mirror of
https://github.com/haiwen/seahub.git
synced 2025-07-12 14:38:58 +00:00
456 lines
15 KiB
Python
456 lines
15 KiB
Python
# -*- coding: utf-8 -*-
|
|
import json
|
|
|
|
from seaserv import ccnet_api, seafile_api
|
|
from tests.common.utils import randstring
|
|
from django.urls import reverse
|
|
from seahub.constants import DEFAULT_USER, GUEST_USER
|
|
from seahub.test_utils import BaseTestCase
|
|
from seahub.base.templatetags.seahub_tags import email2nickname, \
|
|
email2contact_email
|
|
from seahub.profile.models import DetailedProfile
|
|
from seahub.share.models import FileShare, UploadLinkShare
|
|
from seahub.utils.file_size import get_file_size_unit
|
|
|
|
try:
|
|
from seahub.settings import LOCAL_PRO_DEV_ENV
|
|
except ImportError:
|
|
LOCAL_PRO_DEV_ENV = False
|
|
|
|
class AdminUsersTest(BaseTestCase):
|
|
|
|
def setUp(self):
|
|
self.url = reverse('api-v2.1-admin-users')
|
|
self.tmp_email = '%s@email.com' % randstring(10)
|
|
|
|
def tearDown(self):
|
|
self.remove_user(self.tmp_email)
|
|
|
|
def test_get_admin_permission_denied(self):
|
|
self.login_as(self.admin_cannot_manage_user)
|
|
resp = self.client.get(self.url)
|
|
self.assertEqual(403, resp.status_code)
|
|
|
|
def test_post_admin_permission_denied(self):
|
|
self.login_as(self.admin_cannot_manage_user)
|
|
resp = self.client.post(self.url)
|
|
self.assertEqual(403, resp.status_code)
|
|
|
|
def test_get_users(self):
|
|
self.login_as(self.admin)
|
|
|
|
resp = self.client.get(self.url)
|
|
self.assertEqual(200, resp.status_code)
|
|
|
|
json_resp = json.loads(resp.content)
|
|
|
|
assert 'email' in json_resp['data'][0]
|
|
assert 'name' in json_resp['data'][0]
|
|
assert 'contact_email' in json_resp['data'][0]
|
|
assert 'is_staff' in json_resp['data'][0]
|
|
assert 'is_active' in json_resp['data'][0]
|
|
assert 'create_time' in json_resp['data'][0]
|
|
assert 'quota_total' in json_resp['data'][0]
|
|
assert 'quota_usage' in json_resp['data'][0]
|
|
|
|
def test_get_with_invalid_user_permission(self):
|
|
self.login_as(self.user)
|
|
|
|
resp = self.client.get(self.url)
|
|
self.assertEqual(403, resp.status_code)
|
|
|
|
def test_create_user(self):
|
|
self.login_as(self.admin)
|
|
|
|
data = {
|
|
"email": self.tmp_email,
|
|
"password": 'password',
|
|
}
|
|
|
|
resp = self.client.post(self.url, json.dumps(data),
|
|
'application/json')
|
|
|
|
json_resp = json.loads(resp.content)
|
|
self.assertEqual(200, resp.status_code)
|
|
assert json_resp['contact_email'] == self.tmp_email
|
|
|
|
ccnet_email = ccnet_api.get_emailuser(json_resp['email'])
|
|
|
|
self.remove_user(ccnet_email.email)
|
|
|
|
def test_create_with_invalid_user_permission(self):
|
|
self.login_as(self.user)
|
|
|
|
self.tmp_email = '%s@email.com' % randstring(10)
|
|
|
|
# copy folders
|
|
data = {
|
|
"email": self.tmp_email,
|
|
"password": 'password',
|
|
}
|
|
|
|
resp = self.client.post(self.url, json.dumps(data),
|
|
'application/json')
|
|
|
|
self.assertEqual(403, resp.status_code)
|
|
|
|
class AdminUserTest(BaseTestCase):
|
|
|
|
def setUp(self):
|
|
self.user_name = self.user.username
|
|
self.tmp_email = '%s@email.com' % randstring(10)
|
|
self.password = randstring(10)
|
|
self.url = reverse('api-v2.1-admin-user', args=[self.tmp_email])
|
|
|
|
ccnet_api.add_emailuser(self.tmp_email, self.password, 0, 0)
|
|
self.clear_cache()
|
|
|
|
def tearDown(self):
|
|
self.remove_user(self.tmp_email)
|
|
|
|
def test_get_admin_permission_denied(self):
|
|
self.login_as(self.admin_cannot_manage_user)
|
|
resp = self.client.get(self.url)
|
|
self.assertEqual(403, resp.status_code)
|
|
|
|
def test_put_admin_permission_denied(self):
|
|
self.login_as(self.admin_cannot_manage_user)
|
|
resp = self.client.put(self.url)
|
|
self.assertEqual(403, resp.status_code)
|
|
|
|
def test_delete_admin_permission_denied(self):
|
|
self.login_as(self.admin_cannot_manage_user)
|
|
resp = self.client.delete(self.url)
|
|
self.assertEqual(403, resp.status_code)
|
|
|
|
def get_user_info(self):
|
|
self.login_as(self.admin)
|
|
resp = self.client.get(self.url)
|
|
json_resp = json.loads(resp.content)
|
|
return json_resp
|
|
|
|
def test_get_user(self):
|
|
self.login_as(self.admin)
|
|
|
|
resp = self.client.get(self.url)
|
|
self.assertEqual(200, resp.status_code)
|
|
|
|
json_resp = json.loads(resp.content)
|
|
|
|
assert json_resp['email'] == self.tmp_email
|
|
|
|
assert 'email' in json_resp
|
|
assert 'name' in json_resp
|
|
assert 'contact_email' in json_resp
|
|
assert 'is_staff' in json_resp
|
|
assert 'is_active' in json_resp
|
|
assert 'create_time' in json_resp
|
|
assert 'quota_total' in json_resp
|
|
assert 'quota_usage' in json_resp
|
|
|
|
def test_get_with_invalid_user_permission(self):
|
|
self.login_as(self.user)
|
|
|
|
resp = self.client.get(self.url)
|
|
self.assertEqual(403, resp.status_code)
|
|
|
|
def test_update_is_active(self):
|
|
|
|
self.login_as(self.admin)
|
|
|
|
# acitve user
|
|
data = {"email": self.tmp_email, "is_active": 'true'}
|
|
resp = self.client.put(self.url, json.dumps(data),
|
|
'application/json')
|
|
json_resp = json.loads(resp.content)
|
|
self.assertEqual(200, resp.status_code)
|
|
assert json_resp['is_active'] == True
|
|
|
|
ccnet_email = ccnet_api.get_emailuser(self.tmp_email)
|
|
assert ccnet_email.is_active == True
|
|
|
|
# inacitve user
|
|
data = {"email": self.tmp_email, "is_active": 'False'}
|
|
resp = self.client.put(self.url, json.dumps(data),
|
|
'application/json')
|
|
json_resp = json.loads(resp.content)
|
|
self.assertEqual(200, resp.status_code)
|
|
assert json_resp['is_active'] == False
|
|
|
|
ccnet_email = ccnet_api.get_emailuser(self.tmp_email)
|
|
assert ccnet_email.is_active == False
|
|
|
|
def test_update_is_staff(self):
|
|
|
|
self.login_as(self.admin)
|
|
|
|
# make user staff
|
|
data = {"email": self.tmp_email, "is_staff": 'true'}
|
|
resp = self.client.put(self.url, json.dumps(data),
|
|
'application/json')
|
|
json_resp = json.loads(resp.content)
|
|
self.assertEqual(200, resp.status_code)
|
|
assert json_resp['is_staff'] == True
|
|
|
|
ccnet_email = ccnet_api.get_emailuser(self.tmp_email)
|
|
assert ccnet_email.is_staff == True
|
|
|
|
# make user not staff
|
|
data = {"email": self.tmp_email, "is_staff": 'False'}
|
|
resp = self.client.put(self.url, json.dumps(data),
|
|
'application/json')
|
|
json_resp = json.loads(resp.content)
|
|
self.assertEqual(200, resp.status_code)
|
|
assert json_resp['is_staff'] == False
|
|
|
|
ccnet_email = ccnet_api.get_emailuser(self.tmp_email)
|
|
assert ccnet_email.is_staff == False
|
|
|
|
def test_update_role(self):
|
|
|
|
if not LOCAL_PRO_DEV_ENV:
|
|
return
|
|
|
|
self.login_as(self.admin)
|
|
|
|
# change user to guest user
|
|
data = {"email": self.tmp_email, "role": GUEST_USER}
|
|
resp = self.client.put(self.url, json.dumps(data),
|
|
'application/json')
|
|
json_resp = json.loads(resp.content)
|
|
self.assertEqual(200, resp.status_code)
|
|
assert json_resp['role'] == GUEST_USER
|
|
|
|
ccnet_email = ccnet_api.get_emailuser(self.tmp_email)
|
|
assert ccnet_email.role == GUEST_USER
|
|
|
|
# change user to default user
|
|
data = {"email": self.tmp_email, "role": DEFAULT_USER}
|
|
resp = self.client.put(self.url, json.dumps(data),
|
|
'application/json')
|
|
json_resp = json.loads(resp.content)
|
|
self.assertEqual(200, resp.status_code)
|
|
assert json_resp['role'] == DEFAULT_USER
|
|
|
|
ccnet_email = ccnet_api.get_emailuser(self.tmp_email)
|
|
assert ccnet_email.role == DEFAULT_USER
|
|
|
|
def test_update_password(self):
|
|
|
|
self.login_as(self.admin)
|
|
|
|
# change user password
|
|
password = randstring(10)
|
|
data = {"email": self.tmp_email, "password": password}
|
|
resp = self.client.put(self.url, json.dumps(data),
|
|
'application/json')
|
|
self.assertEqual(200, resp.status_code)
|
|
|
|
assert ccnet_api.validate_emailuser(self.tmp_email, password) == 0
|
|
|
|
def test_update_name(self):
|
|
|
|
self.login_as(self.admin)
|
|
|
|
# change user name
|
|
tmp_name = randstring(10)
|
|
data = {"email": self.tmp_email, "name": tmp_name}
|
|
resp = self.client.put(self.url, json.dumps(data),
|
|
'application/json')
|
|
json_resp = json.loads(resp.content)
|
|
self.assertEqual(200, resp.status_code)
|
|
assert json_resp['name'] == tmp_name
|
|
|
|
assert email2nickname(self.tmp_email) == tmp_name
|
|
|
|
def test_update_contact_email(self):
|
|
|
|
self.login_as(self.admin)
|
|
|
|
# change user name
|
|
tmp_email = randstring(10) + '@seafile.test'
|
|
data = {'contact_email': tmp_email}
|
|
resp = self.client.put(self.url, json.dumps(data),
|
|
'application/json')
|
|
json_resp = json.loads(resp.content)
|
|
self.assertEqual(200, resp.status_code)
|
|
assert json_resp['contact_email'] == tmp_email
|
|
|
|
assert email2contact_email(self.tmp_email) == tmp_email
|
|
|
|
def test_update_contact_email_with_invalid(self):
|
|
self.login_as(self.admin)
|
|
|
|
# change user name
|
|
tmp_email = randstring(10)
|
|
data = {'contact_email': tmp_email}
|
|
resp = self.client.put(self.url, json.dumps(data),
|
|
'application/json')
|
|
json_resp = json.loads(resp.content)
|
|
self.assertEqual(400, resp.status_code)
|
|
|
|
def test_update_quota_total(self):
|
|
|
|
self.login_as(self.admin)
|
|
|
|
# change user name
|
|
quota_total = 1232
|
|
data = {"email": self.tmp_email, "quota_total": quota_total}
|
|
resp = self.client.put(self.url, json.dumps(data),
|
|
'application/json')
|
|
json_resp = json.loads(resp.content)
|
|
self.assertEqual(200, resp.status_code)
|
|
|
|
quota_total_mb = quota_total * get_file_size_unit('mb')
|
|
assert json_resp['quota_total'] == quota_total_mb
|
|
assert seafile_api.get_user_quota(self.tmp_email) == quota_total_mb
|
|
|
|
def test_delete_user(self):
|
|
self.login_as(self.admin)
|
|
|
|
resp = self.client.delete(self.url)
|
|
self.assertEqual(200, resp.status_code)
|
|
json_resp = json.loads(resp.content)
|
|
assert json_resp['success'] == True
|
|
|
|
assert ccnet_api.get_emailuser(self.tmp_email) is None
|
|
|
|
def test_delete_with_invalid_user_permission(self):
|
|
self.login_as(self.user)
|
|
resp = self.client.delete(self.url)
|
|
self.assertEqual(403, resp.status_code)
|
|
|
|
def test_update_login_id(self):
|
|
self.login_as(self.admin)
|
|
|
|
data = {"email": self.tmp_email, "login_id": ''}
|
|
resp = self.client.put(self.url, json.dumps(data),
|
|
'application/json')
|
|
json_resp = json.loads(resp.content)
|
|
assert json_resp['login_id'] == ''
|
|
|
|
data = {"email": self.tmp_email, "login_id": 'lg_id'}
|
|
resp = self.client.put(self.url, json.dumps(data),
|
|
'application/json')
|
|
json_resp = json.loads(resp.content)
|
|
assert json_resp['login_id'] == 'lg_id'
|
|
|
|
data = {"email": self.tmp_email, "login_id": ''}
|
|
resp = self.client.put(self.url, json.dumps(data),
|
|
'application/json')
|
|
json_resp = json.loads(resp.content)
|
|
assert json_resp['login_id'] == ''
|
|
|
|
|
|
class AdminUserShareLinksTest(BaseTestCase):
|
|
|
|
def setUp(self):
|
|
self.repo_id = self.repo.id
|
|
self.file_path= self.file
|
|
self.folder_path= self.folder
|
|
self.invalid_token = '00000000000000000000'
|
|
|
|
def tearDown(self):
|
|
self.remove_repo()
|
|
|
|
def _add_file_share_link(self, password=None):
|
|
fs = FileShare.objects.create_file_link(
|
|
self.user.username, self.repo.id, self.file, password, None)
|
|
|
|
return fs.token
|
|
|
|
def _add_dir_share_link(self, password=None):
|
|
fs = FileShare.objects.create_dir_link(
|
|
self.user.username, self.repo.id, self.folder, password, None)
|
|
|
|
return fs.token
|
|
|
|
def _remove_share_link(self, token):
|
|
link = FileShare.objects.get(token=token)
|
|
link.delete()
|
|
|
|
def test_get_admin_permission_denied(self):
|
|
self.login_as(self.admin_cannot_manage_user)
|
|
resp = self.client.get(reverse('api-v2.1-admin-user-share-links', args=[self.admin.username]))
|
|
self.assertEqual(403, resp.status_code)
|
|
|
|
def test_get_file_share_links(self):
|
|
self.login_as(self.admin)
|
|
token = self._add_file_share_link()
|
|
|
|
url = reverse('api-v2.1-admin-user-share-links', args=[self.admin.username])
|
|
|
|
resp = self.client.get(url)
|
|
|
|
json_resp = json.loads(resp.content)
|
|
self.assertEqual(200, resp.status_code)
|
|
assert len(json_resp) > 0
|
|
|
|
self._remove_share_link(token)
|
|
|
|
|
|
class AdminUserUploadLinksTest(BaseTestCase):
|
|
|
|
def setUp(self):
|
|
self.repo_id = self.repo.id
|
|
self.folder_path= self.folder
|
|
self.invalid_token = '00000000000000000000'
|
|
|
|
def tearDown(self):
|
|
self.remove_repo()
|
|
|
|
def _add_upload_link(self, password=None):
|
|
fs = UploadLinkShare.objects.create_upload_link_share(
|
|
self.user.username, self.repo.id, self.folder_path, password, None)
|
|
|
|
return fs.token
|
|
|
|
def _remove_upload_link(self, token):
|
|
link = UploadLinkShare.objects.get(token=token)
|
|
link.delete()
|
|
|
|
def test_get_admin_permission_denied(self):
|
|
self.login_as(self.admin_cannot_manage_user)
|
|
resp = self.client.get(reverse('api-v2.1-admin-user-upload-links', args=[self.admin.username]))
|
|
self.assertEqual(403, resp.status_code)
|
|
|
|
def test_get_file_share_links(self):
|
|
self.login_as(self.admin)
|
|
token = self._add_upload_link()
|
|
|
|
url = reverse('api-v2.1-admin-user-upload-links', args=[self.admin.username])
|
|
resp = self.client.get(url)
|
|
|
|
json_resp = json.loads(resp.content)
|
|
self.assertEqual(200, resp.status_code)
|
|
assert len(json_resp) > 0
|
|
|
|
self._remove_upload_link(token)
|
|
|
|
|
|
class AdminAdminUsersTest(BaseTestCase):
|
|
|
|
def setUp(self):
|
|
self.url = reverse('api-v2.1-admin-admin-users')
|
|
self.tmp_email = '%s@email.com' % randstring(10)
|
|
|
|
def tearDown(self):
|
|
self.remove_user(self.tmp_email)
|
|
|
|
def test_get_admin_permission_denied(self):
|
|
self.login_as(self.admin_cannot_manage_user)
|
|
resp = self.client.get(self.url)
|
|
self.assertEqual(403, resp.status_code)
|
|
|
|
def test_get_admin_users(self):
|
|
self.login_as(self.admin)
|
|
|
|
resp = self.client.get(self.url)
|
|
self.assertEqual(200, resp.status_code)
|
|
|
|
json_resp = json.loads(resp.content)
|
|
|
|
for admin_user in json_resp['admin_user_list']:
|
|
assert admin_user['is_staff'] == True
|
|
|