Exemple #1
0
    def setup(self):
        super(TestApiNewDataset, self).setup()
        self.user = make_account('test_new')
        self.user.api_key = 'd0610659-627b-4403-8b7f-6e2820ebc95d'

        self.user2 = make_account('test_new2')
        self.user2.api_key = 'c011c340-8dad-419c-8138-1c6ded86ead5'
 def test_trigger_reset_post_ok(self):
     try:
         original_smtp_server = config.get('smtp_server')
         config['smtp_server'] = 'non-existent-smtp-server'
         make_account()
         self.app.post(url(controller='account', action='trigger_reset'),
                       params={'email': "*****@*****.**"})
     finally:
         config['smtp_server'] = original_smtp_server
 def test_trigger_reset_post_ok(self):
     try:
         original_smtp_server = config.get('smtp_server')
         config['smtp_server'] = 'non-existent-smtp-server'
         make_account()
         self.app.post(url(controller='account',
                           action='trigger_reset'),
                       params={'email': "*****@*****.**"})
     finally:
         config['smtp_server'] = original_smtp_server
    def setUp(self):
        super(TestDatasetController, self).setUp()
        current_app.config['LOCKDOWN_FORCE'] = False
        current_app.config['PRESERVE_CONTEXT_ON_EXCEPTION'] = False
        #self.source = csvimport_fixture("sci_study")

        self.authuser = make_account('authuser', email='*****@*****.**', verified=True)
        self.authuser.password = generate_password_hash("password")
        self.moduser = make_account('moduser',  email='*****@*****.**', moderator=True)
        self.moduser.password = generate_password_hash("password")
        self.adminuser = make_account('adminuser',  email='*****@*****.**', admin=True)
        self.adminuser.password = generate_password_hash("password")

        db.session.commit()
    def setUp(self):
        super(TestDatasetController, self).setUp()
        current_app.config['LOCKDOWN_FORCE'] = False
        current_app.config['PRESERVE_CONTEXT_ON_EXCEPTION'] = False
        #self.source = csvimport_fixture("sci_study")

        self.user = make_account('test')
 def test_dashboard(self):
     test = make_account('test')
     cra = load_fixture('cra', manager=test)
     response = self.app.get(url(controller='account', action='dashboard'),
                             extra_environ={'REMOTE_USER': str(test.name)})
     assert '200' in response.status, response.status
     assert cra.label in response, response
    def setUp(self):
        super(TestDatasetController, self).setUp()
        current_app.config['LOCKDOWN_FORCE'] = False
        current_app.config['PRESERVE_CONTEXT_ON_EXCEPTION'] = False
        #self.source = csvimport_fixture("sci_study")

        self.user = make_account('test', make_account=True)
 def test_dashboard(self):
     test = make_account('test')
     cra = load_fixture('cra', manager=test)
     response = self.app.get(url(controller='account', action='dashboard'),
                             extra_environ={'REMOTE_USER': str(test.name)})
     assert '200' in response.status, response.status
     assert cra.label in response, response
Exemple #9
0
    def setup(self):
        """
        Set up the TestBadgeController. Setup creates two users, one regular
        user (test) and one administrator (admin).
        """
        super(TestBadgeController, self).setup()

        # Create test user
        self.user = make_account('test')

        # Create admin user
        self.admin = make_account('admin')
        self.admin.admin = True
        db.session.commit()

        # Load dataset we use for tests
        self.dataset = load_fixture('cra')
    def setup(self):
        """
        Set up the TestBadgeController. Setup creates two users, one regular
        user (test) and one administrator (admin).
        """
        super(TestBadgeController, self).setup()

        # Create test user
        self.user = make_account('test')

        # Create admin user
        self.admin = make_account('admin')
        self.admin.admin = True
        db.session.commit()

        # Load dataset we use for tests
        self.dataset = load_fixture('cra')
Exemple #11
0
    def test_feeds(self):
        # Anonymous user with one public dataset
        response = self.app.get(url(controller='dataset', action='feed_rss'),
                                expect_errors=True)
        assert 'application/xml' in response.content_type
        assert '<title>Recently Created Datasets</title>' in response
        assert '<item><title>Country Regional Analysis v2009' in response
        cra = Dataset.by_name('cra')
        cra.private = True
        db.session.add(cra)
        db.session.commit()

        # Anonymous user with one private dataset
        response = self.app.get(url(controller='dataset', action='feed_rss'),
                                expect_errors=True)
        assert 'application/xml' in response.content_type
        assert '<title>Recently Created Datasets</title>' in response
        assert '<item><title>Country Regional Analysis v2009' not in response

        # Logged in user with one public dataset
        cra.private = False
        db.session.add(cra)
        db.session.commit()
        response = self.app.get(url(controller='dataset', action='feed_rss'),
                                expect_errors=True,
                                extra_environ={'REMOTE_USER': '******'})
        assert 'application/xml' in response.content_type
        assert '<title>Recently Created Datasets</title>' in response
        assert '<item><title>Country Regional Analysis v2009' in response

        # Logged in user with one private dataset
        cra.private = True
        db.session.add(cra)
        db.session.commit()
        response = self.app.get(url(controller='dataset', action='feed_rss'),
                                expect_errors=True,
                                extra_environ={'REMOTE_USER': '******'})
        assert 'application/xml' in response.content_type
        assert '<title>Recently Created Datasets</title>' in response
        assert '<item><title>Country Regional Analysis v2009' not in response

        # Logged in admin user with one private dataset
        admin_user = make_account('admin')
        admin_user.admin = True
        db.session.add(admin_user)
        db.session.commit()
        response = self.app.get(url(controller='dataset', action='feed_rss'),
                                extra_environ={'REMOTE_USER': '******'})
        assert '<title>Recently Created Datasets</title>' in response
        assert '<item><title>Country Regional Analysis v2009' in response
        assert 'application/xml' in response.content_type

        response = self.app.get(url(controller='dataset', action='index'))
        assert ('<link rel="alternate" type="application/rss+xml" title="'
                'Latest Datasets on OpenSpending" href="/datasets.rss"' in
                response)
Exemple #12
0
 def test_reset_get(self):
     response = self.app.get(url(controller='account', action='do_reset',
                                 token='huhu',
                                 email='*****@*****.**'))
     assert '/login' in response.headers['location'], response.headers
     account = make_account()
     response = self.app.get(url(controller='account', action='do_reset',
                                 token=account.token,
                                 email=account.email))
     assert '/settings' in response.headers['location'], response.headers
Exemple #13
0
def csvimport_fixture(name):
    model_fp = csvimport_fixture_file(name, 'model.json')
    mapping_fp = csvimport_fixture_file(name, 'mapping.json')
    model = json.load(model_fp)
    if mapping_fp:
        model['mapping'] = json.load(mapping_fp)
    dataset = Dataset(model)
    dataset.generate()
    db.session.add(dataset)
    data_path = csvimport_fixture_path(name, 'data.csv')
    user = make_account()
    source = Source(dataset, user, data_path)
    db.session.add(source)
    db.session.commit()
    return source
def csvimport_fixture(name):
    model_fp = csvimport_fixture_file(name, 'model.json')
    mapping_fp = csvimport_fixture_file(name, 'mapping.json')
    model = json.load(model_fp)
    if mapping_fp:
        model['mapping'] = json.load(mapping_fp)
    dataset = Dataset(model)
    dataset.generate()
    db.session.add(dataset)
    data_path = csvimport_fixture_path(name, 'data.csv')
    user = make_account()
    source = Source(dataset, user, data_path)
    db.session.add(source)
    db.session.commit()
    return source
Exemple #15
0
    def test_distinct_json(self):
        test = make_account()
        response = self.app.get(url(controller='account', action='complete'),
                                extra_environ={'REMOTE_USER': str(test.name)})
        obj = json.loads(response.body)['results']
        assert obj[0].keys() == [u'fullname', u'name']
        assert len(obj) == 1, obj
        assert obj[0]['name'] == 'test', obj[0]

        response = self.app.get(url(controller='account', action='complete'),
                                params={'q': 'tes'},
                                extra_environ={'REMOTE_USER': str(test.name)})
        obj = json.loads(response.body)['results']
        assert len(obj) == 1, obj

        response = self.app.get(url(controller='account', action='complete'),
                                params={'q': 'foo'},
                                extra_environ={'REMOTE_USER': str(test.name)})
        obj = json.loads(response.body)['results']
        assert len(obj) == 0, obj
Exemple #16
0
    def test_distinct_json(self):
        test = make_account()
        response = self.app.get(url(controller='account', action='complete'),
                                extra_environ={'REMOTE_USER': str(test.name)})
        obj = json.loads(response.body)['results']
        assert obj[0].keys() == [u'fullname', u'name']
        assert len(obj) == 1, obj
        assert obj[0]['name'] == 'test', obj[0]

        response = self.app.get(url(controller='account', action='complete'),
                                params={'q': 'tes'},
                                extra_environ={'REMOTE_USER': str(test.name)})
        obj = json.loads(response.body)['results']
        assert len(obj) == 1, obj

        response = self.app.get(url(controller='account', action='complete'),
                                params={'q': 'foo'},
                                extra_environ={'REMOTE_USER': str(test.name)})
        obj = json.loads(response.body)['results']
        assert len(obj) == 0, obj
Exemple #17
0
    def test_unverified_user(self):
        """
        check that unverified user can't go anywhere

        """
        myfakeuser = make_account(name="tester",
                                  fullname='tester',
                                  email='*****@*****.**',
                                  admin=False,
                                  verified=False)

        myfakeuser.password = generate_password_hash("mypassword")
        db.session.commit()

        res = self.client.post(url_for('account.login'),
                               data=dict(login="******",
                                         password='******'),
                               follow_redirects=True)
        assert "The message would have been sent below" in res.data, "should show an email message inn debug"

        res2 = self.client.get(url_for("forum.index"))
        assert '403' in res2.status, "should not be able to access the forum as unverified user"
Exemple #18
0
    def setUp(self):
        super(TestAccountController, self).setUp()

        # Create test user
        current_app.config['LOCKDOWN_FORCE'] = False
        self.user = make_account('testuser')
Exemple #19
0
    def test_user_scoreboard(self):
        """
        Test if the user scoreboard works and is only accessible by
        administrators
        """

        # Create dataset and users and make normal user owner of dataset
        admin_user = make_account('test_admin', admin=True)

        dataset = load_fixture('cra')
        normal_user = make_account('test_user')
        normal_user.datasets.append(dataset)
        db.session.add(normal_user)
        db.session.commit()

        # Refetch the accounts into scope after the commit
        admin_user = Account.by_name('test_admin')
        normal_user = Account.by_name('test_user')

        # Get the URL to user scoreboard
        scoreboard_url = url(controller='account', action='scoreboard')
        # Get the home page (could be just any page
        user_response = self.app.get(
            url(controller='home', action='index'),
            extra_environ={'REMOTE_USER': str(normal_user.name)})
        admin_response = self.app.get(
            url(controller='home', action='index'),
            extra_environ={'REMOTE_USER': str(admin_user.name)})

        # Admin user should be the only one to see a link
        # to the user scoreboard (not the normal user)
        assert scoreboard_url not in user_response.body, \
            "Normal user can see scoreboard url on the home page"

        assert scoreboard_url in admin_response.body, \
            "Admin user cannot see the scoreboard url on the home page"

        # Normal user should not be able to access the scoreboard url
        user_response = self.app.get(
            scoreboard_url,
            expect_errors=True,
            extra_environ={'REMOTE_USER': str(normal_user.name)})
        assert '403' in user_response.status, \
            "Normal user is authorized to see user scoreboard"

        # Administrator should see scoreboard and users should be there in
        # in the following order normal user - admin user (with 10 and 0 points
        # respectively)
        admin_response = self.app.get(
            scoreboard_url,
            extra_environ={'REMOTE_USER': str(admin_user.name)})

        assert '200' in admin_response.status, \
            "Administrator did not get a 200 status for user scoreboard"

        # We need to remove everything before an 'Dataset Maintainers' because
        # the admin user name comes first because of the navigational bar
        heading_index = admin_response.body.find('Dataset Maintainers')
        check_body = admin_response.body[heading_index:]

        admin_index = check_body.find(admin_user.name)
        user_index = check_body.find(normal_user.name)
        assert admin_index > user_index, \
            "Admin index comes before normal user index"

        # Same thing as with the username we check for the scores
        # they are represented as <p>10</p> and <p>0</p>
        admin_index = check_body.find('<p>0</p>')
        user_index = check_body.find('<p>10</p>')
        assert admin_index > user_index, \
            "Admin score does not come before the user score"
Exemple #20
0
 def test_account_create_gives_api_key(self):
     account = make_account()
     assert len(account.api_key) == 36
Exemple #21
0
    def test_profile(self):
        """
        Profile page test
        """

        # Create the test user account using default
        # username is test, fullname is 'Test User',
        # email is [email protected] and twitter handle is testuser
        test = make_account('test')

        # Get the user profile for an anonymous user
        response = self.app.get(
            url(controller='account', action='profile', name='test'))

        assert '200' in response.status, \
            'Profile not successfully returned for anonymous user'
        assert '<dt>Name</dt>' in response.body, \
            'Name heading is not in profile for anonymous user'
        assert '<dd>Test User</dd>' in response.body, \
            'User fullname is not in profile for anonymous user'
        assert '<dt>Username</dt>' in response.body, \
            'Username heading is not in profile for anonymous user'
        assert '<dd>test</dd>' in response.body, \
            'Username is not in profile for anonymous user'
        assert '<dt>Email</dt>' not in response.body, \
            'Email heading is in profile for anonymous user'
        assert '<dd>[email protected]</dd>' not in response.body, \
            'Email of user is in profile for anonymous user'
        assert '<dt>Twitter</dt>' not in response.body, \
            'Twitter heading is in profile for anonymous user'
        assert '<dd>@testuser</dd>' not in response.body, \
            'Twitter handle is in profile for anonymous user'

        # Display email and twitter handle for the user
        response = self.app.get(url(controller='account',
                                    action='profile',
                                    name='test'),
                                extra_environ={'REMOTE_USER': '******'})

        assert '200' in response.status, \
            'Profile not successfully returned for user'
        assert '<dt>Email</dt>' in response.body, \
            'Email heading is not in profile for the user'
        assert '<dd>[email protected]</dd>' in response.body, \
            'Email of user is not in profile for the user'
        assert '<dt>Twitter</dt>' in response.body, \
            'Twitter heading is not in profile for the user'
        assert '@testuser' in response.body, \
            'Twitter handle of user is not in profile for the user'

        # Immitate that the user now makes email address and twitter handle
        # public to all
        test.public_email = True
        test.public_twitter = True
        db.session.add(test)
        db.session.commit()

        # Get the site as an anonymous user
        response = self.app.get(
            url(controller='account', action='profile', name='test'))

        assert '200' in response.status, \
            'Profile with public contact info not returned to anonymous user'
        assert '<dt>Email</dt>' in response.body, \
            'Public email heading not in profile for anonymous user'
        assert '<dd>[email protected]</dd>' in response.body, \
            'Public email not in profile for anonymous user'
        assert '<dt>Twitter</dt>' in response.body, \
            'Public Twitter heading not in profile for anonymous user'
        assert '@testuser' in response.body, \
            'Public Twitter handle not in profile for anonymous user'

        # We take it back and hide the email and the twitter handle
        test.public_email = False
        test.public_twitter = False
        db.session.add(test)
        db.session.commit()

        # Create admin user
        admin_user = make_account('admin', 'Admin', '*****@*****.**')
        admin_user.admin = True
        db.session.add(admin_user)
        db.session.commit()

        # Display email for admins
        response = self.app.get(url(controller='account',
                                    action='profile',
                                    name='test'),
                                extra_environ={'REMOTE_USER': '******'})

        assert '200' in response.status, \
            'Profile not successfully returned for admins'
        assert '<dt>Name</dt>' in response.body, \
            'Full name heading not in profile for admins'
        assert '<dd>Test User</dd>' in response.body, \
            'Full name of user not in profile for admins'
        assert '<dt>Username</dt>' in response.body, \
            'Username heading not in profile for admins'
        assert '<dd>test</dd>' in response.body, \
            'Username of user not in profile for admins'
        assert '<dt>Email</dt>' in response.body, \
            'Email heading not in profile for admins'
        assert '<dd>[email protected]</dd>' in response.body, \
            'Email of user not in profile for admins'
        assert '<dt>Twitter</dt>' in response.body, \
            'Twitter heading not in profile for admins'
        assert '@testuser' in response.body, \
            'Twitter handle of user not in profile for admins'

        # Do not display fullname if it's empty
        test.fullname = ''
        db.session.add(test)
        db.session.commit()

        response = self.app.get(
            url(controller='account', action='profile', name='test'))

        assert '200' in response.status, \
            'Profile page not successfully returned without full name'
        assert '<dt>Name</dt>' not in response.body, \
            'Name heading is in profile even though full name is empty'
        # Test if the information is missing or just the full name
        assert '<dt>Username</dt>' in response.body, \
            'Username heading is not in profile when full name is empty'
        assert '<dd>test</dd>' in response.body, \
            'Username for user is not in profile when full name is empty'

        # Do not display twitter handle if it's empty
        test.twitter_handle = None
        db.session.add(test)
        db.session.commit()

        response = self.app.get(url(controller='account',
                                    action='profile',
                                    name='test'),
                                extra_environ={'REMOTE_USER': '******'})
        # Check if the Twitter heading is there
        assert '<dt>Twitter</dt>' not in response.body, \
            'Twitter heading is in profile even though twitter handle is empty'
        # Test if the other information is missing
        assert '<dt>Username</dt>' in response.body, \
            'Username heading is not in profile when Twitter handle is empty'
        assert '<dd>test</dd>' in response.body, \
            'Username for user is not in profile when Twitter handle is empty'
Exemple #22
0
    def test_user_scoreboard(self):
        """
        Test if the user scoreboard works and is only accessible by
        administrators
        """

        # Create dataset and users and make normal user owner of dataset
        admin_user = make_account('test_admin', admin=True)

        dataset = load_fixture('cra')
        normal_user = make_account('test_user')
        normal_user.datasets.append(dataset)
        db.session.add(normal_user)
        db.session.commit()

        # Refetch the accounts into scope after the commit
        admin_user = Account.by_name('test_admin')
        normal_user = Account.by_name('test_user')

        # Get the URL to user scoreboard
        scoreboard_url = url(controller='account', action='scoreboard')
        # Get the home page (could be just any page
        user_response = self.app.get(url(controller='home', action='index'),
                                     extra_environ={'REMOTE_USER':
                                                    str(normal_user.name)})
        admin_response = self.app.get(url(controller='home', action='index'),
                                      extra_environ={'REMOTE_USER':
                                                     str(admin_user.name)})

        # Admin user should be the only one to see a link
        # to the user scoreboard (not the normal user)
        assert scoreboard_url not in user_response.body, \
            "Normal user can see scoreboard url on the home page"

        assert scoreboard_url in admin_response.body, \
            "Admin user cannot see the scoreboard url on the home page"

        # Normal user should not be able to access the scoreboard url
        user_response = self.app.get(scoreboard_url,
                                     expect_errors=True,
                                     extra_environ={'REMOTE_USER':
                                                    str(normal_user.name)})
        assert '403' in user_response.status, \
            "Normal user is authorized to see user scoreboard"

        # Administrator should see scoreboard and users should be there in
        # in the following order normal user - admin user (with 10 and 0 points
        # respectively)
        admin_response = self.app.get(scoreboard_url,
                                      extra_environ={'REMOTE_USER':
                                                     str(admin_user.name)})

        assert '200' in admin_response.status, \
            "Administrator did not get a 200 status for user scoreboard"

        # We need to remove everything before an 'Dataset Maintainers' because
        # the admin user name comes first because of the navigational bar
        heading_index = admin_response.body.find('Dataset Maintainers')
        check_body = admin_response.body[heading_index:]

        admin_index = check_body.find(admin_user.name)
        user_index = check_body.find(normal_user.name)
        assert admin_index > user_index, \
            "Admin index comes before normal user index"

        # Same thing as with the username we check for the scores
        # they are represented as <p>10</p> and <p>0</p>
        admin_index = check_body.find('<p>0</p>')
        user_index = check_body.find('<p>10</p>')
        assert admin_index > user_index, \
            "Admin score does not come before the user score"
    def setup(self):

        super(TestEditorController, self).setup()
        self.user = make_account('test')
        load_fixture('cra', self.user)
Exemple #24
0
    def setup(self):

        super(TestDatasetController, self).setup()
        self.dataset = load_fixture('cra')
        self.user = make_account('test')
        clean_and_reindex_solr()
Exemple #25
0
    def test_profile(self):
        """
        Profile page test
        """

        # Create the test user account using default
        # username is test, fullname is 'Test User',
        # email is [email protected] and twitter handle is testuser
        test = make_account('test')

        # Get the user profile for an anonymous user
        response = self.app.get(url(controller='account', action='profile',
                                    name='test'))

        assert '200' in response.status, \
            'Profile not successfully returned for anonymous user'
        assert '<dt>Name</dt>' in response.body, \
            'Name heading is not in profile for anonymous user'
        assert '<dd>Test User</dd>' in response.body, \
            'User fullname is not in profile for anonymous user'
        assert '<dt>Username</dt>' in response.body, \
            'Username heading is not in profile for anonymous user'
        assert '<dd>test</dd>' in response.body, \
            'Username is not in profile for anonymous user'
        assert '<dt>Email</dt>' not in response.body, \
            'Email heading is in profile for anonymous user'
        assert '<dd>[email protected]</dd>' not in response.body, \
            'Email of user is in profile for anonymous user'
        assert '<dt>Twitter</dt>' not in response.body, \
            'Twitter heading is in profile for anonymous user'
        assert '<dd>@testuser</dd>' not in response.body, \
            'Twitter handle is in profile for anonymous user'

        # Display email and twitter handle for the user
        response = self.app.get(url(controller='account', action='profile',
                                    name='test'), extra_environ={'REMOTE_USER':
                                                                 '******'})

        assert '200' in response.status, \
            'Profile not successfully returned for user'
        assert '<dt>Email</dt>' in response.body, \
            'Email heading is not in profile for the user'
        assert '<dd>[email protected]</dd>' in response.body, \
            'Email of user is not in profile for the user'
        assert '<dt>Twitter</dt>' in response.body, \
            'Twitter heading is not in profile for the user'
        assert '@testuser' in response.body, \
            'Twitter handle of user is not in profile for the user'

        # Immitate that the user now makes email address and twitter handle
        # public to all
        test.public_email = True
        test.public_twitter = True
        db.session.add(test)
        db.session.commit()

        # Get the site as an anonymous user
        response = self.app.get(url(controller='account', action='profile',
                                    name='test'))

        assert '200' in response.status, \
            'Profile with public contact info not returned to anonymous user'
        assert '<dt>Email</dt>' in response.body, \
            'Public email heading not in profile for anonymous user'
        assert '<dd>[email protected]</dd>' in response.body, \
            'Public email not in profile for anonymous user'
        assert '<dt>Twitter</dt>' in response.body, \
            'Public Twitter heading not in profile for anonymous user'
        assert '@testuser' in response.body, \
            'Public Twitter handle not in profile for anonymous user'

        # We take it back and hide the email and the twitter handle
        test.public_email = False
        test.public_twitter = False
        db.session.add(test)
        db.session.commit()

        # Create admin user
        admin_user = make_account('admin', 'Admin', '*****@*****.**')
        admin_user.admin = True
        db.session.add(admin_user)
        db.session.commit()

        # Display email for admins
        response = self.app.get(url(controller='account', action='profile',
                                    name='test'), extra_environ={'REMOTE_USER':
                                                                 '******'})

        assert '200' in response.status, \
            'Profile not successfully returned for admins'
        assert '<dt>Name</dt>' in response.body, \
            'Full name heading not in profile for admins'
        assert '<dd>Test User</dd>' in response.body, \
            'Full name of user not in profile for admins'
        assert '<dt>Username</dt>' in response.body, \
            'Username heading not in profile for admins'
        assert '<dd>test</dd>' in response.body, \
            'Username of user not in profile for admins'
        assert '<dt>Email</dt>' in response.body, \
            'Email heading not in profile for admins'
        assert '<dd>[email protected]</dd>' in response.body, \
            'Email of user not in profile for admins'
        assert '<dt>Twitter</dt>' in response.body, \
            'Twitter heading not in profile for admins'
        assert '@testuser' in response.body, \
            'Twitter handle of user not in profile for admins'

        # Do not display fullname if it's empty
        test.fullname = ''
        db.session.add(test)
        db.session.commit()

        response = self.app.get(url(controller='account', action='profile',
                                    name='test'))

        assert '200' in response.status, \
            'Profile page not successfully returned without full name'
        assert '<dt>Name</dt>' not in response.body, \
            'Name heading is in profile even though full name is empty'
        # Test if the information is missing or just the full name
        assert '<dt>Username</dt>' in response.body, \
            'Username heading is not in profile when full name is empty'
        assert '<dd>test</dd>' in response.body, \
            'Username for user is not in profile when full name is empty'

        # Do not display twitter handle if it's empty
        test.twitter_handle = None
        db.session.add(test)
        db.session.commit()

        response = self.app.get(url(controller='account', action='profile',
                                    name='test'), extra_environ={'REMOTE_USER':
                                                                 '******'})
        # Check if the Twitter heading is there
        assert '<dt>Twitter</dt>' not in response.body, \
            'Twitter heading is in profile even though twitter handle is empty'
        # Test if the other information is missing
        assert '<dt>Username</dt>' in response.body, \
            'Username heading is not in profile when Twitter handle is empty'
        assert '<dd>test</dd>' in response.body, \
            'Username for user is not in profile when Twitter handle is empty'
Exemple #26
0
    def test_permissions(self):
        """
        Test permissions API which tells users if they are allowed to
        perform CRUD operations on a given dataset
        """

        # Create our users
        make_account('test_admin', admin=True)
        maintainer = make_account('maintainer')
        make_account('test_user')

        # Set maintainer as maintainer of cra dataset
        dataset = Dataset.by_name('cra')
        dataset.managers.append(maintainer)
        db.session.add(dataset)
        db.session.commit()

        # Make the url reusable
        permission = url(controller='api/version2', action='permissions')

        # First we try to get permissions without dataset parameter
        # This should return a 200 but include an error message and nothing
        # else
        response = self.app.get(permission)
        json_response = json.loads(response.body)
        assert len(json_response.keys()) == 1, \
            'Parameterless call response includes more than one properties'
        assert 'error' in json_response, \
            'Error property not present in parameterless call response'

        # Dataset is public by default

        # Anonymous user
        response = self.app.get(permission, params={'dataset': 'cra'})
        anon_response = json.loads(response.body)
        assert not anon_response['create'], \
            'Anonymous user can create existing dataset'
        assert anon_response['read'], \
            'Anonymous user cannot read public dataset'
        assert not anon_response['update'], \
            'Anonymous user can update existing dataset'
        assert not anon_response['delete'], \
            'Anonymous user can delete existing dataset'
        # Normal user
        response = self.app.get(permission, params={'dataset': 'cra'},
                                extra_environ={'REMOTE_USER': '******'})
        normal_response = json.loads(response.body)
        assert anon_response == normal_response, \
            'Normal user has wrong permissions for a public dataset'
        # Maintainer
        response = self.app.get(permission, params={'dataset': 'cra'},
                                extra_environ={'REMOTE_USER': '******'})
        main_response = json.loads(response.body)
        assert not main_response['create'], \
            'Maintainer can create a dataset with an existing (public) name'
        assert main_response['read'], \
            'Maintainer is not able to read public dataset'
        assert main_response['update'], \
            'Maintainer is not able to update public dataset'
        assert main_response['delete'], \
            'Maintainer is not able to delete public dataset'
        # Administrator
        response = self.app.get(permission, params={'dataset': 'cra'},
                                extra_environ={'REMOTE_USER': '******'})
        admin_response = json.loads(response.body)
        # Permissions for admins should be the same as for maintainer
        assert main_response == admin_response, \
            'Admin and maintainer permissions differ on public datasets'

        # Set cra dataset as private so only maintainer and admin should be
        # able to 'read' (and 'update' and 'delete'). All others should get
        # False on everything
        dataset = Dataset.by_name('cra')
        dataset.private = True
        db.session.add(dataset)
        db.session.commit()

        # Anonymous user
        response = self.app.get(permission, params={'dataset': 'cra'})
        anon_response = json.loads(response.body)
        assert True not in anon_response.values(), \
            'Anonymous user has access to a private dataset'
        # Normal user
        response = self.app.get(permission, params={'dataset': 'cra'},
                                extra_environ={'REMOTE_USER': '******'})
        normal_response = json.loads(response.body)
        assert anon_response == normal_response, \
            'Normal user has access to a private dataset'
        # Maintainer
        response = self.app.get(permission, params={'dataset': 'cra'},
                                extra_environ={'REMOTE_USER': '******'})
        main_response = json.loads(response.body)
        assert not main_response['create'], \
            'Maintainer can create a dataset with an existing (private) name'
        assert main_response['read'], \
            'Maintainer is not able to read private dataset'
        assert main_response['update'], \
            'Maintainer is not able to update private dataset'
        assert main_response['delete'], \
            'Maintainer is not able to delete private dataset'
        # Administrator
        response = self.app.get(permission, params={'dataset': 'cra'},
                                extra_environ={'REMOTE_USER': '******'})
        admin_response = json.loads(response.body)
        # Permissions for admins should be the same as for maintainer
        assert main_response == admin_response, \
            'Admin does not have the same permissions as maintainer'

        # Now we try accessing a nonexistent dataset
        # Everyone except anonymous user should have the same permissions
        # We don't need to check with maintainer or admin now since this
        # applies to all logged in users
        response = self.app.get(permission, params={'dataset': 'nonexistent'})
        anon_response = json.loads(response.body)
        assert True not in anon_response.values(), \
            'Anonymous users has permissions on a nonexistent datasets'
        # Any logged in user (we use normal user)
        response = self.app.get(permission, params={'dataset': 'nonexistent'},
                                extra_environ={'REMOTE_USER': '******'})
        normal_response = json.loads(response.body)
        assert normal_response['create'], \
            'User cannot create a nonexistent dataset'
        assert not normal_response['read'], \
            'User can read a nonexistent dataset'
        assert not normal_response['update'], \
            'User can update a nonexistent dataset'
        assert not normal_response['delete'], \
            'User can delete a nonexistent dataset'
Exemple #27
0
    def setup(self):

        super(TestSourceController, self).setup()
        self.user = make_account('test')
        self.dataset = load_fixture('cra', self.user)
Exemple #28
0
    def setup(self):

        super(TestSourceController, self).setup()
        self.user = make_account('test')
        self.dataset = load_fixture('cra', self.user)
    def setUp(self):
        super(TestAccountController, self).setUp()

        # Create test user
        current_app.config['LOCKDOWN_FORCE'] = False
        self.user = make_account('testuser')
Exemple #30
0
    def setup(self):

        super(TestEditorController, self).setup()
        self.user = make_account('test')
        load_fixture('cra', self.user)
 def test_account_create_gives_api_key(self):
     account = make_account()
     assert len(account.api_key) == 36