 def test_delete_image_no_permission(self):
     """Can't delete an image without permission."""
     u = UserFactory(username='******')
     assert not u.has_perm('upload.delete_imageattachment')
     im = ImageAttachment.objects.all()[0]
     self.client.login(username='******', password='******')
     r = self._make_post_request(args=[im.id])
     eq_(403, r.status_code)
     assert ImageAttachment.objects.exists()
 def test_delete_image_no_permission(self):
     """Can't delete an image without permission."""
     u = UserFactory(username='******')
     assert not u.has_perm('upload.delete_imageattachment')
     im = ImageAttachment.objects.all()[0]
     self.client.login(username='******', password='******')
     r = self._make_post_request(args=[im.id])
     eq_(403, r.status_code)
     assert ImageAttachment.objects.exists()
    def setUp(self):
        u = UserFactory()
        add_permission(u, Question, "change_question")
        assert u.has_perm("questions.change_question")
        self.user = u

        p = ProductFactory()
        t = TopicFactory(product=p)

        q = QuestionFactory(product=p, topic=t)

        self.product = p
        self.topic = t
        self.question = q
    def setUp(self):
        u = UserFactory()
        add_permission(u, Question, 'change_question')
        assert u.has_perm('questions.change_question')
        self.user = u

        p = ProductFactory()
        t = TopicFactory(product=p)

        q = QuestionFactory(product=p, topic=t)

        self.product = p
        self.topic = t
        self.question = q
class UploadImageTestCase(TestCase):
    client_class = LocalizingClient

    def setUp(self):
        super(UploadImageTestCase, self).setUp()
        self.user = UserFactory(username='******')
        self.question = QuestionFactory()
        self.client.login(username=self.user.username, password='******')

    def tearDown(self):
        super(UploadImageTestCase, self).tearDown()

    def test_model_not_whitelisted(self):
        """Specifying a model we don't allow returns 400."""
        r = self._make_post_request(image='', args=['wiki.Document', 123])

        eq_(400, r.status_code)
        json_r = json.loads(r.content)
        eq_('error', json_r['status'])
        eq_('Model not allowed.', json_r['message'])

    def test_object_notexist(self):
        """Upload nothing returns 404 error and html content."""
        r = self._make_post_request(image='', args=['questions.Question', 123])

        eq_(404, r.status_code)
        json_r = json.loads(r.content)
        eq_('error', json_r['status'])
        eq_('Object does not exist.', json_r['message'])

    def test_empty_image(self):
        """Upload nothing returns 400 error and json content."""
        r = self._make_post_request(image='')

        eq_(400, r.status_code)
        json_r = json.loads(r.content)
        eq_('error', json_r['status'])
        eq_('Invalid or no image received.', json_r['message'])
        eq_('You have not selected an image to upload.',

    def test_upload_image(self):
        """Uploading an image works."""
        with open('kitsune/upload/tests/media/test.jpg', 'rb') as f:
            r = self._make_post_request(image=f)

        eq_(200, r.status_code)
        json_r = json.loads(r.content)
        eq_('success', json_r['status'])
        file = json_r['file']
        eq_('test.png', file['name'])
        eq_(90, file['width'])
        eq_(120, file['height'])
        name = '098f6b.png'
        message = 'Url "%s" does not contain "%s"' % (file['url'], name)
        assert (name in file['url']), message

        eq_(1, ImageAttachment.objects.count())
        image = ImageAttachment.objects.all()[0]
        eq_(self.user.username, image.creator.username)
        eq_(150, image.file.width)
        eq_(200, image.file.height)
        eq_('question', image.content_type.model)

    def test_upload_unicode_image(self):
        """Uploading an unicode image works."""
        with open('kitsune/upload/tests/media/123ascii\u6709\u52b9.jpg',
                  'rb') as f:
            r = self._make_post_request(image=f)

        eq_(200, r.status_code)
        json_r = json.loads(r.content)
        eq_('success', json_r['status'])

    def test_delete_image_logged_out(self):
        """Can't delete an image logged out."""
        # Upload the image first
        im = ImageAttachment.objects.all()[0]
        r = self._make_post_request(args=[im.id])
        eq_(403, r.status_code)
        assert ImageAttachment.objects.exists()

    def test_delete_image_no_permission(self):
        """Can't delete an image without permission."""
        u = UserFactory(username='******')
        assert not u.has_perm('upload.delete_imageattachment')
        im = ImageAttachment.objects.all()[0]
        self.client.login(username='******', password='******')
        r = self._make_post_request(args=[im.id])
        eq_(403, r.status_code)
        assert ImageAttachment.objects.exists()

    def test_delete_image_owner(self):
        """Users can delete their own images."""
        im = ImageAttachment.objects.all()[0]
        r = self._make_post_request(args=[im.id])
        eq_(200, r.status_code)
        json_r = json.loads(r.content)
        eq_('success', json_r['status'])
        assert not ImageAttachment.objects.exists()

    def test_delete_image_with_permission(self):
        """Users with permission can delete images."""
        ct = ContentType.objects.get_for_model(ImageAttachment)
        p = Permission.objects.get_or_create(codename='delete_imageattachment',
        assert self.user.has_perm('upload.delete_imageattachment')

        im = ImageAttachment.objects.all()[0]
        r = self._make_post_request(args=[im.id])
        eq_(200, r.status_code)
        json_r = json.loads(r.content)
        eq_('success', json_r['status'])
        assert not ImageAttachment.objects.exists()

    def test_delete_no_image(self):
        """Trying to delete a non-existent image 404s."""
        r = self._make_post_request(args=[123])
        eq_(404, r.status_code)
        data = json.loads(r.content)
        eq_('error', data['status'])

    def test_invalid_image(self):
        """Make sure invalid files are not accepted as images."""
        with open('kitsune/upload/__init__.py', 'rb') as f:
            r = self._make_post_request(image=f)

        eq_(400, r.status_code)
        json_r = json.loads(r.content)
        eq_('error', json_r['status'])
        eq_('Invalid or no image received.', json_r['message'])
        eq_('The submitted file is empty.', json_r['errors']['image'][0])

    def test_invalid_image_extensions(self):
        Make sure invalid extensions aren't accepted as images.
        with open('kitsune/upload/tests/media/test_invalid.ext', 'rb') as f:
            r = self._make_post_request(image=f)

        eq_(400, r.status_code)
        json_r = json.loads(r.content)
        eq_('error', json_r['status'])
        eq_('Invalid or no image received.', json_r['message'])
        assert (
            json_r['errors']['image'][0] ==
            "File extension 'ext' is not allowed. Allowed extensions are: 'jpg, jpeg, png, gif'."

    def test_unsupported_image_extensions(self):
        Make sure valid image types that are not whitelisted aren't accepted as images.
        with open('kitsune/upload/tests/media/test.tiff', 'rb') as f:
            r = self._make_post_request(image=f)

        eq_(400, r.status_code)
        json_r = json.loads(r.content)
        eq_('error', json_r['status'])
        eq_('Invalid or no image received.', json_r['message'])
        assert (
            json_r['errors']['image'][0] ==
            "File extension 'tiff' is not allowed. Allowed extensions are: 'jpg, jpeg, png, gif'."

    def test_upload_long_filename(self):
        """Uploading an image with a filename that's too long fails."""
        # Windows has problems with large file names, so we create the
        # file in the test and if this fails, we assume we're on a
        # Windows file system and skip.
        # FIXME: Is that an ok assumption to make?

        thisdir = os.path.dirname(__file__)
        path = os.path.join(thisdir, 'media', 'test.jpg')
        with open(path, 'rb') as f:
            long_file_name = ('long_file_name' * 17) + '.jpg'
            image = SimpleUploadedFile(name=long_file_name,
            r = self._make_post_request(image=image)

        eq_(400, r.status_code)
        json_r = json.loads(r.content)
        eq_('error', json_r['status'])
        eq_('Invalid or no image received.', json_r['message'])
            MSG_IMAGE_LONG % {
                'length': 242,
                'max': settings.MAX_FILENAME_LENGTH
            }, json_r['errors']['image'][0])

    def _make_post_request(self, **kwargs):
        if 'args' not in kwargs:
            kwargs['args'] = ['questions.Question', self.question.pk]
        if 'image' in kwargs:
            image = {'image': kwargs['image']}
            image = {}
        if len(kwargs['args']) == 2:
            view = 'upload.up_image_async'
        elif len(kwargs['args']) == 1:
            view = 'upload.del_image_async'
            raise ValueError
        return post(self.client, view, image, args=kwargs['args'])
class UploadImageTestCase(TestCase):
    client_class = LocalizingClient

    def setUp(self):
        super(UploadImageTestCase, self).setUp()
        self.user = UserFactory(username='******')
        self.question = QuestionFactory()
        self.client.login(username=self.user.username, password='******')

    def tearDown(self):
        super(UploadImageTestCase, self).tearDown()

    def test_model_not_whitelisted(self):
        """Specifying a model we don't allow returns 400."""
        r = self._make_post_request(image='', args=['wiki.Document', 123])

        eq_(400, r.status_code)
        json_r = json.loads(r.content)
        eq_('error', json_r['status'])
        eq_('Model not allowed.', json_r['message'])

    def test_object_notexist(self):
        """Upload nothing returns 404 error and html content."""
        r = self._make_post_request(image='', args=['questions.Question', 123])

        eq_(404, r.status_code)
        json_r = json.loads(r.content)
        eq_('error', json_r['status'])
        eq_('Object does not exist.', json_r['message'])

    def test_empty_image(self):
        """Upload nothing returns 400 error and json content."""
        r = self._make_post_request(image='')

        eq_(400, r.status_code)
        json_r = json.loads(r.content)
        eq_('error', json_r['status'])
        eq_('Invalid or no image received.', json_r['message'])
        eq_('You have not selected an image to upload.',

    def test_upload_image(self):
        """Uploading an image works."""
        with open('kitsune/upload/tests/media/test.jpg') as f:
            r = self._make_post_request(image=f)

        eq_(200, r.status_code)
        json_r = json.loads(r.content)
        eq_('success', json_r['status'])
        file = json_r['file']
        eq_('test.png', file['name'])
        eq_(90, file['width'])
        eq_(120, file['height'])
        name = '098f6b.png'
        message = 'Url "%s" does not contain "%s"' % (file['url'], name)
        assert (name in file['url']), message

        eq_(1, ImageAttachment.objects.count())
        image = ImageAttachment.objects.all()[0]
        eq_(self.user.username, image.creator.username)
        eq_(150, image.file.width)
        eq_(200, image.file.height)
        eq_('question', image.content_type.model)

    def test_upload_unicode_image(self):
        """Uploading an unicode image works."""
        with open(u'kitsune/upload/tests/media/123ascii\u6709\u52b9.jpg', 'rb') as f:
            r = self._make_post_request(image=f)

        eq_(200, r.status_code)
        json_r = json.loads(r.content)
        eq_('success', json_r['status'])

    def test_delete_image_logged_out(self):
        """Can't delete an image logged out."""
        # Upload the image first
        im = ImageAttachment.objects.all()[0]
        r = self._make_post_request(args=[im.id])
        eq_(403, r.status_code)
        assert ImageAttachment.objects.exists()

    def test_delete_image_no_permission(self):
        """Can't delete an image without permission."""
        u = UserFactory(username='******')
        assert not u.has_perm('upload.delete_imageattachment')
        im = ImageAttachment.objects.all()[0]
        self.client.login(username='******', password='******')
        r = self._make_post_request(args=[im.id])
        eq_(403, r.status_code)
        assert ImageAttachment.objects.exists()

    def test_delete_image_owner(self):
        """Users can delete their own images."""
        im = ImageAttachment.objects.all()[0]
        r = self._make_post_request(args=[im.id])
        eq_(200, r.status_code)
        json_r = json.loads(r.content)
        eq_('success', json_r['status'])
        assert not ImageAttachment.objects.exists()

    def test_delete_image_with_permission(self):
        """Users with permission can delete images."""
        ct = ContentType.objects.get_for_model(ImageAttachment)
        p = Permission.objects.get_or_create(
        assert self.user.has_perm('upload.delete_imageattachment')

        im = ImageAttachment.objects.all()[0]
        r = self._make_post_request(args=[im.id])
        eq_(200, r.status_code)
        json_r = json.loads(r.content)
        eq_('success', json_r['status'])
        assert not ImageAttachment.objects.exists()

    def test_delete_no_image(self):
        """Trying to delete a non-existent image 404s."""
        r = self._make_post_request(args=[123])
        eq_(404, r.status_code)
        data = json.loads(r.content)
        eq_('error', data['status'])

    def test_invalid_image(self):
        """Make sure invalid files are not accepted as images."""
        with open('kitsune/upload/__init__.py', 'rb') as f:
            r = self._make_post_request(image=f)

        eq_(400, r.status_code)
        json_r = json.loads(r.content)
        eq_('error', json_r['status'])
        eq_('Invalid or no image received.', json_r['message'])
        eq_('The submitted file is empty.', json_r['errors']['image'][0])

    def test_invalid_image_extensions(self):
        Make sure invalid extensions aren't accepted as images.
        with open('kitsune/upload/tests/media/test_invalid.ext', 'rb') as f:
            r = self._make_post_request(image=f)

        eq_(400, r.status_code)
        json_r = json.loads(r.content)
        eq_('error', json_r['status'])
        eq_('Invalid or no image received.', json_r['message'])
        assert (
            json_r['errors']['image'][0] ==
            "File extension 'ext' is not allowed. Allowed extensions are: 'jpg, jpeg, png, gif'.")

    def test_unsupported_image_extensions(self):
        Make sure valid image types that are not whitelisted aren't accepted as images.
        with open('kitsune/upload/tests/media/test.tiff', 'rb') as f:
            r = self._make_post_request(image=f)

        eq_(400, r.status_code)
        json_r = json.loads(r.content)
        eq_('error', json_r['status'])
        eq_('Invalid or no image received.', json_r['message'])
        assert (
            json_r['errors']['image'][0] ==
            "File extension 'tiff' is not allowed. Allowed extensions are: 'jpg, jpeg, png, gif'.")

    def test_upload_long_filename(self):
        """Uploading an image with a filename that's too long fails."""
        # Windows has problems with large file names, so we create the
        # file in the test and if this fails, we assume we're on a
        # Windows file system and skip.
        # FIXME: Is that an ok assumption to make?

        thisdir = os.path.dirname(__file__)
        path = os.path.join(thisdir, 'media', 'test.jpg')
        with open(path) as f:
            long_file_name = ('long_file_name' * 17) + '.jpg'
            image = SimpleUploadedFile(name=long_file_name, content=f.read(),
            r = self._make_post_request(image=image)

        eq_(400, r.status_code)
        json_r = json.loads(r.content)
        eq_('error', json_r['status'])
        eq_('Invalid or no image received.', json_r['message'])
        eq_(MSG_IMAGE_LONG % {'length': 242,
                              'max': settings.MAX_FILENAME_LENGTH},

    def _make_post_request(self, **kwargs):
        if 'args' not in kwargs:
            kwargs['args'] = ['questions.Question', self.question.pk]
        if 'image' in kwargs:
            image = {'image': kwargs['image']}
            image = {}
        if len(kwargs['args']) == 2:
            view = 'upload.up_image_async'
        elif len(kwargs['args']) == 1:
            view = 'upload.del_image_async'
            raise ValueError
        return post(self.client, view, image, args=kwargs['args'])
class UploadImageTestCase(TestCase):
    client_class = LocalizingClient

    def setUp(self):
        super(UploadImageTestCase, self).setUp()
        self.user = UserFactory(username="******")
        self.question = QuestionFactory()
        self.client.login(username=self.user.username, password="******")

    def tearDown(self):
        super(UploadImageTestCase, self).tearDown()

    def test_model_not_whitelisted(self):
        """Specifying a model we don't allow returns 400."""
        r = self._make_post_request(image="", args=["wiki.Document", 123])

        eq_(400, r.status_code)
        json_r = json.loads(r.content)
        eq_("error", json_r["status"])
        eq_("Model not allowed.", json_r["message"])

    def test_object_notexist(self):
        """Upload nothing returns 404 error and html content."""
        r = self._make_post_request(image="", args=["questions.Question", 123])

        eq_(404, r.status_code)
        json_r = json.loads(r.content)
        eq_("error", json_r["status"])
        eq_("Object does not exist.", json_r["message"])

    def test_empty_image(self):
        """Upload nothing returns 400 error and json content."""
        r = self._make_post_request(image="")

        eq_(400, r.status_code)
        json_r = json.loads(r.content)
        eq_("error", json_r["status"])
        eq_("Invalid or no image received.", json_r["message"])
        eq_("You have not selected an image to upload.",

    def test_upload_image(self):
        """Uploading an image works."""
        with open("kitsune/upload/tests/media/test.jpg", "rb") as f:
            r = self._make_post_request(image=f)

        eq_(200, r.status_code)
        json_r = json.loads(r.content)
        eq_("success", json_r["status"])
        file = json_r["file"]
        eq_("test.png", file["name"])
        eq_(90, file["width"])
        eq_(120, file["height"])
        name = "098f6b.png"
        message = 'Url "%s" does not contain "%s"' % (file["url"], name)
        assert name in file["url"], message

        eq_(1, ImageAttachment.objects.count())
        image = ImageAttachment.objects.all()[0]
        eq_(self.user.username, image.creator.username)
        eq_(150, image.file.width)
        eq_(200, image.file.height)
        eq_("question", image.content_type.model)

    def test_upload_unicode_image(self):
        """Uploading an unicode image works."""
        with open("kitsune/upload/tests/media/123ascii\u6709\u52b9.jpg",
                  "rb") as f:
            r = self._make_post_request(image=f)

        eq_(200, r.status_code)
        json_r = json.loads(r.content)
        eq_("success", json_r["status"])

    def test_delete_image_logged_out(self):
        """Can't delete an image logged out."""
        # Upload the image first
        im = ImageAttachment.objects.all()[0]
        r = self._make_post_request(args=[im.id])
        eq_(403, r.status_code)
        assert ImageAttachment.objects.exists()

    def test_delete_image_no_permission(self):
        """Can't delete an image without permission."""
        u = UserFactory(username="******")
        assert not u.has_perm("upload.delete_imageattachment")
        im = ImageAttachment.objects.all()[0]
        self.client.login(username="******", password="******")
        r = self._make_post_request(args=[im.id])
        eq_(403, r.status_code)
        assert ImageAttachment.objects.exists()

    def test_delete_image_owner(self):
        """Users can delete their own images."""
        im = ImageAttachment.objects.all()[0]
        r = self._make_post_request(args=[im.id])
        eq_(200, r.status_code)
        json_r = json.loads(r.content)
        eq_("success", json_r["status"])
        assert not ImageAttachment.objects.exists()

    def test_delete_image_with_permission(self):
        """Users with permission can delete images."""
        ct = ContentType.objects.get_for_model(ImageAttachment)
        p = Permission.objects.get_or_create(codename="delete_imageattachment",
        assert self.user.has_perm("upload.delete_imageattachment")

        im = ImageAttachment.objects.all()[0]
        r = self._make_post_request(args=[im.id])
        eq_(200, r.status_code)
        json_r = json.loads(r.content)
        eq_("success", json_r["status"])
        assert not ImageAttachment.objects.exists()

    def test_delete_no_image(self):
        """Trying to delete a non-existent image 404s."""
        r = self._make_post_request(args=[123])
        eq_(404, r.status_code)
        data = json.loads(r.content)
        eq_("error", data["status"])

    def test_invalid_image(self):
        """Make sure invalid files are not accepted as images."""
        with open("kitsune/upload/__init__.py", "rb") as f:
            r = self._make_post_request(image=f)

        eq_(400, r.status_code)
        json_r = json.loads(r.content)
        eq_("error", json_r["status"])
        eq_("Invalid or no image received.", json_r["message"])
        eq_("The submitted file is empty.", json_r["errors"]["image"][0])

    def test_invalid_image_extensions(self):
        Make sure invalid extensions aren't accepted as images.
        with open("kitsune/upload/tests/media/test_invalid.ext", "rb") as f:
            r = self._make_post_request(image=f)

        eq_(400, r.status_code)
        json_r = json.loads(r.content)
        eq_("error", json_r["status"])
        eq_("Invalid or no image received.", json_r["message"])
        assert (
            json_r["errors"]["image"][0] ==
            "File extension 'ext' is not allowed. Allowed extensions are: 'jpg, jpeg, png, gif'."  # noqa

    def test_unsupported_image_extensions(self):
        Make sure valid image types that are not whitelisted aren't accepted as images.
        with open("kitsune/upload/tests/media/test.tiff", "rb") as f:
            r = self._make_post_request(image=f)

        eq_(400, r.status_code)
        json_r = json.loads(r.content)
        eq_("error", json_r["status"])
        eq_("Invalid or no image received.", json_r["message"])
        assert (
            json_r["errors"]["image"][0] ==
            "File extension 'tiff' is not allowed. Allowed extensions are: 'jpg, jpeg, png, gif'."  # noqa

    def test_upload_long_filename(self):
        """Uploading an image with a filename that's too long fails."""
        # Windows has problems with large file names, so we create the
        # file in the test and if this fails, we assume we're on a
        # Windows file system and skip.
        # FIXME: Is that an ok assumption to make?

        thisdir = os.path.dirname(__file__)
        path = os.path.join(thisdir, "media", "test.jpg")
        with open(path, "rb") as f:
            long_file_name = ("long_file_name" * 17) + ".jpg"
            image = SimpleUploadedFile(name=long_file_name,
            r = self._make_post_request(image=image)

        eq_(400, r.status_code)
        json_r = json.loads(r.content)
        eq_("error", json_r["status"])
        eq_("Invalid or no image received.", json_r["message"])
            MSG_IMAGE_LONG % {
                "length": 242,
                "max": settings.MAX_FILENAME_LENGTH

    def _make_post_request(self, **kwargs):
        if "args" not in kwargs:
            kwargs["args"] = ["questions.Question", self.question.pk]
        if "image" in kwargs:
            image = {"image": kwargs["image"]}
            image = {}
        if len(kwargs["args"]) == 2:
            view = "upload.up_image_async"
        elif len(kwargs["args"]) == 1:
            view = "upload.del_image_async"
            raise ValueError
        return post(self.client, view, image, args=kwargs["args"])