test_user.py 162KB

12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061626364656667686970717273747576777879808182838485868788899091929394959697989910010110210310410510610710810911011111211311411511611711811912012112212312412512612712812913013113213313413513613713813914014114214314414514614714814915015115215315415515615715815916016116216316416516616716816917017117217317417517617717817918018118218318418518618718818919019119219319419519619719819920020120220320420520620720820921021121221321421521621721821922022122222322422522622722822923023123223323423523623723823924024124224324424524624724824925025125225325425525625725825926026126226326426526626726826927027127227327427527627727827928028128228328428528628728828929029129229329429529629729829930030130230330430530630730830931031131231331431531631731831932032132232332432532632732832933033133233333433533633733833934034134234334434534634734834935035135235335435535635735835936036136236336436536636736836937037137237337437537637737837938038138238338438538638738838939039139239339439539639739839940040140240340440540640740840941041141241341441541641741841942042142242342442542642742842943043143243343443543643743843944044144244344444544644744844945045145245345445545645745845946046146246346446546646746846947047147247347447547647747847948048148248348448548648748848949049149249349449549649749849950050150250350450550650750850951051151251351451551651751851952052152252352452552652752852953053153253353453553653753853954054154254354454554654754854955055155255355455555655755855956056156256356456556656756856957057157257357457557657757857958058158258358458558658758858959059159259359459559659759859960060160260360460560660760860961061161261361461561661761861962062162262362462562662762862963063163263363463563663763863964064164264364464564664764864965065165265365465565665765865966066166266366466566666766866967067167267367467567667767867968068168268368468568668768868969069169269369469569669769869970070170270370470570670770870971071171271371471571671771871972072172272372472572672772872973073173273373473573673773873974074174274374474574674774874975075175275375475575675775875976076176276376476576676776876977077177277377477577677777877978078178278378478578678778878979079179279379479579679779879980080180280380480580680780880981081181281381481581681781881982082182282382482582682782882983083183283383483583683783883984084184284384484584684784884985085185285385485585685785885986086186286386486586686786886987087187287387487587687787887988088188288388488588688788888989089189289389489589689789889990090190290390490590690790890991091191291391491591691791891992092192292392492592692792892993093193293393493593693793893994094194294394494594694794894995095195295395495595695795895996096196296396496596696796896997097197297397497597697797897998098198298398498598698798898999099199299399499599699799899910001001100210031004100510061007100810091010101110121013101410151016101710181019102010211022102310241025102610271028102910301031103210331034103510361037103810391040104110421043104410451046104710481049105010511052105310541055105610571058105910601061106210631064106510661067106810691070107110721073107410751076107710781079108010811082108310841085108610871088108910901091109210931094109510961097109810991100110111021103110411051106110711081109111011111112111311141115111611171118111911201121112211231124112511261127112811291130113111321133113411351136113711381139114011411142114311441145114611471148114911501151115211531154115511561157115811591160116111621163116411651166116711681169117011711172117311741175117611771178117911801181118211831184118511861187118811891190119111921193119411951196119711981199120012011202120312041205120612071208120912101211121212131214121512161217121812191220122112221223122412251226122712281229123012311232123312341235123612371238123912401241124212431244124512461247124812491250125112521253125412551256125712581259126012611262126312641265126612671268126912701271127212731274127512761277127812791280128112821283128412851286128712881289129012911292129312941295129612971298129913001301130213031304130513061307130813091310131113121313131413151316131713181319132013211322132313241325132613271328132913301331133213331334133513361337133813391340134113421343134413451346134713481349135013511352135313541355135613571358135913601361136213631364136513661367136813691370137113721373137413751376137713781379138013811382138313841385138613871388138913901391139213931394139513961397139813991400140114021403140414051406140714081409141014111412141314141415141614171418141914201421142214231424142514261427142814291430143114321433143414351436143714381439144014411442144314441445144614471448144914501451145214531454145514561457145814591460146114621463146414651466146714681469147014711472147314741475147614771478147914801481148214831484148514861487148814891490149114921493149414951496149714981499150015011502150315041505150615071508150915101511151215131514151515161517151815191520152115221523152415251526152715281529153015311532153315341535153615371538153915401541154215431544154515461547154815491550155115521553155415551556155715581559156015611562156315641565156615671568156915701571157215731574157515761577157815791580158115821583158415851586158715881589159015911592159315941595159615971598159916001601160216031604160516061607160816091610161116121613161416151616161716181619162016211622162316241625162616271628162916301631163216331634163516361637163816391640164116421643164416451646164716481649165016511652165316541655165616571658165916601661166216631664166516661667166816691670167116721673167416751676167716781679168016811682168316841685168616871688168916901691169216931694169516961697169816991700170117021703170417051706170717081709171017111712171317141715171617171718171917201721172217231724172517261727172817291730173117321733173417351736173717381739174017411742174317441745174617471748174917501751175217531754175517561757175817591760176117621763176417651766176717681769177017711772177317741775177617771778177917801781178217831784178517861787178817891790179117921793179417951796179717981799180018011802180318041805180618071808180918101811181218131814181518161817181818191820182118221823182418251826182718281829183018311832183318341835183618371838183918401841184218431844184518461847184818491850185118521853185418551856185718581859186018611862186318641865186618671868186918701871187218731874187518761877187818791880188118821883188418851886188718881889189018911892189318941895189618971898189919001901190219031904190519061907190819091910191119121913191419151916191719181919192019211922192319241925192619271928192919301931193219331934193519361937193819391940194119421943194419451946194719481949195019511952195319541955195619571958195919601961196219631964196519661967196819691970197119721973197419751976197719781979198019811982198319841985198619871988198919901991199219931994199519961997199819992000200120022003200420052006200720082009201020112012201320142015201620172018201920202021202220232024202520262027202820292030203120322033203420352036203720382039204020412042204320442045204620472048204920502051205220532054205520562057205820592060206120622063206420652066206720682069207020712072207320742075207620772078207920802081208220832084208520862087208820892090209120922093209420952096209720982099210021012102210321042105210621072108210921102111211221132114211521162117211821192120212121222123212421252126212721282129213021312132213321342135213621372138213921402141214221432144214521462147214821492150215121522153215421552156215721582159216021612162216321642165216621672168216921702171217221732174217521762177217821792180218121822183218421852186218721882189219021912192219321942195219621972198219922002201220222032204220522062207220822092210221122122213221422152216221722182219222022212222222322242225222622272228222922302231223222332234223522362237223822392240224122422243224422452246224722482249225022512252225322542255225622572258225922602261226222632264226522662267226822692270227122722273227422752276227722782279228022812282228322842285228622872288228922902291229222932294229522962297229822992300230123022303230423052306230723082309231023112312231323142315231623172318231923202321232223232324232523262327232823292330233123322333233423352336233723382339234023412342234323442345234623472348234923502351235223532354235523562357235823592360236123622363236423652366236723682369237023712372237323742375237623772378237923802381238223832384238523862387238823892390239123922393239423952396239723982399240024012402240324042405240624072408240924102411241224132414241524162417241824192420242124222423242424252426242724282429243024312432243324342435243624372438243924402441244224432444244524462447244824492450245124522453245424552456245724582459246024612462246324642465246624672468246924702471247224732474247524762477247824792480248124822483248424852486248724882489249024912492249324942495249624972498249925002501250225032504250525062507250825092510251125122513251425152516251725182519252025212522252325242525252625272528252925302531253225332534253525362537253825392540254125422543254425452546254725482549255025512552255325542555255625572558255925602561256225632564256525662567256825692570257125722573257425752576257725782579258025812582258325842585258625872588258925902591259225932594259525962597259825992600260126022603260426052606260726082609261026112612261326142615261626172618261926202621262226232624262526262627262826292630263126322633263426352636263726382639264026412642264326442645264626472648264926502651265226532654265526562657265826592660266126622663266426652666266726682669267026712672267326742675267626772678267926802681268226832684268526862687268826892690269126922693269426952696269726982699270027012702270327042705270627072708270927102711271227132714271527162717271827192720272127222723272427252726272727282729273027312732273327342735273627372738273927402741274227432744274527462747274827492750275127522753275427552756275727582759276027612762276327642765276627672768276927702771277227732774277527762777277827792780278127822783278427852786278727882789279027912792279327942795279627972798279928002801280228032804280528062807280828092810281128122813281428152816281728182819282028212822282328242825282628272828282928302831283228332834283528362837283828392840284128422843284428452846284728482849285028512852285328542855285628572858285928602861286228632864286528662867286828692870287128722873287428752876287728782879288028812882288328842885288628872888288928902891289228932894289528962897289828992900290129022903290429052906290729082909291029112912291329142915291629172918291929202921292229232924292529262927292829292930293129322933293429352936293729382939294029412942294329442945294629472948294929502951295229532954295529562957295829592960296129622963296429652966296729682969297029712972297329742975297629772978297929802981298229832984298529862987298829892990299129922993299429952996299729982999300030013002300330043005300630073008300930103011301230133014301530163017301830193020302130223023302430253026302730283029303030313032303330343035303630373038303930403041304230433044304530463047304830493050305130523053305430553056305730583059306030613062306330643065306630673068306930703071307230733074307530763077307830793080308130823083308430853086308730883089309030913092309330943095309630973098309931003101310231033104310531063107310831093110311131123113311431153116311731183119312031213122312331243125312631273128312931303131313231333134313531363137313831393140314131423143314431453146314731483149315031513152315331543155315631573158315931603161316231633164316531663167316831693170317131723173317431753176317731783179318031813182318331843185318631873188318931903191319231933194319531963197319831993200320132023203320432053206320732083209321032113212321332143215321632173218321932203221322232233224322532263227322832293230323132323233323432353236323732383239324032413242324332443245324632473248324932503251325232533254325532563257325832593260326132623263326432653266326732683269327032713272327332743275327632773278327932803281328232833284328532863287328832893290329132923293329432953296329732983299330033013302330333043305330633073308330933103311331233133314331533163317331833193320332133223323332433253326332733283329333033313332333333343335333633373338333933403341334233433344334533463347334833493350335133523353335433553356335733583359336033613362336333643365336633673368336933703371337233733374337533763377337833793380338133823383338433853386338733883389339033913392339333943395339633973398339934003401340234033404340534063407340834093410341134123413341434153416341734183419342034213422342334243425342634273428342934303431343234333434343534363437343834393440344134423443344434453446344734483449345034513452345334543455345634573458345934603461346234633464346534663467346834693470347134723473347434753476347734783479348034813482348334843485348634873488348934903491349234933494349534963497349834993500350135023503350435053506350735083509351035113512351335143515351635173518351935203521352235233524352535263527352835293530353135323533353435353536353735383539354035413542354335443545354635473548354935503551355235533554355535563557355835593560356135623563356435653566356735683569357035713572357335743575357635773578357935803581358235833584358535863587358835893590359135923593359435953596359735983599360036013602360336043605360636073608360936103611361236133614361536163617361836193620362136223623362436253626362736283629363036313632363336343635363636373638363936403641364236433644364536463647364836493650365136523653365436553656365736583659366036613662366336643665366636673668366936703671367236733674367536763677367836793680368136823683368436853686368736883689369036913692369336943695369636973698369937003701370237033704370537063707370837093710371137123713371437153716371737183719372037213722372337243725372637273728372937303731373237333734373537363737373837393740374137423743374437453746374737483749375037513752375337543755375637573758375937603761376237633764376537663767376837693770377137723773377437753776377737783779378037813782378337843785378637873788378937903791379237933794379537963797379837993800380138023803380438053806380738083809381038113812381338143815381638173818381938203821382238233824382538263827382838293830383138323833383438353836383738383839384038413842384338443845384638473848384938503851385238533854385538563857385838593860386138623863386438653866386738683869387038713872387338743875387638773878387938803881388238833884388538863887388838893890389138923893389438953896389738983899390039013902390339043905390639073908390939103911391239133914391539163917391839193920392139223923392439253926392739283929393039313932393339343935393639373938393939403941394239433944394539463947394839493950395139523953395439553956395739583959396039613962396339643965396639673968396939703971397239733974397539763977397839793980398139823983398439853986398739883989399039913992399339943995399639973998399940004001400240034004400540064007400840094010401140124013401440154016401740184019402040214022402340244025402640274028402940304031403240334034403540364037403840394040404140424043404440454046404740484049405040514052405340544055405640574058405940604061406240634064406540664067406840694070407140724073407440754076407740784079408040814082408340844085408640874088408940904091409240934094409540964097409840994100410141024103410441054106410741084109411041114112411341144115411641174118411941204121412241234124412541264127412841294130413141324133413441354136413741384139414041414142414341444145414641474148414941504151415241534154415541564157415841594160416141624163416441654166416741684169417041714172417341744175417641774178417941804181418241834184418541864187418841894190419141924193419441954196419741984199420042014202420342044205420642074208420942104211421242134214421542164217421842194220422142224223422442254226422742284229423042314232423342344235423642374238423942404241424242434244424542464247424842494250425142524253425442554256425742584259426042614262426342644265426642674268426942704271427242734274427542764277427842794280428142824283428442854286428742884289429042914292429342944295429642974298429943004301430243034304430543064307430843094310431143124313431443154316431743184319432043214322432343244325432643274328432943304331433243334334433543364337433843394340434143424343434443454346434743484349435043514352435343544355435643574358435943604361436243634364436543664367436843694370437143724373437443754376437743784379438043814382438343844385438643874388438943904391439243934394439543964397439843994400440144024403440444054406440744084409441044114412441344144415441644174418441944204421442244234424442544264427442844294430443144324433443444354436443744384439444044414442444344444445444644474448444944504451445244534454445544564457445844594460446144624463446444654466446744684469447044714472447344744475447644774478447944804481448244834484448544864487448844894490449144924493449444954496449744984499450045014502450345044505450645074508450945104511451245134514451545164517451845194520452145224523452445254526452745284529453045314532453345344535453645374538453945404541454245434544454545464547454845494550455145524553455445554556455745584559456045614562456345644565456645674568456945704571457245734574457545764577457845794580458145824583458445854586458745884589459045914592459345944595459645974598459946004601460246034604460546064607460846094610461146124613461446154616461746184619462046214622462346244625462646274628462946304631463246334634463546364637463846394640464146424643464446454646464746484649465046514652465346544655465646574658465946604661466246634664466546664667466846694670467146724673467446754676467746784679468046814682468346844685468646874688468946904691469246934694469546964697469846994700470147024703470447054706470747084709471047114712471347144715471647174718471947204721
  1. # -*- coding: utf-8 -*-
  2. """
  3. Tests for /api/v2/users subpath endpoints.
  4. """
  5. from time import sleep
  6. import pytest
  7. import requests
  8. import transaction
  9. from tracim_backend import models
  10. from tracim_backend.extensions import APP_LIST
  11. from tracim_backend.lib.core.application import ApplicationApi
  12. from tracim_backend.lib.core.content import ContentApi
  13. from tracim_backend.lib.core.user import UserApi
  14. from tracim_backend.lib.core.group import GroupApi
  15. from tracim_backend.lib.core.userworkspace import RoleApi
  16. from tracim_backend.lib.core.workspace import WorkspaceApi
  17. from tracim_backend.models import get_tm_session
  18. from tracim_backend.app_models.contents import CONTENT_TYPES
  19. from tracim_backend.models.data import UserRoleInWorkspace
  20. from tracim_backend.models.revision_protection import new_revision
  21. from tracim_backend.tests import FunctionalTest
  22. from tracim_backend.fixtures.content import Content as ContentFixtures
  23. from tracim_backend.fixtures.users_and_groups import Base as BaseFixture
  24. class TestUserRecentlyActiveContentEndpoint(FunctionalTest):
  25. """
  26. Tests for /api/v2/users/{user_id}/workspaces/{workspace_id}/contents/recently_active # nopep8
  27. """
  28. fixtures = [BaseFixture]
  29. def test_api__get_recently_active_content__ok__200__admin(self):
  30. # init DB
  31. dbsession = get_tm_session(self.session_factory, transaction.manager)
  32. admin = dbsession.query(models.User) \
  33. .filter(models.User.email == 'admin@admin.admin') \
  34. .one()
  35. workspace_api = WorkspaceApi(
  36. current_user=admin,
  37. session=dbsession,
  38. config=self.app_config
  39. )
  40. workspace = WorkspaceApi(
  41. current_user=admin,
  42. session=dbsession,
  43. config=self.app_config,
  44. ).create_workspace(
  45. 'test workspace',
  46. save_now=True
  47. )
  48. workspace2 = WorkspaceApi(
  49. current_user=admin,
  50. session=dbsession,
  51. config=self.app_config,
  52. ).create_workspace(
  53. 'test workspace2',
  54. save_now=True
  55. )
  56. uapi = UserApi(
  57. current_user=admin,
  58. session=dbsession,
  59. config=self.app_config,
  60. )
  61. gapi = GroupApi(
  62. current_user=admin,
  63. session=dbsession,
  64. config=self.app_config,
  65. )
  66. groups = [gapi.get_one_with_name('users')]
  67. test_user = uapi.create_user(
  68. email='test@test.test',
  69. password='pass',
  70. name='bob',
  71. groups=groups,
  72. timezone='Europe/Paris',
  73. do_save=True,
  74. do_notify=False,
  75. )
  76. rapi = RoleApi(
  77. current_user=admin,
  78. session=dbsession,
  79. config=self.app_config,
  80. )
  81. rapi.create_one(test_user, workspace, UserRoleInWorkspace.READER, False)
  82. api = ContentApi(
  83. current_user=admin,
  84. session=dbsession,
  85. config=self.app_config,
  86. )
  87. main_folder_workspace2 = api.create(CONTENT_TYPES.Folder.slug, workspace2, None, 'Hepla', '', True) # nopep8
  88. main_folder = api.create(CONTENT_TYPES.Folder.slug, workspace, None, 'this is randomized folder', '', True) # nopep8
  89. # creation order test
  90. firstly_created = api.create(CONTENT_TYPES.Page.slug, workspace, main_folder, 'creation_order_test', '', True) # nopep8
  91. secondly_created = api.create(CONTENT_TYPES.Page.slug, workspace, main_folder, 'another creation_order_test', '', True) # nopep8
  92. # update order test
  93. firstly_created_but_recently_updated = api.create(CONTENT_TYPES.Page.slug, workspace, main_folder, 'update_order_test', '', True) # nopep8
  94. secondly_created_but_not_updated = api.create(CONTENT_TYPES.Page.slug, workspace, main_folder, 'another update_order_test', '', True) # nopep8
  95. with new_revision(
  96. session=dbsession,
  97. tm=transaction.manager,
  98. content=firstly_created_but_recently_updated,
  99. ):
  100. firstly_created_but_recently_updated.description = 'Just an update'
  101. api.save(firstly_created_but_recently_updated)
  102. # comment change order
  103. firstly_created_but_recently_commented = api.create(CONTENT_TYPES.Page.slug, workspace, main_folder, 'this is randomized label content', '', True) # nopep8
  104. secondly_created_but_not_commented = api.create(CONTENT_TYPES.Page.slug, workspace, main_folder, 'this is another randomized label content', '', True) # nopep8
  105. comments = api.create_comment(workspace, firstly_created_but_recently_commented, 'juste a super comment', True) # nopep8
  106. content_workspace_2 = api.create(CONTENT_TYPES.Page.slug, workspace2,main_folder_workspace2, 'content_workspace_2', '',True) # nopep8
  107. dbsession.flush()
  108. transaction.commit()
  109. self.testapp.authorization = (
  110. 'Basic',
  111. (
  112. 'admin@admin.admin',
  113. 'admin@admin.admin'
  114. )
  115. )
  116. res = self.testapp.get('/api/v2/users/{user_id}/workspaces/{workspace_id}/contents/recently_active'.format( # nopep8
  117. user_id=test_user.user_id,
  118. workspace_id=workspace.workspace_id
  119. ), status=200)
  120. res = res.json_body
  121. assert len(res) == 7
  122. for elem in res:
  123. assert isinstance(elem['content_id'], int)
  124. assert isinstance(elem['content_type'], str)
  125. assert elem['content_type'] != 'comments'
  126. assert isinstance(elem['is_archived'], bool)
  127. assert isinstance(elem['is_deleted'], bool)
  128. assert isinstance(elem['label'], str)
  129. assert isinstance(elem['parent_id'], int) or elem['parent_id'] is None
  130. assert isinstance(elem['show_in_ui'], bool)
  131. assert isinstance(elem['slug'], str)
  132. assert isinstance(elem['status'], str)
  133. assert isinstance(elem['sub_content_types'], list)
  134. for sub_content_type in elem['sub_content_types']:
  135. assert isinstance(sub_content_type, str)
  136. assert isinstance(elem['workspace_id'], int)
  137. # comment is newest than page2
  138. assert res[0]['content_id'] == firstly_created_but_recently_commented.content_id
  139. assert res[1]['content_id'] == secondly_created_but_not_commented.content_id
  140. # last updated content is newer than other one despite creation
  141. # of the other is more recent
  142. assert res[2]['content_id'] == firstly_created_but_recently_updated.content_id
  143. assert res[3]['content_id'] == secondly_created_but_not_updated.content_id
  144. # creation order is inverted here as last created is last active
  145. assert res[4]['content_id'] == secondly_created.content_id
  146. assert res[5]['content_id'] == firstly_created.content_id
  147. # folder subcontent modification does not change folder order
  148. assert res[6]['content_id'] == main_folder.content_id
  149. def test_api__get_recently_active_content__err__400__no_access_to_workspace(self):
  150. # init DB
  151. dbsession = get_tm_session(self.session_factory, transaction.manager)
  152. admin = dbsession.query(models.User) \
  153. .filter(models.User.email == 'admin@admin.admin') \
  154. .one()
  155. workspace_api = WorkspaceApi(
  156. current_user=admin,
  157. session=dbsession,
  158. config=self.app_config
  159. )
  160. workspace = WorkspaceApi(
  161. current_user=admin,
  162. session=dbsession,
  163. config=self.app_config,
  164. ).create_workspace(
  165. 'test workspace',
  166. save_now=True
  167. )
  168. workspace2 = WorkspaceApi(
  169. current_user=admin,
  170. session=dbsession,
  171. config=self.app_config,
  172. ).create_workspace(
  173. 'test workspace2',
  174. save_now=True
  175. )
  176. uapi = UserApi(
  177. current_user=admin,
  178. session=dbsession,
  179. config=self.app_config,
  180. )
  181. gapi = GroupApi(
  182. current_user=admin,
  183. session=dbsession,
  184. config=self.app_config,
  185. )
  186. groups = [gapi.get_one_with_name('users')]
  187. test_user = uapi.create_user(
  188. email='test@test.test',
  189. password='pass',
  190. name='bob',
  191. groups=groups,
  192. timezone='Europe/Paris',
  193. do_save=True,
  194. do_notify=False,
  195. )
  196. api = ContentApi(
  197. current_user=admin,
  198. session=dbsession,
  199. config=self.app_config,
  200. )
  201. main_folder_workspace2 = api.create(CONTENT_TYPES.Folder.slug, workspace2, None, 'Hepla', '', True) # nopep8
  202. main_folder = api.create(CONTENT_TYPES.Folder.slug, workspace, None, 'this is randomized folder', '', True) # nopep8
  203. # creation order test
  204. firstly_created = api.create(CONTENT_TYPES.Page.slug, workspace, main_folder, 'creation_order_test', '', True) # nopep8
  205. secondly_created = api.create(CONTENT_TYPES.Page.slug, workspace, main_folder, 'another creation_order_test', '', True) # nopep8
  206. # update order test
  207. firstly_created_but_recently_updated = api.create(CONTENT_TYPES.Page.slug, workspace, main_folder, 'update_order_test', '', True) # nopep8
  208. secondly_created_but_not_updated = api.create(CONTENT_TYPES.Page.slug, workspace, main_folder, 'another update_order_test', '', True) # nopep8
  209. with new_revision(
  210. session=dbsession,
  211. tm=transaction.manager,
  212. content=firstly_created_but_recently_updated,
  213. ):
  214. firstly_created_but_recently_updated.description = 'Just an update'
  215. api.save(firstly_created_but_recently_updated)
  216. # comment change order
  217. firstly_created_but_recently_commented = api.create(CONTENT_TYPES.Page.slug, workspace, main_folder, 'this is randomized label content', '', True) # nopep8
  218. secondly_created_but_not_commented = api.create(CONTENT_TYPES.Page.slug, workspace, main_folder, 'this is another randomized label content', '', True) # nopep8
  219. comments = api.create_comment(workspace, firstly_created_but_recently_commented, 'juste a super comment', True) # nopep8
  220. content_workspace_2 = api.create(CONTENT_TYPES.Page.slug, workspace2,main_folder_workspace2, 'content_workspace_2', '',True) # nopep8
  221. dbsession.flush()
  222. transaction.commit()
  223. self.testapp.authorization = (
  224. 'Basic',
  225. (
  226. 'admin@admin.admin',
  227. 'admin@admin.admin'
  228. )
  229. )
  230. res = self.testapp.get('/api/v2/users/{user_id}/workspaces/{workspace_id}/contents/recently_active'.format( # nopep8
  231. user_id=test_user.user_id,
  232. workspace_id=workspace.workspace_id
  233. ), status=400)
  234. def test_api__get_recently_active_content__ok__200__user_itself(self):
  235. # init DB
  236. dbsession = get_tm_session(self.session_factory, transaction.manager)
  237. admin = dbsession.query(models.User) \
  238. .filter(models.User.email == 'admin@admin.admin') \
  239. .one()
  240. workspace_api = WorkspaceApi(
  241. current_user=admin,
  242. session=dbsession,
  243. config=self.app_config
  244. )
  245. workspace = WorkspaceApi(
  246. current_user=admin,
  247. session=dbsession,
  248. config=self.app_config,
  249. ).create_workspace(
  250. 'test workspace',
  251. save_now=True
  252. )
  253. workspace2 = WorkspaceApi(
  254. current_user=admin,
  255. session=dbsession,
  256. config=self.app_config,
  257. ).create_workspace(
  258. 'test workspace2',
  259. save_now=True
  260. )
  261. uapi = UserApi(
  262. current_user=admin,
  263. session=dbsession,
  264. config=self.app_config,
  265. )
  266. gapi = GroupApi(
  267. current_user=admin,
  268. session=dbsession,
  269. config=self.app_config,
  270. )
  271. groups = [gapi.get_one_with_name('users')]
  272. test_user = uapi.create_user(
  273. email='test@test.test',
  274. password='pass',
  275. name='bob',
  276. groups=groups,
  277. timezone='Europe/Paris',
  278. do_save=True,
  279. do_notify=False,
  280. )
  281. rapi = RoleApi(
  282. current_user=admin,
  283. session=dbsession,
  284. config=self.app_config,
  285. )
  286. rapi.create_one(test_user, workspace, UserRoleInWorkspace.READER, False)
  287. api = ContentApi(
  288. current_user=admin,
  289. session=dbsession,
  290. config=self.app_config,
  291. )
  292. main_folder_workspace2 = api.create(CONTENT_TYPES.Folder.slug, workspace2, None, 'Hepla', '', True) # nopep8
  293. main_folder = api.create(CONTENT_TYPES.Folder.slug, workspace, None, 'this is randomized folder', '', True) # nopep8
  294. # creation order test
  295. firstly_created = api.create(CONTENT_TYPES.Page.slug, workspace, main_folder, 'creation_order_test', '', True) # nopep8
  296. secondly_created = api.create(CONTENT_TYPES.Page.slug, workspace, main_folder, 'another creation_order_test', '', True) # nopep8
  297. # update order test
  298. firstly_created_but_recently_updated = api.create(CONTENT_TYPES.Page.slug, workspace, main_folder, 'update_order_test', '', True) # nopep8
  299. secondly_created_but_not_updated = api.create(CONTENT_TYPES.Page.slug, workspace, main_folder, 'another update_order_test', '', True) # nopep8
  300. with new_revision(
  301. session=dbsession,
  302. tm=transaction.manager,
  303. content=firstly_created_but_recently_updated,
  304. ):
  305. firstly_created_but_recently_updated.description = 'Just an update'
  306. api.save(firstly_created_but_recently_updated)
  307. # comment change order
  308. firstly_created_but_recently_commented = api.create(CONTENT_TYPES.Page.slug, workspace, main_folder, 'this is randomized label content', '', True) # nopep8
  309. secondly_created_but_not_commented = api.create(CONTENT_TYPES.Page.slug, workspace, main_folder, 'this is another randomized label content', '', True) # nopep8
  310. comments = api.create_comment(workspace, firstly_created_but_recently_commented, 'juste a super comment', True) # nopep8
  311. content_workspace_2 = api.create(CONTENT_TYPES.Page.slug, workspace2,main_folder_workspace2, 'content_workspace_2', '',True) # nopep8
  312. dbsession.flush()
  313. transaction.commit()
  314. self.testapp.authorization = (
  315. 'Basic',
  316. (
  317. 'test@test.test',
  318. 'pass'
  319. )
  320. )
  321. res = self.testapp.get('/api/v2/users/{user_id}/workspaces/{workspace_id}/contents/recently_active'.format( # nopep8
  322. user_id=test_user.user_id,
  323. workspace_id=workspace.workspace_id
  324. ), status=200)
  325. res = res.json_body
  326. assert len(res) == 7
  327. for elem in res:
  328. assert isinstance(elem['content_id'], int)
  329. assert isinstance(elem['content_type'], str)
  330. assert elem['content_type'] != 'comments'
  331. assert isinstance(elem['is_archived'], bool)
  332. assert isinstance(elem['is_deleted'], bool)
  333. assert isinstance(elem['label'], str)
  334. assert isinstance(elem['parent_id'], int) or elem['parent_id'] is None
  335. assert isinstance(elem['show_in_ui'], bool)
  336. assert isinstance(elem['slug'], str)
  337. assert isinstance(elem['status'], str)
  338. assert isinstance(elem['sub_content_types'], list)
  339. for sub_content_type in elem['sub_content_types']:
  340. assert isinstance(sub_content_type, str)
  341. assert isinstance(elem['workspace_id'], int)
  342. # comment is newest than page2
  343. assert res[0]['content_id'] == firstly_created_but_recently_commented.content_id
  344. assert res[1]['content_id'] == secondly_created_but_not_commented.content_id
  345. # last updated content is newer than other one despite creation
  346. # of the other is more recent
  347. assert res[2]['content_id'] == firstly_created_but_recently_updated.content_id
  348. assert res[3]['content_id'] == secondly_created_but_not_updated.content_id
  349. # creation order is inverted here as last created is last active
  350. assert res[4]['content_id'] == secondly_created.content_id
  351. assert res[5]['content_id'] == firstly_created.content_id
  352. # folder subcontent modification does not change folder order
  353. assert res[6]['content_id'] == main_folder.content_id
  354. def test_api__get_recently_active_content__ok__200__other_user(self):
  355. # init DB
  356. dbsession = get_tm_session(self.session_factory, transaction.manager)
  357. admin = dbsession.query(models.User) \
  358. .filter(models.User.email == 'admin@admin.admin') \
  359. .one()
  360. workspace_api = WorkspaceApi(
  361. current_user=admin,
  362. session=dbsession,
  363. config=self.app_config
  364. )
  365. workspace = WorkspaceApi(
  366. current_user=admin,
  367. session=dbsession,
  368. config=self.app_config,
  369. ).create_workspace(
  370. 'test workspace',
  371. save_now=True
  372. )
  373. workspace2 = WorkspaceApi(
  374. current_user=admin,
  375. session=dbsession,
  376. config=self.app_config,
  377. ).create_workspace(
  378. 'test workspace2',
  379. save_now=True
  380. )
  381. uapi = UserApi(
  382. current_user=admin,
  383. session=dbsession,
  384. config=self.app_config,
  385. )
  386. gapi = GroupApi(
  387. current_user=admin,
  388. session=dbsession,
  389. config=self.app_config,
  390. )
  391. groups = [gapi.get_one_with_name('users')]
  392. test_user = uapi.create_user(
  393. email='test@test.test',
  394. password='pass',
  395. name='bob',
  396. groups=groups,
  397. timezone='Europe/Paris',
  398. do_save=True,
  399. do_notify=False,
  400. )
  401. rapi = RoleApi(
  402. current_user=admin,
  403. session=dbsession,
  404. config=self.app_config,
  405. )
  406. rapi.create_one(test_user, workspace, UserRoleInWorkspace.READER, False)
  407. api = ContentApi(
  408. current_user=admin,
  409. session=dbsession,
  410. config=self.app_config,
  411. )
  412. main_folder_workspace2 = api.create(CONTENT_TYPES.Folder.slug, workspace2, None, 'Hepla', '', True) # nopep8
  413. main_folder = api.create(CONTENT_TYPES.Folder.slug, workspace, None, 'this is randomized folder', '', True) # nopep8
  414. # creation order test
  415. firstly_created = api.create(CONTENT_TYPES.Page.slug, workspace, main_folder, 'creation_order_test', '', True) # nopep8
  416. secondly_created = api.create(CONTENT_TYPES.Page.slug, workspace, main_folder, 'another creation_order_test', '', True) # nopep8
  417. # update order test
  418. firstly_created_but_recently_updated = api.create(CONTENT_TYPES.Page.slug, workspace, main_folder, 'update_order_test', '', True) # nopep8
  419. secondly_created_but_not_updated = api.create(CONTENT_TYPES.Page.slug, workspace, main_folder, 'another update_order_test', '', True) # nopep8
  420. with new_revision(
  421. session=dbsession,
  422. tm=transaction.manager,
  423. content=firstly_created_but_recently_updated,
  424. ):
  425. firstly_created_but_recently_updated.description = 'Just an update'
  426. api.save(firstly_created_but_recently_updated)
  427. # comment change order
  428. firstly_created_but_recently_commented = api.create(CONTENT_TYPES.Page.slug, workspace, main_folder, 'this is randomized label content', '', True) # nopep8
  429. secondly_created_but_not_commented = api.create(CONTENT_TYPES.Page.slug, workspace, main_folder, 'this is another randomized label content', '', True) # nopep8
  430. comments = api.create_comment(workspace, firstly_created_but_recently_commented, 'juste a super comment', True) # nopep8
  431. content_workspace_2 = api.create(CONTENT_TYPES.Page.slug, workspace2,main_folder_workspace2, 'content_workspace_2', '',True) # nopep8
  432. dbsession.flush()
  433. transaction.commit()
  434. self.testapp.authorization = (
  435. 'Basic',
  436. (
  437. 'test@test.test',
  438. 'pass'
  439. )
  440. )
  441. res = self.testapp.get('/api/v2/users/{user_id}/workspaces/{workspace_id}/contents/recently_active'.format( # nopep8
  442. user_id=admin.user_id,
  443. workspace_id=workspace.workspace_id
  444. ), status=403)
  445. def test_api__get_recently_active_content__ok__200__limit_2_multiple(self):
  446. # TODO - G.M - 2018-07-20 - Better fix for this test, do not use sleep()
  447. # anymore to fix datetime lack of precision.
  448. # init DB
  449. dbsession = get_tm_session(self.session_factory, transaction.manager)
  450. admin = dbsession.query(models.User) \
  451. .filter(models.User.email == 'admin@admin.admin') \
  452. .one()
  453. workspace_api = WorkspaceApi(
  454. current_user=admin,
  455. session=dbsession,
  456. config=self.app_config
  457. )
  458. workspace = WorkspaceApi(
  459. current_user=admin,
  460. session=dbsession,
  461. config=self.app_config,
  462. ).create_workspace(
  463. 'test workspace',
  464. save_now=True
  465. )
  466. workspace2 = WorkspaceApi(
  467. current_user=admin,
  468. session=dbsession,
  469. config=self.app_config,
  470. ).create_workspace(
  471. 'test workspace2',
  472. save_now=True
  473. )
  474. api = ContentApi(
  475. current_user=admin,
  476. session=dbsession,
  477. config=self.app_config,
  478. )
  479. main_folder_workspace2 = api.create(CONTENT_TYPES.Folder.slug, workspace2, None, 'Hepla', '', True) # nopep8
  480. main_folder = api.create(CONTENT_TYPES.Folder.slug, workspace, None, 'this is randomized folder', '', True) # nopep8
  481. # creation order test
  482. firstly_created = api.create(CONTENT_TYPES.Page.slug, workspace, main_folder, 'creation_order_test', '', True) # nopep8
  483. secondly_created = api.create(CONTENT_TYPES.Page.slug, workspace, main_folder, 'another creation_order_test', '', True) # nopep8
  484. # update order test
  485. firstly_created_but_recently_updated = api.create(CONTENT_TYPES.Page.slug, workspace, main_folder, 'update_order_test', '', True) # nopep8
  486. secondly_created_but_not_updated = api.create(CONTENT_TYPES.Page.slug, workspace, main_folder, 'another update_order_test', '', True) # nopep8
  487. with new_revision(
  488. session=dbsession,
  489. tm=transaction.manager,
  490. content=firstly_created_but_recently_updated,
  491. ):
  492. firstly_created_but_recently_updated.description = 'Just an update'
  493. api.save(firstly_created_but_recently_updated)
  494. # comment change order
  495. firstly_created_but_recently_commented = api.create(CONTENT_TYPES.Page.slug, workspace, main_folder, 'this is randomized label content', '', True) # nopep8
  496. secondly_created_but_not_commented = api.create(CONTENT_TYPES.Page.slug, workspace, main_folder, 'this is another randomized label content', '', True) # nopep8
  497. comments = api.create_comment(workspace, firstly_created_but_recently_commented, 'juste a super comment', True) # nopep8
  498. content_workspace_2 = api.create(CONTENT_TYPES.Page.slug, workspace2,main_folder_workspace2, 'content_workspace_2', '',True) # nopep8
  499. dbsession.flush()
  500. transaction.commit()
  501. self.testapp.authorization = (
  502. 'Basic',
  503. (
  504. 'admin@admin.admin',
  505. 'admin@admin.admin'
  506. )
  507. )
  508. params = {
  509. 'limit': 2,
  510. }
  511. res = self.testapp.get(
  512. '/api/v2/users/1/workspaces/{}/contents/recently_active'.format(workspace.workspace_id), # nopep8
  513. status=200,
  514. params=params
  515. ) # nopep8
  516. res = res.json_body
  517. assert len(res) == 2
  518. for elem in res:
  519. assert isinstance(elem['content_id'], int)
  520. assert isinstance(elem['content_type'], str)
  521. assert elem['content_type'] != 'comments'
  522. assert isinstance(elem['is_archived'], bool)
  523. assert isinstance(elem['is_deleted'], bool)
  524. assert isinstance(elem['label'], str)
  525. assert isinstance(elem['parent_id'], int) or elem['parent_id'] is None
  526. assert isinstance(elem['show_in_ui'], bool)
  527. assert isinstance(elem['slug'], str)
  528. assert isinstance(elem['status'], str)
  529. assert isinstance(elem['sub_content_types'], list)
  530. for sub_content_type in elem['sub_content_types']:
  531. assert isinstance(sub_content_type, str)
  532. assert isinstance(elem['workspace_id'], int)
  533. # comment is newest than page2
  534. assert res[0]['content_id'] == firstly_created_but_recently_commented.content_id
  535. assert res[1]['content_id'] == secondly_created_but_not_commented.content_id
  536. params = {
  537. 'limit': 2,
  538. 'before_content_id': secondly_created_but_not_commented.content_id, # nopep8
  539. }
  540. res = self.testapp.get(
  541. '/api/v2/users/1/workspaces/{}/contents/recently_active'.format(workspace.workspace_id), # nopep8
  542. status=200,
  543. params=params
  544. )
  545. res = res.json_body
  546. assert len(res) == 2
  547. # last updated content is newer than other one despite creation
  548. # of the other is more recent
  549. assert res[0]['content_id'] == firstly_created_but_recently_updated.content_id
  550. assert res[1]['content_id'] == secondly_created_but_not_updated.content_id
  551. def test_api__get_recently_active_content__ok__200__bad_before_content_id_doesnt_exist(self): # nopep8
  552. # TODO - G.M - 2018-07-20 - Better fix for this test, do not use sleep()
  553. # anymore to fix datetime lack of precision.
  554. # init DB
  555. dbsession = get_tm_session(self.session_factory, transaction.manager)
  556. admin = dbsession.query(models.User) \
  557. .filter(models.User.email == 'admin@admin.admin') \
  558. .one()
  559. workspace_api = WorkspaceApi(
  560. current_user=admin,
  561. session=dbsession,
  562. config=self.app_config
  563. )
  564. workspace = WorkspaceApi(
  565. current_user=admin,
  566. session=dbsession,
  567. config=self.app_config,
  568. ).create_workspace(
  569. 'test workspace',
  570. save_now=True
  571. )
  572. workspace2 = WorkspaceApi(
  573. current_user=admin,
  574. session=dbsession,
  575. config=self.app_config,
  576. ).create_workspace(
  577. 'test workspace2',
  578. save_now=True
  579. )
  580. api = ContentApi(
  581. current_user=admin,
  582. session=dbsession,
  583. config=self.app_config,
  584. )
  585. main_folder_workspace2 = api.create(CONTENT_TYPES.Folder.slug, workspace2, None, 'Hepla', '', True) # nopep8
  586. main_folder = api.create(CONTENT_TYPES.Folder.slug, workspace, None, 'this is randomized folder', '', True) # nopep8
  587. # creation order test
  588. firstly_created = api.create(CONTENT_TYPES.Page.slug, workspace, main_folder, 'creation_order_test', '', True) # nopep8
  589. secondly_created = api.create(CONTENT_TYPES.Page.slug, workspace, main_folder, 'another creation_order_test', '', True) # nopep8
  590. # update order test
  591. firstly_created_but_recently_updated = api.create(CONTENT_TYPES.Page.slug, workspace, main_folder, 'update_order_test', '', True) # nopep8
  592. secondly_created_but_not_updated = api.create(CONTENT_TYPES.Page.slug, workspace, main_folder, 'another update_order_test', '', True) # nopep8
  593. with new_revision(
  594. session=dbsession,
  595. tm=transaction.manager,
  596. content=firstly_created_but_recently_updated,
  597. ):
  598. firstly_created_but_recently_updated.description = 'Just an update'
  599. api.save(firstly_created_but_recently_updated)
  600. # comment change order
  601. firstly_created_but_recently_commented = api.create(CONTENT_TYPES.Page.slug, workspace, main_folder, 'this is randomized label content', '', True) # nopep8
  602. secondly_created_but_not_commented = api.create(CONTENT_TYPES.Page.slug, workspace, main_folder, 'this is another randomized label content', '', True) # nopep8
  603. comments = api.create_comment(workspace, firstly_created_but_recently_commented, 'juste a super comment', True) # nopep8
  604. content_workspace_2 = api.create(CONTENT_TYPES.Page.slug, workspace2,main_folder_workspace2, 'content_workspace_2', '',True) # nopep8
  605. dbsession.flush()
  606. transaction.commit()
  607. self.testapp.authorization = (
  608. 'Basic',
  609. (
  610. 'admin@admin.admin',
  611. 'admin@admin.admin'
  612. )
  613. )
  614. params = {
  615. 'before_content_id': 4000
  616. }
  617. res = self.testapp.get(
  618. '/api/v2/users/1/workspaces/{}/contents/recently_active'.format(workspace.workspace_id), # nopep8
  619. status=400,
  620. params=params
  621. )
  622. class TestUserReadStatusEndpoint(FunctionalTest):
  623. """
  624. Tests for /api/v2/users/{user_id}/workspaces/{workspace_id}/contents/read_status # nopep8
  625. """
  626. def test_api__get_read_status__ok__200__admin(self):
  627. # init DB
  628. dbsession = get_tm_session(self.session_factory, transaction.manager)
  629. admin = dbsession.query(models.User) \
  630. .filter(models.User.email == 'admin@admin.admin') \
  631. .one()
  632. workspace_api = WorkspaceApi(
  633. current_user=admin,
  634. session=dbsession,
  635. config=self.app_config
  636. )
  637. workspace = WorkspaceApi(
  638. current_user=admin,
  639. session=dbsession,
  640. config=self.app_config,
  641. ).create_workspace(
  642. 'test workspace',
  643. save_now=True
  644. )
  645. workspace2 = WorkspaceApi(
  646. current_user=admin,
  647. session=dbsession,
  648. config=self.app_config,
  649. ).create_workspace(
  650. 'test workspace2',
  651. save_now=True
  652. )
  653. uapi = UserApi(
  654. current_user=admin,
  655. session=dbsession,
  656. config=self.app_config,
  657. )
  658. gapi = GroupApi(
  659. current_user=admin,
  660. session=dbsession,
  661. config=self.app_config,
  662. )
  663. groups = [gapi.get_one_with_name('users')]
  664. test_user = uapi.create_user(
  665. email='test@test.test',
  666. password='pass',
  667. name='bob',
  668. groups=groups,
  669. timezone='Europe/Paris',
  670. do_save=True,
  671. do_notify=False,
  672. )
  673. rapi = RoleApi(
  674. current_user=admin,
  675. session=dbsession,
  676. config=self.app_config,
  677. )
  678. rapi.create_one(test_user, workspace, UserRoleInWorkspace.READER, False)
  679. api = ContentApi(
  680. current_user=admin,
  681. session=dbsession,
  682. config=self.app_config,
  683. )
  684. main_folder_workspace2 = api.create(CONTENT_TYPES.Folder.slug, workspace2, None, 'Hepla', '', True) # nopep8
  685. main_folder = api.create(CONTENT_TYPES.Folder.slug, workspace, None, 'this is randomized folder', '', True) # nopep8
  686. # creation order test
  687. firstly_created = api.create(CONTENT_TYPES.Page.slug, workspace, main_folder, 'creation_order_test', '', True) # nopep8
  688. secondly_created = api.create(CONTENT_TYPES.Page.slug, workspace, main_folder, 'another creation_order_test', '', True) # nopep8
  689. # update order test
  690. firstly_created_but_recently_updated = api.create(CONTENT_TYPES.Page.slug, workspace, main_folder, 'update_order_test', '', True) # nopep8
  691. secondly_created_but_not_updated = api.create(CONTENT_TYPES.Page.slug, workspace, main_folder, 'another update_order_test', '', True) # nopep8
  692. with new_revision(
  693. session=dbsession,
  694. tm=transaction.manager,
  695. content=firstly_created_but_recently_updated,
  696. ):
  697. firstly_created_but_recently_updated.description = 'Just an update'
  698. api.save(firstly_created_but_recently_updated)
  699. # comment change order
  700. firstly_created_but_recently_commented = api.create(CONTENT_TYPES.Page.slug, workspace, main_folder, 'this is randomized label content', '', True) # nopep8
  701. secondly_created_but_not_commented = api.create(CONTENT_TYPES.Page.slug, workspace, main_folder, 'this is another randomized label content', '', True) # nopep8
  702. comments = api.create_comment(workspace, firstly_created_but_recently_commented, 'juste a super comment', True) # nopep8
  703. content_workspace_2 = api.create(CONTENT_TYPES.Page.slug, workspace2,main_folder_workspace2, 'content_workspace_2', '',True) # nopep8
  704. dbsession.flush()
  705. transaction.commit()
  706. self.testapp.authorization = (
  707. 'Basic',
  708. (
  709. 'admin@admin.admin',
  710. 'admin@admin.admin'
  711. )
  712. )
  713. res = self.testapp.get('/api/v2/users/{user_id}/workspaces/{workspace_id}/contents/read_status'.format( # nopep8
  714. user_id=admin.user_id,
  715. workspace_id=workspace.workspace_id
  716. ), status=200)
  717. res = res.json_body
  718. assert len(res) == 7
  719. for elem in res:
  720. assert isinstance(elem['content_id'], int)
  721. assert isinstance(elem['read_by_user'], bool)
  722. # comment is newest than page2
  723. assert res[0]['content_id'] == firstly_created_but_recently_commented.content_id
  724. assert res[1]['content_id'] == secondly_created_but_not_commented.content_id
  725. # last updated content is newer than other one despite creation
  726. # of the other is more recent
  727. assert res[2]['content_id'] == firstly_created_but_recently_updated.content_id
  728. assert res[3]['content_id'] == secondly_created_but_not_updated.content_id
  729. # creation order is inverted here as last created is last active
  730. assert res[4]['content_id'] == secondly_created.content_id
  731. assert res[5]['content_id'] == firstly_created.content_id
  732. # folder subcontent modification does not change folder order
  733. assert res[6]['content_id'] == main_folder.content_id
  734. def test_api__get_read_status__ok__200__user_itself(self):
  735. # init DB
  736. dbsession = get_tm_session(self.session_factory, transaction.manager)
  737. admin = dbsession.query(models.User) \
  738. .filter(models.User.email == 'admin@admin.admin') \
  739. .one()
  740. workspace_api = WorkspaceApi(
  741. current_user=admin,
  742. session=dbsession,
  743. config=self.app_config
  744. )
  745. workspace = WorkspaceApi(
  746. current_user=admin,
  747. session=dbsession,
  748. config=self.app_config,
  749. ).create_workspace(
  750. 'test workspace',
  751. save_now=True
  752. )
  753. workspace2 = WorkspaceApi(
  754. current_user=admin,
  755. session=dbsession,
  756. config=self.app_config,
  757. ).create_workspace(
  758. 'test workspace2',
  759. save_now=True
  760. )
  761. uapi = UserApi(
  762. current_user=admin,
  763. session=dbsession,
  764. config=self.app_config,
  765. )
  766. gapi = GroupApi(
  767. current_user=admin,
  768. session=dbsession,
  769. config=self.app_config,
  770. )
  771. groups = [gapi.get_one_with_name('users')]
  772. test_user = uapi.create_user(
  773. email='test@test.test',
  774. password='pass',
  775. name='bob',
  776. groups=groups,
  777. timezone='Europe/Paris',
  778. do_save=True,
  779. do_notify=False,
  780. )
  781. rapi = RoleApi(
  782. current_user=admin,
  783. session=dbsession,
  784. config=self.app_config,
  785. )
  786. rapi.create_one(test_user, workspace, UserRoleInWorkspace.READER, False)
  787. api = ContentApi(
  788. current_user=admin,
  789. session=dbsession,
  790. config=self.app_config,
  791. )
  792. main_folder_workspace2 = api.create(CONTENT_TYPES.Folder.slug, workspace2, None, 'Hepla', '', True) # nopep8
  793. main_folder = api.create(CONTENT_TYPES.Folder.slug, workspace, None, 'this is randomized folder', '', True) # nopep8
  794. # creation order test
  795. firstly_created = api.create(CONTENT_TYPES.Page.slug, workspace, main_folder, 'creation_order_test', '', True) # nopep8
  796. secondly_created = api.create(CONTENT_TYPES.Page.slug, workspace, main_folder, 'another creation_order_test', '', True) # nopep8
  797. # update order test
  798. firstly_created_but_recently_updated = api.create(CONTENT_TYPES.Page.slug, workspace, main_folder, 'update_order_test', '', True) # nopep8
  799. secondly_created_but_not_updated = api.create(CONTENT_TYPES.Page.slug, workspace, main_folder, 'another update_order_test', '', True) # nopep8
  800. with new_revision(
  801. session=dbsession,
  802. tm=transaction.manager,
  803. content=firstly_created_but_recently_updated,
  804. ):
  805. firstly_created_but_recently_updated.description = 'Just an update'
  806. api.save(firstly_created_but_recently_updated)
  807. # comment change order
  808. firstly_created_but_recently_commented = api.create(CONTENT_TYPES.Page.slug, workspace, main_folder, 'this is randomized label content', '', True) # nopep8
  809. secondly_created_but_not_commented = api.create(CONTENT_TYPES.Page.slug, workspace, main_folder, 'this is another randomized label content', '', True) # nopep8
  810. comments = api.create_comment(workspace, firstly_created_but_recently_commented, 'juste a super comment', True) # nopep8
  811. content_workspace_2 = api.create(CONTENT_TYPES.Page.slug, workspace2,main_folder_workspace2, 'content_workspace_2', '',True) # nopep8
  812. dbsession.flush()
  813. transaction.commit()
  814. self.testapp.authorization = (
  815. 'Basic',
  816. (
  817. 'test@test.test',
  818. 'pass'
  819. )
  820. )
  821. selected_contents_id = [
  822. firstly_created_but_recently_commented.content_id,
  823. firstly_created_but_recently_updated.content_id,
  824. firstly_created.content_id,
  825. main_folder.content_id,
  826. ]
  827. url = '/api/v2/users/{user_id}/workspaces/{workspace_id}/contents/read_status?contents_ids={cid1}&contents_ids={cid2}&contents_ids={cid3}&contents_ids={cid4}'.format( # nopep8
  828. workspace_id=workspace.workspace_id,
  829. cid1=selected_contents_id[0],
  830. cid2=selected_contents_id[1],
  831. cid3=selected_contents_id[2],
  832. cid4=selected_contents_id[3],
  833. user_id=test_user.user_id,
  834. )
  835. res = self.testapp.get(
  836. url=url,
  837. status=200,
  838. )
  839. res = res.json_body
  840. assert len(res) == 4
  841. for elem in res:
  842. assert isinstance(elem['content_id'], int)
  843. assert isinstance(elem['read_by_user'], bool)
  844. # comment is newest than page2
  845. assert res[0]['content_id'] == firstly_created_but_recently_commented.content_id
  846. # last updated content is newer than other one despite creation
  847. # of the other is more recent
  848. assert res[1]['content_id'] == firstly_created_but_recently_updated.content_id
  849. # creation order is inverted here as last created is last active
  850. assert res[2]['content_id'] == firstly_created.content_id
  851. # folder subcontent modification does not change folder order
  852. assert res[3]['content_id'] == main_folder.content_id
  853. def test_api__get_read_status__ok__200__other_user(self):
  854. # init DB
  855. dbsession = get_tm_session(self.session_factory, transaction.manager)
  856. admin = dbsession.query(models.User) \
  857. .filter(models.User.email == 'admin@admin.admin') \
  858. .one()
  859. workspace_api = WorkspaceApi(
  860. current_user=admin,
  861. session=dbsession,
  862. config=self.app_config
  863. )
  864. workspace = WorkspaceApi(
  865. current_user=admin,
  866. session=dbsession,
  867. config=self.app_config,
  868. ).create_workspace(
  869. 'test workspace',
  870. save_now=True
  871. )
  872. workspace2 = WorkspaceApi(
  873. current_user=admin,
  874. session=dbsession,
  875. config=self.app_config,
  876. ).create_workspace(
  877. 'test workspace2',
  878. save_now=True
  879. )
  880. uapi = UserApi(
  881. current_user=admin,
  882. session=dbsession,
  883. config=self.app_config,
  884. )
  885. gapi = GroupApi(
  886. current_user=admin,
  887. session=dbsession,
  888. config=self.app_config,
  889. )
  890. groups = [gapi.get_one_with_name('users')]
  891. test_user = uapi.create_user(
  892. email='test@test.test',
  893. password='pass',
  894. name='bob',
  895. groups=groups,
  896. timezone='Europe/Paris',
  897. do_save=True,
  898. do_notify=False,
  899. )
  900. rapi = RoleApi(
  901. current_user=admin,
  902. session=dbsession,
  903. config=self.app_config,
  904. )
  905. rapi.create_one(test_user, workspace, UserRoleInWorkspace.READER, False)
  906. api = ContentApi(
  907. current_user=admin,
  908. session=dbsession,
  909. config=self.app_config,
  910. )
  911. main_folder_workspace2 = api.create(CONTENT_TYPES.Folder.slug, workspace2, None, 'Hepla', '', True) # nopep8
  912. main_folder = api.create(CONTENT_TYPES.Folder.slug, workspace, None, 'this is randomized folder', '', True) # nopep8
  913. # creation order test
  914. firstly_created = api.create(CONTENT_TYPES.Page.slug, workspace, main_folder, 'creation_order_test', '', True) # nopep8
  915. secondly_created = api.create(CONTENT_TYPES.Page.slug, workspace, main_folder, 'another creation_order_test', '', True) # nopep8
  916. # update order test
  917. firstly_created_but_recently_updated = api.create(CONTENT_TYPES.Page.slug, workspace, main_folder, 'update_order_test', '', True) # nopep8
  918. secondly_created_but_not_updated = api.create(CONTENT_TYPES.Page.slug, workspace, main_folder, 'another update_order_test', '', True) # nopep8
  919. with new_revision(
  920. session=dbsession,
  921. tm=transaction.manager,
  922. content=firstly_created_but_recently_updated,
  923. ):
  924. firstly_created_but_recently_updated.description = 'Just an update'
  925. api.save(firstly_created_but_recently_updated)
  926. # comment change order
  927. firstly_created_but_recently_commented = api.create(CONTENT_TYPES.Page.slug, workspace, main_folder, 'this is randomized label content', '', True) # nopep8
  928. secondly_created_but_not_commented = api.create(CONTENT_TYPES.Page.slug, workspace, main_folder, 'this is another randomized label content', '', True) # nopep8
  929. comments = api.create_comment(workspace, firstly_created_but_recently_commented, 'juste a super comment', True) # nopep8
  930. content_workspace_2 = api.create(CONTENT_TYPES.Page.slug, workspace2,main_folder_workspace2, 'content_workspace_2', '',True) # nopep8
  931. dbsession.flush()
  932. transaction.commit()
  933. self.testapp.authorization = (
  934. 'Basic',
  935. (
  936. 'test@test.test',
  937. 'pass'
  938. )
  939. )
  940. selected_contents_id = [
  941. firstly_created_but_recently_commented.content_id,
  942. firstly_created_but_recently_updated.content_id,
  943. firstly_created.content_id,
  944. main_folder.content_id,
  945. ]
  946. url = '/api/v2/users/{user_id}/workspaces/{workspace_id}/contents/read_status?contents_ids={cid1}&contents_ids={cid2}&contents_ids={cid3}&contents_ids={cid4}'.format( # nopep8
  947. workspace_id=workspace.workspace_id,
  948. cid1=selected_contents_id[0],
  949. cid2=selected_contents_id[1],
  950. cid3=selected_contents_id[2],
  951. cid4=selected_contents_id[3],
  952. user_id=admin.user_id,
  953. )
  954. res = self.testapp.get(
  955. url=url,
  956. status=403,
  957. )
  958. class TestUserSetContentAsRead(FunctionalTest):
  959. """
  960. Tests for /api/v2/users/{user_id}/workspaces/{workspace_id}/contents/{content_id}/read # nopep8
  961. """
  962. def test_api_set_content_as_read__ok__200__admin(self):
  963. # init DB
  964. dbsession = get_tm_session(self.session_factory, transaction.manager)
  965. admin = dbsession.query(models.User) \
  966. .filter(models.User.email == 'admin@admin.admin') \
  967. .one()
  968. workspace_api = WorkspaceApi(
  969. current_user=admin,
  970. session=dbsession,
  971. config=self.app_config
  972. )
  973. workspace = WorkspaceApi(
  974. current_user=admin,
  975. session=dbsession,
  976. config=self.app_config,
  977. ).create_workspace(
  978. 'test workspace',
  979. save_now=True
  980. )
  981. uapi = UserApi(
  982. current_user=admin,
  983. session=dbsession,
  984. config=self.app_config,
  985. )
  986. gapi = GroupApi(
  987. current_user=admin,
  988. session=dbsession,
  989. config=self.app_config,
  990. )
  991. groups = [gapi.get_one_with_name('users')]
  992. test_user = uapi.create_user(
  993. email='test@test.test',
  994. password='pass',
  995. name='bob',
  996. groups=groups,
  997. timezone='Europe/Paris',
  998. do_save=True,
  999. do_notify=False,
  1000. )
  1001. rapi = RoleApi(
  1002. current_user=admin,
  1003. session=dbsession,
  1004. config=self.app_config,
  1005. )
  1006. rapi.create_one(test_user, workspace, UserRoleInWorkspace.READER, False)
  1007. api = ContentApi(
  1008. current_user=admin,
  1009. session=dbsession,
  1010. config=self.app_config,
  1011. )
  1012. api2 = ContentApi(
  1013. current_user=test_user,
  1014. session=dbsession,
  1015. config=self.app_config,
  1016. )
  1017. main_folder = api.create(CONTENT_TYPES.Folder.slug, workspace, None, 'this is randomized folder', '', True) # nopep8
  1018. # creation order test
  1019. firstly_created = api.create(CONTENT_TYPES.Page.slug, workspace, main_folder, 'creation_order_test', '', True) # nopep8
  1020. api.mark_unread(firstly_created)
  1021. api2.mark_unread(firstly_created)
  1022. dbsession.flush()
  1023. transaction.commit()
  1024. self.testapp.authorization = (
  1025. 'Basic',
  1026. (
  1027. 'admin@admin.admin',
  1028. 'admin@admin.admin'
  1029. )
  1030. )
  1031. # before
  1032. res = self.testapp.get('/api/v2/users/{user_id}/workspaces/{workspace_id}/contents/read_status'.format( # nopep8
  1033. user_id=test_user.user_id,
  1034. workspace_id=workspace.workspace_id
  1035. ), status=200)
  1036. assert res.json_body[0]['content_id'] == firstly_created.content_id
  1037. assert res.json_body[0]['read_by_user'] is False
  1038. res = self.testapp.get('/api/v2/users/{user_id}/workspaces/{workspace_id}/contents/read_status'.format( # nopep8
  1039. user_id=admin.user_id,
  1040. workspace_id=workspace.workspace_id
  1041. ), status=200)
  1042. assert res.json_body[0]['content_id'] == firstly_created.content_id
  1043. assert res.json_body[0]['read_by_user'] is False
  1044. # read
  1045. self.testapp.put(
  1046. '/api/v2/users/{user_id}/workspaces/{workspace_id}/contents/{content_id}/read'.format( # nopep8
  1047. workspace_id=workspace.workspace_id,
  1048. content_id=firstly_created.content_id,
  1049. user_id=test_user.user_id,
  1050. )
  1051. )
  1052. # after
  1053. res = self.testapp.get('/api/v2/users/{user_id}/workspaces/{workspace_id}/contents/read_status'.format( # nopep8
  1054. user_id=test_user.user_id,
  1055. workspace_id=workspace.workspace_id
  1056. ), status=200) # nopep8
  1057. assert res.json_body[0]['content_id'] == firstly_created.content_id
  1058. assert res.json_body[0]['read_by_user'] is True
  1059. res = self.testapp.get('/api/v2/users/{user_id}/workspaces/{workspace_id}/contents/read_status'.format( # nopep8
  1060. user_id=admin.user_id,
  1061. workspace_id=workspace.workspace_id
  1062. ), status=200) # nopep8
  1063. assert res.json_body[0]['content_id'] == firstly_created.content_id
  1064. assert res.json_body[0]['read_by_user'] is False
  1065. def test_api_set_content_as_read__ok__200__admin_workspace_do_not_exist(self):
  1066. # init DB
  1067. dbsession = get_tm_session(self.session_factory, transaction.manager)
  1068. admin = dbsession.query(models.User) \
  1069. .filter(models.User.email == 'admin@admin.admin') \
  1070. .one()
  1071. workspace_api = WorkspaceApi(
  1072. current_user=admin,
  1073. session=dbsession,
  1074. config=self.app_config
  1075. )
  1076. workspace = WorkspaceApi(
  1077. current_user=admin,
  1078. session=dbsession,
  1079. config=self.app_config,
  1080. ).create_workspace(
  1081. 'test workspace',
  1082. save_now=True
  1083. )
  1084. uapi = UserApi(
  1085. current_user=admin,
  1086. session=dbsession,
  1087. config=self.app_config,
  1088. )
  1089. gapi = GroupApi(
  1090. current_user=admin,
  1091. session=dbsession,
  1092. config=self.app_config,
  1093. )
  1094. groups = [gapi.get_one_with_name('users')]
  1095. test_user = uapi.create_user(
  1096. email='test@test.test',
  1097. password='pass',
  1098. name='bob',
  1099. groups=groups,
  1100. timezone='Europe/Paris',
  1101. do_save=True,
  1102. do_notify=False,
  1103. )
  1104. rapi = RoleApi(
  1105. current_user=admin,
  1106. session=dbsession,
  1107. config=self.app_config,
  1108. )
  1109. rapi.create_one(test_user, workspace, UserRoleInWorkspace.READER, False)
  1110. api = ContentApi(
  1111. current_user=admin,
  1112. session=dbsession,
  1113. config=self.app_config,
  1114. )
  1115. api2 = ContentApi(
  1116. current_user=test_user,
  1117. session=dbsession,
  1118. config=self.app_config,
  1119. )
  1120. main_folder = api.create(CONTENT_TYPES.Folder.slug, workspace, None, 'this is randomized folder', '', True) # nopep8
  1121. # creation order test
  1122. firstly_created = api.create(CONTENT_TYPES.Page.slug, workspace, main_folder, 'creation_order_test', '', True) # nopep8
  1123. api.mark_unread(firstly_created)
  1124. api2.mark_unread(firstly_created)
  1125. dbsession.flush()
  1126. transaction.commit()
  1127. self.testapp.authorization = (
  1128. 'Basic',
  1129. (
  1130. 'admin@admin.admin',
  1131. 'admin@admin.admin'
  1132. )
  1133. )
  1134. # read
  1135. self.testapp.put(
  1136. '/api/v2/users/{user_id}/workspaces/{workspace_id}/contents/{content_id}/read'.format( # nopep8
  1137. workspace_id=4000,
  1138. content_id=firstly_created.content_id,
  1139. user_id=test_user.user_id,
  1140. ),
  1141. status=400,
  1142. )
  1143. def test_api_set_content_as_read__ok__200__admin_content_do_not_exist(self):
  1144. # init DB
  1145. dbsession = get_tm_session(self.session_factory, transaction.manager)
  1146. admin = dbsession.query(models.User) \
  1147. .filter(models.User.email == 'admin@admin.admin') \
  1148. .one()
  1149. workspace_api = WorkspaceApi(
  1150. current_user=admin,
  1151. session=dbsession,
  1152. config=self.app_config
  1153. )
  1154. workspace = WorkspaceApi(
  1155. current_user=admin,
  1156. session=dbsession,
  1157. config=self.app_config,
  1158. ).create_workspace(
  1159. 'test workspace',
  1160. save_now=True
  1161. )
  1162. uapi = UserApi(
  1163. current_user=admin,
  1164. session=dbsession,
  1165. config=self.app_config,
  1166. )
  1167. gapi = GroupApi(
  1168. current_user=admin,
  1169. session=dbsession,
  1170. config=self.app_config,
  1171. )
  1172. groups = [gapi.get_one_with_name('users')]
  1173. test_user = uapi.create_user(
  1174. email='test@test.test',
  1175. password='pass',
  1176. name='bob',
  1177. groups=groups,
  1178. timezone='Europe/Paris',
  1179. do_save=True,
  1180. do_notify=False,
  1181. )
  1182. rapi = RoleApi(
  1183. current_user=admin,
  1184. session=dbsession,
  1185. config=self.app_config,
  1186. )
  1187. rapi.create_one(test_user, workspace, UserRoleInWorkspace.READER, False)
  1188. api = ContentApi(
  1189. current_user=admin,
  1190. session=dbsession,
  1191. config=self.app_config,
  1192. )
  1193. api2 = ContentApi(
  1194. current_user=test_user,
  1195. session=dbsession,
  1196. config=self.app_config,
  1197. )
  1198. main_folder = api.create(CONTENT_TYPES.Folder.slug, workspace, None, 'this is randomized folder', '', True) # nopep8
  1199. # creation order test
  1200. firstly_created = api.create(CONTENT_TYPES.Page.slug, workspace, main_folder, 'creation_order_test', '', True) # nopep8
  1201. api.mark_unread(firstly_created)
  1202. api2.mark_unread(firstly_created)
  1203. dbsession.flush()
  1204. transaction.commit()
  1205. self.testapp.authorization = (
  1206. 'Basic',
  1207. (
  1208. 'admin@admin.admin',
  1209. 'admin@admin.admin'
  1210. )
  1211. )
  1212. # read
  1213. self.testapp.put(
  1214. '/api/v2/users/{user_id}/workspaces/{workspace_id}/contents/{content_id}/read'.format( # nopep8
  1215. workspace_id=workspace.workspace_id,
  1216. content_id=4000,
  1217. user_id=test_user.user_id,
  1218. ),
  1219. status=400,
  1220. )
  1221. def test_api_set_content_as_read__ok__200__user_itself(self):
  1222. # init DB
  1223. dbsession = get_tm_session(self.session_factory, transaction.manager)
  1224. admin = dbsession.query(models.User) \
  1225. .filter(models.User.email == 'admin@admin.admin') \
  1226. .one()
  1227. workspace_api = WorkspaceApi(
  1228. current_user=admin,
  1229. session=dbsession,
  1230. config=self.app_config
  1231. )
  1232. workspace = WorkspaceApi(
  1233. current_user=admin,
  1234. session=dbsession,
  1235. config=self.app_config,
  1236. ).create_workspace(
  1237. 'test workspace',
  1238. save_now=True
  1239. )
  1240. uapi = UserApi(
  1241. current_user=admin,
  1242. session=dbsession,
  1243. config=self.app_config,
  1244. )
  1245. gapi = GroupApi(
  1246. current_user=admin,
  1247. session=dbsession,
  1248. config=self.app_config,
  1249. )
  1250. groups = [gapi.get_one_with_name('users')]
  1251. test_user = uapi.create_user(
  1252. email='test@test.test',
  1253. password='pass',
  1254. name='bob',
  1255. groups=groups,
  1256. timezone='Europe/Paris',
  1257. do_save=True,
  1258. do_notify=False,
  1259. )
  1260. rapi = RoleApi(
  1261. current_user=admin,
  1262. session=dbsession,
  1263. config=self.app_config,
  1264. )
  1265. rapi.create_one(test_user, workspace, UserRoleInWorkspace.READER, False)
  1266. api = ContentApi(
  1267. current_user=admin,
  1268. session=dbsession,
  1269. config=self.app_config,
  1270. )
  1271. api2 = ContentApi(
  1272. current_user=test_user,
  1273. session=dbsession,
  1274. config=self.app_config,
  1275. )
  1276. main_folder = api.create(CONTENT_TYPES.Folder.slug, workspace, None, 'this is randomized folder', '', True) # nopep8
  1277. # creation order test
  1278. firstly_created = api.create(CONTENT_TYPES.Page.slug, workspace, main_folder, 'creation_order_test', '', True) # nopep8
  1279. api.mark_unread(firstly_created)
  1280. api2.mark_unread(firstly_created)
  1281. dbsession.flush()
  1282. transaction.commit()
  1283. self.testapp.authorization = (
  1284. 'Basic',
  1285. (
  1286. 'test@test.test',
  1287. 'pass'
  1288. )
  1289. )
  1290. # before
  1291. res = self.testapp.get('/api/v2/users/{user_id}/workspaces/{workspace_id}/contents/read_status'.format( # nopep8
  1292. user_id=test_user.user_id,
  1293. workspace_id=workspace.workspace_id
  1294. ),
  1295. status=200
  1296. )
  1297. assert res.json_body[0]['content_id'] == firstly_created.content_id
  1298. assert res.json_body[0]['read_by_user'] is False
  1299. # read
  1300. self.testapp.put(
  1301. '/api/v2/users/{user_id}/workspaces/{workspace_id}/contents/{content_id}/read'.format( # nopep8
  1302. workspace_id=workspace.workspace_id,
  1303. content_id=firstly_created.content_id,
  1304. user_id=test_user.user_id,
  1305. )
  1306. )
  1307. # after
  1308. res = self.testapp.get('/api/v2/users/{user_id}/workspaces/{workspace_id}/contents/read_status'.format( # nopep8
  1309. user_id=test_user.user_id,
  1310. workspace_id=workspace.workspace_id
  1311. ),
  1312. status=200
  1313. )
  1314. assert res.json_body[0]['content_id'] == firstly_created.content_id
  1315. assert res.json_body[0]['read_by_user'] is True
  1316. def test_api_set_content_as_read__ok__403__other_user(self):
  1317. # init DB
  1318. dbsession = get_tm_session(self.session_factory, transaction.manager)
  1319. admin = dbsession.query(models.User) \
  1320. .filter(models.User.email == 'admin@admin.admin') \
  1321. .one()
  1322. workspace_api = WorkspaceApi(
  1323. current_user=admin,
  1324. session=dbsession,
  1325. config=self.app_config
  1326. )
  1327. workspace = WorkspaceApi(
  1328. current_user=admin,
  1329. session=dbsession,
  1330. config=self.app_config,
  1331. ).create_workspace(
  1332. 'test workspace',
  1333. save_now=True
  1334. )
  1335. uapi = UserApi(
  1336. current_user=admin,
  1337. session=dbsession,
  1338. config=self.app_config,
  1339. )
  1340. gapi = GroupApi(
  1341. current_user=admin,
  1342. session=dbsession,
  1343. config=self.app_config,
  1344. )
  1345. groups = [gapi.get_one_with_name('users')]
  1346. test_user = uapi.create_user(
  1347. email='test@test.test',
  1348. password='pass',
  1349. name='bob',
  1350. groups=groups,
  1351. timezone='Europe/Paris',
  1352. do_save=True,
  1353. do_notify=False,
  1354. )
  1355. rapi = RoleApi(
  1356. current_user=admin,
  1357. session=dbsession,
  1358. config=self.app_config,
  1359. )
  1360. rapi.create_one(test_user, workspace, UserRoleInWorkspace.READER, False)
  1361. api = ContentApi(
  1362. current_user=admin,
  1363. session=dbsession,
  1364. config=self.app_config,
  1365. )
  1366. api2 = ContentApi(
  1367. current_user=test_user,
  1368. session=dbsession,
  1369. config=self.app_config,
  1370. )
  1371. main_folder = api.create(CONTENT_TYPES.Folder.slug, workspace, None, 'this is randomized folder', '', True) # nopep8
  1372. # creation order test
  1373. firstly_created = api.create(CONTENT_TYPES.Page.slug, workspace, main_folder, 'creation_order_test', '', True) # nopep8
  1374. api.mark_unread(firstly_created)
  1375. api2.mark_unread(firstly_created)
  1376. dbsession.flush()
  1377. transaction.commit()
  1378. self.testapp.authorization = (
  1379. 'Basic',
  1380. (
  1381. 'test@test.test',
  1382. 'pass'
  1383. )
  1384. )
  1385. # read
  1386. self.testapp.put(
  1387. '/api/v2/users/{user_id}/workspaces/{workspace_id}/contents/{content_id}/read'.format( # nopep8
  1388. workspace_id=workspace.workspace_id,
  1389. content_id=firstly_created.content_id,
  1390. user_id=admin.user_id,
  1391. ),
  1392. status=403,
  1393. )
  1394. def test_api_set_content_as_read__ok__200__admin_with_comments(self):
  1395. # init DB
  1396. dbsession = get_tm_session(self.session_factory, transaction.manager)
  1397. admin = dbsession.query(models.User) \
  1398. .filter(models.User.email == 'admin@admin.admin') \
  1399. .one()
  1400. workspace_api = WorkspaceApi(
  1401. current_user=admin,
  1402. session=dbsession,
  1403. config=self.app_config
  1404. )
  1405. workspace = WorkspaceApi(
  1406. current_user=admin,
  1407. session=dbsession,
  1408. config=self.app_config,
  1409. ).create_workspace(
  1410. 'test workspace',
  1411. save_now=True
  1412. )
  1413. uapi = UserApi(
  1414. current_user=admin,
  1415. session=dbsession,
  1416. config=self.app_config,
  1417. )
  1418. gapi = GroupApi(
  1419. current_user=admin,
  1420. session=dbsession,
  1421. config=self.app_config,
  1422. )
  1423. groups = [gapi.get_one_with_name('users')]
  1424. test_user = uapi.create_user(
  1425. email='test@test.test',
  1426. password='pass',
  1427. name='bob',
  1428. groups=groups,
  1429. timezone='Europe/Paris',
  1430. do_save=True,
  1431. do_notify=False,
  1432. )
  1433. rapi = RoleApi(
  1434. current_user=admin,
  1435. session=dbsession,
  1436. config=self.app_config,
  1437. )
  1438. rapi.create_one(test_user, workspace, UserRoleInWorkspace.READER, False)
  1439. api = ContentApi(
  1440. current_user=admin,
  1441. session=dbsession,
  1442. config=self.app_config,
  1443. )
  1444. api2 = ContentApi(
  1445. current_user=test_user,
  1446. session=dbsession,
  1447. config=self.app_config,
  1448. )
  1449. main_folder = api.create(CONTENT_TYPES.Folder.slug, workspace, None, 'this is randomized folder', '', True) # nopep8
  1450. # creation order test
  1451. firstly_created = api.create(CONTENT_TYPES.Page.slug, workspace, main_folder, 'creation_order_test', '', True) # nopep8
  1452. comments = api.create_comment(workspace, firstly_created, 'juste a super comment', True) # nopep8
  1453. api.mark_unread(firstly_created)
  1454. api.mark_unread(comments)
  1455. dbsession.flush()
  1456. transaction.commit()
  1457. self.testapp.authorization = (
  1458. 'Basic',
  1459. (
  1460. 'admin@admin.admin',
  1461. 'admin@admin.admin'
  1462. )
  1463. )
  1464. # before
  1465. res = self.testapp.get('/api/v2/users/{user_id}/workspaces/{workspace_id}/contents/read_status'.format( # nopep8
  1466. user_id=test_user.user_id,
  1467. workspace_id=workspace.workspace_id
  1468. ), status=200) # nopep8
  1469. assert res.json_body[0]['content_id'] == firstly_created.content_id
  1470. assert res.json_body[0]['read_by_user'] is False
  1471. res = self.testapp.get('/api/v2/users/{user_id}/workspaces/{workspace_id}/contents/read_status'.format( # nopep8
  1472. user_id=admin.user_id,
  1473. workspace_id=workspace.workspace_id
  1474. ), status=200) # nopep8
  1475. assert res.json_body[0]['content_id'] == firstly_created.content_id
  1476. assert res.json_body[0]['read_by_user'] is False
  1477. self.testapp.put(
  1478. '/api/v2/users/{user_id}/workspaces/{workspace_id}/contents/{content_id}/read'.format( # nopep8
  1479. workspace_id=workspace.workspace_id,
  1480. content_id=firstly_created.content_id,
  1481. user_id=test_user.user_id,
  1482. )
  1483. )
  1484. # after
  1485. res = self.testapp.get('/api/v2/users/{user_id}/workspaces/{workspace_id}/contents/read_status'.format( # nopep8
  1486. user_id=test_user.user_id,
  1487. workspace_id=workspace.workspace_id
  1488. ), status=200) # nopep8
  1489. assert res.json_body[0]['content_id'] == firstly_created.content_id
  1490. assert res.json_body[0]['read_by_user'] is True
  1491. # comment is also set as read
  1492. assert comments.has_new_information_for(test_user) is False
  1493. res = self.testapp.get('/api/v2/users/{user_id}/workspaces/{workspace_id}/contents/read_status'.format( # nopep8
  1494. user_id=admin.user_id,
  1495. workspace_id=workspace.workspace_id
  1496. ), status=200) # nopep8
  1497. assert res.json_body[0]['content_id'] == firstly_created.content_id
  1498. assert res.json_body[0]['read_by_user'] is False
  1499. # comment is also set as read
  1500. assert comments.has_new_information_for(admin) is True
  1501. class TestUserSetContentAsUnread(FunctionalTest):
  1502. """
  1503. Tests for /api/v2/users/{user_id}/workspaces/{workspace_id}/contents/{content_id}/unread # nopep8
  1504. """
  1505. def test_api_set_content_as_unread__ok__200__admin(self):
  1506. # init DB
  1507. dbsession = get_tm_session(self.session_factory, transaction.manager)
  1508. admin = dbsession.query(models.User) \
  1509. .filter(models.User.email == 'admin@admin.admin') \
  1510. .one()
  1511. workspace_api = WorkspaceApi(
  1512. current_user=admin,
  1513. session=dbsession,
  1514. config=self.app_config
  1515. )
  1516. workspace = WorkspaceApi(
  1517. current_user=admin,
  1518. session=dbsession,
  1519. config=self.app_config,
  1520. ).create_workspace(
  1521. 'test workspace',
  1522. save_now=True
  1523. )
  1524. uapi = UserApi(
  1525. current_user=admin,
  1526. session=dbsession,
  1527. config=self.app_config,
  1528. )
  1529. gapi = GroupApi(
  1530. current_user=admin,
  1531. session=dbsession,
  1532. config=self.app_config,
  1533. )
  1534. groups = [gapi.get_one_with_name('users')]
  1535. test_user = uapi.create_user(
  1536. email='test@test.test',
  1537. password='pass',
  1538. name='bob',
  1539. groups=groups,
  1540. timezone='Europe/Paris',
  1541. do_save=True,
  1542. do_notify=False,
  1543. )
  1544. rapi = RoleApi(
  1545. current_user=admin,
  1546. session=dbsession,
  1547. config=self.app_config,
  1548. )
  1549. rapi.create_one(test_user, workspace, UserRoleInWorkspace.READER, False)
  1550. api = ContentApi(
  1551. current_user=admin,
  1552. session=dbsession,
  1553. config=self.app_config,
  1554. )
  1555. api2 = ContentApi(
  1556. current_user=test_user,
  1557. session=dbsession,
  1558. config=self.app_config,
  1559. )
  1560. main_folder = api.create(CONTENT_TYPES.Folder.slug, workspace, None, 'this is randomized folder', '', True) # nopep8
  1561. # creation order test
  1562. firstly_created = api.create(CONTENT_TYPES.Page.slug, workspace, main_folder, 'creation_order_test', '', True) # nopep8
  1563. api.mark_read(firstly_created)
  1564. api2.mark_read(firstly_created)
  1565. dbsession.flush()
  1566. transaction.commit()
  1567. self.testapp.authorization = (
  1568. 'Basic',
  1569. (
  1570. 'admin@admin.admin',
  1571. 'admin@admin.admin'
  1572. )
  1573. )
  1574. # before
  1575. res = self.testapp.get('/api/v2/users/{user_id}/workspaces/{workspace_id}/contents/read_status'.format( # nopep8
  1576. user_id=test_user.user_id,
  1577. workspace_id=workspace.workspace_id
  1578. ), status=200)
  1579. assert res.json_body[0]['content_id'] == firstly_created.content_id
  1580. assert res.json_body[0]['read_by_user'] is True
  1581. res = self.testapp.get('/api/v2/users/{user_id}/workspaces/{workspace_id}/contents/read_status'.format( # nopep8
  1582. user_id=admin.user_id,
  1583. workspace_id=workspace.workspace_id
  1584. ), status=200)
  1585. assert res.json_body[0]['content_id'] == firstly_created.content_id
  1586. assert res.json_body[0]['read_by_user'] is True
  1587. # unread
  1588. self.testapp.put(
  1589. '/api/v2/users/{user_id}/workspaces/{workspace_id}/contents/{content_id}/unread'.format( # nopep8
  1590. workspace_id=workspace.workspace_id,
  1591. content_id=firstly_created.content_id,
  1592. user_id=test_user.user_id,
  1593. )
  1594. )
  1595. # after
  1596. res = self.testapp.get('/api/v2/users/{user_id}/workspaces/{workspace_id}/contents/read_status'.format( # nopep8
  1597. user_id=test_user.user_id,
  1598. workspace_id=workspace.workspace_id
  1599. ), status=200)
  1600. assert res.json_body[0]['content_id'] == firstly_created.content_id
  1601. assert res.json_body[0]['read_by_user'] is False
  1602. res = self.testapp.get('/api/v2/users/{user_id}/workspaces/{workspace_id}/contents/read_status'.format( # nopep8
  1603. user_id=admin.user_id,
  1604. workspace_id=workspace.workspace_id
  1605. ), status=200)
  1606. assert res.json_body[0]['content_id'] == firstly_created.content_id
  1607. assert res.json_body[0]['read_by_user'] is True
  1608. def test_api_set_content_as_unread__err__400__admin_workspace_do_not_exist(self):
  1609. # init DB
  1610. dbsession = get_tm_session(self.session_factory, transaction.manager)
  1611. admin = dbsession.query(models.User) \
  1612. .filter(models.User.email == 'admin@admin.admin') \
  1613. .one()
  1614. workspace_api = WorkspaceApi(
  1615. current_user=admin,
  1616. session=dbsession,
  1617. config=self.app_config
  1618. )
  1619. workspace = WorkspaceApi(
  1620. current_user=admin,
  1621. session=dbsession,
  1622. config=self.app_config,
  1623. ).create_workspace(
  1624. 'test workspace',
  1625. save_now=True
  1626. )
  1627. uapi = UserApi(
  1628. current_user=admin,
  1629. session=dbsession,
  1630. config=self.app_config,
  1631. )
  1632. gapi = GroupApi(
  1633. current_user=admin,
  1634. session=dbsession,
  1635. config=self.app_config,
  1636. )
  1637. groups = [gapi.get_one_with_name('users')]
  1638. test_user = uapi.create_user(
  1639. email='test@test.test',
  1640. password='pass',
  1641. name='bob',
  1642. groups=groups,
  1643. timezone='Europe/Paris',
  1644. do_save=True,
  1645. do_notify=False,
  1646. )
  1647. rapi = RoleApi(
  1648. current_user=admin,
  1649. session=dbsession,
  1650. config=self.app_config,
  1651. )
  1652. rapi.create_one(test_user, workspace, UserRoleInWorkspace.READER, False)
  1653. api = ContentApi(
  1654. current_user=admin,
  1655. session=dbsession,
  1656. config=self.app_config,
  1657. )
  1658. api2 = ContentApi(
  1659. current_user=test_user,
  1660. session=dbsession,
  1661. config=self.app_config,
  1662. )
  1663. main_folder = api.create(CONTENT_TYPES.Folder.slug, workspace, None, 'this is randomized folder', '', True) # nopep8
  1664. # creation order test
  1665. firstly_created = api.create(CONTENT_TYPES.Page.slug, workspace, main_folder, 'creation_order_test', '', True) # nopep8
  1666. api.mark_read(firstly_created)
  1667. api2.mark_read(firstly_created)
  1668. dbsession.flush()
  1669. transaction.commit()
  1670. self.testapp.authorization = (
  1671. 'Basic',
  1672. (
  1673. 'admin@admin.admin',
  1674. 'admin@admin.admin'
  1675. )
  1676. )
  1677. # unread
  1678. self.testapp.put(
  1679. '/api/v2/users/{user_id}/workspaces/{workspace_id}/contents/{content_id}/unread'.format( # nopep8
  1680. workspace_id=4000,
  1681. content_id=firstly_created.content_id,
  1682. user_id=test_user.user_id,
  1683. ),
  1684. status=400,
  1685. )
  1686. def test_api_set_content_as_unread__err__400__admin_content_do_not_exist(self):
  1687. # init DB
  1688. dbsession = get_tm_session(self.session_factory, transaction.manager)
  1689. admin = dbsession.query(models.User) \
  1690. .filter(models.User.email == 'admin@admin.admin') \
  1691. .one()
  1692. workspace_api = WorkspaceApi(
  1693. current_user=admin,
  1694. session=dbsession,
  1695. config=self.app_config
  1696. )
  1697. workspace = WorkspaceApi(
  1698. current_user=admin,
  1699. session=dbsession,
  1700. config=self.app_config,
  1701. ).create_workspace(
  1702. 'test workspace',
  1703. save_now=True
  1704. )
  1705. uapi = UserApi(
  1706. current_user=admin,
  1707. session=dbsession,
  1708. config=self.app_config,
  1709. )
  1710. gapi = GroupApi(
  1711. current_user=admin,
  1712. session=dbsession,
  1713. config=self.app_config,
  1714. )
  1715. groups = [gapi.get_one_with_name('users')]
  1716. test_user = uapi.create_user(
  1717. email='test@test.test',
  1718. password='pass',
  1719. name='bob',
  1720. groups=groups,
  1721. timezone='Europe/Paris',
  1722. do_save=True,
  1723. do_notify=False,
  1724. )
  1725. rapi = RoleApi(
  1726. current_user=admin,
  1727. session=dbsession,
  1728. config=self.app_config,
  1729. )
  1730. rapi.create_one(test_user, workspace, UserRoleInWorkspace.READER, False)
  1731. api = ContentApi(
  1732. current_user=admin,
  1733. session=dbsession,
  1734. config=self.app_config,
  1735. )
  1736. api2 = ContentApi(
  1737. current_user=test_user,
  1738. session=dbsession,
  1739. config=self.app_config,
  1740. )
  1741. main_folder = api.create(CONTENT_TYPES.Folder.slug, workspace, None, 'this is randomized folder', '', True) # nopep8
  1742. # creation order test
  1743. firstly_created = api.create(CONTENT_TYPES.Page.slug, workspace, main_folder, 'creation_order_test', '', True) # nopep8
  1744. api.mark_read(firstly_created)
  1745. api2.mark_read(firstly_created)
  1746. dbsession.flush()
  1747. transaction.commit()
  1748. self.testapp.authorization = (
  1749. 'Basic',
  1750. (
  1751. 'admin@admin.admin',
  1752. 'admin@admin.admin'
  1753. )
  1754. )
  1755. # unread
  1756. self.testapp.put(
  1757. '/api/v2/users/{user_id}/workspaces/{workspace_id}/contents/{content_id}/unread'.format( # nopep8
  1758. workspace_id=workspace.workspace_id,
  1759. content_id=4000,
  1760. user_id=test_user.user_id,
  1761. ),
  1762. status=400,
  1763. )
  1764. def test_api_set_content_as_unread__ok__200__user_itself(self):
  1765. # init DB
  1766. dbsession = get_tm_session(self.session_factory, transaction.manager)
  1767. admin = dbsession.query(models.User) \
  1768. .filter(models.User.email == 'admin@admin.admin') \
  1769. .one()
  1770. workspace_api = WorkspaceApi(
  1771. current_user=admin,
  1772. session=dbsession,
  1773. config=self.app_config
  1774. )
  1775. workspace = WorkspaceApi(
  1776. current_user=admin,
  1777. session=dbsession,
  1778. config=self.app_config,
  1779. ).create_workspace(
  1780. 'test workspace',
  1781. save_now=True
  1782. )
  1783. uapi = UserApi(
  1784. current_user=admin,
  1785. session=dbsession,
  1786. config=self.app_config,
  1787. )
  1788. gapi = GroupApi(
  1789. current_user=admin,
  1790. session=dbsession,
  1791. config=self.app_config,
  1792. )
  1793. groups = [gapi.get_one_with_name('users')]
  1794. test_user = uapi.create_user(
  1795. email='test@test.test',
  1796. password='pass',
  1797. name='bob',
  1798. groups=groups,
  1799. timezone='Europe/Paris',
  1800. do_save=True,
  1801. do_notify=False,
  1802. )
  1803. rapi = RoleApi(
  1804. current_user=admin,
  1805. session=dbsession,
  1806. config=self.app_config,
  1807. )
  1808. rapi.create_one(test_user, workspace, UserRoleInWorkspace.READER, False)
  1809. api = ContentApi(
  1810. current_user=admin,
  1811. session=dbsession,
  1812. config=self.app_config,
  1813. )
  1814. api2 = ContentApi(
  1815. current_user=test_user,
  1816. session=dbsession,
  1817. config=self.app_config,
  1818. )
  1819. main_folder = api.create(CONTENT_TYPES.Folder.slug, workspace, None, 'this is randomized folder', '', True) # nopep8
  1820. # creation order test
  1821. firstly_created = api.create(CONTENT_TYPES.Page.slug, workspace, main_folder, 'creation_order_test', '', True) # nopep8
  1822. api.mark_read(firstly_created)
  1823. api2.mark_read(firstly_created)
  1824. dbsession.flush()
  1825. transaction.commit()
  1826. self.testapp.authorization = (
  1827. 'Basic',
  1828. (
  1829. 'test@test.test',
  1830. 'pass'
  1831. )
  1832. )
  1833. # before
  1834. res = self.testapp.get('/api/v2/users/{user_id}/workspaces/{workspace_id}/contents/read_status'.format( # nopep8
  1835. user_id=test_user.user_id,
  1836. workspace_id=workspace.workspace_id
  1837. ), status=200)
  1838. assert res.json_body[0]['content_id'] == firstly_created.content_id
  1839. assert res.json_body[0]['read_by_user'] is True
  1840. # unread
  1841. self.testapp.put(
  1842. '/api/v2/users/{user_id}/workspaces/{workspace_id}/contents/{content_id}/unread'.format( # nopep8
  1843. workspace_id=workspace.workspace_id,
  1844. content_id=firstly_created.content_id,
  1845. user_id=test_user.user_id,
  1846. )
  1847. )
  1848. # after
  1849. res = self.testapp.get('/api/v2/users/{user_id}/workspaces/{workspace_id}/contents/read_status'.format( # nopep8
  1850. user_id=test_user.user_id,
  1851. workspace_id=workspace.workspace_id
  1852. ), status=200)
  1853. assert res.json_body[0]['content_id'] == firstly_created.content_id
  1854. assert res.json_body[0]['read_by_user'] is False
  1855. def test_api_set_content_as_unread__err__403__other_user(self):
  1856. # init DB
  1857. dbsession = get_tm_session(self.session_factory, transaction.manager)
  1858. admin = dbsession.query(models.User) \
  1859. .filter(models.User.email == 'admin@admin.admin') \
  1860. .one()
  1861. workspace_api = WorkspaceApi(
  1862. current_user=admin,
  1863. session=dbsession,
  1864. config=self.app_config
  1865. )
  1866. workspace = WorkspaceApi(
  1867. current_user=admin,
  1868. session=dbsession,
  1869. config=self.app_config,
  1870. ).create_workspace(
  1871. 'test workspace',
  1872. save_now=True
  1873. )
  1874. uapi = UserApi(
  1875. current_user=admin,
  1876. session=dbsession,
  1877. config=self.app_config,
  1878. )
  1879. gapi = GroupApi(
  1880. current_user=admin,
  1881. session=dbsession,
  1882. config=self.app_config,
  1883. )
  1884. groups = [gapi.get_one_with_name('users')]
  1885. test_user = uapi.create_user(
  1886. email='test@test.test',
  1887. password='pass',
  1888. name='bob',
  1889. groups=groups,
  1890. timezone='Europe/Paris',
  1891. do_save=True,
  1892. do_notify=False,
  1893. )
  1894. rapi = RoleApi(
  1895. current_user=admin,
  1896. session=dbsession,
  1897. config=self.app_config,
  1898. )
  1899. rapi.create_one(test_user, workspace, UserRoleInWorkspace.READER, False)
  1900. api = ContentApi(
  1901. current_user=admin,
  1902. session=dbsession,
  1903. config=self.app_config,
  1904. )
  1905. api2 = ContentApi(
  1906. current_user=test_user,
  1907. session=dbsession,
  1908. config=self.app_config,
  1909. )
  1910. main_folder = api.create(CONTENT_TYPES.Folder.slug, workspace, None, 'this is randomized folder', '', True) # nopep8
  1911. # creation order test
  1912. firstly_created = api.create(CONTENT_TYPES.Page.slug, workspace, main_folder, 'creation_order_test', '', True) # nopep8
  1913. api.mark_read(firstly_created)
  1914. api2.mark_read(firstly_created)
  1915. dbsession.flush()
  1916. transaction.commit()
  1917. self.testapp.authorization = (
  1918. 'Basic',
  1919. (
  1920. 'test@test.test',
  1921. 'pass'
  1922. )
  1923. )
  1924. # unread
  1925. self.testapp.put(
  1926. '/api/v2/users/{user_id}/workspaces/{workspace_id}/contents/{content_id}/unread'.format( # nopep8
  1927. workspace_id=workspace.workspace_id,
  1928. content_id=firstly_created.content_id,
  1929. user_id=admin.user_id,
  1930. ),
  1931. status=403,
  1932. )
  1933. def test_api_set_content_as_unread__ok__200__with_comments(self):
  1934. # init DB
  1935. dbsession = get_tm_session(self.session_factory, transaction.manager)
  1936. admin = dbsession.query(models.User) \
  1937. .filter(models.User.email == 'admin@admin.admin') \
  1938. .one()
  1939. workspace_api = WorkspaceApi(
  1940. current_user=admin,
  1941. session=dbsession,
  1942. config=self.app_config
  1943. )
  1944. workspace = WorkspaceApi(
  1945. current_user=admin,
  1946. session=dbsession,
  1947. config=self.app_config,
  1948. ).create_workspace(
  1949. 'test workspace',
  1950. save_now=True
  1951. )
  1952. api = ContentApi(
  1953. current_user=admin,
  1954. session=dbsession,
  1955. config=self.app_config,
  1956. )
  1957. main_folder = api.create(CONTENT_TYPES.Folder.slug, workspace, None, 'this is randomized folder', '', True) # nopep8
  1958. # creation order test
  1959. firstly_created = api.create(CONTENT_TYPES.Page.slug, workspace, main_folder, 'creation_order_test', '', True) # nopep8
  1960. comments = api.create_comment(workspace, firstly_created, 'juste a super comment', True) # nopep8
  1961. api.mark_read(firstly_created)
  1962. api.mark_read(comments)
  1963. dbsession.flush()
  1964. transaction.commit()
  1965. self.testapp.authorization = (
  1966. 'Basic',
  1967. (
  1968. 'admin@admin.admin',
  1969. 'admin@admin.admin'
  1970. )
  1971. )
  1972. res = self.testapp.get('/api/v2/users/1/workspaces/{}/contents/read_status'.format(workspace.workspace_id), status=200) # nopep8
  1973. assert res.json_body[0]['content_id'] == firstly_created.content_id
  1974. assert res.json_body[0]['read_by_user'] is True
  1975. self.testapp.put(
  1976. '/api/v2/users/{user_id}/workspaces/{workspace_id}/contents/{content_id}/unread'.format( # nopep8
  1977. workspace_id=workspace.workspace_id,
  1978. content_id=firstly_created.content_id,
  1979. user_id=admin.user_id,
  1980. )
  1981. )
  1982. res = self.testapp.get('/api/v2/users/1/workspaces/{}/contents/read_status'.format(workspace.workspace_id), status=200) # nopep8
  1983. assert res.json_body[0]['content_id'] == firstly_created.content_id
  1984. assert res.json_body[0]['read_by_user'] is False
  1985. assert comments.has_new_information_for(admin) is True
  1986. class TestUserSetWorkspaceAsRead(FunctionalTest):
  1987. """
  1988. Tests for /api/v2/users/{user_id}/workspaces/{workspace_id}/read
  1989. """
  1990. def test_api_set_content_as_read__ok__200__admin(self):
  1991. # init DB
  1992. dbsession = get_tm_session(self.session_factory, transaction.manager)
  1993. admin = dbsession.query(models.User) \
  1994. .filter(models.User.email == 'admin@admin.admin') \
  1995. .one()
  1996. workspace_api = WorkspaceApi(
  1997. current_user=admin,
  1998. session=dbsession,
  1999. config=self.app_config
  2000. )
  2001. workspace = WorkspaceApi(
  2002. current_user=admin,
  2003. session=dbsession,
  2004. config=self.app_config,
  2005. ).create_workspace(
  2006. 'test workspace',
  2007. save_now=True
  2008. )
  2009. uapi = UserApi(
  2010. current_user=admin,
  2011. session=dbsession,
  2012. config=self.app_config,
  2013. )
  2014. gapi = GroupApi(
  2015. current_user=admin,
  2016. session=dbsession,
  2017. config=self.app_config,
  2018. )
  2019. groups = [gapi.get_one_with_name('users')]
  2020. test_user = uapi.create_user(
  2021. email='test@test.test',
  2022. password='pass',
  2023. name='bob',
  2024. groups=groups,
  2025. timezone='Europe/Paris',
  2026. do_save=True,
  2027. do_notify=False,
  2028. )
  2029. rapi = RoleApi(
  2030. current_user=admin,
  2031. session=dbsession,
  2032. config=self.app_config,
  2033. )
  2034. rapi.create_one(test_user, workspace, UserRoleInWorkspace.READER, False)
  2035. api = ContentApi(
  2036. current_user=admin,
  2037. session=dbsession,
  2038. config=self.app_config,
  2039. )
  2040. api2 = ContentApi(
  2041. current_user=test_user,
  2042. session=dbsession,
  2043. config=self.app_config,
  2044. )
  2045. main_folder = api.create(CONTENT_TYPES.Folder.slug, workspace, None, 'this is randomized folder', '', True) # nopep8
  2046. # creation order test
  2047. firstly_created = api.create(CONTENT_TYPES.Page.slug, workspace, main_folder, 'creation_order_test', '', True) # nopep8
  2048. api.mark_unread(main_folder)
  2049. api.mark_unread(firstly_created)
  2050. api2.mark_unread(main_folder)
  2051. api2.mark_unread(firstly_created)
  2052. dbsession.flush()
  2053. transaction.commit()
  2054. self.testapp.authorization = (
  2055. 'Basic',
  2056. (
  2057. 'admin@admin.admin',
  2058. 'admin@admin.admin'
  2059. )
  2060. )
  2061. res = self.testapp.get('/api/v2/users/{user_id}/workspaces/{workspace_id}/contents/read_status'.format( # nopep8
  2062. user_id=test_user.user_id,
  2063. workspace_id=workspace.workspace_id
  2064. ), status=200)
  2065. assert res.json_body[0]['content_id'] == firstly_created.content_id
  2066. assert res.json_body[0]['read_by_user'] is False
  2067. assert res.json_body[1]['content_id'] == main_folder.content_id
  2068. assert res.json_body[1]['read_by_user'] is False
  2069. self.testapp.put(
  2070. '/api/v2/users/{user_id}/workspaces/{workspace_id}/read'.format( # nopep8
  2071. workspace_id=workspace.workspace_id,
  2072. content_id=firstly_created.content_id,
  2073. user_id=test_user.user_id,
  2074. )
  2075. )
  2076. res = self.testapp.get('/api/v2/users/{user_id}/workspaces/{workspace_id}/contents/read_status'.format( # nopep8
  2077. user_id=test_user.user_id,
  2078. workspace_id=workspace.workspace_id
  2079. ), status=200)
  2080. assert res.json_body[0]['content_id'] == firstly_created.content_id
  2081. assert res.json_body[0]['read_by_user'] is True
  2082. assert res.json_body[1]['content_id'] == main_folder.content_id
  2083. assert res.json_body[1]['read_by_user'] is True
  2084. def test_api_set_content_as_read__ok__200__user_itself(self):
  2085. # init DB
  2086. dbsession = get_tm_session(self.session_factory, transaction.manager)
  2087. admin = dbsession.query(models.User) \
  2088. .filter(models.User.email == 'admin@admin.admin') \
  2089. .one()
  2090. workspace_api = WorkspaceApi(
  2091. current_user=admin,
  2092. session=dbsession,
  2093. config=self.app_config
  2094. )
  2095. workspace = WorkspaceApi(
  2096. current_user=admin,
  2097. session=dbsession,
  2098. config=self.app_config,
  2099. ).create_workspace(
  2100. 'test workspace',
  2101. save_now=True
  2102. )
  2103. uapi = UserApi(
  2104. current_user=admin,
  2105. session=dbsession,
  2106. config=self.app_config,
  2107. )
  2108. gapi = GroupApi(
  2109. current_user=admin,
  2110. session=dbsession,
  2111. config=self.app_config,
  2112. )
  2113. groups = [gapi.get_one_with_name('users')]
  2114. test_user = uapi.create_user(
  2115. email='test@test.test',
  2116. password='pass',
  2117. name='bob',
  2118. groups=groups,
  2119. timezone='Europe/Paris',
  2120. do_save=True,
  2121. do_notify=False,
  2122. )
  2123. rapi = RoleApi(
  2124. current_user=admin,
  2125. session=dbsession,
  2126. config=self.app_config,
  2127. )
  2128. rapi.create_one(test_user, workspace, UserRoleInWorkspace.READER, False)
  2129. api = ContentApi(
  2130. current_user=admin,
  2131. session=dbsession,
  2132. config=self.app_config,
  2133. )
  2134. api2 = ContentApi(
  2135. current_user=test_user,
  2136. session=dbsession,
  2137. config=self.app_config,
  2138. )
  2139. main_folder = api.create(CONTENT_TYPES.Folder.slug, workspace, None, 'this is randomized folder', '', True) # nopep8
  2140. # creation order test
  2141. firstly_created = api.create(CONTENT_TYPES.Page.slug, workspace, main_folder, 'creation_order_test', '', True) # nopep8
  2142. api.mark_unread(main_folder)
  2143. api.mark_unread(firstly_created)
  2144. api2.mark_unread(main_folder)
  2145. api2.mark_unread(firstly_created)
  2146. dbsession.flush()
  2147. transaction.commit()
  2148. self.testapp.authorization = (
  2149. 'Basic',
  2150. (
  2151. 'test@test.test',
  2152. 'pass'
  2153. )
  2154. )
  2155. res = self.testapp.get('/api/v2/users/{user_id}/workspaces/{workspace_id}/contents/read_status'.format( # nopep8
  2156. user_id=test_user.user_id,
  2157. workspace_id=workspace.workspace_id
  2158. ), status=200)
  2159. assert res.json_body[0]['content_id'] == firstly_created.content_id
  2160. assert res.json_body[0]['read_by_user'] is False
  2161. assert res.json_body[1]['content_id'] == main_folder.content_id
  2162. assert res.json_body[1]['read_by_user'] is False
  2163. self.testapp.put(
  2164. '/api/v2/users/{user_id}/workspaces/{workspace_id}/read'.format( # nopep8
  2165. workspace_id=workspace.workspace_id,
  2166. content_id=firstly_created.content_id,
  2167. user_id=test_user.user_id,
  2168. )
  2169. )
  2170. res = self.testapp.get('/api/v2/users/{user_id}/workspaces/{workspace_id}/contents/read_status'.format( # nopep8
  2171. user_id=test_user.user_id,
  2172. workspace_id=workspace.workspace_id
  2173. ), status=200)
  2174. assert res.json_body[0]['content_id'] == firstly_created.content_id
  2175. assert res.json_body[0]['read_by_user'] is True
  2176. assert res.json_body[1]['content_id'] == main_folder.content_id
  2177. assert res.json_body[1]['read_by_user'] is True
  2178. def test_api_set_content_as_read__err__403__other_user(self):
  2179. # init DB
  2180. dbsession = get_tm_session(self.session_factory, transaction.manager)
  2181. admin = dbsession.query(models.User) \
  2182. .filter(models.User.email == 'admin@admin.admin') \
  2183. .one()
  2184. workspace_api = WorkspaceApi(
  2185. current_user=admin,
  2186. session=dbsession,
  2187. config=self.app_config
  2188. )
  2189. workspace = WorkspaceApi(
  2190. current_user=admin,
  2191. session=dbsession,
  2192. config=self.app_config,
  2193. ).create_workspace(
  2194. 'test workspace',
  2195. save_now=True
  2196. )
  2197. uapi = UserApi(
  2198. current_user=admin,
  2199. session=dbsession,
  2200. config=self.app_config,
  2201. )
  2202. gapi = GroupApi(
  2203. current_user=admin,
  2204. session=dbsession,
  2205. config=self.app_config,
  2206. )
  2207. groups = [gapi.get_one_with_name('users')]
  2208. test_user = uapi.create_user(
  2209. email='test@test.test',
  2210. password='pass',
  2211. name='bob',
  2212. groups=groups,
  2213. timezone='Europe/Paris',
  2214. do_save=True,
  2215. do_notify=False,
  2216. )
  2217. rapi = RoleApi(
  2218. current_user=admin,
  2219. session=dbsession,
  2220. config=self.app_config,
  2221. )
  2222. rapi.create_one(test_user, workspace, UserRoleInWorkspace.READER, False)
  2223. api = ContentApi(
  2224. current_user=admin,
  2225. session=dbsession,
  2226. config=self.app_config,
  2227. )
  2228. api2 = ContentApi(
  2229. current_user=test_user,
  2230. session=dbsession,
  2231. config=self.app_config,
  2232. )
  2233. main_folder = api.create(CONTENT_TYPES.Folder.slug, workspace, None, 'this is randomized folder', '', True) # nopep8
  2234. # creation order test
  2235. firstly_created = api.create(CONTENT_TYPES.Page.slug, workspace, main_folder, 'creation_order_test', '', True) # nopep8
  2236. api.mark_unread(main_folder)
  2237. api.mark_unread(firstly_created)
  2238. api2.mark_unread(main_folder)
  2239. api2.mark_unread(firstly_created)
  2240. dbsession.flush()
  2241. transaction.commit()
  2242. self.testapp.authorization = (
  2243. 'Basic',
  2244. (
  2245. 'test@test.test',
  2246. 'pass'
  2247. )
  2248. )
  2249. self.testapp.put(
  2250. '/api/v2/users/{user_id}/workspaces/{workspace_id}/read'.format( # nopep8
  2251. workspace_id=workspace.workspace_id,
  2252. content_id=firstly_created.content_id,
  2253. user_id=admin.user_id,
  2254. ),
  2255. status=403,
  2256. )
  2257. class TestUserWorkspaceEndpoint(FunctionalTest):
  2258. """
  2259. Tests for /api/v2/users/{user_id}/workspaces
  2260. """
  2261. fixtures = [BaseFixture, ContentFixtures]
  2262. def test_api__get_user_workspaces__ok_200__nominal_case(self):
  2263. """
  2264. Check obtain all workspaces reachables for user with user auth.
  2265. """
  2266. dbsession = get_tm_session(self.session_factory, transaction.manager)
  2267. admin = dbsession.query(models.User) \
  2268. .filter(models.User.email == 'admin@admin.admin') \
  2269. .one()
  2270. workspace_api = WorkspaceApi(
  2271. session=dbsession,
  2272. current_user=admin,
  2273. config=self.app_config,
  2274. )
  2275. workspace = workspace_api.get_one(1)
  2276. app_api = ApplicationApi(
  2277. APP_LIST
  2278. )
  2279. default_sidebar_entry = app_api.get_default_workspace_menu_entry(workspace=workspace) # nope8
  2280. self.testapp.authorization = (
  2281. 'Basic',
  2282. (
  2283. 'admin@admin.admin',
  2284. 'admin@admin.admin'
  2285. )
  2286. )
  2287. res = self.testapp.get('/api/v2/users/1/workspaces', status=200)
  2288. res = res.json_body
  2289. workspace = res[0]
  2290. assert workspace['workspace_id'] == 1
  2291. assert workspace['label'] == 'Business'
  2292. assert workspace['slug'] == 'business'
  2293. assert workspace['is_deleted'] is False
  2294. assert len(workspace['sidebar_entries']) == len(default_sidebar_entry)
  2295. for counter, sidebar_entry in enumerate(default_sidebar_entry):
  2296. workspace['sidebar_entries'][counter]['slug'] = sidebar_entry.slug
  2297. workspace['sidebar_entries'][counter]['label'] = sidebar_entry.label
  2298. workspace['sidebar_entries'][counter]['route'] = sidebar_entry.route
  2299. workspace['sidebar_entries'][counter]['hexcolor'] = sidebar_entry.hexcolor # nopep8
  2300. workspace['sidebar_entries'][counter]['fa_icon'] = sidebar_entry.fa_icon # nopep8
  2301. def test_api__get_user_workspaces__err_403__unallowed_user(self):
  2302. """
  2303. Check obtain all workspaces reachables for one user
  2304. with another non-admin user auth.
  2305. """
  2306. self.testapp.authorization = (
  2307. 'Basic',
  2308. (
  2309. 'lawrence-not-real-email@fsf.local',
  2310. 'foobarbaz'
  2311. )
  2312. )
  2313. res = self.testapp.get('/api/v2/users/1/workspaces', status=403)
  2314. assert isinstance(res.json, dict)
  2315. assert 'code' in res.json.keys()
  2316. assert 'message' in res.json.keys()
  2317. assert 'details' in res.json.keys()
  2318. def test_api__get_user_workspaces__err_401__unregistered_user(self):
  2319. """
  2320. Check obtain all workspaces reachables for one user
  2321. without correct user auth (user unregistered).
  2322. """
  2323. self.testapp.authorization = (
  2324. 'Basic',
  2325. (
  2326. 'john@doe.doe',
  2327. 'lapin'
  2328. )
  2329. )
  2330. res = self.testapp.get('/api/v2/users/1/workspaces', status=401)
  2331. assert isinstance(res.json, dict)
  2332. assert 'code' in res.json.keys()
  2333. assert 'message' in res.json.keys()
  2334. assert 'details' in res.json.keys()
  2335. def test_api__get_user_workspaces__err_400__user_does_not_exist(self):
  2336. """
  2337. Check obtain all workspaces reachables for one user who does
  2338. not exist
  2339. with a correct user auth.
  2340. """
  2341. self.testapp.authorization = (
  2342. 'Basic',
  2343. (
  2344. 'admin@admin.admin',
  2345. 'admin@admin.admin'
  2346. )
  2347. )
  2348. res = self.testapp.get('/api/v2/users/5/workspaces', status=400)
  2349. assert isinstance(res.json, dict)
  2350. assert 'code' in res.json.keys()
  2351. assert 'message' in res.json.keys()
  2352. assert 'details' in res.json.keys()
  2353. class TestUserEndpoint(FunctionalTest):
  2354. # -*- coding: utf-8 -*-
  2355. """
  2356. Tests for GET /api/v2/users/{user_id}
  2357. """
  2358. fixtures = [BaseFixture]
  2359. def test_api__get_user__ok_200__admin(self):
  2360. dbsession = get_tm_session(self.session_factory, transaction.manager)
  2361. admin = dbsession.query(models.User) \
  2362. .filter(models.User.email == 'admin@admin.admin') \
  2363. .one()
  2364. uapi = UserApi(
  2365. current_user=admin,
  2366. session=dbsession,
  2367. config=self.app_config,
  2368. )
  2369. gapi = GroupApi(
  2370. current_user=admin,
  2371. session=dbsession,
  2372. config=self.app_config,
  2373. )
  2374. groups = [gapi.get_one_with_name('users')]
  2375. test_user = uapi.create_user(
  2376. email='test@test.test',
  2377. password='pass',
  2378. name='bob',
  2379. groups=groups,
  2380. timezone='Europe/Paris',
  2381. do_save=True,
  2382. do_notify=False,
  2383. )
  2384. uapi.save(test_user)
  2385. transaction.commit()
  2386. user_id = int(test_user.user_id)
  2387. self.testapp.authorization = (
  2388. 'Basic',
  2389. (
  2390. 'admin@admin.admin',
  2391. 'admin@admin.admin'
  2392. )
  2393. )
  2394. res = self.testapp.get(
  2395. '/api/v2/users/{}'.format(user_id),
  2396. status=200
  2397. )
  2398. res = res.json_body
  2399. assert res['user_id'] == user_id
  2400. assert res['created']
  2401. assert res['is_active'] is True
  2402. assert res['profile'] == 'users'
  2403. assert res['email'] == 'test@test.test'
  2404. assert res['public_name'] == 'bob'
  2405. assert res['timezone'] == 'Europe/Paris'
  2406. assert res['is_deleted'] is False
  2407. def test_api__get_user__ok_200__user_itself(self):
  2408. dbsession = get_tm_session(self.session_factory, transaction.manager)
  2409. admin = dbsession.query(models.User) \
  2410. .filter(models.User.email == 'admin@admin.admin') \
  2411. .one()
  2412. uapi = UserApi(
  2413. current_user=admin,
  2414. session=dbsession,
  2415. config=self.app_config,
  2416. )
  2417. gapi = GroupApi(
  2418. current_user=admin,
  2419. session=dbsession,
  2420. config=self.app_config,
  2421. )
  2422. groups = [gapi.get_one_with_name('users')]
  2423. test_user = uapi.create_user(
  2424. email='test@test.test',
  2425. password='pass',
  2426. name='bob',
  2427. groups=groups,
  2428. timezone='Europe/Paris',
  2429. do_save=True,
  2430. do_notify=False,
  2431. )
  2432. uapi.save(test_user)
  2433. transaction.commit()
  2434. user_id = int(test_user.user_id)
  2435. self.testapp.authorization = (
  2436. 'Basic',
  2437. (
  2438. 'test@test.test',
  2439. 'pass'
  2440. )
  2441. )
  2442. res = self.testapp.get(
  2443. '/api/v2/users/{}'.format(user_id),
  2444. status=200
  2445. )
  2446. res = res.json_body
  2447. assert res['user_id'] == user_id
  2448. assert res['created']
  2449. assert res['is_active'] is True
  2450. assert res['profile'] == 'users'
  2451. assert res['email'] == 'test@test.test'
  2452. assert res['public_name'] == 'bob'
  2453. assert res['timezone'] == 'Europe/Paris'
  2454. assert res['is_deleted'] is False
  2455. def test_api__get_user__err_403__other_normal_user(self):
  2456. dbsession = get_tm_session(self.session_factory, transaction.manager)
  2457. admin = dbsession.query(models.User) \
  2458. .filter(models.User.email == 'admin@admin.admin') \
  2459. .one()
  2460. uapi = UserApi(
  2461. current_user=admin,
  2462. session=dbsession,
  2463. config=self.app_config,
  2464. )
  2465. gapi = GroupApi(
  2466. current_user=admin,
  2467. session=dbsession,
  2468. config=self.app_config,
  2469. )
  2470. groups = [gapi.get_one_with_name('users')]
  2471. test_user = uapi.create_user(
  2472. email='test@test.test',
  2473. password='pass',
  2474. name='bob',
  2475. groups=groups,
  2476. timezone='Europe/Paris',
  2477. do_save=True,
  2478. do_notify=False,
  2479. )
  2480. test_user2 = uapi.create_user(
  2481. email='test2@test2.test2',
  2482. password='pass',
  2483. name='bob2',
  2484. groups=groups,
  2485. timezone='Europe/Paris',
  2486. do_save=True,
  2487. do_notify=False,
  2488. )
  2489. uapi.save(test_user2)
  2490. uapi.save(test_user)
  2491. transaction.commit()
  2492. user_id = int(test_user.user_id)
  2493. self.testapp.authorization = (
  2494. 'Basic',
  2495. (
  2496. 'test2@test2.test2',
  2497. 'pass'
  2498. )
  2499. )
  2500. self.testapp.get(
  2501. '/api/v2/users/{}'.format(user_id),
  2502. status=403
  2503. )
  2504. def test_api__create_user__ok_200__full_admin(self):
  2505. self.testapp.authorization = (
  2506. 'Basic',
  2507. (
  2508. 'admin@admin.admin',
  2509. 'admin@admin.admin'
  2510. )
  2511. )
  2512. params = {
  2513. 'email': 'test@test.test',
  2514. 'password': 'mysuperpassword',
  2515. 'profile': 'users',
  2516. 'timezone': 'Europe/Paris',
  2517. 'public_name': 'test user',
  2518. 'email_notification': False,
  2519. }
  2520. res = self.testapp.post_json(
  2521. '/api/v2/users',
  2522. status=200,
  2523. params=params,
  2524. )
  2525. res = res.json_body
  2526. assert res['user_id']
  2527. user_id = res['user_id']
  2528. assert res['created']
  2529. assert res['is_active'] is True
  2530. assert res['profile'] == 'users'
  2531. assert res['email'] == 'test@test.test'
  2532. assert res['public_name'] == 'test user'
  2533. assert res['timezone'] == 'Europe/Paris'
  2534. dbsession = get_tm_session(self.session_factory, transaction.manager)
  2535. admin = dbsession.query(models.User) \
  2536. .filter(models.User.email == 'admin@admin.admin') \
  2537. .one()
  2538. uapi = UserApi(
  2539. current_user=admin,
  2540. session=dbsession,
  2541. config=self.app_config,
  2542. )
  2543. user = uapi.get_one(user_id)
  2544. assert user.email == 'test@test.test'
  2545. assert user.validate_password('mysuperpassword')
  2546. def test_api__create_user__ok_200__limited_admin(self):
  2547. self.testapp.authorization = (
  2548. 'Basic',
  2549. (
  2550. 'admin@admin.admin',
  2551. 'admin@admin.admin'
  2552. )
  2553. )
  2554. params = {
  2555. 'email': 'test@test.test',
  2556. 'email_notification': False,
  2557. }
  2558. res = self.testapp.post_json(
  2559. '/api/v2/users',
  2560. status=200,
  2561. params=params,
  2562. )
  2563. res = res.json_body
  2564. assert res['user_id']
  2565. user_id = res['user_id']
  2566. assert res['created']
  2567. assert res['is_active'] is True
  2568. assert res['profile'] == 'users'
  2569. assert res['email'] == 'test@test.test'
  2570. assert res['public_name'] == 'test'
  2571. assert res['timezone'] == ''
  2572. dbsession = get_tm_session(self.session_factory, transaction.manager)
  2573. admin = dbsession.query(models.User) \
  2574. .filter(models.User.email == 'admin@admin.admin') \
  2575. .one()
  2576. uapi = UserApi(
  2577. current_user=admin,
  2578. session=dbsession,
  2579. config=self.app_config,
  2580. )
  2581. user = uapi.get_one(user_id)
  2582. assert user.email == 'test@test.test'
  2583. assert user.password
  2584. def test_api__create_user__err_400__email_already_in_db(self):
  2585. dbsession = get_tm_session(self.session_factory, transaction.manager)
  2586. admin = dbsession.query(models.User) \
  2587. .filter(models.User.email == 'admin@admin.admin') \
  2588. .one()
  2589. uapi = UserApi(
  2590. current_user=admin,
  2591. session=dbsession,
  2592. config=self.app_config,
  2593. )
  2594. gapi = GroupApi(
  2595. current_user=admin,
  2596. session=dbsession,
  2597. config=self.app_config,
  2598. )
  2599. groups = [gapi.get_one_with_name('users')]
  2600. test_user = uapi.create_user(
  2601. email='test@test.test',
  2602. password='pass',
  2603. name='bob',
  2604. groups=groups,
  2605. timezone='Europe/Paris',
  2606. do_save=True,
  2607. do_notify=False,
  2608. )
  2609. uapi.save(test_user)
  2610. transaction.commit()
  2611. self.testapp.authorization = (
  2612. 'Basic',
  2613. (
  2614. 'admin@admin.admin',
  2615. 'admin@admin.admin'
  2616. )
  2617. )
  2618. params = {
  2619. 'email': 'test@test.test',
  2620. 'password': 'mysuperpassword',
  2621. 'profile': 'users',
  2622. 'timezone': 'Europe/Paris',
  2623. 'public_name': 'test user',
  2624. 'email_notification': False,
  2625. }
  2626. res = self.testapp.post_json(
  2627. '/api/v2/users',
  2628. status=400,
  2629. params=params,
  2630. )
  2631. def test_api__create_user__err_403__other_user(self):
  2632. dbsession = get_tm_session(self.session_factory, transaction.manager)
  2633. admin = dbsession.query(models.User) \
  2634. .filter(models.User.email == 'admin@admin.admin') \
  2635. .one()
  2636. uapi = UserApi(
  2637. current_user=admin,
  2638. session=dbsession,
  2639. config=self.app_config,
  2640. )
  2641. gapi = GroupApi(
  2642. current_user=admin,
  2643. session=dbsession,
  2644. config=self.app_config,
  2645. )
  2646. groups = [gapi.get_one_with_name('users')]
  2647. test_user = uapi.create_user(
  2648. email='test@test.test',
  2649. password='pass',
  2650. name='bob',
  2651. groups=groups,
  2652. timezone='Europe/Paris',
  2653. do_save=True,
  2654. do_notify=False,
  2655. )
  2656. uapi.save(test_user)
  2657. transaction.commit()
  2658. self.testapp.authorization = (
  2659. 'Basic',
  2660. (
  2661. 'test@test.test',
  2662. 'pass',
  2663. )
  2664. )
  2665. params = {
  2666. 'email': 'test2@test2.test2',
  2667. 'password': 'mysuperpassword',
  2668. 'profile': 'users',
  2669. 'timezone': 'Europe/Paris',
  2670. 'public_name': 'test user',
  2671. 'email_notification': False,
  2672. }
  2673. res = self.testapp.post_json(
  2674. '/api/v2/users',
  2675. status=403,
  2676. params=params,
  2677. )
  2678. class TestUserWithNotificationEndpoint(FunctionalTest):
  2679. """
  2680. Tests for POST /api/v2/users/{user_id}
  2681. """
  2682. config_section = 'functional_test_with_mail_test_sync'
  2683. def test_api__create_user__ok_200__full_admin_with_notif(self):
  2684. requests.delete('http://127.0.0.1:8025/api/v1/messages')
  2685. self.testapp.authorization = (
  2686. 'Basic',
  2687. (
  2688. 'admin@admin.admin',
  2689. 'admin@admin.admin'
  2690. )
  2691. )
  2692. params = {
  2693. 'email': 'test@test.test',
  2694. 'password': 'mysuperpassword',
  2695. 'profile': 'users',
  2696. 'timezone': 'Europe/Paris',
  2697. 'public_name': 'test user',
  2698. 'email_notification': True,
  2699. }
  2700. res = self.testapp.post_json(
  2701. '/api/v2/users',
  2702. status=200,
  2703. params=params,
  2704. )
  2705. res = res.json_body
  2706. assert res['user_id']
  2707. user_id = res['user_id']
  2708. assert res['created']
  2709. assert res['is_active'] is True
  2710. assert res['profile'] == 'users'
  2711. assert res['email'] == 'test@test.test'
  2712. assert res['public_name'] == 'test user'
  2713. assert res['timezone'] == 'Europe/Paris'
  2714. dbsession = get_tm_session(self.session_factory, transaction.manager)
  2715. admin = dbsession.query(models.User) \
  2716. .filter(models.User.email == 'admin@admin.admin') \
  2717. .one()
  2718. uapi = UserApi(
  2719. current_user=admin,
  2720. session=dbsession,
  2721. config=self.app_config,
  2722. )
  2723. user = uapi.get_one(user_id)
  2724. assert user.email == 'test@test.test'
  2725. assert user.validate_password('mysuperpassword')
  2726. # check mail received
  2727. response = requests.get('http://127.0.0.1:8025/api/v1/messages')
  2728. response = response.json()
  2729. assert len(response) == 1
  2730. headers = response[0]['Content']['Headers']
  2731. assert headers['From'][0] == 'Tracim Notifications <test_user_from+0@localhost>' # nopep8
  2732. assert headers['To'][0] == 'test user <test@test.test>'
  2733. assert headers['Subject'][0] == '[TRACIM] Created account'
  2734. # TODO - G.M - 2018-08-02 - Place cleanup outside of the test
  2735. requests.delete('http://127.0.0.1:8025/api/v1/messages')
  2736. def test_api__create_user__ok_200__limited_admin_with_notif(self):
  2737. requests.delete('http://127.0.0.1:8025/api/v1/messages')
  2738. self.testapp.authorization = (
  2739. 'Basic',
  2740. (
  2741. 'admin@admin.admin',
  2742. 'admin@admin.admin'
  2743. )
  2744. )
  2745. params = {
  2746. 'email': 'test@test.test',
  2747. 'email_notification': True,
  2748. }
  2749. res = self.testapp.post_json(
  2750. '/api/v2/users',
  2751. status=200,
  2752. params=params,
  2753. )
  2754. res = res.json_body
  2755. assert res['user_id']
  2756. user_id = res['user_id']
  2757. assert res['created']
  2758. assert res['is_active'] is True
  2759. assert res['profile'] == 'users'
  2760. assert res['email'] == 'test@test.test'
  2761. assert res['public_name'] == 'test'
  2762. assert res['timezone'] == ''
  2763. dbsession = get_tm_session(self.session_factory, transaction.manager)
  2764. admin = dbsession.query(models.User) \
  2765. .filter(models.User.email == 'admin@admin.admin') \
  2766. .one()
  2767. uapi = UserApi(
  2768. current_user=admin,
  2769. session=dbsession,
  2770. config=self.app_config,
  2771. )
  2772. user = uapi.get_one(user_id)
  2773. assert user.email == 'test@test.test'
  2774. assert user.password
  2775. # check mail received
  2776. response = requests.get('http://127.0.0.1:8025/api/v1/messages')
  2777. response = response.json()
  2778. assert len(response) == 1
  2779. headers = response[0]['Content']['Headers']
  2780. assert headers['From'][0] == 'Tracim Notifications <test_user_from+0@localhost>' # nopep8
  2781. assert headers['To'][0] == 'test <test@test.test>'
  2782. assert headers['Subject'][0] == '[TRACIM] Created account'
  2783. # TODO - G.M - 2018-08-02 - Place cleanup outside of the test
  2784. requests.delete('http://127.0.0.1:8025/api/v1/messages')
  2785. def test_api_delete_user__ok_200__admin(self):
  2786. dbsession = get_tm_session(self.session_factory, transaction.manager)
  2787. admin = dbsession.query(models.User) \
  2788. .filter(models.User.email == 'admin@admin.admin') \
  2789. .one()
  2790. uapi = UserApi(
  2791. current_user=admin,
  2792. session=dbsession,
  2793. config=self.app_config,
  2794. )
  2795. gapi = GroupApi(
  2796. current_user=admin,
  2797. session=dbsession,
  2798. config=self.app_config,
  2799. )
  2800. groups = [gapi.get_one_with_name('users')]
  2801. test_user = uapi.create_user(
  2802. email='test@test.test',
  2803. password='pass',
  2804. name='bob',
  2805. groups=groups,
  2806. timezone='Europe/Paris',
  2807. do_save=True,
  2808. do_notify=False,
  2809. )
  2810. uapi.save(test_user)
  2811. transaction.commit()
  2812. user_id = int(test_user.user_id)
  2813. self.testapp.authorization = (
  2814. 'Basic',
  2815. (
  2816. 'admin@admin.admin',
  2817. 'admin@admin.admin'
  2818. )
  2819. )
  2820. self.testapp.put(
  2821. '/api/v2/users/{}/delete'.format(user_id),
  2822. status=204
  2823. )
  2824. res = self.testapp.get(
  2825. '/api/v2/users/{}'.format(user_id),
  2826. status=200
  2827. ).json_body
  2828. assert res['is_deleted'] is True
  2829. class TestUsersEndpoint(FunctionalTest):
  2830. # -*- coding: utf-8 -*-
  2831. """
  2832. Tests for GET /api/v2/users/{user_id}
  2833. """
  2834. fixtures = [BaseFixture]
  2835. def test_api__get_user__ok_200__admin(self):
  2836. dbsession = get_tm_session(self.session_factory, transaction.manager)
  2837. admin = dbsession.query(models.User) \
  2838. .filter(models.User.email == 'admin@admin.admin') \
  2839. .one()
  2840. uapi = UserApi(
  2841. current_user=admin,
  2842. session=dbsession,
  2843. config=self.app_config,
  2844. )
  2845. gapi = GroupApi(
  2846. current_user=admin,
  2847. session=dbsession,
  2848. config=self.app_config,
  2849. )
  2850. groups = [gapi.get_one_with_name('users')]
  2851. test_user = uapi.create_user(
  2852. email='test@test.test',
  2853. password='pass',
  2854. name='bob',
  2855. groups=groups,
  2856. timezone='Europe/Paris',
  2857. do_save=True,
  2858. do_notify=False,
  2859. )
  2860. uapi.save(test_user)
  2861. transaction.commit()
  2862. user_id = int(test_user.user_id)
  2863. self.testapp.authorization = (
  2864. 'Basic',
  2865. (
  2866. 'admin@admin.admin',
  2867. 'admin@admin.admin'
  2868. )
  2869. )
  2870. res = self.testapp.get(
  2871. '/api/v2/users',
  2872. status=200
  2873. )
  2874. res = res.json_body
  2875. assert len(res) == 2
  2876. assert res[0]['user_id'] == admin.user_id
  2877. assert res[0]['public_name'] == admin.display_name
  2878. assert res[0]['avatar_url'] is None
  2879. assert res[1]['user_id'] == test_user.user_id
  2880. assert res[1]['public_name'] == test_user.display_name
  2881. assert res[1]['avatar_url'] is None
  2882. def test_api__get_user__err_403__normal_user(self):
  2883. dbsession = get_tm_session(self.session_factory, transaction.manager)
  2884. admin = dbsession.query(models.User) \
  2885. .filter(models.User.email == 'admin@admin.admin') \
  2886. .one()
  2887. uapi = UserApi(
  2888. current_user=admin,
  2889. session=dbsession,
  2890. config=self.app_config,
  2891. )
  2892. gapi = GroupApi(
  2893. current_user=admin,
  2894. session=dbsession,
  2895. config=self.app_config,
  2896. )
  2897. groups = [gapi.get_one_with_name('users')]
  2898. test_user = uapi.create_user(
  2899. email='test@test.test',
  2900. password='pass',
  2901. name='bob',
  2902. groups=groups,
  2903. timezone='Europe/Paris',
  2904. do_save=True,
  2905. do_notify=False,
  2906. )
  2907. uapi.save(test_user)
  2908. transaction.commit()
  2909. user_id = int(test_user.user_id)
  2910. self.testapp.authorization = (
  2911. 'Basic',
  2912. (
  2913. 'test@test.test',
  2914. 'pass'
  2915. )
  2916. )
  2917. self.testapp.get(
  2918. '/api/v2/users',
  2919. status=403
  2920. )
  2921. class TestKnownMembersEndpoint(FunctionalTest):
  2922. # -*- coding: utf-8 -*-
  2923. """
  2924. Tests for GET /api/v2/users/{user_id}
  2925. """
  2926. fixtures = [BaseFixture]
  2927. def test_api__get_user__ok_200__admin__by_name(self):
  2928. dbsession = get_tm_session(self.session_factory, transaction.manager)
  2929. admin = dbsession.query(models.User) \
  2930. .filter(models.User.email == 'admin@admin.admin') \
  2931. .one()
  2932. uapi = UserApi(
  2933. current_user=admin,
  2934. session=dbsession,
  2935. config=self.app_config,
  2936. )
  2937. gapi = GroupApi(
  2938. current_user=admin,
  2939. session=dbsession,
  2940. config=self.app_config,
  2941. )
  2942. groups = [gapi.get_one_with_name('users')]
  2943. test_user = uapi.create_user(
  2944. email='test@test.test',
  2945. password='pass',
  2946. name='bob',
  2947. groups=groups,
  2948. timezone='Europe/Paris',
  2949. do_save=True,
  2950. do_notify=False,
  2951. )
  2952. test_user2 = uapi.create_user(
  2953. email='test2@test2.test2',
  2954. password='pass',
  2955. name='bob2',
  2956. groups=groups,
  2957. timezone='Europe/Paris',
  2958. do_save=True,
  2959. do_notify=False,
  2960. )
  2961. uapi.save(test_user)
  2962. uapi.save(test_user2)
  2963. transaction.commit()
  2964. user_id = int(admin.user_id)
  2965. self.testapp.authorization = (
  2966. 'Basic',
  2967. (
  2968. 'admin@admin.admin',
  2969. 'admin@admin.admin'
  2970. )
  2971. )
  2972. params = {
  2973. 'acp': 'bob',
  2974. }
  2975. res = self.testapp.get(
  2976. '/api/v2/users/{user_id}/known_members'.format(user_id=user_id),
  2977. status=200,
  2978. params=params,
  2979. )
  2980. res = res.json_body
  2981. assert len(res) == 2
  2982. assert res[0]['user_id'] == test_user.user_id
  2983. assert res[0]['public_name'] == test_user.display_name
  2984. assert res[0]['avatar_url'] is None
  2985. assert res[1]['user_id'] == test_user2.user_id
  2986. assert res[1]['public_name'] == test_user2.display_name
  2987. assert res[1]['avatar_url'] is None
  2988. def test_api__get_user__ok_200__admin__by_email(self):
  2989. dbsession = get_tm_session(self.session_factory, transaction.manager)
  2990. admin = dbsession.query(models.User) \
  2991. .filter(models.User.email == 'admin@admin.admin') \
  2992. .one()
  2993. uapi = UserApi(
  2994. current_user=admin,
  2995. session=dbsession,
  2996. config=self.app_config,
  2997. )
  2998. gapi = GroupApi(
  2999. current_user=admin,
  3000. session=dbsession,
  3001. config=self.app_config,
  3002. )
  3003. groups = [gapi.get_one_with_name('users')]
  3004. test_user = uapi.create_user(
  3005. email='test@test.test',
  3006. password='pass',
  3007. name='bob',
  3008. groups=groups,
  3009. timezone='Europe/Paris',
  3010. do_save=True,
  3011. do_notify=False,
  3012. )
  3013. test_user2 = uapi.create_user(
  3014. email='test2@test2.test2',
  3015. password='pass',
  3016. name='bob2',
  3017. groups=groups,
  3018. timezone='Europe/Paris',
  3019. do_save=True,
  3020. do_notify=False,
  3021. )
  3022. uapi.save(test_user)
  3023. uapi.save(test_user2)
  3024. transaction.commit()
  3025. user_id = int(admin.user_id)
  3026. self.testapp.authorization = (
  3027. 'Basic',
  3028. (
  3029. 'admin@admin.admin',
  3030. 'admin@admin.admin'
  3031. )
  3032. )
  3033. params = {
  3034. 'acp': 'test',
  3035. }
  3036. res = self.testapp.get(
  3037. '/api/v2/users/{user_id}/known_members'.format(user_id=user_id),
  3038. status=200,
  3039. params=params,
  3040. )
  3041. res = res.json_body
  3042. assert len(res) == 2
  3043. assert res[0]['user_id'] == test_user.user_id
  3044. assert res[0]['public_name'] == test_user.display_name
  3045. assert res[0]['avatar_url'] is None
  3046. assert res[1]['user_id'] == test_user2.user_id
  3047. assert res[1]['public_name'] == test_user2.display_name
  3048. assert res[1]['avatar_url'] is None
  3049. def test_api__get_user__err_403__admin__too_small_acp(self):
  3050. dbsession = get_tm_session(self.session_factory, transaction.manager)
  3051. admin = dbsession.query(models.User) \
  3052. .filter(models.User.email == 'admin@admin.admin') \
  3053. .one()
  3054. uapi = UserApi(
  3055. current_user=admin,
  3056. session=dbsession,
  3057. config=self.app_config,
  3058. )
  3059. gapi = GroupApi(
  3060. current_user=admin,
  3061. session=dbsession,
  3062. config=self.app_config,
  3063. )
  3064. groups = [gapi.get_one_with_name('users')]
  3065. test_user = uapi.create_user(
  3066. email='test@test.test',
  3067. password='pass',
  3068. name='bob',
  3069. groups=groups,
  3070. timezone='Europe/Paris',
  3071. do_save=True,
  3072. do_notify=False,
  3073. )
  3074. test_user2 = uapi.create_user(
  3075. email='test2@test2.test2',
  3076. password='pass',
  3077. name='bob2',
  3078. groups=groups,
  3079. timezone='Europe/Paris',
  3080. do_save=True,
  3081. do_notify=False,
  3082. )
  3083. uapi.save(test_user)
  3084. transaction.commit()
  3085. user_id = int(admin.user_id)
  3086. self.testapp.authorization = (
  3087. 'Basic',
  3088. (
  3089. 'admin@admin.admin',
  3090. 'admin@admin.admin'
  3091. )
  3092. )
  3093. params = {
  3094. 'acp': 't',
  3095. }
  3096. res = self.testapp.get(
  3097. '/api/v2/users/{user_id}/known_members'.format(user_id=user_id),
  3098. status=400,
  3099. params=params
  3100. )
  3101. def test_api__get_user__ok_200__normal_user_by_email(self):
  3102. dbsession = get_tm_session(self.session_factory, transaction.manager)
  3103. admin = dbsession.query(models.User) \
  3104. .filter(models.User.email == 'admin@admin.admin') \
  3105. .one()
  3106. uapi = UserApi(
  3107. current_user=admin,
  3108. session=dbsession,
  3109. config=self.app_config,
  3110. )
  3111. gapi = GroupApi(
  3112. current_user=admin,
  3113. session=dbsession,
  3114. config=self.app_config,
  3115. )
  3116. groups = [gapi.get_one_with_name('users')]
  3117. test_user = uapi.create_user(
  3118. email='test@test.test',
  3119. password='pass',
  3120. name='bob',
  3121. groups=groups,
  3122. timezone='Europe/Paris',
  3123. do_save=True,
  3124. do_notify=False,
  3125. )
  3126. test_user2 = uapi.create_user(
  3127. email='test2@test2.test2',
  3128. password='pass',
  3129. name='bob2',
  3130. groups=groups,
  3131. timezone='Europe/Paris',
  3132. do_save=True,
  3133. do_notify=False,
  3134. )
  3135. test_user3 = uapi.create_user(
  3136. email='test3@test3.test3',
  3137. password='pass',
  3138. name='bob3',
  3139. groups=groups,
  3140. timezone='Europe/Paris',
  3141. do_save=True,
  3142. do_notify=False,
  3143. )
  3144. uapi.save(test_user)
  3145. uapi.save(test_user2)
  3146. uapi.save(test_user3)
  3147. workspace_api = WorkspaceApi(
  3148. current_user=admin,
  3149. session=dbsession,
  3150. config=self.app_config
  3151. )
  3152. workspace = WorkspaceApi(
  3153. current_user=admin,
  3154. session=dbsession,
  3155. config=self.app_config,
  3156. ).create_workspace(
  3157. 'test workspace',
  3158. save_now=True
  3159. )
  3160. role_api = RoleApi(
  3161. current_user=admin,
  3162. session=dbsession,
  3163. config=self.app_config,
  3164. )
  3165. role_api.create_one(test_user, workspace, UserRoleInWorkspace.READER, False)
  3166. role_api.create_one(test_user2, workspace, UserRoleInWorkspace.READER, False)
  3167. transaction.commit()
  3168. user_id = int(test_user.user_id)
  3169. self.testapp.authorization = (
  3170. 'Basic',
  3171. (
  3172. 'test@test.test',
  3173. 'pass'
  3174. )
  3175. )
  3176. params = {
  3177. 'acp': 'test',
  3178. }
  3179. res = self.testapp.get(
  3180. '/api/v2/users/{user_id}/known_members'.format(user_id=user_id),
  3181. status=200,
  3182. params=params
  3183. )
  3184. res = res.json_body
  3185. assert len(res) == 2
  3186. assert res[0]['user_id'] == test_user.user_id
  3187. assert res[0]['public_name'] == test_user.display_name
  3188. assert res[0]['avatar_url'] is None
  3189. assert res[1]['user_id'] == test_user2.user_id
  3190. assert res[1]['public_name'] == test_user2.display_name
  3191. assert res[1]['avatar_url'] is None
  3192. class TestSetEmailEndpoint(FunctionalTest):
  3193. # -*- coding: utf-8 -*-
  3194. """
  3195. Tests for PUT /api/v2/users/{user_id}/email
  3196. """
  3197. fixtures = [BaseFixture]
  3198. def test_api__set_user_email__ok_200__admin(self):
  3199. dbsession = get_tm_session(self.session_factory, transaction.manager)
  3200. admin = dbsession.query(models.User) \
  3201. .filter(models.User.email == 'admin@admin.admin') \
  3202. .one()
  3203. uapi = UserApi(
  3204. current_user=admin,
  3205. session=dbsession,
  3206. config=self.app_config,
  3207. )
  3208. gapi = GroupApi(
  3209. current_user=admin,
  3210. session=dbsession,
  3211. config=self.app_config,
  3212. )
  3213. groups = [gapi.get_one_with_name('users')]
  3214. test_user = uapi.create_user(
  3215. email='test@test.test',
  3216. password='pass',
  3217. name='bob',
  3218. groups=groups,
  3219. timezone='Europe/Paris',
  3220. do_save=True,
  3221. do_notify=False,
  3222. )
  3223. uapi.save(test_user)
  3224. transaction.commit()
  3225. user_id = int(test_user.user_id)
  3226. self.testapp.authorization = (
  3227. 'Basic',
  3228. (
  3229. 'admin@admin.admin',
  3230. 'admin@admin.admin'
  3231. )
  3232. )
  3233. # check before
  3234. res = self.testapp.get(
  3235. '/api/v2/users/{}'.format(user_id),
  3236. status=200
  3237. )
  3238. res = res.json_body
  3239. assert res['email'] == 'test@test.test'
  3240. # Set password
  3241. params = {
  3242. 'email': 'mysuperemail@email.fr',
  3243. 'loggedin_user_password': 'admin@admin.admin',
  3244. }
  3245. self.testapp.put_json(
  3246. '/api/v2/users/{}/email'.format(user_id),
  3247. params=params,
  3248. status=200,
  3249. )
  3250. # Check After
  3251. res = self.testapp.get(
  3252. '/api/v2/users/{}'.format(user_id),
  3253. status=200
  3254. )
  3255. res = res.json_body
  3256. assert res['email'] == 'mysuperemail@email.fr'
  3257. def test_api__set_user_email__err_400__admin_same_email(self):
  3258. dbsession = get_tm_session(self.session_factory, transaction.manager)
  3259. admin = dbsession.query(models.User) \
  3260. .filter(models.User.email == 'admin@admin.admin') \
  3261. .one()
  3262. uapi = UserApi(
  3263. current_user=admin,
  3264. session=dbsession,
  3265. config=self.app_config,
  3266. )
  3267. gapi = GroupApi(
  3268. current_user=admin,
  3269. session=dbsession,
  3270. config=self.app_config,
  3271. )
  3272. groups = [gapi.get_one_with_name('users')]
  3273. test_user = uapi.create_user(
  3274. email='test@test.test',
  3275. password='pass',
  3276. name='bob',
  3277. groups=groups,
  3278. timezone='Europe/Paris',
  3279. do_save=True,
  3280. do_notify=False,
  3281. )
  3282. uapi.save(test_user)
  3283. transaction.commit()
  3284. user_id = int(test_user.user_id)
  3285. self.testapp.authorization = (
  3286. 'Basic',
  3287. (
  3288. 'admin@admin.admin',
  3289. 'admin@admin.admin'
  3290. )
  3291. )
  3292. # check before
  3293. res = self.testapp.get(
  3294. '/api/v2/users/{}'.format(user_id),
  3295. status=200
  3296. )
  3297. res = res.json_body
  3298. assert res['email'] == 'test@test.test'
  3299. # Set password
  3300. params = {
  3301. 'email': 'admin@admin.admin',
  3302. 'loggedin_user_password': 'admin@admin.admin',
  3303. }
  3304. self.testapp.put_json(
  3305. '/api/v2/users/{}/email'.format(user_id),
  3306. params=params,
  3307. status=400,
  3308. )
  3309. # Check After
  3310. res = self.testapp.get(
  3311. '/api/v2/users/{}'.format(user_id),
  3312. status=200
  3313. )
  3314. res = res.json_body
  3315. assert res['email'] == 'test@test.test'
  3316. def test_api__set_user_email__err_403__admin_wrong_password(self):
  3317. dbsession = get_tm_session(self.session_factory, transaction.manager)
  3318. admin = dbsession.query(models.User) \
  3319. .filter(models.User.email == 'admin@admin.admin') \
  3320. .one()
  3321. uapi = UserApi(
  3322. current_user=admin,
  3323. session=dbsession,
  3324. config=self.app_config,
  3325. )
  3326. gapi = GroupApi(
  3327. current_user=admin,
  3328. session=dbsession,
  3329. config=self.app_config,
  3330. )
  3331. groups = [gapi.get_one_with_name('users')]
  3332. test_user = uapi.create_user(
  3333. email='test@test.test',
  3334. password='pass',
  3335. name='bob',
  3336. groups=groups,
  3337. timezone='Europe/Paris',
  3338. do_save=True,
  3339. do_notify=False,
  3340. )
  3341. uapi.save(test_user)
  3342. transaction.commit()
  3343. user_id = int(test_user.user_id)
  3344. self.testapp.authorization = (
  3345. 'Basic',
  3346. (
  3347. 'admin@admin.admin',
  3348. 'admin@admin.admin'
  3349. )
  3350. )
  3351. # check before
  3352. res = self.testapp.get(
  3353. '/api/v2/users/{}'.format(user_id),
  3354. status=200
  3355. )
  3356. res = res.json_body
  3357. assert res['email'] == 'test@test.test'
  3358. # Set password
  3359. params = {
  3360. 'email': 'mysuperemail@email.fr',
  3361. 'loggedin_user_password': 'badpassword',
  3362. }
  3363. self.testapp.put_json(
  3364. '/api/v2/users/{}/email'.format(user_id),
  3365. params=params,
  3366. status=403,
  3367. )
  3368. # Check After
  3369. res = self.testapp.get(
  3370. '/api/v2/users/{}'.format(user_id),
  3371. status=200
  3372. )
  3373. res = res.json_body
  3374. assert res['email'] == 'test@test.test'
  3375. def test_api__set_user_email__err_400__admin_string_is_not_email(self):
  3376. dbsession = get_tm_session(self.session_factory, transaction.manager)
  3377. admin = dbsession.query(models.User) \
  3378. .filter(models.User.email == 'admin@admin.admin') \
  3379. .one()
  3380. uapi = UserApi(
  3381. current_user=admin,
  3382. session=dbsession,
  3383. config=self.app_config,
  3384. )
  3385. gapi = GroupApi(
  3386. current_user=admin,
  3387. session=dbsession,
  3388. config=self.app_config,
  3389. )
  3390. groups = [gapi.get_one_with_name('users')]
  3391. test_user = uapi.create_user(
  3392. email='test@test.test',
  3393. password='pass',
  3394. name='bob',
  3395. groups=groups,
  3396. timezone='Europe/Paris',
  3397. do_save=True,
  3398. do_notify=False,
  3399. )
  3400. uapi.save(test_user)
  3401. transaction.commit()
  3402. user_id = int(test_user.user_id)
  3403. self.testapp.authorization = (
  3404. 'Basic',
  3405. (
  3406. 'admin@admin.admin',
  3407. 'admin@admin.admin'
  3408. )
  3409. )
  3410. # check before
  3411. res = self.testapp.get(
  3412. '/api/v2/users/{}'.format(user_id),
  3413. status=200
  3414. )
  3415. res = res.json_body
  3416. assert res['email'] == 'test@test.test'
  3417. # Set password
  3418. params = {
  3419. 'email': 'thatisnotandemail',
  3420. 'loggedin_user_password': 'admin@admin.admin',
  3421. }
  3422. self.testapp.put_json(
  3423. '/api/v2/users/{}/email'.format(user_id),
  3424. params=params,
  3425. status=400,
  3426. )
  3427. # Check After
  3428. res = self.testapp.get(
  3429. '/api/v2/users/{}'.format(user_id),
  3430. status=200
  3431. )
  3432. res = res.json_body
  3433. assert res['email'] == 'test@test.test'
  3434. def test_api__set_user_email__ok_200__user_itself(self):
  3435. dbsession = get_tm_session(self.session_factory, transaction.manager)
  3436. admin = dbsession.query(models.User) \
  3437. .filter(models.User.email == 'admin@admin.admin') \
  3438. .one()
  3439. uapi = UserApi(
  3440. current_user=admin,
  3441. session=dbsession,
  3442. config=self.app_config,
  3443. )
  3444. gapi = GroupApi(
  3445. current_user=admin,
  3446. session=dbsession,
  3447. config=self.app_config,
  3448. )
  3449. groups = [gapi.get_one_with_name('users')]
  3450. test_user = uapi.create_user(
  3451. email='test@test.test',
  3452. password='pass',
  3453. name='bob',
  3454. groups=groups,
  3455. timezone='Europe/Paris',
  3456. do_save=True,
  3457. do_notify=False,
  3458. )
  3459. uapi.save(test_user)
  3460. transaction.commit()
  3461. user_id = int(test_user.user_id)
  3462. self.testapp.authorization = (
  3463. 'Basic',
  3464. (
  3465. 'test@test.test',
  3466. 'pass'
  3467. )
  3468. )
  3469. # check before
  3470. res = self.testapp.get(
  3471. '/api/v2/users/{}'.format(user_id),
  3472. status=200
  3473. )
  3474. res = res.json_body
  3475. assert res['email'] == 'test@test.test'
  3476. # Set password
  3477. params = {
  3478. 'email': 'mysuperemail@email.fr',
  3479. 'loggedin_user_password': 'pass',
  3480. }
  3481. self.testapp.put_json(
  3482. '/api/v2/users/{}/email'.format(user_id),
  3483. params=params,
  3484. status=200,
  3485. )
  3486. self.testapp.authorization = (
  3487. 'Basic',
  3488. (
  3489. 'mysuperemail@email.fr',
  3490. 'pass'
  3491. )
  3492. )
  3493. # Check After
  3494. res = self.testapp.get(
  3495. '/api/v2/users/{}'.format(user_id),
  3496. status=200
  3497. )
  3498. res = res.json_body
  3499. assert res['email'] == 'mysuperemail@email.fr'
  3500. def test_api__set_user_email__err_403__other_normal_user(self):
  3501. dbsession = get_tm_session(self.session_factory, transaction.manager)
  3502. admin = dbsession.query(models.User) \
  3503. .filter(models.User.email == 'admin@admin.admin') \
  3504. .one()
  3505. uapi = UserApi(
  3506. current_user=admin,
  3507. session=dbsession,
  3508. config=self.app_config,
  3509. )
  3510. gapi = GroupApi(
  3511. current_user=admin,
  3512. session=dbsession,
  3513. config=self.app_config,
  3514. )
  3515. groups = [gapi.get_one_with_name('users')]
  3516. test_user = uapi.create_user(
  3517. email='test@test.test',
  3518. password='pass',
  3519. name='bob',
  3520. groups=groups,
  3521. timezone='Europe/Paris',
  3522. do_save=True,
  3523. do_notify=False,
  3524. )
  3525. test_user2 = uapi.create_user(
  3526. email='test2@test2.test2',
  3527. password='pass',
  3528. name='bob2',
  3529. groups=groups,
  3530. timezone='Europe/Paris',
  3531. do_save=True,
  3532. do_notify=False,
  3533. )
  3534. uapi.save(test_user2)
  3535. uapi.save(test_user)
  3536. transaction.commit()
  3537. user_id = int(test_user.user_id)
  3538. self.testapp.authorization = (
  3539. 'Basic',
  3540. (
  3541. 'test@test.test',
  3542. 'pass'
  3543. )
  3544. )
  3545. # Set password
  3546. params = {
  3547. 'email': 'mysuperemail@email.fr',
  3548. 'loggedin_user_password': 'test2@test2.test2',
  3549. }
  3550. self.testapp.put_json(
  3551. '/api/v2/users/{}/email'.format(user_id),
  3552. params=params,
  3553. status=403,
  3554. )
  3555. class TestSetPasswordEndpoint(FunctionalTest):
  3556. # -*- coding: utf-8 -*-
  3557. """
  3558. Tests for PUT /api/v2/users/{user_id}/password
  3559. """
  3560. fixtures = [BaseFixture]
  3561. def test_api__set_user_password__ok_200__admin(self):
  3562. dbsession = get_tm_session(self.session_factory, transaction.manager)
  3563. admin = dbsession.query(models.User) \
  3564. .filter(models.User.email == 'admin@admin.admin') \
  3565. .one()
  3566. uapi = UserApi(
  3567. current_user=admin,
  3568. session=dbsession,
  3569. config=self.app_config,
  3570. )
  3571. gapi = GroupApi(
  3572. current_user=admin,
  3573. session=dbsession,
  3574. config=self.app_config,
  3575. )
  3576. groups = [gapi.get_one_with_name('users')]
  3577. test_user = uapi.create_user(
  3578. email='test@test.test',
  3579. password='pass',
  3580. name='bob',
  3581. groups=groups,
  3582. timezone='Europe/Paris',
  3583. do_save=True,
  3584. do_notify=False,
  3585. )
  3586. uapi.save(test_user)
  3587. transaction.commit()
  3588. user_id = int(test_user.user_id)
  3589. self.testapp.authorization = (
  3590. 'Basic',
  3591. (
  3592. 'admin@admin.admin',
  3593. 'admin@admin.admin'
  3594. )
  3595. )
  3596. # check before
  3597. user = uapi.get_one(user_id)
  3598. assert user.validate_password('pass')
  3599. assert not user.validate_password('mynewpassword')
  3600. # Set password
  3601. params = {
  3602. 'new_password': 'mynewpassword',
  3603. 'new_password2': 'mynewpassword',
  3604. 'loggedin_user_password': 'admin@admin.admin',
  3605. }
  3606. self.testapp.put_json(
  3607. '/api/v2/users/{}/password'.format(user_id),
  3608. params=params,
  3609. status=204,
  3610. )
  3611. # Check After
  3612. dbsession = get_tm_session(self.session_factory, transaction.manager)
  3613. uapi = UserApi(
  3614. current_user=admin,
  3615. session=dbsession,
  3616. config=self.app_config,
  3617. )
  3618. user = uapi.get_one(user_id)
  3619. assert not user.validate_password('pass')
  3620. assert user.validate_password('mynewpassword')
  3621. def test_api__set_user_password__err_403__admin_wrong_password(self):
  3622. dbsession = get_tm_session(self.session_factory, transaction.manager)
  3623. admin = dbsession.query(models.User) \
  3624. .filter(models.User.email == 'admin@admin.admin') \
  3625. .one()
  3626. uapi = UserApi(
  3627. current_user=admin,
  3628. session=dbsession,
  3629. config=self.app_config,
  3630. )
  3631. gapi = GroupApi(
  3632. current_user=admin,
  3633. session=dbsession,
  3634. config=self.app_config,
  3635. )
  3636. groups = [gapi.get_one_with_name('users')]
  3637. test_user = uapi.create_user(
  3638. email='test@test.test',
  3639. password='pass',
  3640. name='bob',
  3641. groups=groups,
  3642. timezone='Europe/Paris',
  3643. do_save=True,
  3644. do_notify=False,
  3645. )
  3646. uapi.save(test_user)
  3647. transaction.commit()
  3648. user_id = int(test_user.user_id)
  3649. self.testapp.authorization = (
  3650. 'Basic',
  3651. (
  3652. 'admin@admin.admin',
  3653. 'admin@admin.admin'
  3654. )
  3655. )
  3656. # check before
  3657. user = uapi.get_one(user_id)
  3658. assert user.validate_password('pass')
  3659. assert not user.validate_password('mynewpassword')
  3660. # Set password
  3661. params = {
  3662. 'new_password': 'mynewpassword',
  3663. 'new_password2': 'mynewpassword',
  3664. 'loggedin_user_password': 'wrongpassword',
  3665. }
  3666. self.testapp.put_json(
  3667. '/api/v2/users/{}/password'.format(user_id),
  3668. params=params,
  3669. status=403,
  3670. )
  3671. dbsession = get_tm_session(self.session_factory, transaction.manager)
  3672. uapi = UserApi(
  3673. current_user=admin,
  3674. session=dbsession,
  3675. config=self.app_config,
  3676. )
  3677. # Check After
  3678. user = uapi.get_one(user_id)
  3679. assert user.validate_password('pass')
  3680. assert not user.validate_password('mynewpassword')
  3681. def test_api__set_user_password__err_400__admin_passwords_do_not_match(self): # nopep8
  3682. dbsession = get_tm_session(self.session_factory, transaction.manager)
  3683. admin = dbsession.query(models.User) \
  3684. .filter(models.User.email == 'admin@admin.admin') \
  3685. .one()
  3686. uapi = UserApi(
  3687. current_user=admin,
  3688. session=dbsession,
  3689. config=self.app_config,
  3690. )
  3691. gapi = GroupApi(
  3692. current_user=admin,
  3693. session=dbsession,
  3694. config=self.app_config,
  3695. )
  3696. groups = [gapi.get_one_with_name('users')]
  3697. test_user = uapi.create_user(
  3698. email='test@test.test',
  3699. password='pass',
  3700. name='bob',
  3701. groups=groups,
  3702. timezone='Europe/Paris',
  3703. do_save=True,
  3704. do_notify=False,
  3705. )
  3706. uapi.save(test_user)
  3707. transaction.commit()
  3708. user_id = int(test_user.user_id)
  3709. self.testapp.authorization = (
  3710. 'Basic',
  3711. (
  3712. 'admin@admin.admin',
  3713. 'admin@admin.admin'
  3714. )
  3715. )
  3716. # check before
  3717. user = uapi.get_one(user_id)
  3718. assert user.validate_password('pass')
  3719. assert not user.validate_password('mynewpassword')
  3720. assert not user.validate_password('mynewpassword2')
  3721. # Set password
  3722. params = {
  3723. 'new_password': 'mynewpassword',
  3724. 'new_password2': 'mynewpassword2',
  3725. 'loggedin_user_password': 'admin@admin.admin',
  3726. }
  3727. self.testapp.put_json(
  3728. '/api/v2/users/{}/password'.format(user_id),
  3729. params=params,
  3730. status=400,
  3731. )
  3732. # Check After
  3733. dbsession = get_tm_session(self.session_factory, transaction.manager)
  3734. uapi = UserApi(
  3735. current_user=admin,
  3736. session=dbsession,
  3737. config=self.app_config,
  3738. )
  3739. user = uapi.get_one(user_id)
  3740. assert user.validate_password('pass')
  3741. assert not user.validate_password('mynewpassword')
  3742. assert not user.validate_password('mynewpassword2')
  3743. def test_api__set_user_password__ok_200__user_itself(self):
  3744. dbsession = get_tm_session(self.session_factory, transaction.manager)
  3745. admin = dbsession.query(models.User) \
  3746. .filter(models.User.email == 'admin@admin.admin') \
  3747. .one()
  3748. uapi = UserApi(
  3749. current_user=admin,
  3750. session=dbsession,
  3751. config=self.app_config,
  3752. )
  3753. gapi = GroupApi(
  3754. current_user=admin,
  3755. session=dbsession,
  3756. config=self.app_config,
  3757. )
  3758. groups = [gapi.get_one_with_name('users')]
  3759. test_user = uapi.create_user(
  3760. email='test@test.test',
  3761. password='pass',
  3762. name='bob',
  3763. groups=groups,
  3764. timezone='Europe/Paris',
  3765. do_save=True,
  3766. do_notify=False,
  3767. )
  3768. uapi.save(test_user)
  3769. transaction.commit()
  3770. user_id = int(test_user.user_id)
  3771. self.testapp.authorization = (
  3772. 'Basic',
  3773. (
  3774. 'test@test.test',
  3775. 'pass'
  3776. )
  3777. )
  3778. # check before
  3779. user = uapi.get_one(user_id)
  3780. assert user.validate_password('pass')
  3781. assert not user.validate_password('mynewpassword')
  3782. # Set password
  3783. params = {
  3784. 'new_password': 'mynewpassword',
  3785. 'new_password2': 'mynewpassword',
  3786. 'loggedin_user_password': 'pass',
  3787. }
  3788. self.testapp.put_json(
  3789. '/api/v2/users/{}/password'.format(user_id),
  3790. params=params,
  3791. status=204,
  3792. )
  3793. # Check After
  3794. dbsession = get_tm_session(self.session_factory, transaction.manager)
  3795. uapi = UserApi(
  3796. current_user=admin,
  3797. session=dbsession,
  3798. config=self.app_config,
  3799. )
  3800. user = uapi.get_one(user_id)
  3801. assert not user.validate_password('pass')
  3802. assert user.validate_password('mynewpassword')
  3803. def test_api__set_user_email__err_403__other_normal_user(self):
  3804. dbsession = get_tm_session(self.session_factory, transaction.manager)
  3805. admin = dbsession.query(models.User) \
  3806. .filter(models.User.email == 'admin@admin.admin') \
  3807. .one()
  3808. uapi = UserApi(
  3809. current_user=admin,
  3810. session=dbsession,
  3811. config=self.app_config,
  3812. )
  3813. gapi = GroupApi(
  3814. current_user=admin,
  3815. session=dbsession,
  3816. config=self.app_config,
  3817. )
  3818. groups = [gapi.get_one_with_name('users')]
  3819. test_user = uapi.create_user(
  3820. email='test@test.test',
  3821. password='pass',
  3822. name='bob',
  3823. groups=groups,
  3824. timezone='Europe/Paris',
  3825. do_save=True,
  3826. do_notify=False,
  3827. )
  3828. test_user2 = uapi.create_user(
  3829. email='test2@test2.test2',
  3830. password='pass',
  3831. name='bob2',
  3832. groups=groups,
  3833. timezone='Europe/Paris',
  3834. do_save=True,
  3835. do_notify=False,
  3836. )
  3837. uapi.save(test_user2)
  3838. uapi.save(test_user)
  3839. transaction.commit()
  3840. user_id = int(test_user.user_id)
  3841. self.testapp.authorization = (
  3842. 'Basic',
  3843. (
  3844. 'test@test.test',
  3845. 'pass'
  3846. )
  3847. )
  3848. # Set password
  3849. params = {
  3850. 'email': 'mysuperemail@email.fr',
  3851. 'loggedin_user_password': 'test2@test2.test2',
  3852. }
  3853. self.testapp.put_json(
  3854. '/api/v2/users/{}/email'.format(user_id),
  3855. params=params,
  3856. status=403,
  3857. )
  3858. class TestSetUserInfoEndpoint(FunctionalTest):
  3859. # -*- coding: utf-8 -*-
  3860. """
  3861. Tests for PUT /api/v2/users/{user_id}
  3862. """
  3863. fixtures = [BaseFixture]
  3864. def test_api__set_user_info__ok_200__admin(self):
  3865. dbsession = get_tm_session(self.session_factory, transaction.manager)
  3866. admin = dbsession.query(models.User) \
  3867. .filter(models.User.email == 'admin@admin.admin') \
  3868. .one()
  3869. uapi = UserApi(
  3870. current_user=admin,
  3871. session=dbsession,
  3872. config=self.app_config,
  3873. )
  3874. gapi = GroupApi(
  3875. current_user=admin,
  3876. session=dbsession,
  3877. config=self.app_config,
  3878. )
  3879. groups = [gapi.get_one_with_name('users')]
  3880. test_user = uapi.create_user(
  3881. email='test@test.test',
  3882. password='pass',
  3883. name='bob',
  3884. groups=groups,
  3885. timezone='Europe/Paris',
  3886. do_save=True,
  3887. do_notify=False,
  3888. )
  3889. uapi.save(test_user)
  3890. transaction.commit()
  3891. user_id = int(test_user.user_id)
  3892. self.testapp.authorization = (
  3893. 'Basic',
  3894. (
  3895. 'admin@admin.admin',
  3896. 'admin@admin.admin'
  3897. )
  3898. )
  3899. # check before
  3900. res = self.testapp.get(
  3901. '/api/v2/users/{}'.format(user_id),
  3902. status=200
  3903. )
  3904. res = res.json_body
  3905. assert res['user_id'] == user_id
  3906. assert res['public_name'] == 'bob'
  3907. assert res['timezone'] == 'Europe/Paris'
  3908. # Set params
  3909. params = {
  3910. 'public_name': 'updated',
  3911. 'timezone': 'Europe/London',
  3912. }
  3913. self.testapp.put_json(
  3914. '/api/v2/users/{}'.format(user_id),
  3915. params=params,
  3916. status=200,
  3917. )
  3918. # Check After
  3919. res = self.testapp.get(
  3920. '/api/v2/users/{}'.format(user_id),
  3921. status=200
  3922. )
  3923. res = res.json_body
  3924. assert res['user_id'] == user_id
  3925. assert res['public_name'] == 'updated'
  3926. assert res['timezone'] == 'Europe/London'
  3927. def test_api__set_user_info__ok_200__user_itself(self):
  3928. dbsession = get_tm_session(self.session_factory, transaction.manager)
  3929. admin = dbsession.query(models.User) \
  3930. .filter(models.User.email == 'admin@admin.admin') \
  3931. .one()
  3932. uapi = UserApi(
  3933. current_user=admin,
  3934. session=dbsession,
  3935. config=self.app_config,
  3936. )
  3937. gapi = GroupApi(
  3938. current_user=admin,
  3939. session=dbsession,
  3940. config=self.app_config,
  3941. )
  3942. groups = [gapi.get_one_with_name('users')]
  3943. test_user = uapi.create_user(
  3944. email='test@test.test',
  3945. password='pass',
  3946. name='bob',
  3947. groups=groups,
  3948. timezone='Europe/Paris',
  3949. do_save=True,
  3950. do_notify=False,
  3951. )
  3952. uapi.save(test_user)
  3953. transaction.commit()
  3954. user_id = int(test_user.user_id)
  3955. self.testapp.authorization = (
  3956. 'Basic',
  3957. (
  3958. 'test@test.test',
  3959. 'pass',
  3960. )
  3961. )
  3962. # check before
  3963. res = self.testapp.get(
  3964. '/api/v2/users/{}'.format(user_id),
  3965. status=200
  3966. )
  3967. res = res.json_body
  3968. assert res['user_id'] == user_id
  3969. assert res['public_name'] == 'bob'
  3970. assert res['timezone'] == 'Europe/Paris'
  3971. # Set params
  3972. params = {
  3973. 'public_name': 'updated',
  3974. 'timezone': 'Europe/London',
  3975. }
  3976. self.testapp.put_json(
  3977. '/api/v2/users/{}'.format(user_id),
  3978. params=params,
  3979. status=200,
  3980. )
  3981. # Check After
  3982. res = self.testapp.get(
  3983. '/api/v2/users/{}'.format(user_id),
  3984. status=200
  3985. )
  3986. res = res.json_body
  3987. assert res['user_id'] == user_id
  3988. assert res['public_name'] == 'updated'
  3989. assert res['timezone'] == 'Europe/London'
  3990. def test_api__set_user_email__err_403__other_normal_user(self):
  3991. dbsession = get_tm_session(self.session_factory, transaction.manager)
  3992. admin = dbsession.query(models.User) \
  3993. .filter(models.User.email == 'admin@admin.admin') \
  3994. .one()
  3995. uapi = UserApi(
  3996. current_user=admin,
  3997. session=dbsession,
  3998. config=self.app_config,
  3999. )
  4000. gapi = GroupApi(
  4001. current_user=admin,
  4002. session=dbsession,
  4003. config=self.app_config,
  4004. )
  4005. groups = [gapi.get_one_with_name('users')]
  4006. test_user = uapi.create_user(
  4007. email='test@test.test',
  4008. password='pass',
  4009. name='bob',
  4010. groups=groups,
  4011. timezone='Europe/Paris',
  4012. do_save=True,
  4013. do_notify=False,
  4014. )
  4015. test_user2 = uapi.create_user(
  4016. email='test2@test2.test2',
  4017. password='pass',
  4018. name='test',
  4019. groups=groups,
  4020. timezone='Europe/Paris',
  4021. do_save=True,
  4022. do_notify=False,
  4023. )
  4024. uapi.save(test_user2)
  4025. uapi.save(test_user)
  4026. transaction.commit()
  4027. user_id = int(test_user.user_id)
  4028. self.testapp.authorization = (
  4029. 'Basic',
  4030. (
  4031. 'test2@test2.test2',
  4032. 'pass',
  4033. )
  4034. )
  4035. # Set params
  4036. params = {
  4037. 'public_name': 'updated',
  4038. 'timezone': 'Europe/London',
  4039. }
  4040. self.testapp.put_json(
  4041. '/api/v2/users/{}'.format(user_id),
  4042. params=params,
  4043. status=403,
  4044. )
  4045. class TestSetUserProfilEndpoint(FunctionalTest):
  4046. # -*- coding: utf-8 -*-
  4047. """
  4048. Tests for PUT /api/v2/users/{user_id}/profile
  4049. """
  4050. fixtures = [BaseFixture]
  4051. def test_api__set_user_info__ok_200__admin(self):
  4052. dbsession = get_tm_session(self.session_factory, transaction.manager)
  4053. admin = dbsession.query(models.User) \
  4054. .filter(models.User.email == 'admin@admin.admin') \
  4055. .one()
  4056. uapi = UserApi(
  4057. current_user=admin,
  4058. session=dbsession,
  4059. config=self.app_config,
  4060. )
  4061. gapi = GroupApi(
  4062. current_user=admin,
  4063. session=dbsession,
  4064. config=self.app_config,
  4065. )
  4066. groups = [gapi.get_one_with_name('users')]
  4067. test_user = uapi.create_user(
  4068. email='test@test.test',
  4069. password='pass',
  4070. name='bob',
  4071. groups=groups,
  4072. timezone='Europe/Paris',
  4073. do_save=True,
  4074. do_notify=False,
  4075. )
  4076. uapi.save(test_user)
  4077. transaction.commit()
  4078. user_id = int(test_user.user_id)
  4079. self.testapp.authorization = (
  4080. 'Basic',
  4081. (
  4082. 'admin@admin.admin',
  4083. 'admin@admin.admin'
  4084. )
  4085. )
  4086. # check before
  4087. res = self.testapp.get(
  4088. '/api/v2/users/{}'.format(user_id),
  4089. status=200
  4090. )
  4091. res = res.json_body
  4092. assert res['user_id'] == user_id
  4093. assert res['profile'] == 'users'
  4094. # Set params
  4095. params = {
  4096. 'profile': 'administrators',
  4097. }
  4098. self.testapp.put_json(
  4099. '/api/v2/users/{}/profile'.format(user_id),
  4100. params=params,
  4101. status=204,
  4102. )
  4103. # Check After
  4104. res = self.testapp.get(
  4105. '/api/v2/users/{}'.format(user_id),
  4106. status=200
  4107. )
  4108. res = res.json_body
  4109. assert res['user_id'] == user_id
  4110. assert res['profile'] == 'administrators'
  4111. def test_api__set_user_info__err_403__user_itself(self):
  4112. dbsession = get_tm_session(self.session_factory, transaction.manager)
  4113. admin = dbsession.query(models.User) \
  4114. .filter(models.User.email == 'admin@admin.admin') \
  4115. .one()
  4116. uapi = UserApi(
  4117. current_user=admin,
  4118. session=dbsession,
  4119. config=self.app_config,
  4120. )
  4121. gapi = GroupApi(
  4122. current_user=admin,
  4123. session=dbsession,
  4124. config=self.app_config,
  4125. )
  4126. groups = [gapi.get_one_with_name('users')]
  4127. test_user = uapi.create_user(
  4128. email='test@test.test',
  4129. password='pass',
  4130. name='bob',
  4131. groups=groups,
  4132. timezone='Europe/Paris',
  4133. do_save=True,
  4134. do_notify=False,
  4135. )
  4136. uapi.save(test_user)
  4137. transaction.commit()
  4138. user_id = int(test_user.user_id)
  4139. self.testapp.authorization = (
  4140. 'Basic',
  4141. (
  4142. 'test@test.test',
  4143. 'pass',
  4144. )
  4145. )
  4146. # check before
  4147. res = self.testapp.get(
  4148. '/api/v2/users/{}'.format(user_id),
  4149. status=200
  4150. )
  4151. res = res.json_body
  4152. assert res['user_id'] == user_id
  4153. assert res['profile'] == 'users'
  4154. # Set params
  4155. params = {
  4156. 'profile': 'administrators',
  4157. }
  4158. self.testapp.put_json(
  4159. '/api/v2/users/{}/profile'.format(user_id),
  4160. params=params,
  4161. status=403,
  4162. )
  4163. # Check After
  4164. res = self.testapp.get(
  4165. '/api/v2/users/{}'.format(user_id),
  4166. status=200
  4167. )
  4168. res = res.json_body
  4169. assert res['user_id'] == user_id
  4170. assert res['profile'] == 'users'
  4171. def test_api__set_user_email__err_403__other_normal_user(self):
  4172. dbsession = get_tm_session(self.session_factory, transaction.manager)
  4173. admin = dbsession.query(models.User) \
  4174. .filter(models.User.email == 'admin@admin.admin') \
  4175. .one()
  4176. uapi = UserApi(
  4177. current_user=admin,
  4178. session=dbsession,
  4179. config=self.app_config,
  4180. )
  4181. gapi = GroupApi(
  4182. current_user=admin,
  4183. session=dbsession,
  4184. config=self.app_config,
  4185. )
  4186. groups = [gapi.get_one_with_name('users')]
  4187. test_user = uapi.create_user(
  4188. email='test@test.test',
  4189. password='pass',
  4190. name='bob',
  4191. groups=groups,
  4192. timezone='Europe/Paris',
  4193. do_save=True,
  4194. do_notify=False,
  4195. )
  4196. test_user2 = uapi.create_user(
  4197. email='test2@test2.test2',
  4198. password='pass',
  4199. name='test',
  4200. groups=groups,
  4201. timezone='Europe/Paris',
  4202. do_save=True,
  4203. do_notify=False,
  4204. )
  4205. uapi.save(test_user2)
  4206. uapi.save(test_user)
  4207. transaction.commit()
  4208. user_id = int(test_user.user_id)
  4209. self.testapp.authorization = (
  4210. 'Basic',
  4211. (
  4212. 'test2@test2.test2',
  4213. 'pass',
  4214. )
  4215. )
  4216. # Set params
  4217. params = {
  4218. 'profile': 'administrators',
  4219. }
  4220. self.testapp.put_json(
  4221. '/api/v2/users/{}/profile'.format(user_id),
  4222. params=params,
  4223. status=403,
  4224. )
  4225. class TestSetUserEnableDisableEndpoints(FunctionalTest):
  4226. # -*- coding: utf-8 -*-
  4227. """
  4228. Tests for PUT /api/v2/users/{user_id}/enable
  4229. and PUT /api/v2/users/{user_id}/disable
  4230. """
  4231. fixtures = [BaseFixture]
  4232. def test_api_enable_user__ok_200__admin(self):
  4233. dbsession = get_tm_session(self.session_factory, transaction.manager)
  4234. admin = dbsession.query(models.User) \
  4235. .filter(models.User.email == 'admin@admin.admin') \
  4236. .one()
  4237. uapi = UserApi(
  4238. current_user=admin,
  4239. session=dbsession,
  4240. config=self.app_config,
  4241. )
  4242. gapi = GroupApi(
  4243. current_user=admin,
  4244. session=dbsession,
  4245. config=self.app_config,
  4246. )
  4247. groups = [gapi.get_one_with_name('users')]
  4248. test_user = uapi.create_user(
  4249. email='test@test.test',
  4250. password='pass',
  4251. name='bob',
  4252. groups=groups,
  4253. timezone='Europe/Paris',
  4254. do_save=True,
  4255. do_notify=False,
  4256. )
  4257. uapi.disable(test_user, do_save=True)
  4258. uapi.save(test_user)
  4259. transaction.commit()
  4260. user_id = int(test_user.user_id)
  4261. self.testapp.authorization = (
  4262. 'Basic',
  4263. (
  4264. 'admin@admin.admin',
  4265. 'admin@admin.admin'
  4266. )
  4267. )
  4268. # check before
  4269. res = self.testapp.get(
  4270. '/api/v2/users/{}'.format(user_id),
  4271. status=200
  4272. )
  4273. res = res.json_body
  4274. assert res['user_id'] == user_id
  4275. assert res['is_active'] is False
  4276. self.testapp.put_json(
  4277. '/api/v2/users/{}/enable'.format(user_id),
  4278. status=204,
  4279. )
  4280. # Check After
  4281. res = self.testapp.get(
  4282. '/api/v2/users/{}'.format(user_id),
  4283. status=200
  4284. )
  4285. res = res.json_body
  4286. assert res['user_id'] == user_id
  4287. assert res['is_active'] is True
  4288. def test_api_disable_user__ok_200__admin(self):
  4289. dbsession = get_tm_session(self.session_factory, transaction.manager)
  4290. admin = dbsession.query(models.User) \
  4291. .filter(models.User.email == 'admin@admin.admin') \
  4292. .one()
  4293. uapi = UserApi(
  4294. current_user=admin,
  4295. session=dbsession,
  4296. config=self.app_config,
  4297. )
  4298. gapi = GroupApi(
  4299. current_user=admin,
  4300. session=dbsession,
  4301. config=self.app_config,
  4302. )
  4303. groups = [gapi.get_one_with_name('users')]
  4304. test_user = uapi.create_user(
  4305. email='test@test.test',
  4306. password='pass',
  4307. name='bob',
  4308. groups=groups,
  4309. timezone='Europe/Paris',
  4310. do_save=True,
  4311. do_notify=False,
  4312. )
  4313. uapi.enable(test_user, do_save=True)
  4314. uapi.save(test_user)
  4315. transaction.commit()
  4316. user_id = int(test_user.user_id)
  4317. self.testapp.authorization = (
  4318. 'Basic',
  4319. (
  4320. 'admin@admin.admin',
  4321. 'admin@admin.admin'
  4322. )
  4323. )
  4324. # check before
  4325. res = self.testapp.get(
  4326. '/api/v2/users/{}'.format(user_id),
  4327. status=200
  4328. )
  4329. res = res.json_body
  4330. assert res['user_id'] == user_id
  4331. assert res['is_active'] is True
  4332. self.testapp.put_json(
  4333. '/api/v2/users/{}/disable'.format(user_id),
  4334. status=204,
  4335. )
  4336. # Check After
  4337. res = self.testapp.get(
  4338. '/api/v2/users/{}'.format(user_id),
  4339. status=200
  4340. )
  4341. res = res.json_body
  4342. assert res['user_id'] == user_id
  4343. assert res['is_active'] is False
  4344. def test_api_enable_user__err_403__other_account(self):
  4345. dbsession = get_tm_session(self.session_factory, transaction.manager)
  4346. admin = dbsession.query(models.User) \
  4347. .filter(models.User.email == 'admin@admin.admin') \
  4348. .one()
  4349. uapi = UserApi(
  4350. current_user=admin,
  4351. session=dbsession,
  4352. config=self.app_config,
  4353. )
  4354. gapi = GroupApi(
  4355. current_user=admin,
  4356. session=dbsession,
  4357. config=self.app_config,
  4358. )
  4359. groups = [gapi.get_one_with_name('users')]
  4360. test_user = uapi.create_user(
  4361. email='test@test.test',
  4362. password='pass',
  4363. name='bob',
  4364. groups=groups,
  4365. timezone='Europe/Paris',
  4366. do_save=True,
  4367. do_notify=False,
  4368. )
  4369. test_user2 = uapi.create_user(
  4370. email='test2@test2.test2',
  4371. password='pass',
  4372. name='test2',
  4373. groups=groups,
  4374. timezone='Europe/Paris',
  4375. do_save=True,
  4376. do_notify=False,
  4377. )
  4378. uapi.disable(test_user, do_save=True)
  4379. uapi.save(test_user2)
  4380. uapi.save(test_user)
  4381. transaction.commit()
  4382. user_id = int(test_user.user_id)
  4383. self.testapp.authorization = (
  4384. 'Basic',
  4385. (
  4386. 'test2@test2.test2',
  4387. 'pass'
  4388. )
  4389. )
  4390. self.testapp.put_json(
  4391. '/api/v2/users/{}/enable'.format(user_id),
  4392. status=403,
  4393. )
  4394. def test_api_disable_user__err_403__other_account(self):
  4395. dbsession = get_tm_session(self.session_factory, transaction.manager)
  4396. admin = dbsession.query(models.User) \
  4397. .filter(models.User.email == 'admin@admin.admin') \
  4398. .one()
  4399. uapi = UserApi(
  4400. current_user=admin,
  4401. session=dbsession,
  4402. config=self.app_config,
  4403. )
  4404. gapi = GroupApi(
  4405. current_user=admin,
  4406. session=dbsession,
  4407. config=self.app_config,
  4408. )
  4409. groups = [gapi.get_one_with_name('users')]
  4410. test_user = uapi.create_user(
  4411. email='test@test.test',
  4412. password='pass',
  4413. name='bob',
  4414. groups=groups,
  4415. timezone='Europe/Paris',
  4416. do_save=True,
  4417. do_notify=False,
  4418. )
  4419. test_user2 = uapi.create_user(
  4420. email='test2@test2.test2',
  4421. password='pass',
  4422. name='test2',
  4423. groups=groups,
  4424. timezone='Europe/Paris',
  4425. do_save=True,
  4426. do_notify=False,
  4427. )
  4428. uapi.enable(test_user, do_save=True)
  4429. uapi.save(test_user2)
  4430. uapi.save(test_user)
  4431. transaction.commit()
  4432. user_id = int(test_user.user_id)
  4433. self.testapp.authorization = (
  4434. 'Basic',
  4435. (
  4436. 'test2@test2.test2',
  4437. 'pass'
  4438. )
  4439. )
  4440. self.testapp.put_json(
  4441. '/api/v2/users/{}/disable'.format(user_id),
  4442. status=403,
  4443. )
  4444. def test_api_disable_user__ok_200__user_itself(self):
  4445. dbsession = get_tm_session(self.session_factory, transaction.manager)
  4446. admin = dbsession.query(models.User) \
  4447. .filter(models.User.email == 'admin@admin.admin') \
  4448. .one()
  4449. uapi = UserApi(
  4450. current_user=admin,
  4451. session=dbsession,
  4452. config=self.app_config,
  4453. )
  4454. gapi = GroupApi(
  4455. current_user=admin,
  4456. session=dbsession,
  4457. config=self.app_config,
  4458. )
  4459. groups = [gapi.get_one_with_name('users')]
  4460. test_user = uapi.create_user(
  4461. email='test@test.test',
  4462. password='pass',
  4463. name='bob',
  4464. groups=groups,
  4465. timezone='Europe/Paris',
  4466. do_save=True,
  4467. do_notify=False,
  4468. )
  4469. uapi.enable(test_user, do_save=True)
  4470. uapi.save(test_user)
  4471. transaction.commit()
  4472. user_id = int(test_user.user_id)
  4473. self.testapp.authorization = (
  4474. 'Basic',
  4475. (
  4476. 'test@test.test',
  4477. 'pass'
  4478. )
  4479. )
  4480. # check before
  4481. res = self.testapp.get(
  4482. '/api/v2/users/{}'.format(user_id),
  4483. status=200
  4484. )
  4485. res = res.json_body
  4486. assert res['user_id'] == user_id
  4487. assert res['is_active'] is True
  4488. self.testapp.put_json(
  4489. '/api/v2/users/{}/disable'.format(user_id),
  4490. status=403,
  4491. )
  4492. # Check After
  4493. res = self.testapp.get(
  4494. '/api/v2/users/{}'.format(user_id),
  4495. status=200
  4496. )
  4497. res = res.json_body
  4498. assert res['user_id'] == user_id
  4499. assert res['is_active'] is True