test_user.py 138KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598599600601602603604605606607608609610611612613614615616617618619620621622623624625626627628629630631632633634635636637638639640641642643644645646647648649650651652653654655656657658659660661662663664665666667668669670671672673674675676677678679680681682683684685686687688689690691692693694695696697698699700701702703704705706707708709710711712713714715716717718719720721722723724725726727728729730731732733734735736737738739740741742743744745746747748749750751752753754755756757758759760761762763764765766767768769770771772773774775776777778779780781782783784785786787788789790791792793794795796797798799800801802803804805806807808809810811812813814815816817818819820821822823824825826827828829830831832833834835836837838839840841842843844845846847848849850851852853854855856857858859860861862863864865866867868869870871872873874875876877878879880881882883884885886887888889890891892893894895896897898899900901902903904905906907908909910911912913914915916917918919920921922923924925926927928929930931932933934935936937938939940941942943944945946947948949950951952953954955956957958959960961962963964965966967968969970971972973974975976977978979980981982983984985986987988989990991992993994995996997998999100010011002100310041005100610071008100910101011101210131014101510161017101810191020102110221023102410251026102710281029103010311032103310341035103610371038103910401041104210431044104510461047104810491050105110521053105410551056105710581059106010611062106310641065106610671068106910701071107210731074107510761077107810791080108110821083108410851086108710881089109010911092109310941095109610971098109911001101110211031104110511061107110811091110111111121113111411151116111711181119112011211122112311241125112611271128112911301131113211331134113511361137113811391140114111421143114411451146114711481149115011511152115311541155115611571158115911601161116211631164116511661167116811691170117111721173117411751176117711781179118011811182118311841185118611871188118911901191119211931194119511961197119811991200120112021203120412051206120712081209121012111212121312141215121612171218121912201221122212231224122512261227122812291230123112321233123412351236123712381239124012411242124312441245124612471248124912501251125212531254125512561257125812591260126112621263126412651266126712681269127012711272127312741275127612771278127912801281128212831284128512861287128812891290129112921293129412951296129712981299130013011302130313041305130613071308130913101311131213131314131513161317131813191320132113221323132413251326132713281329133013311332133313341335133613371338133913401341134213431344134513461347134813491350135113521353135413551356135713581359136013611362136313641365136613671368136913701371137213731374137513761377137813791380138113821383138413851386138713881389139013911392139313941395139613971398139914001401140214031404140514061407140814091410141114121413141414151416141714181419142014211422142314241425142614271428142914301431143214331434143514361437143814391440144114421443144414451446144714481449145014511452145314541455145614571458145914601461146214631464146514661467146814691470147114721473147414751476147714781479148014811482148314841485148614871488148914901491149214931494149514961497149814991500150115021503150415051506150715081509151015111512151315141515151615171518151915201521152215231524152515261527152815291530153115321533153415351536153715381539154015411542154315441545154615471548154915501551155215531554155515561557155815591560156115621563156415651566156715681569157015711572157315741575157615771578157915801581158215831584158515861587158815891590159115921593159415951596159715981599160016011602160316041605160616071608160916101611161216131614161516161617161816191620162116221623162416251626162716281629163016311632163316341635163616371638163916401641164216431644164516461647164816491650165116521653165416551656165716581659166016611662166316641665166616671668166916701671167216731674167516761677167816791680168116821683168416851686168716881689169016911692169316941695169616971698169917001701170217031704170517061707170817091710171117121713171417151716171717181719172017211722172317241725172617271728172917301731173217331734173517361737173817391740174117421743174417451746174717481749175017511752175317541755175617571758175917601761176217631764176517661767176817691770177117721773177417751776177717781779178017811782178317841785178617871788178917901791179217931794179517961797179817991800180118021803180418051806180718081809181018111812181318141815181618171818181918201821182218231824182518261827182818291830183118321833183418351836183718381839184018411842184318441845184618471848184918501851185218531854185518561857185818591860186118621863186418651866186718681869187018711872187318741875187618771878187918801881188218831884188518861887188818891890189118921893189418951896189718981899190019011902190319041905190619071908190919101911191219131914191519161917191819191920192119221923192419251926192719281929193019311932193319341935193619371938193919401941194219431944194519461947194819491950195119521953195419551956195719581959196019611962196319641965196619671968196919701971197219731974197519761977197819791980198119821983198419851986198719881989199019911992199319941995199619971998199920002001200220032004200520062007200820092010201120122013201420152016201720182019202020212022202320242025202620272028202920302031203220332034203520362037203820392040204120422043204420452046204720482049205020512052205320542055205620572058205920602061206220632064206520662067206820692070207120722073207420752076207720782079208020812082208320842085208620872088208920902091209220932094209520962097209820992100210121022103210421052106210721082109211021112112211321142115211621172118211921202121212221232124212521262127212821292130213121322133213421352136213721382139214021412142214321442145214621472148214921502151215221532154215521562157215821592160216121622163216421652166216721682169217021712172217321742175217621772178217921802181218221832184218521862187218821892190219121922193219421952196219721982199220022012202220322042205220622072208220922102211221222132214221522162217221822192220222122222223222422252226222722282229223022312232223322342235223622372238223922402241224222432244224522462247224822492250225122522253225422552256225722582259226022612262226322642265226622672268226922702271227222732274227522762277227822792280228122822283228422852286228722882289229022912292229322942295229622972298229923002301230223032304230523062307230823092310231123122313231423152316231723182319232023212322232323242325232623272328232923302331233223332334233523362337233823392340234123422343234423452346234723482349235023512352235323542355235623572358235923602361236223632364236523662367236823692370237123722373237423752376237723782379238023812382238323842385238623872388238923902391239223932394239523962397239823992400240124022403240424052406240724082409241024112412241324142415241624172418241924202421242224232424242524262427242824292430243124322433243424352436243724382439244024412442244324442445244624472448244924502451245224532454245524562457245824592460246124622463246424652466246724682469247024712472247324742475247624772478247924802481248224832484248524862487248824892490249124922493249424952496249724982499250025012502250325042505250625072508250925102511251225132514251525162517251825192520252125222523252425252526252725282529253025312532253325342535253625372538253925402541254225432544254525462547254825492550255125522553255425552556255725582559256025612562256325642565256625672568256925702571257225732574257525762577257825792580258125822583258425852586258725882589259025912592259325942595259625972598259926002601260226032604260526062607260826092610261126122613261426152616261726182619262026212622262326242625262626272628262926302631263226332634263526362637263826392640264126422643264426452646264726482649265026512652265326542655265626572658265926602661266226632664266526662667266826692670267126722673267426752676267726782679268026812682268326842685268626872688268926902691269226932694269526962697269826992700270127022703270427052706270727082709271027112712271327142715271627172718271927202721272227232724272527262727272827292730273127322733273427352736273727382739274027412742274327442745274627472748274927502751275227532754275527562757275827592760276127622763276427652766276727682769277027712772277327742775277627772778277927802781278227832784278527862787278827892790279127922793279427952796279727982799280028012802280328042805280628072808280928102811281228132814281528162817281828192820282128222823282428252826282728282829283028312832283328342835283628372838283928402841284228432844284528462847284828492850285128522853285428552856285728582859286028612862286328642865286628672868286928702871287228732874287528762877287828792880288128822883288428852886288728882889289028912892289328942895289628972898289929002901290229032904290529062907290829092910291129122913291429152916291729182919292029212922292329242925292629272928292929302931293229332934293529362937293829392940294129422943294429452946294729482949295029512952295329542955295629572958295929602961296229632964296529662967296829692970297129722973297429752976297729782979298029812982298329842985298629872988298929902991299229932994299529962997299829993000300130023003300430053006300730083009301030113012301330143015301630173018301930203021302230233024302530263027302830293030303130323033303430353036303730383039304030413042304330443045304630473048304930503051305230533054305530563057305830593060306130623063306430653066306730683069307030713072307330743075307630773078307930803081308230833084308530863087308830893090309130923093309430953096309730983099310031013102310331043105310631073108310931103111311231133114311531163117311831193120312131223123312431253126312731283129313031313132313331343135313631373138313931403141314231433144314531463147314831493150315131523153315431553156315731583159316031613162316331643165316631673168316931703171317231733174317531763177317831793180318131823183318431853186318731883189319031913192319331943195319631973198319932003201320232033204320532063207320832093210321132123213321432153216321732183219322032213222322332243225322632273228322932303231323232333234323532363237323832393240324132423243324432453246324732483249325032513252325332543255325632573258325932603261326232633264326532663267326832693270327132723273327432753276327732783279328032813282328332843285328632873288328932903291329232933294329532963297329832993300330133023303330433053306330733083309331033113312331333143315331633173318331933203321332233233324332533263327332833293330333133323333333433353336333733383339334033413342334333443345334633473348334933503351335233533354335533563357335833593360336133623363336433653366336733683369337033713372337333743375337633773378337933803381338233833384338533863387338833893390339133923393339433953396339733983399340034013402340334043405340634073408340934103411341234133414341534163417341834193420342134223423342434253426342734283429343034313432343334343435343634373438343934403441344234433444344534463447344834493450345134523453345434553456345734583459346034613462346334643465346634673468346934703471347234733474347534763477347834793480348134823483348434853486348734883489349034913492349334943495349634973498349935003501350235033504350535063507350835093510351135123513351435153516351735183519352035213522352335243525352635273528352935303531353235333534353535363537353835393540354135423543354435453546354735483549355035513552355335543555355635573558355935603561356235633564356535663567356835693570357135723573357435753576357735783579358035813582358335843585358635873588358935903591359235933594359535963597359835993600360136023603360436053606360736083609361036113612361336143615361636173618361936203621362236233624362536263627362836293630363136323633363436353636363736383639364036413642364336443645364636473648364936503651365236533654365536563657365836593660366136623663366436653666366736683669367036713672367336743675367636773678367936803681368236833684368536863687368836893690369136923693369436953696369736983699370037013702370337043705370637073708370937103711371237133714371537163717371837193720372137223723372437253726372737283729373037313732373337343735373637373738373937403741374237433744374537463747374837493750375137523753375437553756375737583759376037613762376337643765376637673768376937703771377237733774377537763777377837793780378137823783378437853786378737883789379037913792379337943795379637973798379938003801380238033804380538063807380838093810381138123813381438153816381738183819382038213822382338243825382638273828382938303831383238333834383538363837383838393840384138423843384438453846384738483849385038513852385338543855385638573858385938603861386238633864386538663867386838693870387138723873387438753876387738783879388038813882388338843885388638873888388938903891389238933894389538963897389838993900390139023903390439053906390739083909391039113912391339143915391639173918391939203921392239233924392539263927
  1. # -*- coding: utf-8 -*-
  2. """
  3. Tests for /api/v2/users subpath endpoints.
  4. """
  5. from time import sleep
  6. import pytest
  7. import transaction
  8. from tracim_backend import models
  9. from tracim_backend.lib.core.content import ContentApi
  10. from tracim_backend.lib.core.user import UserApi
  11. from tracim_backend.lib.core.group import GroupApi
  12. from tracim_backend.lib.core.userworkspace import RoleApi
  13. from tracim_backend.lib.core.workspace import WorkspaceApi
  14. from tracim_backend.models import get_tm_session
  15. from tracim_backend.models.contents import ContentTypeLegacy as ContentType
  16. from tracim_backend.models.data import UserRoleInWorkspace
  17. from tracim_backend.models.revision_protection import new_revision
  18. from tracim_backend.tests import FunctionalTest
  19. from tracim_backend.fixtures.content import Content as ContentFixtures
  20. from tracim_backend.fixtures.users_and_groups import Base as BaseFixture
  21. class TestUserRecentlyActiveContentEndpoint(FunctionalTest):
  22. """
  23. Tests for /api/v2/users/{user_id}/workspaces/{workspace_id}/contents/recently_active # nopep8
  24. """
  25. fixtures = [BaseFixture]
  26. def test_api__get_recently_active_content__ok__200__admin(self):
  27. # init DB
  28. dbsession = get_tm_session(self.session_factory, transaction.manager)
  29. admin = dbsession.query(models.User) \
  30. .filter(models.User.email == 'admin@admin.admin') \
  31. .one()
  32. workspace_api = WorkspaceApi(
  33. current_user=admin,
  34. session=dbsession,
  35. config=self.app_config
  36. )
  37. workspace = WorkspaceApi(
  38. current_user=admin,
  39. session=dbsession,
  40. config=self.app_config,
  41. ).create_workspace(
  42. 'test workspace',
  43. save_now=True
  44. )
  45. workspace2 = WorkspaceApi(
  46. current_user=admin,
  47. session=dbsession,
  48. config=self.app_config,
  49. ).create_workspace(
  50. 'test workspace2',
  51. save_now=True
  52. )
  53. uapi = UserApi(
  54. current_user=admin,
  55. session=dbsession,
  56. config=self.app_config,
  57. )
  58. gapi = GroupApi(
  59. current_user=admin,
  60. session=dbsession,
  61. config=self.app_config,
  62. )
  63. groups = [gapi.get_one_with_name('users')]
  64. test_user = uapi.create_user(
  65. email='test@test.test',
  66. password='pass',
  67. name='bob',
  68. groups=groups,
  69. timezone='Europe/Paris',
  70. do_save=True,
  71. do_notify=False,
  72. )
  73. rapi = RoleApi(
  74. current_user=admin,
  75. session=dbsession,
  76. config=self.app_config,
  77. )
  78. rapi.create_one(test_user, workspace, UserRoleInWorkspace.READER, False)
  79. api = ContentApi(
  80. current_user=admin,
  81. session=dbsession,
  82. config=self.app_config,
  83. )
  84. main_folder_workspace2 = api.create(ContentType.Folder, workspace2, None, 'Hepla', '', True) # nopep8
  85. main_folder = api.create(ContentType.Folder, workspace, None, 'this is randomized folder', '', True) # nopep8
  86. # creation order test
  87. firstly_created = api.create(ContentType.Page, workspace, main_folder, 'creation_order_test', '', True) # nopep8
  88. secondly_created = api.create(ContentType.Page, workspace, main_folder, 'another creation_order_test', '', True) # nopep8
  89. # update order test
  90. firstly_created_but_recently_updated = api.create(ContentType.Page, workspace, main_folder, 'update_order_test', '', True) # nopep8
  91. secondly_created_but_not_updated = api.create(ContentType.Page, workspace, main_folder, 'another update_order_test', '', True) # nopep8
  92. with new_revision(
  93. session=dbsession,
  94. tm=transaction.manager,
  95. content=firstly_created_but_recently_updated,
  96. ):
  97. firstly_created_but_recently_updated.description = 'Just an update'
  98. api.save(firstly_created_but_recently_updated)
  99. # comment change order
  100. firstly_created_but_recently_commented = api.create(ContentType.Page, workspace, main_folder, 'this is randomized label content', '', True) # nopep8
  101. secondly_created_but_not_commented = api.create(ContentType.Page, workspace, main_folder, 'this is another randomized label content', '', True) # nopep8
  102. comments = api.create_comment(workspace, firstly_created_but_recently_commented, 'juste a super comment', True) # nopep8
  103. content_workspace_2 = api.create(ContentType.Page, workspace2,main_folder_workspace2, 'content_workspace_2', '',True) # nopep8
  104. dbsession.flush()
  105. transaction.commit()
  106. self.testapp.authorization = (
  107. 'Basic',
  108. (
  109. 'admin@admin.admin',
  110. 'admin@admin.admin'
  111. )
  112. )
  113. res = self.testapp.get('/api/v2/users/{user_id}/workspaces/{workspace_id}/contents/recently_active'.format( # nopep8
  114. user_id=test_user.user_id,
  115. workspace_id=workspace.workspace_id
  116. ), status=200)
  117. res = res.json_body
  118. assert len(res) == 7
  119. for elem in res:
  120. assert isinstance(elem['content_id'], int)
  121. assert isinstance(elem['content_type'], str)
  122. assert elem['content_type'] != 'comments'
  123. assert isinstance(elem['is_archived'], bool)
  124. assert isinstance(elem['is_deleted'], bool)
  125. assert isinstance(elem['label'], str)
  126. assert isinstance(elem['parent_id'], int) or elem['parent_id'] is None
  127. assert isinstance(elem['show_in_ui'], bool)
  128. assert isinstance(elem['slug'], str)
  129. assert isinstance(elem['status'], str)
  130. assert isinstance(elem['sub_content_types'], list)
  131. for sub_content_type in elem['sub_content_types']:
  132. assert isinstance(sub_content_type, str)
  133. assert isinstance(elem['workspace_id'], int)
  134. # comment is newest than page2
  135. assert res[0]['content_id'] == firstly_created_but_recently_commented.content_id
  136. assert res[1]['content_id'] == secondly_created_but_not_commented.content_id
  137. # last updated content is newer than other one despite creation
  138. # of the other is more recent
  139. assert res[2]['content_id'] == firstly_created_but_recently_updated.content_id
  140. assert res[3]['content_id'] == secondly_created_but_not_updated.content_id
  141. # creation order is inverted here as last created is last active
  142. assert res[4]['content_id'] == secondly_created.content_id
  143. assert res[5]['content_id'] == firstly_created.content_id
  144. # folder subcontent modification does not change folder order
  145. assert res[6]['content_id'] == main_folder.content_id
  146. def test_api__get_recently_active_content__err__400__no_access_to_workspace(self):
  147. # init DB
  148. dbsession = get_tm_session(self.session_factory, transaction.manager)
  149. admin = dbsession.query(models.User) \
  150. .filter(models.User.email == 'admin@admin.admin') \
  151. .one()
  152. workspace_api = WorkspaceApi(
  153. current_user=admin,
  154. session=dbsession,
  155. config=self.app_config
  156. )
  157. workspace = WorkspaceApi(
  158. current_user=admin,
  159. session=dbsession,
  160. config=self.app_config,
  161. ).create_workspace(
  162. 'test workspace',
  163. save_now=True
  164. )
  165. workspace2 = WorkspaceApi(
  166. current_user=admin,
  167. session=dbsession,
  168. config=self.app_config,
  169. ).create_workspace(
  170. 'test workspace2',
  171. save_now=True
  172. )
  173. uapi = UserApi(
  174. current_user=admin,
  175. session=dbsession,
  176. config=self.app_config,
  177. )
  178. gapi = GroupApi(
  179. current_user=admin,
  180. session=dbsession,
  181. config=self.app_config,
  182. )
  183. groups = [gapi.get_one_with_name('users')]
  184. test_user = uapi.create_user(
  185. email='test@test.test',
  186. password='pass',
  187. name='bob',
  188. groups=groups,
  189. timezone='Europe/Paris',
  190. do_save=True,
  191. do_notify=False,
  192. )
  193. api = ContentApi(
  194. current_user=admin,
  195. session=dbsession,
  196. config=self.app_config,
  197. )
  198. main_folder_workspace2 = api.create(ContentType.Folder, workspace2, None, 'Hepla', '', True) # nopep8
  199. main_folder = api.create(ContentType.Folder, workspace, None, 'this is randomized folder', '', True) # nopep8
  200. # creation order test
  201. firstly_created = api.create(ContentType.Page, workspace, main_folder, 'creation_order_test', '', True) # nopep8
  202. secondly_created = api.create(ContentType.Page, workspace, main_folder, 'another creation_order_test', '', True) # nopep8
  203. # update order test
  204. firstly_created_but_recently_updated = api.create(ContentType.Page, workspace, main_folder, 'update_order_test', '', True) # nopep8
  205. secondly_created_but_not_updated = api.create(ContentType.Page, workspace, main_folder, 'another update_order_test', '', True) # nopep8
  206. with new_revision(
  207. session=dbsession,
  208. tm=transaction.manager,
  209. content=firstly_created_but_recently_updated,
  210. ):
  211. firstly_created_but_recently_updated.description = 'Just an update'
  212. api.save(firstly_created_but_recently_updated)
  213. # comment change order
  214. firstly_created_but_recently_commented = api.create(ContentType.Page, workspace, main_folder, 'this is randomized label content', '', True) # nopep8
  215. secondly_created_but_not_commented = api.create(ContentType.Page, workspace, main_folder, 'this is another randomized label content', '', True) # nopep8
  216. comments = api.create_comment(workspace, firstly_created_but_recently_commented, 'juste a super comment', True) # nopep8
  217. content_workspace_2 = api.create(ContentType.Page, workspace2,main_folder_workspace2, 'content_workspace_2', '',True) # nopep8
  218. dbsession.flush()
  219. transaction.commit()
  220. self.testapp.authorization = (
  221. 'Basic',
  222. (
  223. 'admin@admin.admin',
  224. 'admin@admin.admin'
  225. )
  226. )
  227. res = self.testapp.get('/api/v2/users/{user_id}/workspaces/{workspace_id}/contents/recently_active'.format( # nopep8
  228. user_id=test_user.user_id,
  229. workspace_id=workspace.workspace_id
  230. ), status=400)
  231. def test_api__get_recently_active_content__ok__200__user_itself(self):
  232. # init DB
  233. dbsession = get_tm_session(self.session_factory, transaction.manager)
  234. admin = dbsession.query(models.User) \
  235. .filter(models.User.email == 'admin@admin.admin') \
  236. .one()
  237. workspace_api = WorkspaceApi(
  238. current_user=admin,
  239. session=dbsession,
  240. config=self.app_config
  241. )
  242. workspace = WorkspaceApi(
  243. current_user=admin,
  244. session=dbsession,
  245. config=self.app_config,
  246. ).create_workspace(
  247. 'test workspace',
  248. save_now=True
  249. )
  250. workspace2 = WorkspaceApi(
  251. current_user=admin,
  252. session=dbsession,
  253. config=self.app_config,
  254. ).create_workspace(
  255. 'test workspace2',
  256. save_now=True
  257. )
  258. uapi = UserApi(
  259. current_user=admin,
  260. session=dbsession,
  261. config=self.app_config,
  262. )
  263. gapi = GroupApi(
  264. current_user=admin,
  265. session=dbsession,
  266. config=self.app_config,
  267. )
  268. groups = [gapi.get_one_with_name('users')]
  269. test_user = uapi.create_user(
  270. email='test@test.test',
  271. password='pass',
  272. name='bob',
  273. groups=groups,
  274. timezone='Europe/Paris',
  275. do_save=True,
  276. do_notify=False,
  277. )
  278. rapi = RoleApi(
  279. current_user=admin,
  280. session=dbsession,
  281. config=self.app_config,
  282. )
  283. rapi.create_one(test_user, workspace, UserRoleInWorkspace.READER, False)
  284. api = ContentApi(
  285. current_user=admin,
  286. session=dbsession,
  287. config=self.app_config,
  288. )
  289. main_folder_workspace2 = api.create(ContentType.Folder, workspace2, None, 'Hepla', '', True) # nopep8
  290. main_folder = api.create(ContentType.Folder, workspace, None, 'this is randomized folder', '', True) # nopep8
  291. # creation order test
  292. firstly_created = api.create(ContentType.Page, workspace, main_folder, 'creation_order_test', '', True) # nopep8
  293. secondly_created = api.create(ContentType.Page, workspace, main_folder, 'another creation_order_test', '', True) # nopep8
  294. # update order test
  295. firstly_created_but_recently_updated = api.create(ContentType.Page, workspace, main_folder, 'update_order_test', '', True) # nopep8
  296. secondly_created_but_not_updated = api.create(ContentType.Page, workspace, main_folder, 'another update_order_test', '', True) # nopep8
  297. with new_revision(
  298. session=dbsession,
  299. tm=transaction.manager,
  300. content=firstly_created_but_recently_updated,
  301. ):
  302. firstly_created_but_recently_updated.description = 'Just an update'
  303. api.save(firstly_created_but_recently_updated)
  304. # comment change order
  305. firstly_created_but_recently_commented = api.create(ContentType.Page, workspace, main_folder, 'this is randomized label content', '', True) # nopep8
  306. secondly_created_but_not_commented = api.create(ContentType.Page, workspace, main_folder, 'this is another randomized label content', '', True) # nopep8
  307. comments = api.create_comment(workspace, firstly_created_but_recently_commented, 'juste a super comment', True) # nopep8
  308. content_workspace_2 = api.create(ContentType.Page, workspace2,main_folder_workspace2, 'content_workspace_2', '',True) # nopep8
  309. dbsession.flush()
  310. transaction.commit()
  311. self.testapp.authorization = (
  312. 'Basic',
  313. (
  314. 'test@test.test',
  315. 'pass'
  316. )
  317. )
  318. res = self.testapp.get('/api/v2/users/{user_id}/workspaces/{workspace_id}/contents/recently_active'.format( # nopep8
  319. user_id=test_user.user_id,
  320. workspace_id=workspace.workspace_id
  321. ), status=200)
  322. res = res.json_body
  323. assert len(res) == 7
  324. for elem in res:
  325. assert isinstance(elem['content_id'], int)
  326. assert isinstance(elem['content_type'], str)
  327. assert elem['content_type'] != 'comments'
  328. assert isinstance(elem['is_archived'], bool)
  329. assert isinstance(elem['is_deleted'], bool)
  330. assert isinstance(elem['label'], str)
  331. assert isinstance(elem['parent_id'], int) or elem['parent_id'] is None
  332. assert isinstance(elem['show_in_ui'], bool)
  333. assert isinstance(elem['slug'], str)
  334. assert isinstance(elem['status'], str)
  335. assert isinstance(elem['sub_content_types'], list)
  336. for sub_content_type in elem['sub_content_types']:
  337. assert isinstance(sub_content_type, str)
  338. assert isinstance(elem['workspace_id'], int)
  339. # comment is newest than page2
  340. assert res[0]['content_id'] == firstly_created_but_recently_commented.content_id
  341. assert res[1]['content_id'] == secondly_created_but_not_commented.content_id
  342. # last updated content is newer than other one despite creation
  343. # of the other is more recent
  344. assert res[2]['content_id'] == firstly_created_but_recently_updated.content_id
  345. assert res[3]['content_id'] == secondly_created_but_not_updated.content_id
  346. # creation order is inverted here as last created is last active
  347. assert res[4]['content_id'] == secondly_created.content_id
  348. assert res[5]['content_id'] == firstly_created.content_id
  349. # folder subcontent modification does not change folder order
  350. assert res[6]['content_id'] == main_folder.content_id
  351. def test_api__get_recently_active_content__ok__200__other_user(self):
  352. # init DB
  353. dbsession = get_tm_session(self.session_factory, transaction.manager)
  354. admin = dbsession.query(models.User) \
  355. .filter(models.User.email == 'admin@admin.admin') \
  356. .one()
  357. workspace_api = WorkspaceApi(
  358. current_user=admin,
  359. session=dbsession,
  360. config=self.app_config
  361. )
  362. workspace = WorkspaceApi(
  363. current_user=admin,
  364. session=dbsession,
  365. config=self.app_config,
  366. ).create_workspace(
  367. 'test workspace',
  368. save_now=True
  369. )
  370. workspace2 = WorkspaceApi(
  371. current_user=admin,
  372. session=dbsession,
  373. config=self.app_config,
  374. ).create_workspace(
  375. 'test workspace2',
  376. save_now=True
  377. )
  378. uapi = UserApi(
  379. current_user=admin,
  380. session=dbsession,
  381. config=self.app_config,
  382. )
  383. gapi = GroupApi(
  384. current_user=admin,
  385. session=dbsession,
  386. config=self.app_config,
  387. )
  388. groups = [gapi.get_one_with_name('users')]
  389. test_user = uapi.create_user(
  390. email='test@test.test',
  391. password='pass',
  392. name='bob',
  393. groups=groups,
  394. timezone='Europe/Paris',
  395. do_save=True,
  396. do_notify=False,
  397. )
  398. rapi = RoleApi(
  399. current_user=admin,
  400. session=dbsession,
  401. config=self.app_config,
  402. )
  403. rapi.create_one(test_user, workspace, UserRoleInWorkspace.READER, False)
  404. api = ContentApi(
  405. current_user=admin,
  406. session=dbsession,
  407. config=self.app_config,
  408. )
  409. main_folder_workspace2 = api.create(ContentType.Folder, workspace2, None, 'Hepla', '', True) # nopep8
  410. main_folder = api.create(ContentType.Folder, workspace, None, 'this is randomized folder', '', True) # nopep8
  411. # creation order test
  412. firstly_created = api.create(ContentType.Page, workspace, main_folder, 'creation_order_test', '', True) # nopep8
  413. secondly_created = api.create(ContentType.Page, workspace, main_folder, 'another creation_order_test', '', True) # nopep8
  414. # update order test
  415. firstly_created_but_recently_updated = api.create(ContentType.Page, workspace, main_folder, 'update_order_test', '', True) # nopep8
  416. secondly_created_but_not_updated = api.create(ContentType.Page, workspace, main_folder, 'another update_order_test', '', True) # nopep8
  417. with new_revision(
  418. session=dbsession,
  419. tm=transaction.manager,
  420. content=firstly_created_but_recently_updated,
  421. ):
  422. firstly_created_but_recently_updated.description = 'Just an update'
  423. api.save(firstly_created_but_recently_updated)
  424. # comment change order
  425. firstly_created_but_recently_commented = api.create(ContentType.Page, workspace, main_folder, 'this is randomized label content', '', True) # nopep8
  426. secondly_created_but_not_commented = api.create(ContentType.Page, workspace, main_folder, 'this is another randomized label content', '', True) # nopep8
  427. comments = api.create_comment(workspace, firstly_created_but_recently_commented, 'juste a super comment', True) # nopep8
  428. content_workspace_2 = api.create(ContentType.Page, workspace2,main_folder_workspace2, 'content_workspace_2', '',True) # nopep8
  429. dbsession.flush()
  430. transaction.commit()
  431. self.testapp.authorization = (
  432. 'Basic',
  433. (
  434. 'test@test.test',
  435. 'pass'
  436. )
  437. )
  438. res = self.testapp.get('/api/v2/users/{user_id}/workspaces/{workspace_id}/contents/recently_active'.format( # nopep8
  439. user_id=admin.user_id,
  440. workspace_id=workspace.workspace_id
  441. ), status=403)
  442. def test_api__get_recently_active_content__ok__200__limit_2_multiple(self):
  443. # TODO - G.M - 2018-07-20 - Better fix for this test, do not use sleep()
  444. # anymore to fix datetime lack of precision.
  445. # init DB
  446. dbsession = get_tm_session(self.session_factory, transaction.manager)
  447. admin = dbsession.query(models.User) \
  448. .filter(models.User.email == 'admin@admin.admin') \
  449. .one()
  450. workspace_api = WorkspaceApi(
  451. current_user=admin,
  452. session=dbsession,
  453. config=self.app_config
  454. )
  455. workspace = WorkspaceApi(
  456. current_user=admin,
  457. session=dbsession,
  458. config=self.app_config,
  459. ).create_workspace(
  460. 'test workspace',
  461. save_now=True
  462. )
  463. workspace2 = WorkspaceApi(
  464. current_user=admin,
  465. session=dbsession,
  466. config=self.app_config,
  467. ).create_workspace(
  468. 'test workspace2',
  469. save_now=True
  470. )
  471. api = ContentApi(
  472. current_user=admin,
  473. session=dbsession,
  474. config=self.app_config,
  475. )
  476. main_folder_workspace2 = api.create(ContentType.Folder, workspace2, None, 'Hepla', '', True) # nopep8
  477. main_folder = api.create(ContentType.Folder, workspace, None, 'this is randomized folder', '', True) # nopep8
  478. # creation order test
  479. firstly_created = api.create(ContentType.Page, workspace, main_folder, 'creation_order_test', '', True) # nopep8
  480. secondly_created = api.create(ContentType.Page, workspace, main_folder, 'another creation_order_test', '', True) # nopep8
  481. # update order test
  482. firstly_created_but_recently_updated = api.create(ContentType.Page, workspace, main_folder, 'update_order_test', '', True) # nopep8
  483. secondly_created_but_not_updated = api.create(ContentType.Page, workspace, main_folder, 'another update_order_test', '', True) # nopep8
  484. with new_revision(
  485. session=dbsession,
  486. tm=transaction.manager,
  487. content=firstly_created_but_recently_updated,
  488. ):
  489. firstly_created_but_recently_updated.description = 'Just an update'
  490. api.save(firstly_created_but_recently_updated)
  491. # comment change order
  492. firstly_created_but_recently_commented = api.create(ContentType.Page, workspace, main_folder, 'this is randomized label content', '', True) # nopep8
  493. secondly_created_but_not_commented = api.create(ContentType.Page, workspace, main_folder, 'this is another randomized label content', '', True) # nopep8
  494. comments = api.create_comment(workspace, firstly_created_but_recently_commented, 'juste a super comment', True) # nopep8
  495. content_workspace_2 = api.create(ContentType.Page, workspace2,main_folder_workspace2, 'content_workspace_2', '',True) # nopep8
  496. dbsession.flush()
  497. transaction.commit()
  498. self.testapp.authorization = (
  499. 'Basic',
  500. (
  501. 'admin@admin.admin',
  502. 'admin@admin.admin'
  503. )
  504. )
  505. params = {
  506. 'limit': 2,
  507. }
  508. res = self.testapp.get(
  509. '/api/v2/users/1/workspaces/{}/contents/recently_active'.format(workspace.workspace_id), # nopep8
  510. status=200,
  511. params=params
  512. ) # nopep8
  513. res = res.json_body
  514. assert len(res) == 2
  515. for elem in res:
  516. assert isinstance(elem['content_id'], int)
  517. assert isinstance(elem['content_type'], str)
  518. assert elem['content_type'] != 'comments'
  519. assert isinstance(elem['is_archived'], bool)
  520. assert isinstance(elem['is_deleted'], bool)
  521. assert isinstance(elem['label'], str)
  522. assert isinstance(elem['parent_id'], int) or elem['parent_id'] is None
  523. assert isinstance(elem['show_in_ui'], bool)
  524. assert isinstance(elem['slug'], str)
  525. assert isinstance(elem['status'], str)
  526. assert isinstance(elem['sub_content_types'], list)
  527. for sub_content_type in elem['sub_content_types']:
  528. assert isinstance(sub_content_type, str)
  529. assert isinstance(elem['workspace_id'], int)
  530. # comment is newest than page2
  531. assert res[0]['content_id'] == firstly_created_but_recently_commented.content_id
  532. assert res[1]['content_id'] == secondly_created_but_not_commented.content_id
  533. params = {
  534. 'limit': 2,
  535. 'before_content_id': secondly_created_but_not_commented.content_id, # nopep8
  536. }
  537. res = self.testapp.get(
  538. '/api/v2/users/1/workspaces/{}/contents/recently_active'.format(workspace.workspace_id), # nopep8
  539. status=200,
  540. params=params
  541. )
  542. res = res.json_body
  543. assert len(res) == 2
  544. # last updated content is newer than other one despite creation
  545. # of the other is more recent
  546. assert res[0]['content_id'] == firstly_created_but_recently_updated.content_id
  547. assert res[1]['content_id'] == secondly_created_but_not_updated.content_id
  548. def test_api__get_recently_active_content__ok__200__bad_before_content_id_doesnt_exist(self): # nopep8
  549. # TODO - G.M - 2018-07-20 - Better fix for this test, do not use sleep()
  550. # anymore to fix datetime lack of precision.
  551. # init DB
  552. dbsession = get_tm_session(self.session_factory, transaction.manager)
  553. admin = dbsession.query(models.User) \
  554. .filter(models.User.email == 'admin@admin.admin') \
  555. .one()
  556. workspace_api = WorkspaceApi(
  557. current_user=admin,
  558. session=dbsession,
  559. config=self.app_config
  560. )
  561. workspace = WorkspaceApi(
  562. current_user=admin,
  563. session=dbsession,
  564. config=self.app_config,
  565. ).create_workspace(
  566. 'test workspace',
  567. save_now=True
  568. )
  569. workspace2 = WorkspaceApi(
  570. current_user=admin,
  571. session=dbsession,
  572. config=self.app_config,
  573. ).create_workspace(
  574. 'test workspace2',
  575. save_now=True
  576. )
  577. api = ContentApi(
  578. current_user=admin,
  579. session=dbsession,
  580. config=self.app_config,
  581. )
  582. main_folder_workspace2 = api.create(ContentType.Folder, workspace2, None, 'Hepla', '', True) # nopep8
  583. main_folder = api.create(ContentType.Folder, workspace, None, 'this is randomized folder', '', True) # nopep8
  584. # creation order test
  585. firstly_created = api.create(ContentType.Page, workspace, main_folder, 'creation_order_test', '', True) # nopep8
  586. secondly_created = api.create(ContentType.Page, workspace, main_folder, 'another creation_order_test', '', True) # nopep8
  587. # update order test
  588. firstly_created_but_recently_updated = api.create(ContentType.Page, workspace, main_folder, 'update_order_test', '', True) # nopep8
  589. secondly_created_but_not_updated = api.create(ContentType.Page, workspace, main_folder, 'another update_order_test', '', True) # nopep8
  590. with new_revision(
  591. session=dbsession,
  592. tm=transaction.manager,
  593. content=firstly_created_but_recently_updated,
  594. ):
  595. firstly_created_but_recently_updated.description = 'Just an update'
  596. api.save(firstly_created_but_recently_updated)
  597. # comment change order
  598. firstly_created_but_recently_commented = api.create(ContentType.Page, workspace, main_folder, 'this is randomized label content', '', True) # nopep8
  599. secondly_created_but_not_commented = api.create(ContentType.Page, workspace, main_folder, 'this is another randomized label content', '', True) # nopep8
  600. comments = api.create_comment(workspace, firstly_created_but_recently_commented, 'juste a super comment', True) # nopep8
  601. content_workspace_2 = api.create(ContentType.Page, workspace2,main_folder_workspace2, 'content_workspace_2', '',True) # nopep8
  602. dbsession.flush()
  603. transaction.commit()
  604. self.testapp.authorization = (
  605. 'Basic',
  606. (
  607. 'admin@admin.admin',
  608. 'admin@admin.admin'
  609. )
  610. )
  611. params = {
  612. 'before_content_id': 4000
  613. }
  614. res = self.testapp.get(
  615. '/api/v2/users/1/workspaces/{}/contents/recently_active'.format(workspace.workspace_id), # nopep8
  616. status=400,
  617. params=params
  618. )
  619. class TestUserReadStatusEndpoint(FunctionalTest):
  620. """
  621. Tests for /api/v2/users/{user_id}/workspaces/{workspace_id}/contents/read_status # nopep8
  622. """
  623. def test_api__get_read_status__ok__200__admin(self):
  624. # init DB
  625. dbsession = get_tm_session(self.session_factory, transaction.manager)
  626. admin = dbsession.query(models.User) \
  627. .filter(models.User.email == 'admin@admin.admin') \
  628. .one()
  629. workspace_api = WorkspaceApi(
  630. current_user=admin,
  631. session=dbsession,
  632. config=self.app_config
  633. )
  634. workspace = WorkspaceApi(
  635. current_user=admin,
  636. session=dbsession,
  637. config=self.app_config,
  638. ).create_workspace(
  639. 'test workspace',
  640. save_now=True
  641. )
  642. workspace2 = WorkspaceApi(
  643. current_user=admin,
  644. session=dbsession,
  645. config=self.app_config,
  646. ).create_workspace(
  647. 'test workspace2',
  648. save_now=True
  649. )
  650. uapi = UserApi(
  651. current_user=admin,
  652. session=dbsession,
  653. config=self.app_config,
  654. )
  655. gapi = GroupApi(
  656. current_user=admin,
  657. session=dbsession,
  658. config=self.app_config,
  659. )
  660. groups = [gapi.get_one_with_name('users')]
  661. test_user = uapi.create_user(
  662. email='test@test.test',
  663. password='pass',
  664. name='bob',
  665. groups=groups,
  666. timezone='Europe/Paris',
  667. do_save=True,
  668. do_notify=False,
  669. )
  670. rapi = RoleApi(
  671. current_user=admin,
  672. session=dbsession,
  673. config=self.app_config,
  674. )
  675. rapi.create_one(test_user, workspace, UserRoleInWorkspace.READER, False)
  676. api = ContentApi(
  677. current_user=admin,
  678. session=dbsession,
  679. config=self.app_config,
  680. )
  681. main_folder_workspace2 = api.create(ContentType.Folder, workspace2, None, 'Hepla', '', True) # nopep8
  682. main_folder = api.create(ContentType.Folder, workspace, None, 'this is randomized folder', '', True) # nopep8
  683. # creation order test
  684. firstly_created = api.create(ContentType.Page, workspace, main_folder, 'creation_order_test', '', True) # nopep8
  685. secondly_created = api.create(ContentType.Page, workspace, main_folder, 'another creation_order_test', '', True) # nopep8
  686. # update order test
  687. firstly_created_but_recently_updated = api.create(ContentType.Page, workspace, main_folder, 'update_order_test', '', True) # nopep8
  688. secondly_created_but_not_updated = api.create(ContentType.Page, workspace, main_folder, 'another update_order_test', '', True) # nopep8
  689. with new_revision(
  690. session=dbsession,
  691. tm=transaction.manager,
  692. content=firstly_created_but_recently_updated,
  693. ):
  694. firstly_created_but_recently_updated.description = 'Just an update'
  695. api.save(firstly_created_but_recently_updated)
  696. # comment change order
  697. firstly_created_but_recently_commented = api.create(ContentType.Page, workspace, main_folder, 'this is randomized label content', '', True) # nopep8
  698. secondly_created_but_not_commented = api.create(ContentType.Page, workspace, main_folder, 'this is another randomized label content', '', True) # nopep8
  699. comments = api.create_comment(workspace, firstly_created_but_recently_commented, 'juste a super comment', True) # nopep8
  700. content_workspace_2 = api.create(ContentType.Page, workspace2,main_folder_workspace2, 'content_workspace_2', '',True) # nopep8
  701. dbsession.flush()
  702. transaction.commit()
  703. self.testapp.authorization = (
  704. 'Basic',
  705. (
  706. 'admin@admin.admin',
  707. 'admin@admin.admin'
  708. )
  709. )
  710. res = self.testapp.get('/api/v2/users/{user_id}/workspaces/{workspace_id}/contents/read_status'.format( # nopep8
  711. user_id=admin.user_id,
  712. workspace_id=workspace.workspace_id
  713. ), status=200)
  714. res = res.json_body
  715. assert len(res) == 7
  716. for elem in res:
  717. assert isinstance(elem['content_id'], int)
  718. assert isinstance(elem['read_by_user'], bool)
  719. # comment is newest than page2
  720. assert res[0]['content_id'] == firstly_created_but_recently_commented.content_id
  721. assert res[1]['content_id'] == secondly_created_but_not_commented.content_id
  722. # last updated content is newer than other one despite creation
  723. # of the other is more recent
  724. assert res[2]['content_id'] == firstly_created_but_recently_updated.content_id
  725. assert res[3]['content_id'] == secondly_created_but_not_updated.content_id
  726. # creation order is inverted here as last created is last active
  727. assert res[4]['content_id'] == secondly_created.content_id
  728. assert res[5]['content_id'] == firstly_created.content_id
  729. # folder subcontent modification does not change folder order
  730. assert res[6]['content_id'] == main_folder.content_id
  731. def test_api__get_read_status__ok__200__user_itself(self):
  732. # init DB
  733. dbsession = get_tm_session(self.session_factory, transaction.manager)
  734. admin = dbsession.query(models.User) \
  735. .filter(models.User.email == 'admin@admin.admin') \
  736. .one()
  737. workspace_api = WorkspaceApi(
  738. current_user=admin,
  739. session=dbsession,
  740. config=self.app_config
  741. )
  742. workspace = WorkspaceApi(
  743. current_user=admin,
  744. session=dbsession,
  745. config=self.app_config,
  746. ).create_workspace(
  747. 'test workspace',
  748. save_now=True
  749. )
  750. workspace2 = WorkspaceApi(
  751. current_user=admin,
  752. session=dbsession,
  753. config=self.app_config,
  754. ).create_workspace(
  755. 'test workspace2',
  756. save_now=True
  757. )
  758. uapi = UserApi(
  759. current_user=admin,
  760. session=dbsession,
  761. config=self.app_config,
  762. )
  763. gapi = GroupApi(
  764. current_user=admin,
  765. session=dbsession,
  766. config=self.app_config,
  767. )
  768. groups = [gapi.get_one_with_name('users')]
  769. test_user = uapi.create_user(
  770. email='test@test.test',
  771. password='pass',
  772. name='bob',
  773. groups=groups,
  774. timezone='Europe/Paris',
  775. do_save=True,
  776. do_notify=False,
  777. )
  778. rapi = RoleApi(
  779. current_user=admin,
  780. session=dbsession,
  781. config=self.app_config,
  782. )
  783. rapi.create_one(test_user, workspace, UserRoleInWorkspace.READER, False)
  784. api = ContentApi(
  785. current_user=admin,
  786. session=dbsession,
  787. config=self.app_config,
  788. )
  789. main_folder_workspace2 = api.create(ContentType.Folder, workspace2, None, 'Hepla', '', True) # nopep8
  790. main_folder = api.create(ContentType.Folder, workspace, None, 'this is randomized folder', '', True) # nopep8
  791. # creation order test
  792. firstly_created = api.create(ContentType.Page, workspace, main_folder, 'creation_order_test', '', True) # nopep8
  793. secondly_created = api.create(ContentType.Page, workspace, main_folder, 'another creation_order_test', '', True) # nopep8
  794. # update order test
  795. firstly_created_but_recently_updated = api.create(ContentType.Page, workspace, main_folder, 'update_order_test', '', True) # nopep8
  796. secondly_created_but_not_updated = api.create(ContentType.Page, workspace, main_folder, 'another update_order_test', '', True) # nopep8
  797. with new_revision(
  798. session=dbsession,
  799. tm=transaction.manager,
  800. content=firstly_created_but_recently_updated,
  801. ):
  802. firstly_created_but_recently_updated.description = 'Just an update'
  803. api.save(firstly_created_but_recently_updated)
  804. # comment change order
  805. firstly_created_but_recently_commented = api.create(ContentType.Page, workspace, main_folder, 'this is randomized label content', '', True) # nopep8
  806. secondly_created_but_not_commented = api.create(ContentType.Page, workspace, main_folder, 'this is another randomized label content', '', True) # nopep8
  807. comments = api.create_comment(workspace, firstly_created_but_recently_commented, 'juste a super comment', True) # nopep8
  808. content_workspace_2 = api.create(ContentType.Page, workspace2,main_folder_workspace2, 'content_workspace_2', '',True) # nopep8
  809. dbsession.flush()
  810. transaction.commit()
  811. self.testapp.authorization = (
  812. 'Basic',
  813. (
  814. 'test@test.test',
  815. 'pass'
  816. )
  817. )
  818. selected_contents_id = [
  819. firstly_created_but_recently_commented.content_id,
  820. firstly_created_but_recently_updated.content_id,
  821. firstly_created.content_id,
  822. main_folder.content_id,
  823. ]
  824. url = '/api/v2/users/{user_id}/workspaces/{workspace_id}/contents/read_status?contents_ids={cid1}&contents_ids={cid2}&contents_ids={cid3}&contents_ids={cid4}'.format( # nopep8
  825. workspace_id=workspace.workspace_id,
  826. cid1=selected_contents_id[0],
  827. cid2=selected_contents_id[1],
  828. cid3=selected_contents_id[2],
  829. cid4=selected_contents_id[3],
  830. user_id=test_user.user_id,
  831. )
  832. res = self.testapp.get(
  833. url=url,
  834. status=200,
  835. )
  836. res = res.json_body
  837. assert len(res) == 4
  838. for elem in res:
  839. assert isinstance(elem['content_id'], int)
  840. assert isinstance(elem['read_by_user'], bool)
  841. # comment is newest than page2
  842. assert res[0]['content_id'] == firstly_created_but_recently_commented.content_id
  843. # last updated content is newer than other one despite creation
  844. # of the other is more recent
  845. assert res[1]['content_id'] == firstly_created_but_recently_updated.content_id
  846. # creation order is inverted here as last created is last active
  847. assert res[2]['content_id'] == firstly_created.content_id
  848. # folder subcontent modification does not change folder order
  849. assert res[3]['content_id'] == main_folder.content_id
  850. def test_api__get_read_status__ok__200__other_user(self):
  851. # init DB
  852. dbsession = get_tm_session(self.session_factory, transaction.manager)
  853. admin = dbsession.query(models.User) \
  854. .filter(models.User.email == 'admin@admin.admin') \
  855. .one()
  856. workspace_api = WorkspaceApi(
  857. current_user=admin,
  858. session=dbsession,
  859. config=self.app_config
  860. )
  861. workspace = WorkspaceApi(
  862. current_user=admin,
  863. session=dbsession,
  864. config=self.app_config,
  865. ).create_workspace(
  866. 'test workspace',
  867. save_now=True
  868. )
  869. workspace2 = WorkspaceApi(
  870. current_user=admin,
  871. session=dbsession,
  872. config=self.app_config,
  873. ).create_workspace(
  874. 'test workspace2',
  875. save_now=True
  876. )
  877. uapi = UserApi(
  878. current_user=admin,
  879. session=dbsession,
  880. config=self.app_config,
  881. )
  882. gapi = GroupApi(
  883. current_user=admin,
  884. session=dbsession,
  885. config=self.app_config,
  886. )
  887. groups = [gapi.get_one_with_name('users')]
  888. test_user = uapi.create_user(
  889. email='test@test.test',
  890. password='pass',
  891. name='bob',
  892. groups=groups,
  893. timezone='Europe/Paris',
  894. do_save=True,
  895. do_notify=False,
  896. )
  897. rapi = RoleApi(
  898. current_user=admin,
  899. session=dbsession,
  900. config=self.app_config,
  901. )
  902. rapi.create_one(test_user, workspace, UserRoleInWorkspace.READER, False)
  903. api = ContentApi(
  904. current_user=admin,
  905. session=dbsession,
  906. config=self.app_config,
  907. )
  908. main_folder_workspace2 = api.create(ContentType.Folder, workspace2, None, 'Hepla', '', True) # nopep8
  909. main_folder = api.create(ContentType.Folder, workspace, None, 'this is randomized folder', '', True) # nopep8
  910. # creation order test
  911. firstly_created = api.create(ContentType.Page, workspace, main_folder, 'creation_order_test', '', True) # nopep8
  912. secondly_created = api.create(ContentType.Page, workspace, main_folder, 'another creation_order_test', '', True) # nopep8
  913. # update order test
  914. firstly_created_but_recently_updated = api.create(ContentType.Page, workspace, main_folder, 'update_order_test', '', True) # nopep8
  915. secondly_created_but_not_updated = api.create(ContentType.Page, workspace, main_folder, 'another update_order_test', '', True) # nopep8
  916. with new_revision(
  917. session=dbsession,
  918. tm=transaction.manager,
  919. content=firstly_created_but_recently_updated,
  920. ):
  921. firstly_created_but_recently_updated.description = 'Just an update'
  922. api.save(firstly_created_but_recently_updated)
  923. # comment change order
  924. firstly_created_but_recently_commented = api.create(ContentType.Page, workspace, main_folder, 'this is randomized label content', '', True) # nopep8
  925. secondly_created_but_not_commented = api.create(ContentType.Page, workspace, main_folder, 'this is another randomized label content', '', True) # nopep8
  926. comments = api.create_comment(workspace, firstly_created_but_recently_commented, 'juste a super comment', True) # nopep8
  927. content_workspace_2 = api.create(ContentType.Page, workspace2,main_folder_workspace2, 'content_workspace_2', '',True) # nopep8
  928. dbsession.flush()
  929. transaction.commit()
  930. self.testapp.authorization = (
  931. 'Basic',
  932. (
  933. 'test@test.test',
  934. 'pass'
  935. )
  936. )
  937. selected_contents_id = [
  938. firstly_created_but_recently_commented.content_id,
  939. firstly_created_but_recently_updated.content_id,
  940. firstly_created.content_id,
  941. main_folder.content_id,
  942. ]
  943. url = '/api/v2/users/{user_id}/workspaces/{workspace_id}/contents/read_status?contents_ids={cid1}&contents_ids={cid2}&contents_ids={cid3}&contents_ids={cid4}'.format( # nopep8
  944. workspace_id=workspace.workspace_id,
  945. cid1=selected_contents_id[0],
  946. cid2=selected_contents_id[1],
  947. cid3=selected_contents_id[2],
  948. cid4=selected_contents_id[3],
  949. user_id=admin.user_id,
  950. )
  951. res = self.testapp.get(
  952. url=url,
  953. status=403,
  954. )
  955. class TestUserSetContentAsRead(FunctionalTest):
  956. """
  957. Tests for /api/v2/users/{user_id}/workspaces/{workspace_id}/contents/{content_id}/read # nopep8
  958. """
  959. def test_api_set_content_as_read__ok__200__admin(self):
  960. # init DB
  961. dbsession = get_tm_session(self.session_factory, transaction.manager)
  962. admin = dbsession.query(models.User) \
  963. .filter(models.User.email == 'admin@admin.admin') \
  964. .one()
  965. workspace_api = WorkspaceApi(
  966. current_user=admin,
  967. session=dbsession,
  968. config=self.app_config
  969. )
  970. workspace = WorkspaceApi(
  971. current_user=admin,
  972. session=dbsession,
  973. config=self.app_config,
  974. ).create_workspace(
  975. 'test workspace',
  976. save_now=True
  977. )
  978. uapi = UserApi(
  979. current_user=admin,
  980. session=dbsession,
  981. config=self.app_config,
  982. )
  983. gapi = GroupApi(
  984. current_user=admin,
  985. session=dbsession,
  986. config=self.app_config,
  987. )
  988. groups = [gapi.get_one_with_name('users')]
  989. test_user = uapi.create_user(
  990. email='test@test.test',
  991. password='pass',
  992. name='bob',
  993. groups=groups,
  994. timezone='Europe/Paris',
  995. do_save=True,
  996. do_notify=False,
  997. )
  998. rapi = RoleApi(
  999. current_user=admin,
  1000. session=dbsession,
  1001. config=self.app_config,
  1002. )
  1003. rapi.create_one(test_user, workspace, UserRoleInWorkspace.READER, False)
  1004. api = ContentApi(
  1005. current_user=admin,
  1006. session=dbsession,
  1007. config=self.app_config,
  1008. )
  1009. api2 = ContentApi(
  1010. current_user=test_user,
  1011. session=dbsession,
  1012. config=self.app_config,
  1013. )
  1014. main_folder = api.create(ContentType.Folder, workspace, None, 'this is randomized folder', '', True) # nopep8
  1015. # creation order test
  1016. firstly_created = api.create(ContentType.Page, workspace, main_folder, 'creation_order_test', '', True) # nopep8
  1017. api.mark_unread(firstly_created)
  1018. api2.mark_unread(firstly_created)
  1019. dbsession.flush()
  1020. transaction.commit()
  1021. self.testapp.authorization = (
  1022. 'Basic',
  1023. (
  1024. 'admin@admin.admin',
  1025. 'admin@admin.admin'
  1026. )
  1027. )
  1028. # before
  1029. res = self.testapp.get('/api/v2/users/{user_id}/workspaces/{workspace_id}/contents/read_status'.format( # nopep8
  1030. user_id=test_user.user_id,
  1031. workspace_id=workspace.workspace_id
  1032. ), status=200)
  1033. assert res.json_body[0]['content_id'] == firstly_created.content_id
  1034. assert res.json_body[0]['read_by_user'] is False
  1035. res = self.testapp.get('/api/v2/users/{user_id}/workspaces/{workspace_id}/contents/read_status'.format( # nopep8
  1036. user_id=admin.user_id,
  1037. workspace_id=workspace.workspace_id
  1038. ), status=200)
  1039. assert res.json_body[0]['content_id'] == firstly_created.content_id
  1040. assert res.json_body[0]['read_by_user'] is False
  1041. # read
  1042. self.testapp.put(
  1043. '/api/v2/users/{user_id}/workspaces/{workspace_id}/contents/{content_id}/read'.format( # nopep8
  1044. workspace_id=workspace.workspace_id,
  1045. content_id=firstly_created.content_id,
  1046. user_id=test_user.user_id,
  1047. )
  1048. )
  1049. # after
  1050. res = self.testapp.get('/api/v2/users/{user_id}/workspaces/{workspace_id}/contents/read_status'.format( # nopep8
  1051. user_id=test_user.user_id,
  1052. workspace_id=workspace.workspace_id
  1053. ), status=200) # nopep8
  1054. assert res.json_body[0]['content_id'] == firstly_created.content_id
  1055. assert res.json_body[0]['read_by_user'] is True
  1056. res = self.testapp.get('/api/v2/users/{user_id}/workspaces/{workspace_id}/contents/read_status'.format( # nopep8
  1057. user_id=admin.user_id,
  1058. workspace_id=workspace.workspace_id
  1059. ), status=200) # nopep8
  1060. assert res.json_body[0]['content_id'] == firstly_created.content_id
  1061. assert res.json_body[0]['read_by_user'] is False
  1062. def test_api_set_content_as_read__ok__200__admin_workspace_do_not_exist(self):
  1063. # init DB
  1064. dbsession = get_tm_session(self.session_factory, transaction.manager)
  1065. admin = dbsession.query(models.User) \
  1066. .filter(models.User.email == 'admin@admin.admin') \
  1067. .one()
  1068. workspace_api = WorkspaceApi(
  1069. current_user=admin,
  1070. session=dbsession,
  1071. config=self.app_config
  1072. )
  1073. workspace = WorkspaceApi(
  1074. current_user=admin,
  1075. session=dbsession,
  1076. config=self.app_config,
  1077. ).create_workspace(
  1078. 'test workspace',
  1079. save_now=True
  1080. )
  1081. uapi = UserApi(
  1082. current_user=admin,
  1083. session=dbsession,
  1084. config=self.app_config,
  1085. )
  1086. gapi = GroupApi(
  1087. current_user=admin,
  1088. session=dbsession,
  1089. config=self.app_config,
  1090. )
  1091. groups = [gapi.get_one_with_name('users')]
  1092. test_user = uapi.create_user(
  1093. email='test@test.test',
  1094. password='pass',
  1095. name='bob',
  1096. groups=groups,
  1097. timezone='Europe/Paris',
  1098. do_save=True,
  1099. do_notify=False,
  1100. )
  1101. rapi = RoleApi(
  1102. current_user=admin,
  1103. session=dbsession,
  1104. config=self.app_config,
  1105. )
  1106. rapi.create_one(test_user, workspace, UserRoleInWorkspace.READER, False)
  1107. api = ContentApi(
  1108. current_user=admin,
  1109. session=dbsession,
  1110. config=self.app_config,
  1111. )
  1112. api2 = ContentApi(
  1113. current_user=test_user,
  1114. session=dbsession,
  1115. config=self.app_config,
  1116. )
  1117. main_folder = api.create(ContentType.Folder, workspace, None, 'this is randomized folder', '', True) # nopep8
  1118. # creation order test
  1119. firstly_created = api.create(ContentType.Page, workspace, main_folder, 'creation_order_test', '', True) # nopep8
  1120. api.mark_unread(firstly_created)
  1121. api2.mark_unread(firstly_created)
  1122. dbsession.flush()
  1123. transaction.commit()
  1124. self.testapp.authorization = (
  1125. 'Basic',
  1126. (
  1127. 'admin@admin.admin',
  1128. 'admin@admin.admin'
  1129. )
  1130. )
  1131. # read
  1132. self.testapp.put(
  1133. '/api/v2/users/{user_id}/workspaces/{workspace_id}/contents/{content_id}/read'.format( # nopep8
  1134. workspace_id=4000,
  1135. content_id=firstly_created.content_id,
  1136. user_id=test_user.user_id,
  1137. ),
  1138. status=400,
  1139. )
  1140. def test_api_set_content_as_read__ok__200__admin_content_do_not_exist(self):
  1141. # init DB
  1142. dbsession = get_tm_session(self.session_factory, transaction.manager)
  1143. admin = dbsession.query(models.User) \
  1144. .filter(models.User.email == 'admin@admin.admin') \
  1145. .one()
  1146. workspace_api = WorkspaceApi(
  1147. current_user=admin,
  1148. session=dbsession,
  1149. config=self.app_config
  1150. )
  1151. workspace = WorkspaceApi(
  1152. current_user=admin,
  1153. session=dbsession,
  1154. config=self.app_config,
  1155. ).create_workspace(
  1156. 'test workspace',
  1157. save_now=True
  1158. )
  1159. uapi = UserApi(
  1160. current_user=admin,
  1161. session=dbsession,
  1162. config=self.app_config,
  1163. )
  1164. gapi = GroupApi(
  1165. current_user=admin,
  1166. session=dbsession,
  1167. config=self.app_config,
  1168. )
  1169. groups = [gapi.get_one_with_name('users')]
  1170. test_user = uapi.create_user(
  1171. email='test@test.test',
  1172. password='pass',
  1173. name='bob',
  1174. groups=groups,
  1175. timezone='Europe/Paris',
  1176. do_save=True,
  1177. do_notify=False,
  1178. )
  1179. rapi = RoleApi(
  1180. current_user=admin,
  1181. session=dbsession,
  1182. config=self.app_config,
  1183. )
  1184. rapi.create_one(test_user, workspace, UserRoleInWorkspace.READER, False)
  1185. api = ContentApi(
  1186. current_user=admin,
  1187. session=dbsession,
  1188. config=self.app_config,
  1189. )
  1190. api2 = ContentApi(
  1191. current_user=test_user,
  1192. session=dbsession,
  1193. config=self.app_config,
  1194. )
  1195. main_folder = api.create(ContentType.Folder, workspace, None, 'this is randomized folder', '', True) # nopep8
  1196. # creation order test
  1197. firstly_created = api.create(ContentType.Page, workspace, main_folder, 'creation_order_test', '', True) # nopep8
  1198. api.mark_unread(firstly_created)
  1199. api2.mark_unread(firstly_created)
  1200. dbsession.flush()
  1201. transaction.commit()
  1202. self.testapp.authorization = (
  1203. 'Basic',
  1204. (
  1205. 'admin@admin.admin',
  1206. 'admin@admin.admin'
  1207. )
  1208. )
  1209. # read
  1210. self.testapp.put(
  1211. '/api/v2/users/{user_id}/workspaces/{workspace_id}/contents/{content_id}/read'.format( # nopep8
  1212. workspace_id=workspace.workspace_id,
  1213. content_id=4000,
  1214. user_id=test_user.user_id,
  1215. ),
  1216. status=400,
  1217. )
  1218. def test_api_set_content_as_read__ok__200__user_itself(self):
  1219. # init DB
  1220. dbsession = get_tm_session(self.session_factory, transaction.manager)
  1221. admin = dbsession.query(models.User) \
  1222. .filter(models.User.email == 'admin@admin.admin') \
  1223. .one()
  1224. workspace_api = WorkspaceApi(
  1225. current_user=admin,
  1226. session=dbsession,
  1227. config=self.app_config
  1228. )
  1229. workspace = WorkspaceApi(
  1230. current_user=admin,
  1231. session=dbsession,
  1232. config=self.app_config,
  1233. ).create_workspace(
  1234. 'test workspace',
  1235. save_now=True
  1236. )
  1237. uapi = UserApi(
  1238. current_user=admin,
  1239. session=dbsession,
  1240. config=self.app_config,
  1241. )
  1242. gapi = GroupApi(
  1243. current_user=admin,
  1244. session=dbsession,
  1245. config=self.app_config,
  1246. )
  1247. groups = [gapi.get_one_with_name('users')]
  1248. test_user = uapi.create_user(
  1249. email='test@test.test',
  1250. password='pass',
  1251. name='bob',
  1252. groups=groups,
  1253. timezone='Europe/Paris',
  1254. do_save=True,
  1255. do_notify=False,
  1256. )
  1257. rapi = RoleApi(
  1258. current_user=admin,
  1259. session=dbsession,
  1260. config=self.app_config,
  1261. )
  1262. rapi.create_one(test_user, workspace, UserRoleInWorkspace.READER, False)
  1263. api = ContentApi(
  1264. current_user=admin,
  1265. session=dbsession,
  1266. config=self.app_config,
  1267. )
  1268. api2 = ContentApi(
  1269. current_user=test_user,
  1270. session=dbsession,
  1271. config=self.app_config,
  1272. )
  1273. main_folder = api.create(ContentType.Folder, workspace, None, 'this is randomized folder', '', True) # nopep8
  1274. # creation order test
  1275. firstly_created = api.create(ContentType.Page, workspace, main_folder, 'creation_order_test', '', True) # nopep8
  1276. api.mark_unread(firstly_created)
  1277. api2.mark_unread(firstly_created)
  1278. dbsession.flush()
  1279. transaction.commit()
  1280. self.testapp.authorization = (
  1281. 'Basic',
  1282. (
  1283. 'test@test.test',
  1284. 'pass'
  1285. )
  1286. )
  1287. # before
  1288. res = self.testapp.get('/api/v2/users/{user_id}/workspaces/{workspace_id}/contents/read_status'.format( # nopep8
  1289. user_id=test_user.user_id,
  1290. workspace_id=workspace.workspace_id
  1291. ),
  1292. status=200
  1293. )
  1294. assert res.json_body[0]['content_id'] == firstly_created.content_id
  1295. assert res.json_body[0]['read_by_user'] is False
  1296. # read
  1297. self.testapp.put(
  1298. '/api/v2/users/{user_id}/workspaces/{workspace_id}/contents/{content_id}/read'.format( # nopep8
  1299. workspace_id=workspace.workspace_id,
  1300. content_id=firstly_created.content_id,
  1301. user_id=test_user.user_id,
  1302. )
  1303. )
  1304. # after
  1305. res = self.testapp.get('/api/v2/users/{user_id}/workspaces/{workspace_id}/contents/read_status'.format( # nopep8
  1306. user_id=test_user.user_id,
  1307. workspace_id=workspace.workspace_id
  1308. ),
  1309. status=200
  1310. )
  1311. assert res.json_body[0]['content_id'] == firstly_created.content_id
  1312. assert res.json_body[0]['read_by_user'] is True
  1313. def test_api_set_content_as_read__ok__403__other_user(self):
  1314. # init DB
  1315. dbsession = get_tm_session(self.session_factory, transaction.manager)
  1316. admin = dbsession.query(models.User) \
  1317. .filter(models.User.email == 'admin@admin.admin') \
  1318. .one()
  1319. workspace_api = WorkspaceApi(
  1320. current_user=admin,
  1321. session=dbsession,
  1322. config=self.app_config
  1323. )
  1324. workspace = WorkspaceApi(
  1325. current_user=admin,
  1326. session=dbsession,
  1327. config=self.app_config,
  1328. ).create_workspace(
  1329. 'test workspace',
  1330. save_now=True
  1331. )
  1332. uapi = UserApi(
  1333. current_user=admin,
  1334. session=dbsession,
  1335. config=self.app_config,
  1336. )
  1337. gapi = GroupApi(
  1338. current_user=admin,
  1339. session=dbsession,
  1340. config=self.app_config,
  1341. )
  1342. groups = [gapi.get_one_with_name('users')]
  1343. test_user = uapi.create_user(
  1344. email='test@test.test',
  1345. password='pass',
  1346. name='bob',
  1347. groups=groups,
  1348. timezone='Europe/Paris',
  1349. do_save=True,
  1350. do_notify=False,
  1351. )
  1352. rapi = RoleApi(
  1353. current_user=admin,
  1354. session=dbsession,
  1355. config=self.app_config,
  1356. )
  1357. rapi.create_one(test_user, workspace, UserRoleInWorkspace.READER, False)
  1358. api = ContentApi(
  1359. current_user=admin,
  1360. session=dbsession,
  1361. config=self.app_config,
  1362. )
  1363. api2 = ContentApi(
  1364. current_user=test_user,
  1365. session=dbsession,
  1366. config=self.app_config,
  1367. )
  1368. main_folder = api.create(ContentType.Folder, workspace, None, 'this is randomized folder', '', True) # nopep8
  1369. # creation order test
  1370. firstly_created = api.create(ContentType.Page, workspace, main_folder, 'creation_order_test', '', True) # nopep8
  1371. api.mark_unread(firstly_created)
  1372. api2.mark_unread(firstly_created)
  1373. dbsession.flush()
  1374. transaction.commit()
  1375. self.testapp.authorization = (
  1376. 'Basic',
  1377. (
  1378. 'test@test.test',
  1379. 'pass'
  1380. )
  1381. )
  1382. # read
  1383. self.testapp.put(
  1384. '/api/v2/users/{user_id}/workspaces/{workspace_id}/contents/{content_id}/read'.format( # nopep8
  1385. workspace_id=workspace.workspace_id,
  1386. content_id=firstly_created.content_id,
  1387. user_id=admin.user_id,
  1388. ),
  1389. status=403,
  1390. )
  1391. def test_api_set_content_as_read__ok__200__admin_with_comments(self):
  1392. # init DB
  1393. dbsession = get_tm_session(self.session_factory, transaction.manager)
  1394. admin = dbsession.query(models.User) \
  1395. .filter(models.User.email == 'admin@admin.admin') \
  1396. .one()
  1397. workspace_api = WorkspaceApi(
  1398. current_user=admin,
  1399. session=dbsession,
  1400. config=self.app_config
  1401. )
  1402. workspace = WorkspaceApi(
  1403. current_user=admin,
  1404. session=dbsession,
  1405. config=self.app_config,
  1406. ).create_workspace(
  1407. 'test workspace',
  1408. save_now=True
  1409. )
  1410. uapi = UserApi(
  1411. current_user=admin,
  1412. session=dbsession,
  1413. config=self.app_config,
  1414. )
  1415. gapi = GroupApi(
  1416. current_user=admin,
  1417. session=dbsession,
  1418. config=self.app_config,
  1419. )
  1420. groups = [gapi.get_one_with_name('users')]
  1421. test_user = uapi.create_user(
  1422. email='test@test.test',
  1423. password='pass',
  1424. name='bob',
  1425. groups=groups,
  1426. timezone='Europe/Paris',
  1427. do_save=True,
  1428. do_notify=False,
  1429. )
  1430. rapi = RoleApi(
  1431. current_user=admin,
  1432. session=dbsession,
  1433. config=self.app_config,
  1434. )
  1435. rapi.create_one(test_user, workspace, UserRoleInWorkspace.READER, False)
  1436. api = ContentApi(
  1437. current_user=admin,
  1438. session=dbsession,
  1439. config=self.app_config,
  1440. )
  1441. api2 = ContentApi(
  1442. current_user=test_user,
  1443. session=dbsession,
  1444. config=self.app_config,
  1445. )
  1446. main_folder = api.create(ContentType.Folder, workspace, None, 'this is randomized folder', '', True) # nopep8
  1447. # creation order test
  1448. firstly_created = api.create(ContentType.Page, workspace, main_folder, 'creation_order_test', '', True) # nopep8
  1449. comments = api.create_comment(workspace, firstly_created, 'juste a super comment', True) # nopep8
  1450. api.mark_unread(firstly_created)
  1451. api.mark_unread(comments)
  1452. dbsession.flush()
  1453. transaction.commit()
  1454. self.testapp.authorization = (
  1455. 'Basic',
  1456. (
  1457. 'admin@admin.admin',
  1458. 'admin@admin.admin'
  1459. )
  1460. )
  1461. # before
  1462. res = self.testapp.get('/api/v2/users/{user_id}/workspaces/{workspace_id}/contents/read_status'.format( # nopep8
  1463. user_id=test_user.user_id,
  1464. workspace_id=workspace.workspace_id
  1465. ), status=200) # nopep8
  1466. assert res.json_body[0]['content_id'] == firstly_created.content_id
  1467. assert res.json_body[0]['read_by_user'] is False
  1468. res = self.testapp.get('/api/v2/users/{user_id}/workspaces/{workspace_id}/contents/read_status'.format( # nopep8
  1469. user_id=admin.user_id,
  1470. workspace_id=workspace.workspace_id
  1471. ), status=200) # nopep8
  1472. assert res.json_body[0]['content_id'] == firstly_created.content_id
  1473. assert res.json_body[0]['read_by_user'] is False
  1474. self.testapp.put(
  1475. '/api/v2/users/{user_id}/workspaces/{workspace_id}/contents/{content_id}/read'.format( # nopep8
  1476. workspace_id=workspace.workspace_id,
  1477. content_id=firstly_created.content_id,
  1478. user_id=test_user.user_id,
  1479. )
  1480. )
  1481. # after
  1482. res = self.testapp.get('/api/v2/users/{user_id}/workspaces/{workspace_id}/contents/read_status'.format( # nopep8
  1483. user_id=test_user.user_id,
  1484. workspace_id=workspace.workspace_id
  1485. ), status=200) # nopep8
  1486. assert res.json_body[0]['content_id'] == firstly_created.content_id
  1487. assert res.json_body[0]['read_by_user'] is True
  1488. # comment is also set as read
  1489. assert comments.has_new_information_for(test_user) is False
  1490. res = self.testapp.get('/api/v2/users/{user_id}/workspaces/{workspace_id}/contents/read_status'.format( # nopep8
  1491. user_id=admin.user_id,
  1492. workspace_id=workspace.workspace_id
  1493. ), status=200) # nopep8
  1494. assert res.json_body[0]['content_id'] == firstly_created.content_id
  1495. assert res.json_body[0]['read_by_user'] is False
  1496. # comment is also set as read
  1497. assert comments.has_new_information_for(admin) is True
  1498. class TestUserSetContentAsUnread(FunctionalTest):
  1499. """
  1500. Tests for /api/v2/users/{user_id}/workspaces/{workspace_id}/contents/{content_id}/unread # nopep8
  1501. """
  1502. def test_api_set_content_as_unread__ok__200__admin(self):
  1503. # init DB
  1504. dbsession = get_tm_session(self.session_factory, transaction.manager)
  1505. admin = dbsession.query(models.User) \
  1506. .filter(models.User.email == 'admin@admin.admin') \
  1507. .one()
  1508. workspace_api = WorkspaceApi(
  1509. current_user=admin,
  1510. session=dbsession,
  1511. config=self.app_config
  1512. )
  1513. workspace = WorkspaceApi(
  1514. current_user=admin,
  1515. session=dbsession,
  1516. config=self.app_config,
  1517. ).create_workspace(
  1518. 'test workspace',
  1519. save_now=True
  1520. )
  1521. uapi = UserApi(
  1522. current_user=admin,
  1523. session=dbsession,
  1524. config=self.app_config,
  1525. )
  1526. gapi = GroupApi(
  1527. current_user=admin,
  1528. session=dbsession,
  1529. config=self.app_config,
  1530. )
  1531. groups = [gapi.get_one_with_name('users')]
  1532. test_user = uapi.create_user(
  1533. email='test@test.test',
  1534. password='pass',
  1535. name='bob',
  1536. groups=groups,
  1537. timezone='Europe/Paris',
  1538. do_save=True,
  1539. do_notify=False,
  1540. )
  1541. rapi = RoleApi(
  1542. current_user=admin,
  1543. session=dbsession,
  1544. config=self.app_config,
  1545. )
  1546. rapi.create_one(test_user, workspace, UserRoleInWorkspace.READER, False)
  1547. api = ContentApi(
  1548. current_user=admin,
  1549. session=dbsession,
  1550. config=self.app_config,
  1551. )
  1552. api2 = ContentApi(
  1553. current_user=test_user,
  1554. session=dbsession,
  1555. config=self.app_config,
  1556. )
  1557. main_folder = api.create(ContentType.Folder, workspace, None, 'this is randomized folder', '', True) # nopep8
  1558. # creation order test
  1559. firstly_created = api.create(ContentType.Page, workspace, main_folder, 'creation_order_test', '', True) # nopep8
  1560. api.mark_read(firstly_created)
  1561. api2.mark_read(firstly_created)
  1562. dbsession.flush()
  1563. transaction.commit()
  1564. self.testapp.authorization = (
  1565. 'Basic',
  1566. (
  1567. 'admin@admin.admin',
  1568. 'admin@admin.admin'
  1569. )
  1570. )
  1571. # before
  1572. res = self.testapp.get('/api/v2/users/{user_id}/workspaces/{workspace_id}/contents/read_status'.format( # nopep8
  1573. user_id=test_user.user_id,
  1574. workspace_id=workspace.workspace_id
  1575. ), status=200)
  1576. assert res.json_body[0]['content_id'] == firstly_created.content_id
  1577. assert res.json_body[0]['read_by_user'] is True
  1578. res = self.testapp.get('/api/v2/users/{user_id}/workspaces/{workspace_id}/contents/read_status'.format( # nopep8
  1579. user_id=admin.user_id,
  1580. workspace_id=workspace.workspace_id
  1581. ), status=200)
  1582. assert res.json_body[0]['content_id'] == firstly_created.content_id
  1583. assert res.json_body[0]['read_by_user'] is True
  1584. # unread
  1585. self.testapp.put(
  1586. '/api/v2/users/{user_id}/workspaces/{workspace_id}/contents/{content_id}/unread'.format( # nopep8
  1587. workspace_id=workspace.workspace_id,
  1588. content_id=firstly_created.content_id,
  1589. user_id=test_user.user_id,
  1590. )
  1591. )
  1592. # after
  1593. res = self.testapp.get('/api/v2/users/{user_id}/workspaces/{workspace_id}/contents/read_status'.format( # nopep8
  1594. user_id=test_user.user_id,
  1595. workspace_id=workspace.workspace_id
  1596. ), status=200)
  1597. assert res.json_body[0]['content_id'] == firstly_created.content_id
  1598. assert res.json_body[0]['read_by_user'] is False
  1599. res = self.testapp.get('/api/v2/users/{user_id}/workspaces/{workspace_id}/contents/read_status'.format( # nopep8
  1600. user_id=admin.user_id,
  1601. workspace_id=workspace.workspace_id
  1602. ), status=200)
  1603. assert res.json_body[0]['content_id'] == firstly_created.content_id
  1604. assert res.json_body[0]['read_by_user'] is True
  1605. def test_api_set_content_as_unread__err__400__admin_workspace_do_not_exist(self):
  1606. # init DB
  1607. dbsession = get_tm_session(self.session_factory, transaction.manager)
  1608. admin = dbsession.query(models.User) \
  1609. .filter(models.User.email == 'admin@admin.admin') \
  1610. .one()
  1611. workspace_api = WorkspaceApi(
  1612. current_user=admin,
  1613. session=dbsession,
  1614. config=self.app_config
  1615. )
  1616. workspace = WorkspaceApi(
  1617. current_user=admin,
  1618. session=dbsession,
  1619. config=self.app_config,
  1620. ).create_workspace(
  1621. 'test workspace',
  1622. save_now=True
  1623. )
  1624. uapi = UserApi(
  1625. current_user=admin,
  1626. session=dbsession,
  1627. config=self.app_config,
  1628. )
  1629. gapi = GroupApi(
  1630. current_user=admin,
  1631. session=dbsession,
  1632. config=self.app_config,
  1633. )
  1634. groups = [gapi.get_one_with_name('users')]
  1635. test_user = uapi.create_user(
  1636. email='test@test.test',
  1637. password='pass',
  1638. name='bob',
  1639. groups=groups,
  1640. timezone='Europe/Paris',
  1641. do_save=True,
  1642. do_notify=False,
  1643. )
  1644. rapi = RoleApi(
  1645. current_user=admin,
  1646. session=dbsession,
  1647. config=self.app_config,
  1648. )
  1649. rapi.create_one(test_user, workspace, UserRoleInWorkspace.READER, False)
  1650. api = ContentApi(
  1651. current_user=admin,
  1652. session=dbsession,
  1653. config=self.app_config,
  1654. )
  1655. api2 = ContentApi(
  1656. current_user=test_user,
  1657. session=dbsession,
  1658. config=self.app_config,
  1659. )
  1660. main_folder = api.create(ContentType.Folder, workspace, None, 'this is randomized folder', '', True) # nopep8
  1661. # creation order test
  1662. firstly_created = api.create(ContentType.Page, workspace, main_folder, 'creation_order_test', '', True) # nopep8
  1663. api.mark_read(firstly_created)
  1664. api2.mark_read(firstly_created)
  1665. dbsession.flush()
  1666. transaction.commit()
  1667. self.testapp.authorization = (
  1668. 'Basic',
  1669. (
  1670. 'admin@admin.admin',
  1671. 'admin@admin.admin'
  1672. )
  1673. )
  1674. # unread
  1675. self.testapp.put(
  1676. '/api/v2/users/{user_id}/workspaces/{workspace_id}/contents/{content_id}/unread'.format( # nopep8
  1677. workspace_id=4000,
  1678. content_id=firstly_created.content_id,
  1679. user_id=test_user.user_id,
  1680. ),
  1681. status=400,
  1682. )
  1683. def test_api_set_content_as_unread__err__400__admin_content_do_not_exist(self):
  1684. # init DB
  1685. dbsession = get_tm_session(self.session_factory, transaction.manager)
  1686. admin = dbsession.query(models.User) \
  1687. .filter(models.User.email == 'admin@admin.admin') \
  1688. .one()
  1689. workspace_api = WorkspaceApi(
  1690. current_user=admin,
  1691. session=dbsession,
  1692. config=self.app_config
  1693. )
  1694. workspace = WorkspaceApi(
  1695. current_user=admin,
  1696. session=dbsession,
  1697. config=self.app_config,
  1698. ).create_workspace(
  1699. 'test workspace',
  1700. save_now=True
  1701. )
  1702. uapi = UserApi(
  1703. current_user=admin,
  1704. session=dbsession,
  1705. config=self.app_config,
  1706. )
  1707. gapi = GroupApi(
  1708. current_user=admin,
  1709. session=dbsession,
  1710. config=self.app_config,
  1711. )
  1712. groups = [gapi.get_one_with_name('users')]
  1713. test_user = uapi.create_user(
  1714. email='test@test.test',
  1715. password='pass',
  1716. name='bob',
  1717. groups=groups,
  1718. timezone='Europe/Paris',
  1719. do_save=True,
  1720. do_notify=False,
  1721. )
  1722. rapi = RoleApi(
  1723. current_user=admin,
  1724. session=dbsession,
  1725. config=self.app_config,
  1726. )
  1727. rapi.create_one(test_user, workspace, UserRoleInWorkspace.READER, False)
  1728. api = ContentApi(
  1729. current_user=admin,
  1730. session=dbsession,
  1731. config=self.app_config,
  1732. )
  1733. api2 = ContentApi(
  1734. current_user=test_user,
  1735. session=dbsession,
  1736. config=self.app_config,
  1737. )
  1738. main_folder = api.create(ContentType.Folder, workspace, None, 'this is randomized folder', '', True) # nopep8
  1739. # creation order test
  1740. firstly_created = api.create(ContentType.Page, workspace, main_folder, 'creation_order_test', '', True) # nopep8
  1741. api.mark_read(firstly_created)
  1742. api2.mark_read(firstly_created)
  1743. dbsession.flush()
  1744. transaction.commit()
  1745. self.testapp.authorization = (
  1746. 'Basic',
  1747. (
  1748. 'admin@admin.admin',
  1749. 'admin@admin.admin'
  1750. )
  1751. )
  1752. # unread
  1753. self.testapp.put(
  1754. '/api/v2/users/{user_id}/workspaces/{workspace_id}/contents/{content_id}/unread'.format( # nopep8
  1755. workspace_id=workspace.workspace_id,
  1756. content_id=4000,
  1757. user_id=test_user.user_id,
  1758. ),
  1759. status=400,
  1760. )
  1761. def test_api_set_content_as_unread__ok__200__user_itself(self):
  1762. # init DB
  1763. dbsession = get_tm_session(self.session_factory, transaction.manager)
  1764. admin = dbsession.query(models.User) \
  1765. .filter(models.User.email == 'admin@admin.admin') \
  1766. .one()
  1767. workspace_api = WorkspaceApi(
  1768. current_user=admin,
  1769. session=dbsession,
  1770. config=self.app_config
  1771. )
  1772. workspace = WorkspaceApi(
  1773. current_user=admin,
  1774. session=dbsession,
  1775. config=self.app_config,
  1776. ).create_workspace(
  1777. 'test workspace',
  1778. save_now=True
  1779. )
  1780. uapi = UserApi(
  1781. current_user=admin,
  1782. session=dbsession,
  1783. config=self.app_config,
  1784. )
  1785. gapi = GroupApi(
  1786. current_user=admin,
  1787. session=dbsession,
  1788. config=self.app_config,
  1789. )
  1790. groups = [gapi.get_one_with_name('users')]
  1791. test_user = uapi.create_user(
  1792. email='test@test.test',
  1793. password='pass',
  1794. name='bob',
  1795. groups=groups,
  1796. timezone='Europe/Paris',
  1797. do_save=True,
  1798. do_notify=False,
  1799. )
  1800. rapi = RoleApi(
  1801. current_user=admin,
  1802. session=dbsession,
  1803. config=self.app_config,
  1804. )
  1805. rapi.create_one(test_user, workspace, UserRoleInWorkspace.READER, False)
  1806. api = ContentApi(
  1807. current_user=admin,
  1808. session=dbsession,
  1809. config=self.app_config,
  1810. )
  1811. api2 = ContentApi(
  1812. current_user=test_user,
  1813. session=dbsession,
  1814. config=self.app_config,
  1815. )
  1816. main_folder = api.create(ContentType.Folder, workspace, None, 'this is randomized folder', '', True) # nopep8
  1817. # creation order test
  1818. firstly_created = api.create(ContentType.Page, workspace, main_folder, 'creation_order_test', '', True) # nopep8
  1819. api.mark_read(firstly_created)
  1820. api2.mark_read(firstly_created)
  1821. dbsession.flush()
  1822. transaction.commit()
  1823. self.testapp.authorization = (
  1824. 'Basic',
  1825. (
  1826. 'test@test.test',
  1827. 'pass'
  1828. )
  1829. )
  1830. # before
  1831. res = self.testapp.get('/api/v2/users/{user_id}/workspaces/{workspace_id}/contents/read_status'.format( # nopep8
  1832. user_id=test_user.user_id,
  1833. workspace_id=workspace.workspace_id
  1834. ), status=200)
  1835. assert res.json_body[0]['content_id'] == firstly_created.content_id
  1836. assert res.json_body[0]['read_by_user'] is True
  1837. # unread
  1838. self.testapp.put(
  1839. '/api/v2/users/{user_id}/workspaces/{workspace_id}/contents/{content_id}/unread'.format( # nopep8
  1840. workspace_id=workspace.workspace_id,
  1841. content_id=firstly_created.content_id,
  1842. user_id=test_user.user_id,
  1843. )
  1844. )
  1845. # after
  1846. res = self.testapp.get('/api/v2/users/{user_id}/workspaces/{workspace_id}/contents/read_status'.format( # nopep8
  1847. user_id=test_user.user_id,
  1848. workspace_id=workspace.workspace_id
  1849. ), status=200)
  1850. assert res.json_body[0]['content_id'] == firstly_created.content_id
  1851. assert res.json_body[0]['read_by_user'] is False
  1852. def test_api_set_content_as_unread__err__403__other_user(self):
  1853. # init DB
  1854. dbsession = get_tm_session(self.session_factory, transaction.manager)
  1855. admin = dbsession.query(models.User) \
  1856. .filter(models.User.email == 'admin@admin.admin') \
  1857. .one()
  1858. workspace_api = WorkspaceApi(
  1859. current_user=admin,
  1860. session=dbsession,
  1861. config=self.app_config
  1862. )
  1863. workspace = WorkspaceApi(
  1864. current_user=admin,
  1865. session=dbsession,
  1866. config=self.app_config,
  1867. ).create_workspace(
  1868. 'test workspace',
  1869. save_now=True
  1870. )
  1871. uapi = UserApi(
  1872. current_user=admin,
  1873. session=dbsession,
  1874. config=self.app_config,
  1875. )
  1876. gapi = GroupApi(
  1877. current_user=admin,
  1878. session=dbsession,
  1879. config=self.app_config,
  1880. )
  1881. groups = [gapi.get_one_with_name('users')]
  1882. test_user = uapi.create_user(
  1883. email='test@test.test',
  1884. password='pass',
  1885. name='bob',
  1886. groups=groups,
  1887. timezone='Europe/Paris',
  1888. do_save=True,
  1889. do_notify=False,
  1890. )
  1891. rapi = RoleApi(
  1892. current_user=admin,
  1893. session=dbsession,
  1894. config=self.app_config,
  1895. )
  1896. rapi.create_one(test_user, workspace, UserRoleInWorkspace.READER, False)
  1897. api = ContentApi(
  1898. current_user=admin,
  1899. session=dbsession,
  1900. config=self.app_config,
  1901. )
  1902. api2 = ContentApi(
  1903. current_user=test_user,
  1904. session=dbsession,
  1905. config=self.app_config,
  1906. )
  1907. main_folder = api.create(ContentType.Folder, workspace, None, 'this is randomized folder', '', True) # nopep8
  1908. # creation order test
  1909. firstly_created = api.create(ContentType.Page, workspace, main_folder, 'creation_order_test', '', True) # nopep8
  1910. api.mark_read(firstly_created)
  1911. api2.mark_read(firstly_created)
  1912. dbsession.flush()
  1913. transaction.commit()
  1914. self.testapp.authorization = (
  1915. 'Basic',
  1916. (
  1917. 'test@test.test',
  1918. 'pass'
  1919. )
  1920. )
  1921. # unread
  1922. self.testapp.put(
  1923. '/api/v2/users/{user_id}/workspaces/{workspace_id}/contents/{content_id}/unread'.format( # nopep8
  1924. workspace_id=workspace.workspace_id,
  1925. content_id=firstly_created.content_id,
  1926. user_id=admin.user_id,
  1927. ),
  1928. status=403,
  1929. )
  1930. def test_api_set_content_as_unread__ok__200__with_comments(self):
  1931. # init DB
  1932. dbsession = get_tm_session(self.session_factory, transaction.manager)
  1933. admin = dbsession.query(models.User) \
  1934. .filter(models.User.email == 'admin@admin.admin') \
  1935. .one()
  1936. workspace_api = WorkspaceApi(
  1937. current_user=admin,
  1938. session=dbsession,
  1939. config=self.app_config
  1940. )
  1941. workspace = WorkspaceApi(
  1942. current_user=admin,
  1943. session=dbsession,
  1944. config=self.app_config,
  1945. ).create_workspace(
  1946. 'test workspace',
  1947. save_now=True
  1948. )
  1949. api = ContentApi(
  1950. current_user=admin,
  1951. session=dbsession,
  1952. config=self.app_config,
  1953. )
  1954. main_folder = api.create(ContentType.Folder, workspace, None, 'this is randomized folder', '', True) # nopep8
  1955. # creation order test
  1956. firstly_created = api.create(ContentType.Page, workspace, main_folder, 'creation_order_test', '', True) # nopep8
  1957. comments = api.create_comment(workspace, firstly_created, 'juste a super comment', True) # nopep8
  1958. api.mark_read(firstly_created)
  1959. api.mark_read(comments)
  1960. dbsession.flush()
  1961. transaction.commit()
  1962. self.testapp.authorization = (
  1963. 'Basic',
  1964. (
  1965. 'admin@admin.admin',
  1966. 'admin@admin.admin'
  1967. )
  1968. )
  1969. res = self.testapp.get('/api/v2/users/1/workspaces/{}/contents/read_status'.format(workspace.workspace_id), status=200) # nopep8
  1970. assert res.json_body[0]['content_id'] == firstly_created.content_id
  1971. assert res.json_body[0]['read_by_user'] is True
  1972. self.testapp.put(
  1973. '/api/v2/users/{user_id}/workspaces/{workspace_id}/contents/{content_id}/unread'.format( # nopep8
  1974. workspace_id=workspace.workspace_id,
  1975. content_id=firstly_created.content_id,
  1976. user_id=admin.user_id,
  1977. )
  1978. )
  1979. res = self.testapp.get('/api/v2/users/1/workspaces/{}/contents/read_status'.format(workspace.workspace_id), status=200) # nopep8
  1980. assert res.json_body[0]['content_id'] == firstly_created.content_id
  1981. assert res.json_body[0]['read_by_user'] is False
  1982. assert comments.has_new_information_for(admin) is True
  1983. class TestUserSetWorkspaceAsRead(FunctionalTest):
  1984. """
  1985. Tests for /api/v2/users/{user_id}/workspaces/{workspace_id}/read
  1986. """
  1987. def test_api_set_content_as_read__ok__200__admin(self):
  1988. # init DB
  1989. dbsession = get_tm_session(self.session_factory, transaction.manager)
  1990. admin = dbsession.query(models.User) \
  1991. .filter(models.User.email == 'admin@admin.admin') \
  1992. .one()
  1993. workspace_api = WorkspaceApi(
  1994. current_user=admin,
  1995. session=dbsession,
  1996. config=self.app_config
  1997. )
  1998. workspace = WorkspaceApi(
  1999. current_user=admin,
  2000. session=dbsession,
  2001. config=self.app_config,
  2002. ).create_workspace(
  2003. 'test workspace',
  2004. save_now=True
  2005. )
  2006. uapi = UserApi(
  2007. current_user=admin,
  2008. session=dbsession,
  2009. config=self.app_config,
  2010. )
  2011. gapi = GroupApi(
  2012. current_user=admin,
  2013. session=dbsession,
  2014. config=self.app_config,
  2015. )
  2016. groups = [gapi.get_one_with_name('users')]
  2017. test_user = uapi.create_user(
  2018. email='test@test.test',
  2019. password='pass',
  2020. name='bob',
  2021. groups=groups,
  2022. timezone='Europe/Paris',
  2023. do_save=True,
  2024. do_notify=False,
  2025. )
  2026. rapi = RoleApi(
  2027. current_user=admin,
  2028. session=dbsession,
  2029. config=self.app_config,
  2030. )
  2031. rapi.create_one(test_user, workspace, UserRoleInWorkspace.READER, False)
  2032. api = ContentApi(
  2033. current_user=admin,
  2034. session=dbsession,
  2035. config=self.app_config,
  2036. )
  2037. api2 = ContentApi(
  2038. current_user=test_user,
  2039. session=dbsession,
  2040. config=self.app_config,
  2041. )
  2042. main_folder = api.create(ContentType.Folder, workspace, None, 'this is randomized folder', '', True) # nopep8
  2043. # creation order test
  2044. firstly_created = api.create(ContentType.Page, workspace, main_folder, 'creation_order_test', '', True) # nopep8
  2045. api.mark_unread(main_folder)
  2046. api.mark_unread(firstly_created)
  2047. api2.mark_unread(main_folder)
  2048. api2.mark_unread(firstly_created)
  2049. dbsession.flush()
  2050. transaction.commit()
  2051. self.testapp.authorization = (
  2052. 'Basic',
  2053. (
  2054. 'admin@admin.admin',
  2055. 'admin@admin.admin'
  2056. )
  2057. )
  2058. res = self.testapp.get('/api/v2/users/{user_id}/workspaces/{workspace_id}/contents/read_status'.format( # nopep8
  2059. user_id=test_user.user_id,
  2060. workspace_id=workspace.workspace_id
  2061. ), status=200)
  2062. assert res.json_body[0]['content_id'] == firstly_created.content_id
  2063. assert res.json_body[0]['read_by_user'] is False
  2064. assert res.json_body[1]['content_id'] == main_folder.content_id
  2065. assert res.json_body[1]['read_by_user'] is False
  2066. self.testapp.put(
  2067. '/api/v2/users/{user_id}/workspaces/{workspace_id}/read'.format( # nopep8
  2068. workspace_id=workspace.workspace_id,
  2069. content_id=firstly_created.content_id,
  2070. user_id=test_user.user_id,
  2071. )
  2072. )
  2073. res = self.testapp.get('/api/v2/users/{user_id}/workspaces/{workspace_id}/contents/read_status'.format( # nopep8
  2074. user_id=test_user.user_id,
  2075. workspace_id=workspace.workspace_id
  2076. ), status=200)
  2077. assert res.json_body[0]['content_id'] == firstly_created.content_id
  2078. assert res.json_body[0]['read_by_user'] is True
  2079. assert res.json_body[1]['content_id'] == main_folder.content_id
  2080. assert res.json_body[1]['read_by_user'] is True
  2081. def test_api_set_content_as_read__ok__200__user_itself(self):
  2082. # init DB
  2083. dbsession = get_tm_session(self.session_factory, transaction.manager)
  2084. admin = dbsession.query(models.User) \
  2085. .filter(models.User.email == 'admin@admin.admin') \
  2086. .one()
  2087. workspace_api = WorkspaceApi(
  2088. current_user=admin,
  2089. session=dbsession,
  2090. config=self.app_config
  2091. )
  2092. workspace = WorkspaceApi(
  2093. current_user=admin,
  2094. session=dbsession,
  2095. config=self.app_config,
  2096. ).create_workspace(
  2097. 'test workspace',
  2098. save_now=True
  2099. )
  2100. uapi = UserApi(
  2101. current_user=admin,
  2102. session=dbsession,
  2103. config=self.app_config,
  2104. )
  2105. gapi = GroupApi(
  2106. current_user=admin,
  2107. session=dbsession,
  2108. config=self.app_config,
  2109. )
  2110. groups = [gapi.get_one_with_name('users')]
  2111. test_user = uapi.create_user(
  2112. email='test@test.test',
  2113. password='pass',
  2114. name='bob',
  2115. groups=groups,
  2116. timezone='Europe/Paris',
  2117. do_save=True,
  2118. do_notify=False,
  2119. )
  2120. rapi = RoleApi(
  2121. current_user=admin,
  2122. session=dbsession,
  2123. config=self.app_config,
  2124. )
  2125. rapi.create_one(test_user, workspace, UserRoleInWorkspace.READER, False)
  2126. api = ContentApi(
  2127. current_user=admin,
  2128. session=dbsession,
  2129. config=self.app_config,
  2130. )
  2131. api2 = ContentApi(
  2132. current_user=test_user,
  2133. session=dbsession,
  2134. config=self.app_config,
  2135. )
  2136. main_folder = api.create(ContentType.Folder, workspace, None, 'this is randomized folder', '', True) # nopep8
  2137. # creation order test
  2138. firstly_created = api.create(ContentType.Page, workspace, main_folder, 'creation_order_test', '', True) # nopep8
  2139. api.mark_unread(main_folder)
  2140. api.mark_unread(firstly_created)
  2141. api2.mark_unread(main_folder)
  2142. api2.mark_unread(firstly_created)
  2143. dbsession.flush()
  2144. transaction.commit()
  2145. self.testapp.authorization = (
  2146. 'Basic',
  2147. (
  2148. 'test@test.test',
  2149. 'pass'
  2150. )
  2151. )
  2152. res = self.testapp.get('/api/v2/users/{user_id}/workspaces/{workspace_id}/contents/read_status'.format( # nopep8
  2153. user_id=test_user.user_id,
  2154. workspace_id=workspace.workspace_id
  2155. ), status=200)
  2156. assert res.json_body[0]['content_id'] == firstly_created.content_id
  2157. assert res.json_body[0]['read_by_user'] is False
  2158. assert res.json_body[1]['content_id'] == main_folder.content_id
  2159. assert res.json_body[1]['read_by_user'] is False
  2160. self.testapp.put(
  2161. '/api/v2/users/{user_id}/workspaces/{workspace_id}/read'.format( # nopep8
  2162. workspace_id=workspace.workspace_id,
  2163. content_id=firstly_created.content_id,
  2164. user_id=test_user.user_id,
  2165. )
  2166. )
  2167. res = self.testapp.get('/api/v2/users/{user_id}/workspaces/{workspace_id}/contents/read_status'.format( # nopep8
  2168. user_id=test_user.user_id,
  2169. workspace_id=workspace.workspace_id
  2170. ), status=200)
  2171. assert res.json_body[0]['content_id'] == firstly_created.content_id
  2172. assert res.json_body[0]['read_by_user'] is True
  2173. assert res.json_body[1]['content_id'] == main_folder.content_id
  2174. assert res.json_body[1]['read_by_user'] is True
  2175. def test_api_set_content_as_read__err__403__other_user(self):
  2176. # init DB
  2177. dbsession = get_tm_session(self.session_factory, transaction.manager)
  2178. admin = dbsession.query(models.User) \
  2179. .filter(models.User.email == 'admin@admin.admin') \
  2180. .one()
  2181. workspace_api = WorkspaceApi(
  2182. current_user=admin,
  2183. session=dbsession,
  2184. config=self.app_config
  2185. )
  2186. workspace = WorkspaceApi(
  2187. current_user=admin,
  2188. session=dbsession,
  2189. config=self.app_config,
  2190. ).create_workspace(
  2191. 'test workspace',
  2192. save_now=True
  2193. )
  2194. uapi = UserApi(
  2195. current_user=admin,
  2196. session=dbsession,
  2197. config=self.app_config,
  2198. )
  2199. gapi = GroupApi(
  2200. current_user=admin,
  2201. session=dbsession,
  2202. config=self.app_config,
  2203. )
  2204. groups = [gapi.get_one_with_name('users')]
  2205. test_user = uapi.create_user(
  2206. email='test@test.test',
  2207. password='pass',
  2208. name='bob',
  2209. groups=groups,
  2210. timezone='Europe/Paris',
  2211. do_save=True,
  2212. do_notify=False,
  2213. )
  2214. rapi = RoleApi(
  2215. current_user=admin,
  2216. session=dbsession,
  2217. config=self.app_config,
  2218. )
  2219. rapi.create_one(test_user, workspace, UserRoleInWorkspace.READER, False)
  2220. api = ContentApi(
  2221. current_user=admin,
  2222. session=dbsession,
  2223. config=self.app_config,
  2224. )
  2225. api2 = ContentApi(
  2226. current_user=test_user,
  2227. session=dbsession,
  2228. config=self.app_config,
  2229. )
  2230. main_folder = api.create(ContentType.Folder, workspace, None, 'this is randomized folder', '', True) # nopep8
  2231. # creation order test
  2232. firstly_created = api.create(ContentType.Page, workspace, main_folder, 'creation_order_test', '', True) # nopep8
  2233. api.mark_unread(main_folder)
  2234. api.mark_unread(firstly_created)
  2235. api2.mark_unread(main_folder)
  2236. api2.mark_unread(firstly_created)
  2237. dbsession.flush()
  2238. transaction.commit()
  2239. self.testapp.authorization = (
  2240. 'Basic',
  2241. (
  2242. 'test@test.test',
  2243. 'pass'
  2244. )
  2245. )
  2246. self.testapp.put(
  2247. '/api/v2/users/{user_id}/workspaces/{workspace_id}/read'.format( # nopep8
  2248. workspace_id=workspace.workspace_id,
  2249. content_id=firstly_created.content_id,
  2250. user_id=admin.user_id,
  2251. ),
  2252. status=403,
  2253. )
  2254. class TestUserWorkspaceEndpoint(FunctionalTest):
  2255. """
  2256. Tests for /api/v2/users/{user_id}/workspaces
  2257. """
  2258. fixtures = [BaseFixture, ContentFixtures]
  2259. def test_api__get_user_workspaces__ok_200__nominal_case(self):
  2260. """
  2261. Check obtain all workspaces reachables for user with user auth.
  2262. """
  2263. self.testapp.authorization = (
  2264. 'Basic',
  2265. (
  2266. 'admin@admin.admin',
  2267. 'admin@admin.admin'
  2268. )
  2269. )
  2270. res = self.testapp.get('/api/v2/users/1/workspaces', status=200)
  2271. res = res.json_body
  2272. workspace = res[0]
  2273. assert workspace['workspace_id'] == 1
  2274. assert workspace['label'] == 'Business'
  2275. assert workspace['slug'] == 'business'
  2276. assert len(workspace['sidebar_entries']) == 7
  2277. sidebar_entry = workspace['sidebar_entries'][0]
  2278. assert sidebar_entry['slug'] == 'dashboard'
  2279. assert sidebar_entry['label'] == 'Dashboard'
  2280. assert sidebar_entry['route'] == '/#/workspaces/1/dashboard' # nopep8
  2281. assert sidebar_entry['hexcolor'] == "#252525"
  2282. assert sidebar_entry['fa_icon'] == "signal"
  2283. sidebar_entry = workspace['sidebar_entries'][1]
  2284. assert sidebar_entry['slug'] == 'contents/all'
  2285. assert sidebar_entry['label'] == 'All Contents'
  2286. assert sidebar_entry['route'] == "/#/workspaces/1/contents" # nopep8
  2287. assert sidebar_entry['hexcolor'] == "#fdfdfd"
  2288. assert sidebar_entry['fa_icon'] == "th"
  2289. sidebar_entry = workspace['sidebar_entries'][2]
  2290. assert sidebar_entry['slug'] == 'contents/html-documents'
  2291. assert sidebar_entry['label'] == 'Text Documents'
  2292. assert sidebar_entry['route'] == '/#/workspaces/1/contents?type=html-documents' # nopep8
  2293. assert sidebar_entry['hexcolor'] == "#3f52e3"
  2294. assert sidebar_entry['fa_icon'] == "file-text-o"
  2295. sidebar_entry = workspace['sidebar_entries'][3]
  2296. assert sidebar_entry['slug'] == 'contents/markdownpluspage'
  2297. assert sidebar_entry['label'] == 'Markdown Plus Documents'
  2298. assert sidebar_entry['route'] == "/#/workspaces/1/contents?type=markdownpluspage" # nopep8
  2299. assert sidebar_entry['hexcolor'] == "#f12d2d"
  2300. assert sidebar_entry['fa_icon'] == "file-code-o"
  2301. sidebar_entry = workspace['sidebar_entries'][4]
  2302. assert sidebar_entry['slug'] == 'contents/files'
  2303. assert sidebar_entry['label'] == 'Files'
  2304. assert sidebar_entry['route'] == "/#/workspaces/1/contents?type=file" # nopep8
  2305. assert sidebar_entry['hexcolor'] == "#FF9900"
  2306. assert sidebar_entry['fa_icon'] == "paperclip"
  2307. sidebar_entry = workspace['sidebar_entries'][5]
  2308. assert sidebar_entry['slug'] == 'contents/threads'
  2309. assert sidebar_entry['label'] == 'Threads'
  2310. assert sidebar_entry['route'] == "/#/workspaces/1/contents?type=thread" # nopep8
  2311. assert sidebar_entry['hexcolor'] == "#ad4cf9"
  2312. assert sidebar_entry['fa_icon'] == "comments-o"
  2313. sidebar_entry = workspace['sidebar_entries'][6]
  2314. assert sidebar_entry['slug'] == 'calendar'
  2315. assert sidebar_entry['label'] == 'Calendar'
  2316. assert sidebar_entry['route'] == "/#/workspaces/1/calendar" # nopep8
  2317. assert sidebar_entry['hexcolor'] == "#757575"
  2318. assert sidebar_entry['fa_icon'] == "calendar"
  2319. def test_api__get_user_workspaces__err_403__unallowed_user(self):
  2320. """
  2321. Check obtain all workspaces reachables for one user
  2322. with another non-admin user auth.
  2323. """
  2324. self.testapp.authorization = (
  2325. 'Basic',
  2326. (
  2327. 'lawrence-not-real-email@fsf.local',
  2328. 'foobarbaz'
  2329. )
  2330. )
  2331. res = self.testapp.get('/api/v2/users/1/workspaces', status=403)
  2332. assert isinstance(res.json, dict)
  2333. assert 'code' in res.json.keys()
  2334. assert 'message' in res.json.keys()
  2335. assert 'details' in res.json.keys()
  2336. def test_api__get_user_workspaces__err_401__unregistered_user(self):
  2337. """
  2338. Check obtain all workspaces reachables for one user
  2339. without correct user auth (user unregistered).
  2340. """
  2341. self.testapp.authorization = (
  2342. 'Basic',
  2343. (
  2344. 'john@doe.doe',
  2345. 'lapin'
  2346. )
  2347. )
  2348. res = self.testapp.get('/api/v2/users/1/workspaces', status=401)
  2349. assert isinstance(res.json, dict)
  2350. assert 'code' in res.json.keys()
  2351. assert 'message' in res.json.keys()
  2352. assert 'details' in res.json.keys()
  2353. def test_api__get_user_workspaces__err_400__user_does_not_exist(self):
  2354. """
  2355. Check obtain all workspaces reachables for one user who does
  2356. not exist
  2357. with a correct user auth.
  2358. """
  2359. self.testapp.authorization = (
  2360. 'Basic',
  2361. (
  2362. 'admin@admin.admin',
  2363. 'admin@admin.admin'
  2364. )
  2365. )
  2366. res = self.testapp.get('/api/v2/users/5/workspaces', status=400)
  2367. assert isinstance(res.json, dict)
  2368. assert 'code' in res.json.keys()
  2369. assert 'message' in res.json.keys()
  2370. assert 'details' in res.json.keys()
  2371. class TestUserEndpoint(FunctionalTest):
  2372. # -*- coding: utf-8 -*-
  2373. """
  2374. Tests for GET /api/v2/users/{user_id}
  2375. """
  2376. fixtures = [BaseFixture]
  2377. def test_api__get_user__ok_200__admin(self):
  2378. dbsession = get_tm_session(self.session_factory, transaction.manager)
  2379. admin = dbsession.query(models.User) \
  2380. .filter(models.User.email == 'admin@admin.admin') \
  2381. .one()
  2382. uapi = UserApi(
  2383. current_user=admin,
  2384. session=dbsession,
  2385. config=self.app_config,
  2386. )
  2387. gapi = GroupApi(
  2388. current_user=admin,
  2389. session=dbsession,
  2390. config=self.app_config,
  2391. )
  2392. groups = [gapi.get_one_with_name('users')]
  2393. test_user = uapi.create_user(
  2394. email='test@test.test',
  2395. password='pass',
  2396. name='bob',
  2397. groups=groups,
  2398. timezone='Europe/Paris',
  2399. do_save=True,
  2400. do_notify=False,
  2401. )
  2402. uapi.save(test_user)
  2403. transaction.commit()
  2404. user_id = int(test_user.user_id)
  2405. self.testapp.authorization = (
  2406. 'Basic',
  2407. (
  2408. 'admin@admin.admin',
  2409. 'admin@admin.admin'
  2410. )
  2411. )
  2412. res = self.testapp.get(
  2413. '/api/v2/users/{}'.format(user_id),
  2414. status=200
  2415. )
  2416. res = res.json_body
  2417. assert res['user_id'] == user_id
  2418. assert res['created']
  2419. assert res['is_active'] is True
  2420. assert res['profile'] == 'users'
  2421. assert res['email'] == 'test@test.test'
  2422. assert res['public_name'] == 'bob'
  2423. assert res['timezone'] == 'Europe/Paris'
  2424. def test_api__get_user__ok_200__user_itself(self):
  2425. dbsession = get_tm_session(self.session_factory, transaction.manager)
  2426. admin = dbsession.query(models.User) \
  2427. .filter(models.User.email == 'admin@admin.admin') \
  2428. .one()
  2429. uapi = UserApi(
  2430. current_user=admin,
  2431. session=dbsession,
  2432. config=self.app_config,
  2433. )
  2434. gapi = GroupApi(
  2435. current_user=admin,
  2436. session=dbsession,
  2437. config=self.app_config,
  2438. )
  2439. groups = [gapi.get_one_with_name('users')]
  2440. test_user = uapi.create_user(
  2441. email='test@test.test',
  2442. password='pass',
  2443. name='bob',
  2444. groups=groups,
  2445. timezone='Europe/Paris',
  2446. do_save=True,
  2447. do_notify=False,
  2448. )
  2449. uapi.save(test_user)
  2450. transaction.commit()
  2451. user_id = int(test_user.user_id)
  2452. self.testapp.authorization = (
  2453. 'Basic',
  2454. (
  2455. 'test@test.test',
  2456. 'pass'
  2457. )
  2458. )
  2459. res = self.testapp.get(
  2460. '/api/v2/users/{}'.format(user_id),
  2461. status=200
  2462. )
  2463. res = res.json_body
  2464. assert res['user_id'] == user_id
  2465. assert res['created']
  2466. assert res['is_active'] is True
  2467. assert res['profile'] == 'users'
  2468. assert res['email'] == 'test@test.test'
  2469. assert res['public_name'] == 'bob'
  2470. assert res['timezone'] == 'Europe/Paris'
  2471. def test_api__get_user__err_403__other_normal_user(self):
  2472. dbsession = get_tm_session(self.session_factory, transaction.manager)
  2473. admin = dbsession.query(models.User) \
  2474. .filter(models.User.email == 'admin@admin.admin') \
  2475. .one()
  2476. uapi = UserApi(
  2477. current_user=admin,
  2478. session=dbsession,
  2479. config=self.app_config,
  2480. )
  2481. gapi = GroupApi(
  2482. current_user=admin,
  2483. session=dbsession,
  2484. config=self.app_config,
  2485. )
  2486. groups = [gapi.get_one_with_name('users')]
  2487. test_user = uapi.create_user(
  2488. email='test@test.test',
  2489. password='pass',
  2490. name='bob',
  2491. groups=groups,
  2492. timezone='Europe/Paris',
  2493. do_save=True,
  2494. do_notify=False,
  2495. )
  2496. test_user2 = uapi.create_user(
  2497. email='test2@test2.test2',
  2498. password='pass',
  2499. name='bob2',
  2500. groups=groups,
  2501. timezone='Europe/Paris',
  2502. do_save=True,
  2503. do_notify=False,
  2504. )
  2505. uapi.save(test_user2)
  2506. uapi.save(test_user)
  2507. transaction.commit()
  2508. user_id = int(test_user.user_id)
  2509. self.testapp.authorization = (
  2510. 'Basic',
  2511. (
  2512. 'test2@test2.test2',
  2513. 'pass'
  2514. )
  2515. )
  2516. self.testapp.get(
  2517. '/api/v2/users/{}'.format(user_id),
  2518. status=403
  2519. )
  2520. class TestSetEmailEndpoint(FunctionalTest):
  2521. # -*- coding: utf-8 -*-
  2522. """
  2523. Tests for PUT /api/v2/users/{user_id}/email
  2524. """
  2525. fixtures = [BaseFixture]
  2526. def test_api__set_user_email__ok_200__admin(self):
  2527. dbsession = get_tm_session(self.session_factory, transaction.manager)
  2528. admin = dbsession.query(models.User) \
  2529. .filter(models.User.email == 'admin@admin.admin') \
  2530. .one()
  2531. uapi = UserApi(
  2532. current_user=admin,
  2533. session=dbsession,
  2534. config=self.app_config,
  2535. )
  2536. gapi = GroupApi(
  2537. current_user=admin,
  2538. session=dbsession,
  2539. config=self.app_config,
  2540. )
  2541. groups = [gapi.get_one_with_name('users')]
  2542. test_user = uapi.create_user(
  2543. email='test@test.test',
  2544. password='pass',
  2545. name='bob',
  2546. groups=groups,
  2547. timezone='Europe/Paris',
  2548. do_save=True,
  2549. do_notify=False,
  2550. )
  2551. uapi.save(test_user)
  2552. transaction.commit()
  2553. user_id = int(test_user.user_id)
  2554. self.testapp.authorization = (
  2555. 'Basic',
  2556. (
  2557. 'admin@admin.admin',
  2558. 'admin@admin.admin'
  2559. )
  2560. )
  2561. # check before
  2562. res = self.testapp.get(
  2563. '/api/v2/users/{}'.format(user_id),
  2564. status=200
  2565. )
  2566. res = res.json_body
  2567. assert res['email'] == 'test@test.test'
  2568. # Set password
  2569. params = {
  2570. 'email': 'mysuperemail@email.fr',
  2571. 'loggedin_user_password': 'admin@admin.admin',
  2572. }
  2573. self.testapp.put_json(
  2574. '/api/v2/users/{}/email'.format(user_id),
  2575. params=params,
  2576. status=200,
  2577. )
  2578. # Check After
  2579. res = self.testapp.get(
  2580. '/api/v2/users/{}'.format(user_id),
  2581. status=200
  2582. )
  2583. res = res.json_body
  2584. assert res['email'] == 'mysuperemail@email.fr'
  2585. def test_api__set_user_email__err_403__admin_wrong_password(self):
  2586. dbsession = get_tm_session(self.session_factory, transaction.manager)
  2587. admin = dbsession.query(models.User) \
  2588. .filter(models.User.email == 'admin@admin.admin') \
  2589. .one()
  2590. uapi = UserApi(
  2591. current_user=admin,
  2592. session=dbsession,
  2593. config=self.app_config,
  2594. )
  2595. gapi = GroupApi(
  2596. current_user=admin,
  2597. session=dbsession,
  2598. config=self.app_config,
  2599. )
  2600. groups = [gapi.get_one_with_name('users')]
  2601. test_user = uapi.create_user(
  2602. email='test@test.test',
  2603. password='pass',
  2604. name='bob',
  2605. groups=groups,
  2606. timezone='Europe/Paris',
  2607. do_save=True,
  2608. do_notify=False,
  2609. )
  2610. uapi.save(test_user)
  2611. transaction.commit()
  2612. user_id = int(test_user.user_id)
  2613. self.testapp.authorization = (
  2614. 'Basic',
  2615. (
  2616. 'admin@admin.admin',
  2617. 'admin@admin.admin'
  2618. )
  2619. )
  2620. # check before
  2621. res = self.testapp.get(
  2622. '/api/v2/users/{}'.format(user_id),
  2623. status=200
  2624. )
  2625. res = res.json_body
  2626. assert res['email'] == 'test@test.test'
  2627. # Set password
  2628. params = {
  2629. 'email': 'mysuperemail@email.fr',
  2630. 'loggedin_user_password': 'badpassword',
  2631. }
  2632. self.testapp.put_json(
  2633. '/api/v2/users/{}/email'.format(user_id),
  2634. params=params,
  2635. status=403,
  2636. )
  2637. # Check After
  2638. res = self.testapp.get(
  2639. '/api/v2/users/{}'.format(user_id),
  2640. status=200
  2641. )
  2642. res = res.json_body
  2643. assert res['email'] == 'test@test.test'
  2644. def test_api__set_user_email__err_400__admin_string_is_not_email(self):
  2645. dbsession = get_tm_session(self.session_factory, transaction.manager)
  2646. admin = dbsession.query(models.User) \
  2647. .filter(models.User.email == 'admin@admin.admin') \
  2648. .one()
  2649. uapi = UserApi(
  2650. current_user=admin,
  2651. session=dbsession,
  2652. config=self.app_config,
  2653. )
  2654. gapi = GroupApi(
  2655. current_user=admin,
  2656. session=dbsession,
  2657. config=self.app_config,
  2658. )
  2659. groups = [gapi.get_one_with_name('users')]
  2660. test_user = uapi.create_user(
  2661. email='test@test.test',
  2662. password='pass',
  2663. name='bob',
  2664. groups=groups,
  2665. timezone='Europe/Paris',
  2666. do_save=True,
  2667. do_notify=False,
  2668. )
  2669. uapi.save(test_user)
  2670. transaction.commit()
  2671. user_id = int(test_user.user_id)
  2672. self.testapp.authorization = (
  2673. 'Basic',
  2674. (
  2675. 'admin@admin.admin',
  2676. 'admin@admin.admin'
  2677. )
  2678. )
  2679. # check before
  2680. res = self.testapp.get(
  2681. '/api/v2/users/{}'.format(user_id),
  2682. status=200
  2683. )
  2684. res = res.json_body
  2685. assert res['email'] == 'test@test.test'
  2686. # Set password
  2687. params = {
  2688. 'email': 'thatisnotandemail',
  2689. 'loggedin_user_password': 'admin@admin.admin',
  2690. }
  2691. self.testapp.put_json(
  2692. '/api/v2/users/{}/email'.format(user_id),
  2693. params=params,
  2694. status=400,
  2695. )
  2696. # Check After
  2697. res = self.testapp.get(
  2698. '/api/v2/users/{}'.format(user_id),
  2699. status=200
  2700. )
  2701. res = res.json_body
  2702. assert res['email'] == 'test@test.test'
  2703. def test_api__set_user_email__ok_200__user_itself(self):
  2704. dbsession = get_tm_session(self.session_factory, transaction.manager)
  2705. admin = dbsession.query(models.User) \
  2706. .filter(models.User.email == 'admin@admin.admin') \
  2707. .one()
  2708. uapi = UserApi(
  2709. current_user=admin,
  2710. session=dbsession,
  2711. config=self.app_config,
  2712. )
  2713. gapi = GroupApi(
  2714. current_user=admin,
  2715. session=dbsession,
  2716. config=self.app_config,
  2717. )
  2718. groups = [gapi.get_one_with_name('users')]
  2719. test_user = uapi.create_user(
  2720. email='test@test.test',
  2721. password='pass',
  2722. name='bob',
  2723. groups=groups,
  2724. timezone='Europe/Paris',
  2725. do_save=True,
  2726. do_notify=False,
  2727. )
  2728. uapi.save(test_user)
  2729. transaction.commit()
  2730. user_id = int(test_user.user_id)
  2731. self.testapp.authorization = (
  2732. 'Basic',
  2733. (
  2734. 'test@test.test',
  2735. 'pass'
  2736. )
  2737. )
  2738. # check before
  2739. res = self.testapp.get(
  2740. '/api/v2/users/{}'.format(user_id),
  2741. status=200
  2742. )
  2743. res = res.json_body
  2744. assert res['email'] == 'test@test.test'
  2745. # Set password
  2746. params = {
  2747. 'email': 'mysuperemail@email.fr',
  2748. 'loggedin_user_password': 'pass',
  2749. }
  2750. self.testapp.put_json(
  2751. '/api/v2/users/{}/email'.format(user_id),
  2752. params=params,
  2753. status=200,
  2754. )
  2755. self.testapp.authorization = (
  2756. 'Basic',
  2757. (
  2758. 'mysuperemail@email.fr',
  2759. 'pass'
  2760. )
  2761. )
  2762. # Check After
  2763. res = self.testapp.get(
  2764. '/api/v2/users/{}'.format(user_id),
  2765. status=200
  2766. )
  2767. res = res.json_body
  2768. assert res['email'] == 'mysuperemail@email.fr'
  2769. def test_api__set_user_email__err_403__other_normal_user(self):
  2770. dbsession = get_tm_session(self.session_factory, transaction.manager)
  2771. admin = dbsession.query(models.User) \
  2772. .filter(models.User.email == 'admin@admin.admin') \
  2773. .one()
  2774. uapi = UserApi(
  2775. current_user=admin,
  2776. session=dbsession,
  2777. config=self.app_config,
  2778. )
  2779. gapi = GroupApi(
  2780. current_user=admin,
  2781. session=dbsession,
  2782. config=self.app_config,
  2783. )
  2784. groups = [gapi.get_one_with_name('users')]
  2785. test_user = uapi.create_user(
  2786. email='test@test.test',
  2787. password='pass',
  2788. name='bob',
  2789. groups=groups,
  2790. timezone='Europe/Paris',
  2791. do_save=True,
  2792. do_notify=False,
  2793. )
  2794. test_user2 = uapi.create_user(
  2795. email='test2@test2.test2',
  2796. password='pass',
  2797. name='bob2',
  2798. groups=groups,
  2799. timezone='Europe/Paris',
  2800. do_save=True,
  2801. do_notify=False,
  2802. )
  2803. uapi.save(test_user2)
  2804. uapi.save(test_user)
  2805. transaction.commit()
  2806. user_id = int(test_user.user_id)
  2807. self.testapp.authorization = (
  2808. 'Basic',
  2809. (
  2810. 'test@test.test',
  2811. 'pass'
  2812. )
  2813. )
  2814. # Set password
  2815. params = {
  2816. 'email': 'mysuperemail@email.fr',
  2817. 'loggedin_user_password': 'test2@test2.test2',
  2818. }
  2819. self.testapp.put_json(
  2820. '/api/v2/users/{}/email'.format(user_id),
  2821. params=params,
  2822. status=403,
  2823. )
  2824. class TestSetPasswordEndpoint(FunctionalTest):
  2825. # -*- coding: utf-8 -*-
  2826. """
  2827. Tests for PUT /api/v2/users/{user_id}/password
  2828. """
  2829. fixtures = [BaseFixture]
  2830. def test_api__set_user_password__ok_200__admin(self):
  2831. dbsession = get_tm_session(self.session_factory, transaction.manager)
  2832. admin = dbsession.query(models.User) \
  2833. .filter(models.User.email == 'admin@admin.admin') \
  2834. .one()
  2835. uapi = UserApi(
  2836. current_user=admin,
  2837. session=dbsession,
  2838. config=self.app_config,
  2839. )
  2840. gapi = GroupApi(
  2841. current_user=admin,
  2842. session=dbsession,
  2843. config=self.app_config,
  2844. )
  2845. groups = [gapi.get_one_with_name('users')]
  2846. test_user = uapi.create_user(
  2847. email='test@test.test',
  2848. password='pass',
  2849. name='bob',
  2850. groups=groups,
  2851. timezone='Europe/Paris',
  2852. do_save=True,
  2853. do_notify=False,
  2854. )
  2855. uapi.save(test_user)
  2856. transaction.commit()
  2857. user_id = int(test_user.user_id)
  2858. self.testapp.authorization = (
  2859. 'Basic',
  2860. (
  2861. 'admin@admin.admin',
  2862. 'admin@admin.admin'
  2863. )
  2864. )
  2865. # check before
  2866. user = uapi.get_one(user_id)
  2867. assert user.validate_password('pass')
  2868. assert not user.validate_password('mynewpassword')
  2869. # Set password
  2870. params = {
  2871. 'new_password': 'mynewpassword',
  2872. 'new_password2': 'mynewpassword',
  2873. 'loggedin_user_password': 'admin@admin.admin',
  2874. }
  2875. self.testapp.put_json(
  2876. '/api/v2/users/{}/password'.format(user_id),
  2877. params=params,
  2878. status=204,
  2879. )
  2880. # Check After
  2881. user = uapi.get_one(user_id)
  2882. assert not user.validate_password('pass')
  2883. assert user.validate_password('mynewpassword')
  2884. def test_api__set_user_password__err_403__admin_wrong_password(self):
  2885. dbsession = get_tm_session(self.session_factory, transaction.manager)
  2886. admin = dbsession.query(models.User) \
  2887. .filter(models.User.email == 'admin@admin.admin') \
  2888. .one()
  2889. uapi = UserApi(
  2890. current_user=admin,
  2891. session=dbsession,
  2892. config=self.app_config,
  2893. )
  2894. gapi = GroupApi(
  2895. current_user=admin,
  2896. session=dbsession,
  2897. config=self.app_config,
  2898. )
  2899. groups = [gapi.get_one_with_name('users')]
  2900. test_user = uapi.create_user(
  2901. email='test@test.test',
  2902. password='pass',
  2903. name='bob',
  2904. groups=groups,
  2905. timezone='Europe/Paris',
  2906. do_save=True,
  2907. do_notify=False,
  2908. )
  2909. uapi.save(test_user)
  2910. transaction.commit()
  2911. user_id = int(test_user.user_id)
  2912. self.testapp.authorization = (
  2913. 'Basic',
  2914. (
  2915. 'admin@admin.admin',
  2916. 'admin@admin.admin'
  2917. )
  2918. )
  2919. # check before
  2920. user = uapi.get_one(user_id)
  2921. assert user.validate_password('pass')
  2922. assert not user.validate_password('mynewpassword')
  2923. # Set password
  2924. params = {
  2925. 'new_password': 'mynewpassword',
  2926. 'new_password2': 'mynewpassword',
  2927. 'loggedin_user_password': 'wrongpassword',
  2928. }
  2929. self.testapp.put_json(
  2930. '/api/v2/users/{}/password'.format(user_id),
  2931. params=params,
  2932. status=403,
  2933. )
  2934. # Check After
  2935. user = uapi.get_one(user_id)
  2936. assert user.validate_password('pass')
  2937. assert not user.validate_password('mynewpassword')
  2938. def test_api__set_user_password__err_400__admin_passwords_do_not_match(self): # nopep8
  2939. dbsession = get_tm_session(self.session_factory, transaction.manager)
  2940. admin = dbsession.query(models.User) \
  2941. .filter(models.User.email == 'admin@admin.admin') \
  2942. .one()
  2943. uapi = UserApi(
  2944. current_user=admin,
  2945. session=dbsession,
  2946. config=self.app_config,
  2947. )
  2948. gapi = GroupApi(
  2949. current_user=admin,
  2950. session=dbsession,
  2951. config=self.app_config,
  2952. )
  2953. groups = [gapi.get_one_with_name('users')]
  2954. test_user = uapi.create_user(
  2955. email='test@test.test',
  2956. password='pass',
  2957. name='bob',
  2958. groups=groups,
  2959. timezone='Europe/Paris',
  2960. do_save=True,
  2961. do_notify=False,
  2962. )
  2963. uapi.save(test_user)
  2964. transaction.commit()
  2965. user_id = int(test_user.user_id)
  2966. self.testapp.authorization = (
  2967. 'Basic',
  2968. (
  2969. 'admin@admin.admin',
  2970. 'admin@admin.admin'
  2971. )
  2972. )
  2973. # check before
  2974. user = uapi.get_one(user_id)
  2975. assert user.validate_password('pass')
  2976. assert not user.validate_password('mynewpassword')
  2977. assert not user.validate_password('mynewpassword2')
  2978. # Set password
  2979. params = {
  2980. 'new_password': 'mynewpassword',
  2981. 'new_password2': 'mynewpassword2',
  2982. 'loggedin_user_password': 'admin@admin.admin',
  2983. }
  2984. self.testapp.put_json(
  2985. '/api/v2/users/{}/password'.format(user_id),
  2986. params=params,
  2987. status=400,
  2988. )
  2989. # Check After
  2990. user = uapi.get_one(user_id)
  2991. assert user.validate_password('pass')
  2992. assert not user.validate_password('mynewpassword')
  2993. assert not user.validate_password('mynewpassword2')
  2994. def test_api__set_user_password__ok_200__user_itself(self):
  2995. dbsession = get_tm_session(self.session_factory, transaction.manager)
  2996. admin = dbsession.query(models.User) \
  2997. .filter(models.User.email == 'admin@admin.admin') \
  2998. .one()
  2999. uapi = UserApi(
  3000. current_user=admin,
  3001. session=dbsession,
  3002. config=self.app_config,
  3003. )
  3004. gapi = GroupApi(
  3005. current_user=admin,
  3006. session=dbsession,
  3007. config=self.app_config,
  3008. )
  3009. groups = [gapi.get_one_with_name('users')]
  3010. test_user = uapi.create_user(
  3011. email='test@test.test',
  3012. password='pass',
  3013. name='bob',
  3014. groups=groups,
  3015. timezone='Europe/Paris',
  3016. do_save=True,
  3017. do_notify=False,
  3018. )
  3019. uapi.save(test_user)
  3020. transaction.commit()
  3021. user_id = int(test_user.user_id)
  3022. self.testapp.authorization = (
  3023. 'Basic',
  3024. (
  3025. 'test@test.test',
  3026. 'pass'
  3027. )
  3028. )
  3029. # check before
  3030. user = uapi.get_one(user_id)
  3031. assert user.validate_password('pass')
  3032. assert not user.validate_password('mynewpassword')
  3033. # Set password
  3034. params = {
  3035. 'new_password': 'mynewpassword',
  3036. 'new_password2': 'mynewpassword',
  3037. 'loggedin_user_password': 'pass',
  3038. }
  3039. self.testapp.put_json(
  3040. '/api/v2/users/{}/password'.format(user_id),
  3041. params=params,
  3042. status=204,
  3043. )
  3044. # Check After
  3045. user = uapi.get_one(user_id)
  3046. assert not user.validate_password('pass')
  3047. assert user.validate_password('mynewpassword')
  3048. def test_api__set_user_email__err_403__other_normal_user(self):
  3049. dbsession = get_tm_session(self.session_factory, transaction.manager)
  3050. admin = dbsession.query(models.User) \
  3051. .filter(models.User.email == 'admin@admin.admin') \
  3052. .one()
  3053. uapi = UserApi(
  3054. current_user=admin,
  3055. session=dbsession,
  3056. config=self.app_config,
  3057. )
  3058. gapi = GroupApi(
  3059. current_user=admin,
  3060. session=dbsession,
  3061. config=self.app_config,
  3062. )
  3063. groups = [gapi.get_one_with_name('users')]
  3064. test_user = uapi.create_user(
  3065. email='test@test.test',
  3066. password='pass',
  3067. name='bob',
  3068. groups=groups,
  3069. timezone='Europe/Paris',
  3070. do_save=True,
  3071. do_notify=False,
  3072. )
  3073. test_user2 = uapi.create_user(
  3074. email='test2@test2.test2',
  3075. password='pass',
  3076. name='bob2',
  3077. groups=groups,
  3078. timezone='Europe/Paris',
  3079. do_save=True,
  3080. do_notify=False,
  3081. )
  3082. uapi.save(test_user2)
  3083. uapi.save(test_user)
  3084. transaction.commit()
  3085. user_id = int(test_user.user_id)
  3086. self.testapp.authorization = (
  3087. 'Basic',
  3088. (
  3089. 'test@test.test',
  3090. 'pass'
  3091. )
  3092. )
  3093. # Set password
  3094. params = {
  3095. 'email': 'mysuperemail@email.fr',
  3096. 'loggedin_user_password': 'test2@test2.test2',
  3097. }
  3098. self.testapp.put_json(
  3099. '/api/v2/users/{}/email'.format(user_id),
  3100. params=params,
  3101. status=403,
  3102. )
  3103. class TestSetUserInfoEndpoint(FunctionalTest):
  3104. # -*- coding: utf-8 -*-
  3105. """
  3106. Tests for PUT /api/v2/users/{user_id}
  3107. """
  3108. fixtures = [BaseFixture]
  3109. def test_api__set_user_info__ok_200__admin(self):
  3110. dbsession = get_tm_session(self.session_factory, transaction.manager)
  3111. admin = dbsession.query(models.User) \
  3112. .filter(models.User.email == 'admin@admin.admin') \
  3113. .one()
  3114. uapi = UserApi(
  3115. current_user=admin,
  3116. session=dbsession,
  3117. config=self.app_config,
  3118. )
  3119. gapi = GroupApi(
  3120. current_user=admin,
  3121. session=dbsession,
  3122. config=self.app_config,
  3123. )
  3124. groups = [gapi.get_one_with_name('users')]
  3125. test_user = uapi.create_user(
  3126. email='test@test.test',
  3127. password='pass',
  3128. name='bob',
  3129. groups=groups,
  3130. timezone='Europe/Paris',
  3131. do_save=True,
  3132. do_notify=False,
  3133. )
  3134. uapi.save(test_user)
  3135. transaction.commit()
  3136. user_id = int(test_user.user_id)
  3137. self.testapp.authorization = (
  3138. 'Basic',
  3139. (
  3140. 'admin@admin.admin',
  3141. 'admin@admin.admin'
  3142. )
  3143. )
  3144. # check before
  3145. res = self.testapp.get(
  3146. '/api/v2/users/{}'.format(user_id),
  3147. status=200
  3148. )
  3149. res = res.json_body
  3150. assert res['user_id'] == user_id
  3151. assert res['public_name'] == 'bob'
  3152. assert res['timezone'] == 'Europe/Paris'
  3153. # Set params
  3154. params = {
  3155. 'public_name': 'updated',
  3156. 'timezone': 'Europe/London',
  3157. }
  3158. self.testapp.put_json(
  3159. '/api/v2/users/{}'.format(user_id),
  3160. params=params,
  3161. status=200,
  3162. )
  3163. # Check After
  3164. res = self.testapp.get(
  3165. '/api/v2/users/{}'.format(user_id),
  3166. status=200
  3167. )
  3168. res = res.json_body
  3169. assert res['user_id'] == user_id
  3170. assert res['public_name'] == 'updated'
  3171. assert res['timezone'] == 'Europe/London'
  3172. def test_api__set_user_info__ok_200__user_itself(self):
  3173. dbsession = get_tm_session(self.session_factory, transaction.manager)
  3174. admin = dbsession.query(models.User) \
  3175. .filter(models.User.email == 'admin@admin.admin') \
  3176. .one()
  3177. uapi = UserApi(
  3178. current_user=admin,
  3179. session=dbsession,
  3180. config=self.app_config,
  3181. )
  3182. gapi = GroupApi(
  3183. current_user=admin,
  3184. session=dbsession,
  3185. config=self.app_config,
  3186. )
  3187. groups = [gapi.get_one_with_name('users')]
  3188. test_user = uapi.create_user(
  3189. email='test@test.test',
  3190. password='pass',
  3191. name='bob',
  3192. groups=groups,
  3193. timezone='Europe/Paris',
  3194. do_save=True,
  3195. do_notify=False,
  3196. )
  3197. uapi.save(test_user)
  3198. transaction.commit()
  3199. user_id = int(test_user.user_id)
  3200. self.testapp.authorization = (
  3201. 'Basic',
  3202. (
  3203. 'test@test.test',
  3204. 'pass',
  3205. )
  3206. )
  3207. # check before
  3208. res = self.testapp.get(
  3209. '/api/v2/users/{}'.format(user_id),
  3210. status=200
  3211. )
  3212. res = res.json_body
  3213. assert res['user_id'] == user_id
  3214. assert res['public_name'] == 'bob'
  3215. assert res['timezone'] == 'Europe/Paris'
  3216. # Set params
  3217. params = {
  3218. 'public_name': 'updated',
  3219. 'timezone': 'Europe/London',
  3220. }
  3221. self.testapp.put_json(
  3222. '/api/v2/users/{}'.format(user_id),
  3223. params=params,
  3224. status=200,
  3225. )
  3226. # Check After
  3227. res = self.testapp.get(
  3228. '/api/v2/users/{}'.format(user_id),
  3229. status=200
  3230. )
  3231. res = res.json_body
  3232. assert res['user_id'] == user_id
  3233. assert res['public_name'] == 'updated'
  3234. assert res['timezone'] == 'Europe/London'
  3235. def test_api__set_user_email__err_403__other_normal_user(self):
  3236. dbsession = get_tm_session(self.session_factory, transaction.manager)
  3237. admin = dbsession.query(models.User) \
  3238. .filter(models.User.email == 'admin@admin.admin') \
  3239. .one()
  3240. uapi = UserApi(
  3241. current_user=admin,
  3242. session=dbsession,
  3243. config=self.app_config,
  3244. )
  3245. gapi = GroupApi(
  3246. current_user=admin,
  3247. session=dbsession,
  3248. config=self.app_config,
  3249. )
  3250. groups = [gapi.get_one_with_name('users')]
  3251. test_user = uapi.create_user(
  3252. email='test@test.test',
  3253. password='pass',
  3254. name='bob',
  3255. groups=groups,
  3256. timezone='Europe/Paris',
  3257. do_save=True,
  3258. do_notify=False,
  3259. )
  3260. test_user2 = uapi.create_user(
  3261. email='test2@test2.test2',
  3262. password='pass',
  3263. name='test',
  3264. groups=groups,
  3265. timezone='Europe/Paris',
  3266. do_save=True,
  3267. do_notify=False,
  3268. )
  3269. uapi.save(test_user2)
  3270. uapi.save(test_user)
  3271. transaction.commit()
  3272. user_id = int(test_user.user_id)
  3273. self.testapp.authorization = (
  3274. 'Basic',
  3275. (
  3276. 'test2@test2.test2',
  3277. 'pass',
  3278. )
  3279. )
  3280. # Set params
  3281. params = {
  3282. 'public_name': 'updated',
  3283. 'timezone': 'Europe/London',
  3284. }
  3285. self.testapp.put_json(
  3286. '/api/v2/users/{}'.format(user_id),
  3287. params=params,
  3288. status=403,
  3289. )
  3290. class TestSetUserProfilEndpoint(FunctionalTest):
  3291. # -*- coding: utf-8 -*-
  3292. """
  3293. Tests for PUT /api/v2/users/{user_id}/profile
  3294. """
  3295. fixtures = [BaseFixture]
  3296. def test_api__set_user_info__ok_200__admin(self):
  3297. dbsession = get_tm_session(self.session_factory, transaction.manager)
  3298. admin = dbsession.query(models.User) \
  3299. .filter(models.User.email == 'admin@admin.admin') \
  3300. .one()
  3301. uapi = UserApi(
  3302. current_user=admin,
  3303. session=dbsession,
  3304. config=self.app_config,
  3305. )
  3306. gapi = GroupApi(
  3307. current_user=admin,
  3308. session=dbsession,
  3309. config=self.app_config,
  3310. )
  3311. groups = [gapi.get_one_with_name('users')]
  3312. test_user = uapi.create_user(
  3313. email='test@test.test',
  3314. password='pass',
  3315. name='bob',
  3316. groups=groups,
  3317. timezone='Europe/Paris',
  3318. do_save=True,
  3319. do_notify=False,
  3320. )
  3321. uapi.save(test_user)
  3322. transaction.commit()
  3323. user_id = int(test_user.user_id)
  3324. self.testapp.authorization = (
  3325. 'Basic',
  3326. (
  3327. 'admin@admin.admin',
  3328. 'admin@admin.admin'
  3329. )
  3330. )
  3331. # check before
  3332. res = self.testapp.get(
  3333. '/api/v2/users/{}'.format(user_id),
  3334. status=200
  3335. )
  3336. res = res.json_body
  3337. assert res['user_id'] == user_id
  3338. assert res['profile'] == 'users'
  3339. # Set params
  3340. params = {
  3341. 'profile': 'administrators',
  3342. }
  3343. self.testapp.put_json(
  3344. '/api/v2/users/{}/profile'.format(user_id),
  3345. params=params,
  3346. status=204,
  3347. )
  3348. # Check After
  3349. res = self.testapp.get(
  3350. '/api/v2/users/{}'.format(user_id),
  3351. status=200
  3352. )
  3353. res = res.json_body
  3354. assert res['user_id'] == user_id
  3355. assert res['profile'] == 'administrators'
  3356. def test_api__set_user_info__err_403__user_itself(self):
  3357. dbsession = get_tm_session(self.session_factory, transaction.manager)
  3358. admin = dbsession.query(models.User) \
  3359. .filter(models.User.email == 'admin@admin.admin') \
  3360. .one()
  3361. uapi = UserApi(
  3362. current_user=admin,
  3363. session=dbsession,
  3364. config=self.app_config,
  3365. )
  3366. gapi = GroupApi(
  3367. current_user=admin,
  3368. session=dbsession,
  3369. config=self.app_config,
  3370. )
  3371. groups = [gapi.get_one_with_name('users')]
  3372. test_user = uapi.create_user(
  3373. email='test@test.test',
  3374. password='pass',
  3375. name='bob',
  3376. groups=groups,
  3377. timezone='Europe/Paris',
  3378. do_save=True,
  3379. do_notify=False,
  3380. )
  3381. uapi.save(test_user)
  3382. transaction.commit()
  3383. user_id = int(test_user.user_id)
  3384. self.testapp.authorization = (
  3385. 'Basic',
  3386. (
  3387. 'test@test.test',
  3388. 'pass',
  3389. )
  3390. )
  3391. # check before
  3392. res = self.testapp.get(
  3393. '/api/v2/users/{}'.format(user_id),
  3394. status=200
  3395. )
  3396. res = res.json_body
  3397. assert res['user_id'] == user_id
  3398. assert res['profile'] == 'users'
  3399. # Set params
  3400. params = {
  3401. 'profile': 'administrators',
  3402. }
  3403. self.testapp.put_json(
  3404. '/api/v2/users/{}/profile'.format(user_id),
  3405. params=params,
  3406. status=403,
  3407. )
  3408. # Check After
  3409. res = self.testapp.get(
  3410. '/api/v2/users/{}'.format(user_id),
  3411. status=200
  3412. )
  3413. res = res.json_body
  3414. assert res['user_id'] == user_id
  3415. assert res['profile'] == 'users'
  3416. def test_api__set_user_email__err_403__other_normal_user(self):
  3417. dbsession = get_tm_session(self.session_factory, transaction.manager)
  3418. admin = dbsession.query(models.User) \
  3419. .filter(models.User.email == 'admin@admin.admin') \
  3420. .one()
  3421. uapi = UserApi(
  3422. current_user=admin,
  3423. session=dbsession,
  3424. config=self.app_config,
  3425. )
  3426. gapi = GroupApi(
  3427. current_user=admin,
  3428. session=dbsession,
  3429. config=self.app_config,
  3430. )
  3431. groups = [gapi.get_one_with_name('users')]
  3432. test_user = uapi.create_user(
  3433. email='test@test.test',
  3434. password='pass',
  3435. name='bob',
  3436. groups=groups,
  3437. timezone='Europe/Paris',
  3438. do_save=True,
  3439. do_notify=False,
  3440. )
  3441. test_user2 = uapi.create_user(
  3442. email='test2@test2.test2',
  3443. password='pass',
  3444. name='test',
  3445. groups=groups,
  3446. timezone='Europe/Paris',
  3447. do_save=True,
  3448. do_notify=False,
  3449. )
  3450. uapi.save(test_user2)
  3451. uapi.save(test_user)
  3452. transaction.commit()
  3453. user_id = int(test_user.user_id)
  3454. self.testapp.authorization = (
  3455. 'Basic',
  3456. (
  3457. 'test2@test2.test2',
  3458. 'pass',
  3459. )
  3460. )
  3461. # Set params
  3462. params = {
  3463. 'profile': 'administrators',
  3464. }
  3465. self.testapp.put_json(
  3466. '/api/v2/users/{}/profile'.format(user_id),
  3467. params=params,
  3468. status=403,
  3469. )
  3470. class TestSetUserEnableDisableEndpoints(FunctionalTest):
  3471. # -*- coding: utf-8 -*-
  3472. """
  3473. Tests for PUT /api/v2/users/{user_id}/enable
  3474. and PUT /api/v2/users/{user_id}/disable
  3475. """
  3476. fixtures = [BaseFixture]
  3477. def test_api_enable_user__ok_200__admin(self):
  3478. dbsession = get_tm_session(self.session_factory, transaction.manager)
  3479. admin = dbsession.query(models.User) \
  3480. .filter(models.User.email == 'admin@admin.admin') \
  3481. .one()
  3482. uapi = UserApi(
  3483. current_user=admin,
  3484. session=dbsession,
  3485. config=self.app_config,
  3486. )
  3487. gapi = GroupApi(
  3488. current_user=admin,
  3489. session=dbsession,
  3490. config=self.app_config,
  3491. )
  3492. groups = [gapi.get_one_with_name('users')]
  3493. test_user = uapi.create_user(
  3494. email='test@test.test',
  3495. password='pass',
  3496. name='bob',
  3497. groups=groups,
  3498. timezone='Europe/Paris',
  3499. do_save=True,
  3500. do_notify=False,
  3501. )
  3502. uapi.disable(test_user, do_save=True)
  3503. uapi.save(test_user)
  3504. transaction.commit()
  3505. user_id = int(test_user.user_id)
  3506. self.testapp.authorization = (
  3507. 'Basic',
  3508. (
  3509. 'admin@admin.admin',
  3510. 'admin@admin.admin'
  3511. )
  3512. )
  3513. # check before
  3514. res = self.testapp.get(
  3515. '/api/v2/users/{}'.format(user_id),
  3516. status=200
  3517. )
  3518. res = res.json_body
  3519. assert res['user_id'] == user_id
  3520. assert res['is_active'] is False
  3521. self.testapp.put_json(
  3522. '/api/v2/users/{}/enable'.format(user_id),
  3523. status=204,
  3524. )
  3525. # Check After
  3526. res = self.testapp.get(
  3527. '/api/v2/users/{}'.format(user_id),
  3528. status=200
  3529. )
  3530. res = res.json_body
  3531. assert res['user_id'] == user_id
  3532. assert res['is_active'] is True
  3533. def test_api_disable_user__ok_200__admin(self):
  3534. dbsession = get_tm_session(self.session_factory, transaction.manager)
  3535. admin = dbsession.query(models.User) \
  3536. .filter(models.User.email == 'admin@admin.admin') \
  3537. .one()
  3538. uapi = UserApi(
  3539. current_user=admin,
  3540. session=dbsession,
  3541. config=self.app_config,
  3542. )
  3543. gapi = GroupApi(
  3544. current_user=admin,
  3545. session=dbsession,
  3546. config=self.app_config,
  3547. )
  3548. groups = [gapi.get_one_with_name('users')]
  3549. test_user = uapi.create_user(
  3550. email='test@test.test',
  3551. password='pass',
  3552. name='bob',
  3553. groups=groups,
  3554. timezone='Europe/Paris',
  3555. do_save=True,
  3556. do_notify=False,
  3557. )
  3558. uapi.enable(test_user, do_save=True)
  3559. uapi.save(test_user)
  3560. transaction.commit()
  3561. user_id = int(test_user.user_id)
  3562. self.testapp.authorization = (
  3563. 'Basic',
  3564. (
  3565. 'admin@admin.admin',
  3566. 'admin@admin.admin'
  3567. )
  3568. )
  3569. # check before
  3570. res = self.testapp.get(
  3571. '/api/v2/users/{}'.format(user_id),
  3572. status=200
  3573. )
  3574. res = res.json_body
  3575. assert res['user_id'] == user_id
  3576. assert res['is_active'] is True
  3577. self.testapp.put_json(
  3578. '/api/v2/users/{}/disable'.format(user_id),
  3579. status=204,
  3580. )
  3581. # Check After
  3582. res = self.testapp.get(
  3583. '/api/v2/users/{}'.format(user_id),
  3584. status=200
  3585. )
  3586. res = res.json_body
  3587. assert res['user_id'] == user_id
  3588. assert res['is_active'] is False
  3589. def test_api_enable_user__err_403__other_account(self):
  3590. dbsession = get_tm_session(self.session_factory, transaction.manager)
  3591. admin = dbsession.query(models.User) \
  3592. .filter(models.User.email == 'admin@admin.admin') \
  3593. .one()
  3594. uapi = UserApi(
  3595. current_user=admin,
  3596. session=dbsession,
  3597. config=self.app_config,
  3598. )
  3599. gapi = GroupApi(
  3600. current_user=admin,
  3601. session=dbsession,
  3602. config=self.app_config,
  3603. )
  3604. groups = [gapi.get_one_with_name('users')]
  3605. test_user = uapi.create_user(
  3606. email='test@test.test',
  3607. password='pass',
  3608. name='bob',
  3609. groups=groups,
  3610. timezone='Europe/Paris',
  3611. do_save=True,
  3612. do_notify=False,
  3613. )
  3614. test_user2 = uapi.create_user(
  3615. email='test2@test2.test2',
  3616. password='pass',
  3617. name='test2',
  3618. groups=groups,
  3619. timezone='Europe/Paris',
  3620. do_save=True,
  3621. do_notify=False,
  3622. )
  3623. uapi.disable(test_user, do_save=True)
  3624. uapi.save(test_user2)
  3625. uapi.save(test_user)
  3626. transaction.commit()
  3627. user_id = int(test_user.user_id)
  3628. self.testapp.authorization = (
  3629. 'Basic',
  3630. (
  3631. 'test2@test2.test2',
  3632. 'pass'
  3633. )
  3634. )
  3635. self.testapp.put_json(
  3636. '/api/v2/users/{}/enable'.format(user_id),
  3637. status=403,
  3638. )
  3639. def test_api_disable_user__err_403__other_account(self):
  3640. dbsession = get_tm_session(self.session_factory, transaction.manager)
  3641. admin = dbsession.query(models.User) \
  3642. .filter(models.User.email == 'admin@admin.admin') \
  3643. .one()
  3644. uapi = UserApi(
  3645. current_user=admin,
  3646. session=dbsession,
  3647. config=self.app_config,
  3648. )
  3649. gapi = GroupApi(
  3650. current_user=admin,
  3651. session=dbsession,
  3652. config=self.app_config,
  3653. )
  3654. groups = [gapi.get_one_with_name('users')]
  3655. test_user = uapi.create_user(
  3656. email='test@test.test',
  3657. password='pass',
  3658. name='bob',
  3659. groups=groups,
  3660. timezone='Europe/Paris',
  3661. do_save=True,
  3662. do_notify=False,
  3663. )
  3664. test_user2 = uapi.create_user(
  3665. email='test2@test2.test2',
  3666. password='pass',
  3667. name='test2',
  3668. groups=groups,
  3669. timezone='Europe/Paris',
  3670. do_save=True,
  3671. do_notify=False,
  3672. )
  3673. uapi.enable(test_user, do_save=True)
  3674. uapi.save(test_user2)
  3675. uapi.save(test_user)
  3676. transaction.commit()
  3677. user_id = int(test_user.user_id)
  3678. self.testapp.authorization = (
  3679. 'Basic',
  3680. (
  3681. 'test2@test2.test2',
  3682. 'pass'
  3683. )
  3684. )
  3685. self.testapp.put_json(
  3686. '/api/v2/users/{}/disable'.format(user_id),
  3687. status=403,
  3688. )
  3689. def test_api_disable_user__ok_200__user_itself(self):
  3690. dbsession = get_tm_session(self.session_factory, transaction.manager)
  3691. admin = dbsession.query(models.User) \
  3692. .filter(models.User.email == 'admin@admin.admin') \
  3693. .one()
  3694. uapi = UserApi(
  3695. current_user=admin,
  3696. session=dbsession,
  3697. config=self.app_config,
  3698. )
  3699. gapi = GroupApi(
  3700. current_user=admin,
  3701. session=dbsession,
  3702. config=self.app_config,
  3703. )
  3704. groups = [gapi.get_one_with_name('users')]
  3705. test_user = uapi.create_user(
  3706. email='test@test.test',
  3707. password='pass',
  3708. name='bob',
  3709. groups=groups,
  3710. timezone='Europe/Paris',
  3711. do_save=True,
  3712. do_notify=False,
  3713. )
  3714. uapi.enable(test_user, do_save=True)
  3715. uapi.save(test_user)
  3716. transaction.commit()
  3717. user_id = int(test_user.user_id)
  3718. self.testapp.authorization = (
  3719. 'Basic',
  3720. (
  3721. 'test@test.test',
  3722. 'pass'
  3723. )
  3724. )
  3725. # check before
  3726. res = self.testapp.get(
  3727. '/api/v2/users/{}'.format(user_id),
  3728. status=200
  3729. )
  3730. res = res.json_body
  3731. assert res['user_id'] == user_id
  3732. assert res['is_active'] is True
  3733. self.testapp.put_json(
  3734. '/api/v2/users/{}/disable'.format(user_id),
  3735. status=403,
  3736. )
  3737. # Check After
  3738. res = self.testapp.get(
  3739. '/api/v2/users/{}'.format(user_id),
  3740. status=200
  3741. )
  3742. res = res.json_body
  3743. assert res['user_id'] == user_id
  3744. assert res['is_active'] is True