matthias/mayan-edms
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Update the tag API tests to test against permission and access success and failure.

Browse Source 
Update tag API test to conform to new API test class interface.

Signed-off-by: Michael Price <loneviking72@gmail.com>
This commit is contained in:
Michael Price
2018-02-17 03:04:06 -04:00
committed by Roberto Rosario
parent 8d50e5ecb9
commit 9f3f41f39e
2 changed files with 270 additions and 106 deletions
Download Patch File Download Diff File Expand all files Collapse all files

BIN
docs/topics/.development.rst.swp
View File

Binary file not shown.

376
mayan/apps/tags/tests/test_api.py
View File

@@ -1,18 +1,20 @@
from __future__ import unicode_literals
from django.contrib.auth import get_user_model
from django.test import override_settings
from django.urls import reverse
from django.utils.encoding import force_text
from rest_framework import status
from documents.models import DocumentType
from documents.permissions import permission_document_view
from documents.tests import TEST_DOCUMENT_TYPE_LABEL, TEST_SMALL_DOCUMENT_PATH
from rest_api.tests import BaseAPITestCase
from user_management.tests.literals import (
TEST_ADMIN_EMAIL, TEST_ADMIN_PASSWORD, TEST_ADMIN_USERNAME
)
from ..models import Tag
from ..permissions import (
permission_tag_attach, permission_tag_create, permission_tag_delete,
permission_tag_edit, permission_tag_remove, permission_tag_view
)
from .literals import (
TEST_TAG_COLOR, TEST_TAG_COLOR_EDITED, TEST_TAG_LABEL,
@@ -24,14 +26,7 @@ from .literals import (
class TagAPITestCase(BaseAPITestCase):
def setUp(self):
super(TagAPITestCase, self).setUp()
self.admin_user = get_user_model().objects.create_superuser(
username=TEST_ADMIN_USERNAME, email=TEST_ADMIN_EMAIL,
password=TEST_ADMIN_PASSWORD
)
self.client.login(
username=TEST_ADMIN_USERNAME, password=TEST_ADMIN_PASSWORD
)
self.login_user()
def tearDown(self):
if hasattr(self, 'document_type'):
@@ -39,7 +34,9 @@ class TagAPITestCase(BaseAPITestCase):
super(TagAPITestCase, self).tearDown()
def _create_tag(self):
return Tag.objects.create(color=TEST_TAG_COLOR, label=TEST_TAG_LABEL)
return Tag.objects.create(
color=TEST_TAG_COLOR, label=TEST_TAG_LABEL
)
def _document_create(self):
self.document_type = DocumentType.objects.create(
@@ -53,130 +50,297 @@ class TagAPITestCase(BaseAPITestCase):
return document
def test_tag_create_view(self):
response = self.client.post(
reverse('rest_api:tag-list'), {
def _request_tag_create(self):
return self.post(
viewname='rest_api:tag-list', data={
'label': TEST_TAG_LABEL, 'color': TEST_TAG_COLOR
}
)
tag = Tag.objects.first()
self.assertEqual(response.data['id'], tag.pk)
self.assertEqual(response.data['label'], TEST_TAG_LABEL)
self.assertEqual(response.data['color'], TEST_TAG_COLOR)
self.assertEqual(Tag.objects.count(), 1)
self.assertEqual(tag.label, TEST_TAG_LABEL)
self.assertEqual(tag.color, TEST_TAG_COLOR)
def test_tag_create_with_documents_view(self):
response = self.client.post(
reverse('rest_api:tag-list'), {
'label': TEST_TAG_LABEL, 'color': TEST_TAG_COLOR
}
)
tag = Tag.objects.first()
self.assertEqual(response.data['id'], tag.pk)
self.assertEqual(response.data['label'], TEST_TAG_LABEL)
self.assertEqual(response.data['color'], TEST_TAG_COLOR)
self.assertEqual(Tag.objects.count(), 1)
self.assertEqual(tag.label, TEST_TAG_LABEL)
self.assertEqual(tag.color, TEST_TAG_COLOR)
def test_tag_delete_view(self):
tag = self._create_tag()
self.client.delete(reverse('rest_api:tag-detail', args=(tag.pk,)))
def test_tag_create_view_no_permission(self):
response = self._request_tag_create()
self.assertEqual(response.status_code, status.HTTP_403_FORBIDDEN)
self.assertEqual(Tag.objects.count(), 0)
def test_tag_document_list_view(self):
tag = self._create_tag()
document = self._document_create()
tag.documents.add(document)
def test_tag_create_view_with_permission(self):
self.grant_permission(permission=permission_tag_create)
response = self._request_tag_create()
self.assertEqual(response.status_code, status.HTTP_201_CREATED)
response = self.client.get(
reverse('rest_api:tag-document-list', args=(tag.pk,))
tag = Tag.objects.first()
self.assertEqual(response.data['id'], tag.pk)
self.assertEqual(response.data['label'], TEST_TAG_LABEL)
self.assertEqual(response.data['color'], TEST_TAG_COLOR)
self.assertEqual(Tag.objects.count(), 1)
self.assertEqual(tag.label, TEST_TAG_LABEL)
self.assertEqual(tag.color, TEST_TAG_COLOR)
def _request_tag_delete(self):
return self.delete(viewname='rest_api:tag-detail', args=(self.tag.pk,))
def test_tag_delete_view_no_access(self):
self.tag = self._create_tag()
response = self._request_tag_delete()
self.assertEqual(response.status_code, status.HTTP_404_NOT_FOUND)
self.assertTrue(self.tag in Tag.objects.all())
def test_tag_delete_view_with_access(self):
self.tag = self._create_tag()
self.grant_access(permission=permission_tag_delete, obj=self.tag)
response = self._request_tag_delete()
self.assertEqual(response.status_code, status.HTTP_204_NO_CONTENT)
self.assertFalse(self.tag in Tag.objects.all())
def _request_tag_document_list_view(self):
return self.get(
viewname='rest_api:tag-document-list', args=(self.tag.pk,)
)
def test_tag_document_list_view_no_access(self):
self.tag = self._create_tag()
document = self._document_create()
self.tag.documents.add(document)
response = self._request_tag_document_list_view()
self.assertEqual(response.status_code, status.HTTP_403_FORBIDDEN)
def test_tag_document_list_view_with_tag_access(self):
self.tag = self._create_tag()
document = self._document_create()
self.tag.documents.add(document)
self.grant_access(permission=permission_tag_view, obj=self.tag)
response = self._request_tag_document_list_view()
self.assertEqual(response.status_code, status.HTTP_200_OK)
self.assertEqual(response.data['count'], 0)
def test_tag_document_list_view_with_document_access(self):
self.tag = self._create_tag()
document = self._document_create()
self.tag.documents.add(document)
self.grant_access(permission=permission_document_view, obj=document)
response = self._request_tag_document_list_view()
self.assertEqual(response.status_code, status.HTTP_403_FORBIDDEN)
def test_tag_document_list_view_with_access(self):
self.tag = self._create_tag()
document = self._document_create()
self.tag.documents.add(document)
self.grant_access(permission=permission_tag_view, obj=self.tag)
self.grant_access(permission=permission_document_view, obj=document)
response = self._request_tag_document_list_view()
self.assertEqual(response.status_code, status.HTTP_200_OK)
self.assertEqual(
response.data['results'][0]['uuid'], force_text(document.uuid)
)
def test_tag_edit_via_patch(self):
tag = self._create_tag()
self.client.patch(
reverse('rest_api:tag-detail', args=(tag.pk,)),
{
def _request_tag_edit_via_patch(self):
return self.patch(
viewname='rest_api:tag-detail', args=(self.tag.pk,), data={
'label': TEST_TAG_LABEL_EDITED,
'color': TEST_TAG_COLOR_EDITED
}
)
tag.refresh_from_db()
def test_tag_edit_via_patch_no_access(self):
self.tag = self._create_tag()
response = self._request_tag_edit_via_patch()
self.assertEqual(response.status_code, status.HTTP_404_NOT_FOUND)
self.tag.refresh_from_db()
self.assertEqual(self.tag.label, TEST_TAG_LABEL)
self.assertEqual(self.tag.color, TEST_TAG_COLOR)
self.assertEqual(tag.label, TEST_TAG_LABEL_EDITED)
self.assertEqual(tag.color, TEST_TAG_COLOR_EDITED)
def test_tag_edit_via_patch_with_access(self):
self.tag = self._create_tag()
self.grant_access(permission=permission_tag_edit, obj=self.tag)
response = self._request_tag_edit_via_patch()
self.assertEqual(response.status_code, status.HTTP_200_OK)
self.tag.refresh_from_db()
self.assertEqual(self.tag.label, TEST_TAG_LABEL_EDITED)
self.assertEqual(self.tag.color, TEST_TAG_COLOR_EDITED)
def test_tag_edit_via_put(self):
tag = self._create_tag()
self.client.put(
reverse('rest_api:tag-detail', args=(tag.pk,)),
{
def _request_tag_edit_via_put(self):
return self.put(
viewname='rest_api:tag-detail', args=(self.tag.pk,), data={
'label': TEST_TAG_LABEL_EDITED,
'color': TEST_TAG_COLOR_EDITED
}
)
tag.refresh_from_db()
def test_tag_edit_via_put_no_access(self):
self.tag = self._create_tag()
response = self._request_tag_edit_via_put()
self.assertEqual(response.status_code, status.HTTP_404_NOT_FOUND)
self.tag.refresh_from_db()
self.assertEqual(self.tag.label, TEST_TAG_LABEL)
self.assertEqual(self.tag.color, TEST_TAG_COLOR)
self.assertEqual(tag.label, TEST_TAG_LABEL_EDITED)
self.assertEqual(tag.color, TEST_TAG_COLOR_EDITED)
def test_tag_edit_via_put_with_access(self):
self.tag = self._create_tag()
self.grant_access(permission=permission_tag_edit, obj=self.tag)
response = self._request_tag_edit_via_put()
self.assertEqual(response.status_code, status.HTTP_200_OK)
self.tag.refresh_from_db()
self.assertEqual(self.tag.label, TEST_TAG_LABEL_EDITED)
self.assertEqual(self.tag.color, TEST_TAG_COLOR_EDITED)
def test_document_attach_tag_view(self):
tag = self._create_tag()
document = self._document_create()
self.client.post(
reverse('rest_api:document-tag-list', args=(document.pk,)),
{'tag_pk': tag.pk}
)
self.assertQuerysetEqual(document.tags.all(), (repr(tag),))
def test_document_tag_detail_view(self):
tag = self._create_tag()
document = self._document_create()
tag.documents.add(document)
response = self.client.get(
reverse('rest_api:document-tag-detail', args=(document.pk, tag.pk))
def _request_document_attach_tag(self):
return self.post(
viewname='rest_api:document-tag-list', args=(self.document.pk,),
data={'tag_pk': self.tag.pk}
)
self.assertEqual(response.data['label'], tag.label)
def test_document_attach_tag_view_no_access(self):
self.tag = self._create_tag()
self.document = self._document_create()
def test_document_tag_list_view(self):
tag = self._create_tag()
document = self._document_create()
tag.documents.add(document)
response = self._request_document_attach_tag()
self.assertEqual(response.status_code, status.HTTP_201_CREATED)
self.assertFalse(self.tag in self.document.tags.all())
response = self.client.get(
reverse('rest_api:document-tag-list', args=(document.pk,))
)
self.assertEqual(response.data['results'][0]['label'], tag.label)
def test_document_attach_tag_view_with_document_access(self):
self.tag = self._create_tag()
self.document = self._document_create()
self.grant_access(permission=permission_tag_attach, obj=self.document)
response = self._request_document_attach_tag()
self.assertEqual(response.status_code, status.HTTP_201_CREATED)
self.assertFalse(self.tag in self.document.tags.all())
def test_document_tag_remove_view(self):
tag = self._create_tag()
document = self._document_create()
tag.documents.add(document)
def test_document_attach_tag_view_with_tag_access(self):
self.tag = self._create_tag()
self.document = self._document_create()
self.grant_access(permission=permission_tag_attach, obj=self.tag)
response = self._request_document_attach_tag()
self.assertEqual(response.status_code, status.HTTP_201_CREATED)
self.assertFalse(self.tag in self.document.tags.all())
self.client.delete(
reverse(
'rest_api:document-tag-detail', args=(document.pk, tag.pk)
),
def test_document_attach_tag_view_with_access(self):
self.tag = self._create_tag()
self.document = self._document_create()
self.grant_access(permission=permission_tag_attach, obj=self.document)
self.grant_access(permission=permission_tag_attach, obj=self.tag)
response = self._request_document_attach_tag()
self.assertEqual(response.status_code, status.HTTP_201_CREATED)
self.assertTrue(self.tag in self.document.tags.all())
def _request_document_tag_detail_view(self):
return self.get(
viewname='rest_api:document-tag-detail', args=(
self.document.pk, self.tag.pk
)
)
self.assertEqual(tag.documents.count(), 0)
def test_document_tag_detail_view_no_access(self):
self.tag = self._create_tag()
self.document = self._document_create()
self.tag.documents.add(self.document)
response = self._request_document_tag_detail_view()
self.assertEqual(response.status_code, status.HTTP_403_FORBIDDEN)
def test_document_tag_detail_view_with_document_access(self):
self.tag = self._create_tag()
self.document = self._document_create()
self.tag.documents.add(self.document)
self.grant_access(permission=permission_document_view, obj=self.document)
response = self._request_document_tag_detail_view()
self.assertEqual(response.status_code, status.HTTP_404_NOT_FOUND)
def test_document_tag_detail_view_with_tag_access(self):
self.tag = self._create_tag()
self.document = self._document_create()
self.tag.documents.add(self.document)
self.grant_access(permission=permission_tag_view, obj=self.tag)
response = self._request_document_tag_detail_view()
self.assertEqual(response.status_code, status.HTTP_403_FORBIDDEN)
def test_document_tag_detail_view_with_access(self):
self.tag = self._create_tag()
self.document = self._document_create()
self.tag.documents.add(self.document)
self.grant_access(permission=permission_tag_view, obj=self.tag)
self.grant_access(permission=permission_document_view, obj=self.document)
response = self._request_document_tag_detail_view()
self.assertEqual(response.status_code, status.HTTP_200_OK)
self.assertEqual(response.data['label'], self.tag.label)
def _request_document_tag_list_view(self):
return self.get(
viewname='rest_api:document-tag-list', args=(self.document.pk,)
)
def test_document_tag_list_view_no_access(self):
self.tag = self._create_tag()
self.document = self._document_create()
self.tag.documents.add(self.document)
response = self._request_document_tag_list_view()
self.assertEqual(response.status_code, status.HTTP_403_FORBIDDEN)
def test_document_tag_list_view_with_document_access(self):
self.tag = self._create_tag()
self.document = self._document_create()
self.tag.documents.add(self.document)
self.grant_access(permission=permission_document_view, obj=self.document)
response = self._request_document_tag_list_view()
self.assertEqual(response.status_code, status.HTTP_200_OK)
self.assertEqual(response.data['count'], 0)
def test_document_tag_list_view_with_tag_access(self):
self.tag = self._create_tag()
self.document = self._document_create()
self.tag.documents.add(self.document)
self.grant_access(permission=permission_tag_view, obj=self.tag)
response = self._request_document_tag_list_view()
self.assertEqual(response.status_code, status.HTTP_403_FORBIDDEN)
def test_document_tag_list_view_with_access(self):
self.tag = self._create_tag()
self.document = self._document_create()
self.tag.documents.add(self.document)
self.grant_access(permission=permission_document_view, obj=self.document)
self.grant_access(permission=permission_tag_view, obj=self.tag)
response = self._request_document_tag_list_view()
self.assertEqual(response.status_code, status.HTTP_200_OK)
self.assertEqual(response.data['results'][0]['label'], self.tag.label)
def _request_document_tag_remove(self):
return self.delete(
viewname='rest_api:document-tag-detail', args=(
self.document.pk, self.tag.pk
)
)
def test_document_tag_remove_view_no_access(self):
self.tag = self._create_tag()
self.document = self._document_create()
self.tag.documents.add(self.document)
response = self._request_document_tag_remove()
self.assertEqual(response.status_code, status.HTTP_403_FORBIDDEN)
self.assertTrue(self.tag in self.document.tags.all())
def test_document_tag_remove_view_with_document_access(self):
self.tag = self._create_tag()
self.document = self._document_create()
self.tag.documents.add(self.document)
self.grant_access(permission=permission_tag_remove, obj=self.document)
response = self._request_document_tag_remove()
self.assertEqual(response.status_code, status.HTTP_403_FORBIDDEN)
self.assertTrue(self.tag in self.document.tags.all())
def test_document_tag_remove_view_with_tag_access(self):
self.tag = self._create_tag()
self.document = self._document_create()
self.tag.documents.add(self.document)
self.grant_access(permission=permission_tag_remove, obj=self.tag)
response = self._request_document_tag_remove()
self.assertEqual(response.status_code, status.HTTP_403_FORBIDDEN)
self.assertTrue(self.tag in self.document.tags.all())
def test_document_tag_remove_view_with_access(self):
self.tag = self._create_tag()
self.document = self._document_create()
self.tag.documents.add(self.document)
self.grant_access(permission=permission_document_view, obj=self.document)
self.grant_access(permission=permission_tag_remove, obj=self.tag)
response = self._request_document_tag_remove()
self.assertEqual(response.status_code, status.HTTP_204_NO_CONTENT)
self.assertFalse(self.tag in self.document.tags.all())