sintonia/api/libretimeapi/tests/test_permissions.py

import os

from django.conf import settings
from django.contrib.auth import get_user_model
from django.contrib.auth.models import AnonymousUser
from libretimeapi.models.user_constants import ADMIN, DJ, GUEST, PROGRAM_MANAGER
from libretimeapi.permission_constants import (
    DJ_PERMISSIONS,
    GUEST_PERMISSIONS,
    PROGRAM_MANAGER_PERMISSIONS,
)
from libretimeapi.permissions import IsSystemTokenOrUser
from model_bakery import baker
from rest_framework.test import APIRequestFactory, APITestCase


class TestIsSystemTokenOrUser(APITestCase):
    @classmethod
    def setUpTestData(cls):
        cls.path = "/api/v2/files/"

    def test_unauthorized(self):
        response = self.client.get(self.path.format("files"))
        self.assertEqual(response.status_code, 403)

    def test_token_incorrect(self):
        token = "doesnotexist"
        request = APIRequestFactory().get(self.path)
        request.user = AnonymousUser()
        request.META["Authorization"] = "Api-Key {token}".format(token=token)
        allowed = IsSystemTokenOrUser().has_permission(request, None)
        self.assertFalse(allowed)

    def test_token_correct(self):
        token = settings.CONFIG.get("general", "api_key")
        request = APIRequestFactory().get(self.path)
        request.user = AnonymousUser()
        request.META["Authorization"] = "Api-Key {token}".format(token=token)
        allowed = IsSystemTokenOrUser().has_permission(request, None)
        self.assertTrue(allowed)


class TestPermissions(APITestCase):
    URLS = [
        "schedule",
        "shows",
        "show-days",
        "show-hosts",
        "show-instances",
        "show-rebroadcasts",
        "files",
        "playlists",
        "playlist-contents",
        "smart-blocks",
        "smart-block-contents",
        "smart-block-criteria",
        "webstreams",
    ]

    def logged_in_test_model(self, model, name, user_type, fn):
        path = self.path.format(model)
        user_created = get_user_model().objects.filter(username=name)
        if not user_created:
            user = get_user_model().objects.create_user(
                name,
                email="test@example.com",
                password="test",
                type=user_type,
                first_name="test",
                last_name="user",
            )
        self.client.login(username=name, password="test")
        return fn(path)

    @classmethod
    def setUpTestData(cls):
        cls.path = "/api/v2/{}/"

    def test_guest_permissions_success(self):
        for model in self.URLS:
            response = self.logged_in_test_model(model, "guest", GUEST, self.client.get)
            self.assertEqual(
                response.status_code, 200, msg="Invalid for model {}".format(model)
            )

    def test_guest_permissions_failure(self):
        for model in self.URLS:
            response = self.logged_in_test_model(
                model, "guest", GUEST, self.client.post
            )
            self.assertEqual(
                response.status_code, 403, msg="Invalid for model {}".format(model)
            )
        response = self.logged_in_test_model("users", "guest", GUEST, self.client.get)
        self.assertEqual(response.status_code, 403, msg="Invalid for model users")

    def test_dj_get_permissions(self):
        for model in self.URLS:
            response = self.logged_in_test_model(model, "dj", DJ, self.client.get)
            self.assertEqual(
                response.status_code, 200, msg="Invalid for model {}".format(model)
            )

    def test_dj_post_permissions(self):
        user = get_user_model().objects.create_user(
            "test-dj",
            email="test@example.com",
            password="test",
            type=DJ,
            first_name="test",
            last_name="user",
        )
        f = baker.make("libretimeapi.File", owner=user)
        model = "files/{}".format(f.id)
        path = self.path.format(model)
        self.client.login(username="test-dj", password="test")
        response = self.client.patch(path, {"name": "newFilename"})
        self.assertEqual(response.status_code, 200)

    def test_dj_post_permissions_failure(self):
        user = get_user_model().objects.create_user(
            "test-dj",
            email="test@example.com",
            password="test",
            type=DJ,
            first_name="test",
            last_name="user",
        )
        f = baker.make("libretimeapi.File")
        model = "files/{}".format(f.id)
        path = self.path.format(model)
        self.client.login(username="test-dj", password="test")
        response = self.client.patch(path, {"name": "newFilename"})
        self.assertEqual(response.status_code, 403)
add API v2 2020-01-30 14:47:36 +01:00			`import os`
Add isort pre-commit hook Sort import statement in python files See https://github.com/PyCQA/isort 2021-06-03 15:20:39 +02:00
			`from django.conf import settings`
add API v2 2020-01-30 14:47:36 +01:00			`from django.contrib.auth import get_user_model`
			`from django.contrib.auth.models import AnonymousUser`
Add isort pre-commit hook Sort import statement in python files See https://github.com/PyCQA/isort 2021-06-03 15:20:39 +02:00			`from libretimeapi.models.user_constants import ADMIN, DJ, GUEST, PROGRAM_MANAGER`
Format code using black 2021-05-27 16:23:02 +02:00			`from libretimeapi.permission_constants import (`
			`DJ_PERMISSIONS,`
Add isort pre-commit hook Sort import statement in python files See https://github.com/PyCQA/isort 2021-06-03 15:20:39 +02:00			`GUEST_PERMISSIONS,`
Format code using black 2021-05-27 16:23:02 +02:00			`PROGRAM_MANAGER_PERMISSIONS,`
			`)`
Add isort pre-commit hook Sort import statement in python files See https://github.com/PyCQA/isort 2021-06-03 15:20:39 +02:00			`from libretimeapi.permissions import IsSystemTokenOrUser`
			`from model_bakery import baker`
			`from rest_framework.test import APIRequestFactory, APITestCase`
add API v2 2020-01-30 14:47:36 +01:00

			`class TestIsSystemTokenOrUser(APITestCase):`
			`@classmethod`
			`def setUpTestData(cls):`
			`cls.path = "/api/v2/files/"`

			`def test_unauthorized(self):`
Format code using black 2021-05-27 16:23:02 +02:00			`response = self.client.get(self.path.format("files"))`
add API v2 2020-01-30 14:47:36 +01:00			`self.assertEqual(response.status_code, 403)`

			`def test_token_incorrect(self):`
Format code using black 2021-05-27 16:23:02 +02:00			`token = "doesnotexist"`
add API v2 2020-01-30 14:47:36 +01:00			`request = APIRequestFactory().get(self.path)`
			`request.user = AnonymousUser()`
Format code using black 2021-05-27 16:23:02 +02:00			`request.META["Authorization"] = "Api-Key {token}".format(token=token)`
add API v2 2020-01-30 14:47:36 +01:00			`allowed = IsSystemTokenOrUser().has_permission(request, None)`
			`self.assertFalse(allowed)`

			`def test_token_correct(self):`
Format code using black 2021-05-27 16:23:02 +02:00			`token = settings.CONFIG.get("general", "api_key")`
add API v2 2020-01-30 14:47:36 +01:00			`request = APIRequestFactory().get(self.path)`
			`request.user = AnonymousUser()`
Format code using black 2021-05-27 16:23:02 +02:00			`request.META["Authorization"] = "Api-Key {token}".format(token=token)`
add API v2 2020-01-30 14:47:36 +01:00			`allowed = IsSystemTokenOrUser().has_permission(request, None)`
			`self.assertTrue(allowed)`


			`class TestPermissions(APITestCase):`
			`URLS = [`
Format code using black 2021-05-27 16:23:02 +02:00			`"schedule",`
			`"shows",`
			`"show-days",`
			`"show-hosts",`
			`"show-instances",`
			`"show-rebroadcasts",`
			`"files",`
			`"playlists",`
			`"playlist-contents",`
			`"smart-blocks",`
			`"smart-block-contents",`
			`"smart-block-criteria",`
			`"webstreams",`
add API v2 2020-01-30 14:47:36 +01:00			`]`

			`def logged_in_test_model(self, model, name, user_type, fn):`
			`path = self.path.format(model)`
			`user_created = get_user_model().objects.filter(username=name)`
			`if not user_created:`
Format code using black 2021-05-27 16:23:02 +02:00			`user = get_user_model().objects.create_user(`
			`name,`
			`email="test@example.com",`
			`password="test",`
			`type=user_type,`
			`first_name="test",`
			`last_name="user",`
			`)`
			`self.client.login(username=name, password="test")`
add API v2 2020-01-30 14:47:36 +01:00			`return fn(path)`

			`@classmethod`
			`def setUpTestData(cls):`
			`cls.path = "/api/v2/{}/"`

			`def test_guest_permissions_success(self):`
			`for model in self.URLS:`
Format code using black 2021-05-27 16:23:02 +02:00			`response = self.logged_in_test_model(model, "guest", GUEST, self.client.get)`
			`self.assertEqual(`
			`response.status_code, 200, msg="Invalid for model {}".format(model)`
			`)`
add API v2 2020-01-30 14:47:36 +01:00
			`def test_guest_permissions_failure(self):`
			`for model in self.URLS:`
Format code using black 2021-05-27 16:23:02 +02:00			`response = self.logged_in_test_model(`
			`model, "guest", GUEST, self.client.post`
			`)`
			`self.assertEqual(`
			`response.status_code, 403, msg="Invalid for model {}".format(model)`
			`)`
			`response = self.logged_in_test_model("users", "guest", GUEST, self.client.get)`
			`self.assertEqual(response.status_code, 403, msg="Invalid for model users")`
add API v2 2020-01-30 14:47:36 +01:00
			`def test_dj_get_permissions(self):`
			`for model in self.URLS:`
Format code using black 2021-05-27 16:23:02 +02:00			`response = self.logged_in_test_model(model, "dj", DJ, self.client.get)`
			`self.assertEqual(`
			`response.status_code, 200, msg="Invalid for model {}".format(model)`
			`)`
add API v2 2020-01-30 14:47:36 +01:00
			`def test_dj_post_permissions(self):`
Format code using black 2021-05-27 16:23:02 +02:00			`user = get_user_model().objects.create_user(`
			`"test-dj",`
			`email="test@example.com",`
			`password="test",`
			`type=DJ,`
			`first_name="test",`
			`last_name="user",`
			`)`
			`f = baker.make("libretimeapi.File", owner=user)`
			`model = "files/{}".format(f.id)`
add API v2 2020-01-30 14:47:36 +01:00			`path = self.path.format(model)`
Format code using black 2021-05-27 16:23:02 +02:00			`self.client.login(username="test-dj", password="test")`
			`response = self.client.patch(path, {"name": "newFilename"})`
add API v2 2020-01-30 14:47:36 +01:00			`self.assertEqual(response.status_code, 200)`

			`def test_dj_post_permissions_failure(self):`
Format code using black 2021-05-27 16:23:02 +02:00			`user = get_user_model().objects.create_user(`
			`"test-dj",`
			`email="test@example.com",`
			`password="test",`
			`type=DJ,`
			`first_name="test",`
			`last_name="user",`
			`)`
			`f = baker.make("libretimeapi.File")`
			`model = "files/{}".format(f.id)`
add API v2 2020-01-30 14:47:36 +01:00			`path = self.path.format(model)`
Format code using black 2021-05-27 16:23:02 +02:00			`self.client.login(username="test-dj", password="test")`
			`response = self.client.patch(path, {"name": "newFilename"})`
add API v2 2020-01-30 14:47:36 +01:00			`self.assertEqual(response.status_code, 403)`