class TestOsfStorageCheckout(StorageTestCase): def setUp(self): super(TestOsfStorageCheckout, self).setUp() self.user = factories.AuthUserFactory() self.node = ProjectFactory(creator=self.user) self.osfstorage = self.node.get_addon('osfstorage') self.root_node = self.osfstorage.get_root() self.file = self.root_node.append_file('3005') def test_delete_checked_out_file(self): self.file.checkout = self.user self.file.save() with assert_raises(FileNodeCheckedOutError): self.file.delete() def test_delete_folder_with_checked_out_file(self): folder = self.root_node.append_folder('folder') self.file.move_under(folder) self.file.checkout = self.user self.file.save() with assert_raises(FileNodeCheckedOutError): folder.delete() def test_move_checked_out_file(self): self.file.checkout = self.user self.file.save() folder = self.root_node.append_folder('folder') with assert_raises(FileNodeCheckedOutError): self.file.move_under(folder) def test_checked_out_merge(self): user = factories.AuthUserFactory() node = ProjectFactory(creator=user) osfstorage = node.get_addon('osfstorage') root_node = osfstorage.get_root() file = root_node.append_file('test_file') user_merge_target = factories.AuthUserFactory() file.checkout = user file.save() user_merge_target.merge_user(user) file.reload() assert_equal(user_merge_target, file.checkout) def test_remove_contributor_with_checked_file(self): user = factories.AuthUserFactory() self.node.contributors.append(user) self.node.add_permission(user, 'admin') self.node.visible_contributor_ids.append(user._id) self.node.save() self.file.checkout = self.user self.file.save() self.file.node.remove_contributors([self.user], save=True) self.file.reload() assert_equal(self.file.checkout, None)
class TestOsfStorageCheckout(StorageTestCase): def setUp(self): super(TestOsfStorageCheckout, self).setUp() self.user = factories.AuthUserFactory() self.node = ProjectFactory(creator=self.user) self.osfstorage = self.node.get_addon('osfstorage') self.root_node = self.osfstorage.get_root() self.file = self.root_node.append_file('3005') def test_delete_checked_out_file(self): self.file.checkout = self.user self.file.save() with assert_raises(FileNodeCheckedOutError): self.file.delete() def test_delete_folder_with_checked_out_file(self): folder = self.root_node.append_folder('folder') self.file.move_under(folder) self.file.checkout = self.user self.file.save() with assert_raises(FileNodeCheckedOutError): folder.delete() def test_move_checked_out_file(self): self.file.checkout = self.user self.file.save() folder = self.root_node.append_folder('folder') with assert_raises(FileNodeCheckedOutError): self.file.move_under(folder) def test_checked_out_merge(self): user = factories.AuthUserFactory() node = ProjectFactory(creator=user) osfstorage = node.get_addon('osfstorage') root_node = osfstorage.get_root() file = root_node.append_file('test_file') user_merge_target = factories.AuthUserFactory() file.checkout = user file.save() user_merge_target.merge_user(user) file.reload() assert_equal(user_merge_target, file.checkout) def test_remove_contributor_with_checked_file(self): user = factories.AuthUserFactory() self.node.contributors.append(user) self.node.add_permission(user, 'admin') self.node.visible_contributor_ids.append(user._id) self.node.save() self.file.checkout = self.user self.file.save() self.file.node.remove_contributors([self.user], save=True) self.file.reload() assert_equal(self.file.checkout, None)
def test_must_have_permission_true(self, mock_from_kwargs, mock_to_nodes): project = ProjectFactory() project.add_permission(project.creator, 'dance') mock_from_kwargs.return_value = Auth(user=project.creator) mock_to_nodes.return_value = (None, project) thriller(node=project)
def test_must_have_permission_true(self, mock_from_kwargs, mock_to_nodes): project = ProjectFactory() project.add_permission(project.creator, 'dance') mock_from_kwargs.return_value = Auth(user=project.creator) mock_to_nodes.return_value = (None, project) thriller(node=project)
class TestNodeContributorDelete(ApiTestCase): def setUp(self): super(TestNodeContributorDelete, self).setUp() self.user = AuthUserFactory() self.user_two = AuthUserFactory() self.user_three = AuthUserFactory() self.project = ProjectFactory(creator=self.user) self.project.add_contributor(self.user_two, permissions=[permissions.READ, permissions.WRITE], visible=True, save=True) self.url_user = '******'.format(API_BASE, self.project._id, self.user._id) self.url_user_two = '/{}nodes/{}/contributors/{}/'.format(API_BASE, self.project._id, self.user_two._id) self.url_user_three = '/{}nodes/{}/contributors/{}/'.format(API_BASE, self.project._id, self.user_three._id) @assert_logs(NodeLog.CONTRIB_REMOVED, 'project') def test_remove_contributor_admin(self): res = self.app.delete(self.url_user_two, auth=self.user.auth) assert_equal(res.status_code, 204) self.project.reload() assert_not_in(self.user_two, self.project.contributors) def test_remove_contributor_non_admin_is_forbidden(self): self.project.add_contributor(self.user_three, permissions=[permissions.READ, permissions.WRITE], visible=True, save=True) res = self.app.delete(self.url_user_three, auth=self.user_two.auth, expect_errors=True) assert_equal(res.status_code, 403) self.project.reload() assert_in(self.user_three, self.project.contributors) @assert_logs(NodeLog.CONTRIB_REMOVED, 'project') def test_remove_self_non_admin(self): self.project.add_contributor(self.user_three, permissions=[permissions.READ, permissions.WRITE], visible=True, save=True) res = self.app.delete(self.url_user_three, auth=self.user_three.auth) assert_equal(res.status_code, 204) self.project.reload() assert_not_in(self.user_three, self.project.contributors) def test_remove_contributor_non_contributor(self): res = self.app.delete(self.url_user_two, auth=self.user_three.auth, expect_errors=True) assert_equal(res.status_code, 403) self.project.reload() assert_in(self.user_two, self.project.contributors) def test_remove_contributor_not_logged_in(self): res = self.app.delete(self.url_user_two, expect_errors=True) assert_equal(res.status_code, 401) self.project.reload() assert_in(self.user_two, self.project.contributors) def test_remove_non_contributor_admin(self): assert_not_in(self.user_three, self.project.contributors) res = self.app.delete(self.url_user_three, auth=self.user.auth, expect_errors=True) assert_equal(res.status_code, 404) self.project.reload() assert_not_in(self.user_three, self.project.contributors) def test_remove_non_existing_user_admin(self): url_user_fake = '/{}nodes/{}/contributors/{}/'.format(API_BASE, self.project._id, 'fake') res = self.app.delete(url_user_fake, auth=self.user.auth, expect_errors=True) assert_equal(res.status_code, 404) @assert_logs(NodeLog.CONTRIB_REMOVED, 'project') def test_remove_self_contributor_not_unique_admin(self): self.project.add_permission(self.user_two, permissions.ADMIN, save=True) res = self.app.delete(self.url_user, auth=self.user.auth) assert_equal(res.status_code, 204) self.project.reload() assert_not_in(self.user, self.project.contributors) @assert_logs(NodeLog.CONTRIB_REMOVED, 'project') def test_can_remove_self_as_contributor_not_unique_admin(self): self.project.add_permission(self.user_two, permissions.ADMIN, save=True) res = self.app.delete(self.url_user_two, auth=self.user_two.auth) assert_equal(res.status_code, 204) self.project.reload() assert_not_in(self.user_two, self.project.contributors) def test_remove_self_contributor_unique_admin(self): res = self.app.delete(self.url_user, auth=self.user.auth, expect_errors=True) assert_equal(res.status_code, 400) self.project.reload() assert_in(self.user, self.project.contributors) def test_can_not_remove_only_bibliographic_contributor(self): self.project.add_permission(self.user_two, permissions.ADMIN, save=True) self.project.set_visible(self.user_two, False, save=True) res = self.app.delete(self.url_user, auth=self.user.auth, expect_errors=True) assert_equal(res.status_code, 400) self.project.reload() assert_in(self.user, self.project.contributors)
class TestNodeContributorUpdate(ApiTestCase): def setUp(self): super(TestNodeContributorUpdate, self).setUp() self.user = AuthUserFactory() self.user_two = AuthUserFactory() self.project = ProjectFactory(creator=self.user) self.project.add_contributor(self.user_two, permissions=[permissions.READ, permissions.WRITE], visible=True, save=True) self.url_creator = '/{}nodes/{}/contributors/{}/'.format(API_BASE, self.project._id, self.user._id) self.url_contributor = '/{}nodes/{}/contributors/{}/'.format(API_BASE, self.project._id, self.user_two._id) def test_node_update_invalid_data(self): res = self.app.put_json_api(self.url_creator, "Incorrect data", auth=self.user.auth, expect_errors=True) assert_equal(res.status_code, 400) assert_equal(res.json['errors'][0]['detail'], "Malformed request.") res = self.app.put_json_api(self.url_creator, ["Incorrect data"], auth=self.user.auth, expect_errors=True) assert_equal(res.status_code, 400) assert_equal(res.json['errors'][0]['detail'], "Malformed request.") def test_change_contributor_no_id(self): data = { 'data': { 'type': 'contributors', 'attributes': { 'permission': permissions.ADMIN, 'bibliographic': True } } } res = self.app.put_json_api(self.url_contributor, data, auth=self.user.auth, expect_errors=True) assert_equal(res.status_code, 400) def test_change_contributor_incorrect_id(self): data = { 'data': { 'id': '12345', 'type': 'contributors', 'attributes': { 'permission': permissions.ADMIN, 'bibliographic': True } } } res = self.app.put_json_api(self.url_contributor, data, auth=self.user.auth, expect_errors=True) assert_equal(res.status_code, 409) def test_change_contributor_no_type(self): data = { 'data': { 'id': self.user_two._id, 'attributes': { 'permission': permissions.ADMIN, 'bibliographic': True } } } res = self.app.put_json_api(self.url_contributor, data, auth=self.user.auth, expect_errors=True) assert_equal(res.status_code, 400) def test_change_contributor_incorrect_type(self): data = { 'data': { 'id': self.user_two._id, 'type': 'Wrong type.', 'attributes': { 'permission': permissions.ADMIN, 'bibliographic': True } } } res = self.app.put_json_api(self.url_contributor, data, auth=self.user.auth, expect_errors=True) assert_equal(res.status_code, 409) @assert_logs(NodeLog.PERMISSIONS_UPDATED, 'project', -3) @assert_logs(NodeLog.PERMISSIONS_UPDATED, 'project', -2) @assert_logs(NodeLog.PERMISSIONS_UPDATED, 'project') def test_change_contributor_permissions(self): data = { 'data': { 'id': self.user_two._id, 'type': 'contributors', 'attributes': { 'permission': permissions.ADMIN, 'bibliographic': True } } } res = self.app.put_json_api(self.url_contributor, data, auth=self.user.auth) assert_equal(res.status_code, 200) attributes = res.json['data']['attributes'] assert_equal(attributes['permission'], permissions.ADMIN) self.project.reload() assert_equal(self.project.get_permissions(self.user_two), [permissions.READ, permissions.WRITE, permissions.ADMIN]) data = { 'data': { 'id': self.user_two._id, 'type': 'contributors', 'attributes': { 'permission': permissions.WRITE, 'bibliographic': True } } } res = self.app.put_json_api(self.url_contributor, data, auth=self.user.auth) assert_equal(res.status_code, 200) attributes = res.json['data']['attributes'] assert_equal(attributes['permission'], permissions.WRITE) self.project.reload() assert_equal(self.project.get_permissions(self.user_two), [permissions.READ, permissions.WRITE]) data = { 'data': { 'id': self.user_two._id, 'type': 'contributors', 'attributes': { 'permission': permissions.READ, 'bibliographic': True } } } res = self.app.put_json_api(self.url_contributor, data, auth=self.user.auth) assert_equal(res.status_code, 200) attributes = res.json['data']['attributes'] assert_equal(attributes['permission'], permissions.READ) self.project.reload() assert_equal(self.project.get_permissions(self.user_two), [permissions.READ]) @assert_logs(NodeLog.MADE_CONTRIBUTOR_INVISIBLE, 'project', -2) @assert_logs(NodeLog.MADE_CONTRIBUTOR_VISIBLE, 'project') def test_change_contributor_bibliographic(self): data = { 'data': { 'id': self.user_two._id, 'type': 'contributors', 'attributes': { 'bibliographic': False } } } res = self.app.put_json_api(self.url_contributor, data, auth=self.user.auth) assert_equal(res.status_code, 200) attributes = res.json['data']['attributes'] assert_equal(attributes['bibliographic'], False) self.project.reload() assert_false(self.project.get_visible(self.user_two)) data = { 'data': { 'id': self.user_two._id, 'type': 'contributors', 'attributes': { 'bibliographic': True } } } res = self.app.put_json_api(self.url_contributor, data, auth=self.user.auth) assert_equal(res.status_code, 200) attributes = res.json['data']['attributes'] assert_equal(attributes['bibliographic'], True) self.project.reload() assert_true(self.project.get_visible(self.user_two)) @assert_logs(NodeLog.PERMISSIONS_UPDATED, 'project', -2) @assert_logs(NodeLog.MADE_CONTRIBUTOR_INVISIBLE, 'project') def test_change_contributor_permission_and_bibliographic(self): data = { 'data': { 'id': self.user_two._id, 'type': 'contributors', 'attributes': { 'permission': permissions.READ, 'bibliographic': False } } } res = self.app.put_json_api(self.url_contributor, data, auth=self.user.auth) assert_equal(res.status_code, 200) attributes = res.json['data']['attributes'] assert_equal(attributes['permission'], permissions.READ) assert_equal(attributes['bibliographic'], False) self.project.reload() assert_equal(self.project.get_permissions(self.user_two), [permissions.READ]) assert_false(self.project.get_visible(self.user_two)) @assert_not_logs(NodeLog.PERMISSIONS_UPDATED, 'project') def test_not_change_contributor(self): data = { 'data': { 'id': self.user_two._id, 'type': 'contributors', 'attributes': { 'permission': None, 'bibliographic': True } } } res = self.app.put_json_api(self.url_contributor, data, auth=self.user.auth) assert_equal(res.status_code, 200) attributes = res.json['data']['attributes'] assert_equal(attributes['permission'], permissions.WRITE) assert_equal(attributes['bibliographic'], True) self.project.reload() assert_equal(self.project.get_permissions(self.user_two), [permissions.READ, permissions.WRITE]) assert_true(self.project.get_visible(self.user_two)) def test_invalid_change_inputs_contributor(self): data = { 'data': { 'id': self.user_two._id, 'type': 'contributors', 'attributes': { 'permission': 'invalid', 'bibliographic': 'invalid' } } } res = self.app.put_json_api(self.url_contributor, data, auth=self.user.auth, expect_errors=True) assert_equal(res.status_code, 400) assert_equal(self.project.get_permissions(self.user_two), [permissions.READ, permissions.WRITE]) assert_true(self.project.get_visible(self.user_two)) @assert_logs(NodeLog.PERMISSIONS_UPDATED, 'project') def test_change_admin_self_with_other_admin(self): self.project.add_permission(self.user_two, permissions.ADMIN, save=True) data = { 'data': { 'id': self.user._id, 'type': 'contributors', 'attributes': { 'permission': permissions.WRITE, 'bibliographic': True } } } res = self.app.put_json_api(self.url_creator, data, auth=self.user.auth) assert_equal(res.status_code, 200) attributes = res.json['data']['attributes'] assert_equal(attributes['permission'], permissions.WRITE) self.project.reload() assert_equal(self.project.get_permissions(self.user), [permissions.READ, permissions.WRITE]) def test_change_admin_self_without_other_admin(self): data = { 'data': { 'id': self.user._id, 'type': 'contributors', 'attributes': { 'permission': permissions.WRITE, 'bibliographic': True } } } res = self.app.put_json_api(self.url_creator, data, auth=self.user.auth, expect_errors=True) assert_equal(res.status_code, 400) self.project.reload() assert_equal(self.project.get_permissions(self.user), [permissions.READ, permissions.WRITE, permissions.ADMIN]) def test_remove_all_bibliographic_statuses_contributors(self): self.project.set_visible(self.user_two, False, save=True) data = { 'data': { 'id': self.user._id, 'type': 'contributors', 'attributes': { 'bibliographic': False } } } res = self.app.put_json_api(self.url_creator, data, auth=self.user.auth, expect_errors=True) assert_equal(res.status_code, 400) self.project.reload() assert_true(self.project.get_visible(self.user)) def test_change_contributor_non_admin_auth(self): data = { 'data': { 'id': self.user_two._id, 'type': 'contributors', 'attributes': { 'permission': permissions.READ, 'bibliographic': False } } } res = self.app.put_json_api(self.url_contributor, data, auth=self.user_two.auth, expect_errors=True) assert_equal(res.status_code, 403) self.project.reload() assert_equal(self.project.get_permissions(self.user_two), [permissions.READ, permissions.WRITE]) assert_true(self.project.get_visible(self.user_two)) def test_change_contributor_not_logged_in(self): data = { 'data': { 'id': self.user_two._id, 'type': 'contributors', 'attributes': { 'permission': permissions.READ, 'bibliographic': False } } } res = self.app.put_json_api(self.url_contributor, data, expect_errors=True) assert_equal(res.status_code, 401) self.project.reload() assert_equal(self.project.get_permissions(self.user_two), [permissions.READ, permissions.WRITE]) assert_true(self.project.get_visible(self.user_two))
class TestNodeContributorDelete(ApiTestCase): def setUp(self): super(TestNodeContributorDelete, self).setUp() self.user = AuthUserFactory() self.user_two = AuthUserFactory() self.user_three = AuthUserFactory() self.project = ProjectFactory(creator=self.user) self.project.add_contributor(self.user_two, permissions=[permissions.READ, permissions.WRITE], visible=True, save=True) self.url_user = '******'.format(API_BASE, self.project._id, self.user._id) self.url_user_two = '/{}nodes/{}/contributors/{}/'.format(API_BASE, self.project._id, self.user_two._id) self.url_user_three = '/{}nodes/{}/contributors/{}/'.format(API_BASE, self.project._id, self.user_three._id) @assert_logs(NodeLog.CONTRIB_REMOVED, 'project') def test_remove_contributor_admin(self): res = self.app.delete(self.url_user_two, auth=self.user.auth) assert_equal(res.status_code, 204) self.project.reload() assert_not_in(self.user_two, self.project.contributors) def test_remove_contributor_non_admin_is_forbidden(self): self.project.add_contributor(self.user_three, permissions=[permissions.READ, permissions.WRITE], visible=True, save=True) res = self.app.delete(self.url_user_three, auth=self.user_two.auth, expect_errors=True) assert_equal(res.status_code, 403) self.project.reload() assert_in(self.user_three, self.project.contributors) @assert_logs(NodeLog.CONTRIB_REMOVED, 'project') def test_remove_self_non_admin(self): self.project.add_contributor(self.user_three, permissions=[permissions.READ, permissions.WRITE], visible=True, save=True) res = self.app.delete(self.url_user_three, auth=self.user_three.auth) assert_equal(res.status_code, 204) self.project.reload() assert_not_in(self.user_three, self.project.contributors) def test_remove_contributor_non_contributor(self): res = self.app.delete(self.url_user_two, auth=self.user_three.auth, expect_errors=True) assert_equal(res.status_code, 403) self.project.reload() assert_in(self.user_two, self.project.contributors) def test_remove_contributor_not_logged_in(self): res = self.app.delete(self.url_user_two, expect_errors=True) assert_equal(res.status_code, 401) self.project.reload() assert_in(self.user_two, self.project.contributors) def test_remove_non_contributor_admin(self): assert_not_in(self.user_three, self.project.contributors) res = self.app.delete(self.url_user_three, auth=self.user.auth, expect_errors=True) assert_equal(res.status_code, 404) self.project.reload() assert_not_in(self.user_three, self.project.contributors) def test_remove_non_existing_user_admin(self): url_user_fake = '/{}nodes/{}/contributors/{}/'.format(API_BASE, self.project._id, 'fake') res = self.app.delete(url_user_fake, auth=self.user.auth, expect_errors=True) assert_equal(res.status_code, 404) @assert_logs(NodeLog.CONTRIB_REMOVED, 'project') def test_remove_self_contributor_not_unique_admin(self): self.project.add_permission(self.user_two, permissions.ADMIN, save=True) res = self.app.delete(self.url_user, auth=self.user.auth) assert_equal(res.status_code, 204) self.project.reload() assert_not_in(self.user, self.project.contributors) @assert_logs(NodeLog.CONTRIB_REMOVED, 'project') def test_can_remove_self_as_contributor_not_unique_admin(self): self.project.add_permission(self.user_two, permissions.ADMIN, save=True) res = self.app.delete(self.url_user_two, auth=self.user_two.auth) assert_equal(res.status_code, 204) self.project.reload() assert_not_in(self.user_two, self.project.contributors) def test_remove_self_contributor_unique_admin(self): res = self.app.delete(self.url_user, auth=self.user.auth, expect_errors=True) assert_equal(res.status_code, 400) self.project.reload() assert_in(self.user, self.project.contributors) def test_can_not_remove_only_bibliographic_contributor(self): self.project.add_permission(self.user_two, permissions.ADMIN, save=True) self.project.set_visible(self.user_two, False, save=True) res = self.app.delete(self.url_user, auth=self.user.auth, expect_errors=True) assert_equal(res.status_code, 400) self.project.reload() assert_in(self.user, self.project.contributors)
class TestNodeContributorUpdate(ApiTestCase): def setUp(self): super(TestNodeContributorUpdate, self).setUp() self.user = AuthUserFactory() self.user_two = AuthUserFactory() self.project = ProjectFactory(creator=self.user) self.project.add_contributor(self.user_two, permissions=[permissions.READ, permissions.WRITE], visible=True, save=True) self.url_creator = '/{}nodes/{}/contributors/{}/'.format(API_BASE, self.project._id, self.user._id) self.url_contributor = '/{}nodes/{}/contributors/{}/'.format(API_BASE, self.project._id, self.user_two._id) def test_node_update_invalid_data(self): res = self.app.put_json_api(self.url_creator, "Incorrect data", auth=self.user.auth, expect_errors=True) assert_equal(res.status_code, 400) assert_equal(res.json['errors'][0]['detail'], "Malformed request.") res = self.app.put_json_api(self.url_creator, ["Incorrect data"], auth=self.user.auth, expect_errors=True) assert_equal(res.status_code, 400) assert_equal(res.json['errors'][0]['detail'], "Malformed request.") def test_change_contributor_no_id(self): data = { 'data': { 'type': 'contributors', 'attributes': { 'permission': permissions.ADMIN, 'bibliographic': True } } } res = self.app.put_json_api(self.url_contributor, data, auth=self.user.auth, expect_errors=True) assert_equal(res.status_code, 400) def test_change_contributor_incorrect_id(self): data = { 'data': { 'id': '12345', 'type': 'contributors', 'attributes': { 'permission': permissions.ADMIN, 'bibliographic': True } } } res = self.app.put_json_api(self.url_contributor, data, auth=self.user.auth, expect_errors=True) assert_equal(res.status_code, 409) def test_change_contributor_no_type(self): data = { 'data': { 'id': self.user_two._id, 'attributes': { 'permission': permissions.ADMIN, 'bibliographic': True } } } res = self.app.put_json_api(self.url_contributor, data, auth=self.user.auth, expect_errors=True) assert_equal(res.status_code, 400) def test_change_contributor_incorrect_type(self): data = { 'data': { 'id': self.user_two._id, 'type': 'Wrong type.', 'attributes': { 'permission': permissions.ADMIN, 'bibliographic': True } } } res = self.app.put_json_api(self.url_contributor, data, auth=self.user.auth, expect_errors=True) assert_equal(res.status_code, 409) @assert_logs(NodeLog.PERMISSIONS_UPDATED, 'project', -3) @assert_logs(NodeLog.PERMISSIONS_UPDATED, 'project', -2) @assert_logs(NodeLog.PERMISSIONS_UPDATED, 'project') def test_change_contributor_permissions(self): data = { 'data': { 'id': self.user_two._id, 'type': 'contributors', 'attributes': { 'permission': permissions.ADMIN, 'bibliographic': True } } } res = self.app.put_json_api(self.url_contributor, data, auth=self.user.auth) assert_equal(res.status_code, 200) attributes = res.json['data']['attributes'] assert_equal(attributes['permission'], permissions.ADMIN) self.project.reload() assert_equal(self.project.get_permissions(self.user_two), [permissions.READ, permissions.WRITE, permissions.ADMIN]) data = { 'data': { 'id': self.user_two._id, 'type': 'contributors', 'attributes': { 'permission': permissions.WRITE, 'bibliographic': True } } } res = self.app.put_json_api(self.url_contributor, data, auth=self.user.auth) assert_equal(res.status_code, 200) attributes = res.json['data']['attributes'] assert_equal(attributes['permission'], permissions.WRITE) self.project.reload() assert_equal(self.project.get_permissions(self.user_two), [permissions.READ, permissions.WRITE]) data = { 'data': { 'id': self.user_two._id, 'type': 'contributors', 'attributes': { 'permission': permissions.READ, 'bibliographic': True } } } res = self.app.put_json_api(self.url_contributor, data, auth=self.user.auth) assert_equal(res.status_code, 200) attributes = res.json['data']['attributes'] assert_equal(attributes['permission'], permissions.READ) self.project.reload() assert_equal(self.project.get_permissions(self.user_two), [permissions.READ]) @assert_logs(NodeLog.MADE_CONTRIBUTOR_INVISIBLE, 'project', -2) @assert_logs(NodeLog.MADE_CONTRIBUTOR_VISIBLE, 'project') def test_change_contributor_bibliographic(self): data = { 'data': { 'id': self.user_two._id, 'type': 'contributors', 'attributes': { 'bibliographic': False } } } res = self.app.put_json_api(self.url_contributor, data, auth=self.user.auth) assert_equal(res.status_code, 200) attributes = res.json['data']['attributes'] assert_equal(attributes['bibliographic'], False) self.project.reload() assert_false(self.project.get_visible(self.user_two)) data = { 'data': { 'id': self.user_two._id, 'type': 'contributors', 'attributes': { 'bibliographic': True } } } res = self.app.put_json_api(self.url_contributor, data, auth=self.user.auth) assert_equal(res.status_code, 200) attributes = res.json['data']['attributes'] assert_equal(attributes['bibliographic'], True) self.project.reload() assert_true(self.project.get_visible(self.user_two)) @assert_logs(NodeLog.PERMISSIONS_UPDATED, 'project', -2) @assert_logs(NodeLog.MADE_CONTRIBUTOR_INVISIBLE, 'project') def test_change_contributor_permission_and_bibliographic(self): data = { 'data': { 'id': self.user_two._id, 'type': 'contributors', 'attributes': { 'permission': permissions.READ, 'bibliographic': False } } } res = self.app.put_json_api(self.url_contributor, data, auth=self.user.auth) assert_equal(res.status_code, 200) attributes = res.json['data']['attributes'] assert_equal(attributes['permission'], permissions.READ) assert_equal(attributes['bibliographic'], False) self.project.reload() assert_equal(self.project.get_permissions(self.user_two), [permissions.READ]) assert_false(self.project.get_visible(self.user_two)) @assert_not_logs(NodeLog.PERMISSIONS_UPDATED, 'project') def test_not_change_contributor(self): data = { 'data': { 'id': self.user_two._id, 'type': 'contributors', 'attributes': { 'permission': None, 'bibliographic': True } } } res = self.app.put_json_api(self.url_contributor, data, auth=self.user.auth) assert_equal(res.status_code, 200) attributes = res.json['data']['attributes'] assert_equal(attributes['permission'], permissions.WRITE) assert_equal(attributes['bibliographic'], True) self.project.reload() assert_equal(self.project.get_permissions(self.user_two), [permissions.READ, permissions.WRITE]) assert_true(self.project.get_visible(self.user_two)) def test_invalid_change_inputs_contributor(self): data = { 'data': { 'id': self.user_two._id, 'type': 'contributors', 'attributes': { 'permission': 'invalid', 'bibliographic': 'invalid' } } } res = self.app.put_json_api(self.url_contributor, data, auth=self.user.auth, expect_errors=True) assert_equal(res.status_code, 400) assert_equal(self.project.get_permissions(self.user_two), [permissions.READ, permissions.WRITE]) assert_true(self.project.get_visible(self.user_two)) @assert_logs(NodeLog.PERMISSIONS_UPDATED, 'project') def test_change_admin_self_with_other_admin(self): self.project.add_permission(self.user_two, permissions.ADMIN, save=True) data = { 'data': { 'id': self.user._id, 'type': 'contributors', 'attributes': { 'permission': permissions.WRITE, 'bibliographic': True } } } res = self.app.put_json_api(self.url_creator, data, auth=self.user.auth) assert_equal(res.status_code, 200) attributes = res.json['data']['attributes'] assert_equal(attributes['permission'], permissions.WRITE) self.project.reload() assert_equal(self.project.get_permissions(self.user), [permissions.READ, permissions.WRITE]) def test_change_admin_self_without_other_admin(self): data = { 'data': { 'id': self.user._id, 'type': 'contributors', 'attributes': { 'permission': permissions.WRITE, 'bibliographic': True } } } res = self.app.put_json_api(self.url_creator, data, auth=self.user.auth, expect_errors=True) assert_equal(res.status_code, 400) self.project.reload() assert_equal(self.project.get_permissions(self.user), [permissions.READ, permissions.WRITE, permissions.ADMIN]) def test_remove_all_bibliographic_statuses_contributors(self): self.project.set_visible(self.user_two, False, save=True) data = { 'data': { 'id': self.user._id, 'type': 'contributors', 'attributes': { 'bibliographic': False } } } res = self.app.put_json_api(self.url_creator, data, auth=self.user.auth, expect_errors=True) assert_equal(res.status_code, 400) self.project.reload() assert_true(self.project.get_visible(self.user)) def test_change_contributor_non_admin_auth(self): data = { 'data': { 'id': self.user_two._id, 'type': 'contributors', 'attributes': { 'permission': permissions.READ, 'bibliographic': False } } } res = self.app.put_json_api(self.url_contributor, data, auth=self.user_two.auth, expect_errors=True) assert_equal(res.status_code, 403) self.project.reload() assert_equal(self.project.get_permissions(self.user_two), [permissions.READ, permissions.WRITE]) assert_true(self.project.get_visible(self.user_two)) def test_change_contributor_not_logged_in(self): data = { 'data': { 'id': self.user_two._id, 'type': 'contributors', 'attributes': { 'permission': permissions.READ, 'bibliographic': False } } } res = self.app.put_json_api(self.url_contributor, data, expect_errors=True) assert_equal(res.status_code, 401) self.project.reload() assert_equal(self.project.get_permissions(self.user_two), [permissions.READ, permissions.WRITE]) assert_true(self.project.get_visible(self.user_two))
class TestOsfStorageCheckout(StorageTestCase): def setUp(self): super(TestOsfStorageCheckout, self).setUp() self.user = factories.AuthUserFactory() self.node = ProjectFactory(creator=self.user) self.osfstorage = self.node.get_addon("osfstorage") self.root_node = self.osfstorage.get_root() self.file = self.root_node.append_file("3005") def test_checkout_logs(self): non_admin = factories.AuthUserFactory() self.node.add_contributor(non_admin, permissions=["read", "write"]) self.node.save() self.file.check_in_or_out(non_admin, non_admin, save=True) self.file.reload() self.node.reload() assert_equal(self.file.checkout, non_admin) assert_equal(self.node.logs[-1].action, "checked_out") assert_equal(self.node.logs[-1].user, non_admin) self.file.check_in_or_out(self.user, None, save=True) self.file.reload() self.node.reload() assert_equal(self.file.checkout, None) assert_equal(self.node.logs[-1].action, "checked_in") assert_equal(self.node.logs[-1].user, self.user) self.file.check_in_or_out(self.user, self.user, save=True) self.file.reload() self.node.reload() assert_equal(self.file.checkout, self.user) assert_equal(self.node.logs[-1].action, "checked_out") assert_equal(self.node.logs[-1].user, self.user) with assert_raises(FileNodeCheckedOutError): self.file.check_in_or_out(non_admin, None, save=True) with assert_raises(FileNodeCheckedOutError): self.file.check_in_or_out(non_admin, non_admin, save=True) def test_delete_checked_out_file(self): self.file.check_in_or_out(self.user, self.user, save=True) self.file.reload() assert_equal(self.file.checkout, self.user) with assert_raises(FileNodeCheckedOutError): self.file.delete() def test_delete_folder_with_checked_out_file(self): folder = self.root_node.append_folder("folder") self.file.move_under(folder) self.file.check_in_or_out(self.user, self.user, save=True) self.file.reload() assert_equal(self.file.checkout, self.user) with assert_raises(FileNodeCheckedOutError): folder.delete() def test_move_checked_out_file(self): self.file.check_in_or_out(self.user, self.user, save=True) self.file.reload() assert_equal(self.file.checkout, self.user) folder = self.root_node.append_folder("folder") with assert_raises(FileNodeCheckedOutError): self.file.move_under(folder) def test_checked_out_merge(self): user = factories.AuthUserFactory() node = ProjectFactory(creator=user) osfstorage = node.get_addon("osfstorage") root_node = osfstorage.get_root() file = root_node.append_file("test_file") user_merge_target = factories.AuthUserFactory() file.check_in_or_out(user, user, save=True) file.reload() assert_equal(file.checkout, user) user_merge_target.merge_user(user) file.reload() assert_equal(user_merge_target, file.checkout) def test_remove_contributor_with_checked_file(self): user = factories.AuthUserFactory() self.node.contributors.append(user) self.node.add_permission(user, "admin") self.node.visible_contributor_ids.append(user._id) self.node.save() self.file.check_in_or_out(self.user, self.user, save=True) self.file.reload() assert_equal(self.file.checkout, self.user) self.file.node.remove_contributors([self.user], save=True) self.file.reload() assert_equal(self.file.checkout, None)