def test_download_files_permissions( client, json_headers, location, testdata, users, pid, expected ): """Test download files permissions.""" # Create e-item bucket user_login("admin", client, users) url = url_for("invenio_app_ils_files.eitmid_bucket", pid_value=pid) res = _test_response(client, "post", url, json_headers, None, 201) bucket_id = json.loads(res.data)["metadata"]["bucket_id"] # Upload file to e-item bucket filename = "myfile.txt" data = b"hello world" url = url_for( "invenio_files_rest.object_api", bucket_id=bucket_id, key=filename ) _test_response( client, "put", url, json_headers, None, 200, input_stream=BytesIO(data) ) current_search.flush_and_refresh(index="eitems") # Download file for user_id, status_code in expected: user_login(user_id, client, users) _test_response(client, "get", url, None, None, status_code)
def test_post_partial_internal_location(client, json_headers, testdata, users): """Test POST of internal_location without all required data.""" user_login(client, "admin", users) del NEW_INTERNAL_LOCATION["location_pid"] url = url_for("invenio_records_rest.ilocid_list") validate_response(client, "post", url, json_headers, NEW_INTERNAL_LOCATION, 400)
def test_upload_files_permissions( client, json_headers, bucket, testdata, users ): """Test upload files permissions.""" filename = "myfile.txt" data = b"hello world" url = url_for( "invenio_files_rest.object_api", bucket_id=str(bucket.id), key=filename ) test_data = [ ("anonymous", 404), ("admin", 200), ("librarian", 200), ("patron1", 404), ] for user_id, status_code in test_data: user_login(user_id, client, users) _test_response( client, "put", url, json_headers, None, status_code, input_stream=BytesIO(data), )
def test_post_internal_location(client, json_headers, testdata, users): """Test POST of internal_location.""" user_login(client, "admin", users) url = url_for("invenio_records_rest.ilocid_list") res = validate_response(client, "post", url, json_headers, NEW_INTERNAL_LOCATION, 201) data = json.loads(res.data.decode("utf-8"))["metadata"] assert "name" in data["location"]
def test_post_item(client, json_headers, testdata, users, item_record): """Test POST of an item.""" user_login("admin", client, users) url = url_for("invenio_records_rest.pitmid_list") del item_record["pid"] res = validate_response( client, "post", url, json_headers, item_record, 201) data = json.loads(res.data.decode("utf-8"))["metadata"] assert "name" in data["internal_location"]
def test_get_document_request_endpoint( client, json_headers, testdata, users, user, res_id, expected_resp_code, ): """Test GET permissions.""" user_login(client, user, users) url = url_for("invenio_records_rest.dreqid_item", pid_value=res_id) validate_response( client, "get", url, json_headers, None, expected_resp_code)
def test_document_request_remove_provider( client, json_headers, testdata, users, user, res_id, expected_resp_code, ): """Test remove provider from Document Request permissions.""" user_login(client, user, users) url = url_for("ils_document_request.dreqid_provider", pid_value=res_id) validate_response( client, "delete", url, json_headers, None, expected_resp_code)
def test_document_request_add_document( client, json_headers, testdata, users, user_id, res_id, expected_resp_code, ): """Test add document to Document Request permissions.""" user_login(user_id, client, users) url = url_for("ils_document_request.dreqid_document", pid_value=res_id) data = {"document_pid": "docid-1"} validate_response(client, "post", url, json_headers, data, expected_resp_code)
def test_get_item_endpoint( client, json_headers, testdata, users, with_access, user_id, res_id, expected_resp_code, ): """Test GET permissions.""" user_login(user_id, client, users) url = url_for("invenio_records_rest.pitmid_item", pid_value=res_id) validate_response(client, "get", url, json_headers, None, expected_resp_code)
def test_document_request_remove_document( client, json_headers, testdata, users, user, res_id, expected_resp_code, ): """Test remove document from Document Request permissions.""" user_login(client, user, users) url = url_for("ils_document_request.dreqid_document", pid_value=res_id) data = {"document_pid": "docid-1"} validate_response( client, "delete", url, json_headers, data, expected_resp_code)
def test_document_request_reject( client, json_headers, testdata, users, user, res_id, expected_resp_code, ): """Test Document Request permissions to reject request.""" user_login(client, user, users) url = url_for("ils_document_request.dreqid_reject", pid_value=res_id) data = {"reject_reason": "USER_CANCEL"} validate_response( client, "post", url, json_headers, data, expected_resp_code)
def test_document_request_accept( client, json_headers, testdata, users, user, res_id, expected_resp_code, ): """Test Document Request permissions to accept request.""" user_login(client, user, users) url = url_for("ils_document_request.dreqid_accept", pid_value=res_id) data = {"state": "ACCEPTED"} validate_response( client, "post", url, json_headers, data, expected_resp_code)
def test_create_bucket_permissions( client, json_headers, location, testdata, users ): """Test create bucket permissions.""" url = url_for("invenio_app_ils_files.eitmid_bucket", pid_value="eitemid-1") _test_response(client, "post", url, json_headers, None, 401) test_data = [ ("admin", "eitemid-1", 201), ("librarian", "eitemid-2", 201), ("patron1", "eitemid-2", 403), ] for user_id, pid, status_code in test_data: user_login(user_id, client, users) url = url_for("invenio_app_ils_files.eitmid_bucket", pid_value=pid) _test_response(client, "post", url, json_headers, None, status_code)
def test_put_item_endpoint( client, json_headers, testdata, users, user_id, res_id, expected_resp_code, item_record, ): """Test PUT permissions of an item.""" url = url_for("invenio_records_rest.pitmid_item", pid_value=res_id) user_login(user_id, client, users) ITEM = copy.deepcopy(item_record) res = validate_response(client, "put", url, json_headers, ITEM, expected_resp_code) validate_data("pid", res_id, res)
def test_post_item_endpoint( client, json_headers, testdata, users, user_id, expected_resp_code, item_record, ): """Test POST permissions of an item.""" user_login(user_id, client, users) url = url_for("invenio_records_rest.pitmid_list") ITEM = copy.deepcopy(item_record) if "pid" in ITEM: del ITEM["pid"] res = validate_response(client, "post", url, json_headers, ITEM, expected_resp_code) validate_data("barcode", ITEM["barcode"], res)
def test_document_request_add_provider( client, json_headers, testdata, users, user, res_id, expected_resp_code, ): """Test add provider to Document Request permissions.""" user_login(client, user, users) url = url_for("ils_document_request.dreqid_provider", pid_value=res_id) data = { "physical_item_provider": { "pid": "acquisition-order-pid", "pid_type": "acquisition" } } validate_response( client, "post", url, json_headers, data, expected_resp_code)
def test_access_permissions(client, json_headers, testdata, users, with_access): """Test GET documents with `_access` ignoring `open_access`.""" # set the documents to have read access only by patron2. `_access` should # be taken into account and take precedence over `open_access`. indexer = RecordIndexer() doc1 = Document.get_record_by_pid("docid-open-access") doc2 = Document.get_record_by_pid("docid-closed-access") for doc in [doc1, doc2]: doc.update(dict(_access=dict(read=[users["patron2"].id]))) doc.commit() db.session.commit() indexer.index(doc) current_search.flush_and_refresh(index="documents") test_data = [ ("anonymous", "docid-open-access", 401, 0), ("patron1", "docid-open-access", 403, 0), ("patron2", "docid-open-access", 200, 1), # should have access ("librarian", "docid-open-access", 200, 1), ("admin", "docid-open-access", 200, 1), ("anonymous", "docid-closed-access", 401, 0), ("patron1", "docid-closed-access", 403, 0), ("patron2", "docid-closed-access", 200, 1), # should have access ("librarian", "docid-closed-access", 200, 1), ("admin", "docid-closed-access", 200, 1), ] for user_id, pid, status_code, n_hits in test_data: # item endpoint user_login(user_id, client, users) url = url_for("invenio_records_rest.docid_item", pid_value=pid) res = client.get(url, headers=json_headers) assert res.status_code == status_code # list endpoint user_login(user_id, client, users) url = url_for("invenio_records_rest.docid_list", q="pid:{}".format(pid)) res = client.get(url, headers=json_headers) hits = json.loads(res.data.decode("utf-8")) assert hits["hits"]["total"] == n_hits
def test_create_bucket_endpoint( client, json_headers, location, testdata, users ): """Test GET permissions.""" user_login("admin", client, users) url_with_bucket_id = url_for( "invenio_app_ils_files.eitmid_bucket", pid_value="eitemid-3" ) url_without_bucket_id = url_for( "invenio_app_ils_files.eitmid_bucket", pid_value="eitemid-4" ) res1 = _test_response( client, "post", url_with_bucket_id, json_headers, None, 200 ) _test_data_exists("bucket_id", res1) res2 = _test_response( client, "post", url_without_bucket_id, json_headers, None, 201 ) _test_data_exists("bucket_id", res2)
def test_delete_item_endpoint( client, json_headers, testdata, users, user_id, res_id, expected_resp_code, item_record, ): """Test DELETE permissions of an item.""" user_login(user_id, client, users) url = url_for("invenio_records_rest.pitmid_item", pid_value=res_id) validate_response( client, "delete", url, json_headers, data=item_record, expected_resp_code=expected_resp_code, )
def test_item_circulation( client, json_headers, testdata, users, user_id, res_id, expected_resp_code, filtered, ): """Test item circulation filtering.""" user_login(user_id, client, users) url = url_for("invenio_records_rest.pitmid_item", pid_value=res_id) res = validate_response(client, "get", url, json_headers, None, expected_resp_code) circulation = res.json["metadata"]["circulation"] filter_keys = ["loan_pid", "patron_pid"] if filtered: for key in filter_keys: assert key not in circulation else: for key in filter_keys: assert key in circulation