/files: make tests more robust
This commit is contained in:
parent
f97cfbbe33
commit
30899847fb
@ -1,6 +1,6 @@
|
||||
from flask import Blueprint, request, jsonify
|
||||
from flask.views import MethodView
|
||||
from sachet.server.models import ServerSettings, Permissions
|
||||
from sachet.server.models import ServerSettings, get_settings, Permissions
|
||||
from sachet.server import db
|
||||
from sachet.server.views_common import auth_required, ModelAPI
|
||||
|
||||
@ -9,28 +9,19 @@ admin_blueprint = Blueprint("admin_blueprint", __name__)
|
||||
|
||||
|
||||
class ServerSettingsAPI(ModelAPI):
|
||||
def get_settings(self):
|
||||
rows = ServerSettings.query.all()
|
||||
if len(rows) == 0:
|
||||
settings = ServerSettings()
|
||||
db.session.add(settings)
|
||||
db.session.commit()
|
||||
return settings
|
||||
return rows[-1]
|
||||
|
||||
@auth_required(required_permissions=(Permissions.ADMIN,))
|
||||
def get(self, auth_user=None):
|
||||
settings = self.get_settings()
|
||||
settings = get_settings()
|
||||
return super().get(settings)
|
||||
|
||||
@auth_required(required_permissions=(Permissions.ADMIN,))
|
||||
def patch(self, auth_user=None):
|
||||
settings = self.get_settings()
|
||||
settings = get_settings()
|
||||
return super().patch(settings)
|
||||
|
||||
@auth_required(required_permissions=(Permissions.ADMIN,))
|
||||
def put(self, auth_user=None):
|
||||
settings = self.get_settings()
|
||||
settings = get_settings()
|
||||
return super().put(settings)
|
||||
|
||||
|
||||
|
@ -192,6 +192,17 @@ class ServerSettings(db.Model):
|
||||
return Schema()
|
||||
|
||||
|
||||
def get_settings():
|
||||
"""Return server settings, and create them if they don't exist."""
|
||||
rows = ServerSettings.query.all()
|
||||
if len(rows) == 0:
|
||||
settings = ServerSettings()
|
||||
db.session.add(settings)
|
||||
db.session.commit()
|
||||
return settings
|
||||
return rows[-1]
|
||||
|
||||
|
||||
class Share(db.Model):
|
||||
"""Share for a single file.
|
||||
|
||||
|
@ -1,6 +1,6 @@
|
||||
from flask import request, jsonify
|
||||
from flask.views import MethodView
|
||||
from sachet.server.models import Permissions, User, BlacklistToken, ServerSettings
|
||||
from sachet.server.models import Permissions, User, BlacklistToken, get_settings
|
||||
from sachet.server import db
|
||||
from functools import wraps
|
||||
from marshmallow import ValidationError
|
||||
@ -40,7 +40,7 @@ def auth_required(func=None, *, required_permissions=(), allow_anonymous=False):
|
||||
|
||||
if not token:
|
||||
if allow_anonymous:
|
||||
server_settings = ServerSettings.query.first()
|
||||
server_settings = get_settings()
|
||||
if (
|
||||
Bitmask(AllFlags=Permissions, *required_permissions)
|
||||
not in server_settings.default_permissions
|
||||
@ -52,7 +52,7 @@ def auth_required(func=None, *, required_permissions=(), allow_anonymous=False):
|
||||
"message": "Missing permissions to access this page.",
|
||||
}
|
||||
),
|
||||
403,
|
||||
401,
|
||||
)
|
||||
kwargs["auth_user"] = None
|
||||
return f(*args, **kwargs)
|
||||
@ -101,7 +101,6 @@ def auth_required(func=None, *, required_permissions=(), allow_anonymous=False):
|
||||
|
||||
def patch(orig, diff):
|
||||
"""Patch the dictionary orig recursively with the dictionary diff."""
|
||||
|
||||
# if we get to a leaf node, just replace it
|
||||
if not isinstance(orig, dict) or not isinstance(diff, dict):
|
||||
return diff
|
||||
@ -267,8 +266,14 @@ class ModelListAPI(MethodView):
|
||||
Number of next page (if this is not the last).
|
||||
"""
|
||||
json_data = request.get_json()
|
||||
try:
|
||||
per_page = int(json_data.get("per_page", 15))
|
||||
page = int(json_data.get("page", 1))
|
||||
except ValueError as e:
|
||||
return jsonify(dict(
|
||||
status="fail",
|
||||
message=str(e),
|
||||
)), 400
|
||||
|
||||
page_data = ModelClass.query.paginate(page=page, per_page=per_page)
|
||||
data = [model.get_schema().dump(model) for model in page_data]
|
||||
|
@ -70,6 +70,12 @@ def test_files(client, auth, rand):
|
||||
url,
|
||||
json={"file_name": "new_bin.bin"},
|
||||
)
|
||||
# set read perm for anon users
|
||||
resp = client.patch(
|
||||
"/admin/settings",
|
||||
headers=auth("administrator"),
|
||||
json={"default_permissions": ["READ"]},
|
||||
)
|
||||
assert resp.status_code == 200
|
||||
resp = client.get(
|
||||
url + "/content",
|
||||
@ -110,6 +116,13 @@ def test_files(client, auth, rand):
|
||||
)
|
||||
assert resp.status_code == 200
|
||||
|
||||
# set delete perm for anon users
|
||||
resp = client.patch(
|
||||
"/admin/settings",
|
||||
headers=auth("administrator"),
|
||||
json={"default_permissions": ["READ"]},
|
||||
)
|
||||
assert resp.status_code == 200
|
||||
# file shouldn't exist anymore
|
||||
resp = client.get(
|
||||
url + "/content",
|
||||
|
@ -75,3 +75,12 @@ def test_files(client, users, auth):
|
||||
|
||||
end_page = paginate(forwards=True)
|
||||
paginate(forwards=False, page=end_page)
|
||||
|
||||
|
||||
def test_invalid(client, auth):
|
||||
"""Test invalid requests to pagination."""
|
||||
|
||||
resp = client.get(
|
||||
"/files", headers=auth("jeff"), json=dict(page="one", per_page="two")
|
||||
)
|
||||
assert resp.status_code == 400
|
||||
|
Loading…
Reference in New Issue
Block a user