def test_patch_artifact_ajax_handler(self):
a = Artifact(1)
self.assertEqual(a.name, 'Raw data 1')
arguments = {'op': 'replace', 'path': '/name/', 'value': 'NEW_NAME'}
response = self.patch('/artifact/1/', data=arguments)
self.assertEqual(response.code, 200)
self.assertEqual(a.name, 'NEW_NAME')
a.name = 'Raw data 1'
def test_patch_artifact_ajax_handler(self):
a = Artifact(1)
self.assertEqual(a.name, 'Raw data 1')
arguments = {'op': 'replace', 'path': '/name/', 'value': 'NEW_NAME'}
response = self.patch('/artifact/1/', data=arguments)
self.assertEqual(response.code, 200)
self.assertEqual(a.name, 'NEW_NAME')
a.name = 'Raw data 1'
def artifact_patch_request(user_id, req_op, req_path, req_value=None,
req_from=None):
"""Modifies an attribute of the artifact
Parameters
----------
user_id : str
The id of the user performing the patch operation
req_op : str
The operation to perform on the artifact
req_path : str
The prep information and attribute to patch
req_value : str, optional
The value that needs to be modified
req_from : str, optional
The original path of the element
Returns
-------
dict of {str, str}
A dictionary with the following keys:
- status: str, whether if the request is successful or not
- message: str, if the request is unsuccessful, a human readable error
"""
if req_op == 'replace':
req_path = [v for v in req_path.split('/') if v]
if len(req_path) != 2:
return {'status': 'error',
'message': 'Incorrect path parameter'}
artifact_id = req_path[0]
attribute = req_path[1]
# Check if the user actually has access to the artifact
artifact = Artifact(artifact_id)
access_error = check_access(artifact.study.id, user_id)
if access_error:
return access_error
if not req_value:
return {'status': 'error',
'message': 'A value is required'}
if attribute == 'name':
artifact.name = req_value
return {'status': 'success',
'message': ''}
else:
# We don't understand the attribute so return an error
return {'status': 'error',
'message': 'Attribute "%s" not found. '
'Please, check the path parameter' % attribute}
else:
return {'status': 'error',
'message': 'Operation "%s" not supported. '
'Current supported operations: replace' % req_op}
def test_artifact_patch_request(self):
a = Artifact(1)
test_user = User('*****@*****.**')
self.assertEqual(a.name, 'Raw data 1')
artifact_patch_request(test_user, 1, 'replace', '/name/',
req_value='NEW_NAME')
self.assertEqual(a.name, 'NEW_NAME')
# Reset the name
a.name = 'Raw data 1'
# No access
with self.assertRaises(QiitaHTTPError):
artifact_patch_request(User('*****@*****.**'), 1, 'replace',
'/name/', req_value='NEW_NAME')
# Incorrect path parameter
with self.assertRaises(QiitaHTTPError):
artifact_patch_request(test_user, 1, 'replace',
'/name/wrong/', req_value='NEW_NAME')
# Missing value
with self.assertRaises(QiitaHTTPError):
artifact_patch_request(test_user, 1, 'replace', '/name/')
# Wrong attribute
with self.assertRaises(QiitaHTTPError):
artifact_patch_request(test_user, 1, 'replace',
'/wrong/', req_value='NEW_NAME')
# Wrong operation
with self.assertRaises(QiitaHTTPError):
artifact_patch_request(test_user, 1, 'add', '/name/',
req_value='NEW_NAME')
# Changing visibility
self.assertEqual(a.visibility, 'private')
artifact_patch_request(test_user, 1, 'replace', '/visibility/',
req_value='sandbox')
self.assertEqual(a.visibility, 'sandbox')
# Admin can change to private
artifact_patch_request(User('*****@*****.**'), 1, 'replace',
'/visibility/', req_value='private')
self.assertEqual(a.visibility, 'private')
# Test user can't change to private
with self.assertRaises(QiitaHTTPError):
artifact_patch_request(test_user, 1, 'replace', '/visibility/',
req_value='private')
# Unkown req value
with self.assertRaises(QiitaHTTPError):
artifact_patch_request(test_user, 1, 'replace', '/visibility/',
req_value='wrong')
def test_artifact_patch_request(self):
a = Artifact(1)
test_user = User('*****@*****.**')
self.assertEqual(a.name, 'Raw data 1')
artifact_patch_request(test_user,
1,
'replace',
'/name/',
req_value='NEW_NAME')
self.assertEqual(a.name, 'NEW_NAME')
# Reset the name
a.name = 'Raw data 1'
# No access
with self.assertRaises(QiitaHTTPError):
artifact_patch_request(User('*****@*****.**'),
1,
'replace',
'/name/',
req_value='NEW_NAME')
# Incorrect path parameter
with self.assertRaises(QiitaHTTPError):
artifact_patch_request(test_user,
1,
'replace',
'/name/wrong/',
req_value='NEW_NAME')
# Missing value
with self.assertRaises(QiitaHTTPError):
artifact_patch_request(test_user, 1, 'replace', '/name/')
# Wrong attribute
with self.assertRaises(QiitaHTTPError):
artifact_patch_request(test_user,
1,
'replace',
'/wrong/',
req_value='NEW_NAME')
# Wrong operation
with self.assertRaises(QiitaHTTPError):
artifact_patch_request(test_user,
1,
'add',
'/name/',
req_value='NEW_NAME')
# Changing visibility
self.assertEqual(a.visibility, 'private')
artifact_patch_request(test_user,
1,
'replace',
'/visibility/',
req_value='sandbox')
self.assertEqual(a.visibility, 'sandbox')
# Admin can change to private
artifact_patch_request(User('*****@*****.**'),
1,
'replace',
'/visibility/',
req_value='private')
self.assertEqual(a.visibility, 'private')
# Test user can't change to private
with self.assertRaises(QiitaHTTPError):
artifact_patch_request(test_user,
1,
'replace',
'/visibility/',
req_value='private')
# Unkown req value
with self.assertRaises(QiitaHTTPError):
artifact_patch_request(test_user,
1,
'replace',
'/visibility/',
req_value='wrong')
def artifact_patch_request(user,
artifact_id,
req_op,
req_path,
req_value=None,
req_from=None):
"""Modifies an attribute of the artifact
Parameters
----------
user : qiita_db.user.User
The user performing the patch operation
artifact_id : int
Id of the artifact in which the patch operation is being performed
req_op : str
The operation to perform on the artifact
req_path : str
The prep information and attribute to patch
req_value : str, optional
The value that needs to be modified
req_from : str, optional
The original path of the element
Raises
------
QiitaHTTPError
If `req_op` != 'replace'
If the path parameter is incorrect
If missing req_value
If the attribute to replace is not known
"""
if req_op == 'replace':
req_path = [v for v in req_path.split('/') if v]
if len(req_path) != 1:
raise QiitaHTTPError(404, 'Incorrect path parameter')
attribute = req_path[0]
# Check if the user actually has access to the artifact
artifact = Artifact(artifact_id)
check_artifact_access(user, artifact)
if not req_value:
raise QiitaHTTPError(404, 'Missing value to replace')
if attribute == 'name':
artifact.name = req_value
return
elif attribute == 'visibility':
if req_value not in get_visibilities():
raise QiitaHTTPError(
400, 'Unknown visibility value: %s' % req_value)
if (req_value == 'private' and qiita_config.require_approval
and not user.level == 'admin'):
raise QiitaHTTPError(
403, 'User does not have permissions '
'to approve change')
try:
artifact.visibility = req_value
except Exception as e:
raise QiitaHTTPError(403, str(e).replace('\n', '<br/>'))
sid = artifact.study.id
if artifact.visibility == 'awaiting_approval':
email_to = '*****@*****.**'
subject = ('QIITA: Artifact %s awaiting_approval. Study %d, '
'Prep %d' %
(artifact_id, sid, artifact.prep_templates[0].id))
message = ('%s requested approval. <a '
'href="https://qiita.ucsd.edu/study/description/'
'%d">Study %d</a>.' % (user.email, sid, sid))
try:
send_email(email_to, subject, message)
except Exception:
msg = ("Couldn't send email to admins, please email us "
"directly to <a href='mailto:{0}'>{0}</a>.".format(
email_to))
raise QiitaHTTPError(400, msg)
else:
msg = '%s changed artifact %s (study %d) to %s' % (
user.email, artifact_id, sid, req_value)
LogEntry.create('Warning', msg)
else:
# We don't understand the attribute so return an error
raise QiitaHTTPError(
404, 'Attribute "%s" not found. Please, '
'check the path parameter' % attribute)
else:
raise QiitaHTTPError(
400, 'Operation "%s" not supported. Current '
'supported operations: replace' % req_op)
def artifact_patch_request(user, artifact_id, req_op, req_path, req_value=None,
req_from=None):
"""Modifies an attribute of the artifact
Parameters
----------
user : qiita_db.user.User
The user performing the patch operation
artifact_id : int
Id of the artifact in which the patch operation is being performed
req_op : str
The operation to perform on the artifact
req_path : str
The prep information and attribute to patch
req_value : str, optional
The value that needs to be modified
req_from : str, optional
The original path of the element
Raises
------
QiitaHTTPError
If `req_op` != 'replace'
If the path parameter is incorrect
If missing req_value
If the attribute to replace is not known
"""
if req_op == 'replace':
req_path = [v for v in req_path.split('/') if v]
if len(req_path) != 1:
raise QiitaHTTPError(404, 'Incorrect path parameter')
attribute = req_path[0]
# Check if the user actually has access to the artifact
artifact = Artifact(artifact_id)
check_artifact_access(user, artifact)
if not req_value:
raise QiitaHTTPError(404, 'Missing value to replace')
if attribute == 'name':
artifact.name = req_value
return
elif attribute == 'visibility':
if req_value not in get_visibilities():
raise QiitaHTTPError(400, 'Unknown visibility value: %s'
% req_value)
if (req_value == 'private' and qiita_config.require_approval
and not user.level == 'admin'):
raise QiitaHTTPError(403, 'User does not have permissions '
'to approve change')
try:
artifact.visibility = req_value
except Exception as e:
raise QiitaHTTPError(403, str(e).replace('\n', '<br/>'))
if artifact.visibility == 'awaiting_approval':
email_to = '*****@*****.**'
sid = artifact.study.id
subject = ('QIITA: Artifact %s awaiting_approval. Study %d, '
'Prep %d' % (artifact_id, sid,
artifact.prep_templates[0].id))
message = ('%s requested approval. <a '
'href="https://qiita.ucsd.edu/study/description/'
'%d">Study %d</a>.' % (user.email, sid, sid))
try:
send_email(email_to, subject, message)
except Exception:
msg = ("Couldn't send email to admins, please email us "
"directly to <a href='mailto:{0}'>{0}</a>.".format(
email_to))
raise QiitaHTTPError(400, msg)
else:
# We don't understand the attribute so return an error
raise QiitaHTTPError(404, 'Attribute "%s" not found. Please, '
'check the path parameter' % attribute)
else:
raise QiitaHTTPError(400, 'Operation "%s" not supported. Current '
'supported operations: replace' % req_op)
def artifact_patch_request(user, artifact_id, req_op, req_path, req_value=None,
req_from=None):
"""Modifies an attribute of the artifact
Parameters
----------
user : qiita_db.user.User
The user performing the patch operation
artifact_id : int
Id of the artifact in which the patch operation is being performed
req_op : str
The operation to perform on the artifact
req_path : str
The prep information and attribute to patch
req_value : str, optional
The value that needs to be modified
req_from : str, optional
The original path of the element
Raises
------
QiitaHTTPError
If `req_op` != 'replace'
If the path parameter is incorrect
If missing req_value
If the attribute to replace is not known
"""
if req_op == 'replace':
req_path = [v for v in req_path.split('/') if v]
if len(req_path) != 1:
raise QiitaHTTPError(404, 'Incorrect path parameter')
attribute = req_path[0]
# Check if the user actually has access to the artifact
artifact = Artifact(artifact_id)
check_artifact_access(user, artifact)
if not req_value:
raise QiitaHTTPError(404, 'Missing value to replace')
if attribute == 'name':
artifact.name = req_value
return
elif attribute == 'visibility':
if req_value not in get_visibilities():
raise QiitaHTTPError(400, 'Unknown visibility value: %s'
% req_value)
# Set the approval to private if needs approval and admin
if req_value == 'private':
if not qiita_config.require_approval:
artifact.visibility = 'private'
# Set the approval to private if approval not required
elif user.level == 'admin':
artifact.visibility = 'private'
# Trying to set approval without admin privileges
else:
raise QiitaHTTPError(403, 'User does not have permissions '
'to approve change')
else:
artifact.visibility = req_value
else:
# We don't understand the attribute so return an error
raise QiitaHTTPError(404, 'Attribute "%s" not found. Please, '
'check the path parameter' % attribute)
else:
raise QiitaHTTPError(400, 'Operation "%s" not supported. Current '
'supported operations: replace' % req_op)
def artifact_patch_request(user_id,
req_op,
req_path,
req_value=None,
req_from=None):
"""Modifies an attribute of the artifact
Parameters
----------
user_id : str
The id of the user performing the patch operation
req_op : str
The operation to perform on the artifact
req_path : str
The prep information and attribute to patch
req_value : str, optional
The value that needs to be modified
req_from : str, optional
The original path of the element
Returns
-------
dict of {str, str}
A dictionary with the following keys:
- status: str, whether if the request is successful or not
- message: str, if the request is unsuccessful, a human readable error
"""
if req_op == 'replace':
req_path = [v for v in req_path.split('/') if v]
if len(req_path) != 2:
return {'status': 'error', 'message': 'Incorrect path parameter'}
artifact_id = req_path[0]
attribute = req_path[1]
# Check if the user actually has access to the artifact
artifact = Artifact(artifact_id)
access_error = check_access(artifact.study.id, user_id)
if access_error:
return access_error
if not req_value:
return {'status': 'error', 'message': 'A value is required'}
if attribute == 'name':
artifact.name = req_value
return {'status': 'success', 'message': ''}
else:
# We don't understand the attribute so return an error
return {
'status':
'error',
'message':
'Attribute "%s" not found. '
'Please, check the path parameter' % attribute
}
else:
return {
'status':
'error',
'message':
'Operation "%s" not supported. '
'Current supported operations: replace' % req_op
}
def artifact_patch_request(user,
artifact_id,
req_op,
req_path,
req_value=None,
req_from=None):
"""Modifies an attribute of the artifact
Parameters
----------
user : qiita_db.user.User
The user performing the patch operation
artifact_id : int
Id of the artifact in which the patch operation is being performed
req_op : str
The operation to perform on the artifact
req_path : str
The prep information and attribute to patch
req_value : str, optional
The value that needs to be modified
req_from : str, optional
The original path of the element
Raises
------
QiitaHTTPError
If `req_op` != 'replace'
If the path parameter is incorrect
If missing req_value
If the attribute to replace is not known
"""
if req_op == 'replace':
req_path = [v for v in req_path.split('/') if v]
if len(req_path) != 1:
raise QiitaHTTPError(404, 'Incorrect path parameter')
attribute = req_path[0]
# Check if the user actually has access to the artifact
artifact = Artifact(artifact_id)
check_artifact_access(user, artifact)
if not req_value:
raise QiitaHTTPError(404, 'Missing value to replace')
if attribute == 'name':
artifact.name = req_value
return
elif attribute == 'visibility':
if req_value not in get_visibilities():
raise QiitaHTTPError(
400, 'Unknown visibility value: %s' % req_value)
# Set the approval to private if needs approval and admin
if req_value == 'private':
if not qiita_config.require_approval:
artifact.visibility = 'private'
# Set the approval to private if approval not required
elif user.level == 'admin':
artifact.visibility = 'private'
# Trying to set approval without admin privileges
else:
raise QiitaHTTPError(
403, 'User does not have permissions '
'to approve change')
else:
artifact.visibility = req_value
else:
# We don't understand the attribute so return an error
raise QiitaHTTPError(
404, 'Attribute "%s" not found. Please, '
'check the path parameter' % attribute)
else:
raise QiitaHTTPError(
400, 'Operation "%s" not supported. Current '
'supported operations: replace' % req_op)
