def test_patch_artifact_ajax_handler(self): a = Artifact(1) self.assertEqual(a.name, 'Raw data 1') arguments = {'op': 'replace', 'path': '/name/', 'value': 'NEW_NAME'} response = self.patch('/artifact/1/', data=arguments) self.assertEqual(response.code, 200) self.assertEqual(a.name, 'NEW_NAME') a.name = 'Raw data 1'
def test_patch_artifact_ajax_handler(self): a = Artifact(1) self.assertEqual(a.name, 'Raw data 1') arguments = {'op': 'replace', 'path': '/name/', 'value': 'NEW_NAME'} response = self.patch('/artifact/1/', data=arguments) self.assertEqual(response.code, 200) self.assertEqual(a.name, 'NEW_NAME') a.name = 'Raw data 1'
def artifact_patch_request(user_id, req_op, req_path, req_value=None, req_from=None): """Modifies an attribute of the artifact Parameters ---------- user_id : str The id of the user performing the patch operation req_op : str The operation to perform on the artifact req_path : str The prep information and attribute to patch req_value : str, optional The value that needs to be modified req_from : str, optional The original path of the element Returns ------- dict of {str, str} A dictionary with the following keys: - status: str, whether if the request is successful or not - message: str, if the request is unsuccessful, a human readable error """ if req_op == 'replace': req_path = [v for v in req_path.split('/') if v] if len(req_path) != 2: return {'status': 'error', 'message': 'Incorrect path parameter'} artifact_id = req_path[0] attribute = req_path[1] # Check if the user actually has access to the artifact artifact = Artifact(artifact_id) access_error = check_access(artifact.study.id, user_id) if access_error: return access_error if not req_value: return {'status': 'error', 'message': 'A value is required'} if attribute == 'name': artifact.name = req_value return {'status': 'success', 'message': ''} else: # We don't understand the attribute so return an error return {'status': 'error', 'message': 'Attribute "%s" not found. ' 'Please, check the path parameter' % attribute} else: return {'status': 'error', 'message': 'Operation "%s" not supported. ' 'Current supported operations: replace' % req_op}
def test_artifact_patch_request(self): a = Artifact(1) test_user = User('*****@*****.**') self.assertEqual(a.name, 'Raw data 1') artifact_patch_request(test_user, 1, 'replace', '/name/', req_value='NEW_NAME') self.assertEqual(a.name, 'NEW_NAME') # Reset the name a.name = 'Raw data 1' # No access with self.assertRaises(QiitaHTTPError): artifact_patch_request(User('*****@*****.**'), 1, 'replace', '/name/', req_value='NEW_NAME') # Incorrect path parameter with self.assertRaises(QiitaHTTPError): artifact_patch_request(test_user, 1, 'replace', '/name/wrong/', req_value='NEW_NAME') # Missing value with self.assertRaises(QiitaHTTPError): artifact_patch_request(test_user, 1, 'replace', '/name/') # Wrong attribute with self.assertRaises(QiitaHTTPError): artifact_patch_request(test_user, 1, 'replace', '/wrong/', req_value='NEW_NAME') # Wrong operation with self.assertRaises(QiitaHTTPError): artifact_patch_request(test_user, 1, 'add', '/name/', req_value='NEW_NAME') # Changing visibility self.assertEqual(a.visibility, 'private') artifact_patch_request(test_user, 1, 'replace', '/visibility/', req_value='sandbox') self.assertEqual(a.visibility, 'sandbox') # Admin can change to private artifact_patch_request(User('*****@*****.**'), 1, 'replace', '/visibility/', req_value='private') self.assertEqual(a.visibility, 'private') # Test user can't change to private with self.assertRaises(QiitaHTTPError): artifact_patch_request(test_user, 1, 'replace', '/visibility/', req_value='private') # Unkown req value with self.assertRaises(QiitaHTTPError): artifact_patch_request(test_user, 1, 'replace', '/visibility/', req_value='wrong')
def test_artifact_patch_request(self): a = Artifact(1) test_user = User('*****@*****.**') self.assertEqual(a.name, 'Raw data 1') artifact_patch_request(test_user, 1, 'replace', '/name/', req_value='NEW_NAME') self.assertEqual(a.name, 'NEW_NAME') # Reset the name a.name = 'Raw data 1' # No access with self.assertRaises(QiitaHTTPError): artifact_patch_request(User('*****@*****.**'), 1, 'replace', '/name/', req_value='NEW_NAME') # Incorrect path parameter with self.assertRaises(QiitaHTTPError): artifact_patch_request(test_user, 1, 'replace', '/name/wrong/', req_value='NEW_NAME') # Missing value with self.assertRaises(QiitaHTTPError): artifact_patch_request(test_user, 1, 'replace', '/name/') # Wrong attribute with self.assertRaises(QiitaHTTPError): artifact_patch_request(test_user, 1, 'replace', '/wrong/', req_value='NEW_NAME') # Wrong operation with self.assertRaises(QiitaHTTPError): artifact_patch_request(test_user, 1, 'add', '/name/', req_value='NEW_NAME') # Changing visibility self.assertEqual(a.visibility, 'private') artifact_patch_request(test_user, 1, 'replace', '/visibility/', req_value='sandbox') self.assertEqual(a.visibility, 'sandbox') # Admin can change to private artifact_patch_request(User('*****@*****.**'), 1, 'replace', '/visibility/', req_value='private') self.assertEqual(a.visibility, 'private') # Test user can't change to private with self.assertRaises(QiitaHTTPError): artifact_patch_request(test_user, 1, 'replace', '/visibility/', req_value='private') # Unkown req value with self.assertRaises(QiitaHTTPError): artifact_patch_request(test_user, 1, 'replace', '/visibility/', req_value='wrong')
def artifact_patch_request(user, artifact_id, req_op, req_path, req_value=None, req_from=None): """Modifies an attribute of the artifact Parameters ---------- user : qiita_db.user.User The user performing the patch operation artifact_id : int Id of the artifact in which the patch operation is being performed req_op : str The operation to perform on the artifact req_path : str The prep information and attribute to patch req_value : str, optional The value that needs to be modified req_from : str, optional The original path of the element Raises ------ QiitaHTTPError If `req_op` != 'replace' If the path parameter is incorrect If missing req_value If the attribute to replace is not known """ if req_op == 'replace': req_path = [v for v in req_path.split('/') if v] if len(req_path) != 1: raise QiitaHTTPError(404, 'Incorrect path parameter') attribute = req_path[0] # Check if the user actually has access to the artifact artifact = Artifact(artifact_id) check_artifact_access(user, artifact) if not req_value: raise QiitaHTTPError(404, 'Missing value to replace') if attribute == 'name': artifact.name = req_value return elif attribute == 'visibility': if req_value not in get_visibilities(): raise QiitaHTTPError( 400, 'Unknown visibility value: %s' % req_value) if (req_value == 'private' and qiita_config.require_approval and not user.level == 'admin'): raise QiitaHTTPError( 403, 'User does not have permissions ' 'to approve change') try: artifact.visibility = req_value except Exception as e: raise QiitaHTTPError(403, str(e).replace('\n', '<br/>')) sid = artifact.study.id if artifact.visibility == 'awaiting_approval': email_to = '*****@*****.**' subject = ('QIITA: Artifact %s awaiting_approval. Study %d, ' 'Prep %d' % (artifact_id, sid, artifact.prep_templates[0].id)) message = ('%s requested approval. <a ' 'href="https://qiita.ucsd.edu/study/description/' '%d">Study %d</a>.' % (user.email, sid, sid)) try: send_email(email_to, subject, message) except Exception: msg = ("Couldn't send email to admins, please email us " "directly to <a href='mailto:{0}'>{0}</a>.".format( email_to)) raise QiitaHTTPError(400, msg) else: msg = '%s changed artifact %s (study %d) to %s' % ( user.email, artifact_id, sid, req_value) LogEntry.create('Warning', msg) else: # We don't understand the attribute so return an error raise QiitaHTTPError( 404, 'Attribute "%s" not found. Please, ' 'check the path parameter' % attribute) else: raise QiitaHTTPError( 400, 'Operation "%s" not supported. Current ' 'supported operations: replace' % req_op)
def artifact_patch_request(user, artifact_id, req_op, req_path, req_value=None, req_from=None): """Modifies an attribute of the artifact Parameters ---------- user : qiita_db.user.User The user performing the patch operation artifact_id : int Id of the artifact in which the patch operation is being performed req_op : str The operation to perform on the artifact req_path : str The prep information and attribute to patch req_value : str, optional The value that needs to be modified req_from : str, optional The original path of the element Raises ------ QiitaHTTPError If `req_op` != 'replace' If the path parameter is incorrect If missing req_value If the attribute to replace is not known """ if req_op == 'replace': req_path = [v for v in req_path.split('/') if v] if len(req_path) != 1: raise QiitaHTTPError(404, 'Incorrect path parameter') attribute = req_path[0] # Check if the user actually has access to the artifact artifact = Artifact(artifact_id) check_artifact_access(user, artifact) if not req_value: raise QiitaHTTPError(404, 'Missing value to replace') if attribute == 'name': artifact.name = req_value return elif attribute == 'visibility': if req_value not in get_visibilities(): raise QiitaHTTPError(400, 'Unknown visibility value: %s' % req_value) if (req_value == 'private' and qiita_config.require_approval and not user.level == 'admin'): raise QiitaHTTPError(403, 'User does not have permissions ' 'to approve change') try: artifact.visibility = req_value except Exception as e: raise QiitaHTTPError(403, str(e).replace('\n', '<br/>')) if artifact.visibility == 'awaiting_approval': email_to = '*****@*****.**' sid = artifact.study.id subject = ('QIITA: Artifact %s awaiting_approval. Study %d, ' 'Prep %d' % (artifact_id, sid, artifact.prep_templates[0].id)) message = ('%s requested approval. <a ' 'href="https://qiita.ucsd.edu/study/description/' '%d">Study %d</a>.' % (user.email, sid, sid)) try: send_email(email_to, subject, message) except Exception: msg = ("Couldn't send email to admins, please email us " "directly to <a href='mailto:{0}'>{0}</a>.".format( email_to)) raise QiitaHTTPError(400, msg) else: # We don't understand the attribute so return an error raise QiitaHTTPError(404, 'Attribute "%s" not found. Please, ' 'check the path parameter' % attribute) else: raise QiitaHTTPError(400, 'Operation "%s" not supported. Current ' 'supported operations: replace' % req_op)
def artifact_patch_request(user, artifact_id, req_op, req_path, req_value=None, req_from=None): """Modifies an attribute of the artifact Parameters ---------- user : qiita_db.user.User The user performing the patch operation artifact_id : int Id of the artifact in which the patch operation is being performed req_op : str The operation to perform on the artifact req_path : str The prep information and attribute to patch req_value : str, optional The value that needs to be modified req_from : str, optional The original path of the element Raises ------ QiitaHTTPError If `req_op` != 'replace' If the path parameter is incorrect If missing req_value If the attribute to replace is not known """ if req_op == 'replace': req_path = [v for v in req_path.split('/') if v] if len(req_path) != 1: raise QiitaHTTPError(404, 'Incorrect path parameter') attribute = req_path[0] # Check if the user actually has access to the artifact artifact = Artifact(artifact_id) check_artifact_access(user, artifact) if not req_value: raise QiitaHTTPError(404, 'Missing value to replace') if attribute == 'name': artifact.name = req_value return elif attribute == 'visibility': if req_value not in get_visibilities(): raise QiitaHTTPError(400, 'Unknown visibility value: %s' % req_value) # Set the approval to private if needs approval and admin if req_value == 'private': if not qiita_config.require_approval: artifact.visibility = 'private' # Set the approval to private if approval not required elif user.level == 'admin': artifact.visibility = 'private' # Trying to set approval without admin privileges else: raise QiitaHTTPError(403, 'User does not have permissions ' 'to approve change') else: artifact.visibility = req_value else: # We don't understand the attribute so return an error raise QiitaHTTPError(404, 'Attribute "%s" not found. Please, ' 'check the path parameter' % attribute) else: raise QiitaHTTPError(400, 'Operation "%s" not supported. Current ' 'supported operations: replace' % req_op)
def artifact_patch_request(user_id, req_op, req_path, req_value=None, req_from=None): """Modifies an attribute of the artifact Parameters ---------- user_id : str The id of the user performing the patch operation req_op : str The operation to perform on the artifact req_path : str The prep information and attribute to patch req_value : str, optional The value that needs to be modified req_from : str, optional The original path of the element Returns ------- dict of {str, str} A dictionary with the following keys: - status: str, whether if the request is successful or not - message: str, if the request is unsuccessful, a human readable error """ if req_op == 'replace': req_path = [v for v in req_path.split('/') if v] if len(req_path) != 2: return {'status': 'error', 'message': 'Incorrect path parameter'} artifact_id = req_path[0] attribute = req_path[1] # Check if the user actually has access to the artifact artifact = Artifact(artifact_id) access_error = check_access(artifact.study.id, user_id) if access_error: return access_error if not req_value: return {'status': 'error', 'message': 'A value is required'} if attribute == 'name': artifact.name = req_value return {'status': 'success', 'message': ''} else: # We don't understand the attribute so return an error return { 'status': 'error', 'message': 'Attribute "%s" not found. ' 'Please, check the path parameter' % attribute } else: return { 'status': 'error', 'message': 'Operation "%s" not supported. ' 'Current supported operations: replace' % req_op }
def artifact_patch_request(user, artifact_id, req_op, req_path, req_value=None, req_from=None): """Modifies an attribute of the artifact Parameters ---------- user : qiita_db.user.User The user performing the patch operation artifact_id : int Id of the artifact in which the patch operation is being performed req_op : str The operation to perform on the artifact req_path : str The prep information and attribute to patch req_value : str, optional The value that needs to be modified req_from : str, optional The original path of the element Raises ------ QiitaHTTPError If `req_op` != 'replace' If the path parameter is incorrect If missing req_value If the attribute to replace is not known """ if req_op == 'replace': req_path = [v for v in req_path.split('/') if v] if len(req_path) != 1: raise QiitaHTTPError(404, 'Incorrect path parameter') attribute = req_path[0] # Check if the user actually has access to the artifact artifact = Artifact(artifact_id) check_artifact_access(user, artifact) if not req_value: raise QiitaHTTPError(404, 'Missing value to replace') if attribute == 'name': artifact.name = req_value return elif attribute == 'visibility': if req_value not in get_visibilities(): raise QiitaHTTPError( 400, 'Unknown visibility value: %s' % req_value) # Set the approval to private if needs approval and admin if req_value == 'private': if not qiita_config.require_approval: artifact.visibility = 'private' # Set the approval to private if approval not required elif user.level == 'admin': artifact.visibility = 'private' # Trying to set approval without admin privileges else: raise QiitaHTTPError( 403, 'User does not have permissions ' 'to approve change') else: artifact.visibility = req_value else: # We don't understand the attribute so return an error raise QiitaHTTPError( 404, 'Attribute "%s" not found. Please, ' 'check the path parameter' % attribute) else: raise QiitaHTTPError( 400, 'Operation "%s" not supported. Current ' 'supported operations: replace' % req_op)