« back to all changes in this revision
Viewing changes to ivle/webapp/base/test/test_rest.py
- browse files at revision 1099.1.112
- compare with another revision
- compare with revision 1099.1.112
- download diff
- download tarball
- view history from revision 1099.1.112
- Committer: William Grant
- Date: 2009-02-12 12:10:39 UTC
- mto: (1092.1.21 setup-stuff) (1099.1.143 new-dispatch) (1100.1.8 new-ui)
- mto: This revision was merged to the branch mainline in revision 1100.
- Revision ID: wgrant@ubuntu.com-20090212121039-cmh07gybckdwi3hj
Implement authorization in JSON REST views. Add security declarations to
UserRESTView.
UserRESTView.
added
removed
ivle/webapp/base/test/test_rest.py
1
1
import urllib
2
2
3
from ivle.webapp.base.rest import JSONRESTView, named_operation
4
from ivle.webapp.errors import BadRequest, MethodNotAllowed
3
from ivle.webapp.base.rest import (JSONRESTView, named_operation,
4
require_permission)
5
from ivle.webapp.errors import BadRequest, MethodNotAllowed, Unauthorized
5
6
from ivle.webapp.testing import FakeUser, FakeRequest
6
7
7
8
class JSONRESTViewTestWithoutPUT(JSONRESTView):
8
9
'''A small JSON REST view for testing purposes, without a PUT method.'''
10
def get_permissions(self, user):
11
if user.login == u'fakeuser':
12
return set(['view', 'edit'])
13
if user.login == u'otheruser':
14
return set(['view'])
15
return set()
16
17
@require_permission('view')
9
18
def GET(self, req):
10
19
return {'method': 'get'}
11
20
21
@require_permission('edit')
12
22
def PATCH(self, req, data):
13
23
return {'method': 'patch',
14
24
'result': data['result'], 'test': data['test']}
15
25
16
@named_operation
26
@named_operation('view')
17
27
def do_stuff(self, req, what):
18
28
return {'result': 'Did %s!' % what}
19
29
20
@named_operation
30
@named_operation('edit')
21
31
def say_something(self, req, thing='nothing'):
22
32
return {'result': 'Said %s!' % thing}
23
33
24
@named_operation
34
@named_operation('edit')
25
35
def do_say_something(self, req, what, thing='nothing'):
26
36
return {'result': 'Said %s and %s!' % (what, thing)}
27
37
28
@named_operation
38
@named_operation('view')
29
39
def get_req_method(self, req):
30
40
return {'method': req.method}
31
41
32
42
class JSONRESTViewTest(JSONRESTViewTestWithoutPUT):
33
43
'''A small JSON REST view for testing purposes.'''
44
@require_permission('edit')
34
45
def PUT(self, req, data):
35
46
return {'method': 'put',
36
47
'result': data['result'], 'test': data['test']}
258
269
assert e.message == 'Invalid JSON data'
259
270
else:
260
271
raise AssertionError("did not raise BadRequest")
272
273
class TestJSONRESTSecurity:
274
def testGoodMethod(self):
275
req = FakeRequest()
276
req.user.login = u'otheruser'
277
req.method = 'GET'
278
view = JSONRESTViewTest(req)
279
view.render(req)
280
assert req.content_type == 'application/json'
281
assert req.response_body == '{"method": "get"}\n'
282
283
def testBadMethod(self):
284
req = FakeRequest()
285
req.user.login = u'otheruser'
286
req.method = 'PUT'
287
view = JSONRESTViewTest(req)
288
try:
289
view.render(req)
290
except Unauthorized, e:
291
pass
292
else:
293
raise AssertionError("did not raise Unauthorized")
294
295
def testGoodNamedOperation(self):
296
req = FakeRequest()
297
req.user.login = u'otheruser'
298
req.method = 'POST'
299
req.request_body = urllib.urlencode({'ivle.op': 'do_stuff',
300
'what': 'blah'})
301
view = JSONRESTViewTest(req)
302
view.render(req)
303
assert req.content_type == 'application/json'
304
assert req.response_body == '{"result": "Did blah!"}\n'
305
306
def testBadNamedOperation(self):
307
req = FakeRequest()
308
req.user.login = u'otheruser'
309
req.method = 'POST'
310
req.request_body = urllib.urlencode({'ivle.op': 'say_something'})
311
view = JSONRESTViewTest(req)
312
try:
313
view.render(req)
314
except Unauthorized, e:
315
pass
316
else:
317
raise AssertionError("did not raise Unauthorized")
318
Loggerhead is a web-based interface for Breezy
Version: 2.0.1