tests: add 11 tests for apijson_delete

zhangchunlin · zhangchunlin · commit 8a266cf0e216 · 2019-10-22T17:42:41.000+08:00
diff --git a/tests/demo/apps/apijson_demo/settings.ini b/tests/demo/apps/apijson_demo/settings.ini
@@ -44,7 +44,7 @@ publicnotice = {
     "HEAD" : { "roles" : ["OWNER","LOGIN","ADMIN","UNKNOWN"] },
     "POST" : { "roles" : ["OWNER","ADMIN"] },
     "PUT" : { "roles" : ["OWNER","ADMIN","UNKNOWN"] },
-    "DELETE" : { "roles" : ["OWNER","ADMIN"] },
+    "DELETE" : { "roles" : ["OWNER","ADMIN","UNKNOWN"] },
 }
 
 [APIJSON_REQUESTS]
diff --git a/tests/test.py b/tests/test.py
@@ -2,12 +2,17 @@
 from uliweb import manage
 from uliweb.manage import make_simple_application
 from json import loads as json_loads
+from nose import with_setup
 
-os.chdir('demo')
+def setup():
+    os.chdir('demo')
 
-manage.call('uliweb syncdb -v')
-manage.call('uliweb reset -v -y')
-manage.call('uliweb dbinit -v')
+    manage.call('uliweb syncdb -v')
+    manage.call('uliweb reset -v -y')
+    manage.call('uliweb dbinit -v')
+
+def teardown():
+    pass
 
 def pre_call_as(username):
     from uliweb import models
@@ -17,6 +22,7 @@ def pre_call(request):
         request.user = user
     return pre_call
 
+@with_setup(setup,teardown)
 def test_apijson_get():
     """
     >>> application = make_simple_application(project_dir='.')
@@ -1233,3 +1239,183 @@ def test_apijson_put():
     >>> print(d)
     {'code': 400, 'msg': 'failed when updating, maybe no change', 'moment': {'id': 1, 'code': 400, 'msg': 'failed when updating, maybe no change', 'count': 0}}
     """
+
+def test_apijson_delete():
+    """
+    >>> application = make_simple_application(project_dir='.')
+    >>> handler = application.handler()
+
+    >>> #apijson delete
+    >>> data ='''{
+    ...     "moment": {
+    ...         "id": 1
+    ...     },
+    ...     "@tag": "moment"
+    ... }'''
+    >>> r = handler.post('/apijson/delete', data=data, pre_call=pre_call_as("usera"), middlewares=[])
+    >>> d = json_loads(r.data)
+    >>> print(d)
+    {'code': 200, 'msg': 'success', 'moment': {'id': 1, 'code': 200, 'message': 'success', 'count': 1}}
+    >>> data ='''{
+    ...     "moment": {
+    ...         "id": 1
+    ...     }
+    ... }'''
+    >>> r = handler.post('/apijson/get', data=data, pre_call=pre_call_as("usera"), middlewares=[])
+    >>> d = json_loads(r.data)
+    >>> print(d)
+    {'code': 200, 'msg': 'success', 'moment': None}
+
+    >>> #apijson delete, without @tag
+    >>> data ='''{
+    ...     "moment": {
+    ...         "content": "new moment for test"
+    ...     },
+    ...     "@tag": "moment"
+    ... }'''
+    >>> r = handler.post('/apijson/post', data=data, pre_call=pre_call_as("usera"), middlewares=[])
+    >>> d = json_loads(r.data)
+    >>> data ='''{
+    ...     "moment": {
+    ...         "id": %s
+    ...     }
+    ... }'''%(d["moment"]["id"])
+    >>> r = handler.post('/apijson/delete', data=data, pre_call=pre_call_as("usera"), middlewares=[])
+    >>> d = json_loads(r.data)
+    >>> print(d)
+    {'code': 400, 'msg': "'tag' parameter is needed"}
+
+    >>> #apijson delete, with non exist model
+    >>> data ='''{
+    ...     "nonexist": {
+    ...         "id": 1
+    ...     },
+    ...     "@tag": "nonexist"
+    ... }'''
+    >>> r = handler.post('/apijson/delete', data=data, pre_call=pre_call_as("usera"), middlewares=[])
+    >>> d = json_loads(r.data)
+    >>> print(d)
+    {'code': 400, 'msg': "model 'nonexist' not found"}
+
+    >>> #apijson delete, default to OWNER and delete other's record
+    >>> data ='''{
+    ...     "moment": {
+    ...         "id": 2
+    ...     },
+    ...     "@tag": "moment"
+    ... }'''
+    >>> r = handler.post('/apijson/delete', data=data, pre_call=pre_call_as("usera"), middlewares=[])
+    >>> d = json_loads(r.data)
+    >>> print(d)
+    {'code': 400, 'msg': 'no permission'}
+
+    >>> #apijson delete, without id
+    >>> data ='''{
+    ...     "moment": {
+    ...     },
+    ...     "@tag": "moment"
+    ... }'''
+    >>> r = handler.post('/apijson/delete', data=data, pre_call=pre_call_as("usera"), middlewares=[])
+    >>> d = json_loads(r.data)
+    >>> print(d)
+    {'code': 400, 'msg': 'id param needed'}
+
+    >>> #apijson delete, id not int
+    >>> data ='''{
+    ...     "moment": {
+    ...         "id": "abc"
+    ...     },
+    ...     "@tag": "moment"
+    ... }'''
+    >>> r = handler.post('/apijson/delete', data=data, pre_call=pre_call_as("usera"), middlewares=[])
+    >>> d = json_loads(r.data)
+    >>> print(d)
+    {'code': 400, 'msg': "id 'abc' cannot convert to integer"}
+
+    >>> #apijson delete
+    >>> data ='''{
+    ...     "moment": {
+    ...         "id": 100
+    ...     },
+    ...     "@tag": "moment"
+    ... }'''
+    >>> r = handler.post('/apijson/delete', data=data, pre_call=pre_call_as("usera"), middlewares=[])
+    >>> d = json_loads(r.data)
+    >>> print(d)
+    {'code': 400, 'msg': "cannot find record id = '100'"}
+
+    >>> #apijson delete, with a role having no permission
+    >>> data ='''{
+    ...     "moment": {
+    ...         "content": "new moment for test"
+    ...     },
+    ...     "@tag": "moment"
+    ... }'''
+    >>> r = handler.post('/apijson/post', data=data, pre_call=pre_call_as("usera"), middlewares=[])
+    >>> d = json_loads(r.data)
+    >>> data ='''{
+    ...     "moment": {
+    ...         "@role": "UNKNOWN",
+    ...         "id": %s
+    ...     },
+    ...     "@tag": "moment"
+    ... }'''%(d["moment"]["id"])
+    >>> r = handler.post('/apijson/delete', data=data, pre_call=pre_call_as("usera"), middlewares=[])
+    >>> d = json_loads(r.data)
+    >>> print(d)
+    {'code': 400, 'msg': "'moment' not accessible by role 'UNKNOWN'"}
+
+    >>> #apijson delete, with OWNER but not login
+    >>> data ='''{
+    ...     "moment": {
+    ...         "content": "new moment for test"
+    ...     },
+    ...     "@tag": "moment"
+    ... }'''
+    >>> r = handler.post('/apijson/post', data=data, pre_call=pre_call_as("usera"), middlewares=[])
+    >>> d = json_loads(r.data)
+    >>> data ='''{
+    ...     "moment": {
+    ...         "id": %s
+    ...     },
+    ...     "@tag": "moment"
+    ... }'''%(d["moment"]["id"])
+    >>> r = handler.post('/apijson/delete', data=data, middlewares=[])
+    >>> d = json_loads(r.data)
+    >>> print(d)
+    {'code': 400, 'msg': 'need login user'}
+
+    >>> #apijson delete, with UNKNOWN role
+    >>> data ='''{
+    ...     "publicnotice": {
+    ...         "@role": "UNKNOWN",
+    ...         "id": 1
+    ...     },
+    ...     "@tag": "publicnotice"
+    ... }'''
+    >>> r = handler.post('/apijson/delete', data=data, middlewares=[])
+    >>> d = json_loads(r.data)
+    >>> print(d)
+    {'code': 200, 'msg': 'success', 'publicnotice': {'id': 1, 'code': 200, 'message': 'success', 'count': 1}}
+
+    >>> #apijson delete, with a role which have no permission
+    >>> data ='''{
+    ...     "moment": {
+    ...         "content": "new moment for test"
+    ...     },
+    ...     "@tag": "moment"
+    ... }'''
+    >>> r = handler.post('/apijson/post', data=data, pre_call=pre_call_as("usera"), middlewares=[])
+    >>> d = json_loads(r.data)
+    >>> data ='''{
+    ...     "moment": {
+    ...         "@role": "superuser",
+    ...         "id": %s
+    ...     },
+    ...     "@tag": "moment"
+    ... }'''%(d["moment"]["id"])
+    >>> r = handler.post('/apijson/delete', data=data, pre_call=pre_call_as("admin"), middlewares=[])
+    >>> d = json_loads(r.data)
+    >>> print(d)
+    {'code': 400, 'msg': "'moment' not accessible by role 'superuser'"}
+    """
diff --git a/uliweb_apijson/apijson/views.py b/uliweb_apijson/apijson/views.py
@@ -617,7 +617,7 @@ def _delete_one(self,key,tag):
             return json({"code":400,"msg":"id '%s' cannot convert to integer"%(params.get("id"))})
         obj = model.get(id_)
         if not obj:
-            return json({"code":400,"msg":"cannot find record id '%s'"%(id_)})
+            return json({"code":400,"msg":"cannot find record id = '%s'"%(id_)})
 
         permission_check_ok = False
         DELETE = model_setting.get("DELETE")

Original file line number	Diff line number	Diff line change
`@@ -44,7 +44,7 @@ publicnotice = {`
`44`	`44`	`"HEAD" : { "roles" : ["OWNER","LOGIN","ADMIN","UNKNOWN"] },`
`45`	`45`	`"POST" : { "roles" : ["OWNER","ADMIN"] },`
`46`	`46`	`"PUT" : { "roles" : ["OWNER","ADMIN","UNKNOWN"] },`
`47`		`- "DELETE" : { "roles" : ["OWNER","ADMIN"] },`
	`47`	`+ "DELETE" : { "roles" : ["OWNER","ADMIN","UNKNOWN"] },`
`48`	`48`	`}`
`49`	`49`
`50`	`50`	`[APIJSON_REQUESTS]`