Merge pull request #33 from atin65536/master

meteozond · meteozond · commit f790d581bcff · 2015-12-22T09:11:09.000+03:00
fix GET 405 to GET 404 on unexisting folder.
diff --git a/.travis.yml b/.travis.yml
@@ -4,11 +4,10 @@ python:
   - "2.6"
 env:
   - DJANGO_VERSION=1.6.11
-  - DJANGO_VERSION=1.5.12
   - DJANGO_VERSION=1.7.7
 matrix:
   exclude:
    - python: "2.6"
      env: DJANGO_VERSION=1.7.7
-install: pip install -q Django==$DJANGO_VERSION djangorestframework
+install: pip install -q Django==$DJANGO_VERSION djangorestframework==3.2.5
 script: python setup.py test
diff --git a/djangodav/auth/rest.py b/djangodav/auth/rest.py
@@ -22,7 +22,12 @@
 from django.utils.decorators import method_decorator
 from django.views.decorators.csrf import csrf_exempt
 from djangodav.responses import HttpResponseUnAuthorized
-from rest_framework.exceptions import APIException
+
+try:
+    import rest_framework
+    from rest_framework.exceptions import APIException
+except ImportError:
+    rest_framework = None
 
 
 class RequestWrapper(object):
@@ -38,6 +43,7 @@ class RestAuthViewMixIn(object):
 
     @method_decorator(csrf_exempt)
     def dispatch(self, request, *args, **kwargs):
+        assert rest_framework is not None, "django rest framework is not installed."
         if request.method.lower() != 'options':
             user_auth_tuple = None
             for auth in self.authentications:
diff --git a/djangodav/auth/tests.py b/djangodav/auth/tests.py
@@ -3,13 +3,22 @@
 
 from django.test import TestCase
 from django.test.client import RequestFactory
+try:
+    from django.utils.unittest import skipUnless
+except ImportError:
+    from unittest import skipUnless
 
 from djangodav.views import DavView
 from djangodav.fs.resources import DummyReadFSDavResource
 from djangodav.auth.rest import RestAuthViewMixIn
 
-from rest_framework.authentication import SessionAuthentication as RestSessionAuthentication, \
+try:
+    import rest_framework
+    from rest_framework.authentication import SessionAuthentication as RestSessionAuthentication, \
                                           BasicAuthentication as RestBasicAuthentication
+except ImportError:
+    rest_framework = None
+
 from djangodav.responses import HttpResponseUnAuthorized
 from django.contrib.auth import get_user_model
 from djangodav.locks import DummyLock
@@ -35,16 +44,20 @@ def setUp(self):
         self.user.set_password('test')
         self.user.save()
     
+    @skipUnless(rest_framework, "required Django Rest Framework")
     def assertIsAuthorized(self, response):
         self.assertIsInstance(response, HttpResponse)
         self.assertNotIsInstance(response, HttpResponseUnAuthorized)
         
+    @skipUnless(rest_framework, "required Django Rest Framework")
     def assertIsNotAuthorized(self, response):
         self.assertIsInstance(response, HttpResponseUnAuthorized)
       
+    @skipUnless(rest_framework, "required Django Rest Framework")
     def assertHasAuthenticateHeader(self, response):
         self.assertEqual(response['WWW-Authenticate'], 'Basic realm="api"')
       
+    @skipUnless(rest_framework, "required Django Rest Framework")
     def test_auth_session(self):
         """ test whether we can authenticate through Django session """        
         
@@ -66,6 +79,7 @@ class RestAuthDavView(TestDAVView):
         response = v(request, '/')
         self.assertIsAuthorized(response)
     
+    @skipUnless(rest_framework, "required Django Rest Framework")
     def test_auth_basic(self):
         """ test whether we can authenticate through Basic auth """
 
@@ -90,6 +104,7 @@ class RestAuthDavView(TestDAVView):
         response = v(request, '/')
         self.assertIsAuthorized(response)
     
+    @skipUnless(rest_framework, "required Django Rest Framework")
     def test_auth_multiple(self):
         """ test whether we can authenticate through either Session or Basic auth """
         
diff --git a/djangodav/views/tests.py b/djangodav/views/tests.py
@@ -262,24 +262,24 @@ def test_dispatch(self):
     def test_allowed_object(self):
         v = DavView()
         v.__dict__['resource'] = self.sub_object
-        self.assertListEqual(v._allowed_methods(), ['HEAD', 'OPTIONS', 'PROPFIND', 'LOCK', 'UNLOCK', 'GET', 'DELETE', 'PROPPATCH', 'COPY', 'MOVE', 'PUT'])
+        self.assertListEqual(v._allowed_methods(), ['HEAD', 'OPTIONS', 'PROPFIND', 'LOCK', 'UNLOCK', 'GET', 'DELETE', 'PROPPATCH', 'COPY', 'MOVE', 'PUT', 'MKCOL'])
 
     def test_allowed_collection(self):
         v = DavView()
         v.__dict__['resource'] = self.top_collection
-        self.assertListEqual(v._allowed_methods(), ['HEAD', 'OPTIONS', 'PROPFIND', 'LOCK', 'UNLOCK', 'GET', 'DELETE', 'PROPPATCH', 'COPY', 'MOVE'])
+        self.assertListEqual(v._allowed_methods(), ['HEAD', 'OPTIONS', 'PROPFIND', 'LOCK', 'UNLOCK', 'GET', 'DELETE', 'PROPPATCH', 'COPY', 'MOVE', 'PUT', 'MKCOL'])
 
     def test_allowed_missing_collection(self):
         v = DavView()
         parent = MockCollection('/path/to/obj')
         v.__dict__['resource'] = MissingMockCollection('/path/', get_parent=Mock(return_value=parent))
-        self.assertListEqual(v._allowed_methods(), ['HEAD', 'OPTIONS', 'PROPFIND', 'LOCK', 'UNLOCK', 'GET', 'PUT', 'MKCOL'])
+        self.assertListEqual(v._allowed_methods(), ['HEAD', 'OPTIONS', 'PROPFIND', 'LOCK', 'UNLOCK', 'GET', 'DELETE', 'PROPPATCH', 'COPY', 'MOVE', 'PUT', 'MKCOL'])
 
     def test_allowed_missing_parent(self):
         v = DavView()
         parent = MissingMockCollection('/path/to/obj')
         v.__dict__['resource'] = MissingMockCollection('/path/', get_parent=Mock(return_value=parent))
-        self.assertEqual(v._allowed_methods(), [])
+        self.assertListEqual(v._allowed_methods(), ['HEAD', 'OPTIONS', 'PROPFIND', 'LOCK', 'UNLOCK', 'GET', 'DELETE', 'PROPPATCH', 'COPY', 'MOVE', 'PUT', 'MKCOL'])
 
     def test_options_root(self):
         path = '/'
@@ -384,7 +384,7 @@ def test_put_collection(self):
         request = HttpRequest()
         resp = v.put(request, path)
         self.assertFalse(self.sub_collection.write.called)
-        self.assertEqual(403, resp.status_code)
+        self.assertEqual(405, resp.status_code)
 
     def test_mkcol_new(self):
         path = '/collection/missing_sub_collection'
diff --git a/djangodav/views/views.py b/djangodav/views/views.py
@@ -25,7 +25,6 @@
 
 PATTERN_IF_DELIMITER = re.compile(r'(<([^>]+)>)|(\(([^\)]+)\))')
 
-
 class DavView(View):
     resource_class = None
     lock_class = None
@@ -95,15 +94,11 @@ def options(self, request, path, *args, **kwargs):
         return response
 
     def _allowed_methods(self):
-        allowed = ['HEAD', 'OPTIONS', 'PROPFIND', 'LOCK', 'UNLOCK']
-        if not self.resource.exists:
-            parent = self.resource.get_parent()
-            if not (parent.is_collection and parent.exists):
-                return []
-            return allowed + ['GET', 'PUT', 'MKCOL']
-        allowed += ['GET', 'DELETE', 'PROPPATCH', 'COPY', 'MOVE']
-        if self.resource.is_object:
-            allowed += ['PUT']
+        allowed = [
+            'HEAD', 'OPTIONS', 'PROPFIND', 'LOCK', 'UNLOCK',
+            'GET', 'DELETE', 'PROPPATCH', 'COPY', 'MOVE', 'PUT', 'MKCOL',
+        ]
+
         return allowed
 
     def get_access(self, resource):
@@ -207,9 +202,9 @@ def head(self, request, path, *args, **kwargs):
     def put(self, request, path, *args, **kwargs):
         parent = self.resource.get_parent()
         if not parent.exists:
-            raise Http404("Resource doesn't exists")
+            return HttpResponseConflict("Resource doesn't exists")
         if self.resource.is_collection:
-            return self.no_access()
+            return HttpResponseNotAllowed(list(set(self._allowed_methods()) - set(['MKCOL', 'PUT'])))
         if not self.resource.exists and not self.has_access(parent, 'write'):
             return self.no_access()
         if self.resource.exists and not self.has_access(self.resource, 'write'):
@@ -235,7 +230,7 @@ def delete(self, request, path, *args, **kwargs):
 
     def mkcol(self, request, path, *args, **kwargs):
         if self.resource.exists:
-            return HttpResponseNotAllowed(self._allowed_methods())
+            return HttpResponseNotAllowed(list(set(self._allowed_methods()) - set(['MKCOL', 'PUT'])))
         if not self.resource.get_parent().exists:
             return HttpResponseConflict()
         length = request.META.get('CONTENT_LENGTH', 0)
