test_user.py 79KB

12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061626364656667686970717273747576777879808182838485868788899091929394959697989910010110210310410510610710810911011111211311411511611711811912012112212312412512612712812913013113213313413513613713813914014114214314414514614714814915015115215315415515615715815916016116216316416516616716816917017117217317417517617717817918018118218318418518618718818919019119219319419519619719819920020120220320420520620720820921021121221321421521621721821922022122222322422522622722822923023123223323423523623723823924024124224324424524624724824925025125225325425525625725825926026126226326426526626726826927027127227327427527627727827928028128228328428528628728828929029129229329429529629729829930030130230330430530630730830931031131231331431531631731831932032132232332432532632732832933033133233333433533633733833934034134234334434534634734834935035135235335435535635735835936036136236336436536636736836937037137237337437537637737837938038138238338438538638738838939039139239339439539639739839940040140240340440540640740840941041141241341441541641741841942042142242342442542642742842943043143243343443543643743843944044144244344444544644744844945045145245345445545645745845946046146246346446546646746846947047147247347447547647747847948048148248348448548648748848949049149249349449549649749849950050150250350450550650750850951051151251351451551651751851952052152252352452552652752852953053153253353453553653753853954054154254354454554654754854955055155255355455555655755855956056156256356456556656756856957057157257357457557657757857958058158258358458558658758858959059159259359459559659759859960060160260360460560660760860961061161261361461561661761861962062162262362462562662762862963063163263363463563663763863964064164264364464564664764864965065165265365465565665765865966066166266366466566666766866967067167267367467567667767867968068168268368468568668768868969069169269369469569669769869970070170270370470570670770870971071171271371471571671771871972072172272372472572672772872973073173273373473573673773873974074174274374474574674774874975075175275375475575675775875976076176276376476576676776876977077177277377477577677777877978078178278378478578678778878979079179279379479579679779879980080180280380480580680780880981081181281381481581681781881982082182282382482582682782882983083183283383483583683783883984084184284384484584684784884985085185285385485585685785885986086186286386486586686786886987087187287387487587687787887988088188288388488588688788888989089189289389489589689789889990090190290390490590690790890991091191291391491591691791891992092192292392492592692792892993093193293393493593693793893994094194294394494594694794894995095195295395495595695795895996096196296396496596696796896997097197297397497597697797897998098198298398498598698798898999099199299399499599699799899910001001100210031004100510061007100810091010101110121013101410151016101710181019102010211022102310241025102610271028102910301031103210331034103510361037103810391040104110421043104410451046104710481049105010511052105310541055105610571058105910601061106210631064106510661067106810691070107110721073107410751076107710781079108010811082108310841085108610871088108910901091109210931094109510961097109810991100110111021103110411051106110711081109111011111112111311141115111611171118111911201121112211231124112511261127112811291130113111321133113411351136113711381139114011411142114311441145114611471148114911501151115211531154115511561157115811591160116111621163116411651166116711681169117011711172117311741175117611771178117911801181118211831184118511861187118811891190119111921193119411951196119711981199120012011202120312041205120612071208120912101211121212131214121512161217121812191220122112221223122412251226122712281229123012311232123312341235123612371238123912401241124212431244124512461247124812491250125112521253125412551256125712581259126012611262126312641265126612671268126912701271127212731274127512761277127812791280128112821283128412851286128712881289129012911292129312941295129612971298129913001301130213031304130513061307130813091310131113121313131413151316131713181319132013211322132313241325132613271328132913301331133213331334133513361337133813391340134113421343134413451346134713481349135013511352135313541355135613571358135913601361136213631364136513661367136813691370137113721373137413751376137713781379138013811382138313841385138613871388138913901391139213931394139513961397139813991400140114021403140414051406140714081409141014111412141314141415141614171418141914201421142214231424142514261427142814291430143114321433143414351436143714381439144014411442144314441445144614471448144914501451145214531454145514561457145814591460146114621463146414651466146714681469147014711472147314741475147614771478147914801481148214831484148514861487148814891490149114921493149414951496149714981499150015011502150315041505150615071508150915101511151215131514151515161517151815191520152115221523152415251526152715281529153015311532153315341535153615371538153915401541154215431544154515461547154815491550155115521553155415551556155715581559156015611562156315641565156615671568156915701571157215731574157515761577157815791580158115821583158415851586158715881589159015911592159315941595159615971598159916001601160216031604160516061607160816091610161116121613161416151616161716181619162016211622162316241625162616271628162916301631163216331634163516361637163816391640164116421643164416451646164716481649165016511652165316541655165616571658165916601661166216631664166516661667166816691670167116721673167416751676167716781679168016811682168316841685168616871688168916901691169216931694169516961697169816991700170117021703170417051706170717081709171017111712171317141715171617171718171917201721172217231724172517261727172817291730173117321733173417351736173717381739174017411742174317441745174617471748174917501751175217531754175517561757175817591760176117621763176417651766176717681769177017711772177317741775177617771778177917801781178217831784178517861787178817891790179117921793179417951796179717981799180018011802180318041805180618071808180918101811181218131814181518161817181818191820182118221823182418251826182718281829183018311832183318341835183618371838183918401841184218431844184518461847184818491850185118521853185418551856185718581859186018611862186318641865186618671868186918701871187218731874187518761877187818791880188118821883188418851886188718881889189018911892189318941895189618971898189919001901190219031904190519061907190819091910191119121913191419151916191719181919192019211922192319241925192619271928192919301931193219331934193519361937193819391940194119421943194419451946194719481949195019511952195319541955195619571958195919601961196219631964196519661967196819691970197119721973197419751976197719781979198019811982198319841985198619871988198919901991199219931994199519961997199819992000200120022003200420052006200720082009201020112012201320142015201620172018201920202021202220232024202520262027202820292030203120322033203420352036203720382039204020412042204320442045204620472048204920502051205220532054205520562057205820592060206120622063206420652066206720682069207020712072207320742075207620772078207920802081208220832084208520862087208820892090209120922093209420952096209720982099210021012102210321042105210621072108210921102111211221132114211521162117211821192120212121222123212421252126212721282129213021312132213321342135213621372138213921402141214221432144214521462147214821492150215121522153215421552156215721582159216021612162216321642165216621672168216921702171217221732174217521762177217821792180218121822183218421852186218721882189219021912192219321942195219621972198219922002201220222032204220522062207220822092210221122122213221422152216221722182219222022212222222322242225222622272228222922302231223222332234223522362237223822392240224122422243224422452246224722482249225022512252225322542255225622572258225922602261226222632264226522662267226822692270227122722273227422752276227722782279228022812282228322842285228622872288228922902291
  1. # -*- coding: utf-8 -*-
  2. """
  3. Tests for /api/v2/users subpath endpoints.
  4. """
  5. from time import sleep
  6. import pytest
  7. import transaction
  8. from tracim_backend import models
  9. from tracim_backend.lib.core.content import ContentApi
  10. from tracim_backend.lib.core.user import UserApi
  11. from tracim_backend.lib.core.group import GroupApi
  12. from tracim_backend.lib.core.workspace import WorkspaceApi
  13. from tracim_backend.models import get_tm_session
  14. from tracim_backend.models.contents import ContentTypeLegacy as ContentType
  15. from tracim_backend.models.revision_protection import new_revision
  16. from tracim_backend.tests import FunctionalTest
  17. from tracim_backend.fixtures.content import Content as ContentFixtures
  18. from tracim_backend.fixtures.users_and_groups import Base as BaseFixture
  19. class TestUserRecentlyActiveContentEndpoint(FunctionalTest):
  20. """
  21. Tests for /api/v2/users/{user_id}/workspaces/{workspace_id}/contents/recently_active # nopep8
  22. """
  23. fixtures = [BaseFixture]
  24. def test_api__get_recently_active_content__ok__200__nominal_case(self):
  25. # init DB
  26. dbsession = get_tm_session(self.session_factory, transaction.manager)
  27. admin = dbsession.query(models.User) \
  28. .filter(models.User.email == 'admin@admin.admin') \
  29. .one()
  30. workspace_api = WorkspaceApi(
  31. current_user=admin,
  32. session=dbsession,
  33. config=self.app_config
  34. )
  35. workspace = WorkspaceApi(
  36. current_user=admin,
  37. session=dbsession,
  38. config=self.app_config,
  39. ).create_workspace(
  40. 'test workspace',
  41. save_now=True
  42. )
  43. workspace2 = WorkspaceApi(
  44. current_user=admin,
  45. session=dbsession,
  46. config=self.app_config,
  47. ).create_workspace(
  48. 'test workspace2',
  49. save_now=True
  50. )
  51. api = ContentApi(
  52. current_user=admin,
  53. session=dbsession,
  54. config=self.app_config,
  55. )
  56. main_folder_workspace2 = api.create(ContentType.Folder, workspace2, None, 'Hepla', '', True) # nopep8
  57. main_folder = api.create(ContentType.Folder, workspace, None, 'this is randomized folder', '', True) # nopep8
  58. # creation order test
  59. firstly_created = api.create(ContentType.Page, workspace, main_folder, 'creation_order_test', '', True) # nopep8
  60. secondly_created = api.create(ContentType.Page, workspace, main_folder, 'another creation_order_test', '', True) # nopep8
  61. # update order test
  62. firstly_created_but_recently_updated = api.create(ContentType.Page, workspace, main_folder, 'update_order_test', '', True) # nopep8
  63. secondly_created_but_not_updated = api.create(ContentType.Page, workspace, main_folder, 'another update_order_test', '', True) # nopep8
  64. with new_revision(
  65. session=dbsession,
  66. tm=transaction.manager,
  67. content=firstly_created_but_recently_updated,
  68. ):
  69. firstly_created_but_recently_updated.description = 'Just an update'
  70. api.save(firstly_created_but_recently_updated)
  71. # comment change order
  72. firstly_created_but_recently_commented = api.create(ContentType.Page, workspace, main_folder, 'this is randomized label content', '', True) # nopep8
  73. secondly_created_but_not_commented = api.create(ContentType.Page, workspace, main_folder, 'this is another randomized label content', '', True) # nopep8
  74. comments = api.create_comment(workspace, firstly_created_but_recently_commented, 'juste a super comment', True) # nopep8
  75. content_workspace_2 = api.create(ContentType.Page, workspace2,main_folder_workspace2, 'content_workspace_2', '',True) # nopep8
  76. dbsession.flush()
  77. transaction.commit()
  78. self.testapp.authorization = (
  79. 'Basic',
  80. (
  81. 'admin@admin.admin',
  82. 'admin@admin.admin'
  83. )
  84. )
  85. res = self.testapp.get('/api/v2/users/1/workspaces/{}/contents/recently_active'.format(workspace.workspace_id), status=200) # nopep8
  86. res = res.json_body
  87. assert len(res) == 7
  88. for elem in res:
  89. assert isinstance(elem['content_id'], int)
  90. assert isinstance(elem['content_type'], str)
  91. assert elem['content_type'] != 'comments'
  92. assert isinstance(elem['is_archived'], bool)
  93. assert isinstance(elem['is_deleted'], bool)
  94. assert isinstance(elem['label'], str)
  95. assert isinstance(elem['parent_id'], int) or elem['parent_id'] is None
  96. assert isinstance(elem['show_in_ui'], bool)
  97. assert isinstance(elem['slug'], str)
  98. assert isinstance(elem['status'], str)
  99. assert isinstance(elem['sub_content_types'], list)
  100. for sub_content_type in elem['sub_content_types']:
  101. assert isinstance(sub_content_type, str)
  102. assert isinstance(elem['workspace_id'], int)
  103. # comment is newest than page2
  104. assert res[0]['content_id'] == firstly_created_but_recently_commented.content_id
  105. assert res[1]['content_id'] == secondly_created_but_not_commented.content_id
  106. # last updated content is newer than other one despite creation
  107. # of the other is more recent
  108. assert res[2]['content_id'] == firstly_created_but_recently_updated.content_id
  109. assert res[3]['content_id'] == secondly_created_but_not_updated.content_id
  110. # creation order is inverted here as last created is last active
  111. assert res[4]['content_id'] == secondly_created.content_id
  112. assert res[5]['content_id'] == firstly_created.content_id
  113. # folder subcontent modification does not change folder order
  114. assert res[6]['content_id'] == main_folder.content_id
  115. @pytest.mark.skip('Test should be fixed')
  116. def test_api__get_recently_active_content__ok__200__limit_2_multiple(self):
  117. # TODO - G.M - 2018-07-20 - Better fix for this test, do not use sleep()
  118. # anymore to fix datetime lack of precision.
  119. # init DB
  120. dbsession = get_tm_session(self.session_factory, transaction.manager)
  121. admin = dbsession.query(models.User) \
  122. .filter(models.User.email == 'admin@admin.admin') \
  123. .one()
  124. workspace_api = WorkspaceApi(
  125. current_user=admin,
  126. session=dbsession,
  127. config=self.app_config
  128. )
  129. workspace = WorkspaceApi(
  130. current_user=admin,
  131. session=dbsession,
  132. config=self.app_config,
  133. ).create_workspace(
  134. 'test workspace',
  135. save_now=True
  136. )
  137. workspace2 = WorkspaceApi(
  138. current_user=admin,
  139. session=dbsession,
  140. config=self.app_config,
  141. ).create_workspace(
  142. 'test workspace2',
  143. save_now=True
  144. )
  145. api = ContentApi(
  146. current_user=admin,
  147. session=dbsession,
  148. config=self.app_config,
  149. )
  150. main_folder_workspace2 = api.create(ContentType.Folder, workspace2, None, 'Hepla', '', True) # nopep8
  151. sleep(1)
  152. main_folder = api.create(ContentType.Folder, workspace, None, 'this is randomized folder', '', True) # nopep8
  153. # creation order test
  154. firstly_created = api.create(ContentType.Page, workspace, main_folder, 'creation_order_test', '', True) # nopep8
  155. sleep(1)
  156. secondly_created = api.create(ContentType.Page, workspace, main_folder, 'another creation_order_test', '', True) # nopep8
  157. # update order test
  158. firstly_created_but_recently_updated = api.create(ContentType.Page, workspace, main_folder, 'update_order_test', '', True) # nopep8
  159. sleep(1)
  160. secondly_created_but_not_updated = api.create(ContentType.Page, workspace, main_folder, 'another update_order_test', '', True) # nopep8
  161. sleep(1)
  162. with new_revision(
  163. session=dbsession,
  164. tm=transaction.manager,
  165. content=firstly_created_but_recently_updated,
  166. ):
  167. firstly_created_but_recently_updated.description = 'Just an update'
  168. api.save(firstly_created_but_recently_updated)
  169. # comment change order
  170. firstly_created_but_recently_commented = api.create(ContentType.Page, workspace, main_folder, 'this is randomized label content', '', True) # nopep8
  171. sleep(1)
  172. secondly_created_but_not_commented = api.create(ContentType.Page, workspace, main_folder, 'this is another randomized label content', '', True) # nopep8
  173. sleep(1)
  174. comments = api.create_comment(workspace, firstly_created_but_recently_commented, 'juste a super comment', True) # nopep8
  175. sleep(1)
  176. content_workspace_2 = api.create(ContentType.Page, workspace2,main_folder_workspace2, 'content_workspace_2', '',True) # nopep8
  177. dbsession.flush()
  178. transaction.commit()
  179. self.testapp.authorization = (
  180. 'Basic',
  181. (
  182. 'admin@admin.admin',
  183. 'admin@admin.admin'
  184. )
  185. )
  186. params = {
  187. 'limit': 2,
  188. }
  189. res = self.testapp.get(
  190. '/api/v2/users/1/workspaces/{}/contents/recently_active'.format(workspace.workspace_id), # nopep8
  191. status=200,
  192. params=params
  193. ) # nopep8
  194. res = res.json_body
  195. assert len(res) == 2
  196. for elem in res:
  197. assert isinstance(elem['content_id'], int)
  198. assert isinstance(elem['content_type'], str)
  199. assert elem['content_type'] != 'comments'
  200. assert isinstance(elem['is_archived'], bool)
  201. assert isinstance(elem['is_deleted'], bool)
  202. assert isinstance(elem['label'], str)
  203. assert isinstance(elem['parent_id'], int) or elem['parent_id'] is None
  204. assert isinstance(elem['show_in_ui'], bool)
  205. assert isinstance(elem['slug'], str)
  206. assert isinstance(elem['status'], str)
  207. assert isinstance(elem['sub_content_types'], list)
  208. for sub_content_type in elem['sub_content_types']:
  209. assert isinstance(sub_content_type, str)
  210. assert isinstance(elem['workspace_id'], int)
  211. # comment is newest than page2
  212. assert res[0]['content_id'] == firstly_created_but_recently_commented.content_id
  213. assert res[1]['content_id'] == secondly_created_but_not_commented.content_id
  214. params = {
  215. 'limit': 2,
  216. 'before_datetime': secondly_created_but_not_commented.get_last_activity_date().strftime('%Y-%m-%dT%H:%M:%SZ'), # nopep8
  217. }
  218. res = self.testapp.get(
  219. '/api/v2/users/1/workspaces/{}/contents/recently_active'.format(workspace.workspace_id), # nopep8
  220. status=200,
  221. params=params
  222. )
  223. res = res.json_body
  224. assert len(res) == 2
  225. # last updated content is newer than other one despite creation
  226. # of the other is more recent
  227. assert res[0]['content_id'] == firstly_created_but_recently_updated.content_id
  228. assert res[1]['content_id'] == secondly_created_but_not_updated.content_id
  229. class TestUserReadStatusEndpoint(FunctionalTest):
  230. """
  231. Tests for /api/v2/users/{user_id}/workspaces/{workspace_id}/contents/read_status # nopep8
  232. """
  233. def test_api__get_read_status__ok__200__all(self):
  234. # init DB
  235. dbsession = get_tm_session(self.session_factory, transaction.manager)
  236. admin = dbsession.query(models.User) \
  237. .filter(models.User.email == 'admin@admin.admin') \
  238. .one()
  239. workspace_api = WorkspaceApi(
  240. current_user=admin,
  241. session=dbsession,
  242. config=self.app_config
  243. )
  244. workspace = WorkspaceApi(
  245. current_user=admin,
  246. session=dbsession,
  247. config=self.app_config,
  248. ).create_workspace(
  249. 'test workspace',
  250. save_now=True
  251. )
  252. workspace2 = WorkspaceApi(
  253. current_user=admin,
  254. session=dbsession,
  255. config=self.app_config,
  256. ).create_workspace(
  257. 'test workspace2',
  258. save_now=True
  259. )
  260. api = ContentApi(
  261. current_user=admin,
  262. session=dbsession,
  263. config=self.app_config,
  264. )
  265. main_folder_workspace2 = api.create(ContentType.Folder, workspace2, None, 'Hepla', '', True) # nopep8
  266. main_folder = api.create(ContentType.Folder, workspace, None, 'this is randomized folder', '', True) # nopep8
  267. # creation order test
  268. firstly_created = api.create(ContentType.Page, workspace, main_folder, 'creation_order_test', '', True) # nopep8
  269. secondly_created = api.create(ContentType.Page, workspace, main_folder, 'another creation_order_test', '', True) # nopep8
  270. # update order test
  271. firstly_created_but_recently_updated = api.create(ContentType.Page, workspace, main_folder, 'update_order_test', '', True) # nopep8
  272. secondly_created_but_not_updated = api.create(ContentType.Page, workspace, main_folder, 'another update_order_test', '', True) # nopep8
  273. with new_revision(
  274. session=dbsession,
  275. tm=transaction.manager,
  276. content=firstly_created_but_recently_updated,
  277. ):
  278. firstly_created_but_recently_updated.description = 'Just an update'
  279. api.save(firstly_created_but_recently_updated)
  280. # comment change order
  281. firstly_created_but_recently_commented = api.create(ContentType.Page, workspace, main_folder, 'this is randomized label content', '', True) # nopep8
  282. secondly_created_but_not_commented = api.create(ContentType.Page, workspace, main_folder, 'this is another randomized label content', '', True) # nopep8
  283. comments = api.create_comment(workspace, firstly_created_but_recently_commented, 'juste a super comment', True) # nopep8
  284. content_workspace_2 = api.create(ContentType.Page, workspace2,main_folder_workspace2, 'content_workspace_2', '',True) # nopep8
  285. dbsession.flush()
  286. transaction.commit()
  287. self.testapp.authorization = (
  288. 'Basic',
  289. (
  290. 'admin@admin.admin',
  291. 'admin@admin.admin'
  292. )
  293. )
  294. res = self.testapp.get('/api/v2/users/1/workspaces/{}/contents/read_status'.format(workspace.workspace_id), status=200) # nopep8
  295. res = res.json_body
  296. assert len(res) == 7
  297. for elem in res:
  298. assert isinstance(elem['content_id'], int)
  299. assert isinstance(elem['read_by_user'], bool)
  300. # comment is newest than page2
  301. assert res[0]['content_id'] == firstly_created_but_recently_commented.content_id
  302. assert res[1]['content_id'] == secondly_created_but_not_commented.content_id
  303. # last updated content is newer than other one despite creation
  304. # of the other is more recent
  305. assert res[2]['content_id'] == firstly_created_but_recently_updated.content_id
  306. assert res[3]['content_id'] == secondly_created_but_not_updated.content_id
  307. # creation order is inverted here as last created is last active
  308. assert res[4]['content_id'] == secondly_created.content_id
  309. assert res[5]['content_id'] == firstly_created.content_id
  310. # folder subcontent modification does not change folder order
  311. assert res[6]['content_id'] == main_folder.content_id
  312. def test_api__get_read_status__ok__200__nominal_case(self):
  313. # init DB
  314. dbsession = get_tm_session(self.session_factory, transaction.manager)
  315. admin = dbsession.query(models.User) \
  316. .filter(models.User.email == 'admin@admin.admin') \
  317. .one()
  318. workspace_api = WorkspaceApi(
  319. current_user=admin,
  320. session=dbsession,
  321. config=self.app_config
  322. )
  323. workspace = WorkspaceApi(
  324. current_user=admin,
  325. session=dbsession,
  326. config=self.app_config,
  327. ).create_workspace(
  328. 'test workspace',
  329. save_now=True
  330. )
  331. workspace2 = WorkspaceApi(
  332. current_user=admin,
  333. session=dbsession,
  334. config=self.app_config,
  335. ).create_workspace(
  336. 'test workspace2',
  337. save_now=True
  338. )
  339. api = ContentApi(
  340. current_user=admin,
  341. session=dbsession,
  342. config=self.app_config,
  343. )
  344. main_folder_workspace2 = api.create(ContentType.Folder, workspace2, None, 'Hepla', '', True) # nopep8
  345. main_folder = api.create(ContentType.Folder, workspace, None, 'this is randomized folder', '', True) # nopep8
  346. # creation order test
  347. firstly_created = api.create(ContentType.Page, workspace, main_folder, 'creation_order_test', '', True) # nopep8
  348. secondly_created = api.create(ContentType.Page, workspace, main_folder, 'another creation_order_test', '', True) # nopep8
  349. # update order test
  350. firstly_created_but_recently_updated = api.create(ContentType.Page, workspace, main_folder, 'update_order_test', '', True) # nopep8
  351. secondly_created_but_not_updated = api.create(ContentType.Page, workspace, main_folder, 'another update_order_test', '', True) # nopep8
  352. with new_revision(
  353. session=dbsession,
  354. tm=transaction.manager,
  355. content=firstly_created_but_recently_updated,
  356. ):
  357. firstly_created_but_recently_updated.description = 'Just an update'
  358. api.save(firstly_created_but_recently_updated)
  359. # comment change order
  360. firstly_created_but_recently_commented = api.create(ContentType.Page, workspace, main_folder, 'this is randomized label content', '', True) # nopep8
  361. secondly_created_but_not_commented = api.create(ContentType.Page, workspace, main_folder, 'this is another randomized label content', '', True) # nopep8
  362. comments = api.create_comment(workspace, firstly_created_but_recently_commented, 'juste a super comment', True) # nopep8
  363. content_workspace_2 = api.create(ContentType.Page, workspace2,main_folder_workspace2, 'content_workspace_2', '',True) # nopep8
  364. dbsession.flush()
  365. transaction.commit()
  366. self.testapp.authorization = (
  367. 'Basic',
  368. (
  369. 'admin@admin.admin',
  370. 'admin@admin.admin'
  371. )
  372. )
  373. selected_contents_id = [
  374. firstly_created_but_recently_commented.content_id,
  375. firstly_created_but_recently_updated.content_id,
  376. firstly_created.content_id,
  377. main_folder.content_id,
  378. ]
  379. url = '/api/v2/users/1/workspaces/{workspace_id}/contents/read_status?contents_ids={cid1}&contents_ids={cid2}&contents_ids={cid3}&contents_ids={cid4}'.format( # nopep8
  380. workspace_id=workspace.workspace_id,
  381. cid1=selected_contents_id[0],
  382. cid2=selected_contents_id[1],
  383. cid3=selected_contents_id[2],
  384. cid4=selected_contents_id[3],
  385. )
  386. res = self.testapp.get(
  387. url=url,
  388. status=200,
  389. )
  390. res = res.json_body
  391. assert len(res) == 4
  392. for elem in res:
  393. assert isinstance(elem['content_id'], int)
  394. assert isinstance(elem['read_by_user'], bool)
  395. # comment is newest than page2
  396. assert res[0]['content_id'] == firstly_created_but_recently_commented.content_id
  397. # last updated content is newer than other one despite creation
  398. # of the other is more recent
  399. assert res[1]['content_id'] == firstly_created_but_recently_updated.content_id
  400. # creation order is inverted here as last created is last active
  401. assert res[2]['content_id'] == firstly_created.content_id
  402. # folder subcontent modification does not change folder order
  403. assert res[3]['content_id'] == main_folder.content_id
  404. class TestUserSetContentAsRead(FunctionalTest):
  405. """
  406. Tests for /api/v2/users/{user_id}/workspaces/{workspace_id}/contents/{content_id}/read # nopep8
  407. """
  408. def test_api_set_content_as_read__ok__200__nominal_case(self):
  409. # init DB
  410. dbsession = get_tm_session(self.session_factory, transaction.manager)
  411. admin = dbsession.query(models.User) \
  412. .filter(models.User.email == 'admin@admin.admin') \
  413. .one()
  414. workspace_api = WorkspaceApi(
  415. current_user=admin,
  416. session=dbsession,
  417. config=self.app_config
  418. )
  419. workspace = WorkspaceApi(
  420. current_user=admin,
  421. session=dbsession,
  422. config=self.app_config,
  423. ).create_workspace(
  424. 'test workspace',
  425. save_now=True
  426. )
  427. api = ContentApi(
  428. current_user=admin,
  429. session=dbsession,
  430. config=self.app_config,
  431. )
  432. main_folder = api.create(ContentType.Folder, workspace, None, 'this is randomized folder', '', True) # nopep8
  433. # creation order test
  434. firstly_created = api.create(ContentType.Page, workspace, main_folder, 'creation_order_test', '', True) # nopep8
  435. api.mark_unread(firstly_created)
  436. dbsession.flush()
  437. transaction.commit()
  438. self.testapp.authorization = (
  439. 'Basic',
  440. (
  441. 'admin@admin.admin',
  442. 'admin@admin.admin'
  443. )
  444. )
  445. res = self.testapp.get('/api/v2/users/1/workspaces/{}/contents/read_status'.format(workspace.workspace_id), status=200) # nopep8
  446. assert res.json_body[0]['content_id'] == firstly_created.content_id
  447. assert res.json_body[0]['read_by_user'] is False
  448. self.testapp.put(
  449. '/api/v2/users/{user_id}/workspaces/{workspace_id}/contents/{content_id}/read'.format( # nopep8
  450. workspace_id=workspace.workspace_id,
  451. content_id=firstly_created.content_id,
  452. user_id=admin.user_id,
  453. )
  454. )
  455. res = self.testapp.get('/api/v2/users/1/workspaces/{}/contents/read_status'.format(workspace.workspace_id), status=200) # nopep8
  456. assert res.json_body[0]['content_id'] == firstly_created.content_id
  457. assert res.json_body[0]['read_by_user'] is True
  458. def test_api_set_content_as_read__ok__200__with_comments(self):
  459. # init DB
  460. dbsession = get_tm_session(self.session_factory, transaction.manager)
  461. admin = dbsession.query(models.User) \
  462. .filter(models.User.email == 'admin@admin.admin') \
  463. .one()
  464. workspace_api = WorkspaceApi(
  465. current_user=admin,
  466. session=dbsession,
  467. config=self.app_config
  468. )
  469. workspace = WorkspaceApi(
  470. current_user=admin,
  471. session=dbsession,
  472. config=self.app_config,
  473. ).create_workspace(
  474. 'test workspace',
  475. save_now=True
  476. )
  477. api = ContentApi(
  478. current_user=admin,
  479. session=dbsession,
  480. config=self.app_config,
  481. )
  482. main_folder = api.create(ContentType.Folder, workspace, None, 'this is randomized folder', '', True) # nopep8
  483. # creation order test
  484. firstly_created = api.create(ContentType.Page, workspace, main_folder, 'creation_order_test', '', True) # nopep8
  485. comments = api.create_comment(workspace, firstly_created, 'juste a super comment', True) # nopep8
  486. api.mark_unread(firstly_created)
  487. api.mark_unread(comments)
  488. dbsession.flush()
  489. transaction.commit()
  490. self.testapp.authorization = (
  491. 'Basic',
  492. (
  493. 'admin@admin.admin',
  494. 'admin@admin.admin'
  495. )
  496. )
  497. res = self.testapp.get('/api/v2/users/1/workspaces/{}/contents/read_status'.format(workspace.workspace_id), status=200) # nopep8
  498. assert res.json_body[0]['content_id'] == firstly_created.content_id
  499. assert res.json_body[0]['read_by_user'] is False
  500. self.testapp.put(
  501. '/api/v2/users/{user_id}/workspaces/{workspace_id}/contents/{content_id}/read'.format( # nopep8
  502. workspace_id=workspace.workspace_id,
  503. content_id=firstly_created.content_id,
  504. user_id=admin.user_id,
  505. )
  506. )
  507. res = self.testapp.get('/api/v2/users/1/workspaces/{}/contents/read_status'.format(workspace.workspace_id), status=200) # nopep8
  508. assert res.json_body[0]['content_id'] == firstly_created.content_id
  509. assert res.json_body[0]['read_by_user'] is True
  510. # comment is also set as read
  511. assert comments.has_new_information_for(admin) is False
  512. class TestUserSetContentAsUnread(FunctionalTest):
  513. """
  514. Tests for /api/v2/users/{user_id}/workspaces/{workspace_id}/contents/{content_id}/unread # nopep8
  515. """
  516. def test_api_set_content_as_unread__ok__200__nominal_case(self):
  517. # init DB
  518. dbsession = get_tm_session(self.session_factory, transaction.manager)
  519. admin = dbsession.query(models.User) \
  520. .filter(models.User.email == 'admin@admin.admin') \
  521. .one()
  522. workspace_api = WorkspaceApi(
  523. current_user=admin,
  524. session=dbsession,
  525. config=self.app_config
  526. )
  527. workspace = WorkspaceApi(
  528. current_user=admin,
  529. session=dbsession,
  530. config=self.app_config,
  531. ).create_workspace(
  532. 'test workspace',
  533. save_now=True
  534. )
  535. api = ContentApi(
  536. current_user=admin,
  537. session=dbsession,
  538. config=self.app_config,
  539. )
  540. main_folder = api.create(ContentType.Folder, workspace, None, 'this is randomized folder', '', True) # nopep8
  541. # creation order test
  542. firstly_created = api.create(ContentType.Page, workspace, main_folder, 'creation_order_test', '', True) # nopep8
  543. api.mark_read(firstly_created)
  544. dbsession.flush()
  545. transaction.commit()
  546. self.testapp.authorization = (
  547. 'Basic',
  548. (
  549. 'admin@admin.admin',
  550. 'admin@admin.admin'
  551. )
  552. )
  553. res = self.testapp.get('/api/v2/users/1/workspaces/{}/contents/read_status'.format(workspace.workspace_id), status=200) # nopep8
  554. assert res.json_body[0]['content_id'] == firstly_created.content_id
  555. assert res.json_body[0]['read_by_user'] is True
  556. self.testapp.put(
  557. '/api/v2/users/{user_id}/workspaces/{workspace_id}/contents/{content_id}/unread'.format( # nopep8
  558. workspace_id=workspace.workspace_id,
  559. content_id=firstly_created.content_id,
  560. user_id=admin.user_id,
  561. )
  562. )
  563. res = self.testapp.get('/api/v2/users/1/workspaces/{}/contents/read_status'.format(workspace.workspace_id), status=200) # nopep8
  564. assert res.json_body[0]['content_id'] == firstly_created.content_id
  565. assert res.json_body[0]['read_by_user'] is False
  566. def test_api_set_content_as_unread__ok__200__with_comments(self):
  567. # init DB
  568. dbsession = get_tm_session(self.session_factory, transaction.manager)
  569. admin = dbsession.query(models.User) \
  570. .filter(models.User.email == 'admin@admin.admin') \
  571. .one()
  572. workspace_api = WorkspaceApi(
  573. current_user=admin,
  574. session=dbsession,
  575. config=self.app_config
  576. )
  577. workspace = WorkspaceApi(
  578. current_user=admin,
  579. session=dbsession,
  580. config=self.app_config,
  581. ).create_workspace(
  582. 'test workspace',
  583. save_now=True
  584. )
  585. api = ContentApi(
  586. current_user=admin,
  587. session=dbsession,
  588. config=self.app_config,
  589. )
  590. main_folder = api.create(ContentType.Folder, workspace, None, 'this is randomized folder', '', True) # nopep8
  591. # creation order test
  592. firstly_created = api.create(ContentType.Page, workspace, main_folder, 'creation_order_test', '', True) # nopep8
  593. comments = api.create_comment(workspace, firstly_created, 'juste a super comment', True) # nopep8
  594. api.mark_read(firstly_created)
  595. api.mark_read(comments)
  596. dbsession.flush()
  597. transaction.commit()
  598. self.testapp.authorization = (
  599. 'Basic',
  600. (
  601. 'admin@admin.admin',
  602. 'admin@admin.admin'
  603. )
  604. )
  605. res = self.testapp.get('/api/v2/users/1/workspaces/{}/contents/read_status'.format(workspace.workspace_id), status=200) # nopep8
  606. assert res.json_body[0]['content_id'] == firstly_created.content_id
  607. assert res.json_body[0]['read_by_user'] is True
  608. self.testapp.put(
  609. '/api/v2/users/{user_id}/workspaces/{workspace_id}/contents/{content_id}/unread'.format( # nopep8
  610. workspace_id=workspace.workspace_id,
  611. content_id=firstly_created.content_id,
  612. user_id=admin.user_id,
  613. )
  614. )
  615. res = self.testapp.get('/api/v2/users/1/workspaces/{}/contents/read_status'.format(workspace.workspace_id), status=200) # nopep8
  616. assert res.json_body[0]['content_id'] == firstly_created.content_id
  617. assert res.json_body[0]['read_by_user'] is False
  618. assert comments.has_new_information_for(admin) is True
  619. class TestUserSetWorkspaceAsRead(FunctionalTest):
  620. """
  621. Tests for /api/v2/users/{user_id}/workspaces/{workspace_id}/read
  622. """
  623. def test_api_set_content_as_read__ok__200__nominal_case(self):
  624. # init DB
  625. dbsession = get_tm_session(self.session_factory, transaction.manager)
  626. admin = dbsession.query(models.User) \
  627. .filter(models.User.email == 'admin@admin.admin') \
  628. .one()
  629. workspace_api = WorkspaceApi(
  630. current_user=admin,
  631. session=dbsession,
  632. config=self.app_config
  633. )
  634. workspace = WorkspaceApi(
  635. current_user=admin,
  636. session=dbsession,
  637. config=self.app_config,
  638. ).create_workspace(
  639. 'test workspace',
  640. save_now=True
  641. )
  642. api = ContentApi(
  643. current_user=admin,
  644. session=dbsession,
  645. config=self.app_config,
  646. )
  647. main_folder = api.create(ContentType.Folder, workspace, None, 'this is randomized folder', '', True) # nopep8
  648. # creation order test
  649. firstly_created = api.create(ContentType.Page, workspace, main_folder, 'creation_order_test', '', True) # nopep8
  650. api.mark_unread(main_folder)
  651. api.mark_unread(firstly_created)
  652. dbsession.flush()
  653. transaction.commit()
  654. self.testapp.authorization = (
  655. 'Basic',
  656. (
  657. 'admin@admin.admin',
  658. 'admin@admin.admin'
  659. )
  660. )
  661. res = self.testapp.get('/api/v2/users/1/workspaces/{}/contents/read_status'.format(workspace.workspace_id), status=200) # nopep8
  662. assert res.json_body[0]['content_id'] == firstly_created.content_id
  663. assert res.json_body[0]['read_by_user'] is False
  664. assert res.json_body[1]['content_id'] == main_folder.content_id
  665. assert res.json_body[1]['read_by_user'] is False
  666. self.testapp.put(
  667. '/api/v2/users/{user_id}/workspaces/{workspace_id}/read'.format( # nopep8
  668. workspace_id=workspace.workspace_id,
  669. content_id=firstly_created.content_id,
  670. user_id=admin.user_id,
  671. )
  672. )
  673. res = self.testapp.get('/api/v2/users/1/workspaces/{}/contents/read_status'.format(workspace.workspace_id), status=200) # nopep8
  674. assert res.json_body[0]['content_id'] == firstly_created.content_id
  675. assert res.json_body[0]['read_by_user'] is True
  676. assert res.json_body[1]['content_id'] == main_folder.content_id
  677. assert res.json_body[1]['read_by_user'] is True
  678. class TestUserWorkspaceEndpoint(FunctionalTest):
  679. """
  680. Tests for /api/v2/users/{user_id}/workspaces
  681. """
  682. fixtures = [BaseFixture, ContentFixtures]
  683. def test_api__get_user_workspaces__ok_200__nominal_case(self):
  684. """
  685. Check obtain all workspaces reachables for user with user auth.
  686. """
  687. self.testapp.authorization = (
  688. 'Basic',
  689. (
  690. 'admin@admin.admin',
  691. 'admin@admin.admin'
  692. )
  693. )
  694. res = self.testapp.get('/api/v2/users/1/workspaces', status=200)
  695. res = res.json_body
  696. workspace = res[0]
  697. assert workspace['workspace_id'] == 1
  698. assert workspace['label'] == 'Business'
  699. assert workspace['slug'] == 'business'
  700. assert len(workspace['sidebar_entries']) == 7
  701. sidebar_entry = workspace['sidebar_entries'][0]
  702. assert sidebar_entry['slug'] == 'dashboard'
  703. assert sidebar_entry['label'] == 'Dashboard'
  704. assert sidebar_entry['route'] == '/#/workspaces/1/dashboard' # nopep8
  705. assert sidebar_entry['hexcolor'] == "#252525"
  706. assert sidebar_entry['fa_icon'] == "signal"
  707. sidebar_entry = workspace['sidebar_entries'][1]
  708. assert sidebar_entry['slug'] == 'contents/all'
  709. assert sidebar_entry['label'] == 'All Contents'
  710. assert sidebar_entry['route'] == "/#/workspaces/1/contents" # nopep8
  711. assert sidebar_entry['hexcolor'] == "#fdfdfd"
  712. assert sidebar_entry['fa_icon'] == "th"
  713. sidebar_entry = workspace['sidebar_entries'][2]
  714. assert sidebar_entry['slug'] == 'contents/html-documents'
  715. assert sidebar_entry['label'] == 'Text Documents'
  716. assert sidebar_entry['route'] == '/#/workspaces/1/contents?type=html-documents' # nopep8
  717. assert sidebar_entry['hexcolor'] == "#3f52e3"
  718. assert sidebar_entry['fa_icon'] == "file-text-o"
  719. sidebar_entry = workspace['sidebar_entries'][3]
  720. assert sidebar_entry['slug'] == 'contents/markdownpluspage'
  721. assert sidebar_entry['label'] == 'Markdown Plus Documents'
  722. assert sidebar_entry['route'] == "/#/workspaces/1/contents?type=markdownpluspage" # nopep8
  723. assert sidebar_entry['hexcolor'] == "#f12d2d"
  724. assert sidebar_entry['fa_icon'] == "file-code-o"
  725. sidebar_entry = workspace['sidebar_entries'][4]
  726. assert sidebar_entry['slug'] == 'contents/files'
  727. assert sidebar_entry['label'] == 'Files'
  728. assert sidebar_entry['route'] == "/#/workspaces/1/contents?type=file" # nopep8
  729. assert sidebar_entry['hexcolor'] == "#FF9900"
  730. assert sidebar_entry['fa_icon'] == "paperclip"
  731. sidebar_entry = workspace['sidebar_entries'][5]
  732. assert sidebar_entry['slug'] == 'contents/threads'
  733. assert sidebar_entry['label'] == 'Threads'
  734. assert sidebar_entry['route'] == "/#/workspaces/1/contents?type=thread" # nopep8
  735. assert sidebar_entry['hexcolor'] == "#ad4cf9"
  736. assert sidebar_entry['fa_icon'] == "comments-o"
  737. sidebar_entry = workspace['sidebar_entries'][6]
  738. assert sidebar_entry['slug'] == 'calendar'
  739. assert sidebar_entry['label'] == 'Calendar'
  740. assert sidebar_entry['route'] == "/#/workspaces/1/calendar" # nopep8
  741. assert sidebar_entry['hexcolor'] == "#757575"
  742. assert sidebar_entry['fa_icon'] == "calendar"
  743. def test_api__get_user_workspaces__err_403__unallowed_user(self):
  744. """
  745. Check obtain all workspaces reachables for one user
  746. with another non-admin user auth.
  747. """
  748. self.testapp.authorization = (
  749. 'Basic',
  750. (
  751. 'lawrence-not-real-email@fsf.local',
  752. 'foobarbaz'
  753. )
  754. )
  755. res = self.testapp.get('/api/v2/users/1/workspaces', status=403)
  756. assert isinstance(res.json, dict)
  757. assert 'code' in res.json.keys()
  758. assert 'message' in res.json.keys()
  759. assert 'details' in res.json.keys()
  760. def test_api__get_user_workspaces__err_401__unregistered_user(self):
  761. """
  762. Check obtain all workspaces reachables for one user
  763. without correct user auth (user unregistered).
  764. """
  765. self.testapp.authorization = (
  766. 'Basic',
  767. (
  768. 'john@doe.doe',
  769. 'lapin'
  770. )
  771. )
  772. res = self.testapp.get('/api/v2/users/1/workspaces', status=401)
  773. assert isinstance(res.json, dict)
  774. assert 'code' in res.json.keys()
  775. assert 'message' in res.json.keys()
  776. assert 'details' in res.json.keys()
  777. def test_api__get_user_workspaces__err_400__user_does_not_exist(self):
  778. """
  779. Check obtain all workspaces reachables for one user who does
  780. not exist
  781. with a correct user auth.
  782. """
  783. self.testapp.authorization = (
  784. 'Basic',
  785. (
  786. 'admin@admin.admin',
  787. 'admin@admin.admin'
  788. )
  789. )
  790. res = self.testapp.get('/api/v2/users/5/workspaces', status=400)
  791. assert isinstance(res.json, dict)
  792. assert 'code' in res.json.keys()
  793. assert 'message' in res.json.keys()
  794. assert 'details' in res.json.keys()
  795. class TestUserEndpoint(FunctionalTest):
  796. # -*- coding: utf-8 -*-
  797. """
  798. Tests for GET /api/v2/users/{user_id}
  799. """
  800. fixtures = [BaseFixture]
  801. def test_api__get_user__ok_200__admin(self):
  802. dbsession = get_tm_session(self.session_factory, transaction.manager)
  803. admin = dbsession.query(models.User) \
  804. .filter(models.User.email == 'admin@admin.admin') \
  805. .one()
  806. uapi = UserApi(
  807. current_user=admin,
  808. session=dbsession,
  809. config=self.app_config,
  810. )
  811. gapi = GroupApi(
  812. current_user=admin,
  813. session=dbsession,
  814. config=self.app_config,
  815. )
  816. groups = [gapi.get_one_with_name('users')]
  817. test_user = uapi.create_user(
  818. email='test@test.test',
  819. password='pass',
  820. name='bob',
  821. groups=groups,
  822. timezone='Europe/Paris',
  823. do_save=True,
  824. do_notify=False,
  825. )
  826. uapi.save(test_user)
  827. transaction.commit()
  828. user_id = int(test_user.user_id)
  829. self.testapp.authorization = (
  830. 'Basic',
  831. (
  832. 'admin@admin.admin',
  833. 'admin@admin.admin'
  834. )
  835. )
  836. res = self.testapp.get(
  837. '/api/v2/users/{}'.format(user_id),
  838. status=200
  839. )
  840. res = res.json_body
  841. assert res['user_id'] == user_id
  842. assert res['created']
  843. assert res['is_active'] is True
  844. assert res['profile'] == 'users'
  845. assert res['email'] == 'test@test.test'
  846. assert res['public_name'] == 'bob'
  847. assert res['timezone'] == 'Europe/Paris'
  848. def test_api__get_user__ok_200__user_itself(self):
  849. dbsession = get_tm_session(self.session_factory, transaction.manager)
  850. admin = dbsession.query(models.User) \
  851. .filter(models.User.email == 'admin@admin.admin') \
  852. .one()
  853. uapi = UserApi(
  854. current_user=admin,
  855. session=dbsession,
  856. config=self.app_config,
  857. )
  858. gapi = GroupApi(
  859. current_user=admin,
  860. session=dbsession,
  861. config=self.app_config,
  862. )
  863. groups = [gapi.get_one_with_name('users')]
  864. test_user = uapi.create_user(
  865. email='test@test.test',
  866. password='pass',
  867. name='bob',
  868. groups=groups,
  869. timezone='Europe/Paris',
  870. do_save=True,
  871. do_notify=False,
  872. )
  873. uapi.save(test_user)
  874. transaction.commit()
  875. user_id = int(test_user.user_id)
  876. self.testapp.authorization = (
  877. 'Basic',
  878. (
  879. 'test@test.test',
  880. 'pass'
  881. )
  882. )
  883. res = self.testapp.get(
  884. '/api/v2/users/{}'.format(user_id),
  885. status=200
  886. )
  887. res = res.json_body
  888. assert res['user_id'] == user_id
  889. assert res['created']
  890. assert res['is_active'] is True
  891. assert res['profile'] == 'users'
  892. assert res['email'] == 'test@test.test'
  893. assert res['public_name'] == 'bob'
  894. assert res['timezone'] == 'Europe/Paris'
  895. def test_api__get_user__err_403__other_normal_user(self):
  896. dbsession = get_tm_session(self.session_factory, transaction.manager)
  897. admin = dbsession.query(models.User) \
  898. .filter(models.User.email == 'admin@admin.admin') \
  899. .one()
  900. uapi = UserApi(
  901. current_user=admin,
  902. session=dbsession,
  903. config=self.app_config,
  904. )
  905. gapi = GroupApi(
  906. current_user=admin,
  907. session=dbsession,
  908. config=self.app_config,
  909. )
  910. groups = [gapi.get_one_with_name('users')]
  911. test_user = uapi.create_user(
  912. email='test@test.test',
  913. password='pass',
  914. name='bob',
  915. groups=groups,
  916. timezone='Europe/Paris',
  917. do_save=True,
  918. do_notify=False,
  919. )
  920. test_user2 = uapi.create_user(
  921. email='test2@test2.test2',
  922. password='pass',
  923. name='bob2',
  924. groups=groups,
  925. timezone='Europe/Paris',
  926. do_save=True,
  927. do_notify=False,
  928. )
  929. uapi.save(test_user2)
  930. uapi.save(test_user)
  931. transaction.commit()
  932. user_id = int(test_user.user_id)
  933. self.testapp.authorization = (
  934. 'Basic',
  935. (
  936. 'test2@test2.test2',
  937. 'pass'
  938. )
  939. )
  940. self.testapp.get(
  941. '/api/v2/users/{}'.format(user_id),
  942. status=403
  943. )
  944. class TestSetEmailEndpoint(FunctionalTest):
  945. # -*- coding: utf-8 -*-
  946. """
  947. Tests for PUT /api/v2/users/{user_id}/email
  948. """
  949. fixtures = [BaseFixture]
  950. def test_api__set_user_email__ok_200__admin(self):
  951. dbsession = get_tm_session(self.session_factory, transaction.manager)
  952. admin = dbsession.query(models.User) \
  953. .filter(models.User.email == 'admin@admin.admin') \
  954. .one()
  955. uapi = UserApi(
  956. current_user=admin,
  957. session=dbsession,
  958. config=self.app_config,
  959. )
  960. gapi = GroupApi(
  961. current_user=admin,
  962. session=dbsession,
  963. config=self.app_config,
  964. )
  965. groups = [gapi.get_one_with_name('users')]
  966. test_user = uapi.create_user(
  967. email='test@test.test',
  968. password='pass',
  969. name='bob',
  970. groups=groups,
  971. timezone='Europe/Paris',
  972. do_save=True,
  973. do_notify=False,
  974. )
  975. uapi.save(test_user)
  976. transaction.commit()
  977. user_id = int(test_user.user_id)
  978. self.testapp.authorization = (
  979. 'Basic',
  980. (
  981. 'admin@admin.admin',
  982. 'admin@admin.admin'
  983. )
  984. )
  985. # check before
  986. res = self.testapp.get(
  987. '/api/v2/users/{}'.format(user_id),
  988. status=200
  989. )
  990. res = res.json_body
  991. assert res['email'] == 'test@test.test'
  992. # Set password
  993. params = {
  994. 'email': 'mysuperemail@email.fr',
  995. 'loggedin_user_password': 'admin@admin.admin',
  996. }
  997. self.testapp.put_json(
  998. '/api/v2/users/{}/email'.format(user_id),
  999. params=params,
  1000. status=200,
  1001. )
  1002. # Check After
  1003. res = self.testapp.get(
  1004. '/api/v2/users/{}'.format(user_id),
  1005. status=200
  1006. )
  1007. res = res.json_body
  1008. assert res['email'] == 'mysuperemail@email.fr'
  1009. def test_api__set_user_email__err_403__admin_wrong_password(self):
  1010. dbsession = get_tm_session(self.session_factory, transaction.manager)
  1011. admin = dbsession.query(models.User) \
  1012. .filter(models.User.email == 'admin@admin.admin') \
  1013. .one()
  1014. uapi = UserApi(
  1015. current_user=admin,
  1016. session=dbsession,
  1017. config=self.app_config,
  1018. )
  1019. gapi = GroupApi(
  1020. current_user=admin,
  1021. session=dbsession,
  1022. config=self.app_config,
  1023. )
  1024. groups = [gapi.get_one_with_name('users')]
  1025. test_user = uapi.create_user(
  1026. email='test@test.test',
  1027. password='pass',
  1028. name='bob',
  1029. groups=groups,
  1030. timezone='Europe/Paris',
  1031. do_save=True,
  1032. do_notify=False,
  1033. )
  1034. uapi.save(test_user)
  1035. transaction.commit()
  1036. user_id = int(test_user.user_id)
  1037. self.testapp.authorization = (
  1038. 'Basic',
  1039. (
  1040. 'admin@admin.admin',
  1041. 'admin@admin.admin'
  1042. )
  1043. )
  1044. # check before
  1045. res = self.testapp.get(
  1046. '/api/v2/users/{}'.format(user_id),
  1047. status=200
  1048. )
  1049. res = res.json_body
  1050. assert res['email'] == 'test@test.test'
  1051. # Set password
  1052. params = {
  1053. 'email': 'mysuperemail@email.fr',
  1054. 'loggedin_user_password': 'badpassword',
  1055. }
  1056. self.testapp.put_json(
  1057. '/api/v2/users/{}/email'.format(user_id),
  1058. params=params,
  1059. status=403,
  1060. )
  1061. # Check After
  1062. res = self.testapp.get(
  1063. '/api/v2/users/{}'.format(user_id),
  1064. status=200
  1065. )
  1066. res = res.json_body
  1067. assert res['email'] == 'test@test.test'
  1068. def test_api__set_user_email__err_400__admin_string_is_not_email(self):
  1069. dbsession = get_tm_session(self.session_factory, transaction.manager)
  1070. admin = dbsession.query(models.User) \
  1071. .filter(models.User.email == 'admin@admin.admin') \
  1072. .one()
  1073. uapi = UserApi(
  1074. current_user=admin,
  1075. session=dbsession,
  1076. config=self.app_config,
  1077. )
  1078. gapi = GroupApi(
  1079. current_user=admin,
  1080. session=dbsession,
  1081. config=self.app_config,
  1082. )
  1083. groups = [gapi.get_one_with_name('users')]
  1084. test_user = uapi.create_user(
  1085. email='test@test.test',
  1086. password='pass',
  1087. name='bob',
  1088. groups=groups,
  1089. timezone='Europe/Paris',
  1090. do_save=True,
  1091. do_notify=False,
  1092. )
  1093. uapi.save(test_user)
  1094. transaction.commit()
  1095. user_id = int(test_user.user_id)
  1096. self.testapp.authorization = (
  1097. 'Basic',
  1098. (
  1099. 'admin@admin.admin',
  1100. 'admin@admin.admin'
  1101. )
  1102. )
  1103. # check before
  1104. res = self.testapp.get(
  1105. '/api/v2/users/{}'.format(user_id),
  1106. status=200
  1107. )
  1108. res = res.json_body
  1109. assert res['email'] == 'test@test.test'
  1110. # Set password
  1111. params = {
  1112. 'email': 'thatisnotandemail',
  1113. 'loggedin_user_password': 'admin@admin.admin',
  1114. }
  1115. self.testapp.put_json(
  1116. '/api/v2/users/{}/email'.format(user_id),
  1117. params=params,
  1118. status=400,
  1119. )
  1120. # Check After
  1121. res = self.testapp.get(
  1122. '/api/v2/users/{}'.format(user_id),
  1123. status=200
  1124. )
  1125. res = res.json_body
  1126. assert res['email'] == 'test@test.test'
  1127. def test_api__set_user_email__ok_200__user_itself(self):
  1128. dbsession = get_tm_session(self.session_factory, transaction.manager)
  1129. admin = dbsession.query(models.User) \
  1130. .filter(models.User.email == 'admin@admin.admin') \
  1131. .one()
  1132. uapi = UserApi(
  1133. current_user=admin,
  1134. session=dbsession,
  1135. config=self.app_config,
  1136. )
  1137. gapi = GroupApi(
  1138. current_user=admin,
  1139. session=dbsession,
  1140. config=self.app_config,
  1141. )
  1142. groups = [gapi.get_one_with_name('users')]
  1143. test_user = uapi.create_user(
  1144. email='test@test.test',
  1145. password='pass',
  1146. name='bob',
  1147. groups=groups,
  1148. timezone='Europe/Paris',
  1149. do_save=True,
  1150. do_notify=False,
  1151. )
  1152. uapi.save(test_user)
  1153. transaction.commit()
  1154. user_id = int(test_user.user_id)
  1155. self.testapp.authorization = (
  1156. 'Basic',
  1157. (
  1158. 'test@test.test',
  1159. 'pass'
  1160. )
  1161. )
  1162. # check before
  1163. res = self.testapp.get(
  1164. '/api/v2/users/{}'.format(user_id),
  1165. status=200
  1166. )
  1167. res = res.json_body
  1168. assert res['email'] == 'test@test.test'
  1169. # Set password
  1170. params = {
  1171. 'email': 'mysuperemail@email.fr',
  1172. 'loggedin_user_password': 'pass',
  1173. }
  1174. self.testapp.put_json(
  1175. '/api/v2/users/{}/email'.format(user_id),
  1176. params=params,
  1177. status=200,
  1178. )
  1179. self.testapp.authorization = (
  1180. 'Basic',
  1181. (
  1182. 'mysuperemail@email.fr',
  1183. 'pass'
  1184. )
  1185. )
  1186. # Check After
  1187. res = self.testapp.get(
  1188. '/api/v2/users/{}'.format(user_id),
  1189. status=200
  1190. )
  1191. res = res.json_body
  1192. assert res['email'] == 'mysuperemail@email.fr'
  1193. def test_api__set_user_email__err_403__other_normal_user(self):
  1194. dbsession = get_tm_session(self.session_factory, transaction.manager)
  1195. admin = dbsession.query(models.User) \
  1196. .filter(models.User.email == 'admin@admin.admin') \
  1197. .one()
  1198. uapi = UserApi(
  1199. current_user=admin,
  1200. session=dbsession,
  1201. config=self.app_config,
  1202. )
  1203. gapi = GroupApi(
  1204. current_user=admin,
  1205. session=dbsession,
  1206. config=self.app_config,
  1207. )
  1208. groups = [gapi.get_one_with_name('users')]
  1209. test_user = uapi.create_user(
  1210. email='test@test.test',
  1211. password='pass',
  1212. name='bob',
  1213. groups=groups,
  1214. timezone='Europe/Paris',
  1215. do_save=True,
  1216. do_notify=False,
  1217. )
  1218. test_user2 = uapi.create_user(
  1219. email='test2@test2.test2',
  1220. password='pass',
  1221. name='bob2',
  1222. groups=groups,
  1223. timezone='Europe/Paris',
  1224. do_save=True,
  1225. do_notify=False,
  1226. )
  1227. uapi.save(test_user2)
  1228. uapi.save(test_user)
  1229. transaction.commit()
  1230. user_id = int(test_user.user_id)
  1231. self.testapp.authorization = (
  1232. 'Basic',
  1233. (
  1234. 'test@test.test',
  1235. 'pass'
  1236. )
  1237. )
  1238. # Set password
  1239. params = {
  1240. 'email': 'mysuperemail@email.fr',
  1241. 'loggedin_user_password': 'test2@test2.test2',
  1242. }
  1243. self.testapp.put_json(
  1244. '/api/v2/users/{}/email'.format(user_id),
  1245. params=params,
  1246. status=403,
  1247. )
  1248. class TestSetPasswordEndpoint(FunctionalTest):
  1249. # -*- coding: utf-8 -*-
  1250. """
  1251. Tests for PUT /api/v2/users/{user_id}/password
  1252. """
  1253. fixtures = [BaseFixture]
  1254. def test_api__set_user_password__ok_200__admin(self):
  1255. dbsession = get_tm_session(self.session_factory, transaction.manager)
  1256. admin = dbsession.query(models.User) \
  1257. .filter(models.User.email == 'admin@admin.admin') \
  1258. .one()
  1259. uapi = UserApi(
  1260. current_user=admin,
  1261. session=dbsession,
  1262. config=self.app_config,
  1263. )
  1264. gapi = GroupApi(
  1265. current_user=admin,
  1266. session=dbsession,
  1267. config=self.app_config,
  1268. )
  1269. groups = [gapi.get_one_with_name('users')]
  1270. test_user = uapi.create_user(
  1271. email='test@test.test',
  1272. password='pass',
  1273. name='bob',
  1274. groups=groups,
  1275. timezone='Europe/Paris',
  1276. do_save=True,
  1277. do_notify=False,
  1278. )
  1279. uapi.save(test_user)
  1280. transaction.commit()
  1281. user_id = int(test_user.user_id)
  1282. self.testapp.authorization = (
  1283. 'Basic',
  1284. (
  1285. 'admin@admin.admin',
  1286. 'admin@admin.admin'
  1287. )
  1288. )
  1289. # check before
  1290. user = uapi.get_one(user_id)
  1291. assert user.validate_password('pass')
  1292. assert not user.validate_password('mynewpassword')
  1293. # Set password
  1294. params = {
  1295. 'new_password': 'mynewpassword',
  1296. 'new_password2': 'mynewpassword',
  1297. 'loggedin_user_password': 'admin@admin.admin',
  1298. }
  1299. self.testapp.put_json(
  1300. '/api/v2/users/{}/password'.format(user_id),
  1301. params=params,
  1302. status=204,
  1303. )
  1304. # Check After
  1305. user = uapi.get_one(user_id)
  1306. assert not user.validate_password('pass')
  1307. assert user.validate_password('mynewpassword')
  1308. def test_api__set_user_password__err_403__admin_wrong_password(self):
  1309. dbsession = get_tm_session(self.session_factory, transaction.manager)
  1310. admin = dbsession.query(models.User) \
  1311. .filter(models.User.email == 'admin@admin.admin') \
  1312. .one()
  1313. uapi = UserApi(
  1314. current_user=admin,
  1315. session=dbsession,
  1316. config=self.app_config,
  1317. )
  1318. gapi = GroupApi(
  1319. current_user=admin,
  1320. session=dbsession,
  1321. config=self.app_config,
  1322. )
  1323. groups = [gapi.get_one_with_name('users')]
  1324. test_user = uapi.create_user(
  1325. email='test@test.test',
  1326. password='pass',
  1327. name='bob',
  1328. groups=groups,
  1329. timezone='Europe/Paris',
  1330. do_save=True,
  1331. do_notify=False,
  1332. )
  1333. uapi.save(test_user)
  1334. transaction.commit()
  1335. user_id = int(test_user.user_id)
  1336. self.testapp.authorization = (
  1337. 'Basic',
  1338. (
  1339. 'admin@admin.admin',
  1340. 'admin@admin.admin'
  1341. )
  1342. )
  1343. # check before
  1344. user = uapi.get_one(user_id)
  1345. assert user.validate_password('pass')
  1346. assert not user.validate_password('mynewpassword')
  1347. # Set password
  1348. params = {
  1349. 'new_password': 'mynewpassword',
  1350. 'new_password2': 'mynewpassword',
  1351. 'loggedin_user_password': 'wrongpassword',
  1352. }
  1353. self.testapp.put_json(
  1354. '/api/v2/users/{}/password'.format(user_id),
  1355. params=params,
  1356. status=403,
  1357. )
  1358. # Check After
  1359. user = uapi.get_one(user_id)
  1360. assert user.validate_password('pass')
  1361. assert not user.validate_password('mynewpassword')
  1362. def test_api__set_user_password__err_400__admin_passwords_do_not_match(self): # nopep8
  1363. dbsession = get_tm_session(self.session_factory, transaction.manager)
  1364. admin = dbsession.query(models.User) \
  1365. .filter(models.User.email == 'admin@admin.admin') \
  1366. .one()
  1367. uapi = UserApi(
  1368. current_user=admin,
  1369. session=dbsession,
  1370. config=self.app_config,
  1371. )
  1372. gapi = GroupApi(
  1373. current_user=admin,
  1374. session=dbsession,
  1375. config=self.app_config,
  1376. )
  1377. groups = [gapi.get_one_with_name('users')]
  1378. test_user = uapi.create_user(
  1379. email='test@test.test',
  1380. password='pass',
  1381. name='bob',
  1382. groups=groups,
  1383. timezone='Europe/Paris',
  1384. do_save=True,
  1385. do_notify=False,
  1386. )
  1387. uapi.save(test_user)
  1388. transaction.commit()
  1389. user_id = int(test_user.user_id)
  1390. self.testapp.authorization = (
  1391. 'Basic',
  1392. (
  1393. 'admin@admin.admin',
  1394. 'admin@admin.admin'
  1395. )
  1396. )
  1397. # check before
  1398. user = uapi.get_one(user_id)
  1399. assert user.validate_password('pass')
  1400. assert not user.validate_password('mynewpassword')
  1401. assert not user.validate_password('mynewpassword2')
  1402. # Set password
  1403. params = {
  1404. 'new_password': 'mynewpassword',
  1405. 'new_password2': 'mynewpassword2',
  1406. 'loggedin_user_password': 'admin@admin.admin',
  1407. }
  1408. self.testapp.put_json(
  1409. '/api/v2/users/{}/password'.format(user_id),
  1410. params=params,
  1411. status=400,
  1412. )
  1413. # Check After
  1414. user = uapi.get_one(user_id)
  1415. assert user.validate_password('pass')
  1416. assert not user.validate_password('mynewpassword')
  1417. assert not user.validate_password('mynewpassword2')
  1418. def test_api__set_user_password__ok_200__user_itself(self):
  1419. dbsession = get_tm_session(self.session_factory, transaction.manager)
  1420. admin = dbsession.query(models.User) \
  1421. .filter(models.User.email == 'admin@admin.admin') \
  1422. .one()
  1423. uapi = UserApi(
  1424. current_user=admin,
  1425. session=dbsession,
  1426. config=self.app_config,
  1427. )
  1428. gapi = GroupApi(
  1429. current_user=admin,
  1430. session=dbsession,
  1431. config=self.app_config,
  1432. )
  1433. groups = [gapi.get_one_with_name('users')]
  1434. test_user = uapi.create_user(
  1435. email='test@test.test',
  1436. password='pass',
  1437. name='bob',
  1438. groups=groups,
  1439. timezone='Europe/Paris',
  1440. do_save=True,
  1441. do_notify=False,
  1442. )
  1443. uapi.save(test_user)
  1444. transaction.commit()
  1445. user_id = int(test_user.user_id)
  1446. self.testapp.authorization = (
  1447. 'Basic',
  1448. (
  1449. 'test@test.test',
  1450. 'pass'
  1451. )
  1452. )
  1453. # check before
  1454. user = uapi.get_one(user_id)
  1455. assert user.validate_password('pass')
  1456. assert not user.validate_password('mynewpassword')
  1457. # Set password
  1458. params = {
  1459. 'new_password': 'mynewpassword',
  1460. 'new_password2': 'mynewpassword',
  1461. 'loggedin_user_password': 'pass',
  1462. }
  1463. self.testapp.put_json(
  1464. '/api/v2/users/{}/password'.format(user_id),
  1465. params=params,
  1466. status=204,
  1467. )
  1468. # Check After
  1469. user = uapi.get_one(user_id)
  1470. assert not user.validate_password('pass')
  1471. assert user.validate_password('mynewpassword')
  1472. def test_api__set_user_email__err_403__other_normal_user(self):
  1473. dbsession = get_tm_session(self.session_factory, transaction.manager)
  1474. admin = dbsession.query(models.User) \
  1475. .filter(models.User.email == 'admin@admin.admin') \
  1476. .one()
  1477. uapi = UserApi(
  1478. current_user=admin,
  1479. session=dbsession,
  1480. config=self.app_config,
  1481. )
  1482. gapi = GroupApi(
  1483. current_user=admin,
  1484. session=dbsession,
  1485. config=self.app_config,
  1486. )
  1487. groups = [gapi.get_one_with_name('users')]
  1488. test_user = uapi.create_user(
  1489. email='test@test.test',
  1490. password='pass',
  1491. name='bob',
  1492. groups=groups,
  1493. timezone='Europe/Paris',
  1494. do_save=True,
  1495. do_notify=False,
  1496. )
  1497. test_user2 = uapi.create_user(
  1498. email='test2@test2.test2',
  1499. password='pass',
  1500. name='bob2',
  1501. groups=groups,
  1502. timezone='Europe/Paris',
  1503. do_save=True,
  1504. do_notify=False,
  1505. )
  1506. uapi.save(test_user2)
  1507. uapi.save(test_user)
  1508. transaction.commit()
  1509. user_id = int(test_user.user_id)
  1510. self.testapp.authorization = (
  1511. 'Basic',
  1512. (
  1513. 'test@test.test',
  1514. 'pass'
  1515. )
  1516. )
  1517. # Set password
  1518. params = {
  1519. 'email': 'mysuperemail@email.fr',
  1520. 'loggedin_user_password': 'test2@test2.test2',
  1521. }
  1522. self.testapp.put_json(
  1523. '/api/v2/users/{}/email'.format(user_id),
  1524. params=params,
  1525. status=403,
  1526. )
  1527. class TestSetUserInfoEndpoint(FunctionalTest):
  1528. # -*- coding: utf-8 -*-
  1529. """
  1530. Tests for PUT /api/v2/users/{user_id}
  1531. """
  1532. fixtures = [BaseFixture]
  1533. def test_api__set_user_info__ok_200__admin(self):
  1534. dbsession = get_tm_session(self.session_factory, transaction.manager)
  1535. admin = dbsession.query(models.User) \
  1536. .filter(models.User.email == 'admin@admin.admin') \
  1537. .one()
  1538. uapi = UserApi(
  1539. current_user=admin,
  1540. session=dbsession,
  1541. config=self.app_config,
  1542. )
  1543. gapi = GroupApi(
  1544. current_user=admin,
  1545. session=dbsession,
  1546. config=self.app_config,
  1547. )
  1548. groups = [gapi.get_one_with_name('users')]
  1549. test_user = uapi.create_user(
  1550. email='test@test.test',
  1551. password='pass',
  1552. name='bob',
  1553. groups=groups,
  1554. timezone='Europe/Paris',
  1555. do_save=True,
  1556. do_notify=False,
  1557. )
  1558. uapi.save(test_user)
  1559. transaction.commit()
  1560. user_id = int(test_user.user_id)
  1561. self.testapp.authorization = (
  1562. 'Basic',
  1563. (
  1564. 'admin@admin.admin',
  1565. 'admin@admin.admin'
  1566. )
  1567. )
  1568. # check before
  1569. res = self.testapp.get(
  1570. '/api/v2/users/{}'.format(user_id),
  1571. status=200
  1572. )
  1573. res = res.json_body
  1574. assert res['user_id'] == user_id
  1575. assert res['public_name'] == 'bob'
  1576. assert res['timezone'] == 'Europe/Paris'
  1577. # Set params
  1578. params = {
  1579. 'public_name': 'updated',
  1580. 'timezone': 'Europe/London',
  1581. }
  1582. self.testapp.put_json(
  1583. '/api/v2/users/{}'.format(user_id),
  1584. params=params,
  1585. status=200,
  1586. )
  1587. # Check After
  1588. res = self.testapp.get(
  1589. '/api/v2/users/{}'.format(user_id),
  1590. status=200
  1591. )
  1592. res = res.json_body
  1593. assert res['user_id'] == user_id
  1594. assert res['public_name'] == 'updated'
  1595. assert res['timezone'] == 'Europe/London'
  1596. def test_api__set_user_info__ok_200__user_itself(self):
  1597. dbsession = get_tm_session(self.session_factory, transaction.manager)
  1598. admin = dbsession.query(models.User) \
  1599. .filter(models.User.email == 'admin@admin.admin') \
  1600. .one()
  1601. uapi = UserApi(
  1602. current_user=admin,
  1603. session=dbsession,
  1604. config=self.app_config,
  1605. )
  1606. gapi = GroupApi(
  1607. current_user=admin,
  1608. session=dbsession,
  1609. config=self.app_config,
  1610. )
  1611. groups = [gapi.get_one_with_name('users')]
  1612. test_user = uapi.create_user(
  1613. email='test@test.test',
  1614. password='pass',
  1615. name='bob',
  1616. groups=groups,
  1617. timezone='Europe/Paris',
  1618. do_save=True,
  1619. do_notify=False,
  1620. )
  1621. uapi.save(test_user)
  1622. transaction.commit()
  1623. user_id = int(test_user.user_id)
  1624. self.testapp.authorization = (
  1625. 'Basic',
  1626. (
  1627. 'test@test.test',
  1628. 'pass',
  1629. )
  1630. )
  1631. # check before
  1632. res = self.testapp.get(
  1633. '/api/v2/users/{}'.format(user_id),
  1634. status=200
  1635. )
  1636. res = res.json_body
  1637. assert res['user_id'] == user_id
  1638. assert res['public_name'] == 'bob'
  1639. assert res['timezone'] == 'Europe/Paris'
  1640. # Set params
  1641. params = {
  1642. 'public_name': 'updated',
  1643. 'timezone': 'Europe/London',
  1644. }
  1645. self.testapp.put_json(
  1646. '/api/v2/users/{}'.format(user_id),
  1647. params=params,
  1648. status=200,
  1649. )
  1650. # Check After
  1651. res = self.testapp.get(
  1652. '/api/v2/users/{}'.format(user_id),
  1653. status=200
  1654. )
  1655. res = res.json_body
  1656. assert res['user_id'] == user_id
  1657. assert res['public_name'] == 'updated'
  1658. assert res['timezone'] == 'Europe/London'
  1659. def test_api__set_user_email__err_403__other_normal_user(self):
  1660. dbsession = get_tm_session(self.session_factory, transaction.manager)
  1661. admin = dbsession.query(models.User) \
  1662. .filter(models.User.email == 'admin@admin.admin') \
  1663. .one()
  1664. uapi = UserApi(
  1665. current_user=admin,
  1666. session=dbsession,
  1667. config=self.app_config,
  1668. )
  1669. gapi = GroupApi(
  1670. current_user=admin,
  1671. session=dbsession,
  1672. config=self.app_config,
  1673. )
  1674. groups = [gapi.get_one_with_name('users')]
  1675. test_user = uapi.create_user(
  1676. email='test@test.test',
  1677. password='pass',
  1678. name='bob',
  1679. groups=groups,
  1680. timezone='Europe/Paris',
  1681. do_save=True,
  1682. do_notify=False,
  1683. )
  1684. test_user2 = uapi.create_user(
  1685. email='test2@test2.test2',
  1686. password='pass',
  1687. name='test',
  1688. groups=groups,
  1689. timezone='Europe/Paris',
  1690. do_save=True,
  1691. do_notify=False,
  1692. )
  1693. uapi.save(test_user2)
  1694. uapi.save(test_user)
  1695. transaction.commit()
  1696. user_id = int(test_user.user_id)
  1697. self.testapp.authorization = (
  1698. 'Basic',
  1699. (
  1700. 'test2@test2.test2',
  1701. 'pass',
  1702. )
  1703. )
  1704. # Set params
  1705. params = {
  1706. 'public_name': 'updated',
  1707. 'timezone': 'Europe/London',
  1708. }
  1709. self.testapp.put_json(
  1710. '/api/v2/users/{}'.format(user_id),
  1711. params=params,
  1712. status=403,
  1713. )
  1714. class TestSetUserProfilEndpoint(FunctionalTest):
  1715. # -*- coding: utf-8 -*-
  1716. """
  1717. Tests for PUT /api/v2/users/{user_id}/profile
  1718. """
  1719. fixtures = [BaseFixture]
  1720. def test_api__set_user_info__ok_200__admin(self):
  1721. dbsession = get_tm_session(self.session_factory, transaction.manager)
  1722. admin = dbsession.query(models.User) \
  1723. .filter(models.User.email == 'admin@admin.admin') \
  1724. .one()
  1725. uapi = UserApi(
  1726. current_user=admin,
  1727. session=dbsession,
  1728. config=self.app_config,
  1729. )
  1730. gapi = GroupApi(
  1731. current_user=admin,
  1732. session=dbsession,
  1733. config=self.app_config,
  1734. )
  1735. groups = [gapi.get_one_with_name('users')]
  1736. test_user = uapi.create_user(
  1737. email='test@test.test',
  1738. password='pass',
  1739. name='bob',
  1740. groups=groups,
  1741. timezone='Europe/Paris',
  1742. do_save=True,
  1743. do_notify=False,
  1744. )
  1745. uapi.save(test_user)
  1746. transaction.commit()
  1747. user_id = int(test_user.user_id)
  1748. self.testapp.authorization = (
  1749. 'Basic',
  1750. (
  1751. 'admin@admin.admin',
  1752. 'admin@admin.admin'
  1753. )
  1754. )
  1755. # check before
  1756. res = self.testapp.get(
  1757. '/api/v2/users/{}'.format(user_id),
  1758. status=200
  1759. )
  1760. res = res.json_body
  1761. assert res['user_id'] == user_id
  1762. assert res['profile'] == 'users'
  1763. # Set params
  1764. params = {
  1765. 'profile': 'administrators',
  1766. }
  1767. self.testapp.put_json(
  1768. '/api/v2/users/{}/profile'.format(user_id),
  1769. params=params,
  1770. status=204,
  1771. )
  1772. # Check After
  1773. res = self.testapp.get(
  1774. '/api/v2/users/{}'.format(user_id),
  1775. status=200
  1776. )
  1777. res = res.json_body
  1778. assert res['user_id'] == user_id
  1779. assert res['profile'] == 'administrators'
  1780. def test_api__set_user_info__err_403__user_itself(self):
  1781. dbsession = get_tm_session(self.session_factory, transaction.manager)
  1782. admin = dbsession.query(models.User) \
  1783. .filter(models.User.email == 'admin@admin.admin') \
  1784. .one()
  1785. uapi = UserApi(
  1786. current_user=admin,
  1787. session=dbsession,
  1788. config=self.app_config,
  1789. )
  1790. gapi = GroupApi(
  1791. current_user=admin,
  1792. session=dbsession,
  1793. config=self.app_config,
  1794. )
  1795. groups = [gapi.get_one_with_name('users')]
  1796. test_user = uapi.create_user(
  1797. email='test@test.test',
  1798. password='pass',
  1799. name='bob',
  1800. groups=groups,
  1801. timezone='Europe/Paris',
  1802. do_save=True,
  1803. do_notify=False,
  1804. )
  1805. uapi.save(test_user)
  1806. transaction.commit()
  1807. user_id = int(test_user.user_id)
  1808. self.testapp.authorization = (
  1809. 'Basic',
  1810. (
  1811. 'test@test.test',
  1812. 'pass',
  1813. )
  1814. )
  1815. # check before
  1816. res = self.testapp.get(
  1817. '/api/v2/users/{}'.format(user_id),
  1818. status=200
  1819. )
  1820. res = res.json_body
  1821. assert res['user_id'] == user_id
  1822. assert res['profile'] == 'users'
  1823. # Set params
  1824. params = {
  1825. 'profile': 'administrators',
  1826. }
  1827. self.testapp.put_json(
  1828. '/api/v2/users/{}/profile'.format(user_id),
  1829. params=params,
  1830. status=403,
  1831. )
  1832. # Check After
  1833. res = self.testapp.get(
  1834. '/api/v2/users/{}'.format(user_id),
  1835. status=200
  1836. )
  1837. res = res.json_body
  1838. assert res['user_id'] == user_id
  1839. assert res['profile'] == 'users'
  1840. def test_api__set_user_email__err_403__other_normal_user(self):
  1841. dbsession = get_tm_session(self.session_factory, transaction.manager)
  1842. admin = dbsession.query(models.User) \
  1843. .filter(models.User.email == 'admin@admin.admin') \
  1844. .one()
  1845. uapi = UserApi(
  1846. current_user=admin,
  1847. session=dbsession,
  1848. config=self.app_config,
  1849. )
  1850. gapi = GroupApi(
  1851. current_user=admin,
  1852. session=dbsession,
  1853. config=self.app_config,
  1854. )
  1855. groups = [gapi.get_one_with_name('users')]
  1856. test_user = uapi.create_user(
  1857. email='test@test.test',
  1858. password='pass',
  1859. name='bob',
  1860. groups=groups,
  1861. timezone='Europe/Paris',
  1862. do_save=True,
  1863. do_notify=False,
  1864. )
  1865. test_user2 = uapi.create_user(
  1866. email='test2@test2.test2',
  1867. password='pass',
  1868. name='test',
  1869. groups=groups,
  1870. timezone='Europe/Paris',
  1871. do_save=True,
  1872. do_notify=False,
  1873. )
  1874. uapi.save(test_user2)
  1875. uapi.save(test_user)
  1876. transaction.commit()
  1877. user_id = int(test_user.user_id)
  1878. self.testapp.authorization = (
  1879. 'Basic',
  1880. (
  1881. 'test2@test2.test2',
  1882. 'pass',
  1883. )
  1884. )
  1885. # Set params
  1886. params = {
  1887. 'profile': 'administrators',
  1888. }
  1889. self.testapp.put_json(
  1890. '/api/v2/users/{}/profile'.format(user_id),
  1891. params=params,
  1892. status=403,
  1893. )
  1894. class TestSetUserEnableDisableEndpoints(FunctionalTest):
  1895. # -*- coding: utf-8 -*-
  1896. """
  1897. Tests for PUT /api/v2/users/{user_id}/enable
  1898. and PUT /api/v2/users/{user_id}/disable
  1899. """
  1900. fixtures = [BaseFixture]
  1901. def test_api_enable_user__ok_200__admin(self):
  1902. dbsession = get_tm_session(self.session_factory, transaction.manager)
  1903. admin = dbsession.query(models.User) \
  1904. .filter(models.User.email == 'admin@admin.admin') \
  1905. .one()
  1906. uapi = UserApi(
  1907. current_user=admin,
  1908. session=dbsession,
  1909. config=self.app_config,
  1910. )
  1911. gapi = GroupApi(
  1912. current_user=admin,
  1913. session=dbsession,
  1914. config=self.app_config,
  1915. )
  1916. groups = [gapi.get_one_with_name('users')]
  1917. test_user = uapi.create_user(
  1918. email='test@test.test',
  1919. password='pass',
  1920. name='bob',
  1921. groups=groups,
  1922. timezone='Europe/Paris',
  1923. do_save=True,
  1924. do_notify=False,
  1925. )
  1926. uapi.disable(test_user, do_save=True)
  1927. uapi.save(test_user)
  1928. transaction.commit()
  1929. user_id = int(test_user.user_id)
  1930. self.testapp.authorization = (
  1931. 'Basic',
  1932. (
  1933. 'admin@admin.admin',
  1934. 'admin@admin.admin'
  1935. )
  1936. )
  1937. # check before
  1938. res = self.testapp.get(
  1939. '/api/v2/users/{}'.format(user_id),
  1940. status=200
  1941. )
  1942. res = res.json_body
  1943. assert res['user_id'] == user_id
  1944. assert res['is_active'] is False
  1945. self.testapp.put_json(
  1946. '/api/v2/users/{}/enable'.format(user_id),
  1947. status=204,
  1948. )
  1949. # Check After
  1950. res = self.testapp.get(
  1951. '/api/v2/users/{}'.format(user_id),
  1952. status=200
  1953. )
  1954. res = res.json_body
  1955. assert res['user_id'] == user_id
  1956. assert res['is_active'] is True
  1957. def test_api_disable_user__ok_200__admin(self):
  1958. dbsession = get_tm_session(self.session_factory, transaction.manager)
  1959. admin = dbsession.query(models.User) \
  1960. .filter(models.User.email == 'admin@admin.admin') \
  1961. .one()
  1962. uapi = UserApi(
  1963. current_user=admin,
  1964. session=dbsession,
  1965. config=self.app_config,
  1966. )
  1967. gapi = GroupApi(
  1968. current_user=admin,
  1969. session=dbsession,
  1970. config=self.app_config,
  1971. )
  1972. groups = [gapi.get_one_with_name('users')]
  1973. test_user = uapi.create_user(
  1974. email='test@test.test',
  1975. password='pass',
  1976. name='bob',
  1977. groups=groups,
  1978. timezone='Europe/Paris',
  1979. do_save=True,
  1980. do_notify=False,
  1981. )
  1982. uapi.enable(test_user, do_save=True)
  1983. uapi.save(test_user)
  1984. transaction.commit()
  1985. user_id = int(test_user.user_id)
  1986. self.testapp.authorization = (
  1987. 'Basic',
  1988. (
  1989. 'admin@admin.admin',
  1990. 'admin@admin.admin'
  1991. )
  1992. )
  1993. # check before
  1994. res = self.testapp.get(
  1995. '/api/v2/users/{}'.format(user_id),
  1996. status=200
  1997. )
  1998. res = res.json_body
  1999. assert res['user_id'] == user_id
  2000. assert res['is_active'] is True
  2001. self.testapp.put_json(
  2002. '/api/v2/users/{}/disable'.format(user_id),
  2003. status=204,
  2004. )
  2005. # Check After
  2006. res = self.testapp.get(
  2007. '/api/v2/users/{}'.format(user_id),
  2008. status=200
  2009. )
  2010. res = res.json_body
  2011. assert res['user_id'] == user_id
  2012. assert res['is_active'] is False
  2013. def test_api_enable_user__err_403__other_account(self):
  2014. dbsession = get_tm_session(self.session_factory, transaction.manager)
  2015. admin = dbsession.query(models.User) \
  2016. .filter(models.User.email == 'admin@admin.admin') \
  2017. .one()
  2018. uapi = UserApi(
  2019. current_user=admin,
  2020. session=dbsession,
  2021. config=self.app_config,
  2022. )
  2023. gapi = GroupApi(
  2024. current_user=admin,
  2025. session=dbsession,
  2026. config=self.app_config,
  2027. )
  2028. groups = [gapi.get_one_with_name('users')]
  2029. test_user = uapi.create_user(
  2030. email='test@test.test',
  2031. password='pass',
  2032. name='bob',
  2033. groups=groups,
  2034. timezone='Europe/Paris',
  2035. do_save=True,
  2036. do_notify=False,
  2037. )
  2038. test_user2 = uapi.create_user(
  2039. email='test2@test2.test2',
  2040. password='pass',
  2041. name='test2',
  2042. groups=groups,
  2043. timezone='Europe/Paris',
  2044. do_save=True,
  2045. do_notify=False,
  2046. )
  2047. uapi.disable(test_user, do_save=True)
  2048. uapi.save(test_user2)
  2049. uapi.save(test_user)
  2050. transaction.commit()
  2051. user_id = int(test_user.user_id)
  2052. self.testapp.authorization = (
  2053. 'Basic',
  2054. (
  2055. 'test2@test2.test2',
  2056. 'pass'
  2057. )
  2058. )
  2059. self.testapp.put_json(
  2060. '/api/v2/users/{}/enable'.format(user_id),
  2061. status=403,
  2062. )
  2063. def test_api_disable_user__err_403__other_account(self):
  2064. dbsession = get_tm_session(self.session_factory, transaction.manager)
  2065. admin = dbsession.query(models.User) \
  2066. .filter(models.User.email == 'admin@admin.admin') \
  2067. .one()
  2068. uapi = UserApi(
  2069. current_user=admin,
  2070. session=dbsession,
  2071. config=self.app_config,
  2072. )
  2073. gapi = GroupApi(
  2074. current_user=admin,
  2075. session=dbsession,
  2076. config=self.app_config,
  2077. )
  2078. groups = [gapi.get_one_with_name('users')]
  2079. test_user = uapi.create_user(
  2080. email='test@test.test',
  2081. password='pass',
  2082. name='bob',
  2083. groups=groups,
  2084. timezone='Europe/Paris',
  2085. do_save=True,
  2086. do_notify=False,
  2087. )
  2088. test_user2 = uapi.create_user(
  2089. email='test2@test2.test2',
  2090. password='pass',
  2091. name='test2',
  2092. groups=groups,
  2093. timezone='Europe/Paris',
  2094. do_save=True,
  2095. do_notify=False,
  2096. )
  2097. uapi.enable(test_user, do_save=True)
  2098. uapi.save(test_user2)
  2099. uapi.save(test_user)
  2100. transaction.commit()
  2101. user_id = int(test_user.user_id)
  2102. self.testapp.authorization = (
  2103. 'Basic',
  2104. (
  2105. 'test2@test2.test2',
  2106. 'pass'
  2107. )
  2108. )
  2109. self.testapp.put_json(
  2110. '/api/v2/users/{}/disable'.format(user_id),
  2111. status=403,
  2112. )
  2113. def test_api_disable_user__ok_200__user_itself(self):
  2114. dbsession = get_tm_session(self.session_factory, transaction.manager)
  2115. admin = dbsession.query(models.User) \
  2116. .filter(models.User.email == 'admin@admin.admin') \
  2117. .one()
  2118. uapi = UserApi(
  2119. current_user=admin,
  2120. session=dbsession,
  2121. config=self.app_config,
  2122. )
  2123. gapi = GroupApi(
  2124. current_user=admin,
  2125. session=dbsession,
  2126. config=self.app_config,
  2127. )
  2128. groups = [gapi.get_one_with_name('users')]
  2129. test_user = uapi.create_user(
  2130. email='test@test.test',
  2131. password='pass',
  2132. name='bob',
  2133. groups=groups,
  2134. timezone='Europe/Paris',
  2135. do_save=True,
  2136. do_notify=False,
  2137. )
  2138. uapi.enable(test_user, do_save=True)
  2139. uapi.save(test_user)
  2140. transaction.commit()
  2141. user_id = int(test_user.user_id)
  2142. self.testapp.authorization = (
  2143. 'Basic',
  2144. (
  2145. 'test@test.test',
  2146. 'pass'
  2147. )
  2148. )
  2149. # check before
  2150. res = self.testapp.get(
  2151. '/api/v2/users/{}'.format(user_id),
  2152. status=200
  2153. )
  2154. res = res.json_body
  2155. assert res['user_id'] == user_id
  2156. assert res['is_active'] is True
  2157. self.testapp.put_json(
  2158. '/api/v2/users/{}/disable'.format(user_id),
  2159. status=403,
  2160. )
  2161. # Check After
  2162. res = self.testapp.get(
  2163. '/api/v2/users/{}'.format(user_id),
  2164. status=200
  2165. )
  2166. res = res.json_body
  2167. assert res['user_id'] == user_id
  2168. assert res['is_active'] is True