def test_user_progress_anonymous(self):
"""Test API userprogress as anonymous works"""
user = UserFactory.create()
project = ProjectFactory.create(owner=user)
tasks = TaskFactory.create_batch(2, project=project)
taskruns = []
for task in tasks:
taskruns.extend(AnonymousTaskRunFactory.create_batch(2, task=task))
res = self.app.get('/api/project/1/userprogress', follow_redirects=True)
data = json.loads(res.data)
error_msg = "The reported total number of tasks is wrong"
assert len(tasks) == data['total'], error_msg
error_msg = "The reported number of done tasks is wrong"
assert len(taskruns) == data['done'], data
# Add a new TaskRun and check again
taskrun = AnonymousTaskRunFactory.create(task=tasks[0], info={'answer': u'hello'})
res = self.app.get('/api/project/1/userprogress', follow_redirects=True)
data = json.loads(res.data)
error_msg = "The reported total number of tasks is wrong"
assert len(tasks) == data['total'], error_msg
error_msg = "Number of done tasks is wrong: %s" % len(taskruns)
assert len(taskruns) + 1 == data['done'], error_msg
def test_anonymous_user_create_repeated_taskrun(self):
"""Test anonymous user cannot create two taskruns for the same task"""
task = TaskFactory.create()
taskrun1 = AnonymousTaskRunFactory.create(task=task)
taskrun2 = AnonymousTaskRunFactory.build(task=task)
assert_raises(Forbidden, ensure_authorized_to, 'create', taskrun2)
def test_n_total_task_runs_site_returns_total_number_of_answers(self):
AnonymousTaskRunFactory.create()
TaskRunFactory.create()
task_runs = stats.n_task_runs_site()
assert task_runs == 2, task_runs
def test_webhook_handler_all(self, q):
"""Test WEBHOOK requeing all works."""
self.register()
user = user_repo.get(1)
project = ProjectFactory.create(owner=user, webhook='server')
task = TaskFactory.create(project=project, n_answers=1)
AnonymousTaskRunFactory.create(project=project, task=task)
payload = self.payload(project, task)
wh1 = Webhook(project_id=project.id, payload=payload,
response='error', response_status_code=500)
webhook_repo.save(wh1)
wh2 = Webhook(project_id=project.id, payload=payload,
response='ok', response_status_code=200)
webhook_repo.save(wh2)
wh3 = Webhook(project_id=project.id, payload=payload,
response='ok', response_status_code=200)
webhook_repo.save(wh3)
whs = webhook_repo.filter_by(project_id=project.id)
url = "/project/%s/webhook?all=true" % (project.short_name)
res = self.app.get(url)
assert res.status_code == 200, res.status_code
calls = []
for w in whs:
calls.append(call(webhook, project.webhook,
w.payload, w.id, True))
q.assert_has_calls(calls)
def test_user_progress_anonymous(self):
"""Test API userprogress as anonymous works"""
user = UserFactory.create()
app = AppFactory.create(owner=user)
tasks = TaskFactory.create_batch(2, app=app)
for task in tasks:
taskruns = AnonymousTaskRunFactory.create_batch(2, task=task)
taskruns = db.session.query(TaskRun)\
.filter(TaskRun.app_id == app.id)\
.filter(TaskRun.user_ip == '127.0.0.1')\
.all()
res = self.app.get('/api/app/1/userprogress', follow_redirects=True)
data = json.loads(res.data)
error_msg = "The reported total number of tasks is wrong"
assert len(tasks) == data['total'], error_msg
error_msg = "The reported number of done tasks is wrong"
assert len(taskruns) == data['done'], data
# Add a new TaskRun and check again
taskrun = AnonymousTaskRunFactory.create(task=tasks[0], info={'answer': u'hello'})
res = self.app.get('/api/app/1/userprogress', follow_redirects=True)
data = json.loads(res.data)
error_msg = "The reported total number of tasks is wrong"
assert len(tasks) == data['total'], error_msg
error_msg = "Number of done tasks is wrong: %s" % len(taskruns)
assert len(taskruns) + 1 == data['done'], error_msg
def test_anonymous_user_create_repeated_taskrun(self):
"""Test anonymous user cannot create a taskrun for a task to which
he has previously posted a taskrun"""
task = TaskFactory.create()
taskrun1 = AnonymousTaskRunFactory.create(task=task)
taskrun2 = AnonymousTaskRunFactory.build(task=task)
assert_raises(Forbidden, ensure_authorized_to, 'create', taskrun2)
def test_stats_users(self):
"""Test CACHE PROJECT STATS user stats works."""
pr = ProjectFactory.create()
TaskRunFactory.create(project=pr)
AnonymousTaskRunFactory.create(project=pr)
users, anon_users, auth_users = stats_users(pr.id)
assert len(users) == 2, len(users)
assert len(anon_users) == 1, len(anon_users)
assert len(auth_users) == 1, len(auth_users)
def test_anonymous_user_create_repeated_taskrun(self):
"""Test anonymous user cannot create a taskrun for a task to which
he has previously posted a taskrun"""
task = TaskFactory.create()
taskrun1 = AnonymousTaskRunFactory.create(task=task)
taskrun2 = AnonymousTaskRunFactory.build(task=task)
assert_raises(Forbidden,
getattr(require, 'taskrun').create,
taskrun2)
def test_anonymous_user_create_taskrun(self):
"""Test anonymous user can create a taskrun for a task even though
he has posted taskruns for different tasks in the same project"""
tasks = TaskFactory.create_batch(2)
taskrun1 = AnonymousTaskRunFactory.create(task=tasks[0])
taskrun2 = AnonymousTaskRunFactory.build(task_id=tasks[1].id)
assert_not_raises(Exception,
ensure_authorized_to, 'create', taskrun2)
def create_mock_ip_addresses(self, geoip_mock):
geoip_instance = MagicMock()
locs = [{'latitude': 1, 'longitude': 1, 'country_name': 'England',
'city': 'London', 'continent': 'Europe'},
{'latitude': 2, 'longitude': 2, 'country_name': 'France',
'city': 'Paris', 'continent': 'Europe'}]
geoip_instance.record_by_addr.side_effect = locs
geoip_mock.return_value = geoip_instance
AnonymousTaskRunFactory.create(info={'ip_address': '1.1.1.1'})
TaskRunFactory.create(info={'ip_address': '2.2.2.2'})
def test_stats_users_with_period(self):
"""Test CACHE PROJECT STATS user stats with period works."""
pr = ProjectFactory.create()
d = date.today() - timedelta(days=6)
TaskRunFactory.create(project=pr, created=d, finish_time=d)
d = date.today() - timedelta(days=16)
AnonymousTaskRunFactory.create(project=pr, created=d, finish_time=d)
users, anon_users, auth_users = stats_users(pr.id, '1 week')
assert len(users) == 2, len(users)
assert len(anon_users) == 0, len(anon_users)
assert len(auth_users) == 1, len(auth_users)
def test_webhook_handler_post_oid_404(self):
"""Test WEBHOOK post oid 404 works."""
self.register()
user = user_repo.get(1)
project = ProjectFactory.create(owner=user)
task = TaskFactory.create(project=project, n_answers=1)
AnonymousTaskRunFactory.create(project=project, task=task)
payload = self.payload(project, task)
webhook = Webhook(project_id=project.id, payload=payload,
response='OK', response_status_code=200)
webhook_repo.save(webhook)
url = "/project/%s/webhook/%s" % (project.short_name, 9999)
res = self.app.post(url)
assert res.status_code == 404, res.status_code
def test_stats_dates(self):
"""Test CACHE PROJECT STATS date works."""
pr = ProjectFactory.create()
task = TaskFactory.create(project=pr, n_answers=1)
today = datetime.now(pytz.utc)
TaskFactory.create()
TaskRunFactory.create(project=pr, task=task)
AnonymousTaskRunFactory.create(project=pr)
dates, dates_anon, dates_auth = stats_dates(pr.id)
assert len(dates) == 15, len(dates)
assert len(dates_anon) == 15, len(dates_anon)
assert len(dates_auth) == 15, len(dates_auth)
assert dates[today.strftime('%Y-%m-%d')] == 1
assert dates_anon[today.strftime('%Y-%m-%d')] == 1
assert dates_auth[today.strftime('%Y-%m-%d')] == 1
def test_stats_dates_with_period(self):
"""Test CACHE PROJECT STATS dates with period works."""
pr = ProjectFactory.create()
d = date.today() - timedelta(days=6)
task = TaskFactory.create(project=pr, n_answers=1, created=d)
TaskRunFactory.create(project=pr, task=task, created=d, finish_time=d)
dd = date.today() - timedelta(days=16)
AnonymousTaskRunFactory.create(project=pr, created=dd, finish_time=dd)
dates, dates_anon, dates_auth = stats_dates(pr.id, '1 week')
assert len(dates) == 7, len(dates)
assert len(dates_anon) == 7, len(dates_anon)
assert len(dates_auth) == 7, len(dates_auth)
assert dates[d.strftime('%Y-%m-%d')] == 1
assert dates_anon[d.strftime('%Y-%m-%d')] == 0
assert dates_auth[d.strftime('%Y-%m-%d')] == 1
def test_admin_update_anonymous_taskrun(self):
"""Test admins cannot update anonymously posted taskruns"""
anonymous_taskrun = AnonymousTaskRunFactory.create()
assert_raises(Forbidden,
ensure_authorized_to, 'update', anonymous_taskrun)
def test_authenticated_user_delete_anonymous_taskrun(self):
"""Test authenticated users cannot delete an anonymously posted taskrun"""
anonymous_taskrun = AnonymousTaskRunFactory.create()
assert_raises(Forbidden,
ensure_authorized_to, 'delete', anonymous_taskrun)
def test_anonymous_02_gets_different_tasks(self):
""" Test SCHED newtask returns N different Tasks for the Anonymous User"""
assigned_tasks = []
# Get a Task until scheduler returns None
project = ProjectFactory.create()
tasks = TaskFactory.create_batch(3, project=project, info={})
res = self.app.get('api/project/%s/newtask' %project.id)
data = json.loads(res.data)
while data.get('info') is not None:
# Save the assigned task
assigned_tasks.append(data)
task = db.session.query(Task).get(data['id'])
# Submit an Answer for the assigned task
tr = AnonymousTaskRunFactory.create(project=project, task=task)
res = self.app.get('api/project/%s/newtask' %project.id)
data = json.loads(res.data)
# Check if we received the same number of tasks that the available ones
assert len(assigned_tasks) == len(tasks), len(assigned_tasks)
# Check if all the assigned Task.id are equal to the available ones
err_msg = "Assigned Task not found in DB Tasks"
for at in assigned_tasks:
assert self.is_task(at['id'], tasks), err_msg
# Check that there are no duplicated tasks
err_msg = "One Assigned Task is duplicated"
for at in assigned_tasks:
assert self.is_unique(at['id'], assigned_tasks), err_msg
def test_anonymous_user_update_anoymous_taskrun(self):
"""Test anonymous users cannot update an anonymously posted taskrun"""
anonymous_taskrun = AnonymousTaskRunFactory.create()
assert_raises(Unauthorized,
ensure_authorized_to, 'update', anonymous_taskrun)
def test_anonymous_user_create_first_taskrun(self):
"""Test anonymous user can create a taskrun for a given task if he
hasn't already done it"""
task = TaskFactory.create()
taskrun = AnonymousTaskRunFactory.build(task=task)
assert_not_raises(Exception, ensure_authorized_to, 'create', taskrun)
def test_admin_delete_anonymous_taskrun(self):
"""Test admins can delete anonymously posted taskruns"""
anonymous_taskrun = AnonymousTaskRunFactory.create()
assert_not_raises(Exception,
ensure_authorized_to, 'delete', anonymous_taskrun)
def test_anonymous_user_read(self):
"""Test anonymous user can read any taskrun"""
anonymous_taskrun = AnonymousTaskRunFactory.create()
user_taskrun = TaskRunFactory.create()
assert_not_raises(Exception,
ensure_authorized_to, 'read', anonymous_taskrun)
assert_not_raises(Exception, ensure_authorized_to, 'read', user_taskrun)
def test_anonymous_user_create_taskrun_non_allow_anonymous_contrib(self):
"""Test anonymous user cannot create a taskrun for a project that does
not allow for anonymous contributors"""
project = ProjectFactory.create(allow_anonymous_contributors=False)
task = TaskFactory.create(project=project)
taskrun = AnonymousTaskRunFactory.build(task=task)
assert_raises(Unauthorized, ensure_authorized_to, 'create', taskrun)
def test_admin_update_anonymous_taskrun(self):
"""Test admins cannot update anonymously posted taskruns"""
anonymous_taskrun = AnonymousTaskRunFactory.create()
assert_raises(Forbidden,
getattr(require, 'taskrun').update,
anonymous_taskrun)
def test_authenticated_user_delete_anonymous_taskrun(self):
"""Test authenticated users cannot delete an anonymously posted taskrun"""
anonymous_taskrun = AnonymousTaskRunFactory.create()
assert_raises(Forbidden,
getattr(require, 'taskrun').delete,
anonymous_taskrun)
def test_anonymous_user_delete_anonymous_taskrun(self):
"""Test anonymous users cannot delete an anonymously posted taskrun"""
anonymous_taskrun = AnonymousTaskRunFactory.create()
assert_raises(Unauthorized,
getattr(require, 'taskrun').delete,
anonymous_taskrun)
def test_admin_delete_anonymous_taskrun(self):
"""Test admins can delete anonymously posted taskruns"""
anonymous_taskrun = AnonymousTaskRunFactory.create()
assert_not_raises(Exception,
getattr(require, 'taskrun').delete,
anonymous_taskrun)
def test_stats_hours(self):
"""Test CACHE PROJECT STATS hours works."""
pr = ProjectFactory.create()
task = TaskFactory.create(n_answers=1)
today = datetime.now(pytz.utc)
TaskFactory.create()
TaskRunFactory.create(project=pr, task=task)
AnonymousTaskRunFactory.create(project=pr)
hours, hours_anon, hours_auth, max_hours, \
max_hours_anon, max_hours_auth = stats_hours(pr.id)
assert len(hours) == 24, len(hours)
assert hours[today.strftime('%H')] == 2, hours[today.strftime('%H')]
assert hours_anon[today.strftime('%H')] == 1, hours_anon[today.strftime('%H')]
assert hours_auth[today.strftime('%H')] == 1, hours_auth[today.strftime('%H')]
assert max_hours == 2
assert max_hours_anon == 1
assert max_hours_auth == 1
def test_authenticated_user_update_anonymous_taskrun(self):
"""Test authenticated users cannot update an anonymously posted taskrun"""
with self.flask_app.test_request_context('/'):
anonymous_taskrun = AnonymousTaskRunFactory.create()
assert_raises(Forbidden,
getattr(require, 'taskrun').update,
anonymous_taskrun)
def test_anonymous_user_create_repeated_taskrun(self):
"""Test anonymous user cannot create a taskrun for a task to which
he has previously posted a taskrun"""
with self.flask_app.test_request_context('/'):
task = TaskFactory.create()
taskrun1 = AnonymousTaskRunFactory.create(task=task)
taskrun2 = AnonymousTaskRunFactory.build(task=task)
assert_raises(Forbidden,
getattr(require, 'taskrun').create,
taskrun2)
# But the user can still create taskruns for different tasks
task2 = TaskFactory.create(app=task.app)
taskrun3 = AnonymousTaskRunFactory.build(task=task2)
assert_not_raises(Exception,
getattr(require, 'taskrun').create,
taskrun3)
def test_anonymous_user_create_taskrun_non_allow_anonymous_contrib(self):
"""Test anonymous user cannot create a taskrun for a project that does
not allow for anonymous contributors"""
project = AppFactory.create(allow_anonymous_contributors=False)
task = TaskFactory.create(app=project)
taskrun = AnonymousTaskRunFactory.build(task=task)
assert_raises(Unauthorized, getattr(require, 'taskrun').create, taskrun)
def test_taskrun_delete(self):
"""Test TaskRun API delete works"""
admin = UserFactory.create()
owner = UserFactory.create()
non_owner = UserFactory.create()
project = ProjectFactory.create(owner=owner)
task = TaskFactory.create(project=project)
anonymous_taskrun = AnonymousTaskRunFactory.create(task=task, info='my task result')
user_taskrun = TaskRunFactory.create(task=task, user=owner, info='my task result')
## anonymous
res = self.app.delete('/api/taskrun/%s' % user_taskrun.id)
error_msg = 'Anonymous should not be allowed to delete'
assert_equal(res.status, '401 UNAUTHORIZED', error_msg)
### real user but not allowed to delete anonymous TaskRuns
url = '/api/taskrun/%s?api_key=%s' % (anonymous_taskrun.id, owner.api_key)
res = self.app.delete(url)
error_msg = 'Authenticated user should not be allowed ' \
'to delete anonymous TaskRuns'
assert_equal(res.status, '403 FORBIDDEN', error_msg)
### real user but not allowed as not owner!
url = '/api/taskrun/%s?api_key=%s' % (user_taskrun.id, non_owner.api_key)
res = self.app.delete(url)
error_msg = 'Should not be able to delete TaskRuns of others'
assert_equal(res.status, '403 FORBIDDEN', error_msg)
#### real user
# DELETE with not allowed args
url = '/api/taskrun/%s?api_key=%s' % (user_taskrun.id, owner.api_key)
res = self.app.delete(url + "&foo=bar")
err = json.loads(res.data)
assert res.status_code == 415, err
assert err['status'] == 'failed', err
assert err['target'] == 'taskrun', err
assert err['action'] == 'DELETE', err
assert err['exception_cls'] == 'AttributeError', err
# Owner with valid args can delete
res = self.app.delete(url)
assert_equal(res.status, '204 NO CONTENT', res.data)
### root
url = '/api/taskrun/%s?api_key=%s' % (anonymous_taskrun.id, admin.api_key)
res = self.app.delete(url)
error_msg = 'Admin should be able to delete TaskRuns of others'
assert_equal(res.status, '204 NO CONTENT', error_msg)
def test_authenticated_user_read(self):
"""Test authenticated user can read any taskrun"""
own_taskrun = TaskRunFactory.create()
anonymous_taskrun = AnonymousTaskRunFactory.create()
other_users_taskrun = TaskRunFactory.create()
assert self.mock_authenticated.id == own_taskrun.user.id
assert self.mock_authenticated.id != other_users_taskrun.user.id
assert_not_raises(Exception,
getattr(require, 'taskrun').read, anonymous_taskrun)
assert_not_raises(Exception,
getattr(require, 'taskrun').read,
other_users_taskrun)
assert_not_raises(Exception,
getattr(require, 'taskrun').read, own_taskrun)
def test_get_locs_returns_list_of_locations_with_each_different_ip(self, geoip_mock, current_app):
current_app.config = {'GEO': True}
geoip_instance = Mock()
ip_addr = lambda ip: {"1.1.1.1": {'latitude': 1, 'longitude': 1}, "2.2.2.2": None}.get(ip)
geoip_instance.record_by_addr = ip_addr
geoip_mock.return_value = geoip_instance
AnonymousTaskRunFactory.create(user_ip="1.1.1.1")
AnonymousTaskRunFactory.create(user_ip="1.1.1.1")
AnonymousTaskRunFactory.create(user_ip="2.2.2.2")
locations = stats.get_locs()
assert len(locations) == 2, locations
assert locations[0]['loc'] == {'latitude': 1, 'longitude': 1}, locations[0]
assert locations[1]['loc'] == {'latitude': 0, 'longitude': 0}, locations[1]
def test_task_query_participated_user_ip(self):
"""Test API Task query with participated arg user_ip."""
admin, owner, user = UserFactory.create_batch(3)
project = ProjectFactory.create(owner=owner)
tasks1 = TaskFactory.create_batch(10,
project=project,
info=dict(foo='fox'))
tasks2 = TaskFactory.create_batch(10,
project=project,
info=dict(foo='dog'))
tasks = tasks1 + tasks2
AnonymousTaskRunFactory.create(task=tasks[0])
AnonymousTaskRunFactory.create(task=tasks[1])
AnonymousTaskRunFactory.create(task=tasks[2])
url = '/api/task?participated=1&all=1'
res = self.app.get(url)
data = json.loads(res.data)
assert len(data) == 17, len(data)
participated_tasks = [tasks[0].id, tasks[1].id, tasks[2].id]
for task in data:
assert task['id'] not in participated_tasks, task['id']
# limit & offset
url = '/api/task?participated=1&all=1&limit=10&offset=10'
res = self.app.get(url)
data = json.loads(res.data)
assert len(data) == 7, len(data)
participated_tasks = [tasks[0].id, tasks[1].id, tasks[2].id]
for task in data:
assert task['id'] not in participated_tasks, task['id']
# last_id
url = '/api/task?participated=1&all=1&last_id=%s' % (tasks[0].id)
res = self.app.get(url)
data = json.loads(res.data)
assert len(data) == 17, len(data)
participated_tasks = [tasks[0].id, tasks[1].id, tasks[2].id]
for task in data:
assert task['id'] not in participated_tasks, task['id']
# orderby & desc
url = '/api/task?participated=1&all=1&orderby=created&desc=1'
res = self.app.get(url)
data = json.loads(res.data)
assert len(data) == 17, len(data)
participated_tasks = [tasks[0].id, tasks[1].id, tasks[2].id]
assert data[0]['id'] == tasks[-1].id
for task in data:
assert task['id'] not in participated_tasks, task['id']
# info & fulltextsearch
url = '/api/task?participated=1&all=1&orderby=created&desc=1&info=foo::fox&fulltextsearch=1'
res = self.app.get(url)
data = json.loads(res.data)
assert len(data) == 7, len(data)
participated_tasks = [tasks[0].id, tasks[1].id, tasks[2].id]
assert data[0]['id'] == tasks1[-1].id
for task in data:
assert task['id'] not in participated_tasks, task['id']
def setUp(self):
super(TestStats, self).setUp()
self.project = AppFactory.create()
for task in TaskFactory.create_batch(4, app=self.project, n_answers=3):
TaskRunFactory.create(task=task)
AnonymousTaskRunFactory.create(task=task)
def test_taskrun_update_with_result(self):
"""Test TaskRun API update with result works"""
admin = UserFactory.create()
owner = UserFactory.create()
non_owner = UserFactory.create()
project = ProjectFactory.create(owner=owner)
task = TaskFactory.create(project=project, n_answers=2)
anonymous_taskrun = AnonymousTaskRunFactory.create(
task=task, info='my task result')
user_taskrun = TaskRunFactory.create(task=task,
user=owner,
info='my task result')
task_run = dict(project_id=project.id,
task_id=task.id,
info='another result')
datajson = json.dumps(task_run)
# anonymous user
# No one can update anonymous TaskRuns
url = '/api/taskrun/%s' % anonymous_taskrun.id
res = self.app.put(url, data=datajson)
assert anonymous_taskrun, anonymous_taskrun
assert_equal(anonymous_taskrun.user, None)
error_msg = 'Should not be allowed to update'
assert_equal(res.status, '401 UNAUTHORIZED', error_msg)
# real user but not allowed as not owner!
url = '/api/taskrun/%s?api_key=%s' % (user_taskrun.id,
non_owner.api_key)
res = self.app.put(url, data=datajson)
error_msg = 'Should not be able to update TaskRuns of others'
assert_equal(res.status, '403 FORBIDDEN', error_msg)
# real user
url = '/api/taskrun/%s?api_key=%s' % (user_taskrun.id, owner.api_key)
out = self.app.get(url, follow_redirects=True)
task = json.loads(out.data)
datajson = json.loads(datajson)
datajson['link'] = task['link']
datajson['links'] = task['links']
datajson = json.dumps(datajson)
url = '/api/taskrun/%s?api_key=%s' % (user_taskrun.id, owner.api_key)
res = self.app.put(url, data=datajson)
out = json.loads(res.data)
assert_equal(res.status, '403 FORBIDDEN', error_msg)
# PUT with not JSON data
res = self.app.put(url, data=task_run)
err = json.loads(res.data)
assert_equal(res.status, '403 FORBIDDEN', error_msg)
# PUT with not allowed args
res = self.app.put(url + "&foo=bar", data=json.dumps(task_run))
err = json.loads(res.data)
assert_equal(res.status, '415 UNSUPPORTED MEDIA TYPE', error_msg)
# PUT with fake data
task_run['wrongfield'] = 13
res = self.app.put(url, data=json.dumps(task_run))
err = json.loads(res.data)
assert_equal(res.status, '403 FORBIDDEN', error_msg)
# root user
url = '/api/taskrun/%s?api_key=%s' % (user_taskrun.id, admin.api_key)
res = self.app.put(url, data=datajson)
assert_equal(res.status, '403 FORBIDDEN', error_msg)
def test_anonymous_user_update_anoymous_taskrun(self):
"""Test anonymous users cannot update an anonymously posted taskrun"""
anonymous_taskrun = AnonymousTaskRunFactory.create()
assert_raises(Unauthorized, ensure_authorized_to, 'update',
anonymous_taskrun)
def _add_task_run(self, app, task, user=None):
tr = AnonymousTaskRunFactory.create(project=app, task=task)
def test_taskrun_update(self):
"""Test TaskRun API update works"""
admin = UserFactory.create()
owner = UserFactory.create()
non_owner = UserFactory.create()
project = ProjectFactory.create(owner=owner)
task = TaskFactory.create(project=project)
anonymous_taskrun = AnonymousTaskRunFactory.create(
task=task, info='my task result')
user_taskrun = TaskRunFactory.create(task=task,
user=owner,
info='my task result')
task_run = dict(project_id=project.id,
task_id=task.id,
info='another result')
datajson = json.dumps(task_run)
# anonymous user
# No one can update anonymous TaskRuns
url = '/api/taskrun/%s' % anonymous_taskrun.id
res = self.app.put(url, data=datajson)
assert anonymous_taskrun, anonymous_taskrun
assert_equal(anonymous_taskrun.user, None)
error_msg = 'Should not be allowed to update'
assert_equal(res.status, '401 UNAUTHORIZED', error_msg)
# real user but not allowed as not owner!
url = '/api/taskrun/%s?api_key=%s' % (user_taskrun.id,
non_owner.api_key)
res = self.app.put(url, data=datajson)
error_msg = 'Should not be able to update TaskRuns of others'
assert_equal(res.status, '403 FORBIDDEN', error_msg)
# real user
url = '/api/taskrun/%s?api_key=%s' % (user_taskrun.id, owner.api_key)
out = self.app.get(url, follow_redirects=True)
task = json.loads(out.data)
datajson = json.loads(datajson)
datajson['link'] = task['link']
datajson['links'] = task['links']
datajson = json.dumps(datajson)
url = '/api/taskrun/%s?api_key=%s' % (user_taskrun.id, owner.api_key)
res = self.app.put(url, data=datajson)
out = json.loads(res.data)
assert_equal(res.status, '403 FORBIDDEN', res.data)
# PUT with not JSON data
res = self.app.put(url, data=task_run)
err = json.loads(res.data)
assert res.status_code == 403, err
assert err['status'] == 'failed', err
assert err['target'] == 'taskrun', err
assert err['action'] == 'PUT', err
assert err['exception_cls'] == 'Forbidden', err
# PUT with not allowed args
res = self.app.put(url + "&foo=bar", data=json.dumps(task_run))
err = json.loads(res.data)
assert res.status_code == 415, err
assert err['status'] == 'failed', err
assert err['target'] == 'taskrun', err
assert err['action'] == 'PUT', err
assert err['exception_cls'] == 'AttributeError', err
# PUT with fake data
task_run['wrongfield'] = 13
res = self.app.put(url, data=json.dumps(task_run))
err = json.loads(res.data)
assert res.status_code == 403, err
assert err['status'] == 'failed', err
assert err['target'] == 'taskrun', err
assert err['action'] == 'PUT', err
assert err['exception_cls'] == 'Forbidden', err
task_run.pop('wrongfield')
# root user
url = '/api/taskrun/%s?api_key=%s' % (user_taskrun.id, admin.api_key)
res = self.app.put(url, data=datajson)
assert_equal(res.status, '403 FORBIDDEN', res.data)
def test_admin_update_anonymous_taskrun(self):
"""Test admins cannot update anonymously posted taskruns"""
anonymous_taskrun = AnonymousTaskRunFactory.create()
assert_raises(Forbidden, ensure_authorized_to, 'update',
anonymous_taskrun)
def test_authenticated_user_delete_anonymous_taskrun(self):
"""Test authenticated users cannot delete an anonymously posted taskrun"""
anonymous_taskrun = AnonymousTaskRunFactory.create()
assert_raises(Forbidden, ensure_authorized_to, 'delete',
anonymous_taskrun)
def prepare_data(self):
self.project = ProjectFactory.create()
for task in TaskFactory.create_batch(4, project=self.project, n_answers=3):
TaskRunFactory.create(task=task)
AnonymousTaskRunFactory.create(task=task)
def test_admin_delete_anonymous_taskrun(self):
"""Test admins can delete anonymously posted taskruns"""
anonymous_taskrun = AnonymousTaskRunFactory.create()
assert_not_raises(Exception, ensure_authorized_to, 'delete',
anonymous_taskrun)
