def test_update_collection_not_found(api, collection_batch_no_projects, collection_auth): scopes = [ODPScope.COLLECTION_ADMIN] authorized = collection_auth == CollectionAuth.NONE if collection_auth == CollectionAuth.NONE: api_client_collection = None else: api_client_collection = collection_batch_no_projects[2] collection = collection_build(id='foo') r = api(scopes, api_client_collection).put('/collection/', json=dict( id=collection.id, name=collection.name, doi_key=collection.doi_key, provider_id=collection.provider_id, )) if authorized: assert_not_found(r) else: assert_forbidden(r) assert_db_state(collection_batch_no_projects) assert_no_audit_log()
def test_update_role_not_found(api, role_batch, collection_auth): scopes = [ODPScope.ROLE_ADMIN] authorized = collection_auth in (CollectionAuth.NONE, CollectionAuth.MATCH) if collection_auth == CollectionAuth.MATCH: api_client_collection = role_batch[2].collection elif collection_auth == CollectionAuth.MISMATCH: api_client_collection = role_batch[1].collection else: api_client_collection = None if collection_auth in (CollectionAuth.MATCH, CollectionAuth.MISMATCH): modified_role_collection = role_batch[2].collection else: modified_role_collection = None role = role_build( id='foo', collection=modified_role_collection, ) r = api(scopes, api_client_collection).put('/role/', json=dict( id=role.id, scope_ids=scope_ids(role), collection_id=role.collection_id, )) if authorized: assert_not_found(r) else: assert_forbidden(r) assert_db_state(role_batch)
def test_update_provider_not_found(api, provider_batch): scopes = [ODPScope.PROVIDER_ADMIN] provider = provider_build(id='foo') r = api(scopes).put('/provider/', json=dict( id=provider.id, name=provider.name, )) assert_not_found(r) assert_db_state(provider_batch)
def test_update_project_not_found(api, project_batch): scopes = [ODPScope.PROJECT_ADMIN] project = project_build(id='foo') r = api(scopes).put('/project/', json=dict( id=project.id, name=project.name, collection_ids=collection_ids(project), )) assert_not_found(r) assert_db_state(project_batch)
def test_delete_role_not_found(api, role_batch, collection_auth): scopes = [ODPScope.ROLE_ADMIN] if collection_auth == CollectionAuth.NONE: api_client_collection = None else: api_client_collection = role_batch[2].collection r = api(scopes, api_client_collection).delete('/role/foo') assert_not_found(r) assert_db_state(role_batch)
def test_get_record_not_found(api, record_batch, collection_auth): scopes = [ODPScope.RECORD_READ] if collection_auth == CollectionAuth.NONE: api_client_collection = None else: api_client_collection = record_batch[2].collection r = api(scopes, api_client_collection).get('/record/foo') assert_not_found(r) assert_db_state(record_batch) assert_no_audit_log()
def test_delete_record_not_found(api, record_batch, admin, collection_auth): route = '/record/admin/' if admin else '/record/' scopes = [ODPScope.RECORD_ADMIN] if admin else [ODPScope.RECORD_WRITE] if collection_auth == CollectionAuth.NONE: api_client_collection = None else: api_client_collection = record_batch[2].collection r = api(scopes, api_client_collection).delete(f'{route}foo') assert_not_found(r) assert_db_state(record_batch) assert_no_audit_log()
def test_delete_client_not_found(api, client_batch, collection_auth): scopes = [ODPScope.CLIENT_ADMIN] if collection_auth == CollectionAuth.NONE: api_client_collection = None else: api_client_collection = client_batch[2].collection r = api(scopes, api_client_collection).delete('/client/foo') # we can't get a forbidden, regardless of collection auth, because # if the client is not found, there is no collection to compare with assert_not_found(r) assert_db_state(client_batch)
def test_update_record_not_found(api, record_batch, admin, collection_auth): # if not found on the admin route, the record is created! route = '/record/admin/' if admin else '/record/' scopes = [ODPScope.RECORD_ADMIN] if admin else [ODPScope.RECORD_WRITE] authorized = collection_auth in (CollectionAuth.NONE, CollectionAuth.MATCH) if collection_auth == CollectionAuth.MATCH: api_client_collection = record_batch[2].collection elif collection_auth == CollectionAuth.MISMATCH: api_client_collection = record_batch[1].collection else: api_client_collection = None if collection_auth in (CollectionAuth.MATCH, CollectionAuth.MISMATCH): modified_record_collection = record_batch[2].collection else: modified_record_collection = None # new collection modified_record_batch = record_batch + [ record := record_build( id=str(uuid.uuid4()), collection=modified_record_collection, ) ] r = api(scopes, api_client_collection).put(route + record.id, json=dict( doi=record.doi, sid=record.sid, collection_id=record.collection_id, schema_id=record.schema_id, metadata=record.metadata_, )) if authorized: if admin: assert_json_record_result(r, r.json(), record) assert_db_state(modified_record_batch) assert_audit_log('insert', record) else: assert_not_found(r) assert_db_state(record_batch) assert_no_audit_log() else: assert_forbidden(r) assert_db_state(record_batch) assert_no_audit_log()
def test_update_user_not_found(api, user_batch): scopes = [ODPScope.USER_ADMIN] user = UserFactory.build( id='foo', name=user_batch[2].name, email=user_batch[2].email, verified=user_batch[2].verified, roles=RoleFactory.create_batch(randint(0, 3)), ) r = api(scopes).put('/user/', json=dict( id=user.id, active=user.active, role_ids=role_ids(user), )) assert_not_found(r) assert_db_state(user_batch)
def test_delete_collection_not_found(api, collection_batch, collection_auth): scopes = [ODPScope.COLLECTION_ADMIN] authorized = collection_auth == CollectionAuth.NONE if collection_auth == CollectionAuth.NONE: api_client_collection = None else: api_client_collection = collection_batch[2] r = api(scopes, api_client_collection).delete('/collection/foo') if authorized: assert_not_found(r) else: assert_forbidden(r) assert_db_state(collection_batch) assert_no_audit_log()
def test_update_client_not_found(api, client_batch, collection_auth): scopes = [ODPScope.CLIENT_ADMIN] authorized = collection_auth in (CollectionAuth.NONE, CollectionAuth.MATCH) if collection_auth == CollectionAuth.MATCH: api_client_collection = client_batch[2].collection elif collection_auth == CollectionAuth.MISMATCH: api_client_collection = client_batch[1].collection else: api_client_collection = None if collection_auth in (CollectionAuth.MATCH, CollectionAuth.MISMATCH): modified_client_collection = client_batch[2].collection else: modified_client_collection = None client = client_build( id='foo', collection=modified_client_collection, ) r = api(scopes, api_client_collection).put( '/client/', json=dict( id=client.id, name=fake.catch_phrase(), secret=fake.password(), scope_ids=scope_ids(client), collection_id=client.collection_id, grant_types=[], response_types=[], redirect_uris=[], post_logout_redirect_uris=[], token_endpoint_auth_method=TokenEndpointAuthMethod. CLIENT_SECRET_BASIC, allowed_cors_origins=[], )) if authorized: assert_not_found(r) else: assert_forbidden(r) assert_db_state(client_batch)
def test_get_user_not_found(api, user_batch): scopes = [ODPScope.USER_READ] r = api(scopes).get('/user/foo') assert_not_found(r) assert_db_state(user_batch)
def test_delete_user_not_found(api, user_batch): scopes = [ODPScope.USER_ADMIN] r = api(scopes).delete('/user/foo') assert_not_found(r) assert_db_state(user_batch)
def test_get_tag_not_found(api, tag_batch): scopes = [ODPScope.TAG_READ] r = api(scopes).get('/tag/foo') assert_not_found(r) assert_db_state(tag_batch)
def test_get_project_not_found(api, project_batch): scopes = [ODPScope.PROJECT_READ] r = api(scopes).get('/project/foo') assert_not_found(r) assert_db_state(project_batch)
def test_delete_provider_not_found(api, provider_batch): scopes = [ODPScope.PROVIDER_ADMIN] r = api(scopes).delete('/provider/foo') assert_not_found(r) assert_db_state(provider_batch)
def test_delete_project_not_found(api, project_batch): scopes = [ODPScope.PROJECT_ADMIN] r = api(scopes).delete('/project/foo') assert_not_found(r) assert_db_state(project_batch)
def test_get_schema_not_found(api, schema_batch): scopes = [ODPScope.SCHEMA_READ] r = api(scopes).get('/schema/foo') assert_not_found(r) assert_db_state(schema_batch)
def test_get_catalog_not_found(api, catalog_batch): scopes = [ODPScope.CATALOG_READ] r = api(scopes).get('/catalog/foo') assert_not_found(r) assert_db_state(catalog_batch)
def test_get_provider_not_found(api, provider_batch): scopes = [ODPScope.PROVIDER_READ] r = api(scopes).get('/provider/foo') assert_not_found(r) assert_db_state(provider_batch)