mirror of
https://github.com/paperless-ngx/paperless-ngx.git
synced 2026-02-14 00:09:35 -06:00
475 lines
17 KiB
Python
475 lines
17 KiB
Python
from __future__ import annotations
|
|
|
|
from typing import TYPE_CHECKING
|
|
from unittest import mock
|
|
|
|
from auditlog.models import LogEntry # type: ignore[import-untyped]
|
|
from django.contrib.auth.models import Permission
|
|
from django.contrib.auth.models import User
|
|
from django.contrib.contenttypes.models import ContentType
|
|
from django.core.files.uploadedfile import SimpleUploadedFile
|
|
from rest_framework import status
|
|
from rest_framework.test import APITestCase
|
|
|
|
from documents.data_models import DocumentSource
|
|
from documents.models import Document
|
|
from documents.tests.utils import DirectoriesMixin
|
|
|
|
if TYPE_CHECKING:
|
|
from pathlib import Path
|
|
|
|
|
|
class TestDocumentVersioningApi(DirectoriesMixin, APITestCase):
|
|
def setUp(self) -> None:
|
|
super().setUp()
|
|
|
|
self.user = User.objects.create_superuser(username="temp_admin")
|
|
self.client.force_authenticate(user=self.user)
|
|
|
|
def _make_pdf_upload(self, name: str = "version.pdf") -> SimpleUploadedFile:
|
|
return SimpleUploadedFile(
|
|
name,
|
|
b"%PDF-1.4\n1 0 obj\n<<>>\nendobj\n%%EOF",
|
|
content_type="application/pdf",
|
|
)
|
|
|
|
def _write_file(self, path: Path, content: bytes = b"data") -> None:
|
|
path.parent.mkdir(parents=True, exist_ok=True)
|
|
path.write_bytes(content)
|
|
|
|
def _create_pdf(
|
|
self,
|
|
*,
|
|
title: str,
|
|
checksum: str,
|
|
root_document: Document | None = None,
|
|
) -> Document:
|
|
doc = Document.objects.create(
|
|
title=title,
|
|
checksum=checksum,
|
|
mime_type="application/pdf",
|
|
root_document=root_document,
|
|
)
|
|
self._write_file(doc.source_path, b"pdf")
|
|
self._write_file(doc.thumbnail_path, b"thumb")
|
|
return doc
|
|
|
|
def test_root_endpoint_returns_root_for_version_and_root(self) -> None:
|
|
root = Document.objects.create(
|
|
title="root",
|
|
checksum="root",
|
|
mime_type="application/pdf",
|
|
)
|
|
version = Document.objects.create(
|
|
title="v1",
|
|
checksum="v1",
|
|
mime_type="application/pdf",
|
|
root_document=root,
|
|
)
|
|
|
|
resp_root = self.client.get(f"/api/documents/{root.id}/root/")
|
|
self.assertEqual(resp_root.status_code, status.HTTP_200_OK)
|
|
self.assertEqual(resp_root.data["root_id"], root.id)
|
|
|
|
resp_version = self.client.get(f"/api/documents/{version.id}/root/")
|
|
self.assertEqual(resp_version.status_code, status.HTTP_200_OK)
|
|
self.assertEqual(resp_version.data["root_id"], root.id)
|
|
|
|
def test_root_endpoint_returns_404_for_missing_document(self) -> None:
|
|
resp = self.client.get("/api/documents/9999/root/")
|
|
|
|
self.assertEqual(resp.status_code, status.HTTP_404_NOT_FOUND)
|
|
|
|
def test_root_endpoint_falls_back_when_root_document_missing(self) -> None:
|
|
doc = Document(
|
|
title="orphan",
|
|
checksum="orphan",
|
|
mime_type="application/pdf",
|
|
)
|
|
doc.pk = 123
|
|
doc.root_document_id = 456
|
|
# Simulate a stale FK: id is set but related object is missing.
|
|
doc._state.fields_cache["root_document"] = None
|
|
|
|
with mock.patch("documents.views.Document.global_objects") as manager:
|
|
manager.select_related.return_value.get.return_value = doc
|
|
resp = self.client.get("/api/documents/123/root/")
|
|
|
|
self.assertEqual(resp.status_code, status.HTTP_200_OK)
|
|
self.assertEqual(resp.data["root_id"], 123)
|
|
|
|
def test_root_endpoint_returns_403_when_user_lacks_permission(self) -> None:
|
|
owner = User.objects.create_user(username="owner")
|
|
viewer = User.objects.create_user(username="viewer")
|
|
viewer.user_permissions.add(
|
|
Permission.objects.get(codename="view_document"),
|
|
)
|
|
root = Document.objects.create(
|
|
title="root",
|
|
checksum="root",
|
|
mime_type="application/pdf",
|
|
owner=owner,
|
|
)
|
|
self.client.force_authenticate(user=viewer)
|
|
|
|
resp = self.client.get(f"/api/documents/{root.id}/root/")
|
|
|
|
self.assertEqual(resp.status_code, status.HTTP_403_FORBIDDEN)
|
|
|
|
def test_delete_version_disallows_deleting_root(self) -> None:
|
|
root = Document.objects.create(
|
|
title="root",
|
|
checksum="root",
|
|
mime_type="application/pdf",
|
|
)
|
|
|
|
with mock.patch("documents.index.remove_document_from_index"):
|
|
resp = self.client.delete(f"/api/documents/{root.id}/versions/{root.id}/")
|
|
|
|
self.assertEqual(resp.status_code, status.HTTP_400_BAD_REQUEST)
|
|
self.assertTrue(Document.objects.filter(id=root.id).exists())
|
|
|
|
def test_delete_version_deletes_version_and_returns_current_version(self) -> None:
|
|
root = Document.objects.create(
|
|
title="root",
|
|
checksum="root",
|
|
mime_type="application/pdf",
|
|
)
|
|
v1 = Document.objects.create(
|
|
title="v1",
|
|
checksum="v1",
|
|
mime_type="application/pdf",
|
|
root_document=root,
|
|
)
|
|
v2 = Document.objects.create(
|
|
title="v2",
|
|
checksum="v2",
|
|
mime_type="application/pdf",
|
|
root_document=root,
|
|
)
|
|
|
|
with mock.patch("documents.index.remove_document_from_index"):
|
|
resp = self.client.delete(f"/api/documents/{root.id}/versions/{v2.id}/")
|
|
|
|
self.assertEqual(resp.status_code, status.HTTP_200_OK)
|
|
self.assertFalse(Document.objects.filter(id=v2.id).exists())
|
|
self.assertEqual(resp.data["current_version_id"], v1.id)
|
|
|
|
with mock.patch("documents.index.remove_document_from_index"):
|
|
resp = self.client.delete(f"/api/documents/{root.id}/versions/{v1.id}/")
|
|
|
|
self.assertEqual(resp.status_code, status.HTTP_200_OK)
|
|
self.assertFalse(Document.objects.filter(id=v1.id).exists())
|
|
self.assertEqual(resp.data["current_version_id"], root.id)
|
|
|
|
def test_delete_version_writes_audit_log_entry(self) -> None:
|
|
root = Document.objects.create(
|
|
title="root",
|
|
checksum="root",
|
|
mime_type="application/pdf",
|
|
)
|
|
version = Document.objects.create(
|
|
title="v1",
|
|
checksum="v1",
|
|
mime_type="application/pdf",
|
|
root_document=root,
|
|
)
|
|
version_id = version.id
|
|
|
|
with mock.patch("documents.index.remove_document_from_index"):
|
|
resp = self.client.delete(
|
|
f"/api/documents/{root.id}/versions/{version_id}/",
|
|
)
|
|
|
|
self.assertEqual(resp.status_code, status.HTTP_200_OK)
|
|
|
|
# Audit log entry is created against the root document.
|
|
entry = (
|
|
LogEntry.objects.filter(
|
|
content_type=ContentType.objects.get_for_model(Document),
|
|
object_id=root.id,
|
|
)
|
|
.order_by("-timestamp")
|
|
.first()
|
|
)
|
|
self.assertIsNotNone(entry)
|
|
assert entry is not None
|
|
self.assertIsNotNone(entry.actor)
|
|
assert entry.actor is not None
|
|
self.assertEqual(entry.actor.id, self.user.id)
|
|
self.assertEqual(entry.action, LogEntry.Action.UPDATE)
|
|
self.assertEqual(
|
|
entry.changes,
|
|
{"Version Deleted": ["None", version_id]},
|
|
)
|
|
additional_data = entry.additional_data or {}
|
|
self.assertEqual(additional_data.get("version_id"), version_id)
|
|
|
|
def test_delete_version_returns_404_when_version_not_related(self) -> None:
|
|
root = Document.objects.create(
|
|
title="root",
|
|
checksum="root",
|
|
mime_type="application/pdf",
|
|
)
|
|
other_root = Document.objects.create(
|
|
title="other",
|
|
checksum="other",
|
|
mime_type="application/pdf",
|
|
)
|
|
other_version = Document.objects.create(
|
|
title="other-v1",
|
|
checksum="other-v1",
|
|
mime_type="application/pdf",
|
|
root_document=other_root,
|
|
)
|
|
|
|
with mock.patch("documents.index.remove_document_from_index"):
|
|
resp = self.client.delete(
|
|
f"/api/documents/{root.id}/versions/{other_version.id}/",
|
|
)
|
|
|
|
self.assertEqual(resp.status_code, status.HTTP_404_NOT_FOUND)
|
|
|
|
def test_delete_version_accepts_version_id_as_root_parameter(self) -> None:
|
|
root = Document.objects.create(
|
|
title="root",
|
|
checksum="root",
|
|
mime_type="application/pdf",
|
|
)
|
|
version = Document.objects.create(
|
|
title="v1",
|
|
checksum="v1",
|
|
mime_type="application/pdf",
|
|
root_document=root,
|
|
)
|
|
|
|
with mock.patch("documents.index.remove_document_from_index"):
|
|
resp = self.client.delete(
|
|
f"/api/documents/{version.id}/versions/{version.id}/",
|
|
)
|
|
|
|
self.assertEqual(resp.status_code, status.HTTP_200_OK)
|
|
self.assertFalse(Document.objects.filter(id=version.id).exists())
|
|
self.assertEqual(resp.data["current_version_id"], root.id)
|
|
|
|
def test_delete_version_returns_404_when_root_missing(self) -> None:
|
|
resp = self.client.delete("/api/documents/9999/versions/123/")
|
|
|
|
self.assertEqual(resp.status_code, status.HTTP_404_NOT_FOUND)
|
|
|
|
def test_delete_version_returns_403_without_permission(self) -> None:
|
|
owner = User.objects.create_user(username="owner")
|
|
other = User.objects.create_user(username="other")
|
|
other.user_permissions.add(
|
|
Permission.objects.get(codename="delete_document"),
|
|
)
|
|
root = Document.objects.create(
|
|
title="root",
|
|
checksum="root",
|
|
mime_type="application/pdf",
|
|
owner=owner,
|
|
)
|
|
version = Document.objects.create(
|
|
title="v1",
|
|
checksum="v1",
|
|
mime_type="application/pdf",
|
|
root_document=root,
|
|
)
|
|
self.client.force_authenticate(user=other)
|
|
|
|
resp = self.client.delete(
|
|
f"/api/documents/{root.id}/versions/{version.id}/",
|
|
)
|
|
|
|
self.assertEqual(resp.status_code, status.HTTP_403_FORBIDDEN)
|
|
|
|
def test_delete_version_returns_404_when_version_missing(self) -> None:
|
|
root = Document.objects.create(
|
|
title="root",
|
|
checksum="root",
|
|
mime_type="application/pdf",
|
|
)
|
|
|
|
resp = self.client.delete(f"/api/documents/{root.id}/versions/9999/")
|
|
|
|
self.assertEqual(resp.status_code, status.HTTP_404_NOT_FOUND)
|
|
|
|
def test_download_version_param_errors(self) -> None:
|
|
root = self._create_pdf(title="root", checksum="root")
|
|
|
|
resp = self.client.get(
|
|
f"/api/documents/{root.id}/download/?version=not-a-number",
|
|
)
|
|
self.assertEqual(resp.status_code, status.HTTP_404_NOT_FOUND)
|
|
|
|
resp = self.client.get(f"/api/documents/{root.id}/download/?version=9999")
|
|
self.assertEqual(resp.status_code, status.HTTP_404_NOT_FOUND)
|
|
|
|
other_root = self._create_pdf(title="other", checksum="other")
|
|
other_version = self._create_pdf(
|
|
title="other-v1",
|
|
checksum="other-v1",
|
|
root_document=other_root,
|
|
)
|
|
resp = self.client.get(
|
|
f"/api/documents/{root.id}/download/?version={other_version.id}",
|
|
)
|
|
self.assertEqual(resp.status_code, status.HTTP_404_NOT_FOUND)
|
|
|
|
def test_download_preview_thumb_with_version_param(self) -> None:
|
|
root = self._create_pdf(title="root", checksum="root")
|
|
version = self._create_pdf(
|
|
title="v1",
|
|
checksum="v1",
|
|
root_document=root,
|
|
)
|
|
self._write_file(version.source_path, b"version")
|
|
self._write_file(version.thumbnail_path, b"thumb")
|
|
|
|
resp = self.client.get(
|
|
f"/api/documents/{root.id}/download/?version={version.id}",
|
|
)
|
|
self.assertEqual(resp.status_code, status.HTTP_200_OK)
|
|
self.assertEqual(resp.content, b"version")
|
|
|
|
resp = self.client.get(
|
|
f"/api/documents/{root.id}/preview/?version={version.id}",
|
|
)
|
|
self.assertEqual(resp.status_code, status.HTTP_200_OK)
|
|
self.assertEqual(resp.content, b"version")
|
|
|
|
resp = self.client.get(
|
|
f"/api/documents/{root.id}/thumb/?version={version.id}",
|
|
)
|
|
self.assertEqual(resp.status_code, status.HTTP_200_OK)
|
|
self.assertEqual(resp.content, b"thumb")
|
|
|
|
def test_metadata_version_param_uses_version(self) -> None:
|
|
root = Document.objects.create(
|
|
title="root",
|
|
checksum="root",
|
|
mime_type="application/pdf",
|
|
)
|
|
version = Document.objects.create(
|
|
title="v1",
|
|
checksum="v1",
|
|
mime_type="application/pdf",
|
|
root_document=root,
|
|
)
|
|
|
|
with mock.patch("documents.views.DocumentViewSet.get_metadata") as metadata:
|
|
metadata.return_value = []
|
|
resp = self.client.get(
|
|
f"/api/documents/{root.id}/metadata/?version={version.id}",
|
|
)
|
|
|
|
self.assertEqual(resp.status_code, status.HTTP_200_OK)
|
|
self.assertTrue(metadata.called)
|
|
|
|
def test_metadata_returns_403_when_user_lacks_permission(self) -> None:
|
|
owner = User.objects.create_user(username="owner")
|
|
other = User.objects.create_user(username="other")
|
|
other.user_permissions.add(
|
|
Permission.objects.get(codename="view_document"),
|
|
)
|
|
doc = Document.objects.create(
|
|
title="root",
|
|
checksum="root",
|
|
mime_type="application/pdf",
|
|
owner=owner,
|
|
)
|
|
self.client.force_authenticate(user=other)
|
|
|
|
resp = self.client.get(f"/api/documents/{doc.id}/metadata/")
|
|
|
|
self.assertEqual(resp.status_code, status.HTTP_403_FORBIDDEN)
|
|
|
|
def test_update_version_enqueues_consume_with_overrides(self) -> None:
|
|
root = Document.objects.create(
|
|
title="root",
|
|
checksum="root",
|
|
mime_type="application/pdf",
|
|
)
|
|
upload = self._make_pdf_upload()
|
|
|
|
async_task = mock.Mock()
|
|
async_task.id = "task-123"
|
|
|
|
with mock.patch("documents.views.consume_file") as consume_mock:
|
|
consume_mock.delay.return_value = async_task
|
|
resp = self.client.post(
|
|
f"/api/documents/{root.id}/update_version/",
|
|
{"document": upload, "version_label": " New Version "},
|
|
format="multipart",
|
|
)
|
|
|
|
self.assertEqual(resp.status_code, status.HTTP_200_OK)
|
|
self.assertEqual(resp.data, "task-123")
|
|
consume_mock.delay.assert_called_once()
|
|
input_doc, overrides = consume_mock.delay.call_args[0]
|
|
self.assertEqual(input_doc.root_document_id, root.id)
|
|
self.assertEqual(input_doc.source, DocumentSource.ApiUpload)
|
|
self.assertEqual(overrides.version_label, "New Version")
|
|
self.assertEqual(overrides.actor_id, self.user.id)
|
|
|
|
def test_update_version_returns_500_on_consume_failure(self) -> None:
|
|
root = Document.objects.create(
|
|
title="root",
|
|
checksum="root",
|
|
mime_type="application/pdf",
|
|
)
|
|
upload = self._make_pdf_upload()
|
|
|
|
with mock.patch("documents.views.consume_file") as consume_mock:
|
|
consume_mock.delay.side_effect = Exception("boom")
|
|
resp = self.client.post(
|
|
f"/api/documents/{root.id}/update_version/",
|
|
{"document": upload},
|
|
format="multipart",
|
|
)
|
|
|
|
self.assertEqual(resp.status_code, status.HTTP_500_INTERNAL_SERVER_ERROR)
|
|
|
|
def test_update_version_returns_403_without_permission(self) -> None:
|
|
owner = User.objects.create_user(username="owner")
|
|
other = User.objects.create_user(username="other")
|
|
root = Document.objects.create(
|
|
title="root",
|
|
checksum="root",
|
|
mime_type="application/pdf",
|
|
owner=owner,
|
|
)
|
|
self.client.force_authenticate(user=other)
|
|
|
|
resp = self.client.post(
|
|
f"/api/documents/{root.id}/update_version/",
|
|
{"document": self._make_pdf_upload()},
|
|
format="multipart",
|
|
)
|
|
|
|
self.assertEqual(resp.status_code, status.HTTP_403_FORBIDDEN)
|
|
|
|
def test_update_version_returns_404_for_missing_document(self) -> None:
|
|
resp = self.client.post(
|
|
"/api/documents/9999/update_version/",
|
|
{"document": self._make_pdf_upload()},
|
|
format="multipart",
|
|
)
|
|
|
|
self.assertEqual(resp.status_code, status.HTTP_404_NOT_FOUND)
|
|
|
|
def test_update_version_requires_document(self) -> None:
|
|
root = Document.objects.create(
|
|
title="root",
|
|
checksum="root",
|
|
mime_type="application/pdf",
|
|
)
|
|
|
|
resp = self.client.post(
|
|
f"/api/documents/{root.id}/update_version/",
|
|
{"version_label": "label"},
|
|
format="multipart",
|
|
)
|
|
|
|
self.assertEqual(resp.status_code, status.HTTP_400_BAD_REQUEST)
|