133 lines
3.7 KiB
Python
133 lines
3.7 KiB
Python
# Copyright (c) 2015, Frappe Technologies Pvt. Ltd. and Contributors
|
|
|
|
import unittest
|
|
import frappe
|
|
|
|
|
|
class TestClient(unittest.TestCase):
|
|
def test_set_value(self):
|
|
todo = frappe.get_doc(dict(doctype='ToDo', description='test')).insert()
|
|
frappe.set_value('ToDo', todo.name, 'description', 'test 1')
|
|
self.assertEqual(frappe.get_value('ToDo', todo.name, 'description'), 'test 1')
|
|
|
|
frappe.set_value('ToDo', todo.name, {'description': 'test 2'})
|
|
self.assertEqual(frappe.get_value('ToDo', todo.name, 'description'), 'test 2')
|
|
|
|
def test_delete(self):
|
|
from frappe.client import delete
|
|
|
|
todo = frappe.get_doc(dict(doctype='ToDo', description='description')).insert()
|
|
delete("ToDo", todo.name)
|
|
|
|
self.assertFalse(frappe.db.exists("ToDo", todo.name))
|
|
self.assertRaises(frappe.DoesNotExistError, delete, "ToDo", todo.name)
|
|
|
|
def test_http_valid_method_access(self):
|
|
from frappe.client import delete
|
|
from frappe.handler import execute_cmd
|
|
|
|
frappe.set_user("Administrator")
|
|
|
|
frappe.local.request = frappe._dict()
|
|
frappe.local.request.method = 'POST'
|
|
|
|
frappe.local.form_dict = frappe._dict({
|
|
'doc': dict(doctype='ToDo', description='Valid http method'),
|
|
'cmd': 'frappe.client.save'
|
|
})
|
|
todo = execute_cmd('frappe.client.save')
|
|
|
|
self.assertEqual(todo.get('description'), 'Valid http method')
|
|
|
|
delete("ToDo", todo.name)
|
|
|
|
def test_http_invalid_method_access(self):
|
|
from frappe.handler import execute_cmd
|
|
|
|
frappe.set_user("Administrator")
|
|
|
|
frappe.local.request = frappe._dict()
|
|
frappe.local.request.method = 'GET'
|
|
|
|
frappe.local.form_dict = frappe._dict({
|
|
'doc': dict(doctype='ToDo', description='Invalid http method'),
|
|
'cmd': 'frappe.client.save'
|
|
})
|
|
|
|
self.assertRaises(frappe.PermissionError, execute_cmd, 'frappe.client.save')
|
|
|
|
def test_run_doc_method(self):
|
|
from frappe.handler import execute_cmd
|
|
|
|
if not frappe.db.exists('Report', 'Test Run Doc Method'):
|
|
report = frappe.get_doc({
|
|
'doctype': 'Report',
|
|
'ref_doctype': 'User',
|
|
'report_name': 'Test Run Doc Method',
|
|
'report_type': 'Query Report',
|
|
'is_standard': 'No',
|
|
'roles': [
|
|
{'role': 'System Manager'}
|
|
]
|
|
}).insert()
|
|
else:
|
|
report = frappe.get_doc('Report', 'Test Run Doc Method')
|
|
|
|
frappe.local.request = frappe._dict()
|
|
frappe.local.request.method = 'GET'
|
|
|
|
# Whitelisted, works as expected
|
|
frappe.local.form_dict = frappe._dict({
|
|
'dt': report.doctype,
|
|
'dn': report.name,
|
|
'method': 'toggle_disable',
|
|
'cmd': 'run_doc_method',
|
|
'args': 0
|
|
})
|
|
|
|
execute_cmd(frappe.local.form_dict.cmd)
|
|
|
|
# Not whitelisted, throws permission error
|
|
frappe.local.form_dict = frappe._dict({
|
|
'dt': report.doctype,
|
|
'dn': report.name,
|
|
'method': 'create_report_py',
|
|
'cmd': 'run_doc_method',
|
|
'args': 0
|
|
})
|
|
|
|
self.assertRaises(
|
|
frappe.PermissionError,
|
|
execute_cmd,
|
|
frappe.local.form_dict.cmd
|
|
)
|
|
|
|
def test_array_values_in_request_args(self):
|
|
import requests
|
|
from frappe.auth import CookieManager, LoginManager
|
|
|
|
frappe.utils.set_request(path="/")
|
|
frappe.local.cookie_manager = CookieManager()
|
|
frappe.local.login_manager = LoginManager()
|
|
frappe.local.login_manager.login_as('Administrator')
|
|
params = {
|
|
'doctype': 'DocType',
|
|
'fields': ['name', 'modified'],
|
|
'sid': frappe.session.sid,
|
|
}
|
|
headers = {
|
|
'accept': 'application/json',
|
|
'content-type': 'application/json',
|
|
}
|
|
url = f'http://{frappe.local.site}:{frappe.conf.webserver_port}/api/method/frappe.client.get_list'
|
|
res = requests.post(
|
|
url,
|
|
json=params,
|
|
headers=headers
|
|
)
|
|
self.assertEqual(res.status_code, 200)
|
|
data = res.json()
|
|
first_item = data['message'][0]
|
|
self.assertTrue('name' in first_item)
|
|
self.assertTrue('modified' in first_item)
|
|
frappe.local.login_manager.logout()
|