def test_resolve_guid_download_errors(self):
testfile = TestFile.get_or_create(self.node, 'folder/path')
testfile.name = 'asdf'
testfile.materialized_path = '/folder/path'
guid = testfile.get_guid(create=True)
testfile.save()
testfile.delete()
res = self.app.get('/{}/download'.format(guid), expect_errors=True)
assert res.status_code == 404
pp = PreprintFactory(is_published=False)
res = self.app.get(pp.url + 'download', expect_errors=True)
assert res.status_code == 404
pp.is_published = True
pp.save()
pp.is_public = False
pp.save()
non_contrib = AuthUserFactory()
res = self.app.get(pp.url + 'download', auth=non_contrib.auth, expect_errors=True)
assert res.status_code == 403
pp.deleted = timezone.now()
pp.save()
res = self.app.get(pp.url + 'download', auth=non_contrib.auth, expect_errors=True)
assert res.status_code == 410
def test_resolve_guid_download_errors(self):
testfile = TestFile.get_or_create(self.node, 'folder/path')
testfile.name = 'asdf'
testfile.materialized_path = '/folder/path'
guid = testfile.get_guid(create=True)
testfile.save()
testfile.delete()
res = self.app.get('/{}/download'.format(guid), expect_errors=True)
assert res.status_code == 404
pp = PreprintFactory(is_published=False)
res = self.app.get(pp.url + 'download', expect_errors=True)
assert res.status_code == 404
pp.is_published = True
pp.save()
pp.is_public = False
pp.save()
non_contrib = AuthUserFactory()
res = self.app.get(pp.url + 'download', auth=non_contrib.auth, expect_errors=True)
assert res.status_code == 403
pp.deleted = timezone.now()
pp.save()
res = self.app.get(pp.url + 'download', auth=non_contrib.auth, expect_errors=True)
assert res.status_code == 410
def pre_mod_preprint(self, admin, write_contrib, pre_mod_provider):
pre = PreprintFactory(creator=admin,
provider=pre_mod_provider,
is_published=False,
machine_state='pending')
pre.ever_public = True
pre.save()
pre.add_contributor(contributor=write_contrib,
permissions=permissions.WRITE,
save=True)
pre.is_public = True
pre.save()
return pre
def test_filter_withdrawn_preprint(self, app, url, user, project_one,
provider_one, provider_two):
preprint_one = PreprintFactory(is_published=False,
creator=user,
project=project_one,
provider=provider_one)
preprint_one.date_withdrawn = timezone.now()
preprint_one.is_public = True
preprint_one.is_published = True
preprint_one.date_published = timezone.now()
preprint_one.machine_state = 'accepted'
assert preprint_one.ever_public is False
# Putting this preprint in a weird state, is verified_publishable, but has been
# withdrawn and ever_public is False. This is to isolate withdrawal portion of query
preprint_one.save()
preprint_two = PreprintFactory(creator=user,
project=project_one,
provider=provider_two)
preprint_two.date_withdrawn = timezone.now()
preprint_two.ever_public = True
preprint_two.save()
# Unauthenticated can only see withdrawn preprints that have been public
expected = [preprint_two._id]
res = app.get(url)
actual = [preprint['id'] for preprint in res.json['data']]
assert set(expected) == set(actual)
# Noncontribs can only see withdrawn preprints that have been public
user2 = AuthUserFactory()
expected = [preprint_two._id]
res = app.get(url, auth=user2.auth)
actual = [preprint['id'] for preprint in res.json['data']]
assert set(expected) == set(actual)
# contribs can only see withdrawn preprints that have been public
user2 = AuthUserFactory()
preprint_one.add_contributor(user2, 'read')
preprint_two.add_contributor(user2, 'read')
expected = [preprint_two._id]
res = app.get(url, auth=user2.auth)
actual = [preprint['id'] for preprint in res.json['data']]
assert set(expected) == set(actual)
expected = [preprint_two._id]
# Admins can only see withdrawn preprints that have been public
res = app.get(url, auth=user.auth)
actual = [preprint['id'] for preprint in res.json['data']]
assert set(expected) == set(actual)
def test_filter_withdrawn_preprint(self, app, url, user):
preprint_one = PreprintFactory(is_published=False, creator=user)
preprint_one.date_withdrawn = timezone.now()
preprint_one.is_public = True
preprint_one.is_published = True
preprint_one.date_published = timezone.now()
preprint_one.machine_state = 'accepted'
assert preprint_one.ever_public is False
# Putting this preprint in a weird state, is verified_publishable, but has been
# withdrawn and ever_public is False. This is to isolate withdrawal portion of query
preprint_one.save()
preprint_two = PreprintFactory(creator=user)
preprint_two.date_withdrawn = timezone.now()
preprint_two.ever_public = True
preprint_two.save()
# Unauthenticated users cannot see users/me/preprints
url = '/{}users/me/preprints/?version=2.2&'.format(API_BASE)
expected = [preprint_two._id]
res = app.get(url, expect_errors=True)
assert res.status_code == 401
# Noncontribs cannot see withdrawn preprints
user2 = AuthUserFactory()
url = '/{}users/{}/preprints/?version=2.2&'.format(API_BASE, user2._id)
expected = []
res = app.get(url, auth=user2.auth)
actual = [preprint['id'] for preprint in res.json['data']]
assert set(expected) == set(actual)
# Read contribs - contrib=False on UserPreprints filter so read contribs can only see
# withdrawn preprints that were once public
user2 = AuthUserFactory()
preprint_one.add_contributor(user2, 'read', save=True)
preprint_two.add_contributor(user2, 'read', save=True)
url = '/{}users/{}/preprints/?version=2.2&'.format(API_BASE, user2._id)
expected = [preprint_two._id]
res = app.get(url, auth=user2.auth)
actual = [preprint['id'] for preprint in res.json['data']]
assert set(expected) == set(actual)
expected = [preprint_two._id]
# Admin contribs can only see withdrawn preprints that were once public
res = app.get(url, auth=user.auth)
actual = [preprint['id'] for preprint in res.json['data']]
assert set(expected) == set(actual)
def test_filter_withdrawn_preprint(self, app, url, user):
preprint_one = PreprintFactory(is_published=False, creator=user)
preprint_one.date_withdrawn = timezone.now()
preprint_one.is_public = True
preprint_one.is_published = True
preprint_one.date_published = timezone.now()
preprint_one.machine_state = 'accepted'
assert preprint_one.ever_public is False
# Putting this preprint in a weird state, is verified_publishable, but has been
# withdrawn and ever_public is False. This is to isolate withdrawal portion of query
preprint_one.save()
preprint_two = PreprintFactory(creator=user)
preprint_two.date_withdrawn = timezone.now()
preprint_two.ever_public = True
preprint_two.save()
# Unauthenticated users cannot see users/me/preprints
url = '/{}users/me/preprints/?version=2.2&'.format(API_BASE)
expected = [preprint_two._id]
res = app.get(url, expect_errors=True)
assert res.status_code == 401
# Noncontribs cannot see withdrawn preprints
user2 = AuthUserFactory()
url = '/{}users/{}/preprints/?version=2.2&'.format(API_BASE, user2._id)
expected = []
res = app.get(url, auth=user2.auth)
actual = [preprint['id'] for preprint in res.json['data']]
assert set(expected) == set(actual)
# Read contribs - contrib=False on UserPreprints filter so read contribs can only see
# withdrawn preprints that were once public
user2 = AuthUserFactory()
preprint_one.add_contributor(user2, permissions.READ, save=True)
preprint_two.add_contributor(user2, permissions.READ, save=True)
url = '/{}users/{}/preprints/?version=2.2&'.format(API_BASE, user2._id)
expected = [preprint_two._id]
res = app.get(url, auth=user2.auth)
actual = [preprint['id'] for preprint in res.json['data']]
assert set(expected) == set(actual)
expected = [preprint_two._id]
# Admin contribs can only see withdrawn preprints that were once public
res = app.get(url, auth=user.auth)
actual = [preprint['id'] for preprint in res.json['data']]
assert set(expected) == set(actual)
def pre_mod_preprint(self, admin, write_contrib, pre_mod_provider):
pre = PreprintFactory(
creator=admin,
provider=pre_mod_provider,
is_published=False,
machine_state='pending'
)
pre.ever_public = True
pre.save()
pre.add_contributor(
contributor=write_contrib,
permissions='write',
save=True
)
pre.is_public = True
pre.save()
return pre
def test_filter_withdrawn_preprint(self, app, url, user, project_one, provider_one, provider_two):
preprint_one = PreprintFactory(is_published=False, creator=user, project=project_one, provider=provider_one)
preprint_one.date_withdrawn = timezone.now()
preprint_one.is_public = True
preprint_one.is_published = True
preprint_one.date_published = timezone.now()
preprint_one.machine_state = 'accepted'
assert preprint_one.ever_public is False
# Putting this preprint in a weird state, is verified_publishable, but has been
# withdrawn and ever_public is False. This is to isolate withdrawal portion of query
preprint_one.save()
preprint_two = PreprintFactory(creator=user, project=project_one, provider=provider_two)
preprint_two.date_withdrawn = timezone.now()
preprint_two.ever_public = True
preprint_two.save()
# Unauthenticated can only see withdrawn preprints that have been public
expected = [preprint_two._id]
res = app.get(url)
actual = [preprint['id'] for preprint in res.json['data']]
assert set(expected) == set(actual)
# Noncontribs can only see withdrawn preprints that have been public
user2 = AuthUserFactory()
expected = [preprint_two._id]
res = app.get(url, auth=user2.auth)
actual = [preprint['id'] for preprint in res.json['data']]
assert set(expected) == set(actual)
# contribs can only see withdrawn preprints that have been public
user2 = AuthUserFactory()
preprint_one.add_contributor(user2, 'read')
preprint_two.add_contributor(user2, 'read')
expected = [preprint_two._id]
res = app.get(url, auth=user2.auth)
actual = [preprint['id'] for preprint in res.json['data']]
assert set(expected) == set(actual)
expected = [preprint_two._id]
# Admins can only see withdrawn preprints that have been public
res = app.get(url, auth=user.auth)
actual = [preprint['id'] for preprint in res.json['data']]
assert set(expected) == set(actual)
def private_preprint(user):
preprint = PreprintFactory(creator=user)
preprint.is_public = False
preprint.save()
return preprint
def private_preprint(user):
preprint = PreprintFactory(creator=user)
preprint.is_public = False
preprint.save()
return preprint
