test_user.py 178KB

1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162636465666768697071727374757677787980818283848586878889909192939495969798991001011021031041051061071081091101111121131141151161171181191201211221231241251261271281291301311321331341351361371381391401411421431441451461471481491501511521531541551561571581591601611621631641651661671681691701711721731741751761771781791801811821831841851861871881891901911921931941951961971981992002012022032042052062072082092102112122132142152162172182192202212222232242252262272282292302312322332342352362372382392402412422432442452462472482492502512522532542552562572582592602612622632642652662672682692702712722732742752762772782792802812822832842852862872882892902912922932942952962972982993003013023033043053063073083093103113123133143153163173183193203213223233243253263273283293303313323333343353363373383393403413423433443453463473483493503513523533543553563573583593603613623633643653663673683693703713723733743753763773783793803813823833843853863873883893903913923933943953963973983994004014024034044054064074084094104114124134144154164174184194204214224234244254264274284294304314324334344354364374384394404414424434444454464474484494504514524534544554564574584594604614624634644654664674684694704714724734744754764774784794804814824834844854864874884894904914924934944954964974984995005015025035045055065075085095105115125135145155165175185195205215225235245255265275285295305315325335345355365375385395405415425435445455465475485495505515525535545555565575585595605615625635645655665675685695705715725735745755765775785795805815825835845855865875885895905915925935945955965975985996006016026036046056066076086096106116126136146156166176186196206216226236246256266276286296306316326336346356366376386396406416426436446456466476486496506516526536546556566576586596606616626636646656666676686696706716726736746756766776786796806816826836846856866876886896906916926936946956966976986997007017027037047057067077087097107117127137147157167177187197207217227237247257267277287297307317327337347357367377387397407417427437447457467477487497507517527537547557567577587597607617627637647657667677687697707717727737747757767777787797807817827837847857867877887897907917927937947957967977987998008018028038048058068078088098108118128138148158168178188198208218228238248258268278288298308318328338348358368378388398408418428438448458468478488498508518528538548558568578588598608618628638648658668678688698708718728738748758768778788798808818828838848858868878888898908918928938948958968978988999009019029039049059069079089099109119129139149159169179189199209219229239249259269279289299309319329339349359369379389399409419429439449459469479489499509519529539549559569579589599609619629639649659669679689699709719729739749759769779789799809819829839849859869879889899909919929939949959969979989991000100110021003100410051006100710081009101010111012101310141015101610171018101910201021102210231024102510261027102810291030103110321033103410351036103710381039104010411042104310441045104610471048104910501051105210531054105510561057105810591060106110621063106410651066106710681069107010711072107310741075107610771078107910801081108210831084108510861087108810891090109110921093109410951096109710981099110011011102110311041105110611071108110911101111111211131114111511161117111811191120112111221123112411251126112711281129113011311132113311341135113611371138113911401141114211431144114511461147114811491150115111521153115411551156115711581159116011611162116311641165116611671168116911701171117211731174117511761177117811791180118111821183118411851186118711881189119011911192119311941195119611971198119912001201120212031204120512061207120812091210121112121213121412151216121712181219122012211222122312241225122612271228122912301231123212331234123512361237123812391240124112421243124412451246124712481249125012511252125312541255125612571258125912601261126212631264126512661267126812691270127112721273127412751276127712781279128012811282128312841285128612871288128912901291129212931294129512961297129812991300130113021303130413051306130713081309131013111312131313141315131613171318131913201321132213231324132513261327132813291330133113321333133413351336133713381339134013411342134313441345134613471348134913501351135213531354135513561357135813591360136113621363136413651366136713681369137013711372137313741375137613771378137913801381138213831384138513861387138813891390139113921393139413951396139713981399140014011402140314041405140614071408140914101411141214131414141514161417141814191420142114221423142414251426142714281429143014311432143314341435143614371438143914401441144214431444144514461447144814491450145114521453145414551456145714581459146014611462146314641465146614671468146914701471147214731474147514761477147814791480148114821483148414851486148714881489149014911492149314941495149614971498149915001501150215031504150515061507150815091510151115121513151415151516151715181519152015211522152315241525152615271528152915301531153215331534153515361537153815391540154115421543154415451546154715481549155015511552155315541555155615571558155915601561156215631564156515661567156815691570157115721573157415751576157715781579158015811582158315841585158615871588158915901591159215931594159515961597159815991600160116021603160416051606160716081609161016111612161316141615161616171618161916201621162216231624162516261627162816291630163116321633163416351636163716381639164016411642164316441645164616471648164916501651165216531654165516561657165816591660166116621663166416651666166716681669167016711672167316741675167616771678167916801681168216831684168516861687168816891690169116921693169416951696169716981699170017011702170317041705170617071708170917101711171217131714171517161717171817191720172117221723172417251726172717281729173017311732173317341735173617371738173917401741174217431744174517461747174817491750175117521753175417551756175717581759176017611762176317641765176617671768176917701771177217731774177517761777177817791780178117821783178417851786178717881789179017911792179317941795179617971798179918001801180218031804180518061807180818091810181118121813181418151816181718181819182018211822182318241825182618271828182918301831183218331834183518361837183818391840184118421843184418451846184718481849185018511852185318541855185618571858185918601861186218631864186518661867186818691870187118721873187418751876187718781879188018811882188318841885188618871888188918901891189218931894189518961897189818991900190119021903190419051906190719081909191019111912191319141915191619171918191919201921192219231924192519261927192819291930193119321933193419351936193719381939194019411942194319441945194619471948194919501951195219531954195519561957195819591960196119621963196419651966196719681969197019711972197319741975197619771978197919801981198219831984198519861987198819891990199119921993199419951996199719981999200020012002200320042005200620072008200920102011201220132014201520162017201820192020202120222023202420252026202720282029203020312032203320342035203620372038203920402041204220432044204520462047204820492050205120522053205420552056205720582059206020612062206320642065206620672068206920702071207220732074207520762077207820792080208120822083208420852086208720882089209020912092209320942095209620972098209921002101210221032104210521062107210821092110211121122113211421152116211721182119212021212122212321242125212621272128212921302131213221332134213521362137213821392140214121422143214421452146214721482149215021512152215321542155215621572158215921602161216221632164216521662167216821692170217121722173217421752176217721782179218021812182218321842185218621872188218921902191219221932194219521962197219821992200220122022203220422052206220722082209221022112212221322142215221622172218221922202221222222232224222522262227222822292230223122322233223422352236223722382239224022412242224322442245224622472248224922502251225222532254225522562257225822592260226122622263226422652266226722682269227022712272227322742275227622772278227922802281228222832284228522862287228822892290229122922293229422952296229722982299230023012302230323042305230623072308230923102311231223132314231523162317231823192320232123222323232423252326232723282329233023312332233323342335233623372338233923402341234223432344234523462347234823492350235123522353235423552356235723582359236023612362236323642365236623672368236923702371237223732374237523762377237823792380238123822383238423852386238723882389239023912392239323942395239623972398239924002401240224032404240524062407240824092410241124122413241424152416241724182419242024212422242324242425242624272428242924302431243224332434243524362437243824392440244124422443244424452446244724482449245024512452245324542455245624572458245924602461246224632464246524662467246824692470247124722473247424752476247724782479248024812482248324842485248624872488248924902491249224932494249524962497249824992500250125022503250425052506250725082509251025112512251325142515251625172518251925202521252225232524252525262527252825292530253125322533253425352536253725382539254025412542254325442545254625472548254925502551255225532554255525562557255825592560256125622563256425652566256725682569257025712572257325742575257625772578257925802581258225832584258525862587258825892590259125922593259425952596259725982599260026012602260326042605260626072608260926102611261226132614261526162617261826192620262126222623262426252626262726282629263026312632263326342635263626372638263926402641264226432644264526462647264826492650265126522653265426552656265726582659266026612662266326642665266626672668266926702671267226732674267526762677267826792680268126822683268426852686268726882689269026912692269326942695269626972698269927002701270227032704270527062707270827092710271127122713271427152716271727182719272027212722272327242725272627272728272927302731273227332734273527362737273827392740274127422743274427452746274727482749275027512752275327542755275627572758275927602761276227632764276527662767276827692770277127722773277427752776277727782779278027812782278327842785278627872788278927902791279227932794279527962797279827992800280128022803280428052806280728082809281028112812281328142815281628172818281928202821282228232824282528262827282828292830283128322833283428352836283728382839284028412842284328442845284628472848284928502851285228532854285528562857285828592860286128622863286428652866286728682869287028712872287328742875287628772878287928802881288228832884288528862887288828892890289128922893289428952896289728982899290029012902290329042905290629072908290929102911291229132914291529162917291829192920292129222923292429252926292729282929293029312932293329342935293629372938293929402941294229432944294529462947294829492950295129522953295429552956295729582959296029612962296329642965296629672968296929702971297229732974297529762977297829792980298129822983298429852986298729882989299029912992299329942995299629972998299930003001300230033004300530063007300830093010301130123013301430153016301730183019302030213022302330243025302630273028302930303031303230333034303530363037303830393040304130423043304430453046304730483049305030513052305330543055305630573058305930603061306230633064306530663067306830693070307130723073307430753076307730783079308030813082308330843085308630873088308930903091309230933094309530963097309830993100310131023103310431053106310731083109311031113112311331143115311631173118311931203121312231233124312531263127312831293130313131323133313431353136313731383139314031413142314331443145314631473148314931503151315231533154315531563157315831593160316131623163316431653166316731683169317031713172317331743175317631773178317931803181318231833184318531863187318831893190319131923193319431953196319731983199320032013202320332043205320632073208320932103211321232133214321532163217321832193220322132223223322432253226322732283229323032313232323332343235323632373238323932403241324232433244324532463247324832493250325132523253325432553256325732583259326032613262326332643265326632673268326932703271327232733274327532763277327832793280328132823283328432853286328732883289329032913292329332943295329632973298329933003301330233033304330533063307330833093310331133123313331433153316331733183319332033213322332333243325332633273328332933303331333233333334333533363337333833393340334133423343334433453346334733483349335033513352335333543355335633573358335933603361336233633364336533663367336833693370337133723373337433753376337733783379338033813382338333843385338633873388338933903391339233933394339533963397339833993400340134023403340434053406340734083409341034113412341334143415341634173418341934203421342234233424342534263427342834293430343134323433343434353436343734383439344034413442344334443445344634473448344934503451345234533454345534563457345834593460346134623463346434653466346734683469347034713472347334743475347634773478347934803481348234833484348534863487348834893490349134923493349434953496349734983499350035013502350335043505350635073508350935103511351235133514351535163517351835193520352135223523352435253526352735283529353035313532353335343535353635373538353935403541354235433544354535463547354835493550355135523553355435553556355735583559356035613562356335643565356635673568356935703571357235733574357535763577357835793580358135823583358435853586358735883589359035913592359335943595359635973598359936003601360236033604360536063607360836093610361136123613361436153616361736183619362036213622362336243625362636273628362936303631363236333634363536363637363836393640364136423643364436453646364736483649365036513652365336543655365636573658365936603661366236633664366536663667366836693670367136723673367436753676367736783679368036813682368336843685368636873688368936903691369236933694369536963697369836993700370137023703370437053706370737083709371037113712371337143715371637173718371937203721372237233724372537263727372837293730373137323733373437353736373737383739374037413742374337443745374637473748374937503751375237533754375537563757375837593760376137623763376437653766376737683769377037713772377337743775377637773778377937803781378237833784378537863787378837893790379137923793379437953796379737983799380038013802380338043805380638073808380938103811381238133814381538163817381838193820382138223823382438253826382738283829383038313832383338343835383638373838383938403841384238433844384538463847384838493850385138523853385438553856385738583859386038613862386338643865386638673868386938703871387238733874387538763877387838793880388138823883388438853886388738883889389038913892389338943895389638973898389939003901390239033904390539063907390839093910391139123913391439153916391739183919392039213922392339243925392639273928392939303931393239333934393539363937393839393940394139423943394439453946394739483949395039513952395339543955395639573958395939603961396239633964396539663967396839693970397139723973397439753976397739783979398039813982398339843985398639873988398939903991399239933994399539963997399839994000400140024003400440054006400740084009401040114012401340144015401640174018401940204021402240234024402540264027402840294030403140324033403440354036403740384039404040414042404340444045404640474048404940504051405240534054405540564057405840594060406140624063406440654066406740684069407040714072407340744075407640774078407940804081408240834084408540864087408840894090409140924093409440954096409740984099410041014102410341044105410641074108410941104111411241134114411541164117411841194120412141224123412441254126412741284129413041314132413341344135413641374138413941404141414241434144414541464147414841494150415141524153415441554156415741584159416041614162416341644165416641674168416941704171417241734174417541764177417841794180418141824183418441854186418741884189419041914192419341944195419641974198419942004201420242034204420542064207420842094210421142124213421442154216421742184219422042214222422342244225422642274228422942304231423242334234423542364237423842394240424142424243424442454246424742484249425042514252425342544255425642574258425942604261426242634264426542664267426842694270427142724273427442754276427742784279428042814282428342844285428642874288428942904291429242934294429542964297429842994300430143024303430443054306430743084309431043114312431343144315431643174318431943204321432243234324432543264327432843294330433143324333433443354336433743384339434043414342434343444345434643474348434943504351435243534354435543564357435843594360436143624363436443654366436743684369437043714372437343744375437643774378437943804381438243834384438543864387438843894390439143924393439443954396439743984399440044014402440344044405440644074408440944104411441244134414441544164417441844194420442144224423442444254426442744284429443044314432443344344435443644374438443944404441444244434444444544464447444844494450445144524453445444554456445744584459446044614462446344644465446644674468446944704471447244734474447544764477447844794480448144824483448444854486448744884489449044914492449344944495449644974498449945004501450245034504450545064507450845094510451145124513451445154516451745184519452045214522452345244525452645274528452945304531453245334534453545364537453845394540454145424543454445454546454745484549455045514552455345544555455645574558455945604561456245634564456545664567456845694570457145724573457445754576457745784579458045814582458345844585458645874588458945904591459245934594459545964597459845994600460146024603460446054606460746084609461046114612461346144615461646174618461946204621462246234624462546264627462846294630463146324633463446354636463746384639464046414642464346444645464646474648464946504651465246534654465546564657465846594660466146624663466446654666466746684669467046714672467346744675467646774678467946804681468246834684468546864687468846894690469146924693469446954696469746984699470047014702470347044705470647074708470947104711471247134714471547164717471847194720472147224723472447254726472747284729473047314732473347344735473647374738473947404741474247434744474547464747474847494750475147524753475447554756475747584759476047614762476347644765476647674768476947704771477247734774477547764777477847794780478147824783478447854786478747884789479047914792479347944795479647974798479948004801480248034804480548064807480848094810481148124813481448154816481748184819482048214822482348244825482648274828482948304831483248334834483548364837483848394840484148424843484448454846484748484849485048514852485348544855485648574858485948604861486248634864486548664867486848694870487148724873487448754876487748784879488048814882488348844885488648874888488948904891489248934894489548964897489848994900490149024903490449054906490749084909491049114912491349144915491649174918491949204921492249234924492549264927492849294930493149324933493449354936493749384939494049414942494349444945494649474948494949504951495249534954495549564957495849594960496149624963496449654966496749684969497049714972497349744975497649774978497949804981498249834984498549864987498849894990499149924993499449954996499749984999500050015002500350045005500650075008500950105011501250135014501550165017501850195020502150225023502450255026502750285029503050315032503350345035503650375038503950405041504250435044504550465047504850495050505150525053505450555056505750585059506050615062506350645065506650675068506950705071507250735074507550765077507850795080508150825083508450855086508750885089509050915092509350945095509650975098509951005101510251035104510551065107510851095110511151125113511451155116511751185119512051215122512351245125512651275128512951305131513251335134513551365137513851395140514151425143514451455146514751485149515051515152515351545155515651575158515951605161516251635164516551665167516851695170517151725173517451755176517751785179518051815182518351845185518651875188518951905191519251935194519551965197519851995200520152025203520452055206520752085209521052115212521352145215521652175218521952205221522252235224522552265227522852295230523152325233523452355236523752385239
  1. # -*- coding: utf-8 -*-
  2. """
  3. Tests for /api/v2/users subpath endpoints.
  4. """
  5. from time import sleep
  6. import pytest
  7. import requests
  8. import transaction
  9. from tracim_backend import models
  10. from tracim_backend.extensions import app_list
  11. from tracim_backend.lib.core.application import ApplicationApi
  12. from tracim_backend.lib.core.content import ContentApi
  13. from tracim_backend.lib.core.user import UserApi
  14. from tracim_backend.lib.core.group import GroupApi
  15. from tracim_backend.lib.core.userworkspace import RoleApi
  16. from tracim_backend.lib.core.workspace import WorkspaceApi
  17. from tracim_backend.models import get_tm_session
  18. from tracim_backend.app_models.contents import CONTENT_TYPES
  19. from tracim_backend.models.data import UserRoleInWorkspace
  20. from tracim_backend.models.revision_protection import new_revision
  21. from tracim_backend.tests import FunctionalTest
  22. from tracim_backend.fixtures.content import Content as ContentFixtures
  23. from tracim_backend.fixtures.users_and_groups import Base as BaseFixture
  24. class TestUserRecentlyActiveContentEndpoint(FunctionalTest):
  25. """
  26. Tests for /api/v2/users/{user_id}/workspaces/{workspace_id}/contents/recently_active # nopep8
  27. """
  28. fixtures = [BaseFixture]
  29. def test_api__get_recently_active_content__ok__200__admin(self):
  30. # init DB
  31. dbsession = get_tm_session(self.session_factory, transaction.manager)
  32. admin = dbsession.query(models.User) \
  33. .filter(models.User.email == 'admin@admin.admin') \
  34. .one()
  35. workspace_api = WorkspaceApi(
  36. current_user=admin,
  37. session=dbsession,
  38. config=self.app_config
  39. )
  40. workspace = WorkspaceApi(
  41. current_user=admin,
  42. session=dbsession,
  43. config=self.app_config,
  44. ).create_workspace(
  45. 'test workspace',
  46. save_now=True
  47. )
  48. workspace2 = WorkspaceApi(
  49. current_user=admin,
  50. session=dbsession,
  51. config=self.app_config,
  52. ).create_workspace(
  53. 'test workspace2',
  54. save_now=True
  55. )
  56. uapi = UserApi(
  57. current_user=admin,
  58. session=dbsession,
  59. config=self.app_config,
  60. )
  61. gapi = GroupApi(
  62. current_user=admin,
  63. session=dbsession,
  64. config=self.app_config,
  65. )
  66. groups = [gapi.get_one_with_name('users')]
  67. test_user = uapi.create_user(
  68. email='test@test.test',
  69. password='pass',
  70. name='bob',
  71. groups=groups,
  72. timezone='Europe/Paris',
  73. lang='fr',
  74. do_save=True,
  75. do_notify=False,
  76. )
  77. rapi = RoleApi(
  78. current_user=admin,
  79. session=dbsession,
  80. config=self.app_config,
  81. )
  82. rapi.create_one(test_user, workspace, UserRoleInWorkspace.READER, False)
  83. api = ContentApi(
  84. current_user=admin,
  85. session=dbsession,
  86. config=self.app_config,
  87. )
  88. main_folder_workspace2 = api.create(CONTENT_TYPES.Folder.slug, workspace2, None, 'Hepla', '', True) # nopep8
  89. main_folder = api.create(CONTENT_TYPES.Folder.slug, workspace, None, 'this is randomized folder', '', True) # nopep8
  90. # creation order test
  91. firstly_created = api.create(CONTENT_TYPES.Page.slug, workspace, main_folder, 'creation_order_test', '', True) # nopep8
  92. secondly_created = api.create(CONTENT_TYPES.Page.slug, workspace, main_folder, 'another creation_order_test', '', True) # nopep8
  93. # update order test
  94. firstly_created_but_recently_updated = api.create(CONTENT_TYPES.Page.slug, workspace, main_folder, 'update_order_test', '', True) # nopep8
  95. secondly_created_but_not_updated = api.create(CONTENT_TYPES.Page.slug, workspace, main_folder, 'another update_order_test', '', True) # nopep8
  96. with new_revision(
  97. session=dbsession,
  98. tm=transaction.manager,
  99. content=firstly_created_but_recently_updated,
  100. ):
  101. firstly_created_but_recently_updated.description = 'Just an update'
  102. api.save(firstly_created_but_recently_updated)
  103. # comment change order
  104. firstly_created_but_recently_commented = api.create(CONTENT_TYPES.Page.slug, workspace, main_folder, 'this is randomized label content', '', True) # nopep8
  105. secondly_created_but_not_commented = api.create(CONTENT_TYPES.Page.slug, workspace, main_folder, 'this is another randomized label content', '', True) # nopep8
  106. comments = api.create_comment(workspace, firstly_created_but_recently_commented, 'juste a super comment', True) # nopep8
  107. content_workspace_2 = api.create(CONTENT_TYPES.Page.slug, workspace2,main_folder_workspace2, 'content_workspace_2', '',True) # nopep8
  108. dbsession.flush()
  109. transaction.commit()
  110. self.testapp.authorization = (
  111. 'Basic',
  112. (
  113. 'admin@admin.admin',
  114. 'admin@admin.admin'
  115. )
  116. )
  117. res = self.testapp.get('/api/v2/users/{user_id}/workspaces/{workspace_id}/contents/recently_active'.format( # nopep8
  118. user_id=test_user.user_id,
  119. workspace_id=workspace.workspace_id
  120. ), status=200)
  121. res = res.json_body
  122. assert len(res) == 7
  123. for elem in res:
  124. assert isinstance(elem['content_id'], int)
  125. assert isinstance(elem['content_type'], str)
  126. assert elem['content_type'] != 'comments'
  127. assert isinstance(elem['is_archived'], bool)
  128. assert isinstance(elem['is_deleted'], bool)
  129. assert isinstance(elem['label'], str)
  130. assert isinstance(elem['parent_id'], int) or elem['parent_id'] is None
  131. assert isinstance(elem['show_in_ui'], bool)
  132. assert isinstance(elem['slug'], str)
  133. assert isinstance(elem['status'], str)
  134. assert isinstance(elem['sub_content_types'], list)
  135. for sub_content_type in elem['sub_content_types']:
  136. assert isinstance(sub_content_type, str)
  137. assert isinstance(elem['workspace_id'], int)
  138. # comment is newest than page2
  139. assert res[0]['content_id'] == firstly_created_but_recently_commented.content_id
  140. assert res[1]['content_id'] == secondly_created_but_not_commented.content_id
  141. # last updated content is newer than other one despite creation
  142. # of the other is more recent
  143. assert res[2]['content_id'] == firstly_created_but_recently_updated.content_id
  144. assert res[3]['content_id'] == secondly_created_but_not_updated.content_id
  145. # creation order is inverted here as last created is last active
  146. assert res[4]['content_id'] == secondly_created.content_id
  147. assert res[5]['content_id'] == firstly_created.content_id
  148. # folder subcontent modification does not change folder order
  149. assert res[6]['content_id'] == main_folder.content_id
  150. def test_api__get_recently_active_content__err__400__no_access_to_workspace(self):
  151. # init DB
  152. dbsession = get_tm_session(self.session_factory, transaction.manager)
  153. admin = dbsession.query(models.User) \
  154. .filter(models.User.email == 'admin@admin.admin') \
  155. .one()
  156. workspace_api = WorkspaceApi(
  157. current_user=admin,
  158. session=dbsession,
  159. config=self.app_config
  160. )
  161. workspace = WorkspaceApi(
  162. current_user=admin,
  163. session=dbsession,
  164. config=self.app_config,
  165. ).create_workspace(
  166. 'test workspace',
  167. save_now=True
  168. )
  169. workspace2 = WorkspaceApi(
  170. current_user=admin,
  171. session=dbsession,
  172. config=self.app_config,
  173. ).create_workspace(
  174. 'test workspace2',
  175. save_now=True
  176. )
  177. uapi = UserApi(
  178. current_user=admin,
  179. session=dbsession,
  180. config=self.app_config,
  181. )
  182. gapi = GroupApi(
  183. current_user=admin,
  184. session=dbsession,
  185. config=self.app_config,
  186. )
  187. groups = [gapi.get_one_with_name('users')]
  188. test_user = uapi.create_user(
  189. email='test@test.test',
  190. password='pass',
  191. name='bob',
  192. groups=groups,
  193. timezone='Europe/Paris',
  194. lang='fr',
  195. do_save=True,
  196. do_notify=False,
  197. )
  198. api = ContentApi(
  199. current_user=admin,
  200. session=dbsession,
  201. config=self.app_config,
  202. )
  203. main_folder_workspace2 = api.create(CONTENT_TYPES.Folder.slug, workspace2, None, 'Hepla', '', True) # nopep8
  204. main_folder = api.create(CONTENT_TYPES.Folder.slug, workspace, None, 'this is randomized folder', '', True) # nopep8
  205. # creation order test
  206. firstly_created = api.create(CONTENT_TYPES.Page.slug, workspace, main_folder, 'creation_order_test', '', True) # nopep8
  207. secondly_created = api.create(CONTENT_TYPES.Page.slug, workspace, main_folder, 'another creation_order_test', '', True) # nopep8
  208. # update order test
  209. firstly_created_but_recently_updated = api.create(CONTENT_TYPES.Page.slug, workspace, main_folder, 'update_order_test', '', True) # nopep8
  210. secondly_created_but_not_updated = api.create(CONTENT_TYPES.Page.slug, workspace, main_folder, 'another update_order_test', '', True) # nopep8
  211. with new_revision(
  212. session=dbsession,
  213. tm=transaction.manager,
  214. content=firstly_created_but_recently_updated,
  215. ):
  216. firstly_created_but_recently_updated.description = 'Just an update'
  217. api.save(firstly_created_but_recently_updated)
  218. # comment change order
  219. firstly_created_but_recently_commented = api.create(CONTENT_TYPES.Page.slug, workspace, main_folder, 'this is randomized label content', '', True) # nopep8
  220. secondly_created_but_not_commented = api.create(CONTENT_TYPES.Page.slug, workspace, main_folder, 'this is another randomized label content', '', True) # nopep8
  221. comments = api.create_comment(workspace, firstly_created_but_recently_commented, 'juste a super comment', True) # nopep8
  222. content_workspace_2 = api.create(CONTENT_TYPES.Page.slug, workspace2,main_folder_workspace2, 'content_workspace_2', '',True) # nopep8
  223. dbsession.flush()
  224. transaction.commit()
  225. self.testapp.authorization = (
  226. 'Basic',
  227. (
  228. 'admin@admin.admin',
  229. 'admin@admin.admin'
  230. )
  231. )
  232. res = self.testapp.get('/api/v2/users/{user_id}/workspaces/{workspace_id}/contents/recently_active'.format( # nopep8
  233. user_id=test_user.user_id,
  234. workspace_id=workspace.workspace_id
  235. ), status=400)
  236. def test_api__get_recently_active_content__ok__200__user_itself(self):
  237. # init DB
  238. dbsession = get_tm_session(self.session_factory, transaction.manager)
  239. admin = dbsession.query(models.User) \
  240. .filter(models.User.email == 'admin@admin.admin') \
  241. .one()
  242. workspace_api = WorkspaceApi(
  243. current_user=admin,
  244. session=dbsession,
  245. config=self.app_config
  246. )
  247. workspace = WorkspaceApi(
  248. current_user=admin,
  249. session=dbsession,
  250. config=self.app_config,
  251. ).create_workspace(
  252. 'test workspace',
  253. save_now=True
  254. )
  255. workspace2 = WorkspaceApi(
  256. current_user=admin,
  257. session=dbsession,
  258. config=self.app_config,
  259. ).create_workspace(
  260. 'test workspace2',
  261. save_now=True
  262. )
  263. uapi = UserApi(
  264. current_user=admin,
  265. session=dbsession,
  266. config=self.app_config,
  267. )
  268. gapi = GroupApi(
  269. current_user=admin,
  270. session=dbsession,
  271. config=self.app_config,
  272. )
  273. groups = [gapi.get_one_with_name('users')]
  274. test_user = uapi.create_user(
  275. email='test@test.test',
  276. password='pass',
  277. name='bob',
  278. groups=groups,
  279. timezone='Europe/Paris',
  280. lang='fr',
  281. do_save=True,
  282. do_notify=False,
  283. )
  284. rapi = RoleApi(
  285. current_user=admin,
  286. session=dbsession,
  287. config=self.app_config,
  288. )
  289. rapi.create_one(test_user, workspace, UserRoleInWorkspace.READER, False)
  290. api = ContentApi(
  291. current_user=admin,
  292. session=dbsession,
  293. config=self.app_config,
  294. )
  295. main_folder_workspace2 = api.create(CONTENT_TYPES.Folder.slug, workspace2, None, 'Hepla', '', True) # nopep8
  296. main_folder = api.create(CONTENT_TYPES.Folder.slug, workspace, None, 'this is randomized folder', '', True) # nopep8
  297. # creation order test
  298. firstly_created = api.create(CONTENT_TYPES.Page.slug, workspace, main_folder, 'creation_order_test', '', True) # nopep8
  299. secondly_created = api.create(CONTENT_TYPES.Page.slug, workspace, main_folder, 'another creation_order_test', '', True) # nopep8
  300. # update order test
  301. firstly_created_but_recently_updated = api.create(CONTENT_TYPES.Page.slug, workspace, main_folder, 'update_order_test', '', True) # nopep8
  302. secondly_created_but_not_updated = api.create(CONTENT_TYPES.Page.slug, workspace, main_folder, 'another update_order_test', '', True) # nopep8
  303. with new_revision(
  304. session=dbsession,
  305. tm=transaction.manager,
  306. content=firstly_created_but_recently_updated,
  307. ):
  308. firstly_created_but_recently_updated.description = 'Just an update'
  309. api.save(firstly_created_but_recently_updated)
  310. # comment change order
  311. firstly_created_but_recently_commented = api.create(CONTENT_TYPES.Page.slug, workspace, main_folder, 'this is randomized label content', '', True) # nopep8
  312. secondly_created_but_not_commented = api.create(CONTENT_TYPES.Page.slug, workspace, main_folder, 'this is another randomized label content', '', True) # nopep8
  313. comments = api.create_comment(workspace, firstly_created_but_recently_commented, 'juste a super comment', True) # nopep8
  314. content_workspace_2 = api.create(CONTENT_TYPES.Page.slug, workspace2,main_folder_workspace2, 'content_workspace_2', '',True) # nopep8
  315. dbsession.flush()
  316. transaction.commit()
  317. self.testapp.authorization = (
  318. 'Basic',
  319. (
  320. 'test@test.test',
  321. 'pass'
  322. )
  323. )
  324. res = self.testapp.get('/api/v2/users/{user_id}/workspaces/{workspace_id}/contents/recently_active'.format( # nopep8
  325. user_id=test_user.user_id,
  326. workspace_id=workspace.workspace_id
  327. ), status=200)
  328. res = res.json_body
  329. assert len(res) == 7
  330. for elem in res:
  331. assert isinstance(elem['content_id'], int)
  332. assert isinstance(elem['content_type'], str)
  333. assert elem['content_type'] != 'comments'
  334. assert isinstance(elem['is_archived'], bool)
  335. assert isinstance(elem['is_deleted'], bool)
  336. assert isinstance(elem['label'], str)
  337. assert isinstance(elem['parent_id'], int) or elem['parent_id'] is None
  338. assert isinstance(elem['show_in_ui'], bool)
  339. assert isinstance(elem['slug'], str)
  340. assert isinstance(elem['status'], str)
  341. assert isinstance(elem['sub_content_types'], list)
  342. for sub_content_type in elem['sub_content_types']:
  343. assert isinstance(sub_content_type, str)
  344. assert isinstance(elem['workspace_id'], int)
  345. # comment is newest than page2
  346. assert res[0]['content_id'] == firstly_created_but_recently_commented.content_id
  347. assert res[1]['content_id'] == secondly_created_but_not_commented.content_id
  348. # last updated content is newer than other one despite creation
  349. # of the other is more recent
  350. assert res[2]['content_id'] == firstly_created_but_recently_updated.content_id
  351. assert res[3]['content_id'] == secondly_created_but_not_updated.content_id
  352. # creation order is inverted here as last created is last active
  353. assert res[4]['content_id'] == secondly_created.content_id
  354. assert res[5]['content_id'] == firstly_created.content_id
  355. # folder subcontent modification does not change folder order
  356. assert res[6]['content_id'] == main_folder.content_id
  357. def test_api__get_recently_active_content__ok__200__other_user(self):
  358. # init DB
  359. dbsession = get_tm_session(self.session_factory, transaction.manager)
  360. admin = dbsession.query(models.User) \
  361. .filter(models.User.email == 'admin@admin.admin') \
  362. .one()
  363. workspace_api = WorkspaceApi(
  364. current_user=admin,
  365. session=dbsession,
  366. config=self.app_config
  367. )
  368. workspace = WorkspaceApi(
  369. current_user=admin,
  370. session=dbsession,
  371. config=self.app_config,
  372. ).create_workspace(
  373. 'test workspace',
  374. save_now=True
  375. )
  376. workspace2 = WorkspaceApi(
  377. current_user=admin,
  378. session=dbsession,
  379. config=self.app_config,
  380. ).create_workspace(
  381. 'test workspace2',
  382. save_now=True
  383. )
  384. uapi = UserApi(
  385. current_user=admin,
  386. session=dbsession,
  387. config=self.app_config,
  388. )
  389. gapi = GroupApi(
  390. current_user=admin,
  391. session=dbsession,
  392. config=self.app_config,
  393. )
  394. groups = [gapi.get_one_with_name('users')]
  395. test_user = uapi.create_user(
  396. email='test@test.test',
  397. password='pass',
  398. name='bob',
  399. groups=groups,
  400. timezone='Europe/Paris',
  401. lang='fr',
  402. do_save=True,
  403. do_notify=False,
  404. )
  405. rapi = RoleApi(
  406. current_user=admin,
  407. session=dbsession,
  408. config=self.app_config,
  409. )
  410. rapi.create_one(test_user, workspace, UserRoleInWorkspace.READER, False)
  411. api = ContentApi(
  412. current_user=admin,
  413. session=dbsession,
  414. config=self.app_config,
  415. )
  416. main_folder_workspace2 = api.create(CONTENT_TYPES.Folder.slug, workspace2, None, 'Hepla', '', True) # nopep8
  417. main_folder = api.create(CONTENT_TYPES.Folder.slug, workspace, None, 'this is randomized folder', '', True) # nopep8
  418. # creation order test
  419. firstly_created = api.create(CONTENT_TYPES.Page.slug, workspace, main_folder, 'creation_order_test', '', True) # nopep8
  420. secondly_created = api.create(CONTENT_TYPES.Page.slug, workspace, main_folder, 'another creation_order_test', '', True) # nopep8
  421. # update order test
  422. firstly_created_but_recently_updated = api.create(CONTENT_TYPES.Page.slug, workspace, main_folder, 'update_order_test', '', True) # nopep8
  423. secondly_created_but_not_updated = api.create(CONTENT_TYPES.Page.slug, workspace, main_folder, 'another update_order_test', '', True) # nopep8
  424. with new_revision(
  425. session=dbsession,
  426. tm=transaction.manager,
  427. content=firstly_created_but_recently_updated,
  428. ):
  429. firstly_created_but_recently_updated.description = 'Just an update'
  430. api.save(firstly_created_but_recently_updated)
  431. # comment change order
  432. firstly_created_but_recently_commented = api.create(CONTENT_TYPES.Page.slug, workspace, main_folder, 'this is randomized label content', '', True) # nopep8
  433. secondly_created_but_not_commented = api.create(CONTENT_TYPES.Page.slug, workspace, main_folder, 'this is another randomized label content', '', True) # nopep8
  434. comments = api.create_comment(workspace, firstly_created_but_recently_commented, 'juste a super comment', True) # nopep8
  435. content_workspace_2 = api.create(CONTENT_TYPES.Page.slug, workspace2,main_folder_workspace2, 'content_workspace_2', '',True) # nopep8
  436. dbsession.flush()
  437. transaction.commit()
  438. self.testapp.authorization = (
  439. 'Basic',
  440. (
  441. 'test@test.test',
  442. 'pass'
  443. )
  444. )
  445. res = self.testapp.get('/api/v2/users/{user_id}/workspaces/{workspace_id}/contents/recently_active'.format( # nopep8
  446. user_id=admin.user_id,
  447. workspace_id=workspace.workspace_id
  448. ), status=403)
  449. def test_api__get_recently_active_content__ok__200__limit_2_multiple(self):
  450. # TODO - G.M - 2018-07-20 - Better fix for this test, do not use sleep()
  451. # anymore to fix datetime lack of precision.
  452. # init DB
  453. dbsession = get_tm_session(self.session_factory, transaction.manager)
  454. admin = dbsession.query(models.User) \
  455. .filter(models.User.email == 'admin@admin.admin') \
  456. .one()
  457. workspace_api = WorkspaceApi(
  458. current_user=admin,
  459. session=dbsession,
  460. config=self.app_config
  461. )
  462. workspace = WorkspaceApi(
  463. current_user=admin,
  464. session=dbsession,
  465. config=self.app_config,
  466. ).create_workspace(
  467. 'test workspace',
  468. save_now=True
  469. )
  470. workspace2 = WorkspaceApi(
  471. current_user=admin,
  472. session=dbsession,
  473. config=self.app_config,
  474. ).create_workspace(
  475. 'test workspace2',
  476. save_now=True
  477. )
  478. api = ContentApi(
  479. current_user=admin,
  480. session=dbsession,
  481. config=self.app_config,
  482. )
  483. main_folder_workspace2 = api.create(CONTENT_TYPES.Folder.slug, workspace2, None, 'Hepla', '', True) # nopep8
  484. main_folder = api.create(CONTENT_TYPES.Folder.slug, workspace, None, 'this is randomized folder', '', True) # nopep8
  485. # creation order test
  486. firstly_created = api.create(CONTENT_TYPES.Page.slug, workspace, main_folder, 'creation_order_test', '', True) # nopep8
  487. secondly_created = api.create(CONTENT_TYPES.Page.slug, workspace, main_folder, 'another creation_order_test', '', True) # nopep8
  488. # update order test
  489. firstly_created_but_recently_updated = api.create(CONTENT_TYPES.Page.slug, workspace, main_folder, 'update_order_test', '', True) # nopep8
  490. secondly_created_but_not_updated = api.create(CONTENT_TYPES.Page.slug, workspace, main_folder, 'another update_order_test', '', True) # nopep8
  491. with new_revision(
  492. session=dbsession,
  493. tm=transaction.manager,
  494. content=firstly_created_but_recently_updated,
  495. ):
  496. firstly_created_but_recently_updated.description = 'Just an update'
  497. api.save(firstly_created_but_recently_updated)
  498. # comment change order
  499. firstly_created_but_recently_commented = api.create(CONTENT_TYPES.Page.slug, workspace, main_folder, 'this is randomized label content', '', True) # nopep8
  500. secondly_created_but_not_commented = api.create(CONTENT_TYPES.Page.slug, workspace, main_folder, 'this is another randomized label content', '', True) # nopep8
  501. comments = api.create_comment(workspace, firstly_created_but_recently_commented, 'juste a super comment', True) # nopep8
  502. content_workspace_2 = api.create(CONTENT_TYPES.Page.slug, workspace2,main_folder_workspace2, 'content_workspace_2', '',True) # nopep8
  503. dbsession.flush()
  504. transaction.commit()
  505. self.testapp.authorization = (
  506. 'Basic',
  507. (
  508. 'admin@admin.admin',
  509. 'admin@admin.admin'
  510. )
  511. )
  512. params = {
  513. 'limit': 2,
  514. }
  515. res = self.testapp.get(
  516. '/api/v2/users/1/workspaces/{}/contents/recently_active'.format(workspace.workspace_id), # nopep8
  517. status=200,
  518. params=params
  519. ) # nopep8
  520. res = res.json_body
  521. assert len(res) == 2
  522. for elem in res:
  523. assert isinstance(elem['content_id'], int)
  524. assert isinstance(elem['content_type'], str)
  525. assert elem['content_type'] != 'comments'
  526. assert isinstance(elem['is_archived'], bool)
  527. assert isinstance(elem['is_deleted'], bool)
  528. assert isinstance(elem['label'], str)
  529. assert isinstance(elem['parent_id'], int) or elem['parent_id'] is None
  530. assert isinstance(elem['show_in_ui'], bool)
  531. assert isinstance(elem['slug'], str)
  532. assert isinstance(elem['status'], str)
  533. assert isinstance(elem['sub_content_types'], list)
  534. for sub_content_type in elem['sub_content_types']:
  535. assert isinstance(sub_content_type, str)
  536. assert isinstance(elem['workspace_id'], int)
  537. # comment is newest than page2
  538. assert res[0]['content_id'] == firstly_created_but_recently_commented.content_id
  539. assert res[1]['content_id'] == secondly_created_but_not_commented.content_id
  540. params = {
  541. 'limit': 2,
  542. 'before_content_id': secondly_created_but_not_commented.content_id, # nopep8
  543. }
  544. res = self.testapp.get(
  545. '/api/v2/users/1/workspaces/{}/contents/recently_active'.format(workspace.workspace_id), # nopep8
  546. status=200,
  547. params=params
  548. )
  549. res = res.json_body
  550. assert len(res) == 2
  551. # last updated content is newer than other one despite creation
  552. # of the other is more recent
  553. assert res[0]['content_id'] == firstly_created_but_recently_updated.content_id
  554. assert res[1]['content_id'] == secondly_created_but_not_updated.content_id
  555. def test_api__get_recently_active_content__ok__200__bad_before_content_id_doesnt_exist(self): # nopep8
  556. # TODO - G.M - 2018-07-20 - Better fix for this test, do not use sleep()
  557. # anymore to fix datetime lack of precision.
  558. # init DB
  559. dbsession = get_tm_session(self.session_factory, transaction.manager)
  560. admin = dbsession.query(models.User) \
  561. .filter(models.User.email == 'admin@admin.admin') \
  562. .one()
  563. workspace_api = WorkspaceApi(
  564. current_user=admin,
  565. session=dbsession,
  566. config=self.app_config
  567. )
  568. workspace = WorkspaceApi(
  569. current_user=admin,
  570. session=dbsession,
  571. config=self.app_config,
  572. ).create_workspace(
  573. 'test workspace',
  574. save_now=True
  575. )
  576. workspace2 = WorkspaceApi(
  577. current_user=admin,
  578. session=dbsession,
  579. config=self.app_config,
  580. ).create_workspace(
  581. 'test workspace2',
  582. save_now=True
  583. )
  584. api = ContentApi(
  585. current_user=admin,
  586. session=dbsession,
  587. config=self.app_config,
  588. )
  589. main_folder_workspace2 = api.create(CONTENT_TYPES.Folder.slug, workspace2, None, 'Hepla', '', True) # nopep8
  590. main_folder = api.create(CONTENT_TYPES.Folder.slug, workspace, None, 'this is randomized folder', '', True) # nopep8
  591. # creation order test
  592. firstly_created = api.create(CONTENT_TYPES.Page.slug, workspace, main_folder, 'creation_order_test', '', True) # nopep8
  593. secondly_created = api.create(CONTENT_TYPES.Page.slug, workspace, main_folder, 'another creation_order_test', '', True) # nopep8
  594. # update order test
  595. firstly_created_but_recently_updated = api.create(CONTENT_TYPES.Page.slug, workspace, main_folder, 'update_order_test', '', True) # nopep8
  596. secondly_created_but_not_updated = api.create(CONTENT_TYPES.Page.slug, workspace, main_folder, 'another update_order_test', '', True) # nopep8
  597. with new_revision(
  598. session=dbsession,
  599. tm=transaction.manager,
  600. content=firstly_created_but_recently_updated,
  601. ):
  602. firstly_created_but_recently_updated.description = 'Just an update'
  603. api.save(firstly_created_but_recently_updated)
  604. # comment change order
  605. firstly_created_but_recently_commented = api.create(CONTENT_TYPES.Page.slug, workspace, main_folder, 'this is randomized label content', '', True) # nopep8
  606. secondly_created_but_not_commented = api.create(CONTENT_TYPES.Page.slug, workspace, main_folder, 'this is another randomized label content', '', True) # nopep8
  607. comments = api.create_comment(workspace, firstly_created_but_recently_commented, 'juste a super comment', True) # nopep8
  608. content_workspace_2 = api.create(CONTENT_TYPES.Page.slug, workspace2,main_folder_workspace2, 'content_workspace_2', '',True) # nopep8
  609. dbsession.flush()
  610. transaction.commit()
  611. self.testapp.authorization = (
  612. 'Basic',
  613. (
  614. 'admin@admin.admin',
  615. 'admin@admin.admin'
  616. )
  617. )
  618. params = {
  619. 'before_content_id': 4000
  620. }
  621. res = self.testapp.get(
  622. '/api/v2/users/1/workspaces/{}/contents/recently_active'.format(workspace.workspace_id), # nopep8
  623. status=400,
  624. params=params
  625. )
  626. class TestUserReadStatusEndpoint(FunctionalTest):
  627. """
  628. Tests for /api/v2/users/{user_id}/workspaces/{workspace_id}/contents/read_status # nopep8
  629. """
  630. def test_api__get_read_status__ok__200__admin(self):
  631. # init DB
  632. dbsession = get_tm_session(self.session_factory, transaction.manager)
  633. admin = dbsession.query(models.User) \
  634. .filter(models.User.email == 'admin@admin.admin') \
  635. .one()
  636. workspace_api = WorkspaceApi(
  637. current_user=admin,
  638. session=dbsession,
  639. config=self.app_config
  640. )
  641. workspace = WorkspaceApi(
  642. current_user=admin,
  643. session=dbsession,
  644. config=self.app_config,
  645. ).create_workspace(
  646. 'test workspace',
  647. save_now=True
  648. )
  649. workspace2 = WorkspaceApi(
  650. current_user=admin,
  651. session=dbsession,
  652. config=self.app_config,
  653. ).create_workspace(
  654. 'test workspace2',
  655. save_now=True
  656. )
  657. uapi = UserApi(
  658. current_user=admin,
  659. session=dbsession,
  660. config=self.app_config,
  661. )
  662. gapi = GroupApi(
  663. current_user=admin,
  664. session=dbsession,
  665. config=self.app_config,
  666. )
  667. groups = [gapi.get_one_with_name('users')]
  668. test_user = uapi.create_user(
  669. email='test@test.test',
  670. password='pass',
  671. name='bob',
  672. groups=groups,
  673. timezone='Europe/Paris',
  674. lang='fr',
  675. do_save=True,
  676. do_notify=False,
  677. )
  678. rapi = RoleApi(
  679. current_user=admin,
  680. session=dbsession,
  681. config=self.app_config,
  682. )
  683. rapi.create_one(test_user, workspace, UserRoleInWorkspace.READER, False)
  684. api = ContentApi(
  685. current_user=admin,
  686. session=dbsession,
  687. config=self.app_config,
  688. )
  689. main_folder_workspace2 = api.create(CONTENT_TYPES.Folder.slug, workspace2, None, 'Hepla', '', True) # nopep8
  690. main_folder = api.create(CONTENT_TYPES.Folder.slug, workspace, None, 'this is randomized folder', '', True) # nopep8
  691. # creation order test
  692. firstly_created = api.create(CONTENT_TYPES.Page.slug, workspace, main_folder, 'creation_order_test', '', True) # nopep8
  693. secondly_created = api.create(CONTENT_TYPES.Page.slug, workspace, main_folder, 'another creation_order_test', '', True) # nopep8
  694. # update order test
  695. firstly_created_but_recently_updated = api.create(CONTENT_TYPES.Page.slug, workspace, main_folder, 'update_order_test', '', True) # nopep8
  696. secondly_created_but_not_updated = api.create(CONTENT_TYPES.Page.slug, workspace, main_folder, 'another update_order_test', '', True) # nopep8
  697. with new_revision(
  698. session=dbsession,
  699. tm=transaction.manager,
  700. content=firstly_created_but_recently_updated,
  701. ):
  702. firstly_created_but_recently_updated.description = 'Just an update'
  703. api.save(firstly_created_but_recently_updated)
  704. # comment change order
  705. firstly_created_but_recently_commented = api.create(CONTENT_TYPES.Page.slug, workspace, main_folder, 'this is randomized label content', '', True) # nopep8
  706. secondly_created_but_not_commented = api.create(CONTENT_TYPES.Page.slug, workspace, main_folder, 'this is another randomized label content', '', True) # nopep8
  707. comments = api.create_comment(workspace, firstly_created_but_recently_commented, 'juste a super comment', True) # nopep8
  708. content_workspace_2 = api.create(CONTENT_TYPES.Page.slug, workspace2,main_folder_workspace2, 'content_workspace_2', '',True) # nopep8
  709. dbsession.flush()
  710. transaction.commit()
  711. self.testapp.authorization = (
  712. 'Basic',
  713. (
  714. 'admin@admin.admin',
  715. 'admin@admin.admin'
  716. )
  717. )
  718. res = self.testapp.get('/api/v2/users/{user_id}/workspaces/{workspace_id}/contents/read_status'.format( # nopep8
  719. user_id=admin.user_id,
  720. workspace_id=workspace.workspace_id
  721. ), status=200)
  722. res = res.json_body
  723. assert len(res) == 7
  724. for elem in res:
  725. assert isinstance(elem['content_id'], int)
  726. assert isinstance(elem['read_by_user'], bool)
  727. # comment is newest than page2
  728. assert res[0]['content_id'] == firstly_created_but_recently_commented.content_id
  729. assert res[1]['content_id'] == secondly_created_but_not_commented.content_id
  730. # last updated content is newer than other one despite creation
  731. # of the other is more recent
  732. assert res[2]['content_id'] == firstly_created_but_recently_updated.content_id
  733. assert res[3]['content_id'] == secondly_created_but_not_updated.content_id
  734. # creation order is inverted here as last created is last active
  735. assert res[4]['content_id'] == secondly_created.content_id
  736. assert res[5]['content_id'] == firstly_created.content_id
  737. # folder subcontent modification does not change folder order
  738. assert res[6]['content_id'] == main_folder.content_id
  739. def test_api__get_read_status__ok__200__user_itself(self):
  740. # init DB
  741. dbsession = get_tm_session(self.session_factory, transaction.manager)
  742. admin = dbsession.query(models.User) \
  743. .filter(models.User.email == 'admin@admin.admin') \
  744. .one()
  745. workspace_api = WorkspaceApi(
  746. current_user=admin,
  747. session=dbsession,
  748. config=self.app_config
  749. )
  750. workspace = WorkspaceApi(
  751. current_user=admin,
  752. session=dbsession,
  753. config=self.app_config,
  754. ).create_workspace(
  755. 'test workspace',
  756. save_now=True
  757. )
  758. workspace2 = WorkspaceApi(
  759. current_user=admin,
  760. session=dbsession,
  761. config=self.app_config,
  762. ).create_workspace(
  763. 'test workspace2',
  764. save_now=True
  765. )
  766. uapi = UserApi(
  767. current_user=admin,
  768. session=dbsession,
  769. config=self.app_config,
  770. )
  771. gapi = GroupApi(
  772. current_user=admin,
  773. session=dbsession,
  774. config=self.app_config,
  775. )
  776. groups = [gapi.get_one_with_name('users')]
  777. test_user = uapi.create_user(
  778. email='test@test.test',
  779. password='pass',
  780. name='bob',
  781. groups=groups,
  782. timezone='Europe/Paris',
  783. lang='fr',
  784. do_save=True,
  785. do_notify=False,
  786. )
  787. rapi = RoleApi(
  788. current_user=admin,
  789. session=dbsession,
  790. config=self.app_config,
  791. )
  792. rapi.create_one(test_user, workspace, UserRoleInWorkspace.READER, False)
  793. api = ContentApi(
  794. current_user=admin,
  795. session=dbsession,
  796. config=self.app_config,
  797. )
  798. main_folder_workspace2 = api.create(CONTENT_TYPES.Folder.slug, workspace2, None, 'Hepla', '', True) # nopep8
  799. main_folder = api.create(CONTENT_TYPES.Folder.slug, workspace, None, 'this is randomized folder', '', True) # nopep8
  800. # creation order test
  801. firstly_created = api.create(CONTENT_TYPES.Page.slug, workspace, main_folder, 'creation_order_test', '', True) # nopep8
  802. secondly_created = api.create(CONTENT_TYPES.Page.slug, workspace, main_folder, 'another creation_order_test', '', True) # nopep8
  803. # update order test
  804. firstly_created_but_recently_updated = api.create(CONTENT_TYPES.Page.slug, workspace, main_folder, 'update_order_test', '', True) # nopep8
  805. secondly_created_but_not_updated = api.create(CONTENT_TYPES.Page.slug, workspace, main_folder, 'another update_order_test', '', True) # nopep8
  806. with new_revision(
  807. session=dbsession,
  808. tm=transaction.manager,
  809. content=firstly_created_but_recently_updated,
  810. ):
  811. firstly_created_but_recently_updated.description = 'Just an update'
  812. api.save(firstly_created_but_recently_updated)
  813. # comment change order
  814. firstly_created_but_recently_commented = api.create(CONTENT_TYPES.Page.slug, workspace, main_folder, 'this is randomized label content', '', True) # nopep8
  815. secondly_created_but_not_commented = api.create(CONTENT_TYPES.Page.slug, workspace, main_folder, 'this is another randomized label content', '', True) # nopep8
  816. comments = api.create_comment(workspace, firstly_created_but_recently_commented, 'juste a super comment', True) # nopep8
  817. content_workspace_2 = api.create(CONTENT_TYPES.Page.slug, workspace2,main_folder_workspace2, 'content_workspace_2', '',True) # nopep8
  818. dbsession.flush()
  819. transaction.commit()
  820. self.testapp.authorization = (
  821. 'Basic',
  822. (
  823. 'test@test.test',
  824. 'pass'
  825. )
  826. )
  827. selected_contents_id = [
  828. firstly_created_but_recently_commented.content_id,
  829. firstly_created_but_recently_updated.content_id,
  830. firstly_created.content_id,
  831. main_folder.content_id,
  832. ]
  833. url = '/api/v2/users/{user_id}/workspaces/{workspace_id}/contents/read_status?contents_ids={cid1}&contents_ids={cid2}&contents_ids={cid3}&contents_ids={cid4}'.format( # nopep8
  834. workspace_id=workspace.workspace_id,
  835. cid1=selected_contents_id[0],
  836. cid2=selected_contents_id[1],
  837. cid3=selected_contents_id[2],
  838. cid4=selected_contents_id[3],
  839. user_id=test_user.user_id,
  840. )
  841. res = self.testapp.get(
  842. url=url,
  843. status=200,
  844. )
  845. res = res.json_body
  846. assert len(res) == 4
  847. for elem in res:
  848. assert isinstance(elem['content_id'], int)
  849. assert isinstance(elem['read_by_user'], bool)
  850. # comment is newest than page2
  851. assert res[0]['content_id'] == firstly_created_but_recently_commented.content_id
  852. # last updated content is newer than other one despite creation
  853. # of the other is more recent
  854. assert res[1]['content_id'] == firstly_created_but_recently_updated.content_id
  855. # creation order is inverted here as last created is last active
  856. assert res[2]['content_id'] == firstly_created.content_id
  857. # folder subcontent modification does not change folder order
  858. assert res[3]['content_id'] == main_folder.content_id
  859. def test_api__get_read_status__ok__200__other_user(self):
  860. # init DB
  861. dbsession = get_tm_session(self.session_factory, transaction.manager)
  862. admin = dbsession.query(models.User) \
  863. .filter(models.User.email == 'admin@admin.admin') \
  864. .one()
  865. workspace_api = WorkspaceApi(
  866. current_user=admin,
  867. session=dbsession,
  868. config=self.app_config
  869. )
  870. workspace = WorkspaceApi(
  871. current_user=admin,
  872. session=dbsession,
  873. config=self.app_config,
  874. ).create_workspace(
  875. 'test workspace',
  876. save_now=True
  877. )
  878. workspace2 = WorkspaceApi(
  879. current_user=admin,
  880. session=dbsession,
  881. config=self.app_config,
  882. ).create_workspace(
  883. 'test workspace2',
  884. save_now=True
  885. )
  886. uapi = UserApi(
  887. current_user=admin,
  888. session=dbsession,
  889. config=self.app_config,
  890. )
  891. gapi = GroupApi(
  892. current_user=admin,
  893. session=dbsession,
  894. config=self.app_config,
  895. )
  896. groups = [gapi.get_one_with_name('users')]
  897. test_user = uapi.create_user(
  898. email='test@test.test',
  899. password='pass',
  900. name='bob',
  901. groups=groups,
  902. timezone='Europe/Paris',
  903. lang='fr',
  904. do_save=True,
  905. do_notify=False,
  906. )
  907. rapi = RoleApi(
  908. current_user=admin,
  909. session=dbsession,
  910. config=self.app_config,
  911. )
  912. rapi.create_one(test_user, workspace, UserRoleInWorkspace.READER, False)
  913. api = ContentApi(
  914. current_user=admin,
  915. session=dbsession,
  916. config=self.app_config,
  917. )
  918. main_folder_workspace2 = api.create(CONTENT_TYPES.Folder.slug, workspace2, None, 'Hepla', '', True) # nopep8
  919. main_folder = api.create(CONTENT_TYPES.Folder.slug, workspace, None, 'this is randomized folder', '', True) # nopep8
  920. # creation order test
  921. firstly_created = api.create(CONTENT_TYPES.Page.slug, workspace, main_folder, 'creation_order_test', '', True) # nopep8
  922. secondly_created = api.create(CONTENT_TYPES.Page.slug, workspace, main_folder, 'another creation_order_test', '', True) # nopep8
  923. # update order test
  924. firstly_created_but_recently_updated = api.create(CONTENT_TYPES.Page.slug, workspace, main_folder, 'update_order_test', '', True) # nopep8
  925. secondly_created_but_not_updated = api.create(CONTENT_TYPES.Page.slug, workspace, main_folder, 'another update_order_test', '', True) # nopep8
  926. with new_revision(
  927. session=dbsession,
  928. tm=transaction.manager,
  929. content=firstly_created_but_recently_updated,
  930. ):
  931. firstly_created_but_recently_updated.description = 'Just an update'
  932. api.save(firstly_created_but_recently_updated)
  933. # comment change order
  934. firstly_created_but_recently_commented = api.create(CONTENT_TYPES.Page.slug, workspace, main_folder, 'this is randomized label content', '', True) # nopep8
  935. secondly_created_but_not_commented = api.create(CONTENT_TYPES.Page.slug, workspace, main_folder, 'this is another randomized label content', '', True) # nopep8
  936. comments = api.create_comment(workspace, firstly_created_but_recently_commented, 'juste a super comment', True) # nopep8
  937. content_workspace_2 = api.create(CONTENT_TYPES.Page.slug, workspace2,main_folder_workspace2, 'content_workspace_2', '',True) # nopep8
  938. dbsession.flush()
  939. transaction.commit()
  940. self.testapp.authorization = (
  941. 'Basic',
  942. (
  943. 'test@test.test',
  944. 'pass'
  945. )
  946. )
  947. selected_contents_id = [
  948. firstly_created_but_recently_commented.content_id,
  949. firstly_created_but_recently_updated.content_id,
  950. firstly_created.content_id,
  951. main_folder.content_id,
  952. ]
  953. url = '/api/v2/users/{user_id}/workspaces/{workspace_id}/contents/read_status?contents_ids={cid1}&contents_ids={cid2}&contents_ids={cid3}&contents_ids={cid4}'.format( # nopep8
  954. workspace_id=workspace.workspace_id,
  955. cid1=selected_contents_id[0],
  956. cid2=selected_contents_id[1],
  957. cid3=selected_contents_id[2],
  958. cid4=selected_contents_id[3],
  959. user_id=admin.user_id,
  960. )
  961. res = self.testapp.get(
  962. url=url,
  963. status=403,
  964. )
  965. class TestUserSetContentAsRead(FunctionalTest):
  966. """
  967. Tests for /api/v2/users/{user_id}/workspaces/{workspace_id}/contents/{content_id}/read # nopep8
  968. """
  969. def test_api_set_content_as_read__ok__200__admin(self):
  970. # init DB
  971. dbsession = get_tm_session(self.session_factory, transaction.manager)
  972. admin = dbsession.query(models.User) \
  973. .filter(models.User.email == 'admin@admin.admin') \
  974. .one()
  975. workspace_api = WorkspaceApi(
  976. current_user=admin,
  977. session=dbsession,
  978. config=self.app_config
  979. )
  980. workspace = WorkspaceApi(
  981. current_user=admin,
  982. session=dbsession,
  983. config=self.app_config,
  984. ).create_workspace(
  985. 'test workspace',
  986. save_now=True
  987. )
  988. uapi = UserApi(
  989. current_user=admin,
  990. session=dbsession,
  991. config=self.app_config,
  992. )
  993. gapi = GroupApi(
  994. current_user=admin,
  995. session=dbsession,
  996. config=self.app_config,
  997. )
  998. groups = [gapi.get_one_with_name('users')]
  999. test_user = uapi.create_user(
  1000. email='test@test.test',
  1001. password='pass',
  1002. name='bob',
  1003. groups=groups,
  1004. timezone='Europe/Paris',
  1005. do_save=True,
  1006. do_notify=False,
  1007. )
  1008. rapi = RoleApi(
  1009. current_user=admin,
  1010. session=dbsession,
  1011. config=self.app_config,
  1012. )
  1013. rapi.create_one(test_user, workspace, UserRoleInWorkspace.READER, False)
  1014. api = ContentApi(
  1015. current_user=admin,
  1016. session=dbsession,
  1017. config=self.app_config,
  1018. )
  1019. api2 = ContentApi(
  1020. current_user=test_user,
  1021. session=dbsession,
  1022. config=self.app_config,
  1023. )
  1024. main_folder = api.create(CONTENT_TYPES.Folder.slug, workspace, None, 'this is randomized folder', '', True) # nopep8
  1025. # creation order test
  1026. firstly_created = api.create(CONTENT_TYPES.Page.slug, workspace, main_folder, 'creation_order_test', '', True) # nopep8
  1027. api.mark_unread(firstly_created)
  1028. api2.mark_unread(firstly_created)
  1029. dbsession.flush()
  1030. transaction.commit()
  1031. self.testapp.authorization = (
  1032. 'Basic',
  1033. (
  1034. 'admin@admin.admin',
  1035. 'admin@admin.admin'
  1036. )
  1037. )
  1038. # before
  1039. res = self.testapp.get('/api/v2/users/{user_id}/workspaces/{workspace_id}/contents/read_status'.format( # nopep8
  1040. user_id=test_user.user_id,
  1041. workspace_id=workspace.workspace_id
  1042. ), status=200)
  1043. assert res.json_body[0]['content_id'] == firstly_created.content_id
  1044. assert res.json_body[0]['read_by_user'] is False
  1045. res = self.testapp.get('/api/v2/users/{user_id}/workspaces/{workspace_id}/contents/read_status'.format( # nopep8
  1046. user_id=admin.user_id,
  1047. workspace_id=workspace.workspace_id
  1048. ), status=200)
  1049. assert res.json_body[0]['content_id'] == firstly_created.content_id
  1050. assert res.json_body[0]['read_by_user'] is False
  1051. # read
  1052. self.testapp.put(
  1053. '/api/v2/users/{user_id}/workspaces/{workspace_id}/contents/{content_id}/read'.format( # nopep8
  1054. workspace_id=workspace.workspace_id,
  1055. content_id=firstly_created.content_id,
  1056. user_id=test_user.user_id,
  1057. )
  1058. )
  1059. # after
  1060. res = self.testapp.get('/api/v2/users/{user_id}/workspaces/{workspace_id}/contents/read_status'.format( # nopep8
  1061. user_id=test_user.user_id,
  1062. workspace_id=workspace.workspace_id
  1063. ), status=200) # nopep8
  1064. assert res.json_body[0]['content_id'] == firstly_created.content_id
  1065. assert res.json_body[0]['read_by_user'] is True
  1066. res = self.testapp.get('/api/v2/users/{user_id}/workspaces/{workspace_id}/contents/read_status'.format( # nopep8
  1067. user_id=admin.user_id,
  1068. workspace_id=workspace.workspace_id
  1069. ), status=200) # nopep8
  1070. assert res.json_body[0]['content_id'] == firstly_created.content_id
  1071. assert res.json_body[0]['read_by_user'] is False
  1072. def test_api_set_content_as_read__ok__200__admin_workspace_do_not_exist(self):
  1073. # init DB
  1074. dbsession = get_tm_session(self.session_factory, transaction.manager)
  1075. admin = dbsession.query(models.User) \
  1076. .filter(models.User.email == 'admin@admin.admin') \
  1077. .one()
  1078. workspace_api = WorkspaceApi(
  1079. current_user=admin,
  1080. session=dbsession,
  1081. config=self.app_config
  1082. )
  1083. workspace = WorkspaceApi(
  1084. current_user=admin,
  1085. session=dbsession,
  1086. config=self.app_config,
  1087. ).create_workspace(
  1088. 'test workspace',
  1089. save_now=True
  1090. )
  1091. uapi = UserApi(
  1092. current_user=admin,
  1093. session=dbsession,
  1094. config=self.app_config,
  1095. )
  1096. gapi = GroupApi(
  1097. current_user=admin,
  1098. session=dbsession,
  1099. config=self.app_config,
  1100. )
  1101. groups = [gapi.get_one_with_name('users')]
  1102. test_user = uapi.create_user(
  1103. email='test@test.test',
  1104. password='pass',
  1105. name='bob',
  1106. groups=groups,
  1107. timezone='Europe/Paris',
  1108. lang='fr',
  1109. do_save=True,
  1110. do_notify=False,
  1111. )
  1112. rapi = RoleApi(
  1113. current_user=admin,
  1114. session=dbsession,
  1115. config=self.app_config,
  1116. )
  1117. rapi.create_one(test_user, workspace, UserRoleInWorkspace.READER, False)
  1118. api = ContentApi(
  1119. current_user=admin,
  1120. session=dbsession,
  1121. config=self.app_config,
  1122. )
  1123. api2 = ContentApi(
  1124. current_user=test_user,
  1125. session=dbsession,
  1126. config=self.app_config,
  1127. )
  1128. main_folder = api.create(CONTENT_TYPES.Folder.slug, workspace, None, 'this is randomized folder', '', True) # nopep8
  1129. # creation order test
  1130. firstly_created = api.create(CONTENT_TYPES.Page.slug, workspace, main_folder, 'creation_order_test', '', True) # nopep8
  1131. api.mark_unread(firstly_created)
  1132. api2.mark_unread(firstly_created)
  1133. dbsession.flush()
  1134. transaction.commit()
  1135. self.testapp.authorization = (
  1136. 'Basic',
  1137. (
  1138. 'admin@admin.admin',
  1139. 'admin@admin.admin'
  1140. )
  1141. )
  1142. # read
  1143. self.testapp.put(
  1144. '/api/v2/users/{user_id}/workspaces/{workspace_id}/contents/{content_id}/read'.format( # nopep8
  1145. workspace_id=4000,
  1146. content_id=firstly_created.content_id,
  1147. user_id=test_user.user_id,
  1148. ),
  1149. status=400,
  1150. )
  1151. def test_api_set_content_as_read__ok__200__admin_content_do_not_exist(self):
  1152. # init DB
  1153. dbsession = get_tm_session(self.session_factory, transaction.manager)
  1154. admin = dbsession.query(models.User) \
  1155. .filter(models.User.email == 'admin@admin.admin') \
  1156. .one()
  1157. workspace_api = WorkspaceApi(
  1158. current_user=admin,
  1159. session=dbsession,
  1160. config=self.app_config
  1161. )
  1162. workspace = WorkspaceApi(
  1163. current_user=admin,
  1164. session=dbsession,
  1165. config=self.app_config,
  1166. ).create_workspace(
  1167. 'test workspace',
  1168. save_now=True
  1169. )
  1170. uapi = UserApi(
  1171. current_user=admin,
  1172. session=dbsession,
  1173. config=self.app_config,
  1174. )
  1175. gapi = GroupApi(
  1176. current_user=admin,
  1177. session=dbsession,
  1178. config=self.app_config,
  1179. )
  1180. groups = [gapi.get_one_with_name('users')]
  1181. test_user = uapi.create_user(
  1182. email='test@test.test',
  1183. password='pass',
  1184. name='bob',
  1185. groups=groups,
  1186. timezone='Europe/Paris',
  1187. lang='fr',
  1188. do_save=True,
  1189. do_notify=False,
  1190. )
  1191. rapi = RoleApi(
  1192. current_user=admin,
  1193. session=dbsession,
  1194. config=self.app_config,
  1195. )
  1196. rapi.create_one(test_user, workspace, UserRoleInWorkspace.READER, False)
  1197. api = ContentApi(
  1198. current_user=admin,
  1199. session=dbsession,
  1200. config=self.app_config,
  1201. )
  1202. api2 = ContentApi(
  1203. current_user=test_user,
  1204. session=dbsession,
  1205. config=self.app_config,
  1206. )
  1207. main_folder = api.create(CONTENT_TYPES.Folder.slug, workspace, None, 'this is randomized folder', '', True) # nopep8
  1208. # creation order test
  1209. firstly_created = api.create(CONTENT_TYPES.Page.slug, workspace, main_folder, 'creation_order_test', '', True) # nopep8
  1210. api.mark_unread(firstly_created)
  1211. api2.mark_unread(firstly_created)
  1212. dbsession.flush()
  1213. transaction.commit()
  1214. self.testapp.authorization = (
  1215. 'Basic',
  1216. (
  1217. 'admin@admin.admin',
  1218. 'admin@admin.admin'
  1219. )
  1220. )
  1221. # read
  1222. self.testapp.put(
  1223. '/api/v2/users/{user_id}/workspaces/{workspace_id}/contents/{content_id}/read'.format( # nopep8
  1224. workspace_id=workspace.workspace_id,
  1225. content_id=4000,
  1226. user_id=test_user.user_id,
  1227. ),
  1228. status=400,
  1229. )
  1230. def test_api_set_content_as_read__ok__200__user_itself(self):
  1231. # init DB
  1232. dbsession = get_tm_session(self.session_factory, transaction.manager)
  1233. admin = dbsession.query(models.User) \
  1234. .filter(models.User.email == 'admin@admin.admin') \
  1235. .one()
  1236. workspace_api = WorkspaceApi(
  1237. current_user=admin,
  1238. session=dbsession,
  1239. config=self.app_config
  1240. )
  1241. workspace = WorkspaceApi(
  1242. current_user=admin,
  1243. session=dbsession,
  1244. config=self.app_config,
  1245. ).create_workspace(
  1246. 'test workspace',
  1247. save_now=True
  1248. )
  1249. uapi = UserApi(
  1250. current_user=admin,
  1251. session=dbsession,
  1252. config=self.app_config,
  1253. )
  1254. gapi = GroupApi(
  1255. current_user=admin,
  1256. session=dbsession,
  1257. config=self.app_config,
  1258. )
  1259. groups = [gapi.get_one_with_name('users')]
  1260. test_user = uapi.create_user(
  1261. email='test@test.test',
  1262. password='pass',
  1263. name='bob',
  1264. groups=groups,
  1265. timezone='Europe/Paris',
  1266. lang='fr',
  1267. do_save=True,
  1268. do_notify=False,
  1269. )
  1270. rapi = RoleApi(
  1271. current_user=admin,
  1272. session=dbsession,
  1273. config=self.app_config,
  1274. )
  1275. rapi.create_one(test_user, workspace, UserRoleInWorkspace.READER, False)
  1276. api = ContentApi(
  1277. current_user=admin,
  1278. session=dbsession,
  1279. config=self.app_config,
  1280. )
  1281. api2 = ContentApi(
  1282. current_user=test_user,
  1283. session=dbsession,
  1284. config=self.app_config,
  1285. )
  1286. main_folder = api.create(CONTENT_TYPES.Folder.slug, workspace, None, 'this is randomized folder', '', True) # nopep8
  1287. # creation order test
  1288. firstly_created = api.create(CONTENT_TYPES.Page.slug, workspace, main_folder, 'creation_order_test', '', True) # nopep8
  1289. api.mark_unread(firstly_created)
  1290. api2.mark_unread(firstly_created)
  1291. dbsession.flush()
  1292. transaction.commit()
  1293. self.testapp.authorization = (
  1294. 'Basic',
  1295. (
  1296. 'test@test.test',
  1297. 'pass'
  1298. )
  1299. )
  1300. # before
  1301. res = self.testapp.get('/api/v2/users/{user_id}/workspaces/{workspace_id}/contents/read_status'.format( # nopep8
  1302. user_id=test_user.user_id,
  1303. workspace_id=workspace.workspace_id
  1304. ),
  1305. status=200
  1306. )
  1307. assert res.json_body[0]['content_id'] == firstly_created.content_id
  1308. assert res.json_body[0]['read_by_user'] is False
  1309. # read
  1310. self.testapp.put(
  1311. '/api/v2/users/{user_id}/workspaces/{workspace_id}/contents/{content_id}/read'.format( # nopep8
  1312. workspace_id=workspace.workspace_id,
  1313. content_id=firstly_created.content_id,
  1314. user_id=test_user.user_id,
  1315. )
  1316. )
  1317. # after
  1318. res = self.testapp.get('/api/v2/users/{user_id}/workspaces/{workspace_id}/contents/read_status'.format( # nopep8
  1319. user_id=test_user.user_id,
  1320. workspace_id=workspace.workspace_id
  1321. ),
  1322. status=200
  1323. )
  1324. assert res.json_body[0]['content_id'] == firstly_created.content_id
  1325. assert res.json_body[0]['read_by_user'] is True
  1326. def test_api_set_content_as_read__ok__403__other_user(self):
  1327. # init DB
  1328. dbsession = get_tm_session(self.session_factory, transaction.manager)
  1329. admin = dbsession.query(models.User) \
  1330. .filter(models.User.email == 'admin@admin.admin') \
  1331. .one()
  1332. workspace_api = WorkspaceApi(
  1333. current_user=admin,
  1334. session=dbsession,
  1335. config=self.app_config
  1336. )
  1337. workspace = WorkspaceApi(
  1338. current_user=admin,
  1339. session=dbsession,
  1340. config=self.app_config,
  1341. ).create_workspace(
  1342. 'test workspace',
  1343. save_now=True
  1344. )
  1345. uapi = UserApi(
  1346. current_user=admin,
  1347. session=dbsession,
  1348. config=self.app_config,
  1349. )
  1350. gapi = GroupApi(
  1351. current_user=admin,
  1352. session=dbsession,
  1353. config=self.app_config,
  1354. )
  1355. groups = [gapi.get_one_with_name('users')]
  1356. test_user = uapi.create_user(
  1357. email='test@test.test',
  1358. password='pass',
  1359. name='bob',
  1360. groups=groups,
  1361. timezone='Europe/Paris',
  1362. lang='fr',
  1363. do_save=True,
  1364. do_notify=False,
  1365. )
  1366. rapi = RoleApi(
  1367. current_user=admin,
  1368. session=dbsession,
  1369. config=self.app_config,
  1370. )
  1371. rapi.create_one(test_user, workspace, UserRoleInWorkspace.READER, False)
  1372. api = ContentApi(
  1373. current_user=admin,
  1374. session=dbsession,
  1375. config=self.app_config,
  1376. )
  1377. api2 = ContentApi(
  1378. current_user=test_user,
  1379. session=dbsession,
  1380. config=self.app_config,
  1381. )
  1382. main_folder = api.create(CONTENT_TYPES.Folder.slug, workspace, None, 'this is randomized folder', '', True) # nopep8
  1383. # creation order test
  1384. firstly_created = api.create(CONTENT_TYPES.Page.slug, workspace, main_folder, 'creation_order_test', '', True) # nopep8
  1385. api.mark_unread(firstly_created)
  1386. api2.mark_unread(firstly_created)
  1387. dbsession.flush()
  1388. transaction.commit()
  1389. self.testapp.authorization = (
  1390. 'Basic',
  1391. (
  1392. 'test@test.test',
  1393. 'pass'
  1394. )
  1395. )
  1396. # read
  1397. self.testapp.put(
  1398. '/api/v2/users/{user_id}/workspaces/{workspace_id}/contents/{content_id}/read'.format( # nopep8
  1399. workspace_id=workspace.workspace_id,
  1400. content_id=firstly_created.content_id,
  1401. user_id=admin.user_id,
  1402. ),
  1403. status=403,
  1404. )
  1405. def test_api_set_content_as_read__ok__200__admin_with_comments(self):
  1406. # init DB
  1407. dbsession = get_tm_session(self.session_factory, transaction.manager)
  1408. admin = dbsession.query(models.User) \
  1409. .filter(models.User.email == 'admin@admin.admin') \
  1410. .one()
  1411. workspace_api = WorkspaceApi(
  1412. current_user=admin,
  1413. session=dbsession,
  1414. config=self.app_config
  1415. )
  1416. workspace = WorkspaceApi(
  1417. current_user=admin,
  1418. session=dbsession,
  1419. config=self.app_config,
  1420. ).create_workspace(
  1421. 'test workspace',
  1422. save_now=True
  1423. )
  1424. uapi = UserApi(
  1425. current_user=admin,
  1426. session=dbsession,
  1427. config=self.app_config,
  1428. )
  1429. gapi = GroupApi(
  1430. current_user=admin,
  1431. session=dbsession,
  1432. config=self.app_config,
  1433. )
  1434. groups = [gapi.get_one_with_name('users')]
  1435. test_user = uapi.create_user(
  1436. email='test@test.test',
  1437. password='pass',
  1438. name='bob',
  1439. groups=groups,
  1440. timezone='Europe/Paris',
  1441. lang='fr',
  1442. do_save=True,
  1443. do_notify=False,
  1444. )
  1445. rapi = RoleApi(
  1446. current_user=admin,
  1447. session=dbsession,
  1448. config=self.app_config,
  1449. )
  1450. rapi.create_one(test_user, workspace, UserRoleInWorkspace.READER, False)
  1451. api = ContentApi(
  1452. current_user=admin,
  1453. session=dbsession,
  1454. config=self.app_config,
  1455. )
  1456. api2 = ContentApi(
  1457. current_user=test_user,
  1458. session=dbsession,
  1459. config=self.app_config,
  1460. )
  1461. main_folder = api.create(CONTENT_TYPES.Folder.slug, workspace, None, 'this is randomized folder', '', True) # nopep8
  1462. # creation order test
  1463. firstly_created = api.create(CONTENT_TYPES.Page.slug, workspace, main_folder, 'creation_order_test', '', True) # nopep8
  1464. comments = api.create_comment(workspace, firstly_created, 'juste a super comment', True) # nopep8
  1465. api.mark_unread(firstly_created)
  1466. api.mark_unread(comments)
  1467. dbsession.flush()
  1468. transaction.commit()
  1469. self.testapp.authorization = (
  1470. 'Basic',
  1471. (
  1472. 'admin@admin.admin',
  1473. 'admin@admin.admin'
  1474. )
  1475. )
  1476. # before
  1477. res = self.testapp.get('/api/v2/users/{user_id}/workspaces/{workspace_id}/contents/read_status'.format( # nopep8
  1478. user_id=test_user.user_id,
  1479. workspace_id=workspace.workspace_id
  1480. ), status=200) # nopep8
  1481. assert res.json_body[0]['content_id'] == firstly_created.content_id
  1482. assert res.json_body[0]['read_by_user'] is False
  1483. res = self.testapp.get('/api/v2/users/{user_id}/workspaces/{workspace_id}/contents/read_status'.format( # nopep8
  1484. user_id=admin.user_id,
  1485. workspace_id=workspace.workspace_id
  1486. ), status=200) # nopep8
  1487. assert res.json_body[0]['content_id'] == firstly_created.content_id
  1488. assert res.json_body[0]['read_by_user'] is False
  1489. self.testapp.put(
  1490. '/api/v2/users/{user_id}/workspaces/{workspace_id}/contents/{content_id}/read'.format( # nopep8
  1491. workspace_id=workspace.workspace_id,
  1492. content_id=firstly_created.content_id,
  1493. user_id=test_user.user_id,
  1494. )
  1495. )
  1496. # after
  1497. res = self.testapp.get('/api/v2/users/{user_id}/workspaces/{workspace_id}/contents/read_status'.format( # nopep8
  1498. user_id=test_user.user_id,
  1499. workspace_id=workspace.workspace_id
  1500. ), status=200) # nopep8
  1501. assert res.json_body[0]['content_id'] == firstly_created.content_id
  1502. assert res.json_body[0]['read_by_user'] is True
  1503. # comment is also set as read
  1504. assert comments.has_new_information_for(test_user) is False
  1505. res = self.testapp.get('/api/v2/users/{user_id}/workspaces/{workspace_id}/contents/read_status'.format( # nopep8
  1506. user_id=admin.user_id,
  1507. workspace_id=workspace.workspace_id
  1508. ), status=200) # nopep8
  1509. assert res.json_body[0]['content_id'] == firstly_created.content_id
  1510. assert res.json_body[0]['read_by_user'] is False
  1511. # comment is also set as read
  1512. assert comments.has_new_information_for(admin) is True
  1513. class TestUserSetContentAsUnread(FunctionalTest):
  1514. """
  1515. Tests for /api/v2/users/{user_id}/workspaces/{workspace_id}/contents/{content_id}/unread # nopep8
  1516. """
  1517. def test_api_set_content_as_unread__ok__200__admin(self):
  1518. # init DB
  1519. dbsession = get_tm_session(self.session_factory, transaction.manager)
  1520. admin = dbsession.query(models.User) \
  1521. .filter(models.User.email == 'admin@admin.admin') \
  1522. .one()
  1523. workspace_api = WorkspaceApi(
  1524. current_user=admin,
  1525. session=dbsession,
  1526. config=self.app_config
  1527. )
  1528. workspace = WorkspaceApi(
  1529. current_user=admin,
  1530. session=dbsession,
  1531. config=self.app_config,
  1532. ).create_workspace(
  1533. 'test workspace',
  1534. save_now=True
  1535. )
  1536. uapi = UserApi(
  1537. current_user=admin,
  1538. session=dbsession,
  1539. config=self.app_config,
  1540. )
  1541. gapi = GroupApi(
  1542. current_user=admin,
  1543. session=dbsession,
  1544. config=self.app_config,
  1545. )
  1546. groups = [gapi.get_one_with_name('users')]
  1547. test_user = uapi.create_user(
  1548. email='test@test.test',
  1549. password='pass',
  1550. name='bob',
  1551. groups=groups,
  1552. timezone='Europe/Paris',
  1553. lang='fr',
  1554. do_save=True,
  1555. do_notify=False,
  1556. )
  1557. rapi = RoleApi(
  1558. current_user=admin,
  1559. session=dbsession,
  1560. config=self.app_config,
  1561. )
  1562. rapi.create_one(test_user, workspace, UserRoleInWorkspace.READER, False)
  1563. api = ContentApi(
  1564. current_user=admin,
  1565. session=dbsession,
  1566. config=self.app_config,
  1567. )
  1568. api2 = ContentApi(
  1569. current_user=test_user,
  1570. session=dbsession,
  1571. config=self.app_config,
  1572. )
  1573. main_folder = api.create(CONTENT_TYPES.Folder.slug, workspace, None, 'this is randomized folder', '', True) # nopep8
  1574. # creation order test
  1575. firstly_created = api.create(CONTENT_TYPES.Page.slug, workspace, main_folder, 'creation_order_test', '', True) # nopep8
  1576. api.mark_read(firstly_created)
  1577. api2.mark_read(firstly_created)
  1578. dbsession.flush()
  1579. transaction.commit()
  1580. self.testapp.authorization = (
  1581. 'Basic',
  1582. (
  1583. 'admin@admin.admin',
  1584. 'admin@admin.admin'
  1585. )
  1586. )
  1587. # before
  1588. res = self.testapp.get('/api/v2/users/{user_id}/workspaces/{workspace_id}/contents/read_status'.format( # nopep8
  1589. user_id=test_user.user_id,
  1590. workspace_id=workspace.workspace_id
  1591. ), status=200)
  1592. assert res.json_body[0]['content_id'] == firstly_created.content_id
  1593. assert res.json_body[0]['read_by_user'] is True
  1594. res = self.testapp.get('/api/v2/users/{user_id}/workspaces/{workspace_id}/contents/read_status'.format( # nopep8
  1595. user_id=admin.user_id,
  1596. workspace_id=workspace.workspace_id
  1597. ), status=200)
  1598. assert res.json_body[0]['content_id'] == firstly_created.content_id
  1599. assert res.json_body[0]['read_by_user'] is True
  1600. # unread
  1601. self.testapp.put(
  1602. '/api/v2/users/{user_id}/workspaces/{workspace_id}/contents/{content_id}/unread'.format( # nopep8
  1603. workspace_id=workspace.workspace_id,
  1604. content_id=firstly_created.content_id,
  1605. user_id=test_user.user_id,
  1606. )
  1607. )
  1608. # after
  1609. res = self.testapp.get('/api/v2/users/{user_id}/workspaces/{workspace_id}/contents/read_status'.format( # nopep8
  1610. user_id=test_user.user_id,
  1611. workspace_id=workspace.workspace_id
  1612. ), status=200)
  1613. assert res.json_body[0]['content_id'] == firstly_created.content_id
  1614. assert res.json_body[0]['read_by_user'] is False
  1615. res = self.testapp.get('/api/v2/users/{user_id}/workspaces/{workspace_id}/contents/read_status'.format( # nopep8
  1616. user_id=admin.user_id,
  1617. workspace_id=workspace.workspace_id
  1618. ), status=200)
  1619. assert res.json_body[0]['content_id'] == firstly_created.content_id
  1620. assert res.json_body[0]['read_by_user'] is True
  1621. def test_api_set_content_as_unread__err__400__admin_workspace_do_not_exist(self):
  1622. # init DB
  1623. dbsession = get_tm_session(self.session_factory, transaction.manager)
  1624. admin = dbsession.query(models.User) \
  1625. .filter(models.User.email == 'admin@admin.admin') \
  1626. .one()
  1627. workspace_api = WorkspaceApi(
  1628. current_user=admin,
  1629. session=dbsession,
  1630. config=self.app_config
  1631. )
  1632. workspace = WorkspaceApi(
  1633. current_user=admin,
  1634. session=dbsession,
  1635. config=self.app_config,
  1636. ).create_workspace(
  1637. 'test workspace',
  1638. save_now=True
  1639. )
  1640. uapi = UserApi(
  1641. current_user=admin,
  1642. session=dbsession,
  1643. config=self.app_config,
  1644. )
  1645. gapi = GroupApi(
  1646. current_user=admin,
  1647. session=dbsession,
  1648. config=self.app_config,
  1649. )
  1650. groups = [gapi.get_one_with_name('users')]
  1651. test_user = uapi.create_user(
  1652. email='test@test.test',
  1653. password='pass',
  1654. name='bob',
  1655. groups=groups,
  1656. timezone='Europe/Paris',
  1657. lang='fr',
  1658. do_save=True,
  1659. do_notify=False,
  1660. )
  1661. rapi = RoleApi(
  1662. current_user=admin,
  1663. session=dbsession,
  1664. config=self.app_config,
  1665. )
  1666. rapi.create_one(test_user, workspace, UserRoleInWorkspace.READER, False)
  1667. api = ContentApi(
  1668. current_user=admin,
  1669. session=dbsession,
  1670. config=self.app_config,
  1671. )
  1672. api2 = ContentApi(
  1673. current_user=test_user,
  1674. session=dbsession,
  1675. config=self.app_config,
  1676. )
  1677. main_folder = api.create(CONTENT_TYPES.Folder.slug, workspace, None, 'this is randomized folder', '', True) # nopep8
  1678. # creation order test
  1679. firstly_created = api.create(CONTENT_TYPES.Page.slug, workspace, main_folder, 'creation_order_test', '', True) # nopep8
  1680. api.mark_read(firstly_created)
  1681. api2.mark_read(firstly_created)
  1682. dbsession.flush()
  1683. transaction.commit()
  1684. self.testapp.authorization = (
  1685. 'Basic',
  1686. (
  1687. 'admin@admin.admin',
  1688. 'admin@admin.admin'
  1689. )
  1690. )
  1691. # unread
  1692. self.testapp.put(
  1693. '/api/v2/users/{user_id}/workspaces/{workspace_id}/contents/{content_id}/unread'.format( # nopep8
  1694. workspace_id=4000,
  1695. content_id=firstly_created.content_id,
  1696. user_id=test_user.user_id,
  1697. ),
  1698. status=400,
  1699. )
  1700. def test_api_set_content_as_unread__err__400__admin_content_do_not_exist(self):
  1701. # init DB
  1702. dbsession = get_tm_session(self.session_factory, transaction.manager)
  1703. admin = dbsession.query(models.User) \
  1704. .filter(models.User.email == 'admin@admin.admin') \
  1705. .one()
  1706. workspace_api = WorkspaceApi(
  1707. current_user=admin,
  1708. session=dbsession,
  1709. config=self.app_config
  1710. )
  1711. workspace = WorkspaceApi(
  1712. current_user=admin,
  1713. session=dbsession,
  1714. config=self.app_config,
  1715. ).create_workspace(
  1716. 'test workspace',
  1717. save_now=True
  1718. )
  1719. uapi = UserApi(
  1720. current_user=admin,
  1721. session=dbsession,
  1722. config=self.app_config,
  1723. )
  1724. gapi = GroupApi(
  1725. current_user=admin,
  1726. session=dbsession,
  1727. config=self.app_config,
  1728. )
  1729. groups = [gapi.get_one_with_name('users')]
  1730. test_user = uapi.create_user(
  1731. email='test@test.test',
  1732. password='pass',
  1733. name='bob',
  1734. groups=groups,
  1735. timezone='Europe/Paris',
  1736. lang='fr',
  1737. do_save=True,
  1738. do_notify=False,
  1739. )
  1740. rapi = RoleApi(
  1741. current_user=admin,
  1742. session=dbsession,
  1743. config=self.app_config,
  1744. )
  1745. rapi.create_one(test_user, workspace, UserRoleInWorkspace.READER, False)
  1746. api = ContentApi(
  1747. current_user=admin,
  1748. session=dbsession,
  1749. config=self.app_config,
  1750. )
  1751. api2 = ContentApi(
  1752. current_user=test_user,
  1753. session=dbsession,
  1754. config=self.app_config,
  1755. )
  1756. main_folder = api.create(CONTENT_TYPES.Folder.slug, workspace, None, 'this is randomized folder', '', True) # nopep8
  1757. # creation order test
  1758. firstly_created = api.create(CONTENT_TYPES.Page.slug, workspace, main_folder, 'creation_order_test', '', True) # nopep8
  1759. api.mark_read(firstly_created)
  1760. api2.mark_read(firstly_created)
  1761. dbsession.flush()
  1762. transaction.commit()
  1763. self.testapp.authorization = (
  1764. 'Basic',
  1765. (
  1766. 'admin@admin.admin',
  1767. 'admin@admin.admin'
  1768. )
  1769. )
  1770. # unread
  1771. self.testapp.put(
  1772. '/api/v2/users/{user_id}/workspaces/{workspace_id}/contents/{content_id}/unread'.format( # nopep8
  1773. workspace_id=workspace.workspace_id,
  1774. content_id=4000,
  1775. user_id=test_user.user_id,
  1776. ),
  1777. status=400,
  1778. )
  1779. def test_api_set_content_as_unread__ok__200__user_itself(self):
  1780. # init DB
  1781. dbsession = get_tm_session(self.session_factory, transaction.manager)
  1782. admin = dbsession.query(models.User) \
  1783. .filter(models.User.email == 'admin@admin.admin') \
  1784. .one()
  1785. workspace_api = WorkspaceApi(
  1786. current_user=admin,
  1787. session=dbsession,
  1788. config=self.app_config
  1789. )
  1790. workspace = WorkspaceApi(
  1791. current_user=admin,
  1792. session=dbsession,
  1793. config=self.app_config,
  1794. ).create_workspace(
  1795. 'test workspace',
  1796. save_now=True
  1797. )
  1798. uapi = UserApi(
  1799. current_user=admin,
  1800. session=dbsession,
  1801. config=self.app_config,
  1802. )
  1803. gapi = GroupApi(
  1804. current_user=admin,
  1805. session=dbsession,
  1806. config=self.app_config,
  1807. )
  1808. groups = [gapi.get_one_with_name('users')]
  1809. test_user = uapi.create_user(
  1810. email='test@test.test',
  1811. password='pass',
  1812. name='bob',
  1813. groups=groups,
  1814. timezone='Europe/Paris',
  1815. lang='fr',
  1816. do_save=True,
  1817. do_notify=False,
  1818. )
  1819. rapi = RoleApi(
  1820. current_user=admin,
  1821. session=dbsession,
  1822. config=self.app_config,
  1823. )
  1824. rapi.create_one(test_user, workspace, UserRoleInWorkspace.READER, False)
  1825. api = ContentApi(
  1826. current_user=admin,
  1827. session=dbsession,
  1828. config=self.app_config,
  1829. )
  1830. api2 = ContentApi(
  1831. current_user=test_user,
  1832. session=dbsession,
  1833. config=self.app_config,
  1834. )
  1835. main_folder = api.create(CONTENT_TYPES.Folder.slug, workspace, None, 'this is randomized folder', '', True) # nopep8
  1836. # creation order test
  1837. firstly_created = api.create(CONTENT_TYPES.Page.slug, workspace, main_folder, 'creation_order_test', '', True) # nopep8
  1838. api.mark_read(firstly_created)
  1839. api2.mark_read(firstly_created)
  1840. dbsession.flush()
  1841. transaction.commit()
  1842. self.testapp.authorization = (
  1843. 'Basic',
  1844. (
  1845. 'test@test.test',
  1846. 'pass'
  1847. )
  1848. )
  1849. # before
  1850. res = self.testapp.get('/api/v2/users/{user_id}/workspaces/{workspace_id}/contents/read_status'.format( # nopep8
  1851. user_id=test_user.user_id,
  1852. workspace_id=workspace.workspace_id
  1853. ), status=200)
  1854. assert res.json_body[0]['content_id'] == firstly_created.content_id
  1855. assert res.json_body[0]['read_by_user'] is True
  1856. # unread
  1857. self.testapp.put(
  1858. '/api/v2/users/{user_id}/workspaces/{workspace_id}/contents/{content_id}/unread'.format( # nopep8
  1859. workspace_id=workspace.workspace_id,
  1860. content_id=firstly_created.content_id,
  1861. user_id=test_user.user_id,
  1862. )
  1863. )
  1864. # after
  1865. res = self.testapp.get('/api/v2/users/{user_id}/workspaces/{workspace_id}/contents/read_status'.format( # nopep8
  1866. user_id=test_user.user_id,
  1867. workspace_id=workspace.workspace_id
  1868. ), status=200)
  1869. assert res.json_body[0]['content_id'] == firstly_created.content_id
  1870. assert res.json_body[0]['read_by_user'] is False
  1871. def test_api_set_content_as_unread__err__403__other_user(self):
  1872. # init DB
  1873. dbsession = get_tm_session(self.session_factory, transaction.manager)
  1874. admin = dbsession.query(models.User) \
  1875. .filter(models.User.email == 'admin@admin.admin') \
  1876. .one()
  1877. workspace_api = WorkspaceApi(
  1878. current_user=admin,
  1879. session=dbsession,
  1880. config=self.app_config
  1881. )
  1882. workspace = WorkspaceApi(
  1883. current_user=admin,
  1884. session=dbsession,
  1885. config=self.app_config,
  1886. ).create_workspace(
  1887. 'test workspace',
  1888. save_now=True
  1889. )
  1890. uapi = UserApi(
  1891. current_user=admin,
  1892. session=dbsession,
  1893. config=self.app_config,
  1894. )
  1895. gapi = GroupApi(
  1896. current_user=admin,
  1897. session=dbsession,
  1898. config=self.app_config,
  1899. )
  1900. groups = [gapi.get_one_with_name('users')]
  1901. test_user = uapi.create_user(
  1902. email='test@test.test',
  1903. password='pass',
  1904. name='bob',
  1905. groups=groups,
  1906. timezone='Europe/Paris',
  1907. lang='fr',
  1908. do_save=True,
  1909. do_notify=False,
  1910. )
  1911. rapi = RoleApi(
  1912. current_user=admin,
  1913. session=dbsession,
  1914. config=self.app_config,
  1915. )
  1916. rapi.create_one(test_user, workspace, UserRoleInWorkspace.READER, False)
  1917. api = ContentApi(
  1918. current_user=admin,
  1919. session=dbsession,
  1920. config=self.app_config,
  1921. )
  1922. api2 = ContentApi(
  1923. current_user=test_user,
  1924. session=dbsession,
  1925. config=self.app_config,
  1926. )
  1927. main_folder = api.create(CONTENT_TYPES.Folder.slug, workspace, None, 'this is randomized folder', '', True) # nopep8
  1928. # creation order test
  1929. firstly_created = api.create(CONTENT_TYPES.Page.slug, workspace, main_folder, 'creation_order_test', '', True) # nopep8
  1930. api.mark_read(firstly_created)
  1931. api2.mark_read(firstly_created)
  1932. dbsession.flush()
  1933. transaction.commit()
  1934. self.testapp.authorization = (
  1935. 'Basic',
  1936. (
  1937. 'test@test.test',
  1938. 'pass'
  1939. )
  1940. )
  1941. # unread
  1942. self.testapp.put(
  1943. '/api/v2/users/{user_id}/workspaces/{workspace_id}/contents/{content_id}/unread'.format( # nopep8
  1944. workspace_id=workspace.workspace_id,
  1945. content_id=firstly_created.content_id,
  1946. user_id=admin.user_id,
  1947. ),
  1948. status=403,
  1949. )
  1950. def test_api_set_content_as_unread__ok__200__with_comments(self):
  1951. # init DB
  1952. dbsession = get_tm_session(self.session_factory, transaction.manager)
  1953. admin = dbsession.query(models.User) \
  1954. .filter(models.User.email == 'admin@admin.admin') \
  1955. .one()
  1956. workspace_api = WorkspaceApi(
  1957. current_user=admin,
  1958. session=dbsession,
  1959. config=self.app_config
  1960. )
  1961. workspace = WorkspaceApi(
  1962. current_user=admin,
  1963. session=dbsession,
  1964. config=self.app_config,
  1965. ).create_workspace(
  1966. 'test workspace',
  1967. save_now=True
  1968. )
  1969. api = ContentApi(
  1970. current_user=admin,
  1971. session=dbsession,
  1972. config=self.app_config,
  1973. )
  1974. main_folder = api.create(CONTENT_TYPES.Folder.slug, workspace, None, 'this is randomized folder', '', True) # nopep8
  1975. # creation order test
  1976. firstly_created = api.create(CONTENT_TYPES.Page.slug, workspace, main_folder, 'creation_order_test', '', True) # nopep8
  1977. comments = api.create_comment(workspace, firstly_created, 'juste a super comment', True) # nopep8
  1978. api.mark_read(firstly_created)
  1979. api.mark_read(comments)
  1980. dbsession.flush()
  1981. transaction.commit()
  1982. self.testapp.authorization = (
  1983. 'Basic',
  1984. (
  1985. 'admin@admin.admin',
  1986. 'admin@admin.admin'
  1987. )
  1988. )
  1989. res = self.testapp.get('/api/v2/users/1/workspaces/{}/contents/read_status'.format(workspace.workspace_id), status=200) # nopep8
  1990. assert res.json_body[0]['content_id'] == firstly_created.content_id
  1991. assert res.json_body[0]['read_by_user'] is True
  1992. self.testapp.put(
  1993. '/api/v2/users/{user_id}/workspaces/{workspace_id}/contents/{content_id}/unread'.format( # nopep8
  1994. workspace_id=workspace.workspace_id,
  1995. content_id=firstly_created.content_id,
  1996. user_id=admin.user_id,
  1997. )
  1998. )
  1999. res = self.testapp.get('/api/v2/users/1/workspaces/{}/contents/read_status'.format(workspace.workspace_id), status=200) # nopep8
  2000. assert res.json_body[0]['content_id'] == firstly_created.content_id
  2001. assert res.json_body[0]['read_by_user'] is False
  2002. assert comments.has_new_information_for(admin) is True
  2003. class TestUserSetWorkspaceAsRead(FunctionalTest):
  2004. """
  2005. Tests for /api/v2/users/{user_id}/workspaces/{workspace_id}/read
  2006. """
  2007. def test_api_set_content_as_read__ok__200__admin(self):
  2008. # init DB
  2009. dbsession = get_tm_session(self.session_factory, transaction.manager)
  2010. admin = dbsession.query(models.User) \
  2011. .filter(models.User.email == 'admin@admin.admin') \
  2012. .one()
  2013. workspace_api = WorkspaceApi(
  2014. current_user=admin,
  2015. session=dbsession,
  2016. config=self.app_config
  2017. )
  2018. workspace = WorkspaceApi(
  2019. current_user=admin,
  2020. session=dbsession,
  2021. config=self.app_config,
  2022. ).create_workspace(
  2023. 'test workspace',
  2024. save_now=True
  2025. )
  2026. uapi = UserApi(
  2027. current_user=admin,
  2028. session=dbsession,
  2029. config=self.app_config,
  2030. )
  2031. gapi = GroupApi(
  2032. current_user=admin,
  2033. session=dbsession,
  2034. config=self.app_config,
  2035. )
  2036. groups = [gapi.get_one_with_name('users')]
  2037. test_user = uapi.create_user(
  2038. email='test@test.test',
  2039. password='pass',
  2040. name='bob',
  2041. groups=groups,
  2042. timezone='Europe/Paris',
  2043. lang='fr',
  2044. do_save=True,
  2045. do_notify=False,
  2046. )
  2047. rapi = RoleApi(
  2048. current_user=admin,
  2049. session=dbsession,
  2050. config=self.app_config,
  2051. )
  2052. rapi.create_one(test_user, workspace, UserRoleInWorkspace.READER, False)
  2053. api = ContentApi(
  2054. current_user=admin,
  2055. session=dbsession,
  2056. config=self.app_config,
  2057. )
  2058. api2 = ContentApi(
  2059. current_user=test_user,
  2060. session=dbsession,
  2061. config=self.app_config,
  2062. )
  2063. main_folder = api.create(CONTENT_TYPES.Folder.slug, workspace, None, 'this is randomized folder', '', True) # nopep8
  2064. # creation order test
  2065. firstly_created = api.create(CONTENT_TYPES.Page.slug, workspace, main_folder, 'creation_order_test', '', True) # nopep8
  2066. api.mark_unread(main_folder)
  2067. api.mark_unread(firstly_created)
  2068. api2.mark_unread(main_folder)
  2069. api2.mark_unread(firstly_created)
  2070. dbsession.flush()
  2071. transaction.commit()
  2072. self.testapp.authorization = (
  2073. 'Basic',
  2074. (
  2075. 'admin@admin.admin',
  2076. 'admin@admin.admin'
  2077. )
  2078. )
  2079. res = self.testapp.get('/api/v2/users/{user_id}/workspaces/{workspace_id}/contents/read_status'.format( # nopep8
  2080. user_id=test_user.user_id,
  2081. workspace_id=workspace.workspace_id
  2082. ), status=200)
  2083. assert res.json_body[0]['content_id'] == firstly_created.content_id
  2084. assert res.json_body[0]['read_by_user'] is False
  2085. assert res.json_body[1]['content_id'] == main_folder.content_id
  2086. assert res.json_body[1]['read_by_user'] is False
  2087. self.testapp.put(
  2088. '/api/v2/users/{user_id}/workspaces/{workspace_id}/read'.format( # nopep8
  2089. workspace_id=workspace.workspace_id,
  2090. content_id=firstly_created.content_id,
  2091. user_id=test_user.user_id,
  2092. )
  2093. )
  2094. res = self.testapp.get('/api/v2/users/{user_id}/workspaces/{workspace_id}/contents/read_status'.format( # nopep8
  2095. user_id=test_user.user_id,
  2096. workspace_id=workspace.workspace_id
  2097. ), status=200)
  2098. assert res.json_body[0]['content_id'] == firstly_created.content_id
  2099. assert res.json_body[0]['read_by_user'] is True
  2100. assert res.json_body[1]['content_id'] == main_folder.content_id
  2101. assert res.json_body[1]['read_by_user'] is True
  2102. def test_api_set_content_as_read__ok__200__user_itself(self):
  2103. # init DB
  2104. dbsession = get_tm_session(self.session_factory, transaction.manager)
  2105. admin = dbsession.query(models.User) \
  2106. .filter(models.User.email == 'admin@admin.admin') \
  2107. .one()
  2108. workspace_api = WorkspaceApi(
  2109. current_user=admin,
  2110. session=dbsession,
  2111. config=self.app_config
  2112. )
  2113. workspace = WorkspaceApi(
  2114. current_user=admin,
  2115. session=dbsession,
  2116. config=self.app_config,
  2117. ).create_workspace(
  2118. 'test workspace',
  2119. save_now=True
  2120. )
  2121. uapi = UserApi(
  2122. current_user=admin,
  2123. session=dbsession,
  2124. config=self.app_config,
  2125. )
  2126. gapi = GroupApi(
  2127. current_user=admin,
  2128. session=dbsession,
  2129. config=self.app_config,
  2130. )
  2131. groups = [gapi.get_one_with_name('users')]
  2132. test_user = uapi.create_user(
  2133. email='test@test.test',
  2134. password='pass',
  2135. name='bob',
  2136. groups=groups,
  2137. timezone='Europe/Paris',
  2138. lang='fr',
  2139. do_save=True,
  2140. do_notify=False,
  2141. )
  2142. rapi = RoleApi(
  2143. current_user=admin,
  2144. session=dbsession,
  2145. config=self.app_config,
  2146. )
  2147. rapi.create_one(test_user, workspace, UserRoleInWorkspace.READER, False)
  2148. api = ContentApi(
  2149. current_user=admin,
  2150. session=dbsession,
  2151. config=self.app_config,
  2152. )
  2153. api2 = ContentApi(
  2154. current_user=test_user,
  2155. session=dbsession,
  2156. config=self.app_config,
  2157. )
  2158. main_folder = api.create(CONTENT_TYPES.Folder.slug, workspace, None, 'this is randomized folder', '', True) # nopep8
  2159. # creation order test
  2160. firstly_created = api.create(CONTENT_TYPES.Page.slug, workspace, main_folder, 'creation_order_test', '', True) # nopep8
  2161. api.mark_unread(main_folder)
  2162. api.mark_unread(firstly_created)
  2163. api2.mark_unread(main_folder)
  2164. api2.mark_unread(firstly_created)
  2165. dbsession.flush()
  2166. transaction.commit()
  2167. self.testapp.authorization = (
  2168. 'Basic',
  2169. (
  2170. 'test@test.test',
  2171. 'pass'
  2172. )
  2173. )
  2174. res = self.testapp.get('/api/v2/users/{user_id}/workspaces/{workspace_id}/contents/read_status'.format( # nopep8
  2175. user_id=test_user.user_id,
  2176. workspace_id=workspace.workspace_id
  2177. ), status=200)
  2178. assert res.json_body[0]['content_id'] == firstly_created.content_id
  2179. assert res.json_body[0]['read_by_user'] is False
  2180. assert res.json_body[1]['content_id'] == main_folder.content_id
  2181. assert res.json_body[1]['read_by_user'] is False
  2182. self.testapp.put(
  2183. '/api/v2/users/{user_id}/workspaces/{workspace_id}/read'.format( # nopep8
  2184. workspace_id=workspace.workspace_id,
  2185. content_id=firstly_created.content_id,
  2186. user_id=test_user.user_id,
  2187. )
  2188. )
  2189. res = self.testapp.get('/api/v2/users/{user_id}/workspaces/{workspace_id}/contents/read_status'.format( # nopep8
  2190. user_id=test_user.user_id,
  2191. workspace_id=workspace.workspace_id
  2192. ), status=200)
  2193. assert res.json_body[0]['content_id'] == firstly_created.content_id
  2194. assert res.json_body[0]['read_by_user'] is True
  2195. assert res.json_body[1]['content_id'] == main_folder.content_id
  2196. assert res.json_body[1]['read_by_user'] is True
  2197. def test_api_set_content_as_read__err__403__other_user(self):
  2198. # init DB
  2199. dbsession = get_tm_session(self.session_factory, transaction.manager)
  2200. admin = dbsession.query(models.User) \
  2201. .filter(models.User.email == 'admin@admin.admin') \
  2202. .one()
  2203. workspace_api = WorkspaceApi(
  2204. current_user=admin,
  2205. session=dbsession,
  2206. config=self.app_config
  2207. )
  2208. workspace = WorkspaceApi(
  2209. current_user=admin,
  2210. session=dbsession,
  2211. config=self.app_config,
  2212. ).create_workspace(
  2213. 'test workspace',
  2214. save_now=True
  2215. )
  2216. uapi = UserApi(
  2217. current_user=admin,
  2218. session=dbsession,
  2219. config=self.app_config,
  2220. )
  2221. gapi = GroupApi(
  2222. current_user=admin,
  2223. session=dbsession,
  2224. config=self.app_config,
  2225. )
  2226. groups = [gapi.get_one_with_name('users')]
  2227. test_user = uapi.create_user(
  2228. email='test@test.test',
  2229. password='pass',
  2230. name='bob',
  2231. groups=groups,
  2232. timezone='Europe/Paris',
  2233. lang='fr',
  2234. do_save=True,
  2235. do_notify=False,
  2236. )
  2237. rapi = RoleApi(
  2238. current_user=admin,
  2239. session=dbsession,
  2240. config=self.app_config,
  2241. )
  2242. rapi.create_one(test_user, workspace, UserRoleInWorkspace.READER, False)
  2243. api = ContentApi(
  2244. current_user=admin,
  2245. session=dbsession,
  2246. config=self.app_config,
  2247. )
  2248. api2 = ContentApi(
  2249. current_user=test_user,
  2250. session=dbsession,
  2251. config=self.app_config,
  2252. )
  2253. main_folder = api.create(CONTENT_TYPES.Folder.slug, workspace, None, 'this is randomized folder', '', True) # nopep8
  2254. # creation order test
  2255. firstly_created = api.create(CONTENT_TYPES.Page.slug, workspace, main_folder, 'creation_order_test', '', True) # nopep8
  2256. api.mark_unread(main_folder)
  2257. api.mark_unread(firstly_created)
  2258. api2.mark_unread(main_folder)
  2259. api2.mark_unread(firstly_created)
  2260. dbsession.flush()
  2261. transaction.commit()
  2262. self.testapp.authorization = (
  2263. 'Basic',
  2264. (
  2265. 'test@test.test',
  2266. 'pass'
  2267. )
  2268. )
  2269. self.testapp.put(
  2270. '/api/v2/users/{user_id}/workspaces/{workspace_id}/read'.format( # nopep8
  2271. workspace_id=workspace.workspace_id,
  2272. content_id=firstly_created.content_id,
  2273. user_id=admin.user_id,
  2274. ),
  2275. status=403,
  2276. )
  2277. class TestUserEnableWorkspaceNotification(FunctionalTest):
  2278. """
  2279. Tests for /api/v2/users/{user_id}/workspaces/{workspace_id}/notify
  2280. """
  2281. def test_api_enable_user_workspace_notification__ok__200__admin(self):
  2282. # init DB
  2283. dbsession = get_tm_session(self.session_factory, transaction.manager)
  2284. admin = dbsession.query(models.User) \
  2285. .filter(models.User.email == 'admin@admin.admin') \
  2286. .one()
  2287. workspace_api = WorkspaceApi(
  2288. current_user=admin,
  2289. session=dbsession,
  2290. config=self.app_config
  2291. )
  2292. workspace = WorkspaceApi(
  2293. current_user=admin,
  2294. session=dbsession,
  2295. config=self.app_config,
  2296. ).create_workspace(
  2297. 'test workspace',
  2298. save_now=True
  2299. )
  2300. uapi = UserApi(
  2301. current_user=admin,
  2302. session=dbsession,
  2303. config=self.app_config,
  2304. )
  2305. gapi = GroupApi(
  2306. current_user=admin,
  2307. session=dbsession,
  2308. config=self.app_config,
  2309. )
  2310. groups = [gapi.get_one_with_name('users')]
  2311. test_user = uapi.create_user(
  2312. email='test@test.test',
  2313. password='pass',
  2314. name='bob',
  2315. groups=groups,
  2316. timezone='Europe/Paris',
  2317. lang='fr',
  2318. do_save=True,
  2319. do_notify=False,
  2320. )
  2321. rapi = RoleApi(
  2322. current_user=admin,
  2323. session=dbsession,
  2324. config=self.app_config,
  2325. )
  2326. rapi.create_one(test_user, workspace, UserRoleInWorkspace.READER, with_notif=False) # nopep8
  2327. transaction.commit()
  2328. role = rapi.get_one(test_user.user_id, workspace.workspace_id)
  2329. assert role.do_notify is False
  2330. self.testapp.authorization = (
  2331. 'Basic',
  2332. (
  2333. 'admin@admin.admin',
  2334. 'admin@admin.admin'
  2335. )
  2336. )
  2337. self.testapp.put_json('/api/v2/users/{user_id}/workspaces/{workspace_id}/notify'.format( # nopep8
  2338. user_id=test_user.user_id,
  2339. workspace_id=workspace.workspace_id
  2340. ), status=204)
  2341. dbsession = get_tm_session(self.session_factory, transaction.manager)
  2342. rapi = RoleApi(
  2343. current_user=admin,
  2344. session=dbsession,
  2345. config=self.app_config,
  2346. )
  2347. role = rapi.get_one(test_user.user_id, workspace.workspace_id)
  2348. assert role.do_notify is True
  2349. def test_api_enable_user_workspace_notification__ok__200__user_itself(self):
  2350. # init DB
  2351. dbsession = get_tm_session(self.session_factory, transaction.manager)
  2352. admin = dbsession.query(models.User) \
  2353. .filter(models.User.email == 'admin@admin.admin') \
  2354. .one()
  2355. workspace_api = WorkspaceApi(
  2356. current_user=admin,
  2357. session=dbsession,
  2358. config=self.app_config
  2359. )
  2360. workspace = WorkspaceApi(
  2361. current_user=admin,
  2362. session=dbsession,
  2363. config=self.app_config,
  2364. ).create_workspace(
  2365. 'test workspace',
  2366. save_now=True
  2367. )
  2368. uapi = UserApi(
  2369. current_user=admin,
  2370. session=dbsession,
  2371. config=self.app_config,
  2372. )
  2373. gapi = GroupApi(
  2374. current_user=admin,
  2375. session=dbsession,
  2376. config=self.app_config,
  2377. )
  2378. groups = [gapi.get_one_with_name('users')]
  2379. test_user = uapi.create_user(
  2380. email='test@test.test',
  2381. password='pass',
  2382. name='bob',
  2383. groups=groups,
  2384. timezone='Europe/Paris',
  2385. lang='fr',
  2386. do_save=True,
  2387. do_notify=False,
  2388. )
  2389. rapi = RoleApi(
  2390. current_user=admin,
  2391. session=dbsession,
  2392. config=self.app_config,
  2393. )
  2394. rapi.create_one(test_user, workspace, UserRoleInWorkspace.READER, with_notif=False) # nopep8
  2395. transaction.commit()
  2396. role = rapi.get_one(test_user.user_id, workspace.workspace_id)
  2397. assert role.do_notify is False
  2398. self.testapp.authorization = (
  2399. 'Basic',
  2400. (
  2401. 'test@test.test',
  2402. 'pass',
  2403. )
  2404. )
  2405. self.testapp.put_json('/api/v2/users/{user_id}/workspaces/{workspace_id}/notify'.format( # nopep8
  2406. user_id=test_user.user_id,
  2407. workspace_id=workspace.workspace_id
  2408. ), status=204)
  2409. dbsession = get_tm_session(self.session_factory, transaction.manager)
  2410. rapi = RoleApi(
  2411. current_user=admin,
  2412. session=dbsession,
  2413. config=self.app_config,
  2414. )
  2415. role = rapi.get_one(test_user.user_id, workspace.workspace_id)
  2416. assert role.do_notify is True
  2417. def test_api_enable_user_workspace_notification__err__403__other_user(self):
  2418. # init DB
  2419. dbsession = get_tm_session(self.session_factory, transaction.manager)
  2420. admin = dbsession.query(models.User) \
  2421. .filter(models.User.email == 'admin@admin.admin') \
  2422. .one()
  2423. workspace_api = WorkspaceApi(
  2424. current_user=admin,
  2425. session=dbsession,
  2426. config=self.app_config
  2427. )
  2428. workspace = WorkspaceApi(
  2429. current_user=admin,
  2430. session=dbsession,
  2431. config=self.app_config,
  2432. ).create_workspace(
  2433. 'test workspace',
  2434. save_now=True
  2435. )
  2436. uapi = UserApi(
  2437. current_user=admin,
  2438. session=dbsession,
  2439. config=self.app_config,
  2440. )
  2441. gapi = GroupApi(
  2442. current_user=admin,
  2443. session=dbsession,
  2444. config=self.app_config,
  2445. )
  2446. groups = [gapi.get_one_with_name('users')]
  2447. test_user = uapi.create_user(
  2448. email='test@test.test',
  2449. password='pass',
  2450. name='bob',
  2451. groups=groups,
  2452. timezone='Europe/Paris',
  2453. lang='fr',
  2454. do_save=True,
  2455. do_notify=False,
  2456. )
  2457. test_user2 = uapi.create_user(
  2458. email='test2@test2.test2',
  2459. password='pass',
  2460. name='boby',
  2461. groups=groups,
  2462. timezone='Europe/Paris',
  2463. lang='fr',
  2464. do_save=True,
  2465. do_notify=False,
  2466. )
  2467. rapi = RoleApi(
  2468. current_user=admin,
  2469. session=dbsession,
  2470. config=self.app_config,
  2471. )
  2472. rapi.create_one(test_user, workspace, UserRoleInWorkspace.READER, with_notif=False) # nopep8
  2473. rapi.create_one(test_user2, workspace, UserRoleInWorkspace.READER, with_notif=False) # nopep8
  2474. transaction.commit()
  2475. role = rapi.get_one(test_user.user_id, workspace.workspace_id)
  2476. assert role.do_notify is False
  2477. self.testapp.authorization = (
  2478. 'Basic',
  2479. (
  2480. 'test2@test2.test2',
  2481. 'pass',
  2482. )
  2483. )
  2484. self.testapp.put_json('/api/v2/users/{user_id}/workspaces/{workspace_id}/notify'.format( # nopep8
  2485. user_id=test_user.user_id,
  2486. workspace_id=workspace.workspace_id
  2487. ), status=403)
  2488. class TestUserDisableWorkspaceNotification(FunctionalTest):
  2489. """
  2490. Tests for /api/v2/users/{user_id}/workspaces/{workspace_id}/unnotify
  2491. """
  2492. def test_api_disable_user_workspace_notification__ok__200__admin(self):
  2493. # init DB
  2494. dbsession = get_tm_session(self.session_factory, transaction.manager)
  2495. admin = dbsession.query(models.User) \
  2496. .filter(models.User.email == 'admin@admin.admin') \
  2497. .one()
  2498. workspace_api = WorkspaceApi(
  2499. current_user=admin,
  2500. session=dbsession,
  2501. config=self.app_config
  2502. )
  2503. workspace = WorkspaceApi(
  2504. current_user=admin,
  2505. session=dbsession,
  2506. config=self.app_config,
  2507. ).create_workspace(
  2508. 'test workspace',
  2509. save_now=True
  2510. )
  2511. uapi = UserApi(
  2512. current_user=admin,
  2513. session=dbsession,
  2514. config=self.app_config,
  2515. )
  2516. gapi = GroupApi(
  2517. current_user=admin,
  2518. session=dbsession,
  2519. config=self.app_config,
  2520. )
  2521. groups = [gapi.get_one_with_name('users')]
  2522. test_user = uapi.create_user(
  2523. email='test@test.test',
  2524. password='pass',
  2525. name='bob',
  2526. groups=groups,
  2527. timezone='Europe/Paris',
  2528. lang='fr',
  2529. do_save=True,
  2530. do_notify=True,
  2531. )
  2532. rapi = RoleApi(
  2533. current_user=admin,
  2534. session=dbsession,
  2535. config=self.app_config,
  2536. )
  2537. rapi.create_one(test_user, workspace, UserRoleInWorkspace.READER, with_notif=True) # nopep8
  2538. transaction.commit()
  2539. role = rapi.get_one(test_user.user_id, workspace.workspace_id)
  2540. assert role.do_notify is True
  2541. self.testapp.authorization = (
  2542. 'Basic',
  2543. (
  2544. 'admin@admin.admin',
  2545. 'admin@admin.admin'
  2546. )
  2547. )
  2548. self.testapp.put_json('/api/v2/users/{user_id}/workspaces/{workspace_id}/unnotify'.format( # nopep8
  2549. user_id=test_user.user_id,
  2550. workspace_id=workspace.workspace_id
  2551. ), status=204)
  2552. dbsession = get_tm_session(self.session_factory, transaction.manager)
  2553. rapi = RoleApi(
  2554. current_user=admin,
  2555. session=dbsession,
  2556. config=self.app_config,
  2557. )
  2558. role = rapi.get_one(test_user.user_id, workspace.workspace_id)
  2559. assert role.do_notify is False
  2560. def test_api_enable_user_workspace_notification__ok__200__user_itself(self):
  2561. # init DB
  2562. dbsession = get_tm_session(self.session_factory, transaction.manager)
  2563. admin = dbsession.query(models.User) \
  2564. .filter(models.User.email == 'admin@admin.admin') \
  2565. .one()
  2566. workspace_api = WorkspaceApi(
  2567. current_user=admin,
  2568. session=dbsession,
  2569. config=self.app_config
  2570. )
  2571. workspace = WorkspaceApi(
  2572. current_user=admin,
  2573. session=dbsession,
  2574. config=self.app_config,
  2575. ).create_workspace(
  2576. 'test workspace',
  2577. save_now=True
  2578. )
  2579. uapi = UserApi(
  2580. current_user=admin,
  2581. session=dbsession,
  2582. config=self.app_config,
  2583. )
  2584. gapi = GroupApi(
  2585. current_user=admin,
  2586. session=dbsession,
  2587. config=self.app_config,
  2588. )
  2589. groups = [gapi.get_one_with_name('users')]
  2590. test_user = uapi.create_user(
  2591. email='test@test.test',
  2592. password='pass',
  2593. name='bob',
  2594. groups=groups,
  2595. timezone='Europe/Paris',
  2596. lang='fr',
  2597. do_save=True,
  2598. do_notify=False,
  2599. )
  2600. rapi = RoleApi(
  2601. current_user=admin,
  2602. session=dbsession,
  2603. config=self.app_config,
  2604. )
  2605. rapi.create_one(test_user, workspace, UserRoleInWorkspace.READER, with_notif=True) # nopep8
  2606. transaction.commit()
  2607. role = rapi.get_one(test_user.user_id, workspace.workspace_id)
  2608. assert role.do_notify is True
  2609. self.testapp.authorization = (
  2610. 'Basic',
  2611. (
  2612. 'test@test.test',
  2613. 'pass',
  2614. )
  2615. )
  2616. self.testapp.put_json('/api/v2/users/{user_id}/workspaces/{workspace_id}/unnotify'.format( # nopep8
  2617. user_id=test_user.user_id,
  2618. workspace_id=workspace.workspace_id
  2619. ), status=204)
  2620. dbsession = get_tm_session(self.session_factory, transaction.manager)
  2621. rapi = RoleApi(
  2622. current_user=admin,
  2623. session=dbsession,
  2624. config=self.app_config,
  2625. )
  2626. role = rapi.get_one(test_user.user_id, workspace.workspace_id)
  2627. assert role.do_notify is False
  2628. def test_api_disable_user_workspace_notification__err__403__other_user(self):
  2629. # init DB
  2630. dbsession = get_tm_session(self.session_factory, transaction.manager)
  2631. admin = dbsession.query(models.User) \
  2632. .filter(models.User.email == 'admin@admin.admin') \
  2633. .one()
  2634. workspace_api = WorkspaceApi(
  2635. current_user=admin,
  2636. session=dbsession,
  2637. config=self.app_config
  2638. )
  2639. workspace = WorkspaceApi(
  2640. current_user=admin,
  2641. session=dbsession,
  2642. config=self.app_config,
  2643. ).create_workspace(
  2644. 'test workspace',
  2645. save_now=True
  2646. )
  2647. uapi = UserApi(
  2648. current_user=admin,
  2649. session=dbsession,
  2650. config=self.app_config,
  2651. )
  2652. gapi = GroupApi(
  2653. current_user=admin,
  2654. session=dbsession,
  2655. config=self.app_config,
  2656. )
  2657. groups = [gapi.get_one_with_name('users')]
  2658. test_user = uapi.create_user(
  2659. email='test@test.test',
  2660. password='pass',
  2661. name='bob',
  2662. groups=groups,
  2663. timezone='Europe/Paris',
  2664. lang='fr',
  2665. do_save=True,
  2666. do_notify=False,
  2667. )
  2668. test_user2 = uapi.create_user(
  2669. email='test2@test2.test2',
  2670. password='pass',
  2671. name='boby',
  2672. groups=groups,
  2673. timezone='Europe/Paris',
  2674. lang='fr',
  2675. do_save=True,
  2676. do_notify=False,
  2677. )
  2678. rapi = RoleApi(
  2679. current_user=admin,
  2680. session=dbsession,
  2681. config=self.app_config,
  2682. )
  2683. rapi.create_one(test_user, workspace, UserRoleInWorkspace.READER, with_notif=True) # nopep8
  2684. rapi.create_one(test_user2, workspace, UserRoleInWorkspace.READER, with_notif=False) # nopep8
  2685. transaction.commit()
  2686. role = rapi.get_one(test_user.user_id, workspace.workspace_id)
  2687. assert role.do_notify is True
  2688. self.testapp.authorization = (
  2689. 'Basic',
  2690. (
  2691. 'test2@test2.test2',
  2692. 'pass',
  2693. )
  2694. )
  2695. self.testapp.put_json('/api/v2/users/{user_id}/workspaces/{workspace_id}/unnotify'.format( # nopep8
  2696. user_id=test_user.user_id,
  2697. workspace_id=workspace.workspace_id
  2698. ), status=403)
  2699. class TestUserWorkspaceEndpoint(FunctionalTest):
  2700. """
  2701. Tests for /api/v2/users/{user_id}/workspaces
  2702. """
  2703. fixtures = [BaseFixture, ContentFixtures]
  2704. def test_api__get_user_workspaces__ok_200__nominal_case(self):
  2705. """
  2706. Check obtain all workspaces reachables for user with user auth.
  2707. """
  2708. dbsession = get_tm_session(self.session_factory, transaction.manager)
  2709. admin = dbsession.query(models.User) \
  2710. .filter(models.User.email == 'admin@admin.admin') \
  2711. .one()
  2712. workspace_api = WorkspaceApi(
  2713. session=dbsession,
  2714. current_user=admin,
  2715. config=self.app_config,
  2716. )
  2717. workspace = workspace_api.get_one(1)
  2718. app_api = ApplicationApi(
  2719. app_list
  2720. )
  2721. default_sidebar_entry = app_api.get_default_workspace_menu_entry(workspace=workspace) # nope8
  2722. self.testapp.authorization = (
  2723. 'Basic',
  2724. (
  2725. 'admin@admin.admin',
  2726. 'admin@admin.admin'
  2727. )
  2728. )
  2729. res = self.testapp.get('/api/v2/users/1/workspaces', status=200)
  2730. res = res.json_body
  2731. workspace = res[0]
  2732. assert workspace['workspace_id'] == 1
  2733. assert workspace['label'] == 'Business'
  2734. assert workspace['slug'] == 'business'
  2735. assert workspace['is_deleted'] is False
  2736. assert len(workspace['sidebar_entries']) == len(default_sidebar_entry)
  2737. for counter, sidebar_entry in enumerate(default_sidebar_entry):
  2738. workspace['sidebar_entries'][counter]['slug'] = sidebar_entry.slug
  2739. workspace['sidebar_entries'][counter]['label'] = sidebar_entry.label
  2740. workspace['sidebar_entries'][counter]['route'] = sidebar_entry.route
  2741. workspace['sidebar_entries'][counter]['hexcolor'] = sidebar_entry.hexcolor # nopep8
  2742. workspace['sidebar_entries'][counter]['fa_icon'] = sidebar_entry.fa_icon # nopep8
  2743. def test_api__get_user_workspaces__err_403__unallowed_user(self):
  2744. """
  2745. Check obtain all workspaces reachables for one user
  2746. with another non-admin user auth.
  2747. """
  2748. self.testapp.authorization = (
  2749. 'Basic',
  2750. (
  2751. 'lawrence-not-real-email@fsf.local',
  2752. 'foobarbaz'
  2753. )
  2754. )
  2755. res = self.testapp.get('/api/v2/users/1/workspaces', status=403)
  2756. assert isinstance(res.json, dict)
  2757. assert 'code' in res.json.keys()
  2758. assert 'message' in res.json.keys()
  2759. assert 'details' in res.json.keys()
  2760. def test_api__get_user_workspaces__err_401__unregistered_user(self):
  2761. """
  2762. Check obtain all workspaces reachables for one user
  2763. without correct user auth (user unregistered).
  2764. """
  2765. self.testapp.authorization = (
  2766. 'Basic',
  2767. (
  2768. 'john@doe.doe',
  2769. 'lapin'
  2770. )
  2771. )
  2772. res = self.testapp.get('/api/v2/users/1/workspaces', status=401)
  2773. assert isinstance(res.json, dict)
  2774. assert 'code' in res.json.keys()
  2775. assert 'message' in res.json.keys()
  2776. assert 'details' in res.json.keys()
  2777. def test_api__get_user_workspaces__err_400__user_does_not_exist(self):
  2778. """
  2779. Check obtain all workspaces reachables for one user who does
  2780. not exist
  2781. with a correct user auth.
  2782. """
  2783. self.testapp.authorization = (
  2784. 'Basic',
  2785. (
  2786. 'admin@admin.admin',
  2787. 'admin@admin.admin'
  2788. )
  2789. )
  2790. res = self.testapp.get('/api/v2/users/5/workspaces', status=400)
  2791. assert isinstance(res.json, dict)
  2792. assert 'code' in res.json.keys()
  2793. assert 'message' in res.json.keys()
  2794. assert 'details' in res.json.keys()
  2795. class TestUserEndpoint(FunctionalTest):
  2796. # -*- coding: utf-8 -*-
  2797. """
  2798. Tests for GET /api/v2/users/{user_id}
  2799. """
  2800. fixtures = [BaseFixture]
  2801. def test_api__get_user__ok_200__admin(self):
  2802. dbsession = get_tm_session(self.session_factory, transaction.manager)
  2803. admin = dbsession.query(models.User) \
  2804. .filter(models.User.email == 'admin@admin.admin') \
  2805. .one()
  2806. uapi = UserApi(
  2807. current_user=admin,
  2808. session=dbsession,
  2809. config=self.app_config,
  2810. )
  2811. gapi = GroupApi(
  2812. current_user=admin,
  2813. session=dbsession,
  2814. config=self.app_config,
  2815. )
  2816. groups = [gapi.get_one_with_name('users')]
  2817. test_user = uapi.create_user(
  2818. email='test@test.test',
  2819. password='pass',
  2820. name='bob',
  2821. groups=groups,
  2822. timezone='Europe/Paris',
  2823. lang='fr',
  2824. do_save=True,
  2825. do_notify=False,
  2826. )
  2827. uapi.save(test_user)
  2828. transaction.commit()
  2829. user_id = int(test_user.user_id)
  2830. self.testapp.authorization = (
  2831. 'Basic',
  2832. (
  2833. 'admin@admin.admin',
  2834. 'admin@admin.admin'
  2835. )
  2836. )
  2837. res = self.testapp.get(
  2838. '/api/v2/users/{}'.format(user_id),
  2839. status=200
  2840. )
  2841. res = res.json_body
  2842. assert res['user_id'] == user_id
  2843. assert res['created']
  2844. assert res['is_active'] is True
  2845. assert res['profile'] == 'users'
  2846. assert res['email'] == 'test@test.test'
  2847. assert res['public_name'] == 'bob'
  2848. assert res['timezone'] == 'Europe/Paris'
  2849. assert res['is_deleted'] is False
  2850. assert res['lang'] == 'fr'
  2851. def test_api__get_user__ok_200__user_itself(self):
  2852. dbsession = get_tm_session(self.session_factory, transaction.manager)
  2853. admin = dbsession.query(models.User) \
  2854. .filter(models.User.email == 'admin@admin.admin') \
  2855. .one()
  2856. uapi = UserApi(
  2857. current_user=admin,
  2858. session=dbsession,
  2859. config=self.app_config,
  2860. )
  2861. gapi = GroupApi(
  2862. current_user=admin,
  2863. session=dbsession,
  2864. config=self.app_config,
  2865. )
  2866. groups = [gapi.get_one_with_name('users')]
  2867. test_user = uapi.create_user(
  2868. email='test@test.test',
  2869. password='pass',
  2870. name='bob',
  2871. groups=groups,
  2872. timezone='Europe/Paris',
  2873. lang='fr',
  2874. do_save=True,
  2875. do_notify=False,
  2876. )
  2877. uapi.save(test_user)
  2878. transaction.commit()
  2879. user_id = int(test_user.user_id)
  2880. self.testapp.authorization = (
  2881. 'Basic',
  2882. (
  2883. 'test@test.test',
  2884. 'pass'
  2885. )
  2886. )
  2887. res = self.testapp.get(
  2888. '/api/v2/users/{}'.format(user_id),
  2889. status=200
  2890. )
  2891. res = res.json_body
  2892. assert res['user_id'] == user_id
  2893. assert res['created']
  2894. assert res['is_active'] is True
  2895. assert res['profile'] == 'users'
  2896. assert res['email'] == 'test@test.test'
  2897. assert res['public_name'] == 'bob'
  2898. assert res['timezone'] == 'Europe/Paris'
  2899. assert res['is_deleted'] is False
  2900. def test_api__get_user__err_403__other_normal_user(self):
  2901. dbsession = get_tm_session(self.session_factory, transaction.manager)
  2902. admin = dbsession.query(models.User) \
  2903. .filter(models.User.email == 'admin@admin.admin') \
  2904. .one()
  2905. uapi = UserApi(
  2906. current_user=admin,
  2907. session=dbsession,
  2908. config=self.app_config,
  2909. )
  2910. gapi = GroupApi(
  2911. current_user=admin,
  2912. session=dbsession,
  2913. config=self.app_config,
  2914. )
  2915. groups = [gapi.get_one_with_name('users')]
  2916. test_user = uapi.create_user(
  2917. email='test@test.test',
  2918. password='pass',
  2919. name='bob',
  2920. groups=groups,
  2921. timezone='Europe/Paris',
  2922. do_save=True,
  2923. do_notify=False,
  2924. )
  2925. test_user2 = uapi.create_user(
  2926. email='test2@test2.test2',
  2927. password='pass',
  2928. name='bob2',
  2929. groups=groups,
  2930. timezone='Europe/Paris',
  2931. lang='fr',
  2932. do_save=True,
  2933. do_notify=False,
  2934. )
  2935. uapi.save(test_user2)
  2936. uapi.save(test_user)
  2937. transaction.commit()
  2938. user_id = int(test_user.user_id)
  2939. self.testapp.authorization = (
  2940. 'Basic',
  2941. (
  2942. 'test2@test2.test2',
  2943. 'pass'
  2944. )
  2945. )
  2946. self.testapp.get(
  2947. '/api/v2/users/{}'.format(user_id),
  2948. status=403
  2949. )
  2950. def test_api__create_user__ok_200__full_admin(self):
  2951. self.testapp.authorization = (
  2952. 'Basic',
  2953. (
  2954. 'admin@admin.admin',
  2955. 'admin@admin.admin'
  2956. )
  2957. )
  2958. params = {
  2959. 'email': 'test@test.test',
  2960. 'password': 'mysuperpassword',
  2961. 'profile': 'users',
  2962. 'timezone': 'Europe/Paris',
  2963. 'lang': 'fr',
  2964. 'public_name': 'test user',
  2965. 'email_notification': False,
  2966. }
  2967. res = self.testapp.post_json(
  2968. '/api/v2/users',
  2969. status=200,
  2970. params=params,
  2971. )
  2972. res = res.json_body
  2973. assert res['user_id']
  2974. user_id = res['user_id']
  2975. assert res['created']
  2976. assert res['is_active'] is True
  2977. assert res['profile'] == 'users'
  2978. assert res['email'] == 'test@test.test'
  2979. assert res['public_name'] == 'test user'
  2980. assert res['timezone'] == 'Europe/Paris'
  2981. assert res['lang'] == 'fr'
  2982. dbsession = get_tm_session(self.session_factory, transaction.manager)
  2983. admin = dbsession.query(models.User) \
  2984. .filter(models.User.email == 'admin@admin.admin') \
  2985. .one()
  2986. uapi = UserApi(
  2987. current_user=admin,
  2988. session=dbsession,
  2989. config=self.app_config,
  2990. )
  2991. user = uapi.get_one(user_id)
  2992. assert user.email == 'test@test.test'
  2993. assert user.validate_password('mysuperpassword')
  2994. def test_api__create_user__ok_200__limited_admin(self):
  2995. self.testapp.authorization = (
  2996. 'Basic',
  2997. (
  2998. 'admin@admin.admin',
  2999. 'admin@admin.admin'
  3000. )
  3001. )
  3002. params = {
  3003. 'email': 'test@test.test',
  3004. 'email_notification': False,
  3005. }
  3006. res = self.testapp.post_json(
  3007. '/api/v2/users',
  3008. status=200,
  3009. params=params,
  3010. )
  3011. res = res.json_body
  3012. assert res['user_id']
  3013. user_id = res['user_id']
  3014. assert res['created']
  3015. assert res['is_active'] is True
  3016. assert res['profile'] == 'users'
  3017. assert res['email'] == 'test@test.test'
  3018. assert res['public_name'] == 'test'
  3019. assert res['timezone'] == ''
  3020. assert res['lang'] is None
  3021. dbsession = get_tm_session(self.session_factory, transaction.manager)
  3022. admin = dbsession.query(models.User) \
  3023. .filter(models.User.email == 'admin@admin.admin') \
  3024. .one()
  3025. uapi = UserApi(
  3026. current_user=admin,
  3027. session=dbsession,
  3028. config=self.app_config,
  3029. )
  3030. user = uapi.get_one(user_id)
  3031. assert user.email == 'test@test.test'
  3032. assert user.password
  3033. def test_api__create_user__err_400__email_already_in_db(self):
  3034. dbsession = get_tm_session(self.session_factory, transaction.manager)
  3035. admin = dbsession.query(models.User) \
  3036. .filter(models.User.email == 'admin@admin.admin') \
  3037. .one()
  3038. uapi = UserApi(
  3039. current_user=admin,
  3040. session=dbsession,
  3041. config=self.app_config,
  3042. )
  3043. gapi = GroupApi(
  3044. current_user=admin,
  3045. session=dbsession,
  3046. config=self.app_config,
  3047. )
  3048. groups = [gapi.get_one_with_name('users')]
  3049. test_user = uapi.create_user(
  3050. email='test@test.test',
  3051. password='pass',
  3052. name='bob',
  3053. groups=groups,
  3054. timezone='Europe/Paris',
  3055. lang='fr',
  3056. do_save=True,
  3057. do_notify=False,
  3058. )
  3059. uapi.save(test_user)
  3060. transaction.commit()
  3061. self.testapp.authorization = (
  3062. 'Basic',
  3063. (
  3064. 'admin@admin.admin',
  3065. 'admin@admin.admin'
  3066. )
  3067. )
  3068. params = {
  3069. 'email': 'test@test.test',
  3070. 'password': 'mysuperpassword',
  3071. 'profile': 'users',
  3072. 'timezone': 'Europe/Paris',
  3073. 'lang': 'fr',
  3074. 'public_name': 'test user',
  3075. 'email_notification': False,
  3076. }
  3077. res = self.testapp.post_json(
  3078. '/api/v2/users',
  3079. status=400,
  3080. params=params,
  3081. )
  3082. def test_api__create_user__err_403__other_user(self):
  3083. dbsession = get_tm_session(self.session_factory, transaction.manager)
  3084. admin = dbsession.query(models.User) \
  3085. .filter(models.User.email == 'admin@admin.admin') \
  3086. .one()
  3087. uapi = UserApi(
  3088. current_user=admin,
  3089. session=dbsession,
  3090. config=self.app_config,
  3091. )
  3092. gapi = GroupApi(
  3093. current_user=admin,
  3094. session=dbsession,
  3095. config=self.app_config,
  3096. )
  3097. groups = [gapi.get_one_with_name('users')]
  3098. test_user = uapi.create_user(
  3099. email='test@test.test',
  3100. password='pass',
  3101. name='bob',
  3102. groups=groups,
  3103. timezone='Europe/Paris',
  3104. lang='fr',
  3105. do_save=True,
  3106. do_notify=False,
  3107. )
  3108. uapi.save(test_user)
  3109. transaction.commit()
  3110. self.testapp.authorization = (
  3111. 'Basic',
  3112. (
  3113. 'test@test.test',
  3114. 'pass',
  3115. )
  3116. )
  3117. params = {
  3118. 'email': 'test2@test2.test2',
  3119. 'password': 'mysuperpassword',
  3120. 'profile': 'users',
  3121. 'timezone': 'Europe/Paris',
  3122. 'public_name': 'test user',
  3123. 'lang': 'fr',
  3124. 'email_notification': False,
  3125. }
  3126. res = self.testapp.post_json(
  3127. '/api/v2/users',
  3128. status=403,
  3129. params=params,
  3130. )
  3131. class TestUserWithNotificationEndpoint(FunctionalTest):
  3132. """
  3133. Tests for POST /api/v2/users/{user_id}
  3134. """
  3135. config_section = 'functional_test_with_mail_test_sync'
  3136. def test_api__create_user__ok_200__full_admin_with_notif(self):
  3137. requests.delete('http://127.0.0.1:8025/api/v1/messages')
  3138. self.testapp.authorization = (
  3139. 'Basic',
  3140. (
  3141. 'admin@admin.admin',
  3142. 'admin@admin.admin'
  3143. )
  3144. )
  3145. params = {
  3146. 'email': 'test@test.test',
  3147. 'password': 'mysuperpassword',
  3148. 'profile': 'users',
  3149. 'timezone': 'Europe/Paris',
  3150. 'public_name': 'test user',
  3151. 'lang': 'fr',
  3152. 'email_notification': True,
  3153. }
  3154. res = self.testapp.post_json(
  3155. '/api/v2/users',
  3156. status=200,
  3157. params=params,
  3158. )
  3159. res = res.json_body
  3160. assert res['user_id']
  3161. user_id = res['user_id']
  3162. assert res['created']
  3163. assert res['is_active'] is True
  3164. assert res['profile'] == 'users'
  3165. assert res['email'] == 'test@test.test'
  3166. assert res['public_name'] == 'test user'
  3167. assert res['timezone'] == 'Europe/Paris'
  3168. assert res['lang'] == 'fr'
  3169. dbsession = get_tm_session(self.session_factory, transaction.manager)
  3170. admin = dbsession.query(models.User) \
  3171. .filter(models.User.email == 'admin@admin.admin') \
  3172. .one()
  3173. uapi = UserApi(
  3174. current_user=admin,
  3175. session=dbsession,
  3176. config=self.app_config,
  3177. )
  3178. user = uapi.get_one(user_id)
  3179. assert user.email == 'test@test.test'
  3180. assert user.validate_password('mysuperpassword')
  3181. # check mail received
  3182. response = requests.get('http://127.0.0.1:8025/api/v1/messages')
  3183. response = response.json()
  3184. assert len(response) == 1
  3185. headers = response[0]['Content']['Headers']
  3186. assert headers['From'][0] == 'Tracim Notifications <test_user_from+0@localhost>' # nopep8
  3187. assert headers['To'][0] == 'test user <test@test.test>'
  3188. assert headers['Subject'][0] == '[TRACIM] Created account'
  3189. # TODO - G.M - 2018-08-02 - Place cleanup outside of the test
  3190. requests.delete('http://127.0.0.1:8025/api/v1/messages')
  3191. def test_api__create_user__ok_200__limited_admin_with_notif(self):
  3192. requests.delete('http://127.0.0.1:8025/api/v1/messages')
  3193. self.testapp.authorization = (
  3194. 'Basic',
  3195. (
  3196. 'admin@admin.admin',
  3197. 'admin@admin.admin'
  3198. )
  3199. )
  3200. params = {
  3201. 'email': 'test@test.test',
  3202. 'email_notification': True,
  3203. }
  3204. res = self.testapp.post_json(
  3205. '/api/v2/users',
  3206. status=200,
  3207. params=params,
  3208. )
  3209. res = res.json_body
  3210. assert res['user_id']
  3211. user_id = res['user_id']
  3212. assert res['created']
  3213. assert res['is_active'] is True
  3214. assert res['profile'] == 'users'
  3215. assert res['email'] == 'test@test.test'
  3216. assert res['public_name'] == 'test'
  3217. assert res['timezone'] == ''
  3218. assert res['lang'] == None
  3219. dbsession = get_tm_session(self.session_factory, transaction.manager)
  3220. admin = dbsession.query(models.User) \
  3221. .filter(models.User.email == 'admin@admin.admin') \
  3222. .one()
  3223. uapi = UserApi(
  3224. current_user=admin,
  3225. session=dbsession,
  3226. config=self.app_config,
  3227. )
  3228. user = uapi.get_one(user_id)
  3229. assert user.email == 'test@test.test'
  3230. assert user.password
  3231. # check mail received
  3232. response = requests.get('http://127.0.0.1:8025/api/v1/messages')
  3233. response = response.json()
  3234. assert len(response) == 1
  3235. headers = response[0]['Content']['Headers']
  3236. assert headers['From'][0] == 'Tracim Notifications <test_user_from+0@localhost>' # nopep8
  3237. assert headers['To'][0] == 'test <test@test.test>'
  3238. assert headers['Subject'][0] == '[TRACIM] Created account'
  3239. # TODO - G.M - 2018-08-02 - Place cleanup outside of the test
  3240. requests.delete('http://127.0.0.1:8025/api/v1/messages')
  3241. def test_api_delete_user__ok_200__admin(self):
  3242. dbsession = get_tm_session(self.session_factory, transaction.manager)
  3243. admin = dbsession.query(models.User) \
  3244. .filter(models.User.email == 'admin@admin.admin') \
  3245. .one()
  3246. uapi = UserApi(
  3247. current_user=admin,
  3248. session=dbsession,
  3249. config=self.app_config,
  3250. )
  3251. gapi = GroupApi(
  3252. current_user=admin,
  3253. session=dbsession,
  3254. config=self.app_config,
  3255. )
  3256. groups = [gapi.get_one_with_name('users')]
  3257. test_user = uapi.create_user(
  3258. email='test@test.test',
  3259. password='pass',
  3260. name='bob',
  3261. groups=groups,
  3262. timezone='Europe/Paris',
  3263. lang='fr',
  3264. do_save=True,
  3265. do_notify=False,
  3266. )
  3267. uapi.save(test_user)
  3268. transaction.commit()
  3269. user_id = int(test_user.user_id)
  3270. self.testapp.authorization = (
  3271. 'Basic',
  3272. (
  3273. 'admin@admin.admin',
  3274. 'admin@admin.admin'
  3275. )
  3276. )
  3277. self.testapp.put(
  3278. '/api/v2/users/{}/delete'.format(user_id),
  3279. status=204
  3280. )
  3281. res = self.testapp.get(
  3282. '/api/v2/users/{}'.format(user_id),
  3283. status=200
  3284. ).json_body
  3285. assert res['is_deleted'] is True
  3286. class TestUsersEndpoint(FunctionalTest):
  3287. # -*- coding: utf-8 -*-
  3288. """
  3289. Tests for GET /api/v2/users/{user_id}
  3290. """
  3291. fixtures = [BaseFixture]
  3292. def test_api__get_user__ok_200__admin(self):
  3293. dbsession = get_tm_session(self.session_factory, transaction.manager)
  3294. admin = dbsession.query(models.User) \
  3295. .filter(models.User.email == 'admin@admin.admin') \
  3296. .one()
  3297. uapi = UserApi(
  3298. current_user=admin,
  3299. session=dbsession,
  3300. config=self.app_config,
  3301. )
  3302. gapi = GroupApi(
  3303. current_user=admin,
  3304. session=dbsession,
  3305. config=self.app_config,
  3306. )
  3307. groups = [gapi.get_one_with_name('users')]
  3308. test_user = uapi.create_user(
  3309. email='test@test.test',
  3310. password='pass',
  3311. name='bob',
  3312. groups=groups,
  3313. timezone='Europe/Paris',
  3314. lang='fr',
  3315. do_save=True,
  3316. do_notify=False,
  3317. )
  3318. uapi.save(test_user)
  3319. transaction.commit()
  3320. user_id = int(test_user.user_id)
  3321. self.testapp.authorization = (
  3322. 'Basic',
  3323. (
  3324. 'admin@admin.admin',
  3325. 'admin@admin.admin'
  3326. )
  3327. )
  3328. res = self.testapp.get(
  3329. '/api/v2/users',
  3330. status=200
  3331. )
  3332. res = res.json_body
  3333. assert len(res) == 2
  3334. assert res[0]['user_id'] == admin.user_id
  3335. assert res[0]['public_name'] == admin.display_name
  3336. assert res[0]['avatar_url'] is None
  3337. assert res[1]['user_id'] == test_user.user_id
  3338. assert res[1]['public_name'] == test_user.display_name
  3339. assert res[1]['avatar_url'] is None
  3340. def test_api__get_user__err_403__normal_user(self):
  3341. dbsession = get_tm_session(self.session_factory, transaction.manager)
  3342. admin = dbsession.query(models.User) \
  3343. .filter(models.User.email == 'admin@admin.admin') \
  3344. .one()
  3345. uapi = UserApi(
  3346. current_user=admin,
  3347. session=dbsession,
  3348. config=self.app_config,
  3349. )
  3350. gapi = GroupApi(
  3351. current_user=admin,
  3352. session=dbsession,
  3353. config=self.app_config,
  3354. )
  3355. groups = [gapi.get_one_with_name('users')]
  3356. test_user = uapi.create_user(
  3357. email='test@test.test',
  3358. password='pass',
  3359. name='bob',
  3360. groups=groups,
  3361. timezone='Europe/Paris',
  3362. lang='fr',
  3363. do_save=True,
  3364. do_notify=False,
  3365. )
  3366. uapi.save(test_user)
  3367. transaction.commit()
  3368. user_id = int(test_user.user_id)
  3369. self.testapp.authorization = (
  3370. 'Basic',
  3371. (
  3372. 'test@test.test',
  3373. 'pass'
  3374. )
  3375. )
  3376. self.testapp.get(
  3377. '/api/v2/users',
  3378. status=403
  3379. )
  3380. class TestKnownMembersEndpoint(FunctionalTest):
  3381. # -*- coding: utf-8 -*-
  3382. """
  3383. Tests for GET /api/v2/users/{user_id}
  3384. """
  3385. fixtures = [BaseFixture]
  3386. def test_api__get_user__ok_200__admin__by_name(self):
  3387. dbsession = get_tm_session(self.session_factory, transaction.manager)
  3388. admin = dbsession.query(models.User) \
  3389. .filter(models.User.email == 'admin@admin.admin') \
  3390. .one()
  3391. uapi = UserApi(
  3392. current_user=admin,
  3393. session=dbsession,
  3394. config=self.app_config,
  3395. )
  3396. gapi = GroupApi(
  3397. current_user=admin,
  3398. session=dbsession,
  3399. config=self.app_config,
  3400. )
  3401. groups = [gapi.get_one_with_name('users')]
  3402. test_user = uapi.create_user(
  3403. email='test@test.test',
  3404. password='pass',
  3405. name='bob',
  3406. groups=groups,
  3407. timezone='Europe/Paris',
  3408. lang='fr',
  3409. do_save=True,
  3410. do_notify=False,
  3411. )
  3412. test_user2 = uapi.create_user(
  3413. email='test2@test2.test2',
  3414. password='pass',
  3415. name='bob2',
  3416. groups=groups,
  3417. timezone='Europe/Paris',
  3418. lang='fr',
  3419. do_save=True,
  3420. do_notify=False,
  3421. )
  3422. uapi.save(test_user)
  3423. uapi.save(test_user2)
  3424. transaction.commit()
  3425. user_id = int(admin.user_id)
  3426. self.testapp.authorization = (
  3427. 'Basic',
  3428. (
  3429. 'admin@admin.admin',
  3430. 'admin@admin.admin'
  3431. )
  3432. )
  3433. params = {
  3434. 'acp': 'bob',
  3435. }
  3436. res = self.testapp.get(
  3437. '/api/v2/users/{user_id}/known_members'.format(user_id=user_id),
  3438. status=200,
  3439. params=params,
  3440. )
  3441. res = res.json_body
  3442. assert len(res) == 2
  3443. assert res[0]['user_id'] == test_user.user_id
  3444. assert res[0]['public_name'] == test_user.display_name
  3445. assert res[0]['avatar_url'] is None
  3446. assert res[1]['user_id'] == test_user2.user_id
  3447. assert res[1]['public_name'] == test_user2.display_name
  3448. assert res[1]['avatar_url'] is None
  3449. def test_api__get_user__ok_200__admin__by_email(self):
  3450. dbsession = get_tm_session(self.session_factory, transaction.manager)
  3451. admin = dbsession.query(models.User) \
  3452. .filter(models.User.email == 'admin@admin.admin') \
  3453. .one()
  3454. uapi = UserApi(
  3455. current_user=admin,
  3456. session=dbsession,
  3457. config=self.app_config,
  3458. )
  3459. gapi = GroupApi(
  3460. current_user=admin,
  3461. session=dbsession,
  3462. config=self.app_config,
  3463. )
  3464. groups = [gapi.get_one_with_name('users')]
  3465. test_user = uapi.create_user(
  3466. email='test@test.test',
  3467. password='pass',
  3468. name='bob',
  3469. groups=groups,
  3470. timezone='Europe/Paris',
  3471. lang='fr',
  3472. do_save=True,
  3473. do_notify=False,
  3474. )
  3475. test_user2 = uapi.create_user(
  3476. email='test2@test2.test2',
  3477. password='pass',
  3478. name='bob2',
  3479. groups=groups,
  3480. timezone='Europe/Paris',
  3481. lang='fr',
  3482. do_save=True,
  3483. do_notify=False,
  3484. )
  3485. uapi.save(test_user)
  3486. uapi.save(test_user2)
  3487. transaction.commit()
  3488. user_id = int(admin.user_id)
  3489. self.testapp.authorization = (
  3490. 'Basic',
  3491. (
  3492. 'admin@admin.admin',
  3493. 'admin@admin.admin'
  3494. )
  3495. )
  3496. params = {
  3497. 'acp': 'test',
  3498. }
  3499. res = self.testapp.get(
  3500. '/api/v2/users/{user_id}/known_members'.format(user_id=user_id),
  3501. status=200,
  3502. params=params,
  3503. )
  3504. res = res.json_body
  3505. assert len(res) == 2
  3506. assert res[0]['user_id'] == test_user.user_id
  3507. assert res[0]['public_name'] == test_user.display_name
  3508. assert res[0]['avatar_url'] is None
  3509. assert res[1]['user_id'] == test_user2.user_id
  3510. assert res[1]['public_name'] == test_user2.display_name
  3511. assert res[1]['avatar_url'] is None
  3512. def test_api__get_user__err_403__admin__too_small_acp(self):
  3513. dbsession = get_tm_session(self.session_factory, transaction.manager)
  3514. admin = dbsession.query(models.User) \
  3515. .filter(models.User.email == 'admin@admin.admin') \
  3516. .one()
  3517. uapi = UserApi(
  3518. current_user=admin,
  3519. session=dbsession,
  3520. config=self.app_config,
  3521. )
  3522. gapi = GroupApi(
  3523. current_user=admin,
  3524. session=dbsession,
  3525. config=self.app_config,
  3526. )
  3527. groups = [gapi.get_one_with_name('users')]
  3528. test_user = uapi.create_user(
  3529. email='test@test.test',
  3530. password='pass',
  3531. name='bob',
  3532. groups=groups,
  3533. timezone='Europe/Paris',
  3534. lang='fr',
  3535. do_save=True,
  3536. do_notify=False,
  3537. )
  3538. test_user2 = uapi.create_user(
  3539. email='test2@test2.test2',
  3540. password='pass',
  3541. name='bob2',
  3542. groups=groups,
  3543. timezone='Europe/Paris',
  3544. lang='fr',
  3545. do_save=True,
  3546. do_notify=False,
  3547. )
  3548. uapi.save(test_user)
  3549. transaction.commit()
  3550. user_id = int(admin.user_id)
  3551. self.testapp.authorization = (
  3552. 'Basic',
  3553. (
  3554. 'admin@admin.admin',
  3555. 'admin@admin.admin'
  3556. )
  3557. )
  3558. params = {
  3559. 'acp': 't',
  3560. }
  3561. res = self.testapp.get(
  3562. '/api/v2/users/{user_id}/known_members'.format(user_id=user_id),
  3563. status=400,
  3564. params=params
  3565. )
  3566. def test_api__get_user__ok_200__normal_user_by_email(self):
  3567. dbsession = get_tm_session(self.session_factory, transaction.manager)
  3568. admin = dbsession.query(models.User) \
  3569. .filter(models.User.email == 'admin@admin.admin') \
  3570. .one()
  3571. uapi = UserApi(
  3572. current_user=admin,
  3573. session=dbsession,
  3574. config=self.app_config,
  3575. )
  3576. gapi = GroupApi(
  3577. current_user=admin,
  3578. session=dbsession,
  3579. config=self.app_config,
  3580. )
  3581. groups = [gapi.get_one_with_name('users')]
  3582. test_user = uapi.create_user(
  3583. email='test@test.test',
  3584. password='pass',
  3585. name='bob',
  3586. groups=groups,
  3587. timezone='Europe/Paris',
  3588. lang='fr',
  3589. do_save=True,
  3590. do_notify=False,
  3591. )
  3592. test_user2 = uapi.create_user(
  3593. email='test2@test2.test2',
  3594. password='pass',
  3595. name='bob2',
  3596. groups=groups,
  3597. timezone='Europe/Paris',
  3598. lang='fr',
  3599. do_save=True,
  3600. do_notify=False,
  3601. )
  3602. test_user3 = uapi.create_user(
  3603. email='test3@test3.test3',
  3604. password='pass',
  3605. name='bob3',
  3606. groups=groups,
  3607. timezone='Europe/Paris',
  3608. lang='fr',
  3609. do_save=True,
  3610. do_notify=False,
  3611. )
  3612. uapi.save(test_user)
  3613. uapi.save(test_user2)
  3614. uapi.save(test_user3)
  3615. workspace_api = WorkspaceApi(
  3616. current_user=admin,
  3617. session=dbsession,
  3618. config=self.app_config
  3619. )
  3620. workspace = WorkspaceApi(
  3621. current_user=admin,
  3622. session=dbsession,
  3623. config=self.app_config,
  3624. ).create_workspace(
  3625. 'test workspace',
  3626. save_now=True
  3627. )
  3628. role_api = RoleApi(
  3629. current_user=admin,
  3630. session=dbsession,
  3631. config=self.app_config,
  3632. )
  3633. role_api.create_one(test_user, workspace, UserRoleInWorkspace.READER, False)
  3634. role_api.create_one(test_user2, workspace, UserRoleInWorkspace.READER, False)
  3635. transaction.commit()
  3636. user_id = int(test_user.user_id)
  3637. self.testapp.authorization = (
  3638. 'Basic',
  3639. (
  3640. 'test@test.test',
  3641. 'pass'
  3642. )
  3643. )
  3644. params = {
  3645. 'acp': 'test',
  3646. }
  3647. res = self.testapp.get(
  3648. '/api/v2/users/{user_id}/known_members'.format(user_id=user_id),
  3649. status=200,
  3650. params=params
  3651. )
  3652. res = res.json_body
  3653. assert len(res) == 2
  3654. assert res[0]['user_id'] == test_user.user_id
  3655. assert res[0]['public_name'] == test_user.display_name
  3656. assert res[0]['avatar_url'] is None
  3657. assert res[1]['user_id'] == test_user2.user_id
  3658. assert res[1]['public_name'] == test_user2.display_name
  3659. assert res[1]['avatar_url'] is None
  3660. class TestSetEmailEndpoint(FunctionalTest):
  3661. # -*- coding: utf-8 -*-
  3662. """
  3663. Tests for PUT /api/v2/users/{user_id}/email
  3664. """
  3665. fixtures = [BaseFixture]
  3666. def test_api__set_user_email__ok_200__admin(self):
  3667. dbsession = get_tm_session(self.session_factory, transaction.manager)
  3668. admin = dbsession.query(models.User) \
  3669. .filter(models.User.email == 'admin@admin.admin') \
  3670. .one()
  3671. uapi = UserApi(
  3672. current_user=admin,
  3673. session=dbsession,
  3674. config=self.app_config,
  3675. )
  3676. gapi = GroupApi(
  3677. current_user=admin,
  3678. session=dbsession,
  3679. config=self.app_config,
  3680. )
  3681. groups = [gapi.get_one_with_name('users')]
  3682. test_user = uapi.create_user(
  3683. email='test@test.test',
  3684. password='pass',
  3685. name='bob',
  3686. groups=groups,
  3687. timezone='Europe/Paris',
  3688. lang='fr',
  3689. do_save=True,
  3690. do_notify=False,
  3691. )
  3692. uapi.save(test_user)
  3693. transaction.commit()
  3694. user_id = int(test_user.user_id)
  3695. self.testapp.authorization = (
  3696. 'Basic',
  3697. (
  3698. 'admin@admin.admin',
  3699. 'admin@admin.admin'
  3700. )
  3701. )
  3702. # check before
  3703. res = self.testapp.get(
  3704. '/api/v2/users/{}'.format(user_id),
  3705. status=200
  3706. )
  3707. res = res.json_body
  3708. assert res['email'] == 'test@test.test'
  3709. # Set password
  3710. params = {
  3711. 'email': 'mysuperemail@email.fr',
  3712. 'loggedin_user_password': 'admin@admin.admin',
  3713. }
  3714. self.testapp.put_json(
  3715. '/api/v2/users/{}/email'.format(user_id),
  3716. params=params,
  3717. status=200,
  3718. )
  3719. # Check After
  3720. res = self.testapp.get(
  3721. '/api/v2/users/{}'.format(user_id),
  3722. status=200
  3723. )
  3724. res = res.json_body
  3725. assert res['email'] == 'mysuperemail@email.fr'
  3726. def test_api__set_user_email__err_400__admin_same_email(self):
  3727. dbsession = get_tm_session(self.session_factory, transaction.manager)
  3728. admin = dbsession.query(models.User) \
  3729. .filter(models.User.email == 'admin@admin.admin') \
  3730. .one()
  3731. uapi = UserApi(
  3732. current_user=admin,
  3733. session=dbsession,
  3734. config=self.app_config,
  3735. )
  3736. gapi = GroupApi(
  3737. current_user=admin,
  3738. session=dbsession,
  3739. config=self.app_config,
  3740. )
  3741. groups = [gapi.get_one_with_name('users')]
  3742. test_user = uapi.create_user(
  3743. email='test@test.test',
  3744. password='pass',
  3745. name='bob',
  3746. groups=groups,
  3747. timezone='Europe/Paris',
  3748. lang='fr',
  3749. do_save=True,
  3750. do_notify=False,
  3751. )
  3752. uapi.save(test_user)
  3753. transaction.commit()
  3754. user_id = int(test_user.user_id)
  3755. self.testapp.authorization = (
  3756. 'Basic',
  3757. (
  3758. 'admin@admin.admin',
  3759. 'admin@admin.admin'
  3760. )
  3761. )
  3762. # check before
  3763. res = self.testapp.get(
  3764. '/api/v2/users/{}'.format(user_id),
  3765. status=200
  3766. )
  3767. res = res.json_body
  3768. assert res['email'] == 'test@test.test'
  3769. # Set password
  3770. params = {
  3771. 'email': 'admin@admin.admin',
  3772. 'loggedin_user_password': 'admin@admin.admin',
  3773. }
  3774. self.testapp.put_json(
  3775. '/api/v2/users/{}/email'.format(user_id),
  3776. params=params,
  3777. status=400,
  3778. )
  3779. # Check After
  3780. res = self.testapp.get(
  3781. '/api/v2/users/{}'.format(user_id),
  3782. status=200
  3783. )
  3784. res = res.json_body
  3785. assert res['email'] == 'test@test.test'
  3786. def test_api__set_user_email__err_403__admin_wrong_password(self):
  3787. dbsession = get_tm_session(self.session_factory, transaction.manager)
  3788. admin = dbsession.query(models.User) \
  3789. .filter(models.User.email == 'admin@admin.admin') \
  3790. .one()
  3791. uapi = UserApi(
  3792. current_user=admin,
  3793. session=dbsession,
  3794. config=self.app_config,
  3795. )
  3796. gapi = GroupApi(
  3797. current_user=admin,
  3798. session=dbsession,
  3799. config=self.app_config,
  3800. )
  3801. groups = [gapi.get_one_with_name('users')]
  3802. test_user = uapi.create_user(
  3803. email='test@test.test',
  3804. password='pass',
  3805. name='bob',
  3806. groups=groups,
  3807. timezone='Europe/Paris',
  3808. lang='fr',
  3809. do_save=True,
  3810. do_notify=False,
  3811. )
  3812. uapi.save(test_user)
  3813. transaction.commit()
  3814. user_id = int(test_user.user_id)
  3815. self.testapp.authorization = (
  3816. 'Basic',
  3817. (
  3818. 'admin@admin.admin',
  3819. 'admin@admin.admin'
  3820. )
  3821. )
  3822. # check before
  3823. res = self.testapp.get(
  3824. '/api/v2/users/{}'.format(user_id),
  3825. status=200
  3826. )
  3827. res = res.json_body
  3828. assert res['email'] == 'test@test.test'
  3829. # Set password
  3830. params = {
  3831. 'email': 'mysuperemail@email.fr',
  3832. 'loggedin_user_password': 'badpassword',
  3833. }
  3834. self.testapp.put_json(
  3835. '/api/v2/users/{}/email'.format(user_id),
  3836. params=params,
  3837. status=403,
  3838. )
  3839. # Check After
  3840. res = self.testapp.get(
  3841. '/api/v2/users/{}'.format(user_id),
  3842. status=200
  3843. )
  3844. res = res.json_body
  3845. assert res['email'] == 'test@test.test'
  3846. def test_api__set_user_email__err_400__admin_string_is_not_email(self):
  3847. dbsession = get_tm_session(self.session_factory, transaction.manager)
  3848. admin = dbsession.query(models.User) \
  3849. .filter(models.User.email == 'admin@admin.admin') \
  3850. .one()
  3851. uapi = UserApi(
  3852. current_user=admin,
  3853. session=dbsession,
  3854. config=self.app_config,
  3855. )
  3856. gapi = GroupApi(
  3857. current_user=admin,
  3858. session=dbsession,
  3859. config=self.app_config,
  3860. )
  3861. groups = [gapi.get_one_with_name('users')]
  3862. test_user = uapi.create_user(
  3863. email='test@test.test',
  3864. password='pass',
  3865. name='bob',
  3866. groups=groups,
  3867. timezone='Europe/Paris',
  3868. lang='fr',
  3869. do_save=True,
  3870. do_notify=False,
  3871. )
  3872. uapi.save(test_user)
  3873. transaction.commit()
  3874. user_id = int(test_user.user_id)
  3875. self.testapp.authorization = (
  3876. 'Basic',
  3877. (
  3878. 'admin@admin.admin',
  3879. 'admin@admin.admin'
  3880. )
  3881. )
  3882. # check before
  3883. res = self.testapp.get(
  3884. '/api/v2/users/{}'.format(user_id),
  3885. status=200
  3886. )
  3887. res = res.json_body
  3888. assert res['email'] == 'test@test.test'
  3889. # Set password
  3890. params = {
  3891. 'email': 'thatisnotandemail',
  3892. 'loggedin_user_password': 'admin@admin.admin',
  3893. }
  3894. self.testapp.put_json(
  3895. '/api/v2/users/{}/email'.format(user_id),
  3896. params=params,
  3897. status=400,
  3898. )
  3899. # Check After
  3900. res = self.testapp.get(
  3901. '/api/v2/users/{}'.format(user_id),
  3902. status=200
  3903. )
  3904. res = res.json_body
  3905. assert res['email'] == 'test@test.test'
  3906. def test_api__set_user_email__ok_200__user_itself(self):
  3907. dbsession = get_tm_session(self.session_factory, transaction.manager)
  3908. admin = dbsession.query(models.User) \
  3909. .filter(models.User.email == 'admin@admin.admin') \
  3910. .one()
  3911. uapi = UserApi(
  3912. current_user=admin,
  3913. session=dbsession,
  3914. config=self.app_config,
  3915. )
  3916. gapi = GroupApi(
  3917. current_user=admin,
  3918. session=dbsession,
  3919. config=self.app_config,
  3920. )
  3921. groups = [gapi.get_one_with_name('users')]
  3922. test_user = uapi.create_user(
  3923. email='test@test.test',
  3924. password='pass',
  3925. name='bob',
  3926. groups=groups,
  3927. timezone='Europe/Paris',
  3928. lang='fr',
  3929. do_save=True,
  3930. do_notify=False,
  3931. )
  3932. uapi.save(test_user)
  3933. transaction.commit()
  3934. user_id = int(test_user.user_id)
  3935. self.testapp.authorization = (
  3936. 'Basic',
  3937. (
  3938. 'test@test.test',
  3939. 'pass'
  3940. )
  3941. )
  3942. # check before
  3943. res = self.testapp.get(
  3944. '/api/v2/users/{}'.format(user_id),
  3945. status=200
  3946. )
  3947. res = res.json_body
  3948. assert res['email'] == 'test@test.test'
  3949. # Set password
  3950. params = {
  3951. 'email': 'mysuperemail@email.fr',
  3952. 'loggedin_user_password': 'pass',
  3953. }
  3954. self.testapp.put_json(
  3955. '/api/v2/users/{}/email'.format(user_id),
  3956. params=params,
  3957. status=200,
  3958. )
  3959. self.testapp.authorization = (
  3960. 'Basic',
  3961. (
  3962. 'mysuperemail@email.fr',
  3963. 'pass'
  3964. )
  3965. )
  3966. # Check After
  3967. res = self.testapp.get(
  3968. '/api/v2/users/{}'.format(user_id),
  3969. status=200
  3970. )
  3971. res = res.json_body
  3972. assert res['email'] == 'mysuperemail@email.fr'
  3973. def test_api__set_user_email__err_403__other_normal_user(self):
  3974. dbsession = get_tm_session(self.session_factory, transaction.manager)
  3975. admin = dbsession.query(models.User) \
  3976. .filter(models.User.email == 'admin@admin.admin') \
  3977. .one()
  3978. uapi = UserApi(
  3979. current_user=admin,
  3980. session=dbsession,
  3981. config=self.app_config,
  3982. )
  3983. gapi = GroupApi(
  3984. current_user=admin,
  3985. session=dbsession,
  3986. config=self.app_config,
  3987. )
  3988. groups = [gapi.get_one_with_name('users')]
  3989. test_user = uapi.create_user(
  3990. email='test@test.test',
  3991. password='pass',
  3992. name='bob',
  3993. groups=groups,
  3994. timezone='Europe/Paris',
  3995. lang='fr',
  3996. do_save=True,
  3997. do_notify=False,
  3998. )
  3999. test_user2 = uapi.create_user(
  4000. email='test2@test2.test2',
  4001. password='pass',
  4002. name='bob2',
  4003. groups=groups,
  4004. timezone='Europe/Paris',
  4005. lang='fr',
  4006. do_save=True,
  4007. do_notify=False,
  4008. )
  4009. uapi.save(test_user2)
  4010. uapi.save(test_user)
  4011. transaction.commit()
  4012. user_id = int(test_user.user_id)
  4013. self.testapp.authorization = (
  4014. 'Basic',
  4015. (
  4016. 'test@test.test',
  4017. 'pass'
  4018. )
  4019. )
  4020. # Set password
  4021. params = {
  4022. 'email': 'mysuperemail@email.fr',
  4023. 'loggedin_user_password': 'test2@test2.test2',
  4024. }
  4025. self.testapp.put_json(
  4026. '/api/v2/users/{}/email'.format(user_id),
  4027. params=params,
  4028. status=403,
  4029. )
  4030. class TestSetPasswordEndpoint(FunctionalTest):
  4031. # -*- coding: utf-8 -*-
  4032. """
  4033. Tests for PUT /api/v2/users/{user_id}/password
  4034. """
  4035. fixtures = [BaseFixture]
  4036. def test_api__set_user_password__ok_200__admin(self):
  4037. dbsession = get_tm_session(self.session_factory, transaction.manager)
  4038. admin = dbsession.query(models.User) \
  4039. .filter(models.User.email == 'admin@admin.admin') \
  4040. .one()
  4041. uapi = UserApi(
  4042. current_user=admin,
  4043. session=dbsession,
  4044. config=self.app_config,
  4045. )
  4046. gapi = GroupApi(
  4047. current_user=admin,
  4048. session=dbsession,
  4049. config=self.app_config,
  4050. )
  4051. groups = [gapi.get_one_with_name('users')]
  4052. test_user = uapi.create_user(
  4053. email='test@test.test',
  4054. password='pass',
  4055. name='bob',
  4056. groups=groups,
  4057. timezone='Europe/Paris',
  4058. lang='fr',
  4059. do_save=True,
  4060. do_notify=False,
  4061. )
  4062. uapi.save(test_user)
  4063. transaction.commit()
  4064. user_id = int(test_user.user_id)
  4065. self.testapp.authorization = (
  4066. 'Basic',
  4067. (
  4068. 'admin@admin.admin',
  4069. 'admin@admin.admin'
  4070. )
  4071. )
  4072. # check before
  4073. user = uapi.get_one(user_id)
  4074. assert user.validate_password('pass')
  4075. assert not user.validate_password('mynewpassword')
  4076. # Set password
  4077. params = {
  4078. 'new_password': 'mynewpassword',
  4079. 'new_password2': 'mynewpassword',
  4080. 'loggedin_user_password': 'admin@admin.admin',
  4081. }
  4082. self.testapp.put_json(
  4083. '/api/v2/users/{}/password'.format(user_id),
  4084. params=params,
  4085. status=204,
  4086. )
  4087. # Check After
  4088. dbsession = get_tm_session(self.session_factory, transaction.manager)
  4089. uapi = UserApi(
  4090. current_user=admin,
  4091. session=dbsession,
  4092. config=self.app_config,
  4093. )
  4094. user = uapi.get_one(user_id)
  4095. assert not user.validate_password('pass')
  4096. assert user.validate_password('mynewpassword')
  4097. def test_api__set_user_password__err_403__admin_wrong_password(self):
  4098. dbsession = get_tm_session(self.session_factory, transaction.manager)
  4099. admin = dbsession.query(models.User) \
  4100. .filter(models.User.email == 'admin@admin.admin') \
  4101. .one()
  4102. uapi = UserApi(
  4103. current_user=admin,
  4104. session=dbsession,
  4105. config=self.app_config,
  4106. )
  4107. gapi = GroupApi(
  4108. current_user=admin,
  4109. session=dbsession,
  4110. config=self.app_config,
  4111. )
  4112. groups = [gapi.get_one_with_name('users')]
  4113. test_user = uapi.create_user(
  4114. email='test@test.test',
  4115. password='pass',
  4116. name='bob',
  4117. groups=groups,
  4118. timezone='Europe/Paris',
  4119. lang='fr',
  4120. do_save=True,
  4121. do_notify=False,
  4122. )
  4123. uapi.save(test_user)
  4124. transaction.commit()
  4125. user_id = int(test_user.user_id)
  4126. self.testapp.authorization = (
  4127. 'Basic',
  4128. (
  4129. 'admin@admin.admin',
  4130. 'admin@admin.admin'
  4131. )
  4132. )
  4133. # check before
  4134. user = uapi.get_one(user_id)
  4135. assert user.validate_password('pass')
  4136. assert not user.validate_password('mynewpassword')
  4137. # Set password
  4138. params = {
  4139. 'new_password': 'mynewpassword',
  4140. 'new_password2': 'mynewpassword',
  4141. 'loggedin_user_password': 'wrongpassword',
  4142. }
  4143. self.testapp.put_json(
  4144. '/api/v2/users/{}/password'.format(user_id),
  4145. params=params,
  4146. status=403,
  4147. )
  4148. dbsession = get_tm_session(self.session_factory, transaction.manager)
  4149. uapi = UserApi(
  4150. current_user=admin,
  4151. session=dbsession,
  4152. config=self.app_config,
  4153. )
  4154. # Check After
  4155. user = uapi.get_one(user_id)
  4156. assert user.validate_password('pass')
  4157. assert not user.validate_password('mynewpassword')
  4158. def test_api__set_user_password__err_400__admin_passwords_do_not_match(self): # nopep8
  4159. dbsession = get_tm_session(self.session_factory, transaction.manager)
  4160. admin = dbsession.query(models.User) \
  4161. .filter(models.User.email == 'admin@admin.admin') \
  4162. .one()
  4163. uapi = UserApi(
  4164. current_user=admin,
  4165. session=dbsession,
  4166. config=self.app_config,
  4167. )
  4168. gapi = GroupApi(
  4169. current_user=admin,
  4170. session=dbsession,
  4171. config=self.app_config,
  4172. )
  4173. groups = [gapi.get_one_with_name('users')]
  4174. test_user = uapi.create_user(
  4175. email='test@test.test',
  4176. password='pass',
  4177. name='bob',
  4178. groups=groups,
  4179. timezone='Europe/Paris',
  4180. lang='fr',
  4181. do_save=True,
  4182. do_notify=False,
  4183. )
  4184. uapi.save(test_user)
  4185. transaction.commit()
  4186. user_id = int(test_user.user_id)
  4187. self.testapp.authorization = (
  4188. 'Basic',
  4189. (
  4190. 'admin@admin.admin',
  4191. 'admin@admin.admin'
  4192. )
  4193. )
  4194. # check before
  4195. user = uapi.get_one(user_id)
  4196. assert user.validate_password('pass')
  4197. assert not user.validate_password('mynewpassword')
  4198. assert not user.validate_password('mynewpassword2')
  4199. # Set password
  4200. params = {
  4201. 'new_password': 'mynewpassword',
  4202. 'new_password2': 'mynewpassword2',
  4203. 'loggedin_user_password': 'admin@admin.admin',
  4204. }
  4205. self.testapp.put_json(
  4206. '/api/v2/users/{}/password'.format(user_id),
  4207. params=params,
  4208. status=400,
  4209. )
  4210. # Check After
  4211. dbsession = get_tm_session(self.session_factory, transaction.manager)
  4212. uapi = UserApi(
  4213. current_user=admin,
  4214. session=dbsession,
  4215. config=self.app_config,
  4216. )
  4217. user = uapi.get_one(user_id)
  4218. assert user.validate_password('pass')
  4219. assert not user.validate_password('mynewpassword')
  4220. assert not user.validate_password('mynewpassword2')
  4221. def test_api__set_user_password__ok_200__user_itself(self):
  4222. dbsession = get_tm_session(self.session_factory, transaction.manager)
  4223. admin = dbsession.query(models.User) \
  4224. .filter(models.User.email == 'admin@admin.admin') \
  4225. .one()
  4226. uapi = UserApi(
  4227. current_user=admin,
  4228. session=dbsession,
  4229. config=self.app_config,
  4230. )
  4231. gapi = GroupApi(
  4232. current_user=admin,
  4233. session=dbsession,
  4234. config=self.app_config,
  4235. )
  4236. groups = [gapi.get_one_with_name('users')]
  4237. test_user = uapi.create_user(
  4238. email='test@test.test',
  4239. password='pass',
  4240. name='bob',
  4241. groups=groups,
  4242. timezone='Europe/Paris',
  4243. lang='fr',
  4244. do_save=True,
  4245. do_notify=False,
  4246. )
  4247. uapi.save(test_user)
  4248. transaction.commit()
  4249. user_id = int(test_user.user_id)
  4250. self.testapp.authorization = (
  4251. 'Basic',
  4252. (
  4253. 'test@test.test',
  4254. 'pass'
  4255. )
  4256. )
  4257. # check before
  4258. user = uapi.get_one(user_id)
  4259. assert user.validate_password('pass')
  4260. assert not user.validate_password('mynewpassword')
  4261. # Set password
  4262. params = {
  4263. 'new_password': 'mynewpassword',
  4264. 'new_password2': 'mynewpassword',
  4265. 'loggedin_user_password': 'pass',
  4266. }
  4267. self.testapp.put_json(
  4268. '/api/v2/users/{}/password'.format(user_id),
  4269. params=params,
  4270. status=204,
  4271. )
  4272. # Check After
  4273. dbsession = get_tm_session(self.session_factory, transaction.manager)
  4274. uapi = UserApi(
  4275. current_user=admin,
  4276. session=dbsession,
  4277. config=self.app_config,
  4278. )
  4279. user = uapi.get_one(user_id)
  4280. assert not user.validate_password('pass')
  4281. assert user.validate_password('mynewpassword')
  4282. def test_api__set_user_email__err_403__other_normal_user(self):
  4283. dbsession = get_tm_session(self.session_factory, transaction.manager)
  4284. admin = dbsession.query(models.User) \
  4285. .filter(models.User.email == 'admin@admin.admin') \
  4286. .one()
  4287. uapi = UserApi(
  4288. current_user=admin,
  4289. session=dbsession,
  4290. config=self.app_config,
  4291. )
  4292. gapi = GroupApi(
  4293. current_user=admin,
  4294. session=dbsession,
  4295. config=self.app_config,
  4296. )
  4297. groups = [gapi.get_one_with_name('users')]
  4298. test_user = uapi.create_user(
  4299. email='test@test.test',
  4300. password='pass',
  4301. name='bob',
  4302. groups=groups,
  4303. lang='fr',
  4304. timezone='Europe/Paris',
  4305. do_save=True,
  4306. do_notify=False,
  4307. )
  4308. test_user2 = uapi.create_user(
  4309. email='test2@test2.test2',
  4310. password='pass',
  4311. name='bob2',
  4312. groups=groups,
  4313. timezone='Europe/Paris',
  4314. lang='fr',
  4315. do_save=True,
  4316. do_notify=False,
  4317. )
  4318. uapi.save(test_user2)
  4319. uapi.save(test_user)
  4320. transaction.commit()
  4321. user_id = int(test_user.user_id)
  4322. self.testapp.authorization = (
  4323. 'Basic',
  4324. (
  4325. 'test@test.test',
  4326. 'pass'
  4327. )
  4328. )
  4329. # Set password
  4330. params = {
  4331. 'email': 'mysuperemail@email.fr',
  4332. 'loggedin_user_password': 'test2@test2.test2',
  4333. }
  4334. self.testapp.put_json(
  4335. '/api/v2/users/{}/email'.format(user_id),
  4336. params=params,
  4337. status=403,
  4338. )
  4339. class TestSetUserInfoEndpoint(FunctionalTest):
  4340. # -*- coding: utf-8 -*-
  4341. """
  4342. Tests for PUT /api/v2/users/{user_id}
  4343. """
  4344. fixtures = [BaseFixture]
  4345. def test_api__set_user_info__ok_200__admin(self):
  4346. dbsession = get_tm_session(self.session_factory, transaction.manager)
  4347. admin = dbsession.query(models.User) \
  4348. .filter(models.User.email == 'admin@admin.admin') \
  4349. .one()
  4350. uapi = UserApi(
  4351. current_user=admin,
  4352. session=dbsession,
  4353. config=self.app_config,
  4354. )
  4355. gapi = GroupApi(
  4356. current_user=admin,
  4357. session=dbsession,
  4358. config=self.app_config,
  4359. )
  4360. groups = [gapi.get_one_with_name('users')]
  4361. test_user = uapi.create_user(
  4362. email='test@test.test',
  4363. password='pass',
  4364. name='bob',
  4365. groups=groups,
  4366. timezone='Europe/Paris',
  4367. lang='fr',
  4368. do_save=True,
  4369. do_notify=False,
  4370. )
  4371. uapi.save(test_user)
  4372. transaction.commit()
  4373. user_id = int(test_user.user_id)
  4374. self.testapp.authorization = (
  4375. 'Basic',
  4376. (
  4377. 'admin@admin.admin',
  4378. 'admin@admin.admin'
  4379. )
  4380. )
  4381. # check before
  4382. res = self.testapp.get(
  4383. '/api/v2/users/{}'.format(user_id),
  4384. status=200
  4385. )
  4386. res = res.json_body
  4387. assert res['user_id'] == user_id
  4388. assert res['public_name'] == 'bob'
  4389. assert res['timezone'] == 'Europe/Paris'
  4390. assert res['lang'] == 'fr'
  4391. # Set params
  4392. params = {
  4393. 'public_name': 'updated',
  4394. 'timezone': 'Europe/London',
  4395. 'lang': 'en',
  4396. }
  4397. self.testapp.put_json(
  4398. '/api/v2/users/{}'.format(user_id),
  4399. params=params,
  4400. status=200,
  4401. )
  4402. # Check After
  4403. res = self.testapp.get(
  4404. '/api/v2/users/{}'.format(user_id),
  4405. status=200
  4406. )
  4407. res = res.json_body
  4408. assert res['user_id'] == user_id
  4409. assert res['public_name'] == 'updated'
  4410. assert res['timezone'] == 'Europe/London'
  4411. assert res['lang'] == 'en'
  4412. def test_api__set_user_info__ok_200__user_itself(self):
  4413. dbsession = get_tm_session(self.session_factory, transaction.manager)
  4414. admin = dbsession.query(models.User) \
  4415. .filter(models.User.email == 'admin@admin.admin') \
  4416. .one()
  4417. uapi = UserApi(
  4418. current_user=admin,
  4419. session=dbsession,
  4420. config=self.app_config,
  4421. )
  4422. gapi = GroupApi(
  4423. current_user=admin,
  4424. session=dbsession,
  4425. config=self.app_config,
  4426. )
  4427. groups = [gapi.get_one_with_name('users')]
  4428. test_user = uapi.create_user(
  4429. email='test@test.test',
  4430. password='pass',
  4431. name='bob',
  4432. groups=groups,
  4433. timezone='Europe/Paris',
  4434. lang='fr',
  4435. do_save=True,
  4436. do_notify=False,
  4437. )
  4438. uapi.save(test_user)
  4439. transaction.commit()
  4440. user_id = int(test_user.user_id)
  4441. self.testapp.authorization = (
  4442. 'Basic',
  4443. (
  4444. 'test@test.test',
  4445. 'pass',
  4446. )
  4447. )
  4448. # check before
  4449. res = self.testapp.get(
  4450. '/api/v2/users/{}'.format(user_id),
  4451. status=200
  4452. )
  4453. res = res.json_body
  4454. assert res['user_id'] == user_id
  4455. assert res['public_name'] == 'bob'
  4456. assert res['timezone'] == 'Europe/Paris'
  4457. assert res['lang'] == 'fr'
  4458. # Set params
  4459. params = {
  4460. 'public_name': 'updated',
  4461. 'timezone': 'Europe/London',
  4462. 'lang': 'en',
  4463. }
  4464. self.testapp.put_json(
  4465. '/api/v2/users/{}'.format(user_id),
  4466. params=params,
  4467. status=200,
  4468. )
  4469. # Check After
  4470. res = self.testapp.get(
  4471. '/api/v2/users/{}'.format(user_id),
  4472. status=200
  4473. )
  4474. res = res.json_body
  4475. assert res['user_id'] == user_id
  4476. assert res['public_name'] == 'updated'
  4477. assert res['timezone'] == 'Europe/London'
  4478. assert res['lang'] == 'en'
  4479. def test_api__set_user_email__err_403__other_normal_user(self):
  4480. dbsession = get_tm_session(self.session_factory, transaction.manager)
  4481. admin = dbsession.query(models.User) \
  4482. .filter(models.User.email == 'admin@admin.admin') \
  4483. .one()
  4484. uapi = UserApi(
  4485. current_user=admin,
  4486. session=dbsession,
  4487. config=self.app_config,
  4488. )
  4489. gapi = GroupApi(
  4490. current_user=admin,
  4491. session=dbsession,
  4492. config=self.app_config,
  4493. )
  4494. groups = [gapi.get_one_with_name('users')]
  4495. test_user = uapi.create_user(
  4496. email='test@test.test',
  4497. password='pass',
  4498. name='bob',
  4499. groups=groups,
  4500. timezone='Europe/Paris',
  4501. lang='fr',
  4502. do_save=True,
  4503. do_notify=False,
  4504. )
  4505. test_user2 = uapi.create_user(
  4506. email='test2@test2.test2',
  4507. password='pass',
  4508. name='test',
  4509. groups=groups,
  4510. timezone='Europe/Paris',
  4511. lang='fr',
  4512. do_save=True,
  4513. do_notify=False,
  4514. )
  4515. uapi.save(test_user2)
  4516. uapi.save(test_user)
  4517. transaction.commit()
  4518. user_id = int(test_user.user_id)
  4519. self.testapp.authorization = (
  4520. 'Basic',
  4521. (
  4522. 'test2@test2.test2',
  4523. 'pass',
  4524. )
  4525. )
  4526. # Set params
  4527. params = {
  4528. 'public_name': 'updated',
  4529. 'timezone': 'Europe/London',
  4530. 'lang': 'en'
  4531. }
  4532. self.testapp.put_json(
  4533. '/api/v2/users/{}'.format(user_id),
  4534. params=params,
  4535. status=403,
  4536. )
  4537. class TestSetUserProfilEndpoint(FunctionalTest):
  4538. # -*- coding: utf-8 -*-
  4539. """
  4540. Tests for PUT /api/v2/users/{user_id}/profile
  4541. """
  4542. fixtures = [BaseFixture]
  4543. def test_api__set_user_info__ok_200__admin(self):
  4544. dbsession = get_tm_session(self.session_factory, transaction.manager)
  4545. admin = dbsession.query(models.User) \
  4546. .filter(models.User.email == 'admin@admin.admin') \
  4547. .one()
  4548. uapi = UserApi(
  4549. current_user=admin,
  4550. session=dbsession,
  4551. config=self.app_config,
  4552. )
  4553. gapi = GroupApi(
  4554. current_user=admin,
  4555. session=dbsession,
  4556. config=self.app_config,
  4557. )
  4558. groups = [gapi.get_one_with_name('users')]
  4559. test_user = uapi.create_user(
  4560. email='test@test.test',
  4561. password='pass',
  4562. name='bob',
  4563. groups=groups,
  4564. timezone='Europe/Paris',
  4565. lang='fr',
  4566. do_save=True,
  4567. do_notify=False,
  4568. )
  4569. uapi.save(test_user)
  4570. transaction.commit()
  4571. user_id = int(test_user.user_id)
  4572. self.testapp.authorization = (
  4573. 'Basic',
  4574. (
  4575. 'admin@admin.admin',
  4576. 'admin@admin.admin'
  4577. )
  4578. )
  4579. # check before
  4580. res = self.testapp.get(
  4581. '/api/v2/users/{}'.format(user_id),
  4582. status=200
  4583. )
  4584. res = res.json_body
  4585. assert res['user_id'] == user_id
  4586. assert res['profile'] == 'users'
  4587. # Set params
  4588. params = {
  4589. 'profile': 'administrators',
  4590. }
  4591. self.testapp.put_json(
  4592. '/api/v2/users/{}/profile'.format(user_id),
  4593. params=params,
  4594. status=204,
  4595. )
  4596. # Check After
  4597. res = self.testapp.get(
  4598. '/api/v2/users/{}'.format(user_id),
  4599. status=200
  4600. )
  4601. res = res.json_body
  4602. assert res['user_id'] == user_id
  4603. assert res['profile'] == 'administrators'
  4604. def test_api__set_user_info__err_403__user_itself(self):
  4605. dbsession = get_tm_session(self.session_factory, transaction.manager)
  4606. admin = dbsession.query(models.User) \
  4607. .filter(models.User.email == 'admin@admin.admin') \
  4608. .one()
  4609. uapi = UserApi(
  4610. current_user=admin,
  4611. session=dbsession,
  4612. config=self.app_config,
  4613. )
  4614. gapi = GroupApi(
  4615. current_user=admin,
  4616. session=dbsession,
  4617. config=self.app_config,
  4618. )
  4619. groups = [gapi.get_one_with_name('users')]
  4620. test_user = uapi.create_user(
  4621. email='test@test.test',
  4622. password='pass',
  4623. name='bob',
  4624. groups=groups,
  4625. timezone='Europe/Paris',
  4626. lang='fr',
  4627. do_save=True,
  4628. do_notify=False,
  4629. )
  4630. uapi.save(test_user)
  4631. transaction.commit()
  4632. user_id = int(test_user.user_id)
  4633. self.testapp.authorization = (
  4634. 'Basic',
  4635. (
  4636. 'test@test.test',
  4637. 'pass',
  4638. )
  4639. )
  4640. # check before
  4641. res = self.testapp.get(
  4642. '/api/v2/users/{}'.format(user_id),
  4643. status=200
  4644. )
  4645. res = res.json_body
  4646. assert res['user_id'] == user_id
  4647. assert res['profile'] == 'users'
  4648. # Set params
  4649. params = {
  4650. 'profile': 'administrators',
  4651. }
  4652. self.testapp.put_json(
  4653. '/api/v2/users/{}/profile'.format(user_id),
  4654. params=params,
  4655. status=403,
  4656. )
  4657. # Check After
  4658. res = self.testapp.get(
  4659. '/api/v2/users/{}'.format(user_id),
  4660. status=200
  4661. )
  4662. res = res.json_body
  4663. assert res['user_id'] == user_id
  4664. assert res['profile'] == 'users'
  4665. def test_api__set_user_email__err_403__other_normal_user(self):
  4666. dbsession = get_tm_session(self.session_factory, transaction.manager)
  4667. admin = dbsession.query(models.User) \
  4668. .filter(models.User.email == 'admin@admin.admin') \
  4669. .one()
  4670. uapi = UserApi(
  4671. current_user=admin,
  4672. session=dbsession,
  4673. config=self.app_config,
  4674. )
  4675. gapi = GroupApi(
  4676. current_user=admin,
  4677. session=dbsession,
  4678. config=self.app_config,
  4679. )
  4680. groups = [gapi.get_one_with_name('users')]
  4681. test_user = uapi.create_user(
  4682. email='test@test.test',
  4683. password='pass',
  4684. name='bob',
  4685. groups=groups,
  4686. timezone='Europe/Paris',
  4687. lang='fr',
  4688. do_save=True,
  4689. do_notify=False,
  4690. )
  4691. test_user2 = uapi.create_user(
  4692. email='test2@test2.test2',
  4693. password='pass',
  4694. name='test',
  4695. groups=groups,
  4696. timezone='Europe/Paris',
  4697. lang='fr',
  4698. do_save=True,
  4699. do_notify=False,
  4700. )
  4701. uapi.save(test_user2)
  4702. uapi.save(test_user)
  4703. transaction.commit()
  4704. user_id = int(test_user.user_id)
  4705. self.testapp.authorization = (
  4706. 'Basic',
  4707. (
  4708. 'test2@test2.test2',
  4709. 'pass',
  4710. )
  4711. )
  4712. # Set params
  4713. params = {
  4714. 'profile': 'administrators',
  4715. }
  4716. self.testapp.put_json(
  4717. '/api/v2/users/{}/profile'.format(user_id),
  4718. params=params,
  4719. status=403,
  4720. )
  4721. class TestSetUserEnableDisableEndpoints(FunctionalTest):
  4722. # -*- coding: utf-8 -*-
  4723. """
  4724. Tests for PUT /api/v2/users/{user_id}/enable
  4725. and PUT /api/v2/users/{user_id}/disable
  4726. """
  4727. fixtures = [BaseFixture]
  4728. def test_api_enable_user__ok_200__admin(self):
  4729. dbsession = get_tm_session(self.session_factory, transaction.manager)
  4730. admin = dbsession.query(models.User) \
  4731. .filter(models.User.email == 'admin@admin.admin') \
  4732. .one()
  4733. uapi = UserApi(
  4734. current_user=admin,
  4735. session=dbsession,
  4736. config=self.app_config,
  4737. )
  4738. gapi = GroupApi(
  4739. current_user=admin,
  4740. session=dbsession,
  4741. config=self.app_config,
  4742. )
  4743. groups = [gapi.get_one_with_name('users')]
  4744. test_user = uapi.create_user(
  4745. email='test@test.test',
  4746. password='pass',
  4747. name='bob',
  4748. groups=groups,
  4749. timezone='Europe/Paris',
  4750. lang='fr',
  4751. do_save=True,
  4752. do_notify=False,
  4753. )
  4754. uapi.disable(test_user, do_save=True)
  4755. uapi.save(test_user)
  4756. transaction.commit()
  4757. user_id = int(test_user.user_id)
  4758. self.testapp.authorization = (
  4759. 'Basic',
  4760. (
  4761. 'admin@admin.admin',
  4762. 'admin@admin.admin'
  4763. )
  4764. )
  4765. # check before
  4766. res = self.testapp.get(
  4767. '/api/v2/users/{}'.format(user_id),
  4768. status=200
  4769. )
  4770. res = res.json_body
  4771. assert res['user_id'] == user_id
  4772. assert res['is_active'] is False
  4773. self.testapp.put_json(
  4774. '/api/v2/users/{}/enable'.format(user_id),
  4775. status=204,
  4776. )
  4777. # Check After
  4778. res = self.testapp.get(
  4779. '/api/v2/users/{}'.format(user_id),
  4780. status=200
  4781. )
  4782. res = res.json_body
  4783. assert res['user_id'] == user_id
  4784. assert res['is_active'] is True
  4785. def test_api_disable_user__ok_200__admin(self):
  4786. dbsession = get_tm_session(self.session_factory, transaction.manager)
  4787. admin = dbsession.query(models.User) \
  4788. .filter(models.User.email == 'admin@admin.admin') \
  4789. .one()
  4790. uapi = UserApi(
  4791. current_user=admin,
  4792. session=dbsession,
  4793. config=self.app_config,
  4794. )
  4795. gapi = GroupApi(
  4796. current_user=admin,
  4797. session=dbsession,
  4798. config=self.app_config,
  4799. )
  4800. groups = [gapi.get_one_with_name('users')]
  4801. test_user = uapi.create_user(
  4802. email='test@test.test',
  4803. password='pass',
  4804. name='bob',
  4805. groups=groups,
  4806. timezone='Europe/Paris',
  4807. lang='fr',
  4808. do_save=True,
  4809. do_notify=False,
  4810. )
  4811. uapi.enable(test_user, do_save=True)
  4812. uapi.save(test_user)
  4813. transaction.commit()
  4814. user_id = int(test_user.user_id)
  4815. self.testapp.authorization = (
  4816. 'Basic',
  4817. (
  4818. 'admin@admin.admin',
  4819. 'admin@admin.admin'
  4820. )
  4821. )
  4822. # check before
  4823. res = self.testapp.get(
  4824. '/api/v2/users/{}'.format(user_id),
  4825. status=200
  4826. )
  4827. res = res.json_body
  4828. assert res['user_id'] == user_id
  4829. assert res['is_active'] is True
  4830. self.testapp.put_json(
  4831. '/api/v2/users/{}/disable'.format(user_id),
  4832. status=204,
  4833. )
  4834. # Check After
  4835. res = self.testapp.get(
  4836. '/api/v2/users/{}'.format(user_id),
  4837. status=200
  4838. )
  4839. res = res.json_body
  4840. assert res['user_id'] == user_id
  4841. assert res['is_active'] is False
  4842. def test_api_enable_user__err_403__other_account(self):
  4843. dbsession = get_tm_session(self.session_factory, transaction.manager)
  4844. admin = dbsession.query(models.User) \
  4845. .filter(models.User.email == 'admin@admin.admin') \
  4846. .one()
  4847. uapi = UserApi(
  4848. current_user=admin,
  4849. session=dbsession,
  4850. config=self.app_config,
  4851. )
  4852. gapi = GroupApi(
  4853. current_user=admin,
  4854. session=dbsession,
  4855. config=self.app_config,
  4856. )
  4857. groups = [gapi.get_one_with_name('users')]
  4858. test_user = uapi.create_user(
  4859. email='test@test.test',
  4860. password='pass',
  4861. name='bob',
  4862. groups=groups,
  4863. timezone='Europe/Paris',
  4864. lang='fr',
  4865. do_save=True,
  4866. do_notify=False,
  4867. )
  4868. test_user2 = uapi.create_user(
  4869. email='test2@test2.test2',
  4870. password='pass',
  4871. name='test2',
  4872. groups=groups,
  4873. timezone='Europe/Paris',
  4874. lang='fr',
  4875. do_save=True,
  4876. do_notify=False,
  4877. )
  4878. uapi.disable(test_user, do_save=True)
  4879. uapi.save(test_user2)
  4880. uapi.save(test_user)
  4881. transaction.commit()
  4882. user_id = int(test_user.user_id)
  4883. self.testapp.authorization = (
  4884. 'Basic',
  4885. (
  4886. 'test2@test2.test2',
  4887. 'pass'
  4888. )
  4889. )
  4890. self.testapp.put_json(
  4891. '/api/v2/users/{}/enable'.format(user_id),
  4892. status=403,
  4893. )
  4894. def test_api_disable_user__err_403__other_account(self):
  4895. dbsession = get_tm_session(self.session_factory, transaction.manager)
  4896. admin = dbsession.query(models.User) \
  4897. .filter(models.User.email == 'admin@admin.admin') \
  4898. .one()
  4899. uapi = UserApi(
  4900. current_user=admin,
  4901. session=dbsession,
  4902. config=self.app_config,
  4903. )
  4904. gapi = GroupApi(
  4905. current_user=admin,
  4906. session=dbsession,
  4907. config=self.app_config,
  4908. )
  4909. groups = [gapi.get_one_with_name('users')]
  4910. test_user = uapi.create_user(
  4911. email='test@test.test',
  4912. password='pass',
  4913. name='bob',
  4914. groups=groups,
  4915. timezone='Europe/Paris',
  4916. lang='fr',
  4917. do_save=True,
  4918. do_notify=False,
  4919. )
  4920. test_user2 = uapi.create_user(
  4921. email='test2@test2.test2',
  4922. password='pass',
  4923. name='test2',
  4924. groups=groups,
  4925. timezone='Europe/Paris',
  4926. lang='fr',
  4927. do_save=True,
  4928. do_notify=False,
  4929. )
  4930. uapi.enable(test_user, do_save=True)
  4931. uapi.save(test_user2)
  4932. uapi.save(test_user)
  4933. transaction.commit()
  4934. user_id = int(test_user.user_id)
  4935. self.testapp.authorization = (
  4936. 'Basic',
  4937. (
  4938. 'test2@test2.test2',
  4939. 'pass'
  4940. )
  4941. )
  4942. self.testapp.put_json(
  4943. '/api/v2/users/{}/disable'.format(user_id),
  4944. status=403,
  4945. )
  4946. def test_api_disable_user__ok_200__user_itself(self):
  4947. dbsession = get_tm_session(self.session_factory, transaction.manager)
  4948. admin = dbsession.query(models.User) \
  4949. .filter(models.User.email == 'admin@admin.admin') \
  4950. .one()
  4951. uapi = UserApi(
  4952. current_user=admin,
  4953. session=dbsession,
  4954. config=self.app_config,
  4955. )
  4956. gapi = GroupApi(
  4957. current_user=admin,
  4958. session=dbsession,
  4959. config=self.app_config,
  4960. )
  4961. groups = [gapi.get_one_with_name('users')]
  4962. test_user = uapi.create_user(
  4963. email='test@test.test',
  4964. password='pass',
  4965. name='bob',
  4966. groups=groups,
  4967. timezone='Europe/Paris',
  4968. lang='fr',
  4969. do_save=True,
  4970. do_notify=False,
  4971. )
  4972. uapi.enable(test_user, do_save=True)
  4973. uapi.save(test_user)
  4974. transaction.commit()
  4975. user_id = int(test_user.user_id)
  4976. self.testapp.authorization = (
  4977. 'Basic',
  4978. (
  4979. 'test@test.test',
  4980. 'pass'
  4981. )
  4982. )
  4983. # check before
  4984. res = self.testapp.get(
  4985. '/api/v2/users/{}'.format(user_id),
  4986. status=200
  4987. )
  4988. res = res.json_body
  4989. assert res['user_id'] == user_id
  4990. assert res['is_active'] is True
  4991. self.testapp.put_json(
  4992. '/api/v2/users/{}/disable'.format(user_id),
  4993. status=403,
  4994. )
  4995. # Check After
  4996. res = self.testapp.get(
  4997. '/api/v2/users/{}'.format(user_id),
  4998. status=200
  4999. )
  5000. res = res.json_body
  5001. assert res['user_id'] == user_id
  5002. assert res['is_active'] is True