test_user.py 151KB

12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061626364656667686970717273747576777879808182838485868788899091929394959697989910010110210310410510610710810911011111211311411511611711811912012112212312412512612712812913013113213313413513613713813914014114214314414514614714814915015115215315415515615715815916016116216316416516616716816917017117217317417517617717817918018118218318418518618718818919019119219319419519619719819920020120220320420520620720820921021121221321421521621721821922022122222322422522622722822923023123223323423523623723823924024124224324424524624724824925025125225325425525625725825926026126226326426526626726826927027127227327427527627727827928028128228328428528628728828929029129229329429529629729829930030130230330430530630730830931031131231331431531631731831932032132232332432532632732832933033133233333433533633733833934034134234334434534634734834935035135235335435535635735835936036136236336436536636736836937037137237337437537637737837938038138238338438538638738838939039139239339439539639739839940040140240340440540640740840941041141241341441541641741841942042142242342442542642742842943043143243343443543643743843944044144244344444544644744844945045145245345445545645745845946046146246346446546646746846947047147247347447547647747847948048148248348448548648748848949049149249349449549649749849950050150250350450550650750850951051151251351451551651751851952052152252352452552652752852953053153253353453553653753853954054154254354454554654754854955055155255355455555655755855956056156256356456556656756856957057157257357457557657757857958058158258358458558658758858959059159259359459559659759859960060160260360460560660760860961061161261361461561661761861962062162262362462562662762862963063163263363463563663763863964064164264364464564664764864965065165265365465565665765865966066166266366466566666766866967067167267367467567667767867968068168268368468568668768868969069169269369469569669769869970070170270370470570670770870971071171271371471571671771871972072172272372472572672772872973073173273373473573673773873974074174274374474574674774874975075175275375475575675775875976076176276376476576676776876977077177277377477577677777877978078178278378478578678778878979079179279379479579679779879980080180280380480580680780880981081181281381481581681781881982082182282382482582682782882983083183283383483583683783883984084184284384484584684784884985085185285385485585685785885986086186286386486586686786886987087187287387487587687787887988088188288388488588688788888989089189289389489589689789889990090190290390490590690790890991091191291391491591691791891992092192292392492592692792892993093193293393493593693793893994094194294394494594694794894995095195295395495595695795895996096196296396496596696796896997097197297397497597697797897998098198298398498598698798898999099199299399499599699799899910001001100210031004100510061007100810091010101110121013101410151016101710181019102010211022102310241025102610271028102910301031103210331034103510361037103810391040104110421043104410451046104710481049105010511052105310541055105610571058105910601061106210631064106510661067106810691070107110721073107410751076107710781079108010811082108310841085108610871088108910901091109210931094109510961097109810991100110111021103110411051106110711081109111011111112111311141115111611171118111911201121112211231124112511261127112811291130113111321133113411351136113711381139114011411142114311441145114611471148114911501151115211531154115511561157115811591160116111621163116411651166116711681169117011711172117311741175117611771178117911801181118211831184118511861187118811891190119111921193119411951196119711981199120012011202120312041205120612071208120912101211121212131214121512161217121812191220122112221223122412251226122712281229123012311232123312341235123612371238123912401241124212431244124512461247124812491250125112521253125412551256125712581259126012611262126312641265126612671268126912701271127212731274127512761277127812791280128112821283128412851286128712881289129012911292129312941295129612971298129913001301130213031304130513061307130813091310131113121313131413151316131713181319132013211322132313241325132613271328132913301331133213331334133513361337133813391340134113421343134413451346134713481349135013511352135313541355135613571358135913601361136213631364136513661367136813691370137113721373137413751376137713781379138013811382138313841385138613871388138913901391139213931394139513961397139813991400140114021403140414051406140714081409141014111412141314141415141614171418141914201421142214231424142514261427142814291430143114321433143414351436143714381439144014411442144314441445144614471448144914501451145214531454145514561457145814591460146114621463146414651466146714681469147014711472147314741475147614771478147914801481148214831484148514861487148814891490149114921493149414951496149714981499150015011502150315041505150615071508150915101511151215131514151515161517151815191520152115221523152415251526152715281529153015311532153315341535153615371538153915401541154215431544154515461547154815491550155115521553155415551556155715581559156015611562156315641565156615671568156915701571157215731574157515761577157815791580158115821583158415851586158715881589159015911592159315941595159615971598159916001601160216031604160516061607160816091610161116121613161416151616161716181619162016211622162316241625162616271628162916301631163216331634163516361637163816391640164116421643164416451646164716481649165016511652165316541655165616571658165916601661166216631664166516661667166816691670167116721673167416751676167716781679168016811682168316841685168616871688168916901691169216931694169516961697169816991700170117021703170417051706170717081709171017111712171317141715171617171718171917201721172217231724172517261727172817291730173117321733173417351736173717381739174017411742174317441745174617471748174917501751175217531754175517561757175817591760176117621763176417651766176717681769177017711772177317741775177617771778177917801781178217831784178517861787178817891790179117921793179417951796179717981799180018011802180318041805180618071808180918101811181218131814181518161817181818191820182118221823182418251826182718281829183018311832183318341835183618371838183918401841184218431844184518461847184818491850185118521853185418551856185718581859186018611862186318641865186618671868186918701871187218731874187518761877187818791880188118821883188418851886188718881889189018911892189318941895189618971898189919001901190219031904190519061907190819091910191119121913191419151916191719181919192019211922192319241925192619271928192919301931193219331934193519361937193819391940194119421943194419451946194719481949195019511952195319541955195619571958195919601961196219631964196519661967196819691970197119721973197419751976197719781979198019811982198319841985198619871988198919901991199219931994199519961997199819992000200120022003200420052006200720082009201020112012201320142015201620172018201920202021202220232024202520262027202820292030203120322033203420352036203720382039204020412042204320442045204620472048204920502051205220532054205520562057205820592060206120622063206420652066206720682069207020712072207320742075207620772078207920802081208220832084208520862087208820892090209120922093209420952096209720982099210021012102210321042105210621072108210921102111211221132114211521162117211821192120212121222123212421252126212721282129213021312132213321342135213621372138213921402141214221432144214521462147214821492150215121522153215421552156215721582159216021612162216321642165216621672168216921702171217221732174217521762177217821792180218121822183218421852186218721882189219021912192219321942195219621972198219922002201220222032204220522062207220822092210221122122213221422152216221722182219222022212222222322242225222622272228222922302231223222332234223522362237223822392240224122422243224422452246224722482249225022512252225322542255225622572258225922602261226222632264226522662267226822692270227122722273227422752276227722782279228022812282228322842285228622872288228922902291229222932294229522962297229822992300230123022303230423052306230723082309231023112312231323142315231623172318231923202321232223232324232523262327232823292330233123322333233423352336233723382339234023412342234323442345234623472348234923502351235223532354235523562357235823592360236123622363236423652366236723682369237023712372237323742375237623772378237923802381238223832384238523862387238823892390239123922393239423952396239723982399240024012402240324042405240624072408240924102411241224132414241524162417241824192420242124222423242424252426242724282429243024312432243324342435243624372438243924402441244224432444244524462447244824492450245124522453245424552456245724582459246024612462246324642465246624672468246924702471247224732474247524762477247824792480248124822483248424852486248724882489249024912492249324942495249624972498249925002501250225032504250525062507250825092510251125122513251425152516251725182519252025212522252325242525252625272528252925302531253225332534253525362537253825392540254125422543254425452546254725482549255025512552255325542555255625572558255925602561256225632564256525662567256825692570257125722573257425752576257725782579258025812582258325842585258625872588258925902591259225932594259525962597259825992600260126022603260426052606260726082609261026112612261326142615261626172618261926202621262226232624262526262627262826292630263126322633263426352636263726382639264026412642264326442645264626472648264926502651265226532654265526562657265826592660266126622663266426652666266726682669267026712672267326742675267626772678267926802681268226832684268526862687268826892690269126922693269426952696269726982699270027012702270327042705270627072708270927102711271227132714271527162717271827192720272127222723272427252726272727282729273027312732273327342735273627372738273927402741274227432744274527462747274827492750275127522753275427552756275727582759276027612762276327642765276627672768276927702771277227732774277527762777277827792780278127822783278427852786278727882789279027912792279327942795279627972798279928002801280228032804280528062807280828092810281128122813281428152816281728182819282028212822282328242825282628272828282928302831283228332834283528362837283828392840284128422843284428452846284728482849285028512852285328542855285628572858285928602861286228632864286528662867286828692870287128722873287428752876287728782879288028812882288328842885288628872888288928902891289228932894289528962897289828992900290129022903290429052906290729082909291029112912291329142915291629172918291929202921292229232924292529262927292829292930293129322933293429352936293729382939294029412942294329442945294629472948294929502951295229532954295529562957295829592960296129622963296429652966296729682969297029712972297329742975297629772978297929802981298229832984298529862987298829892990299129922993299429952996299729982999300030013002300330043005300630073008300930103011301230133014301530163017301830193020302130223023302430253026302730283029303030313032303330343035303630373038303930403041304230433044304530463047304830493050305130523053305430553056305730583059306030613062306330643065306630673068306930703071307230733074307530763077307830793080308130823083308430853086308730883089309030913092309330943095309630973098309931003101310231033104310531063107310831093110311131123113311431153116311731183119312031213122312331243125312631273128312931303131313231333134313531363137313831393140314131423143314431453146314731483149315031513152315331543155315631573158315931603161316231633164316531663167316831693170317131723173317431753176317731783179318031813182318331843185318631873188318931903191319231933194319531963197319831993200320132023203320432053206320732083209321032113212321332143215321632173218321932203221322232233224322532263227322832293230323132323233323432353236323732383239324032413242324332443245324632473248324932503251325232533254325532563257325832593260326132623263326432653266326732683269327032713272327332743275327632773278327932803281328232833284328532863287328832893290329132923293329432953296329732983299330033013302330333043305330633073308330933103311331233133314331533163317331833193320332133223323332433253326332733283329333033313332333333343335333633373338333933403341334233433344334533463347334833493350335133523353335433553356335733583359336033613362336333643365336633673368336933703371337233733374337533763377337833793380338133823383338433853386338733883389339033913392339333943395339633973398339934003401340234033404340534063407340834093410341134123413341434153416341734183419342034213422342334243425342634273428342934303431343234333434343534363437343834393440344134423443344434453446344734483449345034513452345334543455345634573458345934603461346234633464346534663467346834693470347134723473347434753476347734783479348034813482348334843485348634873488348934903491349234933494349534963497349834993500350135023503350435053506350735083509351035113512351335143515351635173518351935203521352235233524352535263527352835293530353135323533353435353536353735383539354035413542354335443545354635473548354935503551355235533554355535563557355835593560356135623563356435653566356735683569357035713572357335743575357635773578357935803581358235833584358535863587358835893590359135923593359435953596359735983599360036013602360336043605360636073608360936103611361236133614361536163617361836193620362136223623362436253626362736283629363036313632363336343635363636373638363936403641364236433644364536463647364836493650365136523653365436553656365736583659366036613662366336643665366636673668366936703671367236733674367536763677367836793680368136823683368436853686368736883689369036913692369336943695369636973698369937003701370237033704370537063707370837093710371137123713371437153716371737183719372037213722372337243725372637273728372937303731373237333734373537363737373837393740374137423743374437453746374737483749375037513752375337543755375637573758375937603761376237633764376537663767376837693770377137723773377437753776377737783779378037813782378337843785378637873788378937903791379237933794379537963797379837993800380138023803380438053806380738083809381038113812381338143815381638173818381938203821382238233824382538263827382838293830383138323833383438353836383738383839384038413842384338443845384638473848384938503851385238533854385538563857385838593860386138623863386438653866386738683869387038713872387338743875387638773878387938803881388238833884388538863887388838893890389138923893389438953896389738983899390039013902390339043905390639073908390939103911391239133914391539163917391839193920392139223923392439253926392739283929393039313932393339343935393639373938393939403941394239433944394539463947394839493950395139523953395439553956395739583959396039613962396339643965396639673968396939703971397239733974397539763977397839793980398139823983398439853986398739883989399039913992399339943995399639973998399940004001400240034004400540064007400840094010401140124013401440154016401740184019402040214022402340244025402640274028402940304031403240334034403540364037403840394040404140424043404440454046404740484049405040514052405340544055405640574058405940604061406240634064406540664067406840694070407140724073407440754076407740784079408040814082408340844085408640874088408940904091409240934094409540964097409840994100410141024103410441054106410741084109411041114112411341144115411641174118411941204121412241234124412541264127412841294130413141324133413441354136413741384139414041414142414341444145414641474148414941504151415241534154415541564157415841594160416141624163416441654166416741684169417041714172417341744175417641774178417941804181418241834184418541864187418841894190419141924193419441954196419741984199420042014202420342044205420642074208420942104211421242134214421542164217421842194220422142224223422442254226422742284229423042314232423342344235423642374238423942404241424242434244424542464247424842494250425142524253425442554256425742584259426042614262426342644265426642674268426942704271427242734274427542764277427842794280428142824283428442854286428742884289429042914292429342944295429642974298429943004301430243034304430543064307430843094310431143124313431443154316431743184319432043214322432343244325432643274328432943304331433243334334433543364337433843394340434143424343434443454346434743484349435043514352435343544355435643574358435943604361436243634364436543664367436843694370437143724373
  1. # -*- coding: utf-8 -*-
  2. """
  3. Tests for /api/v2/users subpath endpoints.
  4. """
  5. from time import sleep
  6. import pytest
  7. import transaction
  8. from tracim_backend import models
  9. from tracim_backend.lib.core.content import ContentApi
  10. from tracim_backend.lib.core.user import UserApi
  11. from tracim_backend.lib.core.group import GroupApi
  12. from tracim_backend.lib.core.userworkspace import RoleApi
  13. from tracim_backend.lib.core.workspace import WorkspaceApi
  14. from tracim_backend.models import get_tm_session
  15. from tracim_backend.models.contents import CONTENT_TYPES
  16. from tracim_backend.models.data import UserRoleInWorkspace
  17. from tracim_backend.models.revision_protection import new_revision
  18. from tracim_backend.tests import FunctionalTest
  19. from tracim_backend.fixtures.content import Content as ContentFixtures
  20. from tracim_backend.fixtures.users_and_groups import Base as BaseFixture
  21. class TestUserRecentlyActiveContentEndpoint(FunctionalTest):
  22. """
  23. Tests for /api/v2/users/{user_id}/workspaces/{workspace_id}/contents/recently_active # nopep8
  24. """
  25. fixtures = [BaseFixture]
  26. def test_api__get_recently_active_content__ok__200__admin(self):
  27. # init DB
  28. dbsession = get_tm_session(self.session_factory, transaction.manager)
  29. admin = dbsession.query(models.User) \
  30. .filter(models.User.email == 'admin@admin.admin') \
  31. .one()
  32. workspace_api = WorkspaceApi(
  33. current_user=admin,
  34. session=dbsession,
  35. config=self.app_config
  36. )
  37. workspace = WorkspaceApi(
  38. current_user=admin,
  39. session=dbsession,
  40. config=self.app_config,
  41. ).create_workspace(
  42. 'test workspace',
  43. save_now=True
  44. )
  45. workspace2 = WorkspaceApi(
  46. current_user=admin,
  47. session=dbsession,
  48. config=self.app_config,
  49. ).create_workspace(
  50. 'test workspace2',
  51. save_now=True
  52. )
  53. uapi = UserApi(
  54. current_user=admin,
  55. session=dbsession,
  56. config=self.app_config,
  57. )
  58. gapi = GroupApi(
  59. current_user=admin,
  60. session=dbsession,
  61. config=self.app_config,
  62. )
  63. groups = [gapi.get_one_with_name('users')]
  64. test_user = uapi.create_user(
  65. email='test@test.test',
  66. password='pass',
  67. name='bob',
  68. groups=groups,
  69. timezone='Europe/Paris',
  70. do_save=True,
  71. do_notify=False,
  72. )
  73. rapi = RoleApi(
  74. current_user=admin,
  75. session=dbsession,
  76. config=self.app_config,
  77. )
  78. rapi.create_one(test_user, workspace, UserRoleInWorkspace.READER, False)
  79. api = ContentApi(
  80. current_user=admin,
  81. session=dbsession,
  82. config=self.app_config,
  83. )
  84. main_folder_workspace2 = api.create(CONTENT_TYPES.Folder.slug, workspace2, None, 'Hepla', '', True) # nopep8
  85. main_folder = api.create(CONTENT_TYPES.Folder.slug, workspace, None, 'this is randomized folder', '', True) # nopep8
  86. # creation order test
  87. firstly_created = api.create(CONTENT_TYPES.Page.slug, workspace, main_folder, 'creation_order_test', '', True) # nopep8
  88. secondly_created = api.create(CONTENT_TYPES.Page.slug, workspace, main_folder, 'another creation_order_test', '', True) # nopep8
  89. # update order test
  90. firstly_created_but_recently_updated = api.create(CONTENT_TYPES.Page.slug, workspace, main_folder, 'update_order_test', '', True) # nopep8
  91. secondly_created_but_not_updated = api.create(CONTENT_TYPES.Page.slug, workspace, main_folder, 'another update_order_test', '', True) # nopep8
  92. with new_revision(
  93. session=dbsession,
  94. tm=transaction.manager,
  95. content=firstly_created_but_recently_updated,
  96. ):
  97. firstly_created_but_recently_updated.description = 'Just an update'
  98. api.save(firstly_created_but_recently_updated)
  99. # comment change order
  100. firstly_created_but_recently_commented = api.create(CONTENT_TYPES.Page.slug, workspace, main_folder, 'this is randomized label content', '', True) # nopep8
  101. secondly_created_but_not_commented = api.create(CONTENT_TYPES.Page.slug, workspace, main_folder, 'this is another randomized label content', '', True) # nopep8
  102. comments = api.create_comment(workspace, firstly_created_but_recently_commented, 'juste a super comment', True) # nopep8
  103. content_workspace_2 = api.create(CONTENT_TYPES.Page.slug, workspace2,main_folder_workspace2, 'content_workspace_2', '',True) # nopep8
  104. dbsession.flush()
  105. transaction.commit()
  106. self.testapp.authorization = (
  107. 'Basic',
  108. (
  109. 'admin@admin.admin',
  110. 'admin@admin.admin'
  111. )
  112. )
  113. res = self.testapp.get('/api/v2/users/{user_id}/workspaces/{workspace_id}/contents/recently_active'.format( # nopep8
  114. user_id=test_user.user_id,
  115. workspace_id=workspace.workspace_id
  116. ), status=200)
  117. res = res.json_body
  118. assert len(res) == 7
  119. for elem in res:
  120. assert isinstance(elem['content_id'], int)
  121. assert isinstance(elem['content_type'], str)
  122. assert elem['content_type'] != 'comments'
  123. assert isinstance(elem['is_archived'], bool)
  124. assert isinstance(elem['is_deleted'], bool)
  125. assert isinstance(elem['label'], str)
  126. assert isinstance(elem['parent_id'], int) or elem['parent_id'] is None
  127. assert isinstance(elem['show_in_ui'], bool)
  128. assert isinstance(elem['slug'], str)
  129. assert isinstance(elem['status'], str)
  130. assert isinstance(elem['sub_content_types'], list)
  131. for sub_content_type in elem['sub_content_types']:
  132. assert isinstance(sub_content_type, str)
  133. assert isinstance(elem['workspace_id'], int)
  134. # comment is newest than page2
  135. assert res[0]['content_id'] == firstly_created_but_recently_commented.content_id
  136. assert res[1]['content_id'] == secondly_created_but_not_commented.content_id
  137. # last updated content is newer than other one despite creation
  138. # of the other is more recent
  139. assert res[2]['content_id'] == firstly_created_but_recently_updated.content_id
  140. assert res[3]['content_id'] == secondly_created_but_not_updated.content_id
  141. # creation order is inverted here as last created is last active
  142. assert res[4]['content_id'] == secondly_created.content_id
  143. assert res[5]['content_id'] == firstly_created.content_id
  144. # folder subcontent modification does not change folder order
  145. assert res[6]['content_id'] == main_folder.content_id
  146. def test_api__get_recently_active_content__err__400__no_access_to_workspace(self):
  147. # init DB
  148. dbsession = get_tm_session(self.session_factory, transaction.manager)
  149. admin = dbsession.query(models.User) \
  150. .filter(models.User.email == 'admin@admin.admin') \
  151. .one()
  152. workspace_api = WorkspaceApi(
  153. current_user=admin,
  154. session=dbsession,
  155. config=self.app_config
  156. )
  157. workspace = WorkspaceApi(
  158. current_user=admin,
  159. session=dbsession,
  160. config=self.app_config,
  161. ).create_workspace(
  162. 'test workspace',
  163. save_now=True
  164. )
  165. workspace2 = WorkspaceApi(
  166. current_user=admin,
  167. session=dbsession,
  168. config=self.app_config,
  169. ).create_workspace(
  170. 'test workspace2',
  171. save_now=True
  172. )
  173. uapi = UserApi(
  174. current_user=admin,
  175. session=dbsession,
  176. config=self.app_config,
  177. )
  178. gapi = GroupApi(
  179. current_user=admin,
  180. session=dbsession,
  181. config=self.app_config,
  182. )
  183. groups = [gapi.get_one_with_name('users')]
  184. test_user = uapi.create_user(
  185. email='test@test.test',
  186. password='pass',
  187. name='bob',
  188. groups=groups,
  189. timezone='Europe/Paris',
  190. do_save=True,
  191. do_notify=False,
  192. )
  193. api = ContentApi(
  194. current_user=admin,
  195. session=dbsession,
  196. config=self.app_config,
  197. )
  198. main_folder_workspace2 = api.create(CONTENT_TYPES.Folder.slug, workspace2, None, 'Hepla', '', True) # nopep8
  199. main_folder = api.create(CONTENT_TYPES.Folder.slug, workspace, None, 'this is randomized folder', '', True) # nopep8
  200. # creation order test
  201. firstly_created = api.create(CONTENT_TYPES.Page.slug, workspace, main_folder, 'creation_order_test', '', True) # nopep8
  202. secondly_created = api.create(CONTENT_TYPES.Page.slug, workspace, main_folder, 'another creation_order_test', '', True) # nopep8
  203. # update order test
  204. firstly_created_but_recently_updated = api.create(CONTENT_TYPES.Page.slug, workspace, main_folder, 'update_order_test', '', True) # nopep8
  205. secondly_created_but_not_updated = api.create(CONTENT_TYPES.Page.slug, workspace, main_folder, 'another update_order_test', '', True) # nopep8
  206. with new_revision(
  207. session=dbsession,
  208. tm=transaction.manager,
  209. content=firstly_created_but_recently_updated,
  210. ):
  211. firstly_created_but_recently_updated.description = 'Just an update'
  212. api.save(firstly_created_but_recently_updated)
  213. # comment change order
  214. firstly_created_but_recently_commented = api.create(CONTENT_TYPES.Page.slug, workspace, main_folder, 'this is randomized label content', '', True) # nopep8
  215. secondly_created_but_not_commented = api.create(CONTENT_TYPES.Page.slug, workspace, main_folder, 'this is another randomized label content', '', True) # nopep8
  216. comments = api.create_comment(workspace, firstly_created_but_recently_commented, 'juste a super comment', True) # nopep8
  217. content_workspace_2 = api.create(CONTENT_TYPES.Page.slug, workspace2,main_folder_workspace2, 'content_workspace_2', '',True) # nopep8
  218. dbsession.flush()
  219. transaction.commit()
  220. self.testapp.authorization = (
  221. 'Basic',
  222. (
  223. 'admin@admin.admin',
  224. 'admin@admin.admin'
  225. )
  226. )
  227. res = self.testapp.get('/api/v2/users/{user_id}/workspaces/{workspace_id}/contents/recently_active'.format( # nopep8
  228. user_id=test_user.user_id,
  229. workspace_id=workspace.workspace_id
  230. ), status=400)
  231. def test_api__get_recently_active_content__ok__200__user_itself(self):
  232. # init DB
  233. dbsession = get_tm_session(self.session_factory, transaction.manager)
  234. admin = dbsession.query(models.User) \
  235. .filter(models.User.email == 'admin@admin.admin') \
  236. .one()
  237. workspace_api = WorkspaceApi(
  238. current_user=admin,
  239. session=dbsession,
  240. config=self.app_config
  241. )
  242. workspace = WorkspaceApi(
  243. current_user=admin,
  244. session=dbsession,
  245. config=self.app_config,
  246. ).create_workspace(
  247. 'test workspace',
  248. save_now=True
  249. )
  250. workspace2 = WorkspaceApi(
  251. current_user=admin,
  252. session=dbsession,
  253. config=self.app_config,
  254. ).create_workspace(
  255. 'test workspace2',
  256. save_now=True
  257. )
  258. uapi = UserApi(
  259. current_user=admin,
  260. session=dbsession,
  261. config=self.app_config,
  262. )
  263. gapi = GroupApi(
  264. current_user=admin,
  265. session=dbsession,
  266. config=self.app_config,
  267. )
  268. groups = [gapi.get_one_with_name('users')]
  269. test_user = uapi.create_user(
  270. email='test@test.test',
  271. password='pass',
  272. name='bob',
  273. groups=groups,
  274. timezone='Europe/Paris',
  275. do_save=True,
  276. do_notify=False,
  277. )
  278. rapi = RoleApi(
  279. current_user=admin,
  280. session=dbsession,
  281. config=self.app_config,
  282. )
  283. rapi.create_one(test_user, workspace, UserRoleInWorkspace.READER, False)
  284. api = ContentApi(
  285. current_user=admin,
  286. session=dbsession,
  287. config=self.app_config,
  288. )
  289. main_folder_workspace2 = api.create(CONTENT_TYPES.Folder.slug, workspace2, None, 'Hepla', '', True) # nopep8
  290. main_folder = api.create(CONTENT_TYPES.Folder.slug, workspace, None, 'this is randomized folder', '', True) # nopep8
  291. # creation order test
  292. firstly_created = api.create(CONTENT_TYPES.Page.slug, workspace, main_folder, 'creation_order_test', '', True) # nopep8
  293. secondly_created = api.create(CONTENT_TYPES.Page.slug, workspace, main_folder, 'another creation_order_test', '', True) # nopep8
  294. # update order test
  295. firstly_created_but_recently_updated = api.create(CONTENT_TYPES.Page.slug, workspace, main_folder, 'update_order_test', '', True) # nopep8
  296. secondly_created_but_not_updated = api.create(CONTENT_TYPES.Page.slug, workspace, main_folder, 'another update_order_test', '', True) # nopep8
  297. with new_revision(
  298. session=dbsession,
  299. tm=transaction.manager,
  300. content=firstly_created_but_recently_updated,
  301. ):
  302. firstly_created_but_recently_updated.description = 'Just an update'
  303. api.save(firstly_created_but_recently_updated)
  304. # comment change order
  305. firstly_created_but_recently_commented = api.create(CONTENT_TYPES.Page.slug, workspace, main_folder, 'this is randomized label content', '', True) # nopep8
  306. secondly_created_but_not_commented = api.create(CONTENT_TYPES.Page.slug, workspace, main_folder, 'this is another randomized label content', '', True) # nopep8
  307. comments = api.create_comment(workspace, firstly_created_but_recently_commented, 'juste a super comment', True) # nopep8
  308. content_workspace_2 = api.create(CONTENT_TYPES.Page.slug, workspace2,main_folder_workspace2, 'content_workspace_2', '',True) # nopep8
  309. dbsession.flush()
  310. transaction.commit()
  311. self.testapp.authorization = (
  312. 'Basic',
  313. (
  314. 'test@test.test',
  315. 'pass'
  316. )
  317. )
  318. res = self.testapp.get('/api/v2/users/{user_id}/workspaces/{workspace_id}/contents/recently_active'.format( # nopep8
  319. user_id=test_user.user_id,
  320. workspace_id=workspace.workspace_id
  321. ), status=200)
  322. res = res.json_body
  323. assert len(res) == 7
  324. for elem in res:
  325. assert isinstance(elem['content_id'], int)
  326. assert isinstance(elem['content_type'], str)
  327. assert elem['content_type'] != 'comments'
  328. assert isinstance(elem['is_archived'], bool)
  329. assert isinstance(elem['is_deleted'], bool)
  330. assert isinstance(elem['label'], str)
  331. assert isinstance(elem['parent_id'], int) or elem['parent_id'] is None
  332. assert isinstance(elem['show_in_ui'], bool)
  333. assert isinstance(elem['slug'], str)
  334. assert isinstance(elem['status'], str)
  335. assert isinstance(elem['sub_content_types'], list)
  336. for sub_content_type in elem['sub_content_types']:
  337. assert isinstance(sub_content_type, str)
  338. assert isinstance(elem['workspace_id'], int)
  339. # comment is newest than page2
  340. assert res[0]['content_id'] == firstly_created_but_recently_commented.content_id
  341. assert res[1]['content_id'] == secondly_created_but_not_commented.content_id
  342. # last updated content is newer than other one despite creation
  343. # of the other is more recent
  344. assert res[2]['content_id'] == firstly_created_but_recently_updated.content_id
  345. assert res[3]['content_id'] == secondly_created_but_not_updated.content_id
  346. # creation order is inverted here as last created is last active
  347. assert res[4]['content_id'] == secondly_created.content_id
  348. assert res[5]['content_id'] == firstly_created.content_id
  349. # folder subcontent modification does not change folder order
  350. assert res[6]['content_id'] == main_folder.content_id
  351. def test_api__get_recently_active_content__ok__200__other_user(self):
  352. # init DB
  353. dbsession = get_tm_session(self.session_factory, transaction.manager)
  354. admin = dbsession.query(models.User) \
  355. .filter(models.User.email == 'admin@admin.admin') \
  356. .one()
  357. workspace_api = WorkspaceApi(
  358. current_user=admin,
  359. session=dbsession,
  360. config=self.app_config
  361. )
  362. workspace = WorkspaceApi(
  363. current_user=admin,
  364. session=dbsession,
  365. config=self.app_config,
  366. ).create_workspace(
  367. 'test workspace',
  368. save_now=True
  369. )
  370. workspace2 = WorkspaceApi(
  371. current_user=admin,
  372. session=dbsession,
  373. config=self.app_config,
  374. ).create_workspace(
  375. 'test workspace2',
  376. save_now=True
  377. )
  378. uapi = UserApi(
  379. current_user=admin,
  380. session=dbsession,
  381. config=self.app_config,
  382. )
  383. gapi = GroupApi(
  384. current_user=admin,
  385. session=dbsession,
  386. config=self.app_config,
  387. )
  388. groups = [gapi.get_one_with_name('users')]
  389. test_user = uapi.create_user(
  390. email='test@test.test',
  391. password='pass',
  392. name='bob',
  393. groups=groups,
  394. timezone='Europe/Paris',
  395. do_save=True,
  396. do_notify=False,
  397. )
  398. rapi = RoleApi(
  399. current_user=admin,
  400. session=dbsession,
  401. config=self.app_config,
  402. )
  403. rapi.create_one(test_user, workspace, UserRoleInWorkspace.READER, False)
  404. api = ContentApi(
  405. current_user=admin,
  406. session=dbsession,
  407. config=self.app_config,
  408. )
  409. main_folder_workspace2 = api.create(CONTENT_TYPES.Folder.slug, workspace2, None, 'Hepla', '', True) # nopep8
  410. main_folder = api.create(CONTENT_TYPES.Folder.slug, workspace, None, 'this is randomized folder', '', True) # nopep8
  411. # creation order test
  412. firstly_created = api.create(CONTENT_TYPES.Page.slug, workspace, main_folder, 'creation_order_test', '', True) # nopep8
  413. secondly_created = api.create(CONTENT_TYPES.Page.slug, workspace, main_folder, 'another creation_order_test', '', True) # nopep8
  414. # update order test
  415. firstly_created_but_recently_updated = api.create(CONTENT_TYPES.Page.slug, workspace, main_folder, 'update_order_test', '', True) # nopep8
  416. secondly_created_but_not_updated = api.create(CONTENT_TYPES.Page.slug, workspace, main_folder, 'another update_order_test', '', True) # nopep8
  417. with new_revision(
  418. session=dbsession,
  419. tm=transaction.manager,
  420. content=firstly_created_but_recently_updated,
  421. ):
  422. firstly_created_but_recently_updated.description = 'Just an update'
  423. api.save(firstly_created_but_recently_updated)
  424. # comment change order
  425. firstly_created_but_recently_commented = api.create(CONTENT_TYPES.Page.slug, workspace, main_folder, 'this is randomized label content', '', True) # nopep8
  426. secondly_created_but_not_commented = api.create(CONTENT_TYPES.Page.slug, workspace, main_folder, 'this is another randomized label content', '', True) # nopep8
  427. comments = api.create_comment(workspace, firstly_created_but_recently_commented, 'juste a super comment', True) # nopep8
  428. content_workspace_2 = api.create(CONTENT_TYPES.Page.slug, workspace2,main_folder_workspace2, 'content_workspace_2', '',True) # nopep8
  429. dbsession.flush()
  430. transaction.commit()
  431. self.testapp.authorization = (
  432. 'Basic',
  433. (
  434. 'test@test.test',
  435. 'pass'
  436. )
  437. )
  438. res = self.testapp.get('/api/v2/users/{user_id}/workspaces/{workspace_id}/contents/recently_active'.format( # nopep8
  439. user_id=admin.user_id,
  440. workspace_id=workspace.workspace_id
  441. ), status=403)
  442. def test_api__get_recently_active_content__ok__200__limit_2_multiple(self):
  443. # TODO - G.M - 2018-07-20 - Better fix for this test, do not use sleep()
  444. # anymore to fix datetime lack of precision.
  445. # init DB
  446. dbsession = get_tm_session(self.session_factory, transaction.manager)
  447. admin = dbsession.query(models.User) \
  448. .filter(models.User.email == 'admin@admin.admin') \
  449. .one()
  450. workspace_api = WorkspaceApi(
  451. current_user=admin,
  452. session=dbsession,
  453. config=self.app_config
  454. )
  455. workspace = WorkspaceApi(
  456. current_user=admin,
  457. session=dbsession,
  458. config=self.app_config,
  459. ).create_workspace(
  460. 'test workspace',
  461. save_now=True
  462. )
  463. workspace2 = WorkspaceApi(
  464. current_user=admin,
  465. session=dbsession,
  466. config=self.app_config,
  467. ).create_workspace(
  468. 'test workspace2',
  469. save_now=True
  470. )
  471. api = ContentApi(
  472. current_user=admin,
  473. session=dbsession,
  474. config=self.app_config,
  475. )
  476. main_folder_workspace2 = api.create(CONTENT_TYPES.Folder.slug, workspace2, None, 'Hepla', '', True) # nopep8
  477. main_folder = api.create(CONTENT_TYPES.Folder.slug, workspace, None, 'this is randomized folder', '', True) # nopep8
  478. # creation order test
  479. firstly_created = api.create(CONTENT_TYPES.Page.slug, workspace, main_folder, 'creation_order_test', '', True) # nopep8
  480. secondly_created = api.create(CONTENT_TYPES.Page.slug, workspace, main_folder, 'another creation_order_test', '', True) # nopep8
  481. # update order test
  482. firstly_created_but_recently_updated = api.create(CONTENT_TYPES.Page.slug, workspace, main_folder, 'update_order_test', '', True) # nopep8
  483. secondly_created_but_not_updated = api.create(CONTENT_TYPES.Page.slug, workspace, main_folder, 'another update_order_test', '', True) # nopep8
  484. with new_revision(
  485. session=dbsession,
  486. tm=transaction.manager,
  487. content=firstly_created_but_recently_updated,
  488. ):
  489. firstly_created_but_recently_updated.description = 'Just an update'
  490. api.save(firstly_created_but_recently_updated)
  491. # comment change order
  492. firstly_created_but_recently_commented = api.create(CONTENT_TYPES.Page.slug, workspace, main_folder, 'this is randomized label content', '', True) # nopep8
  493. secondly_created_but_not_commented = api.create(CONTENT_TYPES.Page.slug, workspace, main_folder, 'this is another randomized label content', '', True) # nopep8
  494. comments = api.create_comment(workspace, firstly_created_but_recently_commented, 'juste a super comment', True) # nopep8
  495. content_workspace_2 = api.create(CONTENT_TYPES.Page.slug, workspace2,main_folder_workspace2, 'content_workspace_2', '',True) # nopep8
  496. dbsession.flush()
  497. transaction.commit()
  498. self.testapp.authorization = (
  499. 'Basic',
  500. (
  501. 'admin@admin.admin',
  502. 'admin@admin.admin'
  503. )
  504. )
  505. params = {
  506. 'limit': 2,
  507. }
  508. res = self.testapp.get(
  509. '/api/v2/users/1/workspaces/{}/contents/recently_active'.format(workspace.workspace_id), # nopep8
  510. status=200,
  511. params=params
  512. ) # nopep8
  513. res = res.json_body
  514. assert len(res) == 2
  515. for elem in res:
  516. assert isinstance(elem['content_id'], int)
  517. assert isinstance(elem['content_type'], str)
  518. assert elem['content_type'] != 'comments'
  519. assert isinstance(elem['is_archived'], bool)
  520. assert isinstance(elem['is_deleted'], bool)
  521. assert isinstance(elem['label'], str)
  522. assert isinstance(elem['parent_id'], int) or elem['parent_id'] is None
  523. assert isinstance(elem['show_in_ui'], bool)
  524. assert isinstance(elem['slug'], str)
  525. assert isinstance(elem['status'], str)
  526. assert isinstance(elem['sub_content_types'], list)
  527. for sub_content_type in elem['sub_content_types']:
  528. assert isinstance(sub_content_type, str)
  529. assert isinstance(elem['workspace_id'], int)
  530. # comment is newest than page2
  531. assert res[0]['content_id'] == firstly_created_but_recently_commented.content_id
  532. assert res[1]['content_id'] == secondly_created_but_not_commented.content_id
  533. params = {
  534. 'limit': 2,
  535. 'before_content_id': secondly_created_but_not_commented.content_id, # nopep8
  536. }
  537. res = self.testapp.get(
  538. '/api/v2/users/1/workspaces/{}/contents/recently_active'.format(workspace.workspace_id), # nopep8
  539. status=200,
  540. params=params
  541. )
  542. res = res.json_body
  543. assert len(res) == 2
  544. # last updated content is newer than other one despite creation
  545. # of the other is more recent
  546. assert res[0]['content_id'] == firstly_created_but_recently_updated.content_id
  547. assert res[1]['content_id'] == secondly_created_but_not_updated.content_id
  548. def test_api__get_recently_active_content__ok__200__bad_before_content_id_doesnt_exist(self): # nopep8
  549. # TODO - G.M - 2018-07-20 - Better fix for this test, do not use sleep()
  550. # anymore to fix datetime lack of precision.
  551. # init DB
  552. dbsession = get_tm_session(self.session_factory, transaction.manager)
  553. admin = dbsession.query(models.User) \
  554. .filter(models.User.email == 'admin@admin.admin') \
  555. .one()
  556. workspace_api = WorkspaceApi(
  557. current_user=admin,
  558. session=dbsession,
  559. config=self.app_config
  560. )
  561. workspace = WorkspaceApi(
  562. current_user=admin,
  563. session=dbsession,
  564. config=self.app_config,
  565. ).create_workspace(
  566. 'test workspace',
  567. save_now=True
  568. )
  569. workspace2 = WorkspaceApi(
  570. current_user=admin,
  571. session=dbsession,
  572. config=self.app_config,
  573. ).create_workspace(
  574. 'test workspace2',
  575. save_now=True
  576. )
  577. api = ContentApi(
  578. current_user=admin,
  579. session=dbsession,
  580. config=self.app_config,
  581. )
  582. main_folder_workspace2 = api.create(CONTENT_TYPES.Folder.slug, workspace2, None, 'Hepla', '', True) # nopep8
  583. main_folder = api.create(CONTENT_TYPES.Folder.slug, workspace, None, 'this is randomized folder', '', True) # nopep8
  584. # creation order test
  585. firstly_created = api.create(CONTENT_TYPES.Page.slug, workspace, main_folder, 'creation_order_test', '', True) # nopep8
  586. secondly_created = api.create(CONTENT_TYPES.Page.slug, workspace, main_folder, 'another creation_order_test', '', True) # nopep8
  587. # update order test
  588. firstly_created_but_recently_updated = api.create(CONTENT_TYPES.Page.slug, workspace, main_folder, 'update_order_test', '', True) # nopep8
  589. secondly_created_but_not_updated = api.create(CONTENT_TYPES.Page.slug, workspace, main_folder, 'another update_order_test', '', True) # nopep8
  590. with new_revision(
  591. session=dbsession,
  592. tm=transaction.manager,
  593. content=firstly_created_but_recently_updated,
  594. ):
  595. firstly_created_but_recently_updated.description = 'Just an update'
  596. api.save(firstly_created_but_recently_updated)
  597. # comment change order
  598. firstly_created_but_recently_commented = api.create(CONTENT_TYPES.Page.slug, workspace, main_folder, 'this is randomized label content', '', True) # nopep8
  599. secondly_created_but_not_commented = api.create(CONTENT_TYPES.Page.slug, workspace, main_folder, 'this is another randomized label content', '', True) # nopep8
  600. comments = api.create_comment(workspace, firstly_created_but_recently_commented, 'juste a super comment', True) # nopep8
  601. content_workspace_2 = api.create(CONTENT_TYPES.Page.slug, workspace2,main_folder_workspace2, 'content_workspace_2', '',True) # nopep8
  602. dbsession.flush()
  603. transaction.commit()
  604. self.testapp.authorization = (
  605. 'Basic',
  606. (
  607. 'admin@admin.admin',
  608. 'admin@admin.admin'
  609. )
  610. )
  611. params = {
  612. 'before_content_id': 4000
  613. }
  614. res = self.testapp.get(
  615. '/api/v2/users/1/workspaces/{}/contents/recently_active'.format(workspace.workspace_id), # nopep8
  616. status=400,
  617. params=params
  618. )
  619. class TestUserReadStatusEndpoint(FunctionalTest):
  620. """
  621. Tests for /api/v2/users/{user_id}/workspaces/{workspace_id}/contents/read_status # nopep8
  622. """
  623. def test_api__get_read_status__ok__200__admin(self):
  624. # init DB
  625. dbsession = get_tm_session(self.session_factory, transaction.manager)
  626. admin = dbsession.query(models.User) \
  627. .filter(models.User.email == 'admin@admin.admin') \
  628. .one()
  629. workspace_api = WorkspaceApi(
  630. current_user=admin,
  631. session=dbsession,
  632. config=self.app_config
  633. )
  634. workspace = WorkspaceApi(
  635. current_user=admin,
  636. session=dbsession,
  637. config=self.app_config,
  638. ).create_workspace(
  639. 'test workspace',
  640. save_now=True
  641. )
  642. workspace2 = WorkspaceApi(
  643. current_user=admin,
  644. session=dbsession,
  645. config=self.app_config,
  646. ).create_workspace(
  647. 'test workspace2',
  648. save_now=True
  649. )
  650. uapi = UserApi(
  651. current_user=admin,
  652. session=dbsession,
  653. config=self.app_config,
  654. )
  655. gapi = GroupApi(
  656. current_user=admin,
  657. session=dbsession,
  658. config=self.app_config,
  659. )
  660. groups = [gapi.get_one_with_name('users')]
  661. test_user = uapi.create_user(
  662. email='test@test.test',
  663. password='pass',
  664. name='bob',
  665. groups=groups,
  666. timezone='Europe/Paris',
  667. do_save=True,
  668. do_notify=False,
  669. )
  670. rapi = RoleApi(
  671. current_user=admin,
  672. session=dbsession,
  673. config=self.app_config,
  674. )
  675. rapi.create_one(test_user, workspace, UserRoleInWorkspace.READER, False)
  676. api = ContentApi(
  677. current_user=admin,
  678. session=dbsession,
  679. config=self.app_config,
  680. )
  681. main_folder_workspace2 = api.create(CONTENT_TYPES.Folder.slug, workspace2, None, 'Hepla', '', True) # nopep8
  682. main_folder = api.create(CONTENT_TYPES.Folder.slug, workspace, None, 'this is randomized folder', '', True) # nopep8
  683. # creation order test
  684. firstly_created = api.create(CONTENT_TYPES.Page.slug, workspace, main_folder, 'creation_order_test', '', True) # nopep8
  685. secondly_created = api.create(CONTENT_TYPES.Page.slug, workspace, main_folder, 'another creation_order_test', '', True) # nopep8
  686. # update order test
  687. firstly_created_but_recently_updated = api.create(CONTENT_TYPES.Page.slug, workspace, main_folder, 'update_order_test', '', True) # nopep8
  688. secondly_created_but_not_updated = api.create(CONTENT_TYPES.Page.slug, workspace, main_folder, 'another update_order_test', '', True) # nopep8
  689. with new_revision(
  690. session=dbsession,
  691. tm=transaction.manager,
  692. content=firstly_created_but_recently_updated,
  693. ):
  694. firstly_created_but_recently_updated.description = 'Just an update'
  695. api.save(firstly_created_but_recently_updated)
  696. # comment change order
  697. firstly_created_but_recently_commented = api.create(CONTENT_TYPES.Page.slug, workspace, main_folder, 'this is randomized label content', '', True) # nopep8
  698. secondly_created_but_not_commented = api.create(CONTENT_TYPES.Page.slug, workspace, main_folder, 'this is another randomized label content', '', True) # nopep8
  699. comments = api.create_comment(workspace, firstly_created_but_recently_commented, 'juste a super comment', True) # nopep8
  700. content_workspace_2 = api.create(CONTENT_TYPES.Page.slug, workspace2,main_folder_workspace2, 'content_workspace_2', '',True) # nopep8
  701. dbsession.flush()
  702. transaction.commit()
  703. self.testapp.authorization = (
  704. 'Basic',
  705. (
  706. 'admin@admin.admin',
  707. 'admin@admin.admin'
  708. )
  709. )
  710. res = self.testapp.get('/api/v2/users/{user_id}/workspaces/{workspace_id}/contents/read_status'.format( # nopep8
  711. user_id=admin.user_id,
  712. workspace_id=workspace.workspace_id
  713. ), status=200)
  714. res = res.json_body
  715. assert len(res) == 7
  716. for elem in res:
  717. assert isinstance(elem['content_id'], int)
  718. assert isinstance(elem['read_by_user'], bool)
  719. # comment is newest than page2
  720. assert res[0]['content_id'] == firstly_created_but_recently_commented.content_id
  721. assert res[1]['content_id'] == secondly_created_but_not_commented.content_id
  722. # last updated content is newer than other one despite creation
  723. # of the other is more recent
  724. assert res[2]['content_id'] == firstly_created_but_recently_updated.content_id
  725. assert res[3]['content_id'] == secondly_created_but_not_updated.content_id
  726. # creation order is inverted here as last created is last active
  727. assert res[4]['content_id'] == secondly_created.content_id
  728. assert res[5]['content_id'] == firstly_created.content_id
  729. # folder subcontent modification does not change folder order
  730. assert res[6]['content_id'] == main_folder.content_id
  731. def test_api__get_read_status__ok__200__user_itself(self):
  732. # init DB
  733. dbsession = get_tm_session(self.session_factory, transaction.manager)
  734. admin = dbsession.query(models.User) \
  735. .filter(models.User.email == 'admin@admin.admin') \
  736. .one()
  737. workspace_api = WorkspaceApi(
  738. current_user=admin,
  739. session=dbsession,
  740. config=self.app_config
  741. )
  742. workspace = WorkspaceApi(
  743. current_user=admin,
  744. session=dbsession,
  745. config=self.app_config,
  746. ).create_workspace(
  747. 'test workspace',
  748. save_now=True
  749. )
  750. workspace2 = WorkspaceApi(
  751. current_user=admin,
  752. session=dbsession,
  753. config=self.app_config,
  754. ).create_workspace(
  755. 'test workspace2',
  756. save_now=True
  757. )
  758. uapi = UserApi(
  759. current_user=admin,
  760. session=dbsession,
  761. config=self.app_config,
  762. )
  763. gapi = GroupApi(
  764. current_user=admin,
  765. session=dbsession,
  766. config=self.app_config,
  767. )
  768. groups = [gapi.get_one_with_name('users')]
  769. test_user = uapi.create_user(
  770. email='test@test.test',
  771. password='pass',
  772. name='bob',
  773. groups=groups,
  774. timezone='Europe/Paris',
  775. do_save=True,
  776. do_notify=False,
  777. )
  778. rapi = RoleApi(
  779. current_user=admin,
  780. session=dbsession,
  781. config=self.app_config,
  782. )
  783. rapi.create_one(test_user, workspace, UserRoleInWorkspace.READER, False)
  784. api = ContentApi(
  785. current_user=admin,
  786. session=dbsession,
  787. config=self.app_config,
  788. )
  789. main_folder_workspace2 = api.create(CONTENT_TYPES.Folder.slug, workspace2, None, 'Hepla', '', True) # nopep8
  790. main_folder = api.create(CONTENT_TYPES.Folder.slug, workspace, None, 'this is randomized folder', '', True) # nopep8
  791. # creation order test
  792. firstly_created = api.create(CONTENT_TYPES.Page.slug, workspace, main_folder, 'creation_order_test', '', True) # nopep8
  793. secondly_created = api.create(CONTENT_TYPES.Page.slug, workspace, main_folder, 'another creation_order_test', '', True) # nopep8
  794. # update order test
  795. firstly_created_but_recently_updated = api.create(CONTENT_TYPES.Page.slug, workspace, main_folder, 'update_order_test', '', True) # nopep8
  796. secondly_created_but_not_updated = api.create(CONTENT_TYPES.Page.slug, workspace, main_folder, 'another update_order_test', '', True) # nopep8
  797. with new_revision(
  798. session=dbsession,
  799. tm=transaction.manager,
  800. content=firstly_created_but_recently_updated,
  801. ):
  802. firstly_created_but_recently_updated.description = 'Just an update'
  803. api.save(firstly_created_but_recently_updated)
  804. # comment change order
  805. firstly_created_but_recently_commented = api.create(CONTENT_TYPES.Page.slug, workspace, main_folder, 'this is randomized label content', '', True) # nopep8
  806. secondly_created_but_not_commented = api.create(CONTENT_TYPES.Page.slug, workspace, main_folder, 'this is another randomized label content', '', True) # nopep8
  807. comments = api.create_comment(workspace, firstly_created_but_recently_commented, 'juste a super comment', True) # nopep8
  808. content_workspace_2 = api.create(CONTENT_TYPES.Page.slug, workspace2,main_folder_workspace2, 'content_workspace_2', '',True) # nopep8
  809. dbsession.flush()
  810. transaction.commit()
  811. self.testapp.authorization = (
  812. 'Basic',
  813. (
  814. 'test@test.test',
  815. 'pass'
  816. )
  817. )
  818. selected_contents_id = [
  819. firstly_created_but_recently_commented.content_id,
  820. firstly_created_but_recently_updated.content_id,
  821. firstly_created.content_id,
  822. main_folder.content_id,
  823. ]
  824. url = '/api/v2/users/{user_id}/workspaces/{workspace_id}/contents/read_status?contents_ids={cid1}&contents_ids={cid2}&contents_ids={cid3}&contents_ids={cid4}'.format( # nopep8
  825. workspace_id=workspace.workspace_id,
  826. cid1=selected_contents_id[0],
  827. cid2=selected_contents_id[1],
  828. cid3=selected_contents_id[2],
  829. cid4=selected_contents_id[3],
  830. user_id=test_user.user_id,
  831. )
  832. res = self.testapp.get(
  833. url=url,
  834. status=200,
  835. )
  836. res = res.json_body
  837. assert len(res) == 4
  838. for elem in res:
  839. assert isinstance(elem['content_id'], int)
  840. assert isinstance(elem['read_by_user'], bool)
  841. # comment is newest than page2
  842. assert res[0]['content_id'] == firstly_created_but_recently_commented.content_id
  843. # last updated content is newer than other one despite creation
  844. # of the other is more recent
  845. assert res[1]['content_id'] == firstly_created_but_recently_updated.content_id
  846. # creation order is inverted here as last created is last active
  847. assert res[2]['content_id'] == firstly_created.content_id
  848. # folder subcontent modification does not change folder order
  849. assert res[3]['content_id'] == main_folder.content_id
  850. def test_api__get_read_status__ok__200__other_user(self):
  851. # init DB
  852. dbsession = get_tm_session(self.session_factory, transaction.manager)
  853. admin = dbsession.query(models.User) \
  854. .filter(models.User.email == 'admin@admin.admin') \
  855. .one()
  856. workspace_api = WorkspaceApi(
  857. current_user=admin,
  858. session=dbsession,
  859. config=self.app_config
  860. )
  861. workspace = WorkspaceApi(
  862. current_user=admin,
  863. session=dbsession,
  864. config=self.app_config,
  865. ).create_workspace(
  866. 'test workspace',
  867. save_now=True
  868. )
  869. workspace2 = WorkspaceApi(
  870. current_user=admin,
  871. session=dbsession,
  872. config=self.app_config,
  873. ).create_workspace(
  874. 'test workspace2',
  875. save_now=True
  876. )
  877. uapi = UserApi(
  878. current_user=admin,
  879. session=dbsession,
  880. config=self.app_config,
  881. )
  882. gapi = GroupApi(
  883. current_user=admin,
  884. session=dbsession,
  885. config=self.app_config,
  886. )
  887. groups = [gapi.get_one_with_name('users')]
  888. test_user = uapi.create_user(
  889. email='test@test.test',
  890. password='pass',
  891. name='bob',
  892. groups=groups,
  893. timezone='Europe/Paris',
  894. do_save=True,
  895. do_notify=False,
  896. )
  897. rapi = RoleApi(
  898. current_user=admin,
  899. session=dbsession,
  900. config=self.app_config,
  901. )
  902. rapi.create_one(test_user, workspace, UserRoleInWorkspace.READER, False)
  903. api = ContentApi(
  904. current_user=admin,
  905. session=dbsession,
  906. config=self.app_config,
  907. )
  908. main_folder_workspace2 = api.create(CONTENT_TYPES.Folder.slug, workspace2, None, 'Hepla', '', True) # nopep8
  909. main_folder = api.create(CONTENT_TYPES.Folder.slug, workspace, None, 'this is randomized folder', '', True) # nopep8
  910. # creation order test
  911. firstly_created = api.create(CONTENT_TYPES.Page.slug, workspace, main_folder, 'creation_order_test', '', True) # nopep8
  912. secondly_created = api.create(CONTENT_TYPES.Page.slug, workspace, main_folder, 'another creation_order_test', '', True) # nopep8
  913. # update order test
  914. firstly_created_but_recently_updated = api.create(CONTENT_TYPES.Page.slug, workspace, main_folder, 'update_order_test', '', True) # nopep8
  915. secondly_created_but_not_updated = api.create(CONTENT_TYPES.Page.slug, workspace, main_folder, 'another update_order_test', '', True) # nopep8
  916. with new_revision(
  917. session=dbsession,
  918. tm=transaction.manager,
  919. content=firstly_created_but_recently_updated,
  920. ):
  921. firstly_created_but_recently_updated.description = 'Just an update'
  922. api.save(firstly_created_but_recently_updated)
  923. # comment change order
  924. firstly_created_but_recently_commented = api.create(CONTENT_TYPES.Page.slug, workspace, main_folder, 'this is randomized label content', '', True) # nopep8
  925. secondly_created_but_not_commented = api.create(CONTENT_TYPES.Page.slug, workspace, main_folder, 'this is another randomized label content', '', True) # nopep8
  926. comments = api.create_comment(workspace, firstly_created_but_recently_commented, 'juste a super comment', True) # nopep8
  927. content_workspace_2 = api.create(CONTENT_TYPES.Page.slug, workspace2,main_folder_workspace2, 'content_workspace_2', '',True) # nopep8
  928. dbsession.flush()
  929. transaction.commit()
  930. self.testapp.authorization = (
  931. 'Basic',
  932. (
  933. 'test@test.test',
  934. 'pass'
  935. )
  936. )
  937. selected_contents_id = [
  938. firstly_created_but_recently_commented.content_id,
  939. firstly_created_but_recently_updated.content_id,
  940. firstly_created.content_id,
  941. main_folder.content_id,
  942. ]
  943. url = '/api/v2/users/{user_id}/workspaces/{workspace_id}/contents/read_status?contents_ids={cid1}&contents_ids={cid2}&contents_ids={cid3}&contents_ids={cid4}'.format( # nopep8
  944. workspace_id=workspace.workspace_id,
  945. cid1=selected_contents_id[0],
  946. cid2=selected_contents_id[1],
  947. cid3=selected_contents_id[2],
  948. cid4=selected_contents_id[3],
  949. user_id=admin.user_id,
  950. )
  951. res = self.testapp.get(
  952. url=url,
  953. status=403,
  954. )
  955. class TestUserSetContentAsRead(FunctionalTest):
  956. """
  957. Tests for /api/v2/users/{user_id}/workspaces/{workspace_id}/contents/{content_id}/read # nopep8
  958. """
  959. def test_api_set_content_as_read__ok__200__admin(self):
  960. # init DB
  961. dbsession = get_tm_session(self.session_factory, transaction.manager)
  962. admin = dbsession.query(models.User) \
  963. .filter(models.User.email == 'admin@admin.admin') \
  964. .one()
  965. workspace_api = WorkspaceApi(
  966. current_user=admin,
  967. session=dbsession,
  968. config=self.app_config
  969. )
  970. workspace = WorkspaceApi(
  971. current_user=admin,
  972. session=dbsession,
  973. config=self.app_config,
  974. ).create_workspace(
  975. 'test workspace',
  976. save_now=True
  977. )
  978. uapi = UserApi(
  979. current_user=admin,
  980. session=dbsession,
  981. config=self.app_config,
  982. )
  983. gapi = GroupApi(
  984. current_user=admin,
  985. session=dbsession,
  986. config=self.app_config,
  987. )
  988. groups = [gapi.get_one_with_name('users')]
  989. test_user = uapi.create_user(
  990. email='test@test.test',
  991. password='pass',
  992. name='bob',
  993. groups=groups,
  994. timezone='Europe/Paris',
  995. do_save=True,
  996. do_notify=False,
  997. )
  998. rapi = RoleApi(
  999. current_user=admin,
  1000. session=dbsession,
  1001. config=self.app_config,
  1002. )
  1003. rapi.create_one(test_user, workspace, UserRoleInWorkspace.READER, False)
  1004. api = ContentApi(
  1005. current_user=admin,
  1006. session=dbsession,
  1007. config=self.app_config,
  1008. )
  1009. api2 = ContentApi(
  1010. current_user=test_user,
  1011. session=dbsession,
  1012. config=self.app_config,
  1013. )
  1014. main_folder = api.create(CONTENT_TYPES.Folder.slug, workspace, None, 'this is randomized folder', '', True) # nopep8
  1015. # creation order test
  1016. firstly_created = api.create(CONTENT_TYPES.Page.slug, workspace, main_folder, 'creation_order_test', '', True) # nopep8
  1017. api.mark_unread(firstly_created)
  1018. api2.mark_unread(firstly_created)
  1019. dbsession.flush()
  1020. transaction.commit()
  1021. self.testapp.authorization = (
  1022. 'Basic',
  1023. (
  1024. 'admin@admin.admin',
  1025. 'admin@admin.admin'
  1026. )
  1027. )
  1028. # before
  1029. res = self.testapp.get('/api/v2/users/{user_id}/workspaces/{workspace_id}/contents/read_status'.format( # nopep8
  1030. user_id=test_user.user_id,
  1031. workspace_id=workspace.workspace_id
  1032. ), status=200)
  1033. assert res.json_body[0]['content_id'] == firstly_created.content_id
  1034. assert res.json_body[0]['read_by_user'] is False
  1035. res = self.testapp.get('/api/v2/users/{user_id}/workspaces/{workspace_id}/contents/read_status'.format( # nopep8
  1036. user_id=admin.user_id,
  1037. workspace_id=workspace.workspace_id
  1038. ), status=200)
  1039. assert res.json_body[0]['content_id'] == firstly_created.content_id
  1040. assert res.json_body[0]['read_by_user'] is False
  1041. # read
  1042. self.testapp.put(
  1043. '/api/v2/users/{user_id}/workspaces/{workspace_id}/contents/{content_id}/read'.format( # nopep8
  1044. workspace_id=workspace.workspace_id,
  1045. content_id=firstly_created.content_id,
  1046. user_id=test_user.user_id,
  1047. )
  1048. )
  1049. # after
  1050. res = self.testapp.get('/api/v2/users/{user_id}/workspaces/{workspace_id}/contents/read_status'.format( # nopep8
  1051. user_id=test_user.user_id,
  1052. workspace_id=workspace.workspace_id
  1053. ), status=200) # nopep8
  1054. assert res.json_body[0]['content_id'] == firstly_created.content_id
  1055. assert res.json_body[0]['read_by_user'] is True
  1056. res = self.testapp.get('/api/v2/users/{user_id}/workspaces/{workspace_id}/contents/read_status'.format( # nopep8
  1057. user_id=admin.user_id,
  1058. workspace_id=workspace.workspace_id
  1059. ), status=200) # nopep8
  1060. assert res.json_body[0]['content_id'] == firstly_created.content_id
  1061. assert res.json_body[0]['read_by_user'] is False
  1062. def test_api_set_content_as_read__ok__200__admin_workspace_do_not_exist(self):
  1063. # init DB
  1064. dbsession = get_tm_session(self.session_factory, transaction.manager)
  1065. admin = dbsession.query(models.User) \
  1066. .filter(models.User.email == 'admin@admin.admin') \
  1067. .one()
  1068. workspace_api = WorkspaceApi(
  1069. current_user=admin,
  1070. session=dbsession,
  1071. config=self.app_config
  1072. )
  1073. workspace = WorkspaceApi(
  1074. current_user=admin,
  1075. session=dbsession,
  1076. config=self.app_config,
  1077. ).create_workspace(
  1078. 'test workspace',
  1079. save_now=True
  1080. )
  1081. uapi = UserApi(
  1082. current_user=admin,
  1083. session=dbsession,
  1084. config=self.app_config,
  1085. )
  1086. gapi = GroupApi(
  1087. current_user=admin,
  1088. session=dbsession,
  1089. config=self.app_config,
  1090. )
  1091. groups = [gapi.get_one_with_name('users')]
  1092. test_user = uapi.create_user(
  1093. email='test@test.test',
  1094. password='pass',
  1095. name='bob',
  1096. groups=groups,
  1097. timezone='Europe/Paris',
  1098. do_save=True,
  1099. do_notify=False,
  1100. )
  1101. rapi = RoleApi(
  1102. current_user=admin,
  1103. session=dbsession,
  1104. config=self.app_config,
  1105. )
  1106. rapi.create_one(test_user, workspace, UserRoleInWorkspace.READER, False)
  1107. api = ContentApi(
  1108. current_user=admin,
  1109. session=dbsession,
  1110. config=self.app_config,
  1111. )
  1112. api2 = ContentApi(
  1113. current_user=test_user,
  1114. session=dbsession,
  1115. config=self.app_config,
  1116. )
  1117. main_folder = api.create(CONTENT_TYPES.Folder.slug, workspace, None, 'this is randomized folder', '', True) # nopep8
  1118. # creation order test
  1119. firstly_created = api.create(CONTENT_TYPES.Page.slug, workspace, main_folder, 'creation_order_test', '', True) # nopep8
  1120. api.mark_unread(firstly_created)
  1121. api2.mark_unread(firstly_created)
  1122. dbsession.flush()
  1123. transaction.commit()
  1124. self.testapp.authorization = (
  1125. 'Basic',
  1126. (
  1127. 'admin@admin.admin',
  1128. 'admin@admin.admin'
  1129. )
  1130. )
  1131. # read
  1132. self.testapp.put(
  1133. '/api/v2/users/{user_id}/workspaces/{workspace_id}/contents/{content_id}/read'.format( # nopep8
  1134. workspace_id=4000,
  1135. content_id=firstly_created.content_id,
  1136. user_id=test_user.user_id,
  1137. ),
  1138. status=400,
  1139. )
  1140. def test_api_set_content_as_read__ok__200__admin_content_do_not_exist(self):
  1141. # init DB
  1142. dbsession = get_tm_session(self.session_factory, transaction.manager)
  1143. admin = dbsession.query(models.User) \
  1144. .filter(models.User.email == 'admin@admin.admin') \
  1145. .one()
  1146. workspace_api = WorkspaceApi(
  1147. current_user=admin,
  1148. session=dbsession,
  1149. config=self.app_config
  1150. )
  1151. workspace = WorkspaceApi(
  1152. current_user=admin,
  1153. session=dbsession,
  1154. config=self.app_config,
  1155. ).create_workspace(
  1156. 'test workspace',
  1157. save_now=True
  1158. )
  1159. uapi = UserApi(
  1160. current_user=admin,
  1161. session=dbsession,
  1162. config=self.app_config,
  1163. )
  1164. gapi = GroupApi(
  1165. current_user=admin,
  1166. session=dbsession,
  1167. config=self.app_config,
  1168. )
  1169. groups = [gapi.get_one_with_name('users')]
  1170. test_user = uapi.create_user(
  1171. email='test@test.test',
  1172. password='pass',
  1173. name='bob',
  1174. groups=groups,
  1175. timezone='Europe/Paris',
  1176. do_save=True,
  1177. do_notify=False,
  1178. )
  1179. rapi = RoleApi(
  1180. current_user=admin,
  1181. session=dbsession,
  1182. config=self.app_config,
  1183. )
  1184. rapi.create_one(test_user, workspace, UserRoleInWorkspace.READER, False)
  1185. api = ContentApi(
  1186. current_user=admin,
  1187. session=dbsession,
  1188. config=self.app_config,
  1189. )
  1190. api2 = ContentApi(
  1191. current_user=test_user,
  1192. session=dbsession,
  1193. config=self.app_config,
  1194. )
  1195. main_folder = api.create(CONTENT_TYPES.Folder.slug, workspace, None, 'this is randomized folder', '', True) # nopep8
  1196. # creation order test
  1197. firstly_created = api.create(CONTENT_TYPES.Page.slug, workspace, main_folder, 'creation_order_test', '', True) # nopep8
  1198. api.mark_unread(firstly_created)
  1199. api2.mark_unread(firstly_created)
  1200. dbsession.flush()
  1201. transaction.commit()
  1202. self.testapp.authorization = (
  1203. 'Basic',
  1204. (
  1205. 'admin@admin.admin',
  1206. 'admin@admin.admin'
  1207. )
  1208. )
  1209. # read
  1210. self.testapp.put(
  1211. '/api/v2/users/{user_id}/workspaces/{workspace_id}/contents/{content_id}/read'.format( # nopep8
  1212. workspace_id=workspace.workspace_id,
  1213. content_id=4000,
  1214. user_id=test_user.user_id,
  1215. ),
  1216. status=400,
  1217. )
  1218. def test_api_set_content_as_read__ok__200__user_itself(self):
  1219. # init DB
  1220. dbsession = get_tm_session(self.session_factory, transaction.manager)
  1221. admin = dbsession.query(models.User) \
  1222. .filter(models.User.email == 'admin@admin.admin') \
  1223. .one()
  1224. workspace_api = WorkspaceApi(
  1225. current_user=admin,
  1226. session=dbsession,
  1227. config=self.app_config
  1228. )
  1229. workspace = WorkspaceApi(
  1230. current_user=admin,
  1231. session=dbsession,
  1232. config=self.app_config,
  1233. ).create_workspace(
  1234. 'test workspace',
  1235. save_now=True
  1236. )
  1237. uapi = UserApi(
  1238. current_user=admin,
  1239. session=dbsession,
  1240. config=self.app_config,
  1241. )
  1242. gapi = GroupApi(
  1243. current_user=admin,
  1244. session=dbsession,
  1245. config=self.app_config,
  1246. )
  1247. groups = [gapi.get_one_with_name('users')]
  1248. test_user = uapi.create_user(
  1249. email='test@test.test',
  1250. password='pass',
  1251. name='bob',
  1252. groups=groups,
  1253. timezone='Europe/Paris',
  1254. do_save=True,
  1255. do_notify=False,
  1256. )
  1257. rapi = RoleApi(
  1258. current_user=admin,
  1259. session=dbsession,
  1260. config=self.app_config,
  1261. )
  1262. rapi.create_one(test_user, workspace, UserRoleInWorkspace.READER, False)
  1263. api = ContentApi(
  1264. current_user=admin,
  1265. session=dbsession,
  1266. config=self.app_config,
  1267. )
  1268. api2 = ContentApi(
  1269. current_user=test_user,
  1270. session=dbsession,
  1271. config=self.app_config,
  1272. )
  1273. main_folder = api.create(CONTENT_TYPES.Folder.slug, workspace, None, 'this is randomized folder', '', True) # nopep8
  1274. # creation order test
  1275. firstly_created = api.create(CONTENT_TYPES.Page.slug, workspace, main_folder, 'creation_order_test', '', True) # nopep8
  1276. api.mark_unread(firstly_created)
  1277. api2.mark_unread(firstly_created)
  1278. dbsession.flush()
  1279. transaction.commit()
  1280. self.testapp.authorization = (
  1281. 'Basic',
  1282. (
  1283. 'test@test.test',
  1284. 'pass'
  1285. )
  1286. )
  1287. # before
  1288. res = self.testapp.get('/api/v2/users/{user_id}/workspaces/{workspace_id}/contents/read_status'.format( # nopep8
  1289. user_id=test_user.user_id,
  1290. workspace_id=workspace.workspace_id
  1291. ),
  1292. status=200
  1293. )
  1294. assert res.json_body[0]['content_id'] == firstly_created.content_id
  1295. assert res.json_body[0]['read_by_user'] is False
  1296. # read
  1297. self.testapp.put(
  1298. '/api/v2/users/{user_id}/workspaces/{workspace_id}/contents/{content_id}/read'.format( # nopep8
  1299. workspace_id=workspace.workspace_id,
  1300. content_id=firstly_created.content_id,
  1301. user_id=test_user.user_id,
  1302. )
  1303. )
  1304. # after
  1305. res = self.testapp.get('/api/v2/users/{user_id}/workspaces/{workspace_id}/contents/read_status'.format( # nopep8
  1306. user_id=test_user.user_id,
  1307. workspace_id=workspace.workspace_id
  1308. ),
  1309. status=200
  1310. )
  1311. assert res.json_body[0]['content_id'] == firstly_created.content_id
  1312. assert res.json_body[0]['read_by_user'] is True
  1313. def test_api_set_content_as_read__ok__403__other_user(self):
  1314. # init DB
  1315. dbsession = get_tm_session(self.session_factory, transaction.manager)
  1316. admin = dbsession.query(models.User) \
  1317. .filter(models.User.email == 'admin@admin.admin') \
  1318. .one()
  1319. workspace_api = WorkspaceApi(
  1320. current_user=admin,
  1321. session=dbsession,
  1322. config=self.app_config
  1323. )
  1324. workspace = WorkspaceApi(
  1325. current_user=admin,
  1326. session=dbsession,
  1327. config=self.app_config,
  1328. ).create_workspace(
  1329. 'test workspace',
  1330. save_now=True
  1331. )
  1332. uapi = UserApi(
  1333. current_user=admin,
  1334. session=dbsession,
  1335. config=self.app_config,
  1336. )
  1337. gapi = GroupApi(
  1338. current_user=admin,
  1339. session=dbsession,
  1340. config=self.app_config,
  1341. )
  1342. groups = [gapi.get_one_with_name('users')]
  1343. test_user = uapi.create_user(
  1344. email='test@test.test',
  1345. password='pass',
  1346. name='bob',
  1347. groups=groups,
  1348. timezone='Europe/Paris',
  1349. do_save=True,
  1350. do_notify=False,
  1351. )
  1352. rapi = RoleApi(
  1353. current_user=admin,
  1354. session=dbsession,
  1355. config=self.app_config,
  1356. )
  1357. rapi.create_one(test_user, workspace, UserRoleInWorkspace.READER, False)
  1358. api = ContentApi(
  1359. current_user=admin,
  1360. session=dbsession,
  1361. config=self.app_config,
  1362. )
  1363. api2 = ContentApi(
  1364. current_user=test_user,
  1365. session=dbsession,
  1366. config=self.app_config,
  1367. )
  1368. main_folder = api.create(CONTENT_TYPES.Folder.slug, workspace, None, 'this is randomized folder', '', True) # nopep8
  1369. # creation order test
  1370. firstly_created = api.create(CONTENT_TYPES.Page.slug, workspace, main_folder, 'creation_order_test', '', True) # nopep8
  1371. api.mark_unread(firstly_created)
  1372. api2.mark_unread(firstly_created)
  1373. dbsession.flush()
  1374. transaction.commit()
  1375. self.testapp.authorization = (
  1376. 'Basic',
  1377. (
  1378. 'test@test.test',
  1379. 'pass'
  1380. )
  1381. )
  1382. # read
  1383. self.testapp.put(
  1384. '/api/v2/users/{user_id}/workspaces/{workspace_id}/contents/{content_id}/read'.format( # nopep8
  1385. workspace_id=workspace.workspace_id,
  1386. content_id=firstly_created.content_id,
  1387. user_id=admin.user_id,
  1388. ),
  1389. status=403,
  1390. )
  1391. def test_api_set_content_as_read__ok__200__admin_with_comments(self):
  1392. # init DB
  1393. dbsession = get_tm_session(self.session_factory, transaction.manager)
  1394. admin = dbsession.query(models.User) \
  1395. .filter(models.User.email == 'admin@admin.admin') \
  1396. .one()
  1397. workspace_api = WorkspaceApi(
  1398. current_user=admin,
  1399. session=dbsession,
  1400. config=self.app_config
  1401. )
  1402. workspace = WorkspaceApi(
  1403. current_user=admin,
  1404. session=dbsession,
  1405. config=self.app_config,
  1406. ).create_workspace(
  1407. 'test workspace',
  1408. save_now=True
  1409. )
  1410. uapi = UserApi(
  1411. current_user=admin,
  1412. session=dbsession,
  1413. config=self.app_config,
  1414. )
  1415. gapi = GroupApi(
  1416. current_user=admin,
  1417. session=dbsession,
  1418. config=self.app_config,
  1419. )
  1420. groups = [gapi.get_one_with_name('users')]
  1421. test_user = uapi.create_user(
  1422. email='test@test.test',
  1423. password='pass',
  1424. name='bob',
  1425. groups=groups,
  1426. timezone='Europe/Paris',
  1427. do_save=True,
  1428. do_notify=False,
  1429. )
  1430. rapi = RoleApi(
  1431. current_user=admin,
  1432. session=dbsession,
  1433. config=self.app_config,
  1434. )
  1435. rapi.create_one(test_user, workspace, UserRoleInWorkspace.READER, False)
  1436. api = ContentApi(
  1437. current_user=admin,
  1438. session=dbsession,
  1439. config=self.app_config,
  1440. )
  1441. api2 = ContentApi(
  1442. current_user=test_user,
  1443. session=dbsession,
  1444. config=self.app_config,
  1445. )
  1446. main_folder = api.create(CONTENT_TYPES.Folder.slug, workspace, None, 'this is randomized folder', '', True) # nopep8
  1447. # creation order test
  1448. firstly_created = api.create(CONTENT_TYPES.Page.slug, workspace, main_folder, 'creation_order_test', '', True) # nopep8
  1449. comments = api.create_comment(workspace, firstly_created, 'juste a super comment', True) # nopep8
  1450. api.mark_unread(firstly_created)
  1451. api.mark_unread(comments)
  1452. dbsession.flush()
  1453. transaction.commit()
  1454. self.testapp.authorization = (
  1455. 'Basic',
  1456. (
  1457. 'admin@admin.admin',
  1458. 'admin@admin.admin'
  1459. )
  1460. )
  1461. # before
  1462. res = self.testapp.get('/api/v2/users/{user_id}/workspaces/{workspace_id}/contents/read_status'.format( # nopep8
  1463. user_id=test_user.user_id,
  1464. workspace_id=workspace.workspace_id
  1465. ), status=200) # nopep8
  1466. assert res.json_body[0]['content_id'] == firstly_created.content_id
  1467. assert res.json_body[0]['read_by_user'] is False
  1468. res = self.testapp.get('/api/v2/users/{user_id}/workspaces/{workspace_id}/contents/read_status'.format( # nopep8
  1469. user_id=admin.user_id,
  1470. workspace_id=workspace.workspace_id
  1471. ), status=200) # nopep8
  1472. assert res.json_body[0]['content_id'] == firstly_created.content_id
  1473. assert res.json_body[0]['read_by_user'] is False
  1474. self.testapp.put(
  1475. '/api/v2/users/{user_id}/workspaces/{workspace_id}/contents/{content_id}/read'.format( # nopep8
  1476. workspace_id=workspace.workspace_id,
  1477. content_id=firstly_created.content_id,
  1478. user_id=test_user.user_id,
  1479. )
  1480. )
  1481. # after
  1482. res = self.testapp.get('/api/v2/users/{user_id}/workspaces/{workspace_id}/contents/read_status'.format( # nopep8
  1483. user_id=test_user.user_id,
  1484. workspace_id=workspace.workspace_id
  1485. ), status=200) # nopep8
  1486. assert res.json_body[0]['content_id'] == firstly_created.content_id
  1487. assert res.json_body[0]['read_by_user'] is True
  1488. # comment is also set as read
  1489. assert comments.has_new_information_for(test_user) is False
  1490. res = self.testapp.get('/api/v2/users/{user_id}/workspaces/{workspace_id}/contents/read_status'.format( # nopep8
  1491. user_id=admin.user_id,
  1492. workspace_id=workspace.workspace_id
  1493. ), status=200) # nopep8
  1494. assert res.json_body[0]['content_id'] == firstly_created.content_id
  1495. assert res.json_body[0]['read_by_user'] is False
  1496. # comment is also set as read
  1497. assert comments.has_new_information_for(admin) is True
  1498. class TestUserSetContentAsUnread(FunctionalTest):
  1499. """
  1500. Tests for /api/v2/users/{user_id}/workspaces/{workspace_id}/contents/{content_id}/unread # nopep8
  1501. """
  1502. def test_api_set_content_as_unread__ok__200__admin(self):
  1503. # init DB
  1504. dbsession = get_tm_session(self.session_factory, transaction.manager)
  1505. admin = dbsession.query(models.User) \
  1506. .filter(models.User.email == 'admin@admin.admin') \
  1507. .one()
  1508. workspace_api = WorkspaceApi(
  1509. current_user=admin,
  1510. session=dbsession,
  1511. config=self.app_config
  1512. )
  1513. workspace = WorkspaceApi(
  1514. current_user=admin,
  1515. session=dbsession,
  1516. config=self.app_config,
  1517. ).create_workspace(
  1518. 'test workspace',
  1519. save_now=True
  1520. )
  1521. uapi = UserApi(
  1522. current_user=admin,
  1523. session=dbsession,
  1524. config=self.app_config,
  1525. )
  1526. gapi = GroupApi(
  1527. current_user=admin,
  1528. session=dbsession,
  1529. config=self.app_config,
  1530. )
  1531. groups = [gapi.get_one_with_name('users')]
  1532. test_user = uapi.create_user(
  1533. email='test@test.test',
  1534. password='pass',
  1535. name='bob',
  1536. groups=groups,
  1537. timezone='Europe/Paris',
  1538. do_save=True,
  1539. do_notify=False,
  1540. )
  1541. rapi = RoleApi(
  1542. current_user=admin,
  1543. session=dbsession,
  1544. config=self.app_config,
  1545. )
  1546. rapi.create_one(test_user, workspace, UserRoleInWorkspace.READER, False)
  1547. api = ContentApi(
  1548. current_user=admin,
  1549. session=dbsession,
  1550. config=self.app_config,
  1551. )
  1552. api2 = ContentApi(
  1553. current_user=test_user,
  1554. session=dbsession,
  1555. config=self.app_config,
  1556. )
  1557. main_folder = api.create(CONTENT_TYPES.Folder.slug, workspace, None, 'this is randomized folder', '', True) # nopep8
  1558. # creation order test
  1559. firstly_created = api.create(CONTENT_TYPES.Page.slug, workspace, main_folder, 'creation_order_test', '', True) # nopep8
  1560. api.mark_read(firstly_created)
  1561. api2.mark_read(firstly_created)
  1562. dbsession.flush()
  1563. transaction.commit()
  1564. self.testapp.authorization = (
  1565. 'Basic',
  1566. (
  1567. 'admin@admin.admin',
  1568. 'admin@admin.admin'
  1569. )
  1570. )
  1571. # before
  1572. res = self.testapp.get('/api/v2/users/{user_id}/workspaces/{workspace_id}/contents/read_status'.format( # nopep8
  1573. user_id=test_user.user_id,
  1574. workspace_id=workspace.workspace_id
  1575. ), status=200)
  1576. assert res.json_body[0]['content_id'] == firstly_created.content_id
  1577. assert res.json_body[0]['read_by_user'] is True
  1578. res = self.testapp.get('/api/v2/users/{user_id}/workspaces/{workspace_id}/contents/read_status'.format( # nopep8
  1579. user_id=admin.user_id,
  1580. workspace_id=workspace.workspace_id
  1581. ), status=200)
  1582. assert res.json_body[0]['content_id'] == firstly_created.content_id
  1583. assert res.json_body[0]['read_by_user'] is True
  1584. # unread
  1585. self.testapp.put(
  1586. '/api/v2/users/{user_id}/workspaces/{workspace_id}/contents/{content_id}/unread'.format( # nopep8
  1587. workspace_id=workspace.workspace_id,
  1588. content_id=firstly_created.content_id,
  1589. user_id=test_user.user_id,
  1590. )
  1591. )
  1592. # after
  1593. res = self.testapp.get('/api/v2/users/{user_id}/workspaces/{workspace_id}/contents/read_status'.format( # nopep8
  1594. user_id=test_user.user_id,
  1595. workspace_id=workspace.workspace_id
  1596. ), status=200)
  1597. assert res.json_body[0]['content_id'] == firstly_created.content_id
  1598. assert res.json_body[0]['read_by_user'] is False
  1599. res = self.testapp.get('/api/v2/users/{user_id}/workspaces/{workspace_id}/contents/read_status'.format( # nopep8
  1600. user_id=admin.user_id,
  1601. workspace_id=workspace.workspace_id
  1602. ), status=200)
  1603. assert res.json_body[0]['content_id'] == firstly_created.content_id
  1604. assert res.json_body[0]['read_by_user'] is True
  1605. def test_api_set_content_as_unread__err__400__admin_workspace_do_not_exist(self):
  1606. # init DB
  1607. dbsession = get_tm_session(self.session_factory, transaction.manager)
  1608. admin = dbsession.query(models.User) \
  1609. .filter(models.User.email == 'admin@admin.admin') \
  1610. .one()
  1611. workspace_api = WorkspaceApi(
  1612. current_user=admin,
  1613. session=dbsession,
  1614. config=self.app_config
  1615. )
  1616. workspace = WorkspaceApi(
  1617. current_user=admin,
  1618. session=dbsession,
  1619. config=self.app_config,
  1620. ).create_workspace(
  1621. 'test workspace',
  1622. save_now=True
  1623. )
  1624. uapi = UserApi(
  1625. current_user=admin,
  1626. session=dbsession,
  1627. config=self.app_config,
  1628. )
  1629. gapi = GroupApi(
  1630. current_user=admin,
  1631. session=dbsession,
  1632. config=self.app_config,
  1633. )
  1634. groups = [gapi.get_one_with_name('users')]
  1635. test_user = uapi.create_user(
  1636. email='test@test.test',
  1637. password='pass',
  1638. name='bob',
  1639. groups=groups,
  1640. timezone='Europe/Paris',
  1641. do_save=True,
  1642. do_notify=False,
  1643. )
  1644. rapi = RoleApi(
  1645. current_user=admin,
  1646. session=dbsession,
  1647. config=self.app_config,
  1648. )
  1649. rapi.create_one(test_user, workspace, UserRoleInWorkspace.READER, False)
  1650. api = ContentApi(
  1651. current_user=admin,
  1652. session=dbsession,
  1653. config=self.app_config,
  1654. )
  1655. api2 = ContentApi(
  1656. current_user=test_user,
  1657. session=dbsession,
  1658. config=self.app_config,
  1659. )
  1660. main_folder = api.create(CONTENT_TYPES.Folder.slug, workspace, None, 'this is randomized folder', '', True) # nopep8
  1661. # creation order test
  1662. firstly_created = api.create(CONTENT_TYPES.Page.slug, workspace, main_folder, 'creation_order_test', '', True) # nopep8
  1663. api.mark_read(firstly_created)
  1664. api2.mark_read(firstly_created)
  1665. dbsession.flush()
  1666. transaction.commit()
  1667. self.testapp.authorization = (
  1668. 'Basic',
  1669. (
  1670. 'admin@admin.admin',
  1671. 'admin@admin.admin'
  1672. )
  1673. )
  1674. # unread
  1675. self.testapp.put(
  1676. '/api/v2/users/{user_id}/workspaces/{workspace_id}/contents/{content_id}/unread'.format( # nopep8
  1677. workspace_id=4000,
  1678. content_id=firstly_created.content_id,
  1679. user_id=test_user.user_id,
  1680. ),
  1681. status=400,
  1682. )
  1683. def test_api_set_content_as_unread__err__400__admin_content_do_not_exist(self):
  1684. # init DB
  1685. dbsession = get_tm_session(self.session_factory, transaction.manager)
  1686. admin = dbsession.query(models.User) \
  1687. .filter(models.User.email == 'admin@admin.admin') \
  1688. .one()
  1689. workspace_api = WorkspaceApi(
  1690. current_user=admin,
  1691. session=dbsession,
  1692. config=self.app_config
  1693. )
  1694. workspace = WorkspaceApi(
  1695. current_user=admin,
  1696. session=dbsession,
  1697. config=self.app_config,
  1698. ).create_workspace(
  1699. 'test workspace',
  1700. save_now=True
  1701. )
  1702. uapi = UserApi(
  1703. current_user=admin,
  1704. session=dbsession,
  1705. config=self.app_config,
  1706. )
  1707. gapi = GroupApi(
  1708. current_user=admin,
  1709. session=dbsession,
  1710. config=self.app_config,
  1711. )
  1712. groups = [gapi.get_one_with_name('users')]
  1713. test_user = uapi.create_user(
  1714. email='test@test.test',
  1715. password='pass',
  1716. name='bob',
  1717. groups=groups,
  1718. timezone='Europe/Paris',
  1719. do_save=True,
  1720. do_notify=False,
  1721. )
  1722. rapi = RoleApi(
  1723. current_user=admin,
  1724. session=dbsession,
  1725. config=self.app_config,
  1726. )
  1727. rapi.create_one(test_user, workspace, UserRoleInWorkspace.READER, False)
  1728. api = ContentApi(
  1729. current_user=admin,
  1730. session=dbsession,
  1731. config=self.app_config,
  1732. )
  1733. api2 = ContentApi(
  1734. current_user=test_user,
  1735. session=dbsession,
  1736. config=self.app_config,
  1737. )
  1738. main_folder = api.create(CONTENT_TYPES.Folder.slug, workspace, None, 'this is randomized folder', '', True) # nopep8
  1739. # creation order test
  1740. firstly_created = api.create(CONTENT_TYPES.Page.slug, workspace, main_folder, 'creation_order_test', '', True) # nopep8
  1741. api.mark_read(firstly_created)
  1742. api2.mark_read(firstly_created)
  1743. dbsession.flush()
  1744. transaction.commit()
  1745. self.testapp.authorization = (
  1746. 'Basic',
  1747. (
  1748. 'admin@admin.admin',
  1749. 'admin@admin.admin'
  1750. )
  1751. )
  1752. # unread
  1753. self.testapp.put(
  1754. '/api/v2/users/{user_id}/workspaces/{workspace_id}/contents/{content_id}/unread'.format( # nopep8
  1755. workspace_id=workspace.workspace_id,
  1756. content_id=4000,
  1757. user_id=test_user.user_id,
  1758. ),
  1759. status=400,
  1760. )
  1761. def test_api_set_content_as_unread__ok__200__user_itself(self):
  1762. # init DB
  1763. dbsession = get_tm_session(self.session_factory, transaction.manager)
  1764. admin = dbsession.query(models.User) \
  1765. .filter(models.User.email == 'admin@admin.admin') \
  1766. .one()
  1767. workspace_api = WorkspaceApi(
  1768. current_user=admin,
  1769. session=dbsession,
  1770. config=self.app_config
  1771. )
  1772. workspace = WorkspaceApi(
  1773. current_user=admin,
  1774. session=dbsession,
  1775. config=self.app_config,
  1776. ).create_workspace(
  1777. 'test workspace',
  1778. save_now=True
  1779. )
  1780. uapi = UserApi(
  1781. current_user=admin,
  1782. session=dbsession,
  1783. config=self.app_config,
  1784. )
  1785. gapi = GroupApi(
  1786. current_user=admin,
  1787. session=dbsession,
  1788. config=self.app_config,
  1789. )
  1790. groups = [gapi.get_one_with_name('users')]
  1791. test_user = uapi.create_user(
  1792. email='test@test.test',
  1793. password='pass',
  1794. name='bob',
  1795. groups=groups,
  1796. timezone='Europe/Paris',
  1797. do_save=True,
  1798. do_notify=False,
  1799. )
  1800. rapi = RoleApi(
  1801. current_user=admin,
  1802. session=dbsession,
  1803. config=self.app_config,
  1804. )
  1805. rapi.create_one(test_user, workspace, UserRoleInWorkspace.READER, False)
  1806. api = ContentApi(
  1807. current_user=admin,
  1808. session=dbsession,
  1809. config=self.app_config,
  1810. )
  1811. api2 = ContentApi(
  1812. current_user=test_user,
  1813. session=dbsession,
  1814. config=self.app_config,
  1815. )
  1816. main_folder = api.create(CONTENT_TYPES.Folder.slug, workspace, None, 'this is randomized folder', '', True) # nopep8
  1817. # creation order test
  1818. firstly_created = api.create(CONTENT_TYPES.Page.slug, workspace, main_folder, 'creation_order_test', '', True) # nopep8
  1819. api.mark_read(firstly_created)
  1820. api2.mark_read(firstly_created)
  1821. dbsession.flush()
  1822. transaction.commit()
  1823. self.testapp.authorization = (
  1824. 'Basic',
  1825. (
  1826. 'test@test.test',
  1827. 'pass'
  1828. )
  1829. )
  1830. # before
  1831. res = self.testapp.get('/api/v2/users/{user_id}/workspaces/{workspace_id}/contents/read_status'.format( # nopep8
  1832. user_id=test_user.user_id,
  1833. workspace_id=workspace.workspace_id
  1834. ), status=200)
  1835. assert res.json_body[0]['content_id'] == firstly_created.content_id
  1836. assert res.json_body[0]['read_by_user'] is True
  1837. # unread
  1838. self.testapp.put(
  1839. '/api/v2/users/{user_id}/workspaces/{workspace_id}/contents/{content_id}/unread'.format( # nopep8
  1840. workspace_id=workspace.workspace_id,
  1841. content_id=firstly_created.content_id,
  1842. user_id=test_user.user_id,
  1843. )
  1844. )
  1845. # after
  1846. res = self.testapp.get('/api/v2/users/{user_id}/workspaces/{workspace_id}/contents/read_status'.format( # nopep8
  1847. user_id=test_user.user_id,
  1848. workspace_id=workspace.workspace_id
  1849. ), status=200)
  1850. assert res.json_body[0]['content_id'] == firstly_created.content_id
  1851. assert res.json_body[0]['read_by_user'] is False
  1852. def test_api_set_content_as_unread__err__403__other_user(self):
  1853. # init DB
  1854. dbsession = get_tm_session(self.session_factory, transaction.manager)
  1855. admin = dbsession.query(models.User) \
  1856. .filter(models.User.email == 'admin@admin.admin') \
  1857. .one()
  1858. workspace_api = WorkspaceApi(
  1859. current_user=admin,
  1860. session=dbsession,
  1861. config=self.app_config
  1862. )
  1863. workspace = WorkspaceApi(
  1864. current_user=admin,
  1865. session=dbsession,
  1866. config=self.app_config,
  1867. ).create_workspace(
  1868. 'test workspace',
  1869. save_now=True
  1870. )
  1871. uapi = UserApi(
  1872. current_user=admin,
  1873. session=dbsession,
  1874. config=self.app_config,
  1875. )
  1876. gapi = GroupApi(
  1877. current_user=admin,
  1878. session=dbsession,
  1879. config=self.app_config,
  1880. )
  1881. groups = [gapi.get_one_with_name('users')]
  1882. test_user = uapi.create_user(
  1883. email='test@test.test',
  1884. password='pass',
  1885. name='bob',
  1886. groups=groups,
  1887. timezone='Europe/Paris',
  1888. do_save=True,
  1889. do_notify=False,
  1890. )
  1891. rapi = RoleApi(
  1892. current_user=admin,
  1893. session=dbsession,
  1894. config=self.app_config,
  1895. )
  1896. rapi.create_one(test_user, workspace, UserRoleInWorkspace.READER, False)
  1897. api = ContentApi(
  1898. current_user=admin,
  1899. session=dbsession,
  1900. config=self.app_config,
  1901. )
  1902. api2 = ContentApi(
  1903. current_user=test_user,
  1904. session=dbsession,
  1905. config=self.app_config,
  1906. )
  1907. main_folder = api.create(CONTENT_TYPES.Folder.slug, workspace, None, 'this is randomized folder', '', True) # nopep8
  1908. # creation order test
  1909. firstly_created = api.create(CONTENT_TYPES.Page.slug, workspace, main_folder, 'creation_order_test', '', True) # nopep8
  1910. api.mark_read(firstly_created)
  1911. api2.mark_read(firstly_created)
  1912. dbsession.flush()
  1913. transaction.commit()
  1914. self.testapp.authorization = (
  1915. 'Basic',
  1916. (
  1917. 'test@test.test',
  1918. 'pass'
  1919. )
  1920. )
  1921. # unread
  1922. self.testapp.put(
  1923. '/api/v2/users/{user_id}/workspaces/{workspace_id}/contents/{content_id}/unread'.format( # nopep8
  1924. workspace_id=workspace.workspace_id,
  1925. content_id=firstly_created.content_id,
  1926. user_id=admin.user_id,
  1927. ),
  1928. status=403,
  1929. )
  1930. def test_api_set_content_as_unread__ok__200__with_comments(self):
  1931. # init DB
  1932. dbsession = get_tm_session(self.session_factory, transaction.manager)
  1933. admin = dbsession.query(models.User) \
  1934. .filter(models.User.email == 'admin@admin.admin') \
  1935. .one()
  1936. workspace_api = WorkspaceApi(
  1937. current_user=admin,
  1938. session=dbsession,
  1939. config=self.app_config
  1940. )
  1941. workspace = WorkspaceApi(
  1942. current_user=admin,
  1943. session=dbsession,
  1944. config=self.app_config,
  1945. ).create_workspace(
  1946. 'test workspace',
  1947. save_now=True
  1948. )
  1949. api = ContentApi(
  1950. current_user=admin,
  1951. session=dbsession,
  1952. config=self.app_config,
  1953. )
  1954. main_folder = api.create(CONTENT_TYPES.Folder.slug, workspace, None, 'this is randomized folder', '', True) # nopep8
  1955. # creation order test
  1956. firstly_created = api.create(CONTENT_TYPES.Page.slug, workspace, main_folder, 'creation_order_test', '', True) # nopep8
  1957. comments = api.create_comment(workspace, firstly_created, 'juste a super comment', True) # nopep8
  1958. api.mark_read(firstly_created)
  1959. api.mark_read(comments)
  1960. dbsession.flush()
  1961. transaction.commit()
  1962. self.testapp.authorization = (
  1963. 'Basic',
  1964. (
  1965. 'admin@admin.admin',
  1966. 'admin@admin.admin'
  1967. )
  1968. )
  1969. res = self.testapp.get('/api/v2/users/1/workspaces/{}/contents/read_status'.format(workspace.workspace_id), status=200) # nopep8
  1970. assert res.json_body[0]['content_id'] == firstly_created.content_id
  1971. assert res.json_body[0]['read_by_user'] is True
  1972. self.testapp.put(
  1973. '/api/v2/users/{user_id}/workspaces/{workspace_id}/contents/{content_id}/unread'.format( # nopep8
  1974. workspace_id=workspace.workspace_id,
  1975. content_id=firstly_created.content_id,
  1976. user_id=admin.user_id,
  1977. )
  1978. )
  1979. res = self.testapp.get('/api/v2/users/1/workspaces/{}/contents/read_status'.format(workspace.workspace_id), status=200) # nopep8
  1980. assert res.json_body[0]['content_id'] == firstly_created.content_id
  1981. assert res.json_body[0]['read_by_user'] is False
  1982. assert comments.has_new_information_for(admin) is True
  1983. class TestUserSetWorkspaceAsRead(FunctionalTest):
  1984. """
  1985. Tests for /api/v2/users/{user_id}/workspaces/{workspace_id}/read
  1986. """
  1987. def test_api_set_content_as_read__ok__200__admin(self):
  1988. # init DB
  1989. dbsession = get_tm_session(self.session_factory, transaction.manager)
  1990. admin = dbsession.query(models.User) \
  1991. .filter(models.User.email == 'admin@admin.admin') \
  1992. .one()
  1993. workspace_api = WorkspaceApi(
  1994. current_user=admin,
  1995. session=dbsession,
  1996. config=self.app_config
  1997. )
  1998. workspace = WorkspaceApi(
  1999. current_user=admin,
  2000. session=dbsession,
  2001. config=self.app_config,
  2002. ).create_workspace(
  2003. 'test workspace',
  2004. save_now=True
  2005. )
  2006. uapi = UserApi(
  2007. current_user=admin,
  2008. session=dbsession,
  2009. config=self.app_config,
  2010. )
  2011. gapi = GroupApi(
  2012. current_user=admin,
  2013. session=dbsession,
  2014. config=self.app_config,
  2015. )
  2016. groups = [gapi.get_one_with_name('users')]
  2017. test_user = uapi.create_user(
  2018. email='test@test.test',
  2019. password='pass',
  2020. name='bob',
  2021. groups=groups,
  2022. timezone='Europe/Paris',
  2023. do_save=True,
  2024. do_notify=False,
  2025. )
  2026. rapi = RoleApi(
  2027. current_user=admin,
  2028. session=dbsession,
  2029. config=self.app_config,
  2030. )
  2031. rapi.create_one(test_user, workspace, UserRoleInWorkspace.READER, False)
  2032. api = ContentApi(
  2033. current_user=admin,
  2034. session=dbsession,
  2035. config=self.app_config,
  2036. )
  2037. api2 = ContentApi(
  2038. current_user=test_user,
  2039. session=dbsession,
  2040. config=self.app_config,
  2041. )
  2042. main_folder = api.create(CONTENT_TYPES.Folder.slug, workspace, None, 'this is randomized folder', '', True) # nopep8
  2043. # creation order test
  2044. firstly_created = api.create(CONTENT_TYPES.Page.slug, workspace, main_folder, 'creation_order_test', '', True) # nopep8
  2045. api.mark_unread(main_folder)
  2046. api.mark_unread(firstly_created)
  2047. api2.mark_unread(main_folder)
  2048. api2.mark_unread(firstly_created)
  2049. dbsession.flush()
  2050. transaction.commit()
  2051. self.testapp.authorization = (
  2052. 'Basic',
  2053. (
  2054. 'admin@admin.admin',
  2055. 'admin@admin.admin'
  2056. )
  2057. )
  2058. res = self.testapp.get('/api/v2/users/{user_id}/workspaces/{workspace_id}/contents/read_status'.format( # nopep8
  2059. user_id=test_user.user_id,
  2060. workspace_id=workspace.workspace_id
  2061. ), status=200)
  2062. assert res.json_body[0]['content_id'] == firstly_created.content_id
  2063. assert res.json_body[0]['read_by_user'] is False
  2064. assert res.json_body[1]['content_id'] == main_folder.content_id
  2065. assert res.json_body[1]['read_by_user'] is False
  2066. self.testapp.put(
  2067. '/api/v2/users/{user_id}/workspaces/{workspace_id}/read'.format( # nopep8
  2068. workspace_id=workspace.workspace_id,
  2069. content_id=firstly_created.content_id,
  2070. user_id=test_user.user_id,
  2071. )
  2072. )
  2073. res = self.testapp.get('/api/v2/users/{user_id}/workspaces/{workspace_id}/contents/read_status'.format( # nopep8
  2074. user_id=test_user.user_id,
  2075. workspace_id=workspace.workspace_id
  2076. ), status=200)
  2077. assert res.json_body[0]['content_id'] == firstly_created.content_id
  2078. assert res.json_body[0]['read_by_user'] is True
  2079. assert res.json_body[1]['content_id'] == main_folder.content_id
  2080. assert res.json_body[1]['read_by_user'] is True
  2081. def test_api_set_content_as_read__ok__200__user_itself(self):
  2082. # init DB
  2083. dbsession = get_tm_session(self.session_factory, transaction.manager)
  2084. admin = dbsession.query(models.User) \
  2085. .filter(models.User.email == 'admin@admin.admin') \
  2086. .one()
  2087. workspace_api = WorkspaceApi(
  2088. current_user=admin,
  2089. session=dbsession,
  2090. config=self.app_config
  2091. )
  2092. workspace = WorkspaceApi(
  2093. current_user=admin,
  2094. session=dbsession,
  2095. config=self.app_config,
  2096. ).create_workspace(
  2097. 'test workspace',
  2098. save_now=True
  2099. )
  2100. uapi = UserApi(
  2101. current_user=admin,
  2102. session=dbsession,
  2103. config=self.app_config,
  2104. )
  2105. gapi = GroupApi(
  2106. current_user=admin,
  2107. session=dbsession,
  2108. config=self.app_config,
  2109. )
  2110. groups = [gapi.get_one_with_name('users')]
  2111. test_user = uapi.create_user(
  2112. email='test@test.test',
  2113. password='pass',
  2114. name='bob',
  2115. groups=groups,
  2116. timezone='Europe/Paris',
  2117. do_save=True,
  2118. do_notify=False,
  2119. )
  2120. rapi = RoleApi(
  2121. current_user=admin,
  2122. session=dbsession,
  2123. config=self.app_config,
  2124. )
  2125. rapi.create_one(test_user, workspace, UserRoleInWorkspace.READER, False)
  2126. api = ContentApi(
  2127. current_user=admin,
  2128. session=dbsession,
  2129. config=self.app_config,
  2130. )
  2131. api2 = ContentApi(
  2132. current_user=test_user,
  2133. session=dbsession,
  2134. config=self.app_config,
  2135. )
  2136. main_folder = api.create(CONTENT_TYPES.Folder.slug, workspace, None, 'this is randomized folder', '', True) # nopep8
  2137. # creation order test
  2138. firstly_created = api.create(CONTENT_TYPES.Page.slug, workspace, main_folder, 'creation_order_test', '', True) # nopep8
  2139. api.mark_unread(main_folder)
  2140. api.mark_unread(firstly_created)
  2141. api2.mark_unread(main_folder)
  2142. api2.mark_unread(firstly_created)
  2143. dbsession.flush()
  2144. transaction.commit()
  2145. self.testapp.authorization = (
  2146. 'Basic',
  2147. (
  2148. 'test@test.test',
  2149. 'pass'
  2150. )
  2151. )
  2152. res = self.testapp.get('/api/v2/users/{user_id}/workspaces/{workspace_id}/contents/read_status'.format( # nopep8
  2153. user_id=test_user.user_id,
  2154. workspace_id=workspace.workspace_id
  2155. ), status=200)
  2156. assert res.json_body[0]['content_id'] == firstly_created.content_id
  2157. assert res.json_body[0]['read_by_user'] is False
  2158. assert res.json_body[1]['content_id'] == main_folder.content_id
  2159. assert res.json_body[1]['read_by_user'] is False
  2160. self.testapp.put(
  2161. '/api/v2/users/{user_id}/workspaces/{workspace_id}/read'.format( # nopep8
  2162. workspace_id=workspace.workspace_id,
  2163. content_id=firstly_created.content_id,
  2164. user_id=test_user.user_id,
  2165. )
  2166. )
  2167. res = self.testapp.get('/api/v2/users/{user_id}/workspaces/{workspace_id}/contents/read_status'.format( # nopep8
  2168. user_id=test_user.user_id,
  2169. workspace_id=workspace.workspace_id
  2170. ), status=200)
  2171. assert res.json_body[0]['content_id'] == firstly_created.content_id
  2172. assert res.json_body[0]['read_by_user'] is True
  2173. assert res.json_body[1]['content_id'] == main_folder.content_id
  2174. assert res.json_body[1]['read_by_user'] is True
  2175. def test_api_set_content_as_read__err__403__other_user(self):
  2176. # init DB
  2177. dbsession = get_tm_session(self.session_factory, transaction.manager)
  2178. admin = dbsession.query(models.User) \
  2179. .filter(models.User.email == 'admin@admin.admin') \
  2180. .one()
  2181. workspace_api = WorkspaceApi(
  2182. current_user=admin,
  2183. session=dbsession,
  2184. config=self.app_config
  2185. )
  2186. workspace = WorkspaceApi(
  2187. current_user=admin,
  2188. session=dbsession,
  2189. config=self.app_config,
  2190. ).create_workspace(
  2191. 'test workspace',
  2192. save_now=True
  2193. )
  2194. uapi = UserApi(
  2195. current_user=admin,
  2196. session=dbsession,
  2197. config=self.app_config,
  2198. )
  2199. gapi = GroupApi(
  2200. current_user=admin,
  2201. session=dbsession,
  2202. config=self.app_config,
  2203. )
  2204. groups = [gapi.get_one_with_name('users')]
  2205. test_user = uapi.create_user(
  2206. email='test@test.test',
  2207. password='pass',
  2208. name='bob',
  2209. groups=groups,
  2210. timezone='Europe/Paris',
  2211. do_save=True,
  2212. do_notify=False,
  2213. )
  2214. rapi = RoleApi(
  2215. current_user=admin,
  2216. session=dbsession,
  2217. config=self.app_config,
  2218. )
  2219. rapi.create_one(test_user, workspace, UserRoleInWorkspace.READER, False)
  2220. api = ContentApi(
  2221. current_user=admin,
  2222. session=dbsession,
  2223. config=self.app_config,
  2224. )
  2225. api2 = ContentApi(
  2226. current_user=test_user,
  2227. session=dbsession,
  2228. config=self.app_config,
  2229. )
  2230. main_folder = api.create(CONTENT_TYPES.Folder.slug, workspace, None, 'this is randomized folder', '', True) # nopep8
  2231. # creation order test
  2232. firstly_created = api.create(CONTENT_TYPES.Page.slug, workspace, main_folder, 'creation_order_test', '', True) # nopep8
  2233. api.mark_unread(main_folder)
  2234. api.mark_unread(firstly_created)
  2235. api2.mark_unread(main_folder)
  2236. api2.mark_unread(firstly_created)
  2237. dbsession.flush()
  2238. transaction.commit()
  2239. self.testapp.authorization = (
  2240. 'Basic',
  2241. (
  2242. 'test@test.test',
  2243. 'pass'
  2244. )
  2245. )
  2246. self.testapp.put(
  2247. '/api/v2/users/{user_id}/workspaces/{workspace_id}/read'.format( # nopep8
  2248. workspace_id=workspace.workspace_id,
  2249. content_id=firstly_created.content_id,
  2250. user_id=admin.user_id,
  2251. ),
  2252. status=403,
  2253. )
  2254. class TestUserWorkspaceEndpoint(FunctionalTest):
  2255. """
  2256. Tests for /api/v2/users/{user_id}/workspaces
  2257. """
  2258. fixtures = [BaseFixture, ContentFixtures]
  2259. def test_api__get_user_workspaces__ok_200__nominal_case(self):
  2260. """
  2261. Check obtain all workspaces reachables for user with user auth.
  2262. """
  2263. self.testapp.authorization = (
  2264. 'Basic',
  2265. (
  2266. 'admin@admin.admin',
  2267. 'admin@admin.admin'
  2268. )
  2269. )
  2270. res = self.testapp.get('/api/v2/users/1/workspaces', status=200)
  2271. res = res.json_body
  2272. workspace = res[0]
  2273. assert workspace['workspace_id'] == 1
  2274. assert workspace['label'] == 'Business'
  2275. assert workspace['slug'] == 'business'
  2276. assert len(workspace['sidebar_entries']) == 5
  2277. # TODO - G.M - 2018-08-02 - Better test for sidebar entry, make it
  2278. # not fixed on active application/content-file
  2279. sidebar_entry = workspace['sidebar_entries'][0]
  2280. assert sidebar_entry['slug'] == 'dashboard'
  2281. assert sidebar_entry['label'] == 'Dashboard'
  2282. assert sidebar_entry['route'] == '/#/workspaces/1/dashboard' # nopep8
  2283. assert sidebar_entry['hexcolor'] == "#252525"
  2284. assert sidebar_entry['fa_icon'] == "signal"
  2285. sidebar_entry = workspace['sidebar_entries'][1]
  2286. assert sidebar_entry['slug'] == 'contents/all'
  2287. assert sidebar_entry['label'] == 'All Contents'
  2288. assert sidebar_entry['route'] == "/#/workspaces/1/contents" # nopep8
  2289. assert sidebar_entry['hexcolor'] == "#fdfdfd"
  2290. assert sidebar_entry['fa_icon'] == "th"
  2291. sidebar_entry = workspace['sidebar_entries'][2]
  2292. assert sidebar_entry['slug'] == 'contents/html-document'
  2293. assert sidebar_entry['label'] == 'Text Documents'
  2294. assert sidebar_entry['route'] == '/#/workspaces/1/contents?type=html-document' # nopep8
  2295. assert sidebar_entry['hexcolor'] == "#3f52e3"
  2296. assert sidebar_entry['fa_icon'] == "file-text-o"
  2297. sidebar_entry = workspace['sidebar_entries'][3]
  2298. assert sidebar_entry['slug'] == 'contents/file'
  2299. assert sidebar_entry['label'] == 'Files'
  2300. assert sidebar_entry['route'] == "/#/workspaces/1/contents?type=file" # nopep8
  2301. assert sidebar_entry['hexcolor'] == "#FF9900"
  2302. assert sidebar_entry['fa_icon'] == "paperclip"
  2303. sidebar_entry = workspace['sidebar_entries'][4]
  2304. assert sidebar_entry['slug'] == 'contents/thread'
  2305. assert sidebar_entry['label'] == 'Threads'
  2306. assert sidebar_entry['route'] == "/#/workspaces/1/contents?type=thread" # nopep8
  2307. assert sidebar_entry['hexcolor'] == "#ad4cf9"
  2308. assert sidebar_entry['fa_icon'] == "comments-o"
  2309. def test_api__get_user_workspaces__err_403__unallowed_user(self):
  2310. """
  2311. Check obtain all workspaces reachables for one user
  2312. with another non-admin user auth.
  2313. """
  2314. self.testapp.authorization = (
  2315. 'Basic',
  2316. (
  2317. 'lawrence-not-real-email@fsf.local',
  2318. 'foobarbaz'
  2319. )
  2320. )
  2321. res = self.testapp.get('/api/v2/users/1/workspaces', status=403)
  2322. assert isinstance(res.json, dict)
  2323. assert 'code' in res.json.keys()
  2324. assert 'message' in res.json.keys()
  2325. assert 'details' in res.json.keys()
  2326. def test_api__get_user_workspaces__err_401__unregistered_user(self):
  2327. """
  2328. Check obtain all workspaces reachables for one user
  2329. without correct user auth (user unregistered).
  2330. """
  2331. self.testapp.authorization = (
  2332. 'Basic',
  2333. (
  2334. 'john@doe.doe',
  2335. 'lapin'
  2336. )
  2337. )
  2338. res = self.testapp.get('/api/v2/users/1/workspaces', status=401)
  2339. assert isinstance(res.json, dict)
  2340. assert 'code' in res.json.keys()
  2341. assert 'message' in res.json.keys()
  2342. assert 'details' in res.json.keys()
  2343. def test_api__get_user_workspaces__err_400__user_does_not_exist(self):
  2344. """
  2345. Check obtain all workspaces reachables for one user who does
  2346. not exist
  2347. with a correct user auth.
  2348. """
  2349. self.testapp.authorization = (
  2350. 'Basic',
  2351. (
  2352. 'admin@admin.admin',
  2353. 'admin@admin.admin'
  2354. )
  2355. )
  2356. res = self.testapp.get('/api/v2/users/5/workspaces', status=400)
  2357. assert isinstance(res.json, dict)
  2358. assert 'code' in res.json.keys()
  2359. assert 'message' in res.json.keys()
  2360. assert 'details' in res.json.keys()
  2361. class TestUserEndpoint(FunctionalTest):
  2362. # -*- coding: utf-8 -*-
  2363. """
  2364. Tests for GET /api/v2/users/{user_id}
  2365. """
  2366. fixtures = [BaseFixture]
  2367. def test_api__get_user__ok_200__admin(self):
  2368. dbsession = get_tm_session(self.session_factory, transaction.manager)
  2369. admin = dbsession.query(models.User) \
  2370. .filter(models.User.email == 'admin@admin.admin') \
  2371. .one()
  2372. uapi = UserApi(
  2373. current_user=admin,
  2374. session=dbsession,
  2375. config=self.app_config,
  2376. )
  2377. gapi = GroupApi(
  2378. current_user=admin,
  2379. session=dbsession,
  2380. config=self.app_config,
  2381. )
  2382. groups = [gapi.get_one_with_name('users')]
  2383. test_user = uapi.create_user(
  2384. email='test@test.test',
  2385. password='pass',
  2386. name='bob',
  2387. groups=groups,
  2388. timezone='Europe/Paris',
  2389. do_save=True,
  2390. do_notify=False,
  2391. )
  2392. uapi.save(test_user)
  2393. transaction.commit()
  2394. user_id = int(test_user.user_id)
  2395. self.testapp.authorization = (
  2396. 'Basic',
  2397. (
  2398. 'admin@admin.admin',
  2399. 'admin@admin.admin'
  2400. )
  2401. )
  2402. res = self.testapp.get(
  2403. '/api/v2/users/{}'.format(user_id),
  2404. status=200
  2405. )
  2406. res = res.json_body
  2407. assert res['user_id'] == user_id
  2408. assert res['created']
  2409. assert res['is_active'] is True
  2410. assert res['profile'] == 'users'
  2411. assert res['email'] == 'test@test.test'
  2412. assert res['public_name'] == 'bob'
  2413. assert res['timezone'] == 'Europe/Paris'
  2414. assert res['is_deleted'] is False
  2415. def test_api__get_user__ok_200__user_itself(self):
  2416. dbsession = get_tm_session(self.session_factory, transaction.manager)
  2417. admin = dbsession.query(models.User) \
  2418. .filter(models.User.email == 'admin@admin.admin') \
  2419. .one()
  2420. uapi = UserApi(
  2421. current_user=admin,
  2422. session=dbsession,
  2423. config=self.app_config,
  2424. )
  2425. gapi = GroupApi(
  2426. current_user=admin,
  2427. session=dbsession,
  2428. config=self.app_config,
  2429. )
  2430. groups = [gapi.get_one_with_name('users')]
  2431. test_user = uapi.create_user(
  2432. email='test@test.test',
  2433. password='pass',
  2434. name='bob',
  2435. groups=groups,
  2436. timezone='Europe/Paris',
  2437. do_save=True,
  2438. do_notify=False,
  2439. )
  2440. uapi.save(test_user)
  2441. transaction.commit()
  2442. user_id = int(test_user.user_id)
  2443. self.testapp.authorization = (
  2444. 'Basic',
  2445. (
  2446. 'test@test.test',
  2447. 'pass'
  2448. )
  2449. )
  2450. res = self.testapp.get(
  2451. '/api/v2/users/{}'.format(user_id),
  2452. status=200
  2453. )
  2454. res = res.json_body
  2455. assert res['user_id'] == user_id
  2456. assert res['created']
  2457. assert res['is_active'] is True
  2458. assert res['profile'] == 'users'
  2459. assert res['email'] == 'test@test.test'
  2460. assert res['public_name'] == 'bob'
  2461. assert res['timezone'] == 'Europe/Paris'
  2462. assert res['is_deleted'] is False
  2463. def test_api__get_user__err_403__other_normal_user(self):
  2464. dbsession = get_tm_session(self.session_factory, transaction.manager)
  2465. admin = dbsession.query(models.User) \
  2466. .filter(models.User.email == 'admin@admin.admin') \
  2467. .one()
  2468. uapi = UserApi(
  2469. current_user=admin,
  2470. session=dbsession,
  2471. config=self.app_config,
  2472. )
  2473. gapi = GroupApi(
  2474. current_user=admin,
  2475. session=dbsession,
  2476. config=self.app_config,
  2477. )
  2478. groups = [gapi.get_one_with_name('users')]
  2479. test_user = uapi.create_user(
  2480. email='test@test.test',
  2481. password='pass',
  2482. name='bob',
  2483. groups=groups,
  2484. timezone='Europe/Paris',
  2485. do_save=True,
  2486. do_notify=False,
  2487. )
  2488. test_user2 = uapi.create_user(
  2489. email='test2@test2.test2',
  2490. password='pass',
  2491. name='bob2',
  2492. groups=groups,
  2493. timezone='Europe/Paris',
  2494. do_save=True,
  2495. do_notify=False,
  2496. )
  2497. uapi.save(test_user2)
  2498. uapi.save(test_user)
  2499. transaction.commit()
  2500. user_id = int(test_user.user_id)
  2501. self.testapp.authorization = (
  2502. 'Basic',
  2503. (
  2504. 'test2@test2.test2',
  2505. 'pass'
  2506. )
  2507. )
  2508. self.testapp.get(
  2509. '/api/v2/users/{}'.format(user_id),
  2510. status=403
  2511. )
  2512. def test_api_delete_user__ok_200__admin(self):
  2513. dbsession = get_tm_session(self.session_factory, transaction.manager)
  2514. admin = dbsession.query(models.User) \
  2515. .filter(models.User.email == 'admin@admin.admin') \
  2516. .one()
  2517. uapi = UserApi(
  2518. current_user=admin,
  2519. session=dbsession,
  2520. config=self.app_config,
  2521. )
  2522. gapi = GroupApi(
  2523. current_user=admin,
  2524. session=dbsession,
  2525. config=self.app_config,
  2526. )
  2527. groups = [gapi.get_one_with_name('users')]
  2528. test_user = uapi.create_user(
  2529. email='test@test.test',
  2530. password='pass',
  2531. name='bob',
  2532. groups=groups,
  2533. timezone='Europe/Paris',
  2534. do_save=True,
  2535. do_notify=False,
  2536. )
  2537. uapi.save(test_user)
  2538. transaction.commit()
  2539. user_id = int(test_user.user_id)
  2540. self.testapp.authorization = (
  2541. 'Basic',
  2542. (
  2543. 'admin@admin.admin',
  2544. 'admin@admin.admin'
  2545. )
  2546. )
  2547. self.testapp.put(
  2548. '/api/v2/users/{}/delete'.format(user_id),
  2549. status=204
  2550. )
  2551. res = self.testapp.get(
  2552. '/api/v2/users/{}'.format(user_id),
  2553. status=200
  2554. ).json_body
  2555. assert res['is_deleted'] is True
  2556. class TestUsersEndpoint(FunctionalTest):
  2557. # -*- coding: utf-8 -*-
  2558. """
  2559. Tests for GET /api/v2/users/{user_id}
  2560. """
  2561. fixtures = [BaseFixture]
  2562. def test_api__get_user__ok_200__admin(self):
  2563. dbsession = get_tm_session(self.session_factory, transaction.manager)
  2564. admin = dbsession.query(models.User) \
  2565. .filter(models.User.email == 'admin@admin.admin') \
  2566. .one()
  2567. uapi = UserApi(
  2568. current_user=admin,
  2569. session=dbsession,
  2570. config=self.app_config,
  2571. )
  2572. gapi = GroupApi(
  2573. current_user=admin,
  2574. session=dbsession,
  2575. config=self.app_config,
  2576. )
  2577. groups = [gapi.get_one_with_name('users')]
  2578. test_user = uapi.create_user(
  2579. email='test@test.test',
  2580. password='pass',
  2581. name='bob',
  2582. groups=groups,
  2583. timezone='Europe/Paris',
  2584. do_save=True,
  2585. do_notify=False,
  2586. )
  2587. uapi.save(test_user)
  2588. transaction.commit()
  2589. user_id = int(test_user.user_id)
  2590. self.testapp.authorization = (
  2591. 'Basic',
  2592. (
  2593. 'admin@admin.admin',
  2594. 'admin@admin.admin'
  2595. )
  2596. )
  2597. res = self.testapp.get(
  2598. '/api/v2/users',
  2599. status=200
  2600. )
  2601. res = res.json_body
  2602. assert len(res) == 2
  2603. assert res[0]['user_id'] == admin.user_id
  2604. assert res[0]['public_name'] == admin.display_name
  2605. assert res[0]['avatar_url'] is None
  2606. assert res[1]['user_id'] == test_user.user_id
  2607. assert res[1]['public_name'] == test_user.display_name
  2608. assert res[1]['avatar_url'] is None
  2609. def test_api__get_user__err_403__normal_user(self):
  2610. dbsession = get_tm_session(self.session_factory, transaction.manager)
  2611. admin = dbsession.query(models.User) \
  2612. .filter(models.User.email == 'admin@admin.admin') \
  2613. .one()
  2614. uapi = UserApi(
  2615. current_user=admin,
  2616. session=dbsession,
  2617. config=self.app_config,
  2618. )
  2619. gapi = GroupApi(
  2620. current_user=admin,
  2621. session=dbsession,
  2622. config=self.app_config,
  2623. )
  2624. groups = [gapi.get_one_with_name('users')]
  2625. test_user = uapi.create_user(
  2626. email='test@test.test',
  2627. password='pass',
  2628. name='bob',
  2629. groups=groups,
  2630. timezone='Europe/Paris',
  2631. do_save=True,
  2632. do_notify=False,
  2633. )
  2634. uapi.save(test_user)
  2635. transaction.commit()
  2636. user_id = int(test_user.user_id)
  2637. self.testapp.authorization = (
  2638. 'Basic',
  2639. (
  2640. 'test@test.test',
  2641. 'pass'
  2642. )
  2643. )
  2644. self.testapp.get(
  2645. '/api/v2/users',
  2646. status=403
  2647. )
  2648. class TestKnownMembersEndpoint(FunctionalTest):
  2649. # -*- coding: utf-8 -*-
  2650. """
  2651. Tests for GET /api/v2/users/{user_id}
  2652. """
  2653. fixtures = [BaseFixture]
  2654. def test_api__get_user__ok_200__admin__by_name(self):
  2655. dbsession = get_tm_session(self.session_factory, transaction.manager)
  2656. admin = dbsession.query(models.User) \
  2657. .filter(models.User.email == 'admin@admin.admin') \
  2658. .one()
  2659. uapi = UserApi(
  2660. current_user=admin,
  2661. session=dbsession,
  2662. config=self.app_config,
  2663. )
  2664. gapi = GroupApi(
  2665. current_user=admin,
  2666. session=dbsession,
  2667. config=self.app_config,
  2668. )
  2669. groups = [gapi.get_one_with_name('users')]
  2670. test_user = uapi.create_user(
  2671. email='test@test.test',
  2672. password='pass',
  2673. name='bob',
  2674. groups=groups,
  2675. timezone='Europe/Paris',
  2676. do_save=True,
  2677. do_notify=False,
  2678. )
  2679. test_user2 = uapi.create_user(
  2680. email='test2@test2.test2',
  2681. password='pass',
  2682. name='bob2',
  2683. groups=groups,
  2684. timezone='Europe/Paris',
  2685. do_save=True,
  2686. do_notify=False,
  2687. )
  2688. uapi.save(test_user)
  2689. uapi.save(test_user2)
  2690. transaction.commit()
  2691. user_id = int(admin.user_id)
  2692. self.testapp.authorization = (
  2693. 'Basic',
  2694. (
  2695. 'admin@admin.admin',
  2696. 'admin@admin.admin'
  2697. )
  2698. )
  2699. params = {
  2700. 'acp': 'bob',
  2701. }
  2702. res = self.testapp.get(
  2703. '/api/v2/users/{user_id}/known_members'.format(user_id=user_id),
  2704. status=200,
  2705. params=params,
  2706. )
  2707. res = res.json_body
  2708. assert len(res) == 2
  2709. assert res[0]['user_id'] == test_user.user_id
  2710. assert res[0]['public_name'] == test_user.display_name
  2711. assert res[0]['avatar_url'] is None
  2712. assert res[1]['user_id'] == test_user2.user_id
  2713. assert res[1]['public_name'] == test_user2.display_name
  2714. assert res[1]['avatar_url'] is None
  2715. def test_api__get_user__ok_200__admin__by_email(self):
  2716. dbsession = get_tm_session(self.session_factory, transaction.manager)
  2717. admin = dbsession.query(models.User) \
  2718. .filter(models.User.email == 'admin@admin.admin') \
  2719. .one()
  2720. uapi = UserApi(
  2721. current_user=admin,
  2722. session=dbsession,
  2723. config=self.app_config,
  2724. )
  2725. gapi = GroupApi(
  2726. current_user=admin,
  2727. session=dbsession,
  2728. config=self.app_config,
  2729. )
  2730. groups = [gapi.get_one_with_name('users')]
  2731. test_user = uapi.create_user(
  2732. email='test@test.test',
  2733. password='pass',
  2734. name='bob',
  2735. groups=groups,
  2736. timezone='Europe/Paris',
  2737. do_save=True,
  2738. do_notify=False,
  2739. )
  2740. test_user2 = uapi.create_user(
  2741. email='test2@test2.test2',
  2742. password='pass',
  2743. name='bob2',
  2744. groups=groups,
  2745. timezone='Europe/Paris',
  2746. do_save=True,
  2747. do_notify=False,
  2748. )
  2749. uapi.save(test_user)
  2750. uapi.save(test_user2)
  2751. transaction.commit()
  2752. user_id = int(admin.user_id)
  2753. self.testapp.authorization = (
  2754. 'Basic',
  2755. (
  2756. 'admin@admin.admin',
  2757. 'admin@admin.admin'
  2758. )
  2759. )
  2760. params = {
  2761. 'acp': 'test',
  2762. }
  2763. res = self.testapp.get(
  2764. '/api/v2/users/{user_id}/known_members'.format(user_id=user_id),
  2765. status=200,
  2766. params=params,
  2767. )
  2768. res = res.json_body
  2769. assert len(res) == 2
  2770. assert res[0]['user_id'] == test_user.user_id
  2771. assert res[0]['public_name'] == test_user.display_name
  2772. assert res[0]['avatar_url'] is None
  2773. assert res[1]['user_id'] == test_user2.user_id
  2774. assert res[1]['public_name'] == test_user2.display_name
  2775. assert res[1]['avatar_url'] is None
  2776. def test_api__get_user__err_403__admin__too_small_acp(self):
  2777. dbsession = get_tm_session(self.session_factory, transaction.manager)
  2778. admin = dbsession.query(models.User) \
  2779. .filter(models.User.email == 'admin@admin.admin') \
  2780. .one()
  2781. uapi = UserApi(
  2782. current_user=admin,
  2783. session=dbsession,
  2784. config=self.app_config,
  2785. )
  2786. gapi = GroupApi(
  2787. current_user=admin,
  2788. session=dbsession,
  2789. config=self.app_config,
  2790. )
  2791. groups = [gapi.get_one_with_name('users')]
  2792. test_user = uapi.create_user(
  2793. email='test@test.test',
  2794. password='pass',
  2795. name='bob',
  2796. groups=groups,
  2797. timezone='Europe/Paris',
  2798. do_save=True,
  2799. do_notify=False,
  2800. )
  2801. test_user2 = uapi.create_user(
  2802. email='test2@test2.test2',
  2803. password='pass',
  2804. name='bob2',
  2805. groups=groups,
  2806. timezone='Europe/Paris',
  2807. do_save=True,
  2808. do_notify=False,
  2809. )
  2810. uapi.save(test_user)
  2811. transaction.commit()
  2812. user_id = int(admin.user_id)
  2813. self.testapp.authorization = (
  2814. 'Basic',
  2815. (
  2816. 'admin@admin.admin',
  2817. 'admin@admin.admin'
  2818. )
  2819. )
  2820. params = {
  2821. 'acp': 't',
  2822. }
  2823. res = self.testapp.get(
  2824. '/api/v2/users/{user_id}/known_members'.format(user_id=user_id),
  2825. status=400,
  2826. params=params
  2827. )
  2828. def test_api__get_user__ok_200__normal_user_by_email(self):
  2829. dbsession = get_tm_session(self.session_factory, transaction.manager)
  2830. admin = dbsession.query(models.User) \
  2831. .filter(models.User.email == 'admin@admin.admin') \
  2832. .one()
  2833. uapi = UserApi(
  2834. current_user=admin,
  2835. session=dbsession,
  2836. config=self.app_config,
  2837. )
  2838. gapi = GroupApi(
  2839. current_user=admin,
  2840. session=dbsession,
  2841. config=self.app_config,
  2842. )
  2843. groups = [gapi.get_one_with_name('users')]
  2844. test_user = uapi.create_user(
  2845. email='test@test.test',
  2846. password='pass',
  2847. name='bob',
  2848. groups=groups,
  2849. timezone='Europe/Paris',
  2850. do_save=True,
  2851. do_notify=False,
  2852. )
  2853. test_user2 = uapi.create_user(
  2854. email='test2@test2.test2',
  2855. password='pass',
  2856. name='bob2',
  2857. groups=groups,
  2858. timezone='Europe/Paris',
  2859. do_save=True,
  2860. do_notify=False,
  2861. )
  2862. test_user3 = uapi.create_user(
  2863. email='test3@test3.test3',
  2864. password='pass',
  2865. name='bob3',
  2866. groups=groups,
  2867. timezone='Europe/Paris',
  2868. do_save=True,
  2869. do_notify=False,
  2870. )
  2871. uapi.save(test_user)
  2872. uapi.save(test_user2)
  2873. uapi.save(test_user3)
  2874. workspace_api = WorkspaceApi(
  2875. current_user=admin,
  2876. session=dbsession,
  2877. config=self.app_config
  2878. )
  2879. workspace = WorkspaceApi(
  2880. current_user=admin,
  2881. session=dbsession,
  2882. config=self.app_config,
  2883. ).create_workspace(
  2884. 'test workspace',
  2885. save_now=True
  2886. )
  2887. role_api = RoleApi(
  2888. current_user=admin,
  2889. session=dbsession,
  2890. config=self.app_config,
  2891. )
  2892. role_api.create_one(test_user, workspace, UserRoleInWorkspace.READER, False)
  2893. role_api.create_one(test_user2, workspace, UserRoleInWorkspace.READER, False)
  2894. transaction.commit()
  2895. user_id = int(test_user.user_id)
  2896. self.testapp.authorization = (
  2897. 'Basic',
  2898. (
  2899. 'test@test.test',
  2900. 'pass'
  2901. )
  2902. )
  2903. params = {
  2904. 'acp': 'test',
  2905. }
  2906. res = self.testapp.get(
  2907. '/api/v2/users/{user_id}/known_members'.format(user_id=user_id),
  2908. status=200,
  2909. params=params
  2910. )
  2911. res = res.json_body
  2912. assert len(res) == 2
  2913. assert res[0]['user_id'] == test_user.user_id
  2914. assert res[0]['public_name'] == test_user.display_name
  2915. assert res[0]['avatar_url'] is None
  2916. assert res[1]['user_id'] == test_user2.user_id
  2917. assert res[1]['public_name'] == test_user2.display_name
  2918. assert res[1]['avatar_url'] is None
  2919. class TestSetEmailEndpoint(FunctionalTest):
  2920. # -*- coding: utf-8 -*-
  2921. """
  2922. Tests for PUT /api/v2/users/{user_id}/email
  2923. """
  2924. fixtures = [BaseFixture]
  2925. def test_api__set_user_email__ok_200__admin(self):
  2926. dbsession = get_tm_session(self.session_factory, transaction.manager)
  2927. admin = dbsession.query(models.User) \
  2928. .filter(models.User.email == 'admin@admin.admin') \
  2929. .one()
  2930. uapi = UserApi(
  2931. current_user=admin,
  2932. session=dbsession,
  2933. config=self.app_config,
  2934. )
  2935. gapi = GroupApi(
  2936. current_user=admin,
  2937. session=dbsession,
  2938. config=self.app_config,
  2939. )
  2940. groups = [gapi.get_one_with_name('users')]
  2941. test_user = uapi.create_user(
  2942. email='test@test.test',
  2943. password='pass',
  2944. name='bob',
  2945. groups=groups,
  2946. timezone='Europe/Paris',
  2947. do_save=True,
  2948. do_notify=False,
  2949. )
  2950. uapi.save(test_user)
  2951. transaction.commit()
  2952. user_id = int(test_user.user_id)
  2953. self.testapp.authorization = (
  2954. 'Basic',
  2955. (
  2956. 'admin@admin.admin',
  2957. 'admin@admin.admin'
  2958. )
  2959. )
  2960. # check before
  2961. res = self.testapp.get(
  2962. '/api/v2/users/{}'.format(user_id),
  2963. status=200
  2964. )
  2965. res = res.json_body
  2966. assert res['email'] == 'test@test.test'
  2967. # Set password
  2968. params = {
  2969. 'email': 'mysuperemail@email.fr',
  2970. 'loggedin_user_password': 'admin@admin.admin',
  2971. }
  2972. self.testapp.put_json(
  2973. '/api/v2/users/{}/email'.format(user_id),
  2974. params=params,
  2975. status=200,
  2976. )
  2977. # Check After
  2978. res = self.testapp.get(
  2979. '/api/v2/users/{}'.format(user_id),
  2980. status=200
  2981. )
  2982. res = res.json_body
  2983. assert res['email'] == 'mysuperemail@email.fr'
  2984. def test_api__set_user_email__err_403__admin_wrong_password(self):
  2985. dbsession = get_tm_session(self.session_factory, transaction.manager)
  2986. admin = dbsession.query(models.User) \
  2987. .filter(models.User.email == 'admin@admin.admin') \
  2988. .one()
  2989. uapi = UserApi(
  2990. current_user=admin,
  2991. session=dbsession,
  2992. config=self.app_config,
  2993. )
  2994. gapi = GroupApi(
  2995. current_user=admin,
  2996. session=dbsession,
  2997. config=self.app_config,
  2998. )
  2999. groups = [gapi.get_one_with_name('users')]
  3000. test_user = uapi.create_user(
  3001. email='test@test.test',
  3002. password='pass',
  3003. name='bob',
  3004. groups=groups,
  3005. timezone='Europe/Paris',
  3006. do_save=True,
  3007. do_notify=False,
  3008. )
  3009. uapi.save(test_user)
  3010. transaction.commit()
  3011. user_id = int(test_user.user_id)
  3012. self.testapp.authorization = (
  3013. 'Basic',
  3014. (
  3015. 'admin@admin.admin',
  3016. 'admin@admin.admin'
  3017. )
  3018. )
  3019. # check before
  3020. res = self.testapp.get(
  3021. '/api/v2/users/{}'.format(user_id),
  3022. status=200
  3023. )
  3024. res = res.json_body
  3025. assert res['email'] == 'test@test.test'
  3026. # Set password
  3027. params = {
  3028. 'email': 'mysuperemail@email.fr',
  3029. 'loggedin_user_password': 'badpassword',
  3030. }
  3031. self.testapp.put_json(
  3032. '/api/v2/users/{}/email'.format(user_id),
  3033. params=params,
  3034. status=403,
  3035. )
  3036. # Check After
  3037. res = self.testapp.get(
  3038. '/api/v2/users/{}'.format(user_id),
  3039. status=200
  3040. )
  3041. res = res.json_body
  3042. assert res['email'] == 'test@test.test'
  3043. def test_api__set_user_email__err_400__admin_string_is_not_email(self):
  3044. dbsession = get_tm_session(self.session_factory, transaction.manager)
  3045. admin = dbsession.query(models.User) \
  3046. .filter(models.User.email == 'admin@admin.admin') \
  3047. .one()
  3048. uapi = UserApi(
  3049. current_user=admin,
  3050. session=dbsession,
  3051. config=self.app_config,
  3052. )
  3053. gapi = GroupApi(
  3054. current_user=admin,
  3055. session=dbsession,
  3056. config=self.app_config,
  3057. )
  3058. groups = [gapi.get_one_with_name('users')]
  3059. test_user = uapi.create_user(
  3060. email='test@test.test',
  3061. password='pass',
  3062. name='bob',
  3063. groups=groups,
  3064. timezone='Europe/Paris',
  3065. do_save=True,
  3066. do_notify=False,
  3067. )
  3068. uapi.save(test_user)
  3069. transaction.commit()
  3070. user_id = int(test_user.user_id)
  3071. self.testapp.authorization = (
  3072. 'Basic',
  3073. (
  3074. 'admin@admin.admin',
  3075. 'admin@admin.admin'
  3076. )
  3077. )
  3078. # check before
  3079. res = self.testapp.get(
  3080. '/api/v2/users/{}'.format(user_id),
  3081. status=200
  3082. )
  3083. res = res.json_body
  3084. assert res['email'] == 'test@test.test'
  3085. # Set password
  3086. params = {
  3087. 'email': 'thatisnotandemail',
  3088. 'loggedin_user_password': 'admin@admin.admin',
  3089. }
  3090. self.testapp.put_json(
  3091. '/api/v2/users/{}/email'.format(user_id),
  3092. params=params,
  3093. status=400,
  3094. )
  3095. # Check After
  3096. res = self.testapp.get(
  3097. '/api/v2/users/{}'.format(user_id),
  3098. status=200
  3099. )
  3100. res = res.json_body
  3101. assert res['email'] == 'test@test.test'
  3102. def test_api__set_user_email__ok_200__user_itself(self):
  3103. dbsession = get_tm_session(self.session_factory, transaction.manager)
  3104. admin = dbsession.query(models.User) \
  3105. .filter(models.User.email == 'admin@admin.admin') \
  3106. .one()
  3107. uapi = UserApi(
  3108. current_user=admin,
  3109. session=dbsession,
  3110. config=self.app_config,
  3111. )
  3112. gapi = GroupApi(
  3113. current_user=admin,
  3114. session=dbsession,
  3115. config=self.app_config,
  3116. )
  3117. groups = [gapi.get_one_with_name('users')]
  3118. test_user = uapi.create_user(
  3119. email='test@test.test',
  3120. password='pass',
  3121. name='bob',
  3122. groups=groups,
  3123. timezone='Europe/Paris',
  3124. do_save=True,
  3125. do_notify=False,
  3126. )
  3127. uapi.save(test_user)
  3128. transaction.commit()
  3129. user_id = int(test_user.user_id)
  3130. self.testapp.authorization = (
  3131. 'Basic',
  3132. (
  3133. 'test@test.test',
  3134. 'pass'
  3135. )
  3136. )
  3137. # check before
  3138. res = self.testapp.get(
  3139. '/api/v2/users/{}'.format(user_id),
  3140. status=200
  3141. )
  3142. res = res.json_body
  3143. assert res['email'] == 'test@test.test'
  3144. # Set password
  3145. params = {
  3146. 'email': 'mysuperemail@email.fr',
  3147. 'loggedin_user_password': 'pass',
  3148. }
  3149. self.testapp.put_json(
  3150. '/api/v2/users/{}/email'.format(user_id),
  3151. params=params,
  3152. status=200,
  3153. )
  3154. self.testapp.authorization = (
  3155. 'Basic',
  3156. (
  3157. 'mysuperemail@email.fr',
  3158. 'pass'
  3159. )
  3160. )
  3161. # Check After
  3162. res = self.testapp.get(
  3163. '/api/v2/users/{}'.format(user_id),
  3164. status=200
  3165. )
  3166. res = res.json_body
  3167. assert res['email'] == 'mysuperemail@email.fr'
  3168. def test_api__set_user_email__err_403__other_normal_user(self):
  3169. dbsession = get_tm_session(self.session_factory, transaction.manager)
  3170. admin = dbsession.query(models.User) \
  3171. .filter(models.User.email == 'admin@admin.admin') \
  3172. .one()
  3173. uapi = UserApi(
  3174. current_user=admin,
  3175. session=dbsession,
  3176. config=self.app_config,
  3177. )
  3178. gapi = GroupApi(
  3179. current_user=admin,
  3180. session=dbsession,
  3181. config=self.app_config,
  3182. )
  3183. groups = [gapi.get_one_with_name('users')]
  3184. test_user = uapi.create_user(
  3185. email='test@test.test',
  3186. password='pass',
  3187. name='bob',
  3188. groups=groups,
  3189. timezone='Europe/Paris',
  3190. do_save=True,
  3191. do_notify=False,
  3192. )
  3193. test_user2 = uapi.create_user(
  3194. email='test2@test2.test2',
  3195. password='pass',
  3196. name='bob2',
  3197. groups=groups,
  3198. timezone='Europe/Paris',
  3199. do_save=True,
  3200. do_notify=False,
  3201. )
  3202. uapi.save(test_user2)
  3203. uapi.save(test_user)
  3204. transaction.commit()
  3205. user_id = int(test_user.user_id)
  3206. self.testapp.authorization = (
  3207. 'Basic',
  3208. (
  3209. 'test@test.test',
  3210. 'pass'
  3211. )
  3212. )
  3213. # Set password
  3214. params = {
  3215. 'email': 'mysuperemail@email.fr',
  3216. 'loggedin_user_password': 'test2@test2.test2',
  3217. }
  3218. self.testapp.put_json(
  3219. '/api/v2/users/{}/email'.format(user_id),
  3220. params=params,
  3221. status=403,
  3222. )
  3223. class TestSetPasswordEndpoint(FunctionalTest):
  3224. # -*- coding: utf-8 -*-
  3225. """
  3226. Tests for PUT /api/v2/users/{user_id}/password
  3227. """
  3228. fixtures = [BaseFixture]
  3229. def test_api__set_user_password__ok_200__admin(self):
  3230. dbsession = get_tm_session(self.session_factory, transaction.manager)
  3231. admin = dbsession.query(models.User) \
  3232. .filter(models.User.email == 'admin@admin.admin') \
  3233. .one()
  3234. uapi = UserApi(
  3235. current_user=admin,
  3236. session=dbsession,
  3237. config=self.app_config,
  3238. )
  3239. gapi = GroupApi(
  3240. current_user=admin,
  3241. session=dbsession,
  3242. config=self.app_config,
  3243. )
  3244. groups = [gapi.get_one_with_name('users')]
  3245. test_user = uapi.create_user(
  3246. email='test@test.test',
  3247. password='pass',
  3248. name='bob',
  3249. groups=groups,
  3250. timezone='Europe/Paris',
  3251. do_save=True,
  3252. do_notify=False,
  3253. )
  3254. uapi.save(test_user)
  3255. transaction.commit()
  3256. user_id = int(test_user.user_id)
  3257. self.testapp.authorization = (
  3258. 'Basic',
  3259. (
  3260. 'admin@admin.admin',
  3261. 'admin@admin.admin'
  3262. )
  3263. )
  3264. # check before
  3265. user = uapi.get_one(user_id)
  3266. assert user.validate_password('pass')
  3267. assert not user.validate_password('mynewpassword')
  3268. # Set password
  3269. params = {
  3270. 'new_password': 'mynewpassword',
  3271. 'new_password2': 'mynewpassword',
  3272. 'loggedin_user_password': 'admin@admin.admin',
  3273. }
  3274. self.testapp.put_json(
  3275. '/api/v2/users/{}/password'.format(user_id),
  3276. params=params,
  3277. status=204,
  3278. )
  3279. # Check After
  3280. dbsession = get_tm_session(self.session_factory, transaction.manager)
  3281. uapi = UserApi(
  3282. current_user=admin,
  3283. session=dbsession,
  3284. config=self.app_config,
  3285. )
  3286. user = uapi.get_one(user_id)
  3287. assert not user.validate_password('pass')
  3288. assert user.validate_password('mynewpassword')
  3289. def test_api__set_user_password__err_403__admin_wrong_password(self):
  3290. dbsession = get_tm_session(self.session_factory, transaction.manager)
  3291. admin = dbsession.query(models.User) \
  3292. .filter(models.User.email == 'admin@admin.admin') \
  3293. .one()
  3294. uapi = UserApi(
  3295. current_user=admin,
  3296. session=dbsession,
  3297. config=self.app_config,
  3298. )
  3299. gapi = GroupApi(
  3300. current_user=admin,
  3301. session=dbsession,
  3302. config=self.app_config,
  3303. )
  3304. groups = [gapi.get_one_with_name('users')]
  3305. test_user = uapi.create_user(
  3306. email='test@test.test',
  3307. password='pass',
  3308. name='bob',
  3309. groups=groups,
  3310. timezone='Europe/Paris',
  3311. do_save=True,
  3312. do_notify=False,
  3313. )
  3314. uapi.save(test_user)
  3315. transaction.commit()
  3316. user_id = int(test_user.user_id)
  3317. self.testapp.authorization = (
  3318. 'Basic',
  3319. (
  3320. 'admin@admin.admin',
  3321. 'admin@admin.admin'
  3322. )
  3323. )
  3324. # check before
  3325. user = uapi.get_one(user_id)
  3326. assert user.validate_password('pass')
  3327. assert not user.validate_password('mynewpassword')
  3328. # Set password
  3329. params = {
  3330. 'new_password': 'mynewpassword',
  3331. 'new_password2': 'mynewpassword',
  3332. 'loggedin_user_password': 'wrongpassword',
  3333. }
  3334. self.testapp.put_json(
  3335. '/api/v2/users/{}/password'.format(user_id),
  3336. params=params,
  3337. status=403,
  3338. )
  3339. dbsession = get_tm_session(self.session_factory, transaction.manager)
  3340. uapi = UserApi(
  3341. current_user=admin,
  3342. session=dbsession,
  3343. config=self.app_config,
  3344. )
  3345. # Check After
  3346. user = uapi.get_one(user_id)
  3347. assert user.validate_password('pass')
  3348. assert not user.validate_password('mynewpassword')
  3349. def test_api__set_user_password__err_400__admin_passwords_do_not_match(self): # nopep8
  3350. dbsession = get_tm_session(self.session_factory, transaction.manager)
  3351. admin = dbsession.query(models.User) \
  3352. .filter(models.User.email == 'admin@admin.admin') \
  3353. .one()
  3354. uapi = UserApi(
  3355. current_user=admin,
  3356. session=dbsession,
  3357. config=self.app_config,
  3358. )
  3359. gapi = GroupApi(
  3360. current_user=admin,
  3361. session=dbsession,
  3362. config=self.app_config,
  3363. )
  3364. groups = [gapi.get_one_with_name('users')]
  3365. test_user = uapi.create_user(
  3366. email='test@test.test',
  3367. password='pass',
  3368. name='bob',
  3369. groups=groups,
  3370. timezone='Europe/Paris',
  3371. do_save=True,
  3372. do_notify=False,
  3373. )
  3374. uapi.save(test_user)
  3375. transaction.commit()
  3376. user_id = int(test_user.user_id)
  3377. self.testapp.authorization = (
  3378. 'Basic',
  3379. (
  3380. 'admin@admin.admin',
  3381. 'admin@admin.admin'
  3382. )
  3383. )
  3384. # check before
  3385. user = uapi.get_one(user_id)
  3386. assert user.validate_password('pass')
  3387. assert not user.validate_password('mynewpassword')
  3388. assert not user.validate_password('mynewpassword2')
  3389. # Set password
  3390. params = {
  3391. 'new_password': 'mynewpassword',
  3392. 'new_password2': 'mynewpassword2',
  3393. 'loggedin_user_password': 'admin@admin.admin',
  3394. }
  3395. self.testapp.put_json(
  3396. '/api/v2/users/{}/password'.format(user_id),
  3397. params=params,
  3398. status=400,
  3399. )
  3400. # Check After
  3401. dbsession = get_tm_session(self.session_factory, transaction.manager)
  3402. uapi = UserApi(
  3403. current_user=admin,
  3404. session=dbsession,
  3405. config=self.app_config,
  3406. )
  3407. user = uapi.get_one(user_id)
  3408. assert user.validate_password('pass')
  3409. assert not user.validate_password('mynewpassword')
  3410. assert not user.validate_password('mynewpassword2')
  3411. def test_api__set_user_password__ok_200__user_itself(self):
  3412. dbsession = get_tm_session(self.session_factory, transaction.manager)
  3413. admin = dbsession.query(models.User) \
  3414. .filter(models.User.email == 'admin@admin.admin') \
  3415. .one()
  3416. uapi = UserApi(
  3417. current_user=admin,
  3418. session=dbsession,
  3419. config=self.app_config,
  3420. )
  3421. gapi = GroupApi(
  3422. current_user=admin,
  3423. session=dbsession,
  3424. config=self.app_config,
  3425. )
  3426. groups = [gapi.get_one_with_name('users')]
  3427. test_user = uapi.create_user(
  3428. email='test@test.test',
  3429. password='pass',
  3430. name='bob',
  3431. groups=groups,
  3432. timezone='Europe/Paris',
  3433. do_save=True,
  3434. do_notify=False,
  3435. )
  3436. uapi.save(test_user)
  3437. transaction.commit()
  3438. user_id = int(test_user.user_id)
  3439. self.testapp.authorization = (
  3440. 'Basic',
  3441. (
  3442. 'test@test.test',
  3443. 'pass'
  3444. )
  3445. )
  3446. # check before
  3447. user = uapi.get_one(user_id)
  3448. assert user.validate_password('pass')
  3449. assert not user.validate_password('mynewpassword')
  3450. # Set password
  3451. params = {
  3452. 'new_password': 'mynewpassword',
  3453. 'new_password2': 'mynewpassword',
  3454. 'loggedin_user_password': 'pass',
  3455. }
  3456. self.testapp.put_json(
  3457. '/api/v2/users/{}/password'.format(user_id),
  3458. params=params,
  3459. status=204,
  3460. )
  3461. # Check After
  3462. dbsession = get_tm_session(self.session_factory, transaction.manager)
  3463. uapi = UserApi(
  3464. current_user=admin,
  3465. session=dbsession,
  3466. config=self.app_config,
  3467. )
  3468. user = uapi.get_one(user_id)
  3469. assert not user.validate_password('pass')
  3470. assert user.validate_password('mynewpassword')
  3471. def test_api__set_user_email__err_403__other_normal_user(self):
  3472. dbsession = get_tm_session(self.session_factory, transaction.manager)
  3473. admin = dbsession.query(models.User) \
  3474. .filter(models.User.email == 'admin@admin.admin') \
  3475. .one()
  3476. uapi = UserApi(
  3477. current_user=admin,
  3478. session=dbsession,
  3479. config=self.app_config,
  3480. )
  3481. gapi = GroupApi(
  3482. current_user=admin,
  3483. session=dbsession,
  3484. config=self.app_config,
  3485. )
  3486. groups = [gapi.get_one_with_name('users')]
  3487. test_user = uapi.create_user(
  3488. email='test@test.test',
  3489. password='pass',
  3490. name='bob',
  3491. groups=groups,
  3492. timezone='Europe/Paris',
  3493. do_save=True,
  3494. do_notify=False,
  3495. )
  3496. test_user2 = uapi.create_user(
  3497. email='test2@test2.test2',
  3498. password='pass',
  3499. name='bob2',
  3500. groups=groups,
  3501. timezone='Europe/Paris',
  3502. do_save=True,
  3503. do_notify=False,
  3504. )
  3505. uapi.save(test_user2)
  3506. uapi.save(test_user)
  3507. transaction.commit()
  3508. user_id = int(test_user.user_id)
  3509. self.testapp.authorization = (
  3510. 'Basic',
  3511. (
  3512. 'test@test.test',
  3513. 'pass'
  3514. )
  3515. )
  3516. # Set password
  3517. params = {
  3518. 'email': 'mysuperemail@email.fr',
  3519. 'loggedin_user_password': 'test2@test2.test2',
  3520. }
  3521. self.testapp.put_json(
  3522. '/api/v2/users/{}/email'.format(user_id),
  3523. params=params,
  3524. status=403,
  3525. )
  3526. class TestSetUserInfoEndpoint(FunctionalTest):
  3527. # -*- coding: utf-8 -*-
  3528. """
  3529. Tests for PUT /api/v2/users/{user_id}
  3530. """
  3531. fixtures = [BaseFixture]
  3532. def test_api__set_user_info__ok_200__admin(self):
  3533. dbsession = get_tm_session(self.session_factory, transaction.manager)
  3534. admin = dbsession.query(models.User) \
  3535. .filter(models.User.email == 'admin@admin.admin') \
  3536. .one()
  3537. uapi = UserApi(
  3538. current_user=admin,
  3539. session=dbsession,
  3540. config=self.app_config,
  3541. )
  3542. gapi = GroupApi(
  3543. current_user=admin,
  3544. session=dbsession,
  3545. config=self.app_config,
  3546. )
  3547. groups = [gapi.get_one_with_name('users')]
  3548. test_user = uapi.create_user(
  3549. email='test@test.test',
  3550. password='pass',
  3551. name='bob',
  3552. groups=groups,
  3553. timezone='Europe/Paris',
  3554. do_save=True,
  3555. do_notify=False,
  3556. )
  3557. uapi.save(test_user)
  3558. transaction.commit()
  3559. user_id = int(test_user.user_id)
  3560. self.testapp.authorization = (
  3561. 'Basic',
  3562. (
  3563. 'admin@admin.admin',
  3564. 'admin@admin.admin'
  3565. )
  3566. )
  3567. # check before
  3568. res = self.testapp.get(
  3569. '/api/v2/users/{}'.format(user_id),
  3570. status=200
  3571. )
  3572. res = res.json_body
  3573. assert res['user_id'] == user_id
  3574. assert res['public_name'] == 'bob'
  3575. assert res['timezone'] == 'Europe/Paris'
  3576. # Set params
  3577. params = {
  3578. 'public_name': 'updated',
  3579. 'timezone': 'Europe/London',
  3580. }
  3581. self.testapp.put_json(
  3582. '/api/v2/users/{}'.format(user_id),
  3583. params=params,
  3584. status=200,
  3585. )
  3586. # Check After
  3587. res = self.testapp.get(
  3588. '/api/v2/users/{}'.format(user_id),
  3589. status=200
  3590. )
  3591. res = res.json_body
  3592. assert res['user_id'] == user_id
  3593. assert res['public_name'] == 'updated'
  3594. assert res['timezone'] == 'Europe/London'
  3595. def test_api__set_user_info__ok_200__user_itself(self):
  3596. dbsession = get_tm_session(self.session_factory, transaction.manager)
  3597. admin = dbsession.query(models.User) \
  3598. .filter(models.User.email == 'admin@admin.admin') \
  3599. .one()
  3600. uapi = UserApi(
  3601. current_user=admin,
  3602. session=dbsession,
  3603. config=self.app_config,
  3604. )
  3605. gapi = GroupApi(
  3606. current_user=admin,
  3607. session=dbsession,
  3608. config=self.app_config,
  3609. )
  3610. groups = [gapi.get_one_with_name('users')]
  3611. test_user = uapi.create_user(
  3612. email='test@test.test',
  3613. password='pass',
  3614. name='bob',
  3615. groups=groups,
  3616. timezone='Europe/Paris',
  3617. do_save=True,
  3618. do_notify=False,
  3619. )
  3620. uapi.save(test_user)
  3621. transaction.commit()
  3622. user_id = int(test_user.user_id)
  3623. self.testapp.authorization = (
  3624. 'Basic',
  3625. (
  3626. 'test@test.test',
  3627. 'pass',
  3628. )
  3629. )
  3630. # check before
  3631. res = self.testapp.get(
  3632. '/api/v2/users/{}'.format(user_id),
  3633. status=200
  3634. )
  3635. res = res.json_body
  3636. assert res['user_id'] == user_id
  3637. assert res['public_name'] == 'bob'
  3638. assert res['timezone'] == 'Europe/Paris'
  3639. # Set params
  3640. params = {
  3641. 'public_name': 'updated',
  3642. 'timezone': 'Europe/London',
  3643. }
  3644. self.testapp.put_json(
  3645. '/api/v2/users/{}'.format(user_id),
  3646. params=params,
  3647. status=200,
  3648. )
  3649. # Check After
  3650. res = self.testapp.get(
  3651. '/api/v2/users/{}'.format(user_id),
  3652. status=200
  3653. )
  3654. res = res.json_body
  3655. assert res['user_id'] == user_id
  3656. assert res['public_name'] == 'updated'
  3657. assert res['timezone'] == 'Europe/London'
  3658. def test_api__set_user_email__err_403__other_normal_user(self):
  3659. dbsession = get_tm_session(self.session_factory, transaction.manager)
  3660. admin = dbsession.query(models.User) \
  3661. .filter(models.User.email == 'admin@admin.admin') \
  3662. .one()
  3663. uapi = UserApi(
  3664. current_user=admin,
  3665. session=dbsession,
  3666. config=self.app_config,
  3667. )
  3668. gapi = GroupApi(
  3669. current_user=admin,
  3670. session=dbsession,
  3671. config=self.app_config,
  3672. )
  3673. groups = [gapi.get_one_with_name('users')]
  3674. test_user = uapi.create_user(
  3675. email='test@test.test',
  3676. password='pass',
  3677. name='bob',
  3678. groups=groups,
  3679. timezone='Europe/Paris',
  3680. do_save=True,
  3681. do_notify=False,
  3682. )
  3683. test_user2 = uapi.create_user(
  3684. email='test2@test2.test2',
  3685. password='pass',
  3686. name='test',
  3687. groups=groups,
  3688. timezone='Europe/Paris',
  3689. do_save=True,
  3690. do_notify=False,
  3691. )
  3692. uapi.save(test_user2)
  3693. uapi.save(test_user)
  3694. transaction.commit()
  3695. user_id = int(test_user.user_id)
  3696. self.testapp.authorization = (
  3697. 'Basic',
  3698. (
  3699. 'test2@test2.test2',
  3700. 'pass',
  3701. )
  3702. )
  3703. # Set params
  3704. params = {
  3705. 'public_name': 'updated',
  3706. 'timezone': 'Europe/London',
  3707. }
  3708. self.testapp.put_json(
  3709. '/api/v2/users/{}'.format(user_id),
  3710. params=params,
  3711. status=403,
  3712. )
  3713. class TestSetUserProfilEndpoint(FunctionalTest):
  3714. # -*- coding: utf-8 -*-
  3715. """
  3716. Tests for PUT /api/v2/users/{user_id}/profile
  3717. """
  3718. fixtures = [BaseFixture]
  3719. def test_api__set_user_info__ok_200__admin(self):
  3720. dbsession = get_tm_session(self.session_factory, transaction.manager)
  3721. admin = dbsession.query(models.User) \
  3722. .filter(models.User.email == 'admin@admin.admin') \
  3723. .one()
  3724. uapi = UserApi(
  3725. current_user=admin,
  3726. session=dbsession,
  3727. config=self.app_config,
  3728. )
  3729. gapi = GroupApi(
  3730. current_user=admin,
  3731. session=dbsession,
  3732. config=self.app_config,
  3733. )
  3734. groups = [gapi.get_one_with_name('users')]
  3735. test_user = uapi.create_user(
  3736. email='test@test.test',
  3737. password='pass',
  3738. name='bob',
  3739. groups=groups,
  3740. timezone='Europe/Paris',
  3741. do_save=True,
  3742. do_notify=False,
  3743. )
  3744. uapi.save(test_user)
  3745. transaction.commit()
  3746. user_id = int(test_user.user_id)
  3747. self.testapp.authorization = (
  3748. 'Basic',
  3749. (
  3750. 'admin@admin.admin',
  3751. 'admin@admin.admin'
  3752. )
  3753. )
  3754. # check before
  3755. res = self.testapp.get(
  3756. '/api/v2/users/{}'.format(user_id),
  3757. status=200
  3758. )
  3759. res = res.json_body
  3760. assert res['user_id'] == user_id
  3761. assert res['profile'] == 'users'
  3762. # Set params
  3763. params = {
  3764. 'profile': 'administrators',
  3765. }
  3766. self.testapp.put_json(
  3767. '/api/v2/users/{}/profile'.format(user_id),
  3768. params=params,
  3769. status=204,
  3770. )
  3771. # Check After
  3772. res = self.testapp.get(
  3773. '/api/v2/users/{}'.format(user_id),
  3774. status=200
  3775. )
  3776. res = res.json_body
  3777. assert res['user_id'] == user_id
  3778. assert res['profile'] == 'administrators'
  3779. def test_api__set_user_info__err_403__user_itself(self):
  3780. dbsession = get_tm_session(self.session_factory, transaction.manager)
  3781. admin = dbsession.query(models.User) \
  3782. .filter(models.User.email == 'admin@admin.admin') \
  3783. .one()
  3784. uapi = UserApi(
  3785. current_user=admin,
  3786. session=dbsession,
  3787. config=self.app_config,
  3788. )
  3789. gapi = GroupApi(
  3790. current_user=admin,
  3791. session=dbsession,
  3792. config=self.app_config,
  3793. )
  3794. groups = [gapi.get_one_with_name('users')]
  3795. test_user = uapi.create_user(
  3796. email='test@test.test',
  3797. password='pass',
  3798. name='bob',
  3799. groups=groups,
  3800. timezone='Europe/Paris',
  3801. do_save=True,
  3802. do_notify=False,
  3803. )
  3804. uapi.save(test_user)
  3805. transaction.commit()
  3806. user_id = int(test_user.user_id)
  3807. self.testapp.authorization = (
  3808. 'Basic',
  3809. (
  3810. 'test@test.test',
  3811. 'pass',
  3812. )
  3813. )
  3814. # check before
  3815. res = self.testapp.get(
  3816. '/api/v2/users/{}'.format(user_id),
  3817. status=200
  3818. )
  3819. res = res.json_body
  3820. assert res['user_id'] == user_id
  3821. assert res['profile'] == 'users'
  3822. # Set params
  3823. params = {
  3824. 'profile': 'administrators',
  3825. }
  3826. self.testapp.put_json(
  3827. '/api/v2/users/{}/profile'.format(user_id),
  3828. params=params,
  3829. status=403,
  3830. )
  3831. # Check After
  3832. res = self.testapp.get(
  3833. '/api/v2/users/{}'.format(user_id),
  3834. status=200
  3835. )
  3836. res = res.json_body
  3837. assert res['user_id'] == user_id
  3838. assert res['profile'] == 'users'
  3839. def test_api__set_user_email__err_403__other_normal_user(self):
  3840. dbsession = get_tm_session(self.session_factory, transaction.manager)
  3841. admin = dbsession.query(models.User) \
  3842. .filter(models.User.email == 'admin@admin.admin') \
  3843. .one()
  3844. uapi = UserApi(
  3845. current_user=admin,
  3846. session=dbsession,
  3847. config=self.app_config,
  3848. )
  3849. gapi = GroupApi(
  3850. current_user=admin,
  3851. session=dbsession,
  3852. config=self.app_config,
  3853. )
  3854. groups = [gapi.get_one_with_name('users')]
  3855. test_user = uapi.create_user(
  3856. email='test@test.test',
  3857. password='pass',
  3858. name='bob',
  3859. groups=groups,
  3860. timezone='Europe/Paris',
  3861. do_save=True,
  3862. do_notify=False,
  3863. )
  3864. test_user2 = uapi.create_user(
  3865. email='test2@test2.test2',
  3866. password='pass',
  3867. name='test',
  3868. groups=groups,
  3869. timezone='Europe/Paris',
  3870. do_save=True,
  3871. do_notify=False,
  3872. )
  3873. uapi.save(test_user2)
  3874. uapi.save(test_user)
  3875. transaction.commit()
  3876. user_id = int(test_user.user_id)
  3877. self.testapp.authorization = (
  3878. 'Basic',
  3879. (
  3880. 'test2@test2.test2',
  3881. 'pass',
  3882. )
  3883. )
  3884. # Set params
  3885. params = {
  3886. 'profile': 'administrators',
  3887. }
  3888. self.testapp.put_json(
  3889. '/api/v2/users/{}/profile'.format(user_id),
  3890. params=params,
  3891. status=403,
  3892. )
  3893. class TestSetUserEnableDisableEndpoints(FunctionalTest):
  3894. # -*- coding: utf-8 -*-
  3895. """
  3896. Tests for PUT /api/v2/users/{user_id}/enable
  3897. and PUT /api/v2/users/{user_id}/disable
  3898. """
  3899. fixtures = [BaseFixture]
  3900. def test_api_enable_user__ok_200__admin(self):
  3901. dbsession = get_tm_session(self.session_factory, transaction.manager)
  3902. admin = dbsession.query(models.User) \
  3903. .filter(models.User.email == 'admin@admin.admin') \
  3904. .one()
  3905. uapi = UserApi(
  3906. current_user=admin,
  3907. session=dbsession,
  3908. config=self.app_config,
  3909. )
  3910. gapi = GroupApi(
  3911. current_user=admin,
  3912. session=dbsession,
  3913. config=self.app_config,
  3914. )
  3915. groups = [gapi.get_one_with_name('users')]
  3916. test_user = uapi.create_user(
  3917. email='test@test.test',
  3918. password='pass',
  3919. name='bob',
  3920. groups=groups,
  3921. timezone='Europe/Paris',
  3922. do_save=True,
  3923. do_notify=False,
  3924. )
  3925. uapi.disable(test_user, do_save=True)
  3926. uapi.save(test_user)
  3927. transaction.commit()
  3928. user_id = int(test_user.user_id)
  3929. self.testapp.authorization = (
  3930. 'Basic',
  3931. (
  3932. 'admin@admin.admin',
  3933. 'admin@admin.admin'
  3934. )
  3935. )
  3936. # check before
  3937. res = self.testapp.get(
  3938. '/api/v2/users/{}'.format(user_id),
  3939. status=200
  3940. )
  3941. res = res.json_body
  3942. assert res['user_id'] == user_id
  3943. assert res['is_active'] is False
  3944. self.testapp.put_json(
  3945. '/api/v2/users/{}/enable'.format(user_id),
  3946. status=204,
  3947. )
  3948. # Check After
  3949. res = self.testapp.get(
  3950. '/api/v2/users/{}'.format(user_id),
  3951. status=200
  3952. )
  3953. res = res.json_body
  3954. assert res['user_id'] == user_id
  3955. assert res['is_active'] is True
  3956. def test_api_disable_user__ok_200__admin(self):
  3957. dbsession = get_tm_session(self.session_factory, transaction.manager)
  3958. admin = dbsession.query(models.User) \
  3959. .filter(models.User.email == 'admin@admin.admin') \
  3960. .one()
  3961. uapi = UserApi(
  3962. current_user=admin,
  3963. session=dbsession,
  3964. config=self.app_config,
  3965. )
  3966. gapi = GroupApi(
  3967. current_user=admin,
  3968. session=dbsession,
  3969. config=self.app_config,
  3970. )
  3971. groups = [gapi.get_one_with_name('users')]
  3972. test_user = uapi.create_user(
  3973. email='test@test.test',
  3974. password='pass',
  3975. name='bob',
  3976. groups=groups,
  3977. timezone='Europe/Paris',
  3978. do_save=True,
  3979. do_notify=False,
  3980. )
  3981. uapi.enable(test_user, do_save=True)
  3982. uapi.save(test_user)
  3983. transaction.commit()
  3984. user_id = int(test_user.user_id)
  3985. self.testapp.authorization = (
  3986. 'Basic',
  3987. (
  3988. 'admin@admin.admin',
  3989. 'admin@admin.admin'
  3990. )
  3991. )
  3992. # check before
  3993. res = self.testapp.get(
  3994. '/api/v2/users/{}'.format(user_id),
  3995. status=200
  3996. )
  3997. res = res.json_body
  3998. assert res['user_id'] == user_id
  3999. assert res['is_active'] is True
  4000. self.testapp.put_json(
  4001. '/api/v2/users/{}/disable'.format(user_id),
  4002. status=204,
  4003. )
  4004. # Check After
  4005. res = self.testapp.get(
  4006. '/api/v2/users/{}'.format(user_id),
  4007. status=200
  4008. )
  4009. res = res.json_body
  4010. assert res['user_id'] == user_id
  4011. assert res['is_active'] is False
  4012. def test_api_enable_user__err_403__other_account(self):
  4013. dbsession = get_tm_session(self.session_factory, transaction.manager)
  4014. admin = dbsession.query(models.User) \
  4015. .filter(models.User.email == 'admin@admin.admin') \
  4016. .one()
  4017. uapi = UserApi(
  4018. current_user=admin,
  4019. session=dbsession,
  4020. config=self.app_config,
  4021. )
  4022. gapi = GroupApi(
  4023. current_user=admin,
  4024. session=dbsession,
  4025. config=self.app_config,
  4026. )
  4027. groups = [gapi.get_one_with_name('users')]
  4028. test_user = uapi.create_user(
  4029. email='test@test.test',
  4030. password='pass',
  4031. name='bob',
  4032. groups=groups,
  4033. timezone='Europe/Paris',
  4034. do_save=True,
  4035. do_notify=False,
  4036. )
  4037. test_user2 = uapi.create_user(
  4038. email='test2@test2.test2',
  4039. password='pass',
  4040. name='test2',
  4041. groups=groups,
  4042. timezone='Europe/Paris',
  4043. do_save=True,
  4044. do_notify=False,
  4045. )
  4046. uapi.disable(test_user, do_save=True)
  4047. uapi.save(test_user2)
  4048. uapi.save(test_user)
  4049. transaction.commit()
  4050. user_id = int(test_user.user_id)
  4051. self.testapp.authorization = (
  4052. 'Basic',
  4053. (
  4054. 'test2@test2.test2',
  4055. 'pass'
  4056. )
  4057. )
  4058. self.testapp.put_json(
  4059. '/api/v2/users/{}/enable'.format(user_id),
  4060. status=403,
  4061. )
  4062. def test_api_disable_user__err_403__other_account(self):
  4063. dbsession = get_tm_session(self.session_factory, transaction.manager)
  4064. admin = dbsession.query(models.User) \
  4065. .filter(models.User.email == 'admin@admin.admin') \
  4066. .one()
  4067. uapi = UserApi(
  4068. current_user=admin,
  4069. session=dbsession,
  4070. config=self.app_config,
  4071. )
  4072. gapi = GroupApi(
  4073. current_user=admin,
  4074. session=dbsession,
  4075. config=self.app_config,
  4076. )
  4077. groups = [gapi.get_one_with_name('users')]
  4078. test_user = uapi.create_user(
  4079. email='test@test.test',
  4080. password='pass',
  4081. name='bob',
  4082. groups=groups,
  4083. timezone='Europe/Paris',
  4084. do_save=True,
  4085. do_notify=False,
  4086. )
  4087. test_user2 = uapi.create_user(
  4088. email='test2@test2.test2',
  4089. password='pass',
  4090. name='test2',
  4091. groups=groups,
  4092. timezone='Europe/Paris',
  4093. do_save=True,
  4094. do_notify=False,
  4095. )
  4096. uapi.enable(test_user, do_save=True)
  4097. uapi.save(test_user2)
  4098. uapi.save(test_user)
  4099. transaction.commit()
  4100. user_id = int(test_user.user_id)
  4101. self.testapp.authorization = (
  4102. 'Basic',
  4103. (
  4104. 'test2@test2.test2',
  4105. 'pass'
  4106. )
  4107. )
  4108. self.testapp.put_json(
  4109. '/api/v2/users/{}/disable'.format(user_id),
  4110. status=403,
  4111. )
  4112. def test_api_disable_user__ok_200__user_itself(self):
  4113. dbsession = get_tm_session(self.session_factory, transaction.manager)
  4114. admin = dbsession.query(models.User) \
  4115. .filter(models.User.email == 'admin@admin.admin') \
  4116. .one()
  4117. uapi = UserApi(
  4118. current_user=admin,
  4119. session=dbsession,
  4120. config=self.app_config,
  4121. )
  4122. gapi = GroupApi(
  4123. current_user=admin,
  4124. session=dbsession,
  4125. config=self.app_config,
  4126. )
  4127. groups = [gapi.get_one_with_name('users')]
  4128. test_user = uapi.create_user(
  4129. email='test@test.test',
  4130. password='pass',
  4131. name='bob',
  4132. groups=groups,
  4133. timezone='Europe/Paris',
  4134. do_save=True,
  4135. do_notify=False,
  4136. )
  4137. uapi.enable(test_user, do_save=True)
  4138. uapi.save(test_user)
  4139. transaction.commit()
  4140. user_id = int(test_user.user_id)
  4141. self.testapp.authorization = (
  4142. 'Basic',
  4143. (
  4144. 'test@test.test',
  4145. 'pass'
  4146. )
  4147. )
  4148. # check before
  4149. res = self.testapp.get(
  4150. '/api/v2/users/{}'.format(user_id),
  4151. status=200
  4152. )
  4153. res = res.json_body
  4154. assert res['user_id'] == user_id
  4155. assert res['is_active'] is True
  4156. self.testapp.put_json(
  4157. '/api/v2/users/{}/disable'.format(user_id),
  4158. status=403,
  4159. )
  4160. # Check After
  4161. res = self.testapp.get(
  4162. '/api/v2/users/{}'.format(user_id),
  4163. status=200
  4164. )
  4165. res = res.json_body
  4166. assert res['user_id'] == user_id
  4167. assert res['is_active'] is True