def test_download_files_permissions(
client, json_headers, location, testdata, users, pid, expected
):
"""Test download files permissions."""
# Create e-item bucket
user_login("admin", client, users)
url = url_for("invenio_app_ils_files.eitmid_bucket", pid_value=pid)
res = _test_response(client, "post", url, json_headers, None, 201)
bucket_id = json.loads(res.data)["metadata"]["bucket_id"]
# Upload file to e-item bucket
filename = "myfile.txt"
data = b"hello world"
url = url_for(
"invenio_files_rest.object_api", bucket_id=bucket_id, key=filename
)
_test_response(
client, "put", url, json_headers, None, 200, input_stream=BytesIO(data)
)
current_search.flush_and_refresh(index="eitems")
# Download file
for user_id, status_code in expected:
user_login(user_id, client, users)
_test_response(client, "get", url, None, None, status_code)
def test_post_partial_internal_location(client, json_headers, testdata, users):
"""Test POST of internal_location without all required data."""
user_login(client, "admin", users)
del NEW_INTERNAL_LOCATION["location_pid"]
url = url_for("invenio_records_rest.ilocid_list")
validate_response(client, "post", url, json_headers, NEW_INTERNAL_LOCATION,
400)
def test_upload_files_permissions(
client, json_headers, bucket, testdata, users
):
"""Test upload files permissions."""
filename = "myfile.txt"
data = b"hello world"
url = url_for(
"invenio_files_rest.object_api", bucket_id=str(bucket.id), key=filename
)
test_data = [
("anonymous", 404),
("admin", 200),
("librarian", 200),
("patron1", 404),
]
for user_id, status_code in test_data:
user_login(user_id, client, users)
_test_response(
client,
"put",
url,
json_headers,
None,
status_code,
input_stream=BytesIO(data),
)
def test_post_internal_location(client, json_headers, testdata, users):
"""Test POST of internal_location."""
user_login(client, "admin", users)
url = url_for("invenio_records_rest.ilocid_list")
res = validate_response(client, "post", url, json_headers,
NEW_INTERNAL_LOCATION, 201)
data = json.loads(res.data.decode("utf-8"))["metadata"]
assert "name" in data["location"]
def test_post_item(client, json_headers, testdata, users, item_record):
"""Test POST of an item."""
user_login("admin", client, users)
url = url_for("invenio_records_rest.pitmid_list")
del item_record["pid"]
res = validate_response(
client, "post", url, json_headers, item_record, 201)
data = json.loads(res.data.decode("utf-8"))["metadata"]
assert "name" in data["internal_location"]
def test_get_document_request_endpoint(
client,
json_headers,
testdata,
users,
user,
res_id,
expected_resp_code,
):
"""Test GET permissions."""
user_login(client, user, users)
url = url_for("invenio_records_rest.dreqid_item", pid_value=res_id)
validate_response(
client, "get", url, json_headers, None, expected_resp_code)
def test_document_request_remove_provider(
client,
json_headers,
testdata,
users,
user,
res_id,
expected_resp_code,
):
"""Test remove provider from Document Request permissions."""
user_login(client, user, users)
url = url_for("ils_document_request.dreqid_provider", pid_value=res_id)
validate_response(
client, "delete", url, json_headers, None, expected_resp_code)
def test_document_request_add_document(
client,
json_headers,
testdata,
users,
user_id,
res_id,
expected_resp_code,
):
"""Test add document to Document Request permissions."""
user_login(user_id, client, users)
url = url_for("ils_document_request.dreqid_document", pid_value=res_id)
data = {"document_pid": "docid-1"}
validate_response(client, "post", url, json_headers, data,
expected_resp_code)
def test_get_item_endpoint(
client,
json_headers,
testdata,
users,
with_access,
user_id,
res_id,
expected_resp_code,
):
"""Test GET permissions."""
user_login(user_id, client, users)
url = url_for("invenio_records_rest.pitmid_item", pid_value=res_id)
validate_response(client, "get", url, json_headers, None,
expected_resp_code)
def test_document_request_remove_document(
client,
json_headers,
testdata,
users,
user,
res_id,
expected_resp_code,
):
"""Test remove document from Document Request permissions."""
user_login(client, user, users)
url = url_for("ils_document_request.dreqid_document", pid_value=res_id)
data = {"document_pid": "docid-1"}
validate_response(
client, "delete", url, json_headers, data, expected_resp_code)
def test_document_request_reject(
client,
json_headers,
testdata,
users,
user,
res_id,
expected_resp_code,
):
"""Test Document Request permissions to reject request."""
user_login(client, user, users)
url = url_for("ils_document_request.dreqid_reject", pid_value=res_id)
data = {"reject_reason": "USER_CANCEL"}
validate_response(
client, "post", url, json_headers, data, expected_resp_code)
def test_document_request_accept(
client,
json_headers,
testdata,
users,
user,
res_id,
expected_resp_code,
):
"""Test Document Request permissions to accept request."""
user_login(client, user, users)
url = url_for("ils_document_request.dreqid_accept", pid_value=res_id)
data = {"state": "ACCEPTED"}
validate_response(
client, "post", url, json_headers, data, expected_resp_code)
def test_create_bucket_permissions(
client, json_headers, location, testdata, users
):
"""Test create bucket permissions."""
url = url_for("invenio_app_ils_files.eitmid_bucket", pid_value="eitemid-1")
_test_response(client, "post", url, json_headers, None, 401)
test_data = [
("admin", "eitemid-1", 201),
("librarian", "eitemid-2", 201),
("patron1", "eitemid-2", 403),
]
for user_id, pid, status_code in test_data:
user_login(user_id, client, users)
url = url_for("invenio_app_ils_files.eitmid_bucket", pid_value=pid)
_test_response(client, "post", url, json_headers, None, status_code)
def test_put_item_endpoint(
client,
json_headers,
testdata,
users,
user_id,
res_id,
expected_resp_code,
item_record,
):
"""Test PUT permissions of an item."""
url = url_for("invenio_records_rest.pitmid_item", pid_value=res_id)
user_login(user_id, client, users)
ITEM = copy.deepcopy(item_record)
res = validate_response(client, "put", url, json_headers, ITEM,
expected_resp_code)
validate_data("pid", res_id, res)
def test_post_item_endpoint(
client,
json_headers,
testdata,
users,
user_id,
expected_resp_code,
item_record,
):
"""Test POST permissions of an item."""
user_login(user_id, client, users)
url = url_for("invenio_records_rest.pitmid_list")
ITEM = copy.deepcopy(item_record)
if "pid" in ITEM:
del ITEM["pid"]
res = validate_response(client, "post", url, json_headers, ITEM,
expected_resp_code)
validate_data("barcode", ITEM["barcode"], res)
def test_document_request_add_provider(
client,
json_headers,
testdata,
users,
user,
res_id,
expected_resp_code,
):
"""Test add provider to Document Request permissions."""
user_login(client, user, users)
url = url_for("ils_document_request.dreqid_provider", pid_value=res_id)
data = {
"physical_item_provider": {
"pid": "acquisition-order-pid",
"pid_type": "acquisition"
}
}
validate_response(
client, "post", url, json_headers, data, expected_resp_code)
def test_access_permissions(client, json_headers, testdata, users,
with_access):
"""Test GET documents with `_access` ignoring `open_access`."""
# set the documents to have read access only by patron2. `_access` should
# be taken into account and take precedence over `open_access`.
indexer = RecordIndexer()
doc1 = Document.get_record_by_pid("docid-open-access")
doc2 = Document.get_record_by_pid("docid-closed-access")
for doc in [doc1, doc2]:
doc.update(dict(_access=dict(read=[users["patron2"].id])))
doc.commit()
db.session.commit()
indexer.index(doc)
current_search.flush_and_refresh(index="documents")
test_data = [
("anonymous", "docid-open-access", 401, 0),
("patron1", "docid-open-access", 403, 0),
("patron2", "docid-open-access", 200, 1), # should have access
("librarian", "docid-open-access", 200, 1),
("admin", "docid-open-access", 200, 1),
("anonymous", "docid-closed-access", 401, 0),
("patron1", "docid-closed-access", 403, 0),
("patron2", "docid-closed-access", 200, 1), # should have access
("librarian", "docid-closed-access", 200, 1),
("admin", "docid-closed-access", 200, 1),
]
for user_id, pid, status_code, n_hits in test_data:
# item endpoint
user_login(user_id, client, users)
url = url_for("invenio_records_rest.docid_item", pid_value=pid)
res = client.get(url, headers=json_headers)
assert res.status_code == status_code
# list endpoint
user_login(user_id, client, users)
url = url_for("invenio_records_rest.docid_list",
q="pid:{}".format(pid))
res = client.get(url, headers=json_headers)
hits = json.loads(res.data.decode("utf-8"))
assert hits["hits"]["total"] == n_hits
def test_create_bucket_endpoint(
client, json_headers, location, testdata, users
):
"""Test GET permissions."""
user_login("admin", client, users)
url_with_bucket_id = url_for(
"invenio_app_ils_files.eitmid_bucket", pid_value="eitemid-3"
)
url_without_bucket_id = url_for(
"invenio_app_ils_files.eitmid_bucket", pid_value="eitemid-4"
)
res1 = _test_response(
client, "post", url_with_bucket_id, json_headers, None, 200
)
_test_data_exists("bucket_id", res1)
res2 = _test_response(
client, "post", url_without_bucket_id, json_headers, None, 201
)
_test_data_exists("bucket_id", res2)
def test_delete_item_endpoint(
client,
json_headers,
testdata,
users,
user_id,
res_id,
expected_resp_code,
item_record,
):
"""Test DELETE permissions of an item."""
user_login(user_id, client, users)
url = url_for("invenio_records_rest.pitmid_item", pid_value=res_id)
validate_response(
client,
"delete",
url,
json_headers,
data=item_record,
expected_resp_code=expected_resp_code,
)
def test_item_circulation(
client,
json_headers,
testdata,
users,
user_id,
res_id,
expected_resp_code,
filtered,
):
"""Test item circulation filtering."""
user_login(user_id, client, users)
url = url_for("invenio_records_rest.pitmid_item", pid_value=res_id)
res = validate_response(client, "get", url, json_headers, None,
expected_resp_code)
circulation = res.json["metadata"]["circulation"]
filter_keys = ["loan_pid", "patron_pid"]
if filtered:
for key in filter_keys:
assert key not in circulation
else:
for key in filter_keys:
assert key in circulation
