SMusatov
/
GlitchTip
mirror of https://gitlab.com/glitchtip/glitchtip-backend.git


			
							123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176
							from io import StringIO

from django.core.files.uploadedfile import InMemoryUploadedFile
from django.urls import reverse
from model_bakery import baker

from glitchtip.test_utils.test_case import APIPermissionTestCase


class ReleaseAPIPermissionTests(APIPermissionTestCase):
    def setUp(self):
        self.create_user_org()
        self.set_client_credentials(self.auth_token.token)
        self.project = baker.make("projects.Project", organization=self.organization)
        self.release = baker.make("releases.Release", organization=self.organization)
        self.release.projects.add(self.project)

        self.organization_list_url = reverse(
            "api:list_releases", args=[self.organization.slug]
        )
        self.project_list_url = reverse(
            "api:list_project_releases",
            kwargs={
                "organization_slug": self.organization.slug,
                "project_slug": self.project.slug,
            },
        )
        self.organization_detail_url = reverse(
            "api:get_release",
            kwargs={
                "organization_slug": self.organization.slug,
                "version": self.release.version,
            },
        )
        self.project_detail_url = reverse(
            "api:get_project_release",
            kwargs={
                "organization_slug": self.organization.slug,
                "project_slug": self.project.slug,
                "version": self.release.version,
            },
        )
        self.org_delete_url = reverse(
            "api:delete_organization_release",
            kwargs={
                "organization_slug": self.organization.slug,
                "version": self.release.version,
            },
        )
        self.project_delete_url = reverse(
            "api:delete_project_release",
            kwargs={
                "organization_slug": self.organization.slug,
                "project_slug": self.project.slug,
                "version": self.release.version,
            },
        )

    def test_list(self):
        self.assertGetReqStatusCode(self.organization_list_url, 403)
        self.assertGetReqStatusCode(self.project_list_url, 403)
        self.auth_token.add_permission("project:releases")
        self.assertGetReqStatusCode(self.organization_list_url, 200)
        self.assertGetReqStatusCode(self.project_list_url, 200)

    def test_retrieve(self):
        self.assertGetReqStatusCode(self.organization_detail_url, 403)
        self.assertGetReqStatusCode(self.project_detail_url, 403)
        self.auth_token.add_permission("project:releases")
        self.assertGetReqStatusCode(self.organization_detail_url, 200)
        self.assertGetReqStatusCode(self.project_detail_url, 200)

    def test_assemble(self):
        url = reverse(
            "api:assemble_release", args=[self.organization.slug, self.release.version]
        )
        data = {
            "checksum": "94bc085fe32db9b4b1b82236214d65eeeeeeeeee",
            "chunks": ["94bc085fe32db9b4b1b82236214d65eeeeeeeeee"],
        }
        self.assertPostReqStatusCode(url, data, 403)
        self.auth_token.add_permission("project:write")
        self.assertPostReqStatusCode(url, data, 200)

    def test_create(self):
        self.auth_token.add_permission("project:read")
        data = {"version": "new-version", "projects": [self.project.slug]}
        self.assertPostReqStatusCode(self.organization_list_url, data, 403)
        self.assertPostReqStatusCode(self.project_list_url, data, 403)
        self.auth_token.add_permission("project:releases")
        self.assertPostReqStatusCode(self.organization_list_url, data, 201)
        self.assertPostReqStatusCode(self.project_list_url, data, 201)

    def test_org_release_destroy(self):
        self.auth_token.add_permissions(["project:read", "project:write"])
        self.assertDeleteReqStatusCode(self.org_delete_url, 403)

        self.auth_token.add_permission("project:releases")
        self.assertDeleteReqStatusCode(self.org_delete_url, 204)

    def test_project_release_destroy(self):
        self.auth_token.add_permissions(["project:read", "project:write"])
        self.assertDeleteReqStatusCode(self.project_delete_url, 403)

        self.auth_token.add_permission("project:releases")
        self.assertDeleteReqStatusCode(self.project_delete_url, 204)

    def test_update(self):
        self.auth_token.add_permission("project:read")
        data = {"version": "newer-version"}
        self.assertPutReqStatusCode(self.organization_detail_url, data, 403)

        self.auth_token.add_permission("project:releases")
        self.assertPutReqStatusCode(self.organization_detail_url, data, 200)


class ReleaseFileAPIPermissionTests(APIPermissionTestCase):
    def setUp(self):
        self.create_user_org()
        self.set_client_credentials(self.auth_token.token)
        self.project = baker.make("projects.Project", organization=self.organization)
        self.release = baker.make(
            "releases.Release", organization=self.organization, projects=[self.project]
        )
        self.release_file = baker.make(
            "sourcecode.DebugSymbolBundle", release=self.release
        )

        self.list_url = reverse(
            "api:list_project_release_files",
            kwargs={
                "organization_slug": self.organization.slug,
                "project_slug": self.project.slug,
                "version": self.release.version,
            },
        )
        self.detail_url = reverse(
            "api:get_project_release_file",
            kwargs={
                "organization_slug": self.organization.slug,
                "project_slug": self.project.slug,
                "version": self.release.version,
                "file_id": self.release_file.pk,
            },
        )

    def test_list(self):
        self.assertGetReqStatusCode(self.list_url, 403)
        self.auth_token.add_permission("project:releases")
        self.assertGetReqStatusCode(self.list_url, 200)

    def test_retrieve(self):
        self.assertGetReqStatusCode(self.detail_url, 403)
        self.auth_token.add_permission("project:releases")
        self.assertGetReqStatusCode(self.detail_url, 200)

    # Skip for now, requires DRF test client
    def xtest_create(self):
        self.auth_token.add_permission("project:read")

        im_io = StringIO()
        file = InMemoryUploadedFile(
            im_io, None, "name.txt", "text/plain", len(im_io.getvalue()), None
        )
        data = {"name": "name", "file": file}

        self.assertPostReqStatusCode(self.list_url, data, 403)
        self.auth_token.add_permission("project:releases")
        self.assertPostReqStatusCode(self.list_url, data, 201)

    def test_destroy(self):
        self.auth_token.add_permissions(["project:read", "project:write"])
        self.assertDeleteReqStatusCode(self.detail_url, 403)

        self.auth_token.add_permission("project:releases")
        self.assertDeleteReqStatusCode(self.detail_url, 204)