Example #1
0
    def test_not_allowed(self, app, db_session, group):
        from occams_studies import models as studies

        environ = make_environ(userid=USERID, groups=[group])
        csrf_token = get_csrf_token(app, environ)

        study_id = db_session.query(studies.Study.id).filter(
            studies.Study.name == u'test_study').scalar()
        enrollment_id = db_session.query(studies.Enrollment.id).filter(
            studies.Study.name == u'test_study').scalar()

        data = {
            'study': study_id,
            'consent_date': '2014-12-22',
            'latest_consent_date': '2015-01-01',
            'reference_number': ''
        }

        res = app.put_json(self.url.format(enrollment_id),
                           extra_environ=environ,
                           status='*',
                           headers={
                               'X-CSRF-Token': csrf_token,
                               'X-REQUESTED-WITH': str('XMLHttpRequest')
                           },
                           params=data)

        assert 403 == res.status_code
Example #2
0
    def test_not_allowed_forms_versions_post_draft(
            self, app, db_session, group):
        url = '/forms/test_schema/versions/2015-01-01?draft'

        environ = make_environ(userid=USERID, groups=[group])
        csrf_token = get_csrf_token(app, environ)

        data = {
            '__url__': url,
            'name': 'test_schema',
            'title': 'test_title',
            'fields': [],
            'hasFields': False,
            'isNew': False,
            'publish_date': '2015-01-01'
        }

        res = app.post(
            url,
            extra_environ=environ,
            status='*',
            headers={
                'X-CSRF-Token': csrf_token,
                'X-REQUESTED-WITH': str('XMLHttpRequest')
            },
            xhr=True,
            params=data)

        assert 403 == res.status_code
Example #3
0
    def test_not_allowed(self, app, db_session, group):
        from occams_studies import models as studies

        environ = make_environ(userid=USERID, groups=[group])
        csrf_token = get_csrf_token(app, environ)

        site = db_session.query(studies.Site).filter(
            studies.Site.name == u'UCSD').one()
        site_id = site.id

        data = {
            'site': site_id,
            'references': []
        }

        res = app.post_json(
            self.url,
            extra_environ=environ,
            status='*',
            headers={
                'X-CSRF-Token': csrf_token,
                'X-REQUESTED-WITH': str('XMLHttpRequest')
            },
            params=data)

        assert 403 == res.status_code
Example #4
0
    def test_allowed(self, app, db_session, group):
        from occams_studies import models as studies

        environ = make_environ(userid=USERID, groups=[group])
        csrf_token = get_csrf_token(app, environ)

        study_id = db_session.query(studies.Study.id).filter(
            studies.Study.name == u'test_study').scalar()

        data = {
            'consent_date': '2015-01-01',
            'latest_consent_date': '2015-01-01',
            'study': study_id
        }

        res = app.post_json(self.url,
                            extra_environ=environ,
                            status='*',
                            headers={
                                'X-CSRF-Token': csrf_token,
                                'X-REQUESTED-WITH': str('XMLHttpRequest')
                            },
                            params=data)

        assert 200 == res.status_code
Example #5
0
    def test_not_allowed(self, app, db_session, group):
        from occams_studies import models as studies

        environ = make_environ(userid=USERID, groups=[group])
        csrf_token = get_csrf_token(app, environ)

        patient = db_session.query(studies.Patient).filter(
            studies.Patient.pid == u'123').one()
        data = {
            'initials': patient.initials,
            'nurse': patient.nurse,
            'site_id': patient.site_id,
            'pid': patient.pid,
            'site': patient.site_id
        }

        res = app.put_json(
            self.url.format('123'),
            extra_environ=environ,
            status='*',
            headers={
                'X-CSRF-Token': csrf_token,
                'X-REQUESTED-WITH': str('XMLHttpRequest')
            },
            params=data)

        assert 403 == res.status_code
Example #6
0
    def test_not_allowed(self, app, db_session, group):
        from occams_datastore import models as datastore

        environ = make_environ(userid=USERID, groups=[group])
        csrf_token = get_csrf_token(app, environ)

        schema = db_session.query(datastore.Schema).filter(
            datastore.Schema.name == u'test_schema').one()
        schema_id = schema.id

        data = {
            'collect_date': '2015-01-01',
            'schema': schema_id
        }

        res = app.post_json(
            self.url,
            extra_environ=environ,
            status='*',
            headers={
                'X-CSRF-Token': csrf_token,
                'X-REQUESTED-WITH': str('XMLHttpRequest')
            },
            params=data)

        assert 403 == res.status_code
Example #7
0
    def test_not_allowed_move_field_unpublished(self, app, db_session, group):
        from occams_datastore import models as datastore

        url = '/forms/test_schema2/versions/{}/fields/text_box2?move'

        environ = make_environ(userid=USERID, groups=[group])
        csrf_token = get_csrf_token(app, environ)

        form_id = db_session.query(datastore.Schema.id).filter(
            datastore.Schema.name == u'test_schema2').scalar()

        data = {
            'index': 0
        }

        res = app.put_json(
            url.format(form_id),
            status='*',
            extra_environ=environ,
            headers={
                'X-CSRF-Token': csrf_token,
                'X-REQUESTED-WITH': str('XMLHttpRequest')
            },
            params=data)

        assert 403 == res.status_code
Example #8
0
    def test_not_allowed(self, app, db_session, group):
        from occams_studies import models as studies

        environ = make_environ(userid=USERID, groups=[group])
        csrf_token = get_csrf_token(app, environ)

        visit_date = db_session.query(studies.Visit.visit_date).filter(
            studies.Patient.pid == u'123').scalar()

        cycle_id = db_session.query(studies.Cycle.id).filter(
            studies.Cycle.name == u'TestCycle').scalar()

        data = {
            'cycles': [cycle_id],
            'visit_date': '2015-01-02'
        }

        res = app.put_json(
            self.url.format(visit_date),
            extra_environ=environ,
            status='*',
            headers={
                'X-CSRF-Token': csrf_token,
                'X-REQUESTED-WITH': str('XMLHttpRequest')
            },
            params=data)

        assert 403 == res.status_code
Example #9
0
    def test_allowed(self, app, db_session, group):
        from occams_studies import models as studies

        environ = make_environ(userid=USERID, groups=[group])
        csrf_token = get_csrf_token(app, environ)

        cycle_id = db_session.query(studies.Cycle.id).filter(
            studies.Cycle.name == u'TestCycle').scalar()

        data = {
            'cycles': [cycle_id],
            'visit_date': '2015-01-01',
            'include_forms': False,
            'include_speciman': False
        }

        res = app.post_json(
            self.url,
            extra_environ=environ,
            status='*',
            headers={
                'X-CSRF-Token': csrf_token,
                'X-REQUESTED-WITH': str('XMLHttpRequest')
            },
            params=data)

        assert 200 == res.status_code
Example #10
0
    def test_not_allowed(self, app, db_session, group):
        from occams_studies import models as studies

        environ = make_environ(userid=USERID, groups=[group])
        csrf_token = get_csrf_token(app, environ)

        enrollment_id = db_session.query(studies.Enrollment.id).filter(
            studies.Study.name == u'test_study').scalar()

        data = {
            'ofmetadata_-collect_date': '2015-01-01',
            'ofmetadata_-version': '2015-01-01',
            'ofmetadata_-state': 'pending-entry',
        }

        res = app.post(self.url.format(enrollment_id),
                       extra_environ=environ,
                       status='*',
                       headers={
                           'X-CSRF-Token': csrf_token,
                           'X-REQUESTED-WITH': str('XMLHttpRequest')
                       },
                       xhr=True,
                       params=data)

        assert 403 == res.status_code
    def test_iform_upload(self, app, group, datadir):

        url = '/imports/codebooks/iform/status'

        environ = make_environ(userid=USERID, groups=[group])
        csrf_token = get_csrf_token(app, environ)

        data = {
            'mode': u'dry',
            'study': u'DRSC'
        }

        # from pytest import set_trace; set_trace()
        iform = datadir.join('iform_input_fixture.json').open()
        json_data = iform.read()

        response = app.post(
            url,
            extra_environ=environ,
            expect_errors=True,
            upload_files=[('codebook', 'test.json', json_data)],
            headers={
                'X-CSRF-Token': csrf_token,
            },
            params=data)

        iform.close()

        assert response.status_code == 200
Example #12
0
    def test_iform_upload(self, app, group):
        from pkg_resources import resource_filename

        url = '/imports/codebooks/iform/status'

        environ = make_environ(userid=USERID, groups=[group])
        csrf_token = get_csrf_token(app, environ)

        data = {'mode': u'dry', 'study': u'DRSC'}

        iform = open(
            resource_filename('tests.fixtures', 'iform_input_fixture.json'))
        json_data = iform.read()

        response = app.post(url,
                            extra_environ=environ,
                            expect_errors=True,
                            upload_files=[('codebook', 'test.json', json_data)
                                          ],
                            headers={
                                'X-CSRF-Token': csrf_token,
                            },
                            params=data)

        iform.close()

        assert response.status_code == 200
Example #13
0
def test_not_allowed_specimen_add(app, db_session, group):
    from occams_studies import models as studies
    from occams_lims import models as lims

    url = '/lims/test_location/add'

    environ = make_environ(userid=USERID, groups=[group])
    csrf_token = get_csrf_token(app, environ)

    cycle_id = db_session.query(studies.Cycle.id).filter(
        studies.Cycle.name == u'test_cycle').scalar()

    specimen_id = db_session.query(lims.SpecimenType.id).filter(
        lims.SpecimenType.name == u'test_specimen').scalar()

    data = {
        'pid': u'123',
        'cycle_id': cycle_id,
        'specimen_type_id': specimen_id
    }

    res = app.post_json(
        url,
        extra_environ=environ,
        status='*',
        headers={
            'X-CSRF-Token': csrf_token,
            'X-REQUESTED-WITH': str('XMLHttpRequest')
        },
        params=data)

    assert res.status_code == 403
Example #14
0
    def test_not_allowed_forms_upload_json(self, app, db_session, group):
        import json

        url = '/forms/?files'

        environ = make_environ(userid=USERID, groups=[group])
        csrf_token = get_csrf_token(app, environ)

        data = {
            'title': 'OMG',
            'storage': 'eav',
            'publish_date': '2015-05-26',
            "name": 'omg'
        }

        res = app.post(
            url,
            extra_environ=environ,
            status='*',
            upload_files=[('files', 'upload.json', json.dumps(data))],
            headers={
                'X-CSRF-Token': csrf_token,
                'X-REQUESTED-WITH': str('XMLHttpRequest')
            },
            xhr=True)

        assert 403 == res.status_code
Example #15
0
    def test_not_allowed_forms_add(self, app, db_session, group):
        url = '/forms/'

        environ = make_environ(userid=USERID, groups=[group])
        csrf_token = get_csrf_token(app, environ)

        data = {
            'name': 'test_form',
            'title': 'test_form',
            'versions': [],
            'isNew': True,
            'hasVersions': False
        }

        res = app.post_json(
            url,
            extra_environ=environ,
            status='*',
            headers={
                'X-CSRF-Token': csrf_token,
                'X-REQUESTED-WITH': str('XMLHttpRequest')
            },
            params=data)

        assert 403 == res.status_code
Example #16
0
def test_not_allowed_specimen_add(app, db_session, group):
    from occams_studies import models as studies
    from occams_lims import models as lims

    url = '/lims/test_location/add'

    environ = make_environ(userid=USERID, groups=[group])
    csrf_token = get_csrf_token(app, environ)

    cycle_id = db_session.query(
        studies.Cycle.id).filter(studies.Cycle.name == u'test_cycle').scalar()

    specimen_id = db_session.query(lims.SpecimenType.id).filter(
        lims.SpecimenType.name == u'test_specimen').scalar()

    data = {
        'pid': u'123',
        'cycle_id': cycle_id,
        'specimen_type_id': specimen_id
    }

    res = app.post_json(url,
                        extra_environ=environ,
                        status='*',
                        headers={
                            'X-CSRF-Token': csrf_token,
                            'X-REQUESTED-WITH': str('XMLHttpRequest')
                        },
                        params=data)

    assert res.status_code == 403
Example #17
0
    def test_add_field(self, app, db_session, group):
        url = '/forms/test_schema/versions/2015-01-01/fields'

        environ = make_environ(userid=USERID, groups=[group])
        csrf_token = get_csrf_token(app, environ)

        data = {
            'choiceInputType': 'radio',
            'choices': [],
            'name': 'test_field_add',
            'title': 'test_title_add',
            'description': 'test_desc_add',
            'type': 'string',
            'is_required': False,
            'isNew': True,
            'isSection': False,
            'fields': [],
            'isLimitAllowed': True,
            'hasFields': False,
            'index': 0
        }

        res = app.post_json(
            url,
            extra_environ=environ,
            status='*',
            headers={
                'X-CSRF-Token': csrf_token,
                'X-REQUESTED-WITH': str('XMLHttpRequest')
            },
            params=data
        )

        assert 200 == res.status_code
Example #18
0
    def test_not_allowed(self, app, db_session, group):
        from occams_studies import models as studies

        environ = make_environ(userid=USERID, groups=[group])
        csrf_token = get_csrf_token(app, environ)

        cycle_id = db_session.query(studies.Cycle.id).filter(
            studies.Cycle.name == u'TestCycle').scalar()

        data = {
            'cycles': [cycle_id],
            'visit_date': '2015-01-01',
            'include_forms': False,
            'include_speciman': False
        }

        res = app.post_json(self.url,
                            extra_environ=environ,
                            status='*',
                            headers={
                                'X-CSRF-Token': csrf_token,
                                'X-REQUESTED-WITH': str('XMLHttpRequest')
                            },
                            params=data)

        assert 403 == res.status_code
Example #19
0
    def test_iform_upload_not_allowed(self, app, group, datadir):

        url = '/imports/codebooks/iform/status'

        environ = make_environ(userid=USERID, groups=[group])
        csrf_token = get_csrf_token(app, environ)

        data = {'mode': u'dry', 'study': u'DRSC'}

        iform = datadir.join('iform_input_fixture.json').open()
        json_data = iform.read()

        response = app.post(url,
                            extra_environ=environ,
                            expect_errors=True,
                            upload_files=[('codebook', 'test.json', json_data)
                                          ],
                            headers={
                                'X-CSRF-Token': csrf_token,
                            },
                            params=data)

        iform.close()

        assert response.status_code == 403
Example #20
0
    def test_not_allowed(self, app, db_session, group):
        from occams_studies import models as studies

        environ = make_environ(userid=USERID, groups=[group])
        csrf_token = get_csrf_token(app, environ)

        patient = db_session.query(
            studies.Patient).filter(studies.Patient.pid == u'123').one()
        data = {
            'initials': patient.initials,
            'nurse': patient.nurse,
            'site_id': patient.site_id,
            'pid': patient.pid,
            'site': patient.site_id
        }

        res = app.put_json(self.url.format('123'),
                           extra_environ=environ,
                           status='*',
                           headers={
                               'X-CSRF-Token': csrf_token,
                               'X-REQUESTED-WITH': str('XMLHttpRequest')
                           },
                           params=data)

        assert 403 == res.status_code
    def test_iform_insert_import_table(self, app, db_session, group, datadir):
        from occams_imports import models
        from occams_studies import models as studies

        url = '/imports/codebooks/iform/status'

        environ = make_environ(userid=USERID, groups=[group])
        csrf_token = get_csrf_token(app, environ)

        data = {'mode': None, 'study': u'DRSC'}

        iform = datadir.join('iform_input_fixture.json').open()
        json_data = iform.read()

        app.post(url,
                 extra_environ=environ,
                 expect_errors=True,
                 upload_files=[('codebook', 'test.json', json_data)],
                 headers={
                     'X-CSRF-Token': csrf_token,
                 },
                 params=data)

        iform.close()

        import_data = db_session.query(models.Import).one()
        study = (db_session.query(
            studies.Study).filter(studies.Study.title == data['study'])).one()

        assert study.title == data['study']
        assert import_data.schema.name == u'test_595_hiv_test_v04'
    def test_iform_upload_validate(self, app, group, datadir):

        url = '/imports/codebooks/iform/status'

        environ = make_environ(userid=USERID, groups=[group])
        csrf_token = get_csrf_token(app, environ)

        data = {'mode': u'dry', 'study': u'DRSC'}

        iform = datadir.join('iform_input_fixture.json').open()
        json_data = iform.read()

        response = app.post(url,
                            extra_environ=environ,
                            expect_errors=True,
                            upload_files=[('codebook', 'test.json', json_data)
                                          ],
                            headers={
                                'X-CSRF-Token': csrf_token,
                            },
                            params=data)

        iform.close()

        assert u'test_595_hiv_test_v04' in response.body
        assert u'Codebook Import Status' in response.body
        assert u'2013-10-21' in response.body
        assert u'Fields evaluated' in response.body
    def test_occams_upload_not_allowed(self, app, group, datadir):

        url = '/imports/codebooks/occams/status'

        environ = make_environ(userid=USERID, groups=[group])
        csrf_token = get_csrf_token(app, environ)

        data = {
            'mode': u'dry',
            'delimiter': u'comma',
            'study': u'DRSC'
        }

        codebook = datadir.join('codebook.csv').open()
        csv_data = codebook.read()

        response = app.post(
            url,
            extra_environ=environ,
            expect_errors=True,
            upload_files=[('codebook', 'test.csv', csv_data)],
            headers={
                'X-CSRF-Token': csrf_token,
            },
            params=data)

        codebook.close()

        assert response.status_code == 403
Example #24
0
    def test_qds_upload_codebook_not_allowed(self, app, group):
        from pkg_resources import resource_filename

        url = '/imports/codebooks/qds/status'

        environ = make_environ(userid=USERID, groups=[group])
        csrf_token = get_csrf_token(app, environ)

        data = {
            'mode': u'dry',
            'delimiter': u'comma',
            'study': u'DRSC'
        }

        qds = open(
            resource_filename('tests.fixtures', 'qds_input_fixture.csv'), 'rb')
        qds_data = qds.read()

        response = app.post(
            url,
            extra_environ=environ,
            expect_errors=True,
            upload_files=[('codebook', 'test.csv', qds_data)],
            headers={
                'X-CSRF-Token': csrf_token,
            },
            params=data)

        qds.close()

        assert response.status_code == 403
    def test_occams_upload_validate(self, app, group, datadir):

        url = '/imports/codebooks/occams/status'

        environ = make_environ(userid=USERID, groups=[group])
        csrf_token = get_csrf_token(app, environ)

        data = {'mode': u'dry', 'delimiter': u'comma', 'study': u'DRSC'}

        codebook = datadir.join('/codebook.csv').open()
        csv_data = codebook.read()

        response = app.post(url,
                            extra_environ=environ,
                            expect_errors=True,
                            upload_files=[('codebook', 'test.csv', csv_data)],
                            headers={
                                'X-CSRF-Token': csrf_token,
                            },
                            params=data)

        codebook.close()

        assert response.status_code == 200
        assert u'ClinicalAssessment595vitd' in response.body
        assert u'Codebook Import Status' in response.body
        assert u'2014-10-23' in response.body
        assert u'Fields evaluated' in response.body
    def test_qds_upload_validate(self, app, group, datadir):

        url = '/imports/codebooks/qds/status'

        environ = make_environ(userid=USERID, groups=[group])
        csrf_token = get_csrf_token(app, environ)

        data = {'mode': u'dry', 'delimiter': u'comma', 'study': u'DRSC'}

        qds = datadir.join('qds_input_fixture.csv').open()
        qds_data = qds.read()

        response = app.post(url,
                            extra_environ=environ,
                            expect_errors=True,
                            upload_files=[('codebook', 'test.csv', qds_data)],
                            headers={
                                'X-CSRF-Token': csrf_token,
                            },
                            params=data)

        qds.close()

        assert response.status_code == 200
        assert u'Test_Schema_Title' in response.body
        assert u'Test Schema Title' in response.body
        assert u'Codebook Import Status' in response.body
        assert u'2015-08-11' in response.body
        assert u'Fields evaluated' in response.body
Example #27
0
    def test_edit_field_unpublished(self, app, db_session, group):
        from occams_datastore import models as datastore

        url = '/forms/test_schema2/versions/{}/fields/test_field2'

        form_id = db_session.query(datastore.Schema.id).filter(
            datastore.Schema.name == u'test_schema2').scalar()

        environ = make_environ(userid=USERID, groups=[group])
        csrf_token = get_csrf_token(app, environ)

        data = {
            'name': 'test_field_add',
            'type': 'string',
            'title': 'updated title'
        }

        res = app.put_json(
            url.format(form_id),
            extra_environ=environ,
            status='*',
            headers={
                'X-CSRF-Token': csrf_token,
                'X-REQUESTED-WITH': str('XMLHttpRequest')
            },
            params=data
        )

        assert 200 == res.status_code
Example #28
0
    def test_not_allowed_forms_versions_edit_unpublished(
            self, app, db_session, group):
        from occams_datastore import models as datastore

        url = '/forms/test_schema2/versions/{}'

        environ = make_environ(userid=USERID, groups=[group])
        csrf_token = get_csrf_token(app, environ)

        form_id = db_session.query(datastore.Schema.id).filter(
            datastore.Schema.name == u'test_schema2').scalar()

        data = {
            '__url__': url,
            'name': 'test_schema',
            'title': 'test_title',
            'fields': [],
            'hasFields': False,
            'isNew': False,
            'publish_date': '2015-01-01'
        }

        res = app.put_json(
            url.format(form_id),
            extra_environ=environ,
            status='*',
            headers={
                'X-CSRF-Token': csrf_token,
                'X-REQUESTED-WITH': str('XMLHttpRequest')
            },
            params=data)

        assert 403 == res.status_code
    def test_occams_upload_validate(self, app, group):
        from pkg_resources import resource_filename

        url = '/imports/codebooks/occams/status'

        environ = make_environ(userid=USERID, groups=[group])
        csrf_token = get_csrf_token(app, environ)

        data = {
            'mode': u'dry',
            'delimiter': u'comma',
            'study': u'DRSC'
        }

        codebook = open(
            resource_filename('tests.fixtures', 'codebook.csv'), 'rb')
        csv_data = codebook.read()

        response = app.post(
            url,
            extra_environ=environ,
            expect_errors=True,
            upload_files=[('codebook', 'test.csv', csv_data)],
            headers={
                'X-CSRF-Token': csrf_token,
            },
            params=data)

        codebook.close()

        assert response.status_code == 200
        assert u'ClinicalAssessment595vitd' in response.body
        assert u'Codebook Import Status' in response.body
        assert u'2014-10-23' in response.body
        assert u'Fields evaluated' in response.body
    def test_iform_upload_validate(self, app, group):
        from pkg_resources import resource_filename

        url = '/imports/codebooks/iform/status'

        environ = make_environ(userid=USERID, groups=[group])
        csrf_token = get_csrf_token(app, environ)

        data = {
            'mode': u'dry',
            'study': u'DRSC'
        }

        iform = open(
            resource_filename(
                'tests.fixtures', 'iform_input_fixture.json'), 'r')
        json_data = iform.read()

        response = app.post(
            url,
            extra_environ=environ,
            expect_errors=True,
            upload_files=[('codebook', 'test.json', json_data)],
            headers={
                'X-CSRF-Token': csrf_token,
            },
            params=data)

        iform.close()

        assert u'test_595_hiv_test_v04' in response.body
        assert u'Codebook Import Status' in response.body
        assert u'2013-10-21' in response.body
        assert u'Fields evaluated' in response.body
    def test_qds_upload_codebook(self, app, group, datadir):

        url = '/imports/codebooks/qds/status'

        environ = make_environ(userid=USERID, groups=[group])
        csrf_token = get_csrf_token(app, environ)

        data = {
            'mode': u'dry',
            'delimiter': u'comma',
            'study': u'DRSC'
        }

        qds = datadir.join('qds_input_fixture.csv').open()
        qds_data = qds.read()

        response = app.post(
            url,
            extra_environ=environ,
            expect_errors=True,
            upload_files=[('codebook', 'test.csv', qds_data)],
            headers={
                'X-CSRF-Token': csrf_token,
            },
            params=data)

        qds.close()

        assert response.status_code == 200
Example #32
0
    def test_qds_upload_codebook_not_allowed(self, app, group):
        from pkg_resources import resource_filename

        url = '/imports/codebooks/qds/status'

        environ = make_environ(userid=USERID, groups=[group])
        csrf_token = get_csrf_token(app, environ)

        data = {'mode': u'dry', 'delimiter': u'comma', 'study': u'DRSC'}

        qds = open(
            resource_filename('tests.fixtures', 'qds_input_fixture.csv'), 'rb')
        qds_data = qds.read()

        response = app.post(url,
                            extra_environ=environ,
                            expect_errors=True,
                            upload_files=[('codebook', 'test.csv', qds_data)],
                            headers={
                                'X-CSRF-Token': csrf_token,
                            },
                            params=data)

        qds.close()

        assert response.status_code == 403
Example #33
0
    def test_iform_upload_not_allowed(self, app, group):
        from pkg_resources import resource_filename

        url = '/imports/codebooks/iform/status'

        environ = make_environ(userid=USERID, groups=[group])
        csrf_token = get_csrf_token(app, environ)

        data = {
            'mode': u'dry',
            'study': u'DRSC'
        }

        iform = open(resource_filename(
            'tests.fixtures', 'iform_input_fixture.json'), 'r')
        json_data = iform.read()

        response = app.post(
            url,
            extra_environ=environ,
            expect_errors=True,
            upload_files=[('codebook', 'test.json', json_data)],
            headers={
                'X-CSRF-Token': csrf_token,
            },
            params=data)

        iform.close()

        assert response.status_code == 403
Example #34
0
    def test_randomize_ajax_not_allowed(self, app, db_session, factories,
                                        group):
        import uuid

        from occams_studies import models as studies

        enrollment = db_session.query(studies.Enrollment).one()

        url = '/studies/patients/{pid}/enrollments/{eid}/randomization'.format(
            pid=enrollment.patient.pid, eid=enrollment.id)

        environ = make_environ(userid=USERID, groups=[group])

        headers = {
            'X-CSRF-Token': get_csrf_token(app, environ),
            'X-REQUESTED-WITH': str('XMLHttpRequest')
        }

        res = app.get(
            url,
            extra_environ=environ,
            status='*',
            headers=headers,
            xhr=True,
        )

        assert 403 == res.status_code

        procid = str(uuid.uuid4())

        # CHALLENGE
        res = app.post(url,
                       extra_environ=environ,
                       status='*',
                       headers=headers,
                       xhr=True,
                       params={'procid': procid})

        assert 403 == res.status_code

        # ENTRY
        res = app.post(url,
                       extra_environ=environ,
                       status='*',
                       headers=headers,
                       xhr=True,
                       params={'procid': procid})

        assert 403 == res.status_code

        # VERIFY
        res = app.post(url,
                       extra_environ=environ,
                       status='*',
                       headers=headers,
                       xhr=True,
                       params={'procid': procid})

        assert 403 == res.status_code
Example #35
0
 def test_allowed(self, app, db_session, group):
     environ = make_environ(groups=[group])
     csrf_token = get_csrf_token(app, environ)
     app.delete(self.url,
                extra_environ=environ,
                headers={'X-CSRF-Token': csrf_token},
                xhr=True,
                status=200)
Example #36
0
 def test_allowed(self, app, db_session, group):
     environ = make_environ(groups=[group])
     csrf_token = get_csrf_token(app, environ)
     app.delete(
         self.url,
         extra_environ=environ,
         headers={'X-CSRF-Token': csrf_token},
         xhr=True,
         status=200)
Example #37
0
 def test_not_owner(self, app, db_session):
     import transaction
     from occams_datastore import models as datastore
     with transaction.manager:
         db_session.add(datastore.User(key='somebody_else'))
     environ = make_environ(userid='somebody_else')
     csrf_token = get_csrf_token(app, environ)
     app.delete(self.url,
                extra_environ=environ,
                headers={'X-CSRF-Token': csrf_token},
                xhr=True,
                status=403)
Example #38
0
def test_not_allowed_aliquot_labels_post(app, group):
    url = '/lims/test_location/aliquot_labels'
    environ = make_environ(userid=USERID, groups=[group])
    csrf_token = get_csrf_token(app, environ)
    res = app.post(url,
                   extra_environ=environ,
                   status='*',
                   headers={
                       'X-CSRF-Token': csrf_token,
                       'X-REQUESTED-WITH': str('XMLHttpRequest')
                   })
    assert res.status_code == 403
Example #39
0
 def test_not_owner(self, app, db_session):
     import transaction
     from occams_datastore import models as datastore
     with transaction.manager:
         db_session.add(datastore.User(key='somebody_else'))
     environ = make_environ(userid='somebody_else')
     csrf_token = get_csrf_token(app, environ)
     app.delete(
         self.url,
         extra_environ=environ,
         headers={'X-CSRF-Token': csrf_token},
         xhr=True,
         status=403)
Example #40
0
def test_not_allowed_aliquot_labels_post(app, group):
    url = '/lims/test_location/aliquot_labels'
    environ = make_environ(userid=USERID, groups=[group])
    csrf_token = get_csrf_token(app, environ)
    res = app.post(
        url,
        extra_environ=environ,
        status='*',
        headers={
            'X-CSRF-Token': csrf_token,
            'X-REQUESTED-WITH': str('XMLHttpRequest')
        })
    assert res.status_code == 403
Example #41
0
    def test_not_allowed(self, app, db_session, group):
        environ = make_environ(userid=USERID, groups=[group])
        csrf_token = get_csrf_token(app, environ)

        res = app.delete_json(self.url,
                              extra_environ=environ,
                              status='*',
                              headers={
                                  'X-CSRF-Token': csrf_token,
                                  'X-REQUESTED-WITH': str('XMLHttpRequest')
                              },
                              params={})

        assert 403 == res.status_code
Example #42
0
    def test_allowed(self, app, group):
        environ = make_environ(userid=USERID, groups=[group])
        csrf_token = get_csrf_token(app, environ)

        res = app.get(self.url,
                      extra_environ=environ,
                      status='*',
                      headers={
                          'X-CSRF-Token': csrf_token,
                          'X-REQUESTED-WITH': str('XMLHttpRequest')
                      },
                      xhr=True,
                      params={})

        assert 200 == res.status_code
Example #43
0
    def test_not_allowed(self, app, db_session, group):
        environ = make_environ(userid=USERID, groups=[group])
        csrf_token = get_csrf_token(app, environ)

        res = app.delete_json(
            self.url,
            extra_environ=environ,
            status='*',
            headers={
                'X-CSRF-Token': csrf_token,
                'X-REQUESTED-WITH': str('XMLHttpRequest')
            },
            params={})

        assert 403 == res.status_code
Example #44
0
    def test_allowed(self, app, group):
        environ = make_environ(userid=USERID, groups=[group])
        csrf_token = get_csrf_token(app, environ)

        res = app.get(
            self.url,
            extra_environ=environ,
            status='*',
            headers={
                'X-CSRF-Token': csrf_token,
                'X-REQUESTED-WITH': str('XMLHttpRequest')
            },
            xhr=True,
            params={})

        assert 200 == res.status_code
Example #45
0
    def test_not_allowed(self, app, group):
        environ = make_environ(userid=USERID, groups=[group])
        csrf_token = get_csrf_token(app, environ)

        data = {'title': 'test_study Week 1', 'week': '1'}

        res = app.post_json(self.url.format('test_study'),
                            extra_environ=environ,
                            status='*',
                            headers={
                                'X-CSRF-Token': csrf_token,
                                'X-REQUESTED-WITH': str('XMLHttpRequest')
                            },
                            params=data)

        assert 403 == res.status_code
Example #46
0
    def test_allowed(self, app, db_session, group):
        environ = make_environ(userid=USERID, groups=[group])
        res = app.get(self.url, extra_environ=environ, xhr=True)
        data = res.json
        csrf_token = get_csrf_token(app, environ)

        res = app.delete_json(
            self.url,
            extra_environ=environ,
            status='*',
            headers={
                'X-CSRF-Token': csrf_token
            },
            params=data)

        assert 200 == res.status_code
Example #47
0
    def test_get_all_schemas_not_allowed(self, app, group):
        url = '/imports/schemas'

        environ = make_environ(userid=USERID, groups=[group])
        csrf_token = get_csrf_token(app, environ)

        response = app.get(url,
                           extra_environ=environ,
                           status='*',
                           headers={
                               'X-CSRF-Token': csrf_token,
                               'X-REQUESTED-WITH': str('XMLHttpRequest')
                           },
                           params={})

        assert response.status_code == 403
Example #48
0
    def test_view_field_json(self, app, db_session, group):
        url = '/forms/test_schema/versions/2015-01-01/fields/test_field'

        environ = make_environ(userid=USERID, groups=[group])
        csrf_token = get_csrf_token(app, environ)

        res = app.get(
            url,
            status='*',
            xhr=True,
            extra_environ=environ,
            headers={
                'X-CSRF-Token': csrf_token,
                'X-REQUESTED-WITH': str('XMLHttpRequest')
            })
        assert 200 == res.status_code
Example #49
0
    def test_allowed(self, app, group):
        environ = make_environ(userid=USERID, groups=[group])
        csrf_token = get_csrf_token(app, environ)

        data = {'name': 'TestDelete', 'title': 'TestDelete', 'week': 4}

        res = app.put_json(self.url,
                           extra_environ=environ,
                           status='*',
                           headers={
                               'X-CSRF-Token': csrf_token,
                               'X-REQUESTED-WITH': str('XMLHttpRequest')
                           },
                           params=data)

        assert 200 == res.status_code
Example #50
0
    def test_not_allowed_forms_versions_delete(self, app, db_session, group):
        url = '/forms/test_schema/versions/2015-01-01'
        environ = make_environ(userid=USERID, groups=[group])
        csrf_token = get_csrf_token(app, environ)
        res = app.delete(
            url,
            extra_environ=environ,
            xhr=True,
            status='*',
            headers={
                'X-CSRF-Token': csrf_token,
                'X-REQUESTED-WITH': str('XMLHttpRequest')
            }
        )

        assert 403 == res.status_code
Example #51
0
    def test_get_all_schemas_not_allowed(self, app, group):
        url = '/imports/schemas'

        environ = make_environ(userid=USERID, groups=[group])
        csrf_token = get_csrf_token(app, environ)

        response = app.get(
            url,
            extra_environ=environ,
            status='*',
            headers={
                'X-CSRF-Token': csrf_token,
                'X-REQUESTED-WITH': str('XMLHttpRequest')
            },
            params={})

        assert response.status_code == 403
Example #52
0
    def test_not_authenticated_edit_validate_field(self, app, db_session):
        url = '/forms/test_schema/versions/2015-01-01/fields/' \
              'test_field?validate'

        environ = make_environ(userid=USERID)
        csrf_token = get_csrf_token(app, environ)

        res = app.get(
            url,
            status='*',
            headers={
                'X-CSRF-Token': csrf_token,
                'X-REQUESTED-WITH': str('XMLHttpRequest')
            }
        )

        assert 401 == res.status_code
Example #53
0
    def test_not_allowed(self, app, db_session, group):
        from occams_studies import models as studies

        environ = make_environ(userid=USERID, groups=[group])
        csrf_token = get_csrf_token(app, environ)

        enrollment_id = db_session.query(studies.Enrollment.id).filter(
            studies.Study.name == u'test_study').scalar()

        res = app.delete_json(self.url.format(enrollment_id),
                              extra_environ=environ,
                              status='*',
                              headers={
                                  'X-CSRF-Token': csrf_token,
                                  'X-REQUESTED-WITH': str('XMLHttpRequest')
                              },
                              params={})

        assert 403 == res.status_code
Example #54
0
    def test_mappings_delete_not_allowed(self, app, group):
        url = '/imports/mappings/delete'

        environ = make_environ(userid=USERID, groups=[group])
        csrf_token = get_csrf_token(app, environ)

        data = {'mapped_delete': []}

        response = app.delete_json(url,
                                   extra_environ=environ,
                                   status='*',
                                   headers={
                                       'X-CSRF-Token': csrf_token,
                                       'X-REQUESTED-WITH':
                                       str('XMLHttpRequest')
                                   },
                                   params=data)

        assert response.status_code == 403
Example #55
0
    def test_allowed(self, app, db_session, group):
        environ = make_environ(userid=USERID, groups=[group])
        csrf_token = get_csrf_token(app, environ)

        data = {'name': u'test',
                'title': u'test_title',
                'short_title': u'test2',
                'code': u'test3',
                'consent_date': '2015-01-01'}

        res = app.post_json(
            self.url,
            extra_environ=environ,
            status='*',
            headers={
                'X-CSRF-Token': csrf_token
            },
            params=data)
        assert 200 == res.status_code
    def test_occams_codebook_insert(self, app, db_session, group):
        import datetime
        from pkg_resources import resource_filename
        from occams_datastore import models as datastore

        url = '/imports/codebooks/occams/status'

        environ = make_environ(userid=USERID, groups=[group])
        csrf_token = get_csrf_token(app, environ)

        data = {'mode': None, 'study': u'DRSC', 'delimiter': u'comma'}

        codebook = open(resource_filename('tests.fixtures', 'codebook.csv'),
                        'rb')
        csv_data = codebook.read()

        app.post(url,
                 extra_environ=environ,
                 expect_errors=True,
                 upload_files=[('codebook', 'test.csv', csv_data)],
                 headers={
                     'X-CSRF-Token': csrf_token,
                 },
                 params=data)

        codebook.close()

        form = db_session.query(datastore.Schema).one()
        attributes = db_session.query(datastore.Attribute).filter(
            datastore.Schema.id == form.id).order_by(
                datastore.Attribute.name).all()

        assert form.name == u'ClinicalAssessment595vitd'
        assert form.title == u'595 Vitamin D - Clinical Assessment'
        assert form.publish_date == datetime.date(2014, 10, 23)
        assert attributes[0].name == u'cont'
        assert attributes[2].name == u'frac'

        expected_title = u'Has the subject had any fractures since the visit?'
        assert attributes[2].title == expected_title

        assert attributes[2].choices['0'].title == u'No'
Example #57
0
    def test_not_allowed(self, app, db_session, group):
        from occams_studies import models as studies

        environ = make_environ(userid=USERID, groups=[group])
        csrf_token = get_csrf_token(app, environ)

        visit_date = db_session.query(studies.Visit.visit_date).filter(
            studies.Patient.pid == u'123').scalar()

        res = app.delete(self.url.format(visit_date),
                         extra_environ=environ,
                         status='*',
                         headers={
                             'X-CSRF-Token': csrf_token,
                             'X-REQUESTED-WITH': str('XMLHttpRequest')
                         },
                         xhr=True,
                         params={})

        assert 403 == res.status_code
    def test_qds_insert(self, app, db_session, group):
        import datetime
        from pkg_resources import resource_filename
        from occams_datastore import models as datastore

        url = '/imports/codebooks/qds/status'

        environ = make_environ(userid=USERID, groups=[group])
        csrf_token = get_csrf_token(app, environ)

        data = {'mode': None, 'study': u'DRSC', 'delimiter': u'comma'}

        qds = open(
            resource_filename('tests.fixtures', 'qds_input_fixture.csv'), 'rb')
        qds_data = qds.read()

        app.post(url,
                 extra_environ=environ,
                 expect_errors=True,
                 upload_files=[('codebook', 'test.csv', qds_data)],
                 headers={
                     'X-CSRF-Token': csrf_token,
                 },
                 params=data)

        qds.close()

        form = db_session.query(datastore.Schema).one()
        attributes = db_session.query(datastore.Attribute).filter(
            datastore.Schema.id == form.id).order_by(
                datastore.Attribute.name).all()

        assert form.name == u'Test_Schema_Title'
        assert form.title == u'Test Schema Title'
        assert form.publish_date == datetime.date(2015, 8, 11)
        assert attributes[0].name == u'BIRTHSEX'
        assert attributes[1].name == u'GENDER'
        assert attributes[2].name == u'TODAY'
        assert attributes[0].type == u'choice'
        assert attributes[1].type == u'choice'
        assert attributes[2].type == u'string'
Example #59
0
    def test_not_allowed(self, app, db_session, group):
        from occams_datastore import models as datastore

        environ = make_environ(userid=USERID, groups=[group])
        csrf_token = get_csrf_token(app, environ)

        form_id = db_session.query(datastore.Schema.id).filter(
            datastore.Schema.name == u'test_schema').scalar()

        data = {'schema': form_id, 'collect_date': '2015-01-01'}

        res = app.post_json(self.url,
                            extra_environ=environ,
                            status='*',
                            headers={
                                'X-CSRF-Token': csrf_token,
                                'X-REQUESTED-WITH': str('XMLHttpRequest')
                            },
                            params=data)

        assert 403 == res.status_code