Movatterモバイル変換

[0]ホーム
URL:

Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly

 Sign up
Appearance settings

Commit0325de5

Browse files
authored
Merge branch 'zhangchunlin:master' into master
2 parents0fab1f3 +b9dba54 commit0325de5

File tree

8 files changed

+329
-77
lines changed

8 files changed

+329
-77
lines changed

‎tests/README.md

Lines changed: 6 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,6 @@
1+
commands to run the tests:
2+
3+
```
4+
cd tests
5+
nosetests --with-doctest
6+
```

‎tests/demo/apps/apijson_demo/dbinit.py

Lines changed: 5 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -7,6 +7,7 @@
77
User=models.user
88
Privacy=models.privacy
99
Comment=models.comment
10+
Comment2=models.comment2
1011
Moment=models.moment
1112
PublicNotice=models.publicnotice
1213

@@ -95,21 +96,21 @@
9596
"to_username" :"userb",
9697
"moment_id" :1,
9798
"date" :"2018-12-1",
98-
"content" :"commenthaha",
99+
"content" :"commentfrom usera to userb",
99100
},
100101
{
101102
"username" :"userb",
102103
"to_username" :"usera",
103104
"moment_id" :2,
104105
"date" :"2018-12-2",
105-
"content" :"commentxixi",
106+
"content" :"commentfrom userb to usera",
106107
},
107108
{
108109
"username" :"userc",
109110
"to_username" :"usera",
110111
"moment_id" :3,
111112
"date" :"2018-12-9",
112-
"content" :"commenthoho",
113+
"content" :"commentfrom userc to usera",
113114
},
114115
]
115116

@@ -158,6 +159,7 @@
158159
d["to_id"]=User.get(User.c.username==d["to_username"]).id
159160
print("create comment record for user '%s'"%(d["username"]))
160161
Comment(**d).save()
162+
Comment2(**d).save()
161163
else:
162164
print("error: unknown user '%s'"%(d["username"]))
163165

‎tests/demo/apps/apijson_demo/models.py

Lines changed: 7 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -28,6 +28,13 @@ class Comment(Model):
2828
date=Field(datetime.datetime,auto_now_add=True)
2929
content=Field(TEXT)
3030

31+
classComment2(Model):
32+
user_id=Reference("user")
33+
to_id=Reference("user")
34+
moment_id=Reference("moment")
35+
date=Field(datetime.datetime,auto_now_add=True)
36+
content=Field(TEXT)
37+
3138
classPublicNotice(Model):
3239
date=Field(datetime.datetime,auto_now_add=True)
3340
content=Field(TEXT)

‎tests/demo/apps/apijson_demo/settings.ini

Lines changed: 30 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1,10 +1,18 @@
11
[MODELS]
22
privacy ='apijson_demo.models.Privacy'
33
comment ='apijson_demo.models.Comment'
4+
comment2 ='apijson_demo.models.Comment2'
45
moment ='apijson_demo.models.Moment'
56
publicnotice ='apijson_demo.models.PublicNotice'
67
norequesttag ='apijson_demo.models.NoRequestTag'
78

9+
[PERMISSIONS]
10+
get_comment2 ="get comment2", ["OWNER","ADMIN"],""
11+
head_comment2 ="head comment2", ["OWNER","ADMIN"],""
12+
post_comment2 ="post comment2", ["OWNER","ADMIN"],""
13+
put_comment2 ="put comment2", ["OWNER","ADMIN"],""
14+
delete_comment2 ="delete comment2", ["OWNER","ADMIN"],""
15+
816
[APIJSON_MODELS]
917
user = {
1018
"user_id_field" :"id",
@@ -39,6 +47,15 @@ comment = {
3947
"PUT" : {"roles" : ["OWNER","ADMIN"] },
4048
"DELETE" : {"roles" : ["OWNER","ADMIN"] },
4149
}
50+
# only define permissions, no roles
51+
comment2 = {
52+
"user_id_field" :"user_id",
53+
"GET" : {"permissions":["get_comment2"] },
54+
"HEAD" : {"permissions":["head_comment2"] },
55+
"POST" : {"permissions":["post_comment2"] },
56+
"PUT" : {"permissions":["put_comment2"]},
57+
"DELETE" : {"permissions":["delete_comment2"]},
58+
}
4259
publicnotice = {
4360
"GET" : {"roles" : ["OWNER","LOGIN","ADMIN","UNKNOWN"] },
4461
"HEAD" : {"roles" : ["OWNER","LOGIN","ADMIN","UNKNOWN"] },
@@ -73,6 +90,19 @@ comment = {
7390
},
7491
}
7592

93+
comment2 = {
94+
"POST" :{
95+
"ADD" :{"@role":"OWNER"},
96+
"DISALLOW" : ["id"],
97+
"NECESSARY" : ["moment_id","content"]
98+
},
99+
"PUT" :{
100+
"ADD":{"@role":"OWNER"},
101+
"NECESSARY" : ["id","content"],
102+
"DISALLOW" : ["user_id","to_id"],
103+
},
104+
}
105+
76106
publicnotice = {
77107
"PUT" :{
78108
"NECESSARY" : ["id","content"],

‎tests/test.py

Lines changed: 113 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -1153,7 +1153,7 @@ def test_apijson_head():
11531153
>>> r = handler.post('/apijson/head', data=data, middlewares=[])
11541154
>>> d = json_loads(r.data)
11551155
>>> print(d)
1156-
{'code': 400, 'msg': "no loginuserfor role 'ADMIN'"}
1156+
{'code': 400, 'msg': "userdoesn't have role 'ADMIN'"}
11571157
11581158
>>> #apijson head, without user and @role
11591159
>>> data ='''{
@@ -1581,7 +1581,7 @@ def test_apijson_delete():
15811581
>>> print(d)
15821582
{'code': 400, 'msg': "model 'nonexist' not found"}
15831583
1584-
>>> #apijson delete,default toOWNER anddelete other'srecord
1584+
>>> #apijson delete,try to delete other'smoment
15851585
>>> data ='''{
15861586
... "moment": {
15871587
... "id": 2
@@ -1591,7 +1591,7 @@ def test_apijson_delete():
15911591
>>> r = handler.post('/apijson/delete', data=data, pre_call=pre_call_as("usera"), middlewares=[])
15921592
>>> d = json_loads(r.data)
15931593
>>> print(d)
1594-
{'code': 400, 'msg': 'nopermission'}
1594+
{'code': 400, 'msg': 'norole to access the data'}
15951595
15961596
>>> #apijson delete, without id
15971597
>>> data ='''{
@@ -1647,7 +1647,7 @@ def test_apijson_delete():
16471647
>>> r = handler.post('/apijson/delete', data=data, pre_call=pre_call_as("usera"), middlewares=[])
16481648
>>> d = json_loads(r.data)
16491649
>>> print(d)
1650-
{'code': 400, 'msg': "'moment' not accessible by role 'UNKNOWN'"}
1650+
{'code': 400, 'msg': "role 'UNKNOWN' has no permission to access the data"}
16511651
16521652
>>> #apijson delete, with OWNER but not login
16531653
>>> data ='''{
@@ -1667,7 +1667,7 @@ def test_apijson_delete():
16671667
>>> r = handler.post('/apijson/delete', data=data, middlewares=[])
16681668
>>> d = json_loads(r.data)
16691669
>>> print(d)
1670-
{'code': 400, 'msg': 'need login user'}
1670+
{'code': 400, 'msg': 'no role to access the data'}
16711671
16721672
>>> #apijson delete, with UNKNOWN role
16731673
>>> data ='''{
@@ -1701,5 +1701,112 @@ def test_apijson_delete():
17011701
>>> r = handler.post('/apijson/delete', data=data, pre_call=pre_call_as("admin"), middlewares=[])
17021702
>>> d = json_loads(r.data)
17031703
>>> print(d)
1704-
{'code': 400, 'msg': "'moment' not accessible by role 'superuser'"}
1704+
{'code': 400, 'msg': "role 'superuser' has no permission to access the data"}
1705+
"""
1706+
1707+
deftest_apijson_permission():
1708+
"""
1709+
>>> application = make_simple_application(project_dir='.')
1710+
>>> handler = application.handler()
1711+
1712+
>>> #apijson get, query with id, access with owner
1713+
>>> data ='''{
1714+
... "comment2":{
1715+
... "id": 1
1716+
... }
1717+
... }'''
1718+
>>> r = handler.post('/apijson/get', data=data, pre_call=pre_call_as("admin"), middlewares=[])
1719+
>>> d = json_loads(r.data)
1720+
>>> print(d)
1721+
{'code': 200, 'msg': 'success', 'comment2': {'user_id': 1, 'to_id': 3, 'moment_id': 1, 'date': '2018-11-01 00:00:00', 'content': 'comment from admin', 'id': 1}}
1722+
1723+
>>> #apijson get, query with id, access other's comment, expect empty result
1724+
>>> data ='''{
1725+
... "comment2":{
1726+
... "id": 1
1727+
... }
1728+
... }'''
1729+
>>> r = handler.post('/apijson/get', data=data, pre_call=pre_call_as("userb"), middlewares=[])
1730+
>>> d = json_loads(r.data)
1731+
>>> print(d)
1732+
{'code': 200, 'msg': 'success', 'comment2': None}
1733+
1734+
>>> #apijson get, query array
1735+
>>> data ='''{
1736+
... "comment2":{
1737+
... }
1738+
... }'''
1739+
>>> r = handler.post('/apijson/get', data=data, pre_call=pre_call_as("usera"), middlewares=[])
1740+
>>> d = json_loads(r.data)
1741+
>>> print(d)
1742+
{'code': 200, 'msg': 'success', 'comment2': {'user_id': 2, 'to_id': 3, 'moment_id': 1, 'date': '2018-12-01 00:00:00', 'content': 'comment from usera to userb', 'id': 2}}
1743+
1744+
>>> #apijson get, query one with admin as OWNER
1745+
>>> data ='''{
1746+
... "comment2":{
1747+
... "@role":"OWNER"
1748+
... }
1749+
... }'''
1750+
>>> r = handler.post('/apijson/get', data=data, pre_call=pre_call_as("admin"), middlewares=[])
1751+
>>> d = json_loads(r.data)
1752+
>>> print(d)
1753+
{'code': 200, 'msg': 'success', 'comment2': {'user_id': 1, 'to_id': 3, 'moment_id': 1, 'date': '2018-11-01 00:00:00', 'content': 'comment from admin', 'id': 1}}
1754+
1755+
>>> #apijson get, query one with admin as ADMIN
1756+
>>> data ='''{
1757+
... "comment2":{
1758+
... "@role":"ADMIN",
1759+
... "user_id": 2
1760+
... }
1761+
... }'''
1762+
>>> r = handler.post('/apijson/get', data=data, pre_call=pre_call_as("admin"), middlewares=[])
1763+
>>> d = json_loads(r.data)
1764+
>>> print(d)
1765+
{'code': 200, 'msg': 'success', 'comment2': {'user_id': 2, 'to_id': 3, 'moment_id': 1, 'date': '2018-12-01 00:00:00', 'content': 'comment from usera to userb', 'id': 2}}
1766+
1767+
>>> #apijson get, query array
1768+
>>> data ='''{
1769+
... "[]":{
1770+
... "comment2": {"@role":"ADMIN"}
1771+
... }
1772+
... }'''
1773+
>>> r = handler.post('/apijson/get', data=data, pre_call=pre_call_as("admin"), middlewares=[])
1774+
>>> d = json_loads(r.data)
1775+
>>> print(d)
1776+
{'code': 200, 'msg': 'success', '[]': [{'comment2': {'user_id': 1, 'to_id': 3, 'moment_id': 1, 'date': '2018-11-01 00:00:00', 'content': 'comment from admin', 'id': 1}}, {'comment2': {'user_id': 2, 'to_id': 3, 'moment_id': 1, 'date': '2018-12-01 00:00:00', 'content': 'comment from usera to userb', 'id': 2}}, {'comment2': {'user_id': 3, 'to_id': 2, 'moment_id': 2, 'date': '2018-12-02 00:00:00', 'content': 'comment from userb to usera', 'id': 3}}, {'comment2': {'user_id': 4, 'to_id': 2, 'moment_id': 3, 'date': '2018-12-09 00:00:00', 'content': 'comment from userc to usera', 'id': 4}}]}
1777+
1778+
>>> #apijson head
1779+
>>> data ='''{
1780+
... "comment2": {
1781+
... "user_id": 1
1782+
... }
1783+
... }'''
1784+
>>> r = handler.post('/apijson/head', data=data, pre_call=pre_call_as("userc"), middlewares=[])
1785+
>>> d = json_loads(r.data)
1786+
>>> print(d)
1787+
{'code': 200, 'msg': 'success', 'comment2': {'code': 200, 'msg': 'success', 'count': 0}}
1788+
1789+
>>> #apijson delete with a user which have no permission
1790+
>>> data ='''{
1791+
... "comment2": {
1792+
... "id": 1
1793+
... },
1794+
... "@tag": "comment2"
1795+
... }'''
1796+
>>> r = handler.post('/apijson/delete', data=data, pre_call=pre_call_as("userc"), middlewares=[])
1797+
>>> d = json_loads(r.data)
1798+
>>> print(d)
1799+
{'code': 400, 'msg': 'no permission'}
1800+
1801+
>>> #apijson delete with permission, ADMIN
1802+
>>> data ='''{
1803+
... "comment2": {
1804+
... "id": 1
1805+
... },
1806+
... "@tag": "comment2"
1807+
... }'''
1808+
>>> r = handler.post('/apijson/delete', data=data, pre_call=pre_call_as("admin"), middlewares=[])
1809+
>>> d = json_loads(r.data)
1810+
>>> print(d)
1811+
{'code': 200, 'msg': 'success', 'comment2': {'id': 1, 'code': 200, 'message': 'success', 'count': 1}}
17051812
"""

0 commit comments

Comments
 (0)
[8]ページ先頭
©2009-2025 Movatter.jp