add API v2

api/libretimeapi/tests/runners.py

@@ -0,0 +1,24 @@
+from django.test.runner import DiscoverRunner
+
+
+class ManagedModelTestRunner(DiscoverRunner):
+    """
+    Test runner that automatically makes all unmanaged models in your Django
+    project managed for the duration of the test run, so that one doesn't need
+    to execute the SQL manually to create them.
+    """
+    def setup_test_environment(self, *args, **kwargs):
+        from django.apps import apps
+        self.unmanaged_models = [m for m in apps.get_models()
+                                 if not m._meta.managed]
+        for m in self.unmanaged_models:
+            m._meta.managed = True
+        super(ManagedModelTestRunner, self).setup_test_environment(*args,
+                                                                   **kwargs)
+
+    def teardown_test_environment(self, *args, **kwargs):
+        super(ManagedModelTestRunner, self).teardown_test_environment(*args,
+                                                                      **kwargs)
+        # reset unmanaged models
+        for m in self.unmanaged_models:
+            m._meta.managed = False

api/libretimeapi/tests/test_models.py

@@ -0,0 +1,40 @@
+from rest_framework.test import APITestCase
+from django.contrib.auth.models import Group
+from django.apps import apps
+from libretimeapi.models import User
+from libretimeapi.models.user_constants import GUEST, DJ
+from libretimeapi.permission_constants import GROUPS
+
+
+class TestUserManager(APITestCase):
+    def test_create_user(self):
+        user = User.objects.create_user('test',
+                                        email='test@example.com',
+                                        password='test',
+                                        type=DJ,
+                                        first_name='test',
+                                        last_name='user')
+        db_user = User.objects.get(pk=user.pk)
+        self.assertEqual(db_user.username, user.username)
+
+    def test_create_superuser(self):
+        user = User.objects.create_superuser('test',
+                                             email='test@example.com',
+                                             password='test',
+                                             first_name='test',
+                                             last_name='user')
+        db_user = User.objects.get(pk=user.pk)
+        self.assertEqual(db_user.username, user.username)
+
+class TestUser(APITestCase):
+    def test_guest_get_group_perms(self):
+        user = User.objects.create_user('test',
+                                        email='test@example.com',
+                                        password='test',
+                                        type=GUEST,
+                                        first_name='test',
+                                        last_name='user')
+        permissions = user.get_group_permissions()
+        # APIRoot permission hardcoded in the check as it isn't a Permission object
+        str_perms = [p.codename for p in permissions] + ['view_apiroot']
+        self.assertCountEqual(str_perms, GROUPS[GUEST])

api/libretimeapi/tests/test_permissions.py

@@ -0,0 +1,119 @@
+import os
+from django.contrib.auth import get_user_model
+from django.contrib.auth.models import AnonymousUser
+from django.conf import settings
+from rest_framework.test import APITestCase, APIRequestFactory
+from model_bakery import baker
+from libretimeapi.permissions import IsSystemTokenOrUser
+from libretimeapi.permission_constants import GUEST_PERMISSIONS, DJ_PERMISSIONS, PROGRAM_MANAGER_PERMISSIONS
+from libretimeapi.models.user_constants import GUEST, DJ, PROGRAM_MANAGER, ADMIN
+
+
+class TestIsSystemTokenOrUser(APITestCase):
+    @classmethod
+    def setUpTestData(cls):
+        cls.path = "/api/v2/files/"
+
+    def test_unauthorized(self):
+        response = self.client.get(self.path.format('files'))
+        self.assertEqual(response.status_code, 403)
+
+    def test_token_incorrect(self):
+        token = 'doesnotexist'
+        request = APIRequestFactory().get(self.path)
+        request.user = AnonymousUser()
+        request.META['Authorization'] = 'Api-Key {token}'.format(token=token)
+        allowed = IsSystemTokenOrUser().has_permission(request, None)
+        self.assertFalse(allowed)
+
+    def test_token_correct(self):
+        token = settings.CONFIG.get('general', 'api_key')
+        request = APIRequestFactory().get(self.path)
+        request.user = AnonymousUser()
+        request.META['Authorization'] = 'Api-Key {token}'.format(token=token)
+        allowed = IsSystemTokenOrUser().has_permission(request, None)
+        self.assertTrue(allowed)
+
+
+class TestPermissions(APITestCase):
+    URLS = [
+        'schedule',
+        'shows',
+        'show-days',
+        'show-hosts',
+        'show-instances',
+        'show-rebroadcasts',
+        'files',
+        'playlists',
+        'playlist-contents',
+        'smart-blocks',
+        'smart-block-contents',
+        'smart-block-criteria',
+        'webstreams',
+    ]
+
+    def logged_in_test_model(self, model, name, user_type, fn):
+        path = self.path.format(model)
+        user_created = get_user_model().objects.filter(username=name)
+        if not user_created:
+            user = get_user_model().objects.create_user(name,
+                                                        email='test@example.com',
+                                                        password='test',
+                                                        type=user_type,
+                                                        first_name='test',
+                                                        last_name='user')
+        self.client.login(username=name, password='test')
+        return fn(path)
+
+    @classmethod
+    def setUpTestData(cls):
+        cls.path = "/api/v2/{}/"
+
+    def test_guest_permissions_success(self):
+        for model in self.URLS:
+            response = self.logged_in_test_model(model, 'guest', GUEST, self.client.get)
+            self.assertEqual(response.status_code, 200,
+                             msg='Invalid for model {}'.format(model))
+
+    def test_guest_permissions_failure(self):
+        for model in self.URLS:
+            response = self.logged_in_test_model(model, 'guest', GUEST, self.client.post)
+            self.assertEqual(response.status_code, 403,
+                             msg='Invalid for model {}'.format(model))
+        response = self.logged_in_test_model('users', 'guest', GUEST, self.client.get)
+        self.assertEqual(response.status_code, 403, msg='Invalid for model users')
+
+    def test_dj_get_permissions(self):
+        for model in self.URLS:
+            response = self.logged_in_test_model(model, 'dj', DJ, self.client.get)
+            self.assertEqual(response.status_code, 200,
+                             msg='Invalid for model {}'.format(model))
+
+    def test_dj_post_permissions(self):
+        user = get_user_model().objects.create_user('test-dj',
+                                                    email='test@example.com',
+                                                    password='test',
+                                                    type=DJ,
+                                                    first_name='test',
+                                                    last_name='user')
+        f = baker.make('libretimeapi.File',
+                       owner=user)
+        model = 'files/{}'.format(f.id)
+        path = self.path.format(model)
+        self.client.login(username='test-dj', password='test')
+        response = self.client.patch(path, {'name': 'newFilename'})
+        self.assertEqual(response.status_code, 200)
+
+    def test_dj_post_permissions_failure(self):
+        user = get_user_model().objects.create_user('test-dj',
+                                                    email='test@example.com',
+                                                    password='test',
+                                                    type=DJ,
+                                                    first_name='test',
+                                                    last_name='user')
+        f = baker.make('libretimeapi.File')
+        model = 'files/{}'.format(f.id)
+        path = self.path.format(model)
+        self.client.login(username='test-dj', password='test')
+        response = self.client.patch(path, {'name': 'newFilename'})
+        self.assertEqual(response.status_code, 403)

api/libretimeapi/tests/test_views.py

@@ -0,0 +1,38 @@
+import os
+from django.contrib.auth.models import AnonymousUser
+from django.conf import settings
+from rest_framework.test import APITestCase, APIRequestFactory
+from model_bakery import baker
+from libretimeapi.views import FileViewSet
+
+
+class TestFileViewSet(APITestCase):
+    @classmethod
+    def setUpTestData(cls):
+        cls.path = "/api/v2/files/{id}/download/"
+        cls.token = settings.CONFIG.get('general', 'api_key')
+
+    def test_invalid(self):
+        path = self.path.format(id='a')
+        self.client.credentials(HTTP_AUTHORIZATION='Api-Key {}'.format(self.token))
+        response = self.client.get(path)
+        self.assertEqual(response.status_code, 400)
+
+    def test_does_not_exist(self):
+        path = self.path.format(id='1')
+        self.client.credentials(HTTP_AUTHORIZATION='Api-Key {}'.format(self.token))
+        response = self.client.get(path)
+        self.assertEqual(response.status_code, 404)
+
+    def test_exists(self):
+        music_dir = baker.make('libretimeapi.MusicDir',
+                               directory=os.path.join(os.path.dirname(__file__),
+                                                      'resources'))
+        f = baker.make('libretimeapi.File',
+                       directory=music_dir,
+                       mime='audio/mp3',
+                       filepath='song.mp3')
+        path = self.path.format(id=str(f.pk))
+        self.client.credentials(HTTP_AUTHORIZATION='Api-Key {}'.format(self.token))
+        response = self.client.get(path)
+        self.assertEqual(response.status_code, 200)