def test_not_allowed(self, app, db_session, group):
from occams_studies import models as studies
environ = make_environ(userid=USERID, groups=[group])
csrf_token = get_csrf_token(app, environ)
study_id = db_session.query(studies.Study.id).filter(
studies.Study.name == u'test_study').scalar()
enrollment_id = db_session.query(studies.Enrollment.id).filter(
studies.Study.name == u'test_study').scalar()
data = {
'study': study_id,
'consent_date': '2014-12-22',
'latest_consent_date': '2015-01-01',
'reference_number': ''
}
res = app.put_json(self.url.format(enrollment_id),
extra_environ=environ,
status='*',
headers={
'X-CSRF-Token': csrf_token,
'X-REQUESTED-WITH': str('XMLHttpRequest')
},
params=data)
assert 403 == res.status_code
def test_not_allowed_forms_versions_post_draft(
self, app, db_session, group):
url = '/forms/test_schema/versions/2015-01-01?draft'
environ = make_environ(userid=USERID, groups=[group])
csrf_token = get_csrf_token(app, environ)
data = {
'__url__': url,
'name': 'test_schema',
'title': 'test_title',
'fields': [],
'hasFields': False,
'isNew': False,
'publish_date': '2015-01-01'
}
res = app.post(
url,
extra_environ=environ,
status='*',
headers={
'X-CSRF-Token': csrf_token,
'X-REQUESTED-WITH': str('XMLHttpRequest')
},
xhr=True,
params=data)
assert 403 == res.status_code
def test_not_allowed(self, app, db_session, group):
from occams_studies import models as studies
environ = make_environ(userid=USERID, groups=[group])
csrf_token = get_csrf_token(app, environ)
site = db_session.query(studies.Site).filter(
studies.Site.name == u'UCSD').one()
site_id = site.id
data = {
'site': site_id,
'references': []
}
res = app.post_json(
self.url,
extra_environ=environ,
status='*',
headers={
'X-CSRF-Token': csrf_token,
'X-REQUESTED-WITH': str('XMLHttpRequest')
},
params=data)
assert 403 == res.status_code
def test_allowed(self, app, db_session, group):
from occams_studies import models as studies
environ = make_environ(userid=USERID, groups=[group])
csrf_token = get_csrf_token(app, environ)
study_id = db_session.query(studies.Study.id).filter(
studies.Study.name == u'test_study').scalar()
data = {
'consent_date': '2015-01-01',
'latest_consent_date': '2015-01-01',
'study': study_id
}
res = app.post_json(self.url,
extra_environ=environ,
status='*',
headers={
'X-CSRF-Token': csrf_token,
'X-REQUESTED-WITH': str('XMLHttpRequest')
},
params=data)
assert 200 == res.status_code
def test_not_allowed(self, app, db_session, group):
from occams_studies import models as studies
environ = make_environ(userid=USERID, groups=[group])
csrf_token = get_csrf_token(app, environ)
patient = db_session.query(studies.Patient).filter(
studies.Patient.pid == u'123').one()
data = {
'initials': patient.initials,
'nurse': patient.nurse,
'site_id': patient.site_id,
'pid': patient.pid,
'site': patient.site_id
}
res = app.put_json(
self.url.format('123'),
extra_environ=environ,
status='*',
headers={
'X-CSRF-Token': csrf_token,
'X-REQUESTED-WITH': str('XMLHttpRequest')
},
params=data)
assert 403 == res.status_code
def test_not_allowed(self, app, db_session, group):
from occams_datastore import models as datastore
environ = make_environ(userid=USERID, groups=[group])
csrf_token = get_csrf_token(app, environ)
schema = db_session.query(datastore.Schema).filter(
datastore.Schema.name == u'test_schema').one()
schema_id = schema.id
data = {
'collect_date': '2015-01-01',
'schema': schema_id
}
res = app.post_json(
self.url,
extra_environ=environ,
status='*',
headers={
'X-CSRF-Token': csrf_token,
'X-REQUESTED-WITH': str('XMLHttpRequest')
},
params=data)
assert 403 == res.status_code
def test_not_allowed_move_field_unpublished(self, app, db_session, group):
from occams_datastore import models as datastore
url = '/forms/test_schema2/versions/{}/fields/text_box2?move'
environ = make_environ(userid=USERID, groups=[group])
csrf_token = get_csrf_token(app, environ)
form_id = db_session.query(datastore.Schema.id).filter(
datastore.Schema.name == u'test_schema2').scalar()
data = {
'index': 0
}
res = app.put_json(
url.format(form_id),
status='*',
extra_environ=environ,
headers={
'X-CSRF-Token': csrf_token,
'X-REQUESTED-WITH': str('XMLHttpRequest')
},
params=data)
assert 403 == res.status_code
def test_not_allowed(self, app, db_session, group):
from occams_studies import models as studies
environ = make_environ(userid=USERID, groups=[group])
csrf_token = get_csrf_token(app, environ)
visit_date = db_session.query(studies.Visit.visit_date).filter(
studies.Patient.pid == u'123').scalar()
cycle_id = db_session.query(studies.Cycle.id).filter(
studies.Cycle.name == u'TestCycle').scalar()
data = {
'cycles': [cycle_id],
'visit_date': '2015-01-02'
}
res = app.put_json(
self.url.format(visit_date),
extra_environ=environ,
status='*',
headers={
'X-CSRF-Token': csrf_token,
'X-REQUESTED-WITH': str('XMLHttpRequest')
},
params=data)
assert 403 == res.status_code
def test_allowed(self, app, db_session, group):
from occams_studies import models as studies
environ = make_environ(userid=USERID, groups=[group])
csrf_token = get_csrf_token(app, environ)
cycle_id = db_session.query(studies.Cycle.id).filter(
studies.Cycle.name == u'TestCycle').scalar()
data = {
'cycles': [cycle_id],
'visit_date': '2015-01-01',
'include_forms': False,
'include_speciman': False
}
res = app.post_json(
self.url,
extra_environ=environ,
status='*',
headers={
'X-CSRF-Token': csrf_token,
'X-REQUESTED-WITH': str('XMLHttpRequest')
},
params=data)
assert 200 == res.status_code
def test_not_allowed(self, app, db_session, group):
from occams_studies import models as studies
environ = make_environ(userid=USERID, groups=[group])
csrf_token = get_csrf_token(app, environ)
enrollment_id = db_session.query(studies.Enrollment.id).filter(
studies.Study.name == u'test_study').scalar()
data = {
'ofmetadata_-collect_date': '2015-01-01',
'ofmetadata_-version': '2015-01-01',
'ofmetadata_-state': 'pending-entry',
}
res = app.post(self.url.format(enrollment_id),
extra_environ=environ,
status='*',
headers={
'X-CSRF-Token': csrf_token,
'X-REQUESTED-WITH': str('XMLHttpRequest')
},
xhr=True,
params=data)
assert 403 == res.status_code
def test_iform_upload(self, app, group, datadir):
url = '/imports/codebooks/iform/status'
environ = make_environ(userid=USERID, groups=[group])
csrf_token = get_csrf_token(app, environ)
data = {
'mode': u'dry',
'study': u'DRSC'
}
# from pytest import set_trace; set_trace()
iform = datadir.join('iform_input_fixture.json').open()
json_data = iform.read()
response = app.post(
url,
extra_environ=environ,
expect_errors=True,
upload_files=[('codebook', 'test.json', json_data)],
headers={
'X-CSRF-Token': csrf_token,
},
params=data)
iform.close()
assert response.status_code == 200
def test_iform_upload(self, app, group):
from pkg_resources import resource_filename
url = '/imports/codebooks/iform/status'
environ = make_environ(userid=USERID, groups=[group])
csrf_token = get_csrf_token(app, environ)
data = {'mode': u'dry', 'study': u'DRSC'}
iform = open(
resource_filename('tests.fixtures', 'iform_input_fixture.json'))
json_data = iform.read()
response = app.post(url,
extra_environ=environ,
expect_errors=True,
upload_files=[('codebook', 'test.json', json_data)
],
headers={
'X-CSRF-Token': csrf_token,
},
params=data)
iform.close()
assert response.status_code == 200
def test_not_allowed_specimen_add(app, db_session, group):
from occams_studies import models as studies
from occams_lims import models as lims
url = '/lims/test_location/add'
environ = make_environ(userid=USERID, groups=[group])
csrf_token = get_csrf_token(app, environ)
cycle_id = db_session.query(studies.Cycle.id).filter(
studies.Cycle.name == u'test_cycle').scalar()
specimen_id = db_session.query(lims.SpecimenType.id).filter(
lims.SpecimenType.name == u'test_specimen').scalar()
data = {
'pid': u'123',
'cycle_id': cycle_id,
'specimen_type_id': specimen_id
}
res = app.post_json(
url,
extra_environ=environ,
status='*',
headers={
'X-CSRF-Token': csrf_token,
'X-REQUESTED-WITH': str('XMLHttpRequest')
},
params=data)
assert res.status_code == 403
def test_not_allowed_forms_upload_json(self, app, db_session, group):
import json
url = '/forms/?files'
environ = make_environ(userid=USERID, groups=[group])
csrf_token = get_csrf_token(app, environ)
data = {
'title': 'OMG',
'storage': 'eav',
'publish_date': '2015-05-26',
"name": 'omg'
}
res = app.post(
url,
extra_environ=environ,
status='*',
upload_files=[('files', 'upload.json', json.dumps(data))],
headers={
'X-CSRF-Token': csrf_token,
'X-REQUESTED-WITH': str('XMLHttpRequest')
},
xhr=True)
assert 403 == res.status_code
def test_not_allowed_forms_add(self, app, db_session, group):
url = '/forms/'
environ = make_environ(userid=USERID, groups=[group])
csrf_token = get_csrf_token(app, environ)
data = {
'name': 'test_form',
'title': 'test_form',
'versions': [],
'isNew': True,
'hasVersions': False
}
res = app.post_json(
url,
extra_environ=environ,
status='*',
headers={
'X-CSRF-Token': csrf_token,
'X-REQUESTED-WITH': str('XMLHttpRequest')
},
params=data)
assert 403 == res.status_code
def test_not_allowed_specimen_add(app, db_session, group):
from occams_studies import models as studies
from occams_lims import models as lims
url = '/lims/test_location/add'
environ = make_environ(userid=USERID, groups=[group])
csrf_token = get_csrf_token(app, environ)
cycle_id = db_session.query(
studies.Cycle.id).filter(studies.Cycle.name == u'test_cycle').scalar()
specimen_id = db_session.query(lims.SpecimenType.id).filter(
lims.SpecimenType.name == u'test_specimen').scalar()
data = {
'pid': u'123',
'cycle_id': cycle_id,
'specimen_type_id': specimen_id
}
res = app.post_json(url,
extra_environ=environ,
status='*',
headers={
'X-CSRF-Token': csrf_token,
'X-REQUESTED-WITH': str('XMLHttpRequest')
},
params=data)
assert res.status_code == 403
def test_add_field(self, app, db_session, group):
url = '/forms/test_schema/versions/2015-01-01/fields'
environ = make_environ(userid=USERID, groups=[group])
csrf_token = get_csrf_token(app, environ)
data = {
'choiceInputType': 'radio',
'choices': [],
'name': 'test_field_add',
'title': 'test_title_add',
'description': 'test_desc_add',
'type': 'string',
'is_required': False,
'isNew': True,
'isSection': False,
'fields': [],
'isLimitAllowed': True,
'hasFields': False,
'index': 0
}
res = app.post_json(
url,
extra_environ=environ,
status='*',
headers={
'X-CSRF-Token': csrf_token,
'X-REQUESTED-WITH': str('XMLHttpRequest')
},
params=data
)
assert 200 == res.status_code
def test_not_allowed(self, app, db_session, group):
from occams_studies import models as studies
environ = make_environ(userid=USERID, groups=[group])
csrf_token = get_csrf_token(app, environ)
cycle_id = db_session.query(studies.Cycle.id).filter(
studies.Cycle.name == u'TestCycle').scalar()
data = {
'cycles': [cycle_id],
'visit_date': '2015-01-01',
'include_forms': False,
'include_speciman': False
}
res = app.post_json(self.url,
extra_environ=environ,
status='*',
headers={
'X-CSRF-Token': csrf_token,
'X-REQUESTED-WITH': str('XMLHttpRequest')
},
params=data)
assert 403 == res.status_code
def test_iform_upload_not_allowed(self, app, group, datadir):
url = '/imports/codebooks/iform/status'
environ = make_environ(userid=USERID, groups=[group])
csrf_token = get_csrf_token(app, environ)
data = {'mode': u'dry', 'study': u'DRSC'}
iform = datadir.join('iform_input_fixture.json').open()
json_data = iform.read()
response = app.post(url,
extra_environ=environ,
expect_errors=True,
upload_files=[('codebook', 'test.json', json_data)
],
headers={
'X-CSRF-Token': csrf_token,
},
params=data)
iform.close()
assert response.status_code == 403
def test_not_allowed(self, app, db_session, group):
from occams_studies import models as studies
environ = make_environ(userid=USERID, groups=[group])
csrf_token = get_csrf_token(app, environ)
patient = db_session.query(
studies.Patient).filter(studies.Patient.pid == u'123').one()
data = {
'initials': patient.initials,
'nurse': patient.nurse,
'site_id': patient.site_id,
'pid': patient.pid,
'site': patient.site_id
}
res = app.put_json(self.url.format('123'),
extra_environ=environ,
status='*',
headers={
'X-CSRF-Token': csrf_token,
'X-REQUESTED-WITH': str('XMLHttpRequest')
},
params=data)
assert 403 == res.status_code
def test_iform_insert_import_table(self, app, db_session, group, datadir):
from occams_imports import models
from occams_studies import models as studies
url = '/imports/codebooks/iform/status'
environ = make_environ(userid=USERID, groups=[group])
csrf_token = get_csrf_token(app, environ)
data = {'mode': None, 'study': u'DRSC'}
iform = datadir.join('iform_input_fixture.json').open()
json_data = iform.read()
app.post(url,
extra_environ=environ,
expect_errors=True,
upload_files=[('codebook', 'test.json', json_data)],
headers={
'X-CSRF-Token': csrf_token,
},
params=data)
iform.close()
import_data = db_session.query(models.Import).one()
study = (db_session.query(
studies.Study).filter(studies.Study.title == data['study'])).one()
assert study.title == data['study']
assert import_data.schema.name == u'test_595_hiv_test_v04'
def test_iform_upload_validate(self, app, group, datadir):
url = '/imports/codebooks/iform/status'
environ = make_environ(userid=USERID, groups=[group])
csrf_token = get_csrf_token(app, environ)
data = {'mode': u'dry', 'study': u'DRSC'}
iform = datadir.join('iform_input_fixture.json').open()
json_data = iform.read()
response = app.post(url,
extra_environ=environ,
expect_errors=True,
upload_files=[('codebook', 'test.json', json_data)
],
headers={
'X-CSRF-Token': csrf_token,
},
params=data)
iform.close()
assert u'test_595_hiv_test_v04' in response.body
assert u'Codebook Import Status' in response.body
assert u'2013-10-21' in response.body
assert u'Fields evaluated' in response.body
def test_occams_upload_not_allowed(self, app, group, datadir):
url = '/imports/codebooks/occams/status'
environ = make_environ(userid=USERID, groups=[group])
csrf_token = get_csrf_token(app, environ)
data = {
'mode': u'dry',
'delimiter': u'comma',
'study': u'DRSC'
}
codebook = datadir.join('codebook.csv').open()
csv_data = codebook.read()
response = app.post(
url,
extra_environ=environ,
expect_errors=True,
upload_files=[('codebook', 'test.csv', csv_data)],
headers={
'X-CSRF-Token': csrf_token,
},
params=data)
codebook.close()
assert response.status_code == 403
def test_qds_upload_codebook_not_allowed(self, app, group):
from pkg_resources import resource_filename
url = '/imports/codebooks/qds/status'
environ = make_environ(userid=USERID, groups=[group])
csrf_token = get_csrf_token(app, environ)
data = {
'mode': u'dry',
'delimiter': u'comma',
'study': u'DRSC'
}
qds = open(
resource_filename('tests.fixtures', 'qds_input_fixture.csv'), 'rb')
qds_data = qds.read()
response = app.post(
url,
extra_environ=environ,
expect_errors=True,
upload_files=[('codebook', 'test.csv', qds_data)],
headers={
'X-CSRF-Token': csrf_token,
},
params=data)
qds.close()
assert response.status_code == 403
def test_occams_upload_validate(self, app, group, datadir):
url = '/imports/codebooks/occams/status'
environ = make_environ(userid=USERID, groups=[group])
csrf_token = get_csrf_token(app, environ)
data = {'mode': u'dry', 'delimiter': u'comma', 'study': u'DRSC'}
codebook = datadir.join('/codebook.csv').open()
csv_data = codebook.read()
response = app.post(url,
extra_environ=environ,
expect_errors=True,
upload_files=[('codebook', 'test.csv', csv_data)],
headers={
'X-CSRF-Token': csrf_token,
},
params=data)
codebook.close()
assert response.status_code == 200
assert u'ClinicalAssessment595vitd' in response.body
assert u'Codebook Import Status' in response.body
assert u'2014-10-23' in response.body
assert u'Fields evaluated' in response.body
def test_qds_upload_validate(self, app, group, datadir):
url = '/imports/codebooks/qds/status'
environ = make_environ(userid=USERID, groups=[group])
csrf_token = get_csrf_token(app, environ)
data = {'mode': u'dry', 'delimiter': u'comma', 'study': u'DRSC'}
qds = datadir.join('qds_input_fixture.csv').open()
qds_data = qds.read()
response = app.post(url,
extra_environ=environ,
expect_errors=True,
upload_files=[('codebook', 'test.csv', qds_data)],
headers={
'X-CSRF-Token': csrf_token,
},
params=data)
qds.close()
assert response.status_code == 200
assert u'Test_Schema_Title' in response.body
assert u'Test Schema Title' in response.body
assert u'Codebook Import Status' in response.body
assert u'2015-08-11' in response.body
assert u'Fields evaluated' in response.body
def test_edit_field_unpublished(self, app, db_session, group):
from occams_datastore import models as datastore
url = '/forms/test_schema2/versions/{}/fields/test_field2'
form_id = db_session.query(datastore.Schema.id).filter(
datastore.Schema.name == u'test_schema2').scalar()
environ = make_environ(userid=USERID, groups=[group])
csrf_token = get_csrf_token(app, environ)
data = {
'name': 'test_field_add',
'type': 'string',
'title': 'updated title'
}
res = app.put_json(
url.format(form_id),
extra_environ=environ,
status='*',
headers={
'X-CSRF-Token': csrf_token,
'X-REQUESTED-WITH': str('XMLHttpRequest')
},
params=data
)
assert 200 == res.status_code
def test_not_allowed_forms_versions_edit_unpublished(
self, app, db_session, group):
from occams_datastore import models as datastore
url = '/forms/test_schema2/versions/{}'
environ = make_environ(userid=USERID, groups=[group])
csrf_token = get_csrf_token(app, environ)
form_id = db_session.query(datastore.Schema.id).filter(
datastore.Schema.name == u'test_schema2').scalar()
data = {
'__url__': url,
'name': 'test_schema',
'title': 'test_title',
'fields': [],
'hasFields': False,
'isNew': False,
'publish_date': '2015-01-01'
}
res = app.put_json(
url.format(form_id),
extra_environ=environ,
status='*',
headers={
'X-CSRF-Token': csrf_token,
'X-REQUESTED-WITH': str('XMLHttpRequest')
},
params=data)
assert 403 == res.status_code
def test_occams_upload_validate(self, app, group):
from pkg_resources import resource_filename
url = '/imports/codebooks/occams/status'
environ = make_environ(userid=USERID, groups=[group])
csrf_token = get_csrf_token(app, environ)
data = {
'mode': u'dry',
'delimiter': u'comma',
'study': u'DRSC'
}
codebook = open(
resource_filename('tests.fixtures', 'codebook.csv'), 'rb')
csv_data = codebook.read()
response = app.post(
url,
extra_environ=environ,
expect_errors=True,
upload_files=[('codebook', 'test.csv', csv_data)],
headers={
'X-CSRF-Token': csrf_token,
},
params=data)
codebook.close()
assert response.status_code == 200
assert u'ClinicalAssessment595vitd' in response.body
assert u'Codebook Import Status' in response.body
assert u'2014-10-23' in response.body
assert u'Fields evaluated' in response.body
def test_iform_upload_validate(self, app, group):
from pkg_resources import resource_filename
url = '/imports/codebooks/iform/status'
environ = make_environ(userid=USERID, groups=[group])
csrf_token = get_csrf_token(app, environ)
data = {
'mode': u'dry',
'study': u'DRSC'
}
iform = open(
resource_filename(
'tests.fixtures', 'iform_input_fixture.json'), 'r')
json_data = iform.read()
response = app.post(
url,
extra_environ=environ,
expect_errors=True,
upload_files=[('codebook', 'test.json', json_data)],
headers={
'X-CSRF-Token': csrf_token,
},
params=data)
iform.close()
assert u'test_595_hiv_test_v04' in response.body
assert u'Codebook Import Status' in response.body
assert u'2013-10-21' in response.body
assert u'Fields evaluated' in response.body
def test_qds_upload_codebook(self, app, group, datadir):
url = '/imports/codebooks/qds/status'
environ = make_environ(userid=USERID, groups=[group])
csrf_token = get_csrf_token(app, environ)
data = {
'mode': u'dry',
'delimiter': u'comma',
'study': u'DRSC'
}
qds = datadir.join('qds_input_fixture.csv').open()
qds_data = qds.read()
response = app.post(
url,
extra_environ=environ,
expect_errors=True,
upload_files=[('codebook', 'test.csv', qds_data)],
headers={
'X-CSRF-Token': csrf_token,
},
params=data)
qds.close()
assert response.status_code == 200
def test_qds_upload_codebook_not_allowed(self, app, group):
from pkg_resources import resource_filename
url = '/imports/codebooks/qds/status'
environ = make_environ(userid=USERID, groups=[group])
csrf_token = get_csrf_token(app, environ)
data = {'mode': u'dry', 'delimiter': u'comma', 'study': u'DRSC'}
qds = open(
resource_filename('tests.fixtures', 'qds_input_fixture.csv'), 'rb')
qds_data = qds.read()
response = app.post(url,
extra_environ=environ,
expect_errors=True,
upload_files=[('codebook', 'test.csv', qds_data)],
headers={
'X-CSRF-Token': csrf_token,
},
params=data)
qds.close()
assert response.status_code == 403
def test_iform_upload_not_allowed(self, app, group):
from pkg_resources import resource_filename
url = '/imports/codebooks/iform/status'
environ = make_environ(userid=USERID, groups=[group])
csrf_token = get_csrf_token(app, environ)
data = {
'mode': u'dry',
'study': u'DRSC'
}
iform = open(resource_filename(
'tests.fixtures', 'iform_input_fixture.json'), 'r')
json_data = iform.read()
response = app.post(
url,
extra_environ=environ,
expect_errors=True,
upload_files=[('codebook', 'test.json', json_data)],
headers={
'X-CSRF-Token': csrf_token,
},
params=data)
iform.close()
assert response.status_code == 403
def test_randomize_ajax_not_allowed(self, app, db_session, factories,
group):
import uuid
from occams_studies import models as studies
enrollment = db_session.query(studies.Enrollment).one()
url = '/studies/patients/{pid}/enrollments/{eid}/randomization'.format(
pid=enrollment.patient.pid, eid=enrollment.id)
environ = make_environ(userid=USERID, groups=[group])
headers = {
'X-CSRF-Token': get_csrf_token(app, environ),
'X-REQUESTED-WITH': str('XMLHttpRequest')
}
res = app.get(
url,
extra_environ=environ,
status='*',
headers=headers,
xhr=True,
)
assert 403 == res.status_code
procid = str(uuid.uuid4())
# CHALLENGE
res = app.post(url,
extra_environ=environ,
status='*',
headers=headers,
xhr=True,
params={'procid': procid})
assert 403 == res.status_code
# ENTRY
res = app.post(url,
extra_environ=environ,
status='*',
headers=headers,
xhr=True,
params={'procid': procid})
assert 403 == res.status_code
# VERIFY
res = app.post(url,
extra_environ=environ,
status='*',
headers=headers,
xhr=True,
params={'procid': procid})
assert 403 == res.status_code
def test_allowed(self, app, db_session, group):
environ = make_environ(groups=[group])
csrf_token = get_csrf_token(app, environ)
app.delete(self.url,
extra_environ=environ,
headers={'X-CSRF-Token': csrf_token},
xhr=True,
status=200)
def test_allowed(self, app, db_session, group):
environ = make_environ(groups=[group])
csrf_token = get_csrf_token(app, environ)
app.delete(
self.url,
extra_environ=environ,
headers={'X-CSRF-Token': csrf_token},
xhr=True,
status=200)
def test_not_owner(self, app, db_session):
import transaction
from occams_datastore import models as datastore
with transaction.manager:
db_session.add(datastore.User(key='somebody_else'))
environ = make_environ(userid='somebody_else')
csrf_token = get_csrf_token(app, environ)
app.delete(self.url,
extra_environ=environ,
headers={'X-CSRF-Token': csrf_token},
xhr=True,
status=403)
def test_not_allowed_aliquot_labels_post(app, group):
url = '/lims/test_location/aliquot_labels'
environ = make_environ(userid=USERID, groups=[group])
csrf_token = get_csrf_token(app, environ)
res = app.post(url,
extra_environ=environ,
status='*',
headers={
'X-CSRF-Token': csrf_token,
'X-REQUESTED-WITH': str('XMLHttpRequest')
})
assert res.status_code == 403
def test_not_owner(self, app, db_session):
import transaction
from occams_datastore import models as datastore
with transaction.manager:
db_session.add(datastore.User(key='somebody_else'))
environ = make_environ(userid='somebody_else')
csrf_token = get_csrf_token(app, environ)
app.delete(
self.url,
extra_environ=environ,
headers={'X-CSRF-Token': csrf_token},
xhr=True,
status=403)
def test_not_allowed_aliquot_labels_post(app, group):
url = '/lims/test_location/aliquot_labels'
environ = make_environ(userid=USERID, groups=[group])
csrf_token = get_csrf_token(app, environ)
res = app.post(
url,
extra_environ=environ,
status='*',
headers={
'X-CSRF-Token': csrf_token,
'X-REQUESTED-WITH': str('XMLHttpRequest')
})
assert res.status_code == 403
def test_not_allowed(self, app, db_session, group):
environ = make_environ(userid=USERID, groups=[group])
csrf_token = get_csrf_token(app, environ)
res = app.delete_json(self.url,
extra_environ=environ,
status='*',
headers={
'X-CSRF-Token': csrf_token,
'X-REQUESTED-WITH': str('XMLHttpRequest')
},
params={})
assert 403 == res.status_code
def test_allowed(self, app, group):
environ = make_environ(userid=USERID, groups=[group])
csrf_token = get_csrf_token(app, environ)
res = app.get(self.url,
extra_environ=environ,
status='*',
headers={
'X-CSRF-Token': csrf_token,
'X-REQUESTED-WITH': str('XMLHttpRequest')
},
xhr=True,
params={})
assert 200 == res.status_code
def test_not_allowed(self, app, db_session, group):
environ = make_environ(userid=USERID, groups=[group])
csrf_token = get_csrf_token(app, environ)
res = app.delete_json(
self.url,
extra_environ=environ,
status='*',
headers={
'X-CSRF-Token': csrf_token,
'X-REQUESTED-WITH': str('XMLHttpRequest')
},
params={})
assert 403 == res.status_code
def test_allowed(self, app, group):
environ = make_environ(userid=USERID, groups=[group])
csrf_token = get_csrf_token(app, environ)
res = app.get(
self.url,
extra_environ=environ,
status='*',
headers={
'X-CSRF-Token': csrf_token,
'X-REQUESTED-WITH': str('XMLHttpRequest')
},
xhr=True,
params={})
assert 200 == res.status_code
def test_not_allowed(self, app, group):
environ = make_environ(userid=USERID, groups=[group])
csrf_token = get_csrf_token(app, environ)
data = {'title': 'test_study Week 1', 'week': '1'}
res = app.post_json(self.url.format('test_study'),
extra_environ=environ,
status='*',
headers={
'X-CSRF-Token': csrf_token,
'X-REQUESTED-WITH': str('XMLHttpRequest')
},
params=data)
assert 403 == res.status_code
def test_allowed(self, app, db_session, group):
environ = make_environ(userid=USERID, groups=[group])
res = app.get(self.url, extra_environ=environ, xhr=True)
data = res.json
csrf_token = get_csrf_token(app, environ)
res = app.delete_json(
self.url,
extra_environ=environ,
status='*',
headers={
'X-CSRF-Token': csrf_token
},
params=data)
assert 200 == res.status_code
def test_get_all_schemas_not_allowed(self, app, group):
url = '/imports/schemas'
environ = make_environ(userid=USERID, groups=[group])
csrf_token = get_csrf_token(app, environ)
response = app.get(url,
extra_environ=environ,
status='*',
headers={
'X-CSRF-Token': csrf_token,
'X-REQUESTED-WITH': str('XMLHttpRequest')
},
params={})
assert response.status_code == 403
def test_view_field_json(self, app, db_session, group):
url = '/forms/test_schema/versions/2015-01-01/fields/test_field'
environ = make_environ(userid=USERID, groups=[group])
csrf_token = get_csrf_token(app, environ)
res = app.get(
url,
status='*',
xhr=True,
extra_environ=environ,
headers={
'X-CSRF-Token': csrf_token,
'X-REQUESTED-WITH': str('XMLHttpRequest')
})
assert 200 == res.status_code
def test_allowed(self, app, group):
environ = make_environ(userid=USERID, groups=[group])
csrf_token = get_csrf_token(app, environ)
data = {'name': 'TestDelete', 'title': 'TestDelete', 'week': 4}
res = app.put_json(self.url,
extra_environ=environ,
status='*',
headers={
'X-CSRF-Token': csrf_token,
'X-REQUESTED-WITH': str('XMLHttpRequest')
},
params=data)
assert 200 == res.status_code
def test_not_allowed_forms_versions_delete(self, app, db_session, group):
url = '/forms/test_schema/versions/2015-01-01'
environ = make_environ(userid=USERID, groups=[group])
csrf_token = get_csrf_token(app, environ)
res = app.delete(
url,
extra_environ=environ,
xhr=True,
status='*',
headers={
'X-CSRF-Token': csrf_token,
'X-REQUESTED-WITH': str('XMLHttpRequest')
}
)
assert 403 == res.status_code
def test_get_all_schemas_not_allowed(self, app, group):
url = '/imports/schemas'
environ = make_environ(userid=USERID, groups=[group])
csrf_token = get_csrf_token(app, environ)
response = app.get(
url,
extra_environ=environ,
status='*',
headers={
'X-CSRF-Token': csrf_token,
'X-REQUESTED-WITH': str('XMLHttpRequest')
},
params={})
assert response.status_code == 403
def test_not_authenticated_edit_validate_field(self, app, db_session):
url = '/forms/test_schema/versions/2015-01-01/fields/' \
'test_field?validate'
environ = make_environ(userid=USERID)
csrf_token = get_csrf_token(app, environ)
res = app.get(
url,
status='*',
headers={
'X-CSRF-Token': csrf_token,
'X-REQUESTED-WITH': str('XMLHttpRequest')
}
)
assert 401 == res.status_code
def test_not_allowed(self, app, db_session, group):
from occams_studies import models as studies
environ = make_environ(userid=USERID, groups=[group])
csrf_token = get_csrf_token(app, environ)
enrollment_id = db_session.query(studies.Enrollment.id).filter(
studies.Study.name == u'test_study').scalar()
res = app.delete_json(self.url.format(enrollment_id),
extra_environ=environ,
status='*',
headers={
'X-CSRF-Token': csrf_token,
'X-REQUESTED-WITH': str('XMLHttpRequest')
},
params={})
assert 403 == res.status_code
def test_mappings_delete_not_allowed(self, app, group):
url = '/imports/mappings/delete'
environ = make_environ(userid=USERID, groups=[group])
csrf_token = get_csrf_token(app, environ)
data = {'mapped_delete': []}
response = app.delete_json(url,
extra_environ=environ,
status='*',
headers={
'X-CSRF-Token': csrf_token,
'X-REQUESTED-WITH':
str('XMLHttpRequest')
},
params=data)
assert response.status_code == 403
def test_allowed(self, app, db_session, group):
environ = make_environ(userid=USERID, groups=[group])
csrf_token = get_csrf_token(app, environ)
data = {'name': u'test',
'title': u'test_title',
'short_title': u'test2',
'code': u'test3',
'consent_date': '2015-01-01'}
res = app.post_json(
self.url,
extra_environ=environ,
status='*',
headers={
'X-CSRF-Token': csrf_token
},
params=data)
assert 200 == res.status_code
def test_occams_codebook_insert(self, app, db_session, group):
import datetime
from pkg_resources import resource_filename
from occams_datastore import models as datastore
url = '/imports/codebooks/occams/status'
environ = make_environ(userid=USERID, groups=[group])
csrf_token = get_csrf_token(app, environ)
data = {'mode': None, 'study': u'DRSC', 'delimiter': u'comma'}
codebook = open(resource_filename('tests.fixtures', 'codebook.csv'),
'rb')
csv_data = codebook.read()
app.post(url,
extra_environ=environ,
expect_errors=True,
upload_files=[('codebook', 'test.csv', csv_data)],
headers={
'X-CSRF-Token': csrf_token,
},
params=data)
codebook.close()
form = db_session.query(datastore.Schema).one()
attributes = db_session.query(datastore.Attribute).filter(
datastore.Schema.id == form.id).order_by(
datastore.Attribute.name).all()
assert form.name == u'ClinicalAssessment595vitd'
assert form.title == u'595 Vitamin D - Clinical Assessment'
assert form.publish_date == datetime.date(2014, 10, 23)
assert attributes[0].name == u'cont'
assert attributes[2].name == u'frac'
expected_title = u'Has the subject had any fractures since the visit?'
assert attributes[2].title == expected_title
assert attributes[2].choices['0'].title == u'No'
def test_not_allowed(self, app, db_session, group):
from occams_studies import models as studies
environ = make_environ(userid=USERID, groups=[group])
csrf_token = get_csrf_token(app, environ)
visit_date = db_session.query(studies.Visit.visit_date).filter(
studies.Patient.pid == u'123').scalar()
res = app.delete(self.url.format(visit_date),
extra_environ=environ,
status='*',
headers={
'X-CSRF-Token': csrf_token,
'X-REQUESTED-WITH': str('XMLHttpRequest')
},
xhr=True,
params={})
assert 403 == res.status_code
def test_qds_insert(self, app, db_session, group):
import datetime
from pkg_resources import resource_filename
from occams_datastore import models as datastore
url = '/imports/codebooks/qds/status'
environ = make_environ(userid=USERID, groups=[group])
csrf_token = get_csrf_token(app, environ)
data = {'mode': None, 'study': u'DRSC', 'delimiter': u'comma'}
qds = open(
resource_filename('tests.fixtures', 'qds_input_fixture.csv'), 'rb')
qds_data = qds.read()
app.post(url,
extra_environ=environ,
expect_errors=True,
upload_files=[('codebook', 'test.csv', qds_data)],
headers={
'X-CSRF-Token': csrf_token,
},
params=data)
qds.close()
form = db_session.query(datastore.Schema).one()
attributes = db_session.query(datastore.Attribute).filter(
datastore.Schema.id == form.id).order_by(
datastore.Attribute.name).all()
assert form.name == u'Test_Schema_Title'
assert form.title == u'Test Schema Title'
assert form.publish_date == datetime.date(2015, 8, 11)
assert attributes[0].name == u'BIRTHSEX'
assert attributes[1].name == u'GENDER'
assert attributes[2].name == u'TODAY'
assert attributes[0].type == u'choice'
assert attributes[1].type == u'choice'
assert attributes[2].type == u'string'
def test_not_allowed(self, app, db_session, group):
from occams_datastore import models as datastore
environ = make_environ(userid=USERID, groups=[group])
csrf_token = get_csrf_token(app, environ)
form_id = db_session.query(datastore.Schema.id).filter(
datastore.Schema.name == u'test_schema').scalar()
data = {'schema': form_id, 'collect_date': '2015-01-01'}
res = app.post_json(self.url,
extra_environ=environ,
status='*',
headers={
'X-CSRF-Token': csrf_token,
'X-REQUESTED-WITH': str('XMLHttpRequest')
},
params=data)
assert 403 == res.status_code