Beispiel #1
0
 def test_list(self, client):
     """List organizations"""
     size = 10
     OrganizationFactory.create_batch(size)
     response = client.get("/api/organizations/")
     assert response.status_code == status.HTTP_200_OK
     response_json = json.loads(response.content)
     assert len(response_json["results"]) == size
Beispiel #2
0
    def test_list_filter(self, client):
        """List organizations"""
        names = ["abcdef", "ABC123", "abcxyz", "xyz123", "x12345", "qwerty"]
        for name in names:
            OrganizationFactory.create(name=name)

        prefixes = [("abc", 3), ("a", 3), ("x", 2), ("xyz", 1), ("qwerty", 1)]
        for prefix, size in prefixes:
            response = client.get("/api/organizations/",
                                  {"name__istartswith": prefix})
            assert response.status_code == status.HTTP_200_OK
            response_json = json.loads(response.content)
            assert len(response_json["results"]) == size
Beispiel #3
0
 def test_retrieve(self, client):
     """Test retrieving a user"""
     users = UserFactory.create_batch(2)
     OrganizationFactory(members=users)
     client.force_authenticate(user=users[0])
     response = client.get(f"/api/users/{users[1].pk}/")
     assert response.status_code == status.HTTP_200_OK
     response_json = json.loads(response.content)
     serializer = UserSerializer(users[1])
     assert response_json == serializer.data
Beispiel #4
0
 def test_list(self, client):
     """List users"""
     size = 10
     users = UserFactory.create_batch(size)
     OrganizationFactory(members=users)
     client.force_authenticate(user=users[0])
     response = client.get("/api/users/")
     assert response.status_code == status.HTTP_200_OK
     response_json = json.loads(response.content)
     assert len(response_json["results"]) == size
Beispiel #5
0
 def test_update(self, client, user):
     """Test setting a users active org"""
     organization = OrganizationFactory(members=[user])
     assert user.organization != organization
     client.force_authenticate(user=user)
     response = client.patch(
         f"/api/users/{user.pk}/", {"organization": organization.pk}
     )
     assert response.status_code == status.HTTP_200_OK
     assert user.organization == organization
Beispiel #6
0
 def test_list_id_in_filter(self, client):
     """List organizations"""
     size = 10
     orgs = OrganizationFactory.create_batch(size)
     some_ids = [str(o.id) for o in orgs[:5]]
     response = client.get("/api/organizations/",
                           {"id__in": ",".join(some_ids)})
     assert response.status_code == status.HTTP_200_OK
     response_json = json.loads(response.content)
     assert len(response_json["results"]) == len(some_ids)
Beispiel #7
0
def test_rules():
    anonymous = AnonymousUser()
    public_member = UserFactory()
    private_member = UserFactory()

    public_organization = OrganizationFactory(private=False,
                                              members=[public_member])
    private_organization = OrganizationFactory(private=True,
                                               members=[private_member])

    for user, organization, can_view in [
        (anonymous, public_organization, True),
        (public_member, public_organization, True),
        (private_member, public_organization, True),
        (anonymous, private_organization, False),
        (public_member, private_organization, False),
        (private_member, private_organization, True),
    ]:
        assert (user.has_perm("organizations.view_organization", organization)
                is can_view)
Beispiel #8
0
 def test_list_permissions(self, client):
     """List users you can view"""
     # the current user, a user in the same organization, a user in the same
     # project, a user with a public document, a user with a private document
     users = UserFactory.create_batch(5)
     OrganizationFactory(members=users[:2])
     ProjectFactory(user=users[0], collaborators=[users[2]])
     DocumentFactory(user=users[3], access=Access.public)
     DocumentFactory(user=users[4], access=Access.private)
     client.force_authenticate(user=users[0])
     response = client.get("/api/users/")
     assert response.status_code == status.HTTP_200_OK
     response_json = json.loads(response.content)
     # you can see all users except for the user with a private document
     assert len(response_json["results"]) == 4
Beispiel #9
0
    def test_list_queries(self, client, expand):
        """Queries should be constant"""
        small_size = 1
        users = UserFactory.create_batch(small_size)
        organization = OrganizationFactory(members=users)
        client.force_authenticate(user=users[0])
        reset_queries()
        client.get(f"/api/users/?expand={expand}")
        num_queries = len(connection.queries)

        size = 10
        users = UserFactory.create_batch(size)
        for user in users:
            Membership.objects.create(user=user, organization=organization)
        client.force_authenticate(user=users[0])
        reset_queries()
        response = client.get(f"/api/users/?expand={expand}")
        assert num_queries == len(connection.queries)
        assert len(response.json()["results"]) == size + small_size
Beispiel #10
0
def test_rules():
    anonymous = AnonymousUser()
    myself = UserFactory()
    organization_user = UserFactory()
    collaborator = UserFactory()
    unknown_user = UserFactory()

    OrganizationFactory(members=[myself, organization_user])
    ProjectFactory(collaborators=[myself, collaborator])

    for user, user_, can_view, can_change in [
        (anonymous, organization_user, False, False),
        (myself, myself, True, True),
        (myself, organization_user, True, False),
        (myself, collaborator, True, False),
        (myself, unknown_user, False, False),
    ]:
        assert user.has_perm("users.view_user", user_) is can_view
        assert user.has_perm("users.change_user", user_) is can_change
Beispiel #11
0
def setup_solr(django_db_setup, django_db_blocker):
    """Set up the models for the search tests

    `django_db_setup` causes pytest to initiate the test database
    """
    # pylint: disable=unused-argument
    solr = pysolr.Solr(settings.SOLR_URL, auth=settings.SOLR_AUTH)
    with django_db_blocker.unblock():
        try:
            organizations = {}
            users = {}
            documents = {}
            notes = {}
            # this enables searching through notes for users in that org
            entitlement = OrganizationEntitlementFactory()
            for org in ORGANIZATIONS:
                if org.pop("entitlement", None) == "org":
                    org["entitlement"] = entitlement
                organizations[org["id"]] = OrganizationFactory(**org)
            for user in USERS:
                user = user.copy()
                org = user.pop("organization")
                users[user["id"]] = UserFactory(
                    membership__organization=organizations[org], **user)
            for doc in DOCUMENTS:
                doc = doc.copy()
                user = doc.pop("user")
                org = doc.pop("organization")
                documents[doc["id"]] = DocumentFactory(
                    user=users[user], organization=organizations[org], **doc)
            for note in NOTES:
                note = note.copy()
                user = note.pop("user")
                org = note.pop("organization")
                doc = note.pop("document")
                notes[note["id"]] = NoteFactory(
                    user=users[user],
                    organization=organizations[org],
                    document=documents[doc],
                    **note,
                )
            for proj in PROJECTS:
                ProjectFactory(
                    id=proj["id"],
                    title=proj["title"],
                    user=users[proj["user"]],
                    edit_documents=[documents[d] for d in proj["documents"]],
                    collaborators=[users[a] for a in proj["collaborators"]],
                    edit_collaborators=[
                        users[a] for a in proj["edit_collaborators"]
                    ],
                )
            for doc in documents.values():
                solr.add([doc.solr()])
            solr.commit()
            yield
        finally:
            Document.objects.all().delete()
            Project.objects.all().delete()
            User.objects.all().delete()
            Organization.objects.all().delete()
            solr.delete(q="*:*")
Beispiel #12
0
def test_document_rules():
    # pylint: disable=too-many-locals
    anonymous = AnonymousUser()
    owner = UserFactory()
    edit_collaborator = UserFactory()
    view_collaborator = UserFactory()
    no_access_collaborator = UserFactory()
    organization_member = UserFactory()

    organization = OrganizationFactory(members=[owner, organization_member])
    organization_member.organization = organization

    public_document = DocumentFactory(user=owner,
                                      organization=organization,
                                      access=Access.public,
                                      title="public")
    public_pending_document = DocumentFactory(
        user=owner,
        organization=organization,
        access=Access.public,
        status=Status.pending,
        title="pending",
    )
    organization_document = DocumentFactory(user=owner,
                                            organization=organization,
                                            access=Access.organization,
                                            title="org")
    private_document = DocumentFactory(user=owner,
                                       organization=organization,
                                       access=Access.private,
                                       title="private")
    invisible_document = DocumentFactory(
        user=owner,
        organization=organization,
        access=Access.invisible,
        title="invisible",
    )
    documents = [
        public_document,
        public_pending_document,
        private_document,
        organization_document,
        invisible_document,
    ]

    ProjectFactory(edit_collaborators=[edit_collaborator],
                   edit_documents=documents)
    ProjectFactory(collaborators=[view_collaborator], edit_documents=documents)
    ProjectFactory(collaborators=[no_access_collaborator], documents=documents)

    for user, document, can_view, can_change, can_share in [
        (anonymous, public_document, True, False, False),
        (anonymous, public_pending_document, False, False, False),
        (anonymous, organization_document, False, False, False),
        (anonymous, private_document, False, False, False),
        (anonymous, invisible_document, False, False, False),
        (owner, public_document, True, True, True),
        (owner, public_pending_document, True, True, True),
        (owner, organization_document, True, True, True),
        (owner, private_document, True, True, True),
        (owner, invisible_document, False, False, False),
        (edit_collaborator, public_document, True, False, False),
        (edit_collaborator, public_pending_document, True, False, False),
        (edit_collaborator, organization_document, True, True, False),
        (edit_collaborator, private_document, True, True, False),
        (edit_collaborator, invisible_document, False, False, False),
        (view_collaborator, public_document, True, False, False),
        (view_collaborator, public_pending_document, True, False, False),
        (view_collaborator, organization_document, True, False, False),
        (view_collaborator, private_document, True, False, False),
        (view_collaborator, invisible_document, False, False, False),
        (no_access_collaborator, public_document, True, False, False),
        (no_access_collaborator, public_pending_document, False, False, False),
        (no_access_collaborator, organization_document, False, False, False),
        (no_access_collaborator, private_document, False, False, False),
        (no_access_collaborator, invisible_document, False, False, False),
        (organization_member, public_document, True, True, True),
        (organization_member, public_pending_document, True, True, True),
        (organization_member, organization_document, True, True, True),
        (organization_member, private_document, False, False, False),
        (organization_member, invisible_document, False, False, False),
    ]:
        assert (user.has_perm("documents.view_document", document) is
                can_view), f"{user.get_full_name()} - {document.title}"
        assert (user.has_perm("documents.change_document", document) is
                can_change), f"{user.get_full_name()} - {document.title}"
        assert (user.has_perm("documents.share_document", document) is
                can_share), f"{user.get_full_name()} - {document.title}"
        assert (user.has_perm("documents.delete_document", document) is
                can_share), f"{user.get_full_name()} - {document.title}"
Beispiel #13
0
def test_note_rules():
    anonymous = AnonymousUser()
    owner = UserFactory(name="owner")
    organization_member = UserFactory(name="org")
    edit_collaborator = UserFactory(name="edit")
    view_collaborator = UserFactory(name="view")

    organization = OrganizationFactory(members=[owner, organization_member])
    organization_member.organization = organization

    public_note = NoteFactory(user=owner,
                              organization=organization,
                              access=Access.public,
                              title="public")
    organization_note = NoteFactory(user=owner,
                                    organization=organization,
                                    access=Access.organization,
                                    title="org")
    private_note = NoteFactory(user=owner,
                               organization=organization,
                               access=Access.private,
                               title="private")
    invisible_note = NoteFactory(
        user=owner,
        organization=organization,
        access=Access.invisible,
        title="invisible",
    )

    documents = [
        public_note.document,
        organization_note.document,
        private_note.document,
        invisible_note.document,
    ]

    ProjectFactory(edit_collaborators=[edit_collaborator],
                   edit_documents=documents)
    ProjectFactory(collaborators=[view_collaborator], documents=documents)

    for user, note, can_view, can_change in [
        (anonymous, public_note, True, False),
        (anonymous, organization_note, False, False),
        (anonymous, private_note, False, False),
        (anonymous, invisible_note, False, False),
        (owner, public_note, True, True),
        (owner, organization_note, True, True),
        (owner, private_note, True, True),
        (owner, invisible_note, False, False),
        (organization_member, public_note, True, False),
        (organization_member, organization_note, False, False),
        (organization_member, private_note, False, False),
        (organization_member, invisible_note, False, False),
        (edit_collaborator, public_note, True, False),
        (edit_collaborator, organization_note, False, False),
        (edit_collaborator, private_note, False, False),
        (edit_collaborator, invisible_note, False, False),
        (view_collaborator, public_note, True, False),
        (view_collaborator, organization_note, False, False),
        (view_collaborator, private_note, False, False),
        (view_collaborator, invisible_note, False, False),
    ]:
        assert (user.has_perm("documents.view_note", note) is
                can_view), f"{user.get_full_name()} - {note.title}"
        assert (user.has_perm("documents.change_note", note) is
                can_change), f"{user.get_full_name()} - {note.title}"
        assert (user.has_perm("documents.delete_note", note) is
                can_change), f"{user.get_full_name()} - {note.title}"
Beispiel #14
0
def organization():
    return OrganizationFactory()
Beispiel #15
0
 def test_retrieve_bad(self, client):
     """Cannot view a private organization"""
     organization = OrganizationFactory(private=True)
     response = client.get(f"/api/organizations/{organization.pk}/")
     assert response.status_code == status.HTTP_404_NOT_FOUND