def test_resolve_guid_download_errors(self): testfile = TestFile.get_or_create(self.node, 'folder/path') testfile.name = 'asdf' testfile.materialized_path = '/folder/path' guid = testfile.get_guid(create=True) testfile.save() testfile.delete() res = self.app.get('/{}/download'.format(guid), expect_errors=True) assert res.status_code == 404 pp = PreprintFactory(is_published=False) res = self.app.get(pp.url + 'download', expect_errors=True) assert res.status_code == 404 pp.is_published = True pp.save() pp.is_public = False pp.save() non_contrib = AuthUserFactory() res = self.app.get(pp.url + 'download', auth=non_contrib.auth, expect_errors=True) assert res.status_code == 403 pp.deleted = timezone.now() pp.save() res = self.app.get(pp.url + 'download', auth=non_contrib.auth, expect_errors=True) assert res.status_code == 410
def test_resolve_guid_download_errors(self): testfile = TestFile.get_or_create(self.node, 'folder/path') testfile.name = 'asdf' testfile.materialized_path = '/folder/path' guid = testfile.get_guid(create=True) testfile.save() testfile.delete() res = self.app.get('/{}/download'.format(guid), expect_errors=True) assert res.status_code == 404 pp = PreprintFactory(is_published=False) res = self.app.get(pp.url + 'download', expect_errors=True) assert res.status_code == 404 pp.is_published = True pp.save() pp.is_public = False pp.save() non_contrib = AuthUserFactory() res = self.app.get(pp.url + 'download', auth=non_contrib.auth, expect_errors=True) assert res.status_code == 403 pp.deleted = timezone.now() pp.save() res = self.app.get(pp.url + 'download', auth=non_contrib.auth, expect_errors=True) assert res.status_code == 410
def pre_mod_preprint(self, admin, write_contrib, pre_mod_provider): pre = PreprintFactory(creator=admin, provider=pre_mod_provider, is_published=False, machine_state='pending') pre.ever_public = True pre.save() pre.add_contributor(contributor=write_contrib, permissions=permissions.WRITE, save=True) pre.is_public = True pre.save() return pre
def test_filter_withdrawn_preprint(self, app, url, user, project_one, provider_one, provider_two): preprint_one = PreprintFactory(is_published=False, creator=user, project=project_one, provider=provider_one) preprint_one.date_withdrawn = timezone.now() preprint_one.is_public = True preprint_one.is_published = True preprint_one.date_published = timezone.now() preprint_one.machine_state = 'accepted' assert preprint_one.ever_public is False # Putting this preprint in a weird state, is verified_publishable, but has been # withdrawn and ever_public is False. This is to isolate withdrawal portion of query preprint_one.save() preprint_two = PreprintFactory(creator=user, project=project_one, provider=provider_two) preprint_two.date_withdrawn = timezone.now() preprint_two.ever_public = True preprint_two.save() # Unauthenticated can only see withdrawn preprints that have been public expected = [preprint_two._id] res = app.get(url) actual = [preprint['id'] for preprint in res.json['data']] assert set(expected) == set(actual) # Noncontribs can only see withdrawn preprints that have been public user2 = AuthUserFactory() expected = [preprint_two._id] res = app.get(url, auth=user2.auth) actual = [preprint['id'] for preprint in res.json['data']] assert set(expected) == set(actual) # contribs can only see withdrawn preprints that have been public user2 = AuthUserFactory() preprint_one.add_contributor(user2, 'read') preprint_two.add_contributor(user2, 'read') expected = [preprint_two._id] res = app.get(url, auth=user2.auth) actual = [preprint['id'] for preprint in res.json['data']] assert set(expected) == set(actual) expected = [preprint_two._id] # Admins can only see withdrawn preprints that have been public res = app.get(url, auth=user.auth) actual = [preprint['id'] for preprint in res.json['data']] assert set(expected) == set(actual)
def test_filter_withdrawn_preprint(self, app, url, user): preprint_one = PreprintFactory(is_published=False, creator=user) preprint_one.date_withdrawn = timezone.now() preprint_one.is_public = True preprint_one.is_published = True preprint_one.date_published = timezone.now() preprint_one.machine_state = 'accepted' assert preprint_one.ever_public is False # Putting this preprint in a weird state, is verified_publishable, but has been # withdrawn and ever_public is False. This is to isolate withdrawal portion of query preprint_one.save() preprint_two = PreprintFactory(creator=user) preprint_two.date_withdrawn = timezone.now() preprint_two.ever_public = True preprint_two.save() # Unauthenticated users cannot see users/me/preprints url = '/{}users/me/preprints/?version=2.2&'.format(API_BASE) expected = [preprint_two._id] res = app.get(url, expect_errors=True) assert res.status_code == 401 # Noncontribs cannot see withdrawn preprints user2 = AuthUserFactory() url = '/{}users/{}/preprints/?version=2.2&'.format(API_BASE, user2._id) expected = [] res = app.get(url, auth=user2.auth) actual = [preprint['id'] for preprint in res.json['data']] assert set(expected) == set(actual) # Read contribs - contrib=False on UserPreprints filter so read contribs can only see # withdrawn preprints that were once public user2 = AuthUserFactory() preprint_one.add_contributor(user2, 'read', save=True) preprint_two.add_contributor(user2, 'read', save=True) url = '/{}users/{}/preprints/?version=2.2&'.format(API_BASE, user2._id) expected = [preprint_two._id] res = app.get(url, auth=user2.auth) actual = [preprint['id'] for preprint in res.json['data']] assert set(expected) == set(actual) expected = [preprint_two._id] # Admin contribs can only see withdrawn preprints that were once public res = app.get(url, auth=user.auth) actual = [preprint['id'] for preprint in res.json['data']] assert set(expected) == set(actual)
def test_filter_withdrawn_preprint(self, app, url, user): preprint_one = PreprintFactory(is_published=False, creator=user) preprint_one.date_withdrawn = timezone.now() preprint_one.is_public = True preprint_one.is_published = True preprint_one.date_published = timezone.now() preprint_one.machine_state = 'accepted' assert preprint_one.ever_public is False # Putting this preprint in a weird state, is verified_publishable, but has been # withdrawn and ever_public is False. This is to isolate withdrawal portion of query preprint_one.save() preprint_two = PreprintFactory(creator=user) preprint_two.date_withdrawn = timezone.now() preprint_two.ever_public = True preprint_two.save() # Unauthenticated users cannot see users/me/preprints url = '/{}users/me/preprints/?version=2.2&'.format(API_BASE) expected = [preprint_two._id] res = app.get(url, expect_errors=True) assert res.status_code == 401 # Noncontribs cannot see withdrawn preprints user2 = AuthUserFactory() url = '/{}users/{}/preprints/?version=2.2&'.format(API_BASE, user2._id) expected = [] res = app.get(url, auth=user2.auth) actual = [preprint['id'] for preprint in res.json['data']] assert set(expected) == set(actual) # Read contribs - contrib=False on UserPreprints filter so read contribs can only see # withdrawn preprints that were once public user2 = AuthUserFactory() preprint_one.add_contributor(user2, permissions.READ, save=True) preprint_two.add_contributor(user2, permissions.READ, save=True) url = '/{}users/{}/preprints/?version=2.2&'.format(API_BASE, user2._id) expected = [preprint_two._id] res = app.get(url, auth=user2.auth) actual = [preprint['id'] for preprint in res.json['data']] assert set(expected) == set(actual) expected = [preprint_two._id] # Admin contribs can only see withdrawn preprints that were once public res = app.get(url, auth=user.auth) actual = [preprint['id'] for preprint in res.json['data']] assert set(expected) == set(actual)
def pre_mod_preprint(self, admin, write_contrib, pre_mod_provider): pre = PreprintFactory( creator=admin, provider=pre_mod_provider, is_published=False, machine_state='pending' ) pre.ever_public = True pre.save() pre.add_contributor( contributor=write_contrib, permissions='write', save=True ) pre.is_public = True pre.save() return pre
def test_filter_withdrawn_preprint(self, app, url, user, project_one, provider_one, provider_two): preprint_one = PreprintFactory(is_published=False, creator=user, project=project_one, provider=provider_one) preprint_one.date_withdrawn = timezone.now() preprint_one.is_public = True preprint_one.is_published = True preprint_one.date_published = timezone.now() preprint_one.machine_state = 'accepted' assert preprint_one.ever_public is False # Putting this preprint in a weird state, is verified_publishable, but has been # withdrawn and ever_public is False. This is to isolate withdrawal portion of query preprint_one.save() preprint_two = PreprintFactory(creator=user, project=project_one, provider=provider_two) preprint_two.date_withdrawn = timezone.now() preprint_two.ever_public = True preprint_two.save() # Unauthenticated can only see withdrawn preprints that have been public expected = [preprint_two._id] res = app.get(url) actual = [preprint['id'] for preprint in res.json['data']] assert set(expected) == set(actual) # Noncontribs can only see withdrawn preprints that have been public user2 = AuthUserFactory() expected = [preprint_two._id] res = app.get(url, auth=user2.auth) actual = [preprint['id'] for preprint in res.json['data']] assert set(expected) == set(actual) # contribs can only see withdrawn preprints that have been public user2 = AuthUserFactory() preprint_one.add_contributor(user2, 'read') preprint_two.add_contributor(user2, 'read') expected = [preprint_two._id] res = app.get(url, auth=user2.auth) actual = [preprint['id'] for preprint in res.json['data']] assert set(expected) == set(actual) expected = [preprint_two._id] # Admins can only see withdrawn preprints that have been public res = app.get(url, auth=user.auth) actual = [preprint['id'] for preprint in res.json['data']] assert set(expected) == set(actual)
def private_preprint(user): preprint = PreprintFactory(creator=user) preprint.is_public = False preprint.save() return preprint
def private_preprint(user): preprint = PreprintFactory(creator=user) preprint.is_public = False preprint.save() return preprint