class TestOSFGroupsView(AdminTestCase):
def setUp(self):
super(TestOSFGroupsView, self).setUp()
self.user = UserFactory()
self.user_two = UserFactory()
self.project = ProjectFactory()
self.group = OSFGroupFactory(name='test', creator=self.user)
self.group.make_member(self.user_two)
self.group.add_group_to_node(self.project)
self.group.save()
self.request = RequestFactory().post('/fake_path')
def test_get_object(self):
view = OSFGroupsView()
view = setup_log_view(view, self.request, id=self.group._id)
group = view.get_object()
nt.assert_equal(self.group.name, group['name'])
nt.assert_equal(self.user.fullname, group['creator']['name'])
nt.assert_equal(len(group['members']), 1)
nt.assert_equal(group['members'][0]['name'], self.user_two.fullname)
nt.assert_equal(group['members'][0]['id'], self.user_two._id)
nt.assert_equal(len(group['managers']), 1)
nt.assert_equal(group['managers'][0]['name'], self.user.fullname)
nt.assert_equal(group['managers'][0]['id'], self.user._id)
nt.assert_equal([serialize_node_for_groups(self.project, self.group)],
group['nodes'])
nt.assert_equal(group['nodes'][0]['title'], self.project.title)
nt.assert_equal(group['nodes'][0]['permission'], WRITE)
def test_more_than_one_projects_in_common(self, app, user_one, user_two):
group = OSFGroupFactory(creator=user_one)
group.make_member(user_two)
project1 = ProjectFactory(creator=user_one)
project1.add_contributor(contributor=user_two,
permissions=CREATOR_PERMISSIONS,
auth=Auth(user=user_one))
project1.save()
project2 = ProjectFactory(creator=user_one)
project2.add_contributor(contributor=user_two,
permissions=CREATOR_PERMISSIONS,
auth=Auth(user=user_one))
project2.save()
project3 = ProjectFactory()
project4 = ProjectFactory()
project3.add_osf_group(group)
project4.add_osf_group(group)
project4.is_deleted = True
project3.save()
project4.save()
RegistrationFactory(project=project1, creator=user_one, is_public=True)
url = '/{}users/?show_projects_in_common=true'.format(API_BASE)
res = app.get(url, auth=user_two.auth)
user_json = res.json['data']
for user in user_json:
if user['id'] == user_two._id:
meta = user['relationships']['nodes']['links']['related'][
'meta']
assert 'projects_in_common' in meta
assert meta['projects_in_common'] == 4
def test_node_contributor_detail_serializes_contributor_perms(
self, app, user, make_resource_url, project_public):
user_two = AuthUserFactory()
project_public.add_contributor(user_two, permissions.WRITE)
project_public.save()
osf_group = OSFGroupFactory(creator=user)
osf_group.make_member(user_two)
project_public.add_osf_group(osf_group, permissions.ADMIN)
url = make_resource_url(project_public._id, user_two._id)
res = app.get(url, auth=user.auth)
# Even though user_two has admin perms through group membership,
# contributor endpoints return contributor permissions
assert res.json['data']['attributes'][
'permission'] == permissions.WRITE
assert project_public.has_permission(user_two,
permissions.ADMIN) is True
def test_node_contributor_detail_serializes_contributor_perms(
self, app, user):
project = ProjectFactory(creator=user, is_public=True)
user_two = AuthUserFactory()
project.add_contributor(user_two, permissions.WRITE)
project.save()
osf_group = OSFGroupFactory(creator=user)
osf_group.make_member(user_two)
project.add_osf_group(osf_group, permissions.ADMIN)
url = '/{}nodes/{}/contributors/{}/'.format(API_BASE, project._id,
user_two._id)
res = app.get(url, auth=user.auth)
# Even though user_two has admin perms through group membership,
# contributor endpoints return contributor permissions
assert res.json['data']['attributes'][
'permission'] == permissions.WRITE
assert project.has_permission(user_two, permissions.ADMIN) is True
def osf_group(manager, member):
group = OSFGroupFactory(name='Platform Team', creator=manager)
group.make_member(member)
return group
def osf_group(manager, member, old_name):
group = OSFGroupFactory(name=old_name, creator=manager)
group.make_member(member)
return group
def group(group_manager, group_member, group_member_and_contributor):
group = OSFGroupFactory(creator=group_manager)
group.make_member(group_member)
group.make_member(group_member_and_contributor)
return group
def test_delete_group(self, app, public_detail_url, public_project,
osf_group, member, manager, non_contrib,
write_contrib):
with override_flag(OSF_GROUPS, active=True):
public_project.add_contributor(manager,
permissions=permissions.ADMIN)
payload = {
'data': [{
'type':
'node-groups',
'id':
'{}-{}'.format(public_project._id, osf_group._id)
}]
}
# group has not been added to the node
res = app.delete_json_api(public_detail_url,
payload,
auth=public_project.creator.auth,
expect_errors=True)
assert res.status_code == 404
public_project.add_osf_group(osf_group, permissions.WRITE)
# test member with write permission cannot remove group
res = app.delete_json_api(public_detail_url,
payload,
auth=member.auth,
expect_errors=True)
assert res.status_code == 403
# not logged in user cannot remove group
res = app.delete_json_api(public_detail_url,
payload,
expect_errors=True)
assert res.status_code == 401
# non contributor cannot remove group
res = app.delete_json_api(public_detail_url,
payload,
auth=non_contrib.auth,
expect_errors=True)
assert res.status_code == 403
# write contributor cannot remove group
res = app.delete_json_api(public_detail_url,
payload,
auth=write_contrib.auth,
expect_errors=True)
assert res.status_code == 403
# test manager on group can remove group
res = app.delete_json_api(public_detail_url,
payload,
auth=manager.auth)
assert res.status_code == 204
assert osf_group not in public_project.osf_groups
# test member with admin permissions can remove group
public_project.add_osf_group(osf_group, permissions.ADMIN)
res = app.delete_json_api(public_detail_url,
payload,
auth=member.auth)
assert res.status_code == 204
assert osf_group not in public_project.osf_groups
second_group = OSFGroupFactory(creator=non_contrib)
second_group.make_member(member)
public_project.add_osf_group(second_group, permissions.WRITE)
# test member with write cannot remove group
second_payload = {
'data': [{
'type':
'node-groups',
'id':
'{}-{}'.format(public_project._id, second_group._id)
}]
}
second_url = '/{}nodes/{}/groups/{}/'.format(
API_BASE, public_project._id, second_group._id)
res = app.delete_json_api(second_url,
second_payload,
auth=member.auth,
expect_errors=True)
assert res.status_code == 403
# test manager can remove the group (even though they are not an admin contributor)
res = app.delete_json_api(second_url,
second_payload,
auth=non_contrib.auth,
expect_errors=True)
assert res.status_code == 204
assert second_group not in public_project.osf_groups
def osf_group(member, manager):
group = OSFGroupFactory(creator=manager, name='Platform Team')
group.make_member(member, auth=Auth(manager))
return group
