def test_creation(app, db, users, record_example): """Test link creation.""" mock_link_created = Mock() pid_value, record = record_example with app.test_request_context(): with link_created.connected_to(mock_link_created): datastore = current_app.extensions['security'].datastore receiver = datastore.get_user(users['receiver']['id']) l = SecretLink.create("Test title", receiver, dict(recid=pid_value), description="Test description") assert l.title == "Test title" assert l.description == "Test description" assert l.expires_at is None assert l.token != '' assert mock_link_created.called db.session.commit() l = SecretLink.query.get(l.id) assert SecretLink.validate_token( l.token, dict(recid=pid_value), ) assert not SecretLink.validate_token(l.token, dict(recid='-1'))
def has_read_files_permission(user, record): """Check if user has read access to the record.""" # Allow if record is open access if AccessRight.get( record.get('access_right', 'closed'), record.get('embargo_date')) == AccessRight.OPEN: return True # Allow token bearers token = session.get('accessrequests-secret-token') if token and SecretLink.validate_token( token, dict(recid=int(record['recid']))): return True # Check for a resource access token rat_token = request.args.get('token') if rat_token: rat_signer, payload = decode_rat(rat_token) rat_deposit_id = payload.get('deposit_id') rat_access = payload.get('access') deposit_id = record.get('_deposit', {}).get('id') if rat_deposit_id == deposit_id and rat_access == 'read': return has_update_permission(rat_signer, record) return has_update_permission(user, record)
def has_access(user=None, record=None): """Check whether the user has access to the record. The rules followed are: 1. Open Access records can be viewed by everyone. 2. Embargoed, Restricted and Closed records can be viewed by the record owners. 3. Administrators can view every record. """ if AccessRight.get(record['access_right'], record.get('embargo_date')) \ == AccessRight.OPEN: return True user_id = int(user.get_id()) if user.is_authenticated else None if user_id in record.get('owners', []): return True if DynamicPermission(ActionNeed('admin-access')): return True try: token = session['accessrequests-secret-token'] recid = record['recid'] if SecretLink.validate_token(token, dict(recid=int(recid))): return True else: del session['accessrequests-secret-token'] except KeyError: pass return False
def test_creation(self): """Test link creation.""" from zenodo_accessrequests.models import SecretLink from zenodo_accessrequests.signals import \ link_created with link_created.connected_to(self.get_receiver('created')): l = SecretLink.create("Test title", self.receiver, dict(recid=1), description="Test description") self.assertEqual(l.title, "Test title") self.assertEqual(l.description, "Test description") self.assertIsNone(l.expires_at) self.assertNotEqual(l.token, "") self.assertIsNotNone(self.called['created']) assert SecretLink.validate_token(l.token, dict(recid=1),) assert not SecretLink.validate_token(l.token, dict(recid=2))
def has_read_files_permission(user, record): """Check if user has read access to the record.""" # Allow if record is open access if AccessRight.get(record.get('access_right', 'closed'), record.get('embargo_date')) == AccessRight.OPEN: return True # Allow token bearers token = session.get('accessrequests-secret-token') if token and SecretLink.validate_token(token, dict(recid=int(record['recid']))): return True return has_update_permission(user, record)
def has_read_permission(user, record): """Check if user has read access to the record.""" # Allow if record is open access if AccessRight.get(record['access_right'], record.get('embargo_date')) \ == AccessRight.OPEN: return True # Allow token bearers token = session.get('accessrequests-secret-token') if token and SecretLink.validate_token( token, dict(recid=int(record['recid']))): return True return has_update_permission(user, record)
def test_creation(app, db, users, record_example): """Test link creation.""" mock_link_created = Mock() pid_value, record = record_example with app.test_request_context(): with link_created.connected_to(mock_link_created): datastore = current_app.extensions['security'].datastore receiver = datastore.get_user(users['receiver']['id']) l = SecretLink.create("Test title", receiver, dict(recid=pid_value), description="Test description") assert l.title == "Test title" assert l.description == "Test description" assert l.expires_at is None assert l.token != '' assert mock_link_created.called db.session.commit() l = SecretLink.query.get(l.id) assert SecretLink.validate_token(l.token, dict(recid=pid_value),) assert not SecretLink.validate_token(l.token, dict(recid='-1'))
def test_creation(self): """Test link creation.""" from zenodo_accessrequests.models import SecretLink from zenodo_accessrequests.signals import \ link_created with link_created.connected_to(self.get_receiver('created')): l = SecretLink.create("Test title", self.receiver, dict(recid=1), description="Test description") self.assertEqual(l.title, "Test title") self.assertEqual(l.description, "Test description") self.assertIsNone(l.expires_at) self.assertNotEqual(l.token, "") self.assertIsNotNone(self.called['created']) assert SecretLink.validate_token( l.token, dict(recid=1), ) assert not SecretLink.validate_token(l.token, dict(recid=2))