def node(self, user, write_contrib, read_contrib):
node = NodeFactory(creator=user)
node.add_contributor(write_contrib,
permissions=[permissions.READ, permissions.WRITE])
node.add_contributor(read_contrib, permissions=[permissions.READ])
node.save()
return node
def test_node_children_related_counts_duplicate_query_results(
self, app, user, public_project, private_project,
public_project_url):
user_2 = AuthUserFactory()
# Adding a child component
child = NodeFactory(parent=public_project,
creator=user,
is_public=True,
category='software')
child.add_contributor(user_2, permissions.WRITE, save=True)
# Adding a grandchild
NodeFactory(parent=child, creator=user, is_public=True)
# Adding a node link
public_project.add_pointer(private_project,
auth=Auth(public_project.creator))
# Assert NodeChildrenList returns one result
res = app.get(public_project_url, auth=user.auth)
assert len(res.json['data']) == 1
assert res.json['data'][0]['id'] == child._id
project_url = '/{}nodes/{}/?related_counts=children'.format(
API_BASE, public_project._id)
res = app.get(project_url, auth=user.auth)
assert res.status_code == 200
# Verifying related_counts match direct children count (grandchildren not included, pointers not included)
assert res.json['data']['relationships']['children']['links'][
'related']['meta']['count'] == 1
def test__initiate_embargo_adds_admins_on_child_nodes(self):
project_admin = UserFactory()
project_non_admin = UserFactory()
child_admin = UserFactory()
child_non_admin = UserFactory()
grandchild_admin = UserFactory()
project = ProjectFactory(creator=project_admin)
project.add_contributor(project_non_admin, auth=Auth(project.creator), save=True)
child = NodeFactory(creator=child_admin, parent=project)
child.add_contributor(child_non_admin, auth=Auth(child.creator), save=True)
grandchild = NodeFactory(creator=grandchild_admin, parent=child) # noqa
registration = RegistrationFactory(project=project)
embargo = registration._initiate_embargo(
project.creator,
self.valid_embargo_end_date,
for_existing_registration=True
)
assert_in(project_admin._id, embargo.approval_state)
assert_in(child_admin._id, embargo.approval_state)
assert_in(grandchild_admin._id, embargo.approval_state)
assert_not_in(project_non_admin._id, embargo.approval_state)
assert_not_in(child_non_admin._id, embargo.approval_state)
def test__initiate_embargo_adds_admins_on_child_nodes(self):
project_admin = UserFactory()
project_non_admin = UserFactory()
child_admin = UserFactory()
child_non_admin = UserFactory()
grandchild_admin = UserFactory()
project = ProjectFactory(creator=project_admin)
project.add_contributor(project_non_admin, auth=Auth(project.creator), save=True)
child = NodeFactory(creator=child_admin, parent=project)
child.add_contributor(child_non_admin, auth=Auth(child.creator), save=True)
grandchild = NodeFactory(creator=grandchild_admin, parent=child) # noqa
registration = RegistrationFactory(project=project)
embargo = registration._initiate_embargo(
project.creator,
self.valid_embargo_end_date,
for_existing_registration=True
)
assert_in(project_admin._id, embargo.approval_state)
assert_in(child_admin._id, embargo.approval_state)
assert_in(grandchild_admin._id, embargo.approval_state)
assert_not_in(project_non_admin._id, embargo.approval_state)
assert_not_in(child_non_admin._id, embargo.approval_state)
def test__initiate_approval_adds_admins_on_child_nodes(self):
project_admin = UserFactory()
project_non_admin = UserFactory()
child_admin = UserFactory()
child_non_admin = UserFactory()
grandchild_admin = UserFactory()
project = ProjectFactory(creator=project_admin)
project.add_contributor(project_non_admin,
auth=Auth(project.creator),
save=True)
child = NodeFactory(creator=child_admin, parent=project)
child.add_contributor(child_non_admin,
auth=Auth(child.creator),
save=True)
grandchild = NodeFactory(creator=grandchild_admin,
parent=child) # noqa
registration = RegistrationFactory(project=project)
approval = registration._initiate_approval(registration.creator)
assert_in(project_admin._id, approval.approval_state)
assert_in(child_admin._id, approval.approval_state)
assert_in(grandchild_admin._id, approval.approval_state)
assert_not_in(project_non_admin._id, approval.approval_state)
assert_not_in(child_non_admin._id, approval.approval_state)
def test_serialize_node_search_returns_only_visible_contributors(self):
node = NodeFactory()
non_visible_contributor = UserFactory()
node.add_contributor(non_visible_contributor, visible=False)
serialized_node = _serialize_node_search(node)
assert_equal(serialized_node['firstAuthor'], node.visible_contributors[0].family_name)
assert_equal(len(node.visible_contributors), 1)
assert_false(serialized_node['etal'])
def node_private(self, user_admin_contrib, user_write_contrib,
user_read_contrib, registration):
node_private = NodeFactory(creator=user_admin_contrib)
node_private.add_contributor(user_write_contrib,
auth=Auth(user_admin_contrib))
node_private.add_contributor(user_read_contrib,
permissions=['read'],
auth=Auth(user_admin_contrib))
node_private.add_pointer(registration, auth=Auth(user_admin_contrib))
return node_private
def node(self, user, write_contrib, read_contrib):
node = NodeFactory(creator=user)
node.add_contributor(
write_contrib,
permissions=[
permissions.READ,
permissions.WRITE])
node.add_contributor(read_contrib, permissions=[permissions.READ])
node.save()
return node
def node_private(
self, user_admin_contrib, user_write_contrib,
user_read_contrib, registration):
node_private = NodeFactory(creator=user_admin_contrib)
node_private.add_contributor(
user_write_contrib,
auth=Auth(user_admin_contrib))
node_private.add_contributor(
user_read_contrib,
permissions=['read'],
auth=Auth(user_admin_contrib))
node_private.add_pointer(registration, auth=Auth(user_admin_contrib))
return node_private
def test_user_is_read_write(self):
user = AuthUserFactory()
user.affiliated_institutions.add(self.institution)
node = NodeFactory()
node.add_contributor(user)
node.save()
res = self.app.post_json_api(self.institution_nodes_url,
self.create_payload(node._id),
auth=user.auth)
assert_equal(res.status_code, 201)
node.reload()
assert_in(self.institution, node.affiliated_institutions.all())
def setUp(self):
super(LinkedRegistrationsTestCase, self).setUp()
self.mock_archive = mock.patch('website.archiver.tasks.archive')
self.non_contributor = AuthUserFactory()
self.read_contributor = AuthUserFactory()
self.rw_contributor = AuthUserFactory()
self.admin_contributor = AuthUserFactory()
self.public_linked_registration = RegistrationFactory(is_public=True, creator=self.rw_contributor)
self.private_linked_registration = RegistrationFactory(is_public=False, creator=self.rw_contributor)
self.mock_archive.start()
public_node = NodeFactory(creator=self.admin_contributor, is_public=True)
public_node.add_contributor(self.rw_contributor, auth=Auth(self.admin_contributor))
public_node.add_contributor(self.read_contributor, permissions=['read'], auth=Auth(self.admin_contributor))
public_node.add_pointer(self.public_linked_registration, auth=Auth(self.admin_contributor))
public_node.add_pointer(self.private_linked_registration, auth=Auth(self.rw_contributor))
public_node.save()
self.public_registration = public_node.register_node(get_default_metaschema(), Auth(self.admin_contributor), '', None)
self.public_registration.is_public = True
self.public_registration.save()
private_node = NodeFactory(creator=self.admin_contributor)
private_node.add_contributor(self.rw_contributor, auth=Auth(self.admin_contributor))
private_node.add_contributor(self.read_contributor, permissions=['read'], auth=Auth(self.admin_contributor))
private_node.add_pointer(self.public_linked_registration, auth=Auth(self.admin_contributor))
private_node.add_pointer(self.private_linked_registration, auth=Auth(self.rw_contributor))
private_node.save()
self.private_registration = private_node.register_node(get_default_metaschema(), Auth(self.admin_contributor), '', None)
def test_user_is_read_write(self):
user = AuthUserFactory()
user.affiliated_institutions.add(self.institution)
node = NodeFactory()
node.add_contributor(user)
node.save()
res = self.app.post_json_api(
self.institution_nodes_url,
self.create_payload(node._id),
auth=user.auth
)
assert_equal(res.status_code, 201)
node.reload()
assert_in(self.institution, node.affiliated_institutions.all())
def test_user_is_read_only(self):
user = AuthUserFactory()
user.affiliated_institutions.add(self.institution)
node = NodeFactory()
node.add_contributor(user, permissions=[permissions.READ])
node.save()
res = self.app.post_json_api(self.institution_nodes_url,
self.create_payload(node._id),
auth=user.auth,
expect_errors=True)
assert_equal(res.status_code, 403)
node.reload()
assert_not_in(self.institution, node.affiliated_institutions.all())
def test_user_is_read_only(self):
user = AuthUserFactory()
user.affiliated_institutions.add(self.institution)
node = NodeFactory()
node.add_contributor(user, permissions=[permissions.READ])
node.save()
res = self.app.post_json_api(
self.institution_nodes_url,
self.create_payload(node._id),
auth=user.auth,
expect_errors=True
)
assert_equal(res.status_code, 403)
node.reload()
assert_not_in(self.institution, node.affiliated_institutions.all())
def setUp(self):
super(LinkedRegistrationsTestCase, self).setUp()
self.mock_archive = mock.patch('website.archiver.tasks.archive')
self.non_contributor = AuthUserFactory()
self.read_contributor = AuthUserFactory()
self.rw_contributor = AuthUserFactory()
self.admin_contributor = AuthUserFactory()
self.public_linked_registration = RegistrationFactory(
is_public=True, creator=self.rw_contributor)
self.private_linked_registration = RegistrationFactory(
is_public=False, creator=self.rw_contributor)
self.mock_archive.start()
public_node = NodeFactory(
creator=self.admin_contributor,
is_public=True)
public_node.add_contributor(
self.rw_contributor, auth=Auth(self.admin_contributor))
public_node.add_contributor(
self.read_contributor,
permissions=['read'],
auth=Auth(self.admin_contributor))
public_node.add_pointer(
self.public_linked_registration,
auth=Auth(self.admin_contributor))
public_node.add_pointer(
self.private_linked_registration,
auth=Auth(self.rw_contributor))
public_node.save()
self.public_registration = public_node.register_node(
get_default_metaschema(), Auth(self.admin_contributor), '', None)
self.public_registration.is_public = True
self.public_registration.save()
private_node = NodeFactory(creator=self.admin_contributor)
private_node.add_contributor(
self.rw_contributor,
auth=Auth(self.admin_contributor))
private_node.add_contributor(
self.read_contributor,
permissions=['read'],
auth=Auth(self.admin_contributor))
private_node.add_pointer(
self.public_linked_registration,
auth=Auth(self.admin_contributor))
private_node.add_pointer(
self.private_linked_registration,
auth=Auth(self.rw_contributor))
private_node.save()
self.private_registration = private_node.register_node(
get_default_metaschema(), Auth(self.admin_contributor), '', None)
class LinkedRegistrationsTestCase(ApiTestCase):
def setUp(self):
super(LinkedRegistrationsTestCase, self).setUp()
self.registration = RegistrationFactory(is_public=True)
self.public_node = NodeFactory(is_public=True)
self.public_node.add_pointer(self.registration, auth=Auth(self.public_node.creator))
self.public_node.save()
self.admin_contributor = AuthUserFactory()
self.rw_contributor = AuthUserFactory()
self.read_contributor = AuthUserFactory()
self.non_contributor = AuthUserFactory()
self.private_node = NodeFactory(creator=self.admin_contributor)
self.private_node.add_contributor(self.rw_contributor, auth=Auth(self.admin_contributor))
self.private_node.add_contributor(self.read_contributor, permissions=['read'], auth=Auth(self.admin_contributor))
self.private_node.add_pointer(self.registration, auth=Auth(self.admin_contributor))
self.private_node.save()
def test_get_children_only_returns_child_nodes_with_admin_permissions(
self):
user = UserFactory()
admin_project = ProjectFactory()
admin_project.add_contributor(
user,
auth=Auth(admin_project.creator),
permissions=permissions.expand_permissions(permissions.ADMIN))
admin_project.save()
admin_component = NodeFactory(parent=admin_project)
admin_component.add_contributor(
user,
auth=Auth(admin_component.creator),
permissions=permissions.expand_permissions(permissions.ADMIN))
admin_component.save()
read_and_write = NodeFactory(parent=admin_project)
read_and_write.add_contributor(
user,
auth=Auth(read_and_write.creator),
permissions=permissions.expand_permissions(permissions.WRITE))
read_and_write.save()
read_only = NodeFactory(parent=admin_project)
read_only.add_contributor(user,
auth=Auth(read_only.creator),
permissions=permissions.expand_permissions(
permissions.READ))
read_only.save()
non_contributor = NodeFactory(parent=admin_project)
components = _get_children(admin_project, Auth(user))
assert_equal(len(components), 1)
def test_get_contributors_from_parent(self):
self.project.add_contributor(
AuthUserFactory(),
auth=self.auth,
visible=True,
)
self.project.add_contributor(
AuthUserFactory(),
auth=self.auth,
visible=False,
)
component = NodeFactory(parent=self.project, creator=self.user)
user_already_on_component = AuthUserFactory()
component.add_contributor(
user_already_on_component,
auth=self.auth,
visible=True,
)
self.project.add_contributor(
user_already_on_component,
auth=self.auth,
visible=True,
)
self.project.save()
component.save()
url = component.api_url_for('get_contributors_from_parent')
res = self.app.get(url, auth=self.user.auth)
# Should be all contributors, client-side handles marking
# contributors that are already added to the child.
ids = [contrib['id'] for contrib in res.json['contributors']]
assert_not_in(user_already_on_component.id, ids)
assert_equal(
len(res.json['contributors']),
2,
)
def test_get_contributors_from_parent(self):
self.project.add_contributor(
AuthUserFactory(),
auth=self.auth,
visible=True,
)
self.project.add_contributor(
AuthUserFactory(),
auth=self.auth,
visible=False,
)
component = NodeFactory(parent=self.project, creator=self.user)
user_already_on_component = AuthUserFactory()
component.add_contributor(
user_already_on_component,
auth=self.auth,
visible=True,
)
self.project.add_contributor(
user_already_on_component,
auth=self.auth,
visible=True,
)
self.project.save()
component.save()
url = component.api_url_for('get_contributors_from_parent')
res = self.app.get(url, auth=self.user.auth)
# Should be all contributors, client-side handles marking
# contributors that are already added to the child.
ids = [contrib['id'] for contrib in res.json['contributors']]
assert_not_in(user_already_on_component.id, ids)
assert_equal(
len(res.json['contributors']),
2,
)
def test_node_children_related_counts_duplicate_query_results(self, app, user, public_project,
private_project, public_project_url):
user_2 = AuthUserFactory()
# Adding a child component
child = NodeFactory(parent=public_project, creator=user, is_public=True, category='software')
child.add_contributor(user_2, ['read', 'write'], save=True)
# Adding a grandchild
NodeFactory(parent=child, creator=user, is_public=True)
# Adding a node link
public_project.add_pointer(
private_project,
auth=Auth(public_project.creator)
)
# Assert NodeChildrenList returns one result
res = app.get(public_project_url, auth=user.auth)
assert len(res.json['data']) == 1
assert res.json['data'][0]['id'] == child._id
project_url = '/{}nodes/{}/?related_counts=children'.format(API_BASE, public_project._id)
res = app.get(project_url, auth=user.auth)
assert res.status_code == 200
# Verifying related_counts match direct children count (grandchildren not included, pointers not included)
assert res.json['data']['relationships']['children']['links']['related']['meta']['count'] == 1
class LinkedRegistrationsTestCase(ApiTestCase):
def setUp(self):
super(LinkedRegistrationsTestCase, self).setUp()
self.registration = RegistrationFactory(is_public=True)
self.public_node = NodeFactory(is_public=True)
self.public_node.add_pointer(self.registration,
auth=Auth(self.public_node.creator))
self.public_node.save()
self.admin_contributor = AuthUserFactory()
self.rw_contributor = AuthUserFactory()
self.read_contributor = AuthUserFactory()
self.non_contributor = AuthUserFactory()
self.private_node = NodeFactory(creator=self.admin_contributor)
self.private_node.add_contributor(self.rw_contributor,
auth=Auth(self.admin_contributor))
self.private_node.add_contributor(self.read_contributor,
permissions=['read'],
auth=Auth(self.admin_contributor))
self.private_node.add_pointer(self.registration,
auth=Auth(self.admin_contributor))
self.private_node.save()
def test__initiate_approval_adds_admins_on_child_nodes(self):
project_admin = UserFactory()
project_non_admin = UserFactory()
child_admin = UserFactory()
child_non_admin = UserFactory()
grandchild_admin = UserFactory()
project = ProjectFactory(creator=project_admin)
project.add_contributor(project_non_admin, auth=Auth(project.creator), save=True)
child = NodeFactory(creator=child_admin, parent=project)
child.add_contributor(child_non_admin, auth=Auth(child.creator), save=True)
grandchild = NodeFactory(creator=grandchild_admin, parent=child) # noqa
registration = RegistrationFactory(project=project)
approval = registration._initiate_approval(registration.creator)
assert_in(project_admin._id, approval.approval_state)
assert_in(child_admin._id, approval.approval_state)
assert_in(grandchild_admin._id, approval.approval_state)
assert_not_in(project_non_admin._id, approval.approval_state)
assert_not_in(child_non_admin._id, approval.approval_state)
def test_get_children_only_returns_child_nodes_with_admin_permissions(self):
user = UserFactory()
admin_project = ProjectFactory()
admin_project.add_contributor(user, auth=Auth(admin_project.creator),
permissions=permissions.expand_permissions(permissions.ADMIN))
admin_project.save()
admin_component = NodeFactory(parent=admin_project)
admin_component.add_contributor(user, auth=Auth(admin_component.creator),
permissions=permissions.expand_permissions(permissions.ADMIN))
admin_component.save()
read_and_write = NodeFactory(parent=admin_project)
read_and_write.add_contributor(user, auth=Auth(read_and_write.creator),
permissions=permissions.expand_permissions(permissions.WRITE))
read_and_write.save()
read_only = NodeFactory(parent=admin_project)
read_only.add_contributor(user, auth=Auth(read_only.creator),
permissions=permissions.expand_permissions(permissions.READ))
read_only.save()
non_contributor = NodeFactory(parent=admin_project)
components = _get_children(admin_project, Auth(user))
assert_equal(len(components), 1)
class TestNodeRelationshipNodeLinks(ApiTestCase):
def setUp(self):
super(TestNodeRelationshipNodeLinks, self).setUp()
self.user = AuthUserFactory()
self.user2 = AuthUserFactory()
self.auth = Auth(self.user)
self.linking_node = NodeFactory(creator=self.user)
self.admin_node = NodeFactory(creator=self.user)
self.contributor_node = NodeFactory(creator=self.user2)
self.contributor_node.add_contributor(self.user, auth=Auth(self.user2))
self.contributor_node.save()
self.other_node = NodeFactory()
self.private_node = NodeFactory(creator=self.user)
self.public_node = NodeFactory(is_public=True)
self.linking_node.add_pointer(self.private_node, auth=self.auth)
self.public_linking_node = NodeFactory(is_public=True, creator=self.user2)
self.public_linking_node.add_pointer(self.private_node, auth=Auth(self.user2))
self.public_linking_node.add_pointer(self.public_node, auth=Auth(self.user2))
self.url = '/{}nodes/{}/relationships/linked_nodes/'.format(API_BASE, self.linking_node._id)
self.public_url = '/{}nodes/{}/relationships/linked_nodes/'.format(API_BASE, self.public_linking_node._id)
def payload(self, node_ids=None):
node_ids = node_ids or [self.admin_node._id]
env_linked_nodes = [{'type': 'linked_nodes', 'id': node_id} for node_id in node_ids]
return {"data": env_linked_nodes}
def test_get_relationship_linked_nodes(self):
res = self.app.get(
self.url, auth=self.user.auth
)
assert_equal(res.status_code, 200)
assert_in(self.linking_node.linked_nodes_self_url, res.json['links']['self'])
assert_in(self.linking_node.linked_nodes_related_url, res.json['links']['html'])
assert_equal(res.json['data'][0]['id'], self.private_node._id)
def test_get_public_relationship_linked_nodes_logged_out(self):
res = self.app.get(self.public_url)
assert_equal(res.status_code, 200)
assert_equal(len(res.json['data']), 1)
assert_equal(res.json['data'][0]['id'], self.public_node._id)
def test_get_public_relationship_linked_nodes_logged_in(self):
res = self.app.get(self.public_url, auth=self.user.auth)
assert_equal(res.status_code, 200)
assert_equal(len(res.json['data']), 2)
def test_get_private_relationship_linked_nodes_logged_out(self):
res = self.app.get(self.url, expect_errors=True)
assert_equal(res.status_code, 401)
def test_post_contributing_node(self):
res = self.app.post_json_api(
self.url, self.payload([self.contributor_node._id]),
auth=self.user.auth
)
assert_equal(res.status_code, 201)
ids = [data['id'] for data in res.json['data']]
assert_in(self.contributor_node._id, ids)
assert_in(self.private_node._id, ids)
def test_post_public_node(self):
res = self.app.post_json_api(
self.url, self.payload([self.public_node._id]),
auth=self.user.auth
)
assert_equal(res.status_code, 201)
ids = [data['id'] for data in res.json['data']]
assert_in(self.public_node._id, ids)
assert_in(self.private_node._id, ids)
def test_post_private_node(self):
res = self.app.post_json_api(
self.url, self.payload([self.other_node._id]),
auth=self.user.auth,
expect_errors=True
)
assert_equal(res.status_code, 403)
res = self.app.get(
self.url, auth=self.user.auth
)
ids = [data['id'] for data in res.json['data']]
assert_not_in(self.other_node._id, ids)
assert_in(self.private_node._id, ids)
def test_post_mixed_nodes(self):
res = self.app.post_json_api(
self.url, self.payload([self.other_node._id, self.contributor_node._id]),
auth=self.user.auth,
expect_errors=True
)
assert_equal(res.status_code, 403)
res = self.app.get(
self.url, auth=self.user.auth
)
ids = [data['id'] for data in res.json['data']]
assert_not_in(self.other_node._id, ids)
assert_not_in(self.contributor_node._id, ids)
assert_in(self.private_node._id, ids)
def test_post_node_already_linked(self):
res = self.app.post_json_api(
self.url, self.payload([self.private_node._id]),
auth=self.user.auth
)
assert_equal(res.status_code, 204)
def test_put_contributing_node(self):
res = self.app.put_json_api(
self.url, self.payload([self.contributor_node._id]),
auth=self.user.auth
)
assert_equal(res.status_code, 200)
ids = [data['id'] for data in res.json['data']]
assert_in(self.contributor_node._id, ids)
assert_not_in(self.private_node._id, ids)
def test_put_private_node(self):
res = self.app.put_json_api(
self.url, self.payload([self.other_node._id]),
auth=self.user.auth,
expect_errors=True
)
assert_equal(res.status_code, 403)
res = self.app.get(
self.url, auth=self.user.auth
)
ids = [data['id'] for data in res.json['data']]
assert_not_in(self.other_node._id, ids)
assert_in(self.private_node._id, ids)
def test_put_mixed_nodes(self):
res = self.app.put_json_api(
self.url, self.payload([self.other_node._id, self.contributor_node._id]),
auth=self.user.auth,
expect_errors=True
)
assert_equal(res.status_code, 403)
res = self.app.get(
self.url, auth=self.user.auth
)
ids = [data['id'] for data in res.json['data']]
assert_not_in(self.other_node._id, ids)
assert_not_in(self.contributor_node._id, ids)
assert_in(self.private_node._id, ids)
def test_delete_with_put_empty_array(self):
self.linking_node.add_pointer(self.admin_node, auth=self.auth)
payload = self.payload()
payload['data'].pop()
res = self.app.put_json_api(
self.url, payload,
auth=self.user.auth
)
assert_equal(res.status_code, 200)
assert_equal(res.json['data'], payload['data'])
def test_delete_one(self):
self.linking_node.add_pointer(self.admin_node, auth=self.auth)
res = self.app.delete_json_api(
self.url, self.payload([self.private_node._id]),
auth=self.user.auth,
)
assert_equal(res.status_code, 204)
res = self.app.get(self.url, auth=self.user.auth)
ids = [data['id'] for data in res.json['data']]
assert_in(self.admin_node._id, ids)
assert_not_in(self.private_node._id, ids)
def test_delete_multiple(self):
self.linking_node.add_pointer(self.admin_node, auth=self.auth)
res = self.app.delete_json_api(
self.url, self.payload([self.private_node._id, self.admin_node._id]),
auth=self.user.auth,
)
assert_equal(res.status_code, 204)
res = self.app.get(self.url, auth=self.user.auth)
assert_equal(res.json['data'], [])
def test_delete_not_present(self):
number_of_links = self.linking_node.linked_nodes.count()
res = self.app.delete_json_api(
self.url, self.payload([self.other_node._id]),
auth=self.user.auth
)
assert_equal(res.status_code, 204)
res = self.app.get(
self.url, auth=self.user.auth
)
assert_equal(len(res.json['data']), number_of_links)
def test_delete_invalid_payload(self):
number_of_links = self.linking_node.linked_nodes.count()
# No id in datum
payload = {'data': [{'type': 'linked_nodes'}]}
res = self.app.delete_json_api(
self.url, payload,
auth=self.user.auth,
expect_errors=True
)
assert_equal(res.status_code, 400)
error = res.json['errors'][0]
assert_equal(error['detail'], 'Request must include /data/id.')
res = self.app.get(
self.url, auth=self.user.auth
)
assert_equal(len(res.json['data']), number_of_links)
def test_node_doesnt_exist(self):
res = self.app.post_json_api(
self.url, self.payload(['aquarela']),
auth=self.user.auth,
expect_errors=True
)
assert_equal(res.status_code, 404)
def test_type_mistyped(self):
res = self.app.post_json_api(
self.url,
{
'data': [{'type': 'not_linked_nodes', 'id': self.contributor_node._id}]
},
auth=self.user.auth,
expect_errors=True
)
assert_equal(res.status_code, 409)
def test_creates_public_linked_node_relationship_logged_out(self):
res = self.app.post_json_api(
self.public_url, self.payload([self.public_node._id]),
expect_errors=True
)
assert_equal(res.status_code, 401)
def test_creates_public_linked_node_relationship_logged_in(self):
res = self.app.post_json_api(
self.public_url, self.payload([self.public_node._id]),
auth=self.user.auth, expect_errors=True
)
assert_equal(res.status_code, 403)
def test_creates_private_linked_node_relationship_logged_out(self):
res = self.app.post_json_api(
self.url, self.payload([self.other_node._id]),
expect_errors=True
)
assert_equal(res.status_code, 401)
def test_put_public_nodes_relationships_logged_out(self):
res = self.app.put_json_api(
self.public_url, self.payload([self.public_node._id]),
expect_errors=True
)
assert_equal(res.status_code, 401)
def test_put_public_nodes_relationships_logged_in(self):
res = self.app.put_json_api(
self.public_url, self.payload([self.private_node._id]),
auth=self.user.auth, expect_errors=True
)
assert_equal(res.status_code, 403)
def test_delete_public_nodes_relationships_logged_out(self):
res = self.app.delete_json_api(
self.public_url, self.payload([self.public_node._id]),
expect_errors=True
)
assert_equal(res.status_code, 401)
def test_delete_public_nodes_relationships_logged_in(self):
res = self.app.delete_json_api(
self.public_url, self.payload([self.private_node._id]),
auth=self.user.auth, expect_errors=True
)
assert_equal(res.status_code, 403)
def test_node_links_and_relationship_represent_same_nodes(self):
self.linking_node.add_pointer(self.admin_node, auth=self.auth)
self.linking_node.add_pointer(self.contributor_node, auth=self.auth)
res_relationship = self.app.get(
self.url, auth=self.user.auth
)
res_node_links = self.app.get(
'/{}nodes/{}/node_links/'.format(API_BASE, self.linking_node._id),
auth=self.user.auth
)
node_links_id = [data['embeds']['target_node']['data']['id'] for data in res_node_links.json['data']]
relationship_id = [data['id'] for data in res_relationship.json['data']]
assert_equal(set(node_links_id), set(relationship_id))
class TestNodeLinkedNodes(ApiTestCase):
def setUp(self):
super(TestNodeLinkedNodes, self).setUp()
self.user = AuthUserFactory()
self.auth = Auth(self.user)
self.linking_node = NodeFactory(creator=self.user)
self.linked_node = NodeFactory(creator=self.user)
self.linked_node2 = NodeFactory(creator=self.user)
self.public_node = NodeFactory(is_public=True, creator=self.user)
self.linking_node.add_pointer(self.linked_node, auth=self.auth)
self.linking_node.add_pointer(self.linked_node2, auth=self.auth)
self.linking_node.add_pointer(self.public_node, auth=self.auth)
self.linking_node.save()
self.url = '/{}nodes/{}/linked_nodes/'.format(API_BASE, self.linking_node._id)
self.node_ids = self.linking_node.linked_nodes.values_list('guids___id', flat=True)
def test_linked_nodes_returns_everything(self):
res = self.app.get(self.url, auth=self.user.auth)
assert_equal(res.status_code, 200)
nodes_returned = [linked_node['id'] for linked_node in res.json['data']]
assert_equal(len(nodes_returned), len(self.node_ids))
for node_id in self.node_ids:
assert_in(node_id, nodes_returned)
def test_linked_nodes_only_return_viewable_nodes(self):
user = AuthUserFactory()
new_linking_node = NodeFactory(creator=user)
self.linked_node.add_contributor(user, auth=self.auth, save=True)
self.linked_node2.add_contributor(user, auth=self.auth, save=True)
self.public_node.add_contributor(user, auth=self.auth, save=True)
new_linking_node.add_pointer(self.linked_node, auth=Auth(user))
new_linking_node.add_pointer(self.linked_node2, auth=Auth(user))
new_linking_node.add_pointer(self.public_node, auth=Auth(user))
new_linking_node.save()
res = self.app.get(
'/{}nodes/{}/linked_nodes/'.format(API_BASE, new_linking_node._id),
auth=user.auth
)
assert_equal(res.status_code, 200)
nodes_returned = [linked_node['id'] for linked_node in res.json['data']]
assert_equal(len(nodes_returned), len(self.node_ids))
for node_id in self.node_ids:
assert_in(node_id, nodes_returned)
# Disconnect contributor_removed so that we don't check in files
# We can remove this when StoredFileNode is implemented in osf-models
with disconnected_from_listeners(contributor_removed):
self.linked_node2.remove_contributor(user, auth=self.auth)
self.public_node.remove_contributor(user, auth=self.auth)
res = self.app.get(
'/{}nodes/{}/linked_nodes/'.format(API_BASE, new_linking_node._id),
auth=user.auth
)
nodes_returned = [linked_node['id'] for linked_node in res.json['data']]
assert_equal(len(nodes_returned), len(self.node_ids) - 1)
assert_in(self.linked_node._id, nodes_returned)
assert_in(self.public_node._id, nodes_returned)
assert_not_in(self.linked_node2._id, nodes_returned)
def test_linked_nodes_doesnt_return_deleted_nodes(self):
self.linked_node.is_deleted = True
self.linked_node.save()
res = self.app.get(self.url, auth=self.user.auth)
assert_equal(res.status_code, 200)
nodes_returned = [linked_node['id'] for linked_node in res.json['data']]
assert_equal(len(nodes_returned), len(self.node_ids) - 1)
assert_not_in(self.linked_node._id, nodes_returned)
assert_in(self.linked_node2._id, nodes_returned)
assert_in(self.public_node._id, nodes_returned)
def test_attempt_to_return_linked_nodes_logged_out(self):
res = self.app.get(
self.url, auth=None,
expect_errors=True
)
assert_equal(res.status_code, 401)
class TestComponents(OsfTestCase):
def setUp(self):
super(TestComponents, self).setUp()
self.user = AuthUserFactory()
self.consolidate_auth = Auth(user=self.user)
self.project = ProjectFactory(creator=self.user)
self.project.add_contributor(contributor=self.user,
auth=self.consolidate_auth)
# A non-project componenet
self.component = NodeFactory(
category='hypothesis',
creator=self.user,
parent=self.project,
)
self.component.save()
self.component.set_privacy('public', self.consolidate_auth)
self.component.set_privacy('private', self.consolidate_auth)
self.project.save()
self.project_url = self.project.web_url_for('view_project')
def test_sees_parent(self):
res = self.app.get(self.component.url,
auth=self.user.auth).maybe_follow()
parent_title = res.html.find_all('h2', class_='node-parent-title')
assert_equal(len(parent_title), 1)
assert_in(self.project.title,
parent_title[0].text) # Bs4 will handle unescaping HTML here
def test_delete_project(self):
res = self.app.get(self.component.url + 'settings/',
auth=self.user.auth).maybe_follow()
assert_in('Delete {0}'.format(self.component.project_or_component),
res)
def test_cant_delete_project_if_not_admin(self):
non_admin = AuthUserFactory()
self.component.add_contributor(
non_admin,
permissions=['read', 'write'],
auth=self.consolidate_auth,
save=True,
)
res = self.app.get(self.component.url + 'settings/',
auth=non_admin.auth).maybe_follow()
assert_not_in('Delete {0}'.format(self.component.project_or_component),
res)
def test_can_configure_comments_if_admin(self):
res = self.app.get(
self.component.url + 'settings/',
auth=self.user.auth,
).maybe_follow()
assert_in('Commenting', res)
def test_cant_configure_comments_if_not_admin(self):
non_admin = AuthUserFactory()
self.component.add_contributor(
non_admin,
permissions=['read', 'write'],
auth=self.consolidate_auth,
save=True,
)
res = self.app.get(self.component.url + 'settings/',
auth=non_admin.auth).maybe_follow()
assert_not_in('Commenting', res)
def test_components_should_have_component_list(self):
res = self.app.get(self.component.url, auth=self.user.auth)
assert_in('Components', res)
class TestNodeRelationshipNodeLinks(ApiTestCase):
def setUp(self):
super(TestNodeRelationshipNodeLinks, self).setUp()
self.user = AuthUserFactory()
self.user2 = AuthUserFactory()
self.auth = Auth(self.user)
self.linking_node_source = NodeFactory(creator=self.user)
self.admin_node = NodeFactory(creator=self.user)
self.contributor_node = NodeFactory(creator=self.user2)
self.contributor_node.add_contributor(self.user, auth=Auth(self.user2))
self.contributor_node.save()
self.other_node = NodeFactory()
self.private_node = NodeFactory(creator=self.user)
self.public_node = NodeFactory(is_public=True)
self.linking_node_source.add_pointer(self.private_node, auth=self.auth)
self.linking_node_source.add_pointer(self.admin_node, auth=self.auth)
self.public_linking_node_source = NodeFactory(is_public=True,
creator=self.user2)
self.public_linking_node_source.add_pointer(self.private_node,
auth=Auth(self.user2))
self.public_linking_node_source.add_pointer(self.public_node,
auth=Auth(self.user2))
self.public_linking_node = RegistrationFactory(
project=self.public_linking_node_source,
is_public=True,
creator=self.user2)
self.linking_node = RegistrationFactory(
project=self.linking_node_source, creator=self.user)
self.url = '/{}registrations/{}/relationships/linked_nodes/'.format(
API_BASE, self.linking_node._id)
self.public_url = '/{}registrations/{}/relationships/linked_nodes/'.format(
API_BASE, self.public_linking_node._id)
def payload(self, node_ids=None):
node_ids = node_ids or [self.admin_node._id]
env_linked_nodes = [{
"type": "linked_nodes",
"id": node_id
} for node_id in node_ids]
return {"data": env_linked_nodes}
def test_get_relationship_linked_nodes(self):
res = self.app.get(self.url, auth=self.user.auth)
assert_equal(res.status_code, 200)
assert_in(self.linking_node.linked_nodes_self_url,
res.json['links']['self'])
assert_in(self.linking_node.linked_nodes_related_url,
res.json['links']['html'])
assert_in(self.private_node._id, [e['id'] for e in res.json['data']])
def test_get_linked_nodes_related_counts(self):
res = self.app.get(
'/{}registrations/{}/?related_counts=linked_nodes'.format(
API_BASE, self.linking_node._id),
auth=self.user.auth)
assert_equal(
res.json['data']['relationships']['linked_nodes']['links']
['related']['meta']['count'], 2)
def test_get_public_relationship_linked_nodes_logged_out(self):
res = self.app.get(self.public_url)
assert_equal(res.status_code, 200)
assert_equal(len(res.json['data']), 1)
assert_in(self.public_node._id, [e['id'] for e in res.json['data']])
def test_get_public_relationship_linked_nodes_logged_in(self):
res = self.app.get(self.public_url, auth=self.user.auth)
assert_equal(res.status_code, 200)
assert_equal(len(res.json['data']), 2)
def test_get_private_relationship_linked_nodes_logged_out(self):
res = self.app.get(self.url, expect_errors=True)
assert_equal(res.status_code, 401)
def test_post_contributing_node(self):
res = self.app.post_json_api(self.url,
self.payload([self.contributor_node._id]),
auth=self.user.auth,
expect_errors=True)
assert_equal(res.status_code, 405)
def test_post_public_node(self):
res = self.app.post_json_api(self.url,
self.payload([self.public_node._id]),
auth=self.user.auth,
expect_errors=True)
assert_equal(res.status_code, 405)
def test_post_private_node(self):
res = self.app.post_json_api(self.url,
self.payload([self.other_node._id]),
auth=self.user.auth,
expect_errors=True)
assert_equal(res.status_code, 405)
res = self.app.get(self.url, auth=self.user.auth)
ids = [data['id'] for data in res.json['data']]
assert_not_in(self.other_node._id, ids)
assert_in(self.private_node._id, ids)
def test_post_mixed_nodes(self):
res = self.app.post_json_api(
self.url,
self.payload([self.other_node._id, self.contributor_node._id]),
auth=self.user.auth,
expect_errors=True)
assert_equal(res.status_code, 405)
res = self.app.get(self.url, auth=self.user.auth)
ids = [data['id'] for data in res.json['data']]
assert_not_in(self.other_node._id, ids)
assert_not_in(self.contributor_node._id, ids)
assert_in(self.private_node._id, ids)
def test_post_node_already_linked(self):
res = self.app.post_json_api(self.url,
self.payload([self.private_node._id]),
auth=self.user.auth,
expect_errors=True)
assert_equal(res.status_code, 405)
def test_put_contributing_node(self):
res = self.app.put_json_api(self.url,
self.payload([self.contributor_node._id]),
auth=self.user.auth,
expect_errors=True)
assert_equal(res.status_code, 405)
def test_put_private_node(self):
res = self.app.put_json_api(self.url,
self.payload([self.other_node._id]),
auth=self.user.auth,
expect_errors=True)
assert_equal(res.status_code, 405)
res = self.app.get(self.url, auth=self.user.auth)
ids = [data['id'] for data in res.json['data']]
assert_not_in(self.other_node._id, ids)
assert_in(self.private_node._id, ids)
def test_put_mixed_nodes(self):
res = self.app.put_json_api(
self.url,
self.payload([self.other_node._id, self.contributor_node._id]),
auth=self.user.auth,
expect_errors=True)
assert_equal(res.status_code, 405)
res = self.app.get(self.url, auth=self.user.auth)
ids = [data['id'] for data in res.json['data']]
assert_not_in(self.other_node._id, ids)
assert_not_in(self.contributor_node._id, ids)
assert_in(self.private_node._id, ids)
def test_delete_with_put_empty_array(self):
payload = self.payload()
payload['data'].pop()
res = self.app.put_json_api(self.url,
payload,
auth=self.user.auth,
expect_errors=True)
assert_equal(res.status_code, 405)
def test_delete_one(self):
res = self.app.delete_json_api(self.url,
self.payload([self.private_node._id]),
auth=self.user.auth,
expect_errors=True)
assert_equal(res.status_code, 405)
res = self.app.get(self.url, auth=self.user.auth)
ids = [data['id'] for data in res.json['data']]
assert_in(self.admin_node._id, ids)
assert_in(self.private_node._id, ids)
def test_delete_multiple(self):
res = self.app.delete_json_api(
self.url,
self.payload([self.private_node._id, self.admin_node._id]),
auth=self.user.auth,
expect_errors=True)
assert_equal(res.status_code, 405)
res = self.app.get(self.url, auth=self.user.auth)
assert_equal(len(res.json['data']), 2)
def test_delete_not_present(self):
number_of_links = self.linking_node.linked_nodes.count()
res = self.app.delete_json_api(self.url,
self.payload([self.other_node._id]),
auth=self.user.auth,
expect_errors=True)
assert_equal(res.status_code, 405)
res = self.app.get(self.url, auth=self.user.auth)
assert_equal(len(res.json['data']), number_of_links)
def test_node_doesnt_exist(self):
res = self.app.post_json_api(self.url,
self.payload(['aquarela']),
auth=self.user.auth,
expect_errors=True)
assert_equal(res.status_code, 405)
def test_type_mistyped(self):
res = self.app.post_json_api(self.url, {
'data': [{
'type': 'not_linked_nodes',
'id': self.contributor_node._id
}]
},
auth=self.user.auth,
expect_errors=True)
assert_equal(res.status_code, 405)
def test_creates_public_linked_node_relationship_logged_out(self):
res = self.app.post_json_api(self.public_url,
self.payload([self.public_node._id]),
expect_errors=True)
assert_equal(res.status_code, 401)
def test_creates_public_linked_node_relationship_logged_in(self):
res = self.app.post_json_api(self.public_url,
self.payload([self.public_node._id]),
auth=self.user.auth,
expect_errors=True)
assert_equal(res.status_code, 405)
def test_creates_private_linked_node_relationship_logged_out(self):
res = self.app.post_json_api(self.url,
self.payload([self.other_node._id]),
expect_errors=True)
assert_equal(res.status_code, 401)
def test_put_public_nodes_relationships_logged_out(self):
res = self.app.put_json_api(self.public_url,
self.payload([self.public_node._id]),
expect_errors=True)
assert_equal(res.status_code, 401)
def test_put_public_nodes_relationships_logged_in(self):
res = self.app.put_json_api(self.public_url,
self.payload([self.private_node._id]),
auth=self.user.auth,
expect_errors=True)
assert_equal(res.status_code, 405)
def test_delete_public_nodes_relationships_logged_out(self):
res = self.app.delete_json_api(self.public_url,
self.payload([self.public_node._id]),
expect_errors=True)
assert_equal(res.status_code, 401)
def test_delete_public_nodes_relationships_logged_in(self):
res = self.app.delete_json_api(self.public_url,
self.payload([self.private_node._id]),
auth=self.user.auth,
expect_errors=True)
assert_equal(res.status_code, 405)
class TestNodeRelationshipNodeLinks(ApiTestCase):
def setUp(self):
super(TestNodeRelationshipNodeLinks, self).setUp()
self.user = AuthUserFactory()
self.user2 = AuthUserFactory()
self.auth = Auth(self.user)
self.linking_node = NodeFactory(creator=self.user)
self.admin_node = NodeFactory(creator=self.user)
self.contributor_node = NodeFactory(creator=self.user2)
self.contributor_node.add_contributor(self.user, auth=Auth(self.user2))
self.contributor_node.save()
self.other_node = NodeFactory()
self.private_node = NodeFactory(creator=self.user)
self.public_node = NodeFactory(is_public=True)
self.linking_node.add_pointer(self.private_node, auth=self.auth)
self.public_linking_node = NodeFactory(is_public=True,
creator=self.user2)
self.public_linking_node.add_pointer(self.private_node,
auth=Auth(self.user2))
self.public_linking_node.add_pointer(self.public_node,
auth=Auth(self.user2))
self.url = '/{}nodes/{}/relationships/linked_nodes/'.format(
API_BASE, self.linking_node._id)
self.public_url = '/{}nodes/{}/relationships/linked_nodes/'.format(
API_BASE, self.public_linking_node._id)
def payload(self, node_ids=None):
node_ids = node_ids or [self.admin_node._id]
env_linked_nodes = [{
'type': 'linked_nodes',
'id': node_id
} for node_id in node_ids]
return {"data": env_linked_nodes}
def test_get_relationship_linked_nodes(self):
res = self.app.get(self.url, auth=self.user.auth)
assert_equal(res.status_code, 200)
assert_in(self.linking_node.linked_nodes_self_url,
res.json['links']['self'])
assert_in(self.linking_node.linked_nodes_related_url,
res.json['links']['html'])
assert_equal(res.json['data'][0]['id'], self.private_node._id)
def test_get_public_relationship_linked_nodes_logged_out(self):
res = self.app.get(self.public_url)
assert_equal(res.status_code, 200)
assert_equal(len(res.json['data']), 1)
assert_equal(res.json['data'][0]['id'], self.public_node._id)
def test_get_public_relationship_linked_nodes_logged_in(self):
res = self.app.get(self.public_url, auth=self.user.auth)
assert_equal(res.status_code, 200)
assert_equal(len(res.json['data']), 2)
def test_get_private_relationship_linked_nodes_logged_out(self):
res = self.app.get(self.url, expect_errors=True)
assert_equal(res.status_code, 401)
def test_post_contributing_node(self):
res = self.app.post_json_api(self.url,
self.payload([self.contributor_node._id]),
auth=self.user.auth)
assert_equal(res.status_code, 201)
ids = [data['id'] for data in res.json['data']]
assert_in(self.contributor_node._id, ids)
assert_in(self.private_node._id, ids)
def test_post_public_node(self):
res = self.app.post_json_api(self.url,
self.payload([self.public_node._id]),
auth=self.user.auth)
assert_equal(res.status_code, 201)
ids = [data['id'] for data in res.json['data']]
assert_in(self.public_node._id, ids)
assert_in(self.private_node._id, ids)
def test_post_private_node(self):
res = self.app.post_json_api(self.url,
self.payload([self.other_node._id]),
auth=self.user.auth,
expect_errors=True)
assert_equal(res.status_code, 403)
res = self.app.get(self.url, auth=self.user.auth)
ids = [data['id'] for data in res.json['data']]
assert_not_in(self.other_node._id, ids)
assert_in(self.private_node._id, ids)
def test_post_mixed_nodes(self):
res = self.app.post_json_api(
self.url,
self.payload([self.other_node._id, self.contributor_node._id]),
auth=self.user.auth,
expect_errors=True)
assert_equal(res.status_code, 403)
res = self.app.get(self.url, auth=self.user.auth)
ids = [data['id'] for data in res.json['data']]
assert_not_in(self.other_node._id, ids)
assert_not_in(self.contributor_node._id, ids)
assert_in(self.private_node._id, ids)
def test_post_node_already_linked(self):
res = self.app.post_json_api(self.url,
self.payload([self.private_node._id]),
auth=self.user.auth)
assert_equal(res.status_code, 204)
def test_put_contributing_node(self):
res = self.app.put_json_api(self.url,
self.payload([self.contributor_node._id]),
auth=self.user.auth)
assert_equal(res.status_code, 200)
ids = [data['id'] for data in res.json['data']]
assert_in(self.contributor_node._id, ids)
assert_not_in(self.private_node._id, ids)
def test_put_private_node(self):
res = self.app.put_json_api(self.url,
self.payload([self.other_node._id]),
auth=self.user.auth,
expect_errors=True)
assert_equal(res.status_code, 403)
res = self.app.get(self.url, auth=self.user.auth)
ids = [data['id'] for data in res.json['data']]
assert_not_in(self.other_node._id, ids)
assert_in(self.private_node._id, ids)
def test_put_mixed_nodes(self):
res = self.app.put_json_api(
self.url,
self.payload([self.other_node._id, self.contributor_node._id]),
auth=self.user.auth,
expect_errors=True)
assert_equal(res.status_code, 403)
res = self.app.get(self.url, auth=self.user.auth)
ids = [data['id'] for data in res.json['data']]
assert_not_in(self.other_node._id, ids)
assert_not_in(self.contributor_node._id, ids)
assert_in(self.private_node._id, ids)
def test_delete_with_put_empty_array(self):
self.linking_node.add_pointer(self.admin_node, auth=self.auth)
payload = self.payload()
payload['data'].pop()
res = self.app.put_json_api(self.url, payload, auth=self.user.auth)
assert_equal(res.status_code, 200)
assert_equal(res.json['data'], payload['data'])
def test_delete_one(self):
self.linking_node.add_pointer(self.admin_node, auth=self.auth)
res = self.app.delete_json_api(
self.url,
self.payload([self.private_node._id]),
auth=self.user.auth,
)
assert_equal(res.status_code, 204)
res = self.app.get(self.url, auth=self.user.auth)
ids = [data['id'] for data in res.json['data']]
assert_in(self.admin_node._id, ids)
assert_not_in(self.private_node._id, ids)
def test_delete_multiple(self):
self.linking_node.add_pointer(self.admin_node, auth=self.auth)
res = self.app.delete_json_api(
self.url,
self.payload([self.private_node._id, self.admin_node._id]),
auth=self.user.auth,
)
assert_equal(res.status_code, 204)
res = self.app.get(self.url, auth=self.user.auth)
assert_equal(res.json['data'], [])
def test_delete_not_present(self):
number_of_links = self.linking_node.linked_nodes.count()
res = self.app.delete_json_api(self.url,
self.payload([self.other_node._id]),
auth=self.user.auth)
assert_equal(res.status_code, 204)
res = self.app.get(self.url, auth=self.user.auth)
assert_equal(len(res.json['data']), number_of_links)
def test_delete_invalid_payload(self):
number_of_links = self.linking_node.linked_nodes.count()
# No id in datum
payload = {'data': [{'type': 'linked_nodes'}]}
res = self.app.delete_json_api(self.url,
payload,
auth=self.user.auth,
expect_errors=True)
assert_equal(res.status_code, 400)
error = res.json['errors'][0]
assert_equal(error['detail'], 'Request must include /data/id.')
res = self.app.get(self.url, auth=self.user.auth)
assert_equal(len(res.json['data']), number_of_links)
def test_node_doesnt_exist(self):
res = self.app.post_json_api(self.url,
self.payload(['aquarela']),
auth=self.user.auth,
expect_errors=True)
assert_equal(res.status_code, 404)
def test_type_mistyped(self):
res = self.app.post_json_api(self.url, {
'data': [{
'type': 'not_linked_nodes',
'id': self.contributor_node._id
}]
},
auth=self.user.auth,
expect_errors=True)
assert_equal(res.status_code, 409)
def test_creates_public_linked_node_relationship_logged_out(self):
res = self.app.post_json_api(self.public_url,
self.payload([self.public_node._id]),
expect_errors=True)
assert_equal(res.status_code, 401)
def test_creates_public_linked_node_relationship_logged_in(self):
res = self.app.post_json_api(self.public_url,
self.payload([self.public_node._id]),
auth=self.user.auth,
expect_errors=True)
assert_equal(res.status_code, 403)
def test_creates_private_linked_node_relationship_logged_out(self):
res = self.app.post_json_api(self.url,
self.payload([self.other_node._id]),
expect_errors=True)
assert_equal(res.status_code, 401)
def test_put_public_nodes_relationships_logged_out(self):
res = self.app.put_json_api(self.public_url,
self.payload([self.public_node._id]),
expect_errors=True)
assert_equal(res.status_code, 401)
def test_put_public_nodes_relationships_logged_in(self):
res = self.app.put_json_api(self.public_url,
self.payload([self.private_node._id]),
auth=self.user.auth,
expect_errors=True)
assert_equal(res.status_code, 403)
def test_delete_public_nodes_relationships_logged_out(self):
res = self.app.delete_json_api(self.public_url,
self.payload([self.public_node._id]),
expect_errors=True)
assert_equal(res.status_code, 401)
def test_delete_public_nodes_relationships_logged_in(self):
res = self.app.delete_json_api(self.public_url,
self.payload([self.private_node._id]),
auth=self.user.auth,
expect_errors=True)
assert_equal(res.status_code, 403)
def test_node_links_and_relationship_represent_same_nodes(self):
self.linking_node.add_pointer(self.admin_node, auth=self.auth)
self.linking_node.add_pointer(self.contributor_node, auth=self.auth)
res_relationship = self.app.get(self.url, auth=self.user.auth)
res_node_links = self.app.get('/{}nodes/{}/node_links/'.format(
API_BASE, self.linking_node._id),
auth=self.user.auth)
node_links_id = [
data['embeds']['target_node']['data']['id']
for data in res_node_links.json['data']
]
relationship_id = [
data['id'] for data in res_relationship.json['data']
]
assert_equal(set(node_links_id), set(relationship_id))
class TestInstitutionRelationshipNodes(ApiTestCase):
def setUp(self):
super(TestInstitutionRelationshipNodes, self).setUp()
self.user = AuthUserFactory()
self.institution = InstitutionFactory()
self.user.affiliated_institutions.add(self.institution)
self.user.save()
self.node1 = NodeFactory(creator=self.user)
self.node2 = NodeFactory(is_public=True)
self.node3 = NodeFactory()
self.node1.affiliated_institutions.add(self.institution)
self.node2.affiliated_institutions.add(self.institution)
self.node3.affiliated_institutions.add(self.institution)
self.node1.save()
self.node2.save()
self.node3.save()
self.institution_nodes_url = '/{}institutions/{}/relationships/nodes/'.format(
API_BASE, self.institution._id)
def create_payload(self, *node_ids):
data = [{'type': 'nodes', 'id': id_} for id_ in node_ids]
return {'data': data}
def test_get_nodes_no_auth(self):
res = self.app.get(self.institution_nodes_url)
assert_equal(res.status_code, 200)
node_ids = [node['id'] for node in res.json['data']]
assert_in(self.node2._id, node_ids)
assert_not_in(self.node1._id, node_ids)
assert_not_in(self.node3._id, node_ids)
def test_get_nodes_with_auth(self):
res = self.app.get(self.institution_nodes_url, auth=self.user.auth)
assert_equal(res.status_code, 200)
node_ids = [node['id'] for node in res.json['data']]
assert_in(self.node1._id, node_ids)
assert_in(self.node2._id, node_ids)
assert_not_in(self.node3._id, node_ids)
def test_node_does_not_exist(self):
res = self.app.post_json_api(self.institution_nodes_url,
self.create_payload('notIdatAll'),
expect_errors=True,
auth=self.user.auth)
assert_equal(res.status_code, 404)
def test_wrong_type(self):
node = NodeFactory(creator=self.user)
res = self.app.post_json_api(
self.institution_nodes_url,
{'data': [{
'type': 'dugtrio',
'id': node._id
}]},
expect_errors=True,
auth=self.user.auth)
assert_equal(res.status_code, 409)
def test_user_with_nodes_and_permissions(self):
node = NodeFactory(creator=self.user)
res = self.app.post_json_api(self.institution_nodes_url,
self.create_payload(node._id),
auth=self.user.auth)
assert_equal(res.status_code, 201)
node_ids = [node_['id'] for node_ in res.json['data']]
assert_in(node._id, node_ids)
node.reload()
assert_in(self.institution, node.affiliated_institutions.all())
def test_user_does_not_have_node(self):
node = NodeFactory()
res = self.app.post_json_api(self.institution_nodes_url,
self.create_payload(node._id),
expect_errors=True,
auth=self.user.auth)
assert_equal(res.status_code, 403)
node.reload()
assert_not_in(self.institution, node.affiliated_institutions.all())
def test_user_is_admin(self):
node = NodeFactory(creator=self.user)
res = self.app.post_json_api(self.institution_nodes_url,
self.create_payload(node._id),
auth=self.user.auth)
assert_equal(res.status_code, 201)
node.reload()
assert_in(self.institution, node.affiliated_institutions.all())
def test_user_is_read_write(self):
user = AuthUserFactory()
user.affiliated_institutions.add(self.institution)
node = NodeFactory()
node.add_contributor(user)
node.save()
res = self.app.post_json_api(self.institution_nodes_url,
self.create_payload(node._id),
auth=user.auth)
assert_equal(res.status_code, 201)
node.reload()
assert_in(self.institution, node.affiliated_institutions.all())
def test_user_is_read_only(self):
user = AuthUserFactory()
user.affiliated_institutions.add(self.institution)
node = NodeFactory()
node.add_contributor(user, permissions=[permissions.READ])
node.save()
res = self.app.post_json_api(self.institution_nodes_url,
self.create_payload(node._id),
auth=user.auth,
expect_errors=True)
assert_equal(res.status_code, 403)
node.reload()
assert_not_in(self.institution, node.affiliated_institutions.all())
def test_user_is_admin_but_not_affiliated(self):
user = AuthUserFactory()
node = NodeFactory(creator=user)
res = self.app.post_json_api(self.institution_nodes_url,
self.create_payload(node._id),
expect_errors=True,
auth=user.auth)
assert_equal(res.status_code, 403)
node.reload()
assert_not_in(self.institution, node.affiliated_institutions.all())
def test_add_some_with_permissions_others_without(self):
node1 = NodeFactory(creator=self.user)
node2 = NodeFactory()
res = self.app.post_json_api(self.institution_nodes_url,
self.create_payload(node1._id, node2._id),
expect_errors=True,
auth=self.user.auth)
assert_equal(res.status_code, 403)
node1.reload()
node2.reload()
assert_not_in(self.institution, node1.affiliated_institutions.all())
assert_not_in(self.institution, node2.affiliated_institutions.all())
def test_add_some_existant_others_not(self):
assert_in(self.institution, self.node1.affiliated_institutions.all())
node = NodeFactory(creator=self.user)
res = self.app.post_json_api(self.institution_nodes_url,
self.create_payload(
node._id, self.node1._id),
auth=self.user.auth)
assert_equal(res.status_code, 201)
node.reload()
self.node1.reload()
assert_in(self.institution, self.node1.affiliated_institutions.all())
assert_in(self.institution, node.affiliated_institutions.all())
def test_only_add_existent_with_mixed_permissions(self):
assert_in(self.institution, self.node1.affiliated_institutions.all())
assert_in(self.institution, self.node2.affiliated_institutions.all())
res = self.app.post_json_api(self.institution_nodes_url,
self.create_payload(
self.node2._id, self.node1._id),
expect_errors=True,
auth=self.user.auth)
assert_equal(res.status_code, 403)
self.node1.reload()
self.node2.reload()
assert_in(self.institution, self.node1.affiliated_institutions.all())
assert_in(self.institution, self.node2.affiliated_institutions.all())
def test_only_add_existent_with_permissions(self):
node = NodeFactory(creator=self.user)
node.affiliated_institutions.add(self.institution)
node.save()
assert_in(self.institution, self.node1.affiliated_institutions.all())
assert_in(self.institution, node.affiliated_institutions.all())
res = self.app.post_json_api(self.institution_nodes_url,
self.create_payload(
node._id, self.node1._id),
auth=self.user.auth)
assert_equal(res.status_code, 204)
def test_delete_user_is_admin(self):
res = self.app.delete_json_api(self.institution_nodes_url,
self.create_payload(self.node1._id),
auth=self.user.auth)
self.node1.reload()
assert_equal(res.status_code, 204)
assert_not_in(self.institution,
self.node1.affiliated_institutions.all())
def test_delete_user_is_read_write(self):
self.node3.add_contributor(self.user)
self.node3.save()
res = self.app.delete_json_api(self.institution_nodes_url,
self.create_payload(self.node3._id),
auth=self.user.auth)
self.node3.reload()
assert_equal(res.status_code, 204)
assert_not_in(self.institution,
self.node3.affiliated_institutions.all())
def test_delete_user_is_read_only(self):
self.node3.add_contributor(self.user, permissions='read')
self.node3.save()
res = self.app.delete_json_api(self.institution_nodes_url,
self.create_payload(self.node3._id),
auth=self.user.auth,
expect_errors=True)
self.node3.reload()
assert_equal(res.status_code, 403)
assert_in(self.institution, self.node3.affiliated_institutions.all())
def test_delete_user_is_admin_and_affiliated_with_inst(self):
assert_in(self.institution, self.node1.affiliated_institutions.all())
res = self.app.delete_json_api(self.institution_nodes_url,
self.create_payload(self.node1._id),
auth=self.user.auth)
assert_equal(res.status_code, 204)
self.node1.reload()
assert_not_in(self.institution,
self.node1.affiliated_institutions.all())
def test_delete_user_is_admin_but_not_affiliated_with_inst(self):
user = AuthUserFactory()
node = NodeFactory(creator=user)
node.affiliated_institutions.add(self.institution)
node.save()
assert_in(self.institution, node.affiliated_institutions.all())
res = self.app.delete_json_api(self.institution_nodes_url,
self.create_payload(node._id),
auth=user.auth)
assert_equal(res.status_code, 204)
node.reload()
assert_not_in(self.institution, node.affiliated_institutions.all())
def test_delete_user_is_affiliated_with_inst_and_mixed_permissions_on_nodes(
self):
res = self.app.delete_json_api(self.institution_nodes_url,
self.create_payload(
self.node1._id, self.node2._id),
expect_errors=True,
auth=self.user.auth)
assert_equal(res.status_code, 403)
class TestNodeRelationshipInstitutions(ApiTestCase):
def setUp(self):
super(TestNodeRelationshipInstitutions, self).setUp()
self.institution2 = InstitutionFactory()
self.institution1 = InstitutionFactory()
self.user = AuthUserFactory()
self.user.affiliated_institutions.add(self.institution1)
self.user.affiliated_institutions.add(self.institution2)
self.user.save()
self.read_write_contributor = AuthUserFactory()
self.read_write_contributor_institution = InstitutionFactory()
self.read_write_contributor.affiliated_institutions.add(self.read_write_contributor_institution)
self.read_write_contributor.save()
self.read_only_contributor = AuthUserFactory()
self.read_only_contributor_institution = InstitutionFactory()
self.read_only_contributor.affiliated_institutions.add(self.read_only_contributor_institution)
self.read_only_contributor.save()
self.node = NodeFactory(creator=self.user)
self.node.add_contributor(self.read_write_contributor, permissions=[permissions.WRITE])
self.node.add_contributor(self.read_only_contributor, permissions=[permissions.READ])
self.node.save()
self.node_institutions_url = '/{0}nodes/{1}/relationships/institutions/'.format(API_BASE, self.node._id)
def create_payload(self, *institution_ids):
data = []
for id_ in institution_ids:
data.append({'type': 'institutions', 'id': id_})
return {'data': data}
def test_node_with_no_permissions(self):
user = AuthUserFactory()
user.affiliated_institutions.add(self.institution1)
user.save()
res = self.app.put_json_api(
self.node_institutions_url,
self.create_payload([self.institution1._id]),
auth=user.auth,
expect_errors=True,
)
assert_equal(res.status_code, 403)
def test_user_with_no_institution(self):
user = AuthUserFactory()
node = NodeFactory(creator=user)
res = self.app.put_json_api(
'/{0}nodes/{1}/relationships/institutions/'.format(API_BASE, node._id),
self.create_payload(self.institution1._id),
expect_errors=True,
auth=user.auth
)
assert_equal(res.status_code, 403)
def test_get_public_node(self):
self.node.is_public = True
self.node.save()
res = self.app.get(
self.node_institutions_url
)
assert_equal(res.status_code, 200)
assert_equal(res.json['data'], [])
def test_institution_does_not_exist(self):
res = self.app.put_json_api(
self.node_institutions_url,
self.create_payload('not_an_id'),
expect_errors=True,
auth=self.user.auth
)
assert_equal(res.status_code, 404)
def test_wrong_type(self):
res = self.app.put_json_api(
self.node_institutions_url,
{'data': [{'type': 'not_institution', 'id': self.institution1._id}]},
expect_errors=True,
auth=self.user.auth
)
assert_equal(res.status_code, 409)
def test_user_with_institution_and_permissions(self):
assert_not_in(self.institution1, self.node.affiliated_institutions.all())
assert_not_in(self.institution2, self.node.affiliated_institutions.all())
res = self.app.post_json_api(
self.node_institutions_url,
self.create_payload(self.institution1._id, self.institution2._id),
auth=self.user.auth
)
assert_equal(res.status_code, 201)
data = res.json['data']
ret_institutions = [inst['id'] for inst in data]
assert_in(self.institution1._id, ret_institutions)
assert_in(self.institution2._id, ret_institutions)
self.node.reload()
assert_in(self.institution1, self.node.affiliated_institutions.all())
assert_in(self.institution2, self.node.affiliated_institutions.all())
def test_user_with_institution_and_permissions_through_patch(self):
assert_not_in(self.institution1, self.node.affiliated_institutions.all())
assert_not_in(self.institution2, self.node.affiliated_institutions.all())
res = self.app.put_json_api(
self.node_institutions_url,
self.create_payload(self.institution1._id, self.institution2._id),
auth=self.user.auth
)
assert_equal(res.status_code, 200)
data = res.json['data']
ret_institutions = [inst['id'] for inst in data]
assert_in(self.institution1._id, ret_institutions)
assert_in(self.institution2._id, ret_institutions)
self.node.reload()
assert_in(self.institution1, self.node.affiliated_institutions.all())
assert_in(self.institution2, self.node.affiliated_institutions.all())
def test_remove_institutions_with_no_permissions(self):
res = self.app.put_json_api(
self.node_institutions_url,
self.create_payload(),
expect_errors=True
)
assert_equal(res.status_code, 401)
def test_remove_institutions_with_affiliated_user(self):
self.node.affiliated_institutions.add(self.institution1)
self.node.save()
assert_in(self.institution1, self.node.affiliated_institutions.all())
res = self.app.put_json_api(
self.node_institutions_url,
{'data': []},
auth=self.user.auth
)
assert_equal(res.status_code, 200)
self.node.reload()
assert_equal(self.node.affiliated_institutions.count(), 0)
def test_using_post_making_no_changes_returns_204(self):
self.node.affiliated_institutions.add(self.institution1)
self.node.save()
assert_in(self.institution1, self.node.affiliated_institutions.all())
res = self.app.post_json_api(
self.node_institutions_url,
self.create_payload(self.institution1._id),
auth=self.user.auth
)
assert_equal(res.status_code, 204)
self.node.reload()
assert_in(self.institution1, self.node.affiliated_institutions.all())
def test_put_not_admin_but_affiliated(self):
user = AuthUserFactory()
user.affiliated_institutions.add(self.institution1)
user.save()
self.node.add_contributor(user)
self.node.save()
res = self.app.put_json_api(
self.node_institutions_url,
self.create_payload(self.institution1._id),
auth=user.auth
)
self.node.reload()
assert_equal(res.status_code, 200)
assert_in(self.institution1, self.node.affiliated_institutions.all())
def test_retrieve_private_node_no_auth(self):
res = self.app.get(self.node_institutions_url, expect_errors=True)
assert_equal(res.status_code, 401)
def test_add_through_patch_one_inst_to_node_with_inst(self):
self.node.affiliated_institutions.add(self.institution1)
self.node.save()
assert_in(self.institution1, self.node.affiliated_institutions.all())
assert_not_in(self.institution2, self.node.affiliated_institutions.all())
res = self.app.patch_json_api(
self.node_institutions_url,
self.create_payload(self.institution1._id, self.institution2._id),
auth=self.user.auth
)
assert_equal(res.status_code, 200)
self.node.reload()
assert_in(self.institution1, self.node.affiliated_institutions.all())
assert_in(self.institution2, self.node.affiliated_institutions.all())
def test_add_through_patch_one_inst_while_removing_other(self):
self.node.affiliated_institutions.add(self.institution1)
self.node.save()
assert_in(self.institution1, self.node.affiliated_institutions.all())
assert_not_in(self.institution2, self.node.affiliated_institutions.all())
res = self.app.patch_json_api(
self.node_institutions_url,
self.create_payload(self.institution2._id),
auth=self.user.auth
)
assert_equal(res.status_code, 200)
self.node.reload()
assert_not_in(self.institution1, self.node.affiliated_institutions.all())
assert_in(self.institution2, self.node.affiliated_institutions.all())
def test_add_one_inst_with_post_to_node_with_inst(self):
self.node.affiliated_institutions.add(self.institution1)
self.node.save()
assert_in(self.institution1, self.node.affiliated_institutions.all())
assert_not_in(self.institution2, self.node.affiliated_institutions.all())
res = self.app.post_json_api(
self.node_institutions_url,
self.create_payload(self.institution2._id),
auth=self.user.auth
)
assert_equal(res.status_code, 201)
self.node.reload()
assert_in(self.institution1, self.node.affiliated_institutions.all())
assert_in(self.institution2, self.node.affiliated_institutions.all())
def test_delete_nothing(self):
res = self.app.delete_json_api(
self.node_institutions_url,
self.create_payload(),
auth=self.user.auth
)
assert_equal(res.status_code, 204)
def test_delete_existing_inst(self):
self.node.affiliated_institutions.add(self.institution1)
self.node.save()
assert_in(self.institution1, self.node.affiliated_institutions.all())
res = self.app.delete_json_api(
self.node_institutions_url,
self.create_payload(self.institution1._id),
auth=self.user.auth
)
assert_equal(res.status_code, 204)
self.node.reload()
assert_not_in(self.institution1, self.node.affiliated_institutions.all())
def test_delete_not_affiliated_and_affiliated_insts(self):
self.node.affiliated_institutions.add(self.institution1)
self.node.save()
assert_in(self.institution1, self.node.affiliated_institutions.all())
assert_not_in(self.institution2, self.node.affiliated_institutions.all())
res = self.app.delete_json_api(
self.node_institutions_url,
self.create_payload(self.institution1._id, self.institution2._id),
auth=self.user.auth,
)
assert_equal(res.status_code, 204)
self.node.reload()
assert_not_in(self.institution1, self.node.affiliated_institutions.all())
assert_not_in(self.institution2, self.node.affiliated_institutions.all())
def test_delete_user_is_admin(self):
self.node.affiliated_institutions.add(self.institution1)
self.node.save()
res = self.app.delete_json_api(
self.node_institutions_url,
self.create_payload(self.institution1._id),
auth=self.user.auth
)
assert_equal(res.status_code, 204)
def test_delete_user_is_read_write(self):
user = AuthUserFactory()
user.affiliated_institutions.add(self.institution1)
user.save()
self.node.add_contributor(user)
self.node.affiliated_institutions.add(self.institution1)
self.node.save()
res = self.app.delete_json_api(
self.node_institutions_url,
self.create_payload(self.institution1._id),
auth=user.auth
)
assert_equal(res.status_code, 204)
def test_delete_user_is_read_only(self):
user = AuthUserFactory()
user.affiliated_institutions.add(self.institution1)
user.save()
self.node.add_contributor(user, permissions=[permissions.READ])
self.node.affiliated_institutions.add(self.institution1)
self.node.save()
res = self.app.delete_json_api(
self.node_institutions_url,
self.create_payload(self.institution1._id),
auth=user.auth,
expect_errors=True
)
assert_equal(res.status_code, 403)
def test_delete_user_is_admin_but_not_affiliated_with_inst(self):
user = AuthUserFactory()
node = NodeFactory(creator=user)
node.affiliated_institutions.add(self.institution1)
node.save()
assert_in(self.institution1, node.affiliated_institutions.all())
res = self.app.delete_json_api(
'/{0}nodes/{1}/relationships/institutions/'.format(API_BASE, node._id),
self.create_payload(self.institution1._id),
auth=user.auth,
)
assert_equal(res.status_code, 204)
node.reload()
assert_not_in(self.institution1, node.affiliated_institutions.all())
def test_admin_can_add_affiliated_institution(self):
payload = {
'data': [{
'type': 'institutions',
'id': self.institution1._id
}]
}
res = self.app.post_json_api(self.node_institutions_url, payload, auth=self.user.auth)
self.node.reload()
assert_equal(res.status_code, 201)
assert_in(self.institution1, self.node.affiliated_institutions.all())
def test_admin_can_remove_admin_affiliated_institution(self):
self.node.affiliated_institutions.add(self.institution1)
payload = {
'data': [{
'type': 'institutions',
'id': self.institution1._id
}]
}
res = self.app.delete_json_api(self.node_institutions_url, payload, auth=self.user.auth)
self.node.reload()
assert_equal(res.status_code, 204)
assert_not_in(self.institution1, self.node.affiliated_institutions.all())
def test_admin_can_remove_read_write_contributor_affiliated_institution(self):
self.node.affiliated_institutions.add(self.read_write_contributor_institution)
self.node.save()
payload = {
'data': [{
'type': 'institutions',
'id': self.read_write_contributor_institution._id
}]
}
res = self.app.delete_json_api(self.node_institutions_url, payload, auth=self.user.auth)
self.node.reload()
assert_equal(res.status_code, 204)
assert_not_in(self.read_write_contributor_institution, self.node.affiliated_institutions.all())
def test_read_write_contributor_can_add_affiliated_institution(self):
payload = {
'data': [{
'type': 'institutions',
'id': self.read_write_contributor_institution._id
}]
}
res = self.app.post_json_api(self.node_institutions_url, payload, auth=self.read_write_contributor.auth)
self.node.reload()
assert_equal(res.status_code, 201)
assert_in(self.read_write_contributor_institution, self.node.affiliated_institutions.all())
def test_read_write_contributor_can_remove_affiliated_institution(self):
self.node.affiliated_institutions.add(self.read_write_contributor_institution)
self.node.save()
payload = {
'data': [{
'type': 'institutions',
'id': self.read_write_contributor_institution._id
}]
}
res = self.app.delete_json_api(self.node_institutions_url, payload, auth=self.read_write_contributor.auth)
self.node.reload()
assert_equal(res.status_code, 204)
assert_not_in(self.read_write_contributor_institution, self.node.affiliated_institutions.all())
def test_read_write_contributor_cannot_remove_admin_affiliated_institution(self):
self.node.affiliated_institutions.add(self.institution1)
self.node.save()
payload = {
'data': [{
'type': 'institutions',
'id': self.institution1._id
}]
}
res = self.app.delete_json_api(self.node_institutions_url, payload, auth=self.read_write_contributor.auth, expect_errors=True)
self.node.reload()
assert_equal(res.status_code, 403)
assert_in(self.institution1, self.node.affiliated_institutions.all())
def test_read_only_contributor_cannot_remove_admin_affiliated_institution(self):
self.node.affiliated_institutions.add(self.institution1)
self.node.save()
payload = {
'data': [{
'type': 'institutions',
'id': self.institution1._id
}]
}
res = self.app.delete_json_api(self.node_institutions_url, payload, auth=self.read_only_contributor.auth, expect_errors=True)
self.node.reload()
assert_equal(res.status_code, 403)
assert_in(self.institution1, self.node.affiliated_institutions.all())
def test_read_only_contributor_cannot_add_affiliated_institution(self):
payload = {
'data': [{
'type': 'institutions',
'id': self.read_only_contributor_institution._id
}]
}
res = self.app.post_json_api(self.node_institutions_url, payload, auth=self.read_only_contributor.auth, expect_errors=True)
self.node.reload()
assert_equal(res.status_code, 403)
assert_not_in(self.read_write_contributor_institution, self.node.affiliated_institutions.all())
def test_read_only_contributor_cannot_remove_affiliated_institution(self):
self.node.affiliated_institutions.add(self.read_only_contributor_institution)
self.node.save()
payload = {
'data': [{
'type': 'institutions',
'id': self.read_only_contributor_institution._id
}]
}
res = self.app.delete_json_api(self.node_institutions_url, payload, auth=self.read_only_contributor.auth, expect_errors=True)
self.node.reload()
assert_equal(res.status_code, 403)
assert_in(self.read_only_contributor_institution, self.node.affiliated_institutions.all())
class TestComponents(OsfTestCase):
def setUp(self):
super(TestComponents, self).setUp()
self.user = AuthUserFactory()
self.consolidate_auth = Auth(user=self.user)
self.project = ProjectFactory(creator=self.user)
self.project.add_contributor(contributor=self.user, auth=self.consolidate_auth)
# A non-project componenet
self.component = NodeFactory(
category='hypothesis',
creator=self.user,
parent=self.project,
)
self.component.save()
self.component.set_privacy('public', self.consolidate_auth)
self.component.set_privacy('private', self.consolidate_auth)
self.project.save()
self.project_url = self.project.web_url_for('view_project')
def test_sees_parent(self):
res = self.app.get(self.component.url, auth=self.user.auth).maybe_follow()
parent_title = res.html.find_all('h2', class_='node-parent-title')
assert_equal(len(parent_title), 1)
assert_in(self.project.title, parent_title[0].text) # Bs4 will handle unescaping HTML here
def test_delete_project(self):
res = self.app.get(
self.component.url + 'settings/',
auth=self.user.auth
).maybe_follow()
assert_in(
'Delete {0}'.format(self.component.project_or_component),
res
)
def test_cant_delete_project_if_not_admin(self):
non_admin = AuthUserFactory()
self.component.add_contributor(
non_admin,
permissions=['read', 'write'],
auth=self.consolidate_auth,
save=True,
)
res = self.app.get(
self.component.url + 'settings/',
auth=non_admin.auth
).maybe_follow()
assert_not_in(
'Delete {0}'.format(self.component.project_or_component),
res
)
def test_can_configure_comments_if_admin(self):
res = self.app.get(
self.component.url + 'settings/',
auth=self.user.auth,
).maybe_follow()
assert_in('Commenting', res)
def test_cant_configure_comments_if_not_admin(self):
non_admin = AuthUserFactory()
self.component.add_contributor(
non_admin,
permissions=['read', 'write'],
auth=self.consolidate_auth,
save=True,
)
res = self.app.get(
self.component.url + 'settings/',
auth=non_admin.auth
).maybe_follow()
assert_not_in('Commenting', res)
def test_components_should_have_component_list(self):
res = self.app.get(self.component.url, auth=self.user.auth)
assert_in('Components', res)
class TestInstitutionRelationshipNodes(ApiTestCase):
def setUp(self):
super(TestInstitutionRelationshipNodes, self).setUp()
self.user = AuthUserFactory()
self.institution = InstitutionFactory()
self.user.affiliated_institutions.add(self.institution)
self.user.save()
self.node1 = NodeFactory(creator=self.user)
self.node2 = NodeFactory(is_public=True)
self.node3 = NodeFactory()
self.node1.affiliated_institutions.add(self.institution)
self.node2.affiliated_institutions.add(self.institution)
self.node3.affiliated_institutions.add(self.institution)
self.node1.save()
self.node2.save()
self.node3.save()
self.institution_nodes_url = '/{}institutions/{}/relationships/nodes/'.format(API_BASE, self.institution._id)
def create_payload(self, *node_ids):
data = [
{'type': 'nodes', 'id': id_} for id_ in node_ids
]
return {'data': data}
def test_get_nodes_no_auth(self):
res = self.app.get(self.institution_nodes_url)
assert_equal(res.status_code, 200)
node_ids = [node['id'] for node in res.json['data']]
assert_in(self.node2._id, node_ids)
assert_not_in(self.node1._id, node_ids)
assert_not_in(self.node3._id, node_ids)
def test_get_nodes_with_auth(self):
res = self.app.get(self.institution_nodes_url, auth=self.user.auth)
assert_equal(res.status_code, 200)
node_ids = [node['id'] for node in res.json['data']]
assert_in(self.node1._id, node_ids)
assert_in(self.node2._id, node_ids)
assert_not_in(self.node3._id, node_ids)
def test_node_does_not_exist(self):
res = self.app.post_json_api(
self.institution_nodes_url,
self.create_payload('notIdatAll'),
expect_errors=True,
auth=self.user.auth
)
assert_equal(res.status_code, 404)
def test_wrong_type(self):
node = NodeFactory(creator=self.user)
res = self.app.post_json_api(
self.institution_nodes_url,
{'data': [{'type': 'dugtrio', 'id': node._id}]},
expect_errors=True,
auth=self.user.auth
)
assert_equal(res.status_code, 409)
def test_user_with_nodes_and_permissions(self):
node = NodeFactory(creator=self.user)
res = self.app.post_json_api(
self.institution_nodes_url,
self.create_payload(node._id),
auth=self.user.auth
)
assert_equal(res.status_code, 201)
node_ids = [node_['id'] for node_ in res.json['data']]
assert_in(node._id, node_ids)
node.reload()
assert_in(self.institution, node.affiliated_institutions.all())
def test_user_does_not_have_node(self):
node = NodeFactory()
res = self.app.post_json_api(
self.institution_nodes_url,
self.create_payload(node._id),
expect_errors=True,
auth=self.user.auth
)
assert_equal(res.status_code, 403)
node.reload()
assert_not_in(self.institution, node.affiliated_institutions.all())
def test_user_is_admin(self):
node = NodeFactory(creator=self.user)
res = self.app.post_json_api(
self.institution_nodes_url,
self.create_payload(node._id),
auth=self.user.auth
)
assert_equal(res.status_code, 201)
node.reload()
assert_in(self.institution, node.affiliated_institutions.all())
def test_user_is_read_write(self):
user = AuthUserFactory()
user.affiliated_institutions.add(self.institution)
node = NodeFactory()
node.add_contributor(user)
node.save()
res = self.app.post_json_api(
self.institution_nodes_url,
self.create_payload(node._id),
auth=user.auth
)
assert_equal(res.status_code, 201)
node.reload()
assert_in(self.institution, node.affiliated_institutions.all())
def test_user_is_read_only(self):
user = AuthUserFactory()
user.affiliated_institutions.add(self.institution)
node = NodeFactory()
node.add_contributor(user, permissions=[permissions.READ])
node.save()
res = self.app.post_json_api(
self.institution_nodes_url,
self.create_payload(node._id),
auth=user.auth,
expect_errors=True
)
assert_equal(res.status_code, 403)
node.reload()
assert_not_in(self.institution, node.affiliated_institutions.all())
def test_user_is_admin_but_not_affiliated(self):
user = AuthUserFactory()
node = NodeFactory(creator=user)
res = self.app.post_json_api(
self.institution_nodes_url,
self.create_payload(node._id),
expect_errors=True,
auth=user.auth
)
assert_equal(res.status_code, 403)
node.reload()
assert_not_in(self.institution, node.affiliated_institutions.all())
def test_add_some_with_permissions_others_without(self):
node1 = NodeFactory(creator=self.user)
node2 = NodeFactory()
res = self.app.post_json_api(
self.institution_nodes_url,
self.create_payload(node1._id, node2._id),
expect_errors=True,
auth=self.user.auth
)
assert_equal(res.status_code, 403)
node1.reload()
node2.reload()
assert_not_in(self.institution, node1.affiliated_institutions.all())
assert_not_in(self.institution, node2.affiliated_institutions.all())
def test_add_some_existant_others_not(self):
assert_in(self.institution, self.node1.affiliated_institutions.all())
node = NodeFactory(creator=self.user)
res = self.app.post_json_api(
self.institution_nodes_url,
self.create_payload(node._id, self.node1._id),
auth=self.user.auth
)
assert_equal(res.status_code, 201)
node.reload()
self.node1.reload()
assert_in(self.institution, self.node1.affiliated_institutions.all())
assert_in(self.institution, node.affiliated_institutions.all())
def test_only_add_existent_with_mixed_permissions(self):
assert_in(self.institution, self.node1.affiliated_institutions.all())
assert_in(self.institution, self.node2.affiliated_institutions.all())
res = self.app.post_json_api(
self.institution_nodes_url,
self.create_payload(self.node2._id, self.node1._id),
expect_errors=True,
auth=self.user.auth
)
assert_equal(res.status_code, 403)
self.node1.reload()
self.node2.reload()
assert_in(self.institution, self.node1.affiliated_institutions.all())
assert_in(self.institution, self.node2.affiliated_institutions.all())
def test_only_add_existent_with_permissions(self):
node = NodeFactory(creator=self.user)
node.affiliated_institutions.add(self.institution)
node.save()
assert_in(self.institution, self.node1.affiliated_institutions.all())
assert_in(self.institution, node.affiliated_institutions.all())
res = self.app.post_json_api(
self.institution_nodes_url,
self.create_payload(node._id, self.node1._id),
auth=self.user.auth
)
assert_equal(res.status_code, 204)
def test_delete_user_is_admin(self):
res = self.app.delete_json_api(
self.institution_nodes_url,
self.create_payload(self.node1._id),
auth=self.user.auth
)
self.node1.reload()
assert_equal(res.status_code, 204)
assert_not_in(self.institution, self.node1.affiliated_institutions.all())
def test_delete_user_is_read_write(self):
self.node3.add_contributor(self.user)
self.node3.save()
res = self.app.delete_json_api(
self.institution_nodes_url,
self.create_payload(self.node3._id),
auth=self.user.auth
)
self.node3.reload()
assert_equal(res.status_code, 204)
assert_not_in(self.institution, self.node3.affiliated_institutions.all())
def test_delete_user_is_read_only(self):
self.node3.add_contributor(self.user, permissions='read')
self.node3.save()
res = self.app.delete_json_api(
self.institution_nodes_url,
self.create_payload(self.node3._id),
auth=self.user.auth,
expect_errors=True
)
self.node3.reload()
assert_equal(res.status_code, 403)
assert_in(self.institution, self.node3.affiliated_institutions.all())
def test_delete_user_is_admin_and_affiliated_with_inst(self):
assert_in(self.institution, self.node1.affiliated_institutions.all())
res = self.app.delete_json_api(
self.institution_nodes_url,
self.create_payload(self.node1._id),
auth=self.user.auth
)
assert_equal(res.status_code, 204)
self.node1.reload()
assert_not_in(self.institution, self.node1.affiliated_institutions.all())
def test_delete_user_is_admin_but_not_affiliated_with_inst(self):
user = AuthUserFactory()
node = NodeFactory(creator=user)
node.affiliated_institutions.add(self.institution)
node.save()
assert_in(self.institution, node.affiliated_institutions.all())
res = self.app.delete_json_api(
self.institution_nodes_url,
self.create_payload(node._id),
auth=user.auth
)
assert_equal(res.status_code, 204)
node.reload()
assert_not_in(self.institution, node.affiliated_institutions.all())
def test_delete_user_is_affiliated_with_inst_and_mixed_permissions_on_nodes(self):
res = self.app.delete_json_api(
self.institution_nodes_url,
self.create_payload(self.node1._id, self.node2._id),
expect_errors=True,
auth=self.user.auth
)
assert_equal(res.status_code, 403)
def contributor_node(self, user, contributor):
contributor_node = NodeFactory(creator=contributor)
contributor_node.add_contributor(user, auth=Auth(contributor))
contributor_node.save()
return contributor_node
class TestNodeLinkedNodes(ApiTestCase):
def setUp(self):
super(TestNodeLinkedNodes, self).setUp()
self.user = AuthUserFactory()
self.auth = Auth(self.user)
self.linking_node = NodeFactory(creator=self.user)
self.linked_node = NodeFactory(creator=self.user)
self.linked_node2 = NodeFactory(creator=self.user)
self.public_node = NodeFactory(is_public=True, creator=self.user)
self.linking_node.add_pointer(self.linked_node, auth=self.auth)
self.linking_node.add_pointer(self.linked_node2, auth=self.auth)
self.linking_node.add_pointer(self.public_node, auth=self.auth)
self.linking_node.save()
self.url = '/{}nodes/{}/linked_nodes/'.format(API_BASE,
self.linking_node._id)
self.node_ids = self.linking_node.linked_nodes.values_list(
'guids___id', flat=True)
def test_linked_nodes_returns_everything(self):
res = self.app.get(self.url, auth=self.user.auth)
assert_equal(res.status_code, 200)
nodes_returned = [
linked_node['id'] for linked_node in res.json['data']
]
assert_equal(len(nodes_returned), len(self.node_ids))
for node_id in self.node_ids:
assert_in(node_id, nodes_returned)
def test_linked_nodes_only_return_viewable_nodes(self):
user = AuthUserFactory()
new_linking_node = NodeFactory(creator=user)
self.linked_node.add_contributor(user, auth=self.auth, save=True)
self.linked_node2.add_contributor(user, auth=self.auth, save=True)
self.public_node.add_contributor(user, auth=self.auth, save=True)
new_linking_node.add_pointer(self.linked_node, auth=Auth(user))
new_linking_node.add_pointer(self.linked_node2, auth=Auth(user))
new_linking_node.add_pointer(self.public_node, auth=Auth(user))
new_linking_node.save()
res = self.app.get('/{}nodes/{}/linked_nodes/'.format(
API_BASE, new_linking_node._id),
auth=user.auth)
assert_equal(res.status_code, 200)
nodes_returned = [
linked_node['id'] for linked_node in res.json['data']
]
assert_equal(len(nodes_returned), len(self.node_ids))
for node_id in self.node_ids:
assert_in(node_id, nodes_returned)
# Disconnect contributor_removed so that we don't check in files
# We can remove this when StoredFileNode is implemented in osf-models
with disconnected_from_listeners(contributor_removed):
self.linked_node2.remove_contributor(user, auth=self.auth)
self.public_node.remove_contributor(user, auth=self.auth)
res = self.app.get('/{}nodes/{}/linked_nodes/'.format(
API_BASE, new_linking_node._id),
auth=user.auth)
nodes_returned = [
linked_node['id'] for linked_node in res.json['data']
]
assert_equal(len(nodes_returned), len(self.node_ids) - 1)
assert_in(self.linked_node._id, nodes_returned)
assert_in(self.public_node._id, nodes_returned)
assert_not_in(self.linked_node2._id, nodes_returned)
def test_linked_nodes_doesnt_return_deleted_nodes(self):
self.linked_node.is_deleted = True
self.linked_node.save()
res = self.app.get(self.url, auth=self.user.auth)
assert_equal(res.status_code, 200)
nodes_returned = [
linked_node['id'] for linked_node in res.json['data']
]
assert_equal(len(nodes_returned), len(self.node_ids) - 1)
assert_not_in(self.linked_node._id, nodes_returned)
assert_in(self.linked_node2._id, nodes_returned)
assert_in(self.public_node._id, nodes_returned)
def test_attempt_to_return_linked_nodes_logged_out(self):
res = self.app.get(self.url, auth=None, expect_errors=True)
assert_equal(res.status_code, 401)
def contributor_node(self, user, contributor):
contributor_node = NodeFactory(creator=contributor)
contributor_node.add_contributor(user, auth=Auth(contributor))
contributor_node.save()
return contributor_node
def node_contrib(self, user, user_two):
node_contrib = NodeFactory(creator=user_two)
node_contrib.add_contributor(user, auth=Auth(user_two))
node_contrib.save()
return node_contrib
def node_contrib(self, user, user_two):
node_contrib = NodeFactory(creator=user_two)
node_contrib.add_contributor(user, auth=Auth(user_two))
node_contrib.save()
return node_contrib
