def test_literature_search_permissions(inspire_app):
create_record("lit", data={"_collections": ["Fermilab"]})
rec_literature = create_record("lit",
data={"_collections": ["Literature"]})
with inspire_app.test_client() as client:
response = client.get("/literature")
response_data = orjson.loads(response.data)
assert response_data["hits"]["total"] == 1
assert (response_data["hits"]["hits"][0]["metadata"]["control_number"] ==
rec_literature["control_number"])
user = create_user(role=Roles.cataloger.value)
with inspire_app.test_client() as client:
login_user_via_session(client, email=user.email)
response = client.get("/literature")
response_data = orjson.loads(response.data)
assert response_data["hits"]["total"] == 2
logout(client)
response = client.get("/literature")
response_data = orjson.loads(response.data)
assert response_data["hits"]["total"] == 1
assert (response_data["hits"]["hits"][0]["metadata"]["control_number"] ==
rec_literature["control_number"])
def test_jobs_json_author_can_edit_but_random_user_cant(inspire_app, datadir):
headers = {"Accept": "application/json"}
data = json.loads((datadir / "955427.json").read_text())
record = create_record("job", data=data)
record_control_number = record["control_number"]
expected_status_code = 200
expected_result = deepcopy(record)
expected_result["can_edit"] = True
jobs_author = create_user(email="*****@*****.**")
with inspire_app.test_client() as client:
login_user_via_session(client, email=jobs_author.email)
response = client.get(f"/jobs/{record_control_number}",
headers=headers)
response_status_code = response.status_code
response_data_metadata = json.loads(response.data)["metadata"]
assert expected_status_code == response_status_code
assert expected_result == response_data_metadata
logout(client)
random_user = create_user(email="*****@*****.**")
login_user_via_session(client, email=random_user.email)
response = client.get(f"/jobs/{record_control_number}",
headers=headers)
response_data_metadata = json.loads(response.data)["metadata"]
assert "can_edit" not in response_data_metadata
def test_get_revisions_hidden_collection_cataloger_write(
inspire_app, clean_celery_session, hidden_record_with_two_revisions):
user_readwrite = create_user(role=Roles.cataloger.value)
with inspire_app.test_client() as client:
login_user_via_session(client, email=user_readwrite.email)
response = client.get("/api/editor/literature/111/revisions",
content_type="application/json")
assert response.status_code == 200
logout(client)
def test_revert_to_revision_hidden_collection_cataloger(
inspire_app, clean_celery_session, hidden_record_with_two_revisions):
user_readwrite = create_user(role=Roles.cataloger.value)
with inspire_app.test_client() as client:
login_user_via_session(client, email=user_readwrite.email)
response = client.put(
"/api/editor/literature/111/revisions/revert",
content_type="application/json",
data=orjson.dumps({"revision_id": 0}),
)
assert response.status_code == 200
record = LiteratureRecord.get_record_by_pid_value(111)
assert record["titles"][0]["title"] == "record rev0"
logout(client)
def test_jobs_search_permissions(inspire_app):
create_record("job", data={"status": "pending"})
create_record("job", data={"status": "open"})
with inspire_app.test_client() as client:
response = client.get("/jobs")
response_data = json.loads(response.data)
assert response_data["hits"]["total"] == 1
user = create_user(role=Roles.cataloger.value)
with inspire_app.test_client() as client:
login_user_via_session(client, email=user.email)
response = client.get("/jobs")
response_data = json.loads(response.data)
assert response_data["hits"]["total"] == 2
logout(client)
response = client.get("/jobs")
response_data = json.loads(response.data)
assert response_data["hits"]["total"] == 1
def test_literature_search_permissions_private_collections_read(inspire_app):
hidden_collection = "HEP Hidden"
hidden_collection_role_prefix = hidden_collection.lower().replace(" ", "-")
record = create_record("lit", data={"_collections": [hidden_collection]})
user = create_user(role="user")
user_read = create_user(role=f"{hidden_collection_role_prefix}-read")
user_readwrite = create_user(
role=f"{hidden_collection_role_prefix}-read-write")
cataloger = create_user(role=Roles.cataloger.value)
with inspire_app.test_client() as client:
# without login
response = client.get("/literature")
response_data = orjson.loads(response.data)
assert response_data["hits"]["total"] == 0
response = client.get(
f"/literature?q=_collections:{quote(hidden_collection)}")
response_data = orjson.loads(response.data)
assert response_data["hits"]["total"] == 0
response = client.get(f"/literature/{record['control_number']}")
assert response.status_code == 401
# user login
login_user_via_session(client, email=user.email)
response = client.get(
f"/literature?q=_collections:{quote(hidden_collection)}")
response_data = orjson.loads(response.data)
assert response_data["hits"]["total"] == 0
response = client.get(f"/literature/{record['control_number']}")
assert response.status_code == 403
logout(client)
# user with read permission
login_user_via_session(client, email=user_read.email)
response = client.get(
f"/literature?q=_collections:{quote(hidden_collection)}")
response_data = orjson.loads(response.data)
assert response_data["hits"]["total"] == 1
response = client.get(f"/literature/{record['control_number']}")
assert response.status_code == 200
logout(client)
# user with read-write permission
login_user_via_session(client, email=user_readwrite.email)
response = client.get(
f"/literature?q=_collections:{quote(hidden_collection)}")
response_data = orjson.loads(response.data)
assert response_data["hits"]["total"] == 1
response = client.get(f"/literature/{record['control_number']}")
assert response.status_code == 200
logout(client)
# cataloger
login_user_via_session(client, email=cataloger.email)
response = client.get(
f"/literature?q=_collections:{quote(hidden_collection)}")
response_data = orjson.loads(response.data)
assert response_data["hits"]["total"] == 1
response = client.get(f"/literature/{record['control_number']}")
assert response.status_code == 200
logout(client)