seahub/tests/api/endpoints/test_upload_links.py

# -*- coding: utf-8 -*-
import json
from mock import patch

from django.core.urlresolvers import reverse

from tests.common.utils import upload_file_test, randstring

from seaserv import seafile_api

from seahub.test_utils import BaseTestCase
from seahub.share.models import UploadLinkShare
from seahub.api2.permissions import CanGenerateUploadLink

try:
    from seahub.settings import LOCAL_PRO_DEV_ENV
except ImportError:
    LOCAL_PRO_DEV_ENV = False

class UploadLinksTest(BaseTestCase):

    def setUp(self):
        self.user_name = self.user.username
        self.admin_name = self.admin.username
        self.repo_id = self.repo.id
        self.folder_path= self.folder
        self.url = reverse('api-v2.1-upload-links')

    def tearDown(self):
        self.remove_repo()

    def _add_upload_link(self):
        upload_link = UploadLinkShare.objects.create_upload_link_share(self.user_name,
            self.repo_id, self.folder_path, None, None)

        return upload_link.token

    def _remove_upload_link(self, token):
        link = UploadLinkShare.objects.get(token=token)
        link.delete()

    def test_get_upload_link(self):
        self.login_as(self.user)
        token = self._add_upload_link()

        resp = self.client.get(self.url + '?path=' + self.folder_path + '&repo_id=' + self.repo_id)
        self.assertEqual(200, resp.status_code)

        json_resp = json.loads(resp.content)

        assert json_resp[0]['link'] is not None
        assert json_resp[0]['token'] is not None

        assert token in json_resp[0]['link']
        assert 'u/d' in json_resp[0]['link']

        assert token == json_resp[0]['token']

        self._remove_upload_link(token)

    @patch.object(CanGenerateUploadLink, 'has_permission')
    def test_get_link_with_invalid_user_role_permission(self, mock_has_permission):
        self.login_as(self.user)
        mock_has_permission.return_value = False

        resp = self.client.get(self.url)
        self.assertEqual(403, resp.status_code)

    def test_create_upload_link(self):
        self.login_as(self.user)

        resp = self.client.post(self.url, {'path': self.folder_path, 'repo_id': self.repo_id})
        self.assertEqual(200, resp.status_code)

        json_resp = json.loads(resp.content)
        assert json_resp['link'] is not None
        assert json_resp['token'] is not None

        assert json_resp['token'] in json_resp['link']
        assert 'u/d' in json_resp['link']

        self._remove_upload_link(json_resp['token'])

    @patch.object(CanGenerateUploadLink, 'has_permission')
    def test_create_link_with_invalid_user_role_permission(self, mock_has_permission):
        self.login_as(self.user)
        mock_has_permission.return_value = False

        resp = self.client.post(self.url, {'path': self.folder_path, 'repo_id': self.repo_id})
        self.assertEqual(403, resp.status_code)

    def test_create_link_with_rw_permission_folder(self):

        if not LOCAL_PRO_DEV_ENV:
            return

        self.set_user_folder_rw_permission_to_admin()

        # login with admin to create upload link in user's repo
        self.login_as(self.admin)

        data = {'path': self.folder_path, 'repo_id': self.repo_id}
        resp = self.client.post(self.url, data)
        self.assertEqual(200, resp.status_code)

    def test_create_link_with_rw_permission_folder_in_group(self):

        self.share_repo_to_group_with_rw_permission()
        self.add_admin_to_group()

        # login with admin to create upload link in user's repo
        self.login_as(self.admin)

        data = {'path': self.folder_path, 'repo_id': self.repo_id}
        resp = self.client.post(self.url, data)
        self.assertEqual(200, resp.status_code)

    def test_can_not_create_link_with_r_permission_folder(self):

        if not LOCAL_PRO_DEV_ENV:
            return

        self.set_user_folder_r_permission_to_admin()

        # login with admin to create upload link in user's repo
        self.login_as(self.admin)

        data = {'path': self.folder_path, 'repo_id': self.repo_id}
        resp = self.client.post(self.url, data)
        self.assertEqual(403, resp.status_code)

    def test_can_not_create_link_with_r_permission_folder_in_group(self):

        self.share_repo_to_group_with_r_permission()
        self.add_admin_to_group()

        # login with admin to create upload link in user's repo
        self.login_as(self.admin)

        data = {'path': self.folder_path, 'repo_id': self.repo_id}
        resp = self.client.post(self.url, data)
        self.assertEqual(403, resp.status_code)

    def test_delete_upload_link(self):
        self.login_as(self.user)
        token = self._add_upload_link()

        url = reverse('api-v2.1-upload-link', args=[token])
        resp = self.client.delete(url, {}, 'application/x-www-form-urlencoded')
        self.assertEqual(200, resp.status_code)

        json_resp = json.loads(resp.content)
        assert json_resp['success'] is True

    @patch.object(CanGenerateUploadLink, 'has_permission')
    def test_delete_link_with_invalid_user_role_permission(self, mock_has_permission):
        token = self._add_upload_link()

        self.login_as(self.user)
        mock_has_permission.return_value = False

        url = reverse('api-v2.1-upload-link', args=[token])
        resp = self.client.delete(url, {}, 'application/x-www-form-urlencoded')
        self.assertEqual(403, resp.status_code)

    def test_delete_link_if_not_owner(self):
        self.login_as(self.admin)
        token = self._add_upload_link()

        url = reverse('api-v2.1-upload-link', args=[token])
        resp = self.client.delete(url, {}, 'application/x-www-form-urlencoded')
        self.assertEqual(403, resp.status_code)


class UploadLinkUploadTest(BaseTestCase):

    def setUp(self):

        self.user_name = self.user.username
        self.admin_name = self.admin.username
        self.repo_id = self.repo.id
        self.folder_path= self.folder
        self.invalid_token = '00000000000000000000'

    def _add_upload_link(self, password=None):

        fs = UploadLinkShare.objects.create_upload_link_share(
                self.user_name, self.repo_id, self.folder_path, password, None)

        return fs.token

    def _remove_upload_link(self, token):

        link = UploadLinkShare.objects.get(token=token)
        link.delete()

    def test_get_upload_link(self):

        token = self._add_upload_link()

        url = reverse('api-v2.1-upload-link-upload', args=[token])
        resp = self.client.get(url)

        self.assertEqual(200, resp.status_code)
        json_resp = json.loads(resp.content)
        assert '8082' in json_resp['upload_link']
        assert 'upload' in json_resp['upload_link']

        # test upload file via `upload_link`
        upload_file_test(json_resp['upload_link'])

        self._remove_upload_link(token)

    def test_can_not_get_upload_link_with_invalid_token(self):

        url = reverse('api-v2.1-upload-link-upload',
                args=[self.invalid_token])

        resp = self.client.get(url)
        self.assertEqual(404, resp.status_code)

    def test_can_not_get_upload_link_for_encrypted_upload_link_share(self):

        token = self._add_upload_link(password=randstring(10))
        url = reverse('api-v2.1-upload-link-upload', args=[token])
        resp = self.client.get(url)
        self.assertEqual(403, resp.status_code)

    def test_can_not_get_upload_link_with_invalid_creator_repo_permission(self):

        # user share repo to admin
        seafile_api.share_repo(self.repo_id, self.user_name, self.admin_name, 'rw')

        # admin create upload link
        upload_link = UploadLinkShare.objects.create_upload_link_share(
                self.admin_name, self.repo_id, '/', None, None)
        token = upload_link.token

        # can get url for upload file
        url = reverse('api-v2.1-upload-link-upload', args=[token])
        resp = self.client.get(url)
        self.assertEqual(200, resp.status_code)

        # user unshare repo
        seafile_api.remove_share(self.repo_id, self.user_name, self.admin_name)

        # can not get url for upload file
        url = reverse('api-v2.1-upload-link-upload', args=[token])
        resp = self.client.get(url)
        self.assertEqual(403, resp.status_code)
[api-v2.1] add file share/upload links api 2016-02-26 09:59:05 +00:00			`# -- coding: utf-8 --`
			`import json`
			`from mock import patch`

			`from django.core.urlresolvers import reverse`
add api for upload file via upload link token 2018-02-08 06:06:02 +00:00
			`from tests.common.utils import upload_file_test, randstring`

update permission when user download/upload link add repo access permission check for share link creator 2018-03-01 08:01:20 +00:00			`from seaserv import seafile_api`

[api-v2.1] add file share/upload links api 2016-02-26 09:59:05 +00:00			`from seahub.test_utils import BaseTestCase`
			`from seahub.share.models import UploadLinkShare`
update user permission 1. update user generate share/upload link permission 2. update user connect iso/android/desktop clients permission 2016-08-22 03:20:08 +00:00			`from seahub.api2.permissions import CanGenerateUploadLink`
[api-v2.1] add file share/upload links api 2016-02-26 09:59:05 +00:00
new share admin page (#1233) 2016-06-30 07:06:43 +00:00			`try:`
			`from seahub.settings import LOCAL_PRO_DEV_ENV`
			`except ImportError:`
			`LOCAL_PRO_DEV_ENV = False`

[api-v2.1] add file share/upload links api 2016-02-26 09:59:05 +00:00			`class UploadLinksTest(BaseTestCase):`

			`def setUp(self):`
update permission when user download/upload link add repo access permission check for share link creator 2018-03-01 08:01:20 +00:00			`self.user_name = self.user.username`
			`self.admin_name = self.admin.username`
[api-v2.1] add file share/upload links api 2016-02-26 09:59:05 +00:00			`self.repo_id = self.repo.id`
			`self.folder_path= self.folder`
			`self.url = reverse('api-v2.1-upload-links')`

			`def tearDown(self):`
			`self.remove_repo()`

			`def _add_upload_link(self):`
update permission when user download/upload link add repo access permission check for share link creator 2018-03-01 08:01:20 +00:00			`upload_link = UploadLinkShare.objects.create_upload_link_share(self.user_name,`
			`self.repo_id, self.folder_path, None, None)`
[api-v2.1] add file share/upload links api 2016-02-26 09:59:05 +00:00
			`return upload_link.token`

			`def _remove_upload_link(self, token):`
			`link = UploadLinkShare.objects.get(token=token)`
			`link.delete()`

			`def test_get_upload_link(self):`
			`self.login_as(self.user)`
			`token = self._add_upload_link()`

			`resp = self.client.get(self.url + '?path=' + self.folder_path + '&repo_id=' + self.repo_id)`
			`self.assertEqual(200, resp.status_code)`

			`json_resp = json.loads(resp.content)`

update share/upload link test 2016-07-01 09:06:27 +00:00			`assert json_resp[0]['link'] is not None`
			`assert json_resp[0]['token'] is not None`
[api-v2.1] add file share/upload links api 2016-02-26 09:59:05 +00:00
update share/upload link test 2016-07-01 09:06:27 +00:00			`assert token in json_resp[0]['link']`
			`assert 'u/d' in json_resp[0]['link']`
[api-v2.1] add file share/upload links api 2016-02-26 09:59:05 +00:00
update share/upload link test 2016-07-01 09:06:27 +00:00			`assert token == json_resp[0]['token']`
[api-v2.1] add file share/upload links api 2016-02-26 09:59:05 +00:00
			`self._remove_upload_link(token)`

update user permission 1. update user generate share/upload link permission 2. update user connect iso/android/desktop clients permission 2016-08-22 03:20:08 +00:00			`@patch.object(CanGenerateUploadLink, 'has_permission')`
			`def test_get_link_with_invalid_user_role_permission(self, mock_has_permission):`
new share admin page (#1233) 2016-06-30 07:06:43 +00:00			`self.login_as(self.user)`
update user permission 1. update user generate share/upload link permission 2. update user connect iso/android/desktop clients permission 2016-08-22 03:20:08 +00:00			`mock_has_permission.return_value = False`
new share admin page (#1233) 2016-06-30 07:06:43 +00:00
			`resp = self.client.get(self.url)`
			`self.assertEqual(403, resp.status_code)`

[api-v2.1] add file share/upload links api 2016-02-26 09:59:05 +00:00			`def test_create_upload_link(self):`
			`self.login_as(self.user)`

			`resp = self.client.post(self.url, {'path': self.folder_path, 'repo_id': self.repo_id})`
			`self.assertEqual(200, resp.status_code)`

			`json_resp = json.loads(resp.content)`
			`assert json_resp['link'] is not None`
			`assert json_resp['token'] is not None`

			`assert json_resp['token'] in json_resp['link']`
			`assert 'u/d' in json_resp['link']`

			`self._remove_upload_link(json_resp['token'])`

update user permission 1. update user generate share/upload link permission 2. update user connect iso/android/desktop clients permission 2016-08-22 03:20:08 +00:00			`@patch.object(CanGenerateUploadLink, 'has_permission')`
			`def test_create_link_with_invalid_user_role_permission(self, mock_has_permission):`
[api-v2.1] add file share/upload links api 2016-02-26 09:59:05 +00:00			`self.login_as(self.user)`
update user permission 1. update user generate share/upload link permission 2. update user connect iso/android/desktop clients permission 2016-08-22 03:20:08 +00:00			`mock_has_permission.return_value = False`
[api-v2.1] add file share/upload links api 2016-02-26 09:59:05 +00:00
new share admin page (#1233) 2016-06-30 07:06:43 +00:00			`resp = self.client.post(self.url, {'path': self.folder_path, 'repo_id': self.repo_id})`
			`self.assertEqual(403, resp.status_code)`
[api-v2.1] add file share/upload links api 2016-02-26 09:59:05 +00:00
new share admin page (#1233) 2016-06-30 07:06:43 +00:00			`def test_create_link_with_rw_permission_folder(self):`

			`if not LOCAL_PRO_DEV_ENV:`
			`return`

			`self.set_user_folder_rw_permission_to_admin()`
[api-v2.1] add file share/upload links api 2016-02-26 09:59:05 +00:00
new share admin page (#1233) 2016-06-30 07:06:43 +00:00			`# login with admin to create upload link in user's repo`
[api-v2.1] add file share/upload links api 2016-02-26 09:59:05 +00:00			`self.login_as(self.admin)`

new share admin page (#1233) 2016-06-30 07:06:43 +00:00			`data = {'path': self.folder_path, 'repo_id': self.repo_id}`
			`resp = self.client.post(self.url, data)`
			`self.assertEqual(200, resp.status_code)`
[api-v2.1] add file share/upload links api 2016-02-26 09:59:05 +00:00
new share admin page (#1233) 2016-06-30 07:06:43 +00:00			`def test_create_link_with_rw_permission_folder_in_group(self):`
[api-v2.1] add file share/upload links api 2016-02-26 09:59:05 +00:00
new share admin page (#1233) 2016-06-30 07:06:43 +00:00			`self.share_repo_to_group_with_rw_permission()`
			`self.add_admin_to_group()`
[api-v2.1] add file share/upload links api 2016-02-26 09:59:05 +00:00
new share admin page (#1233) 2016-06-30 07:06:43 +00:00			`# login with admin to create upload link in user's repo`
			`self.login_as(self.admin)`
[api-v2.1] add file share/upload links api 2016-02-26 09:59:05 +00:00
new share admin page (#1233) 2016-06-30 07:06:43 +00:00			`data = {'path': self.folder_path, 'repo_id': self.repo_id}`
			`resp = self.client.post(self.url, data)`
			`self.assertEqual(200, resp.status_code)`

			`def test_can_not_create_link_with_r_permission_folder(self):`

			`if not LOCAL_PRO_DEV_ENV:`
			`return`
update permission check of share/upload link 2016-05-30 02:52:58 +00:00
new share admin page (#1233) 2016-06-30 07:06:43 +00:00			`self.set_user_folder_r_permission_to_admin()`

			`# login with admin to create upload link in user's repo`
update permission check of share/upload link 2016-05-30 02:52:58 +00:00			`self.login_as(self.admin)`

new share admin page (#1233) 2016-06-30 07:06:43 +00:00			`data = {'path': self.folder_path, 'repo_id': self.repo_id}`
			`resp = self.client.post(self.url, data)`
update permission check of share/upload link 2016-05-30 02:52:58 +00:00			`self.assertEqual(403, resp.status_code)`

new share admin page (#1233) 2016-06-30 07:06:43 +00:00			`def test_can_not_create_link_with_r_permission_folder_in_group(self):`

			`self.share_repo_to_group_with_r_permission()`
			`self.add_admin_to_group()`

			`# login with admin to create upload link in user's repo`
			`self.login_as(self.admin)`

update permission check of share/upload link 2016-05-30 02:52:58 +00:00			`data = {'path': self.folder_path, 'repo_id': self.repo_id}`
			`resp = self.client.post(self.url, data)`
			`self.assertEqual(403, resp.status_code)`

new share admin page (#1233) 2016-06-30 07:06:43 +00:00			`def test_delete_upload_link(self):`
			`self.login_as(self.user)`
			`token = self._add_upload_link()`

			`url = reverse('api-v2.1-upload-link', args=[token])`
			`resp = self.client.delete(url, {}, 'application/x-www-form-urlencoded')`
			`self.assertEqual(200, resp.status_code)`

			`json_resp = json.loads(resp.content)`
			`assert json_resp['success'] is True`

update user permission 1. update user generate share/upload link permission 2. update user connect iso/android/desktop clients permission 2016-08-22 03:20:08 +00:00			`@patch.object(CanGenerateUploadLink, 'has_permission')`
			`def test_delete_link_with_invalid_user_role_permission(self, mock_has_permission):`
[api-v2.1] add file share/upload links api 2016-02-26 09:59:05 +00:00			`token = self._add_upload_link()`
new share admin page (#1233) 2016-06-30 07:06:43 +00:00
			`self.login_as(self.user)`
update user permission 1. update user generate share/upload link permission 2. update user connect iso/android/desktop clients permission 2016-08-22 03:20:08 +00:00			`mock_has_permission.return_value = False`
new share admin page (#1233) 2016-06-30 07:06:43 +00:00
			`url = reverse('api-v2.1-upload-link', args=[token])`
			`resp = self.client.delete(url, {}, 'application/x-www-form-urlencoded')`
			`self.assertEqual(403, resp.status_code)`

			`def test_delete_link_if_not_owner(self):`
			`self.login_as(self.admin)`
			`token = self._add_upload_link()`

[api-v2.1] add file share/upload links api 2016-02-26 09:59:05 +00:00			`url = reverse('api-v2.1-upload-link', args=[token])`
			`resp = self.client.delete(url, {}, 'application/x-www-form-urlencoded')`
			`self.assertEqual(403, resp.status_code)`
add api for upload file via upload link token 2018-02-08 06:06:02 +00:00

			`class UploadLinkUploadTest(BaseTestCase):`

			`def setUp(self):`

update permission when user download/upload link add repo access permission check for share link creator 2018-03-01 08:01:20 +00:00			`self.user_name = self.user.username`
			`self.admin_name = self.admin.username`
add api for upload file via upload link token 2018-02-08 06:06:02 +00:00			`self.repo_id = self.repo.id`
			`self.folder_path= self.folder`
			`self.invalid_token = '00000000000000000000'`

			`def _add_upload_link(self, password=None):`

			`fs = UploadLinkShare.objects.create_upload_link_share(`
update permission when user download/upload link add repo access permission check for share link creator 2018-03-01 08:01:20 +00:00			`self.user_name, self.repo_id, self.folder_path, password, None)`
add api for upload file via upload link token 2018-02-08 06:06:02 +00:00
			`return fs.token`

			`def _remove_upload_link(self, token):`

			`link = UploadLinkShare.objects.get(token=token)`
			`link.delete()`

			`def test_get_upload_link(self):`

			`token = self._add_upload_link()`

			`url = reverse('api-v2.1-upload-link-upload', args=[token])`
			`resp = self.client.get(url)`

			`self.assertEqual(200, resp.status_code)`
			`json_resp = json.loads(resp.content)`
			`assert '8082' in json_resp['upload_link']`
			`assert 'upload' in json_resp['upload_link']`

			# test upload file via `upload_link`
			`upload_file_test(json_resp['upload_link'])`

			`self._remove_upload_link(token)`

			`def test_can_not_get_upload_link_with_invalid_token(self):`

			`url = reverse('api-v2.1-upload-link-upload',`
			`args=[self.invalid_token])`

			`resp = self.client.get(url)`
			`self.assertEqual(404, resp.status_code)`

			`def test_can_not_get_upload_link_for_encrypted_upload_link_share(self):`

			`token = self._add_upload_link(password=randstring(10))`
			`url = reverse('api-v2.1-upload-link-upload', args=[token])`
			`resp = self.client.get(url)`
			`self.assertEqual(403, resp.status_code)`
update permission when user download/upload link add repo access permission check for share link creator 2018-03-01 08:01:20 +00:00
			`def test_can_not_get_upload_link_with_invalid_creator_repo_permission(self):`

			`# user share repo to admin`
			`seafile_api.share_repo(self.repo_id, self.user_name, self.admin_name, 'rw')`

			`# admin create upload link`
			`upload_link = UploadLinkShare.objects.create_upload_link_share(`
			`self.admin_name, self.repo_id, '/', None, None)`
			`token = upload_link.token`

			`# can get url for upload file`
			`url = reverse('api-v2.1-upload-link-upload', args=[token])`
			`resp = self.client.get(url)`
			`self.assertEqual(200, resp.status_code)`

			`# user unshare repo`
			`seafile_api.remove_share(self.repo_id, self.user_name, self.admin_name)`

			`# can not get url for upload file`
			`url = reverse('api-v2.1-upload-link-upload', args=[token])`
			`resp = self.client.get(url)`
			`self.assertEqual(403, resp.status_code)`