def test_experiment_lock_reacquire_ok(user_api_client, experiment_factory, user):
experiment = experiment_factory(lock_owner=user)
resp = user_api_client(project=experiment.project).post(
f'/api/v1/experiments/{experiment.id}/lock'
)
if not has_review_perm(get_perms(user, experiment.project)):
assert resp.status_code == 401
else:
assert resp.status_code == 200
def test_experiment_lock_acquire(user_api_client, experiment, user):
resp = user_api_client(project=experiment.project).post(
f'/api/v1/experiments/{experiment.id}/lock')
if not has_review_perm(get_perms(user, experiment.project)):
assert resp.status_code == 401
else:
assert resp.status_code == 200
experiment.refresh_from_db()
assert experiment.lock_owner == user
def test_experiment_lock_release(user_api_client, experiment_factory, user):
experiment = experiment_factory(lock_owner=user)
resp = user_api_client(project=experiment.project).delete(
f'/api/v1/experiments/{experiment.id}/lock')
if not has_review_perm(get_perms(user, experiment.project)):
assert resp.status_code == 401
else:
assert resp.status_code == 200
experiment.refresh_from_db()
assert experiment.lock_owner is None
def test_create_scan_decision_without_lock_fails(user_api_client, scan, user):
resp = user_api_client().post(
'/api/v1/scan-decisions',
data={
'scan': scan.id,
'decision': 'U',
},
)
if not has_review_perm(get_perms(user, scan.experiment.project)):
assert resp.status_code == 401
else:
assert resp.status_code == 403
assert resp.data['detail'] == 'You must lock the experiment before performing this action.'
def test_experiment_lock_denied(user_api_client, experiment_factory, user_factory, user):
owner = user_factory()
experiment = experiment_factory(lock_owner=owner)
resp = user_api_client(project=experiment.project).post(
f'/api/v1/experiments/{experiment.id}/lock'
)
if not has_review_perm(get_perms(user, experiment.project)):
assert resp.status_code == 401
else:
assert resp.status_code == 409
experiment.refresh_from_db()
assert experiment.lock_owner == owner
def test_project_settings_put(user_api_client, project, user, global_import_export):
user_api_client = user_api_client()
my_perms = get_perms(user, project)
new_perms = {
'collaborator': [user.username] if 'collaborator' in my_perms else [],
'tier_1_reviewer': [user.username] if 'tier_1_reviewer' in my_perms else [],
'tier_2_reviewer': [user.username] if 'tier_2_reviewer' in my_perms else [],
}
resp = user_api_client.put(
f'/api/v1/projects/{project.id}/settings',
data={
'importPath': '/new/fake/path',
'exportPath': '/new/fake/path',
'globalImportExport': global_import_export,
'permissions': new_perms,
},
)
if not user.is_superuser:
assert resp.status_code == 401
else:
expected_perms = {
'collaborator': [UserSerializer(user).data]
if 'collaborator' in my_perms
and 'tier_1_reviewer' not in my_perms
and 'tier_2_reviewer' not in my_perms
else [],
'tier_1_reviewer': [UserSerializer(user).data]
if 'tier_1_reviewer' not in my_perms and 'tier_2_reviewer' not in my_perms
else [],
'tier_2_reviewer': [UserSerializer(user).data] if 'tier_2_reviewer' in my_perms else [],
}
assert resp.status_code == 200
assert user_api_client.get(f'/api/v1/projects/{project.id}/settings').data == {
'importPath': '/new/fake/path',
'exportPath': '/new/fake/path',
'globalImportExport': global_import_export,
'permissions': expected_perms,
}
my_new_perms = get_perms(user, project)
if 'collaborator' in my_perms:
assert has_read_perm(my_new_perms)
elif 'tier_1_reviewer' in my_perms or 'tier_2_reviewer' in my_perms:
assert has_review_perm(my_new_perms)
def test_create_scan_decision_with_lock(user_api_client, scan, user):
scan.experiment.lock_owner = user
scan.experiment.save(update_fields=['lock_owner'])
resp = user_api_client().post(
'/api/v1/scan-decisions',
data={
'scan': scan.id,
'decision': 'U',
'note': '',
},
)
if not has_review_perm(get_perms(user, scan.experiment.project)):
assert resp.status_code == 401
else:
assert resp.status_code == 201
decisions = scan.decisions.all()
assert len(decisions) == 1
assert decisions[0].decision == 'U'
