← Back to branch summary

~azzar1/unity/add-show-desktop-key

« back to all changes in this revision

Viewing changes to ivle/webapp/base/test.py

Port www/apps/settings to new framework. It now appears under
/users/$LOGIN/+settings. Templates are updated to link to there, and it is
modified slightly to allow users to edit other users.

Show diffs side-by-side

added added

removed removed

Lines of Context:
ivle/webapp/base/test.py
1
1
import urllib
2
2
 
3
 
from ivle.webapp.base.rest import (JSONRESTView, named_operation,
4
 
                                   require_permission)
5
 
from ivle.webapp.errors import BadRequest, MethodNotAllowed, Unauthorized
 
3
from ivle.webapp.base.views import RESTView, JSONRESTView, named_operation
 
4
from ivle.webapp.errors import BadRequest, MethodNotAllowed
6
5
from ivle.webapp.testing import FakeUser, FakeRequest
7
6
 
8
7
class JSONRESTViewTestWithoutPUT(JSONRESTView):
9
8
    '''A small JSON REST view for testing purposes, without a PUT method.'''
10
 
    def get_permissions(self, user):
11
 
        if user.login == u'fakeuser':
12
 
            return set(['view', 'edit'])
13
 
        if user.login == u'otheruser':
14
 
            return set(['view'])
15
 
        return set()
16
 
 
17
 
    @require_permission('view')
18
9
    def GET(self, req):
19
10
        return {'method': 'get'}
20
11
 
21
 
    @require_permission('edit')
22
12
    def PATCH(self, req, data):
23
13
        return {'method': 'patch',
24
14
                'result': data['result'], 'test': data['test']}
25
15
 
26
 
    @named_operation('view')
 
16
    @named_operation
27
17
    def do_stuff(self, req, what):
28
18
        return {'result': 'Did %s!' % what}
29
19
 
30
 
    @named_operation('edit')
 
20
    @named_operation
31
21
    def say_something(self, req, thing='nothing'):
32
22
        return {'result': 'Said %s!' % thing}
33
23
 
34
 
    @named_operation('edit')
35
 
    def do_say_something(self, req, what, thing='nothing'):
36
 
        return {'result': 'Said %s and %s!' % (what, thing)}
37
 
 
38
 
    @named_operation('view')
 
24
    @named_operation
39
25
    def get_req_method(self, req):
40
26
        return {'method': req.method}
41
27
 
42
28
class JSONRESTViewTest(JSONRESTViewTestWithoutPUT):
43
29
    '''A small JSON REST view for testing purposes.'''
44
 
    @require_permission('edit')
45
30
    def PUT(self, req, data):
46
31
        return {'method': 'put',
47
32
                'result': data['result'], 'test': data['test']}
211
196
        assert req.content_type == 'application/json'
212
197
        assert req.response_body == '{"result": "Said something!"}\n'
213
198
 
214
 
    def testNamedOperationWithDefaultAndMissingArgs(self):
215
 
        req = FakeRequest()
216
 
        req.method = 'POST'
217
 
        req.request_body = urllib.urlencode({'ivle.op': 'do_say_something',
218
 
                                             'thing': 'something'})
219
 
        view = JSONRESTViewTest(req)
220
 
        try:
221
 
            view.render(req)
222
 
        except BadRequest, e:
223
 
            assert e.message == 'Missing arguments: what'
224
 
        else:
225
 
            raise AssertionError("did not raise BadRequest")
226
 
 
227
199
    def testNamedOperationUsingRequest(self):
228
200
        req = FakeRequest()
229
201
        req.method = 'POST'
232
204
        view.render(req)
233
205
        assert req.content_type == 'application/json'
234
206
        assert req.response_body == '{"method": "POST"}\n'
235
 
 
236
 
    def testInvalidPOSTData(self):
237
 
        req = FakeRequest()
238
 
        req.method = 'POST'
239
 
        req.request_body = 'I am invalid&&&&'
240
 
        view = JSONRESTViewTest(req)
241
 
        try:
242
 
            view.render(req)
243
 
        except BadRequest, e:
244
 
            print e.message
245
 
            assert e.message == 'No named operation specified.'
246
 
        else:
247
 
            raise AssertionError("did not raise BadRequest")
248
 
 
249
 
    def testInvalidPATCHData(self):
250
 
        req = FakeRequest()
251
 
        req.method = 'PATCH'
252
 
        req.request_body = 'I am invalid'
253
 
        view = JSONRESTViewTest(req)
254
 
        try:
255
 
            view.render(req)
256
 
        except BadRequest, e:
257
 
            assert e.message == 'Invalid JSON data'
258
 
        else:
259
 
            raise AssertionError("did not raise BadRequest")
260
 
 
261
 
    def testInvalidPUTData(self):
262
 
        req = FakeRequest()
263
 
        req.method = 'PUT'
264
 
        req.request_body = 'I am invalid'
265
 
        view = JSONRESTViewTest(req)
266
 
        try:
267
 
            view.render(req)
268
 
        except BadRequest, e:
269
 
            assert e.message == 'Invalid JSON data'
270
 
        else:
271
 
            raise AssertionError("did not raise BadRequest")
272
 
 
273
 
class TestJSONRESTSecurity:
274
 
    def testGoodMethod(self):
275
 
        req = FakeRequest()
276
 
        req.user.login = u'otheruser'
277
 
        req.method = 'GET'
278
 
        view = JSONRESTViewTest(req)
279
 
        view.render(req)
280
 
        assert req.content_type == 'application/json'
281
 
        assert req.response_body == '{"method": "get"}\n'
282
 
 
283
 
    def testBadMethod(self):
284
 
        req = FakeRequest()
285
 
        req.user.login = u'otheruser'
286
 
        req.method = 'PUT'
287
 
        view = JSONRESTViewTest(req)
288
 
        try:
289
 
            view.render(req)
290
 
        except Unauthorized, e:
291
 
            pass
292
 
        else:
293
 
            raise AssertionError("did not raise Unauthorized")
294
 
 
295
 
    def testGoodNamedOperation(self):
296
 
        req = FakeRequest()
297
 
        req.user.login = u'otheruser'
298
 
        req.method = 'POST'
299
 
        req.request_body = urllib.urlencode({'ivle.op': 'do_stuff',
300
 
                                             'what': 'blah'})
301
 
        view = JSONRESTViewTest(req)
302
 
        view.render(req)
303
 
        assert req.content_type == 'application/json'
304
 
        assert req.response_body == '{"result": "Did blah!"}\n'
305
 
 
306
 
    def testBadNamedOperation(self):
307
 
        req = FakeRequest()
308
 
        req.user.login = u'otheruser'
309
 
        req.method = 'POST'
310
 
        req.request_body = urllib.urlencode({'ivle.op': 'say_something'})
311
 
        view = JSONRESTViewTest(req)
312
 
        try:
313
 
            view.render(req)
314
 
        except Unauthorized, e:
315
 
            pass
316
 
        else:
317
 
            raise AssertionError("did not raise Unauthorized")
318