OpenDroneMap-WebODM/app/tests/test_api.py

from .classes import BootTestCase
from rest_framework.test import APIClient
from rest_framework import status

from app.models import Project, Task
from nodeodm.models import ProcessingNode
from django.contrib.auth.models import User

class TestApi(BootTestCase):
    def setUp(self):
        pass

    def tearDown(self):
        pass

    def test_projects_and_tasks(self):
        client = APIClient()

        user = User.objects.get(username="testuser")
        self.assertFalse(user.is_superuser)

        project = Project.objects.create(
                owner=user,
                name="test project"
            )
        other_project = Project.objects.create(
                owner=User.objects.get(username="testuser2"),
                name="another test project"
            )

        # Forbidden without credentials
        res = client.get('/api/projects/')
        self.assertEqual(res.status_code, status.HTTP_403_FORBIDDEN)
        
        client.login(username="testuser", password="test1234")
        res = client.get('/api/projects/')
        self.assertEqual(res.status_code, status.HTTP_200_OK)
        self.assertTrue(len(res.data["results"]) > 0)

        res = client.get('/api/projects/{}/'.format(project.id))
        self.assertEqual(res.status_code, status.HTTP_200_OK)

        res = client.get('/api/projects/dasjkldas/')
        self.assertEqual(res.status_code, status.HTTP_404_NOT_FOUND)

        res = client.get('/api/projects/{}/'.format(other_project.id))
        self.assertEqual(res.status_code, status.HTTP_404_NOT_FOUND)

        # Can filter
        res = client.get('/api/projects/?owner=999')
        self.assertEqual(res.status_code, status.HTTP_200_OK)
        self.assertTrue(len(res.data["results"]) == 0)

        # Cannot list somebody else's project without permission
        res = client.get('/api/projects/?id={}'.format(other_project.id))
        self.assertEqual(res.status_code, status.HTTP_200_OK)
        self.assertTrue(len(res.data["results"]) == 0)

        # Can access individual project
        res = client.get('/api/projects/{}/'.format(project.id))
        self.assertEqual(res.status_code, status.HTTP_200_OK)
        self.assertTrue(res.data["id"] == project.id)

        # Cannot access project for which we have no access to
        res = client.get('/api/projects/{}/'.format(other_project.id))
        self.assertEqual(res.status_code, status.HTTP_404_NOT_FOUND)


        # Create some tasks
        task = Task.objects.create(project=project)
        task2 = Task.objects.create(project=project)
        other_task = Task.objects.create(project=other_project)

        # Can list project tasks to a project we have access to
        res = client.get('/api/projects/{}/tasks/'.format(project.id))
        self.assertEqual(res.status_code, status.HTTP_200_OK)
        self.assertTrue(len(res.data) == 2)

        # Cannot list project tasks for a project we don't have access to
        res = client.get('/api/projects/{}/tasks/'.format(other_project.id))
        self.assertEqual(res.status_code, status.HTTP_404_NOT_FOUND)

        # Cannot list project tasks for a project that doesn't exist
        res = client.get('/api/projects/999/tasks/')
        self.assertEqual(res.status_code, status.HTTP_404_NOT_FOUND)
        
        # Can list task details for a task belonging to a project we have access to
        res = client.get('/api/projects/{}/tasks/{}/'.format(project.id, task.id))
        self.assertEqual(res.status_code, status.HTTP_200_OK)
        self.assertTrue(res.data["id"] == task.id)

        # Cannot list task details for a task belonging to a project we don't have access to
        res = client.get('/api/projects/{}/tasks/{}/'.format(other_project.id, other_task.id))
        self.assertEqual(res.status_code, status.HTTP_404_NOT_FOUND)

        # As above, but by trying to trick the API by using a project we have access to
        res = client.get('/api/projects/{}/tasks/{}/'.format(project.id, other_task.id))
        self.assertEqual(res.status_code, status.HTTP_404_NOT_FOUND)

        # Cannot access task details for a task that doesn't exist
        res = client.get('/api/projects/{}/tasks/999/'.format(project.id, other_task.id))
        self.assertEqual(res.status_code, status.HTTP_404_NOT_FOUND)

        # Can update a task
        res = client.patch('/api/projects/{}/tasks/{}/'.format(project.id, task.id), {'name': 'updated!'}, format='json')
        self.assertEqual(res.status_code, status.HTTP_200_OK)

        # Verify the task has been updated
        res = client.get('/api/projects/{}/tasks/{}/'.format(project.id, task.id))
        self.assertTrue(res.data["name"] == "updated!")

        # Cannot update a task we have no access to
        res = client.patch('/api/projects/{}/tasks/{}/'.format(other_project.id, other_task.id), {'name': 'updated!'}, format='json')
        self.assertEqual(res.status_code, status.HTTP_404_NOT_FOUND)


    def test_processingnodes(self):
        client = APIClient()

        pnode = ProcessingNode.objects.create(
                hostname="localhost",
                port=999
            )

        # Cannot list processing nodes as guest
        res = client.get('/api/processingnodes/')
        self.assertEqual(res.status_code, status.HTTP_403_FORBIDDEN)

        res = client.get('/api/processingnodes/{}/'.format(pnode.id))
        self.assertEqual(res.status_code, status.HTTP_403_FORBIDDEN)

        client.login(username="testuser", password="test1234")

        # Can list processing nodes as normal user
        res = client.get('/api/processingnodes/')
        self.assertEqual(res.status_code, status.HTTP_200_OK)
        self.assertTrue(len(res.data) == 1)
        self.assertTrue(res.data[0]["hostname"] == "localhost")

        # Can get single processing node as normal user
        res = client.get('/api/processingnodes/{}/'.format(pnode.id))
        self.assertEqual(res.status_code, status.HTTP_200_OK)
        self.assertTrue(res.data["hostname"] == "localhost")

        # Cannot delete a processing node as normal user
        res = client.delete('/api/processingnodes/{}/'.format(pnode.id))
        self.assertTrue(res.status_code, status.HTTP_403_FORBIDDEN)

        # Cannot create a processing node as normal user
        res = client.post('/api/processingnodes/', {'hostname': 'localhost', 'port':'1000'})
        self.assertTrue(res.status_code, status.HTTP_403_FORBIDDEN)

        client.login(username="testsuperuser", password="test1234")

        # Can delete a processing node as super user
        res = client.delete('/api/processingnodes/{}/'.format(pnode.id))
        self.assertTrue(res.status_code, status.HTTP_200_OK)

        # Can create a processing node as super user
        res = client.post('/api/processingnodes/', {'hostname': 'localhost', 'port':'1000'})
        self.assertTrue(res.status_code, status.HTTP_200_OK)

        # Verify node has been created
        res = client.get('/api/processingnodes/')
        self.assertEqual(res.status_code, status.HTTP_200_OK)
        self.assertTrue(len(res.data) == 1)
        self.assertTrue(res.data[0]["port"] == 1000)
Moved test files into tests/ folder 2016-10-12 14:44:14 +00:00			`from .classes import BootTestCase`
Added default group logic with model wise permissions, tests, api project list with proper permissions check 2016-10-07 23:07:47 +00:00			`from rest_framework.test import APIClient`
			`from rest_framework import status`

Task display API with permissions working, added test cases 2016-10-13 16:21:12 +00:00			`from app.models import Project, Task`
Added processingnode API, UI improvements 2016-10-18 20:23:10 +00:00			`from nodeodm.models import ProcessingNode`
Added default group logic with model wise permissions, tests, api project list with proper permissions check 2016-10-07 23:07:47 +00:00			`from django.contrib.auth.models import User`

Removed fixtures, replaced with base test class 2016-10-12 14:13:48 +00:00			`class TestApi(BootTestCase):`
Added default group logic with model wise permissions, tests, api project list with proper permissions check 2016-10-07 23:07:47 +00:00			`def setUp(self):`
Changed api test to use project variable instead of fixtures 2016-10-08 03:15:43 +00:00			`pass`
Added default group logic with model wise permissions, tests, api project list with proper permissions check 2016-10-07 23:07:47 +00:00
			`def tearDown(self):`
			`pass`

Upload workflow working, added task update tests 2016-10-22 15:23:37 +00:00			`def test_projects_and_tasks(self):`
Added default group logic with model wise permissions, tests, api project list with proper permissions check 2016-10-07 23:07:47 +00:00			`client = APIClient()`
Projects filtering by fields in API, broke tests 2016-10-11 22:08:01 +00:00
Removed fixtures, replaced with base test class 2016-10-12 14:13:48 +00:00			`user = User.objects.get(username="testuser")`
			`self.assertFalse(user.is_superuser)`
Projects filtering by fields in API, broke tests 2016-10-11 22:08:01 +00:00
Changed api test to use project variable instead of fixtures 2016-10-08 03:15:43 +00:00			`project = Project.objects.create(`
Removed fixtures, replaced with base test class 2016-10-12 14:13:48 +00:00			`owner=user,`
Changed api test to use project variable instead of fixtures 2016-10-08 03:15:43 +00:00			`name="test project"`
			`)`
Projects filtering by fields in API, broke tests 2016-10-11 22:08:01 +00:00			`other_project = Project.objects.create(`
Removed fixtures, replaced with base test class 2016-10-12 14:13:48 +00:00			`owner=User.objects.get(username="testuser2"),`
Projects filtering by fields in API, broke tests 2016-10-11 22:08:01 +00:00			`name="another test project"`
			`)`
Added default group logic with model wise permissions, tests, api project list with proper permissions check 2016-10-07 23:07:47 +00:00
			`# Forbidden without credentials`
			`res = client.get('/api/projects/')`
			`self.assertEqual(res.status_code, status.HTTP_403_FORBIDDEN)`
Projects filtering by fields in API, broke tests 2016-10-11 22:08:01 +00:00
Removed fixtures, replaced with base test class 2016-10-12 14:13:48 +00:00			`client.login(username="testuser", password="test1234")`
Added default group logic with model wise permissions, tests, api project list with proper permissions check 2016-10-07 23:07:47 +00:00			`res = client.get('/api/projects/')`
			`self.assertEqual(res.status_code, status.HTTP_200_OK)`
Fixed a dict lookup 2016-10-08 00:46:19 +00:00			`self.assertTrue(len(res.data["results"]) > 0)`
Added default group logic with model wise permissions, tests, api project list with proper permissions check 2016-10-07 23:07:47 +00:00
Changed api test to use project variable instead of fixtures 2016-10-08 03:15:43 +00:00			`res = client.get('/api/projects/{}/'.format(project.id))`
Added default group logic with model wise permissions, tests, api project list with proper permissions check 2016-10-07 23:07:47 +00:00			`self.assertEqual(res.status_code, status.HTTP_200_OK)`

			`res = client.get('/api/projects/dasjkldas/')`
			`self.assertEqual(res.status_code, status.HTTP_404_NOT_FOUND)`
Projects filtering by fields in API, broke tests 2016-10-11 22:08:01 +00:00
			`res = client.get('/api/projects/{}/'.format(other_project.id))`
Removed fixtures, replaced with base test class 2016-10-12 14:13:48 +00:00			`self.assertEqual(res.status_code, status.HTTP_404_NOT_FOUND)`
Projects filtering by fields in API, broke tests 2016-10-11 22:08:01 +00:00
			`# Can filter`
Task display API with permissions working, added test cases 2016-10-13 16:21:12 +00:00			`res = client.get('/api/projects/?owner=999')`
Projects filtering by fields in API, broke tests 2016-10-11 22:08:01 +00:00			`self.assertEqual(res.status_code, status.HTTP_200_OK)`
			`self.assertTrue(len(res.data["results"]) == 0)`

			`# Cannot list somebody else's project without permission`
			`res = client.get('/api/projects/?id={}'.format(other_project.id))`
			`self.assertEqual(res.status_code, status.HTTP_200_OK)`
			`self.assertTrue(len(res.data["results"]) == 0)`
Task display API with permissions working, added test cases 2016-10-13 16:21:12 +00:00
			`# Can access individual project`
			`res = client.get('/api/projects/{}/'.format(project.id))`
			`self.assertEqual(res.status_code, status.HTTP_200_OK)`
			`self.assertTrue(res.data["id"] == project.id)`

			`# Cannot access project for which we have no access to`
			`res = client.get('/api/projects/{}/'.format(other_project.id))`
			`self.assertEqual(res.status_code, status.HTTP_404_NOT_FOUND)`


			`# Create some tasks`
			`task = Task.objects.create(project=project)`
			`task2 = Task.objects.create(project=project)`
			`other_task = Task.objects.create(project=other_project)`

			`# Can list project tasks to a project we have access to`
			`res = client.get('/api/projects/{}/tasks/'.format(project.id))`
			`self.assertEqual(res.status_code, status.HTTP_200_OK)`
			`self.assertTrue(len(res.data) == 2)`

			`# Cannot list project tasks for a project we don't have access to`
			`res = client.get('/api/projects/{}/tasks/'.format(other_project.id))`
			`self.assertEqual(res.status_code, status.HTTP_404_NOT_FOUND)`

			`# Cannot list project tasks for a project that doesn't exist`
			`res = client.get('/api/projects/999/tasks/')`
			`self.assertEqual(res.status_code, status.HTTP_404_NOT_FOUND)`

			`# Can list task details for a task belonging to a project we have access to`
			`res = client.get('/api/projects/{}/tasks/{}/'.format(project.id, task.id))`
			`self.assertEqual(res.status_code, status.HTTP_200_OK)`
			`self.assertTrue(res.data["id"] == task.id)`

			`# Cannot list task details for a task belonging to a project we don't have access to`
			`res = client.get('/api/projects/{}/tasks/{}/'.format(other_project.id, other_task.id))`
			`self.assertEqual(res.status_code, status.HTTP_404_NOT_FOUND)`

			`# As above, but by trying to trick the API by using a project we have access to`
			`res = client.get('/api/projects/{}/tasks/{}/'.format(project.id, other_task.id))`
			`self.assertEqual(res.status_code, status.HTTP_404_NOT_FOUND)`

			`# Cannot access task details for a task that doesn't exist`
			`res = client.get('/api/projects/{}/tasks/999/'.format(project.id, other_task.id))`
Added processingnode API, UI improvements 2016-10-18 20:23:10 +00:00			`self.assertEqual(res.status_code, status.HTTP_404_NOT_FOUND)`

Upload workflow working, added task update tests 2016-10-22 15:23:37 +00:00			`# Can update a task`
			`res = client.patch('/api/projects/{}/tasks/{}/'.format(project.id, task.id), {'name': 'updated!'}, format='json')`
			`self.assertEqual(res.status_code, status.HTTP_200_OK)`

			`# Verify the task has been updated`
			`res = client.get('/api/projects/{}/tasks/{}/'.format(project.id, task.id))`
			`self.assertTrue(res.data["name"] == "updated!")`

			`# Cannot update a task we have no access to`
			`res = client.patch('/api/projects/{}/tasks/{}/'.format(other_project.id, other_task.id), {'name': 'updated!'}, format='json')`
			`self.assertEqual(res.status_code, status.HTTP_404_NOT_FOUND)`

Added processingnode API, UI improvements 2016-10-18 20:23:10 +00:00
			`def test_processingnodes(self):`
			`client = APIClient()`

			`pnode = ProcessingNode.objects.create(`
			`hostname="localhost",`
			`port=999`
			`)`

			`# Cannot list processing nodes as guest`
			`res = client.get('/api/processingnodes/')`
			`self.assertEqual(res.status_code, status.HTTP_403_FORBIDDEN)`

			`res = client.get('/api/processingnodes/{}/'.format(pnode.id))`
			`self.assertEqual(res.status_code, status.HTTP_403_FORBIDDEN)`

			`client.login(username="testuser", password="test1234")`

			`# Can list processing nodes as normal user`
			`res = client.get('/api/processingnodes/')`
			`self.assertEqual(res.status_code, status.HTTP_200_OK)`
			`self.assertTrue(len(res.data) == 1)`
			`self.assertTrue(res.data[0]["hostname"] == "localhost")`

			`# Can get single processing node as normal user`
			`res = client.get('/api/processingnodes/{}/'.format(pnode.id))`
			`self.assertEqual(res.status_code, status.HTTP_200_OK)`
			`self.assertTrue(res.data["hostname"] == "localhost")`

			`# Cannot delete a processing node as normal user`
			`res = client.delete('/api/processingnodes/{}/'.format(pnode.id))`
			`self.assertTrue(res.status_code, status.HTTP_403_FORBIDDEN)`

			`# Cannot create a processing node as normal user`
			`res = client.post('/api/processingnodes/', {'hostname': 'localhost', 'port':'1000'})`
			`self.assertTrue(res.status_code, status.HTTP_403_FORBIDDEN)`

			`client.login(username="testsuperuser", password="test1234")`

			`# Can delete a processing node as super user`
			`res = client.delete('/api/processingnodes/{}/'.format(pnode.id))`
			`self.assertTrue(res.status_code, status.HTTP_200_OK)`

			`# Can create a processing node as super user`
			`res = client.post('/api/processingnodes/', {'hostname': 'localhost', 'port':'1000'})`
			`self.assertTrue(res.status_code, status.HTTP_200_OK)`

			`# Verify node has been created`
			`res = client.get('/api/processingnodes/')`
			`self.assertEqual(res.status_code, status.HTTP_200_OK)`
			`self.assertTrue(len(res.data) == 1)`
Added PATCH operation on task API 2016-10-21 15:02:41 +00:00			`self.assertTrue(res.data[0]["port"] == 1000)`