def test_reviewer_cannot_update_nested_value_fields_draft_registration(self, app, project_public, draft_registration_prereg):
user = AuthUserFactory()
user.add_system_tag(PREREG_ADMIN_TAG)
user.save()
payload = {
'data': {
'id': draft_registration_prereg._id,
'type': 'draft_registrations',
'attributes': {
'registration_metadata': {
'q7': {
'value': {
'question': {
'value': 'This is the answer'
}
}
}
}
}
}
}
url = '/{}nodes/{}/draft_registrations/{}/'.format(API_BASE, project_public._id, draft_registration_prereg._id)
res = app.put_json_api(url, payload, auth=user.auth, expect_errors=True)
assert res.status_code == 400
assert res.json['errors'][0]['detail'] == 'Additional properties are not allowed (u\'value\' was unexpected)'
def test_reviewer_cannot_update_nested_value_fields_draft_registration(self):
user = AuthUserFactory()
user.add_system_tag(PREREG_ADMIN_TAG)
user.save()
payload = {
"data": {
"id": self.prereg_draft_registration._id,
"type": "draft_registrations",
"attributes": {
"registration_metadata": {
'q7': {
'value': {
'question': {
'value': 'This is the answer'
}
}
}
}
}
}
}
url = '/{}nodes/{}/draft_registrations/{}/'.format(API_BASE, self.public_project._id, self.prereg_draft_registration._id)
res = self.app.put_json_api(url, payload, auth=user.auth, expect_errors=True)
assert_equal(res.status_code, 400)
assert_equal(res.json['errors'][0]['detail'], "Additional properties are not allowed (u'value' was unexpected)")
def test_reviewer_can_only_update_comment_fields_draft_registration(self):
user = AuthUserFactory()
user.add_system_tag(PREREG_ADMIN_TAG)
user.save()
payload = {
"data": {
"id": self.prereg_draft_registration._id,
"type": "draft_registrations",
"attributes": {
"registration_metadata": {
'q2': {
'value': 'Test response'
}
}
}
}
}
url = '/{}nodes/{}/draft_registrations/{}/'.format(
API_BASE, self.public_project._id,
self.prereg_draft_registration._id)
res = self.app.put_json_api(url,
payload,
auth=user.auth,
expect_errors=True)
assert_equal(res.status_code, 400)
assert_equal(
res.json['errors'][0]['detail'],
"Additional properties are not allowed (u'value' was unexpected)")
def test_reviewer_can_update_nested_comment_fields_draft_registration(self, app, project_public, draft_registration_prereg):
user = AuthUserFactory()
user.add_system_tag(PREREG_ADMIN_TAG)
user.save()
payload = {
'data': {
'id': draft_registration_prereg._id,
'type': 'draft_registrations',
'attributes': {
'registration_metadata': {
'q7': {
'value': {
'question': {
'comments': [{'value': 'Add some clarity here.'}]
}
}
}
}
}
}
}
url = '/{}nodes/{}/draft_registrations/{}/'.format(API_BASE, project_public._id, draft_registration_prereg._id)
res = app.put_json_api(url, payload, auth=user.auth, expect_errors=True)
assert res.status_code == 200
assert res.json['data']['attributes']['registration_metadata']['q7']['value']['question']['comments'][0]['value'] == 'Add some clarity here.'
def test_reviewer_can_update_nested_comment_fields_draft_registration(self):
user = AuthUserFactory()
user.add_system_tag(PREREG_ADMIN_TAG)
user.save()
payload = {
"data": {
"id": self.prereg_draft_registration._id,
"type": "draft_registrations",
"attributes": {
"registration_metadata": {
'q7': {
'value': {
'question': {
'comments': [{'value': 'Add some clarity here.'}]
}
}
}
}
}
}
}
url = '/{}nodes/{}/draft_registrations/{}/'.format(API_BASE, self.public_project._id, self.prereg_draft_registration._id)
res = self.app.put_json_api(url, payload, auth=user.auth, expect_errors=True)
assert_equal(res.status_code, 200)
assert_equal(res.json['data']['attributes']['registration_metadata']['q7']['value']['question']['comments'][0]['value'], 'Add some clarity here.')
def test_reviewer_can_update_draft_registration(self):
user = AuthUserFactory()
user.add_system_tag(PREREG_ADMIN_TAG)
user.save()
payload = {
"data": {
"id": self.prereg_draft_registration._id,
"type": "draft_registrations",
"attributes": {
"registration_metadata": {
'q2': {
'comments': [{
'value': 'This is incomplete.'
}]
}
}
}
}
}
url = '/{}nodes/{}/draft_registrations/{}/'.format(
API_BASE, self.public_project._id,
self.prereg_draft_registration._id)
res = self.app.put_json_api(url,
payload,
auth=user.auth,
expect_errors=True)
assert_equal(res.status_code, 200)
assert_equal(
res.json['data']['attributes']['registration_metadata']['q2']
['comments'][0]['value'], 'This is incomplete.')
assert_not_in('q1',
res.json['data']['attributes']['registration_metadata'])
def test_reviewer_cannot_delete_draft_registration(self):
user = AuthUserFactory()
user.add_system_tag(PREREG_ADMIN_TAG)
user.save()
res = self.app.delete_json_api(self.url, auth=user.auth, expect_errors=True)
assert_equal(res.status_code, 403)
assert_equal(res.json['errors'][0]['detail'], 'You do not have permission to perform this action.')
def test_reviewer_cannot_create_draft_registration(self):
user = AuthUserFactory()
user.add_system_tag(PREREG_ADMIN_TAG)
user.save()
assert_in(self.read_only_user, self.public_project.contributors.all())
res = self.app.post_json_api(self.url, self.payload, auth=user.auth, expect_errors=True)
assert_equal(res.status_code, 403)
def test_reviewer_cannot_delete_draft_registration(self, app, url_draft_registrations):
user = AuthUserFactory()
user.add_system_tag(PREREG_ADMIN_TAG)
user.save()
res = app.delete_json_api(url_draft_registrations, auth=user.auth, expect_errors=True)
assert res.status_code == 403
assert res.json['errors'][0]['detail'] == exceptions.PermissionDenied.default_detail
class TestCheckPreregAuth(OsfTestCase):
def setUp(self):
super(TestCheckPreregAuth, self).setUp()
ensure_schemas()
self.prereg_challenge_admin_user = AuthUserFactory()
self.prereg_challenge_admin_user.add_system_tag(
settings.PREREG_ADMIN_TAG)
self.prereg_challenge_admin_user.save()
prereg_schema = MetaSchema.find_one(
Q('name', 'eq', 'Prereg Challenge') & Q('schema_version', 'eq', 2))
self.user = AuthUserFactory()
self.node = factories.ProjectFactory(creator=self.user)
self.parent = factories.ProjectFactory()
self.child = factories.NodeFactory(parent=self.parent)
self.draft_registration = factories.DraftRegistrationFactory(
initiator=self.user,
registration_schema=prereg_schema,
branched_from=self.parent)
def test_has_permission_download_prereg_challenge_admin(self):
res = views.check_access(self.draft_registration.branched_from,
Auth(user=self.prereg_challenge_admin_user),
'download', None)
assert_true(res)
def test_has_permission_download_on_component_prereg_challenge_admin(self):
try:
res = views.check_access(
self.draft_registration.branched_from._nodes.first(),
Auth(user=self.prereg_challenge_admin_user), 'download', None)
except Exception:
self.fail()
assert_true(res)
def test_has_permission_download_not_prereg_challenge_admin(self):
new_user = AuthUserFactory()
with assert_raises(HTTPError) as exc_info:
views.check_access(self.draft_registration.branched_from,
Auth(user=new_user), 'download', None)
assert_equal(exc_info.exception.code, http.FORBIDDEN)
def test_has_permission_download_prereg_challenge_admin_not_draft(self):
with assert_raises(HTTPError) as exc_info:
views.check_access(self.node,
Auth(user=self.prereg_challenge_admin_user),
'download', None)
assert_equal(exc_info.exception.code, http.FORBIDDEN)
def test_has_permission_write_prereg_challenge_admin(self):
with assert_raises(HTTPError) as exc_info:
views.check_access(self.draft_registration.branched_from,
Auth(user=self.prereg_challenge_admin_user),
'write', None)
assert_equal(exc_info.exception.code, http.FORBIDDEN)
class TestCheckPreregAuth(OsfTestCase):
def setUp(self):
super(TestCheckPreregAuth, self).setUp()
self.prereg_challenge_admin_user = AuthUserFactory()
self.prereg_challenge_admin_user.add_system_tag(settings.PREREG_ADMIN_TAG)
self.prereg_challenge_admin_user.save()
prereg_schema = MetaSchema.find_one(
Q('name', 'eq', 'Prereg Challenge') &
Q('schema_version', 'eq', 2)
)
self.user = AuthUserFactory()
self.node = factories.ProjectFactory(creator=self.user)
self.parent = factories.ProjectFactory()
self.child = factories.NodeFactory(parent=self.parent)
self.draft_registration = factories.DraftRegistrationFactory(
initiator=self.user,
registration_schema=prereg_schema,
branched_from=self.parent
)
def test_has_permission_download_prereg_challenge_admin(self):
res = views.check_access(self.draft_registration.branched_from,
Auth(user=self.prereg_challenge_admin_user), 'download', None)
assert_true(res)
def test_has_permission_download_on_component_prereg_challenge_admin(self):
try:
res = views.check_access(self.draft_registration.branched_from._nodes.first(),
Auth(user=self.prereg_challenge_admin_user), 'download', None)
except Exception:
self.fail()
assert_true(res)
def test_has_permission_download_not_prereg_challenge_admin(self):
new_user = AuthUserFactory()
with assert_raises(HTTPError) as exc_info:
views.check_access(self.draft_registration.branched_from,
Auth(user=new_user), 'download', None)
assert_equal(exc_info.exception.code, http.FORBIDDEN)
def test_has_permission_download_prereg_challenge_admin_not_draft(self):
with assert_raises(HTTPError) as exc_info:
views.check_access(self.node,
Auth(user=self.prereg_challenge_admin_user), 'download', None)
assert_equal(exc_info.exception.code, http.FORBIDDEN)
def test_has_permission_write_prereg_challenge_admin(self):
with assert_raises(HTTPError) as exc_info:
views.check_access(self.draft_registration.branched_from,
Auth(user=self.prereg_challenge_admin_user), 'write', None)
assert_equal(exc_info.exception.code, http.FORBIDDEN)
def test_reviewer_can_see_draft_registration(self):
user = AuthUserFactory()
user.add_system_tag(PREREG_ADMIN_TAG)
user.save()
res = self.app.get(self.url, auth=user.auth)
assert_equal(res.status_code, 200)
data = res.json['data']
assert_equal(data['attributes']['registration_supplement'], self.schema._id)
assert_equal(data['id'], self.draft_registration._id)
assert_equal(data['attributes']['registration_metadata'], {})
def test_reviewer_can_see_draft_registration(self, app, schema, draft_registration, url_draft_registrations):
user = AuthUserFactory()
user.add_system_tag(PREREG_ADMIN_TAG)
user.save()
res = app.get(url_draft_registrations, auth=user.auth)
assert res.status_code == 200
data = res.json['data']
assert data['attributes']['registration_supplement'] == schema._id
assert data['id'] == draft_registration._id
assert data['attributes']['registration_metadata'] == {}
def test_reviewer_can_see_draft_registration(self):
user = AuthUserFactory()
user.add_system_tag(PREREG_ADMIN_TAG)
user.save()
res = self.app.get(self.url, auth=user.auth)
assert_equal(res.status_code, 200)
data = res.json['data']
assert_equal(data['attributes']['registration_supplement'],
self.schema._id)
assert_equal(data['id'], self.draft_registration._id)
assert_equal(data['attributes']['registration_metadata'], {})
def test_reviewer_cannot_create_draft_registration(self):
user = AuthUserFactory()
user.add_system_tag(PREREG_ADMIN_TAG)
user.save()
assert_in(self.read_only_user, self.public_project.contributors.all())
res = self.app.post_json_api(self.url,
self.payload,
auth=user.auth,
expect_errors=True)
assert_equal(res.status_code, 403)
def test_reviewer_cannot_delete_draft_registration(self):
user = AuthUserFactory()
user.add_system_tag(PREREG_ADMIN_TAG)
user.save()
res = self.app.delete_json_api(self.url,
auth=user.auth,
expect_errors=True)
assert_equal(res.status_code, 403)
assert_equal(res.json['errors'][0]['detail'],
'You do not have permission to perform this action.')
def test_reviewer_cannot_create_draft_registration(
self, app, user_read_contrib, project_public, payload,
url_draft_registrations):
user = AuthUserFactory()
user.add_system_tag(PREREG_ADMIN_TAG)
user.save()
assert user_read_contrib in project_public.contributors.all()
res = app.post_json_api(url_draft_registrations,
payload,
auth=user.auth,
expect_errors=True)
assert res.status_code == 403
def user(self):
user = AuthUserFactory()
user.add_system_tag('no_waffle:sloan|coi')
user.add_system_tag('no_waffle:sloan|data')
user.add_system_tag('no_waffle:sloan|prereg')
user.save()
return user
def user(self):
user = AuthUserFactory()
user.is_staff = True
user.add_system_tag('raw_es6')
user.save()
return user
def other_non_admin_user(self):
user = AuthUserFactory()
user.add_system_tag('preprint_metrics')
user.save()
return user
def user(self):
user = AuthUserFactory()
user.is_staff = True
user.add_system_tag('preprint_metrics')
user.save()
return user
def other_non_admin_user(self):
user = AuthUserFactory()
user.add_system_tag('preprint_metrics')
user.save()
return user
def admin(self):
user = AuthUserFactory()
user.is_staff = True
user.add_system_tag('preprint_metrics')
user.save()
return user
def user(self):
user = AuthUserFactory()
user.is_staff = True
user.add_system_tag('registries_moderation_metrics')
user.save()
return user
