Exemple #1
0
    def test_non_contributor_GET_disapproval_returns_HTTPError(self):
        non_contributor = AuthUserFactory()
        self.registration.embargo_registration(
            self.user,
            datetime.datetime.utcnow() + datetime.timedelta(days=10)
        )
        self.registration.save()
        assert_true(self.registration.is_pending_embargo)

        rejection_token = self.registration.embargo.approval_state[self.user._id]['rejection_token']
        approval_url = self.registration.web_url_for('view_project', token=rejection_token)

        res = self.app.get(approval_url, auth=non_contributor.auth, expect_errors=True)
        assert_equal(http.FORBIDDEN, res.status_code)
        assert_true(self.registration.is_pending_embargo)
        assert_false(self.registration.embargo_end_date)
Exemple #2
0
    def test_import_auth_cant_write_node(self):
        ea = self.ExternalAccountFactory()
        user = AuthUserFactory()
        user.add_addon(self.ADDON_SHORT_NAME, auth=Auth(user))
        user.external_accounts.append(ea)
        user.save()

        node = ProjectFactory(creator=self.user)
        node.add_contributor(user, permissions=[permissions.READ], auth=self.auth, save=True)
        node.add_addon(self.ADDON_SHORT_NAME, auth=self.auth)
        node.save()
        url = node.api_url_for('{0}_import_auth'.format(self.ADDON_SHORT_NAME))
        res = self.app.put_json(url, {
            'external_account_id': ea._id
        }, auth=user.auth, expect_errors=True)
        assert_equal(res.status_code, http.FORBIDDEN)
Exemple #3
0
    def test_node_child_filtering(self):
        user = AuthUserFactory()
        project = ProjectFactory(creator=user)

        title1, title2 = fake.bs(), fake.bs()
        component = NodeFactory(title=title1, parent=project)
        component2 = NodeFactory(title=title2, parent=project)

        url = '/{}nodes/{}/children/?filter[title]={}'.format(
            API_BASE, project._id, title1)
        res = self.app.get(url, auth=user.auth)

        ids = [node['id'] for node in res.json['data']]

        assert_in(component._id, ids)
        assert_not_in(component2._id, ids)
    def setUp(self):
        super(TestUserNodesPreprintsFiltering, self).setUp()
        self.user = AuthUserFactory()
        
        self.no_preprints_node = ProjectFactory(creator=self.user)
        self.valid_preprint_node = ProjectFactory(creator=self.user)
        self.orphaned_preprint_node = ProjectFactory(creator=self.user)
        self.abandoned_preprint_node = ProjectFactory(creator=self.user)

        self.valid_preprint = PreprintFactory(project=self.valid_preprint_node)
        self.abandoned_preprint = PreprintFactory(project=self.abandoned_preprint_node, is_published=False)
        self.orphaned_preprint = PreprintFactory(project=self.orphaned_preprint_node)
        self.orphaned_preprint.node._is_preprint_orphan = True
        self.orphaned_preprint.node.save()

        self.url_base = '/{}users/me/nodes/?filter[preprint]='.format(API_BASE)
    def test_delete_user_is_admin_but_not_affiliated_with_inst(self):
        user = AuthUserFactory()
        node = NodeFactory(creator=user)
        node.affiliated_institutions.append(self.institution)
        node.save()
        assert_in(self.institution, node.affiliated_institutions)

        res = self.app.delete_json_api(
            self.institution_nodes_url,
            self.create_payload(node._id),
            auth=user.auth
        )

        assert_equal(res.status_code, 204)
        node.reload()
        assert_not_in(self.institution, node.affiliated_institutions)
Exemple #6
0
    def setUp(self):
        super(TestPrivateLink, self).setUp()
        self.flaskapp = Flask('testing_private_links')

        @self.flaskapp.route('/project/<pid>/')
        @must_be_contributor
        def project_get(**kwargs):
            return 'success', 200

        self.app = TestApp(self.flaskapp)

        self.user = AuthUserFactory()
        self.project = ProjectFactory(is_public=False)
        self.link = PrivateLinkFactory()
        self.link.nodes.append(self.project)
        self.link.save()
Exemple #7
0
    def test_update_preprint_permission_denied(self):
        update_title_payload = build_preprint_update_payload(
            self.preprint._id, attributes={'title': 'A new title'})

        noncontrib = AuthUserFactory()

        res = self.app.patch_json_api(self.url,
                                      update_title_payload,
                                      auth=noncontrib.auth,
                                      expect_errors=True)
        assert_equal(res.status_code, 403)

        res = self.app.patch_json_api(self.url,
                                      update_title_payload,
                                      expect_errors=True)
        assert_equal(res.status_code, 401)
Exemple #8
0
    def test_has_permission_private_irrelevant_scope_forbidden(self):
        component_admin = AuthUserFactory()
        component = ProjectFactory(creator=component_admin,
                                   is_public=False,
                                   parent=self.node)
        cas_resp = cas.CasResponse(
            authenticated=True,
            status=None,
            user=self.user._id,
            attributes={'accessTokenScope': {'osf.users.all+read'}})

        assert_false(component.has_permission(self.user, 'write'))
        with assert_raises(HTTPError) as exc_info:
            views.check_access(component, Auth(user=self.user), 'download',
                               cas_resp)
        assert_equal(exc_info.exception.code, 403)
Exemple #9
0
 def test_cant_delete_project_if_not_admin(self):
     non_admin = AuthUserFactory()
     self.component.add_contributor(
         non_admin,
         permissions=['read', 'write'],
         auth=self.consolidate_auth,
         save=True,
     )
     res = self.app.get(
         self.component.url + 'settings/',
         auth=non_admin.auth
     ).maybe_follow()
     assert_not_in(
         'Delete {0}'.format(self.component.project_or_component),
         res
     )
 def setUp(self):
     super(TestInstitutionRelationshipNodes, self).setUp()
     self.user = AuthUserFactory()
     self.institution = InstitutionFactory()
     self.user.affiliated_institutions.append(self.institution)
     self.user.save()
     self.node1 = NodeFactory(creator=self.user)
     self.node2 = NodeFactory(is_public=True)
     self.node3 = NodeFactory()
     self.node1.affiliated_institutions.append(self.institution)
     self.node2.affiliated_institutions.append(self.institution)
     self.node3.affiliated_institutions.append(self.institution)
     self.node1.save()
     self.node2.save()
     self.node3.save()
     self.institution_nodes_url = '/{}institutions/{}/relationships/nodes/'.format(API_BASE, self.institution._id)
Exemple #11
0
    def setUp(self):
        super(TestNodeLicenses, self).setUp()

        self.user = AuthUserFactory()
        self.node = ProjectFactory(creator=self.user)
        ensure_licenses()
        self.LICENSE_NAME = 'MIT License'
        self.node_license = NodeLicense.find_one(
            Q('name', 'eq', self.LICENSE_NAME))
        self.YEAR = '2105'
        self.COPYRIGHT_HOLDERS = ['Foo', 'Bar']
        self.node.node_license = NodeLicenseRecordFactory(
            node_license=self.node_license,
            year=self.YEAR,
            copyright_holders=self.COPYRIGHT_HOLDERS)
        self.node.save()
Exemple #12
0
    def setUp(self):
        super(TestInstitutionNodeList, self).setUp()
        self.institution = InstitutionFactory()
        self.node1 = ProjectFactory(is_public=True)
        self.node1.affiliated_institutions.append(self.institution)
        self.node1.save()
        self.user1 = AuthUserFactory()
        self.node2 = ProjectFactory(creator=self.user1, is_public=False)
        self.node2.affiliated_institutions.append(self.institution)
        self.node2.save()
        self.node3 = ProjectFactory(is_public=False)
        self.node3.affiliated_institutions.append(self.institution)
        self.node3.save()

        self.institution_node_url = '/{0}institutions/{1}/nodes/'.format(
            API_BASE, self.institution._id)
Exemple #13
0
 def test_can_make_project_public_if_admin_contributor(self):
     admin_user = AuthUserFactory()
     self.private_project.add_contributor(
         admin_user,
         permissions=(permissions.READ, permissions.WRITE, permissions.ADMIN),
         auth=Auth(self.private_project.creator)
     )
     self.private_project.save()
     res = self.app.patch_json_api(
         self.private_url,
         make_node_payload(self.private_project, {'public': True}),
         auth=admin_user.auth  # self.user is creator/admin
     )
     assert_equal(res.status_code, 200)
     self.private_project.reload()
     assert_true(self.private_project.is_public)
Exemple #14
0
 def test_set_config_not_owner(self):
     user = AuthUserFactory()
     user.add_addon('mendeley')
     self.project.add_contributor(user)
     self.project.save()
     res = self.app.put_json(
         self.project.api_url_for('mendeley_set_config'),
         {
             'external_account_id': self.account._id,
             'external_list_id': 'list',
         },
         auth=user.auth,
     )
     self.node_addon.reload()
     assert_equal(self.user_addon, self.node_addon.user_settings)
     assert_equal(res.json, {})
Exemple #15
0
 def setUp(self):
     super(TestEmailFormView, self).setUp()
     self.comment = CommentFactory()
     self.comment.report_abuse(user=AuthUserFactory(), save=True,
                               category='spam')
     self.request = RequestFactory().post('/fake_path')
     self.request.user = UserFactory()
     self.view = EmailFormView()
     self.form = EmailForm(data={
         'author': 'Nemo',
         'message': 'A message for spammers.',
         'subject': 'stop spamming',
         'email': ('*****@*****.**', '*****@*****.**')
     })
     self.view = setup_form_view(self.view, self.request, self.form,
                                 spam_id=self.comment._id)
Exemple #16
0
    def setUp(self):
        super(TestGitHubFileView, self).setUp()
        self.user = AuthUserFactory()
        self.consolidated_auth = Auth(user=self.user)
        self.project = ProjectFactory(creator=self.user)
        self.project.add_addon('github', auth=self.consolidated_auth)
        self.project.creator.add_addon('github')

        self.github = create_mock_github(user='******', private=False)

        self.node_settings = self.project.get_addon('github')
        self.node_settings.user_settings = self.project.creator.get_addon('github')
        # Set the node addon settings to correspond to the values of the mock repo
        self.node_settings.user = self.github.repo.return_value.owner.login
        self.node_settings.repo = self.github.repo.return_value.name
        self.node_settings.save()
Exemple #17
0
    def test_cannot_make_project_public_if_non_admin_contributor(self):
        non_admin = AuthUserFactory()
        self.private_project.add_contributor(
            non_admin,
            permissions=(permissions.READ, permissions.WRITE),
            auth=Auth(self.private_project.creator)
        )
        self.private_project.save()
        res = self.app.patch_json(
            self.private_url,
            make_node_payload(self.private_project, {'public': True}),
            auth=non_admin.auth, expect_errors=True
        )
        assert_equal(res.status_code, 403)

        self.private_project.reload()
        assert_false(self.private_project.is_public)
Exemple #18
0
    def test_settings_detail_noncontrib_public_can_view(self):
        self.node.set_privacy('public', auth=self.auth)
        noncontrib = AuthUserFactory()
        wrong_type = self.should_expect_errors()
        res = self.app.get(self.setting_detail_url,
                           auth=noncontrib.auth,
                           expect_errors=wrong_type)

        if not wrong_type:
            assert_equal(res.status_code, 200)
            addon_data = res.json['data']['attributes']
            assert_equal(self.account_id, addon_data['external_account_id'])
            assert_equal(self.node_settings.has_auth,
                         addon_data['node_has_auth'])
            assert_equal(self.node_settings.folder_id, addon_data['folder_id'])
        if wrong_type:
            assert_equal(res.status_code, 404)
Exemple #19
0
 def test_settings_detail_PATCH_readcontrib_raises_error(self):
     read_user = AuthUserFactory()
     self.node.add_contributor(read_user,
                               permissions=[READ],
                               auth=self.auth)
     res = self.app.patch_json_api(self.setting_detail_url, {
         'data': {
             'id': self.short_name,
             'type': 'node_addons',
             'attributes': {
                 'external_account_id': None,
             }
         }
     },
                                   auth=read_user.auth,
                                   expect_errors=True)
     assert_equal(res.status_code, 403)
Exemple #20
0
    def setUp(self):
        super(TestNodeSettings, self).setUp()
        self.user = AuthUserFactory()
        self.project = ProjectFactory(creator=self.user)

        self.project.add_addon('figshare', auth=Auth(self.user))
        self.project.creator.add_addon('figshare')
        self.node_settings = self.project.get_addon('figshare')
        self.user_settings = self.project.creator.get_addon('figshare')
        self.user_settings.oauth_access_token = 'legittoken'
        self.user_settings.oauth_access_token_secret = 'legittoken'
        self.user_settings.save()
        self.node_settings.user_settings = self.user_settings
        self.node_settings.figshare_id = '123456'
        self.node_settings.figshare_type = 'project'
        self.node_settings.figshare_title = 'singlefile'
        self.node_settings.save()
Exemple #21
0
 def setUp(self):
     super(TestDraftListView, self).setUp()
     self.user = AuthUserFactory()
     schema = utils.draft_reg_util()
     self.dr1 = DraftRegistrationFactory(
         initiator=self.user,
         registration_schema=schema,
         registration_metadata=utils.SCHEMA_DATA)
     self.dr1.submit_for_review(self.user, {}, save=True)
     self.dr2 = DraftRegistrationFactory(
         initiator=self.user,
         registration_schema=schema,
         registration_metadata=utils.SCHEMA_DATA)
     self.dr2.submit_for_review(self.user, {}, save=True)
     self.request = RequestFactory().get('/fake_path')
     self.view = DraftListView()
     self.view = setup_view(self.view, self.request)
Exemple #22
0
    def test_only_project_contrib_can_comment_on_closed_project(self):
        self.node.comment_level = 'private'
        self.node.is_public = True
        self.node.save()

        res = self.app.get(self.file_url, auth=self.user.auth)
        can_comment = res.json['data']['attributes'][
            'current_user_can_comment']
        assert_equal(res.status_code, 200)
        assert_equal(can_comment, True)

        non_contributor = AuthUserFactory()
        res = self.app.get(self.file_url, auth=non_contributor.auth)
        can_comment = res.json['data']['attributes'][
            'current_user_can_comment']
        assert_equal(res.status_code, 200)
        assert_equal(can_comment, False)
Exemple #23
0
 def setUp(self):
     super(TestAddonCount, self).setUp()
     self.user = AuthUserFactory()
     self.node = ProjectFactory(creator=self.user)
     self.user.add_addon('github')
     self.user_addon = self.user.get_addon('github')
     self.oauth_settings = GitHubAccountFactory(display_name='hmoco1')
     self.oauth_settings.save()
     self.user.external_accounts.append(self.oauth_settings)
     self.user.save()
     self.node.add_addon('github', Auth(self.user))
     self.node_addon = self.node.get_addon('github')
     self.node_addon.user = self.user.fullname
     self.node_addon.repo = '29 #Strafford APTS'
     self.node_addon.user_settings = self.user_addon
     self.node_addon.external_account = self.oauth_settings
     self.node_addon.save()
Exemple #24
0
    def setUp(self):
        super(AddonSerializerTestSuiteMixin, self).setUp()
        self.user = AuthUserFactory()
        self.node = ProjectFactory(creator=self.user)
        self.set_user_settings(self.user)
        assert_is_not_none(
            getattr(self, 'user_settings'),
            "'set_user_settings' should set the 'user_settings' attribute of the instance to an instance of the appropriate user settings model."
        )
        self.set_node_settings(self.user_settings)
        assert_is_not_none(
            getattr(self, 'node_settings'),
            "'set_node_settings' should set the 'user_settings' attribute of the instance to an instance of the appropriate node settings model."
        )

        self.ser = self.Serializer(user_settings=self.user_settings,
                                   node_settings=self.node_settings)
    def test_delete_user_is_admin_but_not_affiliated_with_inst(self):
        user = AuthUserFactory()
        node = NodeFactory(creator=user)
        node.affiliated_institutions.append(self.institution1)
        node.save()
        assert_in(self.institution1, node.affiliated_institutions)

        res = self.app.delete_json_api(
            '/{0}nodes/{1}/relationships/institutions/'.format(
                API_BASE, node._id),
            self.create_payload(self.institution1._id),
            auth=user.auth,
        )

        assert_equal(res.status_code, 204)
        node.reload()
        assert_not_in(self.institution1, node.affiliated_institutions)
Exemple #26
0
 def setUp(self):
     super(TestFileTagging, self).setUp()
     self.user = AuthUserFactory()
     self.node = ProjectFactory(creator=self.user)
     self.file1 = api_utils.create_test_file(
         self.node, self.user, filename='file1')
     self.payload = {
         "data": {
             "type": "files",
             "id": self.file1._id,
             "attributes": {
                 "checkout": None,
                 "tags": ["goofy"]
             }
         }
     }
     self.url = '/{}files/{}/'.format(API_BASE, self.file1._id)
Exemple #27
0
 def setUp(self):
     super(TestMeetingFormView, self).setUp()
     self.conf = ConferenceFactory()
     self.user = AuthUserFactory()
     self.request = RequestFactory().post('/fake_path')
     self.view = MeetingFormView()
     mod_data = dict(data)
     mod_data.update({
         'edit': 'True',
         'endpoint': self.conf.endpoint,
         'admins': self.user.emails[0],
         'location': 'Timbuktu, Mali',
         'start date': 'Dec 11 2014',
         'end_date': 'Jan 12 2013'
     })
     self.form = MeetingForm(data=mod_data)
     self.form.is_valid()
Exemple #28
0
 def setUp(self):
     super(TestNodeLinkedNodes, self).setUp()
     self.user = AuthUserFactory()
     self.auth = Auth(self.user)
     self.linking_node = NodeFactory(creator=self.user)
     self.linked_node = NodeFactory(creator=self.user)
     self.linked_node2 = NodeFactory(creator=self.user)
     self.public_node = NodeFactory(is_public=True, creator=self.user)
     self.linking_node.add_pointer(self.linked_node, auth=self.auth)
     self.linking_node.add_pointer(self.linked_node2, auth=self.auth)
     self.linking_node.add_pointer(self.public_node, auth=self.auth)
     self.linking_node.save()
     self.url = '/{}nodes/{}/linked_nodes/'.format(API_BASE,
                                                   self.linking_node._id)
     self.node_ids = [
         pointer.node._id for pointer in self.linking_node.nodes_pointer
     ]
    def test_remove_institution_not_admin_but_affiliated(self):
        node = NodeFactory(creator=self.user)
        user = AuthUserFactory()
        user.affiliated_institutions.append(self.institution)
        user.save()
        node.primary_institution = self.institution
        node.add_contributor(user, auth=Auth(self.user))
        node.save()

        res = self.app.put_json_api(
            '/{0}nodes/{1}/relationships/institution/'.format(
                API_BASE, node._id), {'data': None},
            auth=user.auth,
            expect_errors=True)

        assert_equal(res.status_code, 403)
        assert_equal(node.primary_institution, self.institution)
Exemple #30
0
 def setUp(self):
     super(TestComponents, self).setUp()
     self.user = AuthUserFactory()
     self.consolidate_auth = Auth(user=self.user)
     self.project = ProjectFactory(creator=self.user)
     self.project.add_contributor(contributor=self.user, auth=self.consolidate_auth)
     # A non-project componenet
     self.component = NodeFactory(
         category='hypothesis',
         creator=self.user,
         parent=self.project,
     )
     self.component.save()
     self.component.set_privacy('public', self.consolidate_auth)
     self.component.set_privacy('private', self.consolidate_auth)
     self.project.save()
     self.project_url = self.project.web_url_for('view_project')