def test_get_user_object_permissions_with_project(users,
independent_action_object):
user_id = users[0].id
object_id = independent_action_object.object_id
project_id = sampledb.logic.projects.create_project(
"Example Project", "", users[1].id).id
assert object_permissions.get_user_object_permissions(
user_id=user_id, object_id=object_id) == Permissions.NONE
object_permissions.set_project_object_permissions(
project_id=project_id,
object_id=object_id,
permissions=Permissions.GRANT)
assert object_permissions.get_user_object_permissions(
user_id=user_id, object_id=object_id) == Permissions.NONE
sampledb.logic.projects.add_user_to_project(project_id, user_id,
Permissions.READ)
assert object_permissions.get_user_object_permissions(
user_id=user_id, object_id=object_id) == Permissions.READ
sampledb.db.session.add(
UserObjectPermissions(user_id=user_id,
object_id=object_id,
permissions=Permissions.WRITE))
sampledb.db.session.commit()
assert object_permissions.get_user_object_permissions(
user_id=user_id, object_id=object_id) == Permissions.WRITE
sampledb.logic.projects.update_user_project_permissions(
project_id, user_id, Permissions.GRANT)
assert object_permissions.get_user_object_permissions(
user_id=user_id, object_id=object_id) == Permissions.GRANT
def test_update_object_permissions(users, independent_action_object):
user_id = users[0].id
object_id = independent_action_object.object_id
assert object_permissions.get_user_object_permissions(
user_id=user_id, object_id=object_id) == Permissions.NONE
object_permissions.set_user_object_permissions(
object_id=object_id, user_id=user_id, permissions=Permissions.WRITE)
assert object_permissions.get_user_object_permissions(
user_id=user_id, object_id=object_id) == Permissions.WRITE
object_permissions.set_user_object_permissions(
object_id=object_id, user_id=user_id, permissions=Permissions.READ)
assert object_permissions.get_user_object_permissions(
user_id=user_id, object_id=object_id) == Permissions.READ
object_permissions.set_user_object_permissions(
object_id=object_id, user_id=user_id, permissions=Permissions.NONE)
assert object_permissions.get_user_object_permissions(
user_id=user_id, object_id=object_id) == Permissions.NONE
assert object_permissions.get_object_permissions_for_users(
object_id=object_id) == {
users[1].id: Permissions.GRANT
}
assert not object_permissions.object_is_public(object_id)
def test_get_readonly_user_object_permissions(user, independent_action_object):
user_id = user.id
object_id = independent_action_object.object_id
sampledb.db.session.add(UserObjectPermissions(user_id=user_id, object_id=object_id, permissions=Permissions.WRITE))
sampledb.db.session.commit()
assert object_permissions.get_user_object_permissions(user_id=user_id, object_id=object_id) == Permissions.WRITE
sampledb.logic.users.set_user_readonly(user_id, readonly=True)
assert object_permissions.get_user_object_permissions(user_id=user_id, object_id=object_id) == Permissions.READ
sampledb.logic.users.set_user_readonly(user_id, readonly=False)
assert object_permissions.get_user_object_permissions(user_id=user_id, object_id=object_id) == Permissions.WRITE
def test_get_instrument_responsible_user_object_permissions(user, instrument, instrument_action_object):
user_id = user.id
object_id = instrument_action_object.object_id
instrument.responsible_users.append(user)
sampledb.db.session.add(instrument)
sampledb.db.session.add(UserObjectPermissions(user_id=user_id, object_id=object_id, permissions=Permissions.WRITE))
sampledb.db.session.commit()
assert object_permissions.get_user_object_permissions(user_id=user_id, object_id=object_id) == Permissions.GRANT
def test_get_user_object_permissions(user, independent_action_object):
user_id = user.id
object_id = independent_action_object.object_id
sampledb.db.session.add(
UserObjectPermissions(user_id=user_id,
object_id=object_id,
permissions=Permissions.WRITE))
sampledb.db.session.commit()
assert object_permissions.get_user_object_permissions(
user_id=user_id, object_id=object_id) == Permissions.WRITE
def test_group_permissions(users, independent_action_object):
user, creator = users
object_id = independent_action_object.object_id
group_id = groups.create_group("Example Group", "", creator.id).id
assert object_permissions.get_object_permissions_for_users(object_id=object_id) == {
creator.id: Permissions.GRANT
}
assert not object_permissions.object_is_public(object_id)
assert object_permissions.get_user_object_permissions(object_id=object_id, user_id=user.id) == Permissions.NONE
object_permissions.set_group_object_permissions(object_id=object_id, group_id=group_id, permissions=Permissions.WRITE)
assert object_permissions.get_object_permissions_for_users(object_id=object_id) == {
creator.id: Permissions.GRANT
}
assert not object_permissions.object_is_public(object_id)
assert object_permissions.get_user_object_permissions(object_id=object_id, user_id=user.id) == Permissions.NONE
groups.add_user_to_group(group_id=group_id, user_id=user.id)
assert object_permissions.get_object_permissions_for_users(object_id=object_id) == {
creator.id: Permissions.GRANT,
user.id: Permissions.WRITE
}
assert not object_permissions.object_is_public(object_id)
assert object_permissions.get_user_object_permissions(object_id=object_id, user_id=user.id) == Permissions.WRITE
object_permissions.set_user_object_permissions(object_id=object_id, user_id=user.id, permissions=Permissions.READ)
assert object_permissions.get_object_permissions_for_users(object_id=object_id) == {
creator.id: Permissions.GRANT,
user.id: Permissions.WRITE
}
assert not object_permissions.object_is_public(object_id)
assert object_permissions.get_user_object_permissions(object_id=object_id, user_id=user.id) == Permissions.WRITE
object_permissions.set_group_object_permissions(object_id=object_id, group_id=group_id, permissions=Permissions.READ)
object_permissions.set_user_object_permissions(object_id=object_id, user_id=user.id, permissions=Permissions.WRITE)
assert object_permissions.get_object_permissions_for_users(object_id=object_id) == {
creator.id: Permissions.GRANT,
user.id: Permissions.WRITE
}
assert not object_permissions.object_is_public(object_id)
assert object_permissions.get_user_object_permissions(object_id=object_id, user_id=user.id) == Permissions.WRITE
object_permissions.set_user_object_permissions(object_id=object_id, user_id=user.id, permissions=Permissions.READ)
object_permissions.set_group_object_permissions(object_id=object_id, group_id=group_id, permissions=Permissions.GRANT)
groups.remove_user_from_group(group_id=group_id, user_id=user.id)
assert object_permissions.get_object_permissions_for_users(object_id=object_id) == {
creator.id: Permissions.GRANT,
user.id: Permissions.READ
}
assert not object_permissions.object_is_public(object_id)
assert object_permissions.get_user_object_permissions(object_id=object_id, user_id=user.id) == Permissions.READ
def test_get_user_public_object_permissions(user, independent_action_object):
user_id = user.id
object_id = independent_action_object.object_id
object_permissions.set_object_public(object_id)
assert object_permissions.get_user_object_permissions(
user_id=user_id, object_id=object_id) == Permissions.READ
def test_default_user_object_permissions(user, independent_action_object):
user_id = user.id
object_id = independent_action_object.object_id
assert object_permissions.get_user_object_permissions(
user_id=user_id, object_id=object_id) == Permissions.NONE
def post(self, instrument_id: int):
try:
instrument = get_instrument(instrument_id=instrument_id)
except errors.InstrumentDoesNotExistError:
return {
"message": f"instrument {instrument_id} does not exist"
}, 404
if not instrument.users_can_create_log_entries and flask.g.user not in instrument.responsible_users:
return {
"message":
f"log entries for instrument {instrument_id} can only be created by instrument scientists"
}, 403
try:
data = json.loads(flask.request.data)
unexpected_keys = set(data.keys()) - {
'content', 'category_ids', 'file_attachments',
'object_attachments'
}
if unexpected_keys:
raise ValueError()
content = data['content']
category_ids = data.get('category_ids', [])
file_attachments = data.get('file_attachments', [])
object_attachments = data.get('object_attachments', [])
except Exception:
return {
"message":
"expected json object containing content, category_ids, file_attachments and object attachments"
}, 400
if content is None:
content = ''
if not isinstance(content, str):
return {"message": "expected string or null for content"}, 400
try:
if not isinstance(category_ids, list):
raise TypeError()
for category_id in category_ids:
if not isinstance(category_id, int):
raise TypeError()
except TypeError:
return {
"message":
"expected list containing integer numbers for category_ids"
}, 400
existing_category_ids = {
category.id
for category in get_instrument_log_categories(instrument_id)
}
unknown_category_ids = set(category_ids) - existing_category_ids
if unknown_category_ids:
return {
"message":
f"unknown category_ids: {', '.join(map(str, unknown_category_ids))}"
}, 400
try:
if not isinstance(file_attachments, list):
raise TypeError()
for file_attachment in file_attachments:
if not isinstance(file_attachment, dict):
raise TypeError()
if set(file_attachment.keys()) - {
'file_name', 'base64_content'
}:
raise ValueError()
if not isinstance(file_attachment['file_name'], str):
raise TypeError()
file_attachment['file_name'] = file_attachment[
'file_name'].strip()
if not isinstance(file_attachment['base64_content'], str):
raise TypeError()
file_attachment['content'] = base64.b64decode(
file_attachment['base64_content'].encode('ascii'))
except Exception:
return {
"message":
"expected list containing dicts containing file_name and base64_content for file_attachments"
}, 400
for file_attachment in file_attachments:
if not file_attachment['file_name'] or len(
file_attachment['file_name']) > MAX_FILE_NAME_LENGTH:
return {
"message":
f"file attachment names must not be empty and must contain at most {MAX_FILE_NAME_LENGTH} characters"
}, 400
try:
if not isinstance(object_attachments, list):
raise TypeError()
for object_attachment in object_attachments:
if not isinstance(object_attachment, dict):
raise TypeError()
if set(object_attachment.keys()) - {'object_id'}:
raise ValueError()
if not isinstance(object_attachment['object_id'], int):
raise TypeError()
if object_attachment['object_id'] < 0:
raise ValueError()
except Exception:
return {
"message":
"expected list containing dicts containing object_id for object_attachments"
}, 400
unknown_object_ids = set()
attached_object_ids = []
for object_attachment in object_attachments:
object_id = object_attachment['object_id']
try:
permissions = get_user_object_permissions(
object_id, flask.g.user.id)
if Permissions.READ not in permissions:
raise errors.ObjectDoesNotExistError()
except errors.ObjectDoesNotExistError:
unknown_object_ids.add(object_id)
else:
if object_id in attached_object_ids:
return {
"message":
f"duplicate object id in object_attachments: {object_id}"
}, 400
attached_object_ids.append(object_id)
if unknown_object_ids:
return {
"message":
f"unknown object ids in object_attachments: {', '.join(map(str, unknown_object_ids))}"
}, 400
if not (content or file_attachments or object_attachments):
return {
"message": "log entry must contain content or an attachment"
}, 400
log_entry = create_instrument_log_entry(instrument_id=instrument.id,
user_id=flask.g.user.id,
content=content,
category_ids=category_ids)
for file_attachment in file_attachments:
create_instrument_log_file_attachment(
instrument_log_entry_id=log_entry.id,
file_name=file_attachment['file_name'],
content=file_attachment['content'])
for object_id in attached_object_ids:
create_instrument_log_object_attachment(
instrument_log_entry_id=log_entry.id, object_id=object_id)
return None, 201, {
'Location':
flask.url_for('api.instrument_log_entry',
instrument_id=instrument_id,
log_entry_id=log_entry.id,
_external=True)
}
