From 8e1054bd0dd812a2f65a0e0234a1fecf1a1ba55c Mon Sep 17 00:00:00 2001 From: Christophe Siraut Date: Fri, 6 Jul 2018 18:25:16 +0200 Subject: [PATCH] [WIP] api: add category creation (#24624) --- tests/test_api.py | 19 +++++++++++++++---- wcs/api.py | 21 +++++++++++++++++++++ 2 files changed, 36 insertions(+), 4 deletions(-) diff --git a/tests/test_api.py b/tests/test_api.py index 066bd8de..c7f001ee 100644 --- a/tests/test_api.py +++ b/tests/test_api.py @@ -134,7 +134,7 @@ def test_get_user_from_api_query_string_error_missing_timestamp(pub): signature = urllib.quote( base64.b64encode( hmac.new('1234', - 'format=json&orig=coucou&algo=sha1', + 'format=json&orig=coucou&algo=sha1', hashlib.sha1).digest())) output = get_app(pub).get('/api/user/?format=json&orig=coucou&algo=sha1&signature=%s' % signature, status=403) assert output.json['err_desc'] == 'missing/multiple timestamp field' @@ -145,7 +145,7 @@ def test_get_user_from_api_query_string_error_missing_email(pub): signature = urllib.quote( base64.b64encode( hmac.new('1234', - query, + query, hashlib.sha1).digest())) output = get_app(pub).get('/api/user/?%s&signature=%s' % (query, signature), status=403) assert output.json['err_desc'] == 'no user specified' @@ -196,7 +196,7 @@ def test_get_user_from_api_query_string_error_success_sha1(pub, local_user): signature = urllib.quote( base64.b64encode( hmac.new('1234', - query, + query, hashlib.sha1).digest())) output = get_app(pub).get('/api/user/?%s&signature=%s' % (query, signature)) assert output.json['user_display_name'] == u'Jean Darmette' @@ -207,7 +207,7 @@ def test_get_user_from_api_query_string_error_invalid_signature_algo_mismatch(pu signature = urllib.quote( base64.b64encode( hmac.new('1234', - query, + query, hashlib.sha1).digest())) output = get_app(pub).get('/api/user/?%s&signature=%s' % (query, signature), status=403) assert output.json['err_desc'] == 'invalid signature' @@ -989,6 +989,17 @@ def test_categories_full(pub): assert resp.json['data'][0]['forms'][0]['title'] == 'test' assert resp.json['data'][0]['forms'][1]['title'] == 'test 2' +def test_categories_post(pub, local_user): + test_categories(pub) + resp = get_app(pub).get('/api/categories/') + assert len(resp.json['data']) == 1 + resp = get_app(pub).post_json(sign_uri('/api/categories/', local_user), + {'data': {'name': 'foo', 'description': 'bar', 'position': 0, + 'redirect_url': 'https://www.entrouvert.org'}}) + assert resp.json['data'].get('id') == '2' + resp = get_app(pub).get('/api/categories/') + assert len(resp.json['data']) == 2 + def test_formdata(pub, local_user): NamedDataSource.wipe() data_source = NamedDataSource(name='foobar') diff --git a/wcs/api.py b/wcs/api.py index 9c0aa016..4b5626d4 100644 --- a/wcs/api.py +++ b/wcs/api.py @@ -487,6 +487,8 @@ class ApiCategoriesDirectory(Directory): pass def _q_index(self): + if get_request().get_method() == 'POST': + return self.post() try: user = get_user_from_api_query_string() or get_request().user except UnknownNameIdAccessForbiddenError: @@ -530,6 +532,25 @@ class ApiCategoriesDirectory(Directory): except KeyError: raise TraversalError() + def post(self): + get_response().set_content_type('application/json') + if not is_url_signed() or not get_user_from_api_query_string(): + raise AccessForbiddenError('unsigned API call or not signed in') + json_input = get_request().json + category = Category() + attributes = ['name', 'description', 'position', 'redirect_url'] + if not 'data' in json_input: + return json.dumps({'err': 1, 'data': {}}) + data = json_input.get('data') + for a in attributes: + if not a in data: + return json.dumps({'err': 1, 'data': {}}) + category.name = data['name'] + category.description = data['description'] + category.position = data['position'] + category.redirect_url = data['redirect_url'] + category.store() + return json.dumps({'err': 0, 'data': {'id': category.id}}) class ApiUserDirectory(Directory): _q_exports = ['', 'forms', 'drafts'] -- 2.11.0