/files/<uuid>: fix ownership transfers
This commit is contained in:
parent
bc2c14e52f
commit
14734446ba
GPG Key ID:
7225FE3592EFFA38
@ -2,7 +2,7 @@ import uuid
|
|||||||
import io
|
import io
|
||||||
from flask import Blueprint, request, jsonify, send_file, make_response
|
from flask import Blueprint, request, jsonify, send_file, make_response
|
||||||
from flask.views import MethodView
|
from flask.views import MethodView
|
||||||
from sachet.server.models import Share, Permissions, Upload, Chunk
|
from sachet.server.models import Share, Permissions, Upload, Chunk, User
|
||||||
from sachet.server.views_common import ModelAPI, ModelListAPI, auth_required
|
from sachet.server.views_common import ModelAPI, ModelListAPI, auth_required
|
||||||
from sachet.server import storage, db
|
from sachet.server import storage, db
|
||||||
|
|
||||||
@ -28,6 +28,18 @@ class FilesMetadataAPI(ModelAPI):
|
|||||||
),
|
),
|
||||||
403,
|
403,
|
||||||
)
|
)
|
||||||
|
owner_name = request.get_json().get("owner_name")
|
||||||
|
if owner_name is not None:
|
||||||
|
if User.query.filter_by(username=owner_name).first() is None:
|
||||||
|
return (
|
||||||
|
jsonify(
|
||||||
|
{
|
||||||
|
"status": "fail",
|
||||||
|
"message": f"Invalid value for `owner_name`: {owner_name}",
|
||||||
|
}
|
||||||
|
),
|
||||||
|
400,
|
||||||
|
)
|
||||||
if share.locked:
|
if share.locked:
|
||||||
return jsonify({"status": "fail", "message": "This share is locked."}), 423
|
return jsonify({"status": "fail", "message": "This share is locked."}), 423
|
||||||
return super().patch(share)
|
return super().patch(share)
|
||||||
@ -45,6 +57,18 @@ class FilesMetadataAPI(ModelAPI):
|
|||||||
),
|
),
|
||||||
403,
|
403,
|
||||||
)
|
)
|
||||||
|
owner_name = request.get_json().get("owner_name")
|
||||||
|
if owner_name is not None:
|
||||||
|
if User.query.filter_by(username=owner_name).first() is None:
|
||||||
|
return (
|
||||||
|
jsonify(
|
||||||
|
{
|
||||||
|
"status": "fail",
|
||||||
|
"message": f"Invalid value for `owner_name`: {owner_name}",
|
||||||
|
}
|
||||||
|
),
|
||||||
|
400,
|
||||||
|
)
|
||||||
if share.locked:
|
if share.locked:
|
||||||
return jsonify({"status": "fail", "message": "This share is locked."}), 423
|
return jsonify({"status": "fail", "message": "This share is locked."}), 423
|
||||||
return super().put(share)
|
return super().put(share)
|
||||||
|
|||||||
@ -105,6 +105,42 @@ class TestSuite:
|
|||||||
assert resp.data == new_data
|
assert resp.data == new_data
|
||||||
assert "filename=new_bin.bin" in resp.headers["Content-Disposition"].split("; ")
|
assert "filename=new_bin.bin" in resp.headers["Content-Disposition"].split("; ")
|
||||||
|
|
||||||
|
def test_transfer(self, client, users, auth):
|
||||||
|
# create share
|
||||||
|
resp = client.post(
|
||||||
|
"/files", headers=auth("jeff"), json={"file_name": "content.bin"}
|
||||||
|
)
|
||||||
|
data = resp.get_json()
|
||||||
|
url = data.get("url")
|
||||||
|
|
||||||
|
# transfer ownership over to dave
|
||||||
|
resp = client.patch(url, headers=auth("jeff"), json={"owner_name": "dave"})
|
||||||
|
assert resp.status_code == 200
|
||||||
|
|
||||||
|
# ensure the transfer worked
|
||||||
|
resp = client.patch(
|
||||||
|
url, headers=auth("jeff"), json={"file_name": "jeff's file"}
|
||||||
|
)
|
||||||
|
assert resp.status_code == 403
|
||||||
|
resp = client.patch(
|
||||||
|
url, headers=auth("dave"), json={"file_name": "dave's file"}
|
||||||
|
)
|
||||||
|
assert resp.status_code == 200
|
||||||
|
|
||||||
|
# transfer ownership back to jeff
|
||||||
|
resp = client.patch(url, headers=auth("dave"), json={"owner_name": "jeff"})
|
||||||
|
assert resp.status_code == 200
|
||||||
|
|
||||||
|
# ensure the transfer worked
|
||||||
|
resp = client.patch(
|
||||||
|
url, headers=auth("dave"), json={"file_name": "dave's epic file"}
|
||||||
|
)
|
||||||
|
assert resp.status_code == 403
|
||||||
|
resp = client.patch(
|
||||||
|
url, headers=auth("jeff"), json={"file_name": "jeff's file"}
|
||||||
|
)
|
||||||
|
assert resp.status_code == 200
|
||||||
|
|
||||||
def test_invalid(self, client, users, auth, rand, upload):
|
def test_invalid(self, client, users, auth, rand, upload):
|
||||||
"""Test invalid requests."""
|
"""Test invalid requests."""
|
||||||
|
|
||||||
@ -183,18 +219,22 @@ class TestSuite:
|
|||||||
)
|
)
|
||||||
assert resp.status_code == 403
|
assert resp.status_code == 403
|
||||||
resp = client.patch(
|
resp = client.patch(
|
||||||
url,
|
url, headers=auth("dave"), json=dict(file_name="epic_new_filename.bin")
|
||||||
headers=auth("dave"),
|
|
||||||
json=dict(file_name="epic_new_filename.bin")
|
|
||||||
)
|
)
|
||||||
assert resp.status_code == 403
|
assert resp.status_code == 403
|
||||||
resp = client.put(
|
resp = client.put(
|
||||||
url,
|
url,
|
||||||
headers=auth("dave"),
|
headers=auth("dave"),
|
||||||
json=dict(file_name="epic_new_filename.bin", owner_name="dave")
|
json=dict(file_name="epic_new_filename.bin", owner_name="dave"),
|
||||||
)
|
)
|
||||||
assert resp.status_code == 403
|
assert resp.status_code == 403
|
||||||
|
|
||||||
|
# test assigning a file to a non-existent user
|
||||||
|
resp = client.patch(
|
||||||
|
url, headers=auth("jeff"), json=dict(owner_name="non_existent_user")
|
||||||
|
)
|
||||||
|
assert resp.status_code == 400
|
||||||
|
|
||||||
# test not allowing re-upload
|
# test not allowing re-upload
|
||||||
resp = upload(
|
resp = upload(
|
||||||
url + "/content",
|
url + "/content",
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user