From e1e2454e2a3493d5fd373a064b58d995b1173125 Mon Sep 17 00:00:00 2001 From: Roberto Rosario Date: Tue, 7 May 2019 01:57:03 -0400 Subject: [PATCH] Convert ACL API tests to use ephimeral models Signed-off-by: Roberto Rosario --- mayan/apps/acls/api_views.py | 8 +- mayan/apps/acls/tests/test_api.py | 340 ++++++++++++++---------------- mayan/apps/acls/urls.py | 8 +- 3 files changed, 170 insertions(+), 186 deletions(-) diff --git a/mayan/apps/acls/api_views.py b/mayan/apps/acls/api_views.py index 95b610e962..d4ad13608b 100644 --- a/mayan/apps/acls/api_views.py +++ b/mayan/apps/acls/api_views.py @@ -26,7 +26,7 @@ class APIObjectACLListView(generics.ListCreateAPIView): ) content_object = get_object_or_404( - klass=content_type.model_class(), pk=self.kwargs['object_pk'] + klass=content_type.model_class(), pk=self.kwargs['object_id'] ) if self.request.method == 'GET': @@ -90,7 +90,7 @@ class APIObjectACLView(generics.RetrieveDestroyAPIView): ) content_object = get_object_or_404( - klass=content_type.model_class(), pk=self.kwargs['object_pk'] + klass=content_type.model_class(), pk=self.kwargs['object_id'] ) AccessControlList.objects.check_access( @@ -121,7 +121,7 @@ class APIObjectACLPermissionListView(generics.ListCreateAPIView): ) content_object = get_object_or_404( - klass=content_type.model_class(), pk=self.kwargs['object_pk'] + klass=content_type.model_class(), pk=self.kwargs['object_id'] ) if self.request.method == 'GET': @@ -183,7 +183,7 @@ class APIObjectACLPermissionView(generics.RetrieveDestroyAPIView): ) content_object = get_object_or_404( - klass=content_type.model_class(), pk=self.kwargs['object_pk'] + klass=content_type.model_class(), pk=self.kwargs['object_id'] ) if self.request.method == 'GET': diff --git a/mayan/apps/acls/tests/test_api.py b/mayan/apps/acls/tests/test_api.py index eb87c007da..5292414fd1 100644 --- a/mayan/apps/acls/tests/test_api.py +++ b/mayan/apps/acls/tests/test_api.py @@ -1,11 +1,7 @@ from __future__ import absolute_import, unicode_literals -from django.contrib.contenttypes.models import ContentType - from rest_framework import status -from mayan.apps.documents.permissions import permission_document_view -from mayan.apps.documents.tests import DocumentTestMixin from mayan.apps.permissions.tests.literals import TEST_ROLE_LABEL from mayan.apps.rest_api.tests import BaseAPITestCase @@ -15,175 +11,8 @@ from ..permissions import permission_acl_edit, permission_acl_view from .mixins import ACLTestMixin -class ACLAPITestCase(ACLTestMixin, DocumentTestMixin, BaseAPITestCase): - def setUp(self): - super(ACLAPITestCase, self).setUp() - self.test_object = self.test_document - self.test_object_content_type = ContentType.objects.get_for_model( - self.test_object - ) - - def test_acl_list_api_view_with_access(self): - self._create_test_acl() - - self.grant_access(obj=self.test_object, permission=permission_acl_view) - - response = self.get( - viewname='rest_api:accesscontrollist-list', - args=( - self.test_object_content_type.app_label, - self.test_object_content_type.model, - self.test_object.pk - ) - ) - self.assertEqual(response.status_code, status.HTTP_200_OK) - self.assertContains( - response=response, text=self.test_object_content_type.app_label, - status_code=200 - ) - self.assertContains( - response=response, text=self.test_acl.role.label, - status_code=200 - ) - - def _request_test_acl_delete_api_view(self): - return self.delete( - viewname='rest_api:accesscontrollist-detail', - args=( - self.test_object_content_type.app_label, - self.test_object_content_type.model, - self.test_object.pk, self.test_acl.pk - ) - ) - - def test_acl_delete_api_view_with_access(self): - self.expected_content_type = None - self._create_test_acl() - - self.grant_access(self.test_object, permission=permission_acl_edit) - - acl_count = AccessControlList.objects.count() - - response = self._request_test_acl_delete_api_view() - self.assertEqual(response.status_code, status.HTTP_204_NO_CONTENT) - - self.assertEqual(AccessControlList.objects.count(), acl_count - 1) - - def _request_test_acl_detail_api_view(self): - return self.get( - viewname='rest_api:accesscontrollist-detail', - args=( - self.test_object_content_type.app_label, - self.test_object_content_type.model, - self.test_object.pk, self.test_acl.pk - ) - ) - - def test_acl_detail_api_view_with_access(self): - self._create_test_acl() - - self.grant_access(obj=self.test_object, permission=permission_acl_view) - - response = self._request_test_acl_detail_api_view() - - self.assertEqual( - response.data['content_type']['app_label'], - self.test_object_content_type.app_label - ) - self.assertEqual( - response.data['role']['label'], TEST_ROLE_LABEL - ) - - def _request_test_acl_permission_delete_api_view(self): - return self.delete( - viewname='rest_api:accesscontrollist-permission-detail', - args=( - self.test_object_content_type.app_label, - self.test_object_content_type.model, - self.test_object.pk, self.test_acl.pk, - self.test_permission.stored_permission.pk - ) - ) - - def test_acl_permission_delete_view_with_access(self): - self.expected_content_type = None - self.test_permission = permission_document_view - self._create_test_acl() - self.test_acl.permissions.add(self.test_permission.stored_permission) - - self.grant_access(obj=self.test_object, permission=permission_acl_edit) - - response = self._request_test_acl_permission_delete_api_view() - self.assertEqual(response.status_code, status.HTTP_204_NO_CONTENT) - - self.assertEqual(self.test_acl.permissions.count(), 0) - - def _request_test_acl_permission_detail_api_view(self): - return self.get( - viewname='rest_api:accesscontrollist-permission-detail', - args=( - self.test_object_content_type.app_label, - self.test_object_content_type.model, - self.test_object.pk, self.test_acl.pk, - self.test_acl.permissions.first().pk - ) - ) - - def test_acl_permission_detail_api_view_with_access(self): - self._create_test_acl() - self.test_acl.permissions.add(permission_document_view.stored_permission) - - self.grant_access(obj=self.test_object, permission=permission_acl_view) - - response = self._request_test_acl_permission_detail_api_view() - self.assertEqual( - response.data['pk'], permission_document_view.pk - ) - - def _request_test_acl_permission_list_api_get_view(self): - return self.get( - viewname='rest_api:accesscontrollist-permission-list', - args=( - self.test_object_content_type.app_label, - self.test_object_content_type.model, - self.test_object.pk, self.test_acl.pk - ) - ) - - def test_acl_permission_list_api_get_view_with_access(self): - self._create_test_acl() - self.test_acl.permissions.add(permission_document_view.stored_permission) - - self.grant_access(obj=self.test_object, permission=permission_acl_view) - - response = self._request_test_acl_permission_list_api_get_view() - self.assertEqual( - response.data['results'][0]['pk'], - permission_document_view.pk - ) - - def _request_acl_permssion_list_api_post_view(self): - return self.post( - viewname='rest_api:accesscontrollist-permission-list', - args=( - self.test_object_content_type.app_label, - self.test_object_content_type.model, - self.test_object.pk, self.test_acl.pk - ), data={'permission_pk': self.test_permission.pk} - ) - - def test_acl_permission_list_api_post_view_with_access(self): - self._create_test_acl() - self.test_permission = permission_document_view - - self.grant_access(obj=self.test_object, permission=permission_acl_edit) - - response = self._request_acl_permssion_list_api_post_view() - self.assertEqual(response.status_code, status.HTTP_201_CREATED) - - self.assertTrue( - self.test_permission.stored_permission in self.test_acl.permissions.all() - ) +class ACLAPITestCase(ACLTestMixin, BaseAPITestCase): + auto_create_test_object = True def _request_acl_create_api_view(self, extra_data=None): data = {'role_pk': self.test_role.pk} @@ -193,11 +22,7 @@ class ACLAPITestCase(ACLTestMixin, DocumentTestMixin, BaseAPITestCase): return self.post( viewname='rest_api:accesscontrollist-list', - args=( - self.test_object_content_type.app_label, - self.test_object_content_type.model, - self.test_object.pk - ), data=data + kwargs=self.test_content_object_view_kwargs, data=data ) def test_acl_create_api_api_view_with_access(self): @@ -239,3 +64,162 @@ class ACLAPITestCase(ACLTestMixin, DocumentTestMixin, BaseAPITestCase): test_object_acl.permissions.first(), permission_acl_view.stored_permission ) + + def _request_test_acl_delete_api_view(self): + return self.delete( + viewname='rest_api:accesscontrollist-detail', kwargs={ + 'app_label': self.test_object_content_type.app_label, + 'model': self.test_object_content_type.model, + 'object_id': self.test_object.pk, + 'pk': self.test_acl.pk + } + ) + + def test_acl_delete_api_view_with_access(self): + self.expected_content_type = None + self._create_test_acl() + + self.grant_access(self.test_object, permission=permission_acl_edit) + + acl_count = AccessControlList.objects.count() + + response = self._request_test_acl_delete_api_view() + self.assertEqual(response.status_code, status.HTTP_204_NO_CONTENT) + + self.assertEqual(AccessControlList.objects.count(), acl_count - 1) + + def _request_test_acl_permission_delete_api_view(self): + return self.delete( + viewname='rest_api:accesscontrollist-permission-detail', kwargs={ + 'app_label': self.test_object_content_type.app_label, + 'model': self.test_object_content_type.model, + 'object_id': self.test_object.pk, + 'pk': self.test_acl.pk, + 'permission_pk': self.test_permission.stored_permission.pk + } + ) + + def test_acl_permission_delete_view_with_access(self): + self.expected_content_type = None + self._create_test_acl() + self.test_acl.permissions.add(self.test_permission.stored_permission) + + self.grant_access(obj=self.test_object, permission=permission_acl_edit) + + response = self._request_test_acl_permission_delete_api_view() + self.assertEqual(response.status_code, status.HTTP_204_NO_CONTENT) + + self.assertEqual(self.test_acl.permissions.count(), 0) + + def test_acl_detail_api_view_with_access(self): + self._create_test_acl() + + self.grant_access(obj=self.test_object, permission=permission_acl_view) + + response = self._request_test_acl_detail_api_view() + + self.assertEqual( + response.data['content_type']['app_label'], + self.test_object_content_type.app_label + ) + self.assertEqual( + response.data['role']['label'], TEST_ROLE_LABEL + ) + + def _request_test_acl_permission_detail_api_view(self): + return self.get( + viewname='rest_api:accesscontrollist-permission-detail', kwargs={ + 'app_label': self.test_object_content_type.app_label, + 'model': self.test_object_content_type.model, + 'object_id': self.test_object.pk, + 'pk': self.test_acl.pk, + 'permission_pk': self.test_acl.permissions.first().pk + } + ) + + def test_acl_permission_detail_api_view_with_access(self): + self._create_test_acl() + self.test_acl.permissions.add(self.test_permission.stored_permission) + + self.grant_access(obj=self.test_object, permission=permission_acl_view) + + response = self._request_test_acl_permission_detail_api_view() + self.assertEqual( + response.data['pk'], self.test_permission.pk + ) + + def test_acl_list_api_view_with_access(self): + self._create_test_acl() + + self.grant_access(obj=self.test_object, permission=permission_acl_view) + + response = self.get( + viewname='rest_api:accesscontrollist-list', kwargs={ + 'app_label': self.test_object_content_type.app_label, + 'model': self.test_object_content_type.model, + 'object_id': self.test_object.pk + } + ) + self.assertEqual(response.status_code, status.HTTP_200_OK) + self.assertContains( + response=response, text=self.test_object_content_type.app_label, + status_code=200 + ) + self.assertContains( + response=response, text=self.test_acl.role.label, + status_code=200 + ) + + def _request_test_acl_detail_api_view(self): + return self.get( + viewname='rest_api:accesscontrollist-detail', kwargs={ + 'app_label': self.test_object_content_type.app_label, + 'model': self.test_object_content_type.model, + 'object_id': self.test_object.pk, + 'pk': self.test_acl.pk + } + ) + + def _request_test_acl_permission_list_api_get_view(self): + return self.get( + viewname='rest_api:accesscontrollist-permission-list', kwargs={ + 'app_label': self.test_object_content_type.app_label, + 'model': self.test_object_content_type.model, + 'object_id': self.test_object.pk, + 'pk': self.test_acl.pk + } + ) + + def test_acl_permission_list_api_get_view_with_access(self): + self._create_test_acl() + self.test_acl.permissions.add(self.test_permission.stored_permission) + + self.grant_access(obj=self.test_object, permission=permission_acl_view) + + response = self._request_test_acl_permission_list_api_get_view() + self.assertEqual( + response.data['results'][0]['pk'], + self.test_permission.pk + ) + + def _request_acl_permssion_list_api_post_view(self): + return self.post( + viewname='rest_api:accesscontrollist-permission-list', kwargs={ + 'app_label': self.test_object_content_type.app_label, + 'model': self.test_object_content_type.model, + 'object_id': self.test_object.pk, + 'pk': self.test_acl.pk + }, data={'permission_pk': self.test_permission.pk} + ) + + def test_acl_permission_list_api_post_view_with_access(self): + self._create_test_acl() + + self.grant_access(obj=self.test_object, permission=permission_acl_edit) + + response = self._request_acl_permssion_list_api_post_view() + self.assertEqual(response.status_code, status.HTTP_201_CREATED) + + self.assertTrue( + self.test_permission.stored_permission in self.test_acl.permissions.all() + ) diff --git a/mayan/apps/acls/urls.py b/mayan/apps/acls/urls.py index a1f2ee7cbd..1235208b58 100644 --- a/mayan/apps/acls/urls.py +++ b/mayan/apps/acls/urls.py @@ -31,20 +31,20 @@ urlpatterns = [ api_urls = [ url( - regex=r'^objects/(?P[-\w]+)/(?P[-\w]+)/(?P\d+)/acls/$', + regex=r'^objects/(?P[-\w]+)/(?P[-\w]+)/(?P\d+)/acls/$', view=APIObjectACLListView.as_view(), name='accesscontrollist-list' ), url( - regex=r'^objects/(?P[-\w]+)/(?P[-\w]+)/(?P\d+)/acls/(?P\d+)/$', + regex=r'^objects/(?P[-\w]+)/(?P[-\w]+)/(?P\d+)/acls/(?P\d+)/$', view=APIObjectACLView.as_view(), name='accesscontrollist-detail' ), url( - regex=r'^objects/(?P[-\w]+)/(?P[-\w]+)/(?P\d+)/acls/(?P\d+)/permissions/$', + regex=r'^objects/(?P[-\w]+)/(?P[-\w]+)/(?P\d+)/acls/(?P\d+)/permissions/$', view=APIObjectACLPermissionListView.as_view(), name='accesscontrollist-permission-list' ), url( - regex=r'^objects/(?P[-\w]+)/(?P[-\w]+)/(?P\d+)/acls/(?P\d+)/permissions/(?P\d+)/$', + regex=r'^objects/(?P[-\w]+)/(?P[-\w]+)/(?P\d+)/acls/(?P\d+)/permissions/(?P\d+)/$', view=APIObjectACLPermissionView.as_view(), name='accesscontrollist-permission-detail' ),