From 2461a7c73f342e865cb7ebe750f2216416b1381b Mon Sep 17 00:00:00 2001 From: Cayo Puigdefabregas Date: Mon, 17 Aug 2020 12:51:38 +0200 Subject: [PATCH 1/3] test endpoints --- tests/test_endpoints.py | 193 ++++++++++++++++++++++++++++++++++++++++ 1 file changed, 193 insertions(+) create mode 100644 tests/test_endpoints.py diff --git a/tests/test_endpoints.py b/tests/test_endpoints.py new file mode 100644 index 00000000..c4016425 --- /dev/null +++ b/tests/test_endpoints.py @@ -0,0 +1,193 @@ +import datetime +from uuid import UUID +from flask import g + +import pytest +from colour import Color +from ereuse_utils.naming import Naming +from ereuse_utils.test import ANY +from pytest import raises +from sqlalchemy.util import OrderedSet +from teal.db import ResourceNotFound +from teal.enums import Layouts + +from ereuse_devicehub.client import Client, UserClient +from ereuse_devicehub.db import db +from ereuse_devicehub.devicehub import Devicehub +from ereuse_devicehub.resources.action import models as m +from ereuse_devicehub.resources.action.models import Remove, TestConnectivity +from ereuse_devicehub.resources.agent.models import Person +from ereuse_devicehub.resources.device import models as d +from ereuse_devicehub.resources.device.exceptions import NeedsId +from ereuse_devicehub.resources.device.schemas import Device as DeviceS +from ereuse_devicehub.resources.device.sync import MismatchBetweenTags, MismatchBetweenTagsAndHid, \ + Sync +from ereuse_devicehub.resources.enums import ComputerChassis, DisplayTech, Severity, \ + SnapshotSoftware, TransferState +from ereuse_devicehub.resources.tag.model import Tag +from ereuse_devicehub.resources.user import User +from tests import conftest +from tests.conftest import file + +""" +Action.main POST /actions/ +Action.main DELETE, GET, PATCH, PUT /actions/ +Action.main GET /actions/ +Deliverynote.main POST /deliverynotes/ +Deliverynote.main DELETE, GET, PATCH, PUT /deliverynotes/ +Deliverynote.main GET /deliverynotes/ +Device.main POST /devices/ +Device.main DELETE, GET, PATCH, PUT /devices/ +Device.main GET /devices/ +Device.static GET /devices/static/ +Document.devicesDocumentView GET /documents/devices/ +Document.main GET /documents/erasures/ +Document.main GET /documents/erasures/ +Document.static GET /documents/static/ +Lot.lot-children DELETE, POST /lots//children +Lot.lot-device DELETE, POST /lots//devices +Lot.main POST /lots/ +Lot.main DELETE, GET, PATCH, PUT /lots/ +Lot.main GET /lots/ +Manufacturer.main POST /manufacturers/ +Manufacturer.main DELETE, GET, PATCH, PUT /manufacturers/ +Manufacturer.main GET /manufacturers/ +Proof.main POST /proofs/ +Proof.main DELETE, GET, PATCH, PUT /proofs/ +Proof.main GET /proofs/ +Tag.main POST /tags/ +Tag.main DELETE, GET, PATCH, PUT /tags/ +Tag.main GET /tags/ +Tag.tag-device-view PUT /tags//device/ +Tag.tag-device-view GET /tags//device +User.main POST /users/ +User.main DELETE, GET, PATCH, PUT /users/ +User.main GET /users/ +""" + + +@pytest.mark.mvp_one +def test_users(user: UserClient, client: Client): + """ + User.main POST /users/ + User.main DELETE, GET, PATCH, PUT /users/ + User.main GET /users/ + """ + url = "/users/" + ## User validated + # GET + import pdb; pdb.set_trace() + content, res = user.get(url, None) + assert res.status_code == 200 + content, res = client.get(url, None) + assert res.status_code == 405 + + # POST + content, res = user.post(url, None) + assert res.status_code == 200 + content, res = client.post(url, None) + assert res.status_code == 405 + + + ## + url = "/users/"+user.user["id"] + # GET + content, res = user.get(url, None) + assert res.status_code == 200 + content, res = client.get(url, None) + assert res.status_code == 405 + + # DELETE + content, res = user.delete(url, None) + assert res.status_code == 200 + content, res = client.delete(url, None) + assert res.status_code == 405 + + # PUT + content, res = user.put(url, None) + assert res.status_code == 200 + content, res = client.put(url, None) + assert res.status_code == 405 + + # PATCH + content, res = user.patch(url, None) + assert res.status_code == 200 + content, res = client.patch(url, None) + assert res.status_code == 405 + + + + +@pytest.mark.mvp +def test_get_static(client: Client): + """ static GET /static/ """ + content, res = client.get("/static/file1.jpg", None) + assert res.status_code == 200 + + +@pytest.mark.mvp_one +def test_get_device(app: Devicehub, user: UserClient, client: Client): + """Checks GETting a d.Desktop with its components.""" + + with app.app_context(): + pc = d.Desktop(model='p1mo', + manufacturer='p1ma', + serial_number='p1s', + chassis=ComputerChassis.Tower, + owner_id=user.user['id']) + db.session.add(pc) + db.session.add(TestConnectivity(device=pc, + severity=Severity.Info, + agent=Person(name='Timmy'), + author=User(email='bar@bar.com'))) + db.session.commit() + + pc, res = user.get("/devices/1/", None) + assert res.status_code == 200 + + pc = pc['items'][0] + assert len(pc['actions']) == 1 + assert pc['actions'][0]['type'] == 'TestConnectivity' + assert pc['actions'][0]['device'] == 1 + assert pc['actions'][0]['severity'] == 'Info' + assert UUID(pc['actions'][0]['author']) + assert 'actions_components' not in pc, 'actions_components are internal use only' + assert 'actions_one' not in pc, 'they are internal use only' + assert 'author' not in pc + assert pc['hid'] == 'desktop-p1ma-p1mo-p1s' + assert pc['model'] == 'p1mo' + assert pc['manufacturer'] == 'p1ma' + assert pc['serialNumber'] == 'p1s' + assert pc['type'] == d.Desktop.t + + +@pytest.mark.mvp +def test_get_devices(app: Devicehub, user: UserClient, client: Client): + """Checks GETting multiple devices.""" + + with app.app_context(): + pc = d.Desktop(model='p1mo', + manufacturer='p1ma', + serial_number='p1s', + chassis=ComputerChassis.Tower, + owner_id=user.user['id']) + pc.components = OrderedSet([ + d.NetworkAdapter(model='c1mo', manufacturer='c1ma', serial_number='c1s'), + d.GraphicCard(model='c2mo', manufacturer='c2ma', memory=1500) + ]) + pc1 = d.Desktop(model='p2mo', + manufacturer='p2ma', + serial_number='p2s', + chassis=ComputerChassis.Tower, + owner_id=user.user['id']) + pc2 = d.Laptop(model='p3mo', + manufacturer='p3ma', + serial_number='p3s', + chassis=ComputerChassis.Netbook, + owner_id=user.user['id']) + db.session.add_all((pc, pc1, pc2)) + db.session.commit() + + devices, res = client.get("/devices/", None) + assert len(devices) == 3 + assert res.status_code == 200 From 86cd36f3f838430b3f1676891067116059fd6db3 Mon Sep 17 00:00:00 2001 From: Cayo Puigdefabregas Date: Mon, 17 Aug 2020 18:46:44 +0200 Subject: [PATCH 2/3] change name of test_create_tag for test_get_tag --- tests/test_endpoints.py | 103 +++++++++++++++------------------------- 1 file changed, 38 insertions(+), 65 deletions(-) diff --git a/tests/test_endpoints.py b/tests/test_endpoints.py index c4016425..7353afd9 100644 --- a/tests/test_endpoints.py +++ b/tests/test_endpoints.py @@ -66,7 +66,8 @@ User.main GET /users/ """ -@pytest.mark.mvp_one +@pytest.mark.mvp +@pytest.mark.xfail(reason='We need think about specifications.') def test_users(user: UserClient, client: Client): """ User.main POST /users/ @@ -76,7 +77,6 @@ def test_users(user: UserClient, client: Client): url = "/users/" ## User validated # GET - import pdb; pdb.set_trace() content, res = user.get(url, None) assert res.status_code == 200 content, res = client.get(url, None) @@ -116,78 +116,51 @@ def test_users(user: UserClient, client: Client): assert res.status_code == 405 - - @pytest.mark.mvp -def test_get_static(client: Client): - """ static GET /static/ """ - content, res = client.get("/static/file1.jpg", None) - assert res.status_code == 200 - - -@pytest.mark.mvp_one -def test_get_device(app: Devicehub, user: UserClient, client: Client): +def test_get_device(app: Devicehub, user: UserClient, user2: UserClient): """Checks GETting a d.Desktop with its components.""" - with app.app_context(): - pc = d.Desktop(model='p1mo', - manufacturer='p1ma', - serial_number='p1s', - chassis=ComputerChassis.Tower, - owner_id=user.user['id']) - db.session.add(pc) - db.session.add(TestConnectivity(device=pc, - severity=Severity.Info, - agent=Person(name='Timmy'), - author=User(email='bar@bar.com'))) - db.session.commit() - - pc, res = user.get("/devices/1/", None) + user.post(file('asus-eee-1000h.snapshot.11'), res=m.Snapshot) + pc, res = user.get("/devices/1", None) assert res.status_code == 200 + assert len(pc['actions']) == 9 - pc = pc['items'][0] - assert len(pc['actions']) == 1 - assert pc['actions'][0]['type'] == 'TestConnectivity' - assert pc['actions'][0]['device'] == 1 - assert pc['actions'][0]['severity'] == 'Info' - assert UUID(pc['actions'][0]['author']) - assert 'actions_components' not in pc, 'actions_components are internal use only' - assert 'actions_one' not in pc, 'they are internal use only' - assert 'author' not in pc - assert pc['hid'] == 'desktop-p1ma-p1mo-p1s' - assert pc['model'] == 'p1mo' - assert pc['manufacturer'] == 'p1ma' - assert pc['serialNumber'] == 'p1s' - assert pc['type'] == d.Desktop.t + pc2, res2 = user2.get("/devices/1", None) + assert res2.status_code == 200 + assert len(pc['actions']) == 0 @pytest.mark.mvp -def test_get_devices(app: Devicehub, user: UserClient, client: Client): +def test_get_devices(app: Devicehub, user: UserClient, user2: UserClient): """Checks GETting multiple devices.""" - with app.app_context(): - pc = d.Desktop(model='p1mo', - manufacturer='p1ma', - serial_number='p1s', - chassis=ComputerChassis.Tower, - owner_id=user.user['id']) - pc.components = OrderedSet([ - d.NetworkAdapter(model='c1mo', manufacturer='c1ma', serial_number='c1s'), - d.GraphicCard(model='c2mo', manufacturer='c2ma', memory=1500) - ]) - pc1 = d.Desktop(model='p2mo', - manufacturer='p2ma', - serial_number='p2s', - chassis=ComputerChassis.Tower, - owner_id=user.user['id']) - pc2 = d.Laptop(model='p3mo', - manufacturer='p3ma', - serial_number='p3s', - chassis=ComputerChassis.Netbook, - owner_id=user.user['id']) - db.session.add_all((pc, pc1, pc2)) - db.session.commit() + user.post(file('asus-eee-1000h.snapshot.11'), res=m.Snapshot) + url = '/devices/?filter={"type":["Computer"]}' - devices, res = client.get("/devices/", None) - assert len(devices) == 3 + devices, res = user.get(url, None) + devices2, res2 = user2.get(url, None) assert res.status_code == 200 + assert res2.status_code == 200 + assert len(devices['items']) == 1 + assert len(devices2['items']) == 0 + + +@pytest.mark.mvp +def test_get_tag(app: Devicehub, user: UserClient, user2: UserClient): + """Creates a tag specifying a custom organization.""" + with app.app_context(): + # Create a pc with a tag + tag = Tag(id='foo-bar', owner_id=user.user['id']) + pc = d.Desktop(serial_number='sn1', chassis=ComputerChassis.Tower, owner_id=user.user['id']) + pc.tags.add(tag) + db.session.add(pc) + db.session.commit() + computer, res = user.get(res=Tag, item='foo-bar/device') + + url = "/tags/?foo-bar/device" + computer, res = user.get(url, None) + computer2, res2 = user2.get(url, None) + assert res.status_code == 200 + assert res2.status_code == 200 + assert len(computer['items']) == 1 + assert len(computer2['items']) == 0 From a2b2be77f456d6b76db842c28703fe6fc25739c1 Mon Sep 17 00:00:00 2001 From: Cayo Puigdefabregas Date: Tue, 18 Aug 2020 12:35:04 +0200 Subject: [PATCH 3/3] fixing get_device permissions --- ereuse_devicehub/resources/device/views.py | 2 ++ tests/test_endpoints.py | 2 +- 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/ereuse_devicehub/resources/device/views.py b/ereuse_devicehub/resources/device/views.py index 6f07ad12..8f16b12d 100644 --- a/ereuse_devicehub/resources/device/views.py +++ b/ereuse_devicehub/resources/device/views.py @@ -129,6 +129,8 @@ class DeviceView(View): @auth.Auth.requires_auth def one_private(self, id: int): device = Device.query.filter_by(id=id).one() + if hasattr(device, 'owner_id') and device.owner_id != g.user.id: + device = {} return self.schema.jsonify(device) @auth.Auth.requires_auth diff --git a/tests/test_endpoints.py b/tests/test_endpoints.py index 7353afd9..6c15c050 100644 --- a/tests/test_endpoints.py +++ b/tests/test_endpoints.py @@ -127,7 +127,7 @@ def test_get_device(app: Devicehub, user: UserClient, user2: UserClient): pc2, res2 = user2.get("/devices/1", None) assert res2.status_code == 200 - assert len(pc['actions']) == 0 + assert pc2 == {} @pytest.mark.mvp