def test_change_contributor_permission_and_bibliographic(
self, app, user, contrib, project, url_contrib):
with assert_latest_log(NodeLog.PERMISSIONS_UPDATED, project,
1), assert_latest_log(
NodeLog.MADE_CONTRIBUTOR_INVISIBLE,
project):
contrib_id = '{}-{}'.format(project._id, contrib._id)
data = {
'data': {
'id': contrib_id,
'type': 'contributors',
'attributes': {
'permission': permissions.READ,
'bibliographic': False
}
}
}
res = app.put_json_api(url_contrib, data, auth=user.auth)
assert res.status_code == 200
attributes = res.json['data']['attributes']
assert attributes['permission'] == permissions.READ
assert not attributes['bibliographic']
project.reload()
assert project.get_permissions(contrib) == [permissions.READ]
assert not project.get_visible(contrib)
def test_change_contributor_permissions(self, app, user, contrib, project, url_contrib):
contrib_id = '{}-{}'.format(project._id, contrib._id)
with assert_latest_log(NodeLog.PERMISSIONS_UPDATED, project):
data = {
'data': {
'id': contrib_id,
'type': 'contributors',
'attributes': {
'permission': permissions.ADMIN,
'bibliographic': True
}
}
}
res = app.put_json_api(url_contrib, data, auth=user.auth)
assert res.status_code == 200
attributes = res.json['data']['attributes']
assert attributes['permission'] == permissions.ADMIN
project.reload()
assert project.get_permissions(contrib) == [permissions.READ, permissions.WRITE, permissions.ADMIN]
with assert_latest_log(NodeLog.PERMISSIONS_UPDATED, project):
data = {
'data': {
'id': contrib_id,
'type': 'contributors',
'attributes': {
'permission': permissions.WRITE,
'bibliographic': True
}
}
}
res = app.put_json_api(url_contrib, data, auth=user.auth)
assert res.status_code == 200
attributes = res.json['data']['attributes']
assert attributes['permission'] == permissions.WRITE
project.reload()
assert project.get_permissions(contrib) == [permissions.READ, permissions.WRITE]
with assert_latest_log(NodeLog.PERMISSIONS_UPDATED, project):
data = {
'data': {
'id': contrib_id,
'type': 'contributors',
'attributes': {
'permission': permissions.READ,
'bibliographic': True
}
}
}
res = app.put_json_api(url_contrib, data, auth=user.auth)
assert res.status_code == 200
attributes = res.json['data']['attributes']
assert attributes['permission'] == permissions.READ
project.reload()
assert project.get_permissions(contrib) == [permissions.READ]
def test_deletes_private_node_pointer_logged_in_contributor(
self, app, user, private_project, private_url):
with assert_latest_log(NodeLog.POINTER_REMOVED, private_project):
res = app.delete(private_url, auth=user.auth)
private_project.reload() # Update the model to reflect changes made by post request
assert res.status_code == 204
assert len(private_project.nodes_pointer) == 0
def test_bulk_creates_node_pointer_already_connected(
self, app, user, public_project,
public_pointer_project_one,
public_pointer_project_two,
public_url, public_payload):
with assert_latest_log(NodeLog.POINTER_CREATED, public_project):
res = app.post_json_api(
public_url, public_payload,
auth=user.auth, bulk=True)
assert res.status_code == 201
assert res.content_type == 'application/vnd.api+json'
res_json = res.json['data']
embedded = res_json[0]['embeds']['target_node']['data']['id']
assert embedded == public_pointer_project_one._id
embedded_two = res_json[1]['embeds']['target_node']['data']['id']
assert embedded_two == public_pointer_project_two._id
res = app.post_json_api(
public_url, public_payload,
auth=user.auth,
expect_errors=True, bulk=True)
assert res.status_code == 400
assert 'Target Node \'{}\' already pointed to by \'{}\'.'.format(
public_pointer_project_one._id,
public_project._id
) in res.json['errors'][0]['detail']
def test_move_top_contributor_down_one_and_also_log(
self, app, user, contribs, project, contrib_user_id,
url_contrib_base):
with assert_latest_log(NodeLog.CONTRIB_REORDERED, project):
contributor_to_move = contribs[0]._id
contributor_id = '{}-{}'.format(project._id, contributor_to_move)
former_second_contributor = contribs[1]
url = '{}{}/'.format(url_contrib_base, contributor_to_move)
data = {
'data': {
'id': contributor_id,
'type': 'contributors',
'attributes': {
'index': 1
}
}
}
res_patch = app.patch_json_api(url, data, auth=user.auth)
assert res_patch.status_code == 200
project.reload()
res = app.get('/{}nodes/{}/contributors/'.format(
API_BASE, project._id),
auth=user.auth)
assert res.status_code == 200
contributor_list = res.json['data']
assert contrib_user_id(contributor_list[1]) == contributor_to_move
assert contrib_user_id(
contributor_list[0]) == former_second_contributor._id
def test_bulk_creates_node_pointer_to_itself(
self, app, user, public_project, public_url):
with assert_latest_log(NodeLog.POINTER_CREATED, public_project):
point_to_itself_payload = {
'data': [{
'type': 'node_links',
'relationships': {
'nodes': {
'data': {
'type': 'nodes',
'id': public_project._id
}
}
}
}]
}
res = app.post_json_api(
public_url, point_to_itself_payload,
auth=user.auth, bulk=True)
assert res.status_code == 201
assert res.content_type == 'application/vnd.api+json'
res_json = res.json['data']
embedded = res_json[0]['embeds']['target_node']['data']['id']
assert embedded == public_project._id
def test_bulk_creates_node_pointer_already_connected(
self, app, user, public_project,
public_pointer_project_one,
public_pointer_project_two,
public_url, public_payload):
with assert_latest_log(NodeLog.POINTER_CREATED, public_project):
res = app.post_json_api(
public_url, public_payload,
auth=user.auth, bulk=True)
assert res.status_code == 201
assert res.content_type == 'application/vnd.api+json'
res_json = res.json['data']
embedded = res_json[0]['embeds']['target_node']['data']['id']
assert embedded == public_pointer_project_one._id
embedded_two = res_json[1]['embeds']['target_node']['data']['id']
assert embedded_two == public_pointer_project_two._id
res = app.post_json_api(
public_url, public_payload,
auth=user.auth,
expect_errors=True, bulk=True)
assert res.status_code == 400
assert 'Target Node \'{}\' already pointed to by \'{}\'.'.format(
public_pointer_project_one._id,
public_project._id
) in res.json['errors'][0]['detail']
def test_creates_public_node_pointer_logged_in(
self, app, user, user_two, public_project,
public_pointer_project, public_url, make_payload):
public_payload = make_payload(id=public_pointer_project._id)
with assert_latest_log(NodeLog.POINTER_CREATED, public_project):
res = app.post_json_api(
public_url, public_payload,
auth=user_two.auth, expect_errors=True)
assert res.status_code == 403
assert 'detail' in res.json['errors'][0]
group_mem = AuthUserFactory()
group = OSFGroupFactory(creator=group_mem)
public_project.add_osf_group(group, READ)
res = app.post_json_api(
public_url, public_payload,
auth=group_mem.auth, expect_errors=True)
assert res.status_code == 403
res = app.post_json_api(public_url, public_payload, auth=user.auth)
assert res.status_code == 201
assert res.content_type == 'application/vnd.api+json'
res_json = res.json['data']
embedded = res_json['embeds']['target_node']['data']['id']
assert embedded == public_pointer_project._id
def test_move_top_contributor_down_one_and_also_log(
self, app, user, contribs, project, contrib_user_id, url_contrib_base):
with assert_latest_log(NodeLog.CONTRIB_REORDERED, project):
contributor_to_move = contribs[0]._id
contributor_id = '{}-{}'.format(project._id, contributor_to_move)
former_second_contributor = contribs[1]
url = '{}{}/'.format(url_contrib_base, contributor_to_move)
data = {
'data': {
'id': contributor_id,
'type': 'contributors',
'attributes': {
'index': 1
}
}
}
res_patch = app.patch_json_api(url, data, auth=user.auth)
assert res_patch.status_code == 200
project.reload()
res = app.get(
'/{}nodes/{}/contributors/'.format(API_BASE, project._id), auth=user.auth)
assert res.status_code == 200
contributor_list = res.json['data']
assert contrib_user_id(contributor_list[1]) == contributor_to_move
assert contrib_user_id(
contributor_list[0]) == former_second_contributor._id
def test_deletes_public_node_pointer_succeeds_as_owner(self, app, user, public_project, public_pointer, public_url):
with assert_latest_log(NodeLog.POINTER_REMOVED, public_project):
node_count_before = len(public_project.nodes_pointer)
res = app.delete(public_url, auth=user.auth)
public_project.reload()
assert res.status_code == 204
assert node_count_before - 1 == len(public_project.nodes_pointer)
def test_deletes_private_node_pointer_logged_in_contributor(
self, app, user, private_project, private_url):
with assert_latest_log(NodeLog.POINTER_REMOVED, private_project):
res = app.delete(private_url, auth=user.auth)
private_project.reload(
) # Update the model to reflect changes made by post request
assert res.status_code == 204
assert len(private_project.nodes_pointer) == 0
def test_create_node_pointer_contributing_node_to_non_contributing_node(self, app, user, user_two, user_two_project, private_project, private_url, make_payload):
with assert_latest_log(NodeLog.POINTER_CREATED, private_project):
user_two_payload = make_payload(id=user_two_project._id)
res = app.post_json_api(private_url, user_two_payload, auth=user.auth)
assert res.status_code == 201
assert res.content_type == 'application/vnd.api+json'
res_json = res.json['data']
embedded = res_json['embeds']['target_node']['data']['id']
assert embedded == user_two_project._id
def test_return_deleted_private_node_pointer(self, app, user, private_project, private_url):
with assert_latest_log(NodeLog.POINTER_REMOVED, private_project):
res = app.delete(private_url, auth=user.auth)
private_project.reload() # Update the model to reflect changes made by post request
assert res.status_code == 204
#check that deleted pointer can not be returned
res = app.get(private_url, auth=user.auth, expect_errors=True)
assert res.status_code == 404
def test_create_node_pointer_errors(self, app, user, user_two, public_project, user_two_project, public_pointer_project, public_url, private_url, make_payload):
# test_create_node_pointer_to_itself_unauthorized
point_to_itself_payload = make_payload(id=public_project._id)
res = app.post_json_api(public_url, point_to_itself_payload, auth=user_two.auth, expect_errors=True)
assert res.status_code == 403
assert 'detail' in res.json['errors'][0]
# test_create_node_pointer_already_connected
with assert_latest_log(NodeLog.POINTER_CREATED, public_project):
public_payload = make_payload(id=public_pointer_project._id)
res = app.post_json_api(public_url, public_payload, auth=user.auth)
assert res.status_code == 201
assert res.content_type == 'application/vnd.api+json'
res_json = res.json['data']
embedded = res_json['embeds']['target_node']['data']['id']
assert embedded == public_pointer_project._id
res = app.post_json_api(public_url, public_payload, auth=user.auth, expect_errors=True)
assert res.status_code == 400
assert 'detail' in res.json['errors'][0]
# test_create_node_pointer_no_type
payload = {
'data': {
'relationships': {
'nodes': {
'data': {
'id': user_two_project._id,
'type': 'nodes'
}
}
}
}
}
res = app.post_json_api(private_url, payload, auth=user.auth, expect_errors=True)
assert res.status_code == 400
assert res.json['errors'][0]['detail'] == 'This field may not be null.'
assert res.json['errors'][0]['source']['pointer'] == '/data/type'
# test_create_node_pointer_incorrect_type
payload = {
'data': {
'type': 'Wrong type.',
'relationships': {
'nodes': {
'data': {
'id': user_two_project._id,
'type': 'nodes'
}
}
}
}
}
res = app.post_json_api(private_url, payload, auth=user.auth, expect_errors=True)
assert res.status_code == 409
assert res.json['errors'][0]['detail'] == 'This resource has a type of "node_links", but you set the json body\'s type field to "Wrong type.". You probably need to change the type field to match the resource\'s type.'
def test_bulk_deletes_public_node_pointers_succeeds_as_owner(self, app, user, public_project, public_url, public_payload):
with assert_latest_log(NodeLog.POINTER_REMOVED, public_project):
node_count_before = len(public_project.nodes_pointer)
res = app.delete_json_api(public_url, public_payload, auth=user.auth, bulk=True)
public_project.reload()
assert res.status_code == 204
assert node_count_before - 2 == len(public_project.nodes_pointer)
public_project.reload()
def test_create_node_pointer_to_itself(self, app, user, public_project, public_url, make_payload):
with assert_latest_log(NodeLog.POINTER_CREATED, public_project):
point_to_itself_payload = make_payload(id=public_project._id)
res = app.post_json_api(public_url, point_to_itself_payload, auth=user.auth)
res_json = res.json['data']
assert res.status_code == 201
assert res.content_type == 'application/vnd.api+json'
embedded = res_json['embeds']['target_node']['data']['id']
assert embedded == public_project._id
def test_tags_add_and_remove_properly(self, app, user_admin,
registration_public,
new_tag_payload_public,
url_registration_public):
with assert_latest_log(NodeLog.TAG_ADDED, registration_public):
res = app.patch_json_api(url_registration_public,
new_tag_payload_public,
auth=user_admin.auth)
assert res.status_code == 200
# Ensure adding tag data is correct from the PATCH response
assert len(res.json['data']['attributes']['tags']) == 1
assert res.json['data']['attributes']['tags'][0] == 'new-tag'
with assert_latest_log(NodeLog.TAG_REMOVED,
registration_public), assert_latest_log(
NodeLog.TAG_ADDED, registration_public, 1):
# Ensure removing and adding tag data is correct from the PATCH
# response
res = app.patch_json_api(url_registration_public, {
'data': {
'id': registration_public._id,
'type': 'registrations',
'attributes': {
'tags': ['newer-tag']
}
}
},
auth=user_admin.auth)
assert res.status_code == 200
assert len(res.json['data']['attributes']['tags']) == 1
assert res.json['data']['attributes']['tags'][0] == 'newer-tag'
with assert_latest_log(NodeLog.TAG_REMOVED, registration_public):
# Ensure removing tag data is correct from the PATCH response
res = app.patch_json_api(url_registration_public, {
'data': {
'id': registration_public._id,
'type': 'registrations',
'attributes': {
'tags': []
}
}
},
auth=user_admin.auth)
assert res.status_code == 200
assert len(res.json['data']['attributes']['tags']) == 0
def test_remove_contributor_admin(self, app, user, user_write_contrib, project, url_user_write_contrib):
with assert_latest_log(NodeLog.CONTRIB_REMOVED, project):
# Disconnect contributor_removed so that we don't check in files
# We can remove this when StoredFileNode is implemented in osf-models
with disconnected_from_listeners(contributor_removed):
res = app.delete(url_user_write_contrib, auth=user.auth)
assert res.status_code == 204
project.reload()
assert user_write_contrib not in project.contributors
def test_bulk_deletes_public_node_pointers_succeeds_as_owner(
self, app, user, public_project, public_url, public_payload):
with assert_latest_log(NodeLog.POINTER_REMOVED, public_project):
node_count_before = len(public_project.nodes_pointer)
res = app.delete_json_api(
public_url, public_payload, auth=user.auth, bulk=True)
public_project.reload()
assert res.status_code == 204
assert node_count_before - 2 == len(public_project.nodes_pointer)
public_project.reload()
def test_return_bulk_deleted_private_node_pointer(self, app, user, private_project, private_pointer_one, private_url, private_payload):
with assert_latest_log(NodeLog.POINTER_REMOVED, private_project):
res = app.delete_json_api(private_url, private_payload, auth=user.auth, bulk=True)
private_project.reload() # Update the model to reflect changes made by post request
assert res.status_code == 204
pointer_url = '/{}nodes/{}/node_links/{}/'.format(API_BASE, private_project._id, private_pointer_one._id)
#check that deleted pointer can not be returned
res = app.get(pointer_url, auth=user.auth, expect_errors=True)
assert res.status_code == 404
def test_bulk_creates_private_node_pointer_logged_in_contributor(self, app, user, private_project, private_payload, private_pointer_project_one, private_pointer_project_two, private_url):
with assert_latest_log(NodeLog.POINTER_CREATED, private_project):
res = app.post_json_api(private_url, private_payload, auth=user.auth, bulk=True)
assert res.status_code == 201
res_json = res.json['data']
embedded = res_json[0]['embeds']['target_node']['data']['id']
assert embedded == private_pointer_project_one._id
embedded = res_json[1]['embeds']['target_node']['data']['id']
assert embedded == private_pointer_project_two._id
assert res.content_type == 'application/vnd.api+json'
def test_remove_self_non_admin(self, app, user_non_contrib, project, url_user_non_contrib):
with assert_latest_log(NodeLog.CONTRIB_REMOVED, project):
project.add_contributor(user_non_contrib, permissions=[permissions.READ, permissions.WRITE], visible=True, save=True)
# Disconnect contributor_removed so that we don't check in files
# We can remove this when StoredFileNode is implemented in osf-models
with disconnected_from_listeners(contributor_removed):
res = app.delete(url_user_non_contrib, auth=user_non_contrib.auth)
assert res.status_code == 204
project.reload()
assert user_non_contrib not in project.contributors
def test_create_node_pointer_contributing_node_to_non_contributing_node(
self, app, user, user_two_project, private_project,
private_url, make_payload):
with assert_latest_log(NodeLog.POINTER_CREATED, private_project):
user_two_payload = make_payload(id=user_two_project._id)
res = app.post_json_api(
private_url, user_two_payload, auth=user.auth)
assert res.status_code == 201
assert res.content_type == 'application/vnd.api+json'
res_json = res.json['data']
embedded = res_json['embeds']['target_node']['data']['id']
assert embedded == user_two_project._id
def test_tags_add_and_remove_properly(
self, app, user_admin, registration_public,
new_tag_payload_public, url_registration_public):
with assert_latest_log(NodeLog.TAG_ADDED, registration_public):
res = app.patch_json_api(
url_registration_public,
new_tag_payload_public,
auth=user_admin.auth)
assert res.status_code == 200
# Ensure adding tag data is correct from the PATCH response
assert len(res.json['data']['attributes']['tags']) == 1
assert res.json['data']['attributes']['tags'][0] == 'new-tag'
with assert_latest_log(NodeLog.TAG_REMOVED, registration_public), assert_latest_log(NodeLog.TAG_ADDED, registration_public, 1):
# Ensure removing and adding tag data is correct from the PATCH
# response
res = app.patch_json_api(
url_registration_public,
{
'data': {
'id': registration_public._id,
'type': 'registrations',
'attributes': {'tags': ['newer-tag']}
}
}, auth=user_admin.auth)
assert res.status_code == 200
assert len(res.json['data']['attributes']['tags']) == 1
assert res.json['data']['attributes']['tags'][0] == 'newer-tag'
with assert_latest_log(NodeLog.TAG_REMOVED, registration_public):
# Ensure removing tag data is correct from the PATCH response
res = app.patch_json_api(
url_registration_public,
{
'data': {
'id': registration_public._id,
'type': 'registrations',
'attributes': {'tags': []}
}
}, auth=user_admin.auth)
assert res.status_code == 200
assert len(res.json['data']['attributes']['tags']) == 0
def test_can_remove_self_as_contributor_not_unique_admin(
self, app, user_write_contrib, preprint, url_user_write_contrib):
with assert_latest_log(PreprintLog.CONTRIB_REMOVED, preprint):
preprint.add_permission(user_write_contrib,
permissions.ADMIN,
save=True)
res = app.delete(url_user_write_contrib,
auth=user_write_contrib.auth)
assert res.status_code == 204
preprint.reload()
assert user_write_contrib not in preprint.contributors
def test_change_contributor_bibliographic(self, app, user, contrib,
preprint, url_contrib):
contrib_id = '{}-{}'.format(preprint._id, contrib._id)
with assert_latest_log(PreprintLog.MADE_CONTRIBUTOR_INVISIBLE,
preprint):
data = {
'data': {
'id': contrib_id,
'type': 'contributors',
'attributes': {
'bibliographic': False
}
}
}
res = app.put_json_api(url_contrib, data, auth=user.auth)
assert res.status_code == 200
attributes = res.json['data']['attributes']
assert not attributes['bibliographic']
preprint.reload()
assert not preprint.get_visible(contrib)
with assert_latest_log(PreprintLog.MADE_CONTRIBUTOR_VISIBLE, preprint):
data = {
'data': {
'id': contrib_id,
'type': 'contributors',
'attributes': {
'bibliographic': True
}
}
}
res = app.put_json_api(url_contrib, data, auth=user.auth)
assert res.status_code == 200
attributes = res.json['data']['attributes']
assert attributes['bibliographic']
preprint.reload()
assert preprint.get_visible(contrib)
def test_creates_public_node_pointer_logged_in(self, app, user, user_two, public_project, public_pointer_project, public_url, make_payload):
public_payload = make_payload(id=public_pointer_project._id)
with assert_latest_log(NodeLog.POINTER_CREATED, public_project):
res = app.post_json_api(public_url, public_payload, auth=user_two.auth, expect_errors=True)
assert res.status_code == 403
assert 'detail' in res.json['errors'][0]
res = app.post_json_api(public_url, public_payload, auth=user.auth)
assert res.status_code == 201
assert res.content_type == 'application/vnd.api+json'
res_json = res.json['data']
embedded = res_json['embeds']['target_node']['data']['id']
assert embedded == public_pointer_project._id
def test_remove_contributor_admin(
self, app, user, user_write_contrib,
project, url_user_write_contrib):
with assert_latest_log(NodeLog.CONTRIB_REMOVED, project):
# Disconnect contributor_removed so that we don't check in files
# We can remove this when StoredFileNode is implemented in
# osf-models
with disconnected_from_listeners(contributor_removed):
res = app.delete(url_user_write_contrib, auth=user.auth)
assert res.status_code == 204
project.reload()
assert user_write_contrib not in project.contributors
def test_remove_self_contributor_not_unique_admin(
self, app, user, user_write_contrib, preprint, url_user):
with assert_latest_log(PreprintLog.CONTRIB_REMOVED, preprint):
preprint.add_permission(
user_write_contrib,
permissions.ADMIN,
save=True)
res = app.delete(url_user, auth=user.auth)
assert res.status_code == 204
preprint.reload()
assert user not in preprint.contributors
def test_change_contributor_bibliographic(
self, app, user, contrib, project, url_contrib):
contrib_id = '{}-{}'.format(project._id, contrib._id)
with assert_latest_log(NodeLog.MADE_CONTRIBUTOR_INVISIBLE, project):
data = {
'data': {
'id': contrib_id,
'type': 'contributors',
'attributes': {
'bibliographic': False
}
}
}
res = app.put_json_api(url_contrib, data, auth=user.auth)
assert res.status_code == 200
attributes = res.json['data']['attributes']
assert not attributes['bibliographic']
project.reload()
assert not project.get_visible(contrib)
with assert_latest_log(NodeLog.MADE_CONTRIBUTOR_VISIBLE, project):
data = {
'data': {
'id': contrib_id,
'type': 'contributors',
'attributes': {
'bibliographic': True
}
}
}
res = app.put_json_api(url_contrib, data, auth=user.auth)
assert res.status_code == 200
attributes = res.json['data']['attributes']
assert attributes['bibliographic']
project.reload()
assert project.get_visible(contrib)
def test_create_node_pointer_to_itself(
self, app, user, public_project,
public_url, make_payload):
with assert_latest_log(NodeLog.POINTER_CREATED, public_project):
point_to_itself_payload = make_payload(id=public_project._id)
res = app.post_json_api(
public_url,
point_to_itself_payload,
auth=user.auth)
res_json = res.json['data']
assert res.status_code == 201
assert res.content_type == 'application/vnd.api+json'
embedded = res_json['embeds']['target_node']['data']['id']
assert embedded == public_project._id
def test_change_contributor_permission_and_bibliographic(
self, app, user, contrib, project, url_contrib):
with assert_latest_log(NodeLog.PERMISSIONS_UPDATED, project, 1), assert_latest_log(NodeLog.MADE_CONTRIBUTOR_INVISIBLE, project):
contrib_id = '{}-{}'.format(project._id, contrib._id)
data = {
'data': {
'id': contrib_id,
'type': 'contributors',
'attributes': {
'permission': permissions.READ,
'bibliographic': False
}
}
}
res = app.put_json_api(url_contrib, data, auth=user.auth)
assert res.status_code == 200
attributes = res.json['data']['attributes']
assert attributes['permission'] == permissions.READ
assert not attributes['bibliographic']
project.reload()
assert project.get_permissions(contrib) == [permissions.READ]
assert not project.get_visible(contrib)
def test_return_bulk_deleted_public_node_pointer(
self, app, user, public_project,
public_pointer_one, public_url, public_payload):
with assert_latest_log(NodeLog.POINTER_REMOVED, public_project):
res = app.delete_json_api(
public_url, public_payload, auth=user.auth, bulk=True)
public_project.reload() # Update the model to reflect changes made by post request
assert res.status_code == 204
pointer_url = '/{}nodes/{}/node_links/{}/'.format(
API_BASE, public_project._id, public_pointer_one._id)
# check that deleted pointer can not be returned
res = app.get(pointer_url, auth=user.auth, expect_errors=True)
assert res.status_code == 404
def test_bulk_creates_private_node_pointer_logged_in_contributor(
self, app, user, private_project, private_payload,
private_pointer_project_one, private_pointer_project_two,
private_url):
with assert_latest_log(NodeLog.POINTER_CREATED, private_project):
res = app.post_json_api(
private_url, private_payload,
auth=user.auth, bulk=True)
assert res.status_code == 201
res_json = res.json['data']
embedded = res_json[0]['embeds']['target_node']['data']['id']
assert embedded == private_pointer_project_one._id
embedded = res_json[1]['embeds']['target_node']['data']['id']
assert embedded == private_pointer_project_two._id
assert res.content_type == 'application/vnd.api+json'
def test_remove_self_contributor_not_unique_admin(self, app, user,
user_write_contrib,
project, url_user):
with assert_latest_log(NodeLog.CONTRIB_REMOVED, project):
project.add_permission(user_write_contrib,
permissions.ADMIN,
save=True)
# Disconnect contributor_removed so that we don't check in files
# We can remove this when StoredFileNode is implemented in
# osf-models
with disconnected_from_listeners(contributor_removed):
res = app.delete(url_user, auth=user.auth)
assert res.status_code == 204
project.reload()
assert user not in project.contributors
def test_remove_contributor_osf_group_member_admin(self, app, user,
user_write_contrib,
project,
url_user_write_contrib):
with assert_latest_log(NodeLog.CONTRIB_REMOVED, project):
# Disconnect contributor_removed so that we don't check in files
# We can remove this when StoredFileNode is implemented in
# osf-models
group_mem = AuthUserFactory()
group = OSFGroupFactory(creator=group_mem)
project.add_osf_group(group, permissions.ADMIN)
with disconnected_from_listeners(contributor_removed):
res = app.delete(url_user_write_contrib, auth=group_mem.auth)
assert res.status_code == 204
project.reload()
assert user_write_contrib not in project.contributors
def test_change_admin_self_with_other_admin(self, app, user, contrib, project, url_creator):
with assert_latest_log(NodeLog.PERMISSIONS_UPDATED, project):
project.add_permission(contrib, permissions.ADMIN, save=True)
contrib_id = '{}-{}'.format(project._id, user._id)
data = {
'data': {
'id': contrib_id,
'type': 'contributors',
'attributes': {
'permission': permissions.WRITE,
'bibliographic': True
}
}
}
res = app.put_json_api(url_creator, data, auth=user.auth)
assert res.status_code == 200
attributes = res.json['data']['attributes']
assert attributes['permission'] == permissions.WRITE
project.reload()
assert project.get_permissions(user) == [permissions.READ, permissions.WRITE]
def test_remove_self_non_admin(
self, app, user_non_contrib,
project, url_user_non_contrib):
with assert_latest_log(NodeLog.CONTRIB_REMOVED, project):
project.add_contributor(
user_non_contrib,
permissions=[
permissions.READ,
permissions.WRITE],
visible=True,
save=True)
# Disconnect contributor_removed so that we don't check in files
# We can remove this when StoredFileNode is implemented in
# osf-models
with disconnected_from_listeners(contributor_removed):
res = app.delete(
url_user_non_contrib,
auth=user_non_contrib.auth)
assert res.status_code == 204
project.reload()
assert user_non_contrib not in project.contributors
def test_change_admin_self_with_other_admin(
self, app, user, contrib, project, url_creator):
with assert_latest_log(NodeLog.PERMISSIONS_UPDATED, project):
project.add_permission(contrib, permissions.ADMIN, save=True)
contrib_id = '{}-{}'.format(project._id, user._id)
data = {
'data': {
'id': contrib_id,
'type': 'contributors',
'attributes': {
'permission': permissions.WRITE,
'bibliographic': True
}
}
}
res = app.put_json_api(url_creator, data, auth=user.auth)
assert res.status_code == 200
attributes = res.json['data']['attributes']
assert attributes['permission'] == permissions.WRITE
project.reload()
assert project.get_permissions(user) == [
permissions.READ, permissions.WRITE]
def test_registration_tags(self, app, registration_public,
registration_private, url_registration_public,
url_registration_private,
new_tag_payload_public, new_tag_payload_private,
user_admin, user_non_contrib,
read_write_contrib):
# test_registration_starts_with_no_tags
res = app.get(url_registration_public)
assert res.status_code == 200
assert len(res.json['data']['attributes']['tags']) == 0
# test_registration_does_not_expose_system_tags
registration_public.add_system_tag('systag', save=True)
res = app.get(url_registration_public)
assert res.status_code == 200
assert len(res.json['data']['attributes']['tags']) == 0
# test_contributor_can_add_tag_to_public_registration
with assert_latest_log(NodeLog.TAG_ADDED, registration_public):
res = app.patch_json_api(url_registration_public,
new_tag_payload_public,
auth=user_admin.auth)
assert res.status_code == 200
# Ensure data is correct from the PATCH response
assert len(res.json['data']['attributes']['tags']) == 1
assert res.json['data']['attributes']['tags'][0] == 'new-tag'
# Ensure data is correct in the database
registration_public.reload()
assert registration_public.tags.count() == 1
assert registration_public.tags.first()._id == 'new-tag'
# Ensure data is correct when GETting the resource again
reload_res = app.get(url_registration_public)
assert len(reload_res.json['data']['attributes']['tags']) == 1
assert reload_res.json['data']['attributes']['tags'][
0] == 'new-tag'
# test_contributor_can_add_tag_to_private_registration
with assert_latest_log(NodeLog.TAG_ADDED, registration_private):
res = app.patch_json_api(url_registration_private,
new_tag_payload_private,
auth=user_admin.auth)
assert res.status_code == 200
# Ensure data is correct from the PATCH response
assert len(res.json['data']['attributes']['tags']) == 1
assert res.json['data']['attributes']['tags'][0] == 'new-tag'
# Ensure data is correct in the database
registration_private.reload()
assert registration_private.tags.count() == 1
assert registration_private.tags.first()._id == 'new-tag'
# Ensure data is correct when GETting the resource again
reload_res = app.get(url_registration_private,
auth=user_admin.auth)
assert len(reload_res.json['data']['attributes']['tags']) == 1
assert reload_res.json['data']['attributes']['tags'][
0] == 'new-tag'
# test_non_contributor_cannot_add_tag_to_registration
res = app.patch_json_api(url_registration_public,
new_tag_payload_public,
expect_errors=True,
auth=user_non_contrib.auth)
assert res.status_code == 403
# test_partial_update_registration_does_not_clear_tags
new_payload = {
'data': {
'id': registration_private._id,
'type': 'registrations',
'attributes': {
'public': True
}
}
}
res = app.patch_json_api(url_registration_private,
new_payload,
auth=user_admin.auth)
assert res.status_code == 200
assert len(res.json['data']['attributes']['tags']) == 1
# test read-write contributor can update tags
new_tag_payload_public['data']['attributes']['tags'] = [
'from-readwrite'
]
res = app.patch_json_api(url_registration_public,
new_tag_payload_public,
auth=read_write_contrib.auth)
assert res.status_code == 200
def test_create_node_pointer_errors(
self, app, user, user_two, public_project,
user_two_project, public_pointer_project,
public_url, private_url, make_payload):
# test_create_node_pointer_to_itself_unauthorized
point_to_itself_payload = make_payload(id=public_project._id)
res = app.post_json_api(
public_url, point_to_itself_payload,
auth=user_two.auth,
expect_errors=True)
assert res.status_code == 403
assert 'detail' in res.json['errors'][0]
# test_create_node_pointer_already_connected
with assert_latest_log(NodeLog.POINTER_CREATED, public_project):
public_payload = make_payload(id=public_pointer_project._id)
res = app.post_json_api(public_url, public_payload, auth=user.auth)
assert res.status_code == 201
assert res.content_type == 'application/vnd.api+json'
res_json = res.json['data']
embedded = res_json['embeds']['target_node']['data']['id']
assert embedded == public_pointer_project._id
res = app.post_json_api(
public_url, public_payload,
auth=user.auth, expect_errors=True)
assert res.status_code == 400
assert 'detail' in res.json['errors'][0]
# test_create_node_pointer_no_type
payload = {
'data': {
'relationships': {
'nodes': {
'data': {
'id': user_two_project._id,
'type': 'nodes'
}
}
}
}
}
res = app.post_json_api(
private_url, payload,
auth=user.auth, expect_errors=True)
assert res.status_code == 400
assert res.json['errors'][0]['detail'] == 'This field may not be null.'
assert res.json['errors'][0]['source']['pointer'] == '/data/type'
# test_create_node_pointer_incorrect_type
payload = {
'data': {
'type': 'Wrong type.',
'relationships': {
'nodes': {
'data': {
'id': user_two_project._id,
'type': 'nodes'
}
}
}
}
}
res = app.post_json_api(
private_url, payload,
auth=user.auth,
expect_errors=True)
assert res.status_code == 409
assert res.json['errors'][0]['detail'] == 'This resource has a type of "node_links", but you set the json body\'s type field to "Wrong type.". You probably need to change the type field to match the resource\'s type.'
def test_change_contributor_permissions(
self, app, user, contrib, project, url_contrib):
contrib_id = '{}-{}'.format(project._id, contrib._id)
with assert_latest_log(NodeLog.PERMISSIONS_UPDATED, project):
data = {
'data': {
'id': contrib_id,
'type': 'contributors',
'attributes': {
'permission': permissions.ADMIN,
'bibliographic': True
}
}
}
res = app.put_json_api(url_contrib, data, auth=user.auth)
assert res.status_code == 200
attributes = res.json['data']['attributes']
assert attributes['permission'] == permissions.ADMIN
project.reload()
assert project.get_permissions(contrib) == [
permissions.READ, permissions.WRITE, permissions.ADMIN]
with assert_latest_log(NodeLog.PERMISSIONS_UPDATED, project):
data = {
'data': {
'id': contrib_id,
'type': 'contributors',
'attributes': {
'permission': permissions.WRITE,
'bibliographic': True
}
}
}
res = app.put_json_api(url_contrib, data, auth=user.auth)
assert res.status_code == 200
attributes = res.json['data']['attributes']
assert attributes['permission'] == permissions.WRITE
project.reload()
assert project.get_permissions(contrib) == [
permissions.READ, permissions.WRITE]
with assert_latest_log(NodeLog.PERMISSIONS_UPDATED, project):
data = {
'data': {
'id': contrib_id,
'type': 'contributors',
'attributes': {
'permission': permissions.READ,
'bibliographic': True
}
}
}
res = app.put_json_api(url_contrib, data, auth=user.auth)
assert res.status_code == 200
attributes = res.json['data']['attributes']
assert attributes['permission'] == permissions.READ
project.reload()
assert project.get_permissions(contrib) == [permissions.READ]
def test_registration_tags(
self, app, registration_public, registration_private,
url_registration_public, url_registration_private,
new_tag_payload_public, new_tag_payload_private,
user_admin, user_non_contrib, read_write_contrib):
# test_registration_starts_with_no_tags
res = app.get(url_registration_public)
assert res.status_code == 200
assert len(res.json['data']['attributes']['tags']) == 0
# test_registration_does_not_expose_system_tags
registration_public.add_system_tag('systag', save=True)
res = app.get(url_registration_public)
assert res.status_code == 200
assert len(res.json['data']['attributes']['tags']) == 0
# test_contributor_can_add_tag_to_public_registration
with assert_latest_log(NodeLog.TAG_ADDED, registration_public):
res = app.patch_json_api(
url_registration_public,
new_tag_payload_public,
auth=user_admin.auth)
assert res.status_code == 200
# Ensure data is correct from the PATCH response
assert len(res.json['data']['attributes']['tags']) == 1
assert res.json['data']['attributes']['tags'][0] == 'new-tag'
# Ensure data is correct in the database
registration_public.reload()
assert registration_public.tags.count() == 1
assert registration_public.tags.first()._id == 'new-tag'
# Ensure data is correct when GETting the resource again
reload_res = app.get(url_registration_public)
assert len(reload_res.json['data']['attributes']['tags']) == 1
assert reload_res.json['data']['attributes']['tags'][0] == 'new-tag'
# test_contributor_can_add_tag_to_private_registration
with assert_latest_log(NodeLog.TAG_ADDED, registration_private):
res = app.patch_json_api(
url_registration_private,
new_tag_payload_private,
auth=user_admin.auth)
assert res.status_code == 200
# Ensure data is correct from the PATCH response
assert len(res.json['data']['attributes']['tags']) == 1
assert res.json['data']['attributes']['tags'][0] == 'new-tag'
# Ensure data is correct in the database
registration_private.reload()
assert registration_private.tags.count() == 1
assert registration_private.tags.first()._id == 'new-tag'
# Ensure data is correct when GETting the resource again
reload_res = app.get(
url_registration_private,
auth=user_admin.auth)
assert len(reload_res.json['data']['attributes']['tags']) == 1
assert reload_res.json['data']['attributes']['tags'][0] == 'new-tag'
# test_non_contributor_cannot_add_tag_to_registration
res = app.patch_json_api(
url_registration_public,
new_tag_payload_public,
expect_errors=True,
auth=user_non_contrib.auth)
assert res.status_code == 403
# test_partial_update_registration_does_not_clear_tagsb
new_payload = {
'data': {
'id': registration_private._id,
'type': 'registrations',
'attributes': {
'public': True
}
}
}
res = app.patch_json_api(
url_registration_private,
new_payload,
auth=user_admin.auth)
assert res.status_code == 200
assert len(res.json['data']['attributes']['tags']) == 1
# test read-write contributor can update tags
new_tag_payload_public['data']['attributes']['tags'] = ['from-readwrite']
res = app.patch_json_api(
url_registration_public,
new_tag_payload_public,
auth=read_write_contrib.auth)
assert res.status_code == 200