studio/docs
Archived
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

🛂(backend) stop to list public doc to everyone

Browse Source 
Everybody could see the full list of public docs.
Now only members can see their public docs.
They can still access to any specific public doc.
This commit is contained in:
Anthony LC
2024-09-06 16:12:02 +02:00
committed by Samuel Paccoud
parent b716881d50
commit 140a630a6e
22 changed files with 290 additions and 291 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
src/backend/core/tests/templates/test_api_templates_delete.py
View File

@@ -49,7 +49,7 @@ def test_api_templates_delete_authenticated_unrelated():
@pytest.mark.parametrize("role", ["reader", "editor", "administrator"])
@pytest.mark.parametrize("via", VIA)
def test_api_templates_delete_authenticated_member_or_administrator(
via, role, mock_user_get_teams
via, role, mock_user_teams
):
"""
Authenticated users should not be allowed to delete a template for which they are
@@ -64,7 +64,7 @@ def test_api_templates_delete_authenticated_member_or_administrator(
if via == USER:
factories.UserTemplateAccessFactory(template=template, user=user, role=role)
elif via == TEAM:
mock_user_get_teams.return_value = ["lasuite", "unknown"]
mock_user_teams.return_value = ["lasuite", "unknown"]
factories.TeamTemplateAccessFactory(
template=template, team="lasuite", role=role
)
@@ -81,7 +81,7 @@ def test_api_templates_delete_authenticated_member_or_administrator(
@pytest.mark.parametrize("via", VIA)
def test_api_templates_delete_authenticated_owner(via, mock_user_get_teams):
def test_api_templates_delete_authenticated_owner(via, mock_user_teams):
"""
Authenticated users should be able to delete a template they own.
"""
@@ -94,7 +94,7 @@ def test_api_templates_delete_authenticated_owner(via, mock_user_get_teams):
if via == USER:
factories.UserTemplateAccessFactory(template=template, user=user, role="owner")
elif via == TEAM:
mock_user_get_teams.return_value = ["lasuite", "unknown"]
mock_user_teams.return_value = ["lasuite", "unknown"]
factories.TeamTemplateAccessFactory(
template=template, team="lasuite", role="owner"
)

10
src/backend/core/tests/templates/test_api_templates_generate_document.py
View File

@@ -87,12 +87,14 @@ def test_api_templates_generate_document_authenticated_not_public():
format="json",
)
assert response.status_code == 404
assert response.json() == {"detail": "No Template matches the given query."}
assert response.status_code == 403
assert response.json() == {
"detail": "You do not have permission to perform this action."
}
@pytest.mark.parametrize("via", VIA)
def test_api_templates_generate_document_related(via, mock_user_get_teams):
def test_api_templates_generate_document_related(via, mock_user_teams):
"""Users related to a template can generate pdf document."""
user = factories.UserFactory()
@@ -102,7 +104,7 @@ def test_api_templates_generate_document_related(via, mock_user_get_teams):
if via == USER:
access = factories.UserTemplateAccessFactory(user=user)
elif via == TEAM:
mock_user_get_teams.return_value = ["lasuite", "unknown"]
mock_user_teams.return_value = ["lasuite", "unknown"]
access = factories.TeamTemplateAccessFactory(team="lasuite")
data = {"body": "# Test markdown body"}

67
src/backend/core/tests/templates/test_api_templates_list.py
View File

@@ -6,7 +6,6 @@ from unittest import mock
import pytest
from rest_framework.pagination import PageNumberPagination
from rest_framework.status import HTTP_200_OK
from rest_framework.test import APIClient
from core import factories
@@ -15,18 +14,15 @@ pytestmark = pytest.mark.django_db
def test_api_templates_list_anonymous():
"""Anonymous users should only be able to list public templates."""
"""Anonymous users should not be able to list templates, public or not."""
factories.TemplateFactory.create_batch(2, is_public=False)
templates = factories.TemplateFactory.create_batch(2, is_public=True)
expected_ids = {str(template.id) for template in templates}
factories.TemplateFactory.create_batch(2, is_public=True)
response = APIClient().get("/api/v1.0/templates/")
assert response.status_code == HTTP_200_OK
assert response.status_code == 200
results = response.json()["results"]
assert len(results) == 2
results_id = {result["id"] for result in results}
assert expected_ids == results_id
assert len(results) == 0
def test_api_templates_list_authenticated_direct():
@@ -43,25 +39,23 @@ def test_api_templates_list_authenticated_direct():
access.template
for access in factories.UserTemplateAccessFactory.create_batch(5, user=user)
]
public_templates = factories.TemplateFactory.create_batch(2, is_public=True)
factories.TemplateFactory.create_batch(2, is_public=True)
factories.TemplateFactory.create_batch(2, is_public=False)
expected_ids = {
str(template.id) for template in related_templates + public_templates
}
expected_ids = {str(template.id) for template in related_templates}
response = client.get(
"/api/v1.0/templates/",
)
assert response.status_code == HTTP_200_OK
assert response.status_code == 200
results = response.json()["results"]
assert len(results) == 7
assert len(results) == 5
results_id = {result["id"] for result in results}
assert expected_ids == results_id
def test_api_templates_list_authenticated_via_team(mock_user_get_teams):
def test_api_templates_list_authenticated_via_team(mock_user_teams):
"""
Authenticated users should be able to list templates they are a
owner/administrator/member of via a team.
@@ -71,7 +65,7 @@ def test_api_templates_list_authenticated_via_team(mock_user_get_teams):
client = APIClient()
client.force_login(user)
mock_user_get_teams.return_value = ["team1", "team2", "unknown"]
mock_user_teams.return_value = ["team1", "team2", "unknown"]
templates_team1 = [
access.template
@@ -81,19 +75,16 @@ def test_api_templates_list_authenticated_via_team(mock_user_get_teams):
access.template
for access in factories.TeamTemplateAccessFactory.create_batch(3, team="team2")
]
public_templates = factories.TemplateFactory.create_batch(2, is_public=True)
factories.TemplateFactory.create_batch(2, is_public=True)
factories.TemplateFactory.create_batch(2, is_public=False)
expected_ids = {
str(template.id)
for template in templates_team1 + templates_team2 + public_templates
}
expected_ids = {str(template.id) for template in templates_team1 + templates_team2}
response = client.get("/api/v1.0/templates/")
assert response.status_code == HTTP_200_OK
assert response.status_code == 200
results = response.json()["results"]
assert len(results) == 7
assert len(results) == 5
results_id = {result["id"] for result in results}
assert expected_ids == results_id
@@ -118,7 +109,7 @@ def test_api_templates_list_pagination(
"/api/v1.0/templates/",
)
assert response.status_code == HTTP_200_OK
assert response.status_code == 200
content = response.json()
assert content["count"] == 3
@@ -134,7 +125,7 @@ def test_api_templates_list_pagination(
"/api/v1.0/templates/?page=2",
)
assert response.status_code == HTTP_200_OK
assert response.status_code == 200
content = response.json()
assert content["count"] == 3
@@ -161,26 +152,24 @@ def test_api_templates_list_authenticated_distinct():
"/api/v1.0/templates/",
)
assert response.status_code == HTTP_200_OK
assert response.status_code == 200
content = response.json()
assert len(content["results"]) == 1
assert content["results"][0]["id"] == str(template.id)
def test_api_templates_order():
"""
Test that the endpoint GET templates is sorted in 'created_at' descending order by default.
"""
def test_api_templates_list_order_default():
"""The templates list should be sorted by 'created_at' in descending order by default."""
user = factories.UserFactory()
client = APIClient()
client.force_login(user)
template_ids = [
str(template.id)
for template in factories.TemplateFactory.create_batch(5, is_public=True)
str(access.template.id)
for access in factories.UserTemplateAccessFactory.create_batch(5, user=user)
]
response = APIClient().get(
response = client.get(
"/api/v1.0/templates/",
)
@@ -195,21 +184,21 @@ def test_api_templates_order():
), "created_at values are not sorted from newest to oldest"
def test_api_templates_order_param():
def test_api_templates_list_order_param():
"""
Test that the 'created_at' field is sorted in ascending order
when the 'ordering' query parameter is set.
The templates list is sorted by 'created_at' in ascending order when setting
the "ordering" query parameter.
"""
user = factories.UserFactory()
client = APIClient()
client.force_login(user)
templates_ids = [
str(template.id)
for template in factories.TemplateFactory.create_batch(5, is_public=True)
str(access.template.id)
for access in factories.UserTemplateAccessFactory.create_batch(5, user=user)
]
response = APIClient().get(
response = client.get(
"/api/v1.0/templates/?ordering=created_at",
)
assert response.status_code == 200

28
src/backend/core/tests/templates/test_api_templates_retrieve.py
View File

@@ -94,8 +94,10 @@ def test_api_templates_retrieve_authenticated_unrelated_not_public():
response = client.get(
f"/api/v1.0/templates/{template.id!s}/",
)
assert response.status_code == 404
assert response.json() == {"detail": "No Template matches the given query."}
assert response.status_code == 403
assert response.json() == {
"detail": "You do not have permission to perform this action."
}
def test_api_templates_retrieve_authenticated_related_direct():
@@ -146,12 +148,12 @@ def test_api_templates_retrieve_authenticated_related_direct():
}
def test_api_templates_retrieve_authenticated_related_team_none(mock_user_get_teams):
def test_api_templates_retrieve_authenticated_related_team_none(mock_user_teams):
"""
Authenticated users should not be able to retrieve a template related to teams in
which the user is not.
"""
mock_user_get_teams.return_value = []
mock_user_teams.return_value = []
user = factories.UserFactory()
@@ -174,8 +176,10 @@ def test_api_templates_retrieve_authenticated_related_team_none(mock_user_get_te
factories.TeamTemplateAccessFactory()
response = client.get(f"/api/v1.0/templates/{template.id!s}/")
assert response.status_code == 404
assert response.json() == {"detail": "No Template matches the given query."}
assert response.status_code == 403
assert response.json() == {
"detail": "You do not have permission to perform this action."
}
@pytest.mark.parametrize(
@@ -188,13 +192,13 @@ def test_api_templates_retrieve_authenticated_related_team_none(mock_user_get_te
],
)
def test_api_templates_retrieve_authenticated_related_team_readers_or_editors(
teams, mock_user_get_teams
teams, mock_user_teams
):
"""
Authenticated users should be allowed to retrieve a template to which they
are related via a team whatever the role and see all its accesses.
"""
mock_user_get_teams.return_value = teams
mock_user_teams.return_value = teams
user = factories.UserFactory()
@@ -287,13 +291,13 @@ def test_api_templates_retrieve_authenticated_related_team_readers_or_editors(
],
)
def test_api_templates_retrieve_authenticated_related_team_administrators(
teams, mock_user_get_teams
teams, mock_user_teams
):
"""
Authenticated users should be allowed to retrieve a template to which they
are related via a team whatever the role and see all its accesses.
"""
mock_user_get_teams.return_value = teams
mock_user_teams.return_value = teams
user = factories.UserFactory()
@@ -405,13 +409,13 @@ def test_api_templates_retrieve_authenticated_related_team_administrators(
],
)
def test_api_templates_retrieve_authenticated_related_team_owners(
teams, mock_user_get_teams
teams, mock_user_teams
):
"""
Authenticated users should be allowed to retrieve a template to which they
are related via a team whatever the role and see all its accesses.
"""
mock_user_get_teams.return_value = teams
mock_user_teams.return_value = teams
user = factories.UserFactory()

24
src/backend/core/tests/templates/test_api_templates_update.py
View File

@@ -58,8 +58,10 @@ def test_api_templates_update_authenticated_unrelated():
format="json",
)
assert response.status_code == 404
assert response.json() == {"detail": "No Template matches the given query."}
assert response.status_code == 403
assert response.json() == {
"detail": "You do not have permission to perform this action."
}
template.refresh_from_db()
template_values = serializers.TemplateSerializer(instance=template).data
@@ -67,7 +69,7 @@ def test_api_templates_update_authenticated_unrelated():
@pytest.mark.parametrize("via", VIA)
def test_api_templates_update_authenticated_readers(via, mock_user_get_teams):
def test_api_templates_update_authenticated_readers(via, mock_user_teams):
"""
Users who are readers of a template should not be allowed to update it.
"""
@@ -80,7 +82,7 @@ def test_api_templates_update_authenticated_readers(via, mock_user_get_teams):
if via == USER:
factories.UserTemplateAccessFactory(template=template, user=user, role="reader")
elif via == TEAM:
mock_user_get_teams.return_value = ["lasuite", "unknown"]
mock_user_teams.return_value = ["lasuite", "unknown"]
factories.TeamTemplateAccessFactory(
template=template, team="lasuite", role="reader"
)
@@ -109,7 +111,7 @@ def test_api_templates_update_authenticated_readers(via, mock_user_get_teams):
@pytest.mark.parametrize("role", ["editor", "administrator", "owner"])
@pytest.mark.parametrize("via", VIA)
def test_api_templates_update_authenticated_editor_or_administrator_or_owner(
via, role, mock_user_get_teams
via, role, mock_user_teams
):
"""Administrator or owner of a template should be allowed to update it."""
user = factories.UserFactory()
@@ -121,7 +123,7 @@ def test_api_templates_update_authenticated_editor_or_administrator_or_owner(
if via == USER:
factories.UserTemplateAccessFactory(template=template, user=user, role=role)
elif via == TEAM:
mock_user_get_teams.return_value = ["lasuite", "unknown"]
mock_user_teams.return_value = ["lasuite", "unknown"]
factories.TeamTemplateAccessFactory(
template=template, team="lasuite", role=role
)
@@ -148,7 +150,7 @@ def test_api_templates_update_authenticated_editor_or_administrator_or_owner(
@pytest.mark.parametrize("via", VIA)
def test_api_templates_update_authenticated_owners(via, mock_user_get_teams):
def test_api_templates_update_authenticated_owners(via, mock_user_teams):
"""Administrators of a template should be allowed to update it."""
user = factories.UserFactory()
@@ -159,7 +161,7 @@ def test_api_templates_update_authenticated_owners(via, mock_user_get_teams):
if via == USER:
factories.UserTemplateAccessFactory(template=template, user=user, role="owner")
elif via == TEAM:
mock_user_get_teams.return_value = ["lasuite", "unknown"]
mock_user_teams.return_value = ["lasuite", "unknown"]
factories.TeamTemplateAccessFactory(
template=template, team="lasuite", role="owner"
)
@@ -185,9 +187,7 @@ def test_api_templates_update_authenticated_owners(via, mock_user_get_teams):
@pytest.mark.parametrize("via", VIA)
def test_api_templates_update_administrator_or_owner_of_another(
via, mock_user_get_teams
):
def test_api_templates_update_administrator_or_owner_of_another(via, mock_user_teams):
"""
Being administrator or owner of a template should not grant authorization to update
another template.
@@ -203,7 +203,7 @@ def test_api_templates_update_administrator_or_owner_of_another(
template=template, user=user, role=random.choice(["administrator", "owner"])
)
elif via == TEAM:
mock_user_get_teams.return_value = ["lasuite", "unknown"]
mock_user_teams.return_value = ["lasuite", "unknown"]
factories.TeamTemplateAccessFactory(
template=template,
team="lasuite",