def test_creation(app, db, users, record_example):
"""Test link creation."""
mock_link_created = Mock()
pid_value, record = record_example
with app.test_request_context():
with link_created.connected_to(mock_link_created):
datastore = current_app.extensions['security'].datastore
receiver = datastore.get_user(users['receiver']['id'])
l = SecretLink.create("Test title",
receiver,
dict(recid=pid_value),
description="Test description")
assert l.title == "Test title"
assert l.description == "Test description"
assert l.expires_at is None
assert l.token != ''
assert mock_link_created.called
db.session.commit()
l = SecretLink.query.get(l.id)
assert SecretLink.validate_token(
l.token,
dict(recid=pid_value),
)
assert not SecretLink.validate_token(l.token, dict(recid='-1'))
def has_access(user=None, record=None):
"""Check whether the user has access to the record.
The rules followed are:
1. Open Access records can be viewed by everyone.
2. Embargoed, Restricted and Closed records can be viewed by
the record owners.
3. Administrators can view every record.
"""
if AccessRight.get(record['access_right'], record.get('embargo_date')) \
== AccessRight.OPEN:
return True
user_id = int(user.get_id()) if user.is_authenticated else None
if user_id in record.get('owners', []):
return True
if DynamicPermission(ActionNeed('admin-access')):
return True
try:
token = session['accessrequests-secret-token']
recid = record['recid']
if SecretLink.validate_token(token, dict(recid=int(recid))):
return True
else:
del session['accessrequests-secret-token']
except KeyError:
pass
return False
def has_read_files_permission(user, record):
"""Check if user has read access to the record."""
# Allow if record is open access
if AccessRight.get(
record.get('access_right', 'closed'),
record.get('embargo_date')) == AccessRight.OPEN:
return True
# Allow token bearers
token = session.get('accessrequests-secret-token')
if token and SecretLink.validate_token(
token, dict(recid=int(record['recid']))):
return True
# Check for a resource access token
rat_token = request.args.get('token')
if rat_token:
rat_signer, payload = decode_rat(rat_token)
rat_deposit_id = payload.get('deposit_id')
rat_access = payload.get('access')
deposit_id = record.get('_deposit', {}).get('id')
if rat_deposit_id == deposit_id and rat_access == 'read':
return has_update_permission(rat_signer, record)
return has_update_permission(user, record)
def test_expired(self):
"""Test link expiry date."""
from zenodo_accessrequests.models import SecretLink
l = SecretLink.create(
"Test title", self.receiver, dict(recid=123456),
description="Test description",
expires_at=datetime.now()-timedelta(days=1))
assert l.is_expired()
assert not l.is_valid()
l = SecretLink.create(
"Test title", self.receiver, dict(recid=123456),
description="Test description",
expires_at=datetime.now()+timedelta(days=1))
assert not l.is_expired()
assert l.is_valid()
def test_get_absolute_url(self):
"""Test absolute url."""
from zenodo_accessrequests.models import SecretLink
l = SecretLink.create("Testing", self.receiver, dict(recid=1))
url = l.get_absolute_url('record.metadata')
assert "/record/1?" in url
assert "token={0}".format(l.token) in url
def test_get_absolute_url(self):
"""Test absolute url."""
from zenodo_accessrequests.models import SecretLink
l = SecretLink.create("Testing", self.receiver, dict(recid=1))
url = l.get_absolute_url('record.metadata')
assert "/record/1?" in url
assert "token={0}".format(l.token) in url
def test_get_absolute_url(app, db, users):
"""Test absolute url."""
with app.test_request_context():
datastore = current_app.extensions['security'].datastore
receiver = datastore.get_user(users['receiver']['id'])
l = SecretLink.create("Testing", receiver, dict(recid='1'))
url = l.get_absolute_url('invenio_records_ui.recid')
assert "/records/1?" in url
assert "token={0}".format(l.token) in url
def test_get_absolute_url(app, db, users):
"""Test absolute url."""
with app.test_request_context():
datastore = current_app.extensions['security'].datastore
receiver = datastore.get_user(users['receiver']['id'])
l = SecretLink.create("Testing", receiver, dict(recid='1'))
url = l.get_absolute_url('invenio_records_ui.recid')
assert "/records/1?" in url
assert "token={0}".format(l.token) in url
def test_creation(self):
"""Test link creation."""
from zenodo_accessrequests.models import SecretLink
from zenodo_accessrequests.signals import \
link_created
with link_created.connected_to(self.get_receiver('created')):
l = SecretLink.create("Test title", self.receiver, dict(recid=1),
description="Test description")
self.assertEqual(l.title, "Test title")
self.assertEqual(l.description, "Test description")
self.assertIsNone(l.expires_at)
self.assertNotEqual(l.token, "")
self.assertIsNotNone(self.called['created'])
assert SecretLink.validate_token(l.token, dict(recid=1),)
assert not SecretLink.validate_token(l.token, dict(recid=2))
def test_expired(self):
"""Test link expiry date."""
from zenodo_accessrequests.models import SecretLink
l = SecretLink.create("Test title",
self.receiver,
dict(recid=123456),
description="Test description",
expires_at=datetime.now() - timedelta(days=1))
assert l.is_expired()
assert not l.is_valid()
l = SecretLink.create("Test title",
self.receiver,
dict(recid=123456),
description="Test description",
expires_at=datetime.now() + timedelta(days=1))
assert not l.is_expired()
assert l.is_valid()
def test_expired(app, db, users):
"""Test link expiry date."""
with app.test_request_context():
datastore = current_app.extensions['security'].datastore
receiver = datastore.get_user(users['receiver']['id'])
l = SecretLink.create(
"Test title", receiver, dict(recid='123456'),
description="Test description",
expires_at=datetime.utcnow() - timedelta(days=1))
assert l.is_expired()
assert not l.is_valid()
l = SecretLink.create(
"Test title", receiver, dict(recid='123456'),
description="Test description",
expires_at=datetime.utcnow() + timedelta(days=1))
assert not l.is_expired()
assert l.is_valid()
def test_expired(app, db, users):
"""Test link expiry date."""
with app.test_request_context():
datastore = current_app.extensions['security'].datastore
receiver = datastore.get_user(users['receiver']['id'])
l = SecretLink.create("Test title",
receiver,
dict(recid='123456'),
description="Test description",
expires_at=datetime.utcnow() - timedelta(days=1))
assert l.is_expired()
assert not l.is_valid()
l = SecretLink.create("Test title",
receiver,
dict(recid='123456'),
description="Test description",
expires_at=datetime.utcnow() + timedelta(days=1))
assert not l.is_expired()
assert l.is_valid()
def has_read_permission(user, record):
"""Check if user has read access to the record."""
# Allow if record is open access
if AccessRight.get(record['access_right'], record.get('embargo_date')) \
== AccessRight.OPEN:
return True
# Allow token bearers
token = session.get('accessrequests-secret-token')
if token and SecretLink.validate_token(
token, dict(recid=int(record['recid']))):
return True
return has_update_permission(user, record)
def has_read_files_permission(user, record):
"""Check if user has read access to the record."""
# Allow if record is open access
if AccessRight.get(record.get('access_right', 'closed'),
record.get('embargo_date')) == AccessRight.OPEN:
return True
# Allow token bearers
token = session.get('accessrequests-secret-token')
if token and SecretLink.validate_token(token,
dict(recid=int(record['recid']))):
return True
return has_update_permission(user, record)
def test_creation(self):
"""Test link creation."""
from zenodo_accessrequests.models import SecretLink
from zenodo_accessrequests.signals import \
link_created
with link_created.connected_to(self.get_receiver('created')):
l = SecretLink.create("Test title",
self.receiver,
dict(recid=1),
description="Test description")
self.assertEqual(l.title, "Test title")
self.assertEqual(l.description, "Test description")
self.assertIsNone(l.expires_at)
self.assertNotEqual(l.token, "")
self.assertIsNotNone(self.called['created'])
assert SecretLink.validate_token(
l.token,
dict(recid=1),
)
assert not SecretLink.validate_token(l.token, dict(recid=2))
def test_creation(app, db, users, record_example):
"""Test link creation."""
mock_link_created = Mock()
pid_value, record = record_example
with app.test_request_context():
with link_created.connected_to(mock_link_created):
datastore = current_app.extensions['security'].datastore
receiver = datastore.get_user(users['receiver']['id'])
l = SecretLink.create("Test title", receiver,
dict(recid=pid_value),
description="Test description")
assert l.title == "Test title"
assert l.description == "Test description"
assert l.expires_at is None
assert l.token != ''
assert mock_link_created.called
db.session.commit()
l = SecretLink.query.get(l.id)
assert SecretLink.validate_token(l.token, dict(recid=pid_value),)
assert not SecretLink.validate_token(l.token, dict(recid='-1'))
def test_query_by_owner(self):
"""Test query by owner."""
from zenodo_accessrequests.models import SecretLink
self.assertEqual(SecretLink.query_by_owner(self.receiver).count(), 0)
self.assertEqual(SecretLink.query_by_owner(self.sender).count(), 0)
SecretLink.create("Testing", self.receiver, dict(recid=1))
self.assertEqual(SecretLink.query_by_owner(self.receiver).count(), 1)
self.assertEqual(SecretLink.query_by_owner(self.sender).count(), 0)
def test_query_by_owner(app, db, users):
"""Test query by owner."""
with app.test_request_context():
datastore = current_app.extensions['security'].datastore
receiver = datastore.get_user(users['receiver']['id'])
sender = datastore.get_user(users['sender']['id'])
assert SecretLink.query_by_owner(receiver).count() == 0
assert SecretLink.query_by_owner(sender).count() == 0
SecretLink.create("Testing", receiver, dict(recid='1'))
assert SecretLink.query_by_owner(receiver).count() == 1
assert SecretLink.query_by_owner(sender).count() == 0
def test_query_by_owner(app, db, users):
"""Test query by owner."""
with app.test_request_context():
datastore = current_app.extensions['security'].datastore
receiver = datastore.get_user(users['receiver']['id'])
sender = datastore.get_user(users['sender']['id'])
assert SecretLink.query_by_owner(receiver).count() == 0
assert SecretLink.query_by_owner(sender).count() == 0
SecretLink.create("Testing", receiver, dict(recid='1'))
assert SecretLink.query_by_owner(receiver).count() == 1
assert SecretLink.query_by_owner(sender).count() == 0
def test_revoked(app, db, users):
"""Test link revocation."""
mock_link_revoked = Mock()
with app.test_request_context():
with link_revoked.connected_to(mock_link_revoked):
datastore = current_app.extensions['security'].datastore
receiver = datastore.get_user(users['receiver']['id'])
l = SecretLink.create("Test title",
receiver,
dict(recid='123456'),
description="Test description")
assert not l.is_revoked()
assert l.is_valid()
l.revoke()
assert l.is_revoked()
assert not l.is_valid()
assert mock_link_revoked.called
assert l.revoke() is False
def test_revoked(self):
"""Test link revocation."""
from zenodo_accessrequests.models import SecretLink
from zenodo_accessrequests.signals import \
link_revoked
with link_revoked.connected_to(self.get_receiver('revoked')):
l = SecretLink.create(
"Test title", self.receiver, dict(recid=123456),
description="Test description"
)
assert not l.is_revoked()
assert l.is_valid()
l.revoke()
assert l.is_revoked()
assert not l.is_valid()
self.assertIsNotNone(self.called['revoked'])
self.assertFalse(l.revoke())
def test_revoked(self):
"""Test link revocation."""
from zenodo_accessrequests.models import SecretLink
from zenodo_accessrequests.signals import \
link_revoked
with link_revoked.connected_to(self.get_receiver('revoked')):
l = SecretLink.create("Test title",
self.receiver,
dict(recid=123456),
description="Test description")
assert not l.is_revoked()
assert l.is_valid()
l.revoke()
assert l.is_revoked()
assert not l.is_valid()
self.assertIsNotNone(self.called['revoked'])
self.assertFalse(l.revoke())
def test_revoked(app, db, users):
"""Test link revocation."""
mock_link_revoked = Mock()
with app.test_request_context():
with link_revoked.connected_to(mock_link_revoked):
datastore = current_app.extensions['security'].datastore
receiver = datastore.get_user(users['receiver']['id'])
l = SecretLink.create(
"Test title", receiver, dict(recid='123456'),
description="Test description"
)
assert not l.is_revoked()
assert l.is_valid()
l.revoke()
assert l.is_revoked()
assert not l.is_valid()
assert mock_link_revoked.called
assert l.revoke() is False
def test_query_by_owner(self):
"""Test query by owner."""
from zenodo_accessrequests.models import SecretLink
self.assertEqual(
SecretLink.query_by_owner(self.receiver).count(),
0)
self.assertEqual(
SecretLink.query_by_owner(self.sender).count(),
0)
SecretLink.create("Testing", self.receiver, dict(recid=1))
self.assertEqual(
SecretLink.query_by_owner(self.receiver).count(),
1)
self.assertEqual(
SecretLink.query_by_owner(self.sender).count(),
0)