class TestOsfStorageCheckout(StorageTestCase):
def setUp(self):
super(TestOsfStorageCheckout, self).setUp()
self.user = factories.AuthUserFactory()
self.node = ProjectFactory(creator=self.user)
self.osfstorage = self.node.get_addon('osfstorage')
self.root_node = self.osfstorage.get_root()
self.file = self.root_node.append_file('3005')
def test_delete_checked_out_file(self):
self.file.checkout = self.user
self.file.save()
with assert_raises(FileNodeCheckedOutError):
self.file.delete()
def test_delete_folder_with_checked_out_file(self):
folder = self.root_node.append_folder('folder')
self.file.move_under(folder)
self.file.checkout = self.user
self.file.save()
with assert_raises(FileNodeCheckedOutError):
folder.delete()
def test_move_checked_out_file(self):
self.file.checkout = self.user
self.file.save()
folder = self.root_node.append_folder('folder')
with assert_raises(FileNodeCheckedOutError):
self.file.move_under(folder)
def test_checked_out_merge(self):
user = factories.AuthUserFactory()
node = ProjectFactory(creator=user)
osfstorage = node.get_addon('osfstorage')
root_node = osfstorage.get_root()
file = root_node.append_file('test_file')
user_merge_target = factories.AuthUserFactory()
file.checkout = user
file.save()
user_merge_target.merge_user(user)
file.reload()
assert_equal(user_merge_target, file.checkout)
def test_remove_contributor_with_checked_file(self):
user = factories.AuthUserFactory()
self.node.contributors.append(user)
self.node.add_permission(user, 'admin')
self.node.visible_contributor_ids.append(user._id)
self.node.save()
self.file.checkout = self.user
self.file.save()
self.file.node.remove_contributors([self.user], save=True)
self.file.reload()
assert_equal(self.file.checkout, None)
class TestOsfStorageCheckout(StorageTestCase):
def setUp(self):
super(TestOsfStorageCheckout, self).setUp()
self.user = factories.AuthUserFactory()
self.node = ProjectFactory(creator=self.user)
self.osfstorage = self.node.get_addon('osfstorage')
self.root_node = self.osfstorage.get_root()
self.file = self.root_node.append_file('3005')
def test_delete_checked_out_file(self):
self.file.checkout = self.user
self.file.save()
with assert_raises(FileNodeCheckedOutError):
self.file.delete()
def test_delete_folder_with_checked_out_file(self):
folder = self.root_node.append_folder('folder')
self.file.move_under(folder)
self.file.checkout = self.user
self.file.save()
with assert_raises(FileNodeCheckedOutError):
folder.delete()
def test_move_checked_out_file(self):
self.file.checkout = self.user
self.file.save()
folder = self.root_node.append_folder('folder')
with assert_raises(FileNodeCheckedOutError):
self.file.move_under(folder)
def test_checked_out_merge(self):
user = factories.AuthUserFactory()
node = ProjectFactory(creator=user)
osfstorage = node.get_addon('osfstorage')
root_node = osfstorage.get_root()
file = root_node.append_file('test_file')
user_merge_target = factories.AuthUserFactory()
file.checkout = user
file.save()
user_merge_target.merge_user(user)
file.reload()
assert_equal(user_merge_target, file.checkout)
def test_remove_contributor_with_checked_file(self):
user = factories.AuthUserFactory()
self.node.contributors.append(user)
self.node.add_permission(user, 'admin')
self.node.visible_contributor_ids.append(user._id)
self.node.save()
self.file.checkout = self.user
self.file.save()
self.file.node.remove_contributors([self.user], save=True)
self.file.reload()
assert_equal(self.file.checkout, None)
def test_must_have_permission_true(self, mock_from_kwargs, mock_to_nodes):
project = ProjectFactory()
project.add_permission(project.creator, 'dance')
mock_from_kwargs.return_value = Auth(user=project.creator)
mock_to_nodes.return_value = (None, project)
thriller(node=project)
def test_must_have_permission_true(self, mock_from_kwargs, mock_to_nodes):
project = ProjectFactory()
project.add_permission(project.creator, 'dance')
mock_from_kwargs.return_value = Auth(user=project.creator)
mock_to_nodes.return_value = (None, project)
thriller(node=project)
class TestNodeContributorDelete(ApiTestCase):
def setUp(self):
super(TestNodeContributorDelete, self).setUp()
self.user = AuthUserFactory()
self.user_two = AuthUserFactory()
self.user_three = AuthUserFactory()
self.project = ProjectFactory(creator=self.user)
self.project.add_contributor(self.user_two, permissions=[permissions.READ, permissions.WRITE], visible=True, save=True)
self.url_user = '******'.format(API_BASE, self.project._id, self.user._id)
self.url_user_two = '/{}nodes/{}/contributors/{}/'.format(API_BASE, self.project._id, self.user_two._id)
self.url_user_three = '/{}nodes/{}/contributors/{}/'.format(API_BASE, self.project._id, self.user_three._id)
@assert_logs(NodeLog.CONTRIB_REMOVED, 'project')
def test_remove_contributor_admin(self):
res = self.app.delete(self.url_user_two, auth=self.user.auth)
assert_equal(res.status_code, 204)
self.project.reload()
assert_not_in(self.user_two, self.project.contributors)
def test_remove_contributor_non_admin_is_forbidden(self):
self.project.add_contributor(self.user_three, permissions=[permissions.READ, permissions.WRITE], visible=True, save=True)
res = self.app.delete(self.url_user_three, auth=self.user_two.auth, expect_errors=True)
assert_equal(res.status_code, 403)
self.project.reload()
assert_in(self.user_three, self.project.contributors)
@assert_logs(NodeLog.CONTRIB_REMOVED, 'project')
def test_remove_self_non_admin(self):
self.project.add_contributor(self.user_three, permissions=[permissions.READ, permissions.WRITE], visible=True, save=True)
res = self.app.delete(self.url_user_three, auth=self.user_three.auth)
assert_equal(res.status_code, 204)
self.project.reload()
assert_not_in(self.user_three, self.project.contributors)
def test_remove_contributor_non_contributor(self):
res = self.app.delete(self.url_user_two, auth=self.user_three.auth, expect_errors=True)
assert_equal(res.status_code, 403)
self.project.reload()
assert_in(self.user_two, self.project.contributors)
def test_remove_contributor_not_logged_in(self):
res = self.app.delete(self.url_user_two, expect_errors=True)
assert_equal(res.status_code, 401)
self.project.reload()
assert_in(self.user_two, self.project.contributors)
def test_remove_non_contributor_admin(self):
assert_not_in(self.user_three, self.project.contributors)
res = self.app.delete(self.url_user_three, auth=self.user.auth, expect_errors=True)
assert_equal(res.status_code, 404)
self.project.reload()
assert_not_in(self.user_three, self.project.contributors)
def test_remove_non_existing_user_admin(self):
url_user_fake = '/{}nodes/{}/contributors/{}/'.format(API_BASE, self.project._id, 'fake')
res = self.app.delete(url_user_fake, auth=self.user.auth, expect_errors=True)
assert_equal(res.status_code, 404)
@assert_logs(NodeLog.CONTRIB_REMOVED, 'project')
def test_remove_self_contributor_not_unique_admin(self):
self.project.add_permission(self.user_two, permissions.ADMIN, save=True)
res = self.app.delete(self.url_user, auth=self.user.auth)
assert_equal(res.status_code, 204)
self.project.reload()
assert_not_in(self.user, self.project.contributors)
@assert_logs(NodeLog.CONTRIB_REMOVED, 'project')
def test_can_remove_self_as_contributor_not_unique_admin(self):
self.project.add_permission(self.user_two, permissions.ADMIN, save=True)
res = self.app.delete(self.url_user_two, auth=self.user_two.auth)
assert_equal(res.status_code, 204)
self.project.reload()
assert_not_in(self.user_two, self.project.contributors)
def test_remove_self_contributor_unique_admin(self):
res = self.app.delete(self.url_user, auth=self.user.auth, expect_errors=True)
assert_equal(res.status_code, 400)
self.project.reload()
assert_in(self.user, self.project.contributors)
def test_can_not_remove_only_bibliographic_contributor(self):
self.project.add_permission(self.user_two, permissions.ADMIN, save=True)
self.project.set_visible(self.user_two, False, save=True)
res = self.app.delete(self.url_user, auth=self.user.auth, expect_errors=True)
assert_equal(res.status_code, 400)
self.project.reload()
assert_in(self.user, self.project.contributors)
class TestNodeContributorUpdate(ApiTestCase):
def setUp(self):
super(TestNodeContributorUpdate, self).setUp()
self.user = AuthUserFactory()
self.user_two = AuthUserFactory()
self.project = ProjectFactory(creator=self.user)
self.project.add_contributor(self.user_two, permissions=[permissions.READ, permissions.WRITE], visible=True, save=True)
self.url_creator = '/{}nodes/{}/contributors/{}/'.format(API_BASE, self.project._id, self.user._id)
self.url_contributor = '/{}nodes/{}/contributors/{}/'.format(API_BASE, self.project._id, self.user_two._id)
def test_node_update_invalid_data(self):
res = self.app.put_json_api(self.url_creator, "Incorrect data", auth=self.user.auth, expect_errors=True)
assert_equal(res.status_code, 400)
assert_equal(res.json['errors'][0]['detail'], "Malformed request.")
res = self.app.put_json_api(self.url_creator, ["Incorrect data"], auth=self.user.auth, expect_errors=True)
assert_equal(res.status_code, 400)
assert_equal(res.json['errors'][0]['detail'], "Malformed request.")
def test_change_contributor_no_id(self):
data = {
'data': {
'type': 'contributors',
'attributes': {
'permission': permissions.ADMIN,
'bibliographic': True
}
}
}
res = self.app.put_json_api(self.url_contributor, data, auth=self.user.auth, expect_errors=True)
assert_equal(res.status_code, 400)
def test_change_contributor_incorrect_id(self):
data = {
'data': {
'id': '12345',
'type': 'contributors',
'attributes': {
'permission': permissions.ADMIN,
'bibliographic': True
}
}
}
res = self.app.put_json_api(self.url_contributor, data, auth=self.user.auth, expect_errors=True)
assert_equal(res.status_code, 409)
def test_change_contributor_no_type(self):
data = {
'data': {
'id': self.user_two._id,
'attributes': {
'permission': permissions.ADMIN,
'bibliographic': True
}
}
}
res = self.app.put_json_api(self.url_contributor, data, auth=self.user.auth, expect_errors=True)
assert_equal(res.status_code, 400)
def test_change_contributor_incorrect_type(self):
data = {
'data': {
'id': self.user_two._id,
'type': 'Wrong type.',
'attributes': {
'permission': permissions.ADMIN,
'bibliographic': True
}
}
}
res = self.app.put_json_api(self.url_contributor, data, auth=self.user.auth, expect_errors=True)
assert_equal(res.status_code, 409)
@assert_logs(NodeLog.PERMISSIONS_UPDATED, 'project', -3)
@assert_logs(NodeLog.PERMISSIONS_UPDATED, 'project', -2)
@assert_logs(NodeLog.PERMISSIONS_UPDATED, 'project')
def test_change_contributor_permissions(self):
data = {
'data': {
'id': self.user_two._id,
'type': 'contributors',
'attributes': {
'permission': permissions.ADMIN,
'bibliographic': True
}
}
}
res = self.app.put_json_api(self.url_contributor, data, auth=self.user.auth)
assert_equal(res.status_code, 200)
attributes = res.json['data']['attributes']
assert_equal(attributes['permission'], permissions.ADMIN)
self.project.reload()
assert_equal(self.project.get_permissions(self.user_two), [permissions.READ, permissions.WRITE, permissions.ADMIN])
data = {
'data': {
'id': self.user_two._id,
'type': 'contributors',
'attributes': {
'permission': permissions.WRITE,
'bibliographic': True
}
}
}
res = self.app.put_json_api(self.url_contributor, data, auth=self.user.auth)
assert_equal(res.status_code, 200)
attributes = res.json['data']['attributes']
assert_equal(attributes['permission'], permissions.WRITE)
self.project.reload()
assert_equal(self.project.get_permissions(self.user_two), [permissions.READ, permissions.WRITE])
data = {
'data': {
'id': self.user_two._id,
'type': 'contributors',
'attributes': {
'permission': permissions.READ,
'bibliographic': True
}
}
}
res = self.app.put_json_api(self.url_contributor, data, auth=self.user.auth)
assert_equal(res.status_code, 200)
attributes = res.json['data']['attributes']
assert_equal(attributes['permission'], permissions.READ)
self.project.reload()
assert_equal(self.project.get_permissions(self.user_two), [permissions.READ])
@assert_logs(NodeLog.MADE_CONTRIBUTOR_INVISIBLE, 'project', -2)
@assert_logs(NodeLog.MADE_CONTRIBUTOR_VISIBLE, 'project')
def test_change_contributor_bibliographic(self):
data = {
'data': {
'id': self.user_two._id,
'type': 'contributors',
'attributes': {
'bibliographic': False
}
}
}
res = self.app.put_json_api(self.url_contributor, data, auth=self.user.auth)
assert_equal(res.status_code, 200)
attributes = res.json['data']['attributes']
assert_equal(attributes['bibliographic'], False)
self.project.reload()
assert_false(self.project.get_visible(self.user_two))
data = {
'data': {
'id': self.user_two._id,
'type': 'contributors',
'attributes': {
'bibliographic': True
}
}
}
res = self.app.put_json_api(self.url_contributor, data, auth=self.user.auth)
assert_equal(res.status_code, 200)
attributes = res.json['data']['attributes']
assert_equal(attributes['bibliographic'], True)
self.project.reload()
assert_true(self.project.get_visible(self.user_two))
@assert_logs(NodeLog.PERMISSIONS_UPDATED, 'project', -2)
@assert_logs(NodeLog.MADE_CONTRIBUTOR_INVISIBLE, 'project')
def test_change_contributor_permission_and_bibliographic(self):
data = {
'data': {
'id': self.user_two._id,
'type': 'contributors',
'attributes': {
'permission': permissions.READ,
'bibliographic': False
}
}
}
res = self.app.put_json_api(self.url_contributor, data, auth=self.user.auth)
assert_equal(res.status_code, 200)
attributes = res.json['data']['attributes']
assert_equal(attributes['permission'], permissions.READ)
assert_equal(attributes['bibliographic'], False)
self.project.reload()
assert_equal(self.project.get_permissions(self.user_two), [permissions.READ])
assert_false(self.project.get_visible(self.user_two))
@assert_not_logs(NodeLog.PERMISSIONS_UPDATED, 'project')
def test_not_change_contributor(self):
data = {
'data': {
'id': self.user_two._id,
'type': 'contributors',
'attributes': {
'permission': None,
'bibliographic': True
}
}
}
res = self.app.put_json_api(self.url_contributor, data, auth=self.user.auth)
assert_equal(res.status_code, 200)
attributes = res.json['data']['attributes']
assert_equal(attributes['permission'], permissions.WRITE)
assert_equal(attributes['bibliographic'], True)
self.project.reload()
assert_equal(self.project.get_permissions(self.user_two), [permissions.READ, permissions.WRITE])
assert_true(self.project.get_visible(self.user_two))
def test_invalid_change_inputs_contributor(self):
data = {
'data': {
'id': self.user_two._id,
'type': 'contributors',
'attributes': {
'permission': 'invalid',
'bibliographic': 'invalid'
}
}
}
res = self.app.put_json_api(self.url_contributor, data, auth=self.user.auth, expect_errors=True)
assert_equal(res.status_code, 400)
assert_equal(self.project.get_permissions(self.user_two), [permissions.READ, permissions.WRITE])
assert_true(self.project.get_visible(self.user_two))
@assert_logs(NodeLog.PERMISSIONS_UPDATED, 'project')
def test_change_admin_self_with_other_admin(self):
self.project.add_permission(self.user_two, permissions.ADMIN, save=True)
data = {
'data': {
'id': self.user._id,
'type': 'contributors',
'attributes': {
'permission': permissions.WRITE,
'bibliographic': True
}
}
}
res = self.app.put_json_api(self.url_creator, data, auth=self.user.auth)
assert_equal(res.status_code, 200)
attributes = res.json['data']['attributes']
assert_equal(attributes['permission'], permissions.WRITE)
self.project.reload()
assert_equal(self.project.get_permissions(self.user), [permissions.READ, permissions.WRITE])
def test_change_admin_self_without_other_admin(self):
data = {
'data': {
'id': self.user._id,
'type': 'contributors',
'attributes': {
'permission': permissions.WRITE,
'bibliographic': True
}
}
}
res = self.app.put_json_api(self.url_creator, data, auth=self.user.auth, expect_errors=True)
assert_equal(res.status_code, 400)
self.project.reload()
assert_equal(self.project.get_permissions(self.user), [permissions.READ, permissions.WRITE, permissions.ADMIN])
def test_remove_all_bibliographic_statuses_contributors(self):
self.project.set_visible(self.user_two, False, save=True)
data = {
'data': {
'id': self.user._id,
'type': 'contributors',
'attributes': {
'bibliographic': False
}
}
}
res = self.app.put_json_api(self.url_creator, data, auth=self.user.auth, expect_errors=True)
assert_equal(res.status_code, 400)
self.project.reload()
assert_true(self.project.get_visible(self.user))
def test_change_contributor_non_admin_auth(self):
data = {
'data': {
'id': self.user_two._id,
'type': 'contributors',
'attributes': {
'permission': permissions.READ,
'bibliographic': False
}
}
}
res = self.app.put_json_api(self.url_contributor, data, auth=self.user_two.auth, expect_errors=True)
assert_equal(res.status_code, 403)
self.project.reload()
assert_equal(self.project.get_permissions(self.user_two), [permissions.READ, permissions.WRITE])
assert_true(self.project.get_visible(self.user_two))
def test_change_contributor_not_logged_in(self):
data = {
'data': {
'id': self.user_two._id,
'type': 'contributors',
'attributes': {
'permission': permissions.READ,
'bibliographic': False
}
}
}
res = self.app.put_json_api(self.url_contributor, data, expect_errors=True)
assert_equal(res.status_code, 401)
self.project.reload()
assert_equal(self.project.get_permissions(self.user_two), [permissions.READ, permissions.WRITE])
assert_true(self.project.get_visible(self.user_two))
class TestNodeContributorDelete(ApiTestCase):
def setUp(self):
super(TestNodeContributorDelete, self).setUp()
self.user = AuthUserFactory()
self.user_two = AuthUserFactory()
self.user_three = AuthUserFactory()
self.project = ProjectFactory(creator=self.user)
self.project.add_contributor(self.user_two, permissions=[permissions.READ, permissions.WRITE], visible=True, save=True)
self.url_user = '******'.format(API_BASE, self.project._id, self.user._id)
self.url_user_two = '/{}nodes/{}/contributors/{}/'.format(API_BASE, self.project._id, self.user_two._id)
self.url_user_three = '/{}nodes/{}/contributors/{}/'.format(API_BASE, self.project._id, self.user_three._id)
@assert_logs(NodeLog.CONTRIB_REMOVED, 'project')
def test_remove_contributor_admin(self):
res = self.app.delete(self.url_user_two, auth=self.user.auth)
assert_equal(res.status_code, 204)
self.project.reload()
assert_not_in(self.user_two, self.project.contributors)
def test_remove_contributor_non_admin_is_forbidden(self):
self.project.add_contributor(self.user_three, permissions=[permissions.READ, permissions.WRITE], visible=True, save=True)
res = self.app.delete(self.url_user_three, auth=self.user_two.auth, expect_errors=True)
assert_equal(res.status_code, 403)
self.project.reload()
assert_in(self.user_three, self.project.contributors)
@assert_logs(NodeLog.CONTRIB_REMOVED, 'project')
def test_remove_self_non_admin(self):
self.project.add_contributor(self.user_three, permissions=[permissions.READ, permissions.WRITE], visible=True, save=True)
res = self.app.delete(self.url_user_three, auth=self.user_three.auth)
assert_equal(res.status_code, 204)
self.project.reload()
assert_not_in(self.user_three, self.project.contributors)
def test_remove_contributor_non_contributor(self):
res = self.app.delete(self.url_user_two, auth=self.user_three.auth, expect_errors=True)
assert_equal(res.status_code, 403)
self.project.reload()
assert_in(self.user_two, self.project.contributors)
def test_remove_contributor_not_logged_in(self):
res = self.app.delete(self.url_user_two, expect_errors=True)
assert_equal(res.status_code, 401)
self.project.reload()
assert_in(self.user_two, self.project.contributors)
def test_remove_non_contributor_admin(self):
assert_not_in(self.user_three, self.project.contributors)
res = self.app.delete(self.url_user_three, auth=self.user.auth, expect_errors=True)
assert_equal(res.status_code, 404)
self.project.reload()
assert_not_in(self.user_three, self.project.contributors)
def test_remove_non_existing_user_admin(self):
url_user_fake = '/{}nodes/{}/contributors/{}/'.format(API_BASE, self.project._id, 'fake')
res = self.app.delete(url_user_fake, auth=self.user.auth, expect_errors=True)
assert_equal(res.status_code, 404)
@assert_logs(NodeLog.CONTRIB_REMOVED, 'project')
def test_remove_self_contributor_not_unique_admin(self):
self.project.add_permission(self.user_two, permissions.ADMIN, save=True)
res = self.app.delete(self.url_user, auth=self.user.auth)
assert_equal(res.status_code, 204)
self.project.reload()
assert_not_in(self.user, self.project.contributors)
@assert_logs(NodeLog.CONTRIB_REMOVED, 'project')
def test_can_remove_self_as_contributor_not_unique_admin(self):
self.project.add_permission(self.user_two, permissions.ADMIN, save=True)
res = self.app.delete(self.url_user_two, auth=self.user_two.auth)
assert_equal(res.status_code, 204)
self.project.reload()
assert_not_in(self.user_two, self.project.contributors)
def test_remove_self_contributor_unique_admin(self):
res = self.app.delete(self.url_user, auth=self.user.auth, expect_errors=True)
assert_equal(res.status_code, 400)
self.project.reload()
assert_in(self.user, self.project.contributors)
def test_can_not_remove_only_bibliographic_contributor(self):
self.project.add_permission(self.user_two, permissions.ADMIN, save=True)
self.project.set_visible(self.user_two, False, save=True)
res = self.app.delete(self.url_user, auth=self.user.auth, expect_errors=True)
assert_equal(res.status_code, 400)
self.project.reload()
assert_in(self.user, self.project.contributors)
class TestNodeContributorUpdate(ApiTestCase):
def setUp(self):
super(TestNodeContributorUpdate, self).setUp()
self.user = AuthUserFactory()
self.user_two = AuthUserFactory()
self.project = ProjectFactory(creator=self.user)
self.project.add_contributor(self.user_two, permissions=[permissions.READ, permissions.WRITE], visible=True, save=True)
self.url_creator = '/{}nodes/{}/contributors/{}/'.format(API_BASE, self.project._id, self.user._id)
self.url_contributor = '/{}nodes/{}/contributors/{}/'.format(API_BASE, self.project._id, self.user_two._id)
def test_node_update_invalid_data(self):
res = self.app.put_json_api(self.url_creator, "Incorrect data", auth=self.user.auth, expect_errors=True)
assert_equal(res.status_code, 400)
assert_equal(res.json['errors'][0]['detail'], "Malformed request.")
res = self.app.put_json_api(self.url_creator, ["Incorrect data"], auth=self.user.auth, expect_errors=True)
assert_equal(res.status_code, 400)
assert_equal(res.json['errors'][0]['detail'], "Malformed request.")
def test_change_contributor_no_id(self):
data = {
'data': {
'type': 'contributors',
'attributes': {
'permission': permissions.ADMIN,
'bibliographic': True
}
}
}
res = self.app.put_json_api(self.url_contributor, data, auth=self.user.auth, expect_errors=True)
assert_equal(res.status_code, 400)
def test_change_contributor_incorrect_id(self):
data = {
'data': {
'id': '12345',
'type': 'contributors',
'attributes': {
'permission': permissions.ADMIN,
'bibliographic': True
}
}
}
res = self.app.put_json_api(self.url_contributor, data, auth=self.user.auth, expect_errors=True)
assert_equal(res.status_code, 409)
def test_change_contributor_no_type(self):
data = {
'data': {
'id': self.user_two._id,
'attributes': {
'permission': permissions.ADMIN,
'bibliographic': True
}
}
}
res = self.app.put_json_api(self.url_contributor, data, auth=self.user.auth, expect_errors=True)
assert_equal(res.status_code, 400)
def test_change_contributor_incorrect_type(self):
data = {
'data': {
'id': self.user_two._id,
'type': 'Wrong type.',
'attributes': {
'permission': permissions.ADMIN,
'bibliographic': True
}
}
}
res = self.app.put_json_api(self.url_contributor, data, auth=self.user.auth, expect_errors=True)
assert_equal(res.status_code, 409)
@assert_logs(NodeLog.PERMISSIONS_UPDATED, 'project', -3)
@assert_logs(NodeLog.PERMISSIONS_UPDATED, 'project', -2)
@assert_logs(NodeLog.PERMISSIONS_UPDATED, 'project')
def test_change_contributor_permissions(self):
data = {
'data': {
'id': self.user_two._id,
'type': 'contributors',
'attributes': {
'permission': permissions.ADMIN,
'bibliographic': True
}
}
}
res = self.app.put_json_api(self.url_contributor, data, auth=self.user.auth)
assert_equal(res.status_code, 200)
attributes = res.json['data']['attributes']
assert_equal(attributes['permission'], permissions.ADMIN)
self.project.reload()
assert_equal(self.project.get_permissions(self.user_two), [permissions.READ, permissions.WRITE, permissions.ADMIN])
data = {
'data': {
'id': self.user_two._id,
'type': 'contributors',
'attributes': {
'permission': permissions.WRITE,
'bibliographic': True
}
}
}
res = self.app.put_json_api(self.url_contributor, data, auth=self.user.auth)
assert_equal(res.status_code, 200)
attributes = res.json['data']['attributes']
assert_equal(attributes['permission'], permissions.WRITE)
self.project.reload()
assert_equal(self.project.get_permissions(self.user_two), [permissions.READ, permissions.WRITE])
data = {
'data': {
'id': self.user_two._id,
'type': 'contributors',
'attributes': {
'permission': permissions.READ,
'bibliographic': True
}
}
}
res = self.app.put_json_api(self.url_contributor, data, auth=self.user.auth)
assert_equal(res.status_code, 200)
attributes = res.json['data']['attributes']
assert_equal(attributes['permission'], permissions.READ)
self.project.reload()
assert_equal(self.project.get_permissions(self.user_two), [permissions.READ])
@assert_logs(NodeLog.MADE_CONTRIBUTOR_INVISIBLE, 'project', -2)
@assert_logs(NodeLog.MADE_CONTRIBUTOR_VISIBLE, 'project')
def test_change_contributor_bibliographic(self):
data = {
'data': {
'id': self.user_two._id,
'type': 'contributors',
'attributes': {
'bibliographic': False
}
}
}
res = self.app.put_json_api(self.url_contributor, data, auth=self.user.auth)
assert_equal(res.status_code, 200)
attributes = res.json['data']['attributes']
assert_equal(attributes['bibliographic'], False)
self.project.reload()
assert_false(self.project.get_visible(self.user_two))
data = {
'data': {
'id': self.user_two._id,
'type': 'contributors',
'attributes': {
'bibliographic': True
}
}
}
res = self.app.put_json_api(self.url_contributor, data, auth=self.user.auth)
assert_equal(res.status_code, 200)
attributes = res.json['data']['attributes']
assert_equal(attributes['bibliographic'], True)
self.project.reload()
assert_true(self.project.get_visible(self.user_two))
@assert_logs(NodeLog.PERMISSIONS_UPDATED, 'project', -2)
@assert_logs(NodeLog.MADE_CONTRIBUTOR_INVISIBLE, 'project')
def test_change_contributor_permission_and_bibliographic(self):
data = {
'data': {
'id': self.user_two._id,
'type': 'contributors',
'attributes': {
'permission': permissions.READ,
'bibliographic': False
}
}
}
res = self.app.put_json_api(self.url_contributor, data, auth=self.user.auth)
assert_equal(res.status_code, 200)
attributes = res.json['data']['attributes']
assert_equal(attributes['permission'], permissions.READ)
assert_equal(attributes['bibliographic'], False)
self.project.reload()
assert_equal(self.project.get_permissions(self.user_two), [permissions.READ])
assert_false(self.project.get_visible(self.user_two))
@assert_not_logs(NodeLog.PERMISSIONS_UPDATED, 'project')
def test_not_change_contributor(self):
data = {
'data': {
'id': self.user_two._id,
'type': 'contributors',
'attributes': {
'permission': None,
'bibliographic': True
}
}
}
res = self.app.put_json_api(self.url_contributor, data, auth=self.user.auth)
assert_equal(res.status_code, 200)
attributes = res.json['data']['attributes']
assert_equal(attributes['permission'], permissions.WRITE)
assert_equal(attributes['bibliographic'], True)
self.project.reload()
assert_equal(self.project.get_permissions(self.user_two), [permissions.READ, permissions.WRITE])
assert_true(self.project.get_visible(self.user_two))
def test_invalid_change_inputs_contributor(self):
data = {
'data': {
'id': self.user_two._id,
'type': 'contributors',
'attributes': {
'permission': 'invalid',
'bibliographic': 'invalid'
}
}
}
res = self.app.put_json_api(self.url_contributor, data, auth=self.user.auth, expect_errors=True)
assert_equal(res.status_code, 400)
assert_equal(self.project.get_permissions(self.user_two), [permissions.READ, permissions.WRITE])
assert_true(self.project.get_visible(self.user_two))
@assert_logs(NodeLog.PERMISSIONS_UPDATED, 'project')
def test_change_admin_self_with_other_admin(self):
self.project.add_permission(self.user_two, permissions.ADMIN, save=True)
data = {
'data': {
'id': self.user._id,
'type': 'contributors',
'attributes': {
'permission': permissions.WRITE,
'bibliographic': True
}
}
}
res = self.app.put_json_api(self.url_creator, data, auth=self.user.auth)
assert_equal(res.status_code, 200)
attributes = res.json['data']['attributes']
assert_equal(attributes['permission'], permissions.WRITE)
self.project.reload()
assert_equal(self.project.get_permissions(self.user), [permissions.READ, permissions.WRITE])
def test_change_admin_self_without_other_admin(self):
data = {
'data': {
'id': self.user._id,
'type': 'contributors',
'attributes': {
'permission': permissions.WRITE,
'bibliographic': True
}
}
}
res = self.app.put_json_api(self.url_creator, data, auth=self.user.auth, expect_errors=True)
assert_equal(res.status_code, 400)
self.project.reload()
assert_equal(self.project.get_permissions(self.user), [permissions.READ, permissions.WRITE, permissions.ADMIN])
def test_remove_all_bibliographic_statuses_contributors(self):
self.project.set_visible(self.user_two, False, save=True)
data = {
'data': {
'id': self.user._id,
'type': 'contributors',
'attributes': {
'bibliographic': False
}
}
}
res = self.app.put_json_api(self.url_creator, data, auth=self.user.auth, expect_errors=True)
assert_equal(res.status_code, 400)
self.project.reload()
assert_true(self.project.get_visible(self.user))
def test_change_contributor_non_admin_auth(self):
data = {
'data': {
'id': self.user_two._id,
'type': 'contributors',
'attributes': {
'permission': permissions.READ,
'bibliographic': False
}
}
}
res = self.app.put_json_api(self.url_contributor, data, auth=self.user_two.auth, expect_errors=True)
assert_equal(res.status_code, 403)
self.project.reload()
assert_equal(self.project.get_permissions(self.user_two), [permissions.READ, permissions.WRITE])
assert_true(self.project.get_visible(self.user_two))
def test_change_contributor_not_logged_in(self):
data = {
'data': {
'id': self.user_two._id,
'type': 'contributors',
'attributes': {
'permission': permissions.READ,
'bibliographic': False
}
}
}
res = self.app.put_json_api(self.url_contributor, data, expect_errors=True)
assert_equal(res.status_code, 401)
self.project.reload()
assert_equal(self.project.get_permissions(self.user_two), [permissions.READ, permissions.WRITE])
assert_true(self.project.get_visible(self.user_two))
class TestOsfStorageCheckout(StorageTestCase):
def setUp(self):
super(TestOsfStorageCheckout, self).setUp()
self.user = factories.AuthUserFactory()
self.node = ProjectFactory(creator=self.user)
self.osfstorage = self.node.get_addon("osfstorage")
self.root_node = self.osfstorage.get_root()
self.file = self.root_node.append_file("3005")
def test_checkout_logs(self):
non_admin = factories.AuthUserFactory()
self.node.add_contributor(non_admin, permissions=["read", "write"])
self.node.save()
self.file.check_in_or_out(non_admin, non_admin, save=True)
self.file.reload()
self.node.reload()
assert_equal(self.file.checkout, non_admin)
assert_equal(self.node.logs[-1].action, "checked_out")
assert_equal(self.node.logs[-1].user, non_admin)
self.file.check_in_or_out(self.user, None, save=True)
self.file.reload()
self.node.reload()
assert_equal(self.file.checkout, None)
assert_equal(self.node.logs[-1].action, "checked_in")
assert_equal(self.node.logs[-1].user, self.user)
self.file.check_in_or_out(self.user, self.user, save=True)
self.file.reload()
self.node.reload()
assert_equal(self.file.checkout, self.user)
assert_equal(self.node.logs[-1].action, "checked_out")
assert_equal(self.node.logs[-1].user, self.user)
with assert_raises(FileNodeCheckedOutError):
self.file.check_in_or_out(non_admin, None, save=True)
with assert_raises(FileNodeCheckedOutError):
self.file.check_in_or_out(non_admin, non_admin, save=True)
def test_delete_checked_out_file(self):
self.file.check_in_or_out(self.user, self.user, save=True)
self.file.reload()
assert_equal(self.file.checkout, self.user)
with assert_raises(FileNodeCheckedOutError):
self.file.delete()
def test_delete_folder_with_checked_out_file(self):
folder = self.root_node.append_folder("folder")
self.file.move_under(folder)
self.file.check_in_or_out(self.user, self.user, save=True)
self.file.reload()
assert_equal(self.file.checkout, self.user)
with assert_raises(FileNodeCheckedOutError):
folder.delete()
def test_move_checked_out_file(self):
self.file.check_in_or_out(self.user, self.user, save=True)
self.file.reload()
assert_equal(self.file.checkout, self.user)
folder = self.root_node.append_folder("folder")
with assert_raises(FileNodeCheckedOutError):
self.file.move_under(folder)
def test_checked_out_merge(self):
user = factories.AuthUserFactory()
node = ProjectFactory(creator=user)
osfstorage = node.get_addon("osfstorage")
root_node = osfstorage.get_root()
file = root_node.append_file("test_file")
user_merge_target = factories.AuthUserFactory()
file.check_in_or_out(user, user, save=True)
file.reload()
assert_equal(file.checkout, user)
user_merge_target.merge_user(user)
file.reload()
assert_equal(user_merge_target, file.checkout)
def test_remove_contributor_with_checked_file(self):
user = factories.AuthUserFactory()
self.node.contributors.append(user)
self.node.add_permission(user, "admin")
self.node.visible_contributor_ids.append(user._id)
self.node.save()
self.file.check_in_or_out(self.user, self.user, save=True)
self.file.reload()
assert_equal(self.file.checkout, self.user)
self.file.node.remove_contributors([self.user], save=True)
self.file.reload()
assert_equal(self.file.checkout, None)
