mirror of
https://github.com/paperless-ngx/paperless-ngx.git
synced 2025-04-02 13:45:10 -05:00
205 lines
6.5 KiB
Python
205 lines
6.5 KiB
Python
from django.contrib.auth.models import Permission
|
|
from django.contrib.auth.models import User
|
|
from django.core.cache import cache
|
|
from rest_framework import status
|
|
from rest_framework.test import APITestCase
|
|
|
|
from documents.models import Document
|
|
|
|
|
|
class TestTrashAPI(APITestCase):
|
|
def setUp(self):
|
|
super().setUp()
|
|
|
|
self.user = User.objects.create_user(username="temp_admin")
|
|
self.user.user_permissions.add(*Permission.objects.all())
|
|
self.client.force_authenticate(user=self.user)
|
|
cache.clear()
|
|
|
|
def test_api_trash(self):
|
|
"""
|
|
GIVEN:
|
|
- Existing document
|
|
WHEN:
|
|
- API request to delete document
|
|
- API request to restore document
|
|
- API request to empty trash
|
|
THEN:
|
|
- Document is moved to trash
|
|
- Document is restored from trash
|
|
- Trash is emptied
|
|
"""
|
|
|
|
document = Document.objects.create(
|
|
title="Title",
|
|
content="content",
|
|
checksum="checksum",
|
|
mime_type="application/pdf",
|
|
)
|
|
|
|
self.client.force_login(user=self.user)
|
|
self.client.delete(f"/api/documents/{document.pk}/")
|
|
self.assertEqual(Document.objects.count(), 0)
|
|
self.assertEqual(Document.global_objects.count(), 1)
|
|
self.assertEqual(Document.deleted_objects.count(), 1)
|
|
|
|
resp = self.client.get("/api/trash/")
|
|
self.assertEqual(resp.status_code, status.HTTP_200_OK)
|
|
self.assertEqual(resp.data["count"], 1)
|
|
|
|
resp = self.client.post(
|
|
"/api/trash/",
|
|
{"action": "restore", "documents": [document.pk]},
|
|
)
|
|
self.assertEqual(resp.status_code, status.HTTP_200_OK)
|
|
self.assertEqual(Document.objects.count(), 1)
|
|
|
|
resp = self.client.get("/api/trash/")
|
|
self.assertEqual(resp.status_code, status.HTTP_200_OK)
|
|
self.assertEqual(resp.data["count"], 0)
|
|
|
|
self.client.delete(f"/api/documents/{document.pk}/")
|
|
resp = self.client.post(
|
|
"/api/trash/",
|
|
{"action": "empty", "documents": [document.pk]},
|
|
)
|
|
self.assertEqual(resp.status_code, status.HTTP_200_OK)
|
|
self.assertEqual(Document.global_objects.count(), 0)
|
|
|
|
def test_trash_api_empty_all(self):
|
|
"""
|
|
GIVEN:
|
|
- Existing documents in trash
|
|
WHEN:
|
|
- API request to empty trash
|
|
THEN:
|
|
- Trash is emptied
|
|
"""
|
|
|
|
document = Document.objects.create(
|
|
title="Title",
|
|
content="content",
|
|
checksum="checksum",
|
|
mime_type="application/pdf",
|
|
)
|
|
document.delete()
|
|
document2 = Document.objects.create(
|
|
title="Title2",
|
|
content="content2",
|
|
checksum="checksum2",
|
|
mime_type="application/pdf",
|
|
)
|
|
document2.delete()
|
|
|
|
self.client.force_login(user=self.user)
|
|
resp = self.client.post(
|
|
"/api/trash/",
|
|
{"action": "empty", "documents": []},
|
|
)
|
|
self.assertEqual(resp.status_code, status.HTTP_200_OK)
|
|
self.assertEqual(Document.global_objects.count(), 0)
|
|
|
|
def test_api_trash_show_owned_only(self):
|
|
"""
|
|
GIVEN:
|
|
- Existing documents in trash
|
|
WHEN:
|
|
- API request to show documents in trash for regular user
|
|
- API request to show documents in trash for superuser
|
|
THEN:
|
|
- Only owned documents are returned
|
|
"""
|
|
|
|
document_u1 = Document.objects.create(
|
|
title="Title",
|
|
content="content",
|
|
checksum="checksum",
|
|
mime_type="application/pdf",
|
|
owner=self.user,
|
|
)
|
|
document_u1.delete()
|
|
document_not_owned = Document.objects.create(
|
|
title="Title2",
|
|
content="content2",
|
|
checksum="checksum2",
|
|
mime_type="application/pdf",
|
|
)
|
|
document_not_owned.delete()
|
|
user2 = User.objects.create_user(username="user2")
|
|
document_u2 = Document.objects.create(
|
|
title="Title3",
|
|
content="content3",
|
|
checksum="checksum3",
|
|
mime_type="application/pdf",
|
|
owner=user2,
|
|
)
|
|
document_u2.delete()
|
|
|
|
# user only sees their own documents or unowned documents
|
|
resp = self.client.get("/api/trash/")
|
|
self.assertEqual(resp.status_code, status.HTTP_200_OK)
|
|
self.assertEqual(resp.data["count"], 2)
|
|
self.assertEqual(resp.data["results"][0]["id"], document_not_owned.pk)
|
|
self.assertEqual(resp.data["results"][1]["id"], document_u1.pk)
|
|
|
|
# superuser sees all documents
|
|
superuser = User.objects.create_superuser(username="superuser")
|
|
self.client.force_authenticate(user=superuser)
|
|
resp = self.client.get("/api/trash/")
|
|
self.assertEqual(resp.status_code, status.HTTP_200_OK)
|
|
self.assertEqual(resp.data["count"], 3)
|
|
|
|
def test_api_trash_insufficient_permissions(self):
|
|
"""
|
|
GIVEN:
|
|
- Existing document with owner = user2 in trash
|
|
WHEN:
|
|
- user 1 makes API request to empty document from trash
|
|
THEN:
|
|
- 403 Forbidden
|
|
"""
|
|
|
|
user2 = User.objects.create_user(username="user2")
|
|
document = Document.objects.create(
|
|
title="Title",
|
|
content="content",
|
|
checksum="checksum",
|
|
mime_type="application/pdf",
|
|
owner=user2,
|
|
)
|
|
document.delete()
|
|
|
|
resp = self.client.post(
|
|
"/api/trash/",
|
|
{"action": "empty", "documents": [document.pk]},
|
|
)
|
|
self.assertEqual(resp.status_code, status.HTTP_403_FORBIDDEN)
|
|
self.assertEqual(Document.global_objects.count(), 1)
|
|
|
|
def test_api_trash_invalid_params(self):
|
|
"""
|
|
GIVEN:
|
|
- Existing documents
|
|
WHEN:
|
|
- API request to trash with invalid params
|
|
THEN:
|
|
- 400 Bad Request
|
|
"""
|
|
|
|
document = Document.objects.create(
|
|
title="Title",
|
|
content="content",
|
|
checksum="checksum",
|
|
mime_type="application/pdf",
|
|
)
|
|
|
|
self.client.force_login(user=self.user)
|
|
|
|
# document isn't in trash
|
|
resp = self.client.post(
|
|
"/api/trash/",
|
|
{"action": "restore", "documents": [document.pk]},
|
|
)
|
|
self.assertEqual(resp.status_code, status.HTTP_400_BAD_REQUEST)
|
|
self.assertIn("have not yet been deleted", resp.data["documents"][0])
|