def test_non_contributor_GET_disapproval_returns_HTTPError(self):
non_contributor = AuthUserFactory()
self.registration.embargo_registration(
self.user,
datetime.datetime.utcnow() + datetime.timedelta(days=10)
)
self.registration.save()
assert_true(self.registration.is_pending_embargo)
rejection_token = self.registration.embargo.approval_state[self.user._id]['rejection_token']
approval_url = self.registration.web_url_for('view_project', token=rejection_token)
res = self.app.get(approval_url, auth=non_contributor.auth, expect_errors=True)
assert_equal(http.FORBIDDEN, res.status_code)
assert_true(self.registration.is_pending_embargo)
assert_false(self.registration.embargo_end_date)
def test_import_auth_cant_write_node(self):
ea = self.ExternalAccountFactory()
user = AuthUserFactory()
user.add_addon(self.ADDON_SHORT_NAME, auth=Auth(user))
user.external_accounts.append(ea)
user.save()
node = ProjectFactory(creator=self.user)
node.add_contributor(user, permissions=[permissions.READ], auth=self.auth, save=True)
node.add_addon(self.ADDON_SHORT_NAME, auth=self.auth)
node.save()
url = node.api_url_for('{0}_import_auth'.format(self.ADDON_SHORT_NAME))
res = self.app.put_json(url, {
'external_account_id': ea._id
}, auth=user.auth, expect_errors=True)
assert_equal(res.status_code, http.FORBIDDEN)
def test_node_child_filtering(self):
user = AuthUserFactory()
project = ProjectFactory(creator=user)
title1, title2 = fake.bs(), fake.bs()
component = NodeFactory(title=title1, parent=project)
component2 = NodeFactory(title=title2, parent=project)
url = '/{}nodes/{}/children/?filter[title]={}'.format(
API_BASE, project._id, title1)
res = self.app.get(url, auth=user.auth)
ids = [node['id'] for node in res.json['data']]
assert_in(component._id, ids)
assert_not_in(component2._id, ids)
def setUp(self):
super(TestUserNodesPreprintsFiltering, self).setUp()
self.user = AuthUserFactory()
self.no_preprints_node = ProjectFactory(creator=self.user)
self.valid_preprint_node = ProjectFactory(creator=self.user)
self.orphaned_preprint_node = ProjectFactory(creator=self.user)
self.abandoned_preprint_node = ProjectFactory(creator=self.user)
self.valid_preprint = PreprintFactory(project=self.valid_preprint_node)
self.abandoned_preprint = PreprintFactory(project=self.abandoned_preprint_node, is_published=False)
self.orphaned_preprint = PreprintFactory(project=self.orphaned_preprint_node)
self.orphaned_preprint.node._is_preprint_orphan = True
self.orphaned_preprint.node.save()
self.url_base = '/{}users/me/nodes/?filter[preprint]='.format(API_BASE)
def test_delete_user_is_admin_but_not_affiliated_with_inst(self):
user = AuthUserFactory()
node = NodeFactory(creator=user)
node.affiliated_institutions.append(self.institution)
node.save()
assert_in(self.institution, node.affiliated_institutions)
res = self.app.delete_json_api(
self.institution_nodes_url,
self.create_payload(node._id),
auth=user.auth
)
assert_equal(res.status_code, 204)
node.reload()
assert_not_in(self.institution, node.affiliated_institutions)
def setUp(self):
super(TestPrivateLink, self).setUp()
self.flaskapp = Flask('testing_private_links')
@self.flaskapp.route('/project/<pid>/')
@must_be_contributor
def project_get(**kwargs):
return 'success', 200
self.app = TestApp(self.flaskapp)
self.user = AuthUserFactory()
self.project = ProjectFactory(is_public=False)
self.link = PrivateLinkFactory()
self.link.nodes.append(self.project)
self.link.save()
def test_update_preprint_permission_denied(self):
update_title_payload = build_preprint_update_payload(
self.preprint._id, attributes={'title': 'A new title'})
noncontrib = AuthUserFactory()
res = self.app.patch_json_api(self.url,
update_title_payload,
auth=noncontrib.auth,
expect_errors=True)
assert_equal(res.status_code, 403)
res = self.app.patch_json_api(self.url,
update_title_payload,
expect_errors=True)
assert_equal(res.status_code, 401)
def test_has_permission_private_irrelevant_scope_forbidden(self):
component_admin = AuthUserFactory()
component = ProjectFactory(creator=component_admin,
is_public=False,
parent=self.node)
cas_resp = cas.CasResponse(
authenticated=True,
status=None,
user=self.user._id,
attributes={'accessTokenScope': {'osf.users.all+read'}})
assert_false(component.has_permission(self.user, 'write'))
with assert_raises(HTTPError) as exc_info:
views.check_access(component, Auth(user=self.user), 'download',
cas_resp)
assert_equal(exc_info.exception.code, 403)
def test_cant_delete_project_if_not_admin(self):
non_admin = AuthUserFactory()
self.component.add_contributor(
non_admin,
permissions=['read', 'write'],
auth=self.consolidate_auth,
save=True,
)
res = self.app.get(
self.component.url + 'settings/',
auth=non_admin.auth
).maybe_follow()
assert_not_in(
'Delete {0}'.format(self.component.project_or_component),
res
)
def setUp(self):
super(TestInstitutionRelationshipNodes, self).setUp()
self.user = AuthUserFactory()
self.institution = InstitutionFactory()
self.user.affiliated_institutions.append(self.institution)
self.user.save()
self.node1 = NodeFactory(creator=self.user)
self.node2 = NodeFactory(is_public=True)
self.node3 = NodeFactory()
self.node1.affiliated_institutions.append(self.institution)
self.node2.affiliated_institutions.append(self.institution)
self.node3.affiliated_institutions.append(self.institution)
self.node1.save()
self.node2.save()
self.node3.save()
self.institution_nodes_url = '/{}institutions/{}/relationships/nodes/'.format(API_BASE, self.institution._id)
def setUp(self):
super(TestNodeLicenses, self).setUp()
self.user = AuthUserFactory()
self.node = ProjectFactory(creator=self.user)
ensure_licenses()
self.LICENSE_NAME = 'MIT License'
self.node_license = NodeLicense.find_one(
Q('name', 'eq', self.LICENSE_NAME))
self.YEAR = '2105'
self.COPYRIGHT_HOLDERS = ['Foo', 'Bar']
self.node.node_license = NodeLicenseRecordFactory(
node_license=self.node_license,
year=self.YEAR,
copyright_holders=self.COPYRIGHT_HOLDERS)
self.node.save()
def setUp(self):
super(TestInstitutionNodeList, self).setUp()
self.institution = InstitutionFactory()
self.node1 = ProjectFactory(is_public=True)
self.node1.affiliated_institutions.append(self.institution)
self.node1.save()
self.user1 = AuthUserFactory()
self.node2 = ProjectFactory(creator=self.user1, is_public=False)
self.node2.affiliated_institutions.append(self.institution)
self.node2.save()
self.node3 = ProjectFactory(is_public=False)
self.node3.affiliated_institutions.append(self.institution)
self.node3.save()
self.institution_node_url = '/{0}institutions/{1}/nodes/'.format(
API_BASE, self.institution._id)
def test_can_make_project_public_if_admin_contributor(self):
admin_user = AuthUserFactory()
self.private_project.add_contributor(
admin_user,
permissions=(permissions.READ, permissions.WRITE, permissions.ADMIN),
auth=Auth(self.private_project.creator)
)
self.private_project.save()
res = self.app.patch_json_api(
self.private_url,
make_node_payload(self.private_project, {'public': True}),
auth=admin_user.auth # self.user is creator/admin
)
assert_equal(res.status_code, 200)
self.private_project.reload()
assert_true(self.private_project.is_public)
def test_set_config_not_owner(self):
user = AuthUserFactory()
user.add_addon('mendeley')
self.project.add_contributor(user)
self.project.save()
res = self.app.put_json(
self.project.api_url_for('mendeley_set_config'),
{
'external_account_id': self.account._id,
'external_list_id': 'list',
},
auth=user.auth,
)
self.node_addon.reload()
assert_equal(self.user_addon, self.node_addon.user_settings)
assert_equal(res.json, {})
def setUp(self):
super(TestEmailFormView, self).setUp()
self.comment = CommentFactory()
self.comment.report_abuse(user=AuthUserFactory(), save=True,
category='spam')
self.request = RequestFactory().post('/fake_path')
self.request.user = UserFactory()
self.view = EmailFormView()
self.form = EmailForm(data={
'author': 'Nemo',
'message': 'A message for spammers.',
'subject': 'stop spamming',
'email': ('*****@*****.**', '*****@*****.**')
})
self.view = setup_form_view(self.view, self.request, self.form,
spam_id=self.comment._id)
def setUp(self):
super(TestGitHubFileView, self).setUp()
self.user = AuthUserFactory()
self.consolidated_auth = Auth(user=self.user)
self.project = ProjectFactory(creator=self.user)
self.project.add_addon('github', auth=self.consolidated_auth)
self.project.creator.add_addon('github')
self.github = create_mock_github(user='******', private=False)
self.node_settings = self.project.get_addon('github')
self.node_settings.user_settings = self.project.creator.get_addon('github')
# Set the node addon settings to correspond to the values of the mock repo
self.node_settings.user = self.github.repo.return_value.owner.login
self.node_settings.repo = self.github.repo.return_value.name
self.node_settings.save()
def test_cannot_make_project_public_if_non_admin_contributor(self):
non_admin = AuthUserFactory()
self.private_project.add_contributor(
non_admin,
permissions=(permissions.READ, permissions.WRITE),
auth=Auth(self.private_project.creator)
)
self.private_project.save()
res = self.app.patch_json(
self.private_url,
make_node_payload(self.private_project, {'public': True}),
auth=non_admin.auth, expect_errors=True
)
assert_equal(res.status_code, 403)
self.private_project.reload()
assert_false(self.private_project.is_public)
def test_settings_detail_noncontrib_public_can_view(self):
self.node.set_privacy('public', auth=self.auth)
noncontrib = AuthUserFactory()
wrong_type = self.should_expect_errors()
res = self.app.get(self.setting_detail_url,
auth=noncontrib.auth,
expect_errors=wrong_type)
if not wrong_type:
assert_equal(res.status_code, 200)
addon_data = res.json['data']['attributes']
assert_equal(self.account_id, addon_data['external_account_id'])
assert_equal(self.node_settings.has_auth,
addon_data['node_has_auth'])
assert_equal(self.node_settings.folder_id, addon_data['folder_id'])
if wrong_type:
assert_equal(res.status_code, 404)
def test_settings_detail_PATCH_readcontrib_raises_error(self):
read_user = AuthUserFactory()
self.node.add_contributor(read_user,
permissions=[READ],
auth=self.auth)
res = self.app.patch_json_api(self.setting_detail_url, {
'data': {
'id': self.short_name,
'type': 'node_addons',
'attributes': {
'external_account_id': None,
}
}
},
auth=read_user.auth,
expect_errors=True)
assert_equal(res.status_code, 403)
def setUp(self):
super(TestNodeSettings, self).setUp()
self.user = AuthUserFactory()
self.project = ProjectFactory(creator=self.user)
self.project.add_addon('figshare', auth=Auth(self.user))
self.project.creator.add_addon('figshare')
self.node_settings = self.project.get_addon('figshare')
self.user_settings = self.project.creator.get_addon('figshare')
self.user_settings.oauth_access_token = 'legittoken'
self.user_settings.oauth_access_token_secret = 'legittoken'
self.user_settings.save()
self.node_settings.user_settings = self.user_settings
self.node_settings.figshare_id = '123456'
self.node_settings.figshare_type = 'project'
self.node_settings.figshare_title = 'singlefile'
self.node_settings.save()
def setUp(self):
super(TestDraftListView, self).setUp()
self.user = AuthUserFactory()
schema = utils.draft_reg_util()
self.dr1 = DraftRegistrationFactory(
initiator=self.user,
registration_schema=schema,
registration_metadata=utils.SCHEMA_DATA)
self.dr1.submit_for_review(self.user, {}, save=True)
self.dr2 = DraftRegistrationFactory(
initiator=self.user,
registration_schema=schema,
registration_metadata=utils.SCHEMA_DATA)
self.dr2.submit_for_review(self.user, {}, save=True)
self.request = RequestFactory().get('/fake_path')
self.view = DraftListView()
self.view = setup_view(self.view, self.request)
def test_only_project_contrib_can_comment_on_closed_project(self):
self.node.comment_level = 'private'
self.node.is_public = True
self.node.save()
res = self.app.get(self.file_url, auth=self.user.auth)
can_comment = res.json['data']['attributes'][
'current_user_can_comment']
assert_equal(res.status_code, 200)
assert_equal(can_comment, True)
non_contributor = AuthUserFactory()
res = self.app.get(self.file_url, auth=non_contributor.auth)
can_comment = res.json['data']['attributes'][
'current_user_can_comment']
assert_equal(res.status_code, 200)
assert_equal(can_comment, False)
def setUp(self):
super(TestAddonCount, self).setUp()
self.user = AuthUserFactory()
self.node = ProjectFactory(creator=self.user)
self.user.add_addon('github')
self.user_addon = self.user.get_addon('github')
self.oauth_settings = GitHubAccountFactory(display_name='hmoco1')
self.oauth_settings.save()
self.user.external_accounts.append(self.oauth_settings)
self.user.save()
self.node.add_addon('github', Auth(self.user))
self.node_addon = self.node.get_addon('github')
self.node_addon.user = self.user.fullname
self.node_addon.repo = '29 #Strafford APTS'
self.node_addon.user_settings = self.user_addon
self.node_addon.external_account = self.oauth_settings
self.node_addon.save()
def setUp(self):
super(AddonSerializerTestSuiteMixin, self).setUp()
self.user = AuthUserFactory()
self.node = ProjectFactory(creator=self.user)
self.set_user_settings(self.user)
assert_is_not_none(
getattr(self, 'user_settings'),
"'set_user_settings' should set the 'user_settings' attribute of the instance to an instance of the appropriate user settings model."
)
self.set_node_settings(self.user_settings)
assert_is_not_none(
getattr(self, 'node_settings'),
"'set_node_settings' should set the 'user_settings' attribute of the instance to an instance of the appropriate node settings model."
)
self.ser = self.Serializer(user_settings=self.user_settings,
node_settings=self.node_settings)
def test_delete_user_is_admin_but_not_affiliated_with_inst(self):
user = AuthUserFactory()
node = NodeFactory(creator=user)
node.affiliated_institutions.append(self.institution1)
node.save()
assert_in(self.institution1, node.affiliated_institutions)
res = self.app.delete_json_api(
'/{0}nodes/{1}/relationships/institutions/'.format(
API_BASE, node._id),
self.create_payload(self.institution1._id),
auth=user.auth,
)
assert_equal(res.status_code, 204)
node.reload()
assert_not_in(self.institution1, node.affiliated_institutions)
def setUp(self):
super(TestFileTagging, self).setUp()
self.user = AuthUserFactory()
self.node = ProjectFactory(creator=self.user)
self.file1 = api_utils.create_test_file(
self.node, self.user, filename='file1')
self.payload = {
"data": {
"type": "files",
"id": self.file1._id,
"attributes": {
"checkout": None,
"tags": ["goofy"]
}
}
}
self.url = '/{}files/{}/'.format(API_BASE, self.file1._id)
def setUp(self):
super(TestMeetingFormView, self).setUp()
self.conf = ConferenceFactory()
self.user = AuthUserFactory()
self.request = RequestFactory().post('/fake_path')
self.view = MeetingFormView()
mod_data = dict(data)
mod_data.update({
'edit': 'True',
'endpoint': self.conf.endpoint,
'admins': self.user.emails[0],
'location': 'Timbuktu, Mali',
'start date': 'Dec 11 2014',
'end_date': 'Jan 12 2013'
})
self.form = MeetingForm(data=mod_data)
self.form.is_valid()
def setUp(self):
super(TestNodeLinkedNodes, self).setUp()
self.user = AuthUserFactory()
self.auth = Auth(self.user)
self.linking_node = NodeFactory(creator=self.user)
self.linked_node = NodeFactory(creator=self.user)
self.linked_node2 = NodeFactory(creator=self.user)
self.public_node = NodeFactory(is_public=True, creator=self.user)
self.linking_node.add_pointer(self.linked_node, auth=self.auth)
self.linking_node.add_pointer(self.linked_node2, auth=self.auth)
self.linking_node.add_pointer(self.public_node, auth=self.auth)
self.linking_node.save()
self.url = '/{}nodes/{}/linked_nodes/'.format(API_BASE,
self.linking_node._id)
self.node_ids = [
pointer.node._id for pointer in self.linking_node.nodes_pointer
]
def test_remove_institution_not_admin_but_affiliated(self):
node = NodeFactory(creator=self.user)
user = AuthUserFactory()
user.affiliated_institutions.append(self.institution)
user.save()
node.primary_institution = self.institution
node.add_contributor(user, auth=Auth(self.user))
node.save()
res = self.app.put_json_api(
'/{0}nodes/{1}/relationships/institution/'.format(
API_BASE, node._id), {'data': None},
auth=user.auth,
expect_errors=True)
assert_equal(res.status_code, 403)
assert_equal(node.primary_institution, self.institution)
def setUp(self):
super(TestComponents, self).setUp()
self.user = AuthUserFactory()
self.consolidate_auth = Auth(user=self.user)
self.project = ProjectFactory(creator=self.user)
self.project.add_contributor(contributor=self.user, auth=self.consolidate_auth)
# A non-project componenet
self.component = NodeFactory(
category='hypothesis',
creator=self.user,
parent=self.project,
)
self.component.save()
self.component.set_privacy('public', self.consolidate_auth)
self.component.set_privacy('private', self.consolidate_auth)
self.project.save()
self.project_url = self.project.web_url_for('view_project')
