def test_returned_data_user_view_epic(self): """ Carries out the epic 'Returned Data', for the UserView GET end point :return: no return """ # Stub data user_dave = UserShop() user_mary = UserShop() stub_library = LibraryShop() # Librarian Dave makes a library (no bibcodes) url = url_for('userview') response = self.client.post(url, data=stub_library.user_view_post_data_json, headers=user_dave.headers) self.assertEqual(response.status_code, 200, response) library_id_dave = response.json['id'] # Dave looks at the library from the user view page and checks some # of the parameters displayed to him. with MockEmailService(user_dave, end_type='uid'): response = self.client.get(url, headers=user_dave.headers) self.assertTrue(len(response.json['libraries']) == 1) library = response.json['libraries'][0] self.assertTrue(library['num_documents'] == 0) self.assertTrue(library['num_users'] == 1) self.assertTrue(library['permission'] == 'owner') self.assertEqual(library['public'], False) self.assertEqual(library['owner'], user_dave.email.split('@')[0]) date_created = datetime.strptime(library['date_created'], '%Y-%m-%dT%H:%M:%S.%f') date_last_modified = datetime.strptime(library['date_last_modified'], '%Y-%m-%dT%H:%M:%S.%f') self.assertAlmostEqual(date_created, date_last_modified, delta=timedelta(seconds=1)) # Dave adds content to his library number_of_documents = 20 for i in range(number_of_documents): # Stub data library = LibraryShop() # Add document url = url_for('documentview', library=library_id_dave) response = self.client.post( url, data=library.document_view_post_data_json('add'), headers=user_dave.headers) self.assertEqual(response.json['number_added'], len(library.bibcode)) self.assertEqual(response.status_code, 200, response) # Dave looks in the library overview and sees that his library size # has increased url = url_for('userview') with MockEmailService(user_dave, end_type='uid'): response = self.client.get(url, headers=user_dave.headers) self.assertTrue(len(response.json['libraries']) == 1) self.assertEqual(response.status_code, 200) library = response.json['libraries'][0] self.assertTrue(library['num_documents'] == number_of_documents) # Dave adds mary so that she can see the library and add content url = url_for('permissionview', library=library_id_dave) with MockEmailService(user_mary): response = self.client.post( url, data=user_mary.permission_view_post_data_json('admin', True), headers=user_dave.headers) self.assertEqual(response.status_code, 200) # Mary sees that the number of users of the library has increased by 1 url = url_for('userview') with MockEmailService(user_mary, end_type='uid'): response = self.client.get(url, headers=user_mary.headers) library = response.json['libraries'][0] self.assertEqual(response.status_code, 200) self.assertTrue(library['num_users'] == 2) self.assertTrue(library['permission'] == 'admin') # Mary adds content to the library number_of_documents_second = 1 for i in range(number_of_documents_second): # Stub data library = LibraryShop() # Add document url = url_for('documentview', library=library_id_dave) response = self.client.post( url, data=library.document_view_post_data_json('add'), headers=user_mary.headers) self.assertEqual(response.json['number_added'], len(library.bibcode)) self.assertEqual(response.status_code, 200, response) # Dave sees that the number of bibcodes has increased and that the # last modified date has changed, but the created date has not url = url_for('userview') with MockEmailService(user_dave, end_type='uid'): response = self.client.get(url, headers=user_dave.headers) self.assertEqual(response.status_code, 200) self.assertTrue(len(response.json['libraries']) == 1) self.assertTrue(response.json['libraries'][0]['num_documents'] == ( number_of_documents + number_of_documents_second)) # This is to artificial alter the update time time.sleep(1) # Dave makes the library public. url = url_for('documentview', library=library_id_dave) response = self.client.put( url, data=library.document_view_put_data_json(public=True), headers=user_dave.headers) self.assertEqual(response.status_code, 200) # Dave sees that the lock sign from his library page has dissapeared url = url_for('userview') with MockEmailService(user_dave, end_type='uid'): response = self.client.get(url, headers=user_dave.headers) self.assertEqual(response.status_code, 200) libraries = response.json['libraries'] self.assertTrue(len(libraries) == 1) self.assertTrue(libraries[0]['num_documents'] == number_of_documents + 1) self.assertTrue(libraries[0]['public']) date_created_2 = datetime.strptime(libraries[0]['date_created'], '%Y-%m-%dT%H:%M:%S.%f') date_last_modified_2 = \ datetime.strptime(libraries[0]['date_last_modified'], '%Y-%m-%dT%H:%M:%S.%f') self.assertEqual(date_created, date_created_2) self.assertNotAlmostEqual(date_created_2, date_last_modified_2, delta=timedelta(seconds=1))
def helper_bb_classic_user_epic(self, harbour_view): """ Carries out the epic 'Bumblebee and Classic User', where a user that comes to the new interface makes some libraries, and has some permission to access other libraries from other users. The user then imports some libraries from ADS Classic, where some have similar names with that of the ones they previously made. It is assumed they have already setup their ADS credentials """ # Stub data user_gpa = UserShop() user_mary = UserShop() stub_library_1 = LibraryShop(want_bibcode=True, public=True) stub_library_2 = LibraryShop(want_bibcode=True, public=True) # Gpa navigates the search pages and adds some bibcodes to some a few # libraries. url = url_for('userview') response = self.client.post( url, data=stub_library_1.user_view_post_data_json, headers=user_gpa.headers) self.assertEqual(response.status_code, 200) self.assertEqual(response.json['bibcode'], stub_library_1.get_bibcodes()) # A friend adds them to one of their libraries with a similar name # # Make library url = url_for('userview') response = self.client.post( url, data=stub_library_1.user_view_post_data_json, headers=user_mary.headers) self.assertEqual(response.status_code, 200) self.assertEqual(response.json['bibcode'], stub_library_1.get_bibcodes()) library_id_mary = response.json['id'] # # Permission to read url = url_for('permissionview', library=library_id_mary) with MockEmailService(user_gpa): response = self.client.post( url, data=user_gpa.permission_view_post_data_json({ 'read': True, 'write': False, 'admin': False, 'owner': False }), headers=user_mary.headers) self.assertEqual(response.status_code, 200) # Gpa imports all libraries from ADS Classic stub_library_2.bibcode = stub_library_1.bibcode.copy() stub_library_2.bibcode['new bibcode'] = {} url = url_for(harbour_view) with MockClassicService(status=200, libraries=[stub_library_2]): response = self.client.get(url, headers=user_gpa.headers) self.assertEqual(response.status_code, 200) # Gpa checks that the libraries were imported, and didn't affect the # friends libraries library_id_gpa = response.json[0]['library_id'] url = url_for('libraryview', library=library_id_gpa) with MockSolrBigqueryService( canonical_bibcode=stub_library_2.get_bibcodes()) as BQ, \ MockEndPoint([user_gpa]) as EP: response = self.client.get(url, headers=user_gpa.headers) self.assertIn('new bibcode', response.json['documents']) # Check Mary's library url = url_for('userview') with MockEmailService(user_mary, end_type='uid'): response = self.client.get(url, headers=user_mary.headers) self.assertTrue(len(response.json['libraries']), 1) self.assertEqual(response.json['libraries'][0]['name'], stub_library_1.name) url = url_for('libraryview', library=library_id_mary) with MockSolrBigqueryService( canonical_bibcode=stub_library_1.get_bibcodes()) as BQ, \ MockEndPoint([user_mary]) as EP: response = self.client.get(url, headers=user_mary.headers) self.assertNotIn('new bibcode', response.json['documents']) # Gpa then re-imports again by accident, but this is fine as this # should be an indempotent process url = url_for(harbour_view) with MockClassicService(status=200, libraries=[stub_library_2]): response = self.client.get(url, headers=user_gpa.headers) self.assertEqual(response.status_code, 200) library_id_gpa = response.json[0]['library_id'] url = url_for('libraryview', library=library_id_gpa) with MockSolrBigqueryService( canonical_bibcode=stub_library_2.get_bibcodes()) as BQ, \ MockEndPoint([user_gpa]) as EP: response = self.client.get(url, headers=user_gpa.headers) self.assertIn('new bibcode', response.json['documents']) # Check Mary's library url = url_for('userview') with MockEmailService(user_mary, end_type='uid'): response = self.client.get(url, headers=user_mary.headers) self.assertTrue(len(response.json['libraries']), 1) self.assertEqual(response.json['libraries'][0]['name'], stub_library_1.name) url = url_for('libraryview', library=library_id_mary) with MockSolrBigqueryService( canonical_bibcode=stub_library_1.get_bibcodes()) as BQ, \ MockEndPoint([user_mary]) as EP: response = self.client.get(url, headers=user_mary.headers) self.assertNotIn('new bibcode', response.json['documents'])
def test_teacher(self): """ Carries out the epic 'Teacher', where a user wants to remove the privileges of one person, but not affect anyone else :return: no return """ # Make the stub data required user_student_1 = UserShop() user_student_2 = UserShop() user_teacher = UserShop() stub_library = LibraryShop() # The teacher makes a library url = url_for('userview') response = self.client.post(url, data=stub_library.user_view_post_data_json, headers=user_teacher.headers) self.assertEqual(response.status_code, 200, response) library_id_teacher = response.json['id'] # Some students complain that they cannot see the library that is # linked by the University web page # need a permissions endpoint # /permissions/<uuid_library> for user in [user_student_1, user_student_2]: # The students check they can see the content url = url_for('libraryview', library=library_id_teacher) with MockSolrBigqueryService(number_of_bibcodes=0) as BQ, \ MockEndPoint([ user_teacher, user_student_1, user_student_2 ]) as EP: response = self.client.get(url, headers=user.headers) self.assertEqual(response.status_code, NO_PERMISSION_ERROR['number']) self.assertEqual(response.json['error'], NO_PERMISSION_ERROR['body']) # The teacher adds two users with read permissions for user in [user_student_1, user_student_2]: # Permissions url url = url_for('permissionview', library=library_id_teacher) with MockEmailService(user): response = self.client.post( url, data=user.permission_view_post_data_json('read', True), headers=user_teacher.headers) self.assertEqual(response.status_code, 200) # The students check they can see the content url = url_for('libraryview', library=library_id_teacher) with MockSolrBigqueryService(number_of_bibcodes=0) as BQ, \ MockEndPoint([ user_teacher, user_student_1, user_student_2 ]) as EP: response = self.client.get(url, headers=user.headers) self.assertEqual(response.status_code, 200) self.assertIn('documents', response.json) # The teacher realises student 2 is not in the class, and removes # the permissions, and makes sure student 1 can still see the content url = url_for('permissionview', library=library_id_teacher) with MockEmailService(user_student_2): response = self.client.post( url, data=user_student_2.permission_view_post_data_json( 'read', False), headers=user_teacher.headers) self.assertEqual(response.status_code, 200) # Student 2 cannot see the content url = url_for('libraryview', library=library_id_teacher) with MockSolrBigqueryService(number_of_bibcodes=0) as BQ, \ MockEndPoint([ user_teacher, user_student_1, user_student_2 ]) as EP: response = self.client.get(url, headers=user_student_2.headers) self.assertEqual(response.status_code, NO_PERMISSION_ERROR['number']) self.assertEqual(response.json['error'], NO_PERMISSION_ERROR['body']) # Student 1 can see the content still url = url_for('libraryview', library=library_id_teacher) with MockSolrBigqueryService(number_of_bibcodes=0) as BQ, \ MockEndPoint([ user_teacher, user_student_1, user_student_2 ]) as EP: response = self.client.get(url, headers=user_student_1.headers) self.assertEqual(response.status_code, 200) self.assertIn('documents', response.json)
def test_returned_data_library_view_epic(self): """ Carries out the epic 'Returned Data', for the LibraryView GET end point that should return content similar to the UserView GET end point. This ensures the responses are as expected. :return: no return """ # Stub data user_dave = UserShop() user_mary = UserShop() stub_library = LibraryShop() # Librarian Dave makes a library (no bibcodes) url = url_for('userview') response = self.client.post(url, data=stub_library.user_view_post_data_json, headers=user_dave.headers) self.assertEqual(response.status_code, 200, response) library_id_dave = response.json['id'] # Dave looks at the library from the user view page and checks some # of the parameters displayed to him. with MockSolrBigqueryService(canonical_bibcode=stub_library.bibcode) \ as BQ, MockEndPoint([user_dave]) as EP: url = url_for('libraryview', library=library_id_dave) response = self.client.get(url, headers=user_dave.headers) for key in ['documents', 'solr', 'metadata']: self.assertIn(key, response.json) documents = response.json['documents'] solr = response.json['solr'] metadata = response.json['metadata'] self.assertTrue(metadata['num_documents'] == 0) self.assertTrue(metadata['num_users'] == 1) self.assertTrue(metadata['permission'] == 'owner') self.assertEqual(metadata['public'], False) self.assertEqual(metadata['owner'], user_dave.email.split('@')[0]) date_created = datetime.strptime(metadata['date_created'], '%Y-%m-%dT%H:%M:%S.%f') date_last_modified = datetime.strptime(metadata['date_last_modified'], '%Y-%m-%dT%H:%M:%S.%f') self.assertAlmostEqual(date_created, date_last_modified, delta=timedelta(seconds=1)) # Dave adds content to his library number_of_documents = 20 for i in range(number_of_documents): # Stub data library = LibraryShop() # Add document url = url_for('documentview', library=library_id_dave) response = self.client.post( url, data=library.document_view_post_data_json('add'), headers=user_dave.headers) self.assertEqual(response.json['number_added'], len(library.bibcode)) self.assertEqual(response.status_code, 200, response) documents.append(library.get_bibcodes()[0]) # Dave looks in the library overview and sees that his library size # has increased url = url_for('libraryview', library=library_id_dave) with MockSolrBigqueryService(canonical_bibcode=documents) as BQ, \ MockEndPoint([user_dave]) as EP: response = self.client.get(url, headers=user_dave.headers) self.assertEqual(response.status_code, 200) self.assertTrue( response.json['metadata']['num_documents'] == number_of_documents) # Dave adds mary so that she can see the library and add content url = url_for('permissionview', library=library_id_dave) with MockEmailService(user_mary): response = self.client.post( url, data=user_mary.permission_view_post_data_json({ 'read': False, 'write': False, 'admin': True, 'owner': False }), headers=user_dave.headers) self.assertEqual(response.status_code, 200) # Mary sees that the number of users of the library has increased by 1 url = url_for('libraryview', library=library_id_dave) with MockSolrBigqueryService(canonical_bibcode=documents) as BQ,\ MockEndPoint([user_mary, user_dave]) as EP: response = self.client.get(url, headers=user_mary.headers) self.assertEqual(response.status_code, 200) library = response.json['metadata'] self.assertTrue(library['num_users'] == 2) self.assertTrue(library['permission'] == 'admin') # Mary adds content to the library number_of_documents_second = 1 for i in range(number_of_documents_second): # Stub data library = LibraryShop() # Add document url = url_for('documentview', library=library_id_dave) response = self.client.post( url, data=library.document_view_post_data_json('add'), headers=user_mary.headers) self.assertEqual(response.json['number_added'], len(library.bibcode)) self.assertEqual(response.status_code, 200, response) documents.append(library.get_bibcodes()[0]) # Dave sees that the number of bibcodes has increased and that the # last modified date has changed, but the created date has not url = url_for('libraryview', library=library_id_dave) with MockSolrBigqueryService(canonical_bibcode=documents) as BQ, \ MockEndPoint([user_dave, user_mary]) as EP: response = self.client.get(url, headers=user_dave.headers) self.assertEqual(response.status_code, 200) self.assertTrue(response.json['metadata']['num_documents'] == ( number_of_documents + number_of_documents_second)) # This is to artificial alter the update time time.sleep(1) # Dave makes the library public. url = url_for('documentview', library=library_id_dave) response = self.client.put( url, data=library.document_view_put_data_json(public=True), headers=user_dave.headers) self.assertEqual(response.status_code, 200) # Dave sees that the lock sign from his library page has dissapeared url = url_for('libraryview', library=library_id_dave) with MockSolrBigqueryService(canonical_bibcode=documents) as BQ,\ MockEndPoint([user_dave, user_mary]) as EP: response = self.client.get(url, headers=user_dave.headers) libraries = response.json['metadata'] self.assertTrue(libraries['num_documents'] == number_of_documents + 1) self.assertTrue(libraries['public']) date_created_2 = datetime.strptime(libraries['date_created'], '%Y-%m-%dT%H:%M:%S.%f') date_last_modified_2 = \ datetime.strptime(libraries['date_last_modified'], '%Y-%m-%dT%H:%M:%S.%f') self.assertEqual(date_created, date_created_2) self.assertNotAlmostEqual(date_created_2, date_last_modified_2, delta=timedelta(seconds=1))
def test_big_share_editor(self): """ Carries out the epic 'Big Share Editor', where a user creates a library and wants one other use to have editing permissions, i.e., add and remove bibcodes from the library. :return: no return """ # Stub data for users, etc. user_dave = UserShop() user_mary = UserShop() library_dave = LibraryShop() # Librarian Dave makes a big library full of content url = url_for('userview') response = self.client.post(url, data=library_dave.user_view_post_data_json, headers=user_dave.headers) library_id_dave = response.json['id'] self.assertEqual(response.status_code, 200, response) # Dave adds content to his library libraries_added = [] number_of_documents = 20 for i in range(number_of_documents): # Add document library = LibraryShop() url = url_for('documentview', library=library_id_dave) response = self.client.post( url, data=library.document_view_post_data_json('add'), headers=user_dave.headers) self.assertEqual(response.json['number_added'], len(library.bibcode)) self.assertEqual(response.status_code, 200, response) libraries_added.append(library) # Checks they are all in the library url = url_for('libraryview', library=library_id_dave) canonical_bibcode = [i.get_bibcodes()[0] for i in libraries_added] with MockSolrBigqueryService( canonical_bibcode=canonical_bibcode) as BQ, \ MockEndPoint([user_dave]) as EP: response = self.client.get(url, headers=user_dave.headers) self.assertTrue(len(response.json['documents']) == number_of_documents) # Dave is too busy to do any work on the library and so asks his # librarian friend Mary to do it. Dave does not realise she cannot # add without permissions and Mary gets some error messages url = url_for('documentview', library=library_id_dave) response = self.client.post( url, data=library.document_view_post_data_json('add'), headers=user_mary.headers) self.assertEqual(response.status_code, NO_PERMISSION_ERROR['number']) self.assertEqual(response.json['error'], NO_PERMISSION_ERROR['body']) # Dave now adds her account to permissions. She already has an ADS # account, and so Dave adds her with her e-mail address with read and # write permissions (but not admin). url = url_for('permissionview', library=library_id_dave) with MockEmailService(user_mary): response = self.client.post( url, data=user_mary.permission_view_post_data_json({ 'read': False, 'write': True, 'admin': False, 'owner': False }), headers=user_dave.headers) self.assertEqual(response.status_code, 200) # Mary looks at the library canonical_bibcode = [i.get_bibcodes()[0] for i in libraries_added] url = url_for('libraryview', library=library_id_dave) with MockSolrBigqueryService( canonical_bibcode=canonical_bibcode) as BQ, \ MockEndPoint([user_dave, user_dave]) as EP: response = self.client.get(url, headers=user_mary.headers) self.assertEqual(response.status_code, 200) self.assertTrue(len(response.json['documents']) == number_of_documents) # Mary removes a few bibcodes and keeps a list of the ones she # removed just in case url = url_for('documentview', library=library_id_dave) libraries_removed = [] for i in range(number_of_documents // 2): # Remove documents response = self.client.post( url, data=libraries_added[i].document_view_post_data_json('remove'), headers=user_mary.headers) self.assertEqual(response.json['number_removed'], len(libraries_added[i].bibcode)) self.assertEqual(response.status_code, 200, response) libraries_removed.append(libraries_added[i]) libraries_added.remove(libraries_added[i]) # She checks that they got removed canonical_bibcode = [i.get_bibcodes()[0] for i in libraries_added] url = url_for('libraryview', library=library_id_dave) with MockSolrBigqueryService( canonical_bibcode=canonical_bibcode) as BQ, \ MockEndPoint([user_dave, user_mary]) as EP: response = self.client.get(url, headers=user_mary.headers) self.assertTrue( len(response.json['documents']) == number_of_documents // 2) # Dave asks Mary to re-add the ones she removed because they were # actually useful url = url_for('documentview', library=library_id_dave) for library in libraries_removed: # Add documents response = self.client.post( url, data=library.document_view_post_data_json('add'), headers=user_mary.headers) self.assertEqual(response.json['number_added'], len(library.bibcode)) self.assertEqual(response.status_code, 200, response) libraries_added.append(library) canonical_bibcode.extend(library.get_bibcodes()) # She checks that they got added url = url_for('libraryview', library=library_id_dave) with MockSolrBigqueryService(canonical_bibcode=canonical_bibcode) \ as BQ, MockEndPoint([user_dave, user_mary]) as EP: response = self.client.get(url, headers=user_mary.headers) self.assertTrue(len(response.json['documents']) == number_of_documents) # Sanity check # Dave removes her permissions and Mary tries to modify the library # content, but cannot url = url_for('permissionview', library=library_id_dave) with MockEmailService(user_mary): response = self.client.post( url, data=user_mary.permission_view_post_data_json({ 'read': False, 'write': False, 'admin': False, 'owner': False }), headers=user_dave.headers) self.assertEqual(response.status_code, 200) # Mary tries to add content url = url_for('documentview', library=library_id_dave) response = self.client.post( url, data=library.document_view_post_data_json('add'), headers=user_mary.headers) self.assertEqual(response.status_code, NO_PERMISSION_ERROR['number']) self.assertEqual(response.json['error'], NO_PERMISSION_ERROR['body'])
def test_job_epic(self): """ Carries out the epic 'Job', where a user wants to add their articles to their private libraries so that they can send it on to a prospective employer :return: no return """ # Mary creates a private library and # 1. Gives it a name. # 2. Gives it a description. # 3. Makes it public to view. # Stub data user_mary = UserShop() user_random = UserShop() stub_library = LibraryShop(public=True) # Make the library and make it public to be viewed by employers url = url_for('userview') response = self.client.post(url, data=stub_library.user_view_post_data_json, headers=user_mary.headers) self.assertEqual(response.status_code, 200, response) self.assertTrue('name' in response.json) self.assertTrue(response.json['name'] == stub_library.name) # Mary searches for an article and then adds it to her private library. # First she picks which library to add it to. url = url_for('userview') with MockEmailService(user_mary, end_type='uid'): response = self.client.get(url, headers=user_mary.headers) library_id = response.json['libraries'][0]['id'] # Then she submits the document (in this case a bibcode) to add to the # library url = url_for('documentview', library=library_id) response = self.client.post( url, data=stub_library.document_view_post_data_json('add'), headers=user_mary.headers) self.assertEqual(response.json['number_added'], len(stub_library.bibcode)) self.assertEqual(response.status_code, 200, response) # Mary realises she added one that is not hers and goes back to her # list and deletes it from her library. url = url_for('documentview', library=library_id) response = self.client.post( url, data=stub_library.document_view_post_data_json('remove'), headers=user_mary.headers) self.assertEqual(response.json['number_removed'], len(stub_library.bibcode)) self.assertEqual(response.status_code, 200, response) # Checks that there are no documents in the library url = url_for('libraryview', library=library_id) with MockSolrBigqueryService(number_of_bibcodes=0) as BQ, \ MockEndPoint([user_mary]) as EP: response = self.client.get(url, headers=user_mary.headers) self.assertTrue(len(response.json['documents']) == 0, response.json) # Happy with her library, she copies the link to the library and # e-mails it to the prospective employer. # She then asks a friend to check the link, and it works fine. with MockSolrBigqueryService(number_of_bibcodes=0) as BQ, \ MockEndPoint([user_mary, user_random]) as EP: response = self.client.get(url, headers=user_random.headers) self.assertEqual(response.status_code, 200)
def test_big_share(self): """ Carries out the epic 'Big Share', where a user wants to share one of their big libraries they have created :return: no return """ # Librarian Dave makes a big library full of bibcodes # 1. Lets say 20 bibcodes # Stub data user_dave = UserShop() user_mary = UserShop() stub_library = LibraryShop() # Make a library for Mary url = url_for('userview') response = self.client.post(url, data=stub_library.user_view_post_data_json, headers=user_mary.headers) self.assertEqual(response.status_code, 200, response) library_id_mary = response.json['id'] # Dave makes his library url = url_for('userview') response = self.client.post(url, data=stub_library.user_view_post_data_json, headers=user_dave.headers) self.assertEqual(response.status_code, 200, response) library_id_dave = response.json['id'] # Let us just double check that their ids do not match self.assertNotEqual(library_id_mary, library_id_dave) # Dave adds content to his library number_of_documents = 20 for i in range(number_of_documents): # Stub data library = LibraryShop() # Add document url = url_for('documentview', library=library_id_dave) response = self.client.post( url, data=library.document_view_post_data_json('add'), headers=user_dave.headers) self.assertEqual(response.json['number_added'], len(library.bibcode)) self.assertEqual(response.status_code, 200, response) # Check they all got added url = url_for('libraryview', library=library_id_dave) with MockSolrBigqueryService( number_of_bibcodes=number_of_documents) as BQ, \ MockEndPoint([user_dave]) as EP: response = self.client.get(url, headers=user_dave.headers) self.assertTrue(len(response.json['documents']) == number_of_documents) # Dave has made his library private, and his library friend Mary says # she cannot access the library. # Dave selects her e-mail address url = url_for('libraryview', library=library_id_dave) with MockSolrBigqueryService( number_of_bibcodes=number_of_documents) as BQ, \ MockEndPoint([user_dave, user_mary]) as EP: response = self.client.get(url, headers=user_mary.headers) self.assertEqual(response.status_code, NO_PERMISSION_ERROR['number']) self.assertNotIn('documents', response.json.keys()) self.assertEqual(response.json['error'], NO_PERMISSION_ERROR['body']) # Ask API for the user_id, if it does not exist, we send an e-mail? # Dave then gives Mary the permissions to read his library url = url_for('permissionview', library=library_id_dave) with MockEmailService(user_mary): response = self.client.post( url, data=user_mary.permission_view_post_data_json('read', True), headers=user_dave.headers) self.assertEqual(response.status_code, 200) # Mary says she cannot see the libraries. Dave checks that Mary is in # the list of permissions with MockEndPoint([user_dave, user_mary]): response = self.client.get(url, headers=user_dave.headers) self.assertIn(user_dave.email, response.json[0].keys()) self.assertIn(user_mary.email, response.json[1].keys()) self.assertEqual(['owner'], response.json[0][user_dave.email]) self.assertEqual(['read'], response.json[1][user_mary.email]) # Mary tries to check who has permissions too, but does not have # permission given she only has 'read' rights. with MockEndPoint([user_dave, user_mary]): response = self.client.get(url, headers=user_mary.headers) self.assertEqual(response.status_code, NO_PERMISSION_ERROR['number']) self.assertEqual(response.json['error'], NO_PERMISSION_ERROR['body']) # Mary finally realises she has not logged in, and then writes back to # say she can see his libraries and is happy but wants to add content # herself url = url_for('libraryview', library=library_id_dave) with MockSolrBigqueryService( number_of_bibcodes=number_of_documents) as BQ, \ MockEndPoint([user_dave, user_mary]) as EP: response = self.client.get(url, headers=user_mary.headers) self.assertEqual(response.status_code, 200) self.assertTrue(len(response.json['documents']) == number_of_documents) # Mary tries to modify the permissions of Dave, but # nothing happens url = url_for('permissionview', library=library_id_dave) with MockEmailService(user_dave): response = self.client.post( url, data=user_dave.permission_view_post_data_json('read', False), headers=user_mary.headers) self.assertEqual(response.status_code, NO_PERMISSION_ERROR['number']) self.assertEqual(response.json['error'], NO_PERMISSION_ERROR['body']) # Dave is unhappy with Mary's attempt, so he removes her permissions # to read url = url_for('permissionview', library=library_id_dave) with MockEmailService(user_mary): response = self.client.post( url, data=user_mary.permission_view_post_data_json('read', False), headers=user_dave.headers) self.assertEqual(response.status_code, 200) # Mary realises she can no longer read content url = url_for('libraryview', library=library_id_dave) with MockSolrBigqueryService( number_of_bibcodes=number_of_documents) as BQ, \ MockEndPoint([user_dave, user_mary]) as EP: response = self.client.get(url, headers=user_mary.headers) self.assertEqual(response.status_code, NO_PERMISSION_ERROR['number']) self.assertNotIn('documents', response.json.keys()) self.assertEqual(response.json['error'], NO_PERMISSION_ERROR['body'])
def test_deletion_abuse_epic(self): """ Carries out the epic 'Deletion Abuse', where each type of permission for a library: None, Read, Write, Admin, try to delete a library and get permission denied. The owner then deletes the library, and it is successful. :return: no return """ # Load stub data stub_owner = UserShop(name='owner') stub_none = UserShop(name='none') stub_reader = UserShop(name='reader') stub_editor = UserShop(name='editor') stub_admin = UserShop(name='admin') stub_library = LibraryShop(public=False) # Makes the library url = url_for('userview') response = self.client.post( url, data=stub_library.user_view_post_data_json, headers=stub_owner.headers ) library_id = response.json['id'] self.assertEqual(response.status_code, 200, response) self.assertTrue('name' in response.json) self.assertTrue(response.json['name'] == stub_library.name) # Give the correct permissions to each user url = url_for('permissionview', library=library_id) for stub_user, permission in [[stub_reader, 'read'], [stub_editor, 'write'], [stub_admin, 'admin']]: with MockEmailService(stub_user): response = self.client.post( url, data=stub_user.permission_view_post_data_json( permission, True ), headers=stub_owner.headers ) self.assertEqual(response.status_code, 200) # The following users try to the delete the library, and fail: # reader, editor, admin url = url_for('documentview', library=library_id) for stub_user in [stub_none, stub_reader, stub_editor, stub_admin]: response = self.client.delete( url, headers=stub_user.headers ) self.assertEqual(response.status_code, NO_PERMISSION_ERROR['number'], 'User: {0}'.format(stub_user.name)) self.assertEqual(response.json['error'], NO_PERMISSION_ERROR['body']) # Owner deletes the library, success url = url_for('documentview', library=library_id) response = self.client.delete( url, headers=stub_owner.headers ) self.assertEqual(response.status_code, 200) # Checks that it is deleted url = url_for('userview') response = self.client.get( url, headers=stub_owner.headers ) self.assertTrue(len(response.json['libraries']) == 0)
def test_big_share_admin(self): """ Carries out the epic 'Big Share Admin', where a user creates a library and wants one other user to have admin permissions, i.e., add and remove users permissions (except the owners) from the library. :return: no return """ # Generate some stub data for Dave, Mary and the student user_dave = UserShop() user_mary = UserShop() user_student = UserShop() library_dave = LibraryShop() # Librarian Dave makes a big library full of bibcodes # 1. Lets say 20 bibcodes # Dave makes his library url = url_for('userview') response = self.client.post(url, data=library_dave.user_view_post_data_json, headers=user_dave.headers) self.assertEqual(response.status_code, 200, response) library_id_dave = response.json['id'] # Dave adds content to his library libraries_added = [] number_of_documents = 20 for i in range(number_of_documents): # Stub data stub_library = LibraryShop() libraries_added.append(stub_library) # Add document url = url_for('documentview', library=library_id_dave) response = self.client.post( url, data=stub_library.document_view_post_data_json('add'), headers=user_dave.headers) self.assertEqual(response.json['number_added'], len(stub_library.bibcode)) self.assertEqual(response.status_code, 200, response) canonical_bibcode = \ [i.get_bibcodes()[0] for i in libraries_added] url = url_for('libraryview', library=library_id_dave) with MockSolrBigqueryService( canonical_bibcode=canonical_bibcode) as BQ, \ MockEndPoint([user_dave]) as EP: response = self.client.get(url, headers=user_dave.headers) self.assertTrue(len(response.json['documents']) == number_of_documents) # Dave does not want to manage who can change content. He wants Mary to # adminstrate the library. Mary tries, but gets errors. need a # permissions endpoint # /permissions/<uuid_library> url = url_for('permissionview', library=library_id_dave) with MockEmailService(user_student): response = self.client.post( url, data=user_student.permission_view_post_data_json( 'write', True), headers=user_mary.headers) self.assertEqual(response.status_code, NO_PERMISSION_ERROR['number']) self.assertEqual(response.json['error'], NO_PERMISSION_ERROR['body']) # Dave now adds her account to permissions. She already has an ADS # account, and so Dave adds her with her e-mail address with read and # write permissions (but not admin). url = url_for('permissionview', library=library_id_dave) with MockEmailService(user_mary): response = self.client.post( url, data=user_mary.permission_view_post_data_json('admin', True), headers=user_dave.headers) self.assertEqual(response.status_code, 200) # Mary then adds the student as an admin url = url_for('permissionview', library=library_id_dave) with MockEmailService(user_student): response = self.client.post( url, data=user_student.permission_view_post_data_json( 'write', True), headers=user_mary.headers) self.assertEqual(response.status_code, 200) # The student removes a few bibcodes and keeps a list of the ones she # removed just in case url = url_for('documentview', library=library_id_dave) libraries_removed = [] for i in range(number_of_documents / 2): # Remove documents response = self.client.post( url, data=libraries_added[i].document_view_post_data_json('remove'), headers=user_student.headers) self.assertEqual(response.json['number_removed'], len(libraries_added[i].bibcode)) self.assertEqual(response.status_code, 200, response) libraries_removed.append(libraries_added[i]) libraries_added.remove(libraries_added[i]) # She checks that they got removed canonical_bibcode = [i.get_bibcodes()[0] for i in libraries_added] url = url_for('libraryview', library=library_id_dave) with MockSolrBigqueryService( canonical_bibcode=canonical_bibcode) as BQ, \ MockEndPoint([user_student, user_dave]) as EP: response = self.client.get(url, headers=user_student.headers) self.assertTrue( len(response.json['documents']) == number_of_documents / 2.) # Dave asks Mary to re-add the ones she removed because they were # actually useful url = url_for('documentview', library=library_id_dave) for library in libraries_removed: # Add documents response = self.client.post( url, data=library.document_view_post_data_json('add'), headers=user_mary.headers) self.assertEqual(response.json['number_added'], len(library.bibcode)) self.assertEqual(response.status_code, 200, response) libraries_added.append(library) # She checks that they got added canonical_bibcode = [i.get_bibcodes()[0] for i in libraries_added] url = url_for('libraryview', library=library_id_dave) with MockSolrBigqueryService( canonical_bibcode=canonical_bibcode) as BQ, \ MockEndPoint([user_dave, user_student]) as EP: response = self.client.get(url, headers=user_student.headers) self.assertTrue(len(response.json['documents']) == number_of_documents) # Sanity check 1 # -------------- # Remove the permissions of the student, they should not be able to do # what they could before # -------------- # Mary removes the students permissions and the student tries to modify # the library content, but cannot url = url_for('permissionview', library=library_id_dave) with MockEmailService(user_student): response = self.client.post( url, data=user_student.permission_view_post_data_json( 'write', False), headers=user_mary.headers) self.assertEqual(response.status_code, 200) # The student tries to add content url = url_for('documentview', library=library_id_dave) response = self.client.post( url, data=stub_library.document_view_post_data_json('add'), headers=user_student.headers) self.assertEqual(response.status_code, NO_PERMISSION_ERROR['number']) self.assertEqual(response.json['error'], NO_PERMISSION_ERROR['body']) # Sanity check 2 # -------------- # Check that you cannot modify owner permissions # -------------- # Mary tries to give the student owner permissions url = url_for('permissionview', library=library_id_dave) with MockEmailService(user_student): response = self.client.post( url, data=user_student.permission_view_post_data_json( 'owner', True), headers=user_mary.headers) self.assertEqual(response.status_code, NO_PERMISSION_ERROR['number'], response.json) self.assertEqual(response.json['error'], NO_PERMISSION_ERROR['body'], response.json) # Sanity check 3 # -------------- # Mary tries to manipulate Daves permissions # -------------- # Mary attempts to change the read, admin, write, owner, permissions # of Dave, but should fail url = url_for('permissionview', library=library_id_dave) for permission_type in ['read', 'write', 'admin', 'owner']: with MockEmailService(user_dave): response = self.client.post( url, data=user_dave.permission_view_post_data_json( permission_type, False), headers=user_mary.headers) self.assertEqual(response.status_code, NO_PERMISSION_ERROR['number']) self.assertEqual(response.json['error'], NO_PERMISSION_ERROR['body']) # Sanity check 4 # -------------- # Remove Mary's permissions so she cannot do what she was doing before # -------------- # Dave removes Mary's permissions. url = url_for('permissionview', library=library_id_dave) with MockEmailService(user_mary): response = self.client.post( url, data=user_mary.permission_view_post_data_json('admin', False), headers=user_dave.headers) self.assertEqual(response.status_code, 200) # Mary tries to change permissions for the student again but should # not be able to with MockEmailService(user_student): response = self.client.post( url, data=user_student.permission_view_post_data_json( 'write', True), headers=user_mary.headers) self.assertEqual(response.status_code, NO_PERMISSION_ERROR['number']) self.assertEqual(response.json['error'], NO_PERMISSION_ERROR['body'])
def test_mistake_epic(self): """ Carries out the epic 'Mistake', where a user wants to update the meta data of their library, once they have created the library. They see that the library already has a pre-filled title that they did not change, and want to update it afterwards. :return: no return """ # Stub data user_mary = UserShop() stub_library = LibraryShop(name='', description='') # Mary creates a private library and # Does not fill any of the details requested, and then looks at the # newly created library. url = url_for('userview') response = self.client.post(url, data=stub_library.user_view_post_data_json, headers=user_mary.headers) library_id = response.json['id'] library_name = response.json['name'] library_description = response.json['description'] self.assertEqual(response.status_code, 200, response) self.assertTrue('name' in response.json, response.json) self.assertTrue(response.json['name'] != '') # Mary updates the name and description of the library, but leaves the # details blank. This should not update the names as we do not want # them as blank. for meta_data, update in [['name', ''], ['description', '']]: # Make the change url = url_for('documentview', library=library_id) response = self.client.put( url, data=stub_library.document_view_put_data_json( meta_data, update), headers=user_mary.headers) self.assertEqual(response.status_code, 200) # Check the change did not work url = url_for('userview', library=library_id) with MockEmailService(user_mary, end_type='uid'): response = self.client.get(url, headers=user_mary.headers) self.assertEqual(response.status_code, 200) self.assertEqual(library_name, '{0} 1'.format(DEFAULT_LIBRARY_NAME_PREFIX)) self.assertEqual(library_description, DEFAULT_LIBRARY_DESCRIPTION) # Mary decides to update the name of the library to something more # sensible name = 'something sensible' url = url_for('documentview', library=library_id) response = self.client.put( url, data=stub_library.document_view_put_data_json(name=name), headers=user_mary.headers) self.assertEqual(response.status_code, 200) self.assertEqual(response.json['name'], name) # She checks the change worked url = url_for('userview', library=library_id) with MockEmailService(user_mary, end_type='uid'): response = self.client.get(url, headers=user_mary.headers) self.assertEqual(name, response.json['libraries'][0]['name']) # Mary decides to make the description also more relevant description = 'something relevant' url = url_for('documentview', library=library_id) response = self.client.put( url, data=stub_library.document_view_put_data_json( description=description), headers=user_mary.headers) self.assertEqual(response.status_code, 200) self.assertEqual(response.json['description'], description) # Mary checks that the change worked url = url_for('userview', library=library_id) with MockEmailService(user_mary, end_type='uid'): response = self.client.get(url, headers=user_mary.headers) self.assertEqual(description, response.json['libraries'][0]['description']) # Mary dislikes both her changes and makes both the changes at once name = 'Disliked the other one' description = 'It didn\'t make sense before' url = url_for('documentview', library=library_id) response = self.client.put( url, data=stub_library.document_view_put_data_json( name=name, description=description), headers=user_mary.headers) self.assertEqual(response.status_code, 200) self.assertEqual(response.json['name'], name) self.assertEqual(response.json['description'], description) # Check the change worked url = url_for('userview', library=library_id) with MockEmailService(user_mary, end_type='uid'): response = self.client.get(url, headers=user_mary.headers) self.assertEqual(name, response.json['libraries'][0]['name']) self.assertEqual(description, response.json['libraries'][0]['description'])
def test_retiring_librarian_epic(self): """ Carries out the epic 'Retiring Librarian', where a user that owns and maintains a library wants to pass on the responsibility to someone else :return: no return """ # Stub data user_dave = UserShop() user_mary = UserShop() stub_library = LibraryShop() # Dave has a big library that he has maintained for many years url = url_for('userview') response = self.client.post(url, data=stub_library.user_view_post_data_json, headers=user_dave.headers) self.assertEqual(response.status_code, 200, response) library_id_dave = response.json['id'] # Dave adds content to his library number_of_documents = 20 for i in range(number_of_documents): # Stub data library = LibraryShop() # Add document url = url_for('documentview', library=library_id_dave) response = self.client.post( url, data=library.document_view_post_data_json('add'), headers=user_dave.headers) self.assertEqual(response.json['number_added'], len(library.bibcode)) self.assertEqual(response.status_code, 200, response) # Check they all got added url = url_for('libraryview', library=library_id_dave) with MockSolrBigqueryService( number_of_bibcodes=number_of_documents) as BQ, \ MockEndPoint([user_dave]) as EP: response = self.client.get(url, headers=user_dave.headers) self.assertTrue(len(response.json['documents']) == number_of_documents) # Dave is soon retiring and wants to give the permissions to the # person who takes over his job. # Unfortunately, the first time he tries, he realises she has not made # an ADS account url = url_for('transferview', library=library_id_dave) user_mary.name = 'fail' with MockEmailService(user_mary): response = self.client.post( url, headers=user_dave.headers, data=user_mary.transfer_view_post_data_json()) self.assertEqual(response.status_code, API_MISSING_USER_EMAIL['number']) self.assertEqual(response.json['error'], API_MISSING_USER_EMAIL['body']) # Mary makes an account and tries to transfer Dave's library herself # because Dave is busy url = url_for('transferview', library=library_id_dave) user_mary.name = 'Mary' with MockEmailService(user_mary): response = self.client.post( url, headers=user_mary.headers, data=user_mary.transfer_view_post_data_json()) self.assertEqual(response.status_code, NO_PERMISSION_ERROR['number']) self.assertEqual(response.json['error'], NO_PERMISSION_ERROR['body']) # Dave finds out she has an account and then tells her he will transfer # the library because she does not have permissions url = url_for('transferview', library=library_id_dave) with MockEmailService(user_mary): response = self.client.post( url, headers=user_dave.headers, data=user_mary.transfer_view_post_data_json()) self.assertEqual(response.status_code, 200) # Dave checks he does not have access anymore with MockEndPoint([user_mary, user_dave]): url = url_for('permissionview', library=library_id_dave) response = self.client.get(url, headers=user_dave.headers) self.assertEqual(response.status_code, NO_PERMISSION_ERROR['number']) self.assertEqual(response.json['error'], NO_PERMISSION_ERROR['body']) # Mary sees she does infact now have ownership with MockEndPoint([user_mary, user_dave]): url = url_for('permissionview', library=library_id_dave) response = self.client.get(url, headers=user_mary.headers) self.assertEqual(response.status_code, 200) self.assertTrue(len(response.json) == 1) self.assertEqual(['owner'], response.json[0][user_mary.email])