Ejemplo n.º 1
0
class TestOsfStorageCheckout(StorageTestCase):

    def setUp(self):
        super(TestOsfStorageCheckout, self).setUp()
        self.user = factories.AuthUserFactory()
        self.node = ProjectFactory(creator=self.user)
        self.osfstorage = self.node.get_addon('osfstorage')
        self.root_node = self.osfstorage.get_root()
        self.file = self.root_node.append_file('3005')

    def test_delete_checked_out_file(self):
        self.file.checkout = self.user
        self.file.save()
        with assert_raises(FileNodeCheckedOutError):
            self.file.delete()

    def test_delete_folder_with_checked_out_file(self):

        folder = self.root_node.append_folder('folder')
        self.file.move_under(folder)
        self.file.checkout = self.user
        self.file.save()
        with assert_raises(FileNodeCheckedOutError):
            folder.delete()

    def test_move_checked_out_file(self):
        self.file.checkout = self.user
        self.file.save()
        folder = self.root_node.append_folder('folder')
        with assert_raises(FileNodeCheckedOutError):
            self.file.move_under(folder)

    def test_checked_out_merge(self):
        user = factories.AuthUserFactory()
        node = ProjectFactory(creator=user)
        osfstorage = node.get_addon('osfstorage')
        root_node = osfstorage.get_root()
        file = root_node.append_file('test_file')
        user_merge_target = factories.AuthUserFactory()
        file.checkout = user
        file.save()
        user_merge_target.merge_user(user)
        file.reload()
        assert_equal(user_merge_target, file.checkout)

    def test_remove_contributor_with_checked_file(self):
        user = factories.AuthUserFactory()
        self.node.contributors.append(user)
        self.node.add_permission(user, 'admin')
        self.node.visible_contributor_ids.append(user._id)
        self.node.save()
        self.file.checkout = self.user
        self.file.save()
        self.file.node.remove_contributors([self.user], save=True)
        self.file.reload()
        assert_equal(self.file.checkout, None)
Ejemplo n.º 2
0
class TestOsfStorageCheckout(StorageTestCase):
    def setUp(self):
        super(TestOsfStorageCheckout, self).setUp()
        self.user = factories.AuthUserFactory()
        self.node = ProjectFactory(creator=self.user)
        self.osfstorage = self.node.get_addon('osfstorage')
        self.root_node = self.osfstorage.get_root()
        self.file = self.root_node.append_file('3005')

    def test_delete_checked_out_file(self):
        self.file.checkout = self.user
        self.file.save()
        with assert_raises(FileNodeCheckedOutError):
            self.file.delete()

    def test_delete_folder_with_checked_out_file(self):

        folder = self.root_node.append_folder('folder')
        self.file.move_under(folder)
        self.file.checkout = self.user
        self.file.save()
        with assert_raises(FileNodeCheckedOutError):
            folder.delete()

    def test_move_checked_out_file(self):
        self.file.checkout = self.user
        self.file.save()
        folder = self.root_node.append_folder('folder')
        with assert_raises(FileNodeCheckedOutError):
            self.file.move_under(folder)

    def test_checked_out_merge(self):
        user = factories.AuthUserFactory()
        node = ProjectFactory(creator=user)
        osfstorage = node.get_addon('osfstorage')
        root_node = osfstorage.get_root()
        file = root_node.append_file('test_file')
        user_merge_target = factories.AuthUserFactory()
        file.checkout = user
        file.save()
        user_merge_target.merge_user(user)
        file.reload()
        assert_equal(user_merge_target, file.checkout)

    def test_remove_contributor_with_checked_file(self):
        user = factories.AuthUserFactory()
        self.node.contributors.append(user)
        self.node.add_permission(user, 'admin')
        self.node.visible_contributor_ids.append(user._id)
        self.node.save()
        self.file.checkout = self.user
        self.file.save()
        self.file.node.remove_contributors([self.user], save=True)
        self.file.reload()
        assert_equal(self.file.checkout, None)
Ejemplo n.º 3
0
 def test_must_have_permission_true(self, mock_from_kwargs, mock_to_nodes):
     project = ProjectFactory()
     project.add_permission(project.creator, 'dance')
     mock_from_kwargs.return_value = Auth(user=project.creator)
     mock_to_nodes.return_value = (None, project)
     thriller(node=project)
Ejemplo n.º 4
0
 def test_must_have_permission_true(self, mock_from_kwargs, mock_to_nodes):
     project = ProjectFactory()
     project.add_permission(project.creator, 'dance')
     mock_from_kwargs.return_value = Auth(user=project.creator)
     mock_to_nodes.return_value = (None, project)
     thriller(node=project)
class TestNodeContributorDelete(ApiTestCase):
    def setUp(self):
        super(TestNodeContributorDelete, self).setUp()
        self.user = AuthUserFactory()
        self.user_two = AuthUserFactory()
        self.user_three = AuthUserFactory()

        self.project = ProjectFactory(creator=self.user)
        self.project.add_contributor(self.user_two, permissions=[permissions.READ, permissions.WRITE], visible=True, save=True)

        self.url_user = '******'.format(API_BASE, self.project._id, self.user._id)
        self.url_user_two = '/{}nodes/{}/contributors/{}/'.format(API_BASE, self.project._id, self.user_two._id)
        self.url_user_three = '/{}nodes/{}/contributors/{}/'.format(API_BASE, self.project._id, self.user_three._id)

    @assert_logs(NodeLog.CONTRIB_REMOVED, 'project')
    def test_remove_contributor_admin(self):
        res = self.app.delete(self.url_user_two, auth=self.user.auth)
        assert_equal(res.status_code, 204)

        self.project.reload()
        assert_not_in(self.user_two, self.project.contributors)

    def test_remove_contributor_non_admin_is_forbidden(self):
        self.project.add_contributor(self.user_three, permissions=[permissions.READ, permissions.WRITE], visible=True, save=True)

        res = self.app.delete(self.url_user_three, auth=self.user_two.auth, expect_errors=True)
        assert_equal(res.status_code, 403)

        self.project.reload()
        assert_in(self.user_three, self.project.contributors)

    @assert_logs(NodeLog.CONTRIB_REMOVED, 'project')
    def test_remove_self_non_admin(self):
        self.project.add_contributor(self.user_three, permissions=[permissions.READ, permissions.WRITE], visible=True, save=True)

        res = self.app.delete(self.url_user_three, auth=self.user_three.auth)
        assert_equal(res.status_code, 204)

        self.project.reload()
        assert_not_in(self.user_three, self.project.contributors)

    def test_remove_contributor_non_contributor(self):
        res = self.app.delete(self.url_user_two, auth=self.user_three.auth, expect_errors=True)
        assert_equal(res.status_code, 403)

        self.project.reload()
        assert_in(self.user_two, self.project.contributors)

    def test_remove_contributor_not_logged_in(self):
        res = self.app.delete(self.url_user_two, expect_errors=True)
        assert_equal(res.status_code, 401)

        self.project.reload()
        assert_in(self.user_two, self.project.contributors)

    def test_remove_non_contributor_admin(self):
        assert_not_in(self.user_three, self.project.contributors)
        res = self.app.delete(self.url_user_three, auth=self.user.auth, expect_errors=True)
        assert_equal(res.status_code, 404)

        self.project.reload()
        assert_not_in(self.user_three, self.project.contributors)

    def test_remove_non_existing_user_admin(self):
        url_user_fake = '/{}nodes/{}/contributors/{}/'.format(API_BASE, self.project._id, 'fake')
        res = self.app.delete(url_user_fake, auth=self.user.auth, expect_errors=True)
        assert_equal(res.status_code, 404)

    @assert_logs(NodeLog.CONTRIB_REMOVED, 'project')
    def test_remove_self_contributor_not_unique_admin(self):
        self.project.add_permission(self.user_two, permissions.ADMIN, save=True)
        res = self.app.delete(self.url_user, auth=self.user.auth)
        assert_equal(res.status_code, 204)

        self.project.reload()
        assert_not_in(self.user, self.project.contributors)

    @assert_logs(NodeLog.CONTRIB_REMOVED, 'project')
    def test_can_remove_self_as_contributor_not_unique_admin(self):
        self.project.add_permission(self.user_two, permissions.ADMIN, save=True)
        res = self.app.delete(self.url_user_two, auth=self.user_two.auth)
        assert_equal(res.status_code, 204)

        self.project.reload()
        assert_not_in(self.user_two, self.project.contributors)

    def test_remove_self_contributor_unique_admin(self):
        res = self.app.delete(self.url_user, auth=self.user.auth, expect_errors=True)
        assert_equal(res.status_code, 400)

        self.project.reload()
        assert_in(self.user, self.project.contributors)

    def test_can_not_remove_only_bibliographic_contributor(self):
        self.project.add_permission(self.user_two, permissions.ADMIN, save=True)
        self.project.set_visible(self.user_two, False, save=True)
        res = self.app.delete(self.url_user, auth=self.user.auth, expect_errors=True)
        assert_equal(res.status_code, 400)

        self.project.reload()
        assert_in(self.user, self.project.contributors)
class TestNodeContributorUpdate(ApiTestCase):
    def setUp(self):
        super(TestNodeContributorUpdate, self).setUp()
        self.user = AuthUserFactory()
        self.user_two = AuthUserFactory()

        self.project = ProjectFactory(creator=self.user)
        self.project.add_contributor(self.user_two, permissions=[permissions.READ, permissions.WRITE], visible=True, save=True)

        self.url_creator = '/{}nodes/{}/contributors/{}/'.format(API_BASE, self.project._id, self.user._id)
        self.url_contributor = '/{}nodes/{}/contributors/{}/'.format(API_BASE, self.project._id, self.user_two._id)

    def test_node_update_invalid_data(self):
        res = self.app.put_json_api(self.url_creator, "Incorrect data", auth=self.user.auth, expect_errors=True)
        assert_equal(res.status_code, 400)
        assert_equal(res.json['errors'][0]['detail'], "Malformed request.")

        res = self.app.put_json_api(self.url_creator, ["Incorrect data"], auth=self.user.auth, expect_errors=True)
        assert_equal(res.status_code, 400)
        assert_equal(res.json['errors'][0]['detail'], "Malformed request.")

    def test_change_contributor_no_id(self):
        data = {
            'data': {
                'type': 'contributors',
                'attributes': {
                    'permission': permissions.ADMIN,
                    'bibliographic': True
                }
            }
        }
        res = self.app.put_json_api(self.url_contributor, data, auth=self.user.auth, expect_errors=True)
        assert_equal(res.status_code, 400)

    def test_change_contributor_incorrect_id(self):
        data = {
            'data': {
                'id': '12345',
                'type': 'contributors',
                'attributes': {
                    'permission': permissions.ADMIN,
                    'bibliographic': True
                }
            }
        }
        res = self.app.put_json_api(self.url_contributor, data, auth=self.user.auth, expect_errors=True)
        assert_equal(res.status_code, 409)

    def test_change_contributor_no_type(self):
        data = {
            'data': {
                'id': self.user_two._id,
                'attributes': {
                    'permission': permissions.ADMIN,
                    'bibliographic': True
                }
            }
        }
        res = self.app.put_json_api(self.url_contributor, data, auth=self.user.auth, expect_errors=True)
        assert_equal(res.status_code, 400)

    def test_change_contributor_incorrect_type(self):
        data = {
            'data': {
                'id': self.user_two._id,
                'type': 'Wrong type.',
                'attributes': {
                    'permission': permissions.ADMIN,
                    'bibliographic': True
                }
            }
        }
        res = self.app.put_json_api(self.url_contributor, data, auth=self.user.auth, expect_errors=True)
        assert_equal(res.status_code, 409)


    @assert_logs(NodeLog.PERMISSIONS_UPDATED, 'project', -3)
    @assert_logs(NodeLog.PERMISSIONS_UPDATED, 'project', -2)
    @assert_logs(NodeLog.PERMISSIONS_UPDATED, 'project')
    def test_change_contributor_permissions(self):
        data = {
            'data': {
                'id': self.user_two._id,
                'type': 'contributors',
                'attributes': {
                    'permission': permissions.ADMIN,
                    'bibliographic': True
                }
            }
        }
        res = self.app.put_json_api(self.url_contributor, data, auth=self.user.auth)
        assert_equal(res.status_code, 200)
        attributes = res.json['data']['attributes']
        assert_equal(attributes['permission'], permissions.ADMIN)

        self.project.reload()
        assert_equal(self.project.get_permissions(self.user_two), [permissions.READ, permissions.WRITE, permissions.ADMIN])

        data = {
            'data': {
                'id': self.user_two._id,
                'type': 'contributors',
                'attributes': {
                    'permission': permissions.WRITE,
                    'bibliographic': True
                }
            }
        }
        res = self.app.put_json_api(self.url_contributor, data, auth=self.user.auth)
        assert_equal(res.status_code, 200)
        attributes = res.json['data']['attributes']
        assert_equal(attributes['permission'], permissions.WRITE)

        self.project.reload()
        assert_equal(self.project.get_permissions(self.user_two), [permissions.READ, permissions.WRITE])

        data = {
            'data': {
                'id': self.user_two._id,
                'type': 'contributors',
                'attributes': {
                    'permission': permissions.READ,
                    'bibliographic': True
                }
            }
        }
        res = self.app.put_json_api(self.url_contributor, data, auth=self.user.auth)
        assert_equal(res.status_code, 200)
        attributes = res.json['data']['attributes']
        assert_equal(attributes['permission'], permissions.READ)

        self.project.reload()
        assert_equal(self.project.get_permissions(self.user_two), [permissions.READ])

    @assert_logs(NodeLog.MADE_CONTRIBUTOR_INVISIBLE, 'project', -2)
    @assert_logs(NodeLog.MADE_CONTRIBUTOR_VISIBLE, 'project')
    def test_change_contributor_bibliographic(self):
        data = {
            'data': {
                'id': self.user_two._id,
                'type': 'contributors',
                'attributes': {
                    'bibliographic': False
                }
            }
        }
        res = self.app.put_json_api(self.url_contributor, data, auth=self.user.auth)
        assert_equal(res.status_code, 200)
        attributes = res.json['data']['attributes']
        assert_equal(attributes['bibliographic'], False)

        self.project.reload()
        assert_false(self.project.get_visible(self.user_two))

        data = {
            'data': {
                'id': self.user_two._id,
                'type': 'contributors',
                'attributes': {
                    'bibliographic': True
                }
            }
        }
        res = self.app.put_json_api(self.url_contributor, data, auth=self.user.auth)
        assert_equal(res.status_code, 200)
        attributes = res.json['data']['attributes']
        assert_equal(attributes['bibliographic'], True)

        self.project.reload()
        assert_true(self.project.get_visible(self.user_two))

    @assert_logs(NodeLog.PERMISSIONS_UPDATED, 'project', -2)
    @assert_logs(NodeLog.MADE_CONTRIBUTOR_INVISIBLE, 'project')
    def test_change_contributor_permission_and_bibliographic(self):
        data = {
            'data': {
                'id': self.user_two._id,
                'type': 'contributors',
                'attributes': {
                    'permission': permissions.READ,
                    'bibliographic': False
                }
            }
        }
        res = self.app.put_json_api(self.url_contributor, data, auth=self.user.auth)
        assert_equal(res.status_code, 200)
        attributes = res.json['data']['attributes']
        assert_equal(attributes['permission'], permissions.READ)
        assert_equal(attributes['bibliographic'], False)

        self.project.reload()
        assert_equal(self.project.get_permissions(self.user_two), [permissions.READ])
        assert_false(self.project.get_visible(self.user_two))

    @assert_not_logs(NodeLog.PERMISSIONS_UPDATED, 'project')
    def test_not_change_contributor(self):
        data = {
            'data': {
                'id': self.user_two._id,
                'type': 'contributors',
                'attributes': {
                    'permission': None,
                    'bibliographic': True
                }
            }
        }
        res = self.app.put_json_api(self.url_contributor, data, auth=self.user.auth)
        assert_equal(res.status_code, 200)
        attributes = res.json['data']['attributes']
        assert_equal(attributes['permission'], permissions.WRITE)
        assert_equal(attributes['bibliographic'], True)

        self.project.reload()
        assert_equal(self.project.get_permissions(self.user_two), [permissions.READ, permissions.WRITE])
        assert_true(self.project.get_visible(self.user_two))

    def test_invalid_change_inputs_contributor(self):
        data = {
            'data': {
                'id': self.user_two._id,
                'type': 'contributors',
                'attributes': {
                    'permission': 'invalid',
                    'bibliographic': 'invalid'
                }
            }
        }
        res = self.app.put_json_api(self.url_contributor, data, auth=self.user.auth, expect_errors=True)
        assert_equal(res.status_code, 400)
        assert_equal(self.project.get_permissions(self.user_two), [permissions.READ, permissions.WRITE])
        assert_true(self.project.get_visible(self.user_two))

    @assert_logs(NodeLog.PERMISSIONS_UPDATED, 'project')
    def test_change_admin_self_with_other_admin(self):
        self.project.add_permission(self.user_two, permissions.ADMIN, save=True)
        data = {
            'data': {
                'id': self.user._id,
                'type': 'contributors',
                'attributes': {
                    'permission': permissions.WRITE,
                    'bibliographic': True
                }
            }
        }
        res = self.app.put_json_api(self.url_creator, data, auth=self.user.auth)
        assert_equal(res.status_code, 200)
        attributes = res.json['data']['attributes']
        assert_equal(attributes['permission'], permissions.WRITE)

        self.project.reload()
        assert_equal(self.project.get_permissions(self.user), [permissions.READ, permissions.WRITE])

    def test_change_admin_self_without_other_admin(self):
        data = {
            'data': {
                'id': self.user._id,
                'type': 'contributors',
                'attributes': {
                    'permission': permissions.WRITE,
                    'bibliographic': True
                }
            }
        }
        res = self.app.put_json_api(self.url_creator, data, auth=self.user.auth, expect_errors=True)
        assert_equal(res.status_code, 400)

        self.project.reload()
        assert_equal(self.project.get_permissions(self.user), [permissions.READ, permissions.WRITE, permissions.ADMIN])

    def test_remove_all_bibliographic_statuses_contributors(self):
        self.project.set_visible(self.user_two, False, save=True)
        data = {
            'data': {
                'id': self.user._id,
                'type': 'contributors',
                'attributes': {
                    'bibliographic': False
                }
            }
        }
        res = self.app.put_json_api(self.url_creator, data, auth=self.user.auth, expect_errors=True)
        assert_equal(res.status_code, 400)

        self.project.reload()
        assert_true(self.project.get_visible(self.user))

    def test_change_contributor_non_admin_auth(self):
        data = {
            'data': {
                'id': self.user_two._id,
                'type': 'contributors',
                'attributes': {
                    'permission': permissions.READ,
                    'bibliographic': False
                }
            }
        }
        res = self.app.put_json_api(self.url_contributor, data, auth=self.user_two.auth, expect_errors=True)
        assert_equal(res.status_code, 403)

        self.project.reload()
        assert_equal(self.project.get_permissions(self.user_two), [permissions.READ, permissions.WRITE])
        assert_true(self.project.get_visible(self.user_two))

    def test_change_contributor_not_logged_in(self):
        data = {
            'data': {
                'id': self.user_two._id,
                'type': 'contributors',
                'attributes': {
                    'permission': permissions.READ,
                    'bibliographic': False
                }
            }
        }
        res = self.app.put_json_api(self.url_contributor, data, expect_errors=True)
        assert_equal(res.status_code, 401)

        self.project.reload()
        assert_equal(self.project.get_permissions(self.user_two), [permissions.READ, permissions.WRITE])
        assert_true(self.project.get_visible(self.user_two))
class TestNodeContributorDelete(ApiTestCase):
    def setUp(self):
        super(TestNodeContributorDelete, self).setUp()
        self.user = AuthUserFactory()
        self.user_two = AuthUserFactory()
        self.user_three = AuthUserFactory()

        self.project = ProjectFactory(creator=self.user)
        self.project.add_contributor(self.user_two, permissions=[permissions.READ, permissions.WRITE], visible=True, save=True)

        self.url_user = '******'.format(API_BASE, self.project._id, self.user._id)
        self.url_user_two = '/{}nodes/{}/contributors/{}/'.format(API_BASE, self.project._id, self.user_two._id)
        self.url_user_three = '/{}nodes/{}/contributors/{}/'.format(API_BASE, self.project._id, self.user_three._id)

    @assert_logs(NodeLog.CONTRIB_REMOVED, 'project')
    def test_remove_contributor_admin(self):
        res = self.app.delete(self.url_user_two, auth=self.user.auth)
        assert_equal(res.status_code, 204)

        self.project.reload()
        assert_not_in(self.user_two, self.project.contributors)

    def test_remove_contributor_non_admin_is_forbidden(self):
        self.project.add_contributor(self.user_three, permissions=[permissions.READ, permissions.WRITE], visible=True, save=True)

        res = self.app.delete(self.url_user_three, auth=self.user_two.auth, expect_errors=True)
        assert_equal(res.status_code, 403)

        self.project.reload()
        assert_in(self.user_three, self.project.contributors)

    @assert_logs(NodeLog.CONTRIB_REMOVED, 'project')
    def test_remove_self_non_admin(self):
        self.project.add_contributor(self.user_three, permissions=[permissions.READ, permissions.WRITE], visible=True, save=True)

        res = self.app.delete(self.url_user_three, auth=self.user_three.auth)
        assert_equal(res.status_code, 204)

        self.project.reload()
        assert_not_in(self.user_three, self.project.contributors)

    def test_remove_contributor_non_contributor(self):
        res = self.app.delete(self.url_user_two, auth=self.user_three.auth, expect_errors=True)
        assert_equal(res.status_code, 403)

        self.project.reload()
        assert_in(self.user_two, self.project.contributors)

    def test_remove_contributor_not_logged_in(self):
        res = self.app.delete(self.url_user_two, expect_errors=True)
        assert_equal(res.status_code, 401)

        self.project.reload()
        assert_in(self.user_two, self.project.contributors)

    def test_remove_non_contributor_admin(self):
        assert_not_in(self.user_three, self.project.contributors)
        res = self.app.delete(self.url_user_three, auth=self.user.auth, expect_errors=True)
        assert_equal(res.status_code, 404)

        self.project.reload()
        assert_not_in(self.user_three, self.project.contributors)

    def test_remove_non_existing_user_admin(self):
        url_user_fake = '/{}nodes/{}/contributors/{}/'.format(API_BASE, self.project._id, 'fake')
        res = self.app.delete(url_user_fake, auth=self.user.auth, expect_errors=True)
        assert_equal(res.status_code, 404)

    @assert_logs(NodeLog.CONTRIB_REMOVED, 'project')
    def test_remove_self_contributor_not_unique_admin(self):
        self.project.add_permission(self.user_two, permissions.ADMIN, save=True)
        res = self.app.delete(self.url_user, auth=self.user.auth)
        assert_equal(res.status_code, 204)

        self.project.reload()
        assert_not_in(self.user, self.project.contributors)

    @assert_logs(NodeLog.CONTRIB_REMOVED, 'project')
    def test_can_remove_self_as_contributor_not_unique_admin(self):
        self.project.add_permission(self.user_two, permissions.ADMIN, save=True)
        res = self.app.delete(self.url_user_two, auth=self.user_two.auth)
        assert_equal(res.status_code, 204)

        self.project.reload()
        assert_not_in(self.user_two, self.project.contributors)

    def test_remove_self_contributor_unique_admin(self):
        res = self.app.delete(self.url_user, auth=self.user.auth, expect_errors=True)
        assert_equal(res.status_code, 400)

        self.project.reload()
        assert_in(self.user, self.project.contributors)

    def test_can_not_remove_only_bibliographic_contributor(self):
        self.project.add_permission(self.user_two, permissions.ADMIN, save=True)
        self.project.set_visible(self.user_two, False, save=True)
        res = self.app.delete(self.url_user, auth=self.user.auth, expect_errors=True)
        assert_equal(res.status_code, 400)

        self.project.reload()
        assert_in(self.user, self.project.contributors)
class TestNodeContributorUpdate(ApiTestCase):
    def setUp(self):
        super(TestNodeContributorUpdate, self).setUp()
        self.user = AuthUserFactory()
        self.user_two = AuthUserFactory()

        self.project = ProjectFactory(creator=self.user)
        self.project.add_contributor(self.user_two, permissions=[permissions.READ, permissions.WRITE], visible=True, save=True)

        self.url_creator = '/{}nodes/{}/contributors/{}/'.format(API_BASE, self.project._id, self.user._id)
        self.url_contributor = '/{}nodes/{}/contributors/{}/'.format(API_BASE, self.project._id, self.user_two._id)

    def test_node_update_invalid_data(self):
        res = self.app.put_json_api(self.url_creator, "Incorrect data", auth=self.user.auth, expect_errors=True)
        assert_equal(res.status_code, 400)
        assert_equal(res.json['errors'][0]['detail'], "Malformed request.")

        res = self.app.put_json_api(self.url_creator, ["Incorrect data"], auth=self.user.auth, expect_errors=True)
        assert_equal(res.status_code, 400)
        assert_equal(res.json['errors'][0]['detail'], "Malformed request.")

    def test_change_contributor_no_id(self):
        data = {
            'data': {
                'type': 'contributors',
                'attributes': {
                    'permission': permissions.ADMIN,
                    'bibliographic': True
                }
            }
        }
        res = self.app.put_json_api(self.url_contributor, data, auth=self.user.auth, expect_errors=True)
        assert_equal(res.status_code, 400)

    def test_change_contributor_incorrect_id(self):
        data = {
            'data': {
                'id': '12345',
                'type': 'contributors',
                'attributes': {
                    'permission': permissions.ADMIN,
                    'bibliographic': True
                }
            }
        }
        res = self.app.put_json_api(self.url_contributor, data, auth=self.user.auth, expect_errors=True)
        assert_equal(res.status_code, 409)

    def test_change_contributor_no_type(self):
        data = {
            'data': {
                'id': self.user_two._id,
                'attributes': {
                    'permission': permissions.ADMIN,
                    'bibliographic': True
                }
            }
        }
        res = self.app.put_json_api(self.url_contributor, data, auth=self.user.auth, expect_errors=True)
        assert_equal(res.status_code, 400)

    def test_change_contributor_incorrect_type(self):
        data = {
            'data': {
                'id': self.user_two._id,
                'type': 'Wrong type.',
                'attributes': {
                    'permission': permissions.ADMIN,
                    'bibliographic': True
                }
            }
        }
        res = self.app.put_json_api(self.url_contributor, data, auth=self.user.auth, expect_errors=True)
        assert_equal(res.status_code, 409)


    @assert_logs(NodeLog.PERMISSIONS_UPDATED, 'project', -3)
    @assert_logs(NodeLog.PERMISSIONS_UPDATED, 'project', -2)
    @assert_logs(NodeLog.PERMISSIONS_UPDATED, 'project')
    def test_change_contributor_permissions(self):
        data = {
            'data': {
                'id': self.user_two._id,
                'type': 'contributors',
                'attributes': {
                    'permission': permissions.ADMIN,
                    'bibliographic': True
                }
            }
        }
        res = self.app.put_json_api(self.url_contributor, data, auth=self.user.auth)
        assert_equal(res.status_code, 200)
        attributes = res.json['data']['attributes']
        assert_equal(attributes['permission'], permissions.ADMIN)

        self.project.reload()
        assert_equal(self.project.get_permissions(self.user_two), [permissions.READ, permissions.WRITE, permissions.ADMIN])

        data = {
            'data': {
                'id': self.user_two._id,
                'type': 'contributors',
                'attributes': {
                    'permission': permissions.WRITE,
                    'bibliographic': True
                }
            }
        }
        res = self.app.put_json_api(self.url_contributor, data, auth=self.user.auth)
        assert_equal(res.status_code, 200)
        attributes = res.json['data']['attributes']
        assert_equal(attributes['permission'], permissions.WRITE)

        self.project.reload()
        assert_equal(self.project.get_permissions(self.user_two), [permissions.READ, permissions.WRITE])

        data = {
            'data': {
                'id': self.user_two._id,
                'type': 'contributors',
                'attributes': {
                    'permission': permissions.READ,
                    'bibliographic': True
                }
            }
        }
        res = self.app.put_json_api(self.url_contributor, data, auth=self.user.auth)
        assert_equal(res.status_code, 200)
        attributes = res.json['data']['attributes']
        assert_equal(attributes['permission'], permissions.READ)

        self.project.reload()
        assert_equal(self.project.get_permissions(self.user_two), [permissions.READ])

    @assert_logs(NodeLog.MADE_CONTRIBUTOR_INVISIBLE, 'project', -2)
    @assert_logs(NodeLog.MADE_CONTRIBUTOR_VISIBLE, 'project')
    def test_change_contributor_bibliographic(self):
        data = {
            'data': {
                'id': self.user_two._id,
                'type': 'contributors',
                'attributes': {
                    'bibliographic': False
                }
            }
        }
        res = self.app.put_json_api(self.url_contributor, data, auth=self.user.auth)
        assert_equal(res.status_code, 200)
        attributes = res.json['data']['attributes']
        assert_equal(attributes['bibliographic'], False)

        self.project.reload()
        assert_false(self.project.get_visible(self.user_two))

        data = {
            'data': {
                'id': self.user_two._id,
                'type': 'contributors',
                'attributes': {
                    'bibliographic': True
                }
            }
        }
        res = self.app.put_json_api(self.url_contributor, data, auth=self.user.auth)
        assert_equal(res.status_code, 200)
        attributes = res.json['data']['attributes']
        assert_equal(attributes['bibliographic'], True)

        self.project.reload()
        assert_true(self.project.get_visible(self.user_two))

    @assert_logs(NodeLog.PERMISSIONS_UPDATED, 'project', -2)
    @assert_logs(NodeLog.MADE_CONTRIBUTOR_INVISIBLE, 'project')
    def test_change_contributor_permission_and_bibliographic(self):
        data = {
            'data': {
                'id': self.user_two._id,
                'type': 'contributors',
                'attributes': {
                    'permission': permissions.READ,
                    'bibliographic': False
                }
            }
        }
        res = self.app.put_json_api(self.url_contributor, data, auth=self.user.auth)
        assert_equal(res.status_code, 200)
        attributes = res.json['data']['attributes']
        assert_equal(attributes['permission'], permissions.READ)
        assert_equal(attributes['bibliographic'], False)

        self.project.reload()
        assert_equal(self.project.get_permissions(self.user_two), [permissions.READ])
        assert_false(self.project.get_visible(self.user_two))

    @assert_not_logs(NodeLog.PERMISSIONS_UPDATED, 'project')
    def test_not_change_contributor(self):
        data = {
            'data': {
                'id': self.user_two._id,
                'type': 'contributors',
                'attributes': {
                    'permission': None,
                    'bibliographic': True
                }
            }
        }
        res = self.app.put_json_api(self.url_contributor, data, auth=self.user.auth)
        assert_equal(res.status_code, 200)
        attributes = res.json['data']['attributes']
        assert_equal(attributes['permission'], permissions.WRITE)
        assert_equal(attributes['bibliographic'], True)

        self.project.reload()
        assert_equal(self.project.get_permissions(self.user_two), [permissions.READ, permissions.WRITE])
        assert_true(self.project.get_visible(self.user_two))

    def test_invalid_change_inputs_contributor(self):
        data = {
            'data': {
                'id': self.user_two._id,
                'type': 'contributors',
                'attributes': {
                    'permission': 'invalid',
                    'bibliographic': 'invalid'
                }
            }
        }
        res = self.app.put_json_api(self.url_contributor, data, auth=self.user.auth, expect_errors=True)
        assert_equal(res.status_code, 400)
        assert_equal(self.project.get_permissions(self.user_two), [permissions.READ, permissions.WRITE])
        assert_true(self.project.get_visible(self.user_two))

    @assert_logs(NodeLog.PERMISSIONS_UPDATED, 'project')
    def test_change_admin_self_with_other_admin(self):
        self.project.add_permission(self.user_two, permissions.ADMIN, save=True)
        data = {
            'data': {
                'id': self.user._id,
                'type': 'contributors',
                'attributes': {
                    'permission': permissions.WRITE,
                    'bibliographic': True
                }
            }
        }
        res = self.app.put_json_api(self.url_creator, data, auth=self.user.auth)
        assert_equal(res.status_code, 200)
        attributes = res.json['data']['attributes']
        assert_equal(attributes['permission'], permissions.WRITE)

        self.project.reload()
        assert_equal(self.project.get_permissions(self.user), [permissions.READ, permissions.WRITE])

    def test_change_admin_self_without_other_admin(self):
        data = {
            'data': {
                'id': self.user._id,
                'type': 'contributors',
                'attributes': {
                    'permission': permissions.WRITE,
                    'bibliographic': True
                }
            }
        }
        res = self.app.put_json_api(self.url_creator, data, auth=self.user.auth, expect_errors=True)
        assert_equal(res.status_code, 400)

        self.project.reload()
        assert_equal(self.project.get_permissions(self.user), [permissions.READ, permissions.WRITE, permissions.ADMIN])

    def test_remove_all_bibliographic_statuses_contributors(self):
        self.project.set_visible(self.user_two, False, save=True)
        data = {
            'data': {
                'id': self.user._id,
                'type': 'contributors',
                'attributes': {
                    'bibliographic': False
                }
            }
        }
        res = self.app.put_json_api(self.url_creator, data, auth=self.user.auth, expect_errors=True)
        assert_equal(res.status_code, 400)

        self.project.reload()
        assert_true(self.project.get_visible(self.user))

    def test_change_contributor_non_admin_auth(self):
        data = {
            'data': {
                'id': self.user_two._id,
                'type': 'contributors',
                'attributes': {
                    'permission': permissions.READ,
                    'bibliographic': False
                }
            }
        }
        res = self.app.put_json_api(self.url_contributor, data, auth=self.user_two.auth, expect_errors=True)
        assert_equal(res.status_code, 403)

        self.project.reload()
        assert_equal(self.project.get_permissions(self.user_two), [permissions.READ, permissions.WRITE])
        assert_true(self.project.get_visible(self.user_two))

    def test_change_contributor_not_logged_in(self):
        data = {
            'data': {
                'id': self.user_two._id,
                'type': 'contributors',
                'attributes': {
                    'permission': permissions.READ,
                    'bibliographic': False
                }
            }
        }
        res = self.app.put_json_api(self.url_contributor, data, expect_errors=True)
        assert_equal(res.status_code, 401)

        self.project.reload()
        assert_equal(self.project.get_permissions(self.user_two), [permissions.READ, permissions.WRITE])
        assert_true(self.project.get_visible(self.user_two))
Ejemplo n.º 9
0
class TestOsfStorageCheckout(StorageTestCase):
    def setUp(self):
        super(TestOsfStorageCheckout, self).setUp()
        self.user = factories.AuthUserFactory()
        self.node = ProjectFactory(creator=self.user)
        self.osfstorage = self.node.get_addon("osfstorage")
        self.root_node = self.osfstorage.get_root()
        self.file = self.root_node.append_file("3005")

    def test_checkout_logs(self):
        non_admin = factories.AuthUserFactory()
        self.node.add_contributor(non_admin, permissions=["read", "write"])
        self.node.save()
        self.file.check_in_or_out(non_admin, non_admin, save=True)
        self.file.reload()
        self.node.reload()
        assert_equal(self.file.checkout, non_admin)
        assert_equal(self.node.logs[-1].action, "checked_out")
        assert_equal(self.node.logs[-1].user, non_admin)

        self.file.check_in_or_out(self.user, None, save=True)
        self.file.reload()
        self.node.reload()
        assert_equal(self.file.checkout, None)
        assert_equal(self.node.logs[-1].action, "checked_in")
        assert_equal(self.node.logs[-1].user, self.user)

        self.file.check_in_or_out(self.user, self.user, save=True)
        self.file.reload()
        self.node.reload()
        assert_equal(self.file.checkout, self.user)
        assert_equal(self.node.logs[-1].action, "checked_out")
        assert_equal(self.node.logs[-1].user, self.user)

        with assert_raises(FileNodeCheckedOutError):
            self.file.check_in_or_out(non_admin, None, save=True)

        with assert_raises(FileNodeCheckedOutError):
            self.file.check_in_or_out(non_admin, non_admin, save=True)

    def test_delete_checked_out_file(self):
        self.file.check_in_or_out(self.user, self.user, save=True)
        self.file.reload()
        assert_equal(self.file.checkout, self.user)
        with assert_raises(FileNodeCheckedOutError):
            self.file.delete()

    def test_delete_folder_with_checked_out_file(self):
        folder = self.root_node.append_folder("folder")
        self.file.move_under(folder)
        self.file.check_in_or_out(self.user, self.user, save=True)
        self.file.reload()
        assert_equal(self.file.checkout, self.user)
        with assert_raises(FileNodeCheckedOutError):
            folder.delete()

    def test_move_checked_out_file(self):
        self.file.check_in_or_out(self.user, self.user, save=True)
        self.file.reload()
        assert_equal(self.file.checkout, self.user)
        folder = self.root_node.append_folder("folder")
        with assert_raises(FileNodeCheckedOutError):
            self.file.move_under(folder)

    def test_checked_out_merge(self):
        user = factories.AuthUserFactory()
        node = ProjectFactory(creator=user)
        osfstorage = node.get_addon("osfstorage")
        root_node = osfstorage.get_root()
        file = root_node.append_file("test_file")
        user_merge_target = factories.AuthUserFactory()
        file.check_in_or_out(user, user, save=True)
        file.reload()
        assert_equal(file.checkout, user)
        user_merge_target.merge_user(user)
        file.reload()
        assert_equal(user_merge_target, file.checkout)

    def test_remove_contributor_with_checked_file(self):
        user = factories.AuthUserFactory()
        self.node.contributors.append(user)
        self.node.add_permission(user, "admin")
        self.node.visible_contributor_ids.append(user._id)
        self.node.save()
        self.file.check_in_or_out(self.user, self.user, save=True)
        self.file.reload()
        assert_equal(self.file.checkout, self.user)
        self.file.node.remove_contributors([self.user], save=True)
        self.file.reload()
        assert_equal(self.file.checkout, None)