def test_web_user_retrieve_loan(self):
from ...api import LoanEndpoint
from ...models import Loan
from ...serializers import LoanSerializer
from util.util import ordered_dict
from dynamicfixtures import _djroot_user, _alice, _bob, _registered_edition_alice
_djroot_user()
alice = _alice()
bob = _bob()
edition_alice = _registered_edition_alice()
loan = Loan.create(edition_alice, loanee=bob, owner=alice)
loan.save()
factory = APIRequestFactory()
url = reverse('api:ownership:loan-detail', kwargs={'pk': loan.pk})
request = factory.get(url)
force_authenticate(request, user=alice)
view = LoanEndpoint.as_view({'get': 'retrieve'})
response = view(request, pk=loan.pk)
serializer = LoanSerializer(loan, context={'request': request})
response_db = json.loads(json.dumps(serializer.data))
self.assertEqual(ordered_dict(response.data['loan']),
ordered_dict(response_db))
self.assertIs(response.status_code, status.HTTP_200_OK)
self.assertIn('edition', response.data['loan'])
self.assertNotIn('piece', response.data['loan'])
def testListWeb(self):
from ...api import TransferEndpoint
from ...models import OwnershipTransfer
from ...serializers import OwnershipEditionSerializer
from util.util import ordered_dict
self._create_transfers()
view = TransferEndpoint.as_view({'get': 'list'})
request = self.factory.get('/api/ownership/transfers/')
force_authenticate(request, user=self.web_user)
response = view(request)
self.assertIs(response.status_code, status.HTTP_200_OK)
qs = OwnershipTransfer.objects.filter(Q(prev_owner=self.web_user) | Q(new_owner=self.web_user))
serializer = OwnershipEditionSerializer(qs, many=True, context={'request': request})
response_db = json.loads(json.dumps({'success': True,
'count': len(qs),
'unfiltered_count': len(qs),
'next': None,
'previous': None,
'transfers': serializer.data}))
self.assertEqual(ordered_dict(response.data), ordered_dict(response_db))
for transfer in response.data['transfers']:
self.assertIn('edition', transfer)
self.assertNotIn('piece', transfer)
def testRetrieveWeb(self):
"""
Test that a user can retrieve registrations from himself.
"""
from ...api import TransferEndpoint
from ...models import OwnershipTransfer
from ...serializers import OwnershipEditionSerializer
from util.util import ordered_dict
self._create_transfers()
view = TransferEndpoint.as_view({'get': 'retrieve'})
url = '/api/ownership/transfers/{0}/'.format(self.transfers_web.id)
request = self.factory.get(url)
force_authenticate(request, user=self.web_user)
response = view(request, pk=self.transfers_web.id)
self.assertIs(response.status_code, status.HTTP_200_OK)
qs = OwnershipTransfer.objects.get(id=self.transfers_web.id)
serializer = OwnershipEditionSerializer(qs, context={'request': request})
response_db = json.loads(json.dumps({'success': True,
'transfer': serializer.data}))
self.assertEqual(ordered_dict(response.data), ordered_dict(response_db))
self.assertIn('edition', response.data['transfer'])
self.assertNotIn('piece', response.data['transfer'])
def test_web_user_list_consignments(self):
from ...api import ConsignEndpoint
from ...models import Consignment
from ...serializers import OwnershipEditionSerializer
from util.util import ordered_dict
from dynamicfixtures import _djroot_user, _alice, _bob, _registered_edition_alice
_djroot_user()
alice = _alice()
bob = _bob()
edition_alice = _registered_edition_alice()
consignment = Consignment.create(edition_alice, consignee=bob, owner=alice)
consignment.save()
url = reverse('api:ownership:consignment-list')
factory = APIRequestFactory()
request = factory.get(url)
force_authenticate(request, user=alice)
view = ConsignEndpoint.as_view({'get': 'list'})
response = view(request)
qs = Consignment.objects.filter(Q(prev_owner=alice) | Q(new_owner=bob))
serializer = OwnershipEditionSerializer(qs, many=True, context={'request': request})
response_db = json.loads(json.dumps({'success': True,
'count': len(qs),
'unfiltered_count': len(qs),
'next': None,
'previous': None,
'consignments': serializer.data}))
self.assertEqual(ordered_dict(response.data), ordered_dict(response_db))
self.assertIs(response.status_code, status.HTTP_200_OK)
for consignment in response.data['consignments']:
self.assertIn('edition', consignment)
self.assertNotIn('piece', consignment)
def test_web_user_retrieve_share(self, alice, bob,
registered_edition_alice):
from ..api import ShareEndpoint
from ..models import Share
from ..serializers import OwnershipEditionSerializer
from util.util import ordered_dict
share = Share.create(registered_edition_alice, sharee=bob)
share.save()
factory = APIRequestFactory()
url = reverse('api:ownership:share-detail', kwargs={'pk': share.pk})
request = factory.get(url)
force_authenticate(request, user=alice)
view = ShareEndpoint.as_view({'get': 'retrieve'})
response = view(request, pk=share.pk)
response.render()
response_json = json.loads(response.content)
serializer = OwnershipEditionSerializer(share,
context={'request': request})
response_db = json.loads(json.dumps(serializer.data))
assert ordered_dict(
response_json['share']) == ordered_dict(response_db)
assert response.status_code is status.HTTP_200_OK
assert 'edition' in response_json['share']
assert 'piece' not in response_json['share']
def testRetrieveOtherWeb(self):
"""
Test that a user can't retrieve the ownership when he didnt participate if he knows the ID
"""
from ...api import TransferEndpoint
from ...models import OwnershipTransfer
from ...serializers import OwnershipEditionSerializer
from util.util import ordered_dict
self._create_transfers()
view = TransferEndpoint.as_view({'get': 'retrieve'})
url = '/api/ownership/transfers/{0}/'.format(self.transfers_other.id)
request = self.factory.get(url)
force_authenticate(request, user=self.other_user)
response = view(request, pk=self.transfers_other.id)
self.assertIs(response.status_code, status.HTTP_200_OK)
qs = OwnershipTransfer.objects.get(id=self.transfers_other.id)
serializer = OwnershipEditionSerializer(qs, context={'request': request})
response_db = json.loads(json.dumps({'success': True,
'transfer': serializer.data}))
self.assertEqual(ordered_dict(response.data), ordered_dict(response_db))
self.assertIn('edition', response.data['transfer'])
self.assertNotIn('piece', response.data['transfer'])
# transferred from web to other : access granted to other
url = '/api/ownership/transfers/{0}/'.format(self.transfers_web.id)
request = self.factory.get(url)
force_authenticate(request, user=self.other_user)
response = view(request, pk=self.transfers_web.id)
self.assertIs(response.status_code, status.HTTP_200_OK)
# transferred from other to oauth : access not granted to web
url = '/api/ownership/transfers/{0}/'.format(self.transfers_web.id)
request = self.factory.get(url)
force_authenticate(request, user=self.web_user)
response = view(request, pk=self.transfers_oauth.id)
self.assertIs(response.status_code, status.HTTP_404_NOT_FOUND)
def testListWeb(self):
"""
Test that a web user can list his digitalworks.
He should not have access to the files of others in the db.
"""
view = ContractBlobEndpoint.as_view({'get': 'list'})
request = self.factory.get('/api/blob/contracts/')
force_authenticate(request, user=self.web_user)
response = view(request)
self.assertIs(response.status_code, status.HTTP_200_OK)
# render the response so that we get the serialized json
response_json = response.data['contractblobs']
# get serialize the contract form the db
qs = OtherData.objects.filter(id__in=[d.id for d in self.contracts_web])
serializer = FileSerializer(qs, many=True)
response_db = json.loads(json.dumps(serializer.data))
self.assertEqual(len(response_json), len(response_db))
self.assertEqual(ordered_dict(response_json), ordered_dict(response_db))
def test_web_user_list_shares_piece(self, alice, bob,
registered_piece_alice):
from ..api import SharePieceEndpoint
from ..models import SharePiece
from ..serializers import OwnershipPieceSerializer
from util.util import ordered_dict
share = SharePiece.create(registered_piece_alice, sharee=bob)
share.save()
url = reverse('api:ownership:sharepiece-list')
factory = APIRequestFactory()
request = factory.get(url)
force_authenticate(request, user=alice)
view = SharePieceEndpoint.as_view({'get': 'list'})
response = view(request)
response.render()
response_json = json.loads(response.content)
qs = SharePiece.objects.filter(Q(prev_owner=alice) | Q(new_owner=bob))
serializer = OwnershipPieceSerializer(qs,
many=True,
context={'request': request})
response_db = json.loads(
json.dumps({
'success': True,
'count': len(qs),
'unfiltered_count': len(qs),
'next': None,
'previous': None,
'shares': serializer.data
}))
assert ordered_dict(response_json) == ordered_dict(response_db)
assert response.status_code is status.HTTP_200_OK
for share in response_json['shares']:
assert 'piece' in share
assert 'edition' not in share
