def test_delete_page(self, mock_delete): """Test API Pagepost delete post (DEL).""" mock_delete.return_value = True admin, owner, user = UserFactory.create_batch(3) project = ProjectFactory.create(owner=owner) file_info = {'file_name': 'name.jpg', 'container': 'user_3'} page = PageFactory.create(project_id=project.id, info=file_info) page2 = PageFactory.create(project_id=project.id) # As anon url = '/api/page/%s' % page.id res = self.app.delete(url) assert res.status_code == 401, res.status_code # As user url = '/api/page/%s?api_key=%s' % (page.id, user.api_key) res = self.app.delete(url) assert res.status_code == 403, res.status_code # As owner url = '/api/page/%s?api_key=%s' % (page.id, owner.api_key) res = self.app.delete(url) assert res.status_code == 204, res.status_code mock_delete.assert_called_with(file_info['file_name'], file_info['container']) # As admin url = '/api/page/%s?api_key=%s' % (page2.id, admin.api_key) res = self.app.delete(url) assert res.status_code == 204, res.status_code
def test_get_by_returns_none_if_no_page(self): """Test get_by returns None if no page matches the query""" PageFactory.create() page = self.page_repo.get_by(project_id=10000) assert page is None, page
def test_filter_by_no_matches(self): """Test filter_by returns an empty list if no pages match the query""" PageFactory.create() retrieved_pages = self.page_repo.filter_by(project_id=100) assert isinstance(retrieved_pages, list) assert len(retrieved_pages) == 0, retrieved_pages
def test_filter_by_multiple_conditions(self): """Test filter_by supports multiple-condition queries""" h1 = PageFactory.create(slug='url') h2 = PageFactory.create(slug='url') retrieved_pages = self.page_repo.filter_by(project_id=h2.project_id, slug='url') assert len(retrieved_pages) == 1, retrieved_pages assert h2 in retrieved_pages, retrieved_pages
def test_anonymous_user_delete_page(self): """Test anonymous users cannot delete pages""" project = ProjectFactory.create(published=True) page = PageFactory.create(project_id=project.id) assert_raises(Unauthorized, ensure_authorized_to, 'delete', page)
def test_anonymous_user_read_given_page(self): """Test anonymous users can read a given page""" project = ProjectFactory.create(published=True) page = PageFactory.create(project_id=project.id) assert_not_raises(Exception, ensure_authorized_to, 'read', page)
def test_get_by(self): """Test get_by returns a page with the specified attribute""" page = PageFactory.create(slug="algo") retrieved_page = self.page_repo.get_by(slug="algo") assert page == retrieved_page, retrieved_page
def test_get_returns_page(self): """Test get method returns a page if exists""" page = PageFactory.create() retrieved_page = self.page_repo.get(page.id) assert page == retrieved_page, retrieved_page
def test_update_fails_if_integrity_error(self): """Test update raises a DBIntegrityError if the instance to be updated lacks a required value""" page = PageFactory.create() page.project_id = None assert_raises(DBIntegrityError, self.page_repo.update, page)
def test_anonymous_user_read_given_page_draft_project(self): """Test anonymous users cannot read a given page of a draft project""" project = ProjectFactory.create(published=False) page = PageFactory.create(project_id=project.id) assert_raises(Unauthorized, ensure_authorized_to, 'read', page)
def test_delete(self): """Test delete removes the page instance""" page = PageFactory.create() self.page_repo.delete(page) deleted = self.page_repo.get(page.id) assert deleted is None, deleted
def test_non_owner_authenticated_user_read_given_page_draft_project(self): """Test authenticated user cannot read a given page of a draft project if is not the project owner""" project = ProjectFactory.create(published=False) page = PageFactory.create(project_id=project.id) assert self.mock_authenticated.id != project.owner.id assert_raises(Forbidden, ensure_authorized_to, 'read', page)
def test_owner_update_page(self): """Test authenticated user can update page if it's the project's page owner""" owner = UserFactory.create(id=2) project = ProjectFactory.create(owner=owner) page = PageFactory.create(project_id=project.id) assert_not_raises(Exception, ensure_authorized_to, 'update', page)
def test_admin_update_page(self): """Test admins can update page even if it's not the post owner""" owner = UserFactory.create(id=5) project = ProjectFactory.create(owner=owner) page = PageFactory.create(project_id=project.id) assert_not_raises(Exception, ensure_authorized_to, 'update', page)
def test_admin_read_given_page_draft_project(self): """Test admin can read a given page of a draft project""" owner = UserFactory.create(id=5) project = ProjectFactory.create(owner=owner, published=False) page = PageFactory.create(project_id=project.id) assert self.mock_admin.id != project.owner.id assert_not_raises(Exception, ensure_authorized_to, 'read', page)
def test_non_owner_authenticated_user_read_given_page(self): """Test authenticated user can read a given page if is not the project owner""" project = ProjectFactory.create(published=True) page = PageFactory.create(project_id=project.id) assert self.mock_authenticated.id != project.owner.id assert_not_raises(Exception, ensure_authorized_to, 'read', page)
def test_admin_authenticated_user_delete_page(self): """Test authenticated user can delete any page if it's admin""" owner = UserFactory.create(id=5) project = ProjectFactory.create(owner=owner) page = PageFactory.create(project_id=project.id) assert self.mock_admin.id != owner.id assert_not_raises(Exception, ensure_authorized_to, 'delete', page)
def test_owner_delete_page(self): """Test authenticated user can delete a page if is the page owner""" owner = UserFactory.create(id=2) project = ProjectFactory.create(owner=owner) page = PageFactory.create(project_id=project.id) assert self.mock_authenticated.id == owner.id assert_not_raises(Exception, ensure_authorized_to, 'delete', page)
def test_owner_read_given_page_draft_project(self): """Test authenticated user can read a given page of a draft project if it's the project owner""" owner = UserFactory.create(id=2) project = ProjectFactory.create(owner=owner, published=False) page = PageFactory.create(project_id=project.id) assert self.mock_authenticated.id == project.owner.id assert_not_raises(Exception, ensure_authorized_to, 'read', page)
def test_non_owner_authenticated_user_delete_page(self): """Test authenticated user cannot delete a page if is not the page's owner and is not admin""" owner = UserFactory.create(id=5) project = ProjectFactory.create(owner=owner, published=True) page = PageFactory.create(project_id=project.id) assert self.mock_authenticated.id != owner.id assert not self.mock_authenticated.admin assert_raises(Forbidden, ensure_authorized_to, 'delete', page)
def test_filter_by_one_condition(self): """Test filter_by returns a list of pages that meet the filtering condition""" PageFactory.create_batch(3, slug="algo") should_be_missing = PageFactory.create(slug="new") retrieved_pages = self.page_repo.filter_by(slug="algo") assert len(retrieved_pages) == 3, retrieved_pages assert should_be_missing not in retrieved_pages, retrieved_pages
def test_update(self): """Test update persists the changes made to the page""" info = {'key': 'val'} page = PageFactory.create(info=info) info_new = {'f': 'v'} page.info = info_new self.page_repo.update(page) updated_page = self.page_repo.get(page.id) assert updated_page.info == info_new, updated_page
def test_update_page(self): """Test API Pagepost update post (PUT).""" admin, user, owner = UserFactory.create_batch(3) project = ProjectFactory.create(owner=owner) page = PageFactory.create(project_id=project.id) # As anon page.slug = 'new' url = '/api/page/%s' % page.id res = self.app.put(url, data=json.dumps(page.dictize())) data = json.loads(res.data) assert res.status_code == 401, res.status_code # As user url = '/api/page/%s?api_key=%s' % (page.id, user.api_key) res = self.app.put(url, data=json.dumps(page.dictize())) data = json.loads(res.data) assert res.status_code == 403, res.status_code # As owner url = '/api/page/%s?api_key=%s' % (page.id, owner.api_key) payload = page.dictize() del payload['created'] del payload['id'] res = self.app.put(url, data=json.dumps(payload)) data = json.loads(res.data) assert res.status_code == 200, res.status_code assert data['slug'] == 'new', data # as owner with reserved key page.slug = 'new' page.created = 'today' url = '/api/page/%s?api_key=%s' % (page.id, owner.api_key) payload = page.dictize() del payload['id'] res = self.app.put(url, data=json.dumps(payload)) data = json.loads(res.data) assert res.status_code == 400, res.status_code assert data['exception_msg'] == 'Reserved keys in payload', data # as owner with wrong key page.slug = 'new-slug' url = '/api/page/%s?api_key=%s' % (page.id, owner.api_key) payload = page.dictize() del payload['created'] del payload['id'] payload['foo'] = 'bar' res = self.app.put(url, data=json.dumps(payload)) data = json.loads(res.data) assert res.status_code == 415, res.status_code assert 'foo' in data['exception_msg'], data
def test_max_three_items_per_page(self): user = UserFactory() album = AlbumFactory.create(owner=user) page = PageFactory.create(album=album) PageItemFactory.create(page=page) PageItemFactory.create(page=page) PageItemFactory.create(page=page) PageItemFactory.create(page=page) self.assertEquals(3, page.page_items.all().count(), 'Test that a page has at maximum three items')
def test_position_unique(self): user = UserFactory() album = AlbumFactory.create(owner=user) page = PageFactory.create(album=album) item1 = PageItemFactory.create( page=page, value='item1') #initialized with position 0 item2 = PageItemFactory.create( page=page, value='item2') #initialized with position 0 item3 = PageItemFactory.create( page=page, position=0, value='item3') #initialized with position 0 item4 = PageItemFactory.create( page=page, value='item4') #initialized with position 0 self.assertNotEqual(item1.position, item2.position, "Test that no two items have the same position")
def test_page_public_attributes(self): """Test public attributes works.""" page = PageFactory.create() public_attributes = ['created', 'id', 'info', 'media_url', 'slug'] assert sorted(page.public_attributes()) == sorted(public_attributes)
def test_query_page(self): """Test API query for page endpoint works""" owner = UserFactory.create() user = UserFactory.create() project = ProjectFactory(owner=owner) pages = PageFactory.create_batch(9, project_id=project.id) page = PageFactory.create() # As anon url = '/api/page' res = self.app.get(url) data = json.loads(res.data) assert len(data) == 10, data # As user res = self.app.get(url + '?api_key=' + user.api_key) data = json.loads(res.data) assert len(data) == 0, data # As owner res = self.app.get(url + '?api_key=' + owner.api_key) data = json.loads(res.data) assert len(data) == 9, data # Valid field but wrong value res = self.app.get(url + "?media_url=wrongvalue") data = json.loads(res.data) assert len(data) == 0, data # Multiple fields res = self.app.get(url + '?info=container::' + pages[0].info['container'] + '&project_id=' + str(project.id)) data = json.loads(res.data) # One result assert len(data) == 9, data # Correct result assert data[0]['project_id'] == pages[0].project_id, data assert data[0]['media_url'] == pages[0].media_url, data # Limits res = self.app.get(url + "?limit=1") data = json.loads(res.data) for item in data: assert item['media_url'] == page.media_url, item assert len(data) == 1, data # Keyset pagination res = self.app.get(url + '?limit=1&last_id=' + str(pages[8].id)) data = json.loads(res.data) assert len(data) == 1, len(data) assert data[0]['id'] == page.id # Errors res = self.app.get(url + "?something") err = json.loads(res.data) err_msg = "AttributeError exception should be raised" res.status_code == 415, err_msg assert res.status_code == 415, err_msg assert err['action'] == 'GET', err_msg assert err['status'] == 'failed', err_msg assert err['exception_cls'] == 'AttributeError', err_msg # Desc filter url = "/api/page?orderby=wrongattribute" res = self.app.get(url) data = json.loads(res.data) err_msg = "It should be 415." assert data['status'] == 'failed', data assert data['status_code'] == 415, data assert 'has no attribute' in data['exception_msg'], data # Desc filter url = "/api/page?orderby=id" res = self.app.get(url) data = json.loads(res.data) err_msg = "It should get the last item first." pages.append(page) pages_by_id = sorted(pages, key=lambda x: x.id, reverse=False) for i in range(len(pages)): assert pages_by_id[i].id == data[i]['id'] # Desc filter url = "/api/page?orderby=id&desc=true" res = self.app.get(url) data = json.loads(res.data) err_msg = "It should get the last item first." pages_by_id = sorted(pages, key=lambda x: x.id, reverse=True) for i in range(len(pages)): assert pages_by_id[i].id == data[i]['id']
def test_page_put_file(self): """Test API Pagepost file put upload works.""" admin, owner, user = UserFactory.create_batch(3) project = ProjectFactory.create(owner=owner) project2 = ProjectFactory.create(owner=user) hp = PageFactory.create(project_id=project.id) img = (io.BytesIO(b'test'), 'test_file.jpg') payload = dict(project_id=project.id, slug="admin", file=img) # As anon url = '/api/page/%s' % hp.id res = self.app.put(url, data=payload, content_type="multipart/form-data") data = json.loads(res.data) assert res.status_code == 401, data assert data['status_code'] == 401, data # As a user img = (io.BytesIO(b'test'), 'test_file.jpg') payload = dict(project_id=project.id, slug="admin", file=img) url = '/api/page/%s?api_key=%s' % (hp.id, user.api_key) res = self.app.put(url, data=payload, content_type="multipart/form-data") data = json.loads(res.data) assert res.status_code == 403, data assert data['status_code'] == 403, data # As owner img = (io.BytesIO(b'test'), 'test_file.jpg') payload = dict(project_id=project.id, slug="admin", file=img) url = '/api/page/%s?api_key=%s' % (hp.id, project.owner.api_key) res = self.app.put(url, data=payload, content_type="multipart/form-data") data = json.loads(res.data) assert res.status_code == 200, data container = "user_%s" % owner.id assert data['info']['container'] == container, data assert data['info']['file_name'] == 'test_file.jpg', data assert 'test_file.jpg' in data['media_url'], data # As owner wrong 404 project_id img = (io.BytesIO(b'test'), 'test_file.jpg') payload = dict(project_id=project.id, slug="admin", file=img) url = '/api/page/%s?api_key=%s' % (hp.id, owner.api_key) payload['project_id'] = -1 res = self.app.put(url, data=payload, content_type="multipart/form-data") data = json.loads(res.data) assert res.status_code == 415, data # As owner using wrong project_id img = (io.BytesIO(b'test'), 'test_file.jpg') payload = dict(project_id=project.id, file=img) url = '/api/page/%s?api_key=%s' % (hp.id, owner.api_key) payload['project_id'] = project2.id res = self.app.put(url, data=payload, content_type="multipart/form-data") data = json.loads(res.data) assert res.status_code == 403, data # As owner using wrong attribute img = (io.BytesIO(b'test'), 'test_file.jpg') payload = dict(project_id=project.id, wrong=img) url = '/api/page/%s?api_key=%s' % (hp.id, owner.api_key) res = self.app.put(url, data=payload, content_type="multipart/form-data") data = json.loads(res.data) assert res.status_code == 415, data # As owner using reserved key img = (io.BytesIO(b'test'), 'test_file.jpg') payload = dict(project_id=project.id, file=img) url = '/api/page/%s?api_key=%s' % (hp.id, owner.api_key) payload['project_id'] = project.id payload['id'] = 3 res = self.app.put(url, data=payload, content_type="multipart/form-data") data = json.loads(res.data) assert res.status_code == 400, data assert data['exception_msg'] == 'Reserved keys in payload', data
def test_page_public_attributes(self): """Test public attributes works.""" page = PageFactory.create() assert page.public_attributes().sort() == page.dictize().keys().sort()