788 |
788 |
assert 'name' in resp.json['evolution'][1]['who']
|
789 |
789 |
|
790 |
790 |
|
791 |
|
@pytest.mark.parametrize('http_basic_auth', [False, True])
|
792 |
|
def test_api_access_restrict_to_anonymised_data(pub, local_user, http_basic_auth):
|
|
791 |
@pytest.mark.parametrize('auth', ['signature', 'http-basic'])
|
|
792 |
def test_api_access_restrict_to_anonymised_data(pub, local_user, auth):
|
793 |
793 |
pub.role_class.wipe()
|
794 |
794 |
role = pub.role_class(name='test')
|
795 |
795 |
role.store()
|
... | ... | |
826 |
826 |
|
827 |
827 |
app = get_app(pub)
|
828 |
828 |
|
829 |
|
if http_basic_auth:
|
|
829 |
if auth == 'http-basic':
|
830 |
830 |
# there's not "defaults to admin" permissions in case of basic authentication.
|
831 |
831 |
access.roles = [role]
|
832 |
832 |
access.store()
|
... | ... | |
866 |
866 |
resp = get_url('/api/forms/test/%s/' % formdata.id)
|
867 |
867 |
assert 'user' not in resp.json
|
868 |
868 |
|
869 |
|
if http_basic_auth:
|
|
869 |
if auth == 'http-basic':
|
870 |
870 |
# for basic HTTP authentication, check there's no access if roles are not given.
|
871 |
871 |
access.roles = []
|
872 |
872 |
access.store()
|
... | ... | |
1101 |
1101 |
assert len(resp.json['features']) == 20
|
1102 |
1102 |
|
1103 |
1103 |
|
1104 |
|
def test_api_global_listing(pub, local_user):
|
|
1104 |
@pytest.mark.parametrize('user', ['query-email', 'api-access'])
|
|
1105 |
@pytest.mark.parametrize('auth', ['signature', 'http-basic'])
|
|
1106 |
def test_api_global_listing(pub, local_user, user, auth):
|
1105 |
1107 |
if not pub.is_using_postgresql():
|
1106 |
1108 |
resp = get_app(pub).get(sign_uri('/api/forms/geojson', user=local_user), status=404)
|
1107 |
1109 |
pytest.skip('this requires SQL')
|
... | ... | |
1111 |
1113 |
role = pub.role_class(name='test')
|
1112 |
1114 |
role.store()
|
1113 |
1115 |
|
|
1116 |
app = get_app(pub)
|
|
1117 |
|
|
1118 |
if user == 'api-access':
|
|
1119 |
access = ApiAccess()
|
|
1120 |
access.name = 'test'
|
|
1121 |
access.access_identifier = 'test'
|
|
1122 |
access.access_key = '12345'
|
|
1123 |
access.store()
|
|
1124 |
|
|
1125 |
if auth == 'http-basic':
|
|
1126 |
|
|
1127 |
def get_url(url, **kwargs):
|
|
1128 |
app.set_authorization(('Basic', ('test', '12345')))
|
|
1129 |
return app.get(url, **kwargs)
|
|
1130 |
|
|
1131 |
else:
|
|
1132 |
|
|
1133 |
def get_url(url, **kwargs):
|
|
1134 |
return app.get(sign_uri(url, orig=access.access_identifier, key=access.access_key), **kwargs)
|
|
1135 |
|
|
1136 |
else:
|
|
1137 |
if auth == 'http-basic':
|
|
1138 |
pytest.skip('http basic authentication requires ApiAccess')
|
|
1139 |
|
|
1140 |
def get_url(url, **kwargs):
|
|
1141 |
return app.get(sign_uri(url, user=local_user), **kwargs)
|
|
1142 |
|
1114 |
1143 |
# check there's no crash if there are no formdefs
|
1115 |
|
resp = get_app(pub).get(sign_uri('/api/forms/', user=local_user))
|
|
1144 |
resp = get_url('/api/forms/')
|
1116 |
1145 |
assert len(resp.json['data']) == 0
|
1117 |
1146 |
|
1118 |
1147 |
FormDef.wipe()
|
... | ... | |
1141 |
1170 |
formdata.store()
|
1142 |
1171 |
|
1143 |
1172 |
# check empty content if user doesn't have the appropriate role
|
1144 |
|
resp = get_app(pub).get(sign_uri('/api/forms/', user=local_user))
|
|
1173 |
resp = get_url('/api/forms/')
|
1145 |
1174 |
assert len(resp.json['data']) == 0
|
1146 |
1175 |
|
1147 |
1176 |
# add proper role to user
|
1148 |
|
local_user.roles = [role.id]
|
1149 |
|
local_user.store()
|
|
1177 |
if user == 'api-access':
|
|
1178 |
access.roles = [role]
|
|
1179 |
access.store()
|
|
1180 |
else:
|
|
1181 |
local_user.roles = [role.id]
|
|
1182 |
local_user.store()
|
1150 |
1183 |
|
1151 |
1184 |
# check it gets the data
|
1152 |
|
resp = get_app(pub).get(sign_uri('/api/forms/', user=local_user))
|
|
1185 |
resp = get_url('/api/forms/')
|
1153 |
1186 |
assert len(resp.json['data']) == 10
|
1154 |
1187 |
|
1155 |
1188 |
# check with a filter
|
1156 |
|
resp = get_app(pub).get(sign_uri('/api/forms/?status=done', user=local_user))
|
|
1189 |
resp = get_url('/api/forms/?status=done')
|
1157 |
1190 |
assert len(resp.json['data']) == 20
|
1158 |
1191 |
|
1159 |
1192 |
# check limit/offset
|
1160 |
|
resp = get_app(pub).get(sign_uri('/api/forms/?status=done&limit=5', user=local_user))
|
|
1193 |
resp = get_url('/api/forms/?status=done&limit=5')
|
1161 |
1194 |
assert len(resp.json['data']) == 5
|
1162 |
|
resp = get_app(pub).get(sign_uri('/api/forms/?status=done&offset=5&limit=5', user=local_user))
|
|
1195 |
resp = get_url('/api/forms/?status=done&offset=5&limit=5')
|
1163 |
1196 |
assert len(resp.json['data']) == 5
|
1164 |
|
resp = get_app(pub).get(sign_uri('/api/forms/?status=done&offset=18&limit=5', user=local_user))
|
|
1197 |
resp = get_url('/api/forms/?status=done&offset=18&limit=5')
|
1165 |
1198 |
assert len(resp.json['data']) == 2
|
1166 |
1199 |
|
1167 |
1200 |
# check error handling
|
1168 |
|
get_app(pub).get(sign_uri('/api/forms/?status=done&limit=plop', user=local_user), status=400)
|
1169 |
|
get_app(pub).get(sign_uri('/api/forms/?status=done&offset=plop', user=local_user), status=400)
|
|
1201 |
get_url('/api/forms/?status=done&limit=plop', status=400)
|
|
1202 |
get_url('/api/forms/?status=done&offset=plop', status=400)
|
1170 |
1203 |
|
1171 |
1204 |
# check when there are missing statuses
|
1172 |
1205 |
for formdata in data_class.select():
|
1173 |
1206 |
formdata.status = 'wf-missing'
|
1174 |
1207 |
formdata.store()
|
1175 |
|
resp = get_app(pub).get(sign_uri('/api/forms/?status=all', user=local_user))
|
|
1208 |
resp = get_url('/api/forms/?status=all')
|
1176 |
1209 |
assert resp.json['data'][0]['status'] is None
|
1177 |
1210 |
assert 'unknown' in resp.json['data'][0]['title']
|
1178 |
1211 |
|
... | ... | |
1250 |
1283 |
|
1251 |
1284 |
|
1252 |
1285 |
def test_api_global_listing_ignored_roles(pub, local_user):
|
1253 |
|
test_api_global_listing(pub, local_user)
|
|
1286 |
test_api_global_listing(pub, local_user, user='query-email', auth='signature')
|
1254 |
1287 |
|
1255 |
1288 |
role = pub.role_class(name='test2')
|
1256 |
1289 |
role.store()
|