def create(request):
"""Create an annotation from the POST payload."""
json_payload = _json_payload(request)
# Validate the annotation for, and create the annotation in, PostgreSQL.
if request.feature('postgres'):
schema = schemas.CreateAnnotationSchema(request)
appstruct = schema.validate(copy.deepcopy(json_payload))
annotation = storage.create_annotation(request, appstruct)
# Validate the annotation for, and create the annotation in, Elasticsearch.
legacy_schema = schemas.LegacyCreateAnnotationSchema(request)
legacy_appstruct = legacy_schema.validate(copy.deepcopy(json_payload))
# When 'postgres' is on make sure that annotations in the legacy
# Elasticsearch database use the same IDs as the PostgreSQL ones.
if request.feature('postgres'):
assert annotation.id
legacy_appstruct['id'] = annotation.id
legacy_annotation = storage.legacy_create_annotation(
request, legacy_appstruct)
if request.feature('postgres'):
_publish_annotation_event(request, annotation, 'create')
return AnnotationJSONPresenter(request, annotation).asdict()
_publish_annotation_event(request, legacy_annotation, 'create')
return AnnotationJSONPresenter(request, legacy_annotation).asdict()
def test_it_permits_all_other_changes(self, data):
request = self.mock_request()
schema = schemas.LegacyCreateAnnotationSchema(request)
result = schema.validate(data)
for k in data:
assert result[k] == data[k]
def test_it_removes_protected_fields(self, field):
request = self.mock_request()
schema = schemas.LegacyCreateAnnotationSchema(request)
data = {}
data[field] = 'something forbidden'
result = schema.validate(data)
assert field not in result
def test_it_raises_if_structure_validator_raises(self):
request = self.mock_request()
schema = schemas.LegacyCreateAnnotationSchema(request)
schema.structure = mock.Mock()
schema.structure.validate.side_effect = (
schemas.ValidationError('asplode'))
with pytest.raises(schemas.ValidationError):
schema.validate({'foo': 'bar'})
def test_it_passes_input_to_structure_validator(self):
request = self.mock_request()
schema = schemas.LegacyCreateAnnotationSchema(request)
schema.structure = mock.Mock()
schema.structure.validate.return_value = {}
schema.validate({'foo': 'bar'})
schema.structure.validate.assert_called_once_with({'foo': 'bar'})
def test_it_ignores_input_user(self, data, authn_policy):
"""Any user field sent in the payload should be ignored."""
authn_policy.authenticated_userid.return_value = (
'acct:[email protected]')
request = self.mock_request()
schema = schemas.LegacyCreateAnnotationSchema(request)
result = schema.validate(data)
assert result['user'] == 'acct:[email protected]'
def test_it_rejects_annotations_to_other_groups(self, data,
effective_principals, ok,
authn_policy):
"""
A user cannot create an annotation in a group they're not a member of.
If a group is specified in the annotation, then reject the creation if
the relevant group principal is not present in the request's effective
principals.
"""
authn_policy.effective_principals.return_value = effective_principals
request = self.mock_request()
schema = schemas.LegacyCreateAnnotationSchema(request)
if ok:
result = schema.validate(data)
assert result.get('group') == data.get('group')
else:
with pytest.raises(schemas.ValidationError) as exc:
schema.validate(data)
assert exc.value.message.startswith('group:')