diff --git a/ereuse_devicehub/resources/device/views.py b/ereuse_devicehub/resources/device/views.py index 6f07ad12..8f16b12d 100644 --- a/ereuse_devicehub/resources/device/views.py +++ b/ereuse_devicehub/resources/device/views.py @@ -129,6 +129,8 @@ class DeviceView(View): @auth.Auth.requires_auth def one_private(self, id: int): device = Device.query.filter_by(id=id).one() + if hasattr(device, 'owner_id') and device.owner_id != g.user.id: + device = {} return self.schema.jsonify(device) @auth.Auth.requires_auth diff --git a/tests/test_endpoints.py b/tests/test_endpoints.py new file mode 100644 index 00000000..6c15c050 --- /dev/null +++ b/tests/test_endpoints.py @@ -0,0 +1,166 @@ +import datetime +from uuid import UUID +from flask import g + +import pytest +from colour import Color +from ereuse_utils.naming import Naming +from ereuse_utils.test import ANY +from pytest import raises +from sqlalchemy.util import OrderedSet +from teal.db import ResourceNotFound +from teal.enums import Layouts + +from ereuse_devicehub.client import Client, UserClient +from ereuse_devicehub.db import db +from ereuse_devicehub.devicehub import Devicehub +from ereuse_devicehub.resources.action import models as m +from ereuse_devicehub.resources.action.models import Remove, TestConnectivity +from ereuse_devicehub.resources.agent.models import Person +from ereuse_devicehub.resources.device import models as d +from ereuse_devicehub.resources.device.exceptions import NeedsId +from ereuse_devicehub.resources.device.schemas import Device as DeviceS +from ereuse_devicehub.resources.device.sync import MismatchBetweenTags, MismatchBetweenTagsAndHid, \ + Sync +from ereuse_devicehub.resources.enums import ComputerChassis, DisplayTech, Severity, \ + SnapshotSoftware, TransferState +from ereuse_devicehub.resources.tag.model import Tag +from ereuse_devicehub.resources.user import User +from tests import conftest +from tests.conftest import file + +""" +Action.main POST /actions/ +Action.main DELETE, GET, PATCH, PUT /actions/ +Action.main GET /actions/ +Deliverynote.main POST /deliverynotes/ +Deliverynote.main DELETE, GET, PATCH, PUT /deliverynotes/ +Deliverynote.main GET /deliverynotes/ +Device.main POST /devices/ +Device.main DELETE, GET, PATCH, PUT /devices/ +Device.main GET /devices/ +Device.static GET /devices/static/ +Document.devicesDocumentView GET /documents/devices/ +Document.main GET /documents/erasures/ +Document.main GET /documents/erasures/ +Document.static GET /documents/static/ +Lot.lot-children DELETE, POST /lots//children +Lot.lot-device DELETE, POST /lots//devices +Lot.main POST /lots/ +Lot.main DELETE, GET, PATCH, PUT /lots/ +Lot.main GET /lots/ +Manufacturer.main POST /manufacturers/ +Manufacturer.main DELETE, GET, PATCH, PUT /manufacturers/ +Manufacturer.main GET /manufacturers/ +Proof.main POST /proofs/ +Proof.main DELETE, GET, PATCH, PUT /proofs/ +Proof.main GET /proofs/ +Tag.main POST /tags/ +Tag.main DELETE, GET, PATCH, PUT /tags/ +Tag.main GET /tags/ +Tag.tag-device-view PUT /tags//device/ +Tag.tag-device-view GET /tags//device +User.main POST /users/ +User.main DELETE, GET, PATCH, PUT /users/ +User.main GET /users/ +""" + + +@pytest.mark.mvp +@pytest.mark.xfail(reason='We need think about specifications.') +def test_users(user: UserClient, client: Client): + """ + User.main POST /users/ + User.main DELETE, GET, PATCH, PUT /users/ + User.main GET /users/ + """ + url = "/users/" + ## User validated + # GET + content, res = user.get(url, None) + assert res.status_code == 200 + content, res = client.get(url, None) + assert res.status_code == 405 + + # POST + content, res = user.post(url, None) + assert res.status_code == 200 + content, res = client.post(url, None) + assert res.status_code == 405 + + + ## + url = "/users/"+user.user["id"] + # GET + content, res = user.get(url, None) + assert res.status_code == 200 + content, res = client.get(url, None) + assert res.status_code == 405 + + # DELETE + content, res = user.delete(url, None) + assert res.status_code == 200 + content, res = client.delete(url, None) + assert res.status_code == 405 + + # PUT + content, res = user.put(url, None) + assert res.status_code == 200 + content, res = client.put(url, None) + assert res.status_code == 405 + + # PATCH + content, res = user.patch(url, None) + assert res.status_code == 200 + content, res = client.patch(url, None) + assert res.status_code == 405 + + +@pytest.mark.mvp +def test_get_device(app: Devicehub, user: UserClient, user2: UserClient): + """Checks GETting a d.Desktop with its components.""" + + user.post(file('asus-eee-1000h.snapshot.11'), res=m.Snapshot) + pc, res = user.get("/devices/1", None) + assert res.status_code == 200 + assert len(pc['actions']) == 9 + + pc2, res2 = user2.get("/devices/1", None) + assert res2.status_code == 200 + assert pc2 == {} + + +@pytest.mark.mvp +def test_get_devices(app: Devicehub, user: UserClient, user2: UserClient): + """Checks GETting multiple devices.""" + + user.post(file('asus-eee-1000h.snapshot.11'), res=m.Snapshot) + url = '/devices/?filter={"type":["Computer"]}' + + devices, res = user.get(url, None) + devices2, res2 = user2.get(url, None) + assert res.status_code == 200 + assert res2.status_code == 200 + assert len(devices['items']) == 1 + assert len(devices2['items']) == 0 + + +@pytest.mark.mvp +def test_get_tag(app: Devicehub, user: UserClient, user2: UserClient): + """Creates a tag specifying a custom organization.""" + with app.app_context(): + # Create a pc with a tag + tag = Tag(id='foo-bar', owner_id=user.user['id']) + pc = d.Desktop(serial_number='sn1', chassis=ComputerChassis.Tower, owner_id=user.user['id']) + pc.tags.add(tag) + db.session.add(pc) + db.session.commit() + computer, res = user.get(res=Tag, item='foo-bar/device') + + url = "/tags/?foo-bar/device" + computer, res = user.get(url, None) + computer2, res2 = user2.get(url, None) + assert res.status_code == 200 + assert res2.status_code == 200 + assert len(computer['items']) == 1 + assert len(computer2['items']) == 0