class TestCollectionNodeLinkDetail(ApiTestCase):
def setUp(self):
super(TestCollectionNodeLinkDetail, self).setUp()
self.user_one = AuthUserFactory()
self.user_two = AuthUserFactory()
self.collection = FolderFactory(creator=self.user_one)
self.project = ProjectFactory(creator=self.user_one, is_public=False)
self.project_public = ProjectFactory(creator=self.user_one, is_public=False)
self.node_link = self.collection.add_pointer(self.project, auth=Auth(self.user_one), save=True)
self.node_link_public = self.collection.add_pointer(self.project_public, auth=Auth(self.user_one), save=True)
self.url = '/{}collections/{}/node_links/{}/'.format(API_BASE, self.collection._id, self.node_link._id)
self.url_public = '/{}collections/{}/node_links/{}/'.format(API_BASE, self.collection._id, self.node_link_public._id)
def test_returns_error_public_node_link_detail_unauthenticated(self):
res = self.app.get(self.url_public, expect_errors=True)
assert_equal(res.status_code, 401)
assert_in('detail', res.json['errors'][0])
def test_returns_public_node_pointer_detail_authorized(self):
res = self.app.get(self.url_public, auth=self.user_one.auth)
res_json = res.json['data']
assert_equal(res.status_code, 200)
assert_equal(res.content_type, 'application/vnd.api+json')
expected_path = node_url_for(self.project_public._id)
actual_path = urlparse(res_json['relationships']['target_node']['links']['related']['href']).path
assert_equal(expected_path, actual_path)
def test_returns_error_private_node_link_detail_unauthenticated(self):
res = self.app.get(self.url, expect_errors=True)
assert_equal(res.status_code, 401)
assert_in('detail', res.json['errors'][0])
def test_returns_private_node_link_detail_authorized(self):
res = self.app.get(self.url, auth=self.user_one.auth)
res_json = res.json['data']
assert_equal(res.status_code, 200)
assert_equal(res.content_type, 'application/vnd.api+json')
expected_path = node_url_for(self.project._id)
actual_path = urlparse(res_json['relationships']['target_node']['links']['related']['href']).path
assert_equal(expected_path, actual_path)
def test_returns_error_private_node_link_detail_unauthorized(self):
res = self.app.get(self.url, auth=self.user_two.auth, expect_errors=True)
assert_equal(res.status_code, 403)
assert_in('detail', res.json['errors'][0])
def test_self_link_points_to_node_link_detail_url(self):
res = self.app.get(self.url, auth=self.user_one.auth)
assert_equal(res.status_code, 200)
url = res.json['data']['links']['self']
assert_in(self.url, url)
def test_delete_node_link_no_permissions_for_target_node(self):
pointer_project = FolderFactory(creator=self.user_two)
pointer = self.collection.add_pointer(pointer_project, auth=Auth(self.user_one), save=True)
assert_in(pointer, self.collection.nodes)
url = '/{}collections/{}/node_links/{}/'.format(API_BASE, self.collection._id, pointer._id)
res = self.app.delete_json_api(url, auth=self.user_one.auth)
assert_equal(res.status_code, 204)
def test_can_not_delete_collection_public_node_link_unauthenticated(self):
res = self.app.delete(self.url_public, expect_errors=True)
assert_equal(res.status_code, 401)
assert_in('detail', res.json['errors'][0].keys())
def test_can_not_delete_collection_public_node_pointer_unauthorized(self):
node_count_before = len(self.collection.nodes_pointer)
res = self.app.delete(self.url_public, auth=self.user_two.auth, expect_errors=True)
# This is could arguably be a 405, but we don't need to go crazy with status codes
assert_equal(res.status_code, 403)
assert_in('detail', res.json['errors'][0])
self.collection.reload()
assert_equal(node_count_before, len(self.collection.nodes_pointer))
@assert_logs(NodeLog.POINTER_REMOVED, 'collection')
def test_delete_public_node_pointer_authorized(self):
node_count_before = len(self.collection.nodes_pointer)
res = self.app.delete(self.url_public, auth=self.user_one.auth)
self.collection.reload()
assert_equal(res.status_code, 204)
assert_equal(node_count_before - 1, len(self.collection.nodes_pointer))
@assert_logs(NodeLog.POINTER_REMOVED, 'collection')
def test_delete_private_node_link_authorized(self):
node_count_before = len(self.collection.nodes_pointer)
res = self.app.delete(self.url, auth=self.user_one.auth)
self.collection.reload()
assert_equal(res.status_code, 204)
assert_equal(node_count_before - 1, len(self.collection.nodes_pointer))
def test_can_not_delete_collection_private_node_link_unauthorized(self):
res = self.app.delete(self.url, auth=self.user_two.auth, expect_errors=True)
assert_equal(res.status_code, 403)
assert_in('detail', res.json['errors'][0])
@assert_logs(NodeLog.POINTER_REMOVED, 'collection')
def test_can_not_return_deleted_collection_public_node_pointer(self):
res = self.app.delete(self.url_public, auth=self.user_one.auth)
self.collection.reload()
assert_equal(res.status_code, 204)
res = self.app.get(self.url_public, auth=self.user_one.auth, expect_errors=True)
assert_equal(res.status_code, 404)
@assert_logs(NodeLog.POINTER_REMOVED, 'collection')
def test_return_deleted_private_node_pointer(self):
res = self.app.delete(self.url, auth=self.user_one.auth)
self.project.reload()
assert_equal(res.status_code, 204)
res = self.app.get(self.url, auth=self.user_one.auth, expect_errors=True)
assert_equal(res.status_code, 404)
# Regression test for https://openscience.atlassian.net/browse/OSF-4322
def test_delete_link_that_is_not_linked_to_correct_node(self):
collection = FolderFactory(creator=self.user_one)
# The node link belongs to a different project
res = self.app.delete(
'/{}nodes/{}/node_links/{}/'.format(API_BASE, collection._id, self.node_link._id),
auth=self.user_one.auth,
expect_errors=True
)
assert_equal(res.status_code, 404)
errors = res.json['errors']
assert_equal(len(errors), 1)
assert_equal(errors[0]['detail'], 'Not found.')
