def setup(self):
super(TestApiNewDataset, self).setup()
self.user = make_account('test_new')
self.user.api_key = 'd0610659-627b-4403-8b7f-6e2820ebc95d'
self.user2 = make_account('test_new2')
self.user2.api_key = 'c011c340-8dad-419c-8138-1c6ded86ead5'
def test_trigger_reset_post_ok(self):
try:
original_smtp_server = config.get('smtp_server')
config['smtp_server'] = 'non-existent-smtp-server'
make_account()
self.app.post(url(controller='account', action='trigger_reset'),
params={'email': "*****@*****.**"})
finally:
config['smtp_server'] = original_smtp_server
def test_trigger_reset_post_ok(self):
try:
original_smtp_server = config.get('smtp_server')
config['smtp_server'] = 'non-existent-smtp-server'
make_account()
self.app.post(url(controller='account',
action='trigger_reset'),
params={'email': "*****@*****.**"})
finally:
config['smtp_server'] = original_smtp_server
def setUp(self):
super(TestDatasetController, self).setUp()
current_app.config['LOCKDOWN_FORCE'] = False
current_app.config['PRESERVE_CONTEXT_ON_EXCEPTION'] = False
#self.source = csvimport_fixture("sci_study")
self.authuser = make_account('authuser', email='*****@*****.**', verified=True)
self.authuser.password = generate_password_hash("password")
self.moduser = make_account('moduser', email='*****@*****.**', moderator=True)
self.moduser.password = generate_password_hash("password")
self.adminuser = make_account('adminuser', email='*****@*****.**', admin=True)
self.adminuser.password = generate_password_hash("password")
db.session.commit()
def setUp(self):
super(TestDatasetController, self).setUp()
current_app.config['LOCKDOWN_FORCE'] = False
current_app.config['PRESERVE_CONTEXT_ON_EXCEPTION'] = False
#self.source = csvimport_fixture("sci_study")
self.user = make_account('test')
def test_dashboard(self):
test = make_account('test')
cra = load_fixture('cra', manager=test)
response = self.app.get(url(controller='account', action='dashboard'),
extra_environ={'REMOTE_USER': str(test.name)})
assert '200' in response.status, response.status
assert cra.label in response, response
def setUp(self):
super(TestDatasetController, self).setUp()
current_app.config['LOCKDOWN_FORCE'] = False
current_app.config['PRESERVE_CONTEXT_ON_EXCEPTION'] = False
#self.source = csvimport_fixture("sci_study")
self.user = make_account('test', make_account=True)
def test_dashboard(self):
test = make_account('test')
cra = load_fixture('cra', manager=test)
response = self.app.get(url(controller='account', action='dashboard'),
extra_environ={'REMOTE_USER': str(test.name)})
assert '200' in response.status, response.status
assert cra.label in response, response
def setup(self):
"""
Set up the TestBadgeController. Setup creates two users, one regular
user (test) and one administrator (admin).
"""
super(TestBadgeController, self).setup()
# Create test user
self.user = make_account('test')
# Create admin user
self.admin = make_account('admin')
self.admin.admin = True
db.session.commit()
# Load dataset we use for tests
self.dataset = load_fixture('cra')
def setup(self):
"""
Set up the TestBadgeController. Setup creates two users, one regular
user (test) and one administrator (admin).
"""
super(TestBadgeController, self).setup()
# Create test user
self.user = make_account('test')
# Create admin user
self.admin = make_account('admin')
self.admin.admin = True
db.session.commit()
# Load dataset we use for tests
self.dataset = load_fixture('cra')
def test_feeds(self):
# Anonymous user with one public dataset
response = self.app.get(url(controller='dataset', action='feed_rss'),
expect_errors=True)
assert 'application/xml' in response.content_type
assert '<title>Recently Created Datasets</title>' in response
assert '<item><title>Country Regional Analysis v2009' in response
cra = Dataset.by_name('cra')
cra.private = True
db.session.add(cra)
db.session.commit()
# Anonymous user with one private dataset
response = self.app.get(url(controller='dataset', action='feed_rss'),
expect_errors=True)
assert 'application/xml' in response.content_type
assert '<title>Recently Created Datasets</title>' in response
assert '<item><title>Country Regional Analysis v2009' not in response
# Logged in user with one public dataset
cra.private = False
db.session.add(cra)
db.session.commit()
response = self.app.get(url(controller='dataset', action='feed_rss'),
expect_errors=True,
extra_environ={'REMOTE_USER': '******'})
assert 'application/xml' in response.content_type
assert '<title>Recently Created Datasets</title>' in response
assert '<item><title>Country Regional Analysis v2009' in response
# Logged in user with one private dataset
cra.private = True
db.session.add(cra)
db.session.commit()
response = self.app.get(url(controller='dataset', action='feed_rss'),
expect_errors=True,
extra_environ={'REMOTE_USER': '******'})
assert 'application/xml' in response.content_type
assert '<title>Recently Created Datasets</title>' in response
assert '<item><title>Country Regional Analysis v2009' not in response
# Logged in admin user with one private dataset
admin_user = make_account('admin')
admin_user.admin = True
db.session.add(admin_user)
db.session.commit()
response = self.app.get(url(controller='dataset', action='feed_rss'),
extra_environ={'REMOTE_USER': '******'})
assert '<title>Recently Created Datasets</title>' in response
assert '<item><title>Country Regional Analysis v2009' in response
assert 'application/xml' in response.content_type
response = self.app.get(url(controller='dataset', action='index'))
assert ('<link rel="alternate" type="application/rss+xml" title="'
'Latest Datasets on OpenSpending" href="/datasets.rss"' in
response)
def test_reset_get(self):
response = self.app.get(url(controller='account', action='do_reset',
token='huhu',
email='*****@*****.**'))
assert '/login' in response.headers['location'], response.headers
account = make_account()
response = self.app.get(url(controller='account', action='do_reset',
token=account.token,
email=account.email))
assert '/settings' in response.headers['location'], response.headers
def csvimport_fixture(name):
model_fp = csvimport_fixture_file(name, 'model.json')
mapping_fp = csvimport_fixture_file(name, 'mapping.json')
model = json.load(model_fp)
if mapping_fp:
model['mapping'] = json.load(mapping_fp)
dataset = Dataset(model)
dataset.generate()
db.session.add(dataset)
data_path = csvimport_fixture_path(name, 'data.csv')
user = make_account()
source = Source(dataset, user, data_path)
db.session.add(source)
db.session.commit()
return source
def csvimport_fixture(name):
model_fp = csvimport_fixture_file(name, 'model.json')
mapping_fp = csvimport_fixture_file(name, 'mapping.json')
model = json.load(model_fp)
if mapping_fp:
model['mapping'] = json.load(mapping_fp)
dataset = Dataset(model)
dataset.generate()
db.session.add(dataset)
data_path = csvimport_fixture_path(name, 'data.csv')
user = make_account()
source = Source(dataset, user, data_path)
db.session.add(source)
db.session.commit()
return source
def test_distinct_json(self):
test = make_account()
response = self.app.get(url(controller='account', action='complete'),
extra_environ={'REMOTE_USER': str(test.name)})
obj = json.loads(response.body)['results']
assert obj[0].keys() == [u'fullname', u'name']
assert len(obj) == 1, obj
assert obj[0]['name'] == 'test', obj[0]
response = self.app.get(url(controller='account', action='complete'),
params={'q': 'tes'},
extra_environ={'REMOTE_USER': str(test.name)})
obj = json.loads(response.body)['results']
assert len(obj) == 1, obj
response = self.app.get(url(controller='account', action='complete'),
params={'q': 'foo'},
extra_environ={'REMOTE_USER': str(test.name)})
obj = json.loads(response.body)['results']
assert len(obj) == 0, obj
def test_distinct_json(self):
test = make_account()
response = self.app.get(url(controller='account', action='complete'),
extra_environ={'REMOTE_USER': str(test.name)})
obj = json.loads(response.body)['results']
assert obj[0].keys() == [u'fullname', u'name']
assert len(obj) == 1, obj
assert obj[0]['name'] == 'test', obj[0]
response = self.app.get(url(controller='account', action='complete'),
params={'q': 'tes'},
extra_environ={'REMOTE_USER': str(test.name)})
obj = json.loads(response.body)['results']
assert len(obj) == 1, obj
response = self.app.get(url(controller='account', action='complete'),
params={'q': 'foo'},
extra_environ={'REMOTE_USER': str(test.name)})
obj = json.loads(response.body)['results']
assert len(obj) == 0, obj
def test_unverified_user(self):
"""
check that unverified user can't go anywhere
"""
myfakeuser = make_account(name="tester",
fullname='tester',
email='*****@*****.**',
admin=False,
verified=False)
myfakeuser.password = generate_password_hash("mypassword")
db.session.commit()
res = self.client.post(url_for('account.login'),
data=dict(login="******",
password='******'),
follow_redirects=True)
assert "The message would have been sent below" in res.data, "should show an email message inn debug"
res2 = self.client.get(url_for("forum.index"))
assert '403' in res2.status, "should not be able to access the forum as unverified user"
def setUp(self):
super(TestAccountController, self).setUp()
# Create test user
current_app.config['LOCKDOWN_FORCE'] = False
self.user = make_account('testuser')
def test_user_scoreboard(self):
"""
Test if the user scoreboard works and is only accessible by
administrators
"""
# Create dataset and users and make normal user owner of dataset
admin_user = make_account('test_admin', admin=True)
dataset = load_fixture('cra')
normal_user = make_account('test_user')
normal_user.datasets.append(dataset)
db.session.add(normal_user)
db.session.commit()
# Refetch the accounts into scope after the commit
admin_user = Account.by_name('test_admin')
normal_user = Account.by_name('test_user')
# Get the URL to user scoreboard
scoreboard_url = url(controller='account', action='scoreboard')
# Get the home page (could be just any page
user_response = self.app.get(
url(controller='home', action='index'),
extra_environ={'REMOTE_USER': str(normal_user.name)})
admin_response = self.app.get(
url(controller='home', action='index'),
extra_environ={'REMOTE_USER': str(admin_user.name)})
# Admin user should be the only one to see a link
# to the user scoreboard (not the normal user)
assert scoreboard_url not in user_response.body, \
"Normal user can see scoreboard url on the home page"
assert scoreboard_url in admin_response.body, \
"Admin user cannot see the scoreboard url on the home page"
# Normal user should not be able to access the scoreboard url
user_response = self.app.get(
scoreboard_url,
expect_errors=True,
extra_environ={'REMOTE_USER': str(normal_user.name)})
assert '403' in user_response.status, \
"Normal user is authorized to see user scoreboard"
# Administrator should see scoreboard and users should be there in
# in the following order normal user - admin user (with 10 and 0 points
# respectively)
admin_response = self.app.get(
scoreboard_url,
extra_environ={'REMOTE_USER': str(admin_user.name)})
assert '200' in admin_response.status, \
"Administrator did not get a 200 status for user scoreboard"
# We need to remove everything before an 'Dataset Maintainers' because
# the admin user name comes first because of the navigational bar
heading_index = admin_response.body.find('Dataset Maintainers')
check_body = admin_response.body[heading_index:]
admin_index = check_body.find(admin_user.name)
user_index = check_body.find(normal_user.name)
assert admin_index > user_index, \
"Admin index comes before normal user index"
# Same thing as with the username we check for the scores
# they are represented as <p>10</p> and <p>0</p>
admin_index = check_body.find('<p>0</p>')
user_index = check_body.find('<p>10</p>')
assert admin_index > user_index, \
"Admin score does not come before the user score"
def test_account_create_gives_api_key(self):
account = make_account()
assert len(account.api_key) == 36
def test_profile(self):
"""
Profile page test
"""
# Create the test user account using default
# username is test, fullname is 'Test User',
# email is [email protected] and twitter handle is testuser
test = make_account('test')
# Get the user profile for an anonymous user
response = self.app.get(
url(controller='account', action='profile', name='test'))
assert '200' in response.status, \
'Profile not successfully returned for anonymous user'
assert '<dt>Name</dt>' in response.body, \
'Name heading is not in profile for anonymous user'
assert '<dd>Test User</dd>' in response.body, \
'User fullname is not in profile for anonymous user'
assert '<dt>Username</dt>' in response.body, \
'Username heading is not in profile for anonymous user'
assert '<dd>test</dd>' in response.body, \
'Username is not in profile for anonymous user'
assert '<dt>Email</dt>' not in response.body, \
'Email heading is in profile for anonymous user'
assert '<dd>[email protected]</dd>' not in response.body, \
'Email of user is in profile for anonymous user'
assert '<dt>Twitter</dt>' not in response.body, \
'Twitter heading is in profile for anonymous user'
assert '<dd>@testuser</dd>' not in response.body, \
'Twitter handle is in profile for anonymous user'
# Display email and twitter handle for the user
response = self.app.get(url(controller='account',
action='profile',
name='test'),
extra_environ={'REMOTE_USER': '******'})
assert '200' in response.status, \
'Profile not successfully returned for user'
assert '<dt>Email</dt>' in response.body, \
'Email heading is not in profile for the user'
assert '<dd>[email protected]</dd>' in response.body, \
'Email of user is not in profile for the user'
assert '<dt>Twitter</dt>' in response.body, \
'Twitter heading is not in profile for the user'
assert '@testuser' in response.body, \
'Twitter handle of user is not in profile for the user'
# Immitate that the user now makes email address and twitter handle
# public to all
test.public_email = True
test.public_twitter = True
db.session.add(test)
db.session.commit()
# Get the site as an anonymous user
response = self.app.get(
url(controller='account', action='profile', name='test'))
assert '200' in response.status, \
'Profile with public contact info not returned to anonymous user'
assert '<dt>Email</dt>' in response.body, \
'Public email heading not in profile for anonymous user'
assert '<dd>[email protected]</dd>' in response.body, \
'Public email not in profile for anonymous user'
assert '<dt>Twitter</dt>' in response.body, \
'Public Twitter heading not in profile for anonymous user'
assert '@testuser' in response.body, \
'Public Twitter handle not in profile for anonymous user'
# We take it back and hide the email and the twitter handle
test.public_email = False
test.public_twitter = False
db.session.add(test)
db.session.commit()
# Create admin user
admin_user = make_account('admin', 'Admin', '*****@*****.**')
admin_user.admin = True
db.session.add(admin_user)
db.session.commit()
# Display email for admins
response = self.app.get(url(controller='account',
action='profile',
name='test'),
extra_environ={'REMOTE_USER': '******'})
assert '200' in response.status, \
'Profile not successfully returned for admins'
assert '<dt>Name</dt>' in response.body, \
'Full name heading not in profile for admins'
assert '<dd>Test User</dd>' in response.body, \
'Full name of user not in profile for admins'
assert '<dt>Username</dt>' in response.body, \
'Username heading not in profile for admins'
assert '<dd>test</dd>' in response.body, \
'Username of user not in profile for admins'
assert '<dt>Email</dt>' in response.body, \
'Email heading not in profile for admins'
assert '<dd>[email protected]</dd>' in response.body, \
'Email of user not in profile for admins'
assert '<dt>Twitter</dt>' in response.body, \
'Twitter heading not in profile for admins'
assert '@testuser' in response.body, \
'Twitter handle of user not in profile for admins'
# Do not display fullname if it's empty
test.fullname = ''
db.session.add(test)
db.session.commit()
response = self.app.get(
url(controller='account', action='profile', name='test'))
assert '200' in response.status, \
'Profile page not successfully returned without full name'
assert '<dt>Name</dt>' not in response.body, \
'Name heading is in profile even though full name is empty'
# Test if the information is missing or just the full name
assert '<dt>Username</dt>' in response.body, \
'Username heading is not in profile when full name is empty'
assert '<dd>test</dd>' in response.body, \
'Username for user is not in profile when full name is empty'
# Do not display twitter handle if it's empty
test.twitter_handle = None
db.session.add(test)
db.session.commit()
response = self.app.get(url(controller='account',
action='profile',
name='test'),
extra_environ={'REMOTE_USER': '******'})
# Check if the Twitter heading is there
assert '<dt>Twitter</dt>' not in response.body, \
'Twitter heading is in profile even though twitter handle is empty'
# Test if the other information is missing
assert '<dt>Username</dt>' in response.body, \
'Username heading is not in profile when Twitter handle is empty'
assert '<dd>test</dd>' in response.body, \
'Username for user is not in profile when Twitter handle is empty'
def test_user_scoreboard(self):
"""
Test if the user scoreboard works and is only accessible by
administrators
"""
# Create dataset and users and make normal user owner of dataset
admin_user = make_account('test_admin', admin=True)
dataset = load_fixture('cra')
normal_user = make_account('test_user')
normal_user.datasets.append(dataset)
db.session.add(normal_user)
db.session.commit()
# Refetch the accounts into scope after the commit
admin_user = Account.by_name('test_admin')
normal_user = Account.by_name('test_user')
# Get the URL to user scoreboard
scoreboard_url = url(controller='account', action='scoreboard')
# Get the home page (could be just any page
user_response = self.app.get(url(controller='home', action='index'),
extra_environ={'REMOTE_USER':
str(normal_user.name)})
admin_response = self.app.get(url(controller='home', action='index'),
extra_environ={'REMOTE_USER':
str(admin_user.name)})
# Admin user should be the only one to see a link
# to the user scoreboard (not the normal user)
assert scoreboard_url not in user_response.body, \
"Normal user can see scoreboard url on the home page"
assert scoreboard_url in admin_response.body, \
"Admin user cannot see the scoreboard url on the home page"
# Normal user should not be able to access the scoreboard url
user_response = self.app.get(scoreboard_url,
expect_errors=True,
extra_environ={'REMOTE_USER':
str(normal_user.name)})
assert '403' in user_response.status, \
"Normal user is authorized to see user scoreboard"
# Administrator should see scoreboard and users should be there in
# in the following order normal user - admin user (with 10 and 0 points
# respectively)
admin_response = self.app.get(scoreboard_url,
extra_environ={'REMOTE_USER':
str(admin_user.name)})
assert '200' in admin_response.status, \
"Administrator did not get a 200 status for user scoreboard"
# We need to remove everything before an 'Dataset Maintainers' because
# the admin user name comes first because of the navigational bar
heading_index = admin_response.body.find('Dataset Maintainers')
check_body = admin_response.body[heading_index:]
admin_index = check_body.find(admin_user.name)
user_index = check_body.find(normal_user.name)
assert admin_index > user_index, \
"Admin index comes before normal user index"
# Same thing as with the username we check for the scores
# they are represented as <p>10</p> and <p>0</p>
admin_index = check_body.find('<p>0</p>')
user_index = check_body.find('<p>10</p>')
assert admin_index > user_index, \
"Admin score does not come before the user score"
def setup(self):
super(TestEditorController, self).setup()
self.user = make_account('test')
load_fixture('cra', self.user)
def setup(self):
super(TestDatasetController, self).setup()
self.dataset = load_fixture('cra')
self.user = make_account('test')
clean_and_reindex_solr()
def test_profile(self):
"""
Profile page test
"""
# Create the test user account using default
# username is test, fullname is 'Test User',
# email is [email protected] and twitter handle is testuser
test = make_account('test')
# Get the user profile for an anonymous user
response = self.app.get(url(controller='account', action='profile',
name='test'))
assert '200' in response.status, \
'Profile not successfully returned for anonymous user'
assert '<dt>Name</dt>' in response.body, \
'Name heading is not in profile for anonymous user'
assert '<dd>Test User</dd>' in response.body, \
'User fullname is not in profile for anonymous user'
assert '<dt>Username</dt>' in response.body, \
'Username heading is not in profile for anonymous user'
assert '<dd>test</dd>' in response.body, \
'Username is not in profile for anonymous user'
assert '<dt>Email</dt>' not in response.body, \
'Email heading is in profile for anonymous user'
assert '<dd>[email protected]</dd>' not in response.body, \
'Email of user is in profile for anonymous user'
assert '<dt>Twitter</dt>' not in response.body, \
'Twitter heading is in profile for anonymous user'
assert '<dd>@testuser</dd>' not in response.body, \
'Twitter handle is in profile for anonymous user'
# Display email and twitter handle for the user
response = self.app.get(url(controller='account', action='profile',
name='test'), extra_environ={'REMOTE_USER':
'******'})
assert '200' in response.status, \
'Profile not successfully returned for user'
assert '<dt>Email</dt>' in response.body, \
'Email heading is not in profile for the user'
assert '<dd>[email protected]</dd>' in response.body, \
'Email of user is not in profile for the user'
assert '<dt>Twitter</dt>' in response.body, \
'Twitter heading is not in profile for the user'
assert '@testuser' in response.body, \
'Twitter handle of user is not in profile for the user'
# Immitate that the user now makes email address and twitter handle
# public to all
test.public_email = True
test.public_twitter = True
db.session.add(test)
db.session.commit()
# Get the site as an anonymous user
response = self.app.get(url(controller='account', action='profile',
name='test'))
assert '200' in response.status, \
'Profile with public contact info not returned to anonymous user'
assert '<dt>Email</dt>' in response.body, \
'Public email heading not in profile for anonymous user'
assert '<dd>[email protected]</dd>' in response.body, \
'Public email not in profile for anonymous user'
assert '<dt>Twitter</dt>' in response.body, \
'Public Twitter heading not in profile for anonymous user'
assert '@testuser' in response.body, \
'Public Twitter handle not in profile for anonymous user'
# We take it back and hide the email and the twitter handle
test.public_email = False
test.public_twitter = False
db.session.add(test)
db.session.commit()
# Create admin user
admin_user = make_account('admin', 'Admin', '*****@*****.**')
admin_user.admin = True
db.session.add(admin_user)
db.session.commit()
# Display email for admins
response = self.app.get(url(controller='account', action='profile',
name='test'), extra_environ={'REMOTE_USER':
'******'})
assert '200' in response.status, \
'Profile not successfully returned for admins'
assert '<dt>Name</dt>' in response.body, \
'Full name heading not in profile for admins'
assert '<dd>Test User</dd>' in response.body, \
'Full name of user not in profile for admins'
assert '<dt>Username</dt>' in response.body, \
'Username heading not in profile for admins'
assert '<dd>test</dd>' in response.body, \
'Username of user not in profile for admins'
assert '<dt>Email</dt>' in response.body, \
'Email heading not in profile for admins'
assert '<dd>[email protected]</dd>' in response.body, \
'Email of user not in profile for admins'
assert '<dt>Twitter</dt>' in response.body, \
'Twitter heading not in profile for admins'
assert '@testuser' in response.body, \
'Twitter handle of user not in profile for admins'
# Do not display fullname if it's empty
test.fullname = ''
db.session.add(test)
db.session.commit()
response = self.app.get(url(controller='account', action='profile',
name='test'))
assert '200' in response.status, \
'Profile page not successfully returned without full name'
assert '<dt>Name</dt>' not in response.body, \
'Name heading is in profile even though full name is empty'
# Test if the information is missing or just the full name
assert '<dt>Username</dt>' in response.body, \
'Username heading is not in profile when full name is empty'
assert '<dd>test</dd>' in response.body, \
'Username for user is not in profile when full name is empty'
# Do not display twitter handle if it's empty
test.twitter_handle = None
db.session.add(test)
db.session.commit()
response = self.app.get(url(controller='account', action='profile',
name='test'), extra_environ={'REMOTE_USER':
'******'})
# Check if the Twitter heading is there
assert '<dt>Twitter</dt>' not in response.body, \
'Twitter heading is in profile even though twitter handle is empty'
# Test if the other information is missing
assert '<dt>Username</dt>' in response.body, \
'Username heading is not in profile when Twitter handle is empty'
assert '<dd>test</dd>' in response.body, \
'Username for user is not in profile when Twitter handle is empty'
def test_permissions(self):
"""
Test permissions API which tells users if they are allowed to
perform CRUD operations on a given dataset
"""
# Create our users
make_account('test_admin', admin=True)
maintainer = make_account('maintainer')
make_account('test_user')
# Set maintainer as maintainer of cra dataset
dataset = Dataset.by_name('cra')
dataset.managers.append(maintainer)
db.session.add(dataset)
db.session.commit()
# Make the url reusable
permission = url(controller='api/version2', action='permissions')
# First we try to get permissions without dataset parameter
# This should return a 200 but include an error message and nothing
# else
response = self.app.get(permission)
json_response = json.loads(response.body)
assert len(json_response.keys()) == 1, \
'Parameterless call response includes more than one properties'
assert 'error' in json_response, \
'Error property not present in parameterless call response'
# Dataset is public by default
# Anonymous user
response = self.app.get(permission, params={'dataset': 'cra'})
anon_response = json.loads(response.body)
assert not anon_response['create'], \
'Anonymous user can create existing dataset'
assert anon_response['read'], \
'Anonymous user cannot read public dataset'
assert not anon_response['update'], \
'Anonymous user can update existing dataset'
assert not anon_response['delete'], \
'Anonymous user can delete existing dataset'
# Normal user
response = self.app.get(permission, params={'dataset': 'cra'},
extra_environ={'REMOTE_USER': '******'})
normal_response = json.loads(response.body)
assert anon_response == normal_response, \
'Normal user has wrong permissions for a public dataset'
# Maintainer
response = self.app.get(permission, params={'dataset': 'cra'},
extra_environ={'REMOTE_USER': '******'})
main_response = json.loads(response.body)
assert not main_response['create'], \
'Maintainer can create a dataset with an existing (public) name'
assert main_response['read'], \
'Maintainer is not able to read public dataset'
assert main_response['update'], \
'Maintainer is not able to update public dataset'
assert main_response['delete'], \
'Maintainer is not able to delete public dataset'
# Administrator
response = self.app.get(permission, params={'dataset': 'cra'},
extra_environ={'REMOTE_USER': '******'})
admin_response = json.loads(response.body)
# Permissions for admins should be the same as for maintainer
assert main_response == admin_response, \
'Admin and maintainer permissions differ on public datasets'
# Set cra dataset as private so only maintainer and admin should be
# able to 'read' (and 'update' and 'delete'). All others should get
# False on everything
dataset = Dataset.by_name('cra')
dataset.private = True
db.session.add(dataset)
db.session.commit()
# Anonymous user
response = self.app.get(permission, params={'dataset': 'cra'})
anon_response = json.loads(response.body)
assert True not in anon_response.values(), \
'Anonymous user has access to a private dataset'
# Normal user
response = self.app.get(permission, params={'dataset': 'cra'},
extra_environ={'REMOTE_USER': '******'})
normal_response = json.loads(response.body)
assert anon_response == normal_response, \
'Normal user has access to a private dataset'
# Maintainer
response = self.app.get(permission, params={'dataset': 'cra'},
extra_environ={'REMOTE_USER': '******'})
main_response = json.loads(response.body)
assert not main_response['create'], \
'Maintainer can create a dataset with an existing (private) name'
assert main_response['read'], \
'Maintainer is not able to read private dataset'
assert main_response['update'], \
'Maintainer is not able to update private dataset'
assert main_response['delete'], \
'Maintainer is not able to delete private dataset'
# Administrator
response = self.app.get(permission, params={'dataset': 'cra'},
extra_environ={'REMOTE_USER': '******'})
admin_response = json.loads(response.body)
# Permissions for admins should be the same as for maintainer
assert main_response == admin_response, \
'Admin does not have the same permissions as maintainer'
# Now we try accessing a nonexistent dataset
# Everyone except anonymous user should have the same permissions
# We don't need to check with maintainer or admin now since this
# applies to all logged in users
response = self.app.get(permission, params={'dataset': 'nonexistent'})
anon_response = json.loads(response.body)
assert True not in anon_response.values(), \
'Anonymous users has permissions on a nonexistent datasets'
# Any logged in user (we use normal user)
response = self.app.get(permission, params={'dataset': 'nonexistent'},
extra_environ={'REMOTE_USER': '******'})
normal_response = json.loads(response.body)
assert normal_response['create'], \
'User cannot create a nonexistent dataset'
assert not normal_response['read'], \
'User can read a nonexistent dataset'
assert not normal_response['update'], \
'User can update a nonexistent dataset'
assert not normal_response['delete'], \
'User can delete a nonexistent dataset'
def setup(self):
super(TestSourceController, self).setup()
self.user = make_account('test')
self.dataset = load_fixture('cra', self.user)
def setup(self):
super(TestSourceController, self).setup()
self.user = make_account('test')
self.dataset = load_fixture('cra', self.user)
def setUp(self):
super(TestAccountController, self).setUp()
# Create test user
current_app.config['LOCKDOWN_FORCE'] = False
self.user = make_account('testuser')
def setup(self):
super(TestEditorController, self).setup()
self.user = make_account('test')
load_fixture('cra', self.user)
def test_account_create_gives_api_key(self):
account = make_account()
assert len(account.api_key) == 36