aboutsummaryrefslogtreecommitdiffstats
path: root/test/ApiSpecs.js
blob: 1e52cf442b7a9b5cb840ed555e2ba2eb09b59d31 (plain) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64

'use strict';

describe('api', function() {

  describe('HashMap', function() {
    it('should do basic crud', function() {
      var map = new HashMap();
      var key = {};
      var value1 = {};
      var value2 = {};
      map.put(key, value1);
      map.put(key, value2);
      expect(map.get(key)).toBe(value2);
      expect(map.get({})).toBe(undefined);
      expect(map.remove(key)).toBe(value2);
      expect(map.get(key)).toBe(undefined);
    });

    it('should init from an array', function() {
      var map = new HashMap(['a','b']);
      expect(map.get('a')).toBe(0);
      expect(map.get('b')).toBe(1);
      expect(map.get('c')).toBe(undefined);
    });
  });


  describe('HashQueueMap', function() {
    it('should do basic crud with collections', function() {
      var map = new HashQueueMap();
      map.push('key', 'a');
      map.push('key', 'b');
      expect(map[hashKey('key')]).toEqual(['a', 'b']);
      expect(map.peek('key')).toEqual('a');
      expect(map[hashKey('key')]).toEqual(['a', 'b']);
      expect(map.shift('key')).toEqual('a');
      expect(map.peek('key')).toEqual('b');
      expect(map[hashKey('key')]).toEqual(['b']);
      expect(map.shift('key')).toEqual('b');
      expect(map.shift('key')).toEqual(undefined);
      expect(map[hashKey('key')]).toEqual(undefined);
    });

    it('should support primitive and object keys', function() {
      var obj1 = {},
          obj2 = {};

      var map = new HashQueueMap();
      map.push(obj1, 'a1');
      map.push(obj1, 'a2');
      map.push(obj2, 'b');
      map.push(1, 'c');
      map.push(undefined, 'd');
      map.push(null, 'e');

      expect(map[hashKey(obj1)]).toEqual(['a1', 'a2']);
      expect(map[hashKey(obj2)]).toEqual(['b']);
      expect(map[hashKey(1)]).toEqual(['c']);
      expect(map[hashKey(undefined)]).toEqual(['d']);
      expect(map[hashKey(null)]).toEqual(['e']);
    });
  });
});
generated by cgit v1.2.3 (git 2.25.1) at 2025-11-02 22:04:11 +0000
The request is authenticated as a user, or is a read-only request. """ def has_permission(self, request, view): return (request.method in SAFE_METHODS or request.user and request.user.is_authenticated()) class DjangoModelPermissions(BasePermission): """ The request is authenticated using `django.contrib.auth` permissions. See: https://docs.djangoproject.com/en/dev/topics/auth/#permissions It ensures that the user is authenticated, and has the appropriate `add`/`change`/`delete` permissions on the model. This permission can only be applied against view classes that provide a `.model` or `.queryset` attribute. """ # Map methods into required permission codes. # Override this if you need to also provide 'view' permissions, # or if you want to provide custom permission codes. perms_map = { 'GET': [], 'OPTIONS': [], 'HEAD': [], 'POST': ['%(app_label)s.add_%(model_name)s'], 'PUT': ['%(app_label)s.change_%(model_name)s'], 'PATCH': ['%(app_label)s.change_%(model_name)s'], 'DELETE': ['%(app_label)s.delete_%(model_name)s'], } authenticated_users_only = True def get_required_permissions(self, method, model_cls): """ Given a model and an HTTP method, return the list of permission codes that the user is required to have. """ kwargs = { 'app_label': model_cls._meta.app_label, 'model_name': get_model_name(model_cls) } return [perm % kwargs for perm in self.perms_map[method]] def has_permission(self, request, view): model_cls = getattr(view, 'model', None) queryset = getattr(view, 'queryset', None) if model_cls is None and queryset is not None: model_cls = queryset.model # Workaround to ensure DjangoModelPermissions are not applied # to the root view when using DefaultRouter. if model_cls is None and getattr(view, '_ignore_model_permissions', False): return True assert model_cls, ('Cannot apply DjangoModelPermissions on a view that' ' does not have `.model` or `.queryset` property.') perms = self.get_required_permissions(request.method, model_cls) return (request.user and (request.user.is_authenticated() or not self.authenticated_users_only) and request.user.has_perms(perms)) class DjangoModelPermissionsOrAnonReadOnly(DjangoModelPermissions): """ Similar to DjangoModelPermissions, except that anonymous users are allowed read-only access. """ authenticated_users_only = False class DjangoObjectPermissions(DjangoModelPermissions): """ The request is authenticated using Django's object-level permissions. It requires an object-permissions-enabled backend, such as Django Guardian. It ensures that the user is authenticated, and has the appropriate `add`/`change`/`delete` permissions on the object using .has_perms. This permission can only be applied against view classes that provide a `.model` or `.queryset` attribute. """ perms_map = { 'GET': [], 'OPTIONS': [], 'HEAD': [], 'POST': ['%(app_label)s.add_%(model_name)s'], 'PUT': ['%(app_label)s.change_%(model_name)s'], 'PATCH': ['%(app_label)s.change_%(model_name)s'], 'DELETE': ['%(app_label)s.delete_%(model_name)s'], } def get_required_object_permissions(self, method, model_cls): kwargs = { 'app_label': model_cls._meta.app_label, 'model_name': get_model_name(model_cls) } return [perm % kwargs for perm in self.perms_map[method]] def has_object_permission(self, request, view, obj): model_cls = getattr(view, 'model', None) queryset = getattr(view, 'queryset', None) if model_cls is None and queryset is not None: model_cls = queryset.model perms = self.get_required_object_permissions(request.method, model_cls) user = request.user if not user.has_perms(perms, obj): # If the user does not have permissions we need to determine if # they have read permissions to see 403, or not, and simply see # a 404 reponse. if request.method in ('GET', 'OPTIONS', 'HEAD'): # Read permissions already checked and failed, no need # to make another lookup. raise Http404 read_perms = self.get_required_object_permissions('GET', model_cls) if not user.has_perms(read_perms, obj): raise Http404 # Has read permissions. return False return True class TokenHasReadWriteScope(BasePermission): """ The request is authenticated as a user and the token used has the right scope """ def has_permission(self, request, view): token = request.auth read_only = request.method in SAFE_METHODS if not token: return False if hasattr(token, 'resource'): # OAuth 1 return read_only or not request.auth.resource.is_readonly elif hasattr(token, 'scope'): # OAuth 2 required = oauth2_constants.READ if read_only else oauth2_constants.WRITE return oauth2_provider_scope.check(required, request.auth.scope) assert False, ('TokenHasReadWriteScope requires either the' '`OAuthAuthentication` or `OAuth2Authentication` authentication ' 'class to be used.')
generated by cgit v1.2.3 (git 2.25.1) at 2025-11-02 22:04:11 +0000