chewy-attachment 0.1.0__py3-none-any.whl

chewy_attachment/django_app/tests/conftest.py

@@ -0,0 +1,56 @@
+"""pytest configuration for Django tests"""
+
+from pathlib import Path
+
+import django
+from django.conf import settings
+
+
+def pytest_configure():
+    """Configure Django settings for tests"""
+    if settings.configured:
+        return
+
+    test_dir = Path(__file__).parent.absolute()
+    storage_root = test_dir / "test_storage"
+
+    settings.configure(
+        DEBUG=True,
+        DATABASES={
+            "default": {
+                "ENGINE": "django.db.backends.sqlite3",
+                "NAME": ":memory:",
+            }
+        },
+        INSTALLED_APPS=[
+            "django.contrib.contenttypes",
+            "django.contrib.auth",
+            "django.contrib.sessions",
+            "rest_framework",
+            "chewy_attachment.django_app",
+        ],
+        ROOT_URLCONF="chewy_attachment.django_app.urls",
+        REST_FRAMEWORK={
+            "DEFAULT_AUTHENTICATION_CLASSES": [],
+            "DEFAULT_PERMISSION_CLASSES": [],
+        },
+        CHEWY_ATTACHMENT={
+            "STORAGE_ROOT": storage_root,
+        },
+        DEFAULT_AUTO_FIELD="django.db.models.BigAutoField",
+        USE_TZ=True,
+        SECRET_KEY="test-secret-key-for-testing-only",
+        BASE_DIR=test_dir,
+    )
+
+    django.setup()
+
+
+def pytest_sessionfinish(session, exitstatus):
+    """Clean up test storage after tests"""
+    import shutil
+
+    test_dir = Path(__file__).parent.absolute()
+    storage_root = test_dir / "test_storage"
+    if storage_root.exists():
+        shutil.rmtree(storage_root)

chewy_attachment/django_app/tests/test_views.py

@@ -0,0 +1,207 @@
+"""Unit tests for Django views"""
+
+import io
+import shutil
+from pathlib import Path
+
+from django.contrib.auth import get_user_model
+from django.test import TestCase, override_settings
+from rest_framework import status
+from rest_framework.test import APIClient
+
+from chewy_attachment.django_app.models import Attachment
+
+
+TEST_STORAGE = Path(__file__).parent / "test_storage"
+
+
+@override_settings(CHEWY_ATTACHMENT={"STORAGE_ROOT": TEST_STORAGE})
+class TestAttachmentViews(TestCase):
+    """Test cases for attachment API views"""
+
+    @classmethod
+    def setUpClass(cls):
+        super().setUpClass()
+        TEST_STORAGE.mkdir(parents=True, exist_ok=True)
+
+    @classmethod
+    def tearDownClass(cls):
+        super().tearDownClass()
+        if TEST_STORAGE.exists():
+            shutil.rmtree(TEST_STORAGE)
+
+    def setUp(self):
+        """Set up test fixtures"""
+        self.client = APIClient()
+        User = get_user_model()
+
+        self.user1 = User.objects.create_user(
+            username="testuser1",
+            password="testpass123",
+        )
+        self.user2 = User.objects.create_user(
+            username="testuser2",
+            password="testpass123",
+        )
+
+        self.test_file_content = b"Hello, this is test file content!"
+        self.test_file_name = "test.txt"
+
+    def tearDown(self):
+        """Clean up after each test"""
+        Attachment.objects.all().delete()
+
+    def _create_test_file(self):
+        """Create a test file for upload"""
+        return io.BytesIO(self.test_file_content)
+
+    def _upload_file(self, user, is_public=False):
+        """Helper to upload a file"""
+        self.client.force_authenticate(user=user)
+        file = self._create_test_file()
+        file.name = self.test_file_name
+
+        response = self.client.post(
+            "/files/",
+            {"file": file, "is_public": is_public},
+            format="multipart",
+        )
+        return response
+
+    def test_upload_file_success(self):
+        """Test successful file upload"""
+        self.client.force_authenticate(user=self.user1)
+        file = self._create_test_file()
+        file.name = self.test_file_name
+
+        response = self.client.post(
+            "/files/",
+            {"file": file, "is_public": False},
+            format="multipart",
+        )
+
+        self.assertEqual(response.status_code, status.HTTP_201_CREATED)
+        self.assertEqual(response.data["original_name"], self.test_file_name)
+        self.assertEqual(response.data["size"], len(self.test_file_content))
+        self.assertEqual(response.data["owner_id"], str(self.user1.id))
+        self.assertFalse(response.data["is_public"])
+
+        self.assertEqual(Attachment.objects.count(), 1)
+        attachment = Attachment.objects.first()
+        self.assertEqual(attachment.original_name, self.test_file_name)
+
+    def test_upload_file_unauthenticated_fails(self):
+        """Test upload fails without authentication"""
+        file = self._create_test_file()
+        file.name = self.test_file_name
+
+        response = self.client.post(
+            "/files/",
+            {"file": file},
+            format="multipart",
+        )
+
+        self.assertIn(response.status_code, [status.HTTP_401_UNAUTHORIZED, status.HTTP_403_FORBIDDEN])
+
+    def test_get_file_info_by_owner(self):
+        """Test owner can get file info"""
+        upload_response = self._upload_file(self.user1, is_public=False)
+        file_id = upload_response.data["id"]
+
+        self.client.force_authenticate(user=self.user1)
+        response = self.client.get(f"/files/{file_id}/")
+
+        self.assertEqual(response.status_code, status.HTTP_200_OK)
+        self.assertEqual(response.data["id"], file_id)
+
+    def test_get_private_file_info_by_non_owner_fails(self):
+        """Test non-owner cannot get private file info"""
+        upload_response = self._upload_file(self.user1, is_public=False)
+        file_id = upload_response.data["id"]
+
+        self.client.force_authenticate(user=self.user2)
+        response = self.client.get(f"/files/{file_id}/")
+
+        self.assertEqual(response.status_code, status.HTTP_403_FORBIDDEN)
+
+    def test_get_public_file_info_anonymous(self):
+        """Test anonymous user can get public file info"""
+        upload_response = self._upload_file(self.user1, is_public=True)
+        file_id = upload_response.data["id"]
+
+        self.client.force_authenticate(user=None)
+        response = self.client.get(f"/files/{file_id}/")
+
+        self.assertEqual(response.status_code, status.HTTP_200_OK)
+        self.assertEqual(response.data["id"], file_id)
+
+    def test_delete_file_by_owner(self):
+        """Test owner can delete file"""
+        upload_response = self._upload_file(self.user1)
+        file_id = upload_response.data["id"]
+
+        self.client.force_authenticate(user=self.user1)
+        response = self.client.delete(f"/files/{file_id}/")
+
+        self.assertEqual(response.status_code, status.HTTP_204_NO_CONTENT)
+        self.assertEqual(Attachment.objects.count(), 0)
+
+    def test_delete_file_by_non_owner_fails(self):
+        """Test non-owner cannot delete file"""
+        upload_response = self._upload_file(self.user1)
+        file_id = upload_response.data["id"]
+
+        self.client.force_authenticate(user=self.user2)
+        response = self.client.delete(f"/files/{file_id}/")
+
+        self.assertEqual(response.status_code, status.HTTP_403_FORBIDDEN)
+        self.assertEqual(Attachment.objects.count(), 1)
+
+    def test_delete_public_file_by_non_owner_fails(self):
+        """Test non-owner cannot delete even public file"""
+        upload_response = self._upload_file(self.user1, is_public=True)
+        file_id = upload_response.data["id"]
+
+        self.client.force_authenticate(user=self.user2)
+        response = self.client.delete(f"/files/{file_id}/")
+
+        self.assertEqual(response.status_code, status.HTTP_403_FORBIDDEN)
+
+    def test_download_file_by_owner(self):
+        """Test owner can download file"""
+        upload_response = self._upload_file(self.user1)
+        file_id = upload_response.data["id"]
+
+        self.client.force_authenticate(user=self.user1)
+        response = self.client.get(f"/files/{file_id}/content/")
+
+        self.assertEqual(response.status_code, status.HTTP_200_OK)
+        self.assertEqual(b"".join(response.streaming_content), self.test_file_content)
+
+    def test_download_private_file_by_non_owner_fails(self):
+        """Test non-owner cannot download private file"""
+        upload_response = self._upload_file(self.user1, is_public=False)
+        file_id = upload_response.data["id"]
+
+        self.client.force_authenticate(user=self.user2)
+        response = self.client.get(f"/files/{file_id}/content/")
+
+        self.assertEqual(response.status_code, status.HTTP_403_FORBIDDEN)
+
+    def test_download_public_file_anonymous(self):
+        """Test anonymous user can download public file"""
+        upload_response = self._upload_file(self.user1, is_public=True)
+        file_id = upload_response.data["id"]
+
+        self.client.force_authenticate(user=None)
+        response = self.client.get(f"/files/{file_id}/content/")
+
+        self.assertEqual(response.status_code, status.HTTP_200_OK)
+        self.assertEqual(b"".join(response.streaming_content), self.test_file_content)
+
+    def test_get_nonexistent_file_returns_404(self):
+        """Test 404 for nonexistent file"""
+        self.client.force_authenticate(user=self.user1)
+        response = self.client.get("/files/00000000-0000-0000-0000-000000000000/")
+
+        self.assertEqual(response.status_code, status.HTTP_404_NOT_FOUND)

chewy_attachment/django_app/urls.py

@@ -0,0 +1,14 @@
+"""URL configuration for ChewyAttachment Django app"""
+
+from django.urls import include, path
+
+from rest_framework.routers import DefaultRouter
+
+from .views import AttachmentViewSet
+
+router = DefaultRouter()
+router.register(r"files", AttachmentViewSet, basename="attachment")
+
+urlpatterns = [
+    path("", include(router.urls)),
+]

chewy_attachment/django_app/views.py

@@ -0,0 +1,202 @@
+"""DRF views for ChewyAttachment"""
+
+from django.conf import settings
+from django.http import FileResponse, Http404
+
+from rest_framework import status, viewsets
+from rest_framework.decorators import action
+from rest_framework.response import Response
+from rest_framework.views import APIView
+
+from ..core.permissions import PermissionChecker, load_permission_class
+from ..core.storage import FileStorageEngine
+from ..core.utils import generate_uuid
+from .models import Attachment, get_storage_root
+from .permissions import IsAuthenticatedForUpload, IsOwnerOrPublicReadOnly
+from .serializers import AttachmentSerializer, AttachmentUploadSerializer
+
+
+def get_permission_classes():
+    """
+    Get permission classes from settings or use defaults.
+
+    Settings:
+        ATTACHMENTS_PERMISSION_CLASSES: List of permission class paths
+
+    Example:
+        # settings.py
+        ATTACHMENTS_PERMISSION_CLASSES = [
+            "IsAuthenticatedForUpload",
+            "myapp.permissions.CustomAttachmentPermission",
+        ]
+    """
+    custom_classes = getattr(settings, "ATTACHMENTS_PERMISSION_CLASSES", None)
+
+    if custom_classes:
+        loaded_classes = []
+        for class_path in custom_classes:
+            # If it's just a class name, try to load from default location
+            if "." not in class_path:
+                class_path = f"chewy_attachment.django_app.permissions.{class_path}"
+            try:
+                loaded_classes.append(load_permission_class(class_path))
+            except ImportError as e:
+                raise ImportError(
+                    f"Failed to load permission class from ATTACHMENTS_PERMISSION_CLASSES: {e}"
+                )
+        return loaded_classes
+
+    # Default permission classes
+    return [IsAuthenticatedForUpload, IsOwnerOrPublicReadOnly]
+
+
+class AttachmentViewSet(viewsets.ModelViewSet):
+    """
+    ViewSet for attachment operations.
+
+    Endpoints:
+    - POST /files/ - Upload file
+    - GET /files/{id}/ - Get file info
+    - DELETE /files/{id}/ - Delete file
+
+    Custom Permissions:
+        Configure via settings.ATTACHMENTS_PERMISSION_CLASSES
+    """
+
+    queryset = Attachment.objects.all()
+    serializer_class = AttachmentSerializer
+    http_method_names = ["get", "post", "delete", "head", "options"]
+
+    def __init__(self, *args, **kwargs):
+        super().__init__(*args, **kwargs)
+        # Dynamically load permission classes
+        self.permission_classes = get_permission_classes()
+
+    def get_storage_engine(self) -> FileStorageEngine:
+        """Get storage engine instance"""
+        return FileStorageEngine(get_storage_root())
+
+    def create(self, request, *args, **kwargs):
+        """Handle file upload"""
+        serializer = AttachmentUploadSerializer(data=request.data)
+        serializer.is_valid(raise_exception=True)
+
+        uploaded_file = serializer.validated_data["file"]
+        is_public = serializer.validated_data.get("is_public", False)
+
+        content = uploaded_file.read()
+        original_name = uploaded_file.name
+
+        storage = self.get_storage_engine()
+        result = storage.save_file(content, original_name)
+
+        attachment = Attachment.objects.create(
+            id=generate_uuid(),
+            original_name=original_name,
+            storage_path=result.storage_path,
+            mime_type=result.mime_type,
+            size=result.size,
+            owner_id=str(request.user.id),
+            is_public=is_public,
+        )
+
+        output_serializer = AttachmentSerializer(attachment)
+        return Response(output_serializer.data, status=status.HTTP_201_CREATED)
+
+    def retrieve(self, request, *args, **kwargs):
+        """Get file metadata"""
+        instance = self.get_object()
+        serializer = self.get_serializer(instance)
+        return Response(serializer.data)
+
+    def destroy(self, request, *args, **kwargs):
+        """Delete file"""
+        instance = self.get_object()
+
+        storage = self.get_storage_engine()
+        storage.delete_file(instance.storage_path)
+
+        instance.delete()
+        return Response(status=status.HTTP_204_NO_CONTENT)
+
+    @action(detail=True, methods=["get"], url_path="content")
+    def download(self, request, pk=None):
+        """Download file content"""
+        instance = self.get_object()
+
+        user_context = Attachment.get_user_context(request)
+        file_metadata = instance.to_file_metadata()
+
+        if not PermissionChecker.can_download(file_metadata, user_context):
+            return Response(
+                {"detail": "You do not have permission to download this file"},
+                status=status.HTTP_403_FORBIDDEN,
+            )
+
+        storage = self.get_storage_engine()
+
+        try:
+            file_path = storage.get_file_path(instance.storage_path)
+        except Exception:
+            raise Http404("File not found on storage")
+
+        response = FileResponse(
+            open(file_path, "rb"),
+            content_type=instance.mime_type,
+        )
+        response["Content-Disposition"] = f'attachment; filename="{instance.original_name}"'
+        response["Content-Length"] = instance.size
+        return response
+
+
+class AttachmentDownloadView(APIView):
+    """
+    Alternative download view using APIView.
+
+    GET /files/{id}/content - Download file content
+
+    Custom Permissions:
+        Configure via settings.ATTACHMENTS_PERMISSION_CLASSES
+    """
+
+    def __init__(self, *args, **kwargs):
+        super().__init__(*args, **kwargs)
+        # Dynamically load permission classes
+        self.permission_classes = get_permission_classes()
+
+    def get_object(self, pk):
+        """Get attachment by ID"""
+        try:
+            return Attachment.objects.get(pk=pk)
+        except Attachment.DoesNotExist:
+            raise Http404("Attachment not found")
+
+    def get(self, request, pk, format=None):
+        """Download file"""
+        attachment = self.get_object(pk)
+
+        self.check_object_permissions(request, attachment)
+
+        user_context = Attachment.get_user_context(request)
+        file_metadata = attachment.to_file_metadata()
+
+        if not PermissionChecker.can_download(file_metadata, user_context):
+            return Response(
+                {"detail": "You do not have permission to download this file"},
+                status=status.HTTP_403_FORBIDDEN,
+            )
+
+        storage = FileStorageEngine(get_storage_root())
+
+        try:
+            file_path = storage.get_file_path(attachment.storage_path)
+        except Exception:
+            raise Http404("File not found on storage")
+
+        response = FileResponse(
+            open(file_path, "rb"),
+            content_type=attachment.mime_type,
+        )
+        response["Content-Disposition"] = f'attachment; filename="{attachment.original_name}"'
+        response["Content-Length"] = attachment.size
+        return response

chewy_attachment/fastapi_app/__init__.py

@@ -0,0 +1,5 @@
+"""FastAPI implementation of ChewyAttachment"""
+
+from .router import router
+
+__all__ = ["router"]

chewy_attachment/fastapi_app/crud.py

@@ -0,0 +1,93 @@
+"""CRUD operations for ChewyAttachment FastAPI app"""
+
+from typing import Optional
+
+from sqlmodel import Session, select
+
+from ..core.utils import generate_uuid
+from .models import Attachment, AttachmentCreate
+
+
+def create_attachment(session: Session, data: AttachmentCreate) -> Attachment:
+    """
+    Create a new attachment record.
+
+    Args:
+        session: Database session
+        data: Attachment creation data
+
+    Returns:
+        Created Attachment instance
+    """
+    attachment = Attachment(
+        id=generate_uuid(),
+        original_name=data.original_name,
+        storage_path=data.storage_path,
+        mime_type=data.mime_type,
+        size=data.size,
+        owner_id=data.owner_id,
+        is_public=data.is_public,
+    )
+    session.add(attachment)
+    session.commit()
+    session.refresh(attachment)
+    return attachment
+
+
+def get_attachment(session: Session, attachment_id: str) -> Optional[Attachment]:
+    """
+    Get attachment by ID.
+
+    Args:
+        session: Database session
+        attachment_id: Attachment ID
+
+    Returns:
+        Attachment instance or None
+    """
+    statement = select(Attachment).where(Attachment.id == attachment_id)
+    return session.exec(statement).first()
+
+
+def get_attachments_by_owner(
+    session: Session,
+    owner_id: str,
+    skip: int = 0,
+    limit: int = 100,
+) -> list[Attachment]:
+    """
+    Get attachments by owner ID.
+
+    Args:
+        session: Database session
+        owner_id: Owner ID
+        skip: Number of records to skip
+        limit: Maximum number of records to return
+
+    Returns:
+        List of Attachment instances
+    """
+    statement = (
+        select(Attachment)
+        .where(Attachment.owner_id == owner_id)
+        .offset(skip)
+        .limit(limit)
+        .order_by(Attachment.created_at.desc())
+    )
+    return list(session.exec(statement).all())
+
+
+def delete_attachment(session: Session, attachment: Attachment) -> bool:
+    """
+    Delete attachment record.
+
+    Args:
+        session: Database session
+        attachment: Attachment instance to delete
+
+    Returns:
+        True if deleted
+    """
+    session.delete(attachment)
+    session.commit()
+    return True