def test_list_users_without_being_manager(self): noam_api_session = RelativeSession(self.portal_url) noam_api_session.headers.update({'Accept': 'application/json'}) noam_api_session.auth = ('noam', 'password') response = noam_api_session.get('/@users') self.assertEqual(response.status_code, 401)
def test_get_other_user_info_when_logged_in(self): noam_api_session = RelativeSession(self.portal_url) noam_api_session.headers.update({'Accept': 'application/json'}) noam_api_session.auth = ('noam', 'password') response = noam_api_session.get('/@users/otheruser') self.assertEqual(response.status_code, 401)
def test_list_users_without_being_manager(self): noam_api_session = RelativeSession(self.portal_url) noam_api_session.headers.update({"Accept": "application/json"}) noam_api_session.auth = ("noam", "password") response = noam_api_session.get("/@users") self.assertEqual(response.status_code, 401) noam_api_session.close()
def test_get_other_user_info_when_logged_in(self): noam_api_session = RelativeSession(self.portal_url) noam_api_session.headers.update({"Accept": "application/json"}) noam_api_session.auth = ("noam", "password") response = noam_api_session.get("/@users/otheruser") self.assertEqual(response.status_code, 401) noam_api_session.close()
def test_users_can_get_list_of_vocabularies(self): api_session = RelativeSession(self.portal_url) api_session.headers.update({"Accept": "application/json"}) api_session.auth = ("member", "secret") response = api_session.get("/@vocabularies") self.assertEqual(response.status_code, 200) api_session.auth = ("contributor", "secret") response = api_session.get("/@vocabularies") self.assertEqual(response.status_code, 200) api_session.auth = ("editor", "secret") response = api_session.get("/@vocabularies") self.assertEqual(response.status_code, 200) api_session.close()
def test_users_cant_get_other_vocabularies(self): api_session = RelativeSession(self.portal_url) api_session.headers.update({"Accept": "application/json"}) api_session.auth = ("member", "secret") response = api_session.get("/@vocabularies/plone.app.vocabularies.Users") self.assertEqual(response.status_code, 403) api_session.close()
def test_gestore_comunicati_can_get_data(self): api_session = RelativeSession(self.portal_url) api_session.headers.update({"Accept": "application/json"}) api_session.auth = ("memberuser", "secret") url = "{}/@subscriptions".format(self.portal_url) self.assertEqual(api_session.get(url).status_code, 401) setRoles(self.portal, "memberuser", ["Gestore Comunicati"]) transaction.commit() self.assertEqual(api_session.get(url).status_code, 200) api_session.close()
def test_authenticated_can_get_allowed_vocabularies(self): api_session = RelativeSession(self.portal_url) api_session.headers.update({"Accept": "application/json"}) for username in ["member", "contributor", "editor"]: api_session.auth = (username, "secret") response = api_session.get("/@vocabularies/plone.app.vocabularies.Keywords") self.assertEqual(response.status_code, 200) self.assertEqual(response.json()["items_total"], 2) self.assertEqual(response.json()["items"][0]["title"], "bar") self.assertEqual(response.json()["items"][1]["title"], "foo") api_session.close()
def test_gestore_comunicati_can_update_data(self): api_session = RelativeSession(self.portal_url) api_session.headers.update({"Accept": "application/json"}) api_session.auth = ("memberuser", "secret") url = "{}/123".format(self.url) self.assertEqual(api_session.patch(url, json={}).status_code, 401) setRoles(self.portal, "memberuser", ["Gestore Comunicati"]) transaction.commit() # 400 because it's a fake id self.assertEqual(api_session.patch(self.url, json={}).status_code, 400) api_session.close()
def test_api_do_not_return_related_items_with_effective_date_in_future_for_users_that_cant_edit_context( self, ): api.user.create( email="*****@*****.**", username="******", password="******", ) api_session = RelativeSession(self.portal_url) api_session.headers.update({"Accept": "application/json"}) api_session.auth = ("foo", "secret") present = api.content.create( container=self.portal, type="Document", title="present" ) future = api.content.create( container=self.portal, type="Document", title="future" ) present.setEffectiveDate(DateTime()) future.setEffectiveDate(DateTime() + 1) api.content.transition(obj=present, transition="publish") api.content.transition(obj=future, transition="publish") page = api.content.create( container=self.portal, type="Document", title="Page", relatedItems=[ RelationValue(self.intids.getId(present)), RelationValue(self.intids.getId(future)), ], ) api.content.transition(obj=page, transition="publish") commit() setRoles(self.portal, "foo", ["Reader"]) commit() res = api_session.get(page.absolute_url()).json() relatedItems = res.get("relatedItems", []) self.assertEqual(len(relatedItems), 1) setRoles(self.portal, "foo", ["Editor"]) commit() res = api_session.get(page.absolute_url()).json() relatedItems = res.get("relatedItems", []) self.assertEqual(len(relatedItems), 2)
def test_get_search_user_with_filter_as_unauthorized_user(self): response = self.api_session.post( '/@users', json={ "username": "******", "email": "*****@*****.**", "password": "******" }, ) transaction.commit() noam_api_session = RelativeSession(self.portal_url) noam_api_session.headers.update({'Accept': 'application/json'}) noam_api_session.auth = ('noam', 'password') response = noam_api_session.get('/@users', params={'query': 'howa'}) self.assertEqual(response.status_code, 401)
def test_get_search_user_with_filter_as_unauthorized_user(self): response = self.api_session.post( "/@users", json={ "username": "******", "email": "*****@*****.**", "password": "******", }, ) transaction.commit() noam_api_session = RelativeSession(self.portal_url) noam_api_session.headers.update({"Accept": "application/json"}) noam_api_session.auth = ("noam", "password") response = noam_api_session.get("/@users", params={"query": "howa"}) self.assertEqual(response.status_code, 401) noam_api_session.close()