def test_allowedbyaccesslevels_metadata_curator(action, create_record):
# Restricted record, only viewable by owner and a Metadata Curator
record = create_record({
"owners": [4],
"_access": {
"metadata_restricted": True,
"files_restricted": True
},
"internal": {
"access_levels": {
"metadata_curator": [{
"scheme": "person",
"id": 1
}]
}
},
})
generator = AllowedByAccessLevel(action=action)
if action in ["read", "update"]:
assert generator.needs(record=record) == [UserNeed(1)]
else:
assert generator.needs(record=record) == []
assert generator.excludes(record=record) == []
def test_allowedbyaccesslevels_query_filter(mocker):
# TODO: Test query_filter on actual Elasticsearch instance per #23
# User that has been allowed
generator = AllowedByAccessLevel()
query_filter = generator.query_filter(identity=mocker.Mock(
provides=[mocker.Mock(method="id", value=1)]))
# TODO: Update to account for other 'read' access levels
assert query_filter.to_dict() == {
"term": {
"internal.access_levels.metadata_curator": {
"scheme": "person",
"id": 1
}
}
}
# User that doesn't provide 'id'
generator = AllowedByAccessLevel()
query_filter = generator.query_filter(identity=mocker.Mock(
provides=[mocker.Mock(method="foo", value=1)]))
assert query_filter == []
def test_allowedbyaccesslevels_query_filter(mocker):
# TODO: Test query_filter on actual Elasticsearch instance per #23
# User that has been allowed
generator = AllowedByAccessLevel()
patched_g = mocker.patch('invenio_records_permissions.generators.g')
patched_g.identity.provides = [mocker.Mock(method='id', value=1)]
# TODO: Update to account for other 'read' access levels
assert generator.query_filter().to_dict() == {
'term': {
'internal.access_levels.metadata_curator': {
'scheme': 'person',
'id': 1
}
}
}
# User that doesn't provide 'id'
generator = AllowedByAccessLevel()
patched_g = mocker.patch('invenio_records_permissions.generators.g')
patched_g.identity.provides = [mocker.Mock(method='foo', value=1)]
assert generator.query_filter() == []