexistent activity Then I get a notfound error """ username = '******' self.create_user(username) self.testapp.delete('/activities/%s' % '000000000000000000000000', '', oauth2Header(username), status=404) def test_delete_activity_invalid_id(self): """ Given a plain user When I try to delete an inexistent activity Then I get a notfound error """ username = '******' self.create_user(username) self.testapp.delete('/activities/%s' % 'invalidid', '', oauth2Header(username), status=400) def test_create_activity_check_impersonated_ownership(self): """ Given a admin user When I post an activity in the name of someone else And I am authenticated as an admin user Then the actor and owner will be that someone else And the creator will be the admin user """ from .mockers import user_status as activity username = '******' self.create_user(username) res = self.testapp.post('/people/%s/activities' % username, json.dumps(activity), oauth2Header(test_manager), status=201) self.assertEqual(res.json['actor']['username'], username) self.assertEqual(res.json['creator'], test_manager) self.assertEqual(res.json['owner'], username) def test_create_activity_check_not_duplicate_activity(self): """ Given a admin user When I post an activity in the name of someone else And I try to post the same content twice in less than a minute Then the activity is posted only once """ from .mockers import user_status as activity username = '******' self.create_user(username) self.testapp.post('/people/%s/activities' % username, json.dumps(activity), oauth2Header(test_manager), status=201) self.testapp.post('/people/%s/activities' % username, json.dumps(activity), oauth2Header(test_manager), status=200) def test_create_activity_on_context_check_duplicate_activity(self): """ Given a admin user When I post an activity in the name of someone else on a context And I try to post the same content twice on another context in less than a minute Then the activity is posted again on the new context """ from .mockers import subscribe_contextA, create_contextA, user_status_contextA from .mockers import subscribe_contextB, create_contextB, user_status_contextB username = '******' self.create_user(username) self.create_context(create_contextA, permissions=dict(read='subscribed', write='subscribed', subscribe='restricted', invite='restricted')) self.create_context(create_contextB, permissions=dict(read='subscribed', write='subscribed', subscribe='restricted', invite='restricted')) self.admin_subscribe_user_to_context(username, subscribe_contextA) self.admin_subscribe_user_to_context(username, subscribe_contextB) self.testapp.post('/people/%s/activities' % username, json.dumps(user_status_contextA), oauth2Header(test_manager), status=201) self.testapp.post('/people/%s/activities' % username, json.dumps(user_status_contextB), oauth2Header(test_manager), status=201) def test_create_activity_as_context_check_not_duplicated_activity(self): """ Given a admin user When I post an activity in the name of a context And I try to post the same content twice in less than a minute Then the activity is posted only once """ from .mockers import user_status_as_context from .mockers import create_context from hashlib import sha1 self.create_context(create_context) url_hash = sha1(create_context['url']).hexdigest() self.testapp.post('/contexts/%s/activities' % url_hash, json.dumps(user_status_as_context), oauth2Header(test_manager), status=201) self.testapp.post('/contexts/%s/activities' % url_hash, json.dumps(user_status_as_context), oauth2Header(test_manager), status=200) def test_create_activity_as_context_check_ownership(self): """ Given a admin user When I post an activity in the name of a context And I am authenticated as an admin user Then the actor will be that context And the creator and owner will be the admin user """ from .mockers import user_status_as_context from .mockers import create_context from hashlib import sha1 self.create_context(create_context) url_hash = sha1(create_context['url']).hexdigest() res = self.testapp.post('/contexts/%s/activities' % url_hash, json.dumps(user_status_as_context), oauth2Header(test_manager), status=201) self.assertEqual(res.json['actor']['hash'], url_hash) self.assertEqual(res.json['creator'], test_manager) self.assertEqual(res.json['owner'], test_manager) def test_create_activity_default_fields(self): """ Given a plain user When I create an activity Then non-required fields with defaults are set """ from .mockers import user_status as activity username = '******' self.create_user(username) res = self.testapp.post('/people/%s/activities' % username, json.dumps(activity), oauth2Header(username), status=201) self.assertIn('replies', res.json) self.assertIn('generator', res.json) self.assertIn('objectType', res.json) self.assertEqual(res.json['objectType'], 'activity') def test_post_activity_without_context(self): from .mockers import user_status username = '******' self.create_user(username) res = self.create_activity(username, user_status) result = json.loads(res.text) self.assertEqual(result.get('actor', None).get('username', None), 'messi') self.assertEqual(result.get('object', None).get('objectType', None), 'note') self.assertEqual(result.get('contexts', None), None) def test_post_activity_with_unauthorized_context(self): from .mockers import create_contextA from .mockers import user_status_contextA username = '******' self.create_user(username) self.create_context(create_contextA) self.create_activity(username, user_status_contextA, expect=403) def test_post_activity_not_me(self): from .mockers import user_status username = '******' username_not_me = 'xavi' self.create_user(username) self.create_user(username_not_me) self.create_activity(username_not_me, user_status, oauth_username=username, expect=403) def test_post_activity_non_existent_user(self): from .mockers import user_status username = '******' res = self.create_activity(username, user_status, expect=400) result = json.loads(res.text) self.assertEqual(result.get('error', None), 'UnknownUserError') def test_get_activity(self): """ doctest .. http:get:: /people/{username}/activities """ from .mockers import user_status username = '******' self.create_user(username) self.create_activity(username, user_status) res = self.testapp.get('/people/%s/activities' % username, "", oauth2Header(username), status=200) result = json.loads(res.text) self.assertEqual(len(result), 1) self.assertEqual(result[0].get('actor', None).get('username'), 'messi') self.assertEqual(result[0].get('object', None).get('objectType', None), 'note') def test_get_activities(self): from .mockers import context_query from .mockers import user_status_context from .mockers import subscribe_context, create_context username = '******' username_not_me = 'xavi' self.create_user(username) self.create_user(username_not_me) self.create_context(create_context) self.admin_subscribe_user_to_context(username, subscribe_context) self.admin_subscribe_user_to_context(username_not_me, subscribe_context) self.create_activity(username, user_status_context) self.create_activity(username_not_me, user_status_context) res = self.testapp.get('/contexts/%s/activities' % (context_query['context']), '', oauth2Header(username), status=200) result = json.loads(res.text) self.assertEqual(len(result), 2) self.assertEqual(result[0].get('actor', None).get('username'), 'xavi') self.assertEqual(result[0].get('object', None).get('objectType', None), 'note') self.assertEqual(result[0].get('contexts', None)[0]['url'], subscribe_context['object']['url']) self.assertEqual(result[1].get('actor', None).get('username'), 'messi') self.assertEqual(result[1].get('object', None).get('objectType', None), 'note') self.assertEqual(result[1].get('contexts', None)[0]['url'], subscribe_context['object']['url']) def test_get_activities_does_not_show_private_fields(self): """ Given a plain user When I search for activities of a context Then i don't have to see any private fields """ from .mockers import context_query from .mockers import user_status_context from .mockers import subscribe_context, create_context username = '******' self.create_user(username) self.create_context(create_context) self.admin_subscribe_user_to_context(username, subscribe_context) self.create_activity(username, user_status_context) res = self.testapp.get('/contexts/%s/activities' % (context_query['context']), '', oauth2Header(username), status=200) self.assertEqual(len(res.json), 1) self.assertNotIn('_keywords', res.json[0]['object']) def test_get_activities_from_inexistent_context(self): username = '******' self.create_user(username) self.testapp.get('/contexts/%s/activities'.format('01234567890abcdef01234567890abcdef012345'), '', oauth2Header(username), status=404) def test_get_activities_from_recursive_contexts(self): """ Create 3 contexts, one parent and two childs The parent context is public-readable, the two childs require subscription Create 2 users, messi subscribed to contextA and xavi to both A and B Messi querying all activities from parent context, should only get the activity created in contextA Xavi querying all activities from parent context, should get the activities from both contexts """ from .mockers import context_query from .mockers import create_context from .mockers import subscribe_contextA, create_contextA, user_status_contextA from .mockers import subscribe_contextB, create_contextB, user_status_contextB username = '******' username_not_me = 'xavi' self.create_user(username) self.create_user(username_not_me) self.create_context(create_context, permissions=dict(read='public', write='restricted', subscribe='restricted', invite='restricted')) self.create_context(create_contextA, permissions=dict(read='subscribed', write='subscribed', subscribe='restricted', invite='restricted')) self.create_context(create_contextB, permissions=dict(read='subscribed', write='subscribed', subscribe='restricted', invite='restricted')) self.admin_subscribe_user_to_context(username, subscribe_contextA) self.admin_subscribe_user_to_context(username_not_me, subscribe_contextA) self.admin_subscribe_user_to_context(username_not_me, subscribe_contextB) self.create_activity(username, user_status_contextA) self.create_activity(username_not_me, user_status_contextA) self.create_activity(username_not_me, user_status_contextB) res = self.testapp.get('/contexts/%s/activities' % (context_query['context']), '', oauth2Header(username), status=200) result = json.loads(res.text) self.assertEqual(len(result), 2) self.assertEqual(result[0].get('actor', None).get('username'), 'xavi') self.assertEqual(result[0].get('object', None).get('objectType', None), 'note') self.assertEqual(result[0].get('contexts', None)[0]['url'], subscribe_contextA['object']['url']) self.assertEqual(result[1].get('actor', None).get('username'), 'messi') self.assertEqual(result[1].get('object', None).get('objectType', None), 'note') self.assertEqual(result[1].get('contexts', None)[0]['url'], subscribe_contextA['object']['url']) res = self.testapp.get('/contexts/%s/activities' % (context_query['context']), '', oauth2Header(username_not_me), status=200) result = json.loads(res.text) self.assertEqual(len(result), 3) self.assertEqual(result[0].get('actor', None).get('username'), 'xavi') self.assertEqual(result[0].get('object', None).get('objectType', None), 'note') self.assertEqual(result[0].get('contexts', None)[0]['url'], subscribe_contextB['object']['url']) self.assertEqual(result[1].get('actor', None).get('username'), 'xavi') self.assertEqual(result[1].get('object', None).get('objectType', None), 'note') self.assertEqual(result[1].get('contexts', None)[0]['url'], subscribe_contextA['object']['url']) self.assertEqual(result[2].get('actor', None).get('username'), 'messi') self.assertEqual(result[2].get('object', None).get('objectType', None), 'note') self.assertEqual(result[2].get('contexts', None)[0]['url'], subscribe_contextA['object']['url']) def test_get_activities_from_recursive_public_contexts(self): from .mockers import context_query from .mockers import create_context from .mockers import subscribe_contextA, create_contextA, user_status_contextA from .mockers import subscribe_contextB, create_contextB, user_status_contextB username = '******' username_not_me = 'xavi' self.create_user(username) self.create_user(username_not_me) self.create_context(create_context, permissions=dict(read='public', write='restricted', subscribe='restricted', invite='restricted')) self.create_context(create_contextA, permissions=dict(read='public', write='subscribed', subscribe='restricted', invite='restricted')) self.create_context(create_contextB, permissions=dict(read='public', write='subscribed', subscribe='restricted', invite='restricted')) self.admin_subscribe_user_to_context(username_not_me, subscribe_contextA) self.admin_subscribe_user_to_context(username_not_me, subscribe_contextB) self.create_activity(username_not_me, user_status_contextA) self.create_activity(username_not_me, user_status_contextB) res = self.testapp.get('/contexts/%s/activities' % (context_query['context']), '', oauth2Header(username), status=200) result = json.loads(res.text) self.assertEqual(len(result), 2) def test_get_activities_from_recursive_public_contexts_filtered_by_tags(self): from .mockers import context_query from .mockers import create_context from .mockers import subscribe_contextA, create_contextA, user_status_contextA from .mockers import subscribe_contextB, create_contextB, user_status_contextB username = '******' username_not_me = 'xavi' self.create_user(username) self.create_user(username_not_me) self.create_context(create_context, permissions=dict(read='public', write='restricted', subscribe='restricted', invite='restricted')) self.create_context(create_contextA, permissions=dict(read='public', write='subscribed', subscribe='restricted', invite='restricted')) self.create_context(create_contextB, permissions=dict(read='public', write='subscribed', subscribe='restricted', invite='restricted')) self.admin_subscribe_user_to_context(username_not_me, subscribe_contextA) self.admin_subscribe_user_to_context(username_not_me, subscribe_contextB) self.create_activity(username_not_me, user_status_contextA) self.create_activity(username_not_me, user_status_contextB) res = self.testapp.get('/contexts/%s/activities' % (context_query['context']), {'context_tags': ['Assignatura', '']}, oauth2Header(username), status=200) result = json.loads(res.text) self.assertEqual(len(result), 1) def test_get_activities_from_recursive_subscribed_contexts(self): from .mockers import context_query from .mockers import create_context from .mockers import subscribe_contextA, create_contextA, user_status_contextA from .mockers import subscribe_contextB, create_contextB, user_status_contextB username = '******' username_not_me = 'xavi' self.create_user(username) self.create_user(username_not_me) self.create_context(create_context, permissions=dict(read='subscribed', write='restricted', subscribe='restricted', invite='restricted')) self.create_context(create_contextA, permissions=dict(read='subscribed', write='subscribed', subscribe='restricted', invite='restricted')) self.create_context(create_contextB, permissions=dict(read='subscribed', write='subscribed', subscribe='restricted', invite='restricted')) self.admin_subscribe_user_to_context(username_not_me, subscribe_contextA) self.admin_subscribe_user_to_context(username_not_me, subscribe_contextB) self.create_activity(username_not_me, user_status_contextA) self.create_activity(username_not_me, user_status_contextB) self.testapp.get('/contexts/%s/activities' % (context_query['context']), '', oauth2Header(username), status=403) def test_post_activity_with_generator(self): """ Post an activity to a context which allows everyone to read and write """ from .mockers import subscribe_context, create_context from .mockers import user_status_context_generator username = '******' self.create_user(username) self.create_context(create_context) self.admin_subscribe_user_to_context(username, subscribe_context) res = self.create_activity(username, user_status_context_generator) result = json.loads(res.text) self.assertEqual(result.get('actor', None).get('username', None), 'messi') self.assertEqual(result.get('object', None).get('objectType', None), 'note') self.assertEqual(result.get('contexts', None)[0]['url'], subscribe_context['object']['url']) self.assertEqual(result.get('generator', None), user_status_context_generator['generator']) def test_get_timeline_no_activities(self): """ doctest .. http:get:: /people/{username}/timeline """ username = '******' self.create_user(username) res = self.testapp.get('/people/%s/timeline' % username, "", oauth2Header(username), status=200) result = json.loads(res.text) self.assertEqual(len(result), 0) def test_get_timeline(self): """ doctest .. http:get:: /people/{username}/timeline """ from .mockers import user_status, user_status_context, user_status_contextA from .mockers import subscribe_context, subscribe_contextA from .mockers import create_context, create_contextA username = '******' self.create_user(username) self.create_context(create_context) self.create_context(create_contextA) self.admin_subscribe_user_to_context(username, subscribe_context) self.admin_subscribe_user_to_context(username, subscribe_contextA) self.create_activity(username, user_status) self.create_activity(username, user_status_context) self.create_activity(username, user_status_contextA) res = self.testapp.get('/people/%s/timeline' % username, "", oauth2Header(username), status=200) result = json.loads(res.text) self.assertEqual(len(result), 3) self.assertEqual(result[0].get('actor', None).get('username'), 'messi') self.assertEqual(result[0].get('object', None).get('objectType', None), 'note') self.assertEqual(result[0].get('contexts', None)[0]['url'], subscribe_contextA['object']['url']) self.assertEqual(result[1].get('actor', None).get('username'), 'messi') self.assertEqual(result[1].get('object', None).get('objectType', None), 'note') self.assertEqual(result[1].get('contexts', None)[0]['url'], subscribe_context['object']['url']) def test_get_timeline_does_not_show_private_fields(self): """ Given a plain user When I search for activities in timeline Then i don't have to see any private fields """ from .mockers import user_status username = '******' self.create_user(username) self.create_activity(username, user_status) res = self.testapp.get('/people/%s/timeline' % username, "", oauth2Header(username), status=200) self.assertEqual(len(res.json), 1) self.assertNotIn('_keywords', res.json[0]['object']) def test_get_generated_activities_from_another_user(self): """ Given a plain user When i search for the generated activities of another user Then i get only the ones posted contextless And the ones posted to shared contexts And the ones posted on public-readable contexts And i don't get any posted on a non-shared context And i don't get any posted by other users but the requested """ from .mockers import user_status, user_status_context, user_status_contextA, user_status_contextB from .mockers import subscribe_context, subscribe_contextA, subscribe_contextB from .mockers import create_context, create_contextA, create_contextB username1 = 'sheldon' username2 = 'penny' username3 = 'leonard' context_permissions = {'write': 'subscribed', 'read': 'subscribed'} self.create_user(username1) self.create_user(username2) self.create_user(username3) self.create_context(create_context, permissions=context_permissions) self.create_context(create_contextA, permissions=context_permissions) self.create_context(create_contextB) # Shared context betweetn user 1 and 2 and 3 self.admin_subscribe_user_to_context(username1, subscribe_context) self.admin_subscribe_user_to_context(username2, subscribe_context) self.admin_subscribe_user_to_context(username3, subscribe_context) # Contexts only visible by user 1, but B is read-public self.admin_subscribe_user_to_context(username1, subscribe_contextA) self.admin_subscribe_user_to_context(username1, subscribe_contextB) self.create_activity(username1, user_status) self.create_activity(username1, user_status_context) self.create_activity(username1, user_status_contextA) self.create_activity(username1, user_status_contextB) self.create_activity(username3, user_status) self.create_activity(username3, user_status_context) res = self.testapp.get('/people/%s/activities' % username1, "", oauth2Header(username2), status=200) self.assertEqual(res.json[0]['contexts'][0]['url'], create_contextB['url']) self.assertEqual(res.json[1]['contexts'][0]['url'], create_context['url']) self.assertEqual(res.json[2].get('contexts'), None) self.assertEqual(len(res.json), 3)
class FunctionalTests(unittest.TestCase, MaxTestBase): def setUp(self): conf_dir = os.path.dirname(__file__) self.app = loadapp("config:tests.ini", relative_to=conf_dir) self.reset_database(self.app) self.app.registry.max_store.security.insert(test_default_security) self.patched_post = patch("requests.post", new=partial(mock_post, self)) self.patched_post.start() self.testapp = MaxTestApp(self) self.create_user(test_manager) # BEGIN TESTS def test_get_deletable_mark_for_own_comment(self): """ """ pass def test_get_deletable_mark_for_others_comment_in_own_activity(self): """ """ pass def test_get_deletable_mark_for_others_comment_in_others_activity(self): """ """ pass def test_post_comment_timeline(self): """ doctest .. http:post:: /activities/{activity}/comments """ from .mockers import user_status, user_comment username = "******" self.create_user(username) activity = self.create_activity(username, user_status) activity = activity.json res = self.testapp.post( "/activities/%s/comments" % str(activity.get("id")), json.dumps(user_comment), oauth2Header(username), status=201, ) result = res.json self.assertEqual(result.get("actor", None).get("username", None), "messi") self.assertEqual(result.get("object", None).get("objectType", None), "comment") self.assertEqual(result.get("object", None).get("inReplyTo", None)[0].get("id"), str(activity.get("id"))) def test_post_comment_on_context(self): """ doctest .. http:post:: /activities/{activity}/comments """ from .mockers import user_status_context, user_comment from .mockers import subscribe_context, create_context username = "******" self.create_user(username) self.create_context(create_context) self.admin_subscribe_user_to_context(username, subscribe_context) activity = self.create_activity(username, user_status_context) activity = activity.json res = self.testapp.post( "/activities/%s/comments" % str(activity.get("id")), json.dumps(user_comment), oauth2Header(username), status=201, ) result = res.json self.assertEqual(result.get("actor", None).get("username", None), "messi") self.assertEqual(result.get("object", None).get("objectType", None), "comment") self.assertEqual(result.get("object", None).get("inReplyTo", None)[0].get("id"), str(activity.get("id"))) def test_get_comments(self): """ doctest .. http:get:: /activities/{activity}/comments """ from .mockers import user_status, user_comment from .mockers import subscribe_context, create_context username = "******" self.create_user(username) self.create_context(create_context) self.admin_subscribe_user_to_context(username, subscribe_context) activity = self.create_activity(username, user_status) activity = activity.json res = self.testapp.post( "/activities/%s/comments" % str(activity.get("id")), json.dumps(user_comment), oauth2Header(username), status=201, ) res = self.testapp.get( "/activities/%s/comments" % str(activity.get("id")), "", oauth2Header(username), status=200 ) result = res.json self.assertEqual(len(result), 1) self.assertEqual(result[0].get("actor", None).get("username"), "messi") self.assertEqual(result[0].get("objectType", None), "comment") def test_get_comments_for_user(self): """ Test get all comments for a user, both timeline and context """ from .mockers import user_status, user_comment from .mockers import subscribe_context, create_context, user_status_context username = "******" self.create_user(username) self.create_context(create_context) self.admin_subscribe_user_to_context(username, subscribe_context) activity = self.create_activity(username, user_status) activity = activity.json res = self.testapp.post( "/activities/%s/comments" % str(activity.get("id")), json.dumps(user_comment), oauth2Header(username), status=201, ) activity2 = self.create_activity(username, user_status_context) activity2 = activity2.json res = self.testapp.post( "/activities/%s/comments" % str(activity2.get("id")), json.dumps(user_comment), oauth2Header(username), status=201, ) res = self.testapp.get("/people/%s/comments" % username, "", oauth2Header(username), status=200) result = res.json self.assertEqual(len(result), 2) self.assertEqual(result[0].get("actor", None).get("username"), "messi") self.assertEqual(result[0].get("verb", None), "comment") self.assertEqual(result[1].get("actor", None).get("username"), "messi") self.assertEqual(result[1].get("verb", None), "comment") def test_delete_own_comment(self): """ Given i'm plain user When i comment an activity Then i can delete it """ from .mockers import user_status, user_comment username = "******" self.create_user(username) activity = self.create_activity(username, user_status) activity = activity.json res = self.testapp.post( "/activities/%s/comments" % str(activity.get("id")), json.dumps(user_comment), oauth2Header(username), status=201, ) comment_id = res.json["id"] res = self.testapp.delete( "/activities/%s/comments/%s" % (str(activity.get("id")), comment_id), "", oauth2Header(username), status=204 ) def test_delete_others_comment_in_own_activity(self): """ Given i'm a plain user When someone else commments on an activity of mine Then I can delete it, 'cause the activity is mine """ from .mockers import user_status, user_comment username = "******" username_not_me = "xavi" self.create_user(username) self.create_user(username_not_me) activity = self.create_activity(username, user_status) activity = activity.json res = self.testapp.post( "/activities/%s/comments" % str(activity.get("id")), json.dumps(user_comment), oauth2Header(username_not_me), status=201, ) comment_id = res.json["id"] res = self.testapp.delete( "/activities/%s/comments/%s" % (str(activity.get("id")), comment_id), "", oauth2Header(username), status=204 ) def test_delete_others_comment_in_others_activity(self): """ Given i'm a plain user When someone else comments on someone else's activity Then i can't delete it """ from .mockers import user_status, user_comment username = "******" username_not_me = "xavi" self.create_user(username) self.create_user(username_not_me) activity = self.create_activity(username_not_me, user_status) activity = activity.json res = self.testapp.post( "/activities/%s/comments" % str(activity.get("id")), json.dumps(user_comment), oauth2Header(username_not_me), status=201, ) comment_id = res.json["id"] res = self.testapp.delete( "/activities/%s/comments/%s" % (str(activity.get("id")), comment_id), "", oauth2Header(username), status=403 )
class TokenACLTests(unittest.TestCase, MaxTestBase): def setUp(self): conf_dir = os.path.dirname(os.path.dirname(__file__)) self.app = loadapp('config:tests.ini', relative_to=conf_dir) self.app.registry.max_store.drop_collection('users') self.app.registry.max_store.drop_collection('activity') self.app.registry.max_store.drop_collection('contexts') self.app.registry.max_store.drop_collection('security') self.app.registry.max_store.drop_collection('conversations') self.app.registry.max_store.drop_collection('messages') self.app.registry.max_store.drop_collection('tokens') self.app.registry.max_store.security.insert(test_default_security) self.patched_post = patch('requests.post', new=partial(mock_post, self)) self.patched_post.start() self.testapp = MaxTestApp(self) self.create_user(test_manager) # Add new token test def test_add_token(self): """ Given i'm a regular user When i try to add a device token I succeed """ from max.tests.mockers import token username = '******' self.create_user(username) self.testapp.post('/tokens', json.dumps(token), headers=oauth2Header(username), status=201) def test_add_token_impersonated(self): """ Given i'm a Manager user When i try to add a device token to someone else I succeed """ from max.tests.mockers import token username = '******' self.create_user(username) self.testapp.post('/tokens', json.dumps(impersonate_payload(token, username)), headers=oauth2Header(test_manager), status=201) def test_add_token_impersonated_no_privileges(self): """ Given i'm a regular user When i try to add a device token to someone else And i'm impersonated as the other user I get a Forbidden Exception """ from max.tests.mockers import token username = '******' username2 = 'penny' self.create_user(username) self.create_user(username2) self.testapp.post('/tokens', json.dumps(impersonate_payload(token, username)), headers=oauth2Header(username2), status=403) # Get all tokens tests def test_get_user_tokens(self): """ Given i'm a regular user When i try to get al my tokens I succeed """ username = '******' self.create_user(username) self.testapp.get('/people/{}/tokens'.format(username), '', headers=oauth2Header(username), status=200) def test_get_user_tokens_as_manager(self): """ Given i'm a regular user When i try to get al my tokens I succeed """ username = '******' self.create_user(username) self.testapp.get('/people/{}/tokens'.format(username), '', headers=oauth2Header(test_manager), status=200) def test_get_user_tokens_as_other(self): """ Given i'm a regular user When i try to get al my tokens I get a Forbidden Exception """ username = '******' other = 'penny' self.create_user(username) self.create_user(other) self.testapp.get('/people/{}/tokens'.format(username), '', headers=oauth2Header(other), status=403) # Get all tokens by platform tests def test_get_user_platform_tokens(self): """ Given i'm a regular user When i try to get al my tokens I succeed """ username = '******' self.create_user(username) self.testapp.get('/people/{}/tokens/platforms/{}'.format(username, 'ios'), '', headers=oauth2Header(username), status=200) def test_get_user_platform_tokens_as_manager(self): """ Given i'm a regular user When i try to get al my tokens I succeed """ username = '******' self.create_user(username) self.testapp.get('/people/{}/tokens/platforms/{}'.format(username, 'ios'), '', headers=oauth2Header(test_manager), status=200) def test_get_user_platform_tokens_as_other(self): """ Given i'm a regular user When i try to get al my tokens I get a Forbidden Exception """ username = '******' other = 'penny' self.create_user(username) self.create_user(other) self.testapp.get('/people/{}/tokens/platforms/{}'.format(username, 'ios'), '', headers=oauth2Header(other), status=403) # Delete token test def test_delete_token(self): """ Given i'm a regular user When i try to add delete a device token I succeed """ from max.tests.mockers import token username = '******' self.create_user(username) self.testapp.post('/tokens', json.dumps(token), headers=oauth2Header(username), status=201) self.testapp.delete('/tokens/{}'.format(token['token']), '', headers=oauth2Header(username), status=204) def test_delete_ohers_token(self): """ Given i'm a regular user When i try to delete someone else's device token I get a Forbidden Exception """ from max.tests.mockers import token username = '******' username2 = 'penny' self.create_user(username) self.create_user(username2) self.testapp.post('/tokens', json.dumps(token), headers=oauth2Header(username), status=201) self.testapp.delete('/tokens/{}'.format(token['token']), '', headers=oauth2Header(username2), status=403) def test_delete_token_impersonated(self): """ Given i'm a Manager user When i try to delete someone else's device token I succeed """ from max.tests.mockers import token username = '******' self.create_user(username) self.testapp.post('/tokens', json.dumps(token), headers=oauth2Header(username), status=201) self.testapp.delete('/tokens/{}'.format(token['token']), json.dumps(impersonate_payload({}, test_manager)), headers=oauth2Header(username), status=204) def test_delete_token_impersonated_no_privileges(self): """ Given i'm a regular user When i try to delete someone else's device token And i'm impersonating as the other user I get a Forbidden Exception """ from max.tests.mockers import token username = '******' username2 = 'penny' self.create_user(username) self.create_user(username2) self.testapp.post('/tokens', json.dumps(token), headers=oauth2Header(username), status=201) self.testapp.delete('/tokens/{}'.format(token['token']), json.dumps(impersonate_payload({}, username2)), headers=oauth2Header(username), status=204) # Delete all user tokens tests def test_delete_user_tokens(self): """ Given i'm a regular user When i try to delete all my tokens I succeed """ username = '******' self.create_user(username) self.testapp.delete('/people/{}/tokens'.format(username), '', headers=oauth2Header(username), status=204) def test_delete_user_tokens_impersonated(self): """ Given i'm a Manager user When i try to delete another user tokens I succeed """ username = '******' self.create_user(username) self.testapp.delete('/people/{}/tokens'.format(username), '', headers=oauth2Header(test_manager), status=204) def test_delete_user_tokens_impersonated_no_privileges(self): """ Given i'm a regular user When i try to delete another user tokens I succeed """ username = '******' username2 = 'penny' self.create_user(username) self.create_user(username2) self.testapp.delete('/people/{}/tokens'.format(username), '', headers=oauth2Header(username2), status=403) # Delete all user tokens by platform tests def test_delete_user_tokens_by_platform(self): """ Given i'm a regular user When i try to delete all my tokens by platform I succeed """ username = '******' self.create_user(username) self.testapp.delete('/people/{}/tokens/platforms/{}'.format(username, 'ios'), '', headers=oauth2Header(username), status=204) def test_delete_user_tokens_by_platform_impersonated(self): """ Given i'm a Manager user When i try to delete another user tokens by platform I succeed """ username = '******' self.create_user(username) self.testapp.delete('/people/{}/tokens/platforms/{}'.format(username, 'ios'), '', headers=oauth2Header(test_manager), status=204) def test_delete_user_tokens_by_platform_impersonated_no_privileges(self): """ Given i'm a regular user When i try to delete another user tokens by platform I succeed """ username = '******' username2 = 'penny' self.create_user(username) self.create_user(username2) self.testapp.delete('/people/{}/tokens/platforms/{}'.format(username, 'ios'), '', headers=oauth2Header(username2), status=403) # Get conversation user's tokens tests def test_get_conversation_tokens_as_manager(self): """ Given i'm a Manager user When i try to list all tokens of users of a conversation I succeed """ from max.tests.mockers import message username = '******' username2 = 'xavi' self.create_user(username) self.create_user(username2) chash = self.testapp.post('/conversations', json.dumps(message), oauth2Header(username), status=201).json['id'] self.testapp.get('/conversations/{}/tokens'.format(chash), '', headers=oauth2Header(test_manager), status=200) def test_get_conversation_tokens_as_anyone_else(self): """ Given i'm a regular user When i try to list all tokens of users of a conversation I get a Forbidden Exception """ from max.tests.mockers import message username = '******' username2 = 'xavi' self.create_user(username) self.create_user(username2) chash = self.testapp.post('/conversations', json.dumps(message), oauth2Header(username), status=201).json['id'] self.testapp.get('/conversations/{}/tokens'.format(chash), '', headers=oauth2Header(username), status=403) # Get context user's tokens tests def test_get_context_tokens_as_manager(self): """ Given i'm a Manager user When i try to list all tokens of users subscribed to a context I succeed """ from max.tests.mockers import create_context chash = self.create_context(create_context).json['hash'] self.testapp.get('/contexts/{}/tokens'.format(chash), '', headers=oauth2Header(test_manager), status=200) def test_get_context_tokens_as_anyone_else(self): """ Given i'm a regular user When i try to list all tokens of users subscribed to a context I get a Forbidden Exception """ from max.tests.mockers import create_context username = '******' self.create_user(username) chash = self.create_context(create_context).json['hash'] self.testapp.get('/contexts/{}/tokens'.format(chash), '', headers=oauth2Header(username), status=403)
class SubscriptionsACLTests(unittest.TestCase, MaxTestBase): def setUp(self): conf_dir = os.path.dirname(os.path.dirname(__file__)) self.app = loadapp('config:tests.ini', relative_to=conf_dir) self.app.registry.max_store.drop_collection('users') self.app.registry.max_store.drop_collection('activity') self.app.registry.max_store.drop_collection('contexts') self.app.registry.max_store.drop_collection('security') self.app.registry.max_store.drop_collection('conversations') self.app.registry.max_store.drop_collection('messages') self.app.registry.max_store.security.insert(test_default_security) self.patched_post = patch('requests.post', new=partial(mock_post, self)) self.patched_post.start() self.testapp = MaxTestApp(self) self.create_user(test_manager) # Create subscription tests def test_subscribe_user_to_context_as_manager(self): """ Given i'm a user that has the Manager role When i try to get subscribe another user to a context I succeed """ from max.tests.mockers import create_context, subscribe_context username = '******' self.create_user(username) self.create_context(create_context) self.admin_subscribe_user_to_context(username, subscribe_context, expect=201) def test_subscribe_user_to_context_as_context_owner(self): """ Given i'm a user that doesn't have the Manager role And i'm the owner of the context When i try to subscribe another user to a context I succeed """ from max.tests.mockers import create_context, subscribe_context username = '******' other = 'penny' self.create_user(username) self.create_user(other) self.create_context(create_context, owner=username) self.user_subscribe_user_to_context(other, subscribe_context, auth_user=username, expect=201) def test_self_subscribe_to_public_context_as_non_manager(self): """ Given i'm a user that doesn't have the Manager role When i try to subscribe myself to a public subscription context I succeed """ from max.tests.mockers import create_context, subscribe_context username = '******' self.create_user(username) self.create_context(create_context, permissions={'subscribe': 'public'}) self.user_subscribe_user_to_context(username, subscribe_context, expect=201) def test_self_subscribe_to_restricted_context_as_non_manager(self): """ Given i'm a user that doesn't have the Manager role When i try to subscribe myself to a restricted subscription context I succeed """ from max.tests.mockers import create_context, subscribe_context username = '******' self.create_user(username) self.create_context(create_context, permissions={'subscribe': 'restricted'}) self.user_subscribe_user_to_context(username, subscribe_context, expect=403) def test_subscribe_user_to_restricted_context_as_non_manager(self): """ Given i'm a user that doesn't have the Manager role When i try to subscribe another user to a restricted subscription context I get a Forbidden exception """ from max.tests.mockers import create_context, subscribe_context username = '******' other = 'penny' self.create_user(username) self.create_user(other) self.create_context(create_context, permissions={'subscribe': 'restricted'}) self.user_subscribe_user_to_context(username, subscribe_context, expect=403) def test_subscribe_user_to_public_context_as_non_manager(self): """ Given i'm a user that doesn't have the Manager role When i try to subscribe another user to a public subscription context I get a Forbidden exception """ from max.tests.mockers import create_context, subscribe_context username = '******' other = 'penny' self.create_user(username) self.create_user(other) self.create_context(create_context, permissions={'subscribe': 'public'}) self.user_subscribe_user_to_context(other, subscribe_context, auth_user=username, expect=403) # Unsubscribe tests def test_unsubscribe_user_from_context_as_manager(self): """ Given i'm a user that has the Manager role When i try to unsubscribe another user from to a context I succeed """ from max.tests.mockers import create_context, subscribe_context username = '******' self.create_user(username) self.create_context(create_context, permissions={'unsubscribe': 'restricted'}) chash = sha1(subscribe_context['object']['url']).hexdigest() self.admin_subscribe_user_to_context(username, subscribe_context, expect=201) self.admin_unsubscribe_user_from_context(username, chash, expect=204) def test_unsubscribe_user_from_context_as_context_owner(self): """ Given i'm a user that doesn't have the Manager role And i'm the owner of the context When i try to unsubscribe another user from to a context I succeed """ from max.tests.mockers import create_context, subscribe_context username = '******' other = 'penny' self.create_user(username) self.create_user(other) self.create_context(create_context, permissions={'unsubscribe': 'restricted'}, owner=username) chash = sha1(subscribe_context['object']['url']).hexdigest() self.admin_subscribe_user_to_context(username, subscribe_context, expect=201) self.admin_subscribe_user_to_context(other, subscribe_context, expect=201) self.user_unsubscribe_user_from_context(other, chash, auth_user=username, expect=204) def test_self_unsubscribe_user_from_context_as_non_manager(self): """ Given i'm a user that doesn't have the Manager role When i try to unsubscribe another user from to a context I get a Forbidden Exception """ from max.tests.mockers import create_context, subscribe_context username = '******' other = 'penny' self.create_user(username) self.create_user(other) self.create_context(create_context, permissions={'unsubscribe': 'restricted'}) chash = sha1(subscribe_context['object']['url']).hexdigest() self.admin_subscribe_user_to_context(username, subscribe_context, expect=201) self.user_unsubscribe_user_from_context(username, chash, auth_user=other, expect=403) def test_unsubscribe_user_from_context_allowed_unsubscribe_as_non_manager(self): """ Given i'm a user that doesn't have the Manager role And i have permission to unsubscribe myself When i try to unsubscribe myself from the context I succeed """ from max.tests.mockers import create_context, subscribe_context username = '******' self.create_user(username) self.create_context(create_context, permissions={'unsubscribe': 'subscribed'}) chash = sha1(subscribe_context['object']['url']).hexdigest() self.admin_subscribe_user_to_context(username, subscribe_context, expect=201) self.admin_unsubscribe_user_from_context(username, chash, expect=204) def test_unsubscribe_another_user_from_context_allowed_unsubscribe_as_non_manager(self): """ Given i'm a user that doesn't have the Manager role And i have permission to unsubscribe myself When i try to unsubscribe other person from the context I get a Forbidden Exception """ from max.tests.mockers import create_context, subscribe_context username = '******' other = 'penny' self.create_user(username) self.create_user(other) self.create_context(create_context, permissions={'unsubscribe': 'subscribed'}) chash = sha1(subscribe_context['object']['url']).hexdigest() self.admin_subscribe_user_to_context(username, subscribe_context, expect=201) self.admin_subscribe_user_to_context(other, subscribe_context, expect=201) self.user_unsubscribe_user_from_context(username, chash, auth_user=other, expect=403) # Get context subscriptions def test_get_context_subscriptions_as_manager(self): """ Given i'm a user that has the Manager role When i try to get all subscriptions from a context I succeed """ from max.tests.mockers import create_context, subscribe_context username = '******' self.create_user(username) self.create_context(create_context, permissions={'unsubscribe': 'restricted'}) chash = sha1(subscribe_context['object']['url']).hexdigest() self.admin_subscribe_user_to_context(username, subscribe_context, expect=201) self.testapp.get('/contexts/{}/subscriptions'.format(chash), "", headers=oauth2Header(test_manager), status=200) def test_get_context_subscriptions_as_owner(self): """ Given i'm a user that doesn't have the Manager role And i'm the owner of the context When i try to get all subscriptions from a context I succeed """ from max.tests.mockers import create_context, subscribe_context username = '******' other = 'penny' self.create_user(username) self.create_user(other) self.create_context(create_context, permissions={'unsubscribe': 'restricted'}, owner=username) chash = sha1(subscribe_context['object']['url']).hexdigest() self.admin_subscribe_user_to_context(username, subscribe_context, expect=201) self.admin_subscribe_user_to_context(other, subscribe_context, expect=201) self.testapp.get('/contexts/{}/subscriptions'.format(chash), "", headers=oauth2Header(username), status=200) def test_get_context_subscriptions_as_non_manager_neither_owner(self): """ Given i'm a user that doesn't have the Manager role And i'm not the owner of the context When i try to get all subscriptions from a context I get a Forbidden Exception """ from max.tests.mockers import create_context, subscribe_context username = '******' other = 'penny' self.create_user(username) self.create_user(other) self.create_context(create_context, permissions={'unsubscribe': 'restricted'}, owner=username) chash = sha1(subscribe_context['object']['url']).hexdigest() self.admin_subscribe_user_to_context(username, subscribe_context, expect=201) self.admin_subscribe_user_to_context(other, subscribe_context, expect=201) self.testapp.get('/contexts/{}/subscriptions'.format(chash), "", headers=oauth2Header(other), status=403) def test_get_user_subscriptions_as_manager(self): """ Given i'm a user that has the Manager role When i try to get all subscriptions from a user I succeed """ from max.tests.mockers import create_context, subscribe_context username = '******' self.create_user(username) self.create_context(create_context, permissions={'unsubscribe': 'restricted'}) self.admin_subscribe_user_to_context(username, subscribe_context, expect=201) self.testapp.get('/people/{}/subscriptions'.format(username), "", headers=oauth2Header(test_manager), status=200) def test_get_own_user_subscriptions(self): """ Given i'm a user that doesn't have the Manager role When i try to get all my subscriptions I succeed """ from max.tests.mockers import create_context, subscribe_context username = '******' self.create_user(username) self.create_context(create_context, permissions={'unsubscribe': 'restricted'}, owner=username) self.admin_subscribe_user_to_context(username, subscribe_context, expect=201) self.testapp.get('/people/{}/subscriptions'.format(username), "", headers=oauth2Header(username), status=200) def test_get_user_subscriptions_as_non_manager_neither_own(self): """ Given i'm a user that doesn't have the Manager role When i try to get all subscriptions from another user I get a Forbidden Exception """ from max.tests.mockers import create_context, subscribe_context username = '******' other = 'penny' self.create_user(username) self.create_user(other) self.create_context(create_context, permissions={'unsubscribe': 'restricted'}, owner=username) self.admin_subscribe_user_to_context(username, subscribe_context, expect=201) self.testapp.get('/people/{}/subscriptions'.format(username), "", headers=oauth2Header(other), status=403) # Test Grant subscription permissions def test_grant_permission_on_subscription_as_manager(self): """ Given i'm a user that has the Manager role When i try to grant a permission on a user's suscription I succeed """ from max.tests.mockers import create_context, subscribe_context url_hash = sha1(create_context['url']).hexdigest() username = '******' self.create_user(username) self.create_context(create_context, permissions={'read': 'subscribed'}) self.admin_subscribe_user_to_context(username, subscribe_context, expect=201) permission = 'write' self.testapp.put('/contexts/%s/permissions/%s/%s?permanent=1' % (url_hash, username, permission), "", oauth2Header(test_manager), status=201) def test_grant_permission_on_subscription_as_context_owner(self): """ Given i'm a user that don't have the Manager role And i'm the owner of the context When i try to grant a permission on a user's suscription I succeed """ from max.tests.mockers import create_context, subscribe_context url_hash = sha1(create_context['url']).hexdigest() username = '******' other = 'penny' self.create_user(username) self.create_user(other) self.create_context(create_context, permissions={'read': 'subscribed'}, owner=username) self.admin_subscribe_user_to_context(other, subscribe_context, expect=201) permission = 'write' self.testapp.put('/contexts/%s/permissions/%s/%s?permanent=1' % (url_hash, other, permission), "", oauth2Header(username), status=201) def test_grant_permission_on_subscription_as_non_manager_nor_owner(self): """ Given i'm a user that don't have the Manager role And i'm not the owner of the context When i try to grant a permission on a user's suscription I get a Forbidden Exception """ from max.tests.mockers import create_context, subscribe_context url_hash = sha1(create_context['url']).hexdigest() username = '******' other = 'penny' self.create_user(username) self.create_user(other) self.create_context(create_context, permissions={'read': 'subscribed'}, owner=username) self.admin_subscribe_user_to_context(other, subscribe_context, expect=201) permission = 'write' self.testapp.put('/contexts/%s/permissions/%s/%s?permanent=1' % (url_hash, other, permission), "", oauth2Header(other), status=403) # Test revoke subscription permissions def test_revoke_permission_on_subscription_as_manager(self): """ Given i'm a user that has the Manager role When i try to revoke a permission on a user's suscription I succeed """ from max.tests.mockers import create_context, subscribe_context url_hash = sha1(create_context['url']).hexdigest() username = '******' self.create_user(username) self.create_context(create_context, permissions={'read': 'subscribed'}) self.admin_subscribe_user_to_context(username, subscribe_context, expect=201) permission = 'write' self.testapp.delete('/contexts/%s/permissions/%s/%s?permanent=1' % (url_hash, username, permission), "", oauth2Header(test_manager), status=201) def test_revoke_permission_on_subscription_as_context_owner(self): """ Given i'm a user that don't have the Manager role And i'm the owner of the context When i try to revoke a permission on a user's suscription I succeed """ from max.tests.mockers import create_context, subscribe_context url_hash = sha1(create_context['url']).hexdigest() username = '******' other = 'penny' self.create_user(username) self.create_user(other) self.create_context(create_context, permissions={'read': 'subscribed'}, owner=username) self.admin_subscribe_user_to_context(other, subscribe_context, expect=201) permission = 'write' self.testapp.delete('/contexts/%s/permissions/%s/%s?permanent=1' % (url_hash, other, permission), "", oauth2Header(username), status=201) def test_revoke_permission_on_subscription_as_non_manager_nor_owner(self): """ Given i'm a user that don't have the Manager role And i'm not the owner of the context When i try to revoke a permission on a user's suscription I get a Forbidden Exception """ from max.tests.mockers import create_context, subscribe_context url_hash = sha1(create_context['url']).hexdigest() username = '******' other = 'penny' self.create_user(username) self.create_user(other) self.create_context(create_context, permissions={'read': 'subscribed'}, owner=username) self.admin_subscribe_user_to_context(other, subscribe_context, expect=201) permission = 'write' self.testapp.delete('/contexts/%s/permissions/%s/%s?permanent=1' % (url_hash, other, permission), "", oauth2Header(other), status=403) # Test revoke subscription permissions def test_reset_permission_defaults_on_subscription_as_manager(self): """ Given i'm a user that has the Manager role When i try to reset all permission on a user's suscription to defaults I succeed """ from max.tests.mockers import create_context, subscribe_context url_hash = sha1(create_context['url']).hexdigest() username = '******' self.create_user(username) self.create_context(create_context, permissions={'read': 'subscribed'}) self.admin_subscribe_user_to_context(username, subscribe_context, expect=201) self.testapp.post('/contexts/%s/permissions/%s/defaults' % (url_hash, username), "", oauth2Header(test_manager), status=200) def test_reset_permission_defaults_on_subscription_as_context_owner(self): """ Given i'm a user that don't have the Manager role And i'm the owner of the context When i try to reset all permission on a user's suscription to defaults I succeed """ from max.tests.mockers import create_context, subscribe_context url_hash = sha1(create_context['url']).hexdigest() username = '******' other = 'penny' self.create_user(username) self.create_user(other) self.create_context(create_context, permissions={'read': 'subscribed'}, owner=username) self.admin_subscribe_user_to_context(other, subscribe_context, expect=201) self.testapp.post('/contexts/%s/permissions/%s/defaults' % (url_hash, other), "", oauth2Header(username), status=200) def test_reset_permission_defaults_on_subscription_as_non_manager_nor_owner(self): """ Given i'm a user that don't have the Manager role And i'm not the owner of the context When i try to reset all permission on a user's suscription to defaults I get a Forbidden Exception """ from max.tests.mockers import create_context, subscribe_context url_hash = sha1(create_context['url']).hexdigest() username = '******' other = 'penny' self.create_user(username) self.create_user(other) self.create_context(create_context, permissions={'read': 'subscribed'}, owner=username) self.admin_subscribe_user_to_context(other, subscribe_context, expect=201) self.testapp.post('/contexts/%s/permissions/%s/defaults' % (url_hash, other), "", oauth2Header(other), status=403)
class ContextACLTests(unittest.TestCase, MaxTestBase): def setUp(self): conf_dir = os.path.dirname(os.path.dirname(__file__)) self.app = loadapp('config:tests.ini', relative_to=conf_dir) self.app.registry.max_store.drop_collection('users') self.app.registry.max_store.drop_collection('activity') self.app.registry.max_store.drop_collection('contexts') self.app.registry.max_store.drop_collection('security') self.app.registry.max_store.drop_collection('conversations') self.app.registry.max_store.drop_collection('messages') self.app.registry.max_store.security.insert(test_default_security) self.patched_post = patch('requests.post', new=partial(mock_post, self)) self.patched_post.start() self.testapp = MaxTestApp(self) # Add context tests def test_add_context_as_manager(self): """ Given a user that has the Manager role When i try to get create a context I succeed """ from max.tests.mockers import create_context self.create_user(test_manager) self.testapp.post('/contexts', json.dumps(create_context), oauth2Header(test_manager), status=201) def test_add_context_as_non_manager(self): """ Given a user that doesn't have the Manager role When i try to create a context I get a Forbidden exception """ from max.tests.mockers import create_context username = '******' self.create_user(username) self.testapp.post('/contexts', json.dumps(create_context), oauth2Header(username), status=403) # View context tests def test_view_context_as_manager_with_acls(self): """ Given i'm a user that has the Manager role When i try to update any context I succeed And I get the acls for that context """ from max.tests.mockers import create_context self.create_user(test_manager) res = self.create_context(create_context) chash = res.json['hash'] res = self.testapp.get('/contexts/%s?show_acls=1' % chash, "", oauth2Header(test_manager), status=200) self.assertGreater(len(res.json['acls']), 0) def test_view_context_as_manager(self): """ Given i'm a user that has the Manager role When i try to update any context I succeed """ from max.tests.mockers import create_context self.create_user(test_manager) res = self.create_context(create_context) chash = res.json['hash'] self.testapp.get('/contexts/%s' % chash, "", oauth2Header(test_manager), status=200) def test_view_context_as_non_manager(self): """ Given i'm a user that has the Manager role When i try to update any context I succeed """ from max.tests.mockers import create_context username = '******' self.create_user(test_manager) self.create_user(username) res = self.create_context(create_context) chash = res.json['hash'] self.testapp.get('/contexts/%s' % chash, "", oauth2Header(username), status=200) # Get all contexts tests def test_get_all_contexts_as_manager(self): """ Given a user that has the Manager role When i try to get all contexts I succeed """ from max.tests.mockers import create_context self.create_user(test_manager) self.create_context(create_context) self.testapp.get('/contexts', "", oauth2Header(test_manager), status=200) def test_get_all_contexts_as_non_manager(self): """ Given a user that doesn't have the Manager role When i try to get all contexts I get a Forbidden exception """ from max.tests.mockers import create_context username = '******' self.create_user(test_manager) self.create_user(username) self.create_context(create_context) self.testapp.get('/contexts', "", oauth2Header(username), status=403) # Modify context tests def test_modify_context_as_manager(self): """ Given i'm a user that has the Manager role When i try to update any context I succeed """ from max.tests.mockers import create_context self.create_user(test_manager) res = self.create_context(create_context) chash = res.json['hash'] self.testapp.put('/contexts/%s' % chash, json.dumps({"twitterHashtag": "testhashtag"}), oauth2Header(test_manager), status=200) def test_modify_context_as_manager_non_owner(self): """ Given i'm a user that has the Manager role And i'm not the owner of the context When i try to update any context I succeed """ from max.tests.mockers import create_context self.create_user(test_manager) self.create_user(test_manager2) res = self.create_context(create_context) chash = res.json['hash'] self.testapp.put('/contexts/%s' % chash, json.dumps({"twitterHashtag": "testhashtag"}), oauth2Header(test_manager2), status=200) def test_modify_context_as_owner(self): """ Given i'm a user that don't jave the Manager role And is the owner of the context When i try to update the context I succeed """ from max.tests.mockers import create_context username = '******' self.create_user(test_manager) self.create_user(username) res = self.create_context(create_context, owner=username) chash = res.json['hash'] self.testapp.put('/contexts/%s' % chash, json.dumps({"twitterHashtag": "testhashtag"}), oauth2Header(username), status=200) def test_modify_context_as_non_owner_non_manager(self): """ Given i'm a user that don't jave the Manager role And is the owner of the context When i try to update the context I succeed """ from max.tests.mockers import create_context username = '******' self.create_user(test_manager) self.create_user(username) res = self.create_context(create_context) chash = res.json['hash'] self.testapp.put('/contexts/%s' % chash, json.dumps({"twitterHashtag": "testhashtag"}), oauth2Header(username), status=403) # Delete context tests def test_delete_context_as_manager(self): """ Given a user that has the Manager role When i try to remove a context I succeed """ from max.tests.mockers import create_context self.create_user(test_manager) res = self.create_context(create_context) chash = res.json['hash'] self.testapp.delete('/contexts/%s' % (chash,), "", oauth2Header(test_manager), status=204) def test_delete_context_as_manager_non_owner(self): """ Given a user that has the Manager role And is not the owner of the context When i try to remove a context I succeed """ from max.tests.mockers import create_context self.create_user(test_manager) self.create_user(test_manager2) res = self.create_context(create_context) chash = res.json['hash'] self.testapp.delete('/contexts/%s' % (chash,), "", oauth2Header(test_manager2), status=204) def test_delete_context_as_owner(self): """ Given a user that has doesn't have the Manager role And is the owner of the context When i try to remove a context I succeed """ from max.tests.mockers import create_context username = '******' self.create_user(test_manager) self.create_user(username) res = self.create_context(create_context, owner=username) chash = res.json['hash'] self.testapp.delete('/contexts/%s' % (chash,), "", oauth2Header(username), status=204) def test_delete_context_as_non_manager_neither_owner(self): """ Given a user that has doesn't have the Manager role And is not the owner of the context When i try to remove a context I get a Forbidden """ from max.tests.mockers import create_context username = '******' self.create_user(test_manager) self.create_user(username) res = self.create_context(create_context) chash = res.json['hash'] self.testapp.delete('/contexts/%s' % (chash,), "", oauth2Header(username), status=403) # Test context authors def test_get_context_authors_as_manager(self): """ Given a user that is Manager When i try to list context activity authors I succeed """ from max.tests.mockers import create_context self.create_user(test_manager) res = self.create_context(create_context) chash = res.json['hash'] self.testapp.get('/contexts/%s/activities/authors' % (chash,), "", oauth2Header(test_manager), status=200) def test_get_context_authors_as_non_manager(self): """ Given a user that is not Manager When i try to list context activity authors I get a Forbidden """ from max.tests.mockers import create_context username = '******' self.create_user(test_manager) self.create_user(username) res = self.create_context(create_context, permissions={'read': 'subscribed'}) chash = res.json['hash'] self.testapp.get('/contexts/%s/activities/authors' % (chash,), "", oauth2Header(username), status=403) def test_get_context_authors_as_non_manager_public_context(self): """ Given a user that is not Manager When i try to list context activity authors I get a Forbidden """ from max.tests.mockers import create_context username = '******' self.create_user(test_manager) self.create_user(username) res = self.create_context(create_context, permissions={'read': 'public'}) chash = res.json['hash'] self.testapp.get('/contexts/%s/activities/authors' % (chash,), "", oauth2Header(username), status=200) def test_get_count_context_authors_as_non_manager(self): """ Given a user that is not Manager When i try to list the count of context activity authors I succeed """ from max.tests.mockers import create_context, subscribe_context username = '******' self.create_user(test_manager) self.create_user(username) res = self.create_context(create_context) self.admin_subscribe_user_to_context(username, subscribe_context) chash = res.json['hash'] self.testapp.head('/contexts/%s/activities/authors' % (chash,), oauth2Header(username), status=200)
class FunctionalTests(unittest.TestCase, MaxTestBase): def setUp(self): conf_dir = os.path.dirname(__file__) self.app = loadapp('config:tests.ini', relative_to=conf_dir) self.reset_database(self.app) self.app.registry.max_store.security.insert(test_default_security_single) self.patched_post = patch('requests.post', new=partial(mock_post, self)) self.patched_post.start() self.testapp = MaxTestApp(self) self.create_user(test_manager) def test_get_security(self): res = self.testapp.get('/admin/security', "", oauth2Header(test_manager), status=200) result = json.loads(res.text) self.assertEqual(result.get('roles', None).get('Manager')[0], 'test_manager') def test_security_add_user_to_role(self): username = '******' self.create_user(username) res = self.testapp.post('/admin/security/roles/%s/users/%s' % ('Manager', username), "", oauth2Header(test_manager), status=201) self.assertItemsEqual(['messi', 'test_manager'], res.json) def test_security_add_user_to_non_allowed_role(self): username = '******' self.create_user(username) self.testapp.post('/admin/security/roles/%s/users/%s' % ('WrongRole', username), "", oauth2Header(test_manager), status=400) def test_security_remove_user_from_non_allowed_role(self): username = '******' self.create_user(username) self.testapp.delete('/admin/security/roles/%s/users/%s' % ('WrongRole', username), "", oauth2Header(test_manager), status=400) def test_security_add_user_to_role_already_has_role(self): res = self.testapp.post('/admin/security/roles/%s/users/%s' % ('Manager', 'test_manager'), "", oauth2Header(test_manager), status=200) self.assertListEqual(['test_manager'], res.json) def test_security_remove_user_from_role(self): username = '******' self.create_user(username) self.testapp.post('/admin/security/roles/%s/users/%s' % ('Manager', username), "", oauth2Header(test_manager), status=201) self.testapp.delete('/admin/security/roles/%s/users/%s' % ('Manager', username), "", oauth2Header(test_manager), status=204) def test_security_remove_user_from_role_user_not_in_role(self): username = '******' self.create_user(username) self.testapp.delete('/admin/security/roles/%s/users/%s' % ('Manager', username), "", oauth2Header(test_manager), status=404) def test_security_add_user_to_role_check_security_reloaded(self): test_manager2 = 'messi' self.create_user(test_manager2) self.testapp.get('/activities', "", oauth2Header(test_manager2), status=403) self.testapp.post('/admin/security/roles/%s/users/%s' % ('Manager', test_manager2), "", oauth2Header(test_manager), status=201) self.testapp.get('/activities', "", oauth2Header(test_manager2), status=200) def test_security_remove_user_from_role_check_security_reloaded(self): test_manager2 = 'messi' self.create_user(test_manager2) self.testapp.post('/admin/security/roles/%s/users/%s' % ('Manager', test_manager2), "", oauth2Header(test_manager), status=201) self.testapp.get('/activities', "", oauth2Header(test_manager2), status=200) self.testapp.delete('/admin/security/roles/%s/users/%s' % ('Manager', test_manager2), "", oauth2Header(test_manager), status=204) self.testapp.get('/activities', "", oauth2Header(test_manager2), status=403)
class FunctionalTests(unittest.TestCase, MaxTestBase): def setUp(self): conf_dir = os.path.dirname(__file__) self.app = loadapp('config:tests.ini', relative_to=conf_dir) self.reset_database(self.app) self.app.registry.max_store.security.insert(test_default_security) self.patched_post = patch('requests.post', new=partial(mock_post, self)) self.patched_post.start() self.testapp = MaxTestApp(self) self.create_user(test_manager) # BEGIN TESTS def test_create_context(self): """ doctests .. http:post:: /contexts""" from .mockers import create_context new_context = dict(create_context) self.testapp.post('/contexts', json.dumps(new_context), oauth2Header(test_manager), status=201) def test_create_context_creator_is_admin(self): """ Given a admin user When I create a context Then the creator of the context is the admin user """ from .mockers import create_context res = self.testapp.post('/contexts', json.dumps(create_context), oauth2Header(test_manager), status=201) self.assertEqual(res.json['creator'], test_manager) def test_create_context_default_fields(self): """ Given an admin user When I create a context Then non-required fields with defaults are set """ from .mockers import create_context res = self.testapp.post('/contexts', json.dumps(create_context), oauth2Header(test_manager), status=201) self.assertIn('permissions', res.json) self.assertIn('tags', res.json) self.assertIn('objectType', res.json) self.assertEqual(res.json['objectType'], 'context') def test_post_activity_with_public_context(self): """ Post an activity to a context which allows everyone to read and write """ from .mockers import subscribe_context, create_context from .mockers import user_status_context username = '******' self.create_user(username) self.create_context(create_context) self.admin_subscribe_user_to_context(username, subscribe_context) res = self.create_activity(username, user_status_context) result = json.loads(res.text) self.assertEqual(result.get('actor', None).get('username', None), 'messi') self.assertEqual(result.get('object', None).get('objectType', None), 'note') self.assertEqual(result.get('contexts', None)[0]['url'], subscribe_context['object']['url']) def test_post_activity_with_private_read_write_context(self): """ Post an activity to a context which needs the user to be subscribed to read and write and we have previously subscribed the user. """ from .mockers import subscribe_context, create_context from .mockers import user_status_context from hashlib import sha1 username = '******' self.create_user(username) url_hash = sha1(create_context['url']).hexdigest() context_permissions = dict(read='subscribed', write='subscribed', subscribe='restricted', invite='restricted') self.create_context(create_context, permissions=context_permissions) self.admin_subscribe_user_to_context(username, subscribe_context) res = self.create_activity(username, user_status_context) result = json.loads(res.text) self.assertEqual(result.get('actor', None).get('username', None), 'messi') self.assertEqual(result.get('object', None).get('objectType', None), 'note') self.assertEqual(result.get('contexts', None)[0]['url'], subscribe_context['object']['url']) return url_hash, username, user_status_context def test_post_activity_with_private_read_context(self): """ Try to post an activity to a context which needs the user to be subscribed to read but needs to explicitly give write permission on the user to post and we have previously subscribed the user but not given write permission. """ from .mockers import subscribe_context, create_context from .mockers import user_status_context username = '******' self.create_user(username) context_permissions = dict(read='subscribed', write='restricted', subscribe='restricted', invite='restricted') self.create_context(create_context, permissions=context_permissions) self.admin_subscribe_user_to_context(username, subscribe_context) self.create_activity(username, user_status_context, expect=403) def test_add_public_context(self): from hashlib import sha1 from .mockers import create_context res = self.testapp.post('/contexts', json.dumps(create_context), oauth2Header(test_manager), status=201) result = json.loads(res.text) url_hash = sha1(create_context['url']).hexdigest() self.assertEqual(result.get('hash', None), url_hash) def test_add_invalid_context(self): from .mockers import create_invalid_context self.create_context(create_invalid_context, expect=400) def test_add_uri_context_without_displayName(self): """ Add a Uri context without a displayName and check that the default displayName is set with the url from the uri object """ from .mockers import create_context_without_displayname res = self.create_context(create_context_without_displayname, expect=201) result = json.loads(res.text) self.assertEqual(result.get('displayName', None), create_context_without_displayname['url']) def test_add_public_context_with_all_params(self): from hashlib import sha1 from .mockers import create_context_full res = self.testapp.post('/contexts', json.dumps(create_context_full), oauth2Header(test_manager), status=201) result = json.loads(res.text) url_hash = sha1(create_context_full['url']).hexdigest() self.assertEqual(result.get('hash', None), url_hash) self.assertEqual(result.get('displayName', None), create_context_full['displayName']) self.assertEqual(result.get('twitterHashtag', None), create_context_full['twitterHashtag']) self.assertEqual(result.get('twitterUsername', None), create_context_full['twitterUsername']) def test_context_exists(self): """ doctest .. http:get:: /contexts/{hash} """ from hashlib import sha1 from .mockers import create_context url_hash = sha1(create_context['url']).hexdigest() self.create_context(create_context) res = self.testapp.get('/contexts/%s' % url_hash, "", oauth2Header(test_manager), status=200) result = json.loads(res.text) self.assertEqual(result.get('hash', None), url_hash) def test_context_informs_all_permissions(self): """ doctest .. http:get:: /contexts/{hash} """ from hashlib import sha1 from .mockers import create_context from max import DEFAULT_CONTEXT_PERMISSIONS url_hash = sha1(create_context['url']).hexdigest() self.create_context(create_context) res = self.testapp.get('/contexts/%s' % url_hash, "", oauth2Header(test_manager), status=200) result = json.loads(res.text) self.assertEqual(result.get('hash', None), url_hash) self.assertItemsEqual(result['permissions'].keys(), DEFAULT_CONTEXT_PERMISSIONS.keys()) def test_create_context_that_already_exists(self): """ doctest .. http:get:: /contexts/{hash} """ from hashlib import sha1 from .mockers import create_context url_hash = sha1(create_context['url']).hexdigest() self.testapp.post('/contexts', json.dumps(create_context), oauth2Header(test_manager), status=201) res = self.testapp.post('/contexts', json.dumps(create_context), oauth2Header(test_manager), status=200) self.assertEqual(res.json.get('hash', None), url_hash) def test_modify_context(self): """ doctest .. http:put:: /contexts/{hash} """ from hashlib import sha1 from .mockers import create_context self.create_context(create_context) url_hash = sha1(create_context['url']).hexdigest() res = self.testapp.put('/contexts/%s' % url_hash, json.dumps({"twitterHashtag": "assignatura1"}), oauth2Header(test_manager), status=200) result = json.loads(res.text) self.assertEqual(result.get('hash', None), url_hash) self.assertEqual(result.get('twitterHashtag', None), 'assignatura1') def test_modify_context_with_owner(self): """ doctest .. http:put:: /contexts/{hash} """ from hashlib import sha1 from .mockers import create_context mindundi = 'messi' self.create_user(mindundi) self.create_context(create_context, owner=mindundi) url_hash = sha1(create_context['url']).hexdigest() res = self.testapp.put('/contexts/%s' % url_hash, json.dumps({"twitterHashtag": "assignatura1"}), oauth2Header(mindundi), status=200) result = json.loads(res.text) self.assertEqual(result.get('hash', None), url_hash) self.assertEqual(result.get('twitterHashtag', None), 'assignatura1') def test_modify_context_forbidden(self): """ doctest .. http:put:: /contexts/{hash} """ from hashlib import sha1 from .mockers import create_context mindundi = 'messi' self.create_user(mindundi) self.create_context(create_context) url_hash = sha1(create_context['url']).hexdigest() self.testapp.put('/contexts/%s' % url_hash, json.dumps({"twitterHashtag": "assignatura1"}), oauth2Header(mindundi), status=403) def test_modify_inexistent_context(self): """ doctest .. http:put:: /contexts/{hash} """ url_hash = '0000000000000' self.testapp.put('/contexts/%s' % url_hash, json.dumps({"twitterHashtag": "assignatura1"}), oauth2Header(test_manager), status=404) @httpretty.activate @patch('tweepy.API', MockTweepyAPI) def test_modify_context_with_twitter_username(self): from hashlib import sha1 from .mockers import create_context self.create_context(create_context) url_hash = sha1(create_context['url']).hexdigest() res = self.testapp.put('/contexts/%s' % url_hash, json.dumps({"twitterHashtag": "assignatura1", "twitterUsername": "******"}), oauth2Header(test_manager), status=200) result = json.loads(res.text) self.assertEqual(result.get('hash', None), url_hash) self.assertEqual(result.get('twitterHashtag', None), 'assignatura1') self.assertEqual(result.get('twitterUsername', None), 'maxupcnet') self.assertEqual(result.get('twitterUsernameId', None), '526326641') def test_get_context_tags(self): from hashlib import sha1 from .mockers import create_context self.create_context(create_context) url_hash = sha1(create_context['url']).hexdigest() res = self.testapp.get('/contexts/%s/tags' % url_hash, "", oauth2Header(test_manager), status=200) self.assertEqual(res.json, ['Assignatura']) def test_update_context_tags_updates_existing_tags(self): from hashlib import sha1 from .mockers import create_context self.create_context(create_context) url_hash = sha1(create_context['url']).hexdigest() res = self.testapp.put('/contexts/%s/tags' % url_hash, json.dumps(['prova']), oauth2Header(test_manager), status=200) self.assertEqual(res.json, ['Assignatura', 'prova']) def test_update_context_tags_updates_existing_activites_tags(self): from hashlib import sha1 from .mockers import create_context, subscribe_context, user_status_context username = '******' self.create_user(username) self.create_context(create_context) url_hash = sha1(create_context['url']).hexdigest() self.admin_subscribe_user_to_context(username, subscribe_context) self.create_activity(username, user_status_context) self.testapp.put('/contexts/%s/tags' % url_hash, json.dumps(['prova']), oauth2Header(test_manager), status=200) res = self.testapp.get('/contexts/%s/activities' % url_hash, "", oauth2Header(username), status=200) self.assertEqual(res.json[0]['contexts'][0]['tags'], ['Assignatura', 'prova']) def test_update_context_tags_updates_existing_subscription_tags(self): from hashlib import sha1 from .mockers import create_context, subscribe_context, user_status_context username = '******' self.create_user(username) self.create_context(create_context) url_hash = sha1(create_context['url']).hexdigest() self.admin_subscribe_user_to_context(username, subscribe_context) self.create_activity(username, user_status_context) self.testapp.put('/contexts/%s/tags' % url_hash, json.dumps(['prova']), oauth2Header(test_manager), status=200) res = self.testapp.get('/people/%s' % username, "", oauth2Header(username), status=200) self.assertEqual(res.json['subscribedTo'][0]['tags'], ['Assignatura', 'prova']) def test_clear_context_tags(self): from hashlib import sha1 from .mockers import create_context self.create_context(create_context) url_hash = sha1(create_context['url']).hexdigest() res = self.testapp.delete('/contexts/%s/tags' % url_hash, "", oauth2Header(test_manager), status=200) self.assertEqual(res.json, []) def test_remove_context_tag(self): from hashlib import sha1 from .mockers import create_context self.create_context(create_context) url_hash = sha1(create_context['url']).hexdigest() self.testapp.put('/contexts/%s/tags' % url_hash, json.dumps(['prova']), oauth2Header(test_manager), status=200) self.testapp.delete('/contexts/%s/tags/%s' % (url_hash, 'Assignatura'), "", oauth2Header(test_manager), status=204) def test_modify_context_displayName_updates_subscription(self): from hashlib import sha1 from .mockers import create_context, subscribe_context username = '******' self.create_user(username) self.create_context(create_context, permissions=dict(read='subscribed', write='restricted', subscribe='restricted', invite='restricted')) self.admin_subscribe_user_to_context(username, subscribe_context, expect=201) url_hash = sha1(create_context['url']).hexdigest() res = self.testapp.put('/contexts/%s' % url_hash, json.dumps({"displayName": "New Name"}), oauth2Header(test_manager), status=200) res = self.testapp.get('/people/%s/subscriptions' % username, '', oauth2Header(username), status=200) self.assertEqual(res.json[0]['displayName'], 'New Name') def test_modify_context_unsetting_property(self): from hashlib import sha1 from .mockers import create_context self.create_context(create_context) url_hash = sha1(create_context['url']).hexdigest() self.modify_context(create_context['url'], {"twitterHashtag": "assignatura1", "twitterUsername": "******"}) res = self.testapp.put('/contexts/%s' % url_hash, json.dumps({"twitterHashtag": "", "twitterUsername": ""}), oauth2Header(test_manager), status=200) result = json.loads(res.text) self.assertEqual(result.get('hash', None), url_hash) self.assertEqual(result.get('twitterHashtag', None), None) self.assertEqual(result.get('twitterUsername', None), None) self.assertEqual(result.get('twitterUsernameId', None), None) def test_delete_context(self): """ doctest .. http:delete:: /contexts/{hash} """ from hashlib import sha1 from .mockers import create_context url_hash = sha1(create_context['url']).hexdigest() self.create_context(create_context) self.testapp.delete('/contexts/%s' % url_hash, "", oauth2Header(test_manager), status=204) def test_deleted_context_is_really_deleted(self): from hashlib import sha1 from .mockers import create_context url_hash = sha1(create_context['url']).hexdigest() self.create_context(create_context) self.testapp.delete('/contexts/%s' % url_hash, "", oauth2Header(test_manager), status=204) res = self.testapp.get('/contexts/%s' % url_hash, "", oauth2Header(test_manager), status=404) result = json.loads(res.text) self.assertEqual(result.get('error', None), 'ObjectNotFound') def test_delete_inexistent_context(self): """ doctest .. http:delete:: /contexts/{hash} """ url_hash = '00000000000000' self.testapp.delete('/contexts/%s' % url_hash, "", oauth2Header(test_manager), status=404) def test_delete_only_deleted_specified_context(self): from hashlib import sha1 from .mockers import create_context, create_contextA self.create_context(create_context) self.create_context(create_contextA) url_hash = sha1(create_context['url']).hexdigest() url_hashA = sha1(create_contextA['url']).hexdigest() self.testapp.delete('/contexts/%s' % url_hash, "", oauth2Header(test_manager), status=204) res = self.testapp.get('/contexts/%s' % url_hashA, "", oauth2Header(test_manager), status=200) result = json.loads(res.text) self.assertEqual(result.get('hash', None), url_hashA) def test_delete_context_removes_subscription_from_user(self): """ """ from hashlib import sha1 from .mockers import subscribe_context, subscribe_contextA from .mockers import create_context, create_contextA from .mockers import user_status_context, user_status_contextA username = '******' self.create_user(username) self.create_context(create_context) self.create_context(create_contextA) self.admin_subscribe_user_to_context(username, subscribe_context) self.admin_subscribe_user_to_context(username, subscribe_contextA) self.create_activity(username, user_status_context) self.create_activity(username, user_status_contextA) url_hash = sha1(create_context['url']).hexdigest() self.testapp.delete('/contexts/%s' % url_hash, "", oauth2Header(test_manager), status=204) res = self.testapp.get('/people/%s' % username, "", oauth2Header(username)) result = json.loads(res.text) self.assertEqual(result.get('username', None), 'messi') self.assertEqual(len(result.get('subscribedTo', [])), 1) self.assertEqual(result.get('subscribedTo', [])[0]['url'], subscribe_contextA['object']['url']) def test_user_cannot_see_activity_from_deleted_context(self): """ """ from hashlib import sha1 from .mockers import subscribe_context from .mockers import create_context from .mockers import user_status_context from .mockers import context_query username = '******' self.create_user(username) self.create_context(create_context) self.admin_subscribe_user_to_context(username, subscribe_context) self.create_activity(username, user_status_context) url_hash = sha1(create_context['url']).hexdigest() self.testapp.delete('/contexts/%s' % url_hash, "", oauth2Header(test_manager), status=204) self.testapp.get('/contexts/%s/activities' % (context_query['context']), '', oauth2Header(username), status=404) def test_user_cannot_see_own_activity_from_deleted_context_in_timeline(self): """ """ from hashlib import sha1 from .mockers import subscribe_context from .mockers import create_context from .mockers import user_status_context username = '******' self.create_user(username) self.create_context(create_context) self.admin_subscribe_user_to_context(username, subscribe_context) self.create_activity(username, user_status_context) url_hash = sha1(create_context['url']).hexdigest() self.testapp.delete('/contexts/%s' % url_hash, "", oauth2Header(test_manager), status=204) res = self.testapp.get('/people/%s/timeline' % username, {}, oauth2Header(username), status=200) result = json.loads(res.text) self.assertEqual(len(result), 0) def test_add_private_rw_context(self): from hashlib import sha1 from .mockers import create_context_private_rw res = self.testapp.post('/contexts', json.dumps(create_context_private_rw), oauth2Header(test_manager), status=201) result = json.loads(res.text) url_hash = sha1(create_context_private_rw['url']).hexdigest() self.assertEqual(result.get('hash', None), url_hash) self.assertEqual(result.get('permissions', None), create_context_private_rw['permissions']) def test_add_private_r_context(self): from hashlib import sha1 from .mockers import create_context_private_r res = self.testapp.post('/contexts', json.dumps(create_context_private_r), oauth2Header(test_manager), status=201) result = json.loads(res.text) url_hash = sha1(create_context_private_r['url']).hexdigest() self.assertEqual(result.get('hash', None), url_hash) self.assertEqual(result.get('permissions', None), create_context_private_r['permissions']) def test_check_permissions_on_subscribed_rw_context(self): from .mockers import create_context_private_rw, subscribe_context username = '******' self.create_user(username) self.create_context(create_context_private_rw) self.admin_subscribe_user_to_context(username, subscribe_context) res = self.testapp.get('/people/%s' % username, "", oauth2Header(username)) result = json.loads(res.text) self.assertEqual(len(result.get('subscribedTo', [])), 1) self.assertEqual(result.get('subscribedTo', {})[0]['url'], subscribe_context['object']['url']) self.assertEqual('read' in result.get('subscribedTo', {})[0]['permissions'], True) self.assertEqual('write' in result.get('subscribedTo', {})[0]['permissions'], True) def test_check_permissions_on_subscribed_write_restricted_context(self): from .mockers import create_context_private_r, subscribe_context username = '******' self.create_user(username) self.create_context(create_context_private_r) self.admin_subscribe_user_to_context(username, subscribe_context) res = self.testapp.get('/people/%s' % username, "", oauth2Header(username)) result = json.loads(res.text) self.assertEqual(len(result.get('subscribedTo', [])), 1) self.assertEqual(result.get('subscribedTo', {})[0]['url'], subscribe_context['object']['url']) self.assertEqual('read' in result.get('subscribedTo', {})[0]['permissions'], True) self.assertEqual('write' not in result.get('subscribedTo', {})[0]['permissions'], True) def test_post_on_subscribed_write_restricted_context_without_write_permission(self): from .mockers import create_context_private_r, subscribe_context, user_status_context username = '******' self.create_user(username) self.create_context(create_context_private_r) self.admin_subscribe_user_to_context(username, subscribe_context) res = self.create_activity(username, user_status_context, expect=403) def test_post_on_subscribed_rw_context(self): from .mockers import create_context_private_rw, subscribe_context, user_status_context username = '******' self.create_user(username) self.create_context(create_context_private_rw) self.admin_subscribe_user_to_context(username, subscribe_context) res = self.create_activity(username, user_status_context) result = json.loads(res.text) self.assertEqual(result.get('actor', None).get('username', None), 'messi') self.assertEqual(result.get('object', None).get('objectType', None), 'note') self.assertEqual(result.get('contexts', None)[0]['url'], user_status_context['contexts'][0]['url']) def test_grant_write_permission_on_write_restricted_context(self): """ doctest .. http:put:: /contexts/{hash}/permissions/{username}/{permission} """ from .mockers import create_context_private_r, subscribe_context from hashlib import sha1 username = '******' self.create_user(username) self.create_context(create_context_private_r) self.admin_subscribe_user_to_context(username, subscribe_context) chash = sha1(create_context_private_r['url']).hexdigest() permission = 'write' res = self.testapp.put('/contexts/%s/permissions/%s/%s' % (chash, username, permission), "", oauth2Header(test_manager), status=201) result = json.loads(res.text) self.assertEqual('read' in result['permissions'], True) self.assertEqual('write' in result['permissions'], True) def test_revoke_write_permission_on_write_restricted_context(self): """ doctest .. http:delete:: /contexts/{hash}/permissions/{username}/{permission} """ from .mockers import create_context_private_r, subscribe_context from hashlib import sha1 username = '******' self.create_user(username) self.create_context(create_context_private_r) self.admin_subscribe_user_to_context(username, subscribe_context) chash = sha1(create_context_private_r['url']).hexdigest() permission = 'write' res = self.testapp.put('/contexts/%s/permissions/%s/%s' % (chash, username, permission), "", oauth2Header(test_manager), status=201) res = self.testapp.delete('/contexts/%s/permissions/%s/%s' % (chash, username, permission), "", oauth2Header(test_manager), status=201) result = json.loads(res.text) self.assertEqual('read' in result['permissions'], True) self.assertEqual('write' not in result['permissions'], True) def test_grant_write_permission_on_non_subscribed_context(self): from .mockers import create_context_private_r from hashlib import sha1 username = '******' self.create_user(username) self.create_context(create_context_private_r) chash = sha1(create_context_private_r['url']).hexdigest() permission = 'write' self.testapp.put('/contexts/%s/permissions/%s/%s' % (chash, username, permission), "", oauth2Header(test_manager), status=404) def test_grant_invalid_permission_on_subscribed_context(self): from .mockers import create_context_private_r, subscribe_context from hashlib import sha1 username = '******' self.create_user(username) self.create_context(create_context_private_r) self.admin_subscribe_user_to_context(username, subscribe_context) chash = sha1(create_context_private_r['url']).hexdigest() permission = 'badpermission' res = self.testapp.put('/contexts/%s/permissions/%s/%s' % (chash, username, permission), "", oauth2Header(test_manager), status=400) result = json.loads(res.text) self.assertEqual(result.get('error', None), 'InvalidPermission') def test_reset_user_subscription_to_default_permissions(self): from .mockers import create_context_private_r, subscribe_context from hashlib import sha1 username = '******' self.create_user(username) self.create_context(create_context_private_r) self.admin_subscribe_user_to_context(username, subscribe_context) chash = sha1(create_context_private_r['url']).hexdigest() permission = 'write' self.testapp.put('/contexts/%s/permissions/%s/%s' % (chash, username, permission), "", oauth2Header(test_manager), status=201) res = self.testapp.post('/contexts/%s/permissions/%s/defaults' % (chash, username), "", oauth2Header(test_manager), status=200) result = json.loads(res.text) self.assertEqual('read' in result['permissions'], True) self.assertEqual('write' in result['permissions'], False) def test_get_context_subscriptions(self): from .mockers import create_contextA, subscribe_contextA from .mockers import create_context_private_r, subscribe_context from hashlib import sha1 username = '******' self.create_user(username) self.create_context(create_contextA) self.create_context(create_context_private_r) self.admin_subscribe_user_to_context(username, subscribe_context) self.admin_subscribe_user_to_context(username, subscribe_contextA) chash = sha1(create_context_private_r['url']).hexdigest() res = self.testapp.get('/contexts/%s/subscriptions' % (chash), "", oauth2Header(test_manager), status=200) result = json.loads(res.text) self.assertEqual(result[0].get('username', ''), 'messi') self.assertEqual(result[0].get('hash', ''), chash) def test_create_context_with_upload_url(self): """ """ from .mockers import create_context_with_uploadurl new_context = dict(create_context_with_uploadurl) res = self.testapp.post('/contexts', json.dumps(new_context), oauth2Header(test_manager), status=201) self.assertTrue(res.json.get('uploadURL'))
class FunctionalTests(unittest.TestCase, MaxTestBase): def setUp(self): conf_dir = os.path.dirname(__file__) self.app = loadapp('config:tests.ini', relative_to=conf_dir) self.reset_database(self.app) self.app.registry.max_store.security.insert(test_default_security) self.patched_post = patch('requests.post', new=partial(mock_post, self)) self.patched_post.start() self.testapp = MaxTestApp(self) self.create_user(test_manager) def test_maintenance_keywords(self): from .mockers import user_status username = '******' self.create_user(username, displayName='Lionel messi') self.create_activity(username, user_status) # Hard modify keywords directly on mongodb to simulate bad keywords activities = self.exec_mongo_query('activity', 'find', {}) activity = activities[0] del activity['_keywords'] activity['object']['_keywords'] = [] self.exec_mongo_query('activity', 'update', {'_id': activities[0]['_id']}, activity) self.testapp.post('/admin/maintenance/keywords', "", oauth2Header(test_manager), status=200) res = self.testapp.get('/activities/%s' % activity['_id'], "", oauth2Header(username), status=200) expected_keywords = [u'canvi', u'creaci\xf3', u'estatus', u'lionel', u'messi', u'testejant'] response_keywords = res.json['keywords'] response_keywords.sort() self.assertListEqual(expected_keywords, response_keywords) def test_maintenance_dates(self): from .mockers import user_status, user_comment username = '******' self.create_user(username, displayName='Lionel messi') res = self.create_activity(username, user_status) self.testapp.post('/activities/%s/comments' % str(res.json['id']), json.dumps(user_comment), oauth2Header(username), status=201) res = self.testapp.post('/activities/%s/comments' % str(res.json['id']), json.dumps(user_comment), oauth2Header(username), status=201) # Hard modify keywords directly on mongodb to simulate bad keywords activities = self.exec_mongo_query('activity', 'find', {'verb': 'post'}) activity = activities[0] # simulate ancient commented field with wrong date activity['commented'] = activity['published'] del activity['lastComment'] self.exec_mongo_query('activity', 'update', {'_id': activities[0]['_id']}, activity) self.testapp.post('/admin/maintenance/dates', "", oauth2Header(test_manager), status=200) res = self.testapp.get('/activities/%s' % activity['_id'], "", oauth2Header(username), status=200) self.assertEqual(res.json['lastComment'], res.json['replies'][-1]['id']) def test_maintenance_subscriptions(self): from .mockers import create_context from .mockers import subscribe_context, user_status_context from hashlib import sha1 username = '******' self.create_user(username) self.create_context(create_context, permissions=dict(read='subscribed', write='subscribed', subscribe='restricted', invite='restricted')) chash = sha1(create_context['url']).hexdigest() self.admin_subscribe_user_to_context(username, subscribe_context) self.create_activity(username, user_status_context) # Hard modify context directly on mongo to simulate changed permissions, displayName and tags contexts = self.exec_mongo_query('contexts', 'find', {'hash': chash}) context = contexts[0] context['permissions']['write'] = 'restricted' context['displayName'] = 'Changed Name' context['tags'].append('new tag') self.exec_mongo_query('contexts', 'update', {'_id': context['_id']}, context) self.testapp.post('/admin/maintenance/subscriptions', "", oauth2Header(test_manager), status=200) # Check user subscription is updated res = self.testapp.get('/people/{}'.format(username), "", oauth2Header(username), status=200) self.assertEqual(res.json['subscribedTo'][0]['displayName'], 'Changed Name') self.assertListEqual(res.json['subscribedTo'][0]['tags'], ['Assignatura', 'new tag']) self.assertListEqual(res.json['subscribedTo'][0]['permissions'], ['read']) # Check user activity is updated res = self.testapp.get('/people/{}/timeline'.format(username), "", oauth2Header(username), status=200) self.assertEqual(res.json[0]['contexts'][0]['displayName'], 'Changed Name') self.assertListEqual(res.json[0]['contexts'][0]['tags'], ['Assignatura', 'new tag']) def test_maintenance_conversations(self): from .mockers import group_message as message sender = 'messi' recipient = 'xavi' recipient2 = 'shakira' self.create_user(sender) self.create_user(recipient) self.create_user(recipient2) res = self.testapp.post('/conversations', json.dumps(message), oauth2Header(sender), status=201) # Hard modify group conversation directly on mongo to simulate changed permissions, displayName and tags conversations = self.exec_mongo_query('conversations', 'find', {}) conversation = conversations[0] conversation['permissions']['write'] = 'restricted' conversation['displayName'] = 'Changed Name' conversation['tags'] = [] conversation['participants'] = ['messi', 'xavi', 'shakira'] # Simulate ol'times structure self.exec_mongo_query('conversations', 'update', {'_id': conversation['_id']}, conversation) # Hard Put a displayName on a user users = self.exec_mongo_query('users', 'find', {'username': '******'}) user = users[0] user['displayName'] = 'Lionel Messi' self.exec_mongo_query('users', 'update', {'_id': user['_id']}, user) self.testapp.post('/admin/maintenance/conversations', "", oauth2Header(test_manager), status=200) # Check user subscription is updated res = self.testapp.get('/people/{}'.format(sender), "", oauth2Header(sender), status=200) self.assertEqual(res.json['talkingIn'][0]['displayName'], 'Changed Name') self.assertEqual(res.json['talkingIn'][0]['participants'][0]['username'], 'messi') self.assertEqual(res.json['talkingIn'][0]['participants'][1]['username'], 'xavi') self.assertEqual(res.json['talkingIn'][0]['participants'][2]['username'], 'shakira') self.assertListEqual(res.json['talkingIn'][0]['permissions'], ['read', 'unsubscribe']) self.assertListEqual(res.json['talkingIn'][0]['tags'], ['group']) conversation_id = res.json['talkingIn'][0]['id'] # Check context participants are updated res = self.testapp.get('/conversations/{}'.format(conversation_id), "", oauth2Header(sender), status=200) self.assertEqual(res.json['participants'][0]['displayName'], 'Lionel Messi') # Check user activity is updated res = self.testapp.get('/conversations/{}/messages'.format(conversation_id), "", oauth2Header(sender), status=200) self.assertEqual(res.json[0]['contexts'][0]['displayName'], 'Changed Name') def test_maintenance_conversations_group_one_participant(self): from .mockers import group_message as message sender = 'messi' recipient = 'xavi' recipient2 = 'shakira' self.create_user(sender) self.create_user(recipient) self.create_user(recipient2) res = self.testapp.post('/conversations', json.dumps(message), oauth2Header(sender), status=201) conversation_id = str(res.json['contexts'][0]['id']) self.testapp.delete('/people/{}/conversations/{}'.format(recipient, conversation_id), '', oauth2Header(recipient), status=204) self.testapp.delete('/people/{}/conversations/{}'.format(recipient2, conversation_id), '', oauth2Header(recipient2), status=204) self.testapp.post('/admin/maintenance/conversations', "", oauth2Header(test_manager), status=200) res = self.testapp.get('/conversations/{}'.format(conversation_id), '', oauth2Header(sender), status=200) self.assertEqual(len(res.json['participants']), 1) self.assertIn('archive', res.json['tags']) def test_maintenance_two_people_conversations(self): from .mockers import message as creation_message sender = 'messi' recipient = 'xavi' self.create_user(sender) self.create_user(recipient) res = self.testapp.post('/conversations', json.dumps(creation_message), oauth2Header(sender), status=201) conversation_id = str(res.json['contexts'][0]['id']) self.testapp.post('/admin/maintenance/conversations', "", oauth2Header(test_manager), status=200) res = self.testapp.get('/conversations/{}'.format(conversation_id), '', oauth2Header(sender), status=200) self.assertEqual(len(res.json['participants']), 2) self.assertNotIn('single', res.json['tags']) def test_maintenance_two_people_conversations_one_leave_conversation(self): from .mockers import message as creation_message sender = 'messi' recipient = 'xavi' self.create_user(sender) self.create_user(recipient) res = self.testapp.post('/conversations', json.dumps(creation_message), oauth2Header(sender), status=201) conversation_id = str(res.json['contexts'][0]['id']) self.testapp.delete('/people/{}/conversations/{}'.format(recipient, conversation_id), '', oauth2Header(recipient), status=204) self.testapp.post('/admin/maintenance/conversations', "", oauth2Header(test_manager), status=200) res = self.testapp.get('/conversations/{}'.format(conversation_id), '', oauth2Header(sender), status=200) self.assertEqual(len(res.json['participants']), 2) self.assertIn('single', res.json['tags']) def test_maintenance_two_people_conversations_one_user_deleted(self): from .mockers import message as creation_message sender = 'messi' recipient = 'xavi' self.create_user(sender) self.create_user(recipient) res = self.testapp.post('/conversations', json.dumps(creation_message), oauth2Header(sender), status=201) conversation_id = str(res.json['contexts'][0]['id']) self.testapp.delete('/people/{}'.format(recipient), headers=oauth2Header(test_manager), status=204) self.testapp.post('/admin/maintenance/conversations', "", oauth2Header(test_manager), status=200) res = self.testapp.get('/conversations/{}'.format(conversation_id), '', oauth2Header(sender), status=200) self.assertEqual(len(res.json['participants']), 2) self.assertIn('archive', res.json['tags']) def test_maintenance_two_people_conversations_tagged_archived(self): from .mockers import message as creation_message sender = 'messi' recipient = 'xavi' self.create_user(sender) self.create_user(recipient) res = self.testapp.post('/conversations', json.dumps(creation_message), oauth2Header(sender), status=201) conversation_id = str(res.json['contexts'][0]['id']) # Hard modify two people conversation directly on mongo to simulate archive in tags conversations = self.exec_mongo_query('conversations', 'find', {}) conversation = conversations[0] conversation['tags'] = ['archive'] self.exec_mongo_query('conversations', 'update', {'_id': conversation['_id']}, conversation) self.testapp.post('/admin/maintenance/conversations', "", oauth2Header(test_manager), status=200) res = self.testapp.get('/conversations/{}'.format(conversation_id), '', oauth2Header(sender), status=200) self.assertEqual(len(res.json['participants']), 2) self.assertNotIn('single', res.json['tags']) def test_maintenance_users(self): username = '******' self.create_user(username) # Hard modify user directly on mongo to simulate wrong owner and check is wrong self.exec_mongo_query('users', 'update', {'username': username}, {'$set': {'_owner': 'test_manager'}}) res = self.testapp.get('/people/{}'.format(username), "", oauth2Header(test_manager), status=200) self.assertEqual(res.json['owner'], 'test_manager') self.testapp.post('/admin/maintenance/users', "", oauth2Header(test_manager), status=200) res = self.testapp.get('/people/{}'.format(username), "", oauth2Header(test_manager), status=200) self.assertEqual(res.json['owner'], username) def test_maintenance_tokens(self): username = '******' self.create_user(username) # Hard modify user directly on mongo to simulate old style tokens self.exec_mongo_query('users', 'update', {'username': username}, {'$set': {'iosDevices': ['token1', 'token2'], 'androidDevices': ['token3', 'token4']}}) user = self.exec_mongo_query('users', 'find', {'username': username})[0] ios = self.testapp.get('/people/{}/tokens/platforms/{}'.format(username, 'ios'), "", oauth2Header(username), status=200) android = self.testapp.get('/people/{}/tokens/platforms/{}'.format(username, 'android'), "", oauth2Header(username), status=200) self.assertEqual(ios.json, []) self.assertEqual(android.json, []) self.assertIn('iosDevices', user) self.assertIn('androidDevices', user) self.testapp.post('/admin/maintenance/tokens', "", oauth2Header(test_manager), status=200) user = self.exec_mongo_query('users', 'find', {'username': username})[0] ios = self.testapp.get('/people/{}/tokens/platforms/{}'.format(username, 'ios'), "", oauth2Header(username), status=200) android = self.testapp.get('/people/{}/tokens/platforms/{}'.format(username, 'android'), "", oauth2Header(username), status=200) migrated_ios_tokens = [a['token'] for a in ios.json] migrated_android_tokens = [a['token'] for a in android.json] self.assertItemsEqual(migrated_ios_tokens, ['token1', 'token2']) self.assertItemsEqual(migrated_android_tokens, ['token3', 'token4']) self.assertNotIn('iosDevices', user) self.assertNotIn('androidDevices', user)
class FunctionalTests(unittest.TestCase, MaxTestBase): def setUp(self): conf_dir = os.path.dirname(__file__) self.app = loadapp('config:tests.ini', relative_to=conf_dir) self.reset_database(self.app) self.app.registry.max_store.security.insert(test_default_security) self.patched_post = patch('requests.post', new=partial(mock_post, self)) self.patched_post.start() self.testapp = MaxTestApp(self) self.create_user(test_manager) # BEGIN TESTS def test_get_all_users_admin(self): username = '******' self.create_user(username) res = self.testapp.get('/people', "", oauth2Header(test_manager)) self.assertEqual(len(res.json), 2) self.assertEqual(res.json[0].get('username'), 'test_manager') self.assertEqual(res.json[1].get('username'), 'messi') def test_admin_post_activity_without_context(self): from .mockers import user_status username = '******' self.create_user(username) res = self.testapp.post('/people/%s/activities' % username, json.dumps(user_status), oauth2Header(test_manager)) result = json.loads(res.text) self.assertEqual(result.get('actor', None).get('username', None), 'messi') self.assertEqual(result.get('object', None).get('objectType', None), 'note') self.assertEqual(result.get('contexts', None), None) def test_admin_post_activity_with_context(self): """ doctest .. http:post:: /people/{username}/activities """ from .mockers import subscribe_context from .mockers import user_status_context from .mockers import create_context username = '******' self.create_user(username) self.create_context(create_context) self.admin_subscribe_user_to_context(username, subscribe_context) res = self.testapp.post('/people/%s/activities' % username, json.dumps(user_status_context), oauth2Header(test_manager)) result = json.loads(res.text) self.assertEqual(result.get('actor', None).get('username', None), 'messi') self.assertEqual(result.get('object', None).get('objectType', None), 'note') self.assertEqual(result.get('contexts', None)[0]['url'], subscribe_context['object']['url']) def test_admin_post_activity_with_context_as_actor(self): """ doctest .. http:post:: /contexts/{hash}/activities """ from .mockers import subscribe_context from .mockers import user_status_as_context from .mockers import create_context from hashlib import sha1 self.create_context(create_context) url_hash = sha1(create_context['url']).hexdigest() res = self.testapp.post('/contexts/%s/activities' % url_hash, json.dumps(user_status_as_context), oauth2Header(test_manager), status=201) result = json.loads(res.text) self.assertEqual(result.get('actor', None).get('hash', None), url_hash) self.assertEqual(result.get('object', None).get('objectType', None), 'note') self.assertEqual(result.get('contexts', None)[0]['url'], subscribe_context['object']['url']) def test_get_other_activities(self): from .mockers import user_status_context from .mockers import subscribe_context, create_context username = '******' self.create_user(username) self.create_context(create_context) self.admin_subscribe_user_to_context(username, subscribe_context) self.create_activity(username, user_status_context) self.testapp.get('/people/%s/activities' % (username), '', oauth2Header(test_manager), status=200) def test_delete_user(self): username = '******' self.create_user(username) self.testapp.delete('/people/%s' % username, '', oauth2Header(test_manager), status=204) def test_delete_all_conversations(self): from .mockers import group_message as message sender = 'messi' recipient = 'xavi' recipient2 = 'shakira' self.create_user(sender) self.create_user(recipient) self.create_user(recipient2) self.testapp.post('/conversations', json.dumps(message), oauth2Header(sender), status=201) self.testapp.post('/conversations', json.dumps(message), oauth2Header(sender), status=201) self.testapp.post('/conversations', json.dumps(message), oauth2Header(sender), status=201) self.testapp.delete('/conversations', '', oauth2Header(test_manager), status=204) conversations = self.testapp.get('/conversations', '', oauth2Header(sender), status=200) self.assertEqual(len(conversations.json), 0) user_data = self.testapp.get('/people/{}'.format(sender), '', oauth2Header(sender), status=200) self.assertEqual(len(user_data.json['talkingIn']), 0) def test_delete_inexistent_user(self): username = '******' username2 = 'xavi' self.create_user(username) self.testapp.delete('/people/%s' % username2, '', oauth2Header(test_manager), status=400) def test_admin_delete_inexistent_activity(self): fake_id = '519200000000000000000000' self.testapp.delete('/activities/%s' % (fake_id), '', oauth2Header(test_manager), status=404) def test_admin_get_people_activities_by_context(self): """ """ from .mockers import user_status from .mockers import context_query from .mockers import create_context from .mockers import subscribe_context, user_status_context username = '******' self.create_user(username) self.create_context(create_context, permissions=dict(read='subscribed', write='subscribed', subscribe='restricted', invite='restricted')) self.admin_subscribe_user_to_context(username, subscribe_context) self.create_activity(username, user_status_context) self.create_activity(username, user_status) res = self.testapp.get('/people/%s/activities' % username, context_query, oauth2Header(test_manager), status=200) result = json.loads(res.text) self.assertEqual(len(result), 1) def test_admin_get_all_activities_by_context(self): """ XXX This test was here to test the Manager endpoint that didn't search for recursive activities now this is unified so this feature will have to be refactored to a preset or parameter to disable recursivity. The test now is fixed to pass with correct acitivity count asserts """ from .mockers import user_status from .mockers import subscribe_context, subscribe_contextA from .mockers import create_context, create_contextA from .mockers import user_status_context, user_status_contextA from hashlib import sha1 username = '******' self.create_user(username) self.create_context(create_context, permissions=dict(read='subscribed', write='subscribed', subscribe='restricted', invite='restricted')) self.admin_subscribe_user_to_context(username, subscribe_context) url_hash = sha1(create_context['url']).hexdigest() self.create_context(create_contextA, permissions=dict(read='subscribed', write='subscribed', subscribe='restricted', invite='restricted')) self.admin_subscribe_user_to_context(username, subscribe_contextA) url_hashA = sha1(create_contextA['url']).hexdigest() self.create_activity(username, user_status_context) self.create_activity(username, user_status_contextA) self.create_activity(username, user_status) res = self.testapp.get('/contexts/%s/activities' % url_hash, {}, oauth2Header(test_manager), status=200) result = json.loads(res.text) self.assertEqual(len(result), 2) res = self.testapp.get('/contexts/%s/activities' % url_hashA, {}, oauth2Header(test_manager), status=200) result = json.loads(res.text) self.assertEqual(len(result), 1) # def test_admin_post_activity_with_unauthorized_context_type_as_actor(self): # from .mockers import create_unauthorized_context # from hashlib import sha1 # result = self.create_context(create_invalid_context, expect=201) # url_hash = sha1(create_invalid_context['object']['url']).hexdigest() # res = self.testapp.post('/contexts/%s/activities' % url_hash, json.dumps(user_status_context), oauth2Header(test_manager)) # result = json.loads(res.text) # self.assertEqual(result.get('actor', None).get('hash', None), url_hash) # self.assertEqual(result.get('object', None).get('objectType', None), 'note') # self.assertEqual(result.get('contexts', None)[0], subscribe_context['object']) def test_get_users_twitter_enabled(self): """ Doctest .. http:get:: /people """ username = '******' username2 = 'xavi' self.create_user(username) self.create_user(username2) self.modify_user(username, {"twitterUsername": "******"}) res = self.testapp.get('/people', {"twitter_enabled": True}, oauth2Header(test_manager), status=200) self.assertEqual(len(res.json), 1) self.assertIn('twitterUsername', res.json[0]) def test_get_context_twitter_enabled(self): from .mockers import create_context, create_contextA self.create_context(create_context) self.create_context(create_contextA) self.modify_context(create_context['url'], {"twitterHashtag": "assignatura1", "twitterUsername": "******"}) res = self.testapp.get('/contexts', {"twitter_enabled": True}, oauth2Header(test_manager), status=200) self.assertEqual(len(res.json), 1) def test_rename_context_url(self): from .mockers import create_context from .mockers import subscribe_context, user_status_context from hashlib import sha1 username = '******' self.create_user(username) self.create_context(create_context, permissions=dict(read='subscribed', write='subscribed', subscribe='restricted', invite='restricted')) self.admin_subscribe_user_to_context(username, subscribe_context) activity = self.create_activity(username, user_status_context) url_hash = sha1(create_context['url']).hexdigest() res = self.testapp.put('/contexts/%s' % url_hash, json.dumps({"url": "http://new.url"}), oauth2Header(test_manager), status=200) # Test context is updated new_url_hash = sha1('http://new.url').hexdigest() res = self.testapp.get('/contexts/%s' % new_url_hash, "", oauth2Header(test_manager), status=200) self.assertEqual(res.json['url'], 'http://new.url') self.assertEqual(res.json['hash'], new_url_hash) # Test user subscription is updated res = self.testapp.get('/people/%s' % username, "", oauth2Header(test_manager), status=200) self.assertEqual(res.json['subscribedTo'][0]['url'], 'http://new.url') self.assertEqual(res.json['subscribedTo'][0]['hash'], new_url_hash) # Test user original subscription activity is updated subscription_activity = self.exec_mongo_query('activity', 'find', {'object.hash': new_url_hash, 'object.url': "http://new.url", 'actor.username': username}) self.assertNotEqual(subscription_activity, []) self.assertEqual(subscription_activity[0]['object']['hash'], new_url_hash) self.assertEqual(subscription_activity[0]['object']['url'], 'http://new.url') # Test user activity is updated res = self.testapp.get('/activities/%s' % activity.json['id'], "", oauth2Header(test_manager), status=200) self.assertEqual(res.json['contexts'][0]['url'], 'http://new.url') self.assertEqual(res.json['contexts'][0]['hash'], new_url_hash)
class ConversationsACLTests(unittest.TestCase, MaxTestBase): def setUp(self): conf_dir = os.path.dirname(os.path.dirname(__file__)) self.app = loadapp("config:tests.ini", relative_to=conf_dir) self.app.registry.max_store.drop_collection("users") self.app.registry.max_store.drop_collection("activity") self.app.registry.max_store.drop_collection("contexts") self.app.registry.max_store.drop_collection("security") self.app.registry.max_store.drop_collection("conversations") self.app.registry.max_store.drop_collection("messages") self.app.registry.max_store.security.insert(test_default_security) self.patched_post = patch("requests.post", new=partial(mock_post, self)) self.patched_post.start() self.testapp = MaxTestApp(self) self.create_user(test_manager) # Add like tests def test_like_uncontexted_activity(self): """ Given i'm a regular user When I try to like an uncontexted activity Then I succeed """ from max.tests.mockers import user_status username = "******" username_not_me = "penny" self.create_user(username) self.create_user(username_not_me) res = self.create_activity(username, user_status) activity_id = res.json["id"] self.testapp.post("/activities/%s/likes" % activity_id, "", oauth2Header(username_not_me), status=201) def test_like_contexted_activity(self): """ Given i'm a regular user And i'm subscribed to the activity contexted And i have read permission on the context When I try to like a contexted activity Then I succeed """ from max.tests.mockers import user_status_context from max.tests.mockers import subscribe_context, create_context username = "******" username_not_me = "penny" self.create_user(username) self.create_user(username_not_me) self.create_context(create_context) self.admin_subscribe_user_to_context(username, subscribe_context) self.admin_subscribe_user_to_context(username_not_me, subscribe_context) res = self.create_activity(username, user_status_context) activity_id = res.json["id"] self.testapp.post("/activities/%s/likes" % activity_id, "", oauth2Header(username), status=201) def test_like_contexted_activity_no_subscription(self): """ Given i'm a regular user And i'm not subscribed to the activity context When I try to like the contexted activity Then I get a Forbidden Exception """ from max.tests.mockers import user_status_context from max.tests.mockers import subscribe_context, create_context username = "******" username_not_me = "penny" self.create_user(username) self.create_user(username_not_me) self.create_context(create_context, permissions={"read": "subscribed"}) self.admin_subscribe_user_to_context(username, subscribe_context) res = self.create_activity(username, user_status_context) activity_id = res.json["id"] self.testapp.post("/activities/%s/likes" % activity_id, "", oauth2Header(username_not_me), status=403) def test_like_contexted_activity_subscribed_no_read_permission(self): """ Given i'm a regular user And i'm subscribed to the activity context And i don't have read permission on the context When I try to like the contexted activity Then I get a Forbidden Exception """ from max.tests.mockers import user_status_context from max.tests.mockers import subscribe_context, create_context username = "******" username_not_me = "penny" self.create_user(username) self.create_user(username_not_me) self.create_context(create_context, permissions={"read": "restricted"}) self.admin_subscribe_user_to_context(username, subscribe_context) res = self.create_activity(username, user_status_context) activity_id = res.json["id"] self.testapp.post("/activities/%s/likes" % activity_id, "", oauth2Header(username_not_me), status=403) def test_like_uncontexted_activity_impersonating(self): """ Given i'm a Manager user When I try to like an activity impersonating as another user Then I succeed """ from max.tests.mockers import user_status username = "******" username_not_me = "penny" self.create_user(username) self.create_user(username_not_me) res = self.create_activity(username, user_status) activity_id = res.json["id"] self.testapp.post( "/activities/%s/likes" % activity_id, json.dumps(impersonate_payload({}, username)), oauth2Header(test_manager), status=201, ) def test_like_uncontexted_activity_impersonating_no_privileges(self): """ Given i'm a regular user When I try to like an activity impersonating as another user Then I get a Forbidden Exception """ from max.tests.mockers import user_status username = "******" username_not_me = "penny" self.create_user(username) self.create_user(username_not_me) res = self.create_activity(username, user_status) activity_id = res.json["id"] self.testapp.post( "/activities/%s/likes" % activity_id, json.dumps(impersonate_payload({}, username)), oauth2Header(username_not_me), status=403, ) # Add unlike tests def test_unlike_liked_activity(self): """ Given i'm a regular user When I try to unlike an activity Then I succeed """ from max.tests.mockers import user_status username = "******" username_not_me = "penny" self.create_user(username) self.create_user(username_not_me) res = self.create_activity(username, user_status) activity_id = res.json["id"] self.testapp.post("/activities/%s/likes" % activity_id, "", oauth2Header(username), status=201) self.testapp.delete("/activities/%s/likes/%s" % (activity_id, username), "", oauth2Header(username), status=204) def test_unlike_liked_activity_impersonating(self): """ Given i'm a Manager user When I try to unlike an activity as someone else Then I succeed """ from max.tests.mockers import user_status username = "******" username_not_me = "penny" self.create_user(username) self.create_user(username_not_me) res = self.create_activity(username, user_status) activity_id = res.json["id"] self.testapp.post("/activities/%s/likes" % activity_id, "", oauth2Header(username), status=201) self.testapp.delete( "/activities/%s/likes/%s" % (activity_id, username), "", oauth2Header(test_manager), status=204 ) def test_unlike_liked_activity_impersonating_no_privileges(self): """ Given i'm a regular user When I try to unlike an activity as someone else Then I get a Forbidden Exception """ from max.tests.mockers import user_status username = "******" username_not_me = "penny" self.create_user(username) self.create_user(username_not_me) res = self.create_activity(username, user_status) activity_id = res.json["id"] self.testapp.post("/activities/%s/likes" % activity_id, "", oauth2Header(username), status=201) self.testapp.delete( "/activities/%s/likes/%s" % (activity_id, username), "", oauth2Header(username_not_me), status=403 ) def test_unlike_non_liked_activity(self): """ Given i'm a regular user When I try to unlike an activity And the activity is not liked Then I get a Forbidden Exception """ from max.tests.mockers import user_status username = "******" username_not_me = "penny" self.create_user(username) self.create_user(username_not_me) res = self.create_activity(username, user_status) activity_id = res.json["id"] self.testapp.delete("/activities/%s/likes/%s" % (activity_id, username), "", oauth2Header(username), status=403) # Add flag tests def test_flag_uncontexted_activity(self): """ Given i'm a regular user When I try to flag an uncontexted activity Then I get a Forbidden Exception """ from max.tests.mockers import user_status username = "******" self.create_user(username) res = self.create_activity(username, user_status) activity_id = res.json["id"] res = self.testapp.post("/activities/%s/flag" % activity_id, "", oauth2Header(username), status=403) def test_flag_contexted_activity(self): """ Given i'm a regular user And i'm subscribed to the activity context And i have the flag permission on the context When I try to flag a contexted activity Then I succeed """ from max.tests.mockers import user_status_context from max.tests.mockers import subscribe_context, create_context from hashlib import sha1 username = "******" self.create_user(username) self.create_context(create_context) chash = sha1(create_context["url"]).hexdigest() self.admin_subscribe_user_to_context(username, subscribe_context) self.grant_permission(chash, username, "flag") res = self.create_activity(username, user_status_context) activity_id = res.json["id"] res = self.testapp.post("/activities/%s/flag" % activity_id, "", oauth2Header(username), status=201) def test_flag_contexted_activity_no_subscription(self): """ Given i'm a regular user And i'm not subscribed to the activity context When I try to flag a contexted activity Then I get a Forbidden Exception """ from max.tests.mockers import user_status_context from max.tests.mockers import subscribe_context, create_context username = "******" username_not_me = "penny" self.create_user(username) self.create_user(username_not_me) self.create_context(create_context) self.admin_subscribe_user_to_context(username, subscribe_context) res = self.create_activity(username, user_status_context) activity_id = res.json["id"] res = self.testapp.post("/activities/%s/flag" % activity_id, "", oauth2Header(username_not_me), status=403) def test_flag_contexted_activity_subscribed_no_flag_permission(self): """ Given i'm a regular user And i'm subscribed to the activity context And i don't have the flag permission on the context When I try to flag a contexted activity Then I get a Forbidden Exception """ from max.tests.mockers import user_status_context from max.tests.mockers import subscribe_context, create_context username = "******" username_not_me = "penny" self.create_user(username) self.create_user(username_not_me) self.create_context(create_context) self.admin_subscribe_user_to_context(username, subscribe_context) res = self.create_activity(username, user_status_context) activity_id = res.json["id"] res = self.testapp.post("/activities/%s/flag" % activity_id, "", oauth2Header(username), status=403) def test_flag_contexted_activity_as_manager(self): """ Given i'm a regular user When I try to flag a contexted activity Then I succeed """ from max.tests.mockers import user_status_context from max.tests.mockers import subscribe_context, create_context username = "******" self.create_user(username) self.create_context(create_context) self.admin_subscribe_user_to_context(username, subscribe_context) res = self.create_activity(username, user_status_context) activity_id = res.json["id"] res = self.testapp.post("/activities/%s/flag" % activity_id, "", oauth2Header(test_manager), status=201) # Add unflag tests def test_unflag_flagged_activity(self): """ Given i'm a regular user And i'm subscribed to the activity context And i have the flag permission on the context When I try to unflag a flagged activity Then I succeed """ from max.tests.mockers import user_status_context from max.tests.mockers import subscribe_context, create_context from hashlib import sha1 username = "******" self.create_user(username) self.create_context(create_context) chash = sha1(create_context["url"]).hexdigest() self.admin_subscribe_user_to_context(username, subscribe_context) self.grant_permission(chash, username, "flag") res = self.create_activity(username, user_status_context) activity_id = res.json["id"] res = self.testapp.post("/activities/%s/flag" % activity_id, "", oauth2Header(username), status=201) res = self.testapp.delete("/activities/%s/flag" % activity_id, "", oauth2Header(username), status=204) def test_unflag_flagged_activity_no_subscription(self): """ Given i'm a regular user And i'm not subscribed to the activity context When I try to unflag a flagged activity Then I get a Forbidden Exception """ from max.tests.mockers import user_status_context from max.tests.mockers import subscribe_context, create_context from hashlib import sha1 username = "******" username_not_me = "penny" self.create_user(username) self.create_user(username_not_me) self.create_context(create_context) chash = sha1(create_context["url"]).hexdigest() self.admin_subscribe_user_to_context(username, subscribe_context) self.grant_permission(chash, username, "flag") res = self.create_activity(username, user_status_context) activity_id = res.json["id"] res = self.testapp.post("/activities/%s/flag" % activity_id, "", oauth2Header(username), status=201) res = self.testapp.delete("/activities/%s/flag" % activity_id, "", oauth2Header(username_not_me), status=403) def test_unflag_flagged_activity_subscribed_no_flag_permission(self): """ Given i'm a regular user And i'm subscribed to the activity context And i don't have the flag permission on the context When I try to unflag a flagged activity Then I get a Forbidden Exception """ from max.tests.mockers import user_status_context from max.tests.mockers import subscribe_context, create_context from hashlib import sha1 username = "******" username_not_me = "penny" self.create_user(username) self.create_user(username_not_me) self.create_context(create_context) chash = sha1(create_context["url"]).hexdigest() self.admin_subscribe_user_to_context(username, subscribe_context) self.admin_subscribe_user_to_context(username_not_me, subscribe_context) self.grant_permission(chash, username, "flag") res = self.create_activity(username, user_status_context) activity_id = res.json["id"] res = self.testapp.post("/activities/%s/flag" % activity_id, "", oauth2Header(username), status=201) res = self.testapp.delete("/activities/%s/flag" % activity_id, "", oauth2Header(username_not_me), status=403) def test_unflag_flagged_activity_as_manager(self): """ Given i'm a Manager user When I try to unflag a flagged activity Then I succeed """ from max.tests.mockers import user_status_context from max.tests.mockers import subscribe_context, create_context username = "******" self.create_user(username) self.create_context(create_context) self.admin_subscribe_user_to_context(username, subscribe_context) res = self.create_activity(username, user_status_context) activity_id = res.json["id"] res = self.testapp.post("/activities/%s/flag" % activity_id, "", oauth2Header(test_manager), status=201) res = self.testapp.delete("/activities/%s/flag" % activity_id, "", oauth2Header(test_manager), status=204) def test_unflag_non_flagged_activity(self): """ Given i'm a regular user When I try to unflag a non flagged activity Then I succeed """ from max.tests.mockers import user_status_context from max.tests.mockers import subscribe_context, create_context from hashlib import sha1 username = "******" self.create_user(username) self.create_context(create_context) chash = sha1(create_context["url"]).hexdigest() self.admin_subscribe_user_to_context(username, subscribe_context) self.grant_permission(chash, username, "flag") res = self.create_activity(username, user_status_context) activity_id = res.json["id"] res = self.testapp.delete("/activities/%s/flag" % activity_id, "", oauth2Header(username), status=204)