def create(self): """ Create a new badge in the system """ # Check if user is allowed to create a badge require.badge.create() import shutil label = request.params['badge-label'] description = request.params['badge-description'] image = request.POST['badge-image'] try: # Get upload directory for Badge and generate a random filename upload_dir = h.get_object_upload_dir(Badge) random_filename = h.get_uuid_filename(image.filename) # Open the filename and copy the uploaded image permanent_filename = os.path.join(upload_dir, random_filename) permanent_image = open(permanent_filename, 'w') shutil.copyfileobj(image.file, permanent_image) upload_image_path = h.upload(random_filename, Badge) # Close image files image.file.close() permanent_image.close() except OSError: upload_image_path = '' h.flash_error(_('Uploading files not supported at the moment.')) badge = Badge(label, upload_image_path, description, c.account) db.session.add(badge) db.session.commit() redirect( h.url_for(controller='badge', action='information', id=badge.id))
def create(self): """ Create a new badge in the system """ # Check if user is allowed to create a badge require.badge.create() import shutil label = request.params['badge-label'] description = request.params['badge-description'] image = request.POST['badge-image'] try: # Get upload directory for Badge and generate a random filename upload_dir = h.get_object_upload_dir(Badge) random_filename = h.get_uuid_filename(image.filename) # Open the filename and copy the uploaded image permanent_filename = os.path.join(upload_dir, random_filename) permanent_image = open(permanent_filename, 'w') shutil.copyfileobj(image.file, permanent_image) upload_image_path = h.upload(random_filename, Badge) # Close image files image.file.close() permanent_image.close() except OSError: upload_image_path = '' h.flash_error(_('Uploading files not supported at the moment.')) badge = Badge(label, upload_image_path, description, c.account) db.session.add(badge) db.session.commit() redirect(h.url_for(controller='badge', action='information', id=badge.id))
def test_create_badge(self): """ Test badge creation. Only administrators can create badges. To create a badge user must provide label, description and image """ # Get all existing badges (should be zero but we never know) badge_json = self.app.get(url(controller='badge', action='index', format='json')) badge_index = json.loads(badge_json.body) existing_badges = len(badge_index['badges']) # The dummy files we'll upload files = [("badge-image", "badge.png", "Test badge file")] # Create upload directory if it doesn't exist object_upload_dir = os.path.join( config['pylons.paths']['static_files'], config.get('openspending.upload_directory', 'test_uploads')) if os.path.isdir(object_upload_dir): # Upload dir exists (so we won't change a thing) upload_dir_created = False else: # Doesn't exist (so we'll remove it afterwards os.mkdir(object_upload_dir, 0o744) upload_dir_created = True # Create a new badge (should return unauthorized) response = self.app.post( url(controller='badge', action='create'), params={'badge-label': 'testbadge', 'badge-description': 'testdescription'}, upload_files=files, expect_errors=True) # Check if it returned Forbidden (which is http status code 403) # This should actually return 401 Unauthorized but that's an # authentication implementation failure (which should be fixed) assert '403' in response.status, \ "Non-user should get an error when trying to create a badge" # Check to see that badge list didn't change badge_json = self.app.get(url(controller='badge', action='index', format='json')) assert badge_index == json.loads(badge_json.body), \ "A non-user was able to change the existing badges" # Create a new badge (should return forbidden) response = self.app.post( url(controller='badge', action='create'), params={'badge-label': 'testbadge', 'badge-description': 'testdescription'}, upload_files=files, extra_environ={'REMOTE_USER': '******'}, expect_errors=True) # Check if it returned Forbidden (which is http status code 403) assert '403' in response.status, \ "Non-admin user should get an error when trying to create a badge" # Check to see that badge list didn't change badge_json = self.app.get(url(controller='badge', action='index', format='json')) assert badge_index == json.loads(badge_json.body), \ "A non-admin user was able to change the existing badges" response = self.app.post( url(controller='badge', action='create'), params={'badge-label': 'testbadge', 'badge-description': 'testdescription'}, upload_files=files, extra_environ={'REMOTE_USER': '******'}) # Check to see there is now badge more in the list than to begin with badge_json = self.app.get(url(controller='badge', action='index', format='json')) badge_index = json.loads(badge_json.body) assert len(badge_index['badges']) == existing_badges + 1, \ "One badge should have been added but it wasn't" # Check image exists # Get image filename from url image = badge_index['badges'][0]['image'].split('/')[-1] # Get the uploaded file on the system upload_dir = helpers.get_object_upload_dir(Badge) uploaded_file = os.path.join(upload_dir, image) # Check if file exists assert os.path.exists(uploaded_file), \ "Uploaded badge image isn't present on the file system" # Remove the file or we'll have a lot of random files after test runs os.remove(uploaded_file) # If we have created the upload directory we should remove upload_dir if upload_dir_created: os.rmdir(upload_dir) os.rmdir(object_upload_dir) # Check to be certain both label and description are present assert badge_index['badges'][0]['label'] == 'testbadge', \ "Uploaded badge label isn't correct" assert badge_index['badges'][0]['description'] == 'testdescription', \ "Uploaded badge description isn't correct" # No datasets should be present for the badge just after creation assert len(badge_index['badges'][0]['datasets']) == 0, \ "Newly created badge shouldn't have been awarded to datasets"
def test_create_badge(self): """ Test badge creation. Only administrators can create badges. To create a badge user must provide label, description and image """ # Get all existing badges (should be zero but we never know) badge_json = self.app.get( url(controller='badge', action='index', format='json')) badge_index = json.loads(badge_json.body) existing_badges = len(badge_index['badges']) # The dummy files we'll upload files = [("badge-image", "badge.png", "Test badge file")] # Create upload directory if it doesn't exist object_upload_dir = os.path.join( config['pylons.paths']['static_files'], config.get('openspending.upload_directory', 'test_uploads')) if os.path.isdir(object_upload_dir): # Upload dir exists (so we won't change a thing) upload_dir_created = False else: # Doesn't exist (so we'll remove it afterwards os.mkdir(object_upload_dir, 0o744) upload_dir_created = True # Create a new badge (should return unauthorized) response = self.app.post(url(controller='badge', action='create'), params={ 'badge-label': 'testbadge', 'badge-description': 'testdescription' }, upload_files=files, expect_errors=True) # Check if it returned Forbidden (which is http status code 403) # This should actually return 401 Unauthorized but that's an # authentication implementation failure (which should be fixed) assert '403' in response.status, \ "Non-user should get an error when trying to create a badge" # Check to see that badge list didn't change badge_json = self.app.get( url(controller='badge', action='index', format='json')) assert badge_index == json.loads(badge_json.body), \ "A non-user was able to change the existing badges" # Create a new badge (should return forbidden) response = self.app.post(url(controller='badge', action='create'), params={ 'badge-label': 'testbadge', 'badge-description': 'testdescription' }, upload_files=files, extra_environ={'REMOTE_USER': '******'}, expect_errors=True) # Check if it returned Forbidden (which is http status code 403) assert '403' in response.status, \ "Non-admin user should get an error when trying to create a badge" # Check to see that badge list didn't change badge_json = self.app.get( url(controller='badge', action='index', format='json')) assert badge_index == json.loads(badge_json.body), \ "A non-admin user was able to change the existing badges" response = self.app.post(url(controller='badge', action='create'), params={ 'badge-label': 'testbadge', 'badge-description': 'testdescription' }, upload_files=files, extra_environ={'REMOTE_USER': '******'}) # Check to see there is now badge more in the list than to begin with badge_json = self.app.get( url(controller='badge', action='index', format='json')) badge_index = json.loads(badge_json.body) assert len(badge_index['badges']) == existing_badges + 1, \ "One badge should have been added but it wasn't" # Check image exists # Get image filename from url image = badge_index['badges'][0]['image'].split('/')[-1] # Get the uploaded file on the system upload_dir = helpers.get_object_upload_dir(Badge) uploaded_file = os.path.join(upload_dir, image) # Check if file exists assert os.path.exists(uploaded_file), \ "Uploaded badge image isn't present on the file system" # Remove the file or we'll have a lot of random files after test runs os.remove(uploaded_file) # If we have created the upload directory we should remove upload_dir if upload_dir_created: os.rmdir(upload_dir) os.rmdir(object_upload_dir) # Check to be certain both label and description are present assert badge_index['badges'][0]['label'] == 'testbadge', \ "Uploaded badge label isn't correct" assert badge_index['badges'][0]['description'] == 'testdescription', \ "Uploaded badge description isn't correct" # No datasets should be present for the badge just after creation assert len(badge_index['badges'][0]['datasets']) == 0, \ "Newly created badge shouldn't have been awarded to datasets"