def test_search_raw(self):
perms = {'read': ['group:__world__']}
uri1 = u'http://xyz.com'
uri2 = u'urn:uuid:xxxxx'
user1 = u'levin'
user2 = u'anna'
anno1 = Annotation(uri=uri1, text=uri1, user=user1, permissions=perms)
anno2 = Annotation(uri=uri1,
text=uri1 + uri1,
user=user2,
permissions=perms)
anno3 = Annotation(uri=uri2, text=uri2, user=user1, permissions=perms)
anno1.save()
anno2.save()
anno3.save()
hits = Annotation.search_raw()
assert_equal(len(hits), 3)
query = {'query': {'filtered': {'filter': {'term': {'user': user1}}}}}
params = {'from_': 1}
hits = Annotation.search_raw(query=query)
assert_equal(len(hits), 2)
hits = Annotation.search_raw(params=params)
assert_equal(len(hits), 2)
hits = Annotation.search_raw(query=query, params=params)
assert_equal(len(hits), 1)
def _create_annotations_for_search(self):
perms = {'read': ['group:__world__']}
anno1 = Annotation(uri=uri1, text=uri1, user=user1, permissions=perms,
created=date1)
anno2 = Annotation(uri=uri1, text=uri1 + uri1, user=user2, permissions=perms,
created=date2)
anno3 = Annotation(uri=uri2, text=uri2, user=user1, permissions=perms,
created=date3)
anno1.save()
anno2.save()
anno3.save()
return [anno1, anno2, anno3]
def test_save_assert_refresh(self):
a = Annotation(name='bob')
a.es = MagicMock()
a.es.index = 'foo'
a.save()
args, kwargs = a.es.conn.index.call_args
assert_equal(kwargs['refresh'], True)
def test_save_refresh_disable(self):
a = Annotation(name='bob')
a.es = MagicMock()
a.es.index = 'foo'
a.save(refresh=False)
args, kwargs = a.es.conn.index.call_args
assert_equal(kwargs['refresh'], False)
def setup(self):
super(TestStoreAuthz, self).setup()
self.user = MockUser() # alice
self.anno_id = '123'
self.permissions = {
'read': [self.user.id, 'bob'],
'update': [self.user.id, 'charlie'],
'admin': [self.user.id]
}
self.ctx = self.app.test_request_context()
self.ctx.push()
ann = Annotation(id=self.anno_id,
user=self.user.id,
consumer=self.user.consumer.key,
text='Foobar',
permissions=self.permissions)
ann.save()
for u in ['alice', 'bob', 'charlie']:
token = auth.encode_token(
{
'consumerKey': self.user.consumer.key,
'userId': u
}, self.user.consumer.secret)
setattr(self, '%s_headers' % u, {'x-annotator-auth-token': token})
def test_search(self):
perms = {'read': ['group:__world__']}
uri1 = u'http://xyz.com'
uri2 = u'urn:uuid:xxxxx'
user1 = u'levin'
user2 = u'anna'
anno1 = Annotation(uri=uri1, text=uri1, user=user1, permissions=perms)
anno2 = Annotation(uri=uri1,
text=uri1 + uri1,
user=user2,
permissions=perms)
anno3 = Annotation(uri=uri2, text=uri2, user=user1, permissions=perms)
anno1.save()
anno2.save()
anno3.save()
res = Annotation.search()
assert_equal(len(res), 3)
# ordering (most recent first)
assert_equal(res[0]['text'], uri2)
res = Annotation.count()
assert_equal(res, 3)
res = Annotation.search(limit=1)
assert_equal(len(res), 1)
res = Annotation.count(limit=1)
assert_equal(res, 3)
res = Annotation.search(query={'uri': uri1})
assert_equal(len(res), 2)
assert_equal(res[0]['uri'], uri1)
assert_equal(res[0]['id'], anno2['id'])
res = Annotation.search(query={'user': user1})
assert_equal(len(res), 2)
assert_equal(res[0]['user'], user1)
assert_equal(res[0]['id'], anno3['id'])
res = Annotation.search(query={'user': user1, 'uri': uri2})
assert_equal(len(res), 1)
assert_equal(res[0]['user'], user1)
assert_equal(res[0]['id'], anno3['id'])
res = Annotation.count(query={'user': user1, 'uri': uri2})
assert_equal(res, 1)
def test_delete(self):
ann = Annotation(id=1)
ann.save()
newann = Annotation.fetch(1)
newann.delete()
noann = Annotation.fetch(1)
assert_true(noann == None)
def _create_annotation(self, refresh=True, **kwargs):
opts = {
'user': self.user.id,
'consumer': self.user.consumer.key
}
opts.update(kwargs)
ann = Annotation(**opts)
ann.save(refresh=refresh)
return ann
def test_search_permissions_admin(self):
anno = Annotation(text='Foobar', user='******', consumer='testconsumer')
anno.save()
user = h.MockUser('bob', 'testconsumer')
user.is_admin = True
res = Annotation.search(user=user)
assert_equal(len(res), 1)
def test_search_permissions_null(self):
anno = Annotation(text='Foobar')
anno.save()
res = Annotation.search()
assert_equal(len(res), 0)
user = h.MockUser('bob')
res = Annotation.search(user=user)
assert_equal(len(res), 0)
def test_search_permissions_owner(self):
anno = Annotation(text='Foobar', user='******', consumer='testconsumer')
anno.save()
res = Annotation.search()
assert_equal(len(res), 0)
user = h.MockUser('alice', 'testconsumer')
res = Annotation.search(user=user)
assert_equal(len(res), 1)
def test_cross_representations(self):
# create an annotation for an html document which we can
# scrape some document metadata from, including a link to a pdf
a1 = Annotation(uri='http://example.com/1234',
text='annotation1',
user='******',
document = {
"link": [
{
"href": "http://example.com/1234",
"type": "text/html"
},
{
"href": "http://example.com/1234.pdf",
"type": "application/pdf"
}
]
},
consumer='testconsumer')
a1.save()
# create an annotation for the pdf that lacks document metadata since
# annotator doesn't currently extract information from pdfs
a2 = Annotation(uri='http://example.com/1234.pdf',
text='annotation2',
user='******',
consumer='testconsumer')
a2.save()
# now a query for annotations of the pdf should yield both annotations
user = h.MockUser('alice', 'testconsumer')
res = Annotation.search(user=user,
query={'uri':'http://example.com/1234.pdf'})
assert_equal(len(res), 2)
# and likewise for annotations of the html
res = Annotation.search(user=user,
query={'uri':'http://example.com/1234'})
assert_equal(len(res), 2)
def test_search_permissions_malicious(self):
anno = Annotation(text='Foobar',
user='******',
consumer='testconsumer',
permissions={'read': ['group:__consumer__']})
anno.save()
# Any user whose username starts with "group:" must be refused any results
g.user = h.MockUser('group:anyone', 'testconsumer')
res = Annotation.search()
assert_equal(len(res), 0)
def test_search_permissions_malicious(self):
anno = Annotation(text='Foobar',
user='******',
consumer='testconsumer',
permissions={'read': ['group:__consumer__']})
anno.save()
# Any user whose username starts with "group:" must be refused any results
user = h.MockUser('group:anyone', 'testconsumer')
search_action = lambda: Annotation.search(user=user)
assert_raises(RuntimeError, search_action)
def test_basics(self):
user = "******"
ann = Annotation(text="Hello there", user=user)
ann['ranges'] = []
ann['ranges'].append({})
ann['ranges'].append({})
ann.save()
ann = Annotation.fetch(ann.id)
assert_equal(ann['text'], "Hello there")
assert_equal(ann['user'], "alice")
assert_equal(len(ann['ranges']), 2)
def test_update_other_users_annotation(self):
ann = Annotation(id=123,
user='******',
consumer=self.user.consumer.key,
permissions={'update': ['group:__consumer__']})
ann.save()
payload = json.dumps({'id': 123, 'text': 'Foo'})
response = self.cli.put('/api/annotations/123',
data=payload,
content_type='application/json',
headers=self.bob_headers)
assert response.status_code == 200, "response should be 200 OK"
def test_search_permissions_authenticated(self):
anno = Annotation(text='Foobar',
consumer='testconsumer',
permissions={'read': ['group:__authenticated__']})
anno.save()
res = Annotation.search()
assert_equal(len(res), 0)
user = h.MockUser('alice', 'testconsumer')
res = Annotation.search(user=user)
assert_equal(len(res), 1)
user = h.MockUser('bob', 'anotherconsumer')
res = Annotation.search(user=user)
assert_equal(len(res), 1)
def test_search_permissions_world(self):
anno = Annotation(text='Foobar',
consumer='testconsumer',
permissions={'read': ['group:__world__']})
anno.save()
res = Annotation.search()
assert_equal(len(res), 1)
g.user = h.MockUser('alice', 'testconsumer')
res = Annotation.search()
assert_equal(len(res), 1)
g.user = h.MockUser('bob')
res = Annotation.search()
assert_equal(len(res), 1)
g.user = h.MockUser('bob', 'testconsumer')
res = Annotation.search()
assert_equal(len(res), 1)
def test_case_sensitivity(self):
"""Indexing and search should not apply lowercase to strings
(this requirement might be changed sometime)
"""
# https://github.com/openannotation/annotator-store/issues/73
anno = Annotation(uri='http://example.com/1234',
text='Foobar',
user='******',
consumer='testconsumer',
custom_field='CaseSensitive')
anno.save()
user = h.MockUser('alice', 'testconsumer')
res = Annotation.search(user=user,
query={'custom_field': 'CaseSensitive'})
assert_equal(len(res), 1)
res = Annotation.search(user=user,
query={'custom_field': 'casesensitive'})
assert_equal(len(res), 0)
def test_search_permissions_simple(self):
anno = Annotation(text='Foobar',
consumer='testconsumer',
permissions={'read': ['bob']})
anno.save()
res = Annotation.search()
assert_equal(len(res), 0)
user = h.MockUser('alice', 'testconsumer')
res = Annotation.search(user=user)
assert_equal(len(res), 0)
user = h.MockUser('bob')
res = Annotation.search(user=user)
assert_equal(len(res), 0)
user = h.MockUser('bob', 'testconsumer')
res = Annotation.search(user=user)
assert_equal(len(res), 1)
def test_basics(self):
user = "******"
ann = Annotation(text="Hello there", user=user)
ann['ranges'] = []
ann['ranges'].append({'startOffset': 3})
ann['ranges'].append({'startOffset': 5})
ann['document'] = {
'title': 'Annotation for Dummies',
'link': [
{'href': 'http://example.com/1234', 'type': 'application/pdf'}
]
}
ann.save()
ann = Annotation.fetch(ann['id'])
assert_equal(ann['text'], "Hello there")
assert_equal(ann['user'], "alice")
assert_equal(len(ann['ranges']), 2)
assert_equal(ann['document']['title'], 'Annotation for Dummies')
assert_equal(ann['document']['link'][0]['href'], 'http://example.com/1234')
assert_equal(ann['document']['link'][0]['type'], 'application/pdf')
def create_annotation():
# Only registered users can create annotations
if g.user is None:
return _failed_authz_response('create annotation')
if request.json is not None:
annotation = Annotation(
_filter_input(request.json, CREATE_FILTER_FIELDS))
annotation['consumer'] = g.user.consumer.key
if _get_annotation_user(annotation) != g.user.id:
annotation['user'] = g.user.id
if hasattr(g, 'after_annotation_create'):
annotation.save(refresh=False)
g.after_annotation_create(annotation)
refresh = request.args.get('refresh') != 'false'
annotation.save(refresh=refresh)
return jsonify(annotation)
else:
return jsonify('No JSON payload sent. Annotation not created.',
status=400)
def test_save_refresh(self):
a = Annotation(name='bob')
a.es = MagicMock()
a.save()
assert_equal(1, a.es.conn.refresh.call_count)
def test_save_refresh_disable(self):
a = Annotation(name='bob')
a.es = MagicMock()
a.save(refresh=False)
assert_false(a.es.conn.refresh.called)
def test_fetch(self):
a = Annotation(foo='bar')
a.save()
b = Annotation.fetch(a['id'])
assert_equal(b['foo'], 'bar')
def test_new(self):
a = Annotation()
assert_equal('{}', repr(a))
def test_save_refresh(self):
a = Annotation(name='bob')
c = a.es.conn
a.save(refresh=True)
assert_true('id' in a)
