def test_get_by_id_user_without_read_access_raises_error( self, get_all_workspaces_with_read_access_by_user): blob_id = self.fixture.blob_collection[ fixture_blob.USER_1_WORKSPACE_1].id get_all_workspaces_with_read_access_by_user.return_value = [] mock_user = _create_user('2') with self.assertRaises(AccessControlError): blob_api.get_by_id(blob_id, mock_user)
def validate_id(self, id): """Validate id field Args: id: Returns: """ request = self.context.get("request") try: blob_api.get_by_id(id, request.user) except DoesNotExist: raise Http404 return id
def _get_blobs(blob_ids, request_user_is_superuser, request_user_id): """ Get all the blobs from the list of ids. Args: blob_ids: request_user_is_superuser: request_user_id: Returns: list form """ list_blobs = [] try: for blob_id in blob_ids: # Get the blob blob = blob_api.get_by_id(blob_id) # Check the rights _check_rights_document(request_user_is_superuser, request_user_id, blob.user_id) list_blobs.append(blob) except DoesNotExist: raise Exception('It seems a blob is missing. Please refresh the page.') except Exception, e: raise Exception(e.message)
def patch(self, request): """ Delete a list of Blob Parameters: [ { "id": "blob_id", }, { "id": "blob_id", } ] Args: request: HTTP request Returns: - code: 204 content: Deletion succeed - code: 400 content: Validation error - code: 403 content: Authentication error - code: 500 content: Internal server error """ try: # Serialize data serializer = DeleteBlobsSerializer(data=request.data, many=True, context={'request': request}) # Validate data serializer.is_valid(True) # Get list of unique ids blob_ids = set([blob['id'] for blob in serializer.validated_data]) for blob_id in blob_ids: # Get blob with its id blob = blob_api.get_by_id(blob_id) # Delete blob blob_api.delete(blob) # Return the serialized data return Response(status=status.HTTP_204_NO_CONTENT) except ValidationError as validation_exception: content = {'message': validation_exception.detail} return Response(content, status=status.HTTP_400_BAD_REQUEST) except AccessControlError as access_control_error: content = {'message': access_control_error.message} return Response(content, status=status.HTTP_403_FORBIDDEN) except Exception as api_exception: content = {'message': api_exception.message} return Response(content, status=status.HTTP_500_INTERNAL_SERVER_ERROR)
def get_object(self, pk): """ Get blob from db Args: pk: Returns: """ try: return blob_api.get_by_id(pk) except exceptions.DoesNotExist: raise Http404
def get_object(self, request, pk): """ Get Blob from db Args: request: HTTP request pk: ObjectId Returns: Blob """ try: return blob_api.get_by_id(pk, request.user) except exceptions.DoesNotExist: raise Http404
def validate_id(self, id): """ Validate id field Args: id: Returns: """ request = self.context.get('request') try: blob_object = blob_api.get_by_id(id) except DoesNotExist: raise Http404 if request.user.is_superuser is False and str(request.user.id) != blob_object.user_id: raise AccessControlError("You don't have the permission to delete this id: {0}".format(id)) return id
def patch(self, request): """ Delete a list of blobs. /rest/blobs/delete/ Data: [{"id":"<blob_id>"},{"id":"<blob_id>"}] Args: request: Returns: """ try: # Serialize data serializer = DeleteBlobsSerializer(data=request.data, many=True, context={'request': request}) # Validate data serializer.is_valid(True) # Get list of unique ids blob_ids = set([blob['id'] for blob in serializer.validated_data]) for blob_id in blob_ids: # Get blob with its id blob = blob_api.get_by_id(blob_id) # Delete blob blob_api.delete(blob) # Return the serialized data return Response(status=status.HTTP_204_NO_CONTENT) except ValidationError as validation_exception: content = {'message': validation_exception.detail} return Response(content, status=status.HTTP_400_BAD_REQUEST) except AccessControlError as access_control_error: content = {'message': access_control_error.message} return Response(content, status=status.HTTP_403_FORBIDDEN) except Exception as api_exception: content = {'message': api_exception.message} return Response(content, status=status.HTTP_500_INTERNAL_SERVER_ERROR)
def test_get_by_id_not_owner_no_workspace_raises_error(self): blob_id = self.fixture.blob_collection[ fixture_blob.USER_1_NO_WORKSPACE].id mock_user = _create_user('2') with self.assertRaises(AccessControlError): blob_api.get_by_id(blob_id, mock_user)
def test_get_by_id_owner_no_workspace_read_access_returns_blob(self): blob_id = self.fixture.blob_collection[ fixture_blob.USER_1_NO_WORKSPACE].id mock_user = _create_user('1') blob = blob_api.get_by_id(blob_id, mock_user) self.assertTrue(isinstance(blob, Blob))
def test_get_by_id_owner_without_read_access_returns_blob(self): blob_id = self.fixture.blob_collection[ fixture_blob.USER_1_WORKSPACE_1].id mock_user = _create_user('1') with self.assertRaises(AccessControlError): blob_api.get_by_id(blob_id, mock_user)
def test_get_by_id_owner_without_read_access_returns_blob(self): blob_id = self.fixture.blob_collection[ fixture_blob.USER_1_WORKSPACE_1].id mock_user = _create_user("1") blob = blob_api.get_by_id(blob_id, mock_user) self.assertTrue(isinstance(blob, Blob))