Home Explore Help
Sign In
221V
/
Misago
1
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Tree: 0e84a665e6
Branches Tags
Misago
/
misago
/
threads
/
tests
/
test_attachmentview.py

test_attachmentview.py 7.5 KB
History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225 
  1. import os
    2. 

  2. 

  3. from django.conf import settings
    4. 

  4. from django.core.urlresolvers import reverse
    5. 

  5. 

  6. from misago.acl.models import Role
    7. 

  7. from misago.acl.testutils import override_acl
    8. 

  8. from misago.categories.models import Category
    9. 

  9. from misago.users.testutils import AuthenticatedUserTestCase
    10. 

  10. 

  11. from .. import testutils
    12. 

  12. from ..models import Attachment, AttachmentType
    13. 

  13. 

  14. 

  15. TESTFILES_DIR = os.path.join(os.path.dirname(os.path.abspath(__file__)), 'testfiles')
    16. 

  16. TEST_DOCUMENT_PATH = os.path.join(TESTFILES_DIR, 'document.pdf')
    17. 

  17. TEST_SMALLJPG_PATH = os.path.join(TESTFILES_DIR, 'small.jpg')
    18. 

  18. 

  19. 

  20. class AttachmentViewTestCase(AuthenticatedUserTestCase):
    21. 

  21.     def setUp(self):
    22. 

  22.         super(AttachmentViewTestCase, self).setUp()
    23. 

  23. 

  24.         AttachmentType.objects.all().delete()
    25. 

  25. 

  26.         self.category = Category.objects.get(slug='first-category')
    27. 

  27.         self.post = testutils.post_thread(category=self.category).first_post
    28. 

  28. 

  29.         self.api_link = reverse('misago:api:attachment-list')
    30. 

  30. 

  31.         self.attachment_type_jpg = AttachmentType.objects.create(
    32. 

  32.             name="JPG",
    33. 

  33.             extensions='jpeg,jpg'
    34. 

  34.         )
    35. 

  35.         self.attachment_type_pdf = AttachmentType.objects.create(
    36. 

  36.             name="PDF",
    37. 

  37.             extensions='pdf'
    38. 

  38.         )
    39. 

  39. 

  40.         self.override_acl()
    41. 

  41. 

  42.     def override_acl(self, allow_download=True):
    43. 

  43.         acl = self.user.acl.copy()
    44. 

  44.         acl.update({
    45. 

  45.             'max_attachment_size': 1000,
    46. 

  46.             'can_download_other_users_attachments': allow_download
    47. 

  47.         })
    48. 

  48.         override_acl(self.user, acl)
    49. 

  49. 

  50.     def upload_document(self, is_orphaned=False, by_other_user=False):
    51. 

  51.         with open(TEST_DOCUMENT_PATH, 'rb') as upload:
    52. 

  52.             response = self.client.post(self.api_link, data={
    53. 

  53.                 'upload': upload
    54. 

  54.             })
    55. 

  55.         self.assertEqual(response.status_code, 200)
    56. 

  56. 

  57.         attachment = Attachment.objects.order_by('id').last()
    58. 

  58. 

  59.         if not is_orphaned:
    60. 

  60.             attachment.post = self.post
    61. 

  61.             attachment.save()
    62. 

  62.         if by_other_user:
    63. 

  63.             attachment.uploader = None
    64. 

  64.             attachment.save()
    65. 

  65. 

  66.         self.override_acl()
    67. 

  67. 

  68.         return attachment
    69. 

  69. 

  70.     def upload_image(self):
    71. 

  71.         with open(TEST_SMALLJPG_PATH, 'rb') as upload:
    72. 

  72.             response = self.client.post(self.api_link, data={
    73. 

  73.                 'upload': upload
    74. 

  74.             })
    75. 

  75.         self.assertEqual(response.status_code, 200)
    76. 

  76. 

  77.         attachment = Attachment.objects.order_by('id').last()
    78. 

  78. 

  79.         self.override_acl()
    80. 

  80. 

  81.         return attachment
    82. 

  82. 

  83.     def assertIs404(self, response):
    84. 

  84.         self.assertEqual(response.status_code, 302)
    85. 

  85.         self.assertTrue(response['location'].endswith(settings.MISAGO_404_IMAGE))
    86. 

  86. 

  87.     def assertIs403(self, response):
    88. 

  88.         self.assertEqual(response.status_code, 302)
    89. 

  89.         self.assertTrue(response['location'].endswith(settings.MISAGO_403_IMAGE))
    90. 

  90. 

  91.     def assertSuccess(self, response):
    92. 

  92.         self.assertEqual(response.status_code, 302)
    93. 

  93.         self.assertFalse(response['location'].endswith(settings.MISAGO_404_IMAGE))
    94. 

  94.         self.assertFalse(response['location'].endswith(settings.MISAGO_403_IMAGE))
    95. 

  95. 

  96.     def test_nonexistant_file(self):
    97. 

  97.         """user tries to retrieve nonexistant file"""
    98. 

  98.         response = self.client.get(reverse('misago:attachment', kwargs={
    99. 

  99.             'pk': 123,
    100. 

  100.             'uuid': 'qwertyuiop'
    101. 

  101.         }))
    102. 

  102. 

  103.         self.assertIs404(response)
    104. 

  104. 

  105.     def test_invalid_uuid(self):
    106. 

  106.         """user tries to retrieve existing file using invalid uuid"""
    107. 

  107.         attachment = self.upload_document()
    108. 

  108. 

  109.         response = self.client.get(reverse('misago:attachment', kwargs={
    110. 

  110.             'pk': attachment.pk,
    111. 

  111.             'uuid': 'qwertyuiop'
    112. 

  112.         }))
    113. 

  113. 

  114.         self.assertIs404(response)
    115. 

  115. 

  116.     def test_other_user_file_no_permission(self):
    117. 

  117.         """user tries to retrieve other user's file without perm"""
    118. 

  118.         attachment = self.upload_document(by_other_user=True)
    119. 

  119. 

  120.         self.override_acl(False)
    121. 

  121. 

  122.         response = self.client.get(attachment.get_absolute_url())
    123. 

  123.         self.assertIs403(response)
    124. 

  124. 

  125.     def test_other_user_orphaned_file(self):
    126. 

  126.         """user tries to retrieve other user's orphaned file"""
    127. 

  127.         attachment = self.upload_document(is_orphaned=True, by_other_user=True)
    128. 

  128. 

  129.         response = self.client.get(attachment.get_absolute_url())
    130. 

  130.         self.assertIs403(response)
    131. 

  131. 

  132.     def test_document_thumbnail(self):
    133. 

  133.         """user tries to retrieve thumbnail from non-image attachment"""
    134. 

  134.         attachment = self.upload_document()
    135. 

  135. 

  136.         response = self.client.get(reverse('misago:attachment-thumbnail', kwargs={
    137. 

  137.             'pk': attachment.pk,
    138. 

  138.             'uuid': attachment.uuid
    139. 

  139.         }))
    140. 

  140.         self.assertIs404(response)
    141. 

  141. 

  142.     def test_no_role(self):
    143. 

  143.         """user tries to retrieve attachment without perm to its type"""
    144. 

  144.         attachment = self.upload_document()
    145. 

  145. 

  146.         user_roles = (r.pk for r in self.user.get_roles())
    147. 

  147.         self.attachment_type_pdf.limit_downloaders_to.set(Role.objects.exclude(id__in=user_roles))
    148. 

  148. 

  149.         response = self.client.get(attachment.get_absolute_url())
    150. 

  150.         self.assertIs403(response)
    151. 

  151. 

  152.     def test_type_disabled(self):
    153. 

  153.         """user tries to retrieve attachment the type disabled downloads"""
    154. 

  154.         attachment = self.upload_document()
    155. 

  155. 

  156.         self.attachment_type_pdf.status = AttachmentType.DISABLED
    157. 

  157.         self.attachment_type_pdf.save()
    158. 

  158. 

  159.         response = self.client.get(attachment.get_absolute_url())
    160. 

  160.         self.assertIs403(response)
    161. 

  161. 

  162.     def test_locked_type(self):
    163. 

  163.         """user retrieves own locked file"""
    164. 

  164.         attachment = self.upload_document()
    165. 

  165. 

  166.         self.attachment_type_pdf.status = AttachmentType.LOCKED
    167. 

  167.         self.attachment_type_pdf.save()
    168. 

  168. 

  169.         response = self.client.get(attachment.get_absolute_url())
    170. 

  170.         self.assertSuccess(response)
    171. 

  171. 

  172.     def test_own_file(self):
    173. 

  173.         """user retrieves own file"""
    174. 

  174.         attachment = self.upload_document()
    175. 

  175. 

  176.         response = self.client.get(attachment.get_absolute_url())
    177. 

  177.         self.assertSuccess(response)
    178. 

  178. 

  179.     def test_other_user_file(self):
    180. 

  180.         """user retrieves other user's file with perm"""
    181. 

  181.         attachment = self.upload_document(by_other_user=True)
    182. 

  182. 

  183.         response = self.client.get(attachment.get_absolute_url())
    184. 

  184.         self.assertSuccess(response)
    185. 

  185. 

  186.     def test_other_user_orphaned_file_is_staff(self):
    187. 

  187.         """user retrieves other user's orphaned file because he is staff"""
    188. 

  188.         attachment = self.upload_document(is_orphaned=True, by_other_user=True)
    189. 

  189. 

  190.         self.user.is_staff = True
    191. 

  191.         self.user.save()
    192. 

  192. 

  193.         response = self.client.get(attachment.get_absolute_url())
    194. 

  194.         self.assertSuccess(response)
    195. 

  195. 

  196.     def test_orphaned_file_is_uploader(self):
    197. 

  197.         """user retrieves orphaned file because he is its uploader"""
    198. 

  198.         attachment = self.upload_document(is_orphaned=True)
    199. 

  199. 

  200.         response = self.client.get(attachment.get_absolute_url())
    201. 

  201.         self.assertSuccess(response)
    202. 

  202. 

  203.     def test_has_role(self):
    204. 

  204.         """user retrieves file he has roles to download"""
    205. 

  205.         attachment = self.upload_document()
    206. 

  206. 

  207.         user_roles = self.user.get_roles()
    208. 

  208.         self.attachment_type_pdf.limit_downloaders_to.set(user_roles)
    209. 

  209. 

  210.         response = self.client.get(attachment.get_absolute_url())
    211. 

  211.         self.assertSuccess(response)
    212. 

  212. 

  213.     def test_image(self):
    214. 

  214.         """user retrieves """
    215. 

  215.         attachment = self.upload_image()
    216. 

  216. 

  217.         response = self.client.get(attachment.get_absolute_url())
    218. 

  218.         self.assertSuccess(response)
    219. 

  219. 

  220.     def test_image_thumb(self):
    221. 

  221.         """user retrieves image's thumbnail"""
    222. 

  222.         attachment = self.upload_image()
    223. 

  223. 

  224.         response = self.client.get(attachment.get_thumbnail_url())
    225. 

  225.         self.assertSuccess(response)
    226.