mirror of
https://github.com/haiwen/seahub.git
synced 2025-09-02 15:38:15 +00:00
new share admin page (#1233)
This commit is contained in:
lian
Daniel Pan
@@ -7,6 +7,11 @@ from seahub.test_utils import BaseTestCase
|
||||
from seahub.share.models import UploadLinkShare
|
||||
from seahub.api2.endpoints.upload_links import UploadLinks, UploadLink
|
||||
|
||||
try:
|
||||
from seahub.settings import LOCAL_PRO_DEV_ENV
|
||||
except ImportError:
|
||||
LOCAL_PRO_DEV_ENV = False
|
||||
|
||||
class UploadLinksTest(BaseTestCase):
|
||||
|
||||
def setUp(self):
|
||||
@@ -46,6 +51,14 @@ class UploadLinksTest(BaseTestCase):
|
||||
|
||||
self._remove_upload_link(token)
|
||||
|
||||
@patch.object(UploadLinks, '_can_generate_shared_link')
|
||||
def test_get_link_with_invalid_user_role_permission(self, mock_can_generate_shared_link):
|
||||
self.login_as(self.user)
|
||||
mock_can_generate_shared_link.return_value = False
|
||||
|
||||
resp = self.client.get(self.url)
|
||||
self.assertEqual(403, resp.status_code)
|
||||
|
||||
def test_create_upload_link(self):
|
||||
self.login_as(self.user)
|
||||
|
||||
@@ -61,6 +74,66 @@ class UploadLinksTest(BaseTestCase):
|
||||
|
||||
self._remove_upload_link(json_resp['token'])
|
||||
|
||||
@patch.object(UploadLinks, '_can_generate_shared_link')
|
||||
def test_create_link_with_invalid_user_role_permission(self, mock_can_generate_shared_link):
|
||||
self.login_as(self.user)
|
||||
mock_can_generate_shared_link.return_value = False
|
||||
|
||||
resp = self.client.post(self.url, {'path': self.folder_path, 'repo_id': self.repo_id})
|
||||
self.assertEqual(403, resp.status_code)
|
||||
|
||||
def test_create_link_with_rw_permission_folder(self):
|
||||
|
||||
if not LOCAL_PRO_DEV_ENV:
|
||||
return
|
||||
|
||||
self.set_user_folder_rw_permission_to_admin()
|
||||
|
||||
# login with admin to create upload link in user's repo
|
||||
self.login_as(self.admin)
|
||||
|
||||
data = {'path': self.folder_path, 'repo_id': self.repo_id}
|
||||
resp = self.client.post(self.url, data)
|
||||
self.assertEqual(200, resp.status_code)
|
||||
|
||||
def test_create_link_with_rw_permission_folder_in_group(self):
|
||||
|
||||
self.share_repo_to_group_with_rw_permission()
|
||||
self.add_admin_to_group()
|
||||
|
||||
# login with admin to create upload link in user's repo
|
||||
self.login_as(self.admin)
|
||||
|
||||
data = {'path': self.folder_path, 'repo_id': self.repo_id}
|
||||
resp = self.client.post(self.url, data)
|
||||
self.assertEqual(200, resp.status_code)
|
||||
|
||||
def test_can_not_create_link_with_r_permission_folder(self):
|
||||
|
||||
if not LOCAL_PRO_DEV_ENV:
|
||||
return
|
||||
|
||||
self.set_user_folder_r_permission_to_admin()
|
||||
|
||||
# login with admin to create upload link in user's repo
|
||||
self.login_as(self.admin)
|
||||
|
||||
data = {'path': self.folder_path, 'repo_id': self.repo_id}
|
||||
resp = self.client.post(self.url, data)
|
||||
self.assertEqual(403, resp.status_code)
|
||||
|
||||
def test_can_not_create_link_with_r_permission_folder_in_group(self):
|
||||
|
||||
self.share_repo_to_group_with_r_permission()
|
||||
self.add_admin_to_group()
|
||||
|
||||
# login with admin to create upload link in user's repo
|
||||
self.login_as(self.admin)
|
||||
|
||||
data = {'path': self.folder_path, 'repo_id': self.repo_id}
|
||||
resp = self.client.post(self.url, data)
|
||||
self.assertEqual(403, resp.status_code)
|
||||
|
||||
def test_delete_upload_link(self):
|
||||
self.login_as(self.user)
|
||||
token = self._add_upload_link()
|
||||
@@ -72,43 +145,21 @@ class UploadLinksTest(BaseTestCase):
|
||||
json_resp = json.loads(resp.content)
|
||||
assert json_resp['success'] is True
|
||||
|
||||
# test permission
|
||||
def test_can_not_delete_link_if_not_owner(self):
|
||||
self.login_as(self.admin)
|
||||
@patch.object(UploadLink, '_can_generate_shared_link')
|
||||
def test_delete_link_with_invalid_user_role_permission(self, mock_can_generate_shared_link):
|
||||
token = self._add_upload_link()
|
||||
|
||||
url = reverse('api-v2.1-upload-link', args=[token])
|
||||
resp = self.client.delete(url, {}, 'application/x-www-form-urlencoded')
|
||||
self.assertEqual(403, resp.status_code)
|
||||
|
||||
@patch.object(UploadLinks, '_can_generate_shared_link')
|
||||
def test_can_not_get_and_create_link_with_invalid_permission(self, mock_can_generate_shared_link):
|
||||
self.login_as(self.user)
|
||||
mock_can_generate_shared_link.return_value = False
|
||||
|
||||
resp = self.client.get(self.url)
|
||||
self.assertEqual(403, resp.status_code)
|
||||
|
||||
resp = self.client.post(self.url)
|
||||
self.assertEqual(403, resp.status_code)
|
||||
|
||||
self.logout()
|
||||
|
||||
# login with another user to test repo permission
|
||||
self.login_as(self.admin)
|
||||
mock_can_generate_shared_link.return_value = True
|
||||
|
||||
args = '?repo_id=%s' % self.repo_id
|
||||
resp = self.client.get(self.url + args)
|
||||
self.assertEqual(403, resp.status_code)
|
||||
|
||||
data = {'path': self.folder_path, 'repo_id': self.repo_id}
|
||||
resp = self.client.post(self.url, data)
|
||||
self.assertEqual(403, resp.status_code)
|
||||
|
||||
@patch.object(UploadLink, '_can_generate_shared_link')
|
||||
def test_can_not_delete_link_with_invalid_permission(self, mock_can_generate_shared_link):
|
||||
token = self._add_upload_link()
|
||||
url = reverse('api-v2.1-upload-link', args=[token])
|
||||
resp = self.client.delete(url, {}, 'application/x-www-form-urlencoded')
|
||||
self.assertEqual(403, resp.status_code)
|
||||
|
||||
def test_delete_link_if_not_owner(self):
|
||||
self.login_as(self.admin)
|
||||
token = self._add_upload_link()
|
||||
|
||||
url = reverse('api-v2.1-upload-link', args=[token])
|
||||
resp = self.client.delete(url, {}, 'application/x-www-form-urlencoded')
|
||||
self.assertEqual(403, resp.status_code)
|
||||
|
||||
Reference in New Issue
Block a user