Home Explore Help
Sign In
bux
/
tracim_v2
Watch 1
Star 0
Fork 0
Code Issues 0 Pull Requests 0 Releases 0 Wiki Activity
1238 Commits
1 Branches
Tree: befb462f50
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from 'befb462f50'
${ noResults }
tracim_v2/backend/tracim_backend/tests/functional/test_user.py

test_user.py 163KB
History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598599600601602603604605606607608609610611612613614615616617618619620621622623624625626627628629630631632633634635636637638639640641642643644645646647648649650651652653654655656657658659660661662663664665666667668669670671672673674675676677678679680681682683684685686687688689690691692693694695696697698699700701702703704705706707708709710711712713714715716717718719720721722723724725726727728729730731732733734735736737738739740741742743744745746747748749750751752753754755756757758759760761762763764765766767768769770771772773774775776777778779780781782783784785786787788789790791792793794795796797798799800801802803804805806807808809810811812813814815816817818819820821822823824825826827828829830831832833834835836837838839840841842843844845846847848849850851852853854855856857858859860861862863864865866867868869870871872873874875876877878879880881882883884885886887888889890891892893894895896897898899900901902903904905906907908909910911912913914915916917918919920921922923924925926927928929930931932933934935936937938939940941942943944945946947948949950951952953954955956957958959960961962963964965966967968969970971972973974975976977978979980981982983984985986987988989990991992993994995996997998999100010011002100310041005100610071008100910101011101210131014101510161017101810191020102110221023102410251026102710281029103010311032103310341035103610371038103910401041104210431044104510461047104810491050105110521053105410551056105710581059106010611062106310641065106610671068106910701071107210731074107510761077107810791080108110821083108410851086108710881089109010911092109310941095109610971098109911001101110211031104110511061107110811091110111111121113111411151116111711181119112011211122112311241125112611271128112911301131113211331134113511361137113811391140114111421143114411451146114711481149115011511152115311541155115611571158115911601161116211631164116511661167116811691170117111721173117411751176117711781179118011811182118311841185118611871188118911901191119211931194119511961197119811991200120112021203120412051206120712081209121012111212121312141215121612171218121912201221122212231224122512261227122812291230123112321233123412351236123712381239124012411242124312441245124612471248124912501251125212531254125512561257125812591260126112621263126412651266126712681269127012711272127312741275127612771278127912801281128212831284128512861287128812891290129112921293129412951296129712981299130013011302130313041305130613071308130913101311131213131314131513161317131813191320132113221323132413251326132713281329133013311332133313341335133613371338133913401341134213431344134513461347134813491350135113521353135413551356135713581359136013611362136313641365136613671368136913701371137213731374137513761377137813791380138113821383138413851386138713881389139013911392139313941395139613971398139914001401140214031404140514061407140814091410141114121413141414151416141714181419142014211422142314241425142614271428142914301431143214331434143514361437143814391440144114421443144414451446144714481449145014511452145314541455145614571458145914601461146214631464146514661467146814691470147114721473147414751476147714781479148014811482148314841485148614871488148914901491149214931494149514961497149814991500150115021503150415051506150715081509151015111512151315141515151615171518151915201521152215231524152515261527152815291530153115321533153415351536153715381539154015411542154315441545154615471548154915501551155215531554155515561557155815591560156115621563156415651566156715681569157015711572157315741575157615771578157915801581158215831584158515861587158815891590159115921593159415951596159715981599160016011602160316041605160616071608160916101611161216131614161516161617161816191620162116221623162416251626162716281629163016311632163316341635163616371638163916401641164216431644164516461647164816491650165116521653165416551656165716581659166016611662166316641665166616671668166916701671167216731674167516761677167816791680168116821683168416851686168716881689169016911692169316941695169616971698169917001701170217031704170517061707170817091710171117121713171417151716171717181719172017211722172317241725172617271728172917301731173217331734173517361737173817391740174117421743174417451746174717481749175017511752175317541755175617571758175917601761176217631764176517661767176817691770177117721773177417751776177717781779178017811782178317841785178617871788178917901791179217931794179517961797179817991800180118021803180418051806180718081809181018111812181318141815181618171818181918201821182218231824182518261827182818291830183118321833183418351836183718381839184018411842184318441845184618471848184918501851185218531854185518561857185818591860186118621863186418651866186718681869187018711872187318741875187618771878187918801881188218831884188518861887188818891890189118921893189418951896189718981899190019011902190319041905190619071908190919101911191219131914191519161917191819191920192119221923192419251926192719281929193019311932193319341935193619371938193919401941194219431944194519461947194819491950195119521953195419551956195719581959196019611962196319641965196619671968196919701971197219731974197519761977197819791980198119821983198419851986198719881989199019911992199319941995199619971998199920002001200220032004200520062007200820092010201120122013201420152016201720182019202020212022202320242025202620272028202920302031203220332034203520362037203820392040204120422043204420452046204720482049205020512052205320542055205620572058205920602061206220632064206520662067206820692070207120722073207420752076207720782079208020812082208320842085208620872088208920902091209220932094209520962097209820992100210121022103210421052106210721082109211021112112211321142115211621172118211921202121212221232124212521262127212821292130213121322133213421352136213721382139214021412142214321442145214621472148214921502151215221532154215521562157215821592160216121622163216421652166216721682169217021712172217321742175217621772178217921802181218221832184218521862187218821892190219121922193219421952196219721982199220022012202220322042205220622072208220922102211221222132214221522162217221822192220222122222223222422252226222722282229223022312232223322342235223622372238223922402241224222432244224522462247224822492250225122522253225422552256225722582259226022612262226322642265226622672268226922702271227222732274227522762277227822792280228122822283228422852286228722882289229022912292229322942295229622972298229923002301230223032304230523062307230823092310231123122313231423152316231723182319232023212322232323242325232623272328232923302331233223332334233523362337233823392340234123422343234423452346234723482349235023512352235323542355235623572358235923602361236223632364236523662367236823692370237123722373237423752376237723782379238023812382238323842385238623872388238923902391239223932394239523962397239823992400240124022403240424052406240724082409241024112412241324142415241624172418241924202421242224232424242524262427242824292430243124322433243424352436243724382439244024412442244324442445244624472448244924502451245224532454245524562457245824592460246124622463246424652466246724682469247024712472247324742475247624772478247924802481248224832484248524862487248824892490249124922493249424952496249724982499250025012502250325042505250625072508250925102511251225132514251525162517251825192520252125222523252425252526252725282529253025312532253325342535253625372538253925402541254225432544254525462547254825492550255125522553255425552556255725582559256025612562256325642565256625672568256925702571257225732574257525762577257825792580258125822583258425852586258725882589259025912592259325942595259625972598259926002601260226032604260526062607260826092610261126122613261426152616261726182619262026212622262326242625262626272628262926302631263226332634263526362637263826392640264126422643264426452646264726482649265026512652265326542655265626572658265926602661266226632664266526662667266826692670267126722673267426752676267726782679268026812682268326842685268626872688268926902691269226932694269526962697269826992700270127022703270427052706270727082709271027112712271327142715271627172718271927202721272227232724272527262727272827292730273127322733273427352736273727382739274027412742274327442745274627472748274927502751275227532754275527562757275827592760276127622763276427652766276727682769277027712772277327742775277627772778277927802781278227832784278527862787278827892790279127922793279427952796279727982799280028012802280328042805280628072808280928102811281228132814281528162817281828192820282128222823282428252826282728282829283028312832283328342835283628372838283928402841284228432844284528462847284828492850285128522853285428552856285728582859286028612862286328642865286628672868286928702871287228732874287528762877287828792880288128822883288428852886288728882889289028912892289328942895289628972898289929002901290229032904290529062907290829092910291129122913291429152916291729182919292029212922292329242925292629272928292929302931293229332934293529362937293829392940294129422943294429452946294729482949295029512952295329542955295629572958295929602961296229632964296529662967296829692970297129722973297429752976297729782979298029812982298329842985298629872988298929902991299229932994299529962997299829993000300130023003300430053006300730083009301030113012301330143015301630173018301930203021302230233024302530263027302830293030303130323033303430353036303730383039304030413042304330443045304630473048304930503051305230533054305530563057305830593060306130623063306430653066306730683069307030713072307330743075307630773078307930803081308230833084308530863087308830893090309130923093309430953096309730983099310031013102310331043105310631073108310931103111311231133114311531163117311831193120312131223123312431253126312731283129313031313132313331343135313631373138313931403141314231433144314531463147314831493150315131523153315431553156315731583159316031613162316331643165316631673168316931703171317231733174317531763177317831793180318131823183318431853186318731883189319031913192319331943195319631973198319932003201320232033204320532063207320832093210321132123213321432153216321732183219322032213222322332243225322632273228322932303231323232333234323532363237323832393240324132423243324432453246324732483249325032513252325332543255325632573258325932603261326232633264326532663267326832693270327132723273327432753276327732783279328032813282328332843285328632873288328932903291329232933294329532963297329832993300330133023303330433053306330733083309331033113312331333143315331633173318331933203321332233233324332533263327332833293330333133323333333433353336333733383339334033413342334333443345334633473348334933503351335233533354335533563357335833593360336133623363336433653366336733683369337033713372337333743375337633773378337933803381338233833384338533863387338833893390339133923393339433953396339733983399340034013402340334043405340634073408340934103411341234133414341534163417341834193420342134223423342434253426342734283429343034313432343334343435343634373438343934403441344234433444344534463447344834493450345134523453345434553456345734583459346034613462346334643465346634673468346934703471347234733474347534763477347834793480348134823483348434853486348734883489349034913492349334943495349634973498349935003501350235033504350535063507350835093510351135123513351435153516351735183519352035213522352335243525352635273528352935303531353235333534353535363537353835393540354135423543354435453546354735483549355035513552355335543555355635573558355935603561356235633564356535663567356835693570357135723573357435753576357735783579358035813582358335843585358635873588358935903591359235933594359535963597359835993600360136023603360436053606360736083609361036113612361336143615361636173618361936203621362236233624362536263627362836293630363136323633363436353636363736383639364036413642364336443645364636473648364936503651365236533654365536563657365836593660366136623663366436653666366736683669367036713672367336743675367636773678367936803681368236833684368536863687368836893690369136923693369436953696369736983699370037013702370337043705370637073708370937103711371237133714371537163717371837193720372137223723372437253726372737283729373037313732373337343735373637373738373937403741374237433744374537463747374837493750375137523753375437553756375737583759376037613762376337643765376637673768376937703771377237733774377537763777377837793780378137823783378437853786378737883789379037913792379337943795379637973798379938003801380238033804380538063807380838093810381138123813381438153816381738183819382038213822382338243825382638273828382938303831383238333834383538363837383838393840384138423843384438453846384738483849385038513852385338543855385638573858385938603861386238633864386538663867386838693870387138723873387438753876387738783879388038813882388338843885388638873888388938903891389238933894389538963897389838993900390139023903390439053906390739083909391039113912391339143915391639173918391939203921392239233924392539263927392839293930393139323933393439353936393739383939394039413942394339443945394639473948394939503951395239533954395539563957395839593960396139623963396439653966396739683969397039713972397339743975397639773978397939803981398239833984398539863987398839893990399139923993399439953996399739983999400040014002400340044005400640074008400940104011401240134014401540164017401840194020402140224023402440254026402740284029403040314032403340344035403640374038403940404041404240434044404540464047404840494050405140524053405440554056405740584059406040614062406340644065406640674068406940704071407240734074407540764077407840794080408140824083408440854086408740884089409040914092409340944095409640974098409941004101410241034104410541064107410841094110411141124113411441154116411741184119412041214122412341244125412641274128412941304131413241334134413541364137413841394140414141424143414441454146414741484149415041514152415341544155415641574158415941604161416241634164416541664167416841694170417141724173417441754176417741784179418041814182418341844185418641874188418941904191419241934194419541964197419841994200420142024203420442054206420742084209421042114212421342144215421642174218421942204221422242234224422542264227422842294230423142324233423442354236423742384239424042414242424342444245424642474248424942504251425242534254425542564257425842594260426142624263426442654266426742684269427042714272427342744275427642774278427942804281428242834284428542864287428842894290429142924293429442954296429742984299430043014302430343044305430643074308430943104311431243134314431543164317431843194320432143224323432443254326432743284329433043314332433343344335433643374338433943404341434243434344434543464347434843494350435143524353435443554356435743584359436043614362436343644365436643674368436943704371437243734374437543764377437843794380438143824383438443854386438743884389439043914392439343944395439643974398439944004401440244034404440544064407440844094410441144124413441444154416441744184419442044214422442344244425442644274428442944304431443244334434443544364437443844394440444144424443444444454446444744484449445044514452445344544455445644574458445944604461446244634464446544664467446844694470447144724473447444754476447744784479448044814482448344844485448644874488448944904491449244934494449544964497449844994500450145024503450445054506450745084509451045114512451345144515451645174518451945204521452245234524452545264527452845294530453145324533453445354536453745384539454045414542454345444545454645474548454945504551455245534554455545564557455845594560456145624563456445654566456745684569457045714572457345744575457645774578457945804581458245834584458545864587458845894590459145924593459445954596459745984599460046014602460346044605460646074608460946104611461246134614461546164617461846194620462146224623462446254626462746284629463046314632463346344635463646374638463946404641464246434644464546464647464846494650465146524653465446554656465746584659466046614662466346644665466646674668466946704671467246734674467546764677467846794680468146824683468446854686468746884689469046914692469346944695469646974698469947004701470247034704470547064707470847094710471147124713471447154716471747184719472047214722472347244725472647274728472947304731473247334734 
  1. # -*- coding: utf-8 -*-

  2. """

  3. Tests for /api/v2/users subpath endpoints.

  4. """

  5. from time import sleep

  6. import pytest

  7. import requests

  8. import transaction

  9. 

  10. from tracim_backend import models

  11. from tracim_backend.lib.core.content import ContentApi

  12. from tracim_backend.lib.core.user import UserApi

  13. from tracim_backend.lib.core.group import GroupApi

  14. from tracim_backend.lib.core.userworkspace import RoleApi

  15. from tracim_backend.lib.core.workspace import WorkspaceApi

  16. from tracim_backend.models import get_tm_session

  17. from tracim_backend.models.contents import CONTENT_TYPES

  18. from tracim_backend.models.data import UserRoleInWorkspace

  19. from tracim_backend.models.revision_protection import new_revision

  20. from tracim_backend.tests import FunctionalTest

  21. from tracim_backend.fixtures.content import Content as ContentFixtures

  22. from tracim_backend.fixtures.users_and_groups import Base as BaseFixture

  23. 

  24. 

  25. class TestUserRecentlyActiveContentEndpoint(FunctionalTest):

  26.     """

  27.     Tests for /api/v2/users/{user_id}/workspaces/{workspace_id}/contents/recently_active # nopep8

  28.     """

  29.     fixtures = [BaseFixture]

  30. 

  31.     def test_api__get_recently_active_content__ok__200__admin(self):

  32. 

  33.         # init DB

  34.         dbsession = get_tm_session(self.session_factory, transaction.manager)

  35.         admin = dbsession.query(models.User) \

  36.             .filter(models.User.email == 'admin@admin.admin') \

  37.             .one()

  38.         workspace_api = WorkspaceApi(

  39.             current_user=admin,

  40.             session=dbsession,

  41.             config=self.app_config

  42. 

  43.         )

  44.         workspace = WorkspaceApi(

  45.             current_user=admin,

  46.             session=dbsession,

  47.             config=self.app_config,

  48.         ).create_workspace(

  49.             'test workspace',

  50.             save_now=True

  51.         )

  52.         workspace2 = WorkspaceApi(

  53.             current_user=admin,

  54.             session=dbsession,

  55.             config=self.app_config,

  56.         ).create_workspace(

  57.             'test workspace2',

  58.             save_now=True

  59.         )

  60.         uapi = UserApi(

  61.             current_user=admin,

  62.             session=dbsession,

  63.             config=self.app_config,

  64.         )

  65.         gapi = GroupApi(

  66.             current_user=admin,

  67.             session=dbsession,

  68.             config=self.app_config,

  69.         )

  70.         groups = [gapi.get_one_with_name('users')]

  71.         test_user = uapi.create_user(

  72.             email='test@test.test',

  73.             password='pass',

  74.             name='bob',

  75.             groups=groups,

  76.             timezone='Europe/Paris',

  77.             do_save=True,

  78.             do_notify=False,

  79.         )

  80.         rapi = RoleApi(

  81.             current_user=admin,

  82.             session=dbsession,

  83.             config=self.app_config,

  84.         )

  85.         rapi.create_one(test_user, workspace, UserRoleInWorkspace.READER, False)

  86.         api = ContentApi(

  87.             current_user=admin,

  88.             session=dbsession,

  89.             config=self.app_config,

  90.         )

  91.         main_folder_workspace2 = api.create(CONTENT_TYPES.Folder.slug, workspace2, None, 'Hepla', '', True)  # nopep8

  92.         main_folder = api.create(CONTENT_TYPES.Folder.slug, workspace, None, 'this is randomized folder', '', True)  # nopep8

  93.         # creation order test

  94.         firstly_created = api.create(CONTENT_TYPES.Page.slug, workspace, main_folder, 'creation_order_test', '', True)  # nopep8

  95.         secondly_created = api.create(CONTENT_TYPES.Page.slug, workspace, main_folder, 'another creation_order_test', '', True)  # nopep8

  96.         # update order test

  97.         firstly_created_but_recently_updated = api.create(CONTENT_TYPES.Page.slug, workspace, main_folder, 'update_order_test', '', True)  # nopep8

  98.         secondly_created_but_not_updated = api.create(CONTENT_TYPES.Page.slug, workspace, main_folder, 'another update_order_test', '', True)  # nopep8

  99.         with new_revision(

  100.             session=dbsession,

  101.             tm=transaction.manager,

  102.             content=firstly_created_but_recently_updated,

  103.         ):

  104.             firstly_created_but_recently_updated.description = 'Just an update'

  105.         api.save(firstly_created_but_recently_updated)

  106.         # comment change order

  107.         firstly_created_but_recently_commented = api.create(CONTENT_TYPES.Page.slug, workspace, main_folder, 'this is randomized label content', '', True)  # nopep8

  108.         secondly_created_but_not_commented = api.create(CONTENT_TYPES.Page.slug, workspace, main_folder, 'this is another randomized label content', '', True)  # nopep8

  109.         comments = api.create_comment(workspace, firstly_created_but_recently_commented, 'juste a super comment', True)  # nopep8

  110.         content_workspace_2 = api.create(CONTENT_TYPES.Page.slug, workspace2,main_folder_workspace2, 'content_workspace_2', '',True)  # nopep8

  111.         dbsession.flush()

  112.         transaction.commit()

  113. 

  114.         self.testapp.authorization = (

  115.             'Basic',

  116.             (

  117.                 'admin@admin.admin',

  118.                 'admin@admin.admin'

  119.             )

  120.         )

  121.         res = self.testapp.get('/api/v2/users/{user_id}/workspaces/{workspace_id}/contents/recently_active'.format(   # nopep8

  122.             user_id=test_user.user_id,

  123.             workspace_id=workspace.workspace_id

  124.         ), status=200)

  125.         res = res.json_body

  126.         assert len(res) == 7

  127.         for elem in res:

  128.             assert isinstance(elem['content_id'], int)

  129.             assert isinstance(elem['content_type'], str)

  130.             assert elem['content_type'] != 'comments'

  131.             assert isinstance(elem['is_archived'], bool)

  132.             assert isinstance(elem['is_deleted'], bool)

  133.             assert isinstance(elem['label'], str)

  134.             assert isinstance(elem['parent_id'], int) or elem['parent_id'] is None

  135.             assert isinstance(elem['show_in_ui'], bool)

  136.             assert isinstance(elem['slug'], str)

  137.             assert isinstance(elem['status'], str)

  138.             assert isinstance(elem['sub_content_types'], list)

  139.             for sub_content_type in elem['sub_content_types']:

  140.                 assert isinstance(sub_content_type, str)

  141.             assert isinstance(elem['workspace_id'], int)

  142.         # comment is newest than page2

  143.         assert res[0]['content_id'] == firstly_created_but_recently_commented.content_id

  144.         assert res[1]['content_id'] == secondly_created_but_not_commented.content_id

  145.         # last updated content is newer than other one despite creation

  146.         # of the other is more recent

  147.         assert res[2]['content_id'] == firstly_created_but_recently_updated.content_id

  148.         assert res[3]['content_id'] == secondly_created_but_not_updated.content_id

  149.         # creation order is inverted here as last created is last active

  150.         assert res[4]['content_id'] == secondly_created.content_id

  151.         assert res[5]['content_id'] == firstly_created.content_id

  152.         # folder subcontent modification does not change folder order

  153.         assert res[6]['content_id'] == main_folder.content_id

  154. 

  155.     def test_api__get_recently_active_content__err__400__no_access_to_workspace(self):

  156. 

  157.         # init DB

  158.         dbsession = get_tm_session(self.session_factory, transaction.manager)

  159.         admin = dbsession.query(models.User) \

  160.             .filter(models.User.email == 'admin@admin.admin') \

  161.             .one()

  162.         workspace_api = WorkspaceApi(

  163.             current_user=admin,

  164.             session=dbsession,

  165.             config=self.app_config

  166. 

  167.         )

  168.         workspace = WorkspaceApi(

  169.             current_user=admin,

  170.             session=dbsession,

  171.             config=self.app_config,

  172.         ).create_workspace(

  173.             'test workspace',

  174.             save_now=True

  175.         )

  176.         workspace2 = WorkspaceApi(

  177.             current_user=admin,

  178.             session=dbsession,

  179.             config=self.app_config,

  180.         ).create_workspace(

  181.             'test workspace2',

  182.             save_now=True

  183.         )

  184.         uapi = UserApi(

  185.             current_user=admin,

  186.             session=dbsession,

  187.             config=self.app_config,

  188.         )

  189.         gapi = GroupApi(

  190.             current_user=admin,

  191.             session=dbsession,

  192.             config=self.app_config,

  193.         )

  194.         groups = [gapi.get_one_with_name('users')]

  195.         test_user = uapi.create_user(

  196.             email='test@test.test',

  197.             password='pass',

  198.             name='bob',

  199.             groups=groups,

  200.             timezone='Europe/Paris',

  201.             do_save=True,

  202.             do_notify=False,

  203.         )

  204.         api = ContentApi(

  205.             current_user=admin,

  206.             session=dbsession,

  207.             config=self.app_config,

  208.         )

  209.         main_folder_workspace2 = api.create(CONTENT_TYPES.Folder.slug, workspace2, None, 'Hepla', '', True)  # nopep8

  210.         main_folder = api.create(CONTENT_TYPES.Folder.slug, workspace, None, 'this is randomized folder', '', True)  # nopep8

  211.         # creation order test

  212.         firstly_created = api.create(CONTENT_TYPES.Page.slug, workspace, main_folder, 'creation_order_test', '', True)  # nopep8

  213.         secondly_created = api.create(CONTENT_TYPES.Page.slug, workspace, main_folder, 'another creation_order_test', '', True)  # nopep8

  214.         # update order test

  215.         firstly_created_but_recently_updated = api.create(CONTENT_TYPES.Page.slug, workspace, main_folder, 'update_order_test', '', True)  # nopep8

  216.         secondly_created_but_not_updated = api.create(CONTENT_TYPES.Page.slug, workspace, main_folder, 'another update_order_test', '', True)  # nopep8

  217. 

  218.         with new_revision(

  219.             session=dbsession,

  220.             tm=transaction.manager,

  221.             content=firstly_created_but_recently_updated,

  222.         ):

  223.             firstly_created_but_recently_updated.description = 'Just an update'

  224.         api.save(firstly_created_but_recently_updated)

  225.         # comment change order

  226.         firstly_created_but_recently_commented = api.create(CONTENT_TYPES.Page.slug, workspace, main_folder, 'this is randomized label content', '', True)  # nopep8

  227.         secondly_created_but_not_commented = api.create(CONTENT_TYPES.Page.slug, workspace, main_folder, 'this is another randomized label content', '', True)  # nopep8

  228.         comments = api.create_comment(workspace, firstly_created_but_recently_commented, 'juste a super comment', True)  # nopep8

  229.         content_workspace_2 = api.create(CONTENT_TYPES.Page.slug, workspace2,main_folder_workspace2, 'content_workspace_2', '',True)  # nopep8

  230.         dbsession.flush()

  231.         transaction.commit()

  232. 

  233.         self.testapp.authorization = (

  234.             'Basic',

  235.             (

  236.                 'admin@admin.admin',

  237.                 'admin@admin.admin'

  238.             )

  239.         )

  240.         res = self.testapp.get('/api/v2/users/{user_id}/workspaces/{workspace_id}/contents/recently_active'.format(   # nopep8

  241.             user_id=test_user.user_id,

  242.             workspace_id=workspace.workspace_id

  243.         ), status=400)

  244. 

  245.     def test_api__get_recently_active_content__ok__200__user_itself(self):

  246. 

  247.         # init DB

  248.         dbsession = get_tm_session(self.session_factory, transaction.manager)

  249.         admin = dbsession.query(models.User) \

  250.             .filter(models.User.email == 'admin@admin.admin') \

  251.             .one()

  252.         workspace_api = WorkspaceApi(

  253.             current_user=admin,

  254.             session=dbsession,

  255.             config=self.app_config

  256. 

  257.         )

  258.         workspace = WorkspaceApi(

  259.             current_user=admin,

  260.             session=dbsession,

  261.             config=self.app_config,

  262.         ).create_workspace(

  263.             'test workspace',

  264.             save_now=True

  265.         )

  266.         workspace2 = WorkspaceApi(

  267.             current_user=admin,

  268.             session=dbsession,

  269.             config=self.app_config,

  270.         ).create_workspace(

  271.             'test workspace2',

  272.             save_now=True

  273.         )

  274. 

  275.         uapi = UserApi(

  276.             current_user=admin,

  277.             session=dbsession,

  278.             config=self.app_config,

  279.         )

  280.         gapi = GroupApi(

  281.             current_user=admin,

  282.             session=dbsession,

  283.             config=self.app_config,

  284.         )

  285.         groups = [gapi.get_one_with_name('users')]

  286.         test_user = uapi.create_user(

  287.             email='test@test.test',

  288.             password='pass',

  289.             name='bob',

  290.             groups=groups,

  291.             timezone='Europe/Paris',

  292.             do_save=True,

  293.             do_notify=False,

  294.         )

  295.         rapi = RoleApi(

  296.             current_user=admin,

  297.             session=dbsession,

  298.             config=self.app_config,

  299.         )

  300.         rapi.create_one(test_user, workspace, UserRoleInWorkspace.READER, False)

  301.         api = ContentApi(

  302.             current_user=admin,

  303.             session=dbsession,

  304.             config=self.app_config,

  305.         )

  306.         main_folder_workspace2 = api.create(CONTENT_TYPES.Folder.slug, workspace2, None, 'Hepla', '', True)  # nopep8

  307.         main_folder = api.create(CONTENT_TYPES.Folder.slug, workspace, None, 'this is randomized folder', '', True)  # nopep8

  308.         # creation order test

  309.         firstly_created = api.create(CONTENT_TYPES.Page.slug, workspace, main_folder, 'creation_order_test', '', True)  # nopep8

  310.         secondly_created = api.create(CONTENT_TYPES.Page.slug, workspace, main_folder, 'another creation_order_test', '', True)  # nopep8

  311.         # update order test

  312.         firstly_created_but_recently_updated = api.create(CONTENT_TYPES.Page.slug, workspace, main_folder, 'update_order_test', '', True)  # nopep8

  313.         secondly_created_but_not_updated = api.create(CONTENT_TYPES.Page.slug, workspace, main_folder, 'another update_order_test', '', True)  # nopep8

  314.         with new_revision(

  315.             session=dbsession,

  316.             tm=transaction.manager,

  317.             content=firstly_created_but_recently_updated,

  318.         ):

  319.             firstly_created_but_recently_updated.description = 'Just an update'

  320.         api.save(firstly_created_but_recently_updated)

  321.         # comment change order

  322.         firstly_created_but_recently_commented = api.create(CONTENT_TYPES.Page.slug, workspace, main_folder, 'this is randomized label content', '', True)  # nopep8

  323.         secondly_created_but_not_commented = api.create(CONTENT_TYPES.Page.slug, workspace, main_folder, 'this is another randomized label content', '', True)  # nopep8

  324.         comments = api.create_comment(workspace, firstly_created_but_recently_commented, 'juste a super comment', True)  # nopep8

  325.         content_workspace_2 = api.create(CONTENT_TYPES.Page.slug, workspace2,main_folder_workspace2, 'content_workspace_2', '',True)  # nopep8

  326.         dbsession.flush()

  327.         transaction.commit()

  328. 

  329.         self.testapp.authorization = (

  330.             'Basic',

  331.             (

  332.                 'test@test.test',

  333.                 'pass'

  334.             )

  335.         )

  336.         res = self.testapp.get('/api/v2/users/{user_id}/workspaces/{workspace_id}/contents/recently_active'.format(   # nopep8

  337.             user_id=test_user.user_id,

  338.             workspace_id=workspace.workspace_id

  339.         ), status=200)

  340.         res = res.json_body

  341.         assert len(res) == 7

  342.         for elem in res:

  343.             assert isinstance(elem['content_id'], int)

  344.             assert isinstance(elem['content_type'], str)

  345.             assert elem['content_type'] != 'comments'

  346.             assert isinstance(elem['is_archived'], bool)

  347.             assert isinstance(elem['is_deleted'], bool)

  348.             assert isinstance(elem['label'], str)

  349.             assert isinstance(elem['parent_id'], int) or elem['parent_id'] is None

  350.             assert isinstance(elem['show_in_ui'], bool)

  351.             assert isinstance(elem['slug'], str)

  352.             assert isinstance(elem['status'], str)

  353.             assert isinstance(elem['sub_content_types'], list)

  354.             for sub_content_type in elem['sub_content_types']:

  355.                 assert isinstance(sub_content_type, str)

  356.             assert isinstance(elem['workspace_id'], int)

  357.         # comment is newest than page2

  358.         assert res[0]['content_id'] == firstly_created_but_recently_commented.content_id

  359.         assert res[1]['content_id'] == secondly_created_but_not_commented.content_id

  360.         # last updated content is newer than other one despite creation

  361.         # of the other is more recent

  362.         assert res[2]['content_id'] == firstly_created_but_recently_updated.content_id

  363.         assert res[3]['content_id'] == secondly_created_but_not_updated.content_id

  364.         # creation order is inverted here as last created is last active

  365.         assert res[4]['content_id'] == secondly_created.content_id

  366.         assert res[5]['content_id'] == firstly_created.content_id

  367.         # folder subcontent modification does not change folder order

  368.         assert res[6]['content_id'] == main_folder.content_id

  369. 

  370.     def test_api__get_recently_active_content__ok__200__other_user(self):

  371. 

  372.         # init DB

  373.         dbsession = get_tm_session(self.session_factory, transaction.manager)

  374.         admin = dbsession.query(models.User) \

  375.             .filter(models.User.email == 'admin@admin.admin') \

  376.             .one()

  377.         workspace_api = WorkspaceApi(

  378.             current_user=admin,

  379.             session=dbsession,

  380.             config=self.app_config

  381. 

  382.         )

  383.         workspace = WorkspaceApi(

  384.             current_user=admin,

  385.             session=dbsession,

  386.             config=self.app_config,

  387.         ).create_workspace(

  388.             'test workspace',

  389.             save_now=True

  390.         )

  391.         workspace2 = WorkspaceApi(

  392.             current_user=admin,

  393.             session=dbsession,

  394.             config=self.app_config,

  395.         ).create_workspace(

  396.             'test workspace2',

  397.             save_now=True

  398.         )

  399. 

  400.         uapi = UserApi(

  401.             current_user=admin,

  402.             session=dbsession,

  403.             config=self.app_config,

  404.         )

  405.         gapi = GroupApi(

  406.             current_user=admin,

  407.             session=dbsession,

  408.             config=self.app_config,

  409.         )

  410.         groups = [gapi.get_one_with_name('users')]

  411.         test_user = uapi.create_user(

  412.             email='test@test.test',

  413.             password='pass',

  414.             name='bob',

  415.             groups=groups,

  416.             timezone='Europe/Paris',

  417.             do_save=True,

  418.             do_notify=False,

  419.         )

  420.         rapi = RoleApi(

  421.             current_user=admin,

  422.             session=dbsession,

  423.             config=self.app_config,

  424.         )

  425.         rapi.create_one(test_user, workspace, UserRoleInWorkspace.READER, False)

  426.         api = ContentApi(

  427.             current_user=admin,

  428.             session=dbsession,

  429.             config=self.app_config,

  430.         )

  431.         main_folder_workspace2 = api.create(CONTENT_TYPES.Folder.slug, workspace2, None, 'Hepla', '', True)  # nopep8

  432.         main_folder = api.create(CONTENT_TYPES.Folder.slug, workspace, None, 'this is randomized folder', '', True)  # nopep8

  433.         # creation order test

  434.         firstly_created = api.create(CONTENT_TYPES.Page.slug, workspace, main_folder, 'creation_order_test', '', True)  # nopep8

  435.         secondly_created = api.create(CONTENT_TYPES.Page.slug, workspace, main_folder, 'another creation_order_test', '', True)  # nopep8

  436.         # update order test

  437.         firstly_created_but_recently_updated = api.create(CONTENT_TYPES.Page.slug, workspace, main_folder, 'update_order_test', '', True)  # nopep8

  438.         secondly_created_but_not_updated = api.create(CONTENT_TYPES.Page.slug, workspace, main_folder, 'another update_order_test', '', True)  # nopep8

  439.         with new_revision(

  440.             session=dbsession,

  441.             tm=transaction.manager,

  442.             content=firstly_created_but_recently_updated,

  443.         ):

  444.             firstly_created_but_recently_updated.description = 'Just an update'

  445.         api.save(firstly_created_but_recently_updated)

  446.         # comment change order

  447.         firstly_created_but_recently_commented = api.create(CONTENT_TYPES.Page.slug, workspace, main_folder, 'this is randomized label content', '', True)  # nopep8

  448.         secondly_created_but_not_commented = api.create(CONTENT_TYPES.Page.slug, workspace, main_folder, 'this is another randomized label content', '', True)  # nopep8

  449.         comments = api.create_comment(workspace, firstly_created_but_recently_commented, 'juste a super comment', True)  # nopep8

  450.         content_workspace_2 = api.create(CONTENT_TYPES.Page.slug, workspace2,main_folder_workspace2, 'content_workspace_2', '',True)  # nopep8

  451.         dbsession.flush()

  452.         transaction.commit()

  453. 

  454.         self.testapp.authorization = (

  455.             'Basic',

  456.             (

  457.                 'test@test.test',

  458.                 'pass'

  459.             )

  460.         )

  461.         res = self.testapp.get('/api/v2/users/{user_id}/workspaces/{workspace_id}/contents/recently_active'.format(   # nopep8

  462.             user_id=admin.user_id,

  463.             workspace_id=workspace.workspace_id

  464.         ), status=403)

  465. 

  466.     def test_api__get_recently_active_content__ok__200__limit_2_multiple(self):

  467.         # TODO - G.M - 2018-07-20 - Better fix for this test, do not use sleep()

  468.         # anymore to fix datetime lack of precision.

  469. 

  470.         # init DB

  471.         dbsession = get_tm_session(self.session_factory, transaction.manager)

  472.         admin = dbsession.query(models.User) \

  473.             .filter(models.User.email == 'admin@admin.admin') \

  474.             .one()

  475.         workspace_api = WorkspaceApi(

  476.             current_user=admin,

  477.             session=dbsession,

  478.             config=self.app_config

  479. 

  480.         )

  481.         workspace = WorkspaceApi(

  482.             current_user=admin,

  483.             session=dbsession,

  484.             config=self.app_config,

  485.         ).create_workspace(

  486.             'test workspace',

  487.             save_now=True

  488.         )

  489.         workspace2 = WorkspaceApi(

  490.             current_user=admin,

  491.             session=dbsession,

  492.             config=self.app_config,

  493.         ).create_workspace(

  494.             'test workspace2',

  495.             save_now=True

  496.         )

  497. 

  498.         api = ContentApi(

  499.             current_user=admin,

  500.             session=dbsession,

  501.             config=self.app_config,

  502.         )

  503.         main_folder_workspace2 = api.create(CONTENT_TYPES.Folder.slug, workspace2, None, 'Hepla', '', True)  # nopep8

  504.         main_folder = api.create(CONTENT_TYPES.Folder.slug, workspace, None, 'this is randomized folder', '', True)  # nopep8

  505.         # creation order test

  506.         firstly_created = api.create(CONTENT_TYPES.Page.slug, workspace, main_folder, 'creation_order_test', '', True)  # nopep8

  507.         secondly_created = api.create(CONTENT_TYPES.Page.slug, workspace, main_folder, 'another creation_order_test', '', True)  # nopep8

  508.         # update order test

  509.         firstly_created_but_recently_updated = api.create(CONTENT_TYPES.Page.slug, workspace, main_folder, 'update_order_test', '', True)  # nopep8

  510.         secondly_created_but_not_updated = api.create(CONTENT_TYPES.Page.slug, workspace, main_folder, 'another update_order_test', '', True)  # nopep8

  511.         with new_revision(

  512.             session=dbsession,

  513.             tm=transaction.manager,

  514.             content=firstly_created_but_recently_updated,

  515.         ):

  516.             firstly_created_but_recently_updated.description = 'Just an update'

  517.         api.save(firstly_created_but_recently_updated)

  518.         # comment change order

  519.         firstly_created_but_recently_commented = api.create(CONTENT_TYPES.Page.slug, workspace, main_folder, 'this is randomized label content', '', True)  # nopep8

  520.         secondly_created_but_not_commented = api.create(CONTENT_TYPES.Page.slug, workspace, main_folder, 'this is another randomized label content', '', True)  # nopep8

  521.         comments = api.create_comment(workspace, firstly_created_but_recently_commented, 'juste a super comment', True)  # nopep8

  522.         content_workspace_2 = api.create(CONTENT_TYPES.Page.slug, workspace2,main_folder_workspace2, 'content_workspace_2', '',True)  # nopep8

  523.         dbsession.flush()

  524.         transaction.commit()

  525. 

  526.         self.testapp.authorization = (

  527.             'Basic',

  528.             (

  529.                 'admin@admin.admin',

  530.                 'admin@admin.admin'

  531.             )

  532.         )

  533.         params = {

  534.             'limit': 2,

  535.         }

  536.         res = self.testapp.get(

  537.             '/api/v2/users/1/workspaces/{}/contents/recently_active'.format(workspace.workspace_id),  # nopep8

  538.             status=200,

  539.             params=params

  540.         ) # nopep8

  541.         res = res.json_body

  542.         assert len(res) == 2

  543.         for elem in res:

  544.             assert isinstance(elem['content_id'], int)

  545.             assert isinstance(elem['content_type'], str)

  546.             assert elem['content_type'] != 'comments'

  547.             assert isinstance(elem['is_archived'], bool)

  548.             assert isinstance(elem['is_deleted'], bool)

  549.             assert isinstance(elem['label'], str)

  550.             assert isinstance(elem['parent_id'], int) or elem['parent_id'] is None

  551.             assert isinstance(elem['show_in_ui'], bool)

  552.             assert isinstance(elem['slug'], str)

  553.             assert isinstance(elem['status'], str)

  554.             assert isinstance(elem['sub_content_types'], list)

  555.             for sub_content_type in elem['sub_content_types']:

  556.                 assert isinstance(sub_content_type, str)

  557.             assert isinstance(elem['workspace_id'], int)

  558.         # comment is newest than page2

  559.         assert res[0]['content_id'] == firstly_created_but_recently_commented.content_id

  560.         assert res[1]['content_id'] == secondly_created_but_not_commented.content_id

  561. 

  562.         params = {

  563.             'limit': 2,

  564.             'before_content_id': secondly_created_but_not_commented.content_id,  # nopep8

  565.         }

  566.         res = self.testapp.get(

  567.             '/api/v2/users/1/workspaces/{}/contents/recently_active'.format(workspace.workspace_id),  # nopep8

  568.             status=200,

  569.             params=params

  570.         )

  571.         res = res.json_body

  572.         assert len(res) == 2

  573.         # last updated content is newer than other one despite creation

  574.         # of the other is more recent

  575.         assert res[0]['content_id'] == firstly_created_but_recently_updated.content_id

  576.         assert res[1]['content_id'] == secondly_created_but_not_updated.content_id

  577. 

  578.     def test_api__get_recently_active_content__ok__200__bad_before_content_id_doesnt_exist(self):  # nopep8

  579.         # TODO - G.M - 2018-07-20 - Better fix for this test, do not use sleep()

  580.         # anymore to fix datetime lack of precision.

  581. 

  582.         # init DB

  583.         dbsession = get_tm_session(self.session_factory, transaction.manager)

  584.         admin = dbsession.query(models.User) \

  585.             .filter(models.User.email == 'admin@admin.admin') \

  586.             .one()

  587.         workspace_api = WorkspaceApi(

  588.             current_user=admin,

  589.             session=dbsession,

  590.             config=self.app_config

  591. 

  592.         )

  593.         workspace = WorkspaceApi(

  594.             current_user=admin,

  595.             session=dbsession,

  596.             config=self.app_config,

  597.         ).create_workspace(

  598.             'test workspace',

  599.             save_now=True

  600.         )

  601.         workspace2 = WorkspaceApi(

  602.             current_user=admin,

  603.             session=dbsession,

  604.             config=self.app_config,

  605.         ).create_workspace(

  606.             'test workspace2',

  607.             save_now=True

  608.         )

  609. 

  610.         api = ContentApi(

  611.             current_user=admin,

  612.             session=dbsession,

  613.             config=self.app_config,

  614.         )

  615.         main_folder_workspace2 = api.create(CONTENT_TYPES.Folder.slug, workspace2, None, 'Hepla', '', True)  # nopep8

  616.         main_folder = api.create(CONTENT_TYPES.Folder.slug, workspace, None, 'this is randomized folder', '', True)  # nopep8

  617.         # creation order test

  618.         firstly_created = api.create(CONTENT_TYPES.Page.slug, workspace, main_folder, 'creation_order_test', '', True)  # nopep8

  619.         secondly_created = api.create(CONTENT_TYPES.Page.slug, workspace, main_folder, 'another creation_order_test', '', True)  # nopep8

  620.         # update order test

  621.         firstly_created_but_recently_updated = api.create(CONTENT_TYPES.Page.slug, workspace, main_folder, 'update_order_test', '', True)  # nopep8

  622.         secondly_created_but_not_updated = api.create(CONTENT_TYPES.Page.slug, workspace, main_folder, 'another update_order_test', '', True)  # nopep8

  623.         with new_revision(

  624.             session=dbsession,

  625.             tm=transaction.manager,

  626.             content=firstly_created_but_recently_updated,

  627.         ):

  628.             firstly_created_but_recently_updated.description = 'Just an update'

  629.         api.save(firstly_created_but_recently_updated)

  630.         # comment change order

  631.         firstly_created_but_recently_commented = api.create(CONTENT_TYPES.Page.slug, workspace, main_folder, 'this is randomized label content', '', True)  # nopep8

  632.         secondly_created_but_not_commented = api.create(CONTENT_TYPES.Page.slug, workspace, main_folder, 'this is another randomized label content', '', True)  # nopep8

  633.         comments = api.create_comment(workspace, firstly_created_but_recently_commented, 'juste a super comment', True)  # nopep8

  634.         content_workspace_2 = api.create(CONTENT_TYPES.Page.slug, workspace2,main_folder_workspace2, 'content_workspace_2', '',True)  # nopep8

  635.         dbsession.flush()

  636.         transaction.commit()

  637. 

  638.         self.testapp.authorization = (

  639.             'Basic',

  640.             (

  641.                 'admin@admin.admin',

  642.                 'admin@admin.admin'

  643.             )

  644.         )

  645.         params = {

  646.             'before_content_id': 4000

  647.         }

  648.         res = self.testapp.get(

  649.             '/api/v2/users/1/workspaces/{}/contents/recently_active'.format(workspace.workspace_id),  # nopep8

  650.             status=400,

  651.             params=params

  652.         )

  653. 

  654. 

  655. class TestUserReadStatusEndpoint(FunctionalTest):

  656.     """

  657.     Tests for /api/v2/users/{user_id}/workspaces/{workspace_id}/contents/read_status # nopep8

  658.     """

  659.     def test_api__get_read_status__ok__200__admin(self):

  660. 

  661.         # init DB

  662.         dbsession = get_tm_session(self.session_factory, transaction.manager)

  663.         admin = dbsession.query(models.User) \

  664.             .filter(models.User.email == 'admin@admin.admin') \

  665.             .one()

  666.         workspace_api = WorkspaceApi(

  667.             current_user=admin,

  668.             session=dbsession,

  669.             config=self.app_config

  670. 

  671.         )

  672.         workspace = WorkspaceApi(

  673.             current_user=admin,

  674.             session=dbsession,

  675.             config=self.app_config,

  676.         ).create_workspace(

  677.             'test workspace',

  678.             save_now=True

  679.         )

  680.         workspace2 = WorkspaceApi(

  681.             current_user=admin,

  682.             session=dbsession,

  683.             config=self.app_config,

  684.         ).create_workspace(

  685.             'test workspace2',

  686.             save_now=True

  687.         )

  688.         uapi = UserApi(

  689.             current_user=admin,

  690.             session=dbsession,

  691.             config=self.app_config,

  692.         )

  693.         gapi = GroupApi(

  694.             current_user=admin,

  695.             session=dbsession,

  696.             config=self.app_config,

  697.         )

  698.         groups = [gapi.get_one_with_name('users')]

  699.         test_user = uapi.create_user(

  700.             email='test@test.test',

  701.             password='pass',

  702.             name='bob',

  703.             groups=groups,

  704.             timezone='Europe/Paris',

  705.             do_save=True,

  706.             do_notify=False,

  707.         )

  708.         rapi = RoleApi(

  709.             current_user=admin,

  710.             session=dbsession,

  711.             config=self.app_config,

  712.         )

  713.         rapi.create_one(test_user, workspace, UserRoleInWorkspace.READER, False)

  714.         api = ContentApi(

  715.             current_user=admin,

  716.             session=dbsession,

  717.             config=self.app_config,

  718.         )

  719.         main_folder_workspace2 = api.create(CONTENT_TYPES.Folder.slug, workspace2, None, 'Hepla', '', True)  # nopep8

  720.         main_folder = api.create(CONTENT_TYPES.Folder.slug, workspace, None, 'this is randomized folder', '', True)  # nopep8

  721.         # creation order test

  722.         firstly_created = api.create(CONTENT_TYPES.Page.slug, workspace, main_folder, 'creation_order_test', '', True)  # nopep8

  723.         secondly_created = api.create(CONTENT_TYPES.Page.slug, workspace, main_folder, 'another creation_order_test', '', True)  # nopep8

  724.         # update order test

  725.         firstly_created_but_recently_updated = api.create(CONTENT_TYPES.Page.slug, workspace, main_folder, 'update_order_test', '', True)  # nopep8

  726.         secondly_created_but_not_updated = api.create(CONTENT_TYPES.Page.slug, workspace, main_folder, 'another update_order_test', '', True)  # nopep8

  727.         with new_revision(

  728.             session=dbsession,

  729.             tm=transaction.manager,

  730.             content=firstly_created_but_recently_updated,

  731.         ):

  732.             firstly_created_but_recently_updated.description = 'Just an update'

  733.         api.save(firstly_created_but_recently_updated)

  734.         # comment change order

  735.         firstly_created_but_recently_commented = api.create(CONTENT_TYPES.Page.slug, workspace, main_folder, 'this is randomized label content', '', True)  # nopep8

  736.         secondly_created_but_not_commented = api.create(CONTENT_TYPES.Page.slug, workspace, main_folder, 'this is another randomized label content', '', True)  # nopep8

  737.         comments = api.create_comment(workspace, firstly_created_but_recently_commented, 'juste a super comment', True)  # nopep8

  738.         content_workspace_2 = api.create(CONTENT_TYPES.Page.slug, workspace2,main_folder_workspace2, 'content_workspace_2', '',True)  # nopep8

  739.         dbsession.flush()

  740.         transaction.commit()

  741. 

  742.         self.testapp.authorization = (

  743.             'Basic',

  744.             (

  745.                 'admin@admin.admin',

  746.                 'admin@admin.admin'

  747.             )

  748.         )

  749.         res = self.testapp.get('/api/v2/users/{user_id}/workspaces/{workspace_id}/contents/read_status'.format(   # nopep8

  750.             user_id=admin.user_id,

  751.             workspace_id=workspace.workspace_id

  752.         ), status=200)

  753.         res = res.json_body

  754.         assert len(res) == 7

  755.         for elem in res:

  756.             assert isinstance(elem['content_id'], int)

  757.             assert isinstance(elem['read_by_user'], bool)

  758.         # comment is newest than page2

  759.         assert res[0]['content_id'] == firstly_created_but_recently_commented.content_id

  760.         assert res[1]['content_id'] == secondly_created_but_not_commented.content_id

  761.         # last updated content is newer than other one despite creation

  762.         # of the other is more recent

  763.         assert res[2]['content_id'] == firstly_created_but_recently_updated.content_id

  764.         assert res[3]['content_id'] == secondly_created_but_not_updated.content_id

  765.         # creation order is inverted here as last created is last active

  766.         assert res[4]['content_id'] == secondly_created.content_id

  767.         assert res[5]['content_id'] == firstly_created.content_id

  768.         # folder subcontent modification does not change folder order

  769.         assert res[6]['content_id'] == main_folder.content_id

  770. 

  771.     def test_api__get_read_status__ok__200__user_itself(self):

  772. 

  773.         # init DB

  774.         dbsession = get_tm_session(self.session_factory, transaction.manager)

  775.         admin = dbsession.query(models.User) \

  776.             .filter(models.User.email == 'admin@admin.admin') \

  777.             .one()

  778.         workspace_api = WorkspaceApi(

  779.             current_user=admin,

  780.             session=dbsession,

  781.             config=self.app_config

  782. 

  783.         )

  784.         workspace = WorkspaceApi(

  785.             current_user=admin,

  786.             session=dbsession,

  787.             config=self.app_config,

  788.         ).create_workspace(

  789.             'test workspace',

  790.             save_now=True

  791.         )

  792.         workspace2 = WorkspaceApi(

  793.             current_user=admin,

  794.             session=dbsession,

  795.             config=self.app_config,

  796.         ).create_workspace(

  797.             'test workspace2',

  798.             save_now=True

  799.         )

  800.         uapi = UserApi(

  801.             current_user=admin,

  802.             session=dbsession,

  803.             config=self.app_config,

  804.         )

  805.         gapi = GroupApi(

  806.             current_user=admin,

  807.             session=dbsession,

  808.             config=self.app_config,

  809.         )

  810.         groups = [gapi.get_one_with_name('users')]

  811.         test_user = uapi.create_user(

  812.             email='test@test.test',

  813.             password='pass',

  814.             name='bob',

  815.             groups=groups,

  816.             timezone='Europe/Paris',

  817.             do_save=True,

  818.             do_notify=False,

  819.         )

  820.         rapi = RoleApi(

  821.             current_user=admin,

  822.             session=dbsession,

  823.             config=self.app_config,

  824.         )

  825.         rapi.create_one(test_user, workspace, UserRoleInWorkspace.READER, False)

  826.         api = ContentApi(

  827.             current_user=admin,

  828.             session=dbsession,

  829.             config=self.app_config,

  830.         )

  831.         main_folder_workspace2 = api.create(CONTENT_TYPES.Folder.slug, workspace2, None, 'Hepla', '', True)  # nopep8

  832.         main_folder = api.create(CONTENT_TYPES.Folder.slug, workspace, None, 'this is randomized folder', '', True)  # nopep8

  833.         # creation order test

  834.         firstly_created = api.create(CONTENT_TYPES.Page.slug, workspace, main_folder, 'creation_order_test', '', True)  # nopep8

  835.         secondly_created = api.create(CONTENT_TYPES.Page.slug, workspace, main_folder, 'another creation_order_test', '', True)  # nopep8

  836.         # update order test

  837.         firstly_created_but_recently_updated = api.create(CONTENT_TYPES.Page.slug, workspace, main_folder, 'update_order_test', '', True)  # nopep8

  838.         secondly_created_but_not_updated = api.create(CONTENT_TYPES.Page.slug, workspace, main_folder, 'another update_order_test', '', True)  # nopep8

  839.         with new_revision(

  840.             session=dbsession,

  841.             tm=transaction.manager,

  842.             content=firstly_created_but_recently_updated,

  843.         ):

  844.             firstly_created_but_recently_updated.description = 'Just an update'

  845.         api.save(firstly_created_but_recently_updated)

  846.         # comment change order

  847.         firstly_created_but_recently_commented = api.create(CONTENT_TYPES.Page.slug, workspace, main_folder, 'this is randomized label content', '', True)  # nopep8

  848.         secondly_created_but_not_commented = api.create(CONTENT_TYPES.Page.slug, workspace, main_folder, 'this is another randomized label content', '', True)  # nopep8

  849.         comments = api.create_comment(workspace, firstly_created_but_recently_commented, 'juste a super comment', True)  # nopep8

  850.         content_workspace_2 = api.create(CONTENT_TYPES.Page.slug, workspace2,main_folder_workspace2, 'content_workspace_2', '',True)  # nopep8

  851.         dbsession.flush()

  852.         transaction.commit()

  853. 

  854.         self.testapp.authorization = (

  855.             'Basic',

  856.             (

  857.                 'test@test.test',

  858.                 'pass'

  859.             )

  860.         )

  861.         selected_contents_id = [

  862.             firstly_created_but_recently_commented.content_id,

  863.             firstly_created_but_recently_updated.content_id,

  864.             firstly_created.content_id,

  865.             main_folder.content_id,

  866.         ]

  867.         url = '/api/v2/users/{user_id}/workspaces/{workspace_id}/contents/read_status?contents_ids={cid1}&contents_ids={cid2}&contents_ids={cid3}&contents_ids={cid4}'.format(  # nopep8

  868.               workspace_id=workspace.workspace_id,

  869.               cid1=selected_contents_id[0],

  870.               cid2=selected_contents_id[1],

  871.               cid3=selected_contents_id[2],

  872.               cid4=selected_contents_id[3],

  873.               user_id=test_user.user_id,

  874.         )

  875.         res = self.testapp.get(

  876.             url=url,

  877.             status=200,

  878.         )

  879.         res = res.json_body

  880.         assert len(res) == 4

  881.         for elem in res:

  882.             assert isinstance(elem['content_id'], int)

  883.             assert isinstance(elem['read_by_user'], bool)

  884.         # comment is newest than page2

  885.         assert res[0]['content_id'] == firstly_created_but_recently_commented.content_id

  886.         # last updated content is newer than other one despite creation

  887.         # of the other is more recent

  888.         assert res[1]['content_id'] == firstly_created_but_recently_updated.content_id

  889.         # creation order is inverted here as last created is last active

  890.         assert res[2]['content_id'] == firstly_created.content_id

  891.         # folder subcontent modification does not change folder order

  892.         assert res[3]['content_id'] == main_folder.content_id

  893. 

  894.     def test_api__get_read_status__ok__200__other_user(self):

  895. 

  896.         # init DB

  897.         dbsession = get_tm_session(self.session_factory, transaction.manager)

  898.         admin = dbsession.query(models.User) \

  899.             .filter(models.User.email == 'admin@admin.admin') \

  900.             .one()

  901.         workspace_api = WorkspaceApi(

  902.             current_user=admin,

  903.             session=dbsession,

  904.             config=self.app_config

  905. 

  906.         )

  907.         workspace = WorkspaceApi(

  908.             current_user=admin,

  909.             session=dbsession,

  910.             config=self.app_config,

  911.         ).create_workspace(

  912.             'test workspace',

  913.             save_now=True

  914.         )

  915.         workspace2 = WorkspaceApi(

  916.             current_user=admin,

  917.             session=dbsession,

  918.             config=self.app_config,

  919.         ).create_workspace(

  920.             'test workspace2',

  921.             save_now=True

  922.         )

  923.         uapi = UserApi(

  924.             current_user=admin,

  925.             session=dbsession,

  926.             config=self.app_config,

  927.         )

  928.         gapi = GroupApi(

  929.             current_user=admin,

  930.             session=dbsession,

  931.             config=self.app_config,

  932.         )

  933.         groups = [gapi.get_one_with_name('users')]

  934.         test_user = uapi.create_user(

  935.             email='test@test.test',

  936.             password='pass',

  937.             name='bob',

  938.             groups=groups,

  939.             timezone='Europe/Paris',

  940.             do_save=True,

  941.             do_notify=False,

  942.         )

  943.         rapi = RoleApi(

  944.             current_user=admin,

  945.             session=dbsession,

  946.             config=self.app_config,

  947.         )

  948.         rapi.create_one(test_user, workspace, UserRoleInWorkspace.READER, False)

  949.         api = ContentApi(

  950.             current_user=admin,

  951.             session=dbsession,

  952.             config=self.app_config,

  953.         )

  954.         main_folder_workspace2 = api.create(CONTENT_TYPES.Folder.slug, workspace2, None, 'Hepla', '', True)  # nopep8

  955.         main_folder = api.create(CONTENT_TYPES.Folder.slug, workspace, None, 'this is randomized folder', '', True)  # nopep8

  956.         # creation order test

  957.         firstly_created = api.create(CONTENT_TYPES.Page.slug, workspace, main_folder, 'creation_order_test', '', True)  # nopep8

  958.         secondly_created = api.create(CONTENT_TYPES.Page.slug, workspace, main_folder, 'another creation_order_test', '', True)  # nopep8

  959.         # update order test

  960.         firstly_created_but_recently_updated = api.create(CONTENT_TYPES.Page.slug, workspace, main_folder, 'update_order_test', '', True)  # nopep8

  961.         secondly_created_but_not_updated = api.create(CONTENT_TYPES.Page.slug, workspace, main_folder, 'another update_order_test', '', True)  # nopep8

  962.         with new_revision(

  963.             session=dbsession,

  964.             tm=transaction.manager,

  965.             content=firstly_created_but_recently_updated,

  966.         ):

  967.             firstly_created_but_recently_updated.description = 'Just an update'

  968.         api.save(firstly_created_but_recently_updated)

  969.         # comment change order

  970.         firstly_created_but_recently_commented = api.create(CONTENT_TYPES.Page.slug, workspace, main_folder, 'this is randomized label content', '', True)  # nopep8

  971.         secondly_created_but_not_commented = api.create(CONTENT_TYPES.Page.slug, workspace, main_folder, 'this is another randomized label content', '', True)  # nopep8

  972.         comments = api.create_comment(workspace, firstly_created_but_recently_commented, 'juste a super comment', True)  # nopep8

  973.         content_workspace_2 = api.create(CONTENT_TYPES.Page.slug, workspace2,main_folder_workspace2, 'content_workspace_2', '',True)  # nopep8

  974.         dbsession.flush()

  975.         transaction.commit()

  976. 

  977.         self.testapp.authorization = (

  978.             'Basic',

  979.             (

  980.                 'test@test.test',

  981.                 'pass'

  982.             )

  983.         )

  984.         selected_contents_id = [

  985.             firstly_created_but_recently_commented.content_id,

  986.             firstly_created_but_recently_updated.content_id,

  987.             firstly_created.content_id,

  988.             main_folder.content_id,

  989.         ]

  990.         url = '/api/v2/users/{user_id}/workspaces/{workspace_id}/contents/read_status?contents_ids={cid1}&contents_ids={cid2}&contents_ids={cid3}&contents_ids={cid4}'.format(  # nopep8

  991.               workspace_id=workspace.workspace_id,

  992.               cid1=selected_contents_id[0],

  993.               cid2=selected_contents_id[1],

  994.               cid3=selected_contents_id[2],

  995.               cid4=selected_contents_id[3],

  996.               user_id=admin.user_id,

  997.         )

  998.         res = self.testapp.get(

  999.             url=url,

  1000.             status=403,

  1001.         )

  1002. 

  1003. 

  1004. class TestUserSetContentAsRead(FunctionalTest):

  1005.     """

  1006.     Tests for /api/v2/users/{user_id}/workspaces/{workspace_id}/contents/{content_id}/read  # nopep8

  1007.     """

  1008.     def test_api_set_content_as_read__ok__200__admin(self):

  1009.         # init DB

  1010.         dbsession = get_tm_session(self.session_factory, transaction.manager)

  1011.         admin = dbsession.query(models.User) \

  1012.             .filter(models.User.email == 'admin@admin.admin') \

  1013.             .one()

  1014.         workspace_api = WorkspaceApi(

  1015.             current_user=admin,

  1016.             session=dbsession,

  1017.             config=self.app_config

  1018. 

  1019.         )

  1020.         workspace = WorkspaceApi(

  1021.             current_user=admin,

  1022.             session=dbsession,

  1023.             config=self.app_config,

  1024.         ).create_workspace(

  1025.             'test workspace',

  1026.             save_now=True

  1027.         )

  1028.         uapi = UserApi(

  1029.             current_user=admin,

  1030.             session=dbsession,

  1031.             config=self.app_config,

  1032.         )

  1033.         gapi = GroupApi(

  1034.             current_user=admin,

  1035.             session=dbsession,

  1036.             config=self.app_config,

  1037.         )

  1038.         groups = [gapi.get_one_with_name('users')]

  1039.         test_user = uapi.create_user(

  1040.             email='test@test.test',

  1041.             password='pass',

  1042.             name='bob',

  1043.             groups=groups,

  1044.             timezone='Europe/Paris',

  1045.             do_save=True,

  1046.             do_notify=False,

  1047.         )

  1048.         rapi = RoleApi(

  1049.             current_user=admin,

  1050.             session=dbsession,

  1051.             config=self.app_config,

  1052.         )

  1053.         rapi.create_one(test_user, workspace, UserRoleInWorkspace.READER, False)

  1054.         api = ContentApi(

  1055.             current_user=admin,

  1056.             session=dbsession,

  1057.             config=self.app_config,

  1058.         )

  1059.         api2 = ContentApi(

  1060.             current_user=test_user,

  1061.             session=dbsession,

  1062.             config=self.app_config,

  1063.         )

  1064.         main_folder = api.create(CONTENT_TYPES.Folder.slug, workspace, None, 'this is randomized folder', '', True)  # nopep8

  1065.         # creation order test

  1066.         firstly_created = api.create(CONTENT_TYPES.Page.slug, workspace, main_folder, 'creation_order_test', '', True)  # nopep8

  1067.         api.mark_unread(firstly_created)

  1068.         api2.mark_unread(firstly_created)

  1069.         dbsession.flush()

  1070.         transaction.commit()

  1071. 

  1072.         self.testapp.authorization = (

  1073.             'Basic',

  1074.             (

  1075.                 'admin@admin.admin',

  1076.                 'admin@admin.admin'

  1077.             )

  1078.         )

  1079.         # before

  1080.         res = self.testapp.get('/api/v2/users/{user_id}/workspaces/{workspace_id}/contents/read_status'.format(  # nopep8

  1081.             user_id=test_user.user_id,

  1082.             workspace_id=workspace.workspace_id

  1083.         ), status=200)

  1084.         assert res.json_body[0]['content_id'] == firstly_created.content_id

  1085.         assert res.json_body[0]['read_by_user'] is False

  1086. 

  1087.         res = self.testapp.get('/api/v2/users/{user_id}/workspaces/{workspace_id}/contents/read_status'.format(  # nopep8

  1088.             user_id=admin.user_id,

  1089.             workspace_id=workspace.workspace_id

  1090.         ), status=200)

  1091.         assert res.json_body[0]['content_id'] == firstly_created.content_id

  1092.         assert res.json_body[0]['read_by_user'] is False

  1093.         # read

  1094.         self.testapp.put(

  1095.             '/api/v2/users/{user_id}/workspaces/{workspace_id}/contents/{content_id}/read'.format(  # nopep8

  1096.                 workspace_id=workspace.workspace_id,

  1097.                 content_id=firstly_created.content_id,

  1098.                 user_id=test_user.user_id,

  1099.             )

  1100.         )

  1101.         # after

  1102.         res = self.testapp.get('/api/v2/users/{user_id}/workspaces/{workspace_id}/contents/read_status'.format(  # nopep8

  1103.             user_id=test_user.user_id,

  1104.             workspace_id=workspace.workspace_id

  1105.         ), status=200) # nopep8

  1106.         assert res.json_body[0]['content_id'] == firstly_created.content_id

  1107.         assert res.json_body[0]['read_by_user'] is True

  1108. 

  1109.         res = self.testapp.get('/api/v2/users/{user_id}/workspaces/{workspace_id}/contents/read_status'.format(  # nopep8

  1110.             user_id=admin.user_id,

  1111.             workspace_id=workspace.workspace_id

  1112.         ), status=200) # nopep8

  1113.         assert res.json_body[0]['content_id'] == firstly_created.content_id

  1114.         assert res.json_body[0]['read_by_user'] is False

  1115. 

  1116.     def test_api_set_content_as_read__ok__200__admin_workspace_do_not_exist(self):

  1117.         # init DB

  1118.         dbsession = get_tm_session(self.session_factory, transaction.manager)

  1119.         admin = dbsession.query(models.User) \

  1120.             .filter(models.User.email == 'admin@admin.admin') \

  1121.             .one()

  1122.         workspace_api = WorkspaceApi(

  1123.             current_user=admin,

  1124.             session=dbsession,

  1125.             config=self.app_config

  1126. 

  1127.         )

  1128.         workspace = WorkspaceApi(

  1129.             current_user=admin,

  1130.             session=dbsession,

  1131.             config=self.app_config,

  1132.         ).create_workspace(

  1133.             'test workspace',

  1134.             save_now=True

  1135.         )

  1136.         uapi = UserApi(

  1137.             current_user=admin,

  1138.             session=dbsession,

  1139.             config=self.app_config,

  1140.         )

  1141.         gapi = GroupApi(

  1142.             current_user=admin,

  1143.             session=dbsession,

  1144.             config=self.app_config,

  1145.         )

  1146.         groups = [gapi.get_one_with_name('users')]

  1147.         test_user = uapi.create_user(

  1148.             email='test@test.test',

  1149.             password='pass',

  1150.             name='bob',

  1151.             groups=groups,

  1152.             timezone='Europe/Paris',

  1153.             do_save=True,

  1154.             do_notify=False,

  1155.         )

  1156.         rapi = RoleApi(

  1157.             current_user=admin,

  1158.             session=dbsession,

  1159.             config=self.app_config,

  1160.         )

  1161.         rapi.create_one(test_user, workspace, UserRoleInWorkspace.READER, False)

  1162.         api = ContentApi(

  1163.             current_user=admin,

  1164.             session=dbsession,

  1165.             config=self.app_config,

  1166.         )

  1167.         api2 = ContentApi(

  1168.             current_user=test_user,

  1169.             session=dbsession,

  1170.             config=self.app_config,

  1171.         )

  1172.         main_folder = api.create(CONTENT_TYPES.Folder.slug, workspace, None, 'this is randomized folder', '', True)  # nopep8

  1173.         # creation order test

  1174.         firstly_created = api.create(CONTENT_TYPES.Page.slug, workspace, main_folder, 'creation_order_test', '', True)  # nopep8

  1175.         api.mark_unread(firstly_created)

  1176.         api2.mark_unread(firstly_created)

  1177.         dbsession.flush()

  1178.         transaction.commit()

  1179. 

  1180.         self.testapp.authorization = (

  1181.             'Basic',

  1182.             (

  1183.                 'admin@admin.admin',

  1184.                 'admin@admin.admin'

  1185.             )

  1186.         )

  1187.         # read

  1188.         self.testapp.put(

  1189.             '/api/v2/users/{user_id}/workspaces/{workspace_id}/contents/{content_id}/read'.format(  # nopep8

  1190.                 workspace_id=4000,

  1191.                 content_id=firstly_created.content_id,

  1192.                 user_id=test_user.user_id,

  1193.             ),

  1194.             status=400,

  1195.         )

  1196. 

  1197.     def test_api_set_content_as_read__ok__200__admin_content_do_not_exist(self):

  1198.         # init DB

  1199.         dbsession = get_tm_session(self.session_factory, transaction.manager)

  1200.         admin = dbsession.query(models.User) \

  1201.             .filter(models.User.email == 'admin@admin.admin') \

  1202.             .one()

  1203.         workspace_api = WorkspaceApi(

  1204.             current_user=admin,

  1205.             session=dbsession,

  1206.             config=self.app_config

  1207. 

  1208.         )

  1209.         workspace = WorkspaceApi(

  1210.             current_user=admin,

  1211.             session=dbsession,

  1212.             config=self.app_config,

  1213.         ).create_workspace(

  1214.             'test workspace',

  1215.             save_now=True

  1216.         )

  1217.         uapi = UserApi(

  1218.             current_user=admin,

  1219.             session=dbsession,

  1220.             config=self.app_config,

  1221.         )

  1222.         gapi = GroupApi(

  1223.             current_user=admin,

  1224.             session=dbsession,

  1225.             config=self.app_config,

  1226.         )

  1227.         groups = [gapi.get_one_with_name('users')]

  1228.         test_user = uapi.create_user(

  1229.             email='test@test.test',

  1230.             password='pass',

  1231.             name='bob',

  1232.             groups=groups,

  1233.             timezone='Europe/Paris',

  1234.             do_save=True,

  1235.             do_notify=False,

  1236.         )

  1237.         rapi = RoleApi(

  1238.             current_user=admin,

  1239.             session=dbsession,

  1240.             config=self.app_config,

  1241.         )

  1242.         rapi.create_one(test_user, workspace, UserRoleInWorkspace.READER, False)

  1243.         api = ContentApi(

  1244.             current_user=admin,

  1245.             session=dbsession,

  1246.             config=self.app_config,

  1247.         )

  1248.         api2 = ContentApi(

  1249.             current_user=test_user,

  1250.             session=dbsession,

  1251.             config=self.app_config,

  1252.         )

  1253.         main_folder = api.create(CONTENT_TYPES.Folder.slug, workspace, None, 'this is randomized folder', '', True)  # nopep8

  1254.         # creation order test

  1255.         firstly_created = api.create(CONTENT_TYPES.Page.slug, workspace, main_folder, 'creation_order_test', '', True)  # nopep8

  1256.         api.mark_unread(firstly_created)

  1257.         api2.mark_unread(firstly_created)

  1258.         dbsession.flush()

  1259.         transaction.commit()

  1260. 

  1261.         self.testapp.authorization = (

  1262.             'Basic',

  1263.             (

  1264.                 'admin@admin.admin',

  1265.                 'admin@admin.admin'

  1266.             )

  1267.         )

  1268.         # read

  1269.         self.testapp.put(

  1270.             '/api/v2/users/{user_id}/workspaces/{workspace_id}/contents/{content_id}/read'.format(  # nopep8

  1271.                 workspace_id=workspace.workspace_id,

  1272.                 content_id=4000,

  1273.                 user_id=test_user.user_id,

  1274.             ),

  1275.             status=400,

  1276.         )

  1277. 

  1278.     def test_api_set_content_as_read__ok__200__user_itself(self):

  1279.         # init DB

  1280.         dbsession = get_tm_session(self.session_factory, transaction.manager)

  1281.         admin = dbsession.query(models.User) \

  1282.             .filter(models.User.email == 'admin@admin.admin') \

  1283.             .one()

  1284.         workspace_api = WorkspaceApi(

  1285.             current_user=admin,

  1286.             session=dbsession,

  1287.             config=self.app_config

  1288. 

  1289.         )

  1290.         workspace = WorkspaceApi(

  1291.             current_user=admin,

  1292.             session=dbsession,

  1293.             config=self.app_config,

  1294.         ).create_workspace(

  1295.             'test workspace',

  1296.             save_now=True

  1297.         )

  1298.         uapi = UserApi(

  1299.             current_user=admin,

  1300.             session=dbsession,

  1301.             config=self.app_config,

  1302.         )

  1303.         gapi = GroupApi(

  1304.             current_user=admin,

  1305.             session=dbsession,

  1306.             config=self.app_config,

  1307.         )

  1308.         groups = [gapi.get_one_with_name('users')]

  1309.         test_user = uapi.create_user(

  1310.             email='test@test.test',

  1311.             password='pass',

  1312.             name='bob',

  1313.             groups=groups,

  1314.             timezone='Europe/Paris',

  1315.             do_save=True,

  1316.             do_notify=False,

  1317.         )

  1318.         rapi = RoleApi(

  1319.             current_user=admin,

  1320.             session=dbsession,

  1321.             config=self.app_config,

  1322.         )

  1323.         rapi.create_one(test_user, workspace, UserRoleInWorkspace.READER, False)

  1324.         api = ContentApi(

  1325.             current_user=admin,

  1326.             session=dbsession,

  1327.             config=self.app_config,

  1328.         )

  1329.         api2 = ContentApi(

  1330.             current_user=test_user,

  1331.             session=dbsession,

  1332.             config=self.app_config,

  1333.         )

  1334.         main_folder = api.create(CONTENT_TYPES.Folder.slug, workspace, None, 'this is randomized folder', '', True)  # nopep8

  1335.         # creation order test

  1336.         firstly_created = api.create(CONTENT_TYPES.Page.slug, workspace, main_folder, 'creation_order_test', '', True)  # nopep8

  1337.         api.mark_unread(firstly_created)

  1338.         api2.mark_unread(firstly_created)

  1339.         dbsession.flush()

  1340.         transaction.commit()

  1341. 

  1342.         self.testapp.authorization = (

  1343.             'Basic',

  1344.             (

  1345.                 'test@test.test',

  1346.                 'pass'

  1347.             )

  1348.         )

  1349.         # before

  1350.         res = self.testapp.get('/api/v2/users/{user_id}/workspaces/{workspace_id}/contents/read_status'.format(  # nopep8

  1351.             user_id=test_user.user_id,

  1352.             workspace_id=workspace.workspace_id

  1353.             ),

  1354.             status=200

  1355.         )

  1356.         assert res.json_body[0]['content_id'] == firstly_created.content_id

  1357.         assert res.json_body[0]['read_by_user'] is False

  1358. 

  1359.         # read

  1360.         self.testapp.put(

  1361.             '/api/v2/users/{user_id}/workspaces/{workspace_id}/contents/{content_id}/read'.format(  # nopep8

  1362.                 workspace_id=workspace.workspace_id,

  1363.                 content_id=firstly_created.content_id,

  1364.                 user_id=test_user.user_id,

  1365.             )

  1366.         )

  1367.         # after

  1368.         res = self.testapp.get('/api/v2/users/{user_id}/workspaces/{workspace_id}/contents/read_status'.format(  # nopep8

  1369.             user_id=test_user.user_id,

  1370.             workspace_id=workspace.workspace_id

  1371.             ),

  1372.             status=200

  1373.         )

  1374.         assert res.json_body[0]['content_id'] == firstly_created.content_id

  1375.         assert res.json_body[0]['read_by_user'] is True

  1376. 

  1377.     def test_api_set_content_as_read__ok__403__other_user(self):

  1378.         # init DB

  1379.         dbsession = get_tm_session(self.session_factory, transaction.manager)

  1380.         admin = dbsession.query(models.User) \

  1381.             .filter(models.User.email == 'admin@admin.admin') \

  1382.             .one()

  1383.         workspace_api = WorkspaceApi(

  1384.             current_user=admin,

  1385.             session=dbsession,

  1386.             config=self.app_config

  1387. 

  1388.         )

  1389.         workspace = WorkspaceApi(

  1390.             current_user=admin,

  1391.             session=dbsession,

  1392.             config=self.app_config,

  1393.         ).create_workspace(

  1394.             'test workspace',

  1395.             save_now=True

  1396.         )

  1397.         uapi = UserApi(

  1398.             current_user=admin,

  1399.             session=dbsession,

  1400.             config=self.app_config,

  1401.         )

  1402.         gapi = GroupApi(

  1403.             current_user=admin,

  1404.             session=dbsession,

  1405.             config=self.app_config,

  1406.         )

  1407.         groups = [gapi.get_one_with_name('users')]

  1408.         test_user = uapi.create_user(

  1409.             email='test@test.test',

  1410.             password='pass',

  1411.             name='bob',

  1412.             groups=groups,

  1413.             timezone='Europe/Paris',

  1414.             do_save=True,

  1415.             do_notify=False,

  1416.         )

  1417.         rapi = RoleApi(

  1418.             current_user=admin,

  1419.             session=dbsession,

  1420.             config=self.app_config,

  1421.         )

  1422.         rapi.create_one(test_user, workspace, UserRoleInWorkspace.READER, False)

  1423.         api = ContentApi(

  1424.             current_user=admin,

  1425.             session=dbsession,

  1426.             config=self.app_config,

  1427.         )

  1428.         api2 = ContentApi(

  1429.             current_user=test_user,

  1430.             session=dbsession,

  1431.             config=self.app_config,

  1432.         )

  1433.         main_folder = api.create(CONTENT_TYPES.Folder.slug, workspace, None, 'this is randomized folder', '', True)  # nopep8

  1434.         # creation order test

  1435.         firstly_created = api.create(CONTENT_TYPES.Page.slug, workspace, main_folder, 'creation_order_test', '', True)  # nopep8

  1436.         api.mark_unread(firstly_created)

  1437.         api2.mark_unread(firstly_created)

  1438.         dbsession.flush()

  1439.         transaction.commit()

  1440. 

  1441.         self.testapp.authorization = (

  1442.             'Basic',

  1443.             (

  1444.                 'test@test.test',

  1445.                 'pass'

  1446.             )

  1447.         )

  1448.         # read

  1449.         self.testapp.put(

  1450.             '/api/v2/users/{user_id}/workspaces/{workspace_id}/contents/{content_id}/read'.format(  # nopep8

  1451.                 workspace_id=workspace.workspace_id,

  1452.                 content_id=firstly_created.content_id,

  1453.                 user_id=admin.user_id,

  1454.             ),

  1455.             status=403,

  1456.         )

  1457. 

  1458.     def test_api_set_content_as_read__ok__200__admin_with_comments(self):

  1459.         # init DB

  1460.         dbsession = get_tm_session(self.session_factory, transaction.manager)

  1461.         admin = dbsession.query(models.User) \

  1462.             .filter(models.User.email == 'admin@admin.admin') \

  1463.             .one()

  1464.         workspace_api = WorkspaceApi(

  1465.             current_user=admin,

  1466.             session=dbsession,

  1467.             config=self.app_config

  1468. 

  1469.         )

  1470.         workspace = WorkspaceApi(

  1471.             current_user=admin,

  1472.             session=dbsession,

  1473.             config=self.app_config,

  1474.         ).create_workspace(

  1475.             'test workspace',

  1476.             save_now=True

  1477.         )

  1478.         uapi = UserApi(

  1479.             current_user=admin,

  1480.             session=dbsession,

  1481.             config=self.app_config,

  1482.         )

  1483.         gapi = GroupApi(

  1484.             current_user=admin,

  1485.             session=dbsession,

  1486.             config=self.app_config,

  1487.         )

  1488.         groups = [gapi.get_one_with_name('users')]

  1489.         test_user = uapi.create_user(

  1490.             email='test@test.test',

  1491.             password='pass',

  1492.             name='bob',

  1493.             groups=groups,

  1494.             timezone='Europe/Paris',

  1495.             do_save=True,

  1496.             do_notify=False,

  1497.         )

  1498.         rapi = RoleApi(

  1499.             current_user=admin,

  1500.             session=dbsession,

  1501.             config=self.app_config,

  1502.         )

  1503.         rapi.create_one(test_user, workspace, UserRoleInWorkspace.READER, False)

  1504.         api = ContentApi(

  1505.             current_user=admin,

  1506.             session=dbsession,

  1507.             config=self.app_config,

  1508.         )

  1509.         api2 = ContentApi(

  1510.             current_user=test_user,

  1511.             session=dbsession,

  1512.             config=self.app_config,

  1513.         )

  1514.         main_folder = api.create(CONTENT_TYPES.Folder.slug, workspace, None, 'this is randomized folder', '', True)  # nopep8

  1515.         # creation order test

  1516.         firstly_created = api.create(CONTENT_TYPES.Page.slug, workspace, main_folder, 'creation_order_test', '', True)  # nopep8

  1517.         comments = api.create_comment(workspace, firstly_created, 'juste a super comment', True)  # nopep8

  1518.         api.mark_unread(firstly_created)

  1519.         api.mark_unread(comments)

  1520.         dbsession.flush()

  1521.         transaction.commit()

  1522. 

  1523.         self.testapp.authorization = (

  1524.             'Basic',

  1525.             (

  1526.                 'admin@admin.admin',

  1527.                 'admin@admin.admin'

  1528.             )

  1529.         )

  1530.         # before

  1531.         res = self.testapp.get('/api/v2/users/{user_id}/workspaces/{workspace_id}/contents/read_status'.format(  # nopep8

  1532.             user_id=test_user.user_id,

  1533.             workspace_id=workspace.workspace_id

  1534.         ), status=200) # nopep8

  1535.         assert res.json_body[0]['content_id'] == firstly_created.content_id

  1536.         assert res.json_body[0]['read_by_user'] is False

  1537. 

  1538.         res = self.testapp.get('/api/v2/users/{user_id}/workspaces/{workspace_id}/contents/read_status'.format(  # nopep8

  1539.             user_id=admin.user_id,

  1540.             workspace_id=workspace.workspace_id

  1541.         ), status=200) # nopep8

  1542.         assert res.json_body[0]['content_id'] == firstly_created.content_id

  1543.         assert res.json_body[0]['read_by_user'] is False

  1544.         self.testapp.put(

  1545.             '/api/v2/users/{user_id}/workspaces/{workspace_id}/contents/{content_id}/read'.format(  # nopep8

  1546.                 workspace_id=workspace.workspace_id,

  1547.                 content_id=firstly_created.content_id,

  1548.                 user_id=test_user.user_id,

  1549.             )

  1550.         )

  1551.         # after

  1552.         res = self.testapp.get('/api/v2/users/{user_id}/workspaces/{workspace_id}/contents/read_status'.format(  # nopep8

  1553.             user_id=test_user.user_id,

  1554.             workspace_id=workspace.workspace_id

  1555.         ), status=200) # nopep8

  1556.         assert res.json_body[0]['content_id'] == firstly_created.content_id

  1557.         assert res.json_body[0]['read_by_user'] is True

  1558.         # comment is also set as read

  1559.         assert comments.has_new_information_for(test_user) is False

  1560. 

  1561.         res = self.testapp.get('/api/v2/users/{user_id}/workspaces/{workspace_id}/contents/read_status'.format(  # nopep8

  1562.             user_id=admin.user_id,

  1563.             workspace_id=workspace.workspace_id

  1564.         ), status=200) # nopep8

  1565.         assert res.json_body[0]['content_id'] == firstly_created.content_id

  1566.         assert res.json_body[0]['read_by_user'] is False

  1567.         # comment is also set as read

  1568.         assert comments.has_new_information_for(admin) is True

  1569. 

  1570. 

  1571. class TestUserSetContentAsUnread(FunctionalTest):

  1572.     """

  1573.     Tests for /api/v2/users/{user_id}/workspaces/{workspace_id}/contents/{content_id}/unread  # nopep8

  1574.     """

  1575.     def test_api_set_content_as_unread__ok__200__admin(self):

  1576.         # init DB

  1577.         dbsession = get_tm_session(self.session_factory, transaction.manager)

  1578.         admin = dbsession.query(models.User) \

  1579.             .filter(models.User.email == 'admin@admin.admin') \

  1580.             .one()

  1581.         workspace_api = WorkspaceApi(

  1582.             current_user=admin,

  1583.             session=dbsession,

  1584.             config=self.app_config

  1585. 

  1586.         )

  1587.         workspace = WorkspaceApi(

  1588.             current_user=admin,

  1589.             session=dbsession,

  1590.             config=self.app_config,

  1591.         ).create_workspace(

  1592.             'test workspace',

  1593.             save_now=True

  1594.         )

  1595.         uapi = UserApi(

  1596.             current_user=admin,

  1597.             session=dbsession,

  1598.             config=self.app_config,

  1599.         )

  1600.         gapi = GroupApi(

  1601.             current_user=admin,

  1602.             session=dbsession,

  1603.             config=self.app_config,

  1604.         )

  1605.         groups = [gapi.get_one_with_name('users')]

  1606.         test_user = uapi.create_user(

  1607.             email='test@test.test',

  1608.             password='pass',

  1609.             name='bob',

  1610.             groups=groups,

  1611.             timezone='Europe/Paris',

  1612.             do_save=True,

  1613.             do_notify=False,

  1614.         )

  1615.         rapi = RoleApi(

  1616.             current_user=admin,

  1617.             session=dbsession,

  1618.             config=self.app_config,

  1619.         )

  1620.         rapi.create_one(test_user, workspace, UserRoleInWorkspace.READER, False)

  1621.         api = ContentApi(

  1622.             current_user=admin,

  1623.             session=dbsession,

  1624.             config=self.app_config,

  1625.         )

  1626.         api2 = ContentApi(

  1627.             current_user=test_user,

  1628.             session=dbsession,

  1629.             config=self.app_config,

  1630.         )

  1631.         main_folder = api.create(CONTENT_TYPES.Folder.slug, workspace, None, 'this is randomized folder', '', True)  # nopep8

  1632.         # creation order test

  1633.         firstly_created = api.create(CONTENT_TYPES.Page.slug, workspace, main_folder, 'creation_order_test', '', True)  # nopep8

  1634.         api.mark_read(firstly_created)

  1635.         api2.mark_read(firstly_created)

  1636.         dbsession.flush()

  1637.         transaction.commit()

  1638. 

  1639.         self.testapp.authorization = (

  1640.             'Basic',

  1641.             (

  1642.                 'admin@admin.admin',

  1643.                 'admin@admin.admin'

  1644.             )

  1645.         )

  1646.         # before

  1647.         res = self.testapp.get('/api/v2/users/{user_id}/workspaces/{workspace_id}/contents/read_status'.format(  # nopep8

  1648.             user_id=test_user.user_id,

  1649.             workspace_id=workspace.workspace_id

  1650.         ), status=200)

  1651.         assert res.json_body[0]['content_id'] == firstly_created.content_id

  1652.         assert res.json_body[0]['read_by_user'] is True

  1653. 

  1654.         res = self.testapp.get('/api/v2/users/{user_id}/workspaces/{workspace_id}/contents/read_status'.format(  # nopep8

  1655.             user_id=admin.user_id,

  1656.             workspace_id=workspace.workspace_id

  1657.         ), status=200)

  1658.         assert res.json_body[0]['content_id'] == firstly_created.content_id

  1659.         assert res.json_body[0]['read_by_user'] is True

  1660. 

  1661.         # unread

  1662.         self.testapp.put(

  1663.             '/api/v2/users/{user_id}/workspaces/{workspace_id}/contents/{content_id}/unread'.format(  # nopep8

  1664.                 workspace_id=workspace.workspace_id,

  1665.                 content_id=firstly_created.content_id,

  1666.                 user_id=test_user.user_id,

  1667.             )

  1668.         )

  1669.         # after

  1670.         res = self.testapp.get('/api/v2/users/{user_id}/workspaces/{workspace_id}/contents/read_status'.format(  # nopep8

  1671.             user_id=test_user.user_id,

  1672.             workspace_id=workspace.workspace_id

  1673.         ), status=200)

  1674.         assert res.json_body[0]['content_id'] == firstly_created.content_id

  1675.         assert res.json_body[0]['read_by_user'] is False

  1676. 

  1677.         res = self.testapp.get('/api/v2/users/{user_id}/workspaces/{workspace_id}/contents/read_status'.format(  # nopep8

  1678.             user_id=admin.user_id,

  1679.             workspace_id=workspace.workspace_id

  1680.         ), status=200)

  1681.         assert res.json_body[0]['content_id'] == firstly_created.content_id

  1682.         assert res.json_body[0]['read_by_user'] is True

  1683. 

  1684.     def test_api_set_content_as_unread__err__400__admin_workspace_do_not_exist(self):

  1685.         # init DB

  1686.         dbsession = get_tm_session(self.session_factory, transaction.manager)

  1687.         admin = dbsession.query(models.User) \

  1688.             .filter(models.User.email == 'admin@admin.admin') \

  1689.             .one()

  1690.         workspace_api = WorkspaceApi(

  1691.             current_user=admin,

  1692.             session=dbsession,

  1693.             config=self.app_config

  1694. 

  1695.         )

  1696.         workspace = WorkspaceApi(

  1697.             current_user=admin,

  1698.             session=dbsession,

  1699.             config=self.app_config,

  1700.         ).create_workspace(

  1701.             'test workspace',

  1702.             save_now=True

  1703.         )

  1704.         uapi = UserApi(

  1705.             current_user=admin,

  1706.             session=dbsession,

  1707.             config=self.app_config,

  1708.         )

  1709.         gapi = GroupApi(

  1710.             current_user=admin,

  1711.             session=dbsession,

  1712.             config=self.app_config,

  1713.         )

  1714.         groups = [gapi.get_one_with_name('users')]

  1715.         test_user = uapi.create_user(

  1716.             email='test@test.test',

  1717.             password='pass',

  1718.             name='bob',

  1719.             groups=groups,

  1720.             timezone='Europe/Paris',

  1721.             do_save=True,

  1722.             do_notify=False,

  1723.         )

  1724.         rapi = RoleApi(

  1725.             current_user=admin,

  1726.             session=dbsession,

  1727.             config=self.app_config,

  1728.         )

  1729.         rapi.create_one(test_user, workspace, UserRoleInWorkspace.READER, False)

  1730.         api = ContentApi(

  1731.             current_user=admin,

  1732.             session=dbsession,

  1733.             config=self.app_config,

  1734.         )

  1735.         api2 = ContentApi(

  1736.             current_user=test_user,

  1737.             session=dbsession,

  1738.             config=self.app_config,

  1739.         )

  1740.         main_folder = api.create(CONTENT_TYPES.Folder.slug, workspace, None, 'this is randomized folder', '', True)  # nopep8

  1741.         # creation order test

  1742.         firstly_created = api.create(CONTENT_TYPES.Page.slug, workspace, main_folder, 'creation_order_test', '', True)  # nopep8

  1743.         api.mark_read(firstly_created)

  1744.         api2.mark_read(firstly_created)

  1745.         dbsession.flush()

  1746.         transaction.commit()

  1747. 

  1748.         self.testapp.authorization = (

  1749.             'Basic',

  1750.             (

  1751.                 'admin@admin.admin',

  1752.                 'admin@admin.admin'

  1753.             )

  1754.         )

  1755.         # unread

  1756.         self.testapp.put(

  1757.             '/api/v2/users/{user_id}/workspaces/{workspace_id}/contents/{content_id}/unread'.format(  # nopep8

  1758.                 workspace_id=4000,

  1759.                 content_id=firstly_created.content_id,

  1760.                 user_id=test_user.user_id,

  1761.             ),

  1762.             status=400,

  1763.         )

  1764. 

  1765.     def test_api_set_content_as_unread__err__400__admin_content_do_not_exist(self):

  1766.         # init DB

  1767.         dbsession = get_tm_session(self.session_factory, transaction.manager)

  1768.         admin = dbsession.query(models.User) \

  1769.             .filter(models.User.email == 'admin@admin.admin') \

  1770.             .one()

  1771.         workspace_api = WorkspaceApi(

  1772.             current_user=admin,

  1773.             session=dbsession,

  1774.             config=self.app_config

  1775. 

  1776.         )

  1777.         workspace = WorkspaceApi(

  1778.             current_user=admin,

  1779.             session=dbsession,

  1780.             config=self.app_config,

  1781.         ).create_workspace(

  1782.             'test workspace',

  1783.             save_now=True

  1784.         )

  1785.         uapi = UserApi(

  1786.             current_user=admin,

  1787.             session=dbsession,

  1788.             config=self.app_config,

  1789.         )

  1790.         gapi = GroupApi(

  1791.             current_user=admin,

  1792.             session=dbsession,

  1793.             config=self.app_config,

  1794.         )

  1795.         groups = [gapi.get_one_with_name('users')]

  1796.         test_user = uapi.create_user(

  1797.             email='test@test.test',

  1798.             password='pass',

  1799.             name='bob',

  1800.             groups=groups,

  1801.             timezone='Europe/Paris',

  1802.             do_save=True,

  1803.             do_notify=False,

  1804.         )

  1805.         rapi = RoleApi(

  1806.             current_user=admin,

  1807.             session=dbsession,

  1808.             config=self.app_config,

  1809.         )

  1810.         rapi.create_one(test_user, workspace, UserRoleInWorkspace.READER, False)

  1811.         api = ContentApi(

  1812.             current_user=admin,

  1813.             session=dbsession,

  1814.             config=self.app_config,

  1815.         )

  1816.         api2 = ContentApi(

  1817.             current_user=test_user,

  1818.             session=dbsession,

  1819.             config=self.app_config,

  1820.         )

  1821.         main_folder = api.create(CONTENT_TYPES.Folder.slug, workspace, None, 'this is randomized folder', '', True)  # nopep8

  1822.         # creation order test

  1823.         firstly_created = api.create(CONTENT_TYPES.Page.slug, workspace, main_folder, 'creation_order_test', '', True)  # nopep8

  1824.         api.mark_read(firstly_created)

  1825.         api2.mark_read(firstly_created)

  1826.         dbsession.flush()

  1827.         transaction.commit()

  1828. 

  1829.         self.testapp.authorization = (

  1830.             'Basic',

  1831.             (

  1832.                 'admin@admin.admin',

  1833.                 'admin@admin.admin'

  1834.             )

  1835.         )

  1836. 

  1837.         # unread

  1838.         self.testapp.put(

  1839.             '/api/v2/users/{user_id}/workspaces/{workspace_id}/contents/{content_id}/unread'.format(  # nopep8

  1840.                 workspace_id=workspace.workspace_id,

  1841.                 content_id=4000,

  1842.                 user_id=test_user.user_id,

  1843.             ),

  1844.             status=400,

  1845.         )

  1846. 

  1847.     def test_api_set_content_as_unread__ok__200__user_itself(self):

  1848.         # init DB

  1849.         dbsession = get_tm_session(self.session_factory, transaction.manager)

  1850.         admin = dbsession.query(models.User) \

  1851.             .filter(models.User.email == 'admin@admin.admin') \

  1852.             .one()

  1853.         workspace_api = WorkspaceApi(

  1854.             current_user=admin,

  1855.             session=dbsession,

  1856.             config=self.app_config

  1857. 

  1858.         )

  1859.         workspace = WorkspaceApi(

  1860.             current_user=admin,

  1861.             session=dbsession,

  1862.             config=self.app_config,

  1863.         ).create_workspace(

  1864.             'test workspace',

  1865.             save_now=True

  1866.         )

  1867.         uapi = UserApi(

  1868.             current_user=admin,

  1869.             session=dbsession,

  1870.             config=self.app_config,

  1871.         )

  1872.         gapi = GroupApi(

  1873.             current_user=admin,

  1874.             session=dbsession,

  1875.             config=self.app_config,

  1876.         )

  1877.         groups = [gapi.get_one_with_name('users')]

  1878.         test_user = uapi.create_user(

  1879.             email='test@test.test',

  1880.             password='pass',

  1881.             name='bob',

  1882.             groups=groups,

  1883.             timezone='Europe/Paris',

  1884.             do_save=True,

  1885.             do_notify=False,

  1886.         )

  1887.         rapi = RoleApi(

  1888.             current_user=admin,

  1889.             session=dbsession,

  1890.             config=self.app_config,

  1891.         )

  1892.         rapi.create_one(test_user, workspace, UserRoleInWorkspace.READER, False)

  1893.         api = ContentApi(

  1894.             current_user=admin,

  1895.             session=dbsession,

  1896.             config=self.app_config,

  1897.         )

  1898.         api2 = ContentApi(

  1899.             current_user=test_user,

  1900.             session=dbsession,

  1901.             config=self.app_config,

  1902.         )

  1903.         main_folder = api.create(CONTENT_TYPES.Folder.slug, workspace, None, 'this is randomized folder', '', True)  # nopep8

  1904.         # creation order test

  1905.         firstly_created = api.create(CONTENT_TYPES.Page.slug, workspace, main_folder, 'creation_order_test', '', True)  # nopep8

  1906.         api.mark_read(firstly_created)

  1907.         api2.mark_read(firstly_created)

  1908.         dbsession.flush()

  1909.         transaction.commit()

  1910. 

  1911.         self.testapp.authorization = (

  1912.             'Basic',

  1913.             (

  1914.                 'test@test.test',

  1915.                 'pass'

  1916.             )

  1917.         )

  1918.         # before

  1919.         res = self.testapp.get('/api/v2/users/{user_id}/workspaces/{workspace_id}/contents/read_status'.format(  # nopep8

  1920.             user_id=test_user.user_id,

  1921.             workspace_id=workspace.workspace_id

  1922.         ), status=200)

  1923.         assert res.json_body[0]['content_id'] == firstly_created.content_id

  1924.         assert res.json_body[0]['read_by_user'] is True

  1925. 

  1926.         # unread

  1927.         self.testapp.put(

  1928.             '/api/v2/users/{user_id}/workspaces/{workspace_id}/contents/{content_id}/unread'.format(  # nopep8

  1929.                 workspace_id=workspace.workspace_id,

  1930.                 content_id=firstly_created.content_id,

  1931.                 user_id=test_user.user_id,

  1932.             )

  1933.         )

  1934.         # after

  1935.         res = self.testapp.get('/api/v2/users/{user_id}/workspaces/{workspace_id}/contents/read_status'.format(  # nopep8

  1936.             user_id=test_user.user_id,

  1937.             workspace_id=workspace.workspace_id

  1938.         ), status=200)

  1939.         assert res.json_body[0]['content_id'] == firstly_created.content_id

  1940.         assert res.json_body[0]['read_by_user'] is False

  1941. 

  1942.     def test_api_set_content_as_unread__err__403__other_user(self):

  1943.         # init DB

  1944.         dbsession = get_tm_session(self.session_factory, transaction.manager)

  1945.         admin = dbsession.query(models.User) \

  1946.             .filter(models.User.email == 'admin@admin.admin') \

  1947.             .one()

  1948.         workspace_api = WorkspaceApi(

  1949.             current_user=admin,

  1950.             session=dbsession,

  1951.             config=self.app_config

  1952. 

  1953.         )

  1954.         workspace = WorkspaceApi(

  1955.             current_user=admin,

  1956.             session=dbsession,

  1957.             config=self.app_config,

  1958.         ).create_workspace(

  1959.             'test workspace',

  1960.             save_now=True

  1961.         )

  1962.         uapi = UserApi(

  1963.             current_user=admin,

  1964.             session=dbsession,

  1965.             config=self.app_config,

  1966.         )

  1967.         gapi = GroupApi(

  1968.             current_user=admin,

  1969.             session=dbsession,

  1970.             config=self.app_config,

  1971.         )

  1972.         groups = [gapi.get_one_with_name('users')]

  1973.         test_user = uapi.create_user(

  1974.             email='test@test.test',

  1975.             password='pass',

  1976.             name='bob',

  1977.             groups=groups,

  1978.             timezone='Europe/Paris',

  1979.             do_save=True,

  1980.             do_notify=False,

  1981.         )

  1982.         rapi = RoleApi(

  1983.             current_user=admin,

  1984.             session=dbsession,

  1985.             config=self.app_config,

  1986.         )

  1987.         rapi.create_one(test_user, workspace, UserRoleInWorkspace.READER, False)

  1988.         api = ContentApi(

  1989.             current_user=admin,

  1990.             session=dbsession,

  1991.             config=self.app_config,

  1992.         )

  1993.         api2 = ContentApi(

  1994.             current_user=test_user,

  1995.             session=dbsession,

  1996.             config=self.app_config,

  1997.         )

  1998.         main_folder = api.create(CONTENT_TYPES.Folder.slug, workspace, None, 'this is randomized folder', '', True)  # nopep8

  1999.         # creation order test

  2000.         firstly_created = api.create(CONTENT_TYPES.Page.slug, workspace, main_folder, 'creation_order_test', '', True)  # nopep8

  2001.         api.mark_read(firstly_created)

  2002.         api2.mark_read(firstly_created)

  2003.         dbsession.flush()

  2004.         transaction.commit()

  2005. 

  2006.         self.testapp.authorization = (

  2007.             'Basic',

  2008.             (

  2009.                 'test@test.test',

  2010.                 'pass'

  2011.             )

  2012.         )

  2013. 

  2014.         # unread

  2015.         self.testapp.put(

  2016.             '/api/v2/users/{user_id}/workspaces/{workspace_id}/contents/{content_id}/unread'.format(  # nopep8

  2017.                 workspace_id=workspace.workspace_id,

  2018.                 content_id=firstly_created.content_id,

  2019.                 user_id=admin.user_id,

  2020.             ),

  2021.             status=403,

  2022.         )

  2023. 

  2024.     def test_api_set_content_as_unread__ok__200__with_comments(self):

  2025.         # init DB

  2026.         dbsession = get_tm_session(self.session_factory, transaction.manager)

  2027.         admin = dbsession.query(models.User) \

  2028.             .filter(models.User.email == 'admin@admin.admin') \

  2029.             .one()

  2030.         workspace_api = WorkspaceApi(

  2031.             current_user=admin,

  2032.             session=dbsession,

  2033.             config=self.app_config

  2034. 

  2035.         )

  2036.         workspace = WorkspaceApi(

  2037.             current_user=admin,

  2038.             session=dbsession,

  2039.             config=self.app_config,

  2040.         ).create_workspace(

  2041.             'test workspace',

  2042.             save_now=True

  2043.         )

  2044.         api = ContentApi(

  2045.             current_user=admin,

  2046.             session=dbsession,

  2047.             config=self.app_config,

  2048.         )

  2049.         main_folder = api.create(CONTENT_TYPES.Folder.slug, workspace, None, 'this is randomized folder', '', True)  # nopep8

  2050.         # creation order test

  2051.         firstly_created = api.create(CONTENT_TYPES.Page.slug, workspace, main_folder, 'creation_order_test', '', True)  # nopep8

  2052.         comments = api.create_comment(workspace, firstly_created, 'juste a super comment', True)  # nopep8

  2053.         api.mark_read(firstly_created)

  2054.         api.mark_read(comments)

  2055.         dbsession.flush()

  2056.         transaction.commit()

  2057. 

  2058.         self.testapp.authorization = (

  2059.             'Basic',

  2060.             (

  2061.                 'admin@admin.admin',

  2062.                 'admin@admin.admin'

  2063.             )

  2064.         )

  2065.         res = self.testapp.get('/api/v2/users/1/workspaces/{}/contents/read_status'.format(workspace.workspace_id), status=200) # nopep8

  2066.         assert res.json_body[0]['content_id'] == firstly_created.content_id

  2067.         assert res.json_body[0]['read_by_user'] is True

  2068.         self.testapp.put(

  2069.             '/api/v2/users/{user_id}/workspaces/{workspace_id}/contents/{content_id}/unread'.format(  # nopep8

  2070.                 workspace_id=workspace.workspace_id,

  2071.                 content_id=firstly_created.content_id,

  2072.                 user_id=admin.user_id,

  2073.             )

  2074.         )

  2075.         res = self.testapp.get('/api/v2/users/1/workspaces/{}/contents/read_status'.format(workspace.workspace_id), status=200)  # nopep8

  2076.         assert res.json_body[0]['content_id'] == firstly_created.content_id

  2077.         assert res.json_body[0]['read_by_user'] is False

  2078. 

  2079.         assert comments.has_new_information_for(admin) is True

  2080. 

  2081. 

  2082. class TestUserSetWorkspaceAsRead(FunctionalTest):

  2083.     """

  2084.     Tests for /api/v2/users/{user_id}/workspaces/{workspace_id}/read

  2085.     """

  2086.     def test_api_set_content_as_read__ok__200__admin(self):

  2087.         # init DB

  2088.         dbsession = get_tm_session(self.session_factory, transaction.manager)

  2089.         admin = dbsession.query(models.User) \

  2090.             .filter(models.User.email == 'admin@admin.admin') \

  2091.             .one()

  2092.         workspace_api = WorkspaceApi(

  2093.             current_user=admin,

  2094.             session=dbsession,

  2095.             config=self.app_config

  2096. 

  2097.         )

  2098.         workspace = WorkspaceApi(

  2099.             current_user=admin,

  2100.             session=dbsession,

  2101.             config=self.app_config,

  2102.         ).create_workspace(

  2103.             'test workspace',

  2104.             save_now=True

  2105.         )

  2106.         uapi = UserApi(

  2107.             current_user=admin,

  2108.             session=dbsession,

  2109.             config=self.app_config,

  2110.         )

  2111.         gapi = GroupApi(

  2112.             current_user=admin,

  2113.             session=dbsession,

  2114.             config=self.app_config,

  2115.         )

  2116.         groups = [gapi.get_one_with_name('users')]

  2117.         test_user = uapi.create_user(

  2118.             email='test@test.test',

  2119.             password='pass',

  2120.             name='bob',

  2121.             groups=groups,

  2122.             timezone='Europe/Paris',

  2123.             do_save=True,

  2124.             do_notify=False,

  2125.         )

  2126.         rapi = RoleApi(

  2127.             current_user=admin,

  2128.             session=dbsession,

  2129.             config=self.app_config,

  2130.         )

  2131.         rapi.create_one(test_user, workspace, UserRoleInWorkspace.READER, False)

  2132.         api = ContentApi(

  2133.             current_user=admin,

  2134.             session=dbsession,

  2135.             config=self.app_config,

  2136.         )

  2137.         api2 = ContentApi(

  2138.             current_user=test_user,

  2139.             session=dbsession,

  2140.             config=self.app_config,

  2141.         )

  2142.         main_folder = api.create(CONTENT_TYPES.Folder.slug, workspace, None, 'this is randomized folder', '', True)  # nopep8

  2143.         # creation order test

  2144.         firstly_created = api.create(CONTENT_TYPES.Page.slug, workspace, main_folder, 'creation_order_test', '', True)  # nopep8

  2145.         api.mark_unread(main_folder)

  2146.         api.mark_unread(firstly_created)

  2147.         api2.mark_unread(main_folder)

  2148.         api2.mark_unread(firstly_created)

  2149.         dbsession.flush()

  2150.         transaction.commit()

  2151. 

  2152.         self.testapp.authorization = (

  2153.             'Basic',

  2154.             (

  2155.                 'admin@admin.admin',

  2156.                 'admin@admin.admin'

  2157.             )

  2158.         )

  2159.         res = self.testapp.get('/api/v2/users/{user_id}/workspaces/{workspace_id}/contents/read_status'.format(  # nopep8

  2160.             user_id=test_user.user_id,

  2161.             workspace_id=workspace.workspace_id

  2162.         ), status=200)

  2163.         assert res.json_body[0]['content_id'] == firstly_created.content_id

  2164.         assert res.json_body[0]['read_by_user'] is False

  2165.         assert res.json_body[1]['content_id'] == main_folder.content_id

  2166.         assert res.json_body[1]['read_by_user'] is False

  2167.         self.testapp.put(

  2168.             '/api/v2/users/{user_id}/workspaces/{workspace_id}/read'.format(  # nopep8

  2169.                 workspace_id=workspace.workspace_id,

  2170.                 content_id=firstly_created.content_id,

  2171.                 user_id=test_user.user_id,

  2172.             )

  2173.         )

  2174.         res = self.testapp.get('/api/v2/users/{user_id}/workspaces/{workspace_id}/contents/read_status'.format(  # nopep8

  2175.             user_id=test_user.user_id,

  2176.             workspace_id=workspace.workspace_id

  2177.         ), status=200)

  2178.         assert res.json_body[0]['content_id'] == firstly_created.content_id

  2179.         assert res.json_body[0]['read_by_user'] is True

  2180.         assert res.json_body[1]['content_id'] == main_folder.content_id

  2181.         assert res.json_body[1]['read_by_user'] is True

  2182. 

  2183.     def test_api_set_content_as_read__ok__200__user_itself(self):

  2184.         # init DB

  2185.         dbsession = get_tm_session(self.session_factory, transaction.manager)

  2186.         admin = dbsession.query(models.User) \

  2187.             .filter(models.User.email == 'admin@admin.admin') \

  2188.             .one()

  2189.         workspace_api = WorkspaceApi(

  2190.             current_user=admin,

  2191.             session=dbsession,

  2192.             config=self.app_config

  2193. 

  2194.         )

  2195.         workspace = WorkspaceApi(

  2196.             current_user=admin,

  2197.             session=dbsession,

  2198.             config=self.app_config,

  2199.         ).create_workspace(

  2200.             'test workspace',

  2201.             save_now=True

  2202.         )

  2203.         uapi = UserApi(

  2204.             current_user=admin,

  2205.             session=dbsession,

  2206.             config=self.app_config,

  2207.         )

  2208.         gapi = GroupApi(

  2209.             current_user=admin,

  2210.             session=dbsession,

  2211.             config=self.app_config,

  2212.         )

  2213.         groups = [gapi.get_one_with_name('users')]

  2214.         test_user = uapi.create_user(

  2215.             email='test@test.test',

  2216.             password='pass',

  2217.             name='bob',

  2218.             groups=groups,

  2219.             timezone='Europe/Paris',

  2220.             do_save=True,

  2221.             do_notify=False,

  2222.         )

  2223.         rapi = RoleApi(

  2224.             current_user=admin,

  2225.             session=dbsession,

  2226.             config=self.app_config,

  2227.         )

  2228.         rapi.create_one(test_user, workspace, UserRoleInWorkspace.READER, False)

  2229.         api = ContentApi(

  2230.             current_user=admin,

  2231.             session=dbsession,

  2232.             config=self.app_config,

  2233.         )

  2234.         api2 = ContentApi(

  2235.             current_user=test_user,

  2236.             session=dbsession,

  2237.             config=self.app_config,

  2238.         )

  2239.         main_folder = api.create(CONTENT_TYPES.Folder.slug, workspace, None, 'this is randomized folder', '', True)  # nopep8

  2240.         # creation order test

  2241.         firstly_created = api.create(CONTENT_TYPES.Page.slug, workspace, main_folder, 'creation_order_test', '', True)  # nopep8

  2242.         api.mark_unread(main_folder)

  2243.         api.mark_unread(firstly_created)

  2244.         api2.mark_unread(main_folder)

  2245.         api2.mark_unread(firstly_created)

  2246.         dbsession.flush()

  2247.         transaction.commit()

  2248. 

  2249.         self.testapp.authorization = (

  2250.             'Basic',

  2251.             (

  2252.                 'test@test.test',

  2253.                 'pass'

  2254.             )

  2255.         )

  2256.         res = self.testapp.get('/api/v2/users/{user_id}/workspaces/{workspace_id}/contents/read_status'.format(  # nopep8

  2257.             user_id=test_user.user_id,

  2258.             workspace_id=workspace.workspace_id

  2259.         ), status=200)

  2260.         assert res.json_body[0]['content_id'] == firstly_created.content_id

  2261.         assert res.json_body[0]['read_by_user'] is False

  2262.         assert res.json_body[1]['content_id'] == main_folder.content_id

  2263.         assert res.json_body[1]['read_by_user'] is False

  2264.         self.testapp.put(

  2265.             '/api/v2/users/{user_id}/workspaces/{workspace_id}/read'.format(  # nopep8

  2266.                 workspace_id=workspace.workspace_id,

  2267.                 content_id=firstly_created.content_id,

  2268.                 user_id=test_user.user_id,

  2269.             )

  2270.         )

  2271.         res = self.testapp.get('/api/v2/users/{user_id}/workspaces/{workspace_id}/contents/read_status'.format(  # nopep8

  2272.             user_id=test_user.user_id,

  2273.             workspace_id=workspace.workspace_id

  2274.         ), status=200)

  2275.         assert res.json_body[0]['content_id'] == firstly_created.content_id

  2276.         assert res.json_body[0]['read_by_user'] is True

  2277.         assert res.json_body[1]['content_id'] == main_folder.content_id

  2278.         assert res.json_body[1]['read_by_user'] is True

  2279. 

  2280.     def test_api_set_content_as_read__err__403__other_user(self):

  2281.         # init DB

  2282.         dbsession = get_tm_session(self.session_factory, transaction.manager)

  2283.         admin = dbsession.query(models.User) \

  2284.             .filter(models.User.email == 'admin@admin.admin') \

  2285.             .one()

  2286.         workspace_api = WorkspaceApi(

  2287.             current_user=admin,

  2288.             session=dbsession,

  2289.             config=self.app_config

  2290. 

  2291.         )

  2292.         workspace = WorkspaceApi(

  2293.             current_user=admin,

  2294.             session=dbsession,

  2295.             config=self.app_config,

  2296.         ).create_workspace(

  2297.             'test workspace',

  2298.             save_now=True

  2299.         )

  2300.         uapi = UserApi(

  2301.             current_user=admin,

  2302.             session=dbsession,

  2303.             config=self.app_config,

  2304.         )

  2305.         gapi = GroupApi(

  2306.             current_user=admin,

  2307.             session=dbsession,

  2308.             config=self.app_config,

  2309.         )

  2310.         groups = [gapi.get_one_with_name('users')]

  2311.         test_user = uapi.create_user(

  2312.             email='test@test.test',

  2313.             password='pass',

  2314.             name='bob',

  2315.             groups=groups,

  2316.             timezone='Europe/Paris',

  2317.             do_save=True,

  2318.             do_notify=False,

  2319.         )

  2320.         rapi = RoleApi(

  2321.             current_user=admin,

  2322.             session=dbsession,

  2323.             config=self.app_config,

  2324.         )

  2325.         rapi.create_one(test_user, workspace, UserRoleInWorkspace.READER, False)

  2326.         api = ContentApi(

  2327.             current_user=admin,

  2328.             session=dbsession,

  2329.             config=self.app_config,

  2330.         )

  2331.         api2 = ContentApi(

  2332.             current_user=test_user,

  2333.             session=dbsession,

  2334.             config=self.app_config,

  2335.         )

  2336.         main_folder = api.create(CONTENT_TYPES.Folder.slug, workspace, None, 'this is randomized folder', '', True)  # nopep8

  2337.         # creation order test

  2338.         firstly_created = api.create(CONTENT_TYPES.Page.slug, workspace, main_folder, 'creation_order_test', '', True)  # nopep8

  2339.         api.mark_unread(main_folder)

  2340.         api.mark_unread(firstly_created)

  2341.         api2.mark_unread(main_folder)

  2342.         api2.mark_unread(firstly_created)

  2343.         dbsession.flush()

  2344.         transaction.commit()

  2345. 

  2346.         self.testapp.authorization = (

  2347.             'Basic',

  2348.             (

  2349.                 'test@test.test',

  2350.                 'pass'

  2351.             )

  2352.         )

  2353.         self.testapp.put(

  2354.             '/api/v2/users/{user_id}/workspaces/{workspace_id}/read'.format(  # nopep8

  2355.                 workspace_id=workspace.workspace_id,

  2356.                 content_id=firstly_created.content_id,

  2357.                 user_id=admin.user_id,

  2358.             ),

  2359.             status=403,

  2360.         )

  2361. 

  2362. 

  2363. class TestUserWorkspaceEndpoint(FunctionalTest):

  2364.     """

  2365.     Tests for /api/v2/users/{user_id}/workspaces

  2366.     """

  2367.     fixtures = [BaseFixture, ContentFixtures]

  2368. 

  2369.     def test_api__get_user_workspaces__ok_200__nominal_case(self):

  2370.         """

  2371.         Check obtain all workspaces reachables for user with user auth.

  2372.         """

  2373.         self.testapp.authorization = (

  2374.             'Basic',

  2375.             (

  2376.                 'admin@admin.admin',

  2377.                 'admin@admin.admin'

  2378.             )

  2379.         )

  2380.         res = self.testapp.get('/api/v2/users/1/workspaces', status=200)

  2381.         res = res.json_body

  2382.         workspace = res[0]

  2383.         assert workspace['workspace_id'] == 1

  2384.         assert workspace['label'] == 'Business'

  2385.         assert workspace['slug'] == 'business'

  2386.         assert workspace['is_deleted'] is False

  2387.         assert len(workspace['sidebar_entries']) == 5

  2388. 

  2389.         # TODO - G.M - 2018-08-02 - Better test for sidebar entry, make it

  2390.         # not fixed on active application/content-file

  2391.         sidebar_entry = workspace['sidebar_entries'][0]

  2392.         assert sidebar_entry['slug'] == 'dashboard'

  2393.         assert sidebar_entry['label'] == 'Dashboard'

  2394.         assert sidebar_entry['route'] == '/#/workspaces/1/dashboard'  # nopep8

  2395.         assert sidebar_entry['hexcolor'] == "#252525"

  2396.         assert sidebar_entry['fa_icon'] == "signal"

  2397. 

  2398.         sidebar_entry = workspace['sidebar_entries'][1]

  2399.         assert sidebar_entry['slug'] == 'contents/all'

  2400.         assert sidebar_entry['label'] == 'All Contents'

  2401.         assert sidebar_entry['route'] == "/#/workspaces/1/contents"  # nopep8

  2402.         assert sidebar_entry['hexcolor'] == "#fdfdfd"

  2403.         assert sidebar_entry['fa_icon'] == "th"

  2404. 

  2405.         sidebar_entry = workspace['sidebar_entries'][2]

  2406.         assert sidebar_entry['slug'] == 'contents/html-document'

  2407.         assert sidebar_entry['label'] == 'Text Documents'

  2408.         assert sidebar_entry['route'] == '/#/workspaces/1/contents?type=html-document'  # nopep8

  2409.         assert sidebar_entry['hexcolor'] == "#3f52e3"

  2410.         assert sidebar_entry['fa_icon'] == "file-text-o"

  2411. 

  2412.         sidebar_entry = workspace['sidebar_entries'][3]

  2413.         assert sidebar_entry['slug'] == 'contents/file'

  2414.         assert sidebar_entry['label'] == 'Files'

  2415.         assert sidebar_entry['route'] == "/#/workspaces/1/contents?type=file"  # nopep8

  2416.         assert sidebar_entry['hexcolor'] == "#FF9900"

  2417.         assert sidebar_entry['fa_icon'] == "paperclip"

  2418. 

  2419.         sidebar_entry = workspace['sidebar_entries'][4]

  2420.         assert sidebar_entry['slug'] == 'contents/thread'

  2421.         assert sidebar_entry['label'] == 'Threads'

  2422.         assert sidebar_entry['route'] == "/#/workspaces/1/contents?type=thread"  # nopep8

  2423.         assert sidebar_entry['hexcolor'] == "#ad4cf9"

  2424.         assert sidebar_entry['fa_icon'] == "comments-o"

  2425. 

  2426. 

  2427.     def test_api__get_user_workspaces__err_403__unallowed_user(self):

  2428.         """

  2429.         Check obtain all workspaces reachables for one user

  2430.         with another non-admin user auth.

  2431.         """

  2432.         self.testapp.authorization = (

  2433.             'Basic',

  2434.             (

  2435.                 'lawrence-not-real-email@fsf.local',

  2436.                 'foobarbaz'

  2437.             )

  2438.         )

  2439.         res = self.testapp.get('/api/v2/users/1/workspaces', status=403)

  2440.         assert isinstance(res.json, dict)

  2441.         assert 'code' in res.json.keys()

  2442.         assert 'message' in res.json.keys()

  2443.         assert 'details' in res.json.keys()

  2444. 

  2445.     def test_api__get_user_workspaces__err_401__unregistered_user(self):

  2446.         """

  2447.         Check obtain all workspaces reachables for one user

  2448.         without correct user auth (user unregistered).

  2449.         """

  2450.         self.testapp.authorization = (

  2451.             'Basic',

  2452.             (

  2453.                 'john@doe.doe',

  2454.                 'lapin'

  2455.             )

  2456.         )

  2457.         res = self.testapp.get('/api/v2/users/1/workspaces', status=401)

  2458.         assert isinstance(res.json, dict)

  2459.         assert 'code' in res.json.keys()

  2460.         assert 'message' in res.json.keys()

  2461.         assert 'details' in res.json.keys()

  2462. 

  2463.     def test_api__get_user_workspaces__err_400__user_does_not_exist(self):

  2464.         """

  2465.         Check obtain all workspaces reachables for one user who does

  2466.         not exist

  2467.         with a correct user auth.

  2468.         """

  2469.         self.testapp.authorization = (

  2470.             'Basic',

  2471.             (

  2472.                 'admin@admin.admin',

  2473.                 'admin@admin.admin'

  2474.             )

  2475.         )

  2476.         res = self.testapp.get('/api/v2/users/5/workspaces', status=400)

  2477.         assert isinstance(res.json, dict)

  2478.         assert 'code' in res.json.keys()

  2479.         assert 'message' in res.json.keys()

  2480.         assert 'details' in res.json.keys()

  2481. 

  2482. 

  2483. class TestUserEndpoint(FunctionalTest):

  2484.     # -*- coding: utf-8 -*-

  2485.     """

  2486.     Tests for GET /api/v2/users/{user_id}

  2487.     """

  2488.     fixtures = [BaseFixture]

  2489. 

  2490.     def test_api__get_user__ok_200__admin(self):

  2491.         dbsession = get_tm_session(self.session_factory, transaction.manager)

  2492.         admin = dbsession.query(models.User) \

  2493.             .filter(models.User.email == 'admin@admin.admin') \

  2494.             .one()

  2495.         uapi = UserApi(

  2496.             current_user=admin,

  2497.             session=dbsession,

  2498.             config=self.app_config,

  2499.         )

  2500.         gapi = GroupApi(

  2501.             current_user=admin,

  2502.             session=dbsession,

  2503.             config=self.app_config,

  2504.         )

  2505.         groups = [gapi.get_one_with_name('users')]

  2506.         test_user = uapi.create_user(

  2507.             email='test@test.test',

  2508.             password='pass',

  2509.             name='bob',

  2510.             groups=groups,

  2511.             timezone='Europe/Paris',

  2512.             do_save=True,

  2513.             do_notify=False,

  2514.         )

  2515.         uapi.save(test_user)

  2516.         transaction.commit()

  2517.         user_id = int(test_user.user_id)

  2518. 

  2519.         self.testapp.authorization = (

  2520.             'Basic',

  2521.             (

  2522.                 'admin@admin.admin',

  2523.                 'admin@admin.admin'

  2524.             )

  2525.         )

  2526.         res = self.testapp.get(

  2527.             '/api/v2/users/{}'.format(user_id),

  2528.             status=200

  2529.         )

  2530.         res = res.json_body

  2531.         assert res['user_id'] == user_id

  2532.         assert res['created']

  2533.         assert res['is_active'] is True

  2534.         assert res['profile'] == 'users'

  2535.         assert res['email'] == 'test@test.test'

  2536.         assert res['public_name'] == 'bob'

  2537.         assert res['timezone'] == 'Europe/Paris'

  2538.         assert res['is_deleted'] is False

  2539. 

  2540.     def test_api__get_user__ok_200__user_itself(self):

  2541.         dbsession = get_tm_session(self.session_factory, transaction.manager)

  2542.         admin = dbsession.query(models.User) \

  2543.             .filter(models.User.email == 'admin@admin.admin') \

  2544.             .one()

  2545.         uapi = UserApi(

  2546.             current_user=admin,

  2547.             session=dbsession,

  2548.             config=self.app_config,

  2549.         )

  2550.         gapi = GroupApi(

  2551.             current_user=admin,

  2552.             session=dbsession,

  2553.             config=self.app_config,

  2554.         )

  2555.         groups = [gapi.get_one_with_name('users')]

  2556.         test_user = uapi.create_user(

  2557.             email='test@test.test',

  2558.             password='pass',

  2559.             name='bob',

  2560.             groups=groups,

  2561.             timezone='Europe/Paris',

  2562.             do_save=True,

  2563.             do_notify=False,

  2564.         )

  2565.         uapi.save(test_user)

  2566.         transaction.commit()

  2567.         user_id = int(test_user.user_id)

  2568. 

  2569.         self.testapp.authorization = (

  2570.             'Basic',

  2571.             (

  2572.                 'test@test.test',

  2573.                 'pass'

  2574.             )

  2575.         )

  2576.         res = self.testapp.get(

  2577.             '/api/v2/users/{}'.format(user_id),

  2578.             status=200

  2579.         )

  2580.         res = res.json_body

  2581.         assert res['user_id'] == user_id

  2582.         assert res['created']

  2583.         assert res['is_active'] is True

  2584.         assert res['profile'] == 'users'

  2585.         assert res['email'] == 'test@test.test'

  2586.         assert res['public_name'] == 'bob'

  2587.         assert res['timezone'] == 'Europe/Paris'

  2588.         assert res['is_deleted'] is False

  2589. 

  2590.     def test_api__get_user__err_403__other_normal_user(self):

  2591.         dbsession = get_tm_session(self.session_factory, transaction.manager)

  2592.         admin = dbsession.query(models.User) \

  2593.             .filter(models.User.email == 'admin@admin.admin') \

  2594.             .one()

  2595.         uapi = UserApi(

  2596.             current_user=admin,

  2597.             session=dbsession,

  2598.             config=self.app_config,

  2599.         )

  2600.         gapi = GroupApi(

  2601.             current_user=admin,

  2602.             session=dbsession,

  2603.             config=self.app_config,

  2604.         )

  2605.         groups = [gapi.get_one_with_name('users')]

  2606.         test_user = uapi.create_user(

  2607.             email='test@test.test',

  2608.             password='pass',

  2609.             name='bob',

  2610.             groups=groups,

  2611.             timezone='Europe/Paris',

  2612.             do_save=True,

  2613.             do_notify=False,

  2614.         )

  2615.         test_user2 = uapi.create_user(

  2616.             email='test2@test2.test2',

  2617.             password='pass',

  2618.             name='bob2',

  2619.             groups=groups,

  2620.             timezone='Europe/Paris',

  2621.             do_save=True,

  2622.             do_notify=False,

  2623.         )

  2624.         uapi.save(test_user2)

  2625.         uapi.save(test_user)

  2626.         transaction.commit()

  2627.         user_id = int(test_user.user_id)

  2628. 

  2629.         self.testapp.authorization = (

  2630.             'Basic',

  2631.             (

  2632.                 'test2@test2.test2',

  2633.                 'pass'

  2634.             )

  2635.         )

  2636.         self.testapp.get(

  2637.             '/api/v2/users/{}'.format(user_id),

  2638.             status=403

  2639.         )

  2640. 

  2641.     def test_api__create_user__ok_200__full_admin(self):

  2642.         self.testapp.authorization = (

  2643.             'Basic',

  2644.             (

  2645.                 'admin@admin.admin',

  2646.                 'admin@admin.admin'

  2647.             )

  2648.         )

  2649.         params = {

  2650.             'email': 'test@test.test',

  2651.             'password': 'mysuperpassword',

  2652.             'profile': 'users',

  2653.             'timezone': 'Europe/Paris',

  2654.             'public_name': 'test user',

  2655.             'email_notification': False,

  2656.         }

  2657.         res = self.testapp.post_json(

  2658.             '/api/v2/users',

  2659.             status=200,

  2660.             params=params,

  2661.         )

  2662.         res = res.json_body

  2663.         assert res['user_id']

  2664.         user_id = res['user_id']

  2665.         assert res['created']

  2666.         assert res['is_active'] is True

  2667.         assert res['profile'] == 'users'

  2668.         assert res['email'] == 'test@test.test'

  2669.         assert res['public_name'] == 'test user'

  2670.         assert res['timezone'] == 'Europe/Paris'

  2671. 

  2672.         dbsession = get_tm_session(self.session_factory, transaction.manager)

  2673.         admin = dbsession.query(models.User) \

  2674.             .filter(models.User.email == 'admin@admin.admin') \

  2675.             .one()

  2676.         uapi = UserApi(

  2677.             current_user=admin,

  2678.             session=dbsession,

  2679.             config=self.app_config,

  2680.         )

  2681.         user = uapi.get_one(user_id)

  2682.         assert user.email == 'test@test.test'

  2683.         assert user.validate_password('mysuperpassword')

  2684. 

  2685.     def test_api__create_user__ok_200__limited_admin(self):

  2686.         self.testapp.authorization = (

  2687.             'Basic',

  2688.             (

  2689.                 'admin@admin.admin',

  2690.                 'admin@admin.admin'

  2691.             )

  2692.         )

  2693.         params = {

  2694.             'email': 'test@test.test',

  2695.             'email_notification': False,

  2696.         }

  2697.         res = self.testapp.post_json(

  2698.             '/api/v2/users',

  2699.             status=200,

  2700.             params=params,

  2701.         )

  2702.         res = res.json_body

  2703.         assert res['user_id']

  2704.         user_id = res['user_id']

  2705.         assert res['created']

  2706.         assert res['is_active'] is True

  2707.         assert res['profile'] == 'users'

  2708.         assert res['email'] == 'test@test.test'

  2709.         assert res['public_name'] == 'test'

  2710.         assert res['timezone'] == ''

  2711. 

  2712.         dbsession = get_tm_session(self.session_factory, transaction.manager)

  2713.         admin = dbsession.query(models.User) \

  2714.             .filter(models.User.email == 'admin@admin.admin') \

  2715.             .one()

  2716.         uapi = UserApi(

  2717.             current_user=admin,

  2718.             session=dbsession,

  2719.             config=self.app_config,

  2720.         )

  2721.         user = uapi.get_one(user_id)

  2722.         assert user.email == 'test@test.test'

  2723.         assert user.password

  2724. 

  2725.     def test_api__create_user__err_400__email_already_in_db(self):

  2726.         dbsession = get_tm_session(self.session_factory, transaction.manager)

  2727.         admin = dbsession.query(models.User) \

  2728.             .filter(models.User.email == 'admin@admin.admin') \

  2729.             .one()

  2730.         uapi = UserApi(

  2731.             current_user=admin,

  2732.             session=dbsession,

  2733.             config=self.app_config,

  2734.         )

  2735.         gapi = GroupApi(

  2736.             current_user=admin,

  2737.             session=dbsession,

  2738.             config=self.app_config,

  2739.         )

  2740.         groups = [gapi.get_one_with_name('users')]

  2741.         test_user = uapi.create_user(

  2742.             email='test@test.test',

  2743.             password='pass',

  2744.             name='bob',

  2745.             groups=groups,

  2746.             timezone='Europe/Paris',

  2747.             do_save=True,

  2748.             do_notify=False,

  2749.         )

  2750.         uapi.save(test_user)

  2751.         transaction.commit()

  2752.         self.testapp.authorization = (

  2753.             'Basic',

  2754.             (

  2755.                 'admin@admin.admin',

  2756.                 'admin@admin.admin'

  2757.             )

  2758.         )

  2759.         params = {

  2760.             'email': 'test@test.test',

  2761.             'password': 'mysuperpassword',

  2762.             'profile': 'users',

  2763.             'timezone': 'Europe/Paris',

  2764.             'public_name': 'test user',

  2765.             'email_notification': False,

  2766.         }

  2767.         res = self.testapp.post_json(

  2768.             '/api/v2/users',

  2769.             status=400,

  2770.             params=params,

  2771.         )

  2772. 

  2773.     def test_api__create_user__err_403__other_user(self):

  2774.         dbsession = get_tm_session(self.session_factory, transaction.manager)

  2775.         admin = dbsession.query(models.User) \

  2776.             .filter(models.User.email == 'admin@admin.admin') \

  2777.             .one()

  2778.         uapi = UserApi(

  2779.             current_user=admin,

  2780.             session=dbsession,

  2781.             config=self.app_config,

  2782.         )

  2783.         gapi = GroupApi(

  2784.             current_user=admin,

  2785.             session=dbsession,

  2786.             config=self.app_config,

  2787.         )

  2788.         groups = [gapi.get_one_with_name('users')]

  2789.         test_user = uapi.create_user(

  2790.             email='test@test.test',

  2791.             password='pass',

  2792.             name='bob',

  2793.             groups=groups,

  2794.             timezone='Europe/Paris',

  2795.             do_save=True,

  2796.             do_notify=False,

  2797.         )

  2798.         uapi.save(test_user)

  2799.         transaction.commit()

  2800.         self.testapp.authorization = (

  2801.             'Basic',

  2802.             (

  2803.                 'test@test.test',

  2804.                 'pass',

  2805.             )

  2806.         )

  2807.         params = {

  2808.             'email': 'test2@test2.test2',

  2809.             'password': 'mysuperpassword',

  2810.             'profile': 'users',

  2811.             'timezone': 'Europe/Paris',

  2812.             'public_name': 'test user',

  2813.             'email_notification': False,

  2814.         }

  2815.         res = self.testapp.post_json(

  2816.             '/api/v2/users',

  2817.             status=403,

  2818.             params=params,

  2819.         )

  2820. 

  2821. 

  2822. class TestUserWithNotificationEndpoint(FunctionalTest):

  2823.     """

  2824.     Tests for POST /api/v2/users/{user_id}

  2825.     """

  2826.     config_section = 'functional_test_with_mail_test_sync'

  2827. 

  2828.     def test_api__create_user__ok_200__full_admin_with_notif(self):

  2829.         requests.delete('http://127.0.0.1:8025/api/v1/messages')

  2830.         self.testapp.authorization = (

  2831.             'Basic',

  2832.             (

  2833.                 'admin@admin.admin',

  2834.                 'admin@admin.admin'

  2835.             )

  2836.         )

  2837.         params = {

  2838.             'email': 'test@test.test',

  2839.             'password': 'mysuperpassword',

  2840.             'profile': 'users',

  2841.             'timezone': 'Europe/Paris',

  2842.             'public_name': 'test user',

  2843.             'email_notification': True,

  2844.         }

  2845.         res = self.testapp.post_json(

  2846.             '/api/v2/users',

  2847.             status=200,

  2848.             params=params,

  2849.         )

  2850.         res = res.json_body

  2851.         assert res['user_id']

  2852.         user_id = res['user_id']

  2853.         assert res['created']

  2854.         assert res['is_active'] is True

  2855.         assert res['profile'] == 'users'

  2856.         assert res['email'] == 'test@test.test'

  2857.         assert res['public_name'] == 'test user'

  2858.         assert res['timezone'] == 'Europe/Paris'

  2859. 

  2860.         dbsession = get_tm_session(self.session_factory, transaction.manager)

  2861.         admin = dbsession.query(models.User) \

  2862.             .filter(models.User.email == 'admin@admin.admin') \

  2863.             .one()

  2864.         uapi = UserApi(

  2865.             current_user=admin,

  2866.             session=dbsession,

  2867.             config=self.app_config,

  2868.         )

  2869.         user = uapi.get_one(user_id)

  2870.         assert user.email == 'test@test.test'

  2871.         assert user.validate_password('mysuperpassword')

  2872. 

  2873.         # check mail received

  2874.         response = requests.get('http://127.0.0.1:8025/api/v1/messages')

  2875.         response = response.json()

  2876.         assert len(response) == 1

  2877.         headers = response[0]['Content']['Headers']

  2878.         assert headers['From'][0] == 'Tracim Notifications <test_user_from+0@localhost>'  # nopep8

  2879.         assert headers['To'][0] == 'test user <test@test.test>'

  2880.         assert headers['Subject'][0] == '[TRACIM] Created account'

  2881. 

  2882.         # TODO - G.M - 2018-08-02 - Place cleanup outside of the test

  2883.         requests.delete('http://127.0.0.1:8025/api/v1/messages')

  2884. 

  2885.     def test_api__create_user__ok_200__limited_admin_with_notif(self):

  2886.         requests.delete('http://127.0.0.1:8025/api/v1/messages')

  2887.         self.testapp.authorization = (

  2888.             'Basic',

  2889.             (

  2890.                 'admin@admin.admin',

  2891.                 'admin@admin.admin'

  2892.             )

  2893.         )

  2894.         params = {

  2895.             'email': 'test@test.test',

  2896.             'email_notification': True,

  2897.         }

  2898.         res = self.testapp.post_json(

  2899.             '/api/v2/users',

  2900.             status=200,

  2901.             params=params,

  2902.         )

  2903.         res = res.json_body

  2904.         assert res['user_id']

  2905.         user_id = res['user_id']

  2906.         assert res['created']

  2907.         assert res['is_active'] is True

  2908.         assert res['profile'] == 'users'

  2909.         assert res['email'] == 'test@test.test'

  2910.         assert res['public_name'] == 'test'

  2911.         assert res['timezone'] == ''

  2912. 

  2913.         dbsession = get_tm_session(self.session_factory, transaction.manager)

  2914.         admin = dbsession.query(models.User) \

  2915.             .filter(models.User.email == 'admin@admin.admin') \

  2916.             .one()

  2917.         uapi = UserApi(

  2918.             current_user=admin,

  2919.             session=dbsession,

  2920.             config=self.app_config,

  2921.         )

  2922.         user = uapi.get_one(user_id)

  2923.         assert user.email == 'test@test.test'

  2924.         assert user.password

  2925. 

  2926.         # check mail received

  2927.         response = requests.get('http://127.0.0.1:8025/api/v1/messages')

  2928.         response = response.json()

  2929.         assert len(response) == 1

  2930.         headers = response[0]['Content']['Headers']

  2931.         assert headers['From'][0] == 'Tracim Notifications <test_user_from+0@localhost>'  # nopep8

  2932.         assert headers['To'][0] == 'test <test@test.test>'

  2933.         assert headers['Subject'][0] == '[TRACIM] Created account'

  2934. 

  2935.         # TODO - G.M - 2018-08-02 - Place cleanup outside of the test

  2936.         requests.delete('http://127.0.0.1:8025/api/v1/messages')

  2937. 

  2938.     def test_api_delete_user__ok_200__admin(self):

  2939.         dbsession = get_tm_session(self.session_factory, transaction.manager)

  2940.         admin = dbsession.query(models.User) \

  2941.             .filter(models.User.email == 'admin@admin.admin') \

  2942.             .one()

  2943.         uapi = UserApi(

  2944.             current_user=admin,

  2945.             session=dbsession,

  2946.             config=self.app_config,

  2947.         )

  2948.         gapi = GroupApi(

  2949.             current_user=admin,

  2950.             session=dbsession,

  2951.             config=self.app_config,

  2952.         )

  2953.         groups = [gapi.get_one_with_name('users')]

  2954.         test_user = uapi.create_user(

  2955.             email='test@test.test',

  2956.             password='pass',

  2957.             name='bob',

  2958.             groups=groups,

  2959.             timezone='Europe/Paris',

  2960.             do_save=True,

  2961.             do_notify=False,

  2962.         )

  2963.         uapi.save(test_user)

  2964.         transaction.commit()

  2965.         user_id = int(test_user.user_id)

  2966. 

  2967.         self.testapp.authorization = (

  2968.             'Basic',

  2969.             (

  2970.                 'admin@admin.admin',

  2971.                 'admin@admin.admin'

  2972.             )

  2973.         )

  2974.         self.testapp.put(

  2975.             '/api/v2/users/{}/delete'.format(user_id),

  2976.             status=204

  2977.         )

  2978.         res = self.testapp.get(

  2979.             '/api/v2/users/{}'.format(user_id),

  2980.             status=200

  2981.         ).json_body

  2982.         assert res['is_deleted'] is True

  2983. 

  2984. 

  2985. class TestUsersEndpoint(FunctionalTest):

  2986.     # -*- coding: utf-8 -*-

  2987.     """

  2988.     Tests for GET /api/v2/users/{user_id}

  2989.     """

  2990.     fixtures = [BaseFixture]

  2991. 

  2992.     def test_api__get_user__ok_200__admin(self):

  2993.         dbsession = get_tm_session(self.session_factory, transaction.manager)

  2994.         admin = dbsession.query(models.User) \

  2995.             .filter(models.User.email == 'admin@admin.admin') \

  2996.             .one()

  2997.         uapi = UserApi(

  2998.             current_user=admin,

  2999.             session=dbsession,

  3000.             config=self.app_config,

  3001.         )

  3002.         gapi = GroupApi(

  3003.             current_user=admin,

  3004.             session=dbsession,

  3005.             config=self.app_config,

  3006.         )

  3007.         groups = [gapi.get_one_with_name('users')]

  3008.         test_user = uapi.create_user(

  3009.             email='test@test.test',

  3010.             password='pass',

  3011.             name='bob',

  3012.             groups=groups,

  3013.             timezone='Europe/Paris',

  3014.             do_save=True,

  3015.             do_notify=False,

  3016.         )

  3017.         uapi.save(test_user)

  3018.         transaction.commit()

  3019.         user_id = int(test_user.user_id)

  3020. 

  3021.         self.testapp.authorization = (

  3022.             'Basic',

  3023.             (

  3024.                 'admin@admin.admin',

  3025.                 'admin@admin.admin'

  3026.             )

  3027.         )

  3028.         res = self.testapp.get(

  3029.             '/api/v2/users',

  3030.             status=200

  3031.         )

  3032.         res = res.json_body

  3033.         assert len(res) == 2

  3034.         assert res[0]['user_id'] == admin.user_id

  3035.         assert res[0]['public_name'] == admin.display_name

  3036.         assert res[0]['avatar_url'] is None

  3037. 

  3038.         assert res[1]['user_id'] == test_user.user_id

  3039.         assert res[1]['public_name'] == test_user.display_name

  3040.         assert res[1]['avatar_url'] is None

  3041. 

  3042.     def test_api__get_user__err_403__normal_user(self):

  3043.         dbsession = get_tm_session(self.session_factory, transaction.manager)

  3044.         admin = dbsession.query(models.User) \

  3045.             .filter(models.User.email == 'admin@admin.admin') \

  3046.             .one()

  3047.         uapi = UserApi(

  3048.             current_user=admin,

  3049.             session=dbsession,

  3050.             config=self.app_config,

  3051.         )

  3052.         gapi = GroupApi(

  3053.             current_user=admin,

  3054.             session=dbsession,

  3055.             config=self.app_config,

  3056.         )

  3057.         groups = [gapi.get_one_with_name('users')]

  3058.         test_user = uapi.create_user(

  3059.             email='test@test.test',

  3060.             password='pass',

  3061.             name='bob',

  3062.             groups=groups,

  3063.             timezone='Europe/Paris',

  3064.             do_save=True,

  3065.             do_notify=False,

  3066.         )

  3067.         uapi.save(test_user)

  3068.         transaction.commit()

  3069.         user_id = int(test_user.user_id)

  3070. 

  3071.         self.testapp.authorization = (

  3072.             'Basic',

  3073.             (

  3074.                 'test@test.test',

  3075.                 'pass'

  3076.             )

  3077.         )

  3078.         self.testapp.get(

  3079.             '/api/v2/users',

  3080.             status=403

  3081.         )

  3082. 

  3083. 

  3084. class TestKnownMembersEndpoint(FunctionalTest):

  3085.     # -*- coding: utf-8 -*-

  3086.     """

  3087.     Tests for GET /api/v2/users/{user_id}

  3088.     """

  3089.     fixtures = [BaseFixture]

  3090. 

  3091.     def test_api__get_user__ok_200__admin__by_name(self):

  3092.         dbsession = get_tm_session(self.session_factory, transaction.manager)

  3093.         admin = dbsession.query(models.User) \

  3094.             .filter(models.User.email == 'admin@admin.admin') \

  3095.             .one()

  3096.         uapi = UserApi(

  3097.             current_user=admin,

  3098.             session=dbsession,

  3099.             config=self.app_config,

  3100.         )

  3101.         gapi = GroupApi(

  3102.             current_user=admin,

  3103.             session=dbsession,

  3104.             config=self.app_config,

  3105.         )

  3106.         groups = [gapi.get_one_with_name('users')]

  3107.         test_user = uapi.create_user(

  3108.             email='test@test.test',

  3109.             password='pass',

  3110.             name='bob',

  3111.             groups=groups,

  3112.             timezone='Europe/Paris',

  3113.             do_save=True,

  3114.             do_notify=False,

  3115.         )

  3116.         test_user2 = uapi.create_user(

  3117.             email='test2@test2.test2',

  3118.             password='pass',

  3119.             name='bob2',

  3120.             groups=groups,

  3121.             timezone='Europe/Paris',

  3122.             do_save=True,

  3123.             do_notify=False,

  3124.         )

  3125.         uapi.save(test_user)

  3126.         uapi.save(test_user2)

  3127.         transaction.commit()

  3128.         user_id = int(admin.user_id)

  3129. 

  3130.         self.testapp.authorization = (

  3131.             'Basic',

  3132.             (

  3133.                 'admin@admin.admin',

  3134.                 'admin@admin.admin'

  3135.             )

  3136.         )

  3137.         params = {

  3138.             'acp': 'bob',

  3139.         }

  3140.         res = self.testapp.get(

  3141.             '/api/v2/users/{user_id}/known_members'.format(user_id=user_id),

  3142.             status=200,

  3143.             params=params,

  3144.         )

  3145.         res = res.json_body

  3146.         assert len(res) == 2

  3147.         assert res[0]['user_id'] == test_user.user_id

  3148.         assert res[0]['public_name'] == test_user.display_name

  3149.         assert res[0]['avatar_url'] is None

  3150. 

  3151.         assert res[1]['user_id'] == test_user2.user_id

  3152.         assert res[1]['public_name'] == test_user2.display_name

  3153.         assert res[1]['avatar_url'] is None

  3154. 

  3155.     def test_api__get_user__ok_200__admin__by_email(self):

  3156.         dbsession = get_tm_session(self.session_factory, transaction.manager)

  3157.         admin = dbsession.query(models.User) \

  3158.             .filter(models.User.email == 'admin@admin.admin') \

  3159.             .one()

  3160.         uapi = UserApi(

  3161.             current_user=admin,

  3162.             session=dbsession,

  3163.             config=self.app_config,

  3164.         )

  3165.         gapi = GroupApi(

  3166.             current_user=admin,

  3167.             session=dbsession,

  3168.             config=self.app_config,

  3169.         )

  3170.         groups = [gapi.get_one_with_name('users')]

  3171.         test_user = uapi.create_user(

  3172.             email='test@test.test',

  3173.             password='pass',

  3174.             name='bob',

  3175.             groups=groups,

  3176.             timezone='Europe/Paris',

  3177.             do_save=True,

  3178.             do_notify=False,

  3179.         )

  3180.         test_user2 = uapi.create_user(

  3181.             email='test2@test2.test2',

  3182.             password='pass',

  3183.             name='bob2',

  3184.             groups=groups,

  3185.             timezone='Europe/Paris',

  3186.             do_save=True,

  3187.             do_notify=False,

  3188.         )

  3189.         uapi.save(test_user)

  3190.         uapi.save(test_user2)

  3191.         transaction.commit()

  3192.         user_id = int(admin.user_id)

  3193. 

  3194.         self.testapp.authorization = (

  3195.             'Basic',

  3196.             (

  3197.                 'admin@admin.admin',

  3198.                 'admin@admin.admin'

  3199.             )

  3200.         )

  3201.         params = {

  3202.             'acp': 'test',

  3203.         }

  3204.         res = self.testapp.get(

  3205.             '/api/v2/users/{user_id}/known_members'.format(user_id=user_id),

  3206.             status=200,

  3207.             params=params,

  3208.         )

  3209.         res = res.json_body

  3210.         assert len(res) == 2

  3211.         assert res[0]['user_id'] == test_user.user_id

  3212.         assert res[0]['public_name'] == test_user.display_name

  3213.         assert res[0]['avatar_url'] is None

  3214. 

  3215.         assert res[1]['user_id'] == test_user2.user_id

  3216.         assert res[1]['public_name'] == test_user2.display_name

  3217.         assert res[1]['avatar_url'] is None

  3218. 

  3219.     def test_api__get_user__err_403__admin__too_small_acp(self):

  3220.         dbsession = get_tm_session(self.session_factory, transaction.manager)

  3221.         admin = dbsession.query(models.User) \

  3222.             .filter(models.User.email == 'admin@admin.admin') \

  3223.             .one()

  3224.         uapi = UserApi(

  3225.             current_user=admin,

  3226.             session=dbsession,

  3227.             config=self.app_config,

  3228.         )

  3229.         gapi = GroupApi(

  3230.             current_user=admin,

  3231.             session=dbsession,

  3232.             config=self.app_config,

  3233.         )

  3234.         groups = [gapi.get_one_with_name('users')]

  3235.         test_user = uapi.create_user(

  3236.             email='test@test.test',

  3237.             password='pass',

  3238.             name='bob',

  3239.             groups=groups,

  3240.             timezone='Europe/Paris',

  3241.             do_save=True,

  3242.             do_notify=False,

  3243.         )

  3244.         test_user2 = uapi.create_user(

  3245.             email='test2@test2.test2',

  3246.             password='pass',

  3247.             name='bob2',

  3248.             groups=groups,

  3249.             timezone='Europe/Paris',

  3250.             do_save=True,

  3251.             do_notify=False,

  3252.         )

  3253.         uapi.save(test_user)

  3254.         transaction.commit()

  3255.         user_id = int(admin.user_id)

  3256. 

  3257.         self.testapp.authorization = (

  3258.             'Basic',

  3259.             (

  3260.                 'admin@admin.admin',

  3261.                 'admin@admin.admin'

  3262.             )

  3263.         )

  3264.         params = {

  3265.             'acp': 't',

  3266.         }

  3267.         res = self.testapp.get(

  3268.             '/api/v2/users/{user_id}/known_members'.format(user_id=user_id),

  3269.             status=400,

  3270.             params=params

  3271.         )

  3272. 

  3273.     def test_api__get_user__ok_200__normal_user_by_email(self):

  3274.         dbsession = get_tm_session(self.session_factory, transaction.manager)

  3275.         admin = dbsession.query(models.User) \

  3276.             .filter(models.User.email == 'admin@admin.admin') \

  3277.             .one()

  3278.         uapi = UserApi(

  3279.             current_user=admin,

  3280.             session=dbsession,

  3281.             config=self.app_config,

  3282.         )

  3283.         gapi = GroupApi(

  3284.             current_user=admin,

  3285.             session=dbsession,

  3286.             config=self.app_config,

  3287.         )

  3288.         groups = [gapi.get_one_with_name('users')]

  3289.         test_user = uapi.create_user(

  3290.             email='test@test.test',

  3291.             password='pass',

  3292.             name='bob',

  3293.             groups=groups,

  3294.             timezone='Europe/Paris',

  3295.             do_save=True,

  3296.             do_notify=False,

  3297.         )

  3298.         test_user2 = uapi.create_user(

  3299.             email='test2@test2.test2',

  3300.             password='pass',

  3301.             name='bob2',

  3302.             groups=groups,

  3303.             timezone='Europe/Paris',

  3304.             do_save=True,

  3305.             do_notify=False,

  3306.         )

  3307.         test_user3 = uapi.create_user(

  3308.             email='test3@test3.test3',

  3309.             password='pass',

  3310.             name='bob3',

  3311.             groups=groups,

  3312.             timezone='Europe/Paris',

  3313.             do_save=True,

  3314.             do_notify=False,

  3315.         )

  3316.         uapi.save(test_user)

  3317.         uapi.save(test_user2)

  3318.         uapi.save(test_user3)

  3319.         workspace_api = WorkspaceApi(

  3320.             current_user=admin,

  3321.             session=dbsession,

  3322.             config=self.app_config

  3323. 

  3324.         )

  3325.         workspace = WorkspaceApi(

  3326.             current_user=admin,

  3327.             session=dbsession,

  3328.             config=self.app_config,

  3329.         ).create_workspace(

  3330.             'test workspace',

  3331.             save_now=True

  3332.         )

  3333.         role_api = RoleApi(

  3334.             current_user=admin,

  3335.             session=dbsession,

  3336.             config=self.app_config,

  3337.         )

  3338.         role_api.create_one(test_user, workspace, UserRoleInWorkspace.READER, False)

  3339.         role_api.create_one(test_user2, workspace, UserRoleInWorkspace.READER, False)

  3340.         transaction.commit()

  3341.         user_id = int(test_user.user_id)

  3342. 

  3343.         self.testapp.authorization = (

  3344.             'Basic',

  3345.             (

  3346.                 'test@test.test',

  3347.                 'pass'

  3348.             )

  3349.         )

  3350.         params = {

  3351.             'acp': 'test',

  3352.         }

  3353.         res = self.testapp.get(

  3354.             '/api/v2/users/{user_id}/known_members'.format(user_id=user_id),

  3355.             status=200,

  3356.             params=params

  3357.         )

  3358.         res = res.json_body

  3359.         assert len(res) == 2

  3360.         assert res[0]['user_id'] == test_user.user_id

  3361.         assert res[0]['public_name'] == test_user.display_name

  3362.         assert res[0]['avatar_url'] is None

  3363. 

  3364.         assert res[1]['user_id'] == test_user2.user_id

  3365.         assert res[1]['public_name'] == test_user2.display_name

  3366.         assert res[1]['avatar_url'] is None

  3367. 

  3368. 

  3369. class TestSetEmailEndpoint(FunctionalTest):

  3370.     # -*- coding: utf-8 -*-

  3371.     """

  3372.     Tests for PUT /api/v2/users/{user_id}/email

  3373.     """

  3374.     fixtures = [BaseFixture]

  3375. 

  3376.     def test_api__set_user_email__ok_200__admin(self):

  3377.         dbsession = get_tm_session(self.session_factory, transaction.manager)

  3378.         admin = dbsession.query(models.User) \

  3379.             .filter(models.User.email == 'admin@admin.admin') \

  3380.             .one()

  3381.         uapi = UserApi(

  3382.             current_user=admin,

  3383.             session=dbsession,

  3384.             config=self.app_config,

  3385.         )

  3386.         gapi = GroupApi(

  3387.             current_user=admin,

  3388.             session=dbsession,

  3389.             config=self.app_config,

  3390.         )

  3391.         groups = [gapi.get_one_with_name('users')]

  3392.         test_user = uapi.create_user(

  3393.             email='test@test.test',

  3394.             password='pass',

  3395.             name='bob',

  3396.             groups=groups,

  3397.             timezone='Europe/Paris',

  3398.             do_save=True,

  3399.             do_notify=False,

  3400.         )

  3401.         uapi.save(test_user)

  3402.         transaction.commit()

  3403.         user_id = int(test_user.user_id)

  3404. 

  3405.         self.testapp.authorization = (

  3406.             'Basic',

  3407.             (

  3408.                 'admin@admin.admin',

  3409.                 'admin@admin.admin'

  3410.             )

  3411.         )

  3412.         # check before

  3413.         res = self.testapp.get(

  3414.             '/api/v2/users/{}'.format(user_id),

  3415.             status=200

  3416.         )

  3417.         res = res.json_body

  3418.         assert res['email'] == 'test@test.test'

  3419. 

  3420.         # Set password

  3421.         params = {

  3422.             'email': 'mysuperemail@email.fr',

  3423.             'loggedin_user_password': 'admin@admin.admin',

  3424.         }

  3425.         self.testapp.put_json(

  3426.             '/api/v2/users/{}/email'.format(user_id),

  3427.             params=params,

  3428.             status=200,

  3429.         )

  3430.         # Check After

  3431.         res = self.testapp.get(

  3432.             '/api/v2/users/{}'.format(user_id),

  3433.             status=200

  3434.         )

  3435.         res = res.json_body

  3436.         assert res['email'] == 'mysuperemail@email.fr'

  3437. 

  3438.     def test_api__set_user_email__err_400__admin_same_email(self):

  3439.         dbsession = get_tm_session(self.session_factory, transaction.manager)

  3440.         admin = dbsession.query(models.User) \

  3441.             .filter(models.User.email == 'admin@admin.admin') \

  3442.             .one()

  3443.         uapi = UserApi(

  3444.             current_user=admin,

  3445.             session=dbsession,

  3446.             config=self.app_config,

  3447.         )

  3448.         gapi = GroupApi(

  3449.             current_user=admin,

  3450.             session=dbsession,

  3451.             config=self.app_config,

  3452.         )

  3453.         groups = [gapi.get_one_with_name('users')]

  3454.         test_user = uapi.create_user(

  3455.             email='test@test.test',

  3456.             password='pass',

  3457.             name='bob',

  3458.             groups=groups,

  3459.             timezone='Europe/Paris',

  3460.             do_save=True,

  3461.             do_notify=False,

  3462.         )

  3463.         uapi.save(test_user)

  3464.         transaction.commit()

  3465.         user_id = int(test_user.user_id)

  3466. 

  3467.         self.testapp.authorization = (

  3468.             'Basic',

  3469.             (

  3470.                 'admin@admin.admin',

  3471.                 'admin@admin.admin'

  3472.             )

  3473.         )

  3474.         # check before

  3475.         res = self.testapp.get(

  3476.             '/api/v2/users/{}'.format(user_id),

  3477.             status=200

  3478.         )

  3479.         res = res.json_body

  3480.         assert res['email'] == 'test@test.test'

  3481. 

  3482.         # Set password

  3483.         params = {

  3484.             'email': 'admin@admin.admin',

  3485.             'loggedin_user_password': 'admin@admin.admin',

  3486.         }

  3487.         self.testapp.put_json(

  3488.             '/api/v2/users/{}/email'.format(user_id),

  3489.             params=params,

  3490.             status=400,

  3491.         )

  3492.         # Check After

  3493.         res = self.testapp.get(

  3494.             '/api/v2/users/{}'.format(user_id),

  3495.             status=200

  3496.         )

  3497.         res = res.json_body

  3498.         assert res['email'] == 'test@test.test'

  3499. 

  3500.     def test_api__set_user_email__err_403__admin_wrong_password(self):

  3501.         dbsession = get_tm_session(self.session_factory, transaction.manager)

  3502.         admin = dbsession.query(models.User) \

  3503.             .filter(models.User.email == 'admin@admin.admin') \

  3504.             .one()

  3505.         uapi = UserApi(

  3506.             current_user=admin,

  3507.             session=dbsession,

  3508.             config=self.app_config,

  3509.         )

  3510.         gapi = GroupApi(

  3511.             current_user=admin,

  3512.             session=dbsession,

  3513.             config=self.app_config,

  3514.         )

  3515.         groups = [gapi.get_one_with_name('users')]

  3516.         test_user = uapi.create_user(

  3517.             email='test@test.test',

  3518.             password='pass',

  3519.             name='bob',

  3520.             groups=groups,

  3521.             timezone='Europe/Paris',

  3522.             do_save=True,

  3523.             do_notify=False,

  3524.         )

  3525.         uapi.save(test_user)

  3526.         transaction.commit()

  3527.         user_id = int(test_user.user_id)

  3528. 

  3529.         self.testapp.authorization = (

  3530.             'Basic',

  3531.             (

  3532.                 'admin@admin.admin',

  3533.                 'admin@admin.admin'

  3534.             )

  3535.         )

  3536.         # check before

  3537.         res = self.testapp.get(

  3538.             '/api/v2/users/{}'.format(user_id),

  3539.             status=200

  3540.         )

  3541.         res = res.json_body

  3542.         assert res['email'] == 'test@test.test'

  3543. 

  3544.         # Set password

  3545.         params = {

  3546.             'email': 'mysuperemail@email.fr',

  3547.             'loggedin_user_password': 'badpassword',

  3548.         }

  3549.         self.testapp.put_json(

  3550.             '/api/v2/users/{}/email'.format(user_id),

  3551.             params=params,

  3552.             status=403,

  3553.         )

  3554.         # Check After

  3555.         res = self.testapp.get(

  3556.             '/api/v2/users/{}'.format(user_id),

  3557.             status=200

  3558.         )

  3559.         res = res.json_body

  3560.         assert res['email'] == 'test@test.test'

  3561. 

  3562.     def test_api__set_user_email__err_400__admin_string_is_not_email(self):

  3563.         dbsession = get_tm_session(self.session_factory, transaction.manager)

  3564.         admin = dbsession.query(models.User) \

  3565.             .filter(models.User.email == 'admin@admin.admin') \

  3566.             .one()

  3567.         uapi = UserApi(

  3568.             current_user=admin,

  3569.             session=dbsession,

  3570.             config=self.app_config,

  3571.         )

  3572.         gapi = GroupApi(

  3573.             current_user=admin,

  3574.             session=dbsession,

  3575.             config=self.app_config,

  3576.         )

  3577.         groups = [gapi.get_one_with_name('users')]

  3578.         test_user = uapi.create_user(

  3579.             email='test@test.test',

  3580.             password='pass',

  3581.             name='bob',

  3582.             groups=groups,

  3583.             timezone='Europe/Paris',

  3584.             do_save=True,

  3585.             do_notify=False,

  3586.         )

  3587.         uapi.save(test_user)

  3588.         transaction.commit()

  3589.         user_id = int(test_user.user_id)

  3590. 

  3591.         self.testapp.authorization = (

  3592.             'Basic',

  3593.             (

  3594.                 'admin@admin.admin',

  3595.                 'admin@admin.admin'

  3596.             )

  3597.         )

  3598.         # check before

  3599.         res = self.testapp.get(

  3600.             '/api/v2/users/{}'.format(user_id),

  3601.             status=200

  3602.         )

  3603.         res = res.json_body

  3604.         assert res['email'] == 'test@test.test'

  3605. 

  3606.         # Set password

  3607.         params = {

  3608.             'email': 'thatisnotandemail',

  3609.             'loggedin_user_password': 'admin@admin.admin',

  3610.         }

  3611.         self.testapp.put_json(

  3612.             '/api/v2/users/{}/email'.format(user_id),

  3613.             params=params,

  3614.             status=400,

  3615.         )

  3616.         # Check After

  3617.         res = self.testapp.get(

  3618.             '/api/v2/users/{}'.format(user_id),

  3619.             status=200

  3620.         )

  3621.         res = res.json_body

  3622.         assert res['email'] == 'test@test.test'

  3623. 

  3624.     def test_api__set_user_email__ok_200__user_itself(self):

  3625.         dbsession = get_tm_session(self.session_factory, transaction.manager)

  3626.         admin = dbsession.query(models.User) \

  3627.             .filter(models.User.email == 'admin@admin.admin') \

  3628.             .one()

  3629.         uapi = UserApi(

  3630.             current_user=admin,

  3631.             session=dbsession,

  3632.             config=self.app_config,

  3633.         )

  3634.         gapi = GroupApi(

  3635.             current_user=admin,

  3636.             session=dbsession,

  3637.             config=self.app_config,

  3638.         )

  3639.         groups = [gapi.get_one_with_name('users')]

  3640.         test_user = uapi.create_user(

  3641.             email='test@test.test',

  3642.             password='pass',

  3643.             name='bob',

  3644.             groups=groups,

  3645.             timezone='Europe/Paris',

  3646.             do_save=True,

  3647.             do_notify=False,

  3648.         )

  3649.         uapi.save(test_user)

  3650.         transaction.commit()

  3651.         user_id = int(test_user.user_id)

  3652. 

  3653.         self.testapp.authorization = (

  3654.             'Basic',

  3655.             (

  3656.                 'test@test.test',

  3657.                 'pass'

  3658.             )

  3659.         )

  3660.         # check before

  3661.         res = self.testapp.get(

  3662.             '/api/v2/users/{}'.format(user_id),

  3663.             status=200

  3664.         )

  3665.         res = res.json_body

  3666.         assert res['email'] == 'test@test.test'

  3667. 

  3668.         # Set password

  3669.         params = {

  3670.             'email': 'mysuperemail@email.fr',

  3671.             'loggedin_user_password': 'pass',

  3672.         }

  3673.         self.testapp.put_json(

  3674.             '/api/v2/users/{}/email'.format(user_id),

  3675.             params=params,

  3676.             status=200,

  3677.         )

  3678.         self.testapp.authorization = (

  3679.             'Basic',

  3680.             (

  3681.                 'mysuperemail@email.fr',

  3682.                 'pass'

  3683.             )

  3684.         )

  3685.         # Check After

  3686.         res = self.testapp.get(

  3687.             '/api/v2/users/{}'.format(user_id),

  3688.             status=200

  3689.         )

  3690.         res = res.json_body

  3691.         assert res['email'] == 'mysuperemail@email.fr'

  3692. 

  3693.     def test_api__set_user_email__err_403__other_normal_user(self):

  3694.         dbsession = get_tm_session(self.session_factory, transaction.manager)

  3695.         admin = dbsession.query(models.User) \

  3696.             .filter(models.User.email == 'admin@admin.admin') \

  3697.             .one()

  3698.         uapi = UserApi(

  3699.             current_user=admin,

  3700.             session=dbsession,

  3701.             config=self.app_config,

  3702.         )

  3703.         gapi = GroupApi(

  3704.             current_user=admin,

  3705.             session=dbsession,

  3706.             config=self.app_config,

  3707.         )

  3708.         groups = [gapi.get_one_with_name('users')]

  3709.         test_user = uapi.create_user(

  3710.             email='test@test.test',

  3711.             password='pass',

  3712.             name='bob',

  3713.             groups=groups,

  3714.             timezone='Europe/Paris',

  3715.             do_save=True,

  3716.             do_notify=False,

  3717.         )

  3718.         test_user2 = uapi.create_user(

  3719.             email='test2@test2.test2',

  3720.             password='pass',

  3721.             name='bob2',

  3722.             groups=groups,

  3723.             timezone='Europe/Paris',

  3724.             do_save=True,

  3725.             do_notify=False,

  3726.         )

  3727.         uapi.save(test_user2)

  3728.         uapi.save(test_user)

  3729.         transaction.commit()

  3730.         user_id = int(test_user.user_id)

  3731. 

  3732.         self.testapp.authorization = (

  3733.             'Basic',

  3734.             (

  3735.                 'test@test.test',

  3736.                 'pass'

  3737.             )

  3738.         )

  3739.         # Set password

  3740.         params = {

  3741.             'email': 'mysuperemail@email.fr',

  3742.             'loggedin_user_password': 'test2@test2.test2',

  3743.         }

  3744.         self.testapp.put_json(

  3745.             '/api/v2/users/{}/email'.format(user_id),

  3746.             params=params,

  3747.             status=403,

  3748.         )

  3749. 

  3750. 

  3751. class TestSetPasswordEndpoint(FunctionalTest):

  3752.     # -*- coding: utf-8 -*-

  3753.     """

  3754.     Tests for PUT /api/v2/users/{user_id}/password

  3755.     """

  3756.     fixtures = [BaseFixture]

  3757. 

  3758.     def test_api__set_user_password__ok_200__admin(self):

  3759.         dbsession = get_tm_session(self.session_factory, transaction.manager)

  3760.         admin = dbsession.query(models.User) \

  3761.             .filter(models.User.email == 'admin@admin.admin') \

  3762.             .one()

  3763.         uapi = UserApi(

  3764.             current_user=admin,

  3765.             session=dbsession,

  3766.             config=self.app_config,

  3767.         )

  3768.         gapi = GroupApi(

  3769.             current_user=admin,

  3770.             session=dbsession,

  3771.             config=self.app_config,

  3772.         )

  3773.         groups = [gapi.get_one_with_name('users')]

  3774.         test_user = uapi.create_user(

  3775.             email='test@test.test',

  3776.             password='pass',

  3777.             name='bob',

  3778.             groups=groups,

  3779.             timezone='Europe/Paris',

  3780.             do_save=True,

  3781.             do_notify=False,

  3782.         )

  3783.         uapi.save(test_user)

  3784.         transaction.commit()

  3785.         user_id = int(test_user.user_id)

  3786. 

  3787.         self.testapp.authorization = (

  3788.             'Basic',

  3789.             (

  3790.                 'admin@admin.admin',

  3791.                 'admin@admin.admin'

  3792.             )

  3793.         )

  3794.         # check before

  3795.         user = uapi.get_one(user_id)

  3796.         assert user.validate_password('pass')

  3797.         assert not user.validate_password('mynewpassword')

  3798.         # Set password

  3799.         params = {

  3800.             'new_password': 'mynewpassword',

  3801.             'new_password2': 'mynewpassword',

  3802.             'loggedin_user_password': 'admin@admin.admin',

  3803.         }

  3804.         self.testapp.put_json(

  3805.             '/api/v2/users/{}/password'.format(user_id),

  3806.             params=params,

  3807.             status=204,

  3808.         )

  3809.         # Check After

  3810.         dbsession = get_tm_session(self.session_factory, transaction.manager)

  3811.         uapi = UserApi(

  3812.             current_user=admin,

  3813.             session=dbsession,

  3814.             config=self.app_config,

  3815.         )

  3816.         user = uapi.get_one(user_id)

  3817.         assert not user.validate_password('pass')

  3818.         assert user.validate_password('mynewpassword')

  3819. 

  3820.     def test_api__set_user_password__err_403__admin_wrong_password(self):

  3821.         dbsession = get_tm_session(self.session_factory, transaction.manager)

  3822.         admin = dbsession.query(models.User) \

  3823.             .filter(models.User.email == 'admin@admin.admin') \

  3824.             .one()

  3825.         uapi = UserApi(

  3826.             current_user=admin,

  3827.             session=dbsession,

  3828.             config=self.app_config,

  3829.         )

  3830.         gapi = GroupApi(

  3831.             current_user=admin,

  3832.             session=dbsession,

  3833.             config=self.app_config,

  3834.         )

  3835.         groups = [gapi.get_one_with_name('users')]

  3836.         test_user = uapi.create_user(

  3837.             email='test@test.test',

  3838.             password='pass',

  3839.             name='bob',

  3840.             groups=groups,

  3841.             timezone='Europe/Paris',

  3842.             do_save=True,

  3843.             do_notify=False,

  3844.         )

  3845.         uapi.save(test_user)

  3846.         transaction.commit()

  3847.         user_id = int(test_user.user_id)

  3848. 

  3849.         self.testapp.authorization = (

  3850.             'Basic',

  3851.             (

  3852.                 'admin@admin.admin',

  3853.                 'admin@admin.admin'

  3854.             )

  3855.         )

  3856.         # check before

  3857.         user = uapi.get_one(user_id)

  3858.         assert user.validate_password('pass')

  3859.         assert not user.validate_password('mynewpassword')

  3860.         # Set password

  3861.         params = {

  3862.             'new_password': 'mynewpassword',

  3863.             'new_password2': 'mynewpassword',

  3864.             'loggedin_user_password': 'wrongpassword',

  3865.         }

  3866.         self.testapp.put_json(

  3867.             '/api/v2/users/{}/password'.format(user_id),

  3868.             params=params,

  3869.             status=403,

  3870.         )

  3871.         dbsession = get_tm_session(self.session_factory, transaction.manager)

  3872.         uapi = UserApi(

  3873.             current_user=admin,

  3874.             session=dbsession,

  3875.             config=self.app_config,

  3876.         )

  3877.         # Check After

  3878.         user = uapi.get_one(user_id)

  3879.         assert user.validate_password('pass')

  3880.         assert not user.validate_password('mynewpassword')

  3881. 

  3882.     def test_api__set_user_password__err_400__admin_passwords_do_not_match(self):  # nopep8

  3883.         dbsession = get_tm_session(self.session_factory, transaction.manager)

  3884.         admin = dbsession.query(models.User) \

  3885.             .filter(models.User.email == 'admin@admin.admin') \

  3886.             .one()

  3887.         uapi = UserApi(

  3888.             current_user=admin,

  3889.             session=dbsession,

  3890.             config=self.app_config,

  3891.         )

  3892.         gapi = GroupApi(

  3893.             current_user=admin,

  3894.             session=dbsession,

  3895.             config=self.app_config,

  3896.         )

  3897.         groups = [gapi.get_one_with_name('users')]

  3898.         test_user = uapi.create_user(

  3899.             email='test@test.test',

  3900.             password='pass',

  3901.             name='bob',

  3902.             groups=groups,

  3903.             timezone='Europe/Paris',

  3904.             do_save=True,

  3905.             do_notify=False,

  3906.         )

  3907.         uapi.save(test_user)

  3908.         transaction.commit()

  3909.         user_id = int(test_user.user_id)

  3910. 

  3911.         self.testapp.authorization = (

  3912.             'Basic',

  3913.             (

  3914.                 'admin@admin.admin',

  3915.                 'admin@admin.admin'

  3916.             )

  3917.         )

  3918.         # check before

  3919.         user = uapi.get_one(user_id)

  3920.         assert user.validate_password('pass')

  3921.         assert not user.validate_password('mynewpassword')

  3922.         assert not user.validate_password('mynewpassword2')

  3923.         # Set password

  3924.         params = {

  3925.             'new_password': 'mynewpassword',

  3926.             'new_password2': 'mynewpassword2',

  3927.             'loggedin_user_password': 'admin@admin.admin',

  3928.         }

  3929.         self.testapp.put_json(

  3930.             '/api/v2/users/{}/password'.format(user_id),

  3931.             params=params,

  3932.             status=400,

  3933.         )

  3934.         # Check After

  3935.         dbsession = get_tm_session(self.session_factory, transaction.manager)

  3936.         uapi = UserApi(

  3937.             current_user=admin,

  3938.             session=dbsession,

  3939.             config=self.app_config,

  3940.         )

  3941.         user = uapi.get_one(user_id)

  3942.         assert user.validate_password('pass')

  3943.         assert not user.validate_password('mynewpassword')

  3944.         assert not user.validate_password('mynewpassword2')

  3945. 

  3946.     def test_api__set_user_password__ok_200__user_itself(self):

  3947.         dbsession = get_tm_session(self.session_factory, transaction.manager)

  3948.         admin = dbsession.query(models.User) \

  3949.             .filter(models.User.email == 'admin@admin.admin') \

  3950.             .one()

  3951.         uapi = UserApi(

  3952.             current_user=admin,

  3953.             session=dbsession,

  3954.             config=self.app_config,

  3955.         )

  3956.         gapi = GroupApi(

  3957.             current_user=admin,

  3958.             session=dbsession,

  3959.             config=self.app_config,

  3960.         )

  3961.         groups = [gapi.get_one_with_name('users')]

  3962.         test_user = uapi.create_user(

  3963.             email='test@test.test',

  3964.             password='pass',

  3965.             name='bob',

  3966.             groups=groups,

  3967.             timezone='Europe/Paris',

  3968.             do_save=True,

  3969.             do_notify=False,

  3970.         )

  3971.         uapi.save(test_user)

  3972.         transaction.commit()

  3973.         user_id = int(test_user.user_id)

  3974. 

  3975.         self.testapp.authorization = (

  3976.             'Basic',

  3977.             (

  3978.                 'test@test.test',

  3979.                 'pass'

  3980.             )

  3981.         )

  3982.         # check before

  3983.         user = uapi.get_one(user_id)

  3984.         assert user.validate_password('pass')

  3985.         assert not user.validate_password('mynewpassword')

  3986.         # Set password

  3987.         params = {

  3988.             'new_password': 'mynewpassword',

  3989.             'new_password2': 'mynewpassword',

  3990.             'loggedin_user_password': 'pass',

  3991.         }

  3992.         self.testapp.put_json(

  3993.             '/api/v2/users/{}/password'.format(user_id),

  3994.             params=params,

  3995.             status=204,

  3996.         )

  3997.         # Check After

  3998.         dbsession = get_tm_session(self.session_factory, transaction.manager)

  3999.         uapi = UserApi(

  4000.             current_user=admin,

  4001.             session=dbsession,

  4002.             config=self.app_config,

  4003.         )

  4004.         user = uapi.get_one(user_id)

  4005.         assert not user.validate_password('pass')

  4006.         assert user.validate_password('mynewpassword')

  4007. 

  4008.     def test_api__set_user_email__err_403__other_normal_user(self):

  4009.         dbsession = get_tm_session(self.session_factory, transaction.manager)

  4010.         admin = dbsession.query(models.User) \

  4011.             .filter(models.User.email == 'admin@admin.admin') \

  4012.             .one()

  4013.         uapi = UserApi(

  4014.             current_user=admin,

  4015.             session=dbsession,

  4016.             config=self.app_config,

  4017.         )

  4018.         gapi = GroupApi(

  4019.             current_user=admin,

  4020.             session=dbsession,

  4021.             config=self.app_config,

  4022.         )

  4023.         groups = [gapi.get_one_with_name('users')]

  4024.         test_user = uapi.create_user(

  4025.             email='test@test.test',

  4026.             password='pass',

  4027.             name='bob',

  4028.             groups=groups,

  4029.             timezone='Europe/Paris',

  4030.             do_save=True,

  4031.             do_notify=False,

  4032.         )

  4033.         test_user2 = uapi.create_user(

  4034.             email='test2@test2.test2',

  4035.             password='pass',

  4036.             name='bob2',

  4037.             groups=groups,

  4038.             timezone='Europe/Paris',

  4039.             do_save=True,

  4040.             do_notify=False,

  4041.         )

  4042.         uapi.save(test_user2)

  4043.         uapi.save(test_user)

  4044.         transaction.commit()

  4045.         user_id = int(test_user.user_id)

  4046. 

  4047.         self.testapp.authorization = (

  4048.             'Basic',

  4049.             (

  4050.                 'test@test.test',

  4051.                 'pass'

  4052.             )

  4053.         )

  4054.         # Set password

  4055.         params = {

  4056.             'email': 'mysuperemail@email.fr',

  4057.             'loggedin_user_password': 'test2@test2.test2',

  4058.         }

  4059.         self.testapp.put_json(

  4060.             '/api/v2/users/{}/email'.format(user_id),

  4061.             params=params,

  4062.             status=403,

  4063.         )

  4064. 

  4065. 

  4066. class TestSetUserInfoEndpoint(FunctionalTest):

  4067.     # -*- coding: utf-8 -*-

  4068.     """

  4069.     Tests for PUT /api/v2/users/{user_id}

  4070.     """

  4071.     fixtures = [BaseFixture]

  4072. 

  4073.     def test_api__set_user_info__ok_200__admin(self):

  4074.         dbsession = get_tm_session(self.session_factory, transaction.manager)

  4075.         admin = dbsession.query(models.User) \

  4076.             .filter(models.User.email == 'admin@admin.admin') \

  4077.             .one()

  4078.         uapi = UserApi(

  4079.             current_user=admin,

  4080.             session=dbsession,

  4081.             config=self.app_config,

  4082.         )

  4083.         gapi = GroupApi(

  4084.             current_user=admin,

  4085.             session=dbsession,

  4086.             config=self.app_config,

  4087.         )

  4088.         groups = [gapi.get_one_with_name('users')]

  4089.         test_user = uapi.create_user(

  4090.             email='test@test.test',

  4091.             password='pass',

  4092.             name='bob',

  4093.             groups=groups,

  4094.             timezone='Europe/Paris',

  4095.             do_save=True,

  4096.             do_notify=False,

  4097.         )

  4098.         uapi.save(test_user)

  4099.         transaction.commit()

  4100.         user_id = int(test_user.user_id)

  4101. 

  4102.         self.testapp.authorization = (

  4103.             'Basic',

  4104.             (

  4105.                 'admin@admin.admin',

  4106.                 'admin@admin.admin'

  4107.             )

  4108.         )

  4109.         # check before

  4110.         res = self.testapp.get(

  4111.             '/api/v2/users/{}'.format(user_id),

  4112.             status=200

  4113.         )

  4114.         res = res.json_body

  4115.         assert res['user_id'] == user_id

  4116.         assert res['public_name'] == 'bob'

  4117.         assert res['timezone'] == 'Europe/Paris'

  4118.         # Set params

  4119.         params = {

  4120.             'public_name': 'updated',

  4121.             'timezone': 'Europe/London',

  4122.         }

  4123.         self.testapp.put_json(

  4124.             '/api/v2/users/{}'.format(user_id),

  4125.             params=params,

  4126.             status=200,

  4127.         )

  4128.         # Check After

  4129.         res = self.testapp.get(

  4130.             '/api/v2/users/{}'.format(user_id),

  4131.             status=200

  4132.         )

  4133.         res = res.json_body

  4134.         assert res['user_id'] == user_id

  4135.         assert res['public_name'] == 'updated'

  4136.         assert res['timezone'] == 'Europe/London'

  4137. 

  4138.     def test_api__set_user_info__ok_200__user_itself(self):

  4139.         dbsession = get_tm_session(self.session_factory, transaction.manager)

  4140.         admin = dbsession.query(models.User) \

  4141.             .filter(models.User.email == 'admin@admin.admin') \

  4142.             .one()

  4143.         uapi = UserApi(

  4144.             current_user=admin,

  4145.             session=dbsession,

  4146.             config=self.app_config,

  4147.         )

  4148.         gapi = GroupApi(

  4149.             current_user=admin,

  4150.             session=dbsession,

  4151.             config=self.app_config,

  4152.         )

  4153.         groups = [gapi.get_one_with_name('users')]

  4154.         test_user = uapi.create_user(

  4155.             email='test@test.test',

  4156.             password='pass',

  4157.             name='bob',

  4158.             groups=groups,

  4159.             timezone='Europe/Paris',

  4160.             do_save=True,

  4161.             do_notify=False,

  4162.         )

  4163.         uapi.save(test_user)

  4164.         transaction.commit()

  4165.         user_id = int(test_user.user_id)

  4166. 

  4167.         self.testapp.authorization = (

  4168.             'Basic',

  4169.             (

  4170.                 'test@test.test',

  4171.                 'pass',

  4172.             )

  4173.         )

  4174.         # check before

  4175.         res = self.testapp.get(

  4176.             '/api/v2/users/{}'.format(user_id),

  4177.             status=200

  4178.         )

  4179.         res = res.json_body

  4180.         assert res['user_id'] == user_id

  4181.         assert res['public_name'] == 'bob'

  4182.         assert res['timezone'] == 'Europe/Paris'

  4183.         # Set params

  4184.         params = {

  4185.             'public_name': 'updated',

  4186.             'timezone': 'Europe/London',

  4187.         }

  4188.         self.testapp.put_json(

  4189.             '/api/v2/users/{}'.format(user_id),

  4190.             params=params,

  4191.             status=200,

  4192.         )

  4193.         # Check After

  4194.         res = self.testapp.get(

  4195.             '/api/v2/users/{}'.format(user_id),

  4196.             status=200

  4197.         )

  4198.         res = res.json_body

  4199.         assert res['user_id'] == user_id

  4200.         assert res['public_name'] == 'updated'

  4201.         assert res['timezone'] == 'Europe/London'

  4202. 

  4203.     def test_api__set_user_email__err_403__other_normal_user(self):

  4204.         dbsession = get_tm_session(self.session_factory, transaction.manager)

  4205.         admin = dbsession.query(models.User) \

  4206.             .filter(models.User.email == 'admin@admin.admin') \

  4207.             .one()

  4208.         uapi = UserApi(

  4209.             current_user=admin,

  4210.             session=dbsession,

  4211.             config=self.app_config,

  4212.         )

  4213.         gapi = GroupApi(

  4214.             current_user=admin,

  4215.             session=dbsession,

  4216.             config=self.app_config,

  4217.         )

  4218.         groups = [gapi.get_one_with_name('users')]

  4219.         test_user = uapi.create_user(

  4220.             email='test@test.test',

  4221.             password='pass',

  4222.             name='bob',

  4223.             groups=groups,

  4224.             timezone='Europe/Paris',

  4225.             do_save=True,

  4226.             do_notify=False,

  4227.         )

  4228.         test_user2 = uapi.create_user(

  4229.             email='test2@test2.test2',

  4230.             password='pass',

  4231.             name='test',

  4232.             groups=groups,

  4233.             timezone='Europe/Paris',

  4234.             do_save=True,

  4235.             do_notify=False,

  4236.         )

  4237.         uapi.save(test_user2)

  4238.         uapi.save(test_user)

  4239.         transaction.commit()

  4240.         user_id = int(test_user.user_id)

  4241. 

  4242.         self.testapp.authorization = (

  4243.             'Basic',

  4244.             (

  4245.                 'test2@test2.test2',

  4246.                 'pass',

  4247.             )

  4248.         )

  4249.         # Set params

  4250.         params = {

  4251.             'public_name': 'updated',

  4252.             'timezone': 'Europe/London',

  4253.         }

  4254.         self.testapp.put_json(

  4255.             '/api/v2/users/{}'.format(user_id),

  4256.             params=params,

  4257.             status=403,

  4258.         )

  4259. 

  4260. 

  4261. class TestSetUserProfilEndpoint(FunctionalTest):

  4262.     # -*- coding: utf-8 -*-

  4263.     """

  4264.     Tests for PUT /api/v2/users/{user_id}/profile

  4265.     """

  4266.     fixtures = [BaseFixture]

  4267. 

  4268.     def test_api__set_user_info__ok_200__admin(self):

  4269.         dbsession = get_tm_session(self.session_factory, transaction.manager)

  4270.         admin = dbsession.query(models.User) \

  4271.             .filter(models.User.email == 'admin@admin.admin') \

  4272.             .one()

  4273.         uapi = UserApi(

  4274.             current_user=admin,

  4275.             session=dbsession,

  4276.             config=self.app_config,

  4277.         )

  4278.         gapi = GroupApi(

  4279.             current_user=admin,

  4280.             session=dbsession,

  4281.             config=self.app_config,

  4282.         )

  4283.         groups = [gapi.get_one_with_name('users')]

  4284.         test_user = uapi.create_user(

  4285.             email='test@test.test',

  4286.             password='pass',

  4287.             name='bob',

  4288.             groups=groups,

  4289.             timezone='Europe/Paris',

  4290.             do_save=True,

  4291.             do_notify=False,

  4292.         )

  4293.         uapi.save(test_user)

  4294.         transaction.commit()

  4295.         user_id = int(test_user.user_id)

  4296. 

  4297.         self.testapp.authorization = (

  4298.             'Basic',

  4299.             (

  4300.                 'admin@admin.admin',

  4301.                 'admin@admin.admin'

  4302.             )

  4303.         )

  4304.         # check before

  4305.         res = self.testapp.get(

  4306.             '/api/v2/users/{}'.format(user_id),

  4307.             status=200

  4308.         )

  4309.         res = res.json_body

  4310.         assert res['user_id'] == user_id

  4311.         assert res['profile'] == 'users'

  4312.         # Set params

  4313.         params = {

  4314.             'profile': 'administrators',

  4315.         }

  4316.         self.testapp.put_json(

  4317.             '/api/v2/users/{}/profile'.format(user_id),

  4318.             params=params,

  4319.             status=204,

  4320.         )

  4321.         # Check After

  4322.         res = self.testapp.get(

  4323.             '/api/v2/users/{}'.format(user_id),

  4324.             status=200

  4325.         )

  4326.         res = res.json_body

  4327.         assert res['user_id'] == user_id

  4328.         assert res['profile'] == 'administrators'

  4329. 

  4330.     def test_api__set_user_info__err_403__user_itself(self):

  4331.         dbsession = get_tm_session(self.session_factory, transaction.manager)

  4332.         admin = dbsession.query(models.User) \

  4333.             .filter(models.User.email == 'admin@admin.admin') \

  4334.             .one()

  4335.         uapi = UserApi(

  4336.             current_user=admin,

  4337.             session=dbsession,

  4338.             config=self.app_config,

  4339.         )

  4340.         gapi = GroupApi(

  4341.             current_user=admin,

  4342.             session=dbsession,

  4343.             config=self.app_config,

  4344.         )

  4345.         groups = [gapi.get_one_with_name('users')]

  4346.         test_user = uapi.create_user(

  4347.             email='test@test.test',

  4348.             password='pass',

  4349.             name='bob',

  4350.             groups=groups,

  4351.             timezone='Europe/Paris',

  4352.             do_save=True,

  4353.             do_notify=False,

  4354.         )

  4355.         uapi.save(test_user)

  4356.         transaction.commit()

  4357.         user_id = int(test_user.user_id)

  4358. 

  4359.         self.testapp.authorization = (

  4360.             'Basic',

  4361.             (

  4362.                 'test@test.test',

  4363.                 'pass',

  4364.             )

  4365.         )

  4366.         # check before

  4367.         res = self.testapp.get(

  4368.             '/api/v2/users/{}'.format(user_id),

  4369.             status=200

  4370.         )

  4371.         res = res.json_body

  4372.         assert res['user_id'] == user_id

  4373.         assert res['profile'] == 'users'

  4374.         # Set params

  4375.         params = {

  4376.             'profile': 'administrators',

  4377.         }

  4378.         self.testapp.put_json(

  4379.             '/api/v2/users/{}/profile'.format(user_id),

  4380.             params=params,

  4381.             status=403,

  4382.         )

  4383.         # Check After

  4384.         res = self.testapp.get(

  4385.             '/api/v2/users/{}'.format(user_id),

  4386.             status=200

  4387.         )

  4388.         res = res.json_body

  4389.         assert res['user_id'] == user_id

  4390.         assert res['profile'] == 'users'

  4391. 

  4392.     def test_api__set_user_email__err_403__other_normal_user(self):

  4393.         dbsession = get_tm_session(self.session_factory, transaction.manager)

  4394.         admin = dbsession.query(models.User) \

  4395.             .filter(models.User.email == 'admin@admin.admin') \

  4396.             .one()

  4397.         uapi = UserApi(

  4398.             current_user=admin,

  4399.             session=dbsession,

  4400.             config=self.app_config,

  4401.         )

  4402.         gapi = GroupApi(

  4403.             current_user=admin,

  4404.             session=dbsession,

  4405.             config=self.app_config,

  4406.         )

  4407.         groups = [gapi.get_one_with_name('users')]

  4408.         test_user = uapi.create_user(

  4409.             email='test@test.test',

  4410.             password='pass',

  4411.             name='bob',

  4412.             groups=groups,

  4413.             timezone='Europe/Paris',

  4414.             do_save=True,

  4415.             do_notify=False,

  4416.         )

  4417.         test_user2 = uapi.create_user(

  4418.             email='test2@test2.test2',

  4419.             password='pass',

  4420.             name='test',

  4421.             groups=groups,

  4422.             timezone='Europe/Paris',

  4423.             do_save=True,

  4424.             do_notify=False,

  4425.         )

  4426.         uapi.save(test_user2)

  4427.         uapi.save(test_user)

  4428.         transaction.commit()

  4429.         user_id = int(test_user.user_id)

  4430. 

  4431.         self.testapp.authorization = (

  4432.             'Basic',

  4433.             (

  4434.                 'test2@test2.test2',

  4435.                 'pass',

  4436.             )

  4437.         )

  4438.         # Set params

  4439.         params = {

  4440.             'profile': 'administrators',

  4441.         }

  4442.         self.testapp.put_json(

  4443.             '/api/v2/users/{}/profile'.format(user_id),

  4444.             params=params,

  4445.             status=403,

  4446.         )

  4447. 

  4448. 

  4449. class TestSetUserEnableDisableEndpoints(FunctionalTest):

  4450.     # -*- coding: utf-8 -*-

  4451.     """

  4452.     Tests for PUT /api/v2/users/{user_id}/enable

  4453.     and PUT /api/v2/users/{user_id}/disable

  4454.     """

  4455.     fixtures = [BaseFixture]

  4456. 

  4457.     def test_api_enable_user__ok_200__admin(self):

  4458.         dbsession = get_tm_session(self.session_factory, transaction.manager)

  4459.         admin = dbsession.query(models.User) \

  4460.             .filter(models.User.email == 'admin@admin.admin') \

  4461.             .one()

  4462.         uapi = UserApi(

  4463.             current_user=admin,

  4464.             session=dbsession,

  4465.             config=self.app_config,

  4466.         )

  4467.         gapi = GroupApi(

  4468.             current_user=admin,

  4469.             session=dbsession,

  4470.             config=self.app_config,

  4471.         )

  4472.         groups = [gapi.get_one_with_name('users')]

  4473.         test_user = uapi.create_user(

  4474.             email='test@test.test',

  4475.             password='pass',

  4476.             name='bob',

  4477.             groups=groups,

  4478.             timezone='Europe/Paris',

  4479.             do_save=True,

  4480.             do_notify=False,

  4481.         )

  4482.         uapi.disable(test_user, do_save=True)

  4483.         uapi.save(test_user)

  4484.         transaction.commit()

  4485.         user_id = int(test_user.user_id)

  4486. 

  4487.         self.testapp.authorization = (

  4488.             'Basic',

  4489.             (

  4490.                 'admin@admin.admin',

  4491.                 'admin@admin.admin'

  4492.             )

  4493.         )

  4494.         # check before

  4495.         res = self.testapp.get(

  4496.             '/api/v2/users/{}'.format(user_id),

  4497.             status=200

  4498.         )

  4499.         res = res.json_body

  4500.         assert res['user_id'] == user_id

  4501.         assert res['is_active'] is False

  4502.         self.testapp.put_json(

  4503.             '/api/v2/users/{}/enable'.format(user_id),

  4504.             status=204,

  4505.         )

  4506.         # Check After

  4507.         res = self.testapp.get(

  4508.             '/api/v2/users/{}'.format(user_id),

  4509.             status=200

  4510.         )

  4511.         res = res.json_body

  4512.         assert res['user_id'] == user_id

  4513.         assert res['is_active'] is True

  4514. 

  4515.     def test_api_disable_user__ok_200__admin(self):

  4516.         dbsession = get_tm_session(self.session_factory, transaction.manager)

  4517.         admin = dbsession.query(models.User) \

  4518.             .filter(models.User.email == 'admin@admin.admin') \

  4519.             .one()

  4520.         uapi = UserApi(

  4521.             current_user=admin,

  4522.             session=dbsession,

  4523.             config=self.app_config,

  4524.         )

  4525.         gapi = GroupApi(

  4526.             current_user=admin,

  4527.             session=dbsession,

  4528.             config=self.app_config,

  4529.         )

  4530.         groups = [gapi.get_one_with_name('users')]

  4531.         test_user = uapi.create_user(

  4532.             email='test@test.test',

  4533.             password='pass',

  4534.             name='bob',

  4535.             groups=groups,

  4536.             timezone='Europe/Paris',

  4537.             do_save=True,

  4538.             do_notify=False,

  4539.         )

  4540.         uapi.enable(test_user, do_save=True)

  4541.         uapi.save(test_user)

  4542.         transaction.commit()

  4543.         user_id = int(test_user.user_id)

  4544. 

  4545.         self.testapp.authorization = (

  4546.             'Basic',

  4547.             (

  4548.                 'admin@admin.admin',

  4549.                 'admin@admin.admin'

  4550.             )

  4551.         )

  4552.         # check before

  4553.         res = self.testapp.get(

  4554.             '/api/v2/users/{}'.format(user_id),

  4555.             status=200

  4556.         )

  4557.         res = res.json_body

  4558.         assert res['user_id'] == user_id

  4559.         assert res['is_active'] is True

  4560.         self.testapp.put_json(

  4561.             '/api/v2/users/{}/disable'.format(user_id),

  4562.             status=204,

  4563.         )

  4564.         # Check After

  4565.         res = self.testapp.get(

  4566.             '/api/v2/users/{}'.format(user_id),

  4567.             status=200

  4568.         )

  4569.         res = res.json_body

  4570.         assert res['user_id'] == user_id

  4571.         assert res['is_active'] is False

  4572. 

  4573.     def test_api_enable_user__err_403__other_account(self):

  4574.         dbsession = get_tm_session(self.session_factory, transaction.manager)

  4575.         admin = dbsession.query(models.User) \

  4576.             .filter(models.User.email == 'admin@admin.admin') \

  4577.             .one()

  4578.         uapi = UserApi(

  4579.             current_user=admin,

  4580.             session=dbsession,

  4581.             config=self.app_config,

  4582.         )

  4583.         gapi = GroupApi(

  4584.             current_user=admin,

  4585.             session=dbsession,

  4586.             config=self.app_config,

  4587.         )

  4588.         groups = [gapi.get_one_with_name('users')]

  4589.         test_user = uapi.create_user(

  4590.             email='test@test.test',

  4591.             password='pass',

  4592.             name='bob',

  4593.             groups=groups,

  4594.             timezone='Europe/Paris',

  4595.             do_save=True,

  4596.             do_notify=False,

  4597.         )

  4598.         test_user2 = uapi.create_user(

  4599.             email='test2@test2.test2',

  4600.             password='pass',

  4601.             name='test2',

  4602.             groups=groups,

  4603.             timezone='Europe/Paris',

  4604.             do_save=True,

  4605.             do_notify=False,

  4606.         )

  4607.         uapi.disable(test_user, do_save=True)

  4608.         uapi.save(test_user2)

  4609.         uapi.save(test_user)

  4610.         transaction.commit()

  4611.         user_id = int(test_user.user_id)

  4612. 

  4613.         self.testapp.authorization = (

  4614.             'Basic',

  4615.             (

  4616.                 'test2@test2.test2',

  4617.                 'pass'

  4618.             )

  4619.         )

  4620.         self.testapp.put_json(

  4621.             '/api/v2/users/{}/enable'.format(user_id),

  4622.             status=403,

  4623.         )

  4624. 

  4625.     def test_api_disable_user__err_403__other_account(self):

  4626.         dbsession = get_tm_session(self.session_factory, transaction.manager)

  4627.         admin = dbsession.query(models.User) \

  4628.             .filter(models.User.email == 'admin@admin.admin') \

  4629.             .one()

  4630.         uapi = UserApi(

  4631.             current_user=admin,

  4632.             session=dbsession,

  4633.             config=self.app_config,

  4634.         )

  4635.         gapi = GroupApi(

  4636.             current_user=admin,

  4637.             session=dbsession,

  4638.             config=self.app_config,

  4639.         )

  4640.         groups = [gapi.get_one_with_name('users')]

  4641.         test_user = uapi.create_user(

  4642.             email='test@test.test',

  4643.             password='pass',

  4644.             name='bob',

  4645.             groups=groups,

  4646.             timezone='Europe/Paris',

  4647.             do_save=True,

  4648.             do_notify=False,

  4649.         )

  4650.         test_user2 = uapi.create_user(

  4651.             email='test2@test2.test2',

  4652.             password='pass',

  4653.             name='test2',

  4654.             groups=groups,

  4655.             timezone='Europe/Paris',

  4656.             do_save=True,

  4657.             do_notify=False,

  4658.         )

  4659.         uapi.enable(test_user, do_save=True)

  4660.         uapi.save(test_user2)

  4661.         uapi.save(test_user)

  4662.         transaction.commit()

  4663.         user_id = int(test_user.user_id)

  4664. 

  4665.         self.testapp.authorization = (

  4666.             'Basic',

  4667.             (

  4668.                 'test2@test2.test2',

  4669.                 'pass'

  4670.             )

  4671.         )

  4672.         self.testapp.put_json(

  4673.             '/api/v2/users/{}/disable'.format(user_id),

  4674.             status=403,

  4675.         )

  4676. 

  4677.     def test_api_disable_user__ok_200__user_itself(self):

  4678.         dbsession = get_tm_session(self.session_factory, transaction.manager)

  4679.         admin = dbsession.query(models.User) \

  4680.             .filter(models.User.email == 'admin@admin.admin') \

  4681.             .one()

  4682.         uapi = UserApi(

  4683.             current_user=admin,

  4684.             session=dbsession,

  4685.             config=self.app_config,

  4686.         )

  4687.         gapi = GroupApi(

  4688.             current_user=admin,

  4689.             session=dbsession,

  4690.             config=self.app_config,

  4691.         )

  4692.         groups = [gapi.get_one_with_name('users')]

  4693.         test_user = uapi.create_user(

  4694.             email='test@test.test',

  4695.             password='pass',

  4696.             name='bob',

  4697.             groups=groups,

  4698.             timezone='Europe/Paris',

  4699.             do_save=True,

  4700.             do_notify=False,

  4701.         )

  4702.         uapi.enable(test_user, do_save=True)

  4703.         uapi.save(test_user)

  4704.         transaction.commit()

  4705.         user_id = int(test_user.user_id)

  4706. 

  4707.         self.testapp.authorization = (

  4708.             'Basic',

  4709.             (

  4710.                 'test@test.test',

  4711.                 'pass'

  4712.             )

  4713.         )

  4714.         # check before

  4715.         res = self.testapp.get(

  4716.             '/api/v2/users/{}'.format(user_id),

  4717.             status=200

  4718.         )

  4719.         res = res.json_body

  4720.         assert res['user_id'] == user_id

  4721.         assert res['is_active'] is True

  4722.         self.testapp.put_json(

  4723.             '/api/v2/users/{}/disable'.format(user_id),

  4724.             status=403,

  4725.         )

  4726.         # Check After

  4727.         res = self.testapp.get(

  4728.             '/api/v2/users/{}'.format(user_id),

  4729.             status=200

  4730.         )

  4731.         res = res.json_body

  4732.         assert res['user_id'] == user_id

  4733.         assert res['is_active'] is True