diff --git a/luncho/blueprints/places.py b/luncho/blueprints/places.py index b5681b9..0894591 100644 --- a/luncho/blueprints/places.py +++ b/luncho/blueprints/places.py @@ -90,17 +90,16 @@ def get_places(): :statuscode 412: Authorization required (:py:class:`AuthorizationRequiredException`) """ - user = request.user places = {} - for group in user.groups: + for group in request.user.groups: for place in group.places: - maintainer = place.owner == user.username + maintainer = place.owner == request.user.username places[place.id] = {'id': place.id, 'name': place.name, 'maintainer': maintainer} - for place in Place.query.filter_by(owner=user.username): - maintainer = place.owner == user.username + for place in Place.query.filter_by(owner=request.user.username): + maintainer = place.owner == request.user.username places[place.id] = {'id': place.id, 'name': place.name, 'maintainer': maintainer} diff --git a/luncho/exceptions.py b/luncho/exceptions.py index d7f9ec4..37c9d64 100644 --- a/luncho/exceptions.py +++ b/luncho/exceptions.py @@ -116,12 +116,12 @@ class AuthorizationRequiredException(LunchoException): HTTP/1.1 401 Unauthorized Content-Type: text/json - { "status": "ERROR": "message": "Request requires authorization" } + { "status": "ERROR": "message": "Request requires authentication" } """ def __init__(self): super(AuthorizationRequiredException, self).__init__() self.status = 401 - self.message = 'Request requires authorization' + self.message = 'Request requires authentication' class AccountNotVerifiedException(LunchoException): diff --git a/tests/general_tests.py b/tests/general_tests.py new file mode 100644 index 0000000..fb037f0 --- /dev/null +++ b/tests/general_tests.py @@ -0,0 +1,22 @@ +#!/usr/bin/env python +# -*- encoding: utf-8 -*- + +from base import LunchoTests + + +class TestLuncho(LunchoTests): + """Test things that are in the base system, not the blueprints + (although the blueprints are required to create the URLs to be used).""" + + def setUp(self): + super(TestLuncho, self).setUp() + return + + def tearDown(self): + super(TestLuncho, self).tearDown() + return + + def test_auth(self): + """Try to request an authenticated request without authentication.""" + rv = self.app.get('/place/') # GET /place/ is authenticated + self.assertJsonError(rv, 401, 'Request requires authentication') diff --git a/tests/place_tests.py b/tests/place_tests.py index f0f810f..3fbbf50 100644 --- a/tests/place_tests.py +++ b/tests/place_tests.py @@ -8,6 +8,7 @@ from json import loads from luncho import server from luncho.server import Place +from luncho.server import Group from base import LunchoTests @@ -33,6 +34,7 @@ class TestPlaces(LunchoTests): self.assertJsonOk(rv) json = loads(rv.data) self.assertTrue('id' in json) + return def test_get_places(self): """Try to get the user places.""" @@ -44,6 +46,7 @@ class TestPlaces(LunchoTests): json = loads(rv.data) self.assertTrue('places' in json) self.assertEqual(len(json['places']), 1) # just the new place + return def test_create_place_not_verified(self): """Try to create a place with an unverified account.""" @@ -57,6 +60,7 @@ class TestPlaces(LunchoTests): request, token=new_user.token) self.assertJsonError(rv, 412, 'Account not verified') + return class TestExistingPlaces(LunchoTests): @@ -68,6 +72,7 @@ class TestExistingPlaces(LunchoTests): owner=self.user) server.db.session.add(self.place) server.db.session.commit() + return def test_update_name(self): """Try to update a place.""" @@ -81,6 +86,7 @@ class TestExistingPlaces(LunchoTests): # check the database place = Place.query.get(placeId) self.assertEqual(place.name, request['name']) + return def test_update_owner(self): """Update the owner of the group.""" @@ -98,6 +104,7 @@ class TestExistingPlaces(LunchoTests): # check the database place = Place.query.get(placeId) self.assertEqual(place.owner, 'newUser') + return def test_update_unknown_place(self): """Try to update a place that doesn't exist.""" @@ -107,6 +114,7 @@ class TestExistingPlaces(LunchoTests): request, token=self.user.token) self.assertJsonError(rv, 404, 'Place not found') + return def test_update_non_admin(self): """A non-admin user tries to update the place.""" @@ -121,6 +129,7 @@ class TestExistingPlaces(LunchoTests): request, token=new_user.token) self.assertJsonError(rv, 403, 'User is not admin') + return def test_change_non_existent_admin(self): """Try to transfer the admin to a user that doesn't exist.""" @@ -129,12 +138,14 @@ class TestExistingPlaces(LunchoTests): request, token=self.user.token) self.assertJsonError(rv, 404, 'New admin not found') + return def test_delete_place(self): """Delete a place.""" rv = self.delete('/place/{placeId}/'.format(placeId=self.place.id), token=self.user.token) self.assertJsonOk(rv) + return def test_delete_non_existent_place(self): """Try to delete a place that doesn't exist.""" @@ -142,6 +153,7 @@ class TestExistingPlaces(LunchoTests): rv = self.delete('/place/{placeId}/'.format(placeId=placeId), token=self.user.token) self.assertJsonError(rv, 404, 'Place not found') + return def test_delete_non_admin(self): """Try to delete the place by a non-admin user.""" @@ -153,7 +165,55 @@ class TestExistingPlaces(LunchoTests): rv = self.delete('/place/{placeId}/'.format(placeId=self.place.id), token=new_user.token) self.assertJsonError(rv, 403, 'User is not admin') + return +class TestGroupPlaces(LunchoTests): + """Test the group+places integration, but from places perspective.""" + + def setUp(self): + super(TestGroupPlaces, self).setUp() + self.default_user() + self.place = Place(name='Place', + owner=self.user) + server.db.session.add(self.place) + server.db.session.commit() + + def tearDown(self): + super(TestGroupPlaces, self).tearDown() + + def test_get_places_from_groups(self): + """Test getting places linked to the user groups.""" + # user1 owns a place and the group. + user1 = self.create_user(name='testUser', + fullname='Test User', + verified=True, + create_token=True) + place = Place(name='Place', owner=user1) + group = Group(name='Test group', owner=user1) + + user1.groups.append(group) + group.places.append(place) # the group now uses that place + server.db.session.add(user1) + server.db.session.add(place) + server.db.session.add(group) + + # user2 is just a member of the group + user2 = self.create_user(name='anotherUser', + fullname='Another user', + verified=True, + create_token=True) + user2.groups.append(group) + server.db.session.add(user2) + server.db.session.commit() + + # now user2 should get the place in their results. + rv = self.get('/place/', + token=user2.token) + self.assertJsonOk(rv) + json = loads(rv.data) + self.assertTrue('places' in json) + self.assertEqual(len(json['places']), 1) # just the new place + if __name__ == '__main__': unittest.main()