def test_ipermissionlabels_user_group_see_privates_inverted(
create_with_upload):
"""User is not allowed to see another user's private datasets"""
user_a = factories.User()
user_b = factories.User()
owner_org = factories.Organization(users=[{
'name': user_a['id'],
'capacity': 'admin'
}])
owner_group = factories.Group(users=[
{
'name': user_a['id'],
'capacity': 'admin'
},
])
context_a = {
'ignore_auth': False,
'user': user_a['name'],
'model': model,
'api_version': 3
}
context_b = {
'ignore_auth': False,
'user': user_b['name'],
'model': model,
'api_version': 3
}
dataset, _ = make_dataset(context_a,
owner_org,
create_with_upload=create_with_upload,
activate=True,
groups=[{
"id": owner_group["id"]
}],
private=True)
with pytest.raises(logic.NotAuthorized):
helpers.call_auth("package_show", context_b, id=dataset["id"])
def test_group_index(self):
app = self._get_test_app()
for i in xrange(1, 26):
_i = '0' + str(i) if i < 10 else i
factories.Group(
name='test-group-{0}'.format(_i),
title='Test Group {0}'.format(_i))
url = url_for(controller='group',
action='index')
response = app.get(url)
for i in xrange(1, 22):
_i = '0' + str(i) if i < 10 else i
assert_in('Test Group {0}'.format(_i), response)
assert 'Test Group 22' not in response
url = url_for(controller='group',
action='index',
page=1)
response = app.get(url)
for i in xrange(1, 22):
_i = '0' + str(i) if i < 10 else i
assert_in('Test Group {0}'.format(_i), response)
assert 'Test Group 22' not in response
url = url_for(controller='group',
action='index',
page=2)
response = app.get(url)
for i in xrange(22, 26):
assert_in('Test Group {0}'.format(i), response)
assert 'Test Group 21' not in response
def test_group_follower_list(self):
'''Following users appear on followers list page.'''
app = self._get_test_app()
user_one = factories.Sysadmin()
group = factories.Group()
env = {'REMOTE_USER': user_one['name'].encode('ascii')}
follow_url = url_for(controller='group',
action='follow',
id=group['id'])
app.post(follow_url, extra_environ=env, status=302)
followers_url = url_for(controller='group',
action='followers',
id=group['id'])
# Only sysadmins can view the followers list pages
followers_response = app.get(followers_url,
extra_environ=env,
status=200)
assert_true(user_one['display_name'] in followers_response)
def test_group_search_within_org_results(self):
'''Searching within an group returns expected dataset results.'''
app = self._get_test_app()
grp = factories.Group()
factories.Dataset(name="ds-one",
title="Dataset One",
groups=[{
'id': grp['id']
}])
factories.Dataset(name="ds-two",
title="Dataset Two",
groups=[{
'id': grp['id']
}])
factories.Dataset(name="ds-three",
title="Dataset Three",
groups=[{
'id': grp['id']
}])
grp_url = url_for(controller='group', action='read', id=grp['id'])
grp_response = app.get(grp_url)
search_form = grp_response.forms['group-datasets-search-form']
search_form['q'] = 'One'
search_response = webtest_submit(search_form)
assert_true('1 dataset found for "One"' in search_response)
search_response_html = BeautifulSoup(search_response.body)
ds_titles = search_response_html.select('.dataset-list '
'.dataset-item '
'.dataset-heading a')
ds_titles = [t.string for t in ds_titles]
assert_equal(len(ds_titles), 1)
assert_true('Dataset One' in ds_titles)
assert_true('Dataset Two' not in ds_titles)
assert_true('Dataset Three' not in ds_titles)
def test_resource_patch_other_users_dataset(create_with_upload):
"""User is not allowed to patch other user's datasets"""
user_a = factories.User()
user_b = factories.User()
owner_org = factories.Organization(users=[{
'name': user_a['id'],
'capacity': 'admin'
}])
factories.Group(users=[
{
'name': user_a['id'],
'capacity': 'admin'
},
])
context_a = {
'ignore_auth': False,
'user': user_a['name'],
'model': model,
'api_version': 3
}
context_b = {
'ignore_auth': False,
'user': user_b['name'],
'model': model,
'api_version': 3
}
# create a dataset
ds, res = make_dataset(context_a,
owner_org,
create_with_upload=create_with_upload,
activate=True)
with pytest.raises(logic.NotAuthorized):
assert helpers.call_auth("resource_patch",
context_b,
id=res["id"],
package_id=ds["id"],
description="my nice text")
def test_group_unfollow(self):
app = self._get_test_app()
user_one = factories.User()
group = factories.Group()
env = {'REMOTE_USER': user_one['name'].encode('ascii')}
follow_url = url_for(controller='group',
action='follow',
id=group['id'])
app.post(follow_url, extra_environ=env, status=302)
unfollow_url = url_for(controller='group',
action='unfollow',
id=group['id'])
unfollow_response = app.post(unfollow_url,
extra_environ=env,
status=302)
unfollow_response = unfollow_response.follow()
assert_true('You are no longer following {0}'.format(
group['display_name']) in unfollow_response)
def test_all_fields_saved(self, app):
user = factories.User()
group = factories.Group(user=user)
env = {"REMOTE_USER": six.ensure_str(user["name"])}
form = {
"name": u"all-fields-edited",
"title": "Science",
"description": "Sciencey datasets",
"image_url": "http://example.com/image.png",
"save": "",
}
resp = app.post(
url=url_for("group.edit", id=group["name"]),
extra_environ=env,
data=form,
)
group = model.Group.by_name(u"all-fields-edited")
assert group.title == u"Science"
assert group.description == "Sciencey datasets"
assert group.image_url == "http://example.com/image.png"
def test_group_search_within_org_no_results(self):
'''Searching for non-returning phrase within an group returns no
results.'''
app = self._get_test_app()
grp = factories.Group()
factories.Dataset(name="ds-one",
title="Dataset One",
groups=[{
'id': grp['id']
}])
factories.Dataset(name="ds-two",
title="Dataset Two",
groups=[{
'id': grp['id']
}])
factories.Dataset(name="ds-three",
title="Dataset Three",
groups=[{
'id': grp['id']
}])
with app.flask_app.test_request_context():
grp_url = url_for(controller='group', action='read', id=grp['id'])
grp_response = app.get(grp_url)
search_form = grp_response.forms['group-datasets-search-form']
search_form['q'] = 'Nout'
search_response = webtest_submit(search_form)
assert_true('No datasets found for "Nout"' in search_response)
search_response_html = BeautifulSoup(search_response.body)
ds_titles = search_response_html.select('.dataset-list '
'.dataset-item '
'.dataset-heading a')
ds_titles = [t.string for t in ds_titles]
assert_equal(len(ds_titles), 0)
def test_smtp_error_returns_error_message(self):
sysadmin = factories.Sysadmin()
group = factories.Group()
context = {
'user': sysadmin['name']
}
params = {
'email': '*****@*****.**',
'group_id': group['id'],
'role': 'editor'
}
assert_raises(logic.ValidationError, helpers.call_action,
'user_invite', context, **params)
# Check that the pending user was deleted
user = model.Session.query(model.User).filter(
model.User.name.like('example-invited-user%')).all()
assert_equals(user[0].state, 'deleted')
def test_group_patch_updating_single_field_when_public_user_details_is_false(self):
user = factories.User()
group = factories.Group(
name="economy", description="some test now", user=user
)
group = helpers.call_action(
"group_patch",
id=group["id"],
description="somethingnew",
context={"user": user["name"]},
)
assert group["name"] == "economy"
assert group["description"] == "somethingnew"
group2 = helpers.call_action("group_show", id=group["id"], include_users=True)
assert group2["name"] == "economy"
assert group2["description"] == "somethingnew"
assert len(group2["users"]) == 1
assert group2["users"][0]["name"] == user["name"]
def test_delete_group_by_updating_state(self, app):
user = factories.User()
group = factories.Group(user=user)
_clear_activities()
group["state"] = "deleted"
helpers.call_action(
"group_update", context={"user": user["name"]}, **group
)
url = url_for("activity.group_activity", id=group["id"])
env = {"REMOTE_USER": user["name"]}
response = app.get(url, extra_environ=env)
assert (
'<a href="/user/{}">{}'.format(user["name"], user["fullname"])
in response
)
assert "deleted the group" in response
assert (
'<a href="/group/{}">{}'.format(group["name"], group["title"])
in response
)
def test_change_dataset(self, app):
user = factories.User()
group = factories.Group(user=user)
dataset = factories.Dataset(groups=[{"id": group["id"]}], user=user)
_clear_activities()
dataset["title"] = "Dataset with changed title"
helpers.call_action(
"package_update", context={"user": user["name"]}, **dataset
)
url = url_for("activity.group_activity", id=group["id"])
response = app.get(url)
page = BeautifulSoup(response.body)
href = page.select_one(".dataset")
assert (
'<a href="/user/{}">{}'.format(user["name"], user["fullname"])
in response
)
assert "updated the dataset" in response
assert dataset["id"] in href.select_one("a")["href"].split("/", 2)[-1]
assert dataset["title"] in href.text.strip()
def test_member_users_cannot_add_members(self, current_user, app):
user = factories.User(fullname="My Owner")
user_obj = model.User.get(user["name"])
# mock current_user
current_user.return_value = user_obj
group = factories.Group(users=[{
"name": user["name"],
"capacity": "member"
}])
app.get(url_for("group.member_new", id=group["id"]), status=403)
app.post(
url_for("group.member_new", id=group["id"]),
data={
"id": "test",
"username": "******",
"save": "save",
"role": "test",
},
status=403,
)
def test_smtp_error_returns_error_message(self):
sysadmin = factories.Sysadmin()
group = factories.Group()
context = {"user": sysadmin["name"]}
params = {
"email": "*****@*****.**",
"group_id": group["id"],
"role": "editor",
}
with pytest.raises(logic.ValidationError):
helpers.call_action("user_invite", context, **params)
# Check that the pending user was deleted
user = (
model.Session.query(model.User)
.filter(model.User.name.like("example-invited-user%"))
.all()
)
assert user[0].state == "deleted"
def test_group_autocomplete_by_name(self):
factories.Group(name='rivers', title='Bridges')
app = self._get_test_app()
with app.flask_app.test_request_context():
url = url_for(controller='api',
action='group_autocomplete',
ver='/2')
assert_equal(url, '/api/2/util/group/autocomplete')
response = app.get(
url=url,
params={
'q': u'rive',
},
status=200,
)
results = json.loads(response.body)
assert_equal(len(results), 1)
assert_equal(results[0]['name'], 'rivers')
assert_equal(results[0]['title'], 'Bridges')
assert_equal(response.headers['Content-Type'],
'application/json;charset=utf-8')
