def test_list_submissions_permissions(database, monkeypatch):
"""Verify that the user must be in the same CGAC group, the submission's
owner, or website admin to see the submission"""
cgac1, cgac2 = CGACFactory(), CGACFactory()
user1, user2 = UserFactory.with_cgacs(cgac1), UserFactory()
database.session.add_all([cgac1, cgac2, user1, user2])
database.session.commit()
sub = SubmissionFactory(user_id=user2.user_id, cgac_code=cgac2.cgac_code, publish_status_id=1)
database.session.add(sub)
database.session.commit()
monkeypatch.setattr(fileHandler, 'g', Mock(user=user1))
assert list_submissions_result()['total'] == 0
user1.affiliations[0].cgac = cgac2
database.session.commit()
assert list_submissions_result()['total'] == 1
user1.affiliations = []
database.session.commit()
assert list_submissions_result()['total'] == 0
sub.user_id = user1.user_id
database.session.commit()
assert list_submissions_result()['total'] == 1
sub.user_id = user2.user_id
database.session.commit()
assert list_submissions_result()['total'] == 0
user1.website_admin = True
database.session.commit()
assert list_submissions_result()['total'] == 1
def test_list_submissions_permissions(database, monkeypatch):
"""Verify that the user must be in the same CGAC group, the submission's
owner, or website admin to see the submission"""
cgac1, cgac2 = CGACFactory(), CGACFactory()
user1, user2 = UserFactory.with_cgacs(cgac1), UserFactory()
database.session.add_all([cgac1, cgac2, user1, user2])
database.session.commit()
sub = SubmissionFactory(user_id=user2.user_id,
cgac_code=cgac2.cgac_code,
publish_status_id=1)
database.session.add(sub)
database.session.commit()
monkeypatch.setattr(fileHandler, 'g', Mock(user=user1))
assert list_submissions_result()['total'] == 0
user1.affiliations[0].cgac = cgac2
database.session.commit()
assert list_submissions_result()['total'] == 1
user1.affiliations = []
database.session.commit()
assert list_submissions_result()['total'] == 0
sub.user_id = user1.user_id
database.session.commit()
assert list_submissions_result()['total'] == 1
sub.user_id = user2.user_id
database.session.commit()
assert list_submissions_result()['total'] == 0
user1.website_admin = True
database.session.commit()
assert list_submissions_result()['total'] == 1
def test_current_user_can_on_submission(monkeypatch, database):
submission = SubmissionFactory()
user = UserFactory()
database.session.add_all([submission, user])
database.session.commit()
current_user_can = Mock()
monkeypatch.setattr(permissions, 'g', Mock(user=user))
monkeypatch.setattr(permissions, 'current_user_can', current_user_can)
current_user_can.return_value = True
assert permissions.current_user_can_on_submission('reader', submission)
current_user_can.return_value = False
assert not permissions.current_user_can_on_submission('reader', submission)
submission.user_id = user.user_id
assert permissions.current_user_can_on_submission('reader', submission)
def test_current_user_can_on_submission(monkeypatch, database):
submission = SubmissionFactory()
user = UserFactory()
database.session.add_all([submission, user])
database.session.commit()
current_user_can = Mock()
monkeypatch.setattr(permissions, 'g', Mock(user=user))
monkeypatch.setattr(permissions, 'current_user_can', current_user_can)
current_user_can.return_value = True
assert permissions.current_user_can_on_submission('reader', submission)
current_user_can.return_value = False
assert not permissions.current_user_can_on_submission('reader', submission)
submission.user_id = user.user_id
assert permissions.current_user_can_on_submission('reader', submission)
