def setUp(self):
super(TestOSFGroupsFormView, self).setUp()
self.user = UserFactory()
self.group = OSFGroupFactory(name='Brian Dawkins', creator=self.user)
self.group2 = OSFGroupFactory(name='Brian Westbrook',
creator=self.user)
self.view = OSFGroupsFormView()
def test_more_than_one_projects_in_common(self, app, user_one, user_two):
group = OSFGroupFactory(creator=user_one)
group.make_member(user_two)
project1 = ProjectFactory(creator=user_one)
project1.add_contributor(contributor=user_two,
permissions=CREATOR_PERMISSIONS,
auth=Auth(user=user_one))
project1.save()
project2 = ProjectFactory(creator=user_one)
project2.add_contributor(contributor=user_two,
permissions=CREATOR_PERMISSIONS,
auth=Auth(user=user_one))
project2.save()
project3 = ProjectFactory()
project4 = ProjectFactory()
project3.add_osf_group(group)
project4.add_osf_group(group)
project4.is_deleted = True
project3.save()
project4.save()
RegistrationFactory(project=project1, creator=user_one, is_public=True)
url = '/{}users/?show_projects_in_common=true'.format(API_BASE)
res = app.get(url, auth=user_two.auth)
user_json = res.json['data']
for user in user_json:
if user['id'] == user_two._id:
meta = user['relationships']['nodes']['links']['related'][
'meta']
assert 'projects_in_common' in meta
assert meta['projects_in_common'] == 4
def setUp(self):
super(TestOSFGroupsListView, self).setUp()
self.user = UserFactory()
self.group = OSFGroupFactory(name='Brian Dawkins', creator=self.user)
self.group2 = OSFGroupFactory(name='Brian Westbrook', creator=self.user)
self.group3 = OSFGroupFactory(name='Darren Sproles', creator=self.user)
self.request = RequestFactory().post('/fake_path')
self.view = OSFGroupsListView()
def test_filter_groups(self, app, osf_group, private_project, manager,
private_url, make_group_id):
with override_flag(OSF_GROUPS, active=True):
read_group = OSFGroupFactory(creator=manager, name='house')
write_group = OSFGroupFactory(creator=manager, name='doghouse')
private_project.add_osf_group(read_group, permissions.READ)
private_project.add_osf_group(write_group, permissions.WRITE)
private_project.add_osf_group(osf_group, permissions.ADMIN)
# test filter on permission
url = private_url + '?filter[permission]=admin'
res = app.get(url, auth=private_project.creator.auth)
resp_json = res.json['data']
ids = [each['id'] for each in resp_json]
assert make_group_id(private_project, osf_group) in ids
assert make_group_id(private_project, write_group) not in ids
assert make_group_id(private_project, read_group) not in ids
url = private_url + '?filter[permission]=write'
res = app.get(url, auth=private_project.creator.auth)
resp_json = res.json['data']
ids = [each['id'] for each in resp_json]
assert make_group_id(private_project, osf_group) in ids
assert make_group_id(private_project, write_group) in ids
assert make_group_id(private_project, read_group) not in ids
url = private_url + '?filter[permission]=read'
res = app.get(url, auth=private_project.creator.auth)
resp_json = res.json['data']
ids = [each['id'] for each in resp_json]
assert make_group_id(private_project, osf_group) in ids
assert make_group_id(private_project, write_group) in ids
assert make_group_id(private_project, read_group) in ids
# test_filter_on_invalid_permission
url = private_url + '?filter[permission]=bad_perm'
res = app.get(url,
auth=private_project.creator.auth,
expect_errors=True)
assert res.status_code == 400
assert res.json['errors'][0][
'detail'] == 'bad_perm is not a filterable permission.'
url = private_url + '?filter[name]=Plat'
res = app.get(url, auth=private_project.creator.auth)
resp_json = res.json['data']
ids = [each['id'] for each in resp_json]
assert make_group_id(private_project, osf_group) in ids
assert make_group_id(private_project, write_group) not in ids
assert make_group_id(private_project, read_group) not in ids
url = private_url + '?filter[name]=house'
res = app.get(url, auth=private_project.creator.auth)
resp_json = res.json['data']
ids = [each['id'] for each in resp_json]
assert make_group_id(private_project, osf_group) not in ids
assert make_group_id(private_project, write_group) in ids
assert make_group_id(private_project, read_group) in ids
def setUp(self):
super(TestOSFGroupsView, self).setUp()
self.user = UserFactory()
self.user_two = UserFactory()
self.project = ProjectFactory()
self.group = OSFGroupFactory(name='test', creator=self.user)
self.group.make_member(self.user_two)
self.group.add_group_to_node(self.project)
self.group.save()
self.request = RequestFactory().post('/fake_path')
def test_admin_can_view_draft_list(self, app, user, draft_registration,
project_public, schema,
url_draft_registrations):
res = app.get(url_draft_registrations, auth=user.auth)
assert res.status_code == 200
data = res.json['data']
assert len(data) == 1
assert schema._id in data[0]['relationships']['registration_schema'][
'links']['related']['href']
assert data[0]['id'] == draft_registration._id
assert data[0]['attributes']['registration_metadata'] == {}
# test_osf_group_with_admin_permissions
group_mem = AuthUserFactory()
group = OSFGroupFactory(creator=group_mem)
project_public.add_osf_group(group, permissions.ADMIN)
res = app.get(url_draft_registrations,
auth=group_mem.auth,
expect_errors=True)
assert res.status_code == 200
data = res.json['data']
assert len(data) == 1
assert schema._id in data[0]['relationships']['registration_schema'][
'links']['related']['href']
def test_groups_filter(self, app, member, manager, user, osf_group, url):
with override_flag(OSF_GROUPS, active=True):
second_group = OSFGroupFactory(name='Apples', creator=manager)
res = app.get(url + '?filter[name]=Platform', auth=manager.auth)
assert res.status_code == 200
data = res.json['data']
assert len(data) == 1
assert data[0]['id'] == osf_group._id
res = app.get(url + '?filter[name]=Apple', auth=manager.auth)
assert res.status_code == 200
data = res.json['data']
assert len(data) == 1
assert data[0]['id'] == second_group._id
res = app.get(url + '?filter[bad_field]=Apple',
auth=manager.auth,
expect_errors=True)
assert res.status_code == 400
res = app.get(url + '?filter[name]=Platform')
assert res.status_code == 200
data = res.json['data']
assert len(data) == 0
res = app.get(url + '?filter[name]=Apple')
assert res.status_code == 200
data = res.json['data']
assert len(data) == 0
def test_return_private_node_children_list(self, app, user, component,
private_project,
private_project_url):
# test_return_private_node_children_list_logged_out
res = app.get(private_project_url, expect_errors=True)
assert res.status_code == 401
assert 'detail' in res.json['errors'][0]
# test_return_private_node_children_list_logged_in_non_contributor
non_contrib = AuthUserFactory()
res = app.get(private_project_url,
auth=non_contrib.auth,
expect_errors=True)
assert res.status_code == 403
assert 'detail' in res.json['errors'][0]
# test_return_private_node_children_list_logged_in_contributor
res = app.get(private_project_url, auth=user.auth)
assert res.status_code == 200
assert res.content_type == 'application/vnd.api+json'
assert len(res.json['data']) == 1
assert res.json['data'][0]['id'] == component._id
# test_return_private_node_children_osf_group_member_admin
group_mem = AuthUserFactory()
group = OSFGroupFactory(creator=group_mem)
private_project.add_osf_group(group, permissions.ADMIN)
res = app.get(private_project_url, auth=group_mem.auth)
assert res.status_code == 200
# Can view node children that you have implict admin permissions
assert len(res.json['data']) == 1
assert res.json['data'][0]['id'] == component._id
def test_change_contributor_non_admin_osf_group_member_auth(
self, app, user, contrib, project, url_contrib):
group_mem = AuthUserFactory()
group = OSFGroupFactory(creator=group_mem)
project.add_osf_group(group, permissions.WRITE)
data = {
'data': {
'id': contrib._id,
'type': 'contributors',
'attributes': {
'permission': permissions.READ,
'bibliographic': False
}
}
}
res = app.put_json_api(url_contrib,
data,
auth=group_mem.auth,
expect_errors=True)
assert res.status_code == 403
project.reload()
assert project.get_permissions(contrib) == [
permissions.READ, permissions.WRITE
]
assert project.get_visible(contrib)
def test_post_private_node(self, app, user, node_private, node_other,
node_linking_private, make_payload,
url_private):
res = app.post_json_api(url_private,
make_payload([node_other._id]),
auth=user.auth,
expect_errors=True)
assert res.status_code == 403
res = app.get(url_private, auth=user.auth)
ids = [data['id'] for data in res.json['data']]
assert node_other._id not in ids
assert node_private._id in ids
# test_group_member_can_post_with_write
group_mem = AuthUserFactory()
group = OSFGroupFactory(creator=group_mem)
node_linking_private.add_osf_group(group, READ)
res = app.post_json_api(url_private,
make_payload([node_other._id]),
auth=group_mem.auth,
expect_errors=True)
assert res.status_code == 403
node_linking_private.update_osf_group(group, WRITE)
node_other.add_osf_group(group, WRITE)
res = app.post_json_api(url_private,
make_payload([node_other._id]),
auth=group_mem.auth,
expect_errors=True)
assert res.status_code == 201
def test_get_contributor_detail_valid_response(self, app, user,
project_public,
project_private, url_public,
url_private):
# test_get_public_contributor_detail
res = app.get(url_public)
assert res.status_code == 200
assert res.json['data']['id'] == '{}-{}'.format(
project_public._id, user._id)
# regression test
# test_get_public_contributor_detail_is_viewable_through_browsable_api
res = app.get(url_public + '?format=api')
assert res.status_code == 200
# test_get_private_node_contributor_detail_contributor_auth
res = app.get(url_private, auth=user.auth)
assert res.status_code == 200
assert res.json['data']['id'] == '{}-{}'.format(
project_private._id, user._id)
# test_get_private_node_osf_group_member
group_mem = AuthUserFactory()
osf_group = OSFGroupFactory(creator=group_mem)
project_private.add_osf_group(osf_group, permissions.READ)
res = app.get(url_private, auth=group_mem.auth)
assert res.status_code == 200
assert res.json['data']['id'] == '{}-{}'.format(
project_private._id, user._id)
def test_creates_public_node_pointer_logged_in(
self, app, user, user_two, public_project,
public_pointer_project, public_url, make_payload):
public_payload = make_payload(id=public_pointer_project._id)
with assert_latest_log(NodeLog.POINTER_CREATED, public_project):
res = app.post_json_api(
public_url, public_payload,
auth=user_two.auth, expect_errors=True)
assert res.status_code == 403
assert 'detail' in res.json['errors'][0]
group_mem = AuthUserFactory()
group = OSFGroupFactory(creator=group_mem)
public_project.add_osf_group(group, READ)
res = app.post_json_api(
public_url, public_payload,
auth=group_mem.auth, expect_errors=True)
assert res.status_code == 403
res = app.post_json_api(public_url, public_payload, auth=user.auth)
assert res.status_code == 201
assert res.content_type == 'application/vnd.api+json'
res_json = res.json['data']
embedded = res_json['embeds']['target_node']['data']['id']
assert embedded == public_pointer_project._id
def test_can_fork_private_node_logged_in_contributor(
self, app, user, private_project, fork_data, private_project_url):
res = app.post_json_api(
private_project_url +
'?embed=children&embed=node_links&embed=logs&embed=contributors&embed=forked_from',
fork_data,
auth=user.auth)
assert res.status_code == 201
data = res.json['data']
assert data['attributes']['title'] == 'Fork of ' + \
private_project.title
fork_contributors = data['embeds']['contributors']['data'][0][
'embeds']['users']['data']
assert fork_contributors['attributes'][
'family_name'] == user.family_name
assert fork_contributors['id'] == user._id
forked_from = data['embeds']['forked_from']['data']
assert forked_from['id'] == private_project._id
# test_group_member_read_can_create_fork_of_private_node
group_mem = AuthUserFactory()
group = OSFGroupFactory(creator=group_mem)
private_project.add_osf_group(group, permissions.READ)
res = app.post_json_api(private_project_url, fork_data, auth=user.auth)
assert res.status_code == 201
def test_non_mutational_node_links_list_tests(
self, app, user, public_non_contrib, public_pointer_project, private_project,
private_pointer_project, public_url, private_url):
# test_return_embedded_public_node_pointers_logged_out
res = app.get(public_url)
res_json = res.json['data']
assert len(res_json) == 1
assert res.status_code == 200
assert res.content_type == 'application/vnd.api+json'
embedded = res_json[0]['embeds']['target_node']['data']['id']
assert embedded == public_pointer_project._id
# test_return_embedded_public_node_pointers_logged_in
res = app.get(public_url, auth=public_non_contrib.auth)
res_json = res.json['data']
assert len(res_json) == 1
assert res.status_code == 200
assert res.content_type == 'application/vnd.api+json'
embedded = res_json[0]['embeds']['target_node']['data']['id']
assert embedded == public_pointer_project._id
# test_return_private_node_pointers_logged_out
res = app.get(private_url, expect_errors=True)
assert res.status_code == 401
assert 'detail' in res.json['errors'][0]
# test_return_private_node_pointers_logged_in_contributor
res = app.get(private_url, auth=user.auth)
res_json = res.json['data']
assert res.status_code == 200
assert res.content_type == 'application/vnd.api+json'
assert len(res_json) == 1
embedded = res_json[0]['embeds']['target_node']['data']['id']
assert embedded == private_pointer_project._id
# test_return_private_node_pointers_logged_in_non_contributor
res = app.get(
private_url,
auth=public_non_contrib.auth,
expect_errors=True)
assert res.status_code == 403
assert 'detail' in res.json['errors'][0]
# test_osf_group_member_read_can_view
group_mem = AuthUserFactory()
group = OSFGroupFactory(creator=group_mem)
private_project.add_osf_group(group, READ)
res = app.get(
private_url,
auth=group_mem.auth,
expect_errors=True)
assert res.status_code == 200
# test_node_links_bad_version
url = '{}?version=2.1'.format(public_url)
res = app.get(url, auth=user.auth, expect_errors=True)
assert res.status_code == 404
assert res.json['errors'][0]['detail'] == 'This feature is deprecated as of version 2.1'
def test_returns_private_files_logged_in_osf_group_member(self):
group_mem = AuthUserFactory()
group = OSFGroupFactory(creator=group_mem)
self.project.add_osf_group(group, READ)
res = self.app.get(self.private_url,
auth=group_mem.auth,
expect_errors=True)
assert_equal(res.status_code, 200)
def test_can_vew_linked_registrations_relationship(
self, make_request, registration, user_admin_contrib,
user_write_contrib, user_read_contrib, user_non_contrib,
node_public, node_private):
# test_public_node_unauthenticated_user_can_view_linked_registrations_relationship
res = make_request(node_id=node_public._id)
assert res.status_code == 200
assert res.json['data'][0]['id'] == registration._id
assert res.json['data'][0]['type'] == 'linked_registrations'
# test_public_node_unauthenticated_user_can_view_linked_registrations_relationship_2_13
res = make_request(node_id=node_public._id, version='2.13')
assert res.status_code == 200
assert res.json['data'][0]['id'] == registration._id
assert res.json['data'][0]['type'] == 'registrations'
# test_private_node_admin_contributor_can_view_linked_registrations_relationship
res = make_request(node_id=node_private._id,
auth=user_admin_contrib.auth)
assert res.status_code == 200
assert res.json['data'][0]['id'] == registration._id
# test_private_node_rw_contributor_can_view_linked_registrations_relationship
res = make_request(node_id=node_private._id,
auth=user_write_contrib.auth)
assert res.status_code == 200
assert res.json['data'][0]['id'] == registration._id
# test_private_node_read_contributor_can_view_linked_registrations_relationship
res = make_request(node_id=node_private._id,
auth=user_read_contrib.auth)
assert res.status_code == 200
assert res.json['data'][0]['id'] == registration._id
# test_private_node_non_contributor_cannot_view_linked_registrations_relationship
res = make_request(node_id=node_private._id,
auth=user_non_contrib.auth,
expect_errors=True)
assert res.status_code == 403
assert res.json['errors'][0][
'detail'] == exceptions.PermissionDenied.default_detail
# test_private_node_unauthenticated_user_cannot_view_linked_registrations_relationship
res = make_request(node_id=node_private._id, expect_errors=True)
assert res.status_code == 401
assert res.json['errors'][0][
'detail'] == exceptions.NotAuthenticated.default_detail
# test_osf_group_member_can_view_linked_registration_relationship
group_mem = AuthUserFactory()
group = OSFGroupFactory(creator=group_mem)
node_private.add_osf_group(group, READ)
res = make_request(node_id=node_private._id,
auth=group_mem.auth,
expect_errors=True)
assert res.status_code == 200
def test_node_contributor_detail_serializes_contributor_perms(
self, app, user, make_resource_url, project_public):
user_two = AuthUserFactory()
project_public.add_contributor(user_two, permissions.WRITE)
project_public.save()
osf_group = OSFGroupFactory(creator=user)
osf_group.make_member(user_two)
project_public.add_osf_group(osf_group, permissions.ADMIN)
url = make_resource_url(project_public._id, user_two._id)
res = app.get(url, auth=user.auth)
# Even though user_two has admin perms through group membership,
# contributor endpoints return contributor permissions
assert res.json['data']['attributes'][
'permission'] == permissions.WRITE
assert project_public.has_permission(user_two,
permissions.ADMIN) is True
def test_creates_private_node_pointer_group_member(
self, app, private_project, private_pointer_project, private_url, make_payload):
group_mem = AuthUserFactory()
group = OSFGroupFactory(creator=group_mem)
private_project.add_osf_group(group, WRITE)
private_payload = make_payload(id=private_pointer_project._id)
res = app.post_json_api(
private_url, private_payload, auth=group_mem.auth)
assert res.status_code == 201
def test_authenticated_contributor_can_access_private_node_forks_list(
self, app, user, private_project, private_component, private_fork,
pointer, private_project_url):
res = app.get(
private_project_url +
'?embed=children&embed=node_links&embed=logs&embed=contributors&embed=forked_from',
auth=user.auth)
assert res.status_code == 200
assert len(res.json['data']) == 1
data = res.json['data'][0]
assert data['attributes']['title'] == 'Fork of ' + \
private_project.title
assert data['id'] == private_fork._id
fork_contributors = data['embeds']['contributors']['data'][0][
'embeds']['users']['data']
assert fork_contributors['attributes'][
'family_name'] == user.family_name
assert fork_contributors['id'] == user._id
forked_children = data['embeds']['children']['data'][0]
assert forked_children['id'] == private_component.forks.first()._id
assert forked_children['attributes'][
'title'] == private_component.title
forked_node_links = data['embeds']['node_links']['data'][0]['embeds'][
'target_node']['data']
assert forked_node_links['id'] == pointer._id
assert forked_node_links['attributes']['title'] == pointer.title
auth = Auth(user)
expected_logs = list(
private_project.get_logs_queryset(auth).values_list('action',
flat=True))
expected_logs.append('node_forked')
forked_logs = data['embeds']['logs']['data']
forked_log_actions = [
log['attributes']['action'] for log in forked_logs
]
assert set(expected_logs) == set(forked_log_actions)
assert len(set(forked_log_actions)) == len(set(expected_logs))
forked_from = data['embeds']['forked_from']['data']
assert forked_from['id'] == private_project._id
group_mem = AuthUserFactory()
group = OSFGroupFactory(creator=group_mem)
private_project.add_osf_group(group, permissions.READ)
private_fork.add_osf_group(group, permissions.READ)
res = app.get(private_project_url, auth=group_mem.auth)
assert res.status_code == 200
assert len(res.json['data']) == 1
data = res.json['data'][0]
assert data['attributes']['title'] == 'Fork of ' + \
private_project.title
assert data['id'] == private_fork._id
def test_deletes_private_node_pointer_logged_in_read_group_mem(
self, app, user_two, private_url, private_project):
group_mem = AuthUserFactory()
group = OSFGroupFactory(creator=group_mem)
private_project.add_osf_group(group, READ)
res = app.delete(private_url, auth=group_mem.auth, expect_errors=True)
assert res.status_code == 403
private_project.update_osf_group(group, WRITE)
res = app.delete(private_url, auth=group_mem.auth, expect_errors=True)
assert res.status_code == 204
def test_remove_contributor_osf_group_member_read(
self, app, user, user_write_contrib, user_non_contrib, project,
url_user, url_user_write_contrib, url_user_non_contrib):
group_mem = AuthUserFactory()
group = OSFGroupFactory(creator=group_mem)
project.add_osf_group(group, permissions.READ)
res = app.delete(url_user_write_contrib,
auth=group_mem.auth,
expect_errors=True)
assert res.status_code == 403
def test_node_contributor_detail_serializes_contributor_perms(
self, app, user):
project = ProjectFactory(creator=user, is_public=True)
user_two = AuthUserFactory()
project.add_contributor(user_two, permissions.WRITE)
project.save()
osf_group = OSFGroupFactory(creator=user)
osf_group.make_member(user_two)
project.add_osf_group(osf_group, permissions.ADMIN)
url = '/{}nodes/{}/contributors/{}/'.format(API_BASE, project._id,
user_two._id)
res = app.get(url, auth=user.auth)
# Even though user_two has admin perms through group membership,
# contributor endpoints return contributor permissions
assert res.json['data']['attributes'][
'permission'] == permissions.WRITE
assert project.has_permission(user_two, permissions.ADMIN) is True
def test_remove_errors(self, app, user, user_write_contrib,
user_non_contrib, project, url_user,
url_user_write_contrib, url_user_non_contrib):
# test_remove_contributor_non_contributor
res = app.delete(url_user_write_contrib,
auth=user_non_contrib.auth,
expect_errors=True)
assert res.status_code == 403
# test_remove_contributor_osf_group_member_read
group_mem = AuthUserFactory()
group = OSFGroupFactory(creator=group_mem)
project.add_osf_group(group, permissions.READ)
res = app.delete(url_user_write_contrib,
auth=group_mem.auth,
expect_errors=True)
assert res.status_code == 403
# test_remove_contributor_not_logged_in
res = app.delete(url_user_write_contrib, expect_errors=True)
assert res.status_code == 401
project.reload()
assert user_write_contrib in project.contributors
# test_remove_non_contributor_admin
assert user_non_contrib not in project.contributors
res = app.delete(url_user_non_contrib,
auth=user.auth,
expect_errors=True)
assert res.status_code == 404
project.reload()
assert user_non_contrib not in project.contributors
# test_remove_non_existing_user_admin
url_user_fake = '/{}nodes/{}/contributors/{}/'.format(
API_BASE, project._id, 'fake')
# Disconnect contributor_removed so that we don't check in files
# We can remove this when StoredFileNode is implemented in osf-models
with disconnected_from_listeners(contributor_removed):
res = app.delete(url_user_fake, auth=user.auth, expect_errors=True)
assert res.status_code == 404
# test_remove_self_contributor_unique_admin
# Disconnect contributor_removed so that we don't check in files
# We can remove this when StoredFileNode is implemented in osf-models
with disconnected_from_listeners(contributor_removed):
res = app.delete(url_user, auth=user.auth, expect_errors=True)
assert res.status_code == 400
project.reload()
assert user in project.contributors
def test_do_not_create_public_wiki_page(self, app, user_creator,
user_read_contributor,
user_non_contributor,
url_node_public, wiki_public,
project_public):
# test_do_not_create_home_wiki_page
res = app.post_json_api(url_node_public,
create_wiki_payload('home'),
auth=user_creator.auth,
expect_errors=True)
assert res.status_code == 409
assert res.json['errors'][0][
'detail'] == "A wiki page with the name 'home' already exists."
# test_do_not_create_wiki_page_name_exists
res = app.post_json_api(url_node_public,
create_wiki_payload(wiki_public.page_name),
auth=user_creator.auth,
expect_errors=True)
assert res.status_code == 409
assert res.json['errors'][0][
'detail'] == "A wiki page with the name '{}' already exists.".format(
wiki_public.page_name)
# test_do_not_create_public_wiki_page_as_read_contributor
res = app.post_json_api(url_node_public,
create_wiki_payload(fake.word()),
auth=user_read_contributor.auth,
expect_errors=True)
assert res.status_code == 403
# test_do_not_create_public_wiki_page_as_non_contributor
res = app.post_json_api(url_node_public,
create_wiki_payload(fake.word()),
auth=user_non_contributor.auth,
expect_errors=True)
assert res.status_code == 403
# test_do_not_create_public_wiki_page_as_read_osf_group_member
group_mem = AuthUserFactory()
group = OSFGroupFactory(creator=group_mem)
project_public.add_osf_group(group, READ)
res = app.post_json_api(url_node_public,
create_wiki_payload(fake.word()),
auth=group_mem.auth,
expect_errors=True)
assert res.status_code == 403
# test_do_not_create_public_wiki_page_as_unauthenticated
res = app.post_json_api(url_node_public,
create_wiki_payload(fake.word()),
expect_errors=True)
assert res.status_code == 401
class TestOSFGroupsView(AdminTestCase):
def setUp(self):
super(TestOSFGroupsView, self).setUp()
self.user = UserFactory()
self.user_two = UserFactory()
self.project = ProjectFactory()
self.group = OSFGroupFactory(name='test', creator=self.user)
self.group.make_member(self.user_two)
self.group.add_group_to_node(self.project)
self.group.save()
self.request = RequestFactory().post('/fake_path')
def test_get_object(self):
view = OSFGroupsView()
view = setup_log_view(view, self.request, id=self.group._id)
group = view.get_object()
nt.assert_equal(self.group.name, group['name'])
nt.assert_equal(self.user.fullname, group['creator']['name'])
nt.assert_equal(len(group['members']), 1)
nt.assert_equal(group['members'][0]['name'], self.user_two.fullname)
nt.assert_equal(group['members'][0]['id'], self.user_two._id)
nt.assert_equal(len(group['managers']), 1)
nt.assert_equal(group['managers'][0]['name'], self.user.fullname)
nt.assert_equal(group['managers'][0]['id'], self.user._id)
nt.assert_equal([serialize_node_for_groups(self.project, self.group)],
group['nodes'])
nt.assert_equal(group['nodes'][0]['title'], self.project.title)
nt.assert_equal(group['nodes'][0]['permission'], WRITE)
def test_node_citations(self, app, admin_contributor, private_project,
write_contrib, read_contrib, non_contrib,
private_url, public_url):
# test_admin_can_view_private_project_citations
res = app.get(private_url, auth=admin_contributor.auth)
assert res.status_code == 200
# test_write_contrib_can_view_private_project_citations
res = app.get(private_url, auth=write_contrib.auth)
assert res.status_code == 200
# test_read_contrib_can_view_private_project_citations
res = app.get(private_url, auth=read_contrib.auth)
assert res.status_code == 200
# test_non_contrib_cannot_view_private_project_citations
res = app.get(private_url, auth=non_contrib.auth, expect_errors=True)
assert res.status_code == 403
assert res.json['errors'][0][
'detail'] == exceptions.PermissionDenied.default_detail
# test_unauthenticated_cannot_view_private_project_citations
res = app.get(private_url, expect_errors=True)
assert res.status_code == 401
assert res.json['errors'][0][
'detail'] == exceptions.NotAuthenticated.default_detail
# test_read_group_mem_can_view_private_project_citations
group_mem = AuthUserFactory()
group = OSFGroupFactory(creator=group_mem)
private_project.add_osf_group(group, READ)
res = app.get(private_url, auth=group_mem.auth)
assert res.status_code == 200
# test_unauthenticated_can_view_public_project_citations
res = app.get(public_url)
assert res.status_code == 200
# test_citations_are_read_only
post_res = app.post_json_api(public_url, {},
auth=admin_contributor.auth,
expect_errors=True)
assert post_res.status_code == 405
put_res = app.put_json_api(public_url, {},
auth=admin_contributor.auth,
expect_errors=True)
assert put_res.status_code == 405
delete_res = app.delete_json_api(public_url,
auth=admin_contributor.auth,
expect_errors=True)
assert delete_res.status_code == 405
def test_osf_group_members_can_view_implicit_contributors(
self, app, component, admin_contributor, implicit_contributor):
group_mem = AuthUserFactory()
group = OSFGroupFactory(creator=group_mem)
component.add_osf_group(group, READ)
url = '/{}nodes/{}/implicit_contributors/'.format(
API_BASE, component._id)
res = app.get(url, auth=group_mem.auth)
assert res.status_code == 200
assert res.content_type == 'application/vnd.api+json'
assert len(res.json['data']) == 1
assert res.json['data'][0]['id'] == implicit_contributor._id
def setUp(self):
super(RegistrationRetractionViewsTestCase, self).setUp()
self.user = AuthUserFactory()
self.registered_from = ProjectFactory(creator=self.user, is_public=True)
self.registration = RegistrationFactory(project=self.registered_from, is_public=True)
self.retraction_post_url = self.registration.api_url_for('node_registration_retraction_post')
self.retraction_get_url = self.registration.web_url_for('node_registration_retraction_get')
self.justification = fake.sentence()
self.group_mem = AuthUserFactory()
self.group = OSFGroupFactory(creator=self.group_mem)
self.registration.registered_from.add_osf_group(self.group, permissions.ADMIN)
def test_node_registration_list(self, app, user, public_project,
private_project, public_registration,
private_registration, public_url,
private_url):
# test_return_public_registrations_logged_out
res = app.get(public_url)
assert res.status_code == 200
assert res.content_type == 'application/vnd.api+json'
assert res.json['data'][0]['attributes']['registration'] is True
url = res.json['data'][0]['relationships']['registered_from']['links'][
'related']['href']
assert urlparse(url).path == '/{}nodes/{}/'.format(
API_BASE, public_project._id)
assert res.json['data'][0]['type'] == 'registrations'
# test_return_public_registrations_logged_in
res = app.get(public_url, auth=user.auth)
assert res.status_code == 200
assert res.json['data'][0]['attributes']['registration'] is True
url = res.json['data'][0]['relationships']['registered_from']['links'][
'related']['href']
assert urlparse(url).path == '/{}nodes/{}/'.format(
API_BASE, public_project._id)
assert res.content_type == 'application/vnd.api+json'
assert res.json['data'][0]['type'] == 'registrations'
# test_return_private_registrations_logged_out
res = app.get(private_url, expect_errors=True)
assert res.status_code == 401
assert 'detail' in res.json['errors'][0]
# test_return_private_registration_group_mem_read
group_mem = AuthUserFactory()
group = OSFGroupFactory(creator=group_mem)
private_project.add_osf_group(group, READ)
res = app.get(private_url, expect_errors=True, auth=group_mem.auth)
assert res.status_code == 200
# test_return_private_registrations_logged_in_contributor
res = app.get(private_url, auth=user.auth)
assert res.status_code == 200
assert res.json['data'][0]['attributes']['registration'] is True
url = res.json['data'][0]['relationships']['registered_from']['links'][
'related']['href']
assert urlparse(url).path == '/{}nodes/{}/'.format(
API_BASE, private_project._id)
assert res.content_type == 'application/vnd.api+json'
assert res.json['data'][0]['type'] == 'registrations'
def test_current_user_permissions_filter(self, app, url, contrib,
no_perm_node, read_node,
write_node, admin_node):
# test filter read
res = app.get('{}read'.format(url), auth=contrib.auth)
assert len(res.json['data']) == 3
assert set([read_node._id, write_node._id, admin_node._id
]) == set([node['id'] for node in res.json['data']])
# test filter write
res = app.get('{}write'.format(url), auth=contrib.auth)
assert len(res.json['data']) == 2
assert set([admin_node._id, write_node._id
]) == set([node['id'] for node in res.json['data']])
# test filter admin
res = app.get('{}admin'.format(url), auth=contrib.auth)
assert len(res.json['data']) == 1
assert [admin_node._id] == [node['id'] for node in res.json['data']]
# test filter null
res = app.get('{}null'.format(url),
auth=contrib.auth,
expect_errors=True)
assert res.status_code == 400
user2 = AuthUserFactory()
osf_group = OSFGroupFactory(creator=user2)
read_node.add_osf_group(osf_group, permissions.READ)
write_node.add_osf_group(osf_group, permissions.WRITE)
admin_node.add_osf_group(osf_group, permissions.ADMIN)
# test filter group member read
res = app.get('{}read'.format(url), auth=user2.auth)
assert len(res.json['data']) == 3
assert set([read_node._id, write_node._id, admin_node._id
]) == set([node['id'] for node in res.json['data']])
# test filter group member write
res = app.get('{}write'.format(url), auth=user2.auth)
assert len(res.json['data']) == 2
assert set([admin_node._id, write_node._id
]) == set([node['id'] for node in res.json['data']])
# test filter group member admin
res = app.get('{}admin'.format(url), auth=user2.auth)
assert len(res.json['data']) == 1
assert [admin_node._id] == [node['id'] for node in res.json['data']]
