Merge branch '6.2'

tests/api/endpoints/admin/test_favicon.py

@@ -1,12 +1,18 @@
 import os
-from tests.api.apitestbase import ApiTestBase
+import json
 from tests.common.utils import urljoin
 from tests.common.common import BASE_URL
 from django.core.urlresolvers import reverse
 
+from seahub.test_utils import BaseTestCase
+from seahub.utils import PREVIEW_FILEEXT
+from seahub.utils.file_types import IMAGE
+from seahub.utils.error_msg import file_type_error_msg
 from seahub.settings import MEDIA_ROOT, CUSTOM_FAVICON_PATH
 
-class AdminFaviconTest(ApiTestBase):
+class AdminFaviconTest(BaseTestCase):
+    def setUp(self):
+        self.login_as(self.admin)
 
     def test_update_favicon(self):
 
@@ -17,18 +23,22 @@ class AdminFaviconTest(ApiTestBase):
         assert not os.path.exists(custom_symlink)
 
         # update user avatar
-        logo_url = reverse('api-v2.1-admin-logo')
+        logo_url = reverse('api-v2.1-admin-favicon')
         logo_url = urljoin(BASE_URL, logo_url)
         logo_file = os.path.join(os.getcwd(), 'media/img/seafile-logo.png')
 
         with open(logo_file) as f:
-            json_resp = self.admin_post(logo_url, files={'logo': f}).json()
+            resp = self.client.post(logo_url, {'favicon': f})
 
+        assert resp.status_code == 200
+        json_resp = json.loads(resp.content)
         assert json_resp['success'] == True
         assert os.path.exists(custom_symlink)
         assert os.path.islink(custom_symlink)
 
     def test_update_favicon_with_invalid_user_permission(self):
+        self.logout()
+        self.login_as(self.user)
 
         # update user avatar
         logo_url = reverse('api-v2.1-admin-favicon')
@@ -36,4 +46,19 @@ class AdminFaviconTest(ApiTestBase):
         logo_file = os.path.join(os.getcwd(), 'media/img/seafile-logo.png')
 
         with open(logo_file) as f:
-            json_resp = self.post(logo_url, files={'logo': f}, expected=403).json()
+            resp = self.client.post(logo_url, {'favicon': f})
+        assert resp.status_code == 403
+
+    def test_update_favicon_with_invalid_filetype(self):
+        with open('test.noico', 'w') as f:
+            f.write('hello')
+
+        logo_url = reverse('api-v2.1-admin-favicon')
+        logo_url = urljoin(BASE_URL, logo_url)
+        logo_file = os.path.join(os.getcwd(), 'test.noico')
+
+        with open(logo_file) as f:
+            resp = self.client.post(logo_url, {'favicon': f})
+        json_resp = json.loads(resp.content)
+        assert resp.status_code == 400
+        assert json_resp['error_msg'] == file_type_error_msg('noico', PREVIEW_FILEEXT.get(IMAGE))

tests/api/endpoints/admin/test_library_dirents.py

@@ -0,0 +1,451 @@
+import os
+import json
+from mock import patch
+
+from seaserv import seafile_api
+
+from django.core.urlresolvers import reverse
+from seahub.test_utils import BaseTestCase
+from tests.common.utils import randstring
+
+class LibraryDirentsTest(BaseTestCase):
+
+    def get_file_folder_num(self, repo_owner, repo_id, parent_dir):
+
+        dir_id = seafile_api.get_dir_id_by_path(repo_id, parent_dir)
+        dirents = seafile_api.list_dir_with_perm(
+                repo_id, parent_dir, dir_id, repo_owner, -1, -1)
+
+        return len(dirents)
+
+    def setUp(self):
+
+        self.user_name = self.user.username
+        self.admin_name = self.admin.username
+
+        self.repo_id = self.repo.id
+        self.repo_name = self.repo.repo_name
+
+        self.parent_dir = '/'
+        self.init_num = self.get_file_folder_num(self.user_name,
+                self.repo_id, self.parent_dir)
+
+        self.url = reverse('api-v2.1-admin-library-dirents', args=[self.repo_id])
+
+    def tearDown(self):
+
+        self.remove_repo()
+        self.remove_group()
+
+    @patch('seahub.api2.endpoints.admin.library_dirents.can_view_sys_admin_repo')
+    def test_can_get(self, mock_can_view_sys_admin_repo):
+
+        mock_can_view_sys_admin_repo.return_value = True
+
+        self.login_as(self.admin)
+        resp = self.client.get(self.url)
+        self.assertEqual(200, resp.status_code)
+
+        json_resp = json.loads(resp.content)
+        assert json_resp['repo_id'] == self.repo_id
+        assert json_resp['repo_name'] == self.repo_name
+        assert len(json_resp['dirent_list']) == self.init_num
+
+    @patch('seahub.api2.endpoints.admin.library_dirents.can_view_sys_admin_repo')
+    def test_can_not_get_with_invalid_user_permission(self, mock_can_view_sys_admin_repo):
+
+        mock_can_view_sys_admin_repo.return_value = True
+
+        self.login_as(self.user)
+        resp = self.client.get(self.url)
+        self.assertEqual(403, resp.status_code)
+
+    @patch('seahub.api2.endpoints.admin.library_dirents.can_view_sys_admin_repo')
+    def test_can_not_get_with_invalid_parent_dir(self, mock_can_view_sys_admin_repo):
+
+        mock_can_view_sys_admin_repo.return_value = True
+
+        self.login_as(self.admin)
+        parent_dir = randstring(6)
+        resp = self.client.get(self.url + '?parent_dir=%s' % parent_dir)
+        self.assertEqual(404, resp.status_code)
+
+    @patch('seahub.api2.endpoints.admin.library_dirents.can_view_sys_admin_repo')
+    def test_can_not_get_with_feather_disable(self, mock_can_view_sys_admin_repo):
+
+        mock_can_view_sys_admin_repo.return_value = False
+
+        self.login_as(self.admin)
+        resp = self.client.get(self.url)
+        self.assertEqual(403, resp.status_code)
+
+    @patch('seahub.api2.endpoints.admin.library_dirents.can_view_sys_admin_repo')
+    def test_can_create_file_folder(self, mock_can_view_sys_admin_repo):
+
+        mock_can_view_sys_admin_repo.return_value = True
+
+        self.login_as(self.admin)
+
+        # create folder
+        dir_name = randstring(6)
+        resp = self.client.post(self.url, {'obj_name': dir_name})
+        self.assertEqual(200, resp.status_code)
+        json_resp = json.loads(resp.content)
+        assert json_resp['is_file'] == False
+        assert json_resp['obj_name'] == dir_name
+
+        # length of dirent list will be init_num + 1
+        # after created a folder
+        resp = self.client.get(self.url)
+        json_resp = json.loads(resp.content)
+        assert len(json_resp['dirent_list']) == self.init_num + 1
+
+        # create file
+        file_name = randstring(6)
+        data = {
+            'obj_name': file_name,
+            'is_file': 'true'
+        }
+        resp = self.client.post(self.url, data)
+        self.assertEqual(200, resp.status_code)
+        json_resp = json.loads(resp.content)
+        assert json_resp['is_file'] == True
+        assert json_resp['obj_name'] == file_name
+
+        # length of dirent list will be init_num + 2
+        # after created a file
+        resp = self.client.get(self.url)
+        json_resp = json.loads(resp.content)
+        assert len(json_resp['dirent_list']) == self.init_num + 2
+
+    @patch('seahub.api2.endpoints.admin.library_dirents.can_view_sys_admin_repo')
+    def test_can_not_create_with_invalid_user_permission(self, mock_can_view_sys_admin_repo):
+
+        mock_can_view_sys_admin_repo.return_value = True
+
+        self.login_as(self.user)
+        resp = self.client.post(self.url)
+        self.assertEqual(403, resp.status_code)
+
+        self.logout()
+        self.login_as(self.admin)
+
+        # length of dirent list will still be init_num
+        # no file/folder was created
+        resp = self.client.get(self.url)
+        json_resp = json.loads(resp.content)
+        assert len(json_resp['dirent_list']) == self.init_num
+
+    @patch('seahub.api2.endpoints.admin.library_dirents.can_view_sys_admin_repo')
+    def test_can_not_create_with_invalid_parent_dir(self, mock_can_view_sys_admin_repo):
+
+        mock_can_view_sys_admin_repo.return_value = True
+
+        self.login_as(self.admin)
+        parent_dir = randstring(6)
+        resp = self.client.post(self.url + '?parent_dir=%s' % parent_dir)
+        self.assertEqual(404, resp.status_code)
+
+        # length of dirent list will still be init_num
+        # no file/folder was created
+        resp = self.client.get(self.url)
+        json_resp = json.loads(resp.content)
+        assert len(json_resp['dirent_list']) == self.init_num
+
+    @patch('seahub.api2.endpoints.admin.library_dirents.can_view_sys_admin_repo')
+    def test_can_not_create_with_invalid_obj_name(self, mock_can_view_sys_admin_repo):
+
+        mock_can_view_sys_admin_repo.return_value = True
+
+        self.login_as(self.admin)
+        resp = self.client.post(self.url, {'obj_name': 'invalid/name'})
+        self.assertEqual(400, resp.status_code)
+
+        # length of dirent list will still be init_num
+        # no file/folder was created
+        resp = self.client.get(self.url)
+        json_resp = json.loads(resp.content)
+        assert len(json_resp['dirent_list']) == self.init_num
+
+    @patch('seahub.api2.endpoints.admin.library_dirents.can_view_sys_admin_repo')
+    def test_can_not_create_with_feather_disable(self, mock_can_view_sys_admin_repo):
+
+        mock_can_view_sys_admin_repo.return_value = False
+
+        self.login_as(self.admin)
+        parent_dir = randstring(6)
+        dir_name = randstring(6)
+        resp = self.client.post(self.url + '?parent_dir=%s' % parent_dir, {'obj_name': dir_name})
+        self.assertEqual(403, resp.status_code)
+
+        mock_can_view_sys_admin_repo.return_value = True
+
+        # length of dirent list will still be init_num
+        # no file/folder was created
+        resp = self.client.get(self.url)
+        json_resp = json.loads(resp.content)
+        assert len(json_resp['dirent_list']) == self.init_num
+
+
+class LibraryDirentTest(BaseTestCase):
+
+    def get_file_folder_num(self, repo_owner, repo_id, parent_dir):
+
+        dir_id = seafile_api.get_dir_id_by_path(repo_id, parent_dir)
+        dirents = seafile_api.list_dir_with_perm(
+                repo_id, parent_dir, dir_id, repo_owner, -1, -1)
+
+        return len(dirents)
+
+    def setUp(self):
+
+        self.user_name = self.user.username
+        self.admin_name = self.admin.username
+
+        self.repo_id = self.repo.id
+        self.repo_name = self.repo.repo_name
+
+        self.file_path = self.file
+        self.file_name = os.path.basename(self.file_path)
+
+        self.folder_path = self.folder
+        self.folder_name = os.path.basename(self.folder.rstrip('/'))
+
+        self.parent_dir = '/'
+        self.init_num = self.get_file_folder_num(self.user_name,
+                self.repo_id, self.parent_dir)
+
+        self.url = reverse('api-v2.1-admin-library-dirent', args=[self.repo_id])
+
+    def tearDown(self):
+
+        self.remove_repo()
+        self.remove_group()
+
+    @patch('seahub.api2.endpoints.admin.library_dirents.can_view_sys_admin_repo')
+    def test_can_get(self, mock_can_view_sys_admin_repo):
+
+        mock_can_view_sys_admin_repo.return_value = True
+
+        self.login_as(self.admin)
+
+        # get info of a file
+        resp = self.client.get(self.url + '?path=%s' % (self.file_path))
+        self.assertEqual(200, resp.status_code)
+
+        json_resp = json.loads(resp.content)
+        assert json_resp['is_file'] == True
+        assert json_resp['obj_name'] == self.file_name
+
+        # get info of a folder
+        resp = self.client.get(self.url + '?path=%s' % (self.folder_path))
+        self.assertEqual(200, resp.status_code)
+
+        json_resp = json.loads(resp.content)
+        assert json_resp['is_file'] == False
+        assert json_resp['obj_name'] == self.folder_name
+
+    @patch('seahub.api2.endpoints.admin.library_dirents.can_view_sys_admin_repo')
+    def test_can_not_get_with_invalid_user_permission(self, mock_can_view_sys_admin_repo):
+
+        mock_can_view_sys_admin_repo.return_value = True
+
+        self.login_as(self.user)
+        resp = self.client.get(self.url)
+        self.assertEqual(403, resp.status_code)
+
+    @patch('seahub.api2.endpoints.admin.library_dirents.can_view_sys_admin_repo')
+    def test_can_not_get_with_invalid_path(self, mock_can_view_sys_admin_repo):
+
+        mock_can_view_sys_admin_repo.return_value = True
+
+        self.login_as(self.admin)
+
+        # invalid `path` parameter
+        resp = self.client.get(self.url)
+        self.assertEqual(400, resp.status_code)
+
+        # `path` not found
+        invalid_path = randstring(6)
+        resp = self.client.get(self.url + '?path=%s' % (invalid_path))
+        self.assertEqual(404, resp.status_code)
+
+    @patch('seahub.api2.endpoints.admin.library_dirents.can_view_sys_admin_repo')
+    def test_can_not_get_with_feather_disable(self, mock_can_view_sys_admin_repo):
+
+        mock_can_view_sys_admin_repo.return_value = False
+
+        self.login_as(self.admin)
+        resp = self.client.get(self.url)
+        self.assertEqual(403, resp.status_code)
+
+    @patch('seahub.api2.endpoints.admin.library_dirents.can_view_sys_admin_repo')
+    def test_can_delete_file_folder(self, mock_can_view_sys_admin_repo):
+
+        mock_can_view_sys_admin_repo.return_value = True
+
+        self.login_as(self.admin)
+
+        # delete folder
+        resp = self.client.delete(self.url + '?path=%s' % (self.folder_path))
+        self.assertEqual(200, resp.status_code)
+
+        # length of dirent list will be init_num - 1
+        # after deleted a folder
+        url = reverse('api-v2.1-admin-library-dirents', args=[self.repo_id])
+        resp = self.client.get(url)
+        json_resp = json.loads(resp.content)
+        assert len(json_resp['dirent_list']) == self.init_num - 1
+
+        # delete file
+        resp = self.client.delete(self.url + '?path=%s' % (self.file_path))
+        self.assertEqual(200, resp.status_code)
+
+        # length of dirent list will be init_num - 2
+        # after deleted a folder
+        url = reverse('api-v2.1-admin-library-dirents', args=[self.repo_id])
+        resp = self.client.get(url)
+        json_resp = json.loads(resp.content)
+        assert len(json_resp['dirent_list']) == self.init_num - 2
+
+    @patch('seahub.api2.endpoints.admin.library_dirents.can_view_sys_admin_repo')
+    def test_can_not_delete_with_invalid_user_permission(self, mock_can_view_sys_admin_repo):
+
+        mock_can_view_sys_admin_repo.return_value = True
+
+        self.login_as(self.user)
+        resp = self.client.delete(self.url)
+        self.assertEqual(403, resp.status_code)
+
+    @patch('seahub.api2.endpoints.admin.library_dirents.can_view_sys_admin_repo')
+    def test_can_not_delete_with_invalid_path(self, mock_can_view_sys_admin_repo):
+
+        mock_can_view_sys_admin_repo.return_value = True
+
+        self.login_as(self.admin)
+
+        # invalid `path` parameter
+        resp = self.client.delete(self.url)
+        self.assertEqual(400, resp.status_code)
+
+    @patch('seahub.api2.endpoints.admin.library_dirents.can_view_sys_admin_repo')
+    def test_can_not_delete_with_feather_disable(self, mock_can_view_sys_admin_repo):
+
+        mock_can_view_sys_admin_repo.return_value = False
+
+        self.login_as(self.admin)
+        resp = self.client.delete(self.url)
+        self.assertEqual(403, resp.status_code)
+
+    @patch('seahub.api2.endpoints.admin.library_dirents.can_view_sys_admin_repo')
+    def test_can_copy_file_folder_without_dst(self, mock_can_view_sys_admin_repo):
+
+        mock_can_view_sys_admin_repo.return_value = True
+
+        self.login_as(self.admin)
+
+        ## copy file
+        # if `dst_repo_id`, `dst_dir` is not provided,
+        # file will be copied to current library's root directory
+        data = {}
+        resp = self.client.put(self.url + '?path=%s' % (self.file_path),
+                json.dumps(data), 'application/json')
+
+        self.assertEqual(200, resp.status_code)
+
+        # length of dirent list will be init_num + 1
+        # after copied file to current library's root directory
+        url = reverse('api-v2.1-admin-library-dirents', args=[self.repo_id])
+        resp = self.client.get(url)
+        json_resp = json.loads(resp.content)
+        assert len(json_resp['dirent_list']) == self.init_num + 1
+
+        ## copy folder
+        # if `dst_repo_id`, `dst_dir` is not provided,
+        # folder will be copied to current library's root directory
+        data = {}
+        resp = self.client.put(self.url + '?path=%s' % (self.folder_path),
+                json.dumps(data), 'application/json')
+
+        self.assertEqual(200, resp.status_code)
+
+        # length of dirent list will be init_num + 2
+        # after copied file to current library's root directory
+        url = reverse('api-v2.1-admin-library-dirents', args=[self.repo_id])
+        resp = self.client.get(url)
+        json_resp = json.loads(resp.content)
+        assert len(json_resp['dirent_list']) == self.init_num + 2
+
+    @patch('seahub.api2.endpoints.admin.library_dirents.can_view_sys_admin_repo')
+    def test_can_copy_file_folder_with_dst(self, mock_can_view_sys_admin_repo):
+
+        mock_can_view_sys_admin_repo.return_value = True
+
+        dst_repo_id = seafile_api.create_repo(name='test-repo',
+                desc='', username=self.user_name, passwd=None)
+
+        dst_dir_name = randstring(6)
+        dst_dir = '/' + dst_dir_name
+        seafile_api.post_dir(dst_repo_id, '/', dst_dir_name, self.user_name)
+
+        dst_init_num = self.get_file_folder_num(self.user_name,
+                dst_repo_id, dst_dir)
+
+        self.login_as(self.admin)
+
+        dst_url = reverse('api-v2.1-admin-library-dirents',
+                args=[dst_repo_id]) + '?parent_dir=%s' % dst_dir
+
+        ## copy file
+        data = {'dst_repo_id': dst_repo_id, 'dst_dir': dst_dir}
+        resp = self.client.put(self.url + '?path=%s' % (self.file_path),
+                json.dumps(data), 'application/json')
+
+        self.assertEqual(200, resp.status_code)
+
+        # length of dst library's dirent list will be dst_init_num + 1
+        resp = self.client.get(dst_url)
+        json_resp = json.loads(resp.content)
+        assert len(json_resp['dirent_list']) == dst_init_num + 1
+
+        ## copy folder
+        resp = self.client.put(self.url + '?path=%s' % (self.folder_path),
+                json.dumps(data), 'application/json')
+
+        self.assertEqual(200, resp.status_code)
+
+        # length of dst library's dirent list will be dst_init_num + 2
+        resp = self.client.get(dst_url)
+        json_resp = json.loads(resp.content)
+        assert len(json_resp['dirent_list']) == dst_init_num + 2
+
+        self.remove_repo(dst_repo_id)
+
+    @patch('seahub.api2.endpoints.admin.library_dirents.can_view_sys_admin_repo')
+    def test_can_not_copy_with_invalid_user_permission(self, mock_can_view_sys_admin_repo):
+
+        mock_can_view_sys_admin_repo.return_value = True
+
+        self.login_as(self.user)
+        resp = self.client.put(self.url + '?path=%s' % (self.file_path),
+                json.dumps({}), 'application/json')
+        self.assertEqual(403, resp.status_code)
+
+    @patch('seahub.api2.endpoints.admin.library_dirents.can_view_sys_admin_repo')
+    def test_can_not_copy_with_invalid_path(self, mock_can_view_sys_admin_repo):
+
+        mock_can_view_sys_admin_repo.return_value = True
+
+        self.login_as(self.admin)
+        # invalid `path` parameter
+        resp = self.client.put(self.url, json.dumps({}), 'application/json')
+        self.assertEqual(400, resp.status_code)
+
+    @patch('seahub.api2.endpoints.admin.library_dirents.can_view_sys_admin_repo')
+    def test_can_not_copy_with_feather_disable(self, mock_can_view_sys_admin_repo):
+
+        mock_can_view_sys_admin_repo.return_value = False
+
+        self.login_as(self.admin)
+        resp = self.client.put(self.url, json.dumps({}), 'application/json')
+        self.assertEqual(403, resp.status_code)

tests/api/endpoints/admin/test_license.py

@@ -1,10 +1,11 @@
 import os
 import json
-from mock import patch
+from mock import patch 
 from django.core.urlresolvers import reverse
 
 from seahub.api2.endpoints.admin import license as license_api
 from seahub.settings import LICENSE_PATH
+from seahub.utils.error_msg import file_type_error_msg
 from seahub.test_utils import BaseTestCase
 from tests.common.utils import urljoin
 from tests.common.common import BASE_URL
@@ -22,8 +23,25 @@ class AdminLicenseTest(BaseTestCase):
         url = urljoin(BASE_URL, url)
         with open(
                 os.path.join(os.getcwd(), 'tests/seahub/utils/seafile-license.txt')) as f:
-            json_resp = self.client.post(url, {'license': f})
-        json_resp = json.loads(json_resp.content)
+            resp = self.client.post(url, {'license': f})
+        json_resp = json.loads(resp.content)
 
         assert json_resp['success'] is True
         assert os.path.exists(LICENSE_PATH)
+
+    @patch.object(license_api, 'ccnet_api')
+    def test_update_license_with_invalid_type(self, mock_ccnet_api):
+        mock_ccnet_api.return_val = {}
+
+        url = reverse('api-v2.1-admin-license')
+        url = urljoin(BASE_URL, url)
+        with open('temp.notxt', 'w') as f:
+            f.write('1')
+
+        with open(
+                os.path.join(os.getcwd(), 'temp.notxt')) as f:
+            resp = self.client.post(url, {'license': f})
+        json_resp = json.loads(resp.content)
+        assert 400 == resp.status_code
+        assert file_type_error_msg('notxt', 'txt') == json_resp['error_msg']
+

tests/api/endpoints/admin/test_login_bg_image.py

@@ -0,0 +1,68 @@
+import os
+import json
+from tests.common.utils import urljoin
+from tests.common.common import BASE_URL
+from django.core.urlresolvers import reverse
+
+from seahub.test_utils import BaseTestCase
+from seahub.settings import MEDIA_ROOT, CUSTOM_LOGO_PATH
+from seahub.utils.file_types import IMAGE
+from seahub.utils import PREVIEW_FILEEXT
+from seahub.utils.error_msg import file_type_error_msg
+
+
+class AdminLogoTest(BaseTestCase):
+    def setUp(self):
+        self.login_as(self.admin)
+
+    def test_update_logo(self):
+
+        custom_symlink = os.path.join(MEDIA_ROOT, os.path.dirname(CUSTOM_LOGO_PATH))
+        if os.path.exists(custom_symlink):
+            os.remove(custom_symlink)
+
+        assert not os.path.exists(custom_symlink)
+
+        # update user avatar
+        image_url = reverse('api-v2.1-admin-login-background-image')
+        image_url = urljoin(BASE_URL, image_url)
+        image_file = os.path.join(os.getcwd(), 'media/img/seafile-logo.png')
+
+        with open(image_file, 'rb') as f:
+            resp = self.client.post(image_url, {'login_bg_image': f})
+        json_resp = json.loads(resp.content)
+
+        assert 200 == resp.status_code
+        assert json_resp['success'] == True
+        assert os.path.exists(custom_symlink)
+        assert os.path.islink(custom_symlink)
+
+    def test_update_logo_with_invalid_user_permission(self):
+        self.logout()
+
+        # update user avatar
+        image_url = reverse('api-v2.1-admin-login-background-image')
+        image_url = urljoin(BASE_URL, image_url)
+        image_file = os.path.join(os.getcwd(), 'media/img/seafile-logo.png')
+
+        with open(image_file, 'rb') as f:
+            resp = self.client.post(image_url, {'login_bg_image': f})
+
+        assert 403 == resp.status_code
+
+    def test_update_logo_with_invalid_file_type(self):
+        with open('test.noimage', 'w') as f:
+            f.write('hello')
+
+        image_url = reverse('api-v2.1-admin-login-background-image')
+        image_url = urljoin(BASE_URL, image_url)
+        image_file = os.path.join(os.getcwd(), 'test.noimage')
+
+        with open(image_file, 'rb') as f:
+            resp = self.client.post(image_url, {'login_bg_image': f})
+
+            json_resp = json.loads(resp.content)
+
+        os.remove(image_file)
+        assert 400 == resp.status_code
+        assert json_resp['error_msg'] == file_type_error_msg("noimage", PREVIEW_FILEEXT.get('Image'))

tests/api/endpoints/admin/test_logo.py

@@ -1,12 +1,19 @@
 import os
-from tests.api.apitestbase import ApiTestBase
+import json
 from tests.common.utils import urljoin
 from tests.common.common import BASE_URL
 from django.core.urlresolvers import reverse
 
+from seahub.test_utils import BaseTestCase
 from seahub.settings import MEDIA_ROOT, CUSTOM_LOGO_PATH
+from seahub.utils import PREVIEW_FILEEXT
+from seahub.utils.file_types import IMAGE
+from seahub.utils.error_msg import file_type_error_msg
 
-class AdminLogoTest(ApiTestBase):
+
+class AdminLogoTest(BaseTestCase):
+    def setUp(self):
+        self.login_as(self.admin)
 
     def test_update_logo(self):
 
@@ -21,19 +28,41 @@ class AdminLogoTest(ApiTestBase):
         logo_url = urljoin(BASE_URL, logo_url)
         logo_file = os.path.join(os.getcwd(), 'media/img/seafile-logo.png')
 
-        with open(logo_file) as f:
-            json_resp = self.admin_post(logo_url, files={'logo': f}).json()
+        with open(logo_file, 'rb') as f:
+            resp = self.client.post(logo_url, {'logo': f})
+        json_resp = json.loads(resp.content)
 
+        assert 200 == resp.status_code
         assert json_resp['success'] == True
         assert os.path.exists(custom_symlink)
         assert os.path.islink(custom_symlink)
 
     def test_update_logo_with_invalid_user_permission(self):
+        self.logout()
 
         # update user avatar
         logo_url = reverse('api-v2.1-admin-logo')
         logo_url = urljoin(BASE_URL, logo_url)
         logo_file = os.path.join(os.getcwd(), 'media/img/seafile-logo.png')
 
-        with open(logo_file) as f:
-            json_resp = self.post(logo_url, files={'logo': f}, expected=403).json()
+        with open(logo_file, 'rb') as f:
+            resp = self.client.post(logo_url, {'logo': f})
+
+        assert 403 == resp.status_code
+
+
+    def test_update_logo_with_invalid_file_type(self):
+        with open('test.noimage', 'w') as f:
+            f.write('1')
+
+        logo_url = reverse('api-v2.1-admin-logo')
+        logo_url = urljoin(BASE_URL, logo_url)
+        logo_file = os.path.join(os.getcwd(), 'test.noimage')
+
+        with open(logo_file, 'rb') as f:
+            resp = self.client.post(logo_url, {'logo': f})
+        json_resp = json.loads(resp.content)
+
+        os.remove(logo_file)
+        assert 400 == resp.status_code
+        assert json_resp['error_msg'] == file_type_error_msg('noimage', PREVIEW_FILEEXT.get(IMAGE))

tests/api/endpoints/admin/test_shares.py

@@ -5,6 +5,7 @@ from django.core.urlresolvers import reverse
 from seaserv import seafile_api
 
 from seahub.test_utils import BaseTestCase
+from seahub.share.models import ExtraSharePermission
 
 class Shares(BaseTestCase):
 
@@ -41,6 +42,23 @@ class Shares(BaseTestCase):
         assert json_resp[0]['user_email'] == self.admin_name
         assert json_resp[0]['permission'] == 'rw'
 
+    def test_can_get_user_shared_with_admin(self):
+
+        self.share_repo_to_admin_with_admin_permission()
+
+        self.login_as(self.admin)
+
+        resp = self.client.get(self.url + self.para + '&share_type=user')
+        json_resp = json.loads(resp.content)
+        self.assertEqual(200, resp.status_code)
+
+        assert json_resp[0]['repo_id'] == self.repo_id
+        assert json_resp[0]['path'] == '/'
+        assert json_resp[0]['share_type'] == 'user'
+        assert json_resp[0]['user_email'] == self.admin_name
+        assert json_resp[0]['permission'] == 'rw'
+        assert json_resp[0]['is_admin'] == True
+
     def test_can_get_group_shared(self):
 
         self.share_repo_to_group_with_rw_permission()
@@ -57,6 +75,23 @@ class Shares(BaseTestCase):
         assert json_resp[0]['group_id'] == self.group_id
         assert json_resp[0]['permission'] == 'rw'
 
+    def test_can_get_group_shared_with_admin(self):
+
+        self.share_repo_to_group_with_admin_permission()
+
+        self.login_as(self.admin)
+
+        resp = self.client.get(self.url + self.para + '&share_type=group')
+        json_resp = json.loads(resp.content)
+        self.assertEqual(200, resp.status_code)
+
+        assert json_resp[0]['repo_id'] == self.repo_id
+        assert json_resp[0]['path'] == '/'
+        assert json_resp[0]['share_type'] == 'group'
+        assert json_resp[0]['group_id'] == self.group_id
+        assert json_resp[0]['permission'] == 'rw'
+        assert json_resp[0]['is_admin'] == True
+
     def test_get_with_invalid_permission(self):
 
         self.login_as(self.user)
@@ -85,6 +120,28 @@ class Shares(BaseTestCase):
         assert json_resp['success'][0]['user_email'] == self.tmp_user_email
         assert json_resp['success'][0]['permission'] == permission
 
+    def test_share_repo_to_user_with_admin_permission(self):
+
+        self.login_as(self.admin)
+
+        invalid_email = 'invalid@email.com'
+        permission = 'admin'
+
+        data = {
+            'repo_id': self.repo_id,
+            'share_type': 'user',
+            'permission': permission,
+            'share_to': [invalid_email, self.tmp_user_email]
+        }
+        resp = self.client.post(self.url, data)
+        self.assertEqual(200, resp.status_code)
+
+        json_resp = json.loads(resp.content)
+        assert json_resp['failed'][0]['user_email'] == invalid_email
+        assert json_resp['success'][0]['user_email'] == self.tmp_user_email
+        assert json_resp['success'][0]['permission'] == 'rw'
+        assert json_resp['success'][0]['is_admin'] == True
+
     def test_share_repo_to_group(self):
 
         self.login_as(self.admin)
@@ -106,6 +163,28 @@ class Shares(BaseTestCase):
         assert json_resp['success'][0]['group_id'] == self.group_id
         assert json_resp['success'][0]['permission'] == permission
 
+    def test_share_repo_to_group_with_admin_permission(self):
+
+        self.login_as(self.admin)
+
+        invalid_group_id = 'invalid_group_id'
+        permission = 'admin'
+
+        data = {
+            'repo_id': self.repo_id,
+            'share_type': 'group',
+            'permission': permission,
+            'share_to': [invalid_group_id, self.group_id]
+        }
+        resp = self.client.post(self.url, data)
+        self.assertEqual(200, resp.status_code)
+
+        json_resp = json.loads(resp.content)
+        assert json_resp['failed'][0]['group_id'] == invalid_group_id
+        assert json_resp['success'][0]['group_id'] == self.group_id
+        assert json_resp['success'][0]['permission'] == 'rw'
+        assert json_resp['success'][0]['is_admin'] == True
+
     def test_share_repo_with_invalid_user_permission(self):
 
         self.login_as(self.user)
@@ -143,6 +222,29 @@ class Shares(BaseTestCase):
         assert seafile_api.check_permission_by_path(self.repo_id, \
                 '/', self.tmp_user_email) == modified_perm
 
+    def test_modify_repo_user_share_permission_to_admin(self):
+
+        # user share repo to tmp user
+        init_permission = 'rw'
+        seafile_api.share_repo(self.repo_id,
+                self.user_name, self.tmp_user_email, init_permission)
+
+        assert seafile_api.check_permission_by_path(self.repo_id, \
+                '/', self.tmp_user_email) == init_permission
+
+        self.login_as(self.admin)
+
+        modified_perm = 'admin'
+        data = 'repo_id=%s&share_type=%s&permission=%s&share_to=%s' % \
+                (self.repo_id, 'user', modified_perm, self.tmp_user_email)
+        resp = self.client.put(self.url, data, 'application/x-www-form-urlencoded')
+        self.assertEqual(200, resp.status_code)
+
+        json_resp = json.loads(resp.content)
+        assert json_resp['permission'] == 'rw'
+        assert json_resp['is_admin'] == True
+        assert json_resp['user_email'] == self.tmp_user_email
+
     def test_modify_repo_group_share_permission(self):
 
         # user share repo to tmp user
@@ -176,6 +278,34 @@ class Shares(BaseTestCase):
 
         assert  permission == modified_perm
 
+    def test_modify_repo_group_share_permission_to_admin(self):
+
+        # user share repo to tmp user
+        self.share_repo_to_group_with_rw_permission()
+
+        shared_groups = seafile_api.list_repo_shared_group(
+                self.user_name, self.repo_id)
+
+        for e in shared_groups:
+            if e.group_id == self.group_id:
+                permission = e.perm
+                break
+
+        assert permission == 'rw'
+
+        self.login_as(self.admin)
+
+        modified_perm = 'admin'
+        data = 'repo_id=%s&share_type=%s&permission=%s&share_to=%s' % \
+                (self.repo_id, 'group', modified_perm, self.group_id)
+        resp = self.client.put(self.url, data, 'application/x-www-form-urlencoded')
+        self.assertEqual(200, resp.status_code)
+
+        json_resp = json.loads(resp.content)
+        assert json_resp['permission'] == 'rw'
+        assert json_resp['is_admin'] == True
+        assert json_resp['group_id'] == self.group_id
+
     def test_modify_with_invalid_user_permission(self):
         self.login_as(self.user)
 
@@ -202,6 +332,44 @@ class Shares(BaseTestCase):
         assert seafile_api.check_permission_by_path(self.repo_id, \
                 '/', self.tmp_user_email) is None
 
+    def test_delete_repo_user_share_admin_permission(self):
+
+        # user share repo to tmp user
+        init_permission = 'rw'
+        seafile_api.share_repo(self.repo_id,
+                self.user_name, self.tmp_user_email, init_permission)
+
+        ExtraSharePermission.objects.create_share_permission(self.repo.id, self.tmp_user_email, 'admin')
+
+        assert seafile_api.check_permission_by_path(self.repo_id, \
+                '/', self.tmp_user_email) == init_permission
+
+        self.login_as(self.admin)
+
+        resp = self.client.get(self.url + self.para + '&share_type=user')
+        json_resp = json.loads(resp.content)
+        self.assertEqual(200, resp.status_code)
+
+        assert json_resp[0]['repo_id'] == self.repo_id
+        assert json_resp[0]['path'] == '/'
+        assert json_resp[0]['share_type'] == 'user'
+        assert json_resp[0]['user_email'] == self.tmp_user_email
+        assert json_resp[0]['permission'] == 'rw'
+        assert json_resp[0]['is_admin'] == True
+
+        data = 'repo_id=%s&share_type=%s&share_to=%s' % \
+                (self.repo_id, 'user', self.tmp_user_email)
+        resp = self.client.delete(self.url, data, 'application/x-www-form-urlencoded')
+        self.assertEqual(200, resp.status_code)
+
+        assert seafile_api.check_permission_by_path(self.repo_id, \
+                '/', self.tmp_user_email) is None
+
+        resp = self.client.get(self.url + self.para + '&share_type=user')
+        json_resp = json.loads(resp.content)
+        self.assertEqual(200, resp.status_code)
+        assert not json_resp
+
     def test_delete_repo_group_share_permission(self):
 
         self.share_repo_to_group_with_rw_permission()
@@ -218,7 +386,38 @@ class Shares(BaseTestCase):
         self.login_as(self.admin)
 
         data = 'repo_id=%s&share_type=%s&share_to=%s' % \
-                (self.repo_id, 'user', self.tmp_user_email)
+                (self.repo_id, 'group', self.group_id)
+        resp = self.client.delete(self.url, data, 'application/x-www-form-urlencoded')
+        self.assertEqual(200, resp.status_code)
+
+    def test_delete_repo_group_share_admin_permission(self):
+
+        self.share_repo_to_group_with_admin_permission()
+
+        shared_groups = seafile_api.list_repo_shared_group(
+                self.user_name, self.repo_id)
+        for e in shared_groups:
+            if e.group_id == self.group_id:
+                permission = e.perm
+                break
+
+        assert permission == 'rw'
+
+        self.login_as(self.admin)
+
+        resp = self.client.get(self.url + self.para + '&share_type=group')
+        json_resp = json.loads(resp.content)
+        self.assertEqual(200, resp.status_code)
+
+        assert json_resp[0]['repo_id'] == self.repo_id
+        assert json_resp[0]['path'] == '/'
+        assert json_resp[0]['share_type'] == 'group'
+        assert json_resp[0]['group_id'] == self.group_id
+        assert json_resp[0]['permission'] == 'rw'
+        assert json_resp[0]['is_admin'] == True
+
+        data = 'repo_id=%s&share_type=%s&share_to=%s' % \
+                (self.repo_id, 'group', self.group_id)
         resp = self.client.delete(self.url, data, 'application/x-www-form-urlencoded')
         self.assertEqual(200, resp.status_code)
 
@@ -227,3 +426,21 @@ class Shares(BaseTestCase):
         self.login_as(self.user)
         resp = self.client.delete(self.url, {}, 'application/x-www-form-urlencoded')
         self.assertEqual(403, resp.status_code)
+
+    def test_delete_with_unshared_group(self):
+
+        self.login_as(self.admin)
+        data = 'repo_id=%s&share_type=%s&share_to=%s' % \
+                (self.repo_id, 'group', self.group_id)
+        resp = self.client.delete(self.url, data, 'application/x-www-form-urlencoded')
+        self.assertEqual(404, resp.status_code)
+
+
+    def test_delete_with_unshared_user(self):
+
+        self.login_as(self.admin)
+        data = 'repo_id=%s&share_type=%s&share_to=%s' % \
+                (self.repo_id, 'user', self.tmp_user_email)
+        resp = self.client.delete(self.url, data, 'application/x-www-form-urlencoded')
+        self.assertEqual(404, resp.status_code)
+

tests/api/endpoints/test_all_groups.py

@@ -1,36 +0,0 @@
-# Copyright (c) 2011-2016 Seafile Ltd.
-# -*- coding: utf-8 -*-
-import json
-
-from django.core.urlresolvers import reverse
-
-from seahub.test_utils import BaseTestCase
-
-from constance import config
-
-
-class GroupsShareTest(BaseTestCase):
-    def test_can_get(self):
-        config.ENABLE_SHARE_TO_ALL_GROUPS = 1
-        self.login_as(self.admin)
-        self.admin_group = self.create_group(group_name='test_group', 
-                                  username=self.admin.username)
-        self.logout()
-        self.login_as(self.user)
-        resp = [group["name"] for group in 
-                json.loads(self.client.get(reverse('api-v2.1-all-groups')).content)]
-        self.assertIn('test_group', resp)
-        self.clear_cache()
-
-    def test_can_get_with_disable_config(self):
-        config.ENABLE_SHARE_TO_ALL_GROUPS = 0
-        self.login_as(self.admin)
-        self.admin_group = self.create_group(group_name='test_disable_config', 
-                                  username=self.admin.username)
-        resp = json.loads(self.client.get(reverse('api-v2.1-all-groups')).content)
-        self.assertEqual([], resp)
-        self.clear_cache()
-
-    def tearDown(self):
-        self.remove_group(self.admin_group.id)
-

tests/api/endpoints/test_repo_trash.py

@@ -6,11 +6,24 @@ from django.core.urlresolvers import reverse
 from seaserv import seafile_api
 from seahub.test_utils import BaseTestCase
 
+from tests.common.utils import randstring
+
 class RepoTrashTest(BaseTestCase):
 
     def setUp(self):
-        self.repo_id = self.repo.id
+
         self.user_name = self.user.username
+        self.admin_name = self.admin.username
+
+        self.repo_id = self.repo.id
+        self.repo_name = self.repo.repo_name
+
+        self.file_path = self.file
+        self.file_name = os.path.basename(self.file_path)
+
+        self.folder_path = self.folder
+        self.folder_name = os.path.basename(self.folder.rstrip('/'))
+
         self.url = reverse('api-v2.1-repo-trash', args=[self.repo_id])
 
     def tearDown(self):
@@ -18,13 +31,60 @@ class RepoTrashTest(BaseTestCase):
         self.remove_group()
 
     def test_can_get(self):
+
         # delete a file first
-        file_name = os.path.basename(self.file)
-        seafile_api.del_file(self.repo_id, '/', file_name, self.user_name)
+        seafile_api.del_file(self.repo_id, '/',
+                self.file_name, self.user_name)
 
         self.login_as(self.user)
+
         resp = self.client.get(self.url)
         self.assertEqual(200, resp.status_code)
+
         json_resp = json.loads(resp.content)
-        assert json_resp['data'][0]['obj_name'] == file_name
+        assert json_resp['data'][0]['obj_name'] == self.file_name
         assert json_resp['data'][0]['is_dir'] == False
+
+    def test_can_not_get_with_invalid_repo_permission(self):
+
+        self.login_as(self.admin)
+
+        resp = self.client.get(self.url)
+        self.assertEqual(403, resp.status_code)
+
+    def test_can_not_get_with_invalid_path_parameter(self):
+
+        invalid_path = randstring(6)
+
+        self.login_as(self.admin)
+
+        resp = self.client.get(self.url + '?path=%s' % invalid_path)
+        self.assertEqual(404, resp.status_code)
+
+    def test_can_clean_library_trash(self):
+
+        # delete a file first
+        seafile_api.del_file(self.repo_id, '/',
+                self.file_name, self.user_name)
+
+        self.login_as(self.user)
+
+        # get trash item count
+        resp = self.client.get(self.url)
+        json_resp = json.loads(resp.content)
+        assert len(json_resp['data']) > 0
+
+        # clean library trash
+        resp = self.client.delete(self.url)
+        self.assertEqual(200, resp.status_code)
+
+        # get trash item count again
+        resp = self.client.get(self.url)
+        json_resp = json.loads(resp.content)
+        assert len(json_resp['data']) == 0
+
+    def test_can_not_clean_with_invalid_user_permission(self):
+
+        self.login_as(self.admin)
+        resp = self.client.delete(self.url)
+        self.assertEqual(403, resp.status_code)

tests/api/endpoints/test_share_links.py

@@ -1,8 +1,10 @@
 # -*- coding: utf-8 -*-
 import json
-from mock import patch
 
+from mock import patch
+from seaserv import seafile_api
 from django.core.urlresolvers import reverse
+
 from seahub.test_utils import BaseTestCase
 from seahub.share.models import FileShare
 from seahub.api2.permissions import CanGenerateShareLink
@@ -103,6 +105,18 @@ class ShareLinksTest(BaseTestCase):
 
         self._remove_share_link(json_resp['token'])
 
+    def test_create_file_share_link_in_enc_repo(self):
+        self.login_as(self.user)
+
+        resp = self.client.post(self.url, {'path': '/', 'repo_id': self.enc_repo.id})
+        self.assertEqual(403, resp.status_code)
+
+    def test_create_file_share_link_in_other_repo(self):
+        self.login_as(self.admin)
+
+        resp = self.client.post(self.url, {'path': self.file_path, 'repo_id': self.repo_id})
+        self.assertEqual(403, resp.status_code)
+
     def test_create_file_share_link_with_permissions(self):
         self.login_as(self.user)
 

tests/api/endpoints/test_shareable_groups.py

@@ -0,0 +1,59 @@
+# Copyright (c) 2011-2016 Seafile Ltd.
+# -*- coding: utf-8 -*-
+import json
+from django.core.urlresolvers import reverse
+from seahub.test_utils import BaseTestCase
+from tests.common.utils import randstring
+from constance import config
+
+
+class ShareableGroupsTest(BaseTestCase):
+
+    def setUp(self):
+        self.login_as(self.user)
+        self.group_id = self.group.id
+        self.group_name = self.group.group_name
+        self.admin_user = self.admin.username
+
+        self.url = reverse('api-v2.1-shareable-groups')
+
+    def tearDown(self):
+        self.remove_group()
+        self.remove_repo()
+
+    def test_can_get(self):
+
+        config.ENABLE_SHARE_TO_ALL_GROUPS = 1
+
+        admin_group_name = randstring(10)
+        admin_group = self.create_group(group_name=admin_group_name,
+                username=self.admin_user)
+
+        resp = self.client.get(self.url)
+        self.assertEqual(200, resp.status_code)
+        json_resp = json.loads(resp.content)
+        group_names = [g["name"] for g in json_resp]
+        self.assertIn(admin_group_name, group_names)
+        self.assertIn(self.group.group_name, group_names)
+
+
+        self.remove_group(admin_group.group_id)
+        self.clear_cache()
+
+    def test_can_get_with_disable_config(self):
+
+        config.ENABLE_SHARE_TO_ALL_GROUPS = 0
+
+        admin_group_name = randstring(10)
+        admin_group = self.create_group(group_name=admin_group_name,
+                username=self.admin_user)
+
+        resp = self.client.get(self.url)
+        self.assertEqual(200, resp.status_code)
+        json_resp = json.loads(resp.content)
+        group_names = [g["name"] for g in json_resp]
+        self.assertIn(self.group.group_name, group_names)
+        self.assertNotIn(admin_group_name, group_names)
+
+        self.remove_group(admin_group.group_id)
+        self.clear_cache()

tests/api/endpoints/test_upload_links.py

@@ -3,6 +3,11 @@ import json
 from mock import patch
 
 from django.core.urlresolvers import reverse
+
+from tests.common.utils import upload_file_test, randstring
+
+from seaserv import seafile_api
+
 from seahub.test_utils import BaseTestCase
 from seahub.share.models import UploadLinkShare
 from seahub.api2.permissions import CanGenerateUploadLink
@@ -15,6 +20,8 @@ except ImportError:
 class UploadLinksTest(BaseTestCase):
 
     def setUp(self):
+        self.user_name = self.user.username
+        self.admin_name = self.admin.username
         self.repo_id = self.repo.id
         self.folder_path= self.folder
         self.url = reverse('api-v2.1-upload-links')
@@ -23,8 +30,8 @@ class UploadLinksTest(BaseTestCase):
         self.remove_repo()
 
     def _add_upload_link(self):
-        upload_link = UploadLinkShare.objects.create_upload_link_share(self.user.username,
-            self.repo.id, self.folder, None, None)
+        upload_link = UploadLinkShare.objects.create_upload_link_share(self.user_name,
+            self.repo_id, self.folder_path, None, None)
 
         return upload_link.token
 
@@ -163,3 +170,81 @@ class UploadLinksTest(BaseTestCase):
         url = reverse('api-v2.1-upload-link', args=[token])
         resp = self.client.delete(url, {}, 'application/x-www-form-urlencoded')
         self.assertEqual(403, resp.status_code)
+
+
+class UploadLinkUploadTest(BaseTestCase):
+
+    def setUp(self):
+
+        self.user_name = self.user.username
+        self.admin_name = self.admin.username
+        self.repo_id = self.repo.id
+        self.folder_path= self.folder
+        self.invalid_token = '00000000000000000000'
+
+    def _add_upload_link(self, password=None):
+
+        fs = UploadLinkShare.objects.create_upload_link_share(
+                self.user_name, self.repo_id, self.folder_path, password, None)
+
+        return fs.token
+
+    def _remove_upload_link(self, token):
+
+        link = UploadLinkShare.objects.get(token=token)
+        link.delete()
+
+    def test_get_upload_link(self):
+
+        token = self._add_upload_link()
+
+        url = reverse('api-v2.1-upload-link-upload', args=[token])
+        resp = self.client.get(url)
+
+        self.assertEqual(200, resp.status_code)
+        json_resp = json.loads(resp.content)
+        assert '8082' in json_resp['upload_link']
+        assert 'upload' in json_resp['upload_link']
+
+        # test upload file via `upload_link`
+        upload_file_test(json_resp['upload_link'])
+
+        self._remove_upload_link(token)
+
+    def test_can_not_get_upload_link_with_invalid_token(self):
+
+        url = reverse('api-v2.1-upload-link-upload',
+                args=[self.invalid_token])
+
+        resp = self.client.get(url)
+        self.assertEqual(404, resp.status_code)
+
+    def test_can_not_get_upload_link_for_encrypted_upload_link_share(self):
+
+        token = self._add_upload_link(password=randstring(10))
+        url = reverse('api-v2.1-upload-link-upload', args=[token])
+        resp = self.client.get(url)
+        self.assertEqual(403, resp.status_code)
+
+    def test_can_not_get_upload_link_with_invalid_creator_repo_permission(self):
+
+        # user share repo to admin
+        seafile_api.share_repo(self.repo_id, self.user_name, self.admin_name, 'rw')
+
+        # admin create upload link
+        upload_link = UploadLinkShare.objects.create_upload_link_share(
+                self.admin_name, self.repo_id, '/', None, None)
+        token = upload_link.token
+
+        # can get url for upload file
+        url = reverse('api-v2.1-upload-link-upload', args=[token])
+        resp = self.client.get(url)
+        self.assertEqual(200, resp.status_code)
+
+        # user unshare repo
+        seafile_api.remove_share(self.repo_id, self.user_name, self.admin_name)
+
+        # can not get url for upload file
+        url = reverse('api-v2.1-upload-link-upload', args=[token])
+        resp = self.client.get(url)
+        self.assertEqual(403, resp.status_code)

tests/api/test_repo.py

@@ -218,6 +218,8 @@ class RepoTest(BaseTestCase):
         assert res_repo['root'] == ''
         assert res_repo['head_commit_id'] == share_repo.head_cmmt_id
         assert res_repo['version'] == share_repo.version
+        assert res_repo['groupid'] == self.group.id
+        assert res_repo['group_name'] == self.group.group_name
         self.remove_repo(share_repo.id)
 
     @patch('seahub.base.accounts.UserPermissions.can_view_org')

tests/api/test_search.py

@@ -0,0 +1,63 @@
+import json
+import pytest
+from mock import patch
+
+from django.core.urlresolvers import reverse
+
+from seahub.test_utils import BaseTestCase, TRAVIS
+
+from seaserv import seafile_api
+
+
+class SearchTest(BaseTestCase):
+    def setUp(self):
+        self.file_path = self.file
+        self.repo_id = self.repo.id
+        self.url = reverse('api_search')
+
+        self.mock_total = 15
+        self.mock_results = [
+            {
+                "repo_owner_name": "name",
+                "repo_id": self.repo_id,
+                "name": "lian.png",
+                "repo_owner_contact_email": "freeplant@163.com",
+                "repo_owner_email": "freeplant@163.com",
+                "last_modified": 1469415777,
+                "content_highlight": "",
+                "fullpath": self.file_path,
+                "repo_name": "seafile-design",
+                "is_dir": False,
+                "size": 142758,
+                "repo": seafile_api.get_repo(self.repo_id)
+            },
+        ]
+
+    @patch('seahub.api2.views.HAS_FILE_SEARCH', True)
+    @patch('seahub.api2.views.search_files')
+    @pytest.mark.skipif(TRAVIS, reason="")
+    def test_can_search_file(self, mock_search_files):
+        mock_search_files.return_value = self.mock_results, \
+                self.mock_total
+
+        self.login_as(self.user)
+        resp = self.client.get(self.url + '?q=lian')
+        self.assertEqual(200, resp.status_code)
+
+        json_resp = json.loads(resp.content)
+
+        assert json_resp['total'] == self.mock_total
+        assert json_resp['results'][0]['repo_id'] == self.mock_results[0]['repo_id']
+
+    @patch('seahub.api2.views.HAS_FILE_SEARCH', True)
+    def test_can_not_search_with_invalid_repo_permission(self):
+        self.login_as(self.admin)
+        resp = self.client.get(self.url + '?q=lian&search_repo=%s' %
+                self.repo_id)
+        self.assertEqual(403, resp.status_code)
+
+    @patch('seahub.api2.views.HAS_FILE_SEARCH', True)
+    def test_can_not_search_without_q_parameter(self):
+        self.login_as(self.user)
+        resp = self.client.get(self.url)
+        self.assertEqual(400, resp.status_code)

tests/seahub/auth/views/test_login.py

@@ -7,7 +7,7 @@ from constance import config
 
 from seahub.base.accounts import User
 from seahub.auth.forms import AuthenticationForm, CaptchaAuthenticationForm
-from seahub.auth.views import LOGIN_ATTEMPT_PREFIX
+from seahub.auth.utils import LOGIN_ATTEMPT_PREFIX
 from seahub.options.models import UserOptions
 from seahub.profile.models import Profile
 from seahub.test_utils import BaseTestCase

tests/seahub/base/test_accounts.py

@@ -1,6 +1,7 @@
 from seahub.test_utils import BaseTestCase
 from seahub.base.accounts import User, RegistrationForm
 
+from seahub.options.models import UserOptions
 from post_office.models import Email
 
 class UserTest(BaseTestCase):
@@ -16,6 +17,20 @@ class UserTest(BaseTestCase):
         # email = Email.objects.all()[0]
         # print email.html_message
 
+    def test_delete_user_options(self):
+        test_email = '123@123.com'
+
+        assert len(UserOptions.objects.filter(email=test_email)) == 0
+
+        User.objects.create_user(test_email)
+        UserOptions.objects.enable_server_crypto(test_email)
+
+        assert len(UserOptions.objects.filter(email=test_email)) == 1
+
+        user = User.objects.get(email=test_email)
+        user.delete()
+        
+        assert len(UserOptions.objects.filter(email=test_email)) == 0
 
 class UserPermissionsTest(BaseTestCase):
     def test_permissions(self):

tests/seahub/invitations/test_views.py

@@ -1,8 +1,15 @@
+import json
+
 from django.utils import timezone
 from django.core.urlresolvers import reverse
+from django.core import mail
+from django.test import override_settings
 
 from seahub.invitations.models import Invitation
+from seahub.notifications.models import UserNotification
 from seahub.test_utils import BaseTestCase
+from registration import signals
+
 
 
 class TokenViewTest(BaseTestCase):
@@ -41,3 +48,32 @@ class TokenViewTest(BaseTestCase):
         })
         self.assertEqual(302, resp.status_code)
         assert Invitation.objects.get(pk=self.iv.pk).accept_time is None
+
+    def test_can_notify_inviter(self):
+        assert len(UserNotification.objects.filter(to_user=self.user.username)) == 0
+        resp = self.client.post(self.url, {
+            'password': 'passwd'
+        })
+        self.assertEqual(302, resp.status_code)
+
+        assert len(UserNotification.objects.filter(to_user=self.user.username)) == 1
+        obj = UserNotification.objects.all()[0]
+        d = json.loads(obj.detail)
+        assert d['invitation_id'] == self.iv.pk
+
+    def _send_signal(self):
+        signals.user_registered.send(sender=self.__class__,
+                                     user=self.user,
+                                     request=self.fake_request)
+
+    @override_settings(
+                NOTIFY_ADMIN_AFTER_REGISTRATION=True,
+            )
+    def test_notify_admin_after_registration(self):
+        self.assertEqual(len(mail.outbox), 0)
+        self._send_signal()
+
+        assert 'New account created' in mail.outbox[0].subject
+        assert '%s is joined' % self.user.email in mail.outbox[0].body
+
+        assert len(mail.outbox) > 0

tests/seahub/notifications/management/commands/test_send_notices.py

@@ -1,8 +1,10 @@
 from django.core import mail
 from django.core.management import call_command
 
+from seahub.invitations.models import Invitation
 from seahub.notifications.models import (
-    UserNotification, repo_share_msg_to_json, file_comment_msg_to_json)
+    UserNotification, repo_share_msg_to_json, file_comment_msg_to_json,
+    guest_invitation_accepted_msg_to_json)
 from seahub.profile.models import Profile
 from seahub.test_utils import BaseTestCase
 
@@ -43,3 +45,18 @@ class CommandTest(BaseTestCase):
         assert mail.outbox[0].to[0] == 'a@a.com'
         assert 'new comment from user %s' % self.user.username in mail.outbox[0].body
         assert '/foo' in mail.outbox[0].body
+
+    def test_send_guest_invitation_notice(self):
+        self.assertEqual(len(mail.outbox), 0)
+
+        inv = Invitation.objects.add(self.user.username, 'test@test.com')
+        inv.accept()
+
+        detail = guest_invitation_accepted_msg_to_json(inv.pk)
+        UserNotification.objects.add_guest_invitation_accepted_msg(
+            inv.inviter, detail)
+
+        call_command('send_notices')
+        self.assertEqual(len(mail.outbox), 1)
+        assert mail.outbox[0].to[0] == self.user.username
+        assert 'Guest test@test.com' in mail.outbox[0].body

tests/seahub/registraion/test_can_email_admins_on_registration.py

@@ -1,29 +0,0 @@
-from django.core import mail
-from django.core.urlresolvers import reverse
-
-from constance import config
-
-from seahub.test_utils import BaseTestCase
-
-
-class EmailAdminOnRegistrationTest(BaseTestCase):
-    def setUp(self):
-        config.ENABLE_SIGNUP = True
-        self.email = 'newuser@test.com'
-        self.remove_user(self.email)
-
-    def test_can_notify_admin(self):
-        assert bool(config.ENABLE_SIGNUP) is True
-        self.assertEqual(len(mail.outbox), 0)
-
-        config.ACTIVATE_AFTER_REGISTRATION = False
-        config.REGISTRATION_SEND_MAIL = False
-
-        resp = self.client.post(reverse('registration_register'), {
-            'email': self.email,
-            'password1': '123',
-            'password2': '123'
-        })
-        self.assertRedirects(resp, 'http://testserver/accounts/register/complete/')
-        assert len(mail.outbox) != 0
-        assert 'a newly registered account need to be activated' in mail.outbox[0].body

tests/seahub/thirdpart/registration/test_models.py

@@ -0,0 +1,70 @@
+from django.core import mail
+from django.core.urlresolvers import reverse
+from django.test import override_settings
+
+from seahub.test_utils import BaseTestCase
+from registration import signals
+from constance import config
+
+
+class RegisterSignalMixin(object):
+    def _send_signal(self):
+        signals.user_registered.send(sender=self.__class__,
+                                     user=self.user,
+                                     request=self.fake_request)
+
+
+class EmailAdminOnRegistrationTest(BaseTestCase, RegisterSignalMixin):
+    """Send admins emails with message that a new user joined.
+    """
+    def setUp(self):
+        self.clear_cache()
+        self.old_config = config.ACTIVATE_AFTER_REGISTRATION
+        config.ACTIVATE_AFTER_REGISTRATION = True
+
+    def tearDown(self):
+        config.ACTIVATE_AFTER_REGISTRATION = self.old_config
+
+    @override_settings(
+        NOTIFY_ADMIN_AFTER_REGISTRATION=True,
+    )
+    def test_notify_admin_after_registration(self):
+        self.assertEqual(len(mail.outbox), 0)
+        self._send_signal()
+
+        assert 'New account created' in mail.outbox[0].subject
+        assert '%s is joined' % self.user.email in mail.outbox[0].body
+
+        assert len(mail.outbox) > 0
+
+
+class EmailAdminOnRegistrationTest2(BaseTestCase, RegisterSignalMixin):
+    """Send admins emails with activate link.
+    """
+    def setUp(self):
+        self.clear_cache()
+
+        self.old_cfg1 = config.ENABLE_SIGNUP
+        self.old_cfg2 = config.ACTIVATE_AFTER_REGISTRATION
+        self.old_cfg3 = config.REGISTRATION_SEND_MAIL
+
+        config.ENABLE_SIGNUP = True
+        self.email = 'newuser@test.com'
+        self.remove_user(self.email)
+
+    def tearDown(self):
+        config.ENABLE_SIGNUP = self.old_cfg1
+        config.ACTIVATE_AFTER_REGISTRATION = self.old_cfg2
+        config.REGISTRATION_SEND_MAIL = self.old_cfg3
+
+    def test_notify_admin_to_activate(self):
+        assert bool(config.ENABLE_SIGNUP) is True
+        self.assertEqual(len(mail.outbox), 0)
+
+        config.ACTIVATE_AFTER_REGISTRATION = False
+        config.REGISTRATION_SEND_MAIL = False
+
+        self._send_signal()
+
+        assert len(mail.outbox) != 0
+        assert 'a newly registered account need to be activated' in mail.outbox[0].body

tests/seahub/two_factor/views/test_backup_tokens_view.py

@@ -0,0 +1,25 @@
+from django.core.urlresolvers import reverse
+from constance import config
+
+from seahub.two_factor.models import StaticDevice
+from seahub.two_factor import user_has_device
+from seahub.test_utils import BaseTestCase
+
+
+class BackupTokensViewTest(BaseTestCase):
+    def setUp(self):
+        self.clear_cache()
+
+        self.login_as(self.user)
+        self.url = reverse('two_factor:backup_tokens')
+        self.old_conf = config.ENABLE_TWO_FACTOR_AUTH
+        config.ENABLE_TWO_FACTOR_AUTH = True
+
+    def tearDown(self):
+        config.ENABLE_TWO_FACTOR_AUTH = self.old_conf
+
+    def test_user_2fa_not_enabled(self):
+        resp = self.client.get(self.url)
+        # redirect to 2fa setup page
+        self.assertRegexpMatches(resp['Location'],
+                                 r'http://testserver/profile/two_factor_authentication/setup/')

tests/seahub/views/ajax/test_get_dirents.py

@@ -1,17 +1,31 @@
 import json
 
+from seaserv import seafile_api
 from django.core.urlresolvers import reverse
 
 from seahub.test_utils import BaseTestCase
 
 class GetDirentsTest(BaseTestCase):
     def setUp(self):
-        self.login_as(self.user)
-        file = self.file
+        a = self.file        # create a file
         self.url = reverse('get_dirents', args=[self.repo.id]) + "?path=/"
 
     def test_can_get(self):
+        self.login_as(self.user)
         resp = self.client.get(self.url, HTTP_X_REQUESTED_WITH='XMLHttpRequest')
+        self.assertEqual(200, resp.status_code)
 
         json_resp = json.loads(resp.content)
         assert len(json_resp) == 1
+
+    def test_cannot_get_others(self):
+        self.login_as(self.admin)
+        resp = self.client.get(self.url, HTTP_X_REQUESTED_WITH='XMLHttpRequest')
+        self.assertEqual(403, resp.status_code)
+
+    def test_get_entries_in_enc_repo(self):
+        self.login_as(self.user)
+
+        url = reverse('get_dirents', args=[self.enc_repo.id]) + "?path=/"
+        resp = self.client.get(url, HTTP_X_REQUESTED_WITH='XMLHttpRequest')
+        self.assertEqual(200, resp.status_code)

tests/seahub/views/init/test_demo.py

@@ -0,0 +1,29 @@
+from django.conf import settings
+from django.test import override_settings
+
+from seahub.base.accounts import User
+from seahub.test_utils import BaseTestCase
+
+
+class DemoTest(BaseTestCase):
+
+    def setUp(self):
+        self.url = '/demo/'
+
+    def test_404_if_not_enabled_demo_user(self):
+        resp = self.client.get(self.url)
+        self.assertEqual(404, resp.status_code)
+
+    @override_settings(ENABLE_DEMO_USER=True)
+    def test_user_doesnot_exists(self):
+        resp = self.client.get(self.url)
+        self.assertEqual(404, resp.status_code)
+
+    @override_settings(ENABLE_DEMO_USER=True)
+    def test_demo_user(self):
+        u = User.objects.create_user(email=settings.CLOUD_DEMO_USER)
+
+        resp = self.client.get(self.url)
+        self.assertEqual(302, resp.status_code)
+
+        self.remove_user(u.username)

tests/seahub/views/repo/test_view_shared_dir.py

@@ -28,6 +28,21 @@ class SharedDirTest(TestCase, Fixtures):
 
         self.assertContains(resp, '<h2>%s</h2>' % self.repo.name)
 
+    def test_cannot_render_enc_repo(self):
+        share_file_info = {
+            'username': 'test@test.com',
+            'repo_id': self.enc_repo.id,
+            'path': '/',
+            'password': None,
+            'expire_date': None,
+        }
+        fs = FileShare.objects.create_dir_link(**share_file_info)
+        resp = self.client.get(
+            reverse('view_shared_dir', args=[fs.token])
+        )
+        self.assertEqual(200, resp.status_code)
+        self.assertTemplateUsed(resp, 'error.html')
+
     def test_view_raw_file_via_shared_dir(self):
         resp = self.client.get(
             reverse('view_file_via_shared_dir', args=[self.fs.token]) + '?p=' + self.file + '&raw=1'

tests/seahub/views/sysadmin/test_sys_sudo_mode.py

@@ -0,0 +1,73 @@
+from django.core.urlresolvers import reverse
+
+from constance import config
+
+from seahub.test_utils import BaseTestCase
+
+
+class SysSettingsTest(BaseTestCase):
+    def setUp(self):
+        self.clear_cache()      # make sure cache is clean
+
+        self.old_config = config.LOGIN_ATTEMPT_LIMIT
+        config.LOGIN_ATTEMPT_LIMIT = 1
+
+        self.url = reverse('sys_sudo_mode')
+        self.login_as(self.admin)
+
+    def tearDown(self):
+        config.LOGIN_ATTEMPT_LIMIT = self.old_config
+        self.clear_cache()
+
+    def test_can_get(self):
+        resp = self.client.get(self.url)
+        self.assertEqual(200, resp.status_code)
+        self.assertTemplateUsed('sysadmin/sudo_mode.html')
+        self.assertEqual(False, resp.context['password_error'])
+
+    def test_can_post(self):
+        resp = self.client.post(self.url, {
+            'password': self.admin_password,
+        })
+        self.assertEqual(302, resp.status_code)
+        assert 'accounts/login/' not in resp['Location']
+
+    def test_can_logout_when_reach_login_attempts(self):
+        # first invalid login
+        resp = self.client.post(self.url, {
+            'password': 'xxx',
+        })
+        self.assertEqual(200, resp.status_code)
+        self.assertTemplateUsed('sysadmin/sudo_mode.html')
+        self.assertEqual(True, resp.context['password_error'])
+
+        # logout when second invalid login
+        resp = self.client.post(self.url, {
+            'password': 'xxx',
+        })
+        self.assertEqual(302, resp.status_code)
+        self.assertRegexpMatches(resp['Location'], r'accounts/login/')
+
+    def test_can_clear_login_attempt_cache(self):
+        # first invalid login
+        resp = self.client.post(self.url, {
+            'password': 'xxx',
+        })
+        self.assertEqual(200, resp.status_code)
+        self.assertTemplateUsed('sysadmin/sudo_mode.html')
+        self.assertEqual(True, resp.context['password_error'])
+
+        # second valid login
+        resp = self.client.post(self.url, {
+            'password': self.admin_password,
+        })
+        self.assertEqual(302, resp.status_code)
+        assert 'accounts/login/' not in resp['Location']
+
+        # third invalid login should show error, which means cache is clear
+        resp = self.client.post(self.url, {
+            'password': 'xxx',
+        })
+        self.assertEqual(200, resp.status_code)
+        self.assertTemplateUsed('sysadmin/sudo_mode.html')
+        self.assertEqual(True, resp.context['password_error'])