diff --git a/tests/factories.py b/tests/factories.py index 8558907d..2e831c13 100644 --- a/tests/factories.py +++ b/tests/factories.py @@ -121,6 +121,17 @@ class RolePointsFactory(Factory): points = factory.SubFactory("tests.factories.PointsFactory") +class EpicAttachmentFactory(Factory): + project = factory.SubFactory("tests.factories.ProjectFactory") + owner = factory.SubFactory("tests.factories.UserFactory") + content_object = factory.SubFactory("tests.factories.EpicFactory") + attached_file = factory.django.FileField(data=b"File contents") + + class Meta: + model = "attachments.Attachment" + strategy = factory.CREATE_STRATEGY + + class UserStoryAttachmentFactory(Factory): project = factory.SubFactory("tests.factories.ProjectFactory") owner = factory.SubFactory("tests.factories.UserFactory") diff --git a/tests/integration/resources_permissions/test_attachment_resources.py b/tests/integration/resources_permissions/test_attachment_resources.py index c30fb854..456c96f2 100644 --- a/tests/integration/resources_permissions/test_attachment_resources.py +++ b/tests/integration/resources_permissions/test_attachment_resources.py @@ -120,6 +120,20 @@ def data(): return m +@pytest.fixture +def data_epic(data): + m = type("Models", (object,), {}) + m.public_epic = f.EpicFactory(project=data.public_project, ref=20) + m.public_epic_attachment = f.EpicAttachmentFactory(project=data.public_project, content_object=m.public_epic) + m.private_epic1 = f.EpicFactory(project=data.private_project1, ref=21) + m.private_epic1_attachment = f.EpicAttachmentFactory(project=data.private_project1, content_object=m.private_epic1) + m.private_epic2 = f.EpicFactory(project=data.private_project2, ref=22) + m.private_epic2_attachment = f.EpicAttachmentFactory(project=data.private_project2, content_object=m.private_epic2) + m.blocked_epic = f.EpicFactory(project=data.blocked_project, ref=23) + m.blocked_epic_attachment = f.EpicAttachmentFactory(project=data.blocked_project, content_object=m.blocked_epic) + return m + + @pytest.fixture def data_us(data): m = type("Models", (object,), {}) @@ -180,6 +194,30 @@ def data_wiki(data): return m +def test_epic_attachment_retrieve(client, data, data_epic): + public_url = reverse('epic-attachments-detail', kwargs={"pk": data_epic.public_epic_attachment.pk}) + private_url1 = reverse('epic-attachments-detail', kwargs={"pk": data_epic.private_epic1_attachment.pk}) + private_url2 = reverse('epic-attachments-detail', kwargs={"pk": data_epic.private_epic2_attachment.pk}) + blocked_url = reverse('epic-attachments-detail', kwargs={"pk": data_epic.blocked_epic_attachment.pk}) + + users = [ + None, + data.registered_user, + data.project_member_without_perms, + data.project_member_with_perms, + data.project_owner + ] + + results = helper_test_http_method(client, 'get', public_url, None, users) + assert results == [200, 200, 200, 200, 200] + results = helper_test_http_method(client, 'get', private_url1, None, users) + assert results == [200, 200, 200, 200, 200] + results = helper_test_http_method(client, 'get', private_url2, None, users) + assert results == [401, 403, 403, 200, 200] + results = helper_test_http_method(client, 'get', blocked_url, None, users) + assert results == [401, 403, 403, 200, 200] + + def test_user_story_attachment_retrieve(client, data, data_us): public_url = reverse('userstory-attachments-detail', kwargs={"pk": data_us.public_user_story_attachment.pk}) private_url1 = reverse('userstory-attachments-detail', kwargs={"pk": data_us.private_user_story1_attachment.pk}) @@ -276,6 +314,41 @@ def test_wiki_attachment_retrieve(client, data, data_wiki): assert results == [401, 403, 403, 200, 200] +def test_epic_attachment_update(client, data, data_epic): + public_url = reverse('epic-attachments-detail', kwargs={"pk": data_epic.public_epic_attachment.pk}) + private_url1 = reverse('epic-attachments-detail', kwargs={"pk": data_epic.private_epic1_attachment.pk}) + private_url2 = reverse('epic-attachments-detail', kwargs={"pk": data_epic.private_epic2_attachment.pk}) + blocked_url = reverse('epic-attachments-detail', kwargs={"pk": data_epic.blocked_epic_attachment.pk}) + + users = [ + None, + data.registered_user, + data.project_member_without_perms, + data.project_member_with_perms, + data.project_owner + ] + + attachment_data = AttachmentSerializer(data_epic.public_epic_attachment).data + attachment_data["description"] = "test" + attachment_data = json.dumps(attachment_data) + + results = helper_test_http_method(client, 'put', public_url, attachment_data, users) + assert results == [405, 405, 405, 405, 405] + # assert results == [401, 403, 403, 200, 200] + + results = helper_test_http_method(client, 'put', private_url1, attachment_data, users) + assert results == [405, 405, 405, 405, 405] + # assert results == [401, 403, 403, 200, 200] + + results = helper_test_http_method(client, 'put', private_url2, attachment_data, users) + assert results == [405, 405, 405, 405, 405] + # assert results == [401, 403, 403, 200, 200] + + results = helper_test_http_method(client, 'put', blocked_url, attachment_data, users) + assert results == [405, 405, 405, 405, 405] + # assert results == [401, 403, 403, 200, 200] + + def test_user_story_attachment_update(client, data, data_us): public_url = reverse("userstory-attachments-detail", args=[data_us.public_user_story_attachment.pk]) @@ -299,20 +372,20 @@ def test_user_story_attachment_update(client, data, data_us): attachment_data = json.dumps(attachment_data) results = helper_test_http_method(client, "put", public_url, attachment_data, users) - # assert results == [401, 403, 403, 400, 400] assert results == [405, 405, 405, 405, 405] + # assert results == [401, 403, 403, 400, 400] results = helper_test_http_method(client, "put", private_url1, attachment_data, users) - # assert results == [401, 403, 403, 400, 400] assert results == [405, 405, 405, 405, 405] + # assert results == [401, 403, 403, 400, 400] results = helper_test_http_method(client, "put", private_url2, attachment_data, users) - # assert results == [401, 403, 403, 400, 400] assert results == [405, 405, 405, 405, 405] + # assert results == [401, 403, 403, 400, 400] results = helper_test_http_method(client, "put", blocked_url, attachment_data, users) - # assert results == [401, 403, 403, 400, 400] assert results == [405, 405, 405, 405, 405] + # assert results == [401, 403, 403, 400, 400] def test_task_attachment_update(client, data, data_task): @@ -336,12 +409,15 @@ def test_task_attachment_update(client, data, data_task): results = helper_test_http_method(client, 'put', public_url, attachment_data, users) assert results == [405, 405, 405, 405, 405] # assert results == [401, 403, 403, 200, 200] + results = helper_test_http_method(client, 'put', private_url1, attachment_data, users) assert results == [405, 405, 405, 405, 405] # assert results == [401, 403, 403, 200, 200] + results = helper_test_http_method(client, 'put', private_url2, attachment_data, users) assert results == [405, 405, 405, 405, 405] # assert results == [401, 403, 403, 200, 200] + results = helper_test_http_method(client, 'put', blocked_url, attachment_data, users) assert results == [405, 405, 405, 405, 405] # assert results == [401, 403, 403, 200, 200] @@ -368,12 +444,15 @@ def test_issue_attachment_update(client, data, data_issue): results = helper_test_http_method(client, 'put', public_url, attachment_data, users) assert results == [405, 405, 405, 405, 405] # assert results == [401, 403, 403, 200, 200] + results = helper_test_http_method(client, 'put', private_url1, attachment_data, users) assert results == [405, 405, 405, 405, 405] # assert results == [401, 403, 403, 200, 200] + results = helper_test_http_method(client, 'put', private_url2, attachment_data, users) assert results == [405, 405, 405, 405, 405] # assert results == [401, 403, 403, 200, 200] + results = helper_test_http_method(client, 'put', blocked_url, attachment_data, users) assert results == [405, 405, 405, 405, 405] # assert results == [401, 403, 403, 200, 200] @@ -400,17 +479,50 @@ def test_wiki_attachment_update(client, data, data_wiki): results = helper_test_http_method(client, 'put', public_url, attachment_data, users) assert results == [405, 405, 405, 405, 405] # assert results == [401, 200, 200, 200, 200] + results = helper_test_http_method(client, 'put', private_url1, attachment_data, users) assert results == [405, 405, 405, 405, 405] # assert results == [401, 200, 200, 200, 200] + results = helper_test_http_method(client, 'put', private_url2, attachment_data, users) assert results == [405, 405, 405, 405, 405] # assert results == [401, 403, 403, 200, 200] + results = helper_test_http_method(client, 'put', blocked_url, attachment_data, users) assert results == [405, 405, 405, 405, 405] # assert results == [401, 403, 403, 200, 200] +def test_epic_attachment_patch(client, data, data_epic): + public_url = reverse('epic-attachments-detail', kwargs={"pk": data_epic.public_epic_attachment.pk}) + private_url1 = reverse('epic-attachments-detail', kwargs={"pk": data_epic.private_epic1_attachment.pk}) + private_url2 = reverse('epic-attachments-detail', kwargs={"pk": data_epic.private_epic2_attachment.pk}) + blocked_url = reverse('epic-attachments-detail', kwargs={"pk": data_epic.blocked_epic_attachment.pk}) + + users = [ + None, + data.registered_user, + data.project_member_without_perms, + data.project_member_with_perms, + data.project_owner + ] + + attachment_data = {"description": "test"} + attachment_data = json.dumps(attachment_data) + + results = helper_test_http_method(client, 'patch', public_url, attachment_data, users) + assert results == [401, 403, 403, 200, 200] + + results = helper_test_http_method(client, 'patch', private_url1, attachment_data, users) + assert results == [401, 403, 403, 200, 200] + + results = helper_test_http_method(client, 'patch', private_url2, attachment_data, users) + assert results == [401, 403, 403, 200, 200] + + results = helper_test_http_method(client, 'patch', blocked_url, attachment_data, users) + assert results == [401, 403, 403, 451, 451] + + def test_user_story_attachment_patch(client, data, data_us): public_url = reverse('userstory-attachments-detail', kwargs={"pk": data_us.public_user_story_attachment.pk}) private_url1 = reverse('userstory-attachments-detail', kwargs={"pk": data_us.private_user_story1_attachment.pk}) @@ -430,10 +542,13 @@ def test_user_story_attachment_patch(client, data, data_us): results = helper_test_http_method(client, 'patch', public_url, attachment_data, users) assert results == [401, 403, 403, 200, 200] + results = helper_test_http_method(client, 'patch', private_url1, attachment_data, users) assert results == [401, 403, 403, 200, 200] + results = helper_test_http_method(client, 'patch', private_url2, attachment_data, users) assert results == [401, 403, 403, 200, 200] + results = helper_test_http_method(client, 'patch', blocked_url, attachment_data, users) assert results == [401, 403, 403, 451, 451] @@ -457,10 +572,13 @@ def test_task_attachment_patch(client, data, data_task): results = helper_test_http_method(client, 'patch', public_url, attachment_data, users) assert results == [401, 403, 403, 200, 200] + results = helper_test_http_method(client, 'patch', private_url1, attachment_data, users) assert results == [401, 403, 403, 200, 200] + results = helper_test_http_method(client, 'patch', private_url2, attachment_data, users) assert results == [401, 403, 403, 200, 200] + results = helper_test_http_method(client, 'patch', blocked_url, attachment_data, users) assert results == [401, 403, 403, 451, 451] @@ -484,10 +602,13 @@ def test_issue_attachment_patch(client, data, data_issue): results = helper_test_http_method(client, 'patch', public_url, attachment_data, users) assert results == [401, 403, 403, 200, 200] + results = helper_test_http_method(client, 'patch', private_url1, attachment_data, users) assert results == [401, 403, 403, 200, 200] + results = helper_test_http_method(client, 'patch', private_url2, attachment_data, users) assert results == [401, 403, 403, 200, 200] + results = helper_test_http_method(client, 'patch', blocked_url, attachment_data, users) assert results == [401, 403, 403, 451, 451] @@ -511,14 +632,43 @@ def test_wiki_attachment_patch(client, data, data_wiki): results = helper_test_http_method(client, 'patch', public_url, attachment_data, users) assert results == [401, 403, 403, 200, 200] + results = helper_test_http_method(client, 'patch', private_url1, attachment_data, users) assert results == [401, 403, 403, 200, 200] + results = helper_test_http_method(client, 'patch', private_url2, attachment_data, users) assert results == [401, 403, 403, 200, 200] + results = helper_test_http_method(client, 'patch', blocked_url, attachment_data, users) assert results == [401, 403, 403, 451, 451] +def test_epic_attachment_delete(client, data, data_epic): + public_url = reverse('epic-attachments-detail', kwargs={"pk": data_epic.public_epic_attachment.pk}) + private_url1 = reverse('epic-attachments-detail', kwargs={"pk": data_epic.private_epic1_attachment.pk}) + private_url2 = reverse('epic-attachments-detail', kwargs={"pk": data_epic.private_epic2_attachment.pk}) + blocked_url = reverse('epic-attachments-detail', kwargs={"pk": data_epic.blocked_epic_attachment.pk}) + + users = [ + None, + data.registered_user, + data.project_member_without_perms, + data.project_member_with_perms, + ] + + results = helper_test_http_method(client, 'delete', public_url, None, users) + assert results == [401, 403, 403, 204] + + results = helper_test_http_method(client, 'delete', private_url1, None, users) + assert results == [401, 403, 403, 204] + + results = helper_test_http_method(client, 'delete', private_url2, None, users) + assert results == [401, 403, 403, 204] + + results = helper_test_http_method(client, 'delete', blocked_url, None, users) + assert results == [401, 403, 403, 451] + + def test_user_story_attachment_delete(client, data, data_us): public_url = reverse('userstory-attachments-detail', kwargs={"pk": data_us.public_user_story_attachment.pk}) private_url1 = reverse('userstory-attachments-detail', kwargs={"pk": data_us.private_user_story1_attachment.pk}) @@ -534,10 +684,13 @@ def test_user_story_attachment_delete(client, data, data_us): results = helper_test_http_method(client, 'delete', public_url, None, users) assert results == [401, 403, 403, 204] + results = helper_test_http_method(client, 'delete', private_url1, None, users) assert results == [401, 403, 403, 204] + results = helper_test_http_method(client, 'delete', private_url2, None, users) assert results == [401, 403, 403, 204] + results = helper_test_http_method(client, 'delete', blocked_url, None, users) assert results == [401, 403, 403, 451] @@ -557,10 +710,13 @@ def test_task_attachment_delete(client, data, data_task): results = helper_test_http_method(client, 'delete', public_url, None, users) assert results == [401, 403, 403, 204] + results = helper_test_http_method(client, 'delete', private_url1, None, users) assert results == [401, 403, 403, 204] + results = helper_test_http_method(client, 'delete', private_url2, None, users) assert results == [401, 403, 403, 204] + results = helper_test_http_method(client, 'delete', blocked_url, None, users) assert results == [401, 403, 403, 451] @@ -580,10 +736,13 @@ def test_issue_attachment_delete(client, data, data_issue): results = helper_test_http_method(client, 'delete', public_url, None, users) assert results == [401, 403, 403, 204] + results = helper_test_http_method(client, 'delete', private_url1, None, users) assert results == [401, 403, 403, 204] + results = helper_test_http_method(client, 'delete', private_url2, None, users) assert results == [401, 403, 403, 204] + results = helper_test_http_method(client, 'delete', blocked_url, None, users) assert results == [401, 403, 403, 451] @@ -603,14 +762,53 @@ def test_wiki_attachment_delete(client, data, data_wiki): results = helper_test_http_method(client, 'delete', public_url, None, [None, data.registered_user]) assert results == [401, 403] + results = helper_test_http_method(client, 'delete', private_url1, None, [None, data.registered_user]) assert results == [401, 403] + results = helper_test_http_method(client, 'delete', private_url2, None, users) assert results == [401, 403, 403, 204] + results = helper_test_http_method(client, 'delete', blocked_url, None, users) assert results == [401, 403, 403, 451] +def test_epic_attachment_create(client, data, data_epic): + url = reverse('epic-attachments-list') + + users = [ + None, + data.registered_user, + data.project_member_without_perms, + data.project_member_with_perms, + data.project_owner + ] + + attachment_data = {"description": "test", + "object_id": data_epic.public_epic_attachment.object_id, + "project": data_epic.public_epic_attachment.project_id, + "attached_file": SimpleUploadedFile("test.txt", b"test")} + + _after_each_request_hook = lambda: attachment_data["attached_file"].seek(0) + + results = helper_test_http_method(client, 'post', url, attachment_data, users, + content_type=MULTIPART_CONTENT, + after_each_request=_after_each_request_hook) + assert results == [401, 403, 403, 201, 201] + + attachment_data = {"description": "test", + "object_id": data_epic.blocked_epic_attachment.object_id, + "project": data_epic.blocked_epic_attachment.project_id, + "attached_file": SimpleUploadedFile("test.txt", b"test")} + + _after_each_request_hook = lambda: attachment_data["attached_file"].seek(0) + + results = helper_test_http_method(client, 'post', url, attachment_data, users, + content_type=MULTIPART_CONTENT, + after_each_request=_after_each_request_hook) + assert results == [401, 403, 403, 451, 451] + + def test_user_story_attachment_create(client, data, data_us): url = reverse('userstory-attachments-list') @@ -756,6 +954,21 @@ def test_wiki_attachment_create(client, data, data_wiki): assert results == [401, 403, 403, 451, 451] +def test_epic_attachment_list(client, data, data_epic): + url = reverse('epic-attachments-list') + + users = [ + None, + data.registered_user, + data.project_member_without_perms, + data.project_member_with_perms, + data.project_owner + ] + + results = helper_test_http_method_and_count(client, 'get', url, None, users) + assert results == [(200, 2), (200, 2), (200, 2), (200, 4), (200, 4)] + + def test_user_story_attachment_list(client, data, data_us): url = reverse('userstory-attachments-list')