import json from django.urls import reverse import mock from rest_framework import status from rest_framework.test import APITestCase from taggit.models import Tag from .helpers import create_image, create_user, create_pin from core.models import Pin, Image, Board def _teardown_models(): Pin.objects.all().delete() Image.objects.all().delete() Tag.objects.all().delete() Board.objects.all().delete() def mock_requests_get(url, **kwargs): response = mock.Mock(content=open('docs/src/imgs/logo-dark.png', 'rb').read()) return response class ImageTests(APITestCase): def test_post_create_unsupported(self): url = reverse("image-list") data = {} response = self.client.post( url, data=data, format='json', ) self.assertEqual(response.status_code, 403, response.data) class BoardPrivacyTests(APITestCase): def setUp(self): super(BoardPrivacyTests, self).setUp() self.owner = create_user("default") self.non_owner = create_user("non_owner") self.private_board = Board.objects.create( name="test_board", submitter=self.owner, private=True, ) self.board_url = reverse("board-detail", kwargs={"pk": self.private_board.pk}) self.boards_url = reverse("board-list") def tearDown(self): _teardown_models() def test_should_non_owner_and_anonymous_user_has_no_permission_to_list_private_board(self): resp = self.client.get(self.boards_url) self.assertEqual(len(resp.data), 0, resp.data) self.client.login(username=self.non_owner.username, password='password') resp = self.client.get(self.boards_url) self.assertEqual(len(resp.data), 0, resp.data) def test_should_owner_has_permission_to_list_private_board(self): self.client.login(username=self.non_owner.username, password='password') resp = self.client.get(self.boards_url) self.assertEqual(len(resp.data), 0, resp.data) def test_should_non_owner_and_anonymous_user_has_no_permission_to_view_private_board(self): resp = self.client.get(self.board_url) self.assertEqual(resp.status_code, 404) self.client.login(username=self.non_owner.username, password='password') resp = self.client.get(self.board_url) self.assertEqual(resp.status_code, 404) def test_should_owner_has_permission_to_view_private_board(self): self.client.login(username=self.owner.username, password='password') resp = self.client.get(self.board_url) self.assertEqual(resp.status_code, 200) class PinPrivacyTests(APITestCase): def setUp(self): super(PinPrivacyTests, self).setUp() self.owner = create_user("default") self.non_owner = create_user("non_owner") with mock.patch('requests.get', mock_requests_get): image = Image.objects.create_for_url('http://a.com/b.png') self.private_pin = Pin.objects.create( submitter=self.owner, image=image, private=True, ) self.private_pin_url = reverse("pin-detail", kwargs={"pk": self.private_pin.pk}) self.board = Board.objects.create(name="test_board", submitter=self.owner) self.board.pins.add(self.private_pin) self.board.save() self.board_url = reverse("board-detail", kwargs={"pk": self.board.pk}) def tearDown(self): _teardown_models() def test_should_non_owner_and_anonymous_user_has_no_permission_to_list_private_pin(self): resp = self.client.get(reverse("pin-list")) self.assertEqual(len(resp.data['results']), 0, resp.data) self.client.login(username=self.non_owner.username, password='password') resp = self.client.get(reverse("pin-list")) self.assertEqual(len(resp.data['results']), 0, resp.data) def test_should_non_owner_and_anonymous_user_has_no_permission_to_list_private_pin_in_board(self): resp = self.client.get(self.board_url) self.assertEqual(len(resp.data['pins_detail']), 0, resp.data) self.client.login(username=self.non_owner.username, password='password') resp = self.client.get(self.board_url) self.assertEqual(len(resp.data['pins_detail']), 0, resp.data) def test_should_owner_user_has_permission_to_list_private_pin_in_board(self): self.client.login(username=self.owner.username, password='password') resp = self.client.get(self.board_url) self.assertEqual(len(resp.data['pins_detail']), 1, resp.data) def test_should_owner_user_has_permission_to_list_private_pin(self): self.client.login(username=self.owner.username, password='password') resp = self.client.get(reverse("pin-list")) self.assertEqual(len(resp.data['results']), 1, resp.data) def test_should_owner_has_permission_to_view_private_pin(self): self.client.login(username=self.owner.username, password='password') resp = self.client.get(self.private_pin_url) self.assertEqual(resp.status_code, 200) self.assertEqual(resp.data['id'], self.private_pin.id) def test_should_anonymous_user_has_no_permission_to_view_private_pin(self): resp = self.client.get(self.private_pin_url) self.assertEqual(resp.status_code, 404) def test_should_non_owner_has_no_permission_to_view_private_pin(self): self.client.login(username=self.non_owner.username, password='password') resp = self.client.get(self.private_pin_url) self.assertEqual(resp.status_code, 404) class PinTests(APITestCase): _JSON_TYPE = "application/json" def setUp(self): super(PinTests, self).setUp() self.user = create_user("default") self.client.login(username=self.user.username, password='password') def tearDown(self): _teardown_models() @mock.patch('requests.get', mock_requests_get) def test_should_create_pin(self): url = 'http://testserver.com/mocked/logo-01.png' create_url = reverse("pin-list") referer = 'http://testserver.com/' post_data = { 'url': url, 'private': False, 'referer': referer, 'description': 'That\'s an Apple!' } response = self.client.post(create_url, data=post_data, format="json") self.assertEqual(response.status_code, status.HTTP_201_CREATED) pin = Pin.objects.get(url=url) self.assertIsNotNone(pin.image.image) @mock.patch('requests.get', mock_requests_get) def test_post_create_url_with_empty_tags(self): url = 'http://testserver.com/mocked/logo-02.png' create_url = reverse("pin-list") referer = 'http://testserver.com/' post_data = { 'url': url, 'referer': referer, 'description': 'That\'s an Apple!', 'tags': [] } response = self.client.post(create_url, data=post_data, format="json") self.assertEqual( response.status_code, status.HTTP_201_CREATED, response.json() ) self.assertEqual(Image.objects.count(), 1) pin = Pin.objects.get(url=url) self.assertIsNotNone(pin.image.image) self.assertEqual(pin.tags.count(), 0) def test_should_post_create_pin_with_existed_image(self): image = create_image() create_pin(self.user, image=image, tags=[]) create_url = reverse("pin-list") referer = 'http://testserver.com/' post_data = { 'referer': referer, 'image_by_id': image.pk, 'description': 'That\'s something else (probably a CC logo)!', 'tags': ['random', 'tags'], } response = self.client.post(create_url, data=post_data, format="json") resp_data = response.json() self.assertEqual(response.status_code, status.HTTP_201_CREATED, resp_data) self.assertEqual( resp_data['description'], 'That\'s something else (probably a CC logo)!', resp_data ) self.assertEquals(Pin.objects.count(), 2) def test_patch_detail_unauthenticated(self): image = create_image() pin = create_pin(self.user, image, []) self.client.logout() uri = reverse("pin-detail", kwargs={"pk": pin.pk}) response = self.client.patch(uri, format='json', data={}) self.assertEqual(response.status_code, 403) def test_patch_detail(self): image = create_image() pin = create_pin(self.user, image, []) uri = reverse("pin-detail", kwargs={"pk": pin.pk}) new = {'description': 'Updated description'} response = self.client.patch( uri, new, format="json", ) self.assertEqual(response.status_code, status.HTTP_200_OK, response.json()) self.assertEqual(Pin.objects.count(), 1) self.assertEqual(Pin.objects.get(pk=pin.pk).description, new['description']) def test_delete_detail_unauthenticated(self): image = create_image() pin = create_pin(self.user, image, []) uri = reverse("pin-detail", kwargs={"pk": pin.pk}) self.client.logout() self.assertEqual(self.client.delete(uri).status_code, 403) def test_delete_detail(self): image = create_image() pin = create_pin(self.user, image, []) uri = reverse("pin-detail", kwargs={"pk": pin.pk}) self.client.delete(uri) self.assertEqual(Pin.objects.count(), 0)