mirror of
https://github.com/pinry/pinry.git
synced 2025-11-13 16:45:41 +01:00
251 lines
9.4 KiB
Python
251 lines
9.4 KiB
Python
import json
|
|
|
|
from django.urls import reverse
|
|
import mock
|
|
from rest_framework import status
|
|
from rest_framework.test import APITestCase
|
|
|
|
from taggit.models import Tag
|
|
|
|
from .helpers import create_image, create_user, create_pin
|
|
from core.models import Pin, Image, Board
|
|
|
|
|
|
def _teardown_models():
|
|
Pin.objects.all().delete()
|
|
Image.objects.all().delete()
|
|
Tag.objects.all().delete()
|
|
Board.objects.all().delete()
|
|
|
|
|
|
def mock_requests_get(url, **kwargs):
|
|
response = mock.Mock(content=open('docs/src/imgs/logo-dark.png', 'rb').read())
|
|
return response
|
|
|
|
|
|
class ImageTests(APITestCase):
|
|
def test_post_create_unsupported(self):
|
|
url = reverse("image-list")
|
|
data = {}
|
|
response = self.client.post(
|
|
url,
|
|
data=data,
|
|
format='json',
|
|
)
|
|
self.assertEqual(response.status_code, 403, response.data)
|
|
|
|
|
|
class BoardPrivacyTests(APITestCase):
|
|
|
|
def setUp(self):
|
|
super(BoardPrivacyTests, self).setUp()
|
|
self.owner = create_user("default")
|
|
self.non_owner = create_user("non_owner")
|
|
|
|
self.private_board = Board.objects.create(
|
|
name="test_board",
|
|
submitter=self.owner,
|
|
private=True,
|
|
)
|
|
self.board_url = reverse("board-detail", kwargs={"pk": self.private_board.pk})
|
|
self.boards_url = reverse("board-list")
|
|
|
|
def tearDown(self):
|
|
_teardown_models()
|
|
|
|
def test_should_non_owner_and_anonymous_user_has_no_permission_to_list_private_board(self):
|
|
resp = self.client.get(self.boards_url)
|
|
self.assertEqual(len(resp.json()), 0, resp.json())
|
|
|
|
self.client.login(username=self.non_owner.username, password='password')
|
|
resp = self.client.get(self.boards_url)
|
|
self.assertEqual(len(resp.json()), 0, resp.content)
|
|
|
|
def test_should_owner_has_permission_to_list_private_board(self):
|
|
self.client.login(username=self.non_owner.username, password='password')
|
|
resp = self.client.get(self.boards_url)
|
|
self.assertEqual(len(resp.json()), 0, resp.content)
|
|
|
|
def test_should_non_owner_and_anonymous_user_has_no_permission_to_view_private_board(self):
|
|
resp = self.client.get(self.board_url)
|
|
self.assertEqual(resp.status_code, 404)
|
|
|
|
self.client.login(username=self.non_owner.username, password='password')
|
|
resp = self.client.get(self.board_url)
|
|
self.assertEqual(resp.status_code, 404)
|
|
|
|
def test_should_owner_has_permission_to_view_private_board(self):
|
|
self.client.login(username=self.owner.username, password='password')
|
|
resp = self.client.get(self.board_url)
|
|
self.assertEqual(resp.status_code, 200)
|
|
|
|
|
|
class PinPrivacyTests(APITestCase):
|
|
|
|
def setUp(self):
|
|
super(PinPrivacyTests, self).setUp()
|
|
self.owner = create_user("default")
|
|
self.non_owner = create_user("non_owner")
|
|
|
|
with mock.patch('requests.get', mock_requests_get):
|
|
image = Image.objects.create_for_url('http://a.com/b.png')
|
|
self.private_pin = Pin.objects.create(
|
|
submitter=self.owner,
|
|
image=image,
|
|
private=True,
|
|
)
|
|
self.private_pin_url = reverse("pin-detail", kwargs={"pk": self.private_pin.pk})
|
|
|
|
self.board = Board.objects.create(name="test_board", submitter=self.owner)
|
|
self.board.pins.add(self.private_pin)
|
|
self.board.save()
|
|
self.board_url = reverse("board-detail", kwargs={"pk": self.board.pk})
|
|
|
|
def tearDown(self):
|
|
_teardown_models()
|
|
|
|
def test_should_non_owner_and_anonymous_user_has_no_permission_to_list_private_pin(self):
|
|
resp = self.client.get(reverse("pin-list"))
|
|
self.assertEqual(len(resp.json()['results']), 0, resp.content)
|
|
|
|
self.client.login(username=self.non_owner.username, password='password')
|
|
resp = self.client.get(reverse("pin-list"))
|
|
self.assertEqual(len(resp.json()['results']), 0, resp.content)
|
|
|
|
def test_should_non_owner_and_anonymous_user_has_no_permission_to_list_private_pin_in_board(self):
|
|
resp = self.client.get(self.board_url)
|
|
self.assertEqual(len(resp.json()['pins_detail']), 0, resp.content)
|
|
self.client.login(username=self.non_owner.username, password='password')
|
|
|
|
resp = self.client.get(self.board_url)
|
|
self.assertEqual(len(resp.json()['pins_detail']), 0, resp.content)
|
|
|
|
def test_should_owner_user_has_permission_to_list_private_pin_in_board(self):
|
|
self.client.login(username=self.owner.username, password='password')
|
|
resp = self.client.get(self.board_url)
|
|
self.assertEqual(len(resp.json()['pins_detail']), 1, resp.content)
|
|
|
|
def test_should_owner_user_has_permission_to_list_private_pin(self):
|
|
self.client.login(username=self.owner.username, password='password')
|
|
resp = self.client.get(reverse("pin-list"))
|
|
self.assertEqual(len(resp.json()['results']), 1, resp.content)
|
|
|
|
def test_should_owner_has_permission_to_view_private_pin(self):
|
|
self.client.login(username=self.owner.username, password='password')
|
|
resp = self.client.get(self.private_pin_url)
|
|
self.assertEqual(resp.status_code, 200)
|
|
self.assertEqual(resp.json()['id'], self.private_pin.id)
|
|
|
|
def test_should_anonymous_user_has_no_permission_to_view_private_pin(self):
|
|
resp = self.client.get(self.private_pin_url)
|
|
self.assertEqual(resp.status_code, 404)
|
|
|
|
def test_should_non_owner_has_no_permission_to_view_private_pin(self):
|
|
self.client.login(username=self.non_owner.username, password='password')
|
|
resp = self.client.get(self.private_pin_url)
|
|
self.assertEqual(resp.status_code, 404)
|
|
|
|
|
|
class PinTests(APITestCase):
|
|
_JSON_TYPE = "application/json"
|
|
|
|
def setUp(self):
|
|
super(PinTests, self).setUp()
|
|
self.user = create_user("default")
|
|
self.client.login(username=self.user.username, password='password')
|
|
|
|
def tearDown(self):
|
|
_teardown_models()
|
|
|
|
@mock.patch('requests.get', mock_requests_get)
|
|
def test_should_create_pin(self):
|
|
url = 'http://testserver.com/mocked/logo-01.png'
|
|
create_url = reverse("pin-list")
|
|
referer = 'http://testserver.com/'
|
|
post_data = {
|
|
'url': url,
|
|
'private': False,
|
|
'referer': referer,
|
|
'description': 'That\'s an Apple!'
|
|
}
|
|
response = self.client.post(create_url, data=post_data, format="json")
|
|
self.assertEqual(response.status_code, status.HTTP_201_CREATED)
|
|
pin = Pin.objects.get(url=url)
|
|
self.assertIsNotNone(pin.image.image)
|
|
|
|
@mock.patch('requests.get', mock_requests_get)
|
|
def test_post_create_url_with_empty_tags(self):
|
|
url = 'http://testserver.com/mocked/logo-02.png'
|
|
create_url = reverse("pin-list")
|
|
referer = 'http://testserver.com/'
|
|
post_data = {
|
|
'url': url,
|
|
'referer': referer,
|
|
'description': 'That\'s an Apple!',
|
|
'tags': []
|
|
}
|
|
response = self.client.post(create_url, data=post_data, format="json")
|
|
self.assertEqual(
|
|
response.status_code, status.HTTP_201_CREATED, response.json()
|
|
)
|
|
self.assertEqual(Image.objects.count(), 1)
|
|
pin = Pin.objects.get(url=url)
|
|
self.assertIsNotNone(pin.image.image)
|
|
self.assertEqual(pin.tags.count(), 0)
|
|
|
|
def test_should_post_create_pin_with_existed_image(self):
|
|
image = create_image()
|
|
create_pin(self.user, image=image, tags=[])
|
|
create_url = reverse("pin-list")
|
|
referer = 'http://testserver.com/'
|
|
post_data = {
|
|
'referer': referer,
|
|
'image_by_id': image.pk,
|
|
'description': 'That\'s something else (probably a CC logo)!',
|
|
'tags': ['random', 'tags'],
|
|
}
|
|
response = self.client.post(create_url, data=post_data, format="json")
|
|
resp_data = response.json()
|
|
self.assertEqual(response.status_code, status.HTTP_201_CREATED, resp_data)
|
|
self.assertEqual(
|
|
resp_data['description'],
|
|
'That\'s something else (probably a CC logo)!',
|
|
resp_data
|
|
)
|
|
self.assertEquals(Pin.objects.count(), 2)
|
|
|
|
def test_patch_detail_unauthenticated(self):
|
|
image = create_image()
|
|
pin = create_pin(self.user, image, [])
|
|
self.client.logout()
|
|
uri = reverse("pin-detail", kwargs={"pk": pin.pk})
|
|
response = self.client.patch(uri, format='json', data={})
|
|
self.assertEqual(response.status_code, 403)
|
|
|
|
def test_patch_detail(self):
|
|
image = create_image()
|
|
pin = create_pin(self.user, image, [])
|
|
uri = reverse("pin-detail", kwargs={"pk": pin.pk})
|
|
new = {'description': 'Updated description'}
|
|
|
|
response = self.client.patch(
|
|
uri, new, format="json",
|
|
)
|
|
self.assertEqual(response.status_code, status.HTTP_200_OK, response.json())
|
|
self.assertEqual(Pin.objects.count(), 1)
|
|
self.assertEqual(Pin.objects.get(pk=pin.pk).description, new['description'])
|
|
|
|
def test_delete_detail_unauthenticated(self):
|
|
image = create_image()
|
|
pin = create_pin(self.user, image, [])
|
|
uri = reverse("pin-detail", kwargs={"pk": pin.pk})
|
|
self.client.logout()
|
|
self.assertEqual(self.client.delete(uri).status_code, 403)
|
|
|
|
def test_delete_detail(self):
|
|
image = create_image()
|
|
pin = create_pin(self.user, image, [])
|
|
uri = reverse("pin-detail", kwargs={"pk": pin.pk})
|
|
self.client.delete(uri)
|
|
self.assertEqual(Pin.objects.count(), 0)
|