from __future__ import unicode_literals from rest_framework import status from mayan.apps.documents.permissions import ( permission_document_type_edit, permission_document_type_view ) from mayan.apps.documents.tests import DocumentTestMixin from mayan.apps.rest_api.tests import BaseAPITestCase from ..models import DocumentTypeMetadataType, MetadataType from ..permissions import ( permission_metadata_document_add, permission_metadata_document_edit, permission_metadata_document_remove, permission_metadata_document_view, permission_metadata_type_create, permission_metadata_type_delete, permission_metadata_type_edit, permission_metadata_type_view ) from .literals import ( TEST_METADATA_TYPE_LABEL, TEST_METADATA_TYPE_LABEL_2, TEST_METADATA_TYPE_NAME, TEST_METADATA_TYPE_NAME_2, TEST_METADATA_VALUE, TEST_METADATA_VALUE_EDITED ) class MetadataTypeAPITestCase(BaseAPITestCase): def _create_metadata_type(self): self.metadata_type = MetadataType.objects.create( label=TEST_METADATA_TYPE_LABEL, name=TEST_METADATA_TYPE_NAME ) def _request_metadata_type_create_view(self): return self.post( viewname='rest_api:metadatatype-list', data={ 'label': TEST_METADATA_TYPE_LABEL, 'name': TEST_METADATA_TYPE_NAME } ) def test_metadata_type_create_no_permission(self): response = self._request_metadata_type_create_view() self.assertEqual(response.status_code, status.HTTP_403_FORBIDDEN) self.assertEqual(MetadataType.objects.count(), 0) def test_metadata_type_create_with_permission(self): self.grant_permission(permission=permission_metadata_type_create) response = self._request_metadata_type_create_view() self.assertEqual(response.status_code, status.HTTP_201_CREATED) metadata_type = MetadataType.objects.first() self.assertEqual(response.data['id'], metadata_type.pk) self.assertEqual(response.data['label'], TEST_METADATA_TYPE_LABEL) self.assertEqual(response.data['name'], TEST_METADATA_TYPE_NAME) self.assertEqual(metadata_type.label, TEST_METADATA_TYPE_LABEL) self.assertEqual(metadata_type.name, TEST_METADATA_TYPE_NAME) def _request_metadata_type_delete_view(self): return self.delete( viewname='rest_api:metadatatype-detail', args=(self.metadata_type.pk,) ) def test_metadata_type_delete_no_access(self): self._create_metadata_type() response = self._request_metadata_type_delete_view() self.assertEqual(response.status_code, status.HTTP_403_FORBIDDEN) self.assertEqual(MetadataType.objects.count(), 1) def test_metadata_type_delete_with_access(self): self._create_metadata_type() self.grant_access( permission=permission_metadata_type_delete, obj=self.metadata_type ) response = self._request_metadata_type_delete_view() self.assertEqual(response.status_code, status.HTTP_204_NO_CONTENT) self.assertEqual(MetadataType.objects.count(), 0) def _request_metadata_type_detail_view(self): return self.get( viewname='rest_api:metadatatype-detail', args=(self.metadata_type.pk,) ) def test_metadata_type_detail_view_no_access(self): self._create_metadata_type() response = self._request_metadata_type_detail_view() self.assertEqual(response.status_code, status.HTTP_403_FORBIDDEN) def test_metadata_type_detail_view_with_access(self): self._create_metadata_type() self.grant_access( permission=permission_metadata_type_view, obj=self.metadata_type ) response = self._request_metadata_type_detail_view() self.assertEqual(response.status_code, status.HTTP_200_OK) self.assertEqual( response.data['label'], TEST_METADATA_TYPE_LABEL ) def _request_metadata_type_edit_view_via_patch(self): return self.patch( viewname='rest_api:metadatatype-detail', args=(self.metadata_type.pk,), data={ 'label': TEST_METADATA_TYPE_LABEL_2, 'name': TEST_METADATA_TYPE_NAME_2 } ) def test_metadata_type_patch_view_no_access(self): self._create_metadata_type() response = self._request_metadata_type_edit_view_via_patch() self.assertEqual(response.status_code, status.HTTP_403_FORBIDDEN) self.metadata_type.refresh_from_db() self.assertEqual(self.metadata_type.label, TEST_METADATA_TYPE_LABEL) self.assertEqual(self.metadata_type.name, TEST_METADATA_TYPE_NAME) def test_metadata_type_patch_view_with_access(self): self._create_metadata_type() self.grant_access( permission=permission_metadata_type_edit, obj=self.metadata_type ) response = self._request_metadata_type_edit_view_via_patch() self.assertEqual(response.status_code, status.HTTP_200_OK) self.metadata_type.refresh_from_db() self.assertEqual(self.metadata_type.label, TEST_METADATA_TYPE_LABEL_2) self.assertEqual(self.metadata_type.name, TEST_METADATA_TYPE_NAME_2) def _request_metadata_type_edit_view_via_put(self): return self.put( viewname='rest_api:metadatatype-detail', args=(self.metadata_type.pk,), data={ 'label': TEST_METADATA_TYPE_LABEL_2, 'name': TEST_METADATA_TYPE_NAME_2 } ) def test_metadata_type_put_view_no_access(self): self._create_metadata_type() response = self._request_metadata_type_edit_view_via_put() self.assertEqual(response.status_code, status.HTTP_403_FORBIDDEN) self.metadata_type.refresh_from_db() self.assertEqual(self.metadata_type.label, TEST_METADATA_TYPE_LABEL) self.assertEqual(self.metadata_type.name, TEST_METADATA_TYPE_NAME) def test_metadata_type_put_view_with_access(self): self._create_metadata_type() self.grant_access( permission=permission_metadata_type_edit, obj=self.metadata_type ) response = self._request_metadata_type_edit_view_via_put() self.assertEqual(response.status_code, status.HTTP_200_OK) self.metadata_type.refresh_from_db() self.assertEqual(self.metadata_type.label, TEST_METADATA_TYPE_LABEL_2) self.assertEqual(self.metadata_type.name, TEST_METADATA_TYPE_NAME_2) def _request_metadata_type_list_view(self): return self.get(viewname='rest_api:metadatatype-list') def test_metadata_type_list_view_no_access(self): self._create_metadata_type() response = self._request_metadata_type_list_view() self.assertEqual(response.status_code, status.HTTP_200_OK) self.assertEqual(response.data['count'], 0) def test_metadata_type_list_view_with_access(self): self._create_metadata_type() self.grant_access( permission=permission_metadata_type_view, obj=self.metadata_type ) response = self._request_metadata_type_list_view() self.assertEqual(response.status_code, status.HTTP_200_OK) self.assertEqual( response.data['results'][0]['label'], TEST_METADATA_TYPE_LABEL ) class DocumentTypeMetadataTypeAPITestCase(DocumentTestMixin, BaseAPITestCase): auto_upload_document = False def setUp(self): super(DocumentTypeMetadataTypeAPITestCase, self).setUp() self.metadata_type = MetadataType.objects.create( label=TEST_METADATA_TYPE_LABEL, name=TEST_METADATA_TYPE_NAME ) def _create_document_type_metadata_type(self): self.test_document_type_metadata_type = self.test_document_type.metadata.create( metadata_type=self.metadata_type, required=False ) def _request_document_type_metadata_type_create_view(self): return self.post( viewname='rest_api:documenttypemetadatatype-list', args=(self.test_document_type.pk,), data={ 'metadata_type_pk': self.metadata_type.pk, 'required': False } ) def test_document_type_metadata_type_create_view_no_access(self): response = self._request_document_type_metadata_type_create_view() self.assertEqual(response.status_code, status.HTTP_403_FORBIDDEN) self.assertEqual(self.test_document_type.metadata.count(), 0) def test_document_type_metadata_type_create_view_with_access(self): self.grant_access( permission=permission_document_type_edit, obj=self.test_document_type ) response = self._request_document_type_metadata_type_create_view() self.assertEqual(response.status_code, status.HTTP_201_CREATED) document_type_metadata_type = DocumentTypeMetadataType.objects.first() self.assertEqual(response.data['id'], document_type_metadata_type.pk) def test_document_type_metadata_type_create_dupicate_view(self): self._create_document_type_metadata_type() self.grant_permission(permission=permission_document_type_edit) response = self._request_document_type_metadata_type_create_view() self.assertEqual(response.status_code, status.HTTP_400_BAD_REQUEST) self.assertEqual(list(response.data.keys())[0], 'non_field_errors') def _request_document_type_metadata_type_delete_view(self): return self.delete( viewname='rest_api:documenttypemetadatatype-detail', args=( self.test_document_type.pk, self.test_document_type_metadata_type.pk, ), ) def test_document_type_metadata_type_delete_view_no_access(self): self._create_document_type_metadata_type() response = self._request_document_type_metadata_type_delete_view() self.assertEqual(response.status_code, status.HTTP_403_FORBIDDEN) self.assertEqual(self.test_document_type.metadata.count(), 1) def test_document_type_metadata_type_delete_view_with_access(self): self._create_document_type_metadata_type() self.grant_access(permission=permission_document_type_edit, obj=self.test_document_type) response = self._request_document_type_metadata_type_delete_view() self.assertEqual(response.status_code, status.HTTP_204_NO_CONTENT) self.assertEqual(self.test_document_type.metadata.all().count(), 0) def _request_document_type_metadata_type_list_view(self): return self.get( viewname='rest_api:documenttypemetadatatype-list', args=( self.test_document_type.pk, ), ) def test_document_type_metadata_type_list_view_no_access(self): self._create_document_type_metadata_type() response = self._request_document_type_metadata_type_list_view() self.assertEqual(response.status_code, status.HTTP_403_FORBIDDEN) def test_document_type_metadata_type_list_view_with_access(self): self._create_document_type_metadata_type() self.grant_access(permission=permission_document_type_view, obj=self.test_document_type) response = self._request_document_type_metadata_type_list_view() self.assertEqual(response.status_code, status.HTTP_200_OK) self.assertEqual( response.data['results'][0]['id'], self.test_document_type_metadata_type.pk ) def _request_document_type_metadata_type_edit_view_via_patch(self): return self.patch( viewname='rest_api:documenttypemetadatatype-detail', args=( self.test_document_type.pk, self.test_document_type_metadata_type.pk, ), data={ 'required': True } ) def test_document_type_metadata_type_patch_view_no_access(self): self._create_document_type_metadata_type() response = self._request_document_type_metadata_type_edit_view_via_patch() self.assertEqual(response.status_code, status.HTTP_403_FORBIDDEN) document_type_metadata_type = DocumentTypeMetadataType.objects.first() self.assertFalse(document_type_metadata_type.required, True) def test_document_type_metadata_type_patch_view_with_access(self): self._create_document_type_metadata_type() self.grant_access(permission=permission_document_type_edit, obj=self.test_document_type) response = self._request_document_type_metadata_type_edit_view_via_patch() self.assertEqual(response.status_code, status.HTTP_200_OK) document_type_metadata_type = DocumentTypeMetadataType.objects.first() self.assertEqual(document_type_metadata_type.required, True) def _request_document_type_metadata_type_edit_view_via_put(self): return self.put( viewname='rest_api:documenttypemetadatatype-detail', args=( self.test_document_type.pk, self.test_document_type_metadata_type.pk, ), data={ 'required': True } ) def test_document_type_metadata_type_put_view_no_access(self): self._create_document_type_metadata_type() response = self._request_document_type_metadata_type_edit_view_via_put() self.assertEqual(response.status_code, status.HTTP_403_FORBIDDEN) document_type_metadata_type = DocumentTypeMetadataType.objects.first() self.assertFalse(document_type_metadata_type.required, True) def test_document_type_metadata_type_put_view_with_access(self): self._create_document_type_metadata_type() self.grant_access(permission=permission_document_type_edit, obj=self.test_document_type) response = self._request_document_type_metadata_type_edit_view_via_put() self.assertEqual(response.status_code, status.HTTP_200_OK) document_type_metadata_type = DocumentTypeMetadataType.objects.first() self.assertEqual(document_type_metadata_type.required, True) class DocumentMetadataAPITestCase(DocumentTestMixin, BaseAPITestCase): def setUp(self): super(DocumentMetadataAPITestCase, self).setUp() self.metadata_type = MetadataType.objects.create( label=TEST_METADATA_TYPE_LABEL, name=TEST_METADATA_TYPE_NAME ) self.test_document_type.metadata.create( metadata_type=self.metadata_type, required=False ) def _create_document_metadata(self): self.test_document_metadata = self.test_document.metadata.create( metadata_type=self.metadata_type, value=TEST_METADATA_VALUE ) def _request_document_metadata_create_view(self): return self.post( viewname='rest_api:documentmetadata-list', args=(self.test_document.pk,), data={ 'metadata_type_pk': self.metadata_type.pk, 'value': TEST_METADATA_VALUE } ) def test_document_metadata_create_view_no_access(self): response = self._request_document_metadata_create_view() self.assertEqual(response.status_code, status.HTTP_403_FORBIDDEN) self.assertEqual(self.test_document.metadata.count(), 0) def test_document_metadata_create_view_with_access(self): self.grant_access(permission=permission_metadata_document_add, obj=self.test_document) response = self._request_document_metadata_create_view() self.assertEqual(response.status_code, status.HTTP_201_CREATED) document_metadata = self.test_document.metadata.first() self.assertEqual(response.data['id'], document_metadata.pk) self.assertEqual(document_metadata.metadata_type, self.metadata_type) self.assertEqual(document_metadata.value, TEST_METADATA_VALUE) def test_document_metadata_create_duplicate_view(self): self._create_document_metadata() self.grant_permission(permission=permission_metadata_document_add) response = self._request_document_metadata_create_view() self.assertEqual(response.status_code, status.HTTP_400_BAD_REQUEST) self.assertEqual(list(response.data.keys())[0], 'non_field_errors') def test_document_metadata_create_invalid_lookup_value_view(self): self.metadata_type.lookup = 'invalid,lookup,values,on,purpose' self.metadata_type.save() self.grant_permission(permission=permission_metadata_document_add) response = self._request_document_metadata_create_view() self.assertEqual(response.status_code, status.HTTP_400_BAD_REQUEST) self.assertEqual(list(response.data.keys())[0], 'non_field_errors') def _request_document_metadata_delete_view(self): return self.delete( viewname='rest_api:documentmetadata-detail', args=(self.test_document.pk, self.test_document_metadata.pk,) ) def test_document_metadata_delete_view_no_access(self): self._create_document_metadata() response = self._request_document_metadata_delete_view() self.assertEqual(response.status_code, status.HTTP_403_FORBIDDEN) self.assertEqual(self.test_document.metadata.all().count(), 1) def test_document_metadata_delete_view_with_access(self): self._create_document_metadata() self.grant_access( permission=permission_metadata_document_remove, obj=self.test_document ) response = self._request_document_metadata_delete_view() self.assertEqual(response.status_code, status.HTTP_204_NO_CONTENT) self.assertEqual(self.test_document.metadata.all().count(), 0) def _request_document_metadata_list_view(self): return self.get( viewname='rest_api:documentmetadata-list', args=( self.test_document.pk, ) ) def test_document_metadata_list_view_no_access(self): self._create_document_metadata() response = self._request_document_metadata_list_view() self.assertEqual(response.status_code, status.HTTP_403_FORBIDDEN) def test_document_metadata_list_view_with_access(self): self._create_document_metadata() self.grant_access( permission=permission_metadata_document_view, obj=self.test_document ) response = self._request_document_metadata_list_view() self.assertEqual(response.status_code, status.HTTP_200_OK) self.assertEqual( response.data['results'][0]['document']['id'], self.test_document.pk ) self.assertEqual( response.data['results'][0]['metadata_type']['id'], self.metadata_type.pk ) self.assertEqual( response.data['results'][0]['value'], TEST_METADATA_VALUE ) self.assertEqual( response.data['results'][0]['id'], self.test_document_metadata.pk ) def _request_document_metadata_edit_view_via_patch(self): return self.patch( viewname='rest_api:documentmetadata-detail', args=(self.test_document.pk, self.test_document_metadata.pk,), data={ 'value': TEST_METADATA_VALUE_EDITED } ) def test_document_metadata_patch_view_no_access(self): self._create_document_metadata() response = self._request_document_metadata_edit_view_via_patch() self.assertEqual(response.status_code, status.HTTP_403_FORBIDDEN) self.test_document_metadata.refresh_from_db() self.assertEqual(self.test_document_metadata.value, TEST_METADATA_VALUE) def test_document_metadata_patch_view_with_access(self): self._create_document_metadata() self.grant_access( permission=permission_metadata_document_edit, obj=self.test_document ) response = self._request_document_metadata_edit_view_via_patch() self.assertEqual(response.status_code, status.HTTP_200_OK) self.test_document_metadata.refresh_from_db() self.assertEqual( response.data['value'], TEST_METADATA_VALUE_EDITED ) self.assertEqual( self.test_document_metadata.value, TEST_METADATA_VALUE_EDITED ) def _request_document_metadata_edit_view_via_put(self): return self.put( viewname='rest_api:documentmetadata-detail', args=(self.test_document.pk, self.test_document_metadata.pk,), data={ 'value': TEST_METADATA_VALUE_EDITED } ) def test_document_metadata_put_view_no_access(self): self._create_document_metadata() response = self._request_document_metadata_edit_view_via_put() self.assertEqual(response.status_code, status.HTTP_403_FORBIDDEN) self.test_document_metadata.refresh_from_db() self.assertEqual(self.test_document_metadata.value, TEST_METADATA_VALUE) def test_document_metadata_put_view_with_access(self): self._create_document_metadata() self.grant_access( permission=permission_metadata_document_edit, obj=self.test_document ) response = self._request_document_metadata_edit_view_via_put() self.assertEqual(response.status_code, status.HTTP_200_OK) self.test_document_metadata.refresh_from_db() self.assertEqual( response.data['value'], TEST_METADATA_VALUE_EDITED ) self.assertEqual( self.test_document_metadata.value, TEST_METADATA_VALUE_EDITED )