def test_invalid_patch(app, test_records, test_patch):
"""Test INVALID record put request (PUT .../records/<record_id>)."""
pid, record = test_records[0]
with app.test_client() as client:
url = record_url(pid)
# Non-existing record
res = client.patch(record_url("0"), data=json.dumps(test_patch), headers=HEADERS)
assert res.status_code == 404
# Invalid accept mime type.
headers = [("Content-Type", "application/json-patch+json"), ("Accept", "video/mp4")]
res = client.patch(url, data=json.dumps(test_patch), headers=headers)
assert res.status_code == 406
# Invalid content type
headers = [("Content-Type", "video/mp4"), ("Accept", "application/json")]
res = client.patch(url, data=json.dumps(test_patch), headers=headers)
assert res.status_code == 415
# Invalid Patch
res = client.patch(url, data=json.dumps([{"invalid": "json-patch"}]), headers=HEADERS)
assert res.status_code == 400
# Invalid JSON
res = client.patch(url, data="{", headers=HEADERS)
assert res.status_code == 400
# Invalid ETag
res = client.patch(
url, data=json.dumps(test_patch), headers={"Content-Type": "application/json-patch+json", "If-Match": '"2"'}
)
assert res.status_code == 412
def test_rest_delete_record(app, db, es, es_acl_prepare, test_users):
with app.test_client() as client:
with db.session.begin_nested():
acl = DefaultACL(name='default',
schemas=[RECORD_SCHEMA],
priority=0,
originator=test_users.u1,
operation='update')
actor = UserActor(name='u1',
users=[test_users.u1],
acl=acl,
originator=test_users.u1)
db.session.add(acl)
db.session.add(actor)
pid, record = create_record({'keywords': ['blah']},
clz=SchemaEnforcingRecord)
RecordIndexer().index(record)
current_search_client.indices.refresh()
current_search_client.indices.flush()
login(client, test_users.u2)
response = client.delete(record_url(pid))
assert response.status_code == 403
login(client, test_users.u1)
response = client.delete(record_url(pid))
assert response.status_code == 204
with pytest.raises(NoResultFound):
Record.get_record(pid.object_uuid)
def test_invalid_patch(app, es, test_records, test_patch, charset, search_url,
search_class):
"""Test INVALID record put request (PUT .../records/<record_id>)."""
HEADERS = [('Accept', 'application/json'),
('Content-Type',
'application/json-patch+json{0}'.format(charset))]
pid, record = test_records[0]
with app.test_client() as client:
url = record_url(pid)
# Non-existing record
res = client.patch(record_url('0'),
data=json.dumps(test_patch),
headers=HEADERS)
assert res.status_code == 404
IndexFlusher(search_class).flush_and_wait()
res = client.get(search_url)
assert_hits_len(res, 0)
# Invalid accept mime type.
headers = [('Content-Type',
'application/json-patch+json{0}'.format(charset)),
('Accept', 'video/mp4')]
res = client.patch(url, data=json.dumps(test_patch), headers=headers)
assert res.status_code == 406
# Invalid content type
headers = [('Content-Type', 'video/mp4{0}'.format(charset)),
('Accept', 'application/json')]
res = client.patch(url, data=json.dumps(test_patch), headers=headers)
assert res.status_code == 415
# Invalid Patch
res = client.patch(url,
data=json.dumps([{
'invalid':
'json-patch{0}'.format(charset)
}]),
headers=HEADERS)
assert res.status_code == 400
# Invalid JSON
res = client.patch(url, data='{', headers=HEADERS)
assert res.status_code == 400
# Invalid ETag
res = client.patch(
url,
data=json.dumps(test_patch),
headers={
'Content-Type':
'application/json-patch+json{0}'.format(charset),
'If-Match': '"2"'
})
assert res.status_code == 412
def test_valid_delete(app, test_records):
"""Test VALID record delete request (DELETE .../records/<record_id>)."""
# Test with and without headers
for i, headers in enumerate([[], [('Accept', 'video/mp4')]]):
pid, record = test_records[i]
with app.test_client() as client:
res = client.delete(record_url(pid), headers=headers)
assert res.status_code == 204
res = client.get(record_url(pid))
assert res.status_code == 410
def test_valid_delete(app, indexed_records):
"""Test VALID record delete request (DELETE .../records/<record_id>)."""
# Test with and without headers
for i, headers in enumerate([[], [('Accept', 'video/mp4')]]):
pid, record = indexed_records[i]
with app.test_client() as client:
res = client.delete(record_url(pid), headers=headers)
assert res.status_code == 204
res = client.get(record_url(pid))
assert res.status_code == 410
def test_invalid_patch(app, test_records, test_patch, charset):
"""Test INVALID record put request (PUT .../records/<record_id>)."""
HEADERS = [
('Accept', 'application/json'),
('Content-Type',
'application/json-patch+json{0}'.format(charset))
]
pid, record = test_records[0]
with app.test_client() as client:
url = record_url(pid)
# Non-existing record
res = client.patch(
record_url('0'), data=json.dumps(test_patch), headers=HEADERS)
assert res.status_code == 404
# Invalid accept mime type.
headers = [('Content-Type',
'application/json-patch+json{0}'.format(charset)),
('Accept', 'video/mp4')]
res = client.patch(url, data=json.dumps(test_patch), headers=headers)
assert res.status_code == 406
# Invalid content type
headers = [('Content-Type', 'video/mp4{0}'.format(charset)),
('Accept', 'application/json')]
res = client.patch(url, data=json.dumps(test_patch), headers=headers)
assert res.status_code == 415
# Invalid Patch
res = client.patch(
url,
data=json.dumps([{'invalid': 'json-patch{0}'.format(charset)}]),
headers=HEADERS)
assert res.status_code == 400
# Invalid JSON
res = client.patch(url, data='{', headers=HEADERS)
assert res.status_code == 400
# Invalid ETag
res = client.patch(
url,
data=json.dumps(test_patch),
headers={
'Content-Type': 'application/json-patch+json{0}'.format(
charset),
'If-Match': '"2"'
}
)
assert res.status_code == 412
def test_delete_deleted(app, test_records):
"""Test deleting a perviously deleted record."""
pid, record = test_records[0]
with app.test_client() as client:
res = client.delete(record_url(pid))
assert res.status_code == 204
res = client.delete(record_url(pid))
assert res.status_code == 410
data = get_json(res)
assert 'message' in data
assert data['status'] == 410
def test_delete_deleted(app, indexed_records):
"""Test deleting a perviously deleted record."""
pid, record = indexed_records[0]
with app.test_client() as client:
res = client.delete(record_url(pid))
assert res.status_code == 204
res = client.delete(record_url(pid))
assert res.status_code == 410
data = get_json(res)
assert 'message' in data
assert data['status'] == 410
def test_invalid_put(app, es, test_records, charset, search_url):
"""Test INVALID record put request (PUT .../records/<record_id>)."""
HEADERS = [
('Accept', 'application/json'),
('Content-Type', 'application/json{0}'.format(charset)),
]
pid, record = test_records[0]
record['year'] = 1234
test_data = record.dumps()
with app.test_client() as client:
url = record_url(pid)
# Non-existing record
res = client.put(record_url('0'),
data=json.dumps(test_data),
headers=HEADERS)
assert res.status_code == 404
res = client.get(search_url, query_string={"year": 1234})
assert_hits_len(res, 0)
# Invalid accept mime type.
headers = [('Content-Type', 'application/json{0}'.format(charset)),
('Accept', 'video/mp4')]
res = client.put(url, data=json.dumps(test_data), headers=headers)
assert res.status_code == 406
# Invalid content type
headers = [('Content-Type', 'video/mp4{0}'.format(charset)),
('Accept', 'application/json')]
res = client.put(url, data=json.dumps(test_data), headers=headers)
assert res.status_code == 415
# Invalid JSON
res = client.put(url, data='{invalid-json', headers=HEADERS)
assert res.status_code == 400
# Invalid ETag
res = client.put(url,
data=json.dumps(test_data),
headers={
'Content-Type':
'application/json{0}'.format(charset),
'If-Match': '"2"'
})
assert res.status_code == 412
def test_default_permissions(app, default_permissions, test_data, search_url,
test_records, indexed_records):
"""Test default create permissions."""
pid, record = test_records[0]
rec_url = record_url(pid)
data = json.dumps(test_data[0])
h = {'Content-Type': 'application/json'}
hp = {'Content-Type': 'application/json-patch+json'}
with app.test_client() as client:
args = dict(data=data, headers=h)
pargs = dict(data=data, headers=hp)
qs = {'user': '******'}
uargs = dict(data=data, headers=h, query_string=qs)
upargs = dict(data=data, headers=hp, query_string=qs)
assert client.get(search_url).status_code == 200
assert client.get(rec_url).status_code == 200
assert 401 == client.post(search_url, **args).status_code
assert 405 == client.put(search_url, **args).status_code
assert 405 == client.patch(search_url).status_code
assert 405 == client.delete(search_url).status_code
assert 405 == client.post(rec_url, **args).status_code
assert 401 == client.put(rec_url, **args).status_code
assert 401 == client.patch(rec_url, **pargs).status_code
assert 401 == client.delete(rec_url).status_code
assert 403 == client.post(search_url, **uargs).status_code
assert 403 == client.put(rec_url, **uargs).status_code
assert 403 == client.patch(rec_url, **upargs).status_code
assert 403 == client.delete(rec_url, query_string=qs).status_code
def test_delete_with_sqldatabase_error(app, test_records):
"""Test VALID record delete request (GET .../records/<record_id>)."""
pid, record = test_records[0]
with app.test_client() as client:
def raise_error():
raise SQLAlchemyError()
# Force an SQLAlchemy error that will rollback the transaction.
with patch.object(PersistentIdentifier, 'delete',
side_effect=raise_error):
res = client.delete(record_url(pid))
assert res.status_code == 500
with app.test_client() as client:
res = client.get(record_url(pid))
assert res.status_code == 200
def test_get_record_no_acls_anonymous(app, db, es, es_acl_prepare, test_users):
with db.session.begin_nested():
# create an empty ACL in order to get the _invenio_explicit_acls filled
acl = DefaultACL(name='test',
schemas=[RECORD_SCHEMA],
priority=0,
operation='get',
originator=test_users.u1)
db.session.add(acl)
actor = UserActor(name='test',
acl=acl,
users=[],
originator=test_users.u1)
db.session.add(actor)
pid, record = create_record({}, clz=SchemaEnforcingRecord)
RecordIndexer().index(record)
# make sure it is flushed
current_search_client.indices.flush()
# try to get it ...
with app.test_client() as client:
res = client.get(record_url(pid))
assert res.status_code == 401 # unauthorized
# get it directly from ES
res = get_from_es(pid)['_source']
assert res['control_number'] == pid.pid_value
assert res['$schema'] == 'https://localhost/schemas/' + RECORD_SCHEMA
assert '_invenio_explicit_acls' in res
def test_valid_put_etag(app, es, test_records, content_type, search_url,
search_class):
"""Test concurrency control with etags."""
HEADERS = [
('Accept', 'application/json'),
('Content-Type', content_type)
]
pid, record = test_records[0]
record['year'] = 1234
with app.test_client() as client:
url = record_url(pid)
res = client.put(
url,
data=json.dumps(record.dumps()),
headers={
'Content-Type': 'application/json',
'If-Match': '"{0}"'.format(record.revision_id)
})
assert res.status_code == 200
assert get_json(client.get(url))['metadata']['year'] == 1234
IndexFlusher(search_class).flush_and_wait()
res = client.get(search_url, query_string={"year": 1234})
assert_hits_len(res, 1)
def test_valid_create(app, db, es, test_data, search_url, search_class,
content_type):
"""Test VALID record creation request (POST .../records/)."""
with app.test_client() as client:
HEADERS = [
('Accept', 'application/json'),
('Content-Type', content_type)
]
HEADERS.append(('Content-Type', content_type))
# Create record
res = client.post(
search_url, data=json.dumps(test_data[0]), headers=HEADERS)
assert res.status_code == 201
# Check that the returned record matches the given data
data = get_json(res)
for k in test_data[0].keys():
assert data['metadata'][k] == test_data[0][k]
# Recid has been added in control number
assert data['metadata']['control_number']
# Check location header
assert res.headers['Location'] == data['links']['self']
# Record can be retrieved.
assert client.get(record_url(data['id'])).status_code == 200
IndexFlusher(search_class).flush_and_wait()
# Record shows up in search
res = client.get(search_url,
query_string={"control_number":
data['metadata']['control_number']})
assert_hits_len(res, 1)
def test_invalid_put(app, es, test_records, charset, search_url):
"""Test INVALID record put request (PUT .../records/<record_id>)."""
HEADERS = [
('Accept', 'application/json'),
('Content-Type',
'application/json{0}'.format(charset)),
]
pid, record = test_records[0]
record['year'] = 1234
test_data = record.dumps()
with app.test_client() as client:
url = record_url(pid)
# Non-existing record
res = client.put(
record_url('0'), data=json.dumps(test_data), headers=HEADERS)
assert res.status_code == 404
res = client.get(search_url, query_string={"year": 1234})
assert_hits_len(res, 0)
# Invalid accept mime type.
headers = [('Content-Type', 'application/json{0}'.format(charset)),
('Accept', 'video/mp4')]
res = client.put(url, data=json.dumps(test_data), headers=headers)
assert res.status_code == 406
# Invalid content type
headers = [('Content-Type', 'video/mp4{0}'.format(charset)),
('Accept', 'application/json')]
res = client.put(url, data=json.dumps(test_data), headers=headers)
assert res.status_code == 415
# Invalid JSON
res = client.put(url, data='{invalid-json', headers=HEADERS)
assert res.status_code == 400
# Invalid ETag
res = client.put(
url,
data=json.dumps(test_data),
headers={'Content-Type': 'application/json{0}'.format(charset),
'If-Match': '"2"'}
)
assert res.status_code == 412
def test_item_get_invalid_mimetype(app, test_records):
"""Test invalid mimetype returns 406."""
with app.test_client() as client:
pid, record = test_records[0]
# Check that GET with non accepted format will return 406
res = client.get(record_url(pid), headers=[('Accept', 'video/mp4')])
assert res.status_code == 406
def test_item_get_etag(app, test_records):
"""Test VALID record get request (GET .../records/<record_id>)."""
with app.test_client() as client:
pid, record = test_records[0]
res = client.get(record_url(pid))
assert res.status_code == 200
etag = res.headers["ETag"]
last_modified = res.headers["Last-Modified"]
# Test request via etag
res = client.get(record_url(pid), headers={"If-None-Match": etag})
assert res.status_code == 304
# Test request via last-modified.
res = client.get(record_url(pid), headers={"If-Modified-Since": last_modified})
assert res.status_code == 304
def test_invalid_patch(app, test_records, test_patch):
"""Test INVALID record put request (PUT .../records/<record_id>)."""
pid, record = test_records[0]
with app.test_client() as client:
url = record_url(pid)
# Non-existing record
res = client.patch(record_url('0'),
data=json.dumps(test_patch),
headers=HEADERS)
assert res.status_code == 404
# Invalid accept mime type.
headers = [('Content-Type', 'application/json-patch+json'),
('Accept', 'video/mp4')]
res = client.patch(url, data=json.dumps(test_patch), headers=headers)
assert res.status_code == 406
# Invalid content type
headers = [('Content-Type', 'video/mp4'),
('Accept', 'application/json')]
res = client.patch(url, data=json.dumps(test_patch), headers=headers)
assert res.status_code == 415
# Invalid Patch
res = client.patch(url,
data=json.dumps([{
'invalid': 'json-patch'
}]),
headers=HEADERS)
assert res.status_code == 400
# Invalid JSON
res = client.patch(url, data='{', headers=HEADERS)
assert res.status_code == 400
# Invalid ETag
res = client.patch(url,
data=json.dumps(test_patch),
headers={
'Content-Type': 'application/json-patch+json',
'If-Match': '"2"'
})
assert res.status_code == 412
def test_item_get_etag(app, test_records):
"""Test VALID record get request (GET .../records/<record_id>)."""
with app.test_client() as client:
pid, record = test_records[0]
res = client.get(record_url(pid))
assert res.status_code == 200
etag = res.headers['ETag']
last_modified = res.headers['Last-Modified']
# Test request via etag
res = client.get(record_url(pid), headers={'If-None-Match': etag})
assert res.status_code == 304
# Test request via last-modified.
res = client.get(
record_url(pid), headers={'If-Modified-Since': last_modified})
assert res.status_code == 304
def test_delete_with_sqldatabase_error(app, indexed_records):
"""Test VALID record delete request (GET .../records/<record_id>)."""
pid, record = indexed_records[0]
with app.test_client() as client:
def raise_error():
raise SQLAlchemyError()
# Force an SQLAlchemy error that will rollback the transaction.
with patch.object(PersistentIdentifier,
'delete',
side_effect=raise_error):
res = client.delete(record_url(pid))
assert res.status_code == 500
with app.test_client() as client:
res = client.get(record_url(pid))
assert res.status_code == 200
def test_validation_error(app, test_records):
"""Test when record validation fail."""
pid, record = test_records[0]
record['year'] = 1234
with app.test_client() as client:
url = record_url(pid)
res = client.put(url, data=json.dumps(record.dumps()), headers=HEADERS)
assert res.status_code == 400
def test_api_views(app, prefixed_es, db, test_data, search_url, search_class):
"""Test REST API views behavior."""
suffix = current_search.current_suffix
with app.test_client() as client:
HEADERS = [
('Accept', 'application/json'),
('Content-Type', 'application/json'),
]
# Create record
res = client.post(
search_url, data=json.dumps(test_data[0]), headers=HEADERS)
recid = get_json(res)['id']
assert res.status_code == 201
# Flush and check indices
IndexFlusher(search_class).flush_and_wait()
result = prefixed_es.search(index='test-invenio-records-rest')
assert len(result['hits']['hits']) == 1
record_doc = result['hits']['hits'][0]
assert record_doc['_index'] == \
'test-invenio-records-rest-testrecord' + suffix
assert record_doc['_type'] == 'testrecord' if lt_es7 else '_doc'
# Fetch the record
assert client.get(record_url(recid)).status_code == 200
# Record shows up in search
res = client.get(search_url)
assert_hits_len(res, 1)
# Delete the record
res = client.delete(record_url(recid))
IndexFlusher(search_class).flush_and_wait()
result = prefixed_es.search(index='test-invenio-records-rest')
assert len(result['hits']['hits']) == 0
# Deleted record should return 410
assert client.get(record_url(recid)).status_code == 410
# Record doesn't show up in search
res = client.get(search_url)
assert_hits_len(res, 0)
def test_put_on_deleted(app, test_records):
"""Test putting to a deleted record."""
# create the record using the internal API
pid, record = test_records[0]
with app.test_client() as client:
url = record_url(pid)
assert client.delete(url).status_code == 204
res = client.put(url, data='{}', headers=HEADERS)
assert res.status_code == 410
def test_patch_deleted(app, test_records, test_patch):
"""Test patching deleted record."""
pid, record = test_records[0]
with app.test_client() as client:
# Delete record.
url = record_url(pid)
assert client.delete(url).status_code == 204
# check patch response for deleted resource
res = client.patch(url, data=json.dumps(test_patch), headers=HEADERS)
assert res.status_code == 410
def test_validation_error(app, test_records, content_type):
"""Test when record validation fail."""
HEADERS = [('Accept', 'application/json'), ('Content-Type', content_type)]
pid, record = test_records[0]
record['year'] = 1234
with app.test_client() as client:
url = record_url(pid)
res = client.put(url, data=json.dumps(record.dumps()), headers=HEADERS)
assert res.status_code == 400
def test_patch_deleted(app, test_records, test_patch):
"""Test patching deleted record."""
pid, record = test_records[0]
with app.test_client() as client:
# Delete record.
url = record_url(pid)
assert client.delete(url).status_code == 204
# check patch response for deleted resource
res = client.patch(url, data=json.dumps(test_patch), headers=HEADERS)
assert res.status_code == 410
def test_patch_deleted(app, test_records, test_patch, content_type):
"""Test patching deleted record."""
HEADERS = [('Accept', 'application/json'), ('Content-Type', content_type)]
pid, record = test_records[0]
with app.test_client() as client:
# Delete record.
url = record_url(pid)
assert client.delete(url).status_code == 204
# check patch response for deleted resource
res = client.patch(url, data=json.dumps(test_patch), headers=HEADERS)
assert res.status_code == 410
def test_get_record_no_acls_authenticated(app, db, es, es_acl_prepare,
test_users):
pid, record = create_record({}, clz=SchemaEnforcingRecord)
RecordIndexer().index(record)
# make sure it is flushed
current_search_client.indices.flush()
# try to get it ...
with app.test_client() as client:
login(client, test_users.u1)
res = client.get(record_url(pid))
assert res.status_code == 403 # Forbidden
def test_put_on_deleted(app, test_records, content_type):
"""Test putting to a deleted record."""
HEADERS = [('Accept', 'application/json'), ('Content-Type', content_type)]
# create the record using the internal API
pid, record = test_records[0]
with app.test_client() as client:
url = record_url(pid)
assert client.delete(url).status_code == 204
res = client.put(url, data='{}', headers=HEADERS)
assert res.status_code == 410
def test_invalid_put(app, test_records):
"""Test INVALID record put request (PUT .../records/<record_id>)."""
pid, record = test_records[0]
record['year'] = 1234
test_data = record.dumps()
with app.test_client() as client:
url = record_url(pid)
# Non-existing record
res = client.put(
record_url('0'), data=json.dumps(test_data), headers=HEADERS)
assert res.status_code == 404
# Invalid accept mime type.
headers = [('Content-Type', 'application/json'),
('Accept', 'video/mp4')]
res = client.put(url, data=json.dumps(test_data), headers=headers)
assert res.status_code == 406
# Invalid content type
headers = [('Content-Type', 'video/mp4'),
('Accept', 'application/json')]
res = client.put(url, data=json.dumps(test_data), headers=headers)
assert res.status_code == 415
# Invalid JSON
res = client.put(url, data='{invalid-json', headers=HEADERS)
assert res.status_code == 400
# Invalid ETag
res = client.put(
url,
data=json.dumps(test_data),
headers={'Content-Type': 'application/json', 'If-Match': '"2"'}
)
assert res.status_code == 412
def test_validation_error(app, test_records, test_patch):
"""Test VALID record patch request (PATCH .../records/<record_id>)."""
pid, record = test_records[0]
# Check that
assert record.patch(test_patch)
with app.test_client() as client:
# Check that patch and record is not the same value for year.
url = record_url(pid)
previous_year = get_json(client.get(url))["metadata"]["year"]
# Patch record
res = client.patch(url, data=json.dumps(test_patch), headers=HEADERS)
assert res.status_code == 400
def test_validation_error(app, test_records, test_patch):
"""Test VALID record patch request (PATCH .../records/<record_id>)."""
pid, record = test_records[0]
# Check that
assert record.patch(test_patch)
with app.test_client() as client:
# Check that patch and record is not the same value for year.
url = record_url(pid)
previous_year = get_json(client.get(url))['metadata']['year']
# Patch record
res = client.patch(url, data=json.dumps(test_patch), headers=HEADERS)
assert res.status_code == 400
def test_validation_error(app, test_records, content_type):
"""Test when record validation fail."""
HEADERS = [
('Accept', 'application/json'),
('Content-Type', content_type)
]
pid, record = test_records[0]
record['year'] = 1234
with app.test_client() as client:
url = record_url(pid)
res = client.put(url, data=json.dumps(record.dumps()), headers=HEADERS)
assert res.status_code == 400
def test_old_signature_backward_compatibility(app, test_records):
"""Check that the old Links_factory signature is still supported.
This old signature was links_factory(pid), without "record" and "**kwargs"
parameters.
"""
# blueprint = create_blueprint(config)
with app.test_client() as client:
pid, record = test_records[0]
res = client.get(record_url(pid))
assert res.status_code == 200
# Check metadata
data = get_json(res)
assert data['links']['test_link'] == 'http://old_links_factory.com'
def test_patch_deleted(app, test_records, test_patch, content_type):
"""Test patching deleted record."""
HEADERS = [
('Accept', 'application/json'),
('Content-Type', content_type)
]
pid, record = test_records[0]
with app.test_client() as client:
# Delete record.
url = record_url(pid)
assert client.delete(url).status_code == 204
# check patch response for deleted resource
res = client.patch(url, data=json.dumps(test_patch), headers=HEADERS)
assert res.status_code == 410
def test_old_signature_backward_compatibility(app, test_records):
"""Check that the old Links_factory signature is still supported.
This old signature was links_factory(pid), without "record" and "**kwargs"
parameters.
"""
# blueprint = create_blueprint(config)
with app.test_client() as client:
pid, record = test_records[0]
res = client.get(record_url(pid))
assert res.status_code == 200
# Check metadata
data = get_json(res)
assert data['links']['test_link'] == 'http://old_links_factory.com'
def test_valid_put(app, test_records):
"""Test VALID record patch request (PATCH .../records/<record_id>)."""
pid, record = test_records[0]
record['year'] = 1234
with app.test_client() as client:
url = record_url(pid)
res = client.put(url, data=json.dumps(record.dumps()), headers=HEADERS)
assert res.status_code == 200
# Check that the returned record matches the given data
assert get_json(res)['metadata']['year'] == 1234
# Retrieve record via get request
assert get_json(client.get(url))['metadata']['year'] == 1234
def test_put_on_deleted(app, test_records, content_type):
"""Test putting to a deleted record."""
HEADERS = [
('Accept', 'application/json'),
('Content-Type', content_type)
]
# create the record using the internal API
pid, record = test_records[0]
with app.test_client() as client:
url = record_url(pid)
assert client.delete(url).status_code == 204
res = client.put(url, data='{}', headers=HEADERS)
assert res.status_code == 410
def test_valid_put_etag(app, test_records):
"""Test concurrency control with etags."""
pid, record = test_records[0]
record['year'] = 1234
with app.test_client() as client:
url = record_url(pid)
res = client.put(
url,
data=json.dumps(record.dumps()),
headers={
'Content-Type': 'application/json',
'If-Match': '"{0}"'.format(record.revision_id)
})
assert res.status_code == 200
assert get_json(client.get(url))['metadata']['year'] == 1234
def test_create_record_no_acls_authenticated(app, db, es, es_acl_prepare,
test_users):
with app.test_client() as client:
with db.session.begin_nested():
# create an empty ACL in order to get the _invenio_explicit_acls filled
acl = DefaultACL(name='test',
schemas=[RECORD_SCHEMA],
priority=0,
operation='get',
originator=test_users.u1)
db.session.add(acl)
actor = UserActor(name='test',
acl=acl,
users=[],
originator=test_users.u1)
db.session.add(actor)
login(client, test_users.u1)
response = client.post(records_url(),
data=json.dumps({
'title': 'blah',
'contributors': []
}),
content_type='application/json')
# print("Response", response.get_data(as_text=True))
assert response.status_code == 201
created_record_metadata = get_json(response)['metadata']
# check that ACLs are not leaking
assert 'invenio_explicit_acls' not in created_record_metadata
pid = PersistentIdentifier.get(
'recid', created_record_metadata['control_number'])
res = get_from_es(pid)['_source']
assert res['control_number'] == pid.pid_value
assert res['$schema'] == 'https://localhost/schemas/' + RECORD_SCHEMA
assert '_invenio_explicit_acls' in res
# still can not get it
res = client.get(record_url(pid))
assert res.status_code == 403 # Forbidden
def test_valid_patch(app, test_records, test_patch, content_type):
"""Test VALID record patch request (PATCH .../records/<record_id>)."""
HEADERS = [('Accept', 'application/json'), ('Content-Type', content_type)]
pid, record = test_records[0]
# Check that
assert record.patch(test_patch)
with app.test_client() as client:
# Check that patch and record is not the same value for year.
url = record_url(pid)
previous_year = get_json(client.get(url))['metadata']['year']
# Patch record
res = client.patch(url, data=json.dumps(test_patch), headers=HEADERS)
assert res.status_code == 200
# Check that year changed.
assert previous_year != get_json(client.get(url))['metadata']['year']
def test_validation_error(app, test_records, test_patch, content_type):
"""Test VALID record patch request (PATCH .../records/<record_id>)."""
HEADERS = [
('Accept', 'application/json'),
('Content-Type', content_type)
]
pid, record = test_records[0]
# Check that
assert record.patch(test_patch)
with app.test_client() as client:
# Check that patch and record is not the same value for year.
url = record_url(pid)
previous_year = get_json(client.get(url))['metadata']['year']
# Patch record
res = client.patch(url, data=json.dumps(test_patch), headers=HEADERS)
assert res.status_code == 400
def test_get_record_without_enabled_acl(app, db, es):
pid, record = create_record({}, clz=SchemaEnforcingRecord)
RecordIndexer().index(record)
# make sure it is flushed
current_search_client.indices.flush()
# try to get it ...
with app.test_client() as client:
res = client.get(record_url(pid))
assert res.status_code == 200
assert get_json(res)['metadata'] == {
'control_number': pid.pid_value,
'$schema': 'https://localhost/schemas/records/record-v1.0.0.json'
}
# get it directly from ES
res = get_from_es(pid)['_source']
assert res['control_number'] == pid.pid_value
assert res['$schema'] == 'https://localhost/schemas/' + RECORD_SCHEMA
def test_valid_put(app, es, test_records, content_type, search_url,
search_class):
"""Test VALID record patch request (PATCH .../records/<record_id>)."""
HEADERS = [('Accept', 'application/json'), ('Content-Type', content_type)]
pid, record = test_records[0]
record['year'] = 1234
with app.test_client() as client:
url = record_url(pid)
res = client.put(url, data=json.dumps(record.dumps()), headers=HEADERS)
assert res.status_code == 200
# Check that the returned record matches the given data
assert get_json(res)['metadata']['year'] == 1234
IndexFlusher(search_class).flush_and_wait()
res = client.get(search_url, query_string={"year": 1234})
assert_hits_len(res, 1)
# Retrieve record via get request
assert get_json(client.get(url))['metadata']['year'] == 1234
def test_valid_create(app, db, test_data, search_url):
"""Test VALID record creation request (POST .../records/)."""
with app.test_client() as client:
# Create record
res = client.post(
search_url, data=json.dumps(test_data[0]), headers=HEADERS)
assert res.status_code == 201
# Check that the returned record matches the given data
data = get_json(res)
for k in test_data[0].keys():
assert data['metadata'][k] == test_data[0][k]
# Recid has been added in control number
assert data['metadata']['control_number']
# Check location header
assert res.headers['Location'] == data['links']['self']
# Record can be retrieved.
assert client.get(record_url(data['id'])).status_code == 200
def test_item_get(app, test_records):
"""Test record retrieval."""
with app.test_client() as client:
pid, record = test_records[0]
res = client.get(record_url(pid))
assert res.status_code == 200
assert res.headers['ETag'] == '"{}"'.format(record.revision_id)
# Check metadata
data = get_json(res)
for k in ['id', 'created', 'updated', 'metadata', 'links']:
assert k in data
assert data['id'] == int(pid.pid_value)
assert data['metadata'] == record.dumps()
# Check self links
client.get(to_relative_url(data['links']['self']))
assert res.status_code == 200
assert data == get_json(res)
def test_item_get(app, test_records):
"""Test record retrieval."""
with app.test_client() as client:
pid, record = test_records[0]
res = client.get(record_url(pid))
assert res.status_code == 200
assert res.headers["ETag"] == '"{}"'.format(record.revision_id)
# Check metadata
data = get_json(res)
for k in ["id", "created", "updated", "metadata", "links"]:
assert k in data
assert data["id"] == int(pid.pid_value)
assert data["metadata"] == record.dumps()
# Check self links
client.get(to_relative_url(data["links"]["self"]))
assert res.status_code == 200
assert data == get_json(res)
def test_valid_put(app, es, test_records, content_type, search_url,
search_class):
"""Test VALID record patch request (PATCH .../records/<record_id>)."""
HEADERS = [
('Accept', 'application/json'),
('Content-Type', content_type)
]
pid, record = test_records[0]
record['year'] = 1234
with app.test_client() as client:
url = record_url(pid)
res = client.put(url, data=json.dumps(record.dumps()), headers=HEADERS)
assert res.status_code == 200
# Check that the returned record matches the given data
assert get_json(res)['metadata']['year'] == 1234
IndexFlusher(search_class).flush_and_wait()
res = client.get(search_url, query_string={"year": 1234})
assert_hits_len(res, 1)
# Retrieve record via get request
assert get_json(client.get(url))['metadata']['year'] == 1234
def test_put_on_deleted(app, db, es, test_data, content_type, search_url,
search_class):
"""Test putting to a deleted record."""
with app.test_client() as client:
HEADERS = [
('Accept', 'application/json'),
('Content-Type', content_type)
]
HEADERS.append(('Content-Type', content_type))
# Create record
res = client.post(
search_url, data=json.dumps(test_data[0]), headers=HEADERS)
assert res.status_code == 201
url = record_url(get_json(res)['id'])
assert client.delete(url).status_code == 204
IndexFlusher(search_class).flush_and_wait()
res = client.get(search_url,
query_string={'title': test_data[0]['title']})
assert_hits_len(res, 0)
res = client.put(url, data='{}', headers=HEADERS)
assert res.status_code == 410
