diff --git a/awx/main/tests/functional/api/test_organizations.py b/awx/main/tests/functional/api/test_organizations.py new file mode 100644 index 0000000000..8a9da1c662 --- /dev/null +++ b/awx/main/tests/functional/api/test_organizations.py @@ -0,0 +1,182 @@ +# Copyright (c) 2015 Ansible, Inc. +# All Rights Reserved. + +# Python +import pytest + +# Django +from django.core.urlresolvers import reverse + +# AWX +from awx.main.models import * # noqa + + +@pytest.mark.django_db +def test_organization_list_access_tests(options, head, get, admin, alice): + options(reverse('api:organization_list'), user=admin, expect=200) + head(reverse('api:organization_list'), user=admin, expect=200) + get(reverse('api:organization_list'), user=admin, expect=200) + options(reverse('api:organization_list'), user=alice, expect=200) + head(reverse('api:organization_list'), user=alice, expect=200) + get(reverse('api:organization_list'), user=alice, expect=200) + options(reverse('api:organization_list'), user=None, expect=401) + head(reverse('api:organization_list'), user=None, expect=401) + get(reverse('api:organization_list'), user=None, expect=401) + + +@pytest.mark.django_db +def test_organization_access_tests(organization, get, admin, alice, bob): + organization.member_role.members.add(alice) + get(reverse('api:organization_detail', args=(organization.id,)), user=admin, expect=200) + get(reverse('api:organization_detail', args=(organization.id,)), user=alice, expect=200) + get(reverse('api:organization_detail', args=(organization.id,)), user=bob, expect=403) + get(reverse('api:organization_detail', args=(organization.id,)), user=None, expect=401) + + +@pytest.mark.django_db +def test_organization_list_integrity(organization, get, admin, alice): + res = get(reverse('api:organization_list'), user=admin) + for field in ['id', 'url', 'name', 'description', 'created']: + assert field in res.data['results'][0] + + +@pytest.mark.django_db +def test_organization_list_visibility(organizations, get, admin, alice): + orgs = organizations(2) + + res = get(reverse('api:organization_list'), user=admin) + assert res.data['count'] == 2 + assert len(res.data['results']) == 2 + + res = get(reverse('api:organization_list'), user=alice) + assert res.data['count'] == 0 + + orgs[1].member_role.members.add(alice) + + res = get(reverse('api:organization_list'), user=alice) + assert res.data['count'] == 1 + assert len(res.data['results']) == 1 + assert res.data['results'][0]['id'] == orgs[1].id + + +@pytest.mark.django_db +def test_organization_project_list(organization, project_factory, get, alice, bob, rando): + prj1 = project_factory('project-one') + project_factory('project-two') + organization.admin_role.members.add(alice) + organization.member_role.members.add(bob) + prj1.use_role.members.add(bob) + assert get(reverse('api:organization_projects_list', args=(organization.id,)), user=alice).data['count'] == 2 + assert get(reverse('api:organization_projects_list', args=(organization.id,)), user=bob).data['count'] == 1 + assert get(reverse('api:organization_projects_list', args=(organization.id,)), user=rando).status_code == 403 + + +@pytest.mark.django_db +def test_organization_user_list(organization, get, admin, alice, bob): + organization.admin_role.members.add(alice) + organization.member_role.members.add(alice) + organization.member_role.members.add(bob) + assert get(reverse('api:organization_users_list', args=(organization.id,)), user=admin).data['count'] == 2 + assert get(reverse('api:organization_users_list', args=(organization.id,)), user=alice).data['count'] == 2 + assert get(reverse('api:organization_users_list', args=(organization.id,)), user=bob).data['count'] == 2 + assert get(reverse('api:organization_admins_list', args=(organization.id,)), user=admin).data['count'] == 1 + assert get(reverse('api:organization_admins_list', args=(organization.id,)), user=alice).data['count'] == 1 + assert get(reverse('api:organization_admins_list', args=(organization.id,)), user=bob).data['count'] == 1 + + +@pytest.mark.django_db +def test_organization_inventory_list(organization, inventory_factory, get, alice, bob, rando): + inv1 = inventory_factory('inventory-one') + inventory_factory('inventory-two') + organization.admin_role.members.add(alice) + organization.member_role.members.add(bob) + inv1.use_role.members.add(bob) + assert get(reverse('api:organization_inventories_list', args=(organization.id,)), user=alice).data['count'] == 2 + assert get(reverse('api:organization_inventories_list', args=(organization.id,)), user=bob).data['count'] == 1 + get(reverse('api:organization_inventories_list', args=(organization.id,)), user=rando, expect=403) + + +@pytest.mark.django_db +def test_create_organization(post, admin, alice): + new_org = { + 'name': 'new org', + 'description': 'my description' + } + res = post(reverse('api:organization_list'), new_org, user=admin, expect=201) + assert res.data['name'] == new_org['name'] + res = post(reverse('api:organization_list'), new_org, user=admin, expect=400) + + +@pytest.mark.django_db +def test_create_organization_xfail(post, alice): + new_org = { + 'name': 'new org', + 'description': 'my description' + } + post(reverse('api:organization_list'), new_org, user=alice, expect=403) + + +@pytest.mark.django_db +def test_add_user_to_organization(post, organization, alice, bob): + organization.admin_role.members.add(alice) + post(reverse('api:organization_users_list', args=(organization.id,)), {'id': bob.id}, user=alice, expect=204) + assert bob in organization.member_role + post(reverse('api:organization_users_list', args=(organization.id,)), {'id': bob.id, 'disassociate': True} , user=alice, expect=204) + assert bob not in organization.member_role + + +@pytest.mark.django_db +def test_add_user_to_organization_xfail(post, organization, alice, bob): + organization.member_role.members.add(alice) + post(reverse('api:organization_users_list', args=(organization.id,)), {'id': bob.id}, user=alice, expect=403) + + +@pytest.mark.django_db +def test_add_admin_to_organization(post, organization, alice, bob): + organization.admin_role.members.add(alice) + post(reverse('api:organization_admins_list', args=(organization.id,)), {'id': bob.id}, user=alice, expect=204) + assert bob in organization.admin_role + assert bob in organization.member_role + post(reverse('api:organization_admins_list', args=(organization.id,)), {'id': bob.id, 'disassociate': True} , user=alice, expect=204) + assert bob not in organization.admin_role + assert bob not in organization.member_role + + +@pytest.mark.django_db +def test_add_admin_to_organization_xfail(post, organization, alice, bob): + organization.member_role.members.add(alice) + post(reverse('api:organization_admins_list', args=(organization.id,)), {'id': bob.id}, user=alice, expect=403) + + +@pytest.mark.django_db +def test_update_organization(get, put, organization, alice, bob): + organization.admin_role.members.add(alice) + data = get(reverse('api:organization_detail', args=(organization.id,)), user=alice, expect=200).data + data['description'] = 'hi' + put(reverse('api:organization_detail', args=(organization.id,)), data, user=alice, expect=200) + organization.refresh_from_db() + assert organization.description == 'hi' + data['description'] = 'bye' + put(reverse('api:organization_detail', args=(organization.id,)), data, user=bob, expect=403) + + +@pytest.mark.django_db +def test_delete_organization(delete, organization, admin): + delete(reverse('api:organization_detail', args=(organization.id,)), user=admin, expect=204) + + +@pytest.mark.django_db +def test_delete_organization2(delete, organization, alice): + organization.admin_role.members.add(alice) + delete(reverse('api:organization_detail', args=(organization.id,)), user=alice, expect=204) + + +@pytest.mark.django_db +def test_delete_organization_xfail1(delete, organization, alice): + organization.member_role.members.add(alice) + delete(reverse('api:organization_detail', args=(organization.id,)), user=alice, expect=403) + + +@pytest.mark.django_db +def test_delete_organization_xfail2(delete, organization): + delete(reverse('api:organization_detail', args=(organization.id,)), user=None, expect=401) diff --git a/awx/main/tests/functional/test_auth_token_limit.py b/awx/main/tests/functional/test_auth_token_limit.py new file mode 100644 index 0000000000..bbe30320c4 --- /dev/null +++ b/awx/main/tests/functional/test_auth_token_limit.py @@ -0,0 +1,39 @@ +import pytest +from datetime import timedelta + +from django.utils.timezone import now as tz_now +from django.test.utils import override_settings + +from awx.main.models import AuthToken, User + + +@override_settings(AUTH_TOKEN_PER_USER=3) +@pytest.mark.django_db +def test_get_tokens_over_limit(): + now = tz_now() + # Times are relative to now + # (key, created on in seconds , expiration in seconds) + test_data = [ + # a is implicitly expired + ("a", -1000, -10), + # b's are invalid due to session limit of 3 + ("b", -100, 60), + ("bb", -100, 60), + ("c", -90, 70), + ("d", -80, 80), + ("e", -70, 90), + ] + user = User.objects.create_superuser('admin', 'foo@bar.com', 'password') + for key, t_create, t_expire in test_data: + AuthToken.objects.create( + user=user, + key=key, + request_hash='this_is_a_hash', + created=now + timedelta(seconds=t_create), + expires=now + timedelta(seconds=t_expire), + ) + invalid_tokens = AuthToken.get_tokens_over_limit(user, now=now) + invalid_keys = [x.key for x in invalid_tokens] + assert len(invalid_keys) == 2 + assert 'b' in invalid_keys + assert 'bb' in invalid_keys diff --git a/awx/main/tests/old/organizations.py b/awx/main/tests/old/organizations.py deleted file mode 100644 index 136e2603cc..0000000000 --- a/awx/main/tests/old/organizations.py +++ /dev/null @@ -1,413 +0,0 @@ -# Copyright (c) 2015 Ansible, Inc. -# All Rights Reserved. - -# Python -from datetime import timedelta - -# Django -from django.core.urlresolvers import reverse -from django.test.utils import override_settings -from django.contrib.auth.models import User -from django.utils.timezone import now as tz_now - -# AWX -from awx.main.models import * # noqa -from awx.main.tests.base import BaseTest - -__all__ = ['AuthTokenLimitUnitTest', 'OrganizationsTest'] - -class AuthTokenLimitUnitTest(BaseTest): - - def setUp(self): - self.now = tz_now() - # Times are relative to now - # (key, created on in seconds , expiration in seconds) - self.test_data = [ - # a is implicitly expired - ("a", -1000, -10), - # b's are invalid due to session limit of 3 - ("b", -100, 60), - ("bb", -100, 60), - ("c", -90, 70), - ("d", -80, 80), - ("e", -70, 90), - ] - self.user = User.objects.create_superuser('admin', 'foo@bar.com', 'password') - for key, t_create, t_expire in self.test_data: - AuthToken.objects.create( - user=self.user, - key=key, - request_hash='this_is_a_hash', - created=self.now + timedelta(seconds=t_create), - expires=self.now + timedelta(seconds=t_expire), - ) - super(AuthTokenLimitUnitTest, self).setUp() - - @override_settings(AUTH_TOKEN_PER_USER=3) - def test_get_tokens_over_limit(self): - invalid_tokens = AuthToken.get_tokens_over_limit(self.user, now=self.now) - invalid_keys = [x.key for x in invalid_tokens] - self.assertEqual(len(invalid_keys), 2) - self.assertIn('b', invalid_keys) - self.assertIn('bb', invalid_keys) - -class OrganizationsTest(BaseTest): - - def collection(self): - return reverse('api:organization_list') - - def setUp(self): - super(OrganizationsTest, self).setUp() - self.setup_instances() - # TODO: Test non-enterprise license - self.create_test_license_file() - self.setup_users() - - self.organizations = self.make_organizations(self.super_django_user, 10) - self.projects = self.make_projects(self.normal_django_user, 10) - - # add projects to organizations in a more or less arbitrary way - for project in self.projects[0:2]: - self.organizations[0].projects.add(project) - for project in self.projects[3:8]: - self.organizations[1].projects.add(project) - for project in self.projects[9:10]: - self.organizations[2].projects.add(project) - self.organizations[0].projects.add(self.projects[-1]) - self.organizations[9].projects.add(self.projects[-2]) - - # get the URL for various organization records - self.a_detail_url = "%s%s" % (self.collection(), self.organizations[0].pk) - self.b_detail_url = "%s%s" % (self.collection(), self.organizations[1].pk) - self.c_detail_url = "%s%s" % (self.collection(), self.organizations[2].pk) - - # configuration: - # admin_user is an admin and regular user in all organizations - # other_user is all organizations - # normal_user is a user in organization 0, and an admin of organization 1 - # nobody_user is a user not a member of any organizations - - for x in self.organizations: - x.admin_role.members.add(self.super_django_user) - x.member_role.members.add(self.super_django_user) - x.member_role.members.add(self.other_django_user) - - self.organizations[0].member_role.members.add(self.normal_django_user) - self.organizations[1].admin_role.members.add(self.normal_django_user) - - def test_get_organization_list(self): - url = reverse('api:organization_list') - - # no credentials == 401 - self.options(url, expect=401) - self.head(url, expect=401) - self.get(url, expect=401) - - # wrong credentials == 401 - with self.current_user(self.get_invalid_credentials()): - self.options(url, expect=401) - self.head(url, expect=401) - self.get(url, expect=401) - - # superuser credentials == 200, full list - with self.current_user(self.super_django_user): - self.options(url, expect=200) - self.head(url, expect=200) - response = self.get(url, expect=200) - self.check_pagination_and_size(response, 10, previous=None, next=None) - self.assertEqual(len(response['results']), - Organization.objects.count()) - for field in ['id', 'url', 'name', 'description', 'created']: - self.assertTrue(field in response['results'][0], - 'field %s not in result' % field) - - # check that the related URL functionality works - related = response['results'][0]['related'] - for x in ['projects', 'users', 'admins']: - self.assertTrue(x in related and related[x].endswith("/%s/" % x), "looking for %s in related" % x) - - # normal credentials == 200, get only organizations of which user is a member - with self.current_user(self.normal_django_user): - self.options(url, expect=200) - self.head(url, expect=200) - response = self.get(url, expect=200) - self.check_pagination_and_size(response, 2, previous=None, next=None) - - # no admin rights? get empty list - with self.current_user(self.other_django_user): - response = self.get(url, expect=200) - self.check_pagination_and_size(response, len(self.organizations), previous=None, next=None) - - # not a member of any orgs? get empty list - with self.current_user(self.nobody_django_user): - response = self.get(url, expect=200) - self.check_pagination_and_size(response, 0, previous=None, next=None) - - def test_get_item(self): - - # first get all the URLs - data = self.get(self.collection(), expect=200, auth=self.get_super_credentials()) - urls = [item['url'] for item in data['results']] - - # make sure super user can fetch records - data = self.get(urls[0], expect=200, auth=self.get_super_credentials()) - [self.assertTrue(key in data) for key in ['name', 'description', 'url']] - - # make sure invalid user cannot - data = self.get(urls[0], expect=401, auth=self.get_invalid_credentials()) - - # normal user should be able to get org 0 and org 1 but not org 9 (as he's not a user or admin of it) - data = self.get(urls[0], expect=200, auth=self.get_normal_credentials()) - data = self.get(urls[1], expect=200, auth=self.get_normal_credentials()) - data = self.get(urls[9], expect=403, auth=self.get_normal_credentials()) - - # other user is a member, but not admin, can access org - data = self.get(urls[0], expect=200, auth=self.get_other_credentials()) - - # nobody user is not a member, cannot access org - data = self.get(urls[0], expect=403, auth=self.get_nobody_credentials()) - - def test_get_item_subobjects_projects(self): - - # first get all the orgs - orgs = self.get(self.collection(), expect=200, auth=self.get_super_credentials()) - - # find projects attached to the first org - projects0_url = orgs['results'][0]['related']['projects'] - projects1_url = orgs['results'][1]['related']['projects'] - projects9_url = orgs['results'][9]['related']['projects'] - - self.get(projects0_url, expect=401, auth=None) - self.get(projects0_url, expect=401, auth=self.get_invalid_credentials()) - - # normal user is just a member of the first org, so can see all projects under the org - self.get(projects0_url, expect=200, auth=self.get_normal_credentials()) - - # however in the second org, he's an admin and should see all of them - projects1a = self.get(projects1_url, expect=200, auth=self.get_normal_credentials()) - self.assertEquals(projects1a['count'], 5) - - # but the non-admin cannot access the list of projects in the org. He should use /projects/ instead! - self.get(projects1_url, expect=200, auth=self.get_other_credentials()) - - # superuser should be able to read anything - projects9a = self.get(projects9_url, expect=200, auth=self.get_super_credentials()) - self.assertEquals(projects9a['count'], 1) - - # nobody user is not a member of any org, so can't see projects... - self.get(projects0_url, expect=403, auth=self.get_nobody_credentials()) - projects1a = self.get(projects1_url, expect=403, auth=self.get_nobody_credentials()) - - def test_get_item_subobjects_users(self): - - # see if we can list the users added to the organization - orgs = self.get(self.collection(), expect=200, auth=self.get_super_credentials()) - org1_users_url = orgs['results'][1]['related']['users'] - org1_users = self.get(org1_users_url, expect=200, auth=self.get_normal_credentials()) - self.assertEquals(org1_users['count'], 2) - org1_users = self.get(org1_users_url, expect=200, auth=self.get_super_credentials()) - self.assertEquals(org1_users['count'], 2) - org1_users = self.get(org1_users_url, expect=200, auth=self.get_other_credentials()) - self.assertEquals(org1_users['count'], 2) - - def test_get_item_subobjects_admins(self): - - # see if we can list the users added to the organization - orgs = self.get(self.collection(), expect=200, auth=self.get_super_credentials()) - org1_users_url = orgs['results'][1]['related']['admins'] - org1_users = self.get(org1_users_url, expect=200, auth=self.get_normal_credentials()) - self.assertEquals(org1_users['count'], 2) - org1_users = self.get(org1_users_url, expect=200, auth=self.get_super_credentials()) - self.assertEquals(org1_users['count'], 2) - - def test_get_organization_inventories_list(self): - pass - - def _test_get_item_subobjects_tags(self): - # FIXME: Update to support taggit! - - # put some tags on the org - org1 = Organization.objects.get(pk=2) - tag1 = Tag.objects.create(name='atag') - tag2 = Tag.objects.create(name='btag') - org1.tags.add(tag1) - org1.tags.add(tag2) - - # see if we can list the users added to the organization - orgs = self.get(self.collection(), expect=200, auth=self.get_super_credentials()) - org1_tags_url = orgs['results'][1]['related']['tags'] - org1_tags = self.get(org1_tags_url, expect=200, auth=self.get_normal_credentials()) - self.assertEquals(org1_tags['count'], 2) - org1_tags = self.get(org1_tags_url, expect=200, auth=self.get_super_credentials()) - self.assertEquals(org1_tags['count'], 2) - org1_tags = self.get(org1_tags_url, expect=403, auth=self.get_other_credentials()) - - def _test_get_item_subobjects_audit_trail(self): - # FIXME: Update to support whatever audit trail framework is used. - url = '/api/v1/organizations/2/audit_trail/' - self.get(url, expect=200, auth=self.get_normal_credentials()) - # FIXME: verify that some audit trail records are auto-created on save AND post - - def test_post_item(self): - - new_org = dict(name='magic test org', description='8675309') - - # need to be a valid user - self.post(self.collection(), new_org, expect=401, auth=None) - self.post(self.collection(), new_org, expect=401, auth=self.get_invalid_credentials()) - - # only super users can create organizations - self.post(self.collection(), new_org, expect=403, auth=self.get_normal_credentials()) - self.post(self.collection(), new_org, expect=403, auth=self.get_other_credentials()) - data1 = self.post(self.collection(), new_org, expect=201, auth=self.get_super_credentials()) - - # duplicate post results in 400 - response = self.post(self.collection(), new_org, expect=400, auth=self.get_super_credentials()) - self.assertTrue('name' in response, response) - self.assertTrue('Name' in response['name'][0], response) - - # look at what we got back from the post, make sure we added an org - last_org = Organization.objects.order_by('-pk')[0] - self.assertTrue(data1['url'].endswith("/%d/" % last_org.pk)) - - # Test that not even super users can create an organization with a basic license - self.create_basic_license_file() - cant_org = dict(name='silly user org', description='4815162342') - self.post(self.collection(), cant_org, expect=402, auth=self.get_super_credentials()) - - def test_post_item_subobjects_users(self): - - url = reverse('api:organization_users_list', args=(self.organizations[1].pk,)) - users = self.get(url, expect=200, auth=self.get_normal_credentials()) - self.assertEqual(users['count'], 2) - self.post(url, dict(id=self.normal_django_user.pk), expect=204, auth=self.get_normal_credentials()) - users = self.get(url, expect=200, auth=self.get_normal_credentials()) - self.assertEqual(users['count'], 3) - self.post(url, dict(id=self.normal_django_user.pk, disassociate=True), expect=204, auth=self.get_normal_credentials()) - users = self.get(url, expect=200, auth=self.get_normal_credentials()) - self.assertEqual(users['count'], 2) - - # post a completely new user to verify we can add users to the subcollection directly - new_user = dict(username='NewUser9000', password='NewPassword9000') - which_org = Organization.accessible_objects(self.normal_django_user, 'admin_role')[0] - url = reverse('api:organization_users_list', args=(which_org.pk,)) - self.post(url, new_user, expect=201, auth=self.get_normal_credentials()) - - all_users = self.get(url, expect=200, auth=self.get_normal_credentials()) - self.assertEqual(all_users['count'], 3) - - def test_post_item_subobjects_admins(self): - - url = reverse('api:organization_admins_list', args=(self.organizations[1].pk,)) - admins = self.get(url, expect=200, auth=self.get_normal_credentials()) - self.assertEqual(admins['count'], 2) - self.post(url, dict(id=self.other_django_user.pk), expect=204, auth=self.get_normal_credentials()) - admins = self.get(url, expect=200, auth=self.get_normal_credentials()) - self.assertEqual(admins['count'], 3) - self.post(url, dict(id=self.other_django_user.pk, disassociate=1), expect=204, auth=self.get_normal_credentials()) - admins = self.get(url, expect=200, auth=self.get_normal_credentials()) - self.assertEqual(admins['count'], 2) - - def _test_post_item_subobjects_tags(self): - # FIXME: Update to support taggit! - - tag = Tag.objects.create(name='blippy') - url = '/api/v1/organizations/2/tags/' - tags = self.get(url, expect=200, auth=self.get_normal_credentials()) - self.assertEqual(tags['count'], 0) - self.post(url, dict(id=tag.pk), expect=204, auth=self.get_normal_credentials()) - tags = self.get(url, expect=200, auth=self.get_normal_credentials()) - self.assertEqual(tags['count'], 1) - self.assertEqual(tags['results'][0]['id'], tag.pk) - self.post(url, dict(id=tag.pk, disassociate=1), expect=204, auth=self.get_normal_credentials()) - tags = self.get(url, expect=200, auth=self.get_normal_credentials()) - self.assertEqual(tags['count'], 0) - - def _test_post_item_subobjects_audit_trail(self): - # FIXME: Update to support whatever audit trail framework is used. - # audit trails are system things, and no user can post to them. - url = '/api/v1/organizations/2/audit_trail/' - self.post(url, dict(id=1), expect=405, auth=self.get_super_credentials()) - - def test_put_item(self): - - # first get some urls and data to put back to them - urls = self.get_urls(self.collection(), auth=self.get_super_credentials()) - self.get(urls[0], expect=200, auth=self.get_super_credentials()) - data1 = self.get(urls[1], expect=200, auth=self.get_super_credentials()) - - # test that an unauthenticated user cannot do a put - new_data1 = data1.copy() - new_data1['description'] = 'updated description' - self.put(urls[0], new_data1, expect=401, auth=None) - self.put(urls[0], new_data1, expect=401, auth=self.get_invalid_credentials()) - - # user normal is an admin of org 0 and a member of org 1 so should be able to put only org 1 - self.put(urls[0], new_data1, expect=403, auth=self.get_normal_credentials()) - self.put(urls[1], new_data1, expect=200, auth=self.get_normal_credentials()) - - # get back org 1 and see if it changed - get_result = self.get(urls[1], expect=200, auth=self.get_normal_credentials()) - self.assertEquals(get_result['description'], 'updated description') - - # super user can also put even though they aren't added to the org users or admins list - self.put(urls[1], new_data1, expect=200, auth=self.get_super_credentials()) - - # make sure posting to this URL is not supported - self.post(urls[1], new_data1, expect=405, auth=self.get_super_credentials()) - - def test_put_item_subobjects_projects(self): - - # any attempt to put a subobject should be a 405, edit the actual resource or POST with 'disassociate' to delete - # this is against a collection URL anyway, so we really need not repeat this test for other object types - # as a PUT against a collection doesn't make much sense. - - orgs = self.get(self.collection(), expect=200, auth=self.get_super_credentials()) - projects0_url = orgs['results'][0]['related']['projects'] - sub_projects = self.get(projects0_url, expect=200, auth=self.get_super_credentials()) - self.assertEquals(sub_projects['count'], 3) - first_sub_project = sub_projects['results'][0] - self.put(projects0_url, first_sub_project, expect=405, auth=self.get_super_credentials()) - - def test_delete_item(self): - - # first get some urls - urls = self.get_urls(self.collection(), auth=self.get_super_credentials()) - urldata1 = self.get(urls[1], auth=self.get_super_credentials()) - - # check authentication -- admins of the org and superusers can delete objects only - self.delete(urls[0], expect=401, auth=None) - self.delete(urls[0], expect=401, auth=self.get_invalid_credentials()) - self.delete(urls[8], expect=403, auth=self.get_normal_credentials()) - self.delete(urls[1], expect=204, auth=self.get_normal_credentials()) - self.delete(urls[0], expect=204, auth=self.get_super_credentials()) - - # check that when we have deleted an object it comes back 404 via GET - self.get(urls[1], expect=404, auth=self.get_normal_credentials()) - assert Organization.objects.filter(pk=urldata1['id']).count() == 0 - - # also check that DELETE on the collection doesn't work - self.delete(self.collection(), expect=405, auth=self.get_super_credentials()) - - # Test that not even super users can delete an organization with a basic license - self.create_basic_license_file() - self.delete(urls[2], expect=402, auth=self.get_super_credentials()) - - def test_invalid_post_data(self): - url = reverse('api:organization_list') - # API should gracefully handle data of an invalid type. - self.post(url, expect=400, data=None, auth=self.get_super_credentials()) - self.post(url, expect=400, data=99, auth=self.get_super_credentials()) - self.post(url, expect=400, data='abcd', auth=self.get_super_credentials()) - self.post(url, expect=400, data=3.14, auth=self.get_super_credentials()) - self.post(url, expect=400, data=True, auth=self.get_super_credentials()) - self.post(url, expect=400, data=[1,2,3], auth=self.get_super_credentials()) - url = reverse('api:organization_users_list', args=(self.organizations[0].pk,)) - self.post(url, expect=400, data=None, auth=self.get_super_credentials()) - self.post(url, expect=400, data=99, auth=self.get_super_credentials()) - self.post(url, expect=400, data='abcd', auth=self.get_super_credentials()) - self.post(url, expect=400, data=3.14, auth=self.get_super_credentials()) - self.post(url, expect=400, data=True, auth=self.get_super_credentials()) - self.post(url, expect=400, data=[1,2,3], auth=self.get_super_credentials()) - -# TODO: tests for tag disassociation