def test_cancelling_registration_approval_deletes_component_registrations(self): component = NodeFactory( creator=self.user, parent=self.project, title='Component' ) NodeFactory( creator=self.user, parent=component, title='Subcomponent' ) project_registration = RegistrationFactory(project=self.project) component_registration = project_registration.nodes[0] subcomponent_registration = component_registration.nodes[0] project_registration.require_approval( self.user ) project_registration.save() rejection_token = project_registration.registration_approval.approval_state[self.user._id]['rejection_token'] project_registration.registration_approval.reject(self.user, rejection_token) assert_equal(project_registration.registration_approval.state, Sanction.REJECTED) assert_true(project_registration.is_deleted) assert_true(component_registration.is_deleted) assert_true(subcomponent_registration.is_deleted)
def test_rejecting_embargo_for_existing_registration_does_not_deleted_component_registrations(self): component = NodeFactory( creator=self.user, parent=self.project, title='Component' ) subcomponent = NodeFactory( creator=self.user, parent=component, title='Subcomponent' ) project_registration = RegistrationFactory(project=self.project) component_registration = project_registration.nodes[0] subcomponent_registration = component_registration.nodes[0] project_registration.embargo_registration( self.user, datetime.datetime.utcnow() + datetime.timedelta(days=10), for_existing_registration=True ) rejection_token = project_registration.embargo.approval_state[self.user._id]['rejection_token'] project_registration.embargo.disapprove_embargo(self.user, rejection_token) project_registration.save() assert_equal(project_registration.embargo.state, Embargo.REJECTED) assert_false(project_registration.is_deleted) assert_false(component_registration.is_deleted) assert_false(subcomponent_registration.is_deleted)
def test_rejecting_embargo_for_existing_registration_does_not_deleted_component_registrations( self): component = NodeFactory(creator=self.user, parent=self.project, title='Component') subcomponent = NodeFactory(creator=self.user, parent=component, title='Subcomponent') project_registration = RegistrationFactory(project=self.project) component_registration = project_registration.nodes[0] subcomponent_registration = component_registration.nodes[0] project_registration.embargo_registration( self.user, datetime.datetime.utcnow() + datetime.timedelta(days=10), for_existing_registration=True) rejection_token = project_registration.embargo.approval_state[ self.user._id]['rejection_token'] project_registration.embargo.disapprove_embargo( self.user, rejection_token) project_registration.save() assert_equal(project_registration.embargo.state, Embargo.REJECTED) assert_false(project_registration.is_deleted) assert_false(component_registration.is_deleted) assert_false(subcomponent_registration.is_deleted)
def test_cannot_access_retracted_registrations_list(self): registration = RegistrationFactory(creator=self.user, project=self.public_project) retraction = RetractedRegistrationFactory(registration=registration, user=registration.creator) registration.save() url = '/{}nodes/{}/registrations/'.format(API_BASE, registration._id) res = self.app.get(url, auth=self.user.auth, expect_errors=True) assert_equal(res.status_code, 404)
def test_is_public_node_register_page(self): self.node.is_public = True self.node.save() reg = RegistrationFactory(project=self.node) reg.is_public = True reg.save() url = reg.web_url_for('node_register_page') res = self.app.get(url, auth=None) assert_equal(res.status_code, http.OK)
class RegistrationWithChildNodesEmbargoModelTestCase(OsfTestCase): def setUp(self): super(RegistrationWithChildNodesEmbargoModelTestCase, self).setUp() self.user = AuthUserFactory() self.auth = self.user.auth self.valid_embargo_end_date = datetime.datetime.utcnow() + datetime.timedelta(days=3) self.project = ProjectFactory(title="Root", is_public=False, creator=self.user) self.component = NodeFactory(creator=self.user, parent=self.project, title="Component") self.subproject = ProjectFactory(creator=self.user, parent=self.project, title="Subproject") self.subproject_component = NodeFactory(creator=self.user, parent=self.subproject, title="Subcomponent") self.registration = RegistrationFactory(project=self.project) # Reload the registration; else tests won't catch failures to save self.registration.reload() def test_approval_embargoes_descendant_nodes(self): # Initiate embargo for parent registration self.registration.embargo_registration(self.user, self.valid_embargo_end_date) self.registration.save() assert_true(self.registration.is_pending_embargo) # Ensure descendant nodes are pending embargo descendants = self.registration.get_descendants_recursive() for node in descendants: assert_true(node.is_pending_embargo) # Approve parent registration's embargo approval_token = self.registration.embargo.approval_state[self.user._id]["approval_token"] self.registration.embargo.approve_embargo(self.user, approval_token) assert_true(self.registration.embargo.embargo_end_date) # Ensure descendant nodes are in embargo descendants = self.registration.get_descendants_recursive() for node in descendants: assert_true(node.embargo_end_date) def test_disapproval_cancels_embargo_on_descendant_nodes(self): # Initiate embargo on parent registration self.registration.embargo_registration(self.user, self.valid_embargo_end_date) self.registration.save() assert_true(self.registration.is_pending_embargo) # Ensure descendant nodes are pending embargo descendants = self.registration.get_descendants_recursive() for node in descendants: assert_true(node.is_pending_embargo) # Disapprove parent registration's embargo rejection_token = self.registration.embargo.approval_state[self.user._id]["rejection_token"] self.registration.embargo.disapprove_embargo(self.user, rejection_token) assert_false(self.registration.is_pending_embargo) assert_equal(self.registration.embargo.state, Embargo.REJECTED) # Ensure descendant nodes' embargoes are cancelled descendants = self.registration.get_descendants_recursive() for node in descendants: assert_false(node.is_pending_embargo) assert_false(node.embargo_end_date)
def test_get_node_name(self): user = UserFactory() auth = Auth(user=user) another_user = UserFactory() another_auth = Auth(user=another_user) # Public (Can View) public_project = ProjectFactory(is_public=True) collector = rubeus.NodeFileCollector(node=public_project, auth=another_auth) node_name = u'{0}: {1}'.format( public_project.project_or_component.capitalize(), sanitize.unescape_entities(public_project.title)) assert_equal(collector._get_node_name(public_project), node_name) # Private (Can't View) registration_private = RegistrationFactory(creator=user) registration_private.is_public = False registration_private.save() collector = rubeus.NodeFileCollector(node=registration_private, auth=another_auth) assert_equal(collector._get_node_name(registration_private), u'Private Registration') content = ProjectFactory(creator=user) node = ProjectFactory(creator=user) forked_private = node.fork_node(auth=auth) forked_private.is_public = False forked_private.save() collector = rubeus.NodeFileCollector(node=forked_private, auth=another_auth) assert_equal(collector._get_node_name(forked_private), u'Private Fork') pointer_private = node.add_pointer(content, auth=auth) pointer_private.is_public = False pointer_private.save() collector = rubeus.NodeFileCollector(node=pointer_private, auth=another_auth) assert_equal(collector._get_node_name(pointer_private), u'Private Link') private_project = ProjectFactory(is_public=False) collector = rubeus.NodeFileCollector(node=private_project, auth=another_auth) assert_equal(collector._get_node_name(private_project), u'Private Component') private_node = NodeFactory(is_public=False) collector = rubeus.NodeFileCollector(node=private_node, auth=another_auth) assert_equal(collector._get_node_name(private_node), u'Private Component')
def test_check_draft_state_registered_and_deleted_and_approved(self): reg = RegistrationFactory() self.draft.registered_node = reg self.draft.save() reg.is_deleted = True reg.save() with mock.patch('website.project.model.DraftRegistration.is_approved', mock.PropertyMock(return_value=True)): try: draft_views.check_draft_state(self.draft) except HTTPError: self.fail()
def test_GET_disapprove_with_valid_token_returns_redirect_to_parent(self): project = ProjectFactory(creator=self.user) registration = RegistrationFactory(project=project) registration.embargo_registration(self.user, datetime.datetime.utcnow() + datetime.timedelta(days=10)) registration.save() assert_true(registration.is_pending_embargo) rejection_token = registration.embargo.approval_state[self.user._id]["rejection_token"] res = self.app.get(registration.web_url_for("view_project", token=rejection_token), auth=self.user.auth) registration.embargo.reload() assert_equal(registration.embargo.state, Embargo.REJECTED) assert_false(registration.is_pending_embargo) assert_equal(res.status_code, 302)
def test_draft_with_deleted_registered_node_shows_up_in_draft_list(self): reg = RegistrationFactory(project=self.public_project) self.draft_registration.registered_node = reg self.draft_registration.save() reg.is_deleted = True reg.save() res = self.app.get(self.url, auth=self.user.auth) assert_equal(res.status_code, 200) data = res.json["data"] assert_equal(len(data), 1) assert_equal(data[0]["attributes"]["registration_supplement"], self.schema._id) assert_equal(data[0]["id"], self.draft_registration._id) assert_equal(data[0]["attributes"]["registration_metadata"], {})
def test_draft_with_deleted_registered_node_shows_up_in_draft_list(self): reg = RegistrationFactory(project=self.public_project) self.draft_registration.registered_node = reg self.draft_registration.save() reg.is_deleted = True reg.save() res = self.app.get(self.url, auth=self.user.auth) assert_equal(res.status_code, 200) data = res.json['data'] assert_equal(len(data), 1) assert_equal(data[0]['attributes']['registration_supplement'], self.schema._id) assert_equal(data[0]['id'], self.draft_registration._id) assert_equal(data[0]['attributes']['registration_metadata'], {})
class TestMetadataGeneration(OsfTestCase): def setUp(self): OsfTestCase.setUp(self) self.visible_contrib = AuthUserFactory() visible_contrib2 = AuthUserFactory(given_name=u'ヽ༼ ಠ益ಠ ༽ノ', family_name=u'ლ(´◉❥◉`ლ)') self.invisible_contrib = AuthUserFactory() self.node = RegistrationFactory(is_public=True) self.identifier = Identifier(referent=self.node, category='catid', value='cat:7') self.node.add_contributor(self.visible_contrib, visible=True) self.node.add_contributor(self.invisible_contrib, visible=False) self.node.add_contributor(visible_contrib2, visible=True) self.node.save() def test_metadata_for_node_only_includes_visible_contribs(self): metadata_xml = datacite_metadata_for_node(self.node, doi=self.identifier.value) # includes visible contrib name assert_in( u'{}, {}'.format(self.visible_contrib.family_name, self.visible_contrib.given_name), metadata_xml) # doesn't include invisible contrib name assert_not_in(self.invisible_contrib.family_name, metadata_xml) assert_in(self.identifier.value, metadata_xml) def test_metadata_for_node_has_correct_structure(self): metadata_xml = datacite_metadata_for_node(self.node, doi=self.identifier.value) root = lxml.etree.fromstring(metadata_xml) xsi_location = '{http://www.w3.org/2001/XMLSchema-instance}schemaLocation' expected_location = 'http://datacite.org/schema/kernel-3 http://schema.datacite.org/meta/kernel-3/metadata.xsd' assert_equal(root.attrib[xsi_location], expected_location) identifier = root.find('{%s}identifier' % metadata.NAMESPACE) assert_equal(identifier.attrib['identifierType'], 'DOI') assert_equal(identifier.text, self.identifier.value) creators = root.find('{%s}creators' % metadata.NAMESPACE) assert_equal(len(creators.getchildren()), len(self.node.visible_contributors)) publisher = root.find('{%s}publisher' % metadata.NAMESPACE) assert_equal(publisher.text, 'Open Science Framework') pub_year = root.find('{%s}publicationYear' % metadata.NAMESPACE) assert_equal(pub_year.text, str(self.node.registered_date.year))
def test_cancelling_embargo_deletes_component_registrations(self): component = NodeFactory(creator=self.user, parent=self.project, title="Component") subcomponent = NodeFactory(creator=self.user, parent=component, title="Subcomponent") project_registration = RegistrationFactory(project=self.project) component_registration = project_registration.nodes[0] subcomponent_registration = component_registration.nodes[0] project_registration.embargo_registration(self.user, datetime.datetime.utcnow() + datetime.timedelta(days=10)) project_registration.save() rejection_token = project_registration.embargo.approval_state[self.user._id]["rejection_token"] project_registration.embargo.disapprove_embargo(self.user, rejection_token) assert_equal(project_registration.embargo.state, Embargo.REJECTED) assert_true(project_registration.is_deleted) assert_true(component_registration.is_deleted) assert_true(subcomponent_registration.is_deleted)
class TestMetadataGeneration(OsfTestCase): def setUp(self): OsfTestCase.setUp(self) self.visible_contrib = AuthUserFactory() visible_contrib2 = AuthUserFactory(given_name=u'ヽ༼ ಠ益ಠ ༽ノ', family_name=u'ლ(´◉❥◉`ლ)') self.invisible_contrib = AuthUserFactory() self.node = RegistrationFactory(is_public=True) self.identifier = Identifier(referent=self.node, category='catid', value='cat:7') self.node.add_contributor(self.visible_contrib, visible=True) self.node.add_contributor(self.invisible_contrib, visible=False) self.node.add_contributor(visible_contrib2, visible=True) self.node.save() def test_metadata_for_node_only_includes_visible_contribs(self): metadata_xml = datacite_metadata_for_node(self.node, doi=self.identifier.value) # includes visible contrib name assert_in(u'{}, {}'.format( self.visible_contrib.family_name, self.visible_contrib.given_name), metadata_xml) # doesn't include invisible contrib name assert_not_in(self.invisible_contrib.family_name, metadata_xml) assert_in(self.identifier.value, metadata_xml) def test_metadata_for_node_has_correct_structure(self): metadata_xml = datacite_metadata_for_node(self.node, doi=self.identifier.value) root = lxml.etree.fromstring(metadata_xml) xsi_location = '{http://www.w3.org/2001/XMLSchema-instance}schemaLocation' expected_location = 'http://datacite.org/schema/kernel-3 http://schema.datacite.org/meta/kernel-3/metadata.xsd' assert_equal(root.attrib[xsi_location], expected_location) identifier = root.find('{%s}identifier' % metadata.NAMESPACE) assert_equal(identifier.attrib['identifierType'], 'DOI') assert_equal(identifier.text, self.identifier.value) creators = root.find('{%s}creators' % metadata.NAMESPACE) assert_equal(len(creators.getchildren()), len(self.node.visible_contributors)) publisher = root.find('{%s}publisher' % metadata.NAMESPACE) assert_equal(publisher.text, 'Open Science Framework') pub_year = root.find('{%s}publicationYear' % metadata.NAMESPACE) assert_equal(pub_year.text, str(self.node.registered_date.year))
def test_GET_disapprove_with_valid_token_returns_redirect_to_parent(self): project = ProjectFactory(creator=self.user) registration = RegistrationFactory(project=project) registration.embargo_registration( self.user, datetime.datetime.utcnow() + datetime.timedelta(days=10)) registration.save() assert_true(registration.is_pending_embargo) rejection_token = registration.embargo.approval_state[ self.user._id]['rejection_token'] res = self.app.get( registration.web_url_for('view_project', token=rejection_token), auth=self.user.auth, ) registration.embargo.reload() assert_equal(registration.embargo.state, Embargo.REJECTED) assert_false(registration.is_pending_embargo) assert_equal(res.status_code, 302)
def test_get_node_name(self): user = UserFactory() auth = Auth(user=user) another_user = UserFactory() another_auth = Auth(user=another_user) # Public (Can View) public_project = ProjectFactory(is_public=True) collector = rubeus.NodeFileCollector(node=public_project, auth=another_auth) node_name = u"{0}: {1}".format( public_project.project_or_component.capitalize(), sanitize.unescape_entities(public_project.title) ) assert_equal(collector._get_node_name(public_project), node_name) # Private (Can't View) registration_private = RegistrationFactory(creator=user) registration_private.is_public = False registration_private.save() collector = rubeus.NodeFileCollector(node=registration_private, auth=another_auth) assert_equal(collector._get_node_name(registration_private), u"Private Registration") content = ProjectFactory(creator=user) node = ProjectFactory(creator=user) forked_private = node.fork_node(auth=auth) forked_private.is_public = False forked_private.save() collector = rubeus.NodeFileCollector(node=forked_private, auth=another_auth) assert_equal(collector._get_node_name(forked_private), u"Private Fork") pointer_private = node.add_pointer(content, auth=auth) pointer_private.is_public = False pointer_private.save() collector = rubeus.NodeFileCollector(node=pointer_private, auth=another_auth) assert_equal(collector._get_node_name(pointer_private), u"Private Link") private_project = ProjectFactory(is_public=False) collector = rubeus.NodeFileCollector(node=private_project, auth=another_auth) assert_equal(collector._get_node_name(private_project), u"Private Component") private_node = NodeFactory(is_public=False) collector = rubeus.NodeFileCollector(node=private_node, auth=another_auth) assert_equal(collector._get_node_name(private_node), u"Private Component")
def test_GET_disapprove_with_valid_token_returns_redirect_to_parent(self): project = ProjectFactory(creator=self.user) registration = RegistrationFactory(project=project) registration.embargo_registration( self.user, datetime.datetime.utcnow() + datetime.timedelta(days=10) ) registration.save() assert_true(registration.pending_embargo) disapproval_token = registration.embargo.approval_state[self.user._id]['disapproval_token'] res = self.app.get( registration.web_url_for('node_registration_embargo_disapprove', token=disapproval_token), auth=self.user.auth, ) registration.embargo.reload() assert_equal(registration.embargo.state, Embargo.CANCELLED) assert_false(registration.embargo_end_date) assert_false(registration.pending_embargo) assert_equal(res.status_code, 302) assert_true(project._id in res.location)
def test_GET_disapprove_with_valid(self): project = ProjectFactory(creator=self.user) registration = RegistrationFactory(project=project) registration.embargo_registration( self.user, datetime.datetime.utcnow() + datetime.timedelta(days=10) ) registration.save() assert_true(registration.is_pending_embargo) rejection_token = registration.embargo.approval_state[self.user._id]['rejection_token'] res = self.app.get( registration.registered_from.web_url_for('view_project', token=rejection_token), auth=self.user.auth, ) registration.embargo.reload() assert_equal(registration.embargo.state, Embargo.REJECTED) assert_false(registration.is_pending_embargo) assert_equal(res.status_code, 200) assert_equal(project.web_url_for('view_project'), res.request.path)
class TestInstitutionRegistrationList(ApiTestCase): def setUp(self): super(TestInstitutionRegistrationList, self).setUp() self.institution = InstitutionFactory() self.registration1 = RegistrationFactory(is_public=True, is_registration=True) self.registration1.primary_institution = self.institution self.registration1.save() self.user1 = AuthUserFactory() self.user2 = AuthUserFactory() self.registration2 = RegistrationFactory(creator=self.user1, is_public=False, is_registration=True) self.registration2.primary_institution = self.institution self.registration2.add_contributor(self.user2, auth=Auth(self.user1)) self.registration2.save() self.registration3 = RegistrationFactory(creator=self.user2, is_public=False, is_registration=True) self.registration3.primary_institution = self.institution self.registration3.save() self.institution_node_url = '/{0}institutions/{1}/registrations/'.format( API_BASE, self.institution._id) def test_return_all_public_nodes(self): res = self.app.get(self.institution_node_url) assert_equal(res.status_code, 200) ids = [each['id'] for each in res.json['data']] assert_in(self.registration1._id, ids) assert_not_in(self.registration2._id, ids) assert_not_in(self.registration3._id, ids) def test_return_private_nodes_with_auth(self): res = self.app.get(self.institution_node_url, auth=self.user1.auth) assert_equal(res.status_code, 200) ids = [each['id'] for each in res.json['data']] assert_in(self.registration1._id, ids) assert_in(self.registration2._id, ids) assert_not_in(self.registration3._id, ids) def test_return_private_nodes_mixed_auth(self): res = self.app.get(self.institution_node_url, auth=self.user2.auth) assert_equal(res.status_code, 200) ids = [each['id'] for each in res.json['data']] assert_in(self.registration1._id, ids) assert_in(self.registration2._id, ids) assert_in(self.registration3._id, ids)
class TestInstitutionRegistrationList(ApiTestCase): def setUp(self): super(TestInstitutionRegistrationList, self).setUp() self.institution = InstitutionFactory() self.registration1 = RegistrationFactory(is_public=True, is_registration=True) self.registration1.primary_institution = self.institution self.registration1.save() self.user1 = AuthUserFactory() self.user2 = AuthUserFactory() self.registration2 = RegistrationFactory(creator=self.user1, is_public=False, is_registration=True) self.registration2.primary_institution = self.institution self.registration2.add_contributor(self.user2, auth=Auth(self.user1)) self.registration2.save() self.registration3 = RegistrationFactory(creator=self.user2, is_public=False, is_registration=True) self.registration3.primary_institution = self.institution self.registration3.save() self.institution_node_url = '/{0}institutions/{1}/registrations/'.format(API_BASE, self.institution._id) def test_return_all_public_nodes(self): res = self.app.get(self.institution_node_url) assert_equal(res.status_code, 200) ids = [each['id'] for each in res.json['data']] assert_in(self.registration1._id, ids) assert_not_in(self.registration2._id, ids) assert_not_in(self.registration3._id, ids) def test_return_private_nodes_with_auth(self): res = self.app.get(self.institution_node_url, auth=self.user1.auth) assert_equal(res.status_code, 200) ids = [each['id'] for each in res.json['data']] assert_in(self.registration1._id, ids) assert_in(self.registration2._id, ids) assert_not_in(self.registration3._id, ids) def test_return_private_nodes_mixed_auth(self): res = self.app.get(self.institution_node_url, auth=self.user2.auth) assert_equal(res.status_code, 200) ids = [each['id'] for each in res.json['data']] assert_in(self.registration1._id, ids) assert_in(self.registration2._id, ids) assert_in(self.registration3._id, ids)
class TestNodeWikiList(ApiWikiTestCase): def _set_up_public_project_with_wiki_page(self): self.public_project = ProjectFactory(is_public=True, creator=self.user) self.public_wiki = self._add_project_wiki_page(self.public_project, self.user) self.public_url = '/{}nodes/{}/wikis/'.format(API_BASE, self.public_project._id) def _set_up_private_project_with_wiki_page(self): self.private_project = ProjectFactory(creator=self.user) self.private_wiki = self._add_project_wiki_page( self.private_project, self.user) self.private_url = '/{}nodes/{}/wikis/'.format( API_BASE, self.private_project._id) def _set_up_registration_with_wiki_page(self): self._set_up_private_project_with_wiki_page() self.registration = RegistrationFactory(project=self.private_project, user=self.user) self.registration_wiki_id = self.registration.wiki_pages_versions[ 'home'][0] self.registration.wiki_pages_current = { 'home': self.registration_wiki_id } self.registration.save() self.registration_url = '/{}registrations/{}/wikis/'.format( API_BASE, self.registration._id) def test_return_public_node_wikis_logged_out_user(self): self._set_up_public_project_with_wiki_page() res = self.app.get(self.public_url) assert_equal(res.status_code, 200) wiki_ids = [wiki['id'] for wiki in res.json['data']] assert_in(self.public_wiki._id, wiki_ids) def test_return_public_node_wikis_logged_in_non_contributor(self): self._set_up_public_project_with_wiki_page() res = self.app.get(self.public_url, auth=self.non_contributor.auth) assert_equal(res.status_code, 200) wiki_ids = [wiki['id'] for wiki in res.json['data']] assert_in(self.public_wiki._id, wiki_ids) def test_return_public_node_wikis_logged_in_contributor(self): self._set_up_public_project_with_wiki_page() res = self.app.get(self.public_url, auth=self.user.auth) assert_equal(res.status_code, 200) wiki_ids = [wiki['id'] for wiki in res.json['data']] assert_in(self.public_wiki._id, wiki_ids) def test_return_private_node_wikis_logged_out_user(self): self._set_up_private_project_with_wiki_page() res = self.app.get(self.private_url, expect_errors=True) assert_equal(res.status_code, 401) assert_equal(res.json['errors'][0]['detail'], 'Authentication credentials were not provided.') def test_return_private_node_wikis_logged_in_non_contributor(self): self._set_up_private_project_with_wiki_page() res = self.app.get(self.private_url, auth=self.non_contributor.auth, expect_errors=True) assert_equal(res.status_code, 403) assert_equal(res.json['errors'][0]['detail'], 'You do not have permission to perform this action.') def test_return_private_node_wikis_logged_in_contributor(self): self._set_up_private_project_with_wiki_page() res = self.app.get(self.private_url, auth=self.user.auth) assert_equal(res.status_code, 200) wiki_ids = [wiki['id'] for wiki in res.json['data']] assert_in(self.private_wiki._id, wiki_ids) def test_return_registration_wikis_logged_out_user(self): self._set_up_registration_with_wiki_page() res = self.app.get(self.registration_url, expect_errors=True) assert_equal(res.status_code, 401) assert_equal(res.json['errors'][0]['detail'], 'Authentication credentials were not provided.') def test_return_registration_wikis_logged_in_non_contributor(self): self._set_up_registration_with_wiki_page() res = self.app.get(self.registration_url, auth=self.non_contributor.auth, expect_errors=True) assert_equal(res.status_code, 403) assert_equal(res.json['errors'][0]['detail'], 'You do not have permission to perform this action.') def test_return_registration_wikis_logged_in_contributor(self): self._set_up_registration_with_wiki_page() res = self.app.get(self.registration_url, auth=self.user.auth) assert_equal(res.status_code, 200) wiki_ids = [wiki['id'] for wiki in res.json['data']] assert_in(self.registration_wiki_id, wiki_ids) def test_wikis_not_returned_for_withdrawn_registration(self): self._set_up_registration_with_wiki_page() self.registration.is_public = True withdrawal = self.registration.retract_registration(user=self.user, save=True) token = withdrawal.approval_state.values()[0]['approval_token'] withdrawal.approve_retraction(self.user, token) withdrawal.save() res = self.app.get(self.registration_url, auth=self.user.auth, expect_errors=True) assert_equal(res.status_code, 403) assert_equal(res.json['errors'][0]['detail'], 'You do not have permission to perform this action.')
class TestRegistrationRetractions(SearchTestCase): def setUp(self): super(TestRegistrationRetractions, self).setUp() self.user = UserFactory(usename='Doug Bogie') self.title = 'Red Special' self.consolidate_auth = Auth(user=self.user) self.project = ProjectFactory( title=self.title, creator=self.user, is_public=True, ) self.registration = RegistrationFactory(project=self.project, title=self.title, creator=self.user, is_public=True, is_registration=True) def test_retraction_is_searchable(self): self.registration.retract_registration(self.user) docs = query('category:registration AND ' + self.title)['results'] assert_equal(len(docs), 1) @mock.patch('website.project.model.Node.archiving', mock.PropertyMock(return_value=False)) def test_pending_retraction_wiki_content_is_searchable(self): # Add unique string to wiki wiki_content = {'home': 'public retraction test'} for key, value in wiki_content.items(): docs = query(value)['results'] assert_equal(len(docs), 0) self.registration.update_node_wiki( key, value, self.consolidate_auth, ) # Query and ensure unique string shows up docs = query(value)['results'] assert_equal(len(docs), 1) # Query and ensure registration does show up docs = query('category:registration AND ' + self.title)['results'] assert_equal(len(docs), 1) # Retract registration self.registration.retract_registration(self.user, '') self.registration.save() self.registration.reload() # Query and ensure unique string in wiki doesn't show up docs = query('category:registration AND "{}"'.format( wiki_content['home']))['results'] assert_equal(len(docs), 1) # Query and ensure registration does show up docs = query('category:registration AND ' + self.title)['results'] assert_equal(len(docs), 1) @mock.patch('website.project.model.Node.archiving', mock.PropertyMock(return_value=False)) def test_retraction_wiki_content_is_not_searchable(self): # Add unique string to wiki wiki_content = {'home': 'public retraction test'} for key, value in wiki_content.items(): docs = query(value)['results'] assert_equal(len(docs), 0) self.registration.update_node_wiki( key, value, self.consolidate_auth, ) # Query and ensure unique string shows up docs = query(value)['results'] assert_equal(len(docs), 1) # Query and ensure registration does show up docs = query('category:registration AND ' + self.title)['results'] assert_equal(len(docs), 1) # Retract registration self.registration.retract_registration(self.user, '') self.registration.retraction.state = 'retracted' self.registration.retraction.save() self.registration.save() self.registration.update_search() # Query and ensure unique string in wiki doesn't show up docs = query('category:registration AND "{}"'.format( wiki_content['home']))['results'] assert_equal(len(docs), 0) # Query and ensure registration does show up docs = query('category:registration AND ' + self.title)['results'] assert_equal(len(docs), 1)
class RegistrationEmbargoViewsTestCase(OsfTestCase): def setUp(self): super(RegistrationEmbargoViewsTestCase, self).setUp() ensure_schemas() self.user = AuthUserFactory() self.project = ProjectFactory(creator=self.user) self.registration = RegistrationFactory(project=self.project, creator=self.user) current_month = datetime.datetime.now().strftime("%B") current_year = datetime.datetime.now().strftime("%Y") self.valid_make_public_payload = json.dumps( { u"embargoEndDate": u"Fri, 01, {month} {year} 00:00:00 GMT".format( month=current_month, year=current_year ), u"registrationChoice": "immediate", u"summary": unicode(fake.sentence()), } ) valid_date = datetime.datetime.now() + datetime.timedelta(days=180) self.valid_embargo_payload = json.dumps( { u"embargoEndDate": unicode(valid_date.strftime("%a, %d, %B %Y %H:%M:%S")) + u" GMT", u"registrationChoice": "embargo", u"summary": unicode(fake.sentence()), } ) self.invalid_embargo_date_payload = json.dumps( { u"embargoEndDate": u"Thu, 01 {month} {year} 05:00:00 GMT".format( month=current_month, year=str(int(current_year) - 1) ), u"registrationChoice": "embargo", u"summary": unicode(fake.sentence()), } ) @mock.patch("framework.tasks.handlers.enqueue_task") def test_POST_register_make_public_immediately_creates_registration_approval(self, mock_enqueue): res = self.app.post( self.project.api_url_for("node_register_template_page_post", template=u"Open-Ended_Registration"), self.valid_make_public_payload, content_type="application/json", auth=self.user.auth, ) assert_equal(res.status_code, 201) registration = Node.find().sort("-registered_date")[0] assert_true(registration.is_registration) assert_not_equal(registration.registration_approval, None) # Regression test for https://openscience.atlassian.net/browse/OSF-5039 @mock.patch("framework.tasks.handlers.enqueue_task") def test_POST_register_make_public_immediately_creates_private_pending_registration_for_public_project( self, mock_enqueue ): public_project = ProjectFactory(is_public=True, creator=self.user) component = NodeFactory(creator=self.user, parent=public_project, title="Component", is_public=True) subproject = ProjectFactory(creator=self.user, parent=public_project, title="Subproject", is_public=True) subproject_component = NodeFactory(creator=self.user, parent=subproject, title="Subcomponent", is_public=True) res = self.app.post( public_project.api_url_for("node_register_template_page_post", template=u"Open-Ended_Registration"), self.valid_make_public_payload, content_type="application/json", auth=self.user.auth, ) public_project.reload() assert_equal(res.status_code, 201) # Last node directly registered from self.project registration = Node.load(public_project.node__registrations[-1]) assert_true(registration.is_registration) assert_false(registration.is_public) for node in registration.get_descendants_recursive(): assert_true(node.is_registration) assert_false(node.is_public) @mock.patch("framework.tasks.handlers.enqueue_task") def test_POST_register_make_public_does_not_make_children_public(self, mock_enqueue): component = NodeFactory(creator=self.user, parent=self.project, title="Component") subproject = ProjectFactory(creator=self.user, parent=self.project, title="Subproject") subproject_component = NodeFactory(creator=self.user, parent=subproject, title="Subcomponent") res = self.app.post( self.project.api_url_for("node_register_template_page_post", template=u"Open-Ended_Registration"), self.valid_make_public_payload, content_type="application/json", auth=self.user.auth, ) self.project.reload() # Last node directly registered from self.project registration = Node.load(self.project.node__registrations[-1]) assert_false(registration.is_public) for node in registration.get_descendants_recursive(): assert_true(node.is_registration) assert_false(node.is_public) @mock.patch("framework.tasks.handlers.enqueue_task") def test_POST_register_embargo_is_not_public(self, mock_enqueue): res = self.app.post( self.project.api_url_for("node_register_template_page_post", template=u"Open-Ended_Registration"), self.valid_embargo_payload, content_type="application/json", auth=self.user.auth, ) assert_equal(res.status_code, 201) registration = Node.find().sort("-registered_date")[0] assert_true(registration.is_registration) assert_false(registration.is_public) assert_true(registration.is_pending_embargo_for_existing_registration) assert_is_not_none(registration.embargo) # Regression test for https://openscience.atlassian.net/browse/OSF-5071 @mock.patch("framework.tasks.handlers.enqueue_task") def test_POST_register_embargo_does_not_make_project_or_children_public(self, mock_enqueue): public_project = ProjectFactory(creator=self.user, is_public=True) component = NodeFactory(creator=self.user, parent=public_project, title="Component", is_public=True) subproject = ProjectFactory(creator=self.user, parent=public_project, title="Subproject", is_public=True) subproject_component = NodeFactory(creator=self.user, parent=subproject, title="Subcomponent", is_public=True) res = self.app.post( public_project.api_url_for("node_register_template_page_post", template=u"Open-Ended_Registration"), self.valid_embargo_payload, content_type="application/json", auth=self.user.auth, ) public_project.reload() assert_equal(res.status_code, 201) # Last node directly registered from self.project registration = Node.load(public_project.node__registrations[-1]) assert_true(registration.is_registration) assert_false(registration.is_public) assert_true(registration.is_pending_embargo_for_existing_registration) assert_is_not_none(registration.embargo) for node in registration.get_descendants_recursive(): assert_true(node.is_registration) assert_false(node.is_public) @mock.patch("framework.tasks.handlers.enqueue_task") def test_POST_invalid_embargo_end_date_returns_HTTPBad_Request(self, mock_enqueue): res = self.app.post( self.project.api_url_for("node_register_template_page_post", template=u"Open-Ended_Registration"), self.invalid_embargo_date_payload, content_type="application/json", auth=self.user.auth, expect_errors=True, ) assert_equal(res.status_code, 400) @mock.patch("framework.tasks.handlers.enqueue_task") def test_valid_POST_embargo_adds_to_parent_projects_log(self, mock_enquque): initial_project_logs = len(self.project.logs) res = self.app.post( self.project.api_url_for("node_register_template_page_post", template=u"Open-Ended_Registration"), self.valid_embargo_payload, content_type="application/json", auth=self.user.auth, ) self.project.reload() # Logs: Created, registered, embargo initiated assert_equal(len(self.project.logs), initial_project_logs + 1) def test_non_contributor_GET_approval_returns_HTTPError(self): non_contributor = AuthUserFactory() self.registration.embargo_registration(self.user, datetime.datetime.utcnow() + datetime.timedelta(days=10)) self.registration.save() assert_true(self.registration.is_pending_embargo) approval_token = self.registration.embargo.approval_state[self.user._id]["approval_token"] approval_url = self.registration.web_url_for("view_project", token=approval_token) res = self.app.get(approval_url, auth=non_contributor.auth, expect_errors=True) assert_equal(http.FORBIDDEN, res.status_code) assert_true(self.registration.is_pending_embargo) assert_false(self.registration.embargo_end_date) def test_non_contributor_GET_disapproval_returns_HTTPError(self): non_contributor = AuthUserFactory() self.registration.embargo_registration(self.user, datetime.datetime.utcnow() + datetime.timedelta(days=10)) self.registration.save() assert_true(self.registration.is_pending_embargo) rejection_token = self.registration.embargo.approval_state[self.user._id]["rejection_token"] approval_url = self.registration.web_url_for("view_project", token=rejection_token) res = self.app.get(approval_url, auth=non_contributor.auth, expect_errors=True) assert_equal(http.FORBIDDEN, res.status_code) assert_true(self.registration.is_pending_embargo) assert_false(self.registration.embargo_end_date)
class RegistrationEmbargoViewsTestCase(OsfTestCase): def setUp(self): super(RegistrationEmbargoViewsTestCase, self).setUp() ensure_schemas() self.user = AuthUserFactory() self.project = ProjectFactory(creator=self.user) self.registration = RegistrationFactory(project=self.project, creator=self.user) current_month = datetime.datetime.now().strftime("%B") current_year = datetime.datetime.now().strftime("%Y") self.valid_make_public_payload = json.dumps({ u'embargoEndDate': u'Fri, 01, {month} {year} 00:00:00 GMT'.format(month=current_month, year=current_year), u'registrationChoice': 'immediate', u'summary': unicode(fake.sentence()) }) valid_date = datetime.datetime.now() + datetime.timedelta(days=180) self.valid_embargo_payload = json.dumps({ u'embargoEndDate': unicode(valid_date.strftime('%a, %d, %B %Y %H:%M:%S')) + u' GMT', u'registrationChoice': 'embargo', u'summary': unicode(fake.sentence()) }) self.invalid_embargo_date_payload = json.dumps({ u'embargoEndDate': u"Thu, 01 {month} {year} 05:00:00 GMT".format( month=current_month, year=str(int(current_year) - 1)), u'registrationChoice': 'embargo', u'summary': unicode(fake.sentence()) }) @mock.patch('framework.tasks.handlers.enqueue_task') def test_POST_register_make_public_immediately_creates_registration_approval( self, mock_enqueue): res = self.app.post(self.project.api_url_for( 'node_register_template_page_post', template=u'Open-Ended_Registration'), self.valid_make_public_payload, content_type='application/json', auth=self.user.auth) assert_equal(res.status_code, 201) registration = Node.find().sort('-registered_date')[0] assert_true(registration.is_registration) assert_not_equal(registration.registration_approval, None) # Regression test for https://openscience.atlassian.net/browse/OSF-5039 @mock.patch('framework.tasks.handlers.enqueue_task') def test_POST_register_make_public_immediately_creates_private_pending_registration_for_public_project( self, mock_enqueue): public_project = ProjectFactory(is_public=True, creator=self.user) component = NodeFactory(creator=self.user, parent=public_project, title='Component', is_public=True) subproject = ProjectFactory(creator=self.user, parent=public_project, title='Subproject', is_public=True) subproject_component = NodeFactory(creator=self.user, parent=subproject, title='Subcomponent', is_public=True) res = self.app.post(public_project.api_url_for( 'node_register_template_page_post', template=u'Open-Ended_Registration'), self.valid_make_public_payload, content_type='application/json', auth=self.user.auth) public_project.reload() assert_equal(res.status_code, 201) # Last node directly registered from self.project registration = Node.load(public_project.node__registrations[-1]) assert_true(registration.is_registration) assert_false(registration.is_public) for node in registration.get_descendants_recursive(): assert_true(node.is_registration) assert_false(node.is_public) @mock.patch('framework.tasks.handlers.enqueue_task') def test_POST_register_make_public_does_not_make_children_public( self, mock_enqueue): component = NodeFactory(creator=self.user, parent=self.project, title='Component') subproject = ProjectFactory(creator=self.user, parent=self.project, title='Subproject') subproject_component = NodeFactory(creator=self.user, parent=subproject, title='Subcomponent') res = self.app.post(self.project.api_url_for( 'node_register_template_page_post', template=u'Open-Ended_Registration'), self.valid_make_public_payload, content_type='application/json', auth=self.user.auth) self.project.reload() # Last node directly registered from self.project registration = Node.load(self.project.node__registrations[-1]) assert_false(registration.is_public) for node in registration.get_descendants_recursive(): assert_true(node.is_registration) assert_false(node.is_public) @mock.patch('framework.tasks.handlers.enqueue_task') def test_POST_register_embargo_is_not_public(self, mock_enqueue): res = self.app.post(self.project.api_url_for( 'node_register_template_page_post', template=u'Open-Ended_Registration'), self.valid_embargo_payload, content_type='application/json', auth=self.user.auth) assert_equal(res.status_code, 201) registration = Node.find().sort('-registered_date')[0] assert_true(registration.is_registration) assert_false(registration.is_public) assert_true(registration.is_pending_embargo_for_existing_registration) assert_is_not_none(registration.embargo) # Regression test for https://openscience.atlassian.net/browse/OSF-5071 @mock.patch('framework.tasks.handlers.enqueue_task') def test_POST_register_embargo_does_not_make_project_or_children_public( self, mock_enqueue): public_project = ProjectFactory(creator=self.user, is_public=True) component = NodeFactory(creator=self.user, parent=public_project, title='Component', is_public=True) subproject = ProjectFactory(creator=self.user, parent=public_project, title='Subproject', is_public=True) subproject_component = NodeFactory(creator=self.user, parent=subproject, title='Subcomponent', is_public=True) res = self.app.post(public_project.api_url_for( 'node_register_template_page_post', template=u'Open-Ended_Registration'), self.valid_embargo_payload, content_type='application/json', auth=self.user.auth) public_project.reload() assert_equal(res.status_code, 201) # Last node directly registered from self.project registration = Node.load(public_project.node__registrations[-1]) assert_true(registration.is_registration) assert_false(registration.is_public) assert_true(registration.is_pending_embargo_for_existing_registration) assert_is_not_none(registration.embargo) for node in registration.get_descendants_recursive(): assert_true(node.is_registration) assert_false(node.is_public) @mock.patch('framework.tasks.handlers.enqueue_task') def test_POST_invalid_embargo_end_date_returns_HTTPBad_Request( self, mock_enqueue): res = self.app.post(self.project.api_url_for( 'node_register_template_page_post', template=u'Open-Ended_Registration'), self.invalid_embargo_date_payload, content_type='application/json', auth=self.user.auth, expect_errors=True) assert_equal(res.status_code, 400) @mock.patch('framework.tasks.handlers.enqueue_task') def test_valid_POST_embargo_adds_to_parent_projects_log( self, mock_enquque): initial_project_logs = len(self.project.logs) res = self.app.post(self.project.api_url_for( 'node_register_template_page_post', template=u'Open-Ended_Registration'), self.valid_embargo_payload, content_type='application/json', auth=self.user.auth) self.project.reload() # Logs: Created, registered, embargo initiated assert_equal(len(self.project.logs), initial_project_logs + 1) def test_non_contributor_GET_approval_returns_HTTPError(self): non_contributor = AuthUserFactory() self.registration.embargo_registration( self.user, datetime.datetime.utcnow() + datetime.timedelta(days=10)) self.registration.save() assert_true(self.registration.is_pending_embargo) approval_token = self.registration.embargo.approval_state[ self.user._id]['approval_token'] approval_url = self.registration.web_url_for('view_project', token=approval_token) res = self.app.get(approval_url, auth=non_contributor.auth, expect_errors=True) assert_equal(http.FORBIDDEN, res.status_code) assert_true(self.registration.is_pending_embargo) assert_false(self.registration.embargo_end_date) def test_non_contributor_GET_disapproval_returns_HTTPError(self): non_contributor = AuthUserFactory() self.registration.embargo_registration( self.user, datetime.datetime.utcnow() + datetime.timedelta(days=10)) self.registration.save() assert_true(self.registration.is_pending_embargo) rejection_token = self.registration.embargo.approval_state[ self.user._id]['rejection_token'] approval_url = self.registration.web_url_for('view_project', token=rejection_token) res = self.app.get(approval_url, auth=non_contributor.auth, expect_errors=True) assert_equal(http.FORBIDDEN, res.status_code) assert_true(self.registration.is_pending_embargo) assert_false(self.registration.embargo_end_date)
class RegistrationEmbargoApprovalDisapprovalViewsTestCase(OsfTestCase): def setUp(self): super(RegistrationEmbargoApprovalDisapprovalViewsTestCase, self).setUp() self.user = AuthUserFactory() self.registration = RegistrationFactory(creator=self.user) # node_registration_embargo_approve tests def test_GET_from_unauthorized_user_raises_HTTPForbidden(self): unauthorized_user = AuthUserFactory() res = self.app.get(self.registration.web_url_for('view_project', token=DUMMY_TOKEN), auth=unauthorized_user.auth, expect_errors=True) assert_equal(res.status_code, 403) def test_GET_approve_registration_without_embargo_raises_HTTPBad_Request( self): assert_false(self.registration.is_pending_embargo) res = self.app.get(self.registration.web_url_for('view_project', token=DUMMY_TOKEN), auth=self.user.auth, expect_errors=True) assert_equal(res.status_code, 400) def test_GET_approve_with_invalid_token_returns_HTTPBad_Request(self): self.registration.embargo_registration( self.user, datetime.datetime.utcnow() + datetime.timedelta(days=10)) self.registration.save() assert_true(self.registration.is_pending_embargo) res = self.app.get(self.registration.web_url_for('view_project', token=DUMMY_TOKEN), auth=self.user.auth, expect_errors=True) assert_equal(res.status_code, 400) def test_GET_approve_with_wrong_token_returns_HTTPBad_Request(self): admin2 = UserFactory() self.registration.contributors.append(admin2) self.registration.add_permission(admin2, 'admin', save=True) self.registration.embargo_registration( self.user, datetime.datetime.utcnow() + datetime.timedelta(days=10)) self.registration.save() assert_true(self.registration.is_pending_embargo) wrong_approval_token = self.registration.embargo.approval_state[ admin2._id]['approval_token'] res = self.app.get(self.registration.web_url_for( 'view_project', token=wrong_approval_token), auth=self.user.auth, expect_errors=True) assert_equal(res.status_code, 400) def test_GET_approve_with_wrong_admins_token_returns_HTTPBad_Request(self): admin2 = UserFactory() self.registration.contributors.append(admin2) self.registration.add_permission(admin2, 'admin', save=True) self.registration.embargo_registration( self.user, datetime.datetime.utcnow() + datetime.timedelta(days=10)) self.registration.save() assert_true(self.registration.is_pending_embargo) wrong_approval_token = self.registration.embargo.approval_state[ admin2._id]['approval_token'] res = self.app.get(self.registration.web_url_for( 'view_project', token=wrong_approval_token), auth=self.user.auth, expect_errors=True) assert_true(self.registration.is_pending_embargo) assert_equal(res.status_code, 400) @mock.patch('flask.redirect') def test_GET_approve_with_valid_token_redirects(self, mock_redirect): self.registration.embargo_registration( self.user, datetime.datetime.utcnow() + datetime.timedelta(days=10)) self.registration.save() assert_true(self.registration.is_pending_embargo) approval_token = self.registration.embargo.approval_state[ self.user._id]['approval_token'] self.app.get( self.registration.web_url_for('view_project', token=approval_token), auth=self.user.auth, ) self.registration.embargo.reload() assert_true(self.registration.embargo_end_date) assert_false(self.registration.is_pending_embargo) assert_true( mock_redirect.called_with( self.registration.web_url_for('view_project'))) def test_GET_from_unauthorized_user_returns_HTTPForbidden(self): unauthorized_user = AuthUserFactory() res = self.app.get(self.registration.web_url_for('view_project', token=DUMMY_TOKEN), auth=unauthorized_user.auth, expect_errors=True) assert_equal(res.status_code, 403) def test_GET_disapprove_registration_without_embargo_HTTPBad_Request(self): assert_false(self.registration.is_pending_embargo) res = self.app.get(self.registration.web_url_for('view_project', token=DUMMY_TOKEN), auth=self.user.auth, expect_errors=True) assert_equal(res.status_code, 400) def test_GET_disapprove_with_invalid_token_returns_HTTPBad_Request(self): self.registration.embargo_registration( self.user, datetime.datetime.utcnow() + datetime.timedelta(days=10)) self.registration.save() assert_true(self.registration.is_pending_embargo) res = self.app.get(self.registration.web_url_for('view_project', token=DUMMY_TOKEN), auth=self.user.auth, expect_errors=True) self.registration.embargo.reload() assert_true(self.registration.is_pending_embargo) assert_equal(res.status_code, 400) def test_GET_disapprove_with_wrong_admins_token_returns_HTTPBad_Request( self): admin2 = UserFactory() self.registration.contributors.append(admin2) self.registration.add_permission(admin2, 'admin', save=True) self.registration.embargo_registration( self.user, datetime.datetime.utcnow() + datetime.timedelta(days=10)) self.registration.save() assert_true(self.registration.is_pending_embargo) wrong_rejection_token = self.registration.embargo.approval_state[ admin2._id]['rejection_token'] res = self.app.get(self.registration.web_url_for( 'view_project', token=wrong_rejection_token), auth=self.user.auth, expect_errors=True) assert_true(self.registration.is_pending_embargo) assert_equal(res.status_code, 400) def test_GET_disapprove_with_valid_token_returns_redirect_to_parent(self): project = ProjectFactory(creator=self.user) registration = RegistrationFactory(project=project) registration.embargo_registration( self.user, datetime.datetime.utcnow() + datetime.timedelta(days=10)) registration.save() assert_true(registration.is_pending_embargo) rejection_token = registration.embargo.approval_state[ self.user._id]['rejection_token'] res = self.app.get( registration.web_url_for('view_project', token=rejection_token), auth=self.user.auth, ) registration.embargo.reload() assert_equal(registration.embargo.state, Embargo.REJECTED) assert_false(registration.is_pending_embargo) assert_equal(res.status_code, 302) @mock.patch('flask.redirect') def test_GET_disapprove_for_existing_registration_with_valid_token_redirects_to_registration( self, mock_redirect): self.registration.embargo_registration(self.user, datetime.datetime.utcnow() + datetime.timedelta(days=10), for_existing_registration=True) self.registration.save() assert_true(self.registration.is_pending_embargo) rejection_token = self.registration.embargo.approval_state[ self.user._id]['rejection_token'] res = self.app.get( self.registration.web_url_for('view_project', token=rejection_token), auth=self.user.auth, ) self.registration.embargo.reload() assert_equal(self.registration.embargo.state, Embargo.REJECTED) assert_false(self.registration.is_pending_embargo) assert_true( mock_redirect.called_with( self.registration.web_url_for('view_project')))
class RegistrationEmbargoViewsTestCase(OsfTestCase): def setUp(self): super(RegistrationEmbargoViewsTestCase, self).setUp() ensure_schemas() self.user = AuthUserFactory() self.project = ProjectFactory(creator=self.user) self.draft = DraftRegistrationFactory(branched_from=self.project) self.registration = RegistrationFactory(project=self.project, creator=self.user) current_month = datetime.datetime.now().strftime("%B") current_year = datetime.datetime.now().strftime("%Y") self.valid_make_public_payload = json.dumps({ u'embargoEndDate': u'Fri, 01, {month} {year} 00:00:00 GMT'.format( month=current_month, year=current_year ), u'registrationChoice': 'immediate', u'summary': unicode(fake.sentence()) }) valid_date = datetime.datetime.now() + datetime.timedelta(days=180) self.valid_embargo_payload = json.dumps({ u'embargoEndDate': unicode(valid_date.strftime('%a, %d, %B %Y %H:%M:%S')) + u' GMT', u'registrationChoice': 'embargo', u'summary': unicode(fake.sentence()) }) self.invalid_embargo_date_payload = json.dumps({ u'embargoEndDate': u"Thu, 01 {month} {year} 05:00:00 GMT".format( month=current_month, year=str(int(current_year)-1) ), u'registrationChoice': 'embargo', u'summary': unicode(fake.sentence()) }) @mock.patch('framework.celery_tasks.handlers.enqueue_task') def test_register_draft_without_embargo_creates_registration_approval(self, mock_enqueue): res = self.app.post( self.project.api_url_for('register_draft_registration', draft_id=self.draft._id), self.valid_make_public_payload, content_type='application/json', auth=self.user.auth ) assert_equal(res.status_code, 202) registration = Node.find().sort('-registered_date')[0] assert_true(registration.is_registration) assert_not_equal(registration.registration_approval, None) # Regression test for https://openscience.atlassian.net/browse/OSF-5039 @mock.patch('framework.celery_tasks.handlers.enqueue_task') def test_POST_register_make_public_immediately_creates_private_pending_registration_for_public_project(self, mock_enqueue): self.project.is_public = True self.project.save() component = NodeFactory( creator=self.user, parent=self.project, title='Component', is_public=True ) subproject = ProjectFactory( creator=self.user, parent=self.project, title='Subproject', is_public=True ) subproject_component = NodeFactory( creator=self.user, parent=subproject, title='Subcomponent', is_public=True ) res = self.app.post( self.project.api_url_for('register_draft_registration', draft_id=self.draft._id), self.valid_make_public_payload, content_type='application/json', auth=self.user.auth ) self.project.reload() assert_equal(res.status_code, 202) assert_equal(res.json['urls']['registrations'], self.project.web_url_for('node_registrations')) # Last node directly registered from self.project registration = Node.find( Q('registered_from', 'eq', self.project) ).sort('-registered_date')[0] assert_true(registration.is_registration) assert_false(registration.is_public) for node in registration.get_descendants_recursive(): assert_true(node.is_registration) assert_false(node.is_public) @mock.patch('framework.celery_tasks.handlers.enqueue_task') def test_POST_register_make_public_does_not_make_children_public(self, mock_enqueue): component = NodeFactory( creator=self.user, parent=self.project, title='Component' ) subproject = ProjectFactory( creator=self.user, parent=self.project, title='Subproject' ) subproject_component = NodeFactory( creator=self.user, parent=subproject, title='Subcomponent' ) res = self.app.post( self.project.api_url_for('register_draft_registration', draft_id=self.draft._id), self.valid_make_public_payload, content_type='application/json', auth=self.user.auth ) self.project.reload() # Last node directly registered from self.project registration = self.project.registrations_all[-1] assert_false(registration.is_public) for node in registration.get_descendants_recursive(): assert_true(node.is_registration) assert_false(node.is_public) @mock.patch('framework.celery_tasks.handlers.enqueue_task') def test_POST_register_embargo_is_not_public(self, mock_enqueue): res = self.app.post( self.project.api_url_for('register_draft_registration', draft_id=self.draft._id), self.valid_embargo_payload, content_type='application/json', auth=self.user.auth ) assert_equal(res.status_code, 202) registration = Node.find().sort('-registered_date')[0] assert_true(registration.is_registration) assert_false(registration.is_public) assert_true(registration.is_pending_embargo_for_existing_registration) assert_is_not_none(registration.embargo) # Regression test for https://openscience.atlassian.net/browse/OSF-5071 @mock.patch('framework.celery_tasks.handlers.enqueue_task') def test_POST_register_embargo_does_not_make_project_or_children_public(self, mock_enqueue): self.project.is_public = True self.project.save() component = NodeFactory( creator=self.user, parent=self.project, title='Component', is_public=True ) subproject = ProjectFactory( creator=self.user, parent=self.project, title='Subproject', is_public=True ) subproject_component = NodeFactory( creator=self.user, parent=subproject, title='Subcomponent', is_public=True ) res = self.app.post( self.project.api_url_for('register_draft_registration', draft_id=self.draft._id), self.valid_embargo_payload, content_type='application/json', auth=self.user.auth ) self.project.reload() assert_equal(res.status_code, 202) assert_equal(res.json['urls']['registrations'], self.project.web_url_for('node_registrations')) # Last node directly registered from self.project registration = Node.find( Q('registered_from', 'eq', self.project) ).sort('-registered_date')[0] assert_true(registration.is_registration) assert_false(registration.is_public) assert_true(registration.is_pending_embargo_for_existing_registration) assert_is_not_none(registration.embargo) for node in registration.get_descendants_recursive(): assert_true(node.is_registration) assert_false(node.is_public) @mock.patch('framework.celery_tasks.handlers.enqueue_task') def test_POST_invalid_embargo_end_date_returns_HTTPBad_Request(self, mock_enqueue): res = self.app.post( self.project.api_url_for('register_draft_registration', draft_id=self.draft._id), self.invalid_embargo_date_payload, content_type='application/json', auth=self.user.auth, expect_errors=True ) assert_equal(res.status_code, 400) @mock.patch('framework.celery_tasks.handlers.enqueue_task') def test_valid_POST_embargo_adds_to_parent_projects_log(self, mock_enquque): initial_project_logs = len(self.project.logs) self.app.post( self.project.api_url_for('register_draft_registration', draft_id=self.draft._id), self.valid_embargo_payload, content_type='application/json', auth=self.user.auth ) self.project.reload() # Logs: Created, registered, embargo initiated assert_equal(len(self.project.logs), initial_project_logs + 1) @mock.patch('website.project.sanctions.TokenApprovableSanction.ask') def test_embargoed_registration_set_privacy_requests_embargo_termination(self, mock_ask): # Initiate and approve embargo for i in range(3): c = AuthUserFactory() self.registration.add_contributor(c, [permissions.ADMIN], auth=Auth(self.user)) self.registration.save() self.registration.embargo_registration( self.user, datetime.datetime.utcnow() + datetime.timedelta(days=10) ) for user_id, embargo_tokens in self.registration.embargo.approval_state.iteritems(): approval_token = embargo_tokens['approval_token'] self.registration.embargo.approve_embargo(User.load(user_id), approval_token) self.registration.save() res = self.app.post( self.registration.api_url_for('project_set_privacy', permissions='public'), auth=self.user.auth, ) assert_equal(res.status_code, 200) for reg in self.registration.node_and_primary_descendants(): reg.reload() assert_false(reg.is_public) assert_true(reg.embargo_termination_approval) assert_true(reg.embargo_termination_approval.is_pending_approval) def test_cannot_request_termination_on_component_of_embargo(self): node = ProjectFactory() child = ProjectFactory(parent=node, creator=node.creator) with utils.mock_archive(node, embargo=True, autocomplete=True, autoapprove=True) as reg: with assert_raises(NodeStateError): reg.nodes[0].request_embargo_termination(Auth(node.creator)) @mock.patch('website.mails.send_mail') def test_embargoed_registration_set_privacy_sends_mail(self, mock_send_mail): """ Integration test for https://github.com/CenterForOpenScience/osf.io/pull/5294#issuecomment-212613668 """ # Initiate and approve embargo for i in range(3): c = AuthUserFactory() self.registration.add_contributor(c, [permissions.ADMIN], auth=Auth(self.user)) self.registration.save() self.registration.embargo_registration( self.user, datetime.datetime.utcnow() + datetime.timedelta(days=10) ) for user_id, embargo_tokens in self.registration.embargo.approval_state.iteritems(): approval_token = embargo_tokens['approval_token'] self.registration.embargo.approve_embargo(User.load(user_id), approval_token) self.registration.save() res = self.app.post( self.registration.api_url_for('project_set_privacy', permissions='public'), auth=self.user.auth, ) assert_equal(res.status_code, 200) for admin in self.registration.admin_contributors: assert_true(any([c[0][0] == admin.username for c in mock_send_mail.call_args_list])) @mock.patch('website.project.sanctions.TokenApprovableSanction.ask') def test_make_child_embargoed_registration_public_asks_all_admins_in_tree(self, mock_ask): # Initiate and approve embargo node = NodeFactory(creator=self.user) c1 = AuthUserFactory() child = NodeFactory(parent=node, creator=c1) c2 = AuthUserFactory() NodeFactory(parent=child, creator=c2) registration = RegistrationFactory(project=node) registration.embargo_registration( self.user, datetime.datetime.utcnow() + datetime.timedelta(days=10) ) for user_id, embargo_tokens in registration.embargo.approval_state.iteritems(): approval_token = embargo_tokens['approval_token'] registration.embargo.approve_embargo(User.load(user_id), approval_token) self.registration.save() res = self.app.post( registration.api_url_for('project_set_privacy', permissions='public'), auth=self.user.auth ) assert_equal(res.status_code, 200) asked_admins = [(admin._id, n._id) for admin, n in mock_ask.call_args[0][0]] for admin, node in registration.get_admin_contributors_recursive(): assert_in((admin._id, node._id), asked_admins) def test_non_contributor_GET_approval_returns_HTTPError(self): non_contributor = AuthUserFactory() self.registration.embargo_registration( self.user, datetime.datetime.utcnow() + datetime.timedelta(days=10) ) self.registration.save() assert_true(self.registration.is_pending_embargo) approval_token = self.registration.embargo.approval_state[self.user._id]['approval_token'] approval_url = self.registration.web_url_for('view_project', token=approval_token) res = self.app.get(approval_url, auth=non_contributor.auth, expect_errors=True) assert_equal(http.FORBIDDEN, res.status_code) assert_true(self.registration.is_pending_embargo) assert_true(self.registration.embargo_end_date) def test_non_contributor_GET_disapproval_returns_HTTPError(self): non_contributor = AuthUserFactory() self.registration.embargo_registration( self.user, datetime.datetime.utcnow() + datetime.timedelta(days=10) ) self.registration.save() assert_true(self.registration.is_pending_embargo) rejection_token = self.registration.embargo.approval_state[self.user._id]['rejection_token'] approval_url = self.registration.web_url_for('view_project', token=rejection_token) res = self.app.get(approval_url, auth=non_contributor.auth, expect_errors=True) assert_equal(http.FORBIDDEN, res.status_code) assert_true(self.registration.is_pending_embargo) assert_true(self.registration.embargo_end_date)
class TestWikiDetailView(ApiWikiTestCase): def _set_up_public_project_with_wiki_page(self): self.public_project = ProjectFactory(is_public=True, creator=self.user) self.public_wiki = self._add_project_wiki_page(self.public_project, self.user) self.public_url = '/{}wikis/{}/'.format(API_BASE, self.public_wiki._id) def _set_up_private_project_with_wiki_page(self): self.private_project = ProjectFactory(creator=self.user) self.private_wiki = self._add_project_wiki_page(self.private_project, self.user) self.private_url = '/{}wikis/{}/'.format(API_BASE, self.private_wiki._id) def _set_up_public_registration_with_wiki_page(self): self._set_up_public_project_with_wiki_page() self.public_registration = RegistrationFactory(project=self.public_project, user=self.user, is_public=True) self.public_registration_wiki_id = self.public_registration.wiki_pages_versions['home'][0] self.public_registration.wiki_pages_current = {'home': self.public_registration_wiki_id} self.public_registration.save() self.public_registration_url = '/{}wikis/{}/'.format(API_BASE, self.public_registration_wiki_id) def _set_up_private_registration_with_wiki_page(self): self._set_up_private_project_with_wiki_page() self.private_registration = RegistrationFactory(project=self.private_project, user=self.user) self.private_registration_wiki_id = self.private_registration.wiki_pages_versions['home'][0] self.private_registration.wiki_pages_current = {'home': self.private_registration_wiki_id} self.private_registration.save() self.private_registration_url = '/{}wikis/{}/'.format(API_BASE, self.private_registration_wiki_id) def test_public_node_logged_out_user_can_view_wiki(self): self._set_up_public_project_with_wiki_page() res = self.app.get(self.public_url) assert_equal(res.status_code, 200) assert_equal(res.json['data']['id'], self.public_wiki._id) def test_public_node_logged_in_non_contributor_can_view_wiki(self): self._set_up_public_project_with_wiki_page() res = self.app.get(self.public_url, auth=self.non_contributor.auth) assert_equal(res.status_code, 200) assert_equal(res.json['data']['id'], self.public_wiki._id) def test_public_node_logged_in_contributor_can_view_wiki(self): self._set_up_public_project_with_wiki_page() res = self.app.get(self.public_url, auth=self.user.auth) assert_equal(res.status_code, 200) assert_equal(res.json['data']['id'], self.public_wiki._id) def test_private_node_logged_out_user_cannot_view_wiki(self): self._set_up_private_project_with_wiki_page() res = self.app.get(self.private_url, expect_errors=True) assert_equal(res.status_code, 401) assert_equal(res.json['errors'][0]['detail'], 'Authentication credentials were not provided.') def test_private_node_logged_in_non_contributor_cannot_view_wiki(self): self._set_up_private_project_with_wiki_page() res = self.app.get(self.private_url, auth=self.non_contributor.auth, expect_errors=True) assert_equal(res.status_code, 403) assert_equal(res.json['errors'][0]['detail'], 'You do not have permission to perform this action.') def test_private_node_logged_in_contributor_can_view_wiki(self): self._set_up_private_project_with_wiki_page() res = self.app.get(self.private_url, auth=self.user.auth) assert_equal(res.status_code, 200) assert_equal(res.json['data']['id'], self.private_wiki._id) def test_private_node_user_with_anonymous_link_can_view_wiki(self): self._set_up_private_project_with_wiki_page() private_link = PrivateLinkFactory(anonymous=True) private_link.nodes.append(self.private_project) private_link.save() url = furl.furl(self.private_url).add(query_params={'view_only': private_link.key}).url res = self.app.get(url) assert_equal(res.status_code, 200) assert_equal(res.json['data']['id'], self.private_wiki._id) def test_private_node_user_with_view_only_link_can_view_wiki(self): self._set_up_private_project_with_wiki_page() private_link = PrivateLinkFactory(anonymous=False) private_link.nodes.append(self.private_project) private_link.save() url = furl.furl(self.private_url).add(query_params={'view_only': private_link.key}).url res = self.app.get(url) assert_equal(res.status_code, 200) assert_equal(res.json['data']['id'], self.private_wiki._id) def test_public_registration_logged_out_user_cannot_view_wiki(self): self._set_up_public_registration_with_wiki_page() res = self.app.get(self.public_registration_url, expect_errors=True) assert_equal(res.status_code, 200) assert_equal(res.json['data']['id'], self.public_registration_wiki_id) def test_public_registration_logged_in_non_contributor_cannot_view_wiki(self): self._set_up_public_registration_with_wiki_page() res = self.app.get(self.public_registration_url, auth=self.non_contributor.auth, expect_errors=True) assert_equal(res.status_code, 200) assert_equal(res.json['data']['id'], self.public_registration_wiki_id) def test_public_registration_contributor_can_view_wiki(self): self._set_up_public_registration_with_wiki_page() res = self.app.get(self.public_registration_url, auth=self.user.auth) assert_equal(res.status_code, 200) assert_equal(res.json['data']['id'], self.public_registration_wiki_id) def test_user_cannot_view_withdrawn_registration_wikis(self): self._set_up_public_registration_with_wiki_page() withdrawal = self.public_registration.retract_registration(user=self.user, save=True) token = withdrawal.approval_state.values()[0]['approval_token'] withdrawal.approve_retraction(self.user, token) withdrawal.save() res = self.app.get(self.public_registration_url, auth=self.user.auth, expect_errors=True) assert_equal(res.status_code, 403) assert_equal(res.json['errors'][0]['detail'], 'You do not have permission to perform this action.') def test_private_registration_logged_out_user_cannot_view_wiki(self): self._set_up_private_registration_with_wiki_page() res = self.app.get(self.private_registration_url, expect_errors=True) assert_equal(res.status_code, 401) assert_equal(res.json['errors'][0]['detail'], 'Authentication credentials were not provided.') def test_private_registration_logged_in_non_contributor_cannot_view_wiki(self): self._set_up_private_registration_with_wiki_page() res = self.app.get(self.private_registration_url, auth=self.non_contributor.auth, expect_errors=True) assert_equal(res.status_code, 403) assert_equal(res.json['errors'][0]['detail'], 'You do not have permission to perform this action.') def test_private_registration_contributor_can_view_wiki(self): self._set_up_private_registration_with_wiki_page() res = self.app.get(self.private_registration_url, auth=self.user.auth) assert_equal(res.status_code, 200) assert_equal(res.json['data']['id'], self.private_registration_wiki_id) def test_wiki_has_user_link(self): self._set_up_public_project_with_wiki_page() res = self.app.get(self.public_url) url = res.json['data']['relationships']['user']['links']['related']['href'] expected_url = '/{}users/{}/'.format(API_BASE, self.user._id) assert_equal(res.status_code, 200) assert_equal(urlparse(url).path, expected_url) def test_wiki_has_node_link(self): self._set_up_public_project_with_wiki_page() res = self.app.get(self.public_url) url = res.json['data']['relationships']['node']['links']['related']['href'] expected_url = '/{}nodes/{}/'.format(API_BASE, self.public_project._id) assert_equal(res.status_code, 200) assert_equal(urlparse(url).path, expected_url) def test_wiki_has_comments_link(self): self._set_up_public_project_with_wiki_page() res = self.app.get(self.public_url) url = res.json['data']['relationships']['comments']['links']['related']['href'] expected_url = '/{}nodes/{}/comments/?filter[target]={}'.format(API_BASE, self.public_project._id, self.public_wiki._id) assert_equal(res.status_code, 200) assert_in(expected_url, url) def test_wiki_has_download_link(self): self._set_up_public_project_with_wiki_page() res = self.app.get(self.public_url) url = res.json['data']['links']['download'] expected_url = '/{}wikis/{}/content/'.format(API_BASE, self.public_wiki._id) assert_equal(res.status_code, 200) assert_in(expected_url, url) def test_wiki_invalid_id_not_found(self): url = '/{}wikis/{}/'.format(API_BASE, 'abcde') res = self.app.get(url, expect_errors=True) assert_equal(res.status_code, 404) def test_old_wiki_versions_not_returned(self): self._set_up_public_project_with_wiki_page() current_wiki = NodeWikiFactory(node=self.public_project, user=self.user) old_version_id = self.public_project.wiki_pages_versions[current_wiki.page_name][-2] old_version = NodeWikiPage.load(old_version_id) url = '/{}wikis/{}/'.format(API_BASE, old_version._id) res = self.app.get(url, expect_errors=True) assert_equal(res.status_code, 404)
class TestNodeWikiList(ApiWikiTestCase): def _set_up_public_project_with_wiki_page(self): self.public_project = ProjectFactory(is_public=True, creator=self.user) self.public_wiki = self._add_project_wiki_page(self.public_project, self.user) self.public_url = '/{}nodes/{}/wikis/'.format(API_BASE, self.public_project._id) def _set_up_private_project_with_wiki_page(self): self.private_project = ProjectFactory(creator=self.user) self.private_wiki = self._add_project_wiki_page(self.private_project, self.user) self.private_url = '/{}nodes/{}/wikis/'.format(API_BASE, self.private_project._id) def _set_up_public_registration_with_wiki_page(self): self._set_up_public_project_with_wiki_page() self.public_registration = RegistrationFactory(project=self.public_project, user=self.user, is_public=True) self.public_registration_wiki_id = self.public_registration.wiki_pages_versions['home'][0] self.public_registration.wiki_pages_current = {'home': self.public_registration_wiki_id} self.public_registration.save() self.public_registration_url = '/{}registrations/{}/wikis/'.format(API_BASE, self.public_registration._id) def _set_up_registration_with_wiki_page(self): self._set_up_private_project_with_wiki_page() self.registration = RegistrationFactory(project=self.private_project, user=self.user) self.registration_wiki_id = self.registration.wiki_pages_versions['home'][0] self.registration.wiki_pages_current = {'home': self.registration_wiki_id} self.registration.save() self.registration_url = '/{}registrations/{}/wikis/'.format(API_BASE, self.registration._id) def test_return_public_node_wikis_logged_out_user(self): self._set_up_public_project_with_wiki_page() res = self.app.get(self.public_url) assert_equal(res.status_code, 200) wiki_ids = [wiki['id'] for wiki in res.json['data']] assert_in(self.public_wiki._id, wiki_ids) def test_return_public_node_wikis_logged_in_non_contributor(self): self._set_up_public_project_with_wiki_page() res = self.app.get(self.public_url, auth=self.non_contributor.auth) assert_equal(res.status_code, 200) wiki_ids = [wiki['id'] for wiki in res.json['data']] assert_in(self.public_wiki._id, wiki_ids) def test_return_public_node_wikis_logged_in_contributor(self): self._set_up_public_project_with_wiki_page() res = self.app.get(self.public_url, auth=self.user.auth) assert_equal(res.status_code, 200) wiki_ids = [wiki['id'] for wiki in res.json['data']] assert_in(self.public_wiki._id, wiki_ids) def test_return_private_node_wikis_logged_out_user(self): self._set_up_private_project_with_wiki_page() res = self.app.get(self.private_url, expect_errors=True) assert_equal(res.status_code, 401) assert_equal(res.json['errors'][0]['detail'], 'Authentication credentials were not provided.') def test_return_private_node_wikis_logged_in_non_contributor(self): self._set_up_private_project_with_wiki_page() res = self.app.get(self.private_url, auth=self.non_contributor.auth, expect_errors=True) assert_equal(res.status_code, 403) assert_equal(res.json['errors'][0]['detail'], 'You do not have permission to perform this action.') def test_return_private_node_wikis_logged_in_contributor(self): self._set_up_private_project_with_wiki_page() res = self.app.get(self.private_url, auth=self.user.auth) assert_equal(res.status_code, 200) wiki_ids = [wiki['id'] for wiki in res.json['data']] assert_in(self.private_wiki._id, wiki_ids) def test_return_registration_wikis_logged_out_user(self): self._set_up_registration_with_wiki_page() res = self.app.get(self.registration_url, expect_errors=True) assert_equal(res.status_code, 401) assert_equal(res.json['errors'][0]['detail'], 'Authentication credentials were not provided.') def test_return_registration_wikis_logged_in_non_contributor(self): self._set_up_registration_with_wiki_page() res = self.app.get(self.registration_url, auth=self.non_contributor.auth, expect_errors=True) assert_equal(res.status_code, 403) assert_equal(res.json['errors'][0]['detail'], 'You do not have permission to perform this action.') def test_return_registration_wikis_logged_in_contributor(self): self._set_up_registration_with_wiki_page() res = self.app.get(self.registration_url, auth=self.user.auth) assert_equal(res.status_code, 200) wiki_ids = [wiki['id'] for wiki in res.json['data']] assert_in(self.registration_wiki_id, wiki_ids) def test_wikis_not_returned_for_withdrawn_registration(self): self._set_up_registration_with_wiki_page() self.registration.is_public = True withdrawal = self.registration.retract_registration(user=self.user, save=True) token = withdrawal.approval_state.values()[0]['approval_token'] withdrawal.approve_retraction(self.user, token) withdrawal.save() res = self.app.get(self.registration_url, auth=self.user.auth, expect_errors=True) assert_equal(res.status_code, 403) assert_equal(res.json['errors'][0]['detail'], 'You do not have permission to perform this action.') def test_public_node_wikis_relationship_links(self): self._set_up_public_project_with_wiki_page() res = self.app.get(self.public_url) expected_nodes_relationship_url = '{}nodes/{}/'.format(API_BASE, self.public_project._id) expected_comments_relationship_url = '{}nodes/{}/comments/'.format(API_BASE, self.public_project._id) assert_in(expected_nodes_relationship_url, res.json['data'][0]['relationships']['node']['links']['related']['href']) assert_in(expected_comments_relationship_url, res.json['data'][0]['relationships']['comments']['links']['related']['href']) def test_private_node_wikis_relationship_links(self): self._set_up_private_project_with_wiki_page() res = self.app.get(self.private_url, auth=self.user.auth) expected_nodes_relationship_url = '{}nodes/{}/'.format(API_BASE, self.private_project._id) expected_comments_relationship_url = '{}nodes/{}/comments/'.format(API_BASE, self.private_project._id) assert_in(expected_nodes_relationship_url, res.json['data'][0]['relationships']['node']['links']['related']['href']) assert_in(expected_comments_relationship_url, res.json['data'][0]['relationships']['comments']['links']['related']['href']) def test_public_registration_wikis_relationship_links(self): self._set_up_public_registration_with_wiki_page() res = self.app.get(self.public_registration_url) expected_nodes_relationship_url = '{}registrations/{}/'.format(API_BASE, self.public_registration._id) expected_comments_relationship_url = '{}registrations/{}/comments/'.format(API_BASE, self.public_registration._id) assert_in(expected_nodes_relationship_url, res.json['data'][0]['relationships']['node']['links']['related']['href']) assert_in(expected_comments_relationship_url, res.json['data'][0]['relationships']['comments']['links']['related']['href']) def test_private_registration_wikis_relationship_links(self): self._set_up_registration_with_wiki_page() res = self.app.get(self.registration_url, auth=self.user.auth) expected_nodes_relationship_url = '{}registrations/{}/'.format(API_BASE, self.registration._id) expected_comments_relationship_url = '{}registrations/{}/comments/'.format(API_BASE, self.registration._id) assert_in(expected_nodes_relationship_url, res.json['data'][0]['relationships']['node']['links']['related']['href']) assert_in(expected_comments_relationship_url, res.json['data'][0]['relationships']['comments']['links']['related']['href']) def test_registration_wikis_not_returned_from_nodes_endpoint(self): self._set_up_public_project_with_wiki_page() self._set_up_public_registration_with_wiki_page() res = self.app.get(self.public_url) node_relationships = [ node_wiki['relationships']['node']['links']['related']['href'] for node_wiki in res.json['data'] ] assert_equal(res.status_code, 200) assert_equal(len(node_relationships), 1) assert_in(self.public_project._id, node_relationships[0]) def test_node_wikis_not_returned_from_registrations_endpoint(self): self._set_up_public_project_with_wiki_page() self._set_up_public_registration_with_wiki_page() res = self.app.get(self.public_registration_url) node_relationships = [ node_wiki['relationships']['node']['links']['related']['href'] for node_wiki in res.json['data'] ] assert_equal(res.status_code, 200) assert_equal(len(node_relationships), 1) assert_in(self.public_registration._id, node_relationships[0])
class TestRetractRegistrations(OsfTestCase): def setUp(self): super(TestRetractRegistrations, self).setUp() self.user = UserFactory() self.registration = RegistrationFactory(creator=self.user) self.registration.is_public = True self.registration.retract_registration(self.user) self.registration.save() def test_new_retraction_should_not_be_retracted(self): assert_false(self.registration.is_retracted) main(dry_run=False) assert_false(self.registration.is_retracted) def test_should_not_retract_pending_retraction_less_than_48_hours_old(self): # Retraction#iniation_date is read only self.registration.retraction._fields['initiation_date'].__set__( self.registration.retraction, (timezone.now() - timedelta(hours=47)), safe=True ) # setattr(self.registration.retraction, 'initiation_date', (timezone.now() - timedelta(hours=47))) self.registration.retraction.save() assert_false(self.registration.is_retracted) main(dry_run=False) assert_false(self.registration.is_retracted) def test_should_retract_pending_retraction_that_is_48_hours_old(self): # Retraction#iniation_date is read only self.registration.retraction._fields['initiation_date'].__set__( self.registration.retraction, (timezone.now() - timedelta(hours=48)), safe=True ) self.registration.retraction.save() assert_false(self.registration.is_retracted) main(dry_run=False) assert_true(self.registration.is_retracted) def test_should_retract_pending_retraction_more_than_48_hours_old(self): # Retraction#iniation_date is read only self.registration.retraction._fields['initiation_date'].__set__( self.registration.retraction, (timezone.now() - timedelta(days=365)), safe=True ) self.registration.retraction.save() assert_false(self.registration.is_retracted) main(dry_run=False) assert_true(self.registration.is_retracted) def test_retraction_adds_to_parent_projects_log(self): initial_project_logs = len(self.registration.registered_from.logs) # Retraction#iniation_date is read only self.registration.retraction._fields['initiation_date'].__set__( self.registration.retraction, (timezone.now() - timedelta(days=365)), safe=True ) self.registration.retraction.save() assert_false(self.registration.is_retracted) main(dry_run=False) assert_true(self.registration.is_retracted) # Logs: Created, made public, retraction initiated, retracted approved assert_equal(len(self.registration.registered_from.logs), initial_project_logs + 1)
class TestWikiContentView(ApiWikiTestCase): def _set_up_public_project_with_wiki_page(self): self.public_project = ProjectFactory(is_public=True, creator=self.user) self.public_wiki = self._add_project_wiki_page(self.public_project, self.user) self.public_url = '/{}wikis/{}/content/'.format(API_BASE, self.public_wiki._id) def _set_up_private_project_with_wiki_page(self): self.private_project = ProjectFactory(creator=self.user) self.private_wiki = self._add_project_wiki_page(self.private_project, self.user) self.private_url = '/{}wikis/{}/content/'.format(API_BASE, self.private_wiki._id) def _set_up_public_registration_with_wiki_page(self): self._set_up_public_project_with_wiki_page() self.public_registration = RegistrationFactory(project=self.public_project, user=self.user, is_public=True) self.public_registration_wiki_id = self.public_registration.wiki_pages_versions['home'][0] self.public_registration.wiki_pages_current = {'home': self.public_registration_wiki_id} self.public_registration.save() self.public_registration_url = '/{}wikis/{}/content/'.format(API_BASE, self.public_registration_wiki_id) def test_logged_out_user_can_get_public_wiki_content(self): self._set_up_public_project_with_wiki_page() res = self.app.get(self.public_url) assert_equal(res.status_code, 200) assert_equal(res.content_type, 'text/markdown') assert_equal(res.body, self.public_wiki.content) def test_logged_in_non_contributor_can_get_public_wiki_content(self): self._set_up_public_project_with_wiki_page() res = self.app.get(self.public_url, auth=self.non_contributor.auth) assert_equal(res.status_code, 200) assert_equal(res.content_type, 'text/markdown') assert_equal(res.body, self.public_wiki.content) def test_logged_in_contributor_can_get_public_wiki_content(self): self._set_up_public_project_with_wiki_page() res = self.app.get(self.public_url, auth=self.user.auth) assert_equal(res.status_code, 200) assert_equal(res.content_type, 'text/markdown') assert_equal(res.body, self.public_wiki.content) def test_logged_out_user_cannot_get_private_wiki_content(self): self._set_up_private_project_with_wiki_page() res = self.app.get(self.private_url, expect_errors=True) assert_equal(res.status_code, 401) def test_logged_in_non_contributor_cannot_get_private_wiki_content(self): self._set_up_private_project_with_wiki_page() res = self.app.get(self.private_url, auth=self.non_contributor.auth, expect_errors=True) assert_equal(res.status_code, 403) def test_logged_in_contributor_can_get_private_wiki_content(self): self._set_up_private_project_with_wiki_page() res = self.app.get(self.private_url, auth=self.user.auth) assert_equal(res.status_code, 200) assert_equal(res.content_type, 'text/markdown') assert_equal(res.body, self.private_wiki.content) def test_user_cannot_get_withdrawn_registration_wiki_content(self): self._set_up_public_registration_with_wiki_page() withdrawal = self.public_registration.retract_registration(user=self.user, save=True) token = withdrawal.approval_state.values()[0]['approval_token'] withdrawal.approve_retraction(self.user, token) withdrawal.save() res = self.app.get(self.public_registration_url, auth=self.user.auth, expect_errors=True) assert_equal(res.status_code, 403)
class RegistrationApprovalModelTestCase(OsfTestCase): def setUp(self): super(RegistrationApprovalModelTestCase, self).setUp() self.user = UserFactory() self.project = ProjectFactory(creator=self.user) self.registration = RegistrationFactory(project=self.project) self.embargo = EmbargoFactory(user=self.user) self.valid_embargo_end_date = datetime.datetime.utcnow( ) + datetime.timedelta(days=3) def test__require_approval_saves_approval(self): initial_count = RegistrationApproval.find().count() self.registration._initiate_approval(self.user) assert_equal(RegistrationApproval.find().count(), initial_count + 1) def test__initiate_approval_does_not_create_tokens_for_unregistered_admin( self): unconfirmed_user = UnconfirmedUserFactory() self.registration.contributors.append(unconfirmed_user) self.registration.add_permission(unconfirmed_user, 'admin', save=True) assert_true(self.registration.has_permission(unconfirmed_user, 'admin')) approval = self.registration._initiate_approval(self.user) assert_true(self.user._id in approval.approval_state) assert_false(unconfirmed_user._id in approval.approval_state) def test_require_approval_from_non_admin_raises_PermissionsError(self): self.registration.remove_permission(self.user, 'admin') self.registration.save() self.registration.reload() with assert_raises(PermissionsError): self.registration.require_approval(self.user) def test_require_approval_non_registration_raises_NodeStateError(self): self.registration.is_registration = False self.registration.save() with assert_raises(NodeStateError): self.registration.require_approval(self.user, ) assert_false(self.registration.is_pending_registration) def test_invalid_approval_token_raises_InvalidSanctionApprovalToken(self): self.registration.require_approval(self.user) self.registration.save() assert_true(self.registration.is_pending_registration) invalid_approval_token = 'not a real token' with assert_raises(InvalidSanctionApprovalToken): self.registration.registration_approval.approve( self.user, invalid_approval_token) assert_true(self.registration.is_pending_registration) def test_non_admin_approval_token_raises_PermissionsError(self): non_admin = UserFactory() self.registration.require_approval(self.user, ) self.registration.save() assert_true(self.registration.is_pending_registration) approval_token = self.registration.registration_approval.approval_state[ self.user._id]['approval_token'] with assert_raises(PermissionsError): self.registration.registration_approval.approve( non_admin, approval_token) assert_true(self.registration.is_pending_registration) def test_approval_adds_to_parent_projects_log(self): initial_project_logs = len(self.registration.registered_from.logs) self.registration.require_approval(self.user) self.registration.save() approval_token = self.registration.registration_approval.approval_state[ self.user._id]['approval_token'] self.registration.registration_approval.approve( self.user, approval_token) # adds initiated, approved, and registered logs assert_equal(len(self.registration.registered_from.logs), initial_project_logs + 3) def test_one_approval_with_two_admins_stays_pending(self): admin2 = UserFactory() self.registration.contributors.append(admin2) self.registration.add_permission(admin2, 'admin', save=True) self.registration.require_approval(self.user) self.registration.save() # First admin approves approval_token = self.registration.registration_approval.approval_state[ self.user._id]['approval_token'] self.registration.registration_approval.approve( self.user, approval_token) assert_true(self.registration.is_pending_registration) num_of_approvals = sum([ val['has_approved'] for val in self.registration.registration_approval.approval_state.values() ]) assert_equal(num_of_approvals, 1) # Second admin approves approval_token = self.registration.registration_approval.approval_state[ admin2._id]['approval_token'] self.registration.registration_approval.approve(admin2, approval_token) assert_false(self.registration.is_pending_registration) num_of_approvals = sum([ val['has_approved'] for val in self.registration.registration_approval.approval_state.values() ]) assert_equal(num_of_approvals, 2) def test_invalid_rejection_token_raises_InvalidSanctionRejectionToken( self): self.registration.require_approval(self.user) self.registration.save() assert_true(self.registration.is_pending_registration) with assert_raises(InvalidSanctionRejectionToken): self.registration.registration_approval.reject( self.user, fake.sentence()) assert_true(self.registration.is_pending_registration) def test_non_admin_rejection_token_raises_PermissionsError(self): non_admin = UserFactory() self.registration.require_approval(self.user) self.registration.save() assert_true(self.registration.is_pending_registration) rejection_token = self.registration.registration_approval.approval_state[ self.user._id]['rejection_token'] with assert_raises(PermissionsError): self.registration.registration_approval.reject( non_admin, rejection_token) assert_true(self.registration.is_pending_registration) def test_one_disapproval_cancels_registration_approval(self): self.registration.require_approval(self.user) self.registration.save() assert_true(self.registration.is_pending_registration) rejection_token = self.registration.registration_approval.approval_state[ self.user._id]['rejection_token'] self.registration.registration_approval.reject(self.user, rejection_token) assert_equal(self.registration.registration_approval.state, Sanction.REJECTED) assert_false(self.registration.is_pending_registration) def test_disapproval_adds_to_parent_projects_log(self): initial_project_logs = len(self.registration.registered_from.logs) self.registration.require_approval( self.user, datetime.datetime.utcnow() + datetime.timedelta(days=10)) self.registration.save() rejection_token = self.registration.registration_approval.approval_state[ self.user._id]['rejection_token'] registered_from = self.registration.registered_from self.registration.registration_approval.reject(self.user, rejection_token) # Logs: Created, registered, embargo initiated, embargo cancelled assert_equal(len(registered_from.logs), initial_project_logs + 2) def test_cancelling_registration_approval_deletes_parent_registration( self): self.registration.require_approval(self.user) self.registration.save() rejection_token = self.registration.registration_approval.approval_state[ self.user._id]['rejection_token'] self.registration.registration_approval.reject(self.user, rejection_token) assert_equal(self.registration.registration_approval.state, Sanction.REJECTED) assert_true(self.registration.is_deleted) def test_cancelling_registration_approval_deletes_component_registrations( self): component = NodeFactory(creator=self.user, parent=self.project, title='Component') NodeFactory(creator=self.user, parent=component, title='Subcomponent') project_registration = RegistrationFactory(project=self.project) component_registration = project_registration.nodes[0] subcomponent_registration = component_registration.nodes[0] project_registration.require_approval(self.user) project_registration.save() rejection_token = project_registration.registration_approval.approval_state[ self.user._id]['rejection_token'] project_registration.registration_approval.reject( self.user, rejection_token) assert_equal(project_registration.registration_approval.state, Sanction.REJECTED) assert_true(project_registration.is_deleted) assert_true(component_registration.is_deleted) assert_true(subcomponent_registration.is_deleted) def test_new_registration_is_pending_registration(self): self.registration.require_approval(self.user) self.registration.save() assert_true(self.registration.is_pending_registration) def test_on_complete_notify_initiator(self): self.registration.require_approval(self.user, notify_initiator_on_complete=True) self.registration.save() with mock.patch.object(PreregCallbackMixin, '_notify_initiator') as mock_notify: self.registration.registration_approval._on_complete(self.user) mock_notify.assert_called()
class RegistrationRetractionApprovalDisapprovalViewsTestCase(OsfTestCase): def setUp(self): super(RegistrationRetractionApprovalDisapprovalViewsTestCase, self).setUp() self.user = AuthUserFactory() self.registered_from = ProjectFactory(is_public=True, creator=self.user) self.registration = RegistrationFactory(is_public=True, project=self.registered_from) self.registration.retract_registration(self.user) self.registration.save() self.approval_token = self.registration.retraction.approval_state[self.user._id]['approval_token'] self.rejection_token = self.registration.retraction.approval_state[self.user._id]['rejection_token'] self.corrupt_token = fake.sentence() self.token_without_sanction = tokens.encode({ 'action': 'approve_retraction', 'user_id': self.user._id, 'sanction_id': 'invalid id' }) # node_registration_retraction_approve_tests def test_GET_approve_from_unauthorized_user_returns_HTTPError_UNAUTHORIZED(self): unauthorized_user = AuthUserFactory() res = self.app.get( self.registration.web_url_for('view_project', token=self.approval_token), auth=unauthorized_user.auth, expect_errors=True ) assert_equal(res.status_code, http.UNAUTHORIZED) def test_GET_approve_registration_without_retraction_returns_HTTPError_BAD_REQUEST(self): assert_true(self.registration.is_pending_retraction) self.registration.retraction.reject(self.user, self.rejection_token) assert_false(self.registration.is_pending_retraction) self.registration.retraction.save() res = self.app.get( self.registration.web_url_for('view_project', token=self.approval_token), auth=self.user.auth, expect_errors=True ) assert_equal(res.status_code, http.BAD_REQUEST) def test_GET_approve_with_invalid_token_returns_HTTPError_BAD_REQUEST(self): res = self.app.get( self.registration.web_url_for('view_project', token=self.corrupt_token), auth=self.user.auth, expect_errors=True ) assert_equal(res.status_code, http.BAD_REQUEST) def test_GET_approve_with_non_existant_sanction_returns_HTTPError_BAD_REQUEST(self): res = self.app.get( self.registration.web_url_for('view_project', token=self.token_without_sanction), auth=self.user.auth, expect_errors=True ) assert_equal(res.status_code, http.BAD_REQUEST) def test_GET_approve_with_valid_token_returns_200(self): res = self.app.get( self.registration.web_url_for('view_project', token=self.approval_token), auth=self.user.auth ) self.registration.retraction.reload() assert_true(self.registration.is_retracted) assert_false(self.registration.is_pending_retraction) assert_equal(res.status_code, http.OK) # node_registration_retraction_disapprove_tests def test_GET_disapprove_from_unauthorized_user_returns_HTTPError_UNAUTHORIZED(self): unauthorized_user = AuthUserFactory() res = self.app.get( self.registration.web_url_for('view_project', token=self.rejection_token), auth=unauthorized_user.auth, expect_errors=True ) assert_equal(res.status_code, http.UNAUTHORIZED) def test_GET_disapprove_registration_without_retraction_returns_HTTPError_BAD_REQUEST(self): assert_true(self.registration.is_pending_retraction) self.registration.retraction.reject(self.user, self.rejection_token) assert_false(self.registration.is_pending_retraction) self.registration.retraction.save() res = self.app.get( self.registration.web_url_for('view_project', token=self.rejection_token), auth=self.user.auth, expect_errors=True ) assert_equal(res.status_code, http.BAD_REQUEST) def test_GET_disapprove_with_invalid_token_HTTPError_BAD_REQUEST(self): res = self.app.get( self.registration.web_url_for('view_project', token=self.corrupt_token), auth=self.user.auth, expect_errors=True ) assert_equal(res.status_code, http.BAD_REQUEST) def test_GET_disapprove_with_valid_token_returns_redirect(self): res = self.app.get( self.registration.web_url_for('view_project', token=self.rejection_token), auth=self.user.auth, ) self.registration.retraction.reload() assert_false(self.registration.is_retracted) assert_false(self.registration.is_pending_retraction) assert_true(self.registration.retraction.is_rejected) assert_equal(res.status_code, http.OK)
class RegistrationRetractionModelsTestCase(OsfTestCase): def setUp(self): super(RegistrationRetractionModelsTestCase, self).setUp() self.user = UserFactory() self.registration = RegistrationFactory(creator=self.user, is_public=True) self.valid_justification = fake.sentence() self.invalid_justification = fake.text(max_nb_chars=3000) def test_set_public_registration_to_private_raises_NodeStateException(self): self.registration.save() with assert_raises(NodeStateError): self.registration.set_privacy('private') self.registration.reload() assert_true(self.registration.is_public) def test_initiate_retraction_saves_retraction(self): initial_count = Retraction.find().count() self.registration._initiate_retraction(self.user) assert_equal(Retraction.find().count(), initial_count + 1) def test__initiate_retraction_does_not_create_tokens_for_unregistered_admin(self): unconfirmed_user = UnconfirmedUserFactory() self.registration.contributors.append(unconfirmed_user) self.registration.add_permission(unconfirmed_user, 'admin', save=True) assert_true(self.registration.has_permission(unconfirmed_user, 'admin')) retraction = self.registration._initiate_retraction(self.user) assert_true(self.user._id in retraction.approval_state) assert_false(unconfirmed_user._id in retraction.approval_state) def test__initiate_retraction_adds_admins_on_child_nodes(self): project_admin = UserFactory() project_non_admin = UserFactory() child_admin = UserFactory() child_non_admin = UserFactory() grandchild_admin = UserFactory() project = ProjectFactory(creator=project_admin) project.add_contributor(project_non_admin, auth=Auth(project.creator), save=True) child = NodeFactory(creator=child_admin, parent=project) child.add_contributor(child_non_admin, auth=Auth(child.creator), save=True) grandchild = NodeFactory(creator=grandchild_admin, parent=child) # noqa registration = RegistrationFactory(project=project) retraction = registration._initiate_retraction(registration.creator) assert_in(project_admin._id, retraction.approval_state) assert_in(child_admin._id, retraction.approval_state) assert_in(grandchild_admin._id, retraction.approval_state) assert_not_in(project_non_admin._id, retraction.approval_state) assert_not_in(child_non_admin._id, retraction.approval_state) # Backref tests def test_retraction_initiator_has_backref(self): self.registration.retract_registration(self.user, self.valid_justification) self.registration.save() self.registration.reload() assert_equal(Retraction.find(Q('initiated_by', 'eq', self.user)).count(), 1) # Node#retract_registration tests def test_pending_retract(self): self.registration.retract_registration(self.user, self.valid_justification) self.registration.save() self.registration.reload() assert_false(self.registration.is_retracted) assert_equal(self.registration.retraction.state, Retraction.UNAPPROVED) assert_equal(self.registration.retraction.justification, self.valid_justification) assert_equal(self.registration.retraction.initiated_by, self.user) assert_equal( self.registration.retraction.initiation_date.date(), datetime.datetime.utcnow().date() ) def test_retract_component_raises_NodeStateError(self): project = ProjectFactory(is_public=True, creator=self.user) component = NodeFactory(is_public=True, creator=self.user, parent=project) registration = RegistrationFactory(is_public=True, project=project) with assert_raises(NodeStateError): registration.nodes[0].retract_registration(self.user, self.valid_justification) def test_long_justification_raises_ValidationValueError(self): with assert_raises(ValidationValueError): self.registration.retract_registration(self.user, self.invalid_justification) self.registration.save() self.registration.reload() assert_is_none(self.registration.retraction) def test_retract_private_registration_raises_NodeStateError(self): self.registration.is_public = False with assert_raises(NodeStateError): self.registration.retract_registration(self.user, self.valid_justification) self.registration.save() self.registration.reload() assert_is_none(self.registration.retraction) def test_retract_public_non_registration_raises_NodeStateError(self): project = ProjectFactory(is_public=True, creator=self.user) project.save() with assert_raises(NodeStateError): project.retract_registration(self.user, self.valid_justification) project.reload() assert_is_none(project.retraction) def test_retraction_of_registration_pending_embargo_cancels_embargo(self): self.registration.embargo_registration( self.user, (datetime.date.today() + datetime.timedelta(days=10)), for_existing_registration=True ) self.registration.save() assert_true(self.registration.is_pending_embargo) self.registration.retract_registration(self.user) self.registration.save() assert_true(self.registration.is_pending_retraction) approval_token = self.registration.retraction.approval_state[self.user._id]['approval_token'] self.registration.retraction.approve_retraction(self.user, approval_token) assert_false(self.registration.is_pending_retraction) assert_true(self.registration.is_retracted) assert_false(self.registration.is_pending_embargo) assert_true(self.registration.embargo.is_rejected) def test_retraction_of_registration_in_active_embargo_cancels_embargo(self): self.registration.embargo_registration( self.user, (datetime.date.today() + datetime.timedelta(days=10)), for_existing_registration=True ) self.registration.save() assert_true(self.registration.is_pending_embargo) embargo_approval_token = self.registration.embargo.approval_state[self.user._id]['approval_token'] self.registration.embargo.approve_embargo(self.user, embargo_approval_token) assert_false(self.registration.is_pending_embargo) assert_true(self.registration.embargo_end_date) self.registration.retract_registration(self.user) self.registration.save() assert_true(self.registration.is_pending_retraction) retraction_approval_token = self.registration.retraction.approval_state[self.user._id]['approval_token'] self.registration.retraction.approve_retraction(self.user, retraction_approval_token) assert_false(self.registration.is_pending_retraction) assert_true(self.registration.is_retracted) assert_false(self.registration.is_pending_embargo) assert_true(self.registration.embargo.is_rejected) # Retraction#approve_retraction_tests def test_invalid_approval_token_raises_InvalidSanctionApprovalToken(self): self.registration.retract_registration(self.user) self.registration.save() assert_true(self.registration.is_pending_retraction) with assert_raises(InvalidSanctionApprovalToken): self.registration.retraction.approve_retraction(self.user, fake.sentence()) assert_true(self.registration.is_pending_retraction) assert_false(self.registration.is_retracted) def test_non_admin_approval_token_raises_PermissionsError(self): non_admin = UserFactory() self.registration.retract_registration(self.user) self.registration.save() assert_true(self.registration.is_pending_retraction) approval_token = self.registration.retraction.approval_state[self.user._id]['approval_token'] with assert_raises(PermissionsError): self.registration.retraction.approve_retraction(non_admin, approval_token) assert_true(self.registration.is_pending_retraction) assert_false(self.registration.is_retracted) def test_one_approval_with_one_admin_retracts(self): self.registration.retract_registration(self.user) self.registration.save() approval_token = self.registration.retraction.approval_state[self.user._id]['approval_token'] assert_true(self.registration.is_pending_retraction) self.registration.retraction.approve_retraction(self.user, approval_token) assert_true(self.registration.is_retracted) num_of_approvals = sum([val['has_approved'] for val in self.registration.retraction.approval_state.values()]) assert_equal(num_of_approvals, 1) def test_approval_adds_to_parent_projects_log(self): initial_project_logs = len(self.registration.registered_from.logs) self.registration.retract_registration(self.user) self.registration.save() approval_token = self.registration.retraction.approval_state[self.user._id]['approval_token'] self.registration.retraction.approve_retraction(self.user, approval_token) # Logs: Created, registered, retraction initiated, retraction approved assert_equal(len(self.registration.registered_from.logs), initial_project_logs + 2) def test_retraction_of_registration_pending_embargo_cancels_embargo(self): self.registration.is_public = True self.registration.embargo_registration( self.user, datetime.datetime.utcnow() + datetime.timedelta(days=10), for_existing_registration=True ) self.registration.save() assert_true(self.registration.is_pending_embargo) self.registration.retract_registration(self.user) self.registration.save() assert_true(self.registration.is_pending_retraction) approval_token = self.registration.retraction.approval_state[self.user._id]['approval_token'] self.registration.retraction.approve_retraction(self.user, approval_token) assert_false(self.registration.is_pending_retraction) assert_true(self.registration.is_retracted) assert_false(self.registration.is_pending_embargo) assert_true(self.registration.embargo.is_rejected) def test_approval_of_registration_with_embargo_adds_to_parent_projects_log(self): initial_project_logs = len(self.registration.registered_from.logs) self.registration.is_public = True self.registration.embargo_registration( self.user, datetime.datetime.utcnow() + datetime.timedelta(days=10), for_existing_registration=True ) self.registration.save() self.registration.retract_registration(self.user) self.registration.save() approval_token = self.registration.retraction.approval_state[self.user._id]['approval_token'] self.registration.retraction.approve_retraction(self.user, approval_token) # Logs: Created, registered, embargo initiated, retraction initiated, retraction approved, embargo cancelled assert_equal(len(self.registration.registered_from.logs), initial_project_logs + 4) def test_retraction_of_registration_in_active_embargo_cancels_embargo(self): self.registration.is_public = True self.registration.embargo_registration( self.user, datetime.datetime.utcnow() + datetime.timedelta(days=10), for_existing_registration=True ) self.registration.save() assert_true(self.registration.is_pending_embargo) embargo_approval_token = self.registration.embargo.approval_state[self.user._id]['approval_token'] self.registration.embargo.approve_embargo(self.user, embargo_approval_token) assert_false(self.registration.is_pending_embargo) assert_true(self.registration.embargo_end_date) self.registration.retract_registration(self.user) self.registration.save() assert_true(self.registration.is_pending_retraction) retraction_approval_token = self.registration.retraction.approval_state[self.user._id]['approval_token'] self.registration.retraction.approve_retraction(self.user, retraction_approval_token) assert_false(self.registration.is_pending_retraction) assert_true(self.registration.is_retracted) assert_false(self.registration.is_pending_embargo) assert_true(self.registration.embargo.is_rejected) def test_two_approvals_with_two_admins_retracts(self): self.admin2 = UserFactory() self.registration.contributors.append(self.admin2) self.registration.add_permission(self.admin2, 'admin', save=True) self.registration.retract_registration(self.user) self.registration.save() self.registration.reload() # First admin approves approval_token = self.registration.retraction.approval_state[self.user._id]['approval_token'] self.registration.retraction.approve_retraction(self.user, approval_token) assert_true(self.registration.is_pending_retraction) num_of_approvals = sum([val['has_approved'] for val in self.registration.retraction.approval_state.values()]) assert_equal(num_of_approvals, 1) # Second admin approves approval_token = self.registration.retraction.approval_state[self.admin2._id]['approval_token'] self.registration.retraction.approve_retraction(self.admin2, approval_token) num_of_approvals = sum([val['has_approved'] for val in self.registration.retraction.approval_state.values()]) assert_equal(num_of_approvals, 2) assert_true(self.registration.is_retracted) def test_one_approval_with_two_admins_stays_pending(self): self.admin2 = UserFactory() self.registration.contributors.append(self.admin2) self.registration.add_permission(self.admin2, 'admin', save=True) self.registration.retract_registration(self.user) self.registration.save() self.registration.reload() approval_token = self.registration.retraction.approval_state[self.user._id]['approval_token'] assert_equal(self.registration.retraction.state, Retraction.UNAPPROVED) self.registration.retraction.approve_retraction(self.user, approval_token) assert_true(self.registration.is_pending_retraction) num_of_approvals = sum([val['has_approved'] for val in self.registration.retraction.approval_state.values()]) assert_equal(num_of_approvals, 1) # Retraction#disapprove_retraction tests def test_invalid_rejection_token_raises_InvalidSanctionRejectionToken(self): self.registration.retract_registration(self.user) self.registration.save() assert_true(self.registration.is_pending_retraction) with assert_raises(InvalidSanctionRejectionToken): self.registration.retraction.disapprove_retraction(self.user, fake.sentence()) assert_true(self.registration.is_pending_retraction) assert_false(self.registration.is_retracted) def test_non_admin_rejection_token_raises_PermissionsError(self): non_admin = UserFactory() self.registration.retract_registration(self.user) self.registration.save() assert_true(self.registration.is_pending_retraction) rejection_token = self.registration.retraction.approval_state[self.user._id]['rejection_token'] with assert_raises(PermissionsError): self.registration.retraction.disapprove_retraction(non_admin, rejection_token) assert_true(self.registration.is_pending_retraction) assert_false(self.registration.is_retracted) def test_one_disapproval_cancels_retraction(self): self.registration.retract_registration(self.user) self.registration.save() self.registration.reload() rejection_token = self.registration.retraction.approval_state[self.user._id]['rejection_token'] assert_equal(self.registration.retraction.state, Retraction.UNAPPROVED) self.registration.retraction.disapprove_retraction(self.user, rejection_token) assert_true(self.registration.retraction.is_rejected) def test_disapproval_adds_to_parent_projects_log(self): initial_project_logs = len(self.registration.registered_from.logs) self.registration.retract_registration(self.user) self.registration.save() self.registration.reload() rejection_token = self.registration.retraction.approval_state[self.user._id]['rejection_token'] self.registration.retraction.disapprove_retraction(self.user, rejection_token) # Logs: Created, registered, retraction initiated, retraction cancelled assert_equal(len(self.registration.registered_from.logs), initial_project_logs + 2) def test__on_complete_makes_project_and_components_public(self): project_admin = UserFactory() child_admin = UserFactory() grandchild_admin = UserFactory() project = ProjectFactory(creator=project_admin, is_public=False) child = NodeFactory(creator=child_admin, parent=project, is_public=False) grandchild = NodeFactory(creator=grandchild_admin, parent=child, is_public=False) # noqa registration = RegistrationFactory(project=project) registration._initiate_retraction(self.user) registration.retraction._on_complete(self.user) for each in registration.node_and_primary_descendants(): assert_true(each.is_public) # Retraction property tests def test_new_retraction_is_pending_retraction(self): self.registration.retract_registration(self.user) assert_true(self.registration.is_pending_retraction) assert_false(self.registration.is_retracted)
class TestWithdrawnRegistrations(NodeCRUDTestCase): def setUp(self): super(TestWithdrawnRegistrations, self).setUp() self.registration = RegistrationFactory(creator=self.user, project=self.public_project) self.withdrawn_registration = WithdrawnRegistrationFactory(registration=self.registration, user=self.registration.creator) self.public_pointer_project = ProjectFactory(is_public=True) self.public_pointer = self.public_project.add_pointer(self.public_pointer_project, auth=Auth(self.user), save=True) self.withdrawn_url = '/{}registrations/{}/'.format(API_BASE, self.registration._id) self.withdrawn_registration.justification = 'We made a major error.' self.withdrawn_registration.save() def test_can_access_withdrawn_contributors(self): url = '/{}registrations/{}/contributors/'.format(API_BASE, self.registration._id) res = self.app.get(url, auth=self.user.auth, expect_errors=True) assert_equal(res.status_code, 200) def test_cannot_access_withdrawn_children(self): url = '/{}registrations/{}/children/'.format(API_BASE, self.registration._id) res = self.app.get(url, auth=self.user.auth, expect_errors=True) assert_equal(res.status_code, 403) def test_cannot_access_withdrawn_comments(self): self.public_project = ProjectFactory(is_public=True, creator=self.user) self.public_comment = CommentFactory(node=self.public_project, user=self.user) url = '/{}registrations/{}/comments/'.format(API_BASE, self.registration._id) res = self.app.get(url, auth=self.user.auth, expect_errors=True) assert_equal(res.status_code, 403) def test_can_access_withdrawn_contributor_detail(self): url = '/{}registrations/{}/contributors/{}/'.format(API_BASE, self.registration._id, self.user._id) res = self.app.get(url, auth=self.user.auth, expect_errors=True) assert_equal(res.status_code, 200) def test_cannot_return_a_withdrawn_registration_at_node_detail_endpoint(self): url = '/{}nodes/{}/'.format(API_BASE, self.registration._id) res = self.app.get(url, auth=self.user.auth, expect_errors=True) assert_equal(res.status_code, 404) def test_cannot_delete_a_withdrawn_registration(self): url = '/{}registrations/{}/'.format(API_BASE, self.registration._id) res = self.app.delete_json_api(url, auth=self.user.auth, expect_errors=True) self.registration.reload() assert_equal(res.status_code, 405) def test_cannot_access_withdrawn_files_list(self): url = '/{}registrations/{}/files/'.format(API_BASE, self.registration._id) res = self.app.get(url, auth=self.user.auth, expect_errors=True) assert_equal(res.status_code, 403) def test_cannot_access_withdrawn_node_links_detail(self): url = '/{}registrations/{}/node_links/{}/'.format(API_BASE, self.registration._id, self.public_pointer._id) res = self.app.get(url, auth=self.user.auth, expect_errors=True) assert_equal(res.status_code, 403) def test_cannot_access_withdrawn_node_links_list(self): url = '/{}registrations/{}/node_links/'.format(API_BASE, self.registration._id) res = self.app.get(url, auth=self.user.auth, expect_errors=True) assert_equal(res.status_code, 403) def test_cannot_access_withdrawn_node_logs(self): self.public_project = ProjectFactory(is_public=True, creator=self.user) url = '/{}registrations/{}/logs/'.format(API_BASE, self.registration._id) res = self.app.get(url, auth=self.user.auth, expect_errors=True) assert_equal(res.status_code, 403) def test_cannot_access_withdrawn_registrations_list(self): self.registration.save() url = '/{}registrations/{}/registrations/'.format(API_BASE, self.registration._id) res = self.app.get(url, auth=self.user.auth, expect_errors=True) assert_equal(res.status_code, 403) def test_withdrawn_registrations_display_limited_fields(self): registration = self.registration res = self.app.get(self.withdrawn_url, auth=self.user.auth) assert_equal(res.status_code, 200) attributes = res.json['data']['attributes'] expected_attributes = { 'title': registration.title, 'description': registration.description, 'date_created': registration.date_created.isoformat(), 'date_registered': registration.registered_date.isoformat(), 'withdrawal_justification': registration.retraction.justification, 'public': None, 'category': None, 'date_modified': None, 'registration': True, 'fork': None, 'collection': None, 'tags': None, 'withdrawn': True, 'pending_withdrawal': None, 'pending_registration_approval': None, 'pending_embargo_approval': None, 'embargo_end_date': None, 'registered_meta': None, 'current_user_permissions': None, 'registration_supplement': registration.registered_schema[0].name } for attribute in expected_attributes: assert_equal(expected_attributes[attribute], attributes[attribute]) contributors = urlparse(res.json['data']['relationships']['contributors']['links']['related']['href']).path assert_equal(contributors, '/{}registrations/{}/contributors/'.format(API_BASE, registration._id)) assert_not_in('children', res.json['data']['relationships']) assert_not_in('comments', res.json['data']['relationships']) assert_not_in('node_links', res.json['data']['relationships']) assert_not_in('registrations', res.json['data']['relationships']) assert_not_in('parent', res.json['data']['relationships']) assert_not_in('forked_from', res.json['data']['relationships']) assert_not_in('files', res.json['data']['relationships']) assert_not_in('logs', res.json['data']['relationships']) assert_not_in('primary_institution', res.json['data']['relationships']) assert_not_in('registered_by', res.json['data']['relationships']) assert_not_in('registered_from', res.json['data']['relationships']) assert_not_in('root', res.json['data']['relationships']) def test_field_specific_related_counts_ignored_if_hidden_field_on_withdrawn_registration(self): url = '/{}registrations/{}/?related_counts=children'.format(API_BASE, self.registration._id) res = self.app.get(url, auth=self.user.auth) assert_equal(res.status_code, 200) assert_not_in('children', res.json['data']['relationships']) assert_in('contributors', res.json['data']['relationships']) def test_field_specific_related_counts_retrieved_if_visible_field_on_withdrawn_registration(self): url = '/{}registrations/{}/?related_counts=contributors'.format(API_BASE, self.registration._id) res = self.app.get(url, auth=self.user.auth) assert_equal(res.status_code, 200) assert_equal(res.json['data']['relationships']['contributors']['links']['related']['meta']['count'], 1)
class TestMigrateRegistrations(OsfTestCase): def setUp(self): super(TestMigrateRegistrations, self).setUp() # Create registration with correct settings self.registration = RegistrationFactory() self.registration.registered_from.piwik_site_id = 1 self.registration.registered_from.save() self.registration.piwik_site_id = 2 self.registration.save() # Create registration with duplicated piwik_site_id self.broken_registration = RegistrationFactory() self.broken_registration.registered_from.piwik_site_id = 3 self.broken_registration.registered_from.save() self.broken_registration.piwik_site_id = 3 self.broken_registration.save() responses.start() responses.add( responses.GET, '{host}index.php?module=API&method=SitesManager.getAllSites&format=JSON&token_auth={auth_token}'.format( host=PIWIK_HOST, auth_token=PIWIK_ADMIN_TOKEN, ), status=200, content_type='application/json', body=json.dumps({ '1': {'name': 'Node: ' + self.registration.registered_from._id}, '2': {'name': 'Node: ' + self.registration._id}, '3': {'name': 'Node: ' + self.broken_registration.registered_from._id}, '4': {'name': 'Node: ' + self.broken_registration._id}, }), match_querystring=True, ) def tearDown(self): super(TestMigrateRegistrations, self).tearDown() Node.remove() responses.stop() responses.reset() piwik_cache._cache = None def test_get_broken_registrations(self): nodes = list(get_broken_registrations()) assert_equal(1, len(nodes)) assert_equal( self.broken_registration, nodes[0] ) def test_fix_registrations(self): assert_equal( 1, fix_nodes(get_broken_registrations()) ) # invalidate m-odm cache Node._clear_caches() broken_nodes = list(get_broken_registrations()) assert_equal(0, len(broken_nodes)) assert_is_none( self.broken_registration.piwik_site_id ) assert_is_not_none( self.broken_registration.registered_from.piwik_site_id )
class TestRetractRegistrations(OsfTestCase): def setUp(self): super(TestRetractRegistrations, self).setUp() self.user = UserFactory() self.registration = RegistrationFactory(creator=self.user) self.registration.embargo_registration( self.user, timezone.now() + timedelta(days=10)) self.registration.save() def test_new_embargo_should_be_unapproved(self): assert_true(self.registration.is_pending_embargo) assert_false(self.registration.embargo_end_date) main(dry_run=False) assert_true(self.registration.is_pending_embargo) assert_false(self.registration.embargo_end_date) def test_should_not_activate_pending_embargo_less_than_48_hours_old(self): # Embargo#iniation_date is read only self.registration.embargo._fields['initiation_date'].__set__( self.registration.embargo, (timezone.now() - timedelta(hours=47)), safe=True) self.registration.embargo.save() assert_false(self.registration.embargo_end_date) main(dry_run=False) assert_false(self.registration.embargo_end_date) def test_should_activate_pending_embargo_that_is_48_hours_old(self): # Embargo#iniation_date is read only self.registration.embargo._fields['initiation_date'].__set__( self.registration.embargo, (timezone.now() - timedelta(hours=48)), safe=True) self.registration.embargo.save() assert_true(self.registration.is_pending_embargo) assert_false(self.registration.embargo_end_date) main(dry_run=False) assert_false(self.registration.is_pending_embargo) assert_true(self.registration.embargo_end_date) def test_should_activate_pending_embargo_more_than_48_hours_old(self): # Embargo#iniation_date is read only self.registration.embargo._fields['initiation_date'].__set__( self.registration.embargo, (timezone.now() - timedelta(days=365)), safe=True) self.registration.embargo.save() assert_true(self.registration.is_pending_embargo) assert_false(self.registration.embargo_end_date) main(dry_run=False) assert_false(self.registration.is_pending_embargo) assert_true(self.registration.embargo_end_date) def test_embargo_past_end_date_should_be_completed(self): approval_token = self.registration.embargo.approval_state[ self.user._id]['approval_token'] self.registration.embargo.approve_embargo(self.user, approval_token) self.registration.save() assert_true(self.registration.embargo_end_date) assert_false(self.registration.is_pending_embargo) # Embargo#iniation_date is read only self.registration.embargo._fields['end_date'].__set__( self.registration.embargo, (timezone.now() - timedelta(days=1)), safe=True) self.registration.embargo.save() assert_false(self.registration.is_public) main(dry_run=False) assert_true(self.registration.is_public) assert_false(self.registration.embargo_end_date) assert_false(self.registration.is_pending_embargo) assert_equal(self.registration.embargo.state, 'completed') def test_embargo_before_end_date_should_not_be_completed(self): approval_token = self.registration.embargo.approval_state[ self.user._id]['approval_token'] self.registration.embargo.approve_embargo(self.user, approval_token) self.registration.save() assert_true(self.registration.embargo_end_date) assert_false(self.registration.is_pending_embargo) # Embargo#iniation_date is read only self.registration.embargo._fields['end_date'].__set__( self.registration.embargo, (timezone.now() + timedelta(days=1)), safe=True) self.registration.embargo.save() assert_false(self.registration.is_public) main(dry_run=False) assert_false(self.registration.is_public) assert_true(self.registration.embargo_end_date) assert_false(self.registration.is_pending_embargo) def test_embargo_approval_adds_to_parent_projects_log(self): initial_project_logs = len(self.registration.registered_from.logs) # Embargo#iniation_date is read only self.registration.embargo._fields['initiation_date'].__set__( self.registration.embargo, (timezone.now() - timedelta(days=365)), safe=True) self.registration.embargo.save() main(dry_run=False) # Logs: Created, made public, registered, embargo initiated, embargo approved embargo_approved_log = self.registration.registered_from.logs[ initial_project_logs + 1] assert_equal(len(self.registration.registered_from.logs), initial_project_logs + 1) assert_equal(embargo_approved_log.params['node'], self.registration.registered_from._id) def test_embargo_completion_adds_to_parent_projects_log(self): initial_project_logs = len(self.registration.registered_from.logs) approval_token = self.registration.embargo.approval_state[ self.user._id]['approval_token'] self.registration.embargo.approve_embargo(self.user, approval_token) self.registration.save() # Embargo#iniation_date is read only self.registration.embargo._fields['end_date'].__set__( self.registration.embargo, (timezone.now() - timedelta(days=1)), safe=True) self.registration.embargo.save() main(dry_run=False) # Logs: Created, made public, registered, embargo initiated, embargo approved, embargo completed embargo_completed_log = self.registration.registered_from.logs[ initial_project_logs + 1] assert_equal(len(self.registration.registered_from.logs), initial_project_logs + 2) assert_equal(embargo_completed_log.params['node'], self.registration.registered_from._id)
class RegistrationEmbargoModelsTestCase(OsfTestCase): def setUp(self): super(RegistrationEmbargoModelsTestCase, self).setUp() self.user = UserFactory() self.project = ProjectFactory(creator=self.user) self.registration = RegistrationFactory(project=self.project) self.embargo = EmbargoFactory(user=self.user) self.valid_embargo_end_date = datetime.datetime.utcnow( ) + datetime.timedelta(days=3) # Node#_initiate_embargo tests def test__initiate_embargo_saves_embargo(self): initial_count = Embargo.find().count() self.registration._initiate_embargo(self.user, self.valid_embargo_end_date, for_existing_registration=True) assert_equal(Embargo.find().count(), initial_count + 1) def test__initiate_embargo_does_not_create_tokens_for_unregistered_admin( self): unconfirmed_user = UnconfirmedUserFactory() self.registration.contributors.append(unconfirmed_user) self.registration.add_permission(unconfirmed_user, 'admin', save=True) assert_true(self.registration.has_permission(unconfirmed_user, 'admin')) embargo = self.registration._initiate_embargo( self.user, self.valid_embargo_end_date, for_existing_registration=True) assert_true(self.user._id in embargo.approval_state) assert_false(unconfirmed_user._id in embargo.approval_state) def test__initiate_embargo_with_save_does_save_embargo(self): initial_count = Embargo.find().count() self.registration._initiate_embargo( self.user, self.valid_embargo_end_date, for_existing_registration=True, ) assert_equal(Embargo.find().count(), initial_count + 1) # Backref tests def test_embargo_initiator_has_backref(self): self.registration.embargo_registration(self.user, self.valid_embargo_end_date) self.registration.save() self.registration.reload() assert_equal(len(self.user.embargo__embargoed), Embargo.find(Q('initiated_by', 'eq', self.user)).count()) # Node#embargo_registration tests def test_embargo_from_non_admin_raises_PermissionsError(self): self.registration.remove_permission(self.user, 'admin') self.registration.save() self.registration.reload() with assert_raises(PermissionsError): self.registration.embargo_registration(self.user, self.valid_embargo_end_date) def test_embargo_end_date_in_past_raises_ValidationValueError(self): with assert_raises(ValidationValueError): self.registration.embargo_registration( self.user, datetime.datetime(1999, 1, 1)) def test_embargo_end_date_today_raises_ValidationValueError(self): with assert_raises(ValidationValueError): self.registration.embargo_registration(self.user, datetime.datetime.utcnow()) def test_embargo_end_date_in_far_future_raises_ValidationValueError(self): with assert_raises(ValidationValueError): self.registration.embargo_registration( self.user, datetime.datetime(2099, 1, 1)) def test_embargo_with_valid_end_date_starts_pending_embargo(self): self.registration.embargo_registration( self.user, datetime.datetime.utcnow() + datetime.timedelta(days=10)) self.registration.save() assert_true(self.registration.is_pending_embargo) def test_embargo_public_project_makes_private_pending_embargo(self): self.registration.is_public = True assert_true(self.registration.is_public) self.registration.embargo_registration( self.user, datetime.datetime.utcnow() + datetime.timedelta(days=10)) self.registration.save() assert_true(self.registration.is_pending_embargo) assert_false(self.registration.is_public) def test_embargo_non_registration_raises_NodeStateError(self): self.registration.is_registration = False self.registration.save() with assert_raises(NodeStateError): self.registration.embargo_registration( self.user, datetime.datetime.utcnow() + datetime.timedelta(days=10)) assert_false(self.registration.is_pending_embargo) # Embargo#approve_embargo tests def test_invalid_approval_token_raises_InvalidSanctionApprovalToken(self): self.registration.embargo_registration( self.user, datetime.datetime.utcnow() + datetime.timedelta(days=10)) self.registration.save() assert_true(self.registration.is_pending_embargo) invalid_approval_token = 'not a real token' with assert_raises(InvalidSanctionApprovalToken): self.registration.embargo.approve_embargo(self.user, invalid_approval_token) assert_true(self.registration.is_pending_embargo) def test_non_admin_approval_token_raises_PermissionsError(self): non_admin = UserFactory() self.registration.embargo_registration( self.user, datetime.datetime.utcnow() + datetime.timedelta(days=10)) self.registration.save() assert_true(self.registration.is_pending_embargo) approval_token = self.registration.embargo.approval_state[ self.user._id]['approval_token'] with assert_raises(PermissionsError): self.registration.embargo.approve_embargo(non_admin, approval_token) assert_true(self.registration.is_pending_embargo) def test_one_approval_with_one_admin_embargoes(self): self.registration.embargo_registration( self.user, datetime.datetime.utcnow() + datetime.timedelta(days=10)) self.registration.save() assert_true(self.registration.is_pending_embargo) approval_token = self.registration.embargo.approval_state[ self.user._id]['approval_token'] self.registration.embargo.approve_embargo(self.user, approval_token) assert_true(self.registration.embargo_end_date) assert_false(self.registration.is_pending_embargo) def test_approval_adds_to_parent_projects_log(self): initial_project_logs = len(self.registration.registered_from.logs) self.registration.embargo_registration( self.user, datetime.datetime.utcnow() + datetime.timedelta(days=10)) self.registration.save() approval_token = self.registration.embargo.approval_state[ self.user._id]['approval_token'] self.registration.embargo.approve_embargo(self.user, approval_token) # Logs: Created, registered, embargo initiated, embargo approved assert_equal(len(self.registration.registered_from.logs), initial_project_logs + 2) def test_one_approval_with_two_admins_stays_pending(self): admin2 = UserFactory() self.registration.contributors.append(admin2) self.registration.add_permission(admin2, 'admin', save=True) self.registration.embargo_registration( self.user, datetime.datetime.utcnow() + datetime.timedelta(days=10)) self.registration.save() # First admin approves approval_token = self.registration.embargo.approval_state[ self.user._id]['approval_token'] self.registration.embargo.approve_embargo(self.user, approval_token) assert_true(self.registration.is_pending_embargo) num_of_approvals = sum([ val['has_approved'] for val in self.registration.embargo.approval_state.values() ]) assert_equal(num_of_approvals, 1) # Second admin approves approval_token = self.registration.embargo.approval_state[ admin2._id]['approval_token'] self.registration.embargo.approve_embargo(admin2, approval_token) assert_true(self.registration.embargo_end_date) assert_false(self.registration.is_pending_embargo) num_of_approvals = sum([ val['has_approved'] for val in self.registration.embargo.approval_state.values() ]) assert_equal(num_of_approvals, 2) # Embargo#disapprove_embargo tests def test_invalid_rejection_token_raises_InvalidSanctionRejectionToken( self): self.registration.embargo_registration( self.user, datetime.datetime.utcnow() + datetime.timedelta(days=10)) self.registration.save() assert_true(self.registration.is_pending_embargo) with assert_raises(InvalidSanctionRejectionToken): self.registration.embargo.disapprove_embargo( self.user, fake.sentence()) assert_true(self.registration.is_pending_embargo) def test_non_admin_rejection_token_raises_PermissionsError(self): non_admin = UserFactory() self.registration.embargo_registration( self.user, datetime.datetime.utcnow() + datetime.timedelta(days=10)) self.registration.save() assert_true(self.registration.is_pending_embargo) rejection_token = self.registration.embargo.approval_state[ self.user._id]['rejection_token'] with assert_raises(PermissionsError): self.registration.embargo.disapprove_embargo( non_admin, rejection_token) assert_true(self.registration.is_pending_embargo) def test_one_disapproval_cancels_embargo(self): self.registration.embargo_registration( self.user, datetime.datetime.utcnow() + datetime.timedelta(days=10)) self.registration.save() assert_true(self.registration.is_pending_embargo) rejection_token = self.registration.embargo.approval_state[ self.user._id]['rejection_token'] self.registration.embargo.disapprove_embargo(self.user, rejection_token) assert_equal(self.registration.embargo.state, Embargo.REJECTED) assert_false(self.registration.is_pending_embargo) def test_disapproval_adds_to_parent_projects_log(self): initial_project_logs = len(self.registration.registered_from.logs) self.registration.embargo_registration( self.user, datetime.datetime.utcnow() + datetime.timedelta(days=10)) self.registration.save() rejection_token = self.registration.embargo.approval_state[ self.user._id]['rejection_token'] registered_from = self.registration.registered_from self.registration.embargo.disapprove_embargo(self.user, rejection_token) # Logs: Created, registered, embargo initiated, embargo cancelled assert_equal(len(registered_from.logs), initial_project_logs + 2) def test_cancelling_embargo_deletes_parent_registration(self): self.registration.embargo_registration( self.user, datetime.datetime.utcnow() + datetime.timedelta(days=10)) self.registration.save() rejection_token = self.registration.embargo.approval_state[ self.user._id]['rejection_token'] self.registration.embargo.disapprove_embargo(self.user, rejection_token) assert_equal(self.registration.embargo.state, Embargo.REJECTED) assert_true(self.registration.is_deleted) def test_cancelling_embargo_deletes_component_registrations(self): component = NodeFactory(creator=self.user, parent=self.project, title='Component') subcomponent = NodeFactory(creator=self.user, parent=component, title='Subcomponent') project_registration = RegistrationFactory(project=self.project) component_registration = project_registration.nodes[0] subcomponent_registration = component_registration.nodes[0] project_registration.embargo_registration( self.user, datetime.datetime.utcnow() + datetime.timedelta(days=10)) project_registration.save() rejection_token = project_registration.embargo.approval_state[ self.user._id]['rejection_token'] project_registration.embargo.disapprove_embargo( self.user, rejection_token) assert_equal(project_registration.embargo.state, Embargo.REJECTED) assert_true(project_registration.is_deleted) assert_true(component_registration.is_deleted) assert_true(subcomponent_registration.is_deleted) def test_cancelling_embargo_for_existing_registration_does_not_delete_registration( self): self.registration.embargo_registration(self.user, datetime.datetime.utcnow() + datetime.timedelta(days=10), for_existing_registration=True) self.registration.save() rejection_token = self.registration.embargo.approval_state[ self.user._id]['rejection_token'] self.registration.embargo.disapprove_embargo(self.user, rejection_token) assert_equal(self.registration.embargo.state, Embargo.REJECTED) assert_false(self.registration.is_deleted) def test_rejecting_embargo_for_existing_registration_does_not_deleted_component_registrations( self): component = NodeFactory(creator=self.user, parent=self.project, title='Component') subcomponent = NodeFactory(creator=self.user, parent=component, title='Subcomponent') project_registration = RegistrationFactory(project=self.project) component_registration = project_registration.nodes[0] subcomponent_registration = component_registration.nodes[0] project_registration.embargo_registration( self.user, datetime.datetime.utcnow() + datetime.timedelta(days=10), for_existing_registration=True) rejection_token = project_registration.embargo.approval_state[ self.user._id]['rejection_token'] project_registration.embargo.disapprove_embargo( self.user, rejection_token) project_registration.save() assert_equal(project_registration.embargo.state, Embargo.REJECTED) assert_false(project_registration.is_deleted) assert_false(component_registration.is_deleted) assert_false(subcomponent_registration.is_deleted) # Embargo property tests def test_new_registration_is_pending_registration(self): self.registration.embargo_registration( self.user, datetime.datetime.utcnow() + datetime.timedelta(days=10)) self.registration.save() assert_true( self.registration.is_pending_embargo_for_existing_registration) def test_existing_registration_is_not_pending_registration(self): self.registration.embargo_registration(self.user, datetime.datetime.utcnow() + datetime.timedelta(days=10), for_existing_registration=True) self.registration.save() assert_false( self.registration.is_pending_embargo_for_existing_registration)
class RegistrationEmbargoModelsTestCase(OsfTestCase): def setUp(self): super(RegistrationEmbargoModelsTestCase, self).setUp() self.user = UserFactory() self.project = ProjectFactory(creator=self.user) self.registration = RegistrationFactory(project=self.project) self.embargo = EmbargoFactory(user=self.user) self.valid_embargo_end_date = datetime.datetime.utcnow() + datetime.timedelta(days=3) # Node#_initiate_embargo tests def test__initiate_embargo_saves_embargo(self): initial_count = Embargo.find().count() self.registration._initiate_embargo(self.user, self.valid_embargo_end_date, for_existing_registration=True) assert_equal(Embargo.find().count(), initial_count + 1) def test__initiate_embargo_does_not_create_tokens_for_unregistered_admin(self): unconfirmed_user = UnconfirmedUserFactory() self.registration.contributors.append(unconfirmed_user) self.registration.add_permission(unconfirmed_user, "admin", save=True) assert_true(self.registration.has_permission(unconfirmed_user, "admin")) embargo = self.registration._initiate_embargo( self.user, self.valid_embargo_end_date, for_existing_registration=True ) assert_true(self.user._id in embargo.approval_state) assert_false(unconfirmed_user._id in embargo.approval_state) def test__initiate_embargo_with_save_does_save_embargo(self): initial_count = Embargo.find().count() self.registration._initiate_embargo(self.user, self.valid_embargo_end_date, for_existing_registration=True) assert_equal(Embargo.find().count(), initial_count + 1) # Backref tests def test_embargo_initiator_has_backref(self): self.registration.embargo_registration(self.user, self.valid_embargo_end_date) self.registration.save() self.registration.reload() assert_equal(len(self.user.embargo__embargoed), Embargo.find(Q("initiated_by", "eq", self.user)).count()) # Node#embargo_registration tests def test_embargo_from_non_admin_raises_PermissionsError(self): self.registration.remove_permission(self.user, "admin") self.registration.save() self.registration.reload() with assert_raises(PermissionsError): self.registration.embargo_registration(self.user, self.valid_embargo_end_date) def test_embargo_end_date_in_past_raises_ValidationValueError(self): with assert_raises(ValidationValueError): self.registration.embargo_registration(self.user, datetime.datetime(1999, 1, 1)) def test_embargo_end_date_today_raises_ValidationValueError(self): with assert_raises(ValidationValueError): self.registration.embargo_registration(self.user, datetime.datetime.utcnow()) def test_embargo_end_date_in_far_future_raises_ValidationValueError(self): with assert_raises(ValidationValueError): self.registration.embargo_registration(self.user, datetime.datetime(2099, 1, 1)) def test_embargo_with_valid_end_date_starts_pending_embargo(self): self.registration.embargo_registration(self.user, datetime.datetime.utcnow() + datetime.timedelta(days=10)) self.registration.save() assert_true(self.registration.is_pending_embargo) def test_embargo_public_project_makes_private_pending_embargo(self): self.registration.is_public = True assert_true(self.registration.is_public) self.registration.embargo_registration(self.user, datetime.datetime.utcnow() + datetime.timedelta(days=10)) self.registration.save() assert_true(self.registration.is_pending_embargo) assert_false(self.registration.is_public) def test_embargo_non_registration_raises_NodeStateError(self): self.registration.is_registration = False self.registration.save() with assert_raises(NodeStateError): self.registration.embargo_registration(self.user, datetime.datetime.utcnow() + datetime.timedelta(days=10)) assert_false(self.registration.is_pending_embargo) # Embargo#approve_embargo tests def test_invalid_approval_token_raises_InvalidSanctionApprovalToken(self): self.registration.embargo_registration(self.user, datetime.datetime.utcnow() + datetime.timedelta(days=10)) self.registration.save() assert_true(self.registration.is_pending_embargo) invalid_approval_token = "not a real token" with assert_raises(InvalidSanctionApprovalToken): self.registration.embargo.approve_embargo(self.user, invalid_approval_token) assert_true(self.registration.is_pending_embargo) def test_non_admin_approval_token_raises_PermissionsError(self): non_admin = UserFactory() self.registration.embargo_registration(self.user, datetime.datetime.utcnow() + datetime.timedelta(days=10)) self.registration.save() assert_true(self.registration.is_pending_embargo) approval_token = self.registration.embargo.approval_state[self.user._id]["approval_token"] with assert_raises(PermissionsError): self.registration.embargo.approve_embargo(non_admin, approval_token) assert_true(self.registration.is_pending_embargo) def test_one_approval_with_one_admin_embargoes(self): self.registration.embargo_registration(self.user, datetime.datetime.utcnow() + datetime.timedelta(days=10)) self.registration.save() assert_true(self.registration.is_pending_embargo) approval_token = self.registration.embargo.approval_state[self.user._id]["approval_token"] self.registration.embargo.approve_embargo(self.user, approval_token) assert_true(self.registration.embargo_end_date) assert_false(self.registration.is_pending_embargo) def test_approval_adds_to_parent_projects_log(self): initial_project_logs = len(self.registration.registered_from.logs) self.registration.embargo_registration(self.user, datetime.datetime.utcnow() + datetime.timedelta(days=10)) self.registration.save() approval_token = self.registration.embargo.approval_state[self.user._id]["approval_token"] self.registration.embargo.approve_embargo(self.user, approval_token) # Logs: Created, registered, embargo initiated, embargo approved assert_equal(len(self.registration.registered_from.logs), initial_project_logs + 2) def test_one_approval_with_two_admins_stays_pending(self): admin2 = UserFactory() self.registration.contributors.append(admin2) self.registration.add_permission(admin2, "admin", save=True) self.registration.embargo_registration(self.user, datetime.datetime.utcnow() + datetime.timedelta(days=10)) self.registration.save() # First admin approves approval_token = self.registration.embargo.approval_state[self.user._id]["approval_token"] self.registration.embargo.approve_embargo(self.user, approval_token) assert_true(self.registration.is_pending_embargo) num_of_approvals = sum([val["has_approved"] for val in self.registration.embargo.approval_state.values()]) assert_equal(num_of_approvals, 1) # Second admin approves approval_token = self.registration.embargo.approval_state[admin2._id]["approval_token"] self.registration.embargo.approve_embargo(admin2, approval_token) assert_true(self.registration.embargo_end_date) assert_false(self.registration.is_pending_embargo) num_of_approvals = sum([val["has_approved"] for val in self.registration.embargo.approval_state.values()]) assert_equal(num_of_approvals, 2) # Embargo#disapprove_embargo tests def test_invalid_rejection_token_raises_InvalidSanctionRejectionToken(self): self.registration.embargo_registration(self.user, datetime.datetime.utcnow() + datetime.timedelta(days=10)) self.registration.save() assert_true(self.registration.is_pending_embargo) with assert_raises(InvalidSanctionRejectionToken): self.registration.embargo.disapprove_embargo(self.user, fake.sentence()) assert_true(self.registration.is_pending_embargo) def test_non_admin_rejection_token_raises_PermissionsError(self): non_admin = UserFactory() self.registration.embargo_registration(self.user, datetime.datetime.utcnow() + datetime.timedelta(days=10)) self.registration.save() assert_true(self.registration.is_pending_embargo) rejection_token = self.registration.embargo.approval_state[self.user._id]["rejection_token"] with assert_raises(PermissionsError): self.registration.embargo.disapprove_embargo(non_admin, rejection_token) assert_true(self.registration.is_pending_embargo) def test_one_disapproval_cancels_embargo(self): self.registration.embargo_registration(self.user, datetime.datetime.utcnow() + datetime.timedelta(days=10)) self.registration.save() assert_true(self.registration.is_pending_embargo) rejection_token = self.registration.embargo.approval_state[self.user._id]["rejection_token"] self.registration.embargo.disapprove_embargo(self.user, rejection_token) assert_equal(self.registration.embargo.state, Embargo.REJECTED) assert_false(self.registration.is_pending_embargo) def test_disapproval_adds_to_parent_projects_log(self): initial_project_logs = len(self.registration.registered_from.logs) self.registration.embargo_registration(self.user, datetime.datetime.utcnow() + datetime.timedelta(days=10)) self.registration.save() rejection_token = self.registration.embargo.approval_state[self.user._id]["rejection_token"] registered_from = self.registration.registered_from self.registration.embargo.disapprove_embargo(self.user, rejection_token) # Logs: Created, registered, embargo initiated, embargo cancelled assert_equal(len(registered_from.logs), initial_project_logs + 2) def test_cancelling_embargo_deletes_parent_registration(self): self.registration.embargo_registration(self.user, datetime.datetime.utcnow() + datetime.timedelta(days=10)) self.registration.save() rejection_token = self.registration.embargo.approval_state[self.user._id]["rejection_token"] self.registration.embargo.disapprove_embargo(self.user, rejection_token) assert_equal(self.registration.embargo.state, Embargo.REJECTED) assert_true(self.registration.is_deleted) def test_cancelling_embargo_deletes_component_registrations(self): component = NodeFactory(creator=self.user, parent=self.project, title="Component") subcomponent = NodeFactory(creator=self.user, parent=component, title="Subcomponent") project_registration = RegistrationFactory(project=self.project) component_registration = project_registration.nodes[0] subcomponent_registration = component_registration.nodes[0] project_registration.embargo_registration(self.user, datetime.datetime.utcnow() + datetime.timedelta(days=10)) project_registration.save() rejection_token = project_registration.embargo.approval_state[self.user._id]["rejection_token"] project_registration.embargo.disapprove_embargo(self.user, rejection_token) assert_equal(project_registration.embargo.state, Embargo.REJECTED) assert_true(project_registration.is_deleted) assert_true(component_registration.is_deleted) assert_true(subcomponent_registration.is_deleted) def test_cancelling_embargo_for_existing_registration_does_not_delete_registration(self): self.registration.embargo_registration( self.user, datetime.datetime.utcnow() + datetime.timedelta(days=10), for_existing_registration=True ) self.registration.save() rejection_token = self.registration.embargo.approval_state[self.user._id]["rejection_token"] self.registration.embargo.disapprove_embargo(self.user, rejection_token) assert_equal(self.registration.embargo.state, Embargo.REJECTED) assert_false(self.registration.is_deleted) def test_rejecting_embargo_for_existing_registration_does_not_deleted_component_registrations(self): component = NodeFactory(creator=self.user, parent=self.project, title="Component") subcomponent = NodeFactory(creator=self.user, parent=component, title="Subcomponent") project_registration = RegistrationFactory(project=self.project) component_registration = project_registration.nodes[0] subcomponent_registration = component_registration.nodes[0] project_registration.embargo_registration( self.user, datetime.datetime.utcnow() + datetime.timedelta(days=10), for_existing_registration=True ) rejection_token = project_registration.embargo.approval_state[self.user._id]["rejection_token"] project_registration.embargo.disapprove_embargo(self.user, rejection_token) project_registration.save() assert_equal(project_registration.embargo.state, Embargo.REJECTED) assert_false(project_registration.is_deleted) assert_false(component_registration.is_deleted) assert_false(subcomponent_registration.is_deleted) # Embargo property tests def test_new_registration_is_pending_registration(self): self.registration.embargo_registration(self.user, datetime.datetime.utcnow() + datetime.timedelta(days=10)) self.registration.save() assert_true(self.registration.is_pending_embargo_for_existing_registration) def test_existing_registration_is_not_pending_registration(self): self.registration.embargo_registration( self.user, datetime.datetime.utcnow() + datetime.timedelta(days=10), for_existing_registration=True ) self.registration.save() assert_false(self.registration.is_pending_embargo_for_existing_registration)
class RegistrationWithChildNodesEmbargoModelTestCase(OsfTestCase): def setUp(self): super(RegistrationWithChildNodesEmbargoModelTestCase, self).setUp() self.user = AuthUserFactory() self.auth = self.user.auth self.valid_embargo_end_date = datetime.datetime.utcnow( ) + datetime.timedelta(days=3) self.project = ProjectFactory(title='Root', is_public=False, creator=self.user) self.component = NodeFactory(creator=self.user, parent=self.project, title='Component') self.subproject = ProjectFactory(creator=self.user, parent=self.project, title='Subproject') self.subproject_component = NodeFactory(creator=self.user, parent=self.subproject, title='Subcomponent') self.registration = RegistrationFactory(project=self.project) # Reload the registration; else tests won't catch failures to save self.registration.reload() def test_approval_embargoes_descendant_nodes(self): # Initiate embargo for parent registration self.registration.embargo_registration(self.user, self.valid_embargo_end_date) self.registration.save() assert_true(self.registration.is_pending_embargo) # Ensure descendant nodes are pending embargo descendants = self.registration.get_descendants_recursive() for node in descendants: assert_true(node.is_pending_embargo) # Approve parent registration's embargo approval_token = self.registration.embargo.approval_state[ self.user._id]['approval_token'] self.registration.embargo.approve_embargo(self.user, approval_token) assert_true(self.registration.embargo.embargo_end_date) # Ensure descendant nodes are in embargo descendants = self.registration.get_descendants_recursive() for node in descendants: assert_true(node.embargo_end_date) def test_disapproval_cancels_embargo_on_descendant_nodes(self): # Initiate embargo on parent registration self.registration.embargo_registration(self.user, self.valid_embargo_end_date) self.registration.save() assert_true(self.registration.is_pending_embargo) # Ensure descendant nodes are pending embargo descendants = self.registration.get_descendants_recursive() for node in descendants: assert_true(node.is_pending_embargo) # Disapprove parent registration's embargo rejection_token = self.registration.embargo.approval_state[ self.user._id]['rejection_token'] self.registration.embargo.disapprove_embargo(self.user, rejection_token) assert_false(self.registration.is_pending_embargo) assert_equal(self.registration.embargo.state, Embargo.REJECTED) # Ensure descendant nodes' embargoes are cancelled descendants = self.registration.get_descendants_recursive() for node in descendants: assert_false(node.is_pending_embargo) assert_false(node.embargo_end_date)
class RegistrationEmbargoApprovalDisapprovalViewsTestCase(OsfTestCase): def setUp(self): super(RegistrationEmbargoApprovalDisapprovalViewsTestCase, self).setUp() self.user = AuthUserFactory() self.registration = RegistrationFactory(creator=self.user) # node_registration_embargo_approve tests def test_GET_from_unauthorized_user_raises_HTTPForbidden(self): unauthorized_user = AuthUserFactory() res = self.app.get( self.registration.web_url_for("view_project", token=DUMMY_TOKEN), auth=unauthorized_user.auth, expect_errors=True, ) assert_equal(res.status_code, 403) def test_GET_approve_registration_without_embargo_raises_HTTPBad_Request(self): assert_false(self.registration.is_pending_embargo) res = self.app.get( self.registration.web_url_for("view_project", token=DUMMY_TOKEN), auth=self.user.auth, expect_errors=True ) assert_equal(res.status_code, 400) def test_GET_approve_with_invalid_token_returns_HTTPBad_Request(self): self.registration.embargo_registration(self.user, datetime.datetime.utcnow() + datetime.timedelta(days=10)) self.registration.save() assert_true(self.registration.is_pending_embargo) res = self.app.get( self.registration.web_url_for("view_project", token=DUMMY_TOKEN), auth=self.user.auth, expect_errors=True ) assert_equal(res.status_code, 400) def test_GET_approve_with_wrong_token_returns_HTTPBad_Request(self): admin2 = UserFactory() self.registration.contributors.append(admin2) self.registration.add_permission(admin2, "admin", save=True) self.registration.embargo_registration(self.user, datetime.datetime.utcnow() + datetime.timedelta(days=10)) self.registration.save() assert_true(self.registration.is_pending_embargo) wrong_approval_token = self.registration.embargo.approval_state[admin2._id]["approval_token"] res = self.app.get( self.registration.web_url_for("view_project", token=wrong_approval_token), auth=self.user.auth, expect_errors=True, ) assert_equal(res.status_code, 400) def test_GET_approve_with_wrong_admins_token_returns_HTTPBad_Request(self): admin2 = UserFactory() self.registration.contributors.append(admin2) self.registration.add_permission(admin2, "admin", save=True) self.registration.embargo_registration(self.user, datetime.datetime.utcnow() + datetime.timedelta(days=10)) self.registration.save() assert_true(self.registration.is_pending_embargo) wrong_approval_token = self.registration.embargo.approval_state[admin2._id]["approval_token"] res = self.app.get( self.registration.web_url_for("view_project", token=wrong_approval_token), auth=self.user.auth, expect_errors=True, ) assert_true(self.registration.is_pending_embargo) assert_equal(res.status_code, 400) @mock.patch("flask.redirect") def test_GET_approve_with_valid_token_redirects(self, mock_redirect): self.registration.embargo_registration(self.user, datetime.datetime.utcnow() + datetime.timedelta(days=10)) self.registration.save() assert_true(self.registration.is_pending_embargo) approval_token = self.registration.embargo.approval_state[self.user._id]["approval_token"] self.app.get(self.registration.web_url_for("view_project", token=approval_token), auth=self.user.auth) self.registration.embargo.reload() assert_true(self.registration.embargo_end_date) assert_false(self.registration.is_pending_embargo) assert_true(mock_redirect.called_with(self.registration.web_url_for("view_project"))) def test_GET_from_unauthorized_user_returns_HTTPForbidden(self): unauthorized_user = AuthUserFactory() res = self.app.get( self.registration.web_url_for("view_project", token=DUMMY_TOKEN), auth=unauthorized_user.auth, expect_errors=True, ) assert_equal(res.status_code, 403) def test_GET_disapprove_registration_without_embargo_HTTPBad_Request(self): assert_false(self.registration.is_pending_embargo) res = self.app.get( self.registration.web_url_for("view_project", token=DUMMY_TOKEN), auth=self.user.auth, expect_errors=True ) assert_equal(res.status_code, 400) def test_GET_disapprove_with_invalid_token_returns_HTTPBad_Request(self): self.registration.embargo_registration(self.user, datetime.datetime.utcnow() + datetime.timedelta(days=10)) self.registration.save() assert_true(self.registration.is_pending_embargo) res = self.app.get( self.registration.web_url_for("view_project", token=DUMMY_TOKEN), auth=self.user.auth, expect_errors=True ) self.registration.embargo.reload() assert_true(self.registration.is_pending_embargo) assert_equal(res.status_code, 400) def test_GET_disapprove_with_wrong_admins_token_returns_HTTPBad_Request(self): admin2 = UserFactory() self.registration.contributors.append(admin2) self.registration.add_permission(admin2, "admin", save=True) self.registration.embargo_registration(self.user, datetime.datetime.utcnow() + datetime.timedelta(days=10)) self.registration.save() assert_true(self.registration.is_pending_embargo) wrong_rejection_token = self.registration.embargo.approval_state[admin2._id]["rejection_token"] res = self.app.get( self.registration.web_url_for("view_project", token=wrong_rejection_token), auth=self.user.auth, expect_errors=True, ) assert_true(self.registration.is_pending_embargo) assert_equal(res.status_code, 400) def test_GET_disapprove_with_valid_token_returns_redirect_to_parent(self): project = ProjectFactory(creator=self.user) registration = RegistrationFactory(project=project) registration.embargo_registration(self.user, datetime.datetime.utcnow() + datetime.timedelta(days=10)) registration.save() assert_true(registration.is_pending_embargo) rejection_token = registration.embargo.approval_state[self.user._id]["rejection_token"] res = self.app.get(registration.web_url_for("view_project", token=rejection_token), auth=self.user.auth) registration.embargo.reload() assert_equal(registration.embargo.state, Embargo.REJECTED) assert_false(registration.is_pending_embargo) assert_equal(res.status_code, 302) @mock.patch("flask.redirect") def test_GET_disapprove_for_existing_registration_with_valid_token_redirects_to_registration(self, mock_redirect): self.registration.embargo_registration( self.user, datetime.datetime.utcnow() + datetime.timedelta(days=10), for_existing_registration=True ) self.registration.save() assert_true(self.registration.is_pending_embargo) rejection_token = self.registration.embargo.approval_state[self.user._id]["rejection_token"] res = self.app.get(self.registration.web_url_for("view_project", token=rejection_token), auth=self.user.auth) self.registration.embargo.reload() assert_equal(self.registration.embargo.state, Embargo.REJECTED) assert_false(self.registration.is_pending_embargo) assert_true(mock_redirect.called_with(self.registration.web_url_for("view_project")))
class RegistrationEmbargoViewsTestCase(OsfTestCase): def setUp(self): super(RegistrationEmbargoViewsTestCase, self).setUp() ensure_schemas() self.user = AuthUserFactory() self.project = ProjectFactory(creator=self.user) self.draft = DraftRegistrationFactory(branched_from=self.project) self.registration = RegistrationFactory(project=self.project, creator=self.user) current_month = datetime.datetime.now().strftime("%B") current_year = datetime.datetime.now().strftime("%Y") self.valid_make_public_payload = json.dumps({ u'embargoEndDate': u'Fri, 01, {month} {year} 00:00:00 GMT'.format( month=current_month, year=current_year ), u'registrationChoice': 'immediate', u'summary': unicode(fake.sentence()) }) valid_date = datetime.datetime.now() + datetime.timedelta(days=180) self.valid_embargo_payload = json.dumps({ u'embargoEndDate': unicode(valid_date.strftime('%a, %d, %B %Y %H:%M:%S')) + u' GMT', u'registrationChoice': 'embargo', u'summary': unicode(fake.sentence()) }) self.invalid_embargo_date_payload = json.dumps({ u'embargoEndDate': u"Thu, 01 {month} {year} 05:00:00 GMT".format( month=current_month, year=str(int(current_year)-1) ), u'registrationChoice': 'embargo', u'summary': unicode(fake.sentence()) }) @mock.patch('framework.tasks.handlers.enqueue_task') def test_register_draft_without_embargo_creates_registration_approval(self, mock_enqueue): res = self.app.post( self.project.api_url_for('register_draft_registration', draft_id=self.draft._id), self.valid_make_public_payload, content_type='application/json', auth=self.user.auth ) assert_equal(res.status_code, 202) registration = Node.find().sort('-registered_date')[0] assert_true(registration.is_registration) assert_not_equal(registration.registration_approval, None) # Regression test for https://openscience.atlassian.net/browse/OSF-5039 @mock.patch('framework.tasks.handlers.enqueue_task') def test_POST_register_make_public_immediately_creates_private_pending_registration_for_public_project(self, mock_enqueue): self.project.is_public = True self.project.save() component = NodeFactory( creator=self.user, parent=self.project, title='Component', is_public=True ) subproject = ProjectFactory( creator=self.user, parent=self.project, title='Subproject', is_public=True ) subproject_component = NodeFactory( creator=self.user, parent=subproject, title='Subcomponent', is_public=True ) res = self.app.post( self.project.api_url_for('register_draft_registration', draft_id=self.draft._id), self.valid_make_public_payload, content_type='application/json', auth=self.user.auth ) self.project.reload() assert_equal(res.status_code, 202) assert_equal(res.json['urls']['registrations'], self.project.web_url_for('node_registrations')) # Last node directly registered from self.project registration = Node.find( Q('registered_from', 'eq', self.project) ).sort('-registered_date')[0] assert_true(registration.is_registration) assert_false(registration.is_public) for node in registration.get_descendants_recursive(): assert_true(node.is_registration) assert_false(node.is_public) @mock.patch('framework.tasks.handlers.enqueue_task') def test_POST_register_make_public_does_not_make_children_public(self, mock_enqueue): component = NodeFactory( creator=self.user, parent=self.project, title='Component' ) subproject = ProjectFactory( creator=self.user, parent=self.project, title='Subproject' ) subproject_component = NodeFactory( creator=self.user, parent=subproject, title='Subcomponent' ) res = self.app.post( self.project.api_url_for('register_draft_registration', draft_id=self.draft._id), self.valid_make_public_payload, content_type='application/json', auth=self.user.auth ) self.project.reload() # Last node directly registered from self.project registration = Node.load(self.project.node__registrations[-1]) assert_false(registration.is_public) for node in registration.get_descendants_recursive(): assert_true(node.is_registration) assert_false(node.is_public) @mock.patch('framework.tasks.handlers.enqueue_task') def test_POST_register_embargo_is_not_public(self, mock_enqueue): res = self.app.post( self.project.api_url_for('register_draft_registration', draft_id=self.draft._id), self.valid_embargo_payload, content_type='application/json', auth=self.user.auth ) assert_equal(res.status_code, 202) registration = Node.find().sort('-registered_date')[0] assert_true(registration.is_registration) assert_false(registration.is_public) assert_true(registration.is_pending_embargo_for_existing_registration) assert_is_not_none(registration.embargo) # Regression test for https://openscience.atlassian.net/browse/OSF-5071 @mock.patch('framework.tasks.handlers.enqueue_task') def test_POST_register_embargo_does_not_make_project_or_children_public(self, mock_enqueue): self.project.is_public = True self.project.save() component = NodeFactory( creator=self.user, parent=self.project, title='Component', is_public=True ) subproject = ProjectFactory( creator=self.user, parent=self.project, title='Subproject', is_public=True ) subproject_component = NodeFactory( creator=self.user, parent=subproject, title='Subcomponent', is_public=True ) res = self.app.post( self.project.api_url_for('register_draft_registration', draft_id=self.draft._id), self.valid_embargo_payload, content_type='application/json', auth=self.user.auth ) self.project.reload() assert_equal(res.status_code, 202) assert_equal(res.json['urls']['registrations'], self.project.web_url_for('node_registrations')) # Last node directly registered from self.project registration = Node.find( Q('registered_from', 'eq', self.project) ).sort('-registered_date')[0] assert_true(registration.is_registration) assert_false(registration.is_public) assert_true(registration.is_pending_embargo_for_existing_registration) assert_is_not_none(registration.embargo) for node in registration.get_descendants_recursive(): assert_true(node.is_registration) assert_false(node.is_public) @mock.patch('framework.tasks.handlers.enqueue_task') def test_POST_invalid_embargo_end_date_returns_HTTPBad_Request(self, mock_enqueue): res = self.app.post( self.project.api_url_for('register_draft_registration', draft_id=self.draft._id), self.invalid_embargo_date_payload, content_type='application/json', auth=self.user.auth, expect_errors=True ) assert_equal(res.status_code, 400) @mock.patch('framework.tasks.handlers.enqueue_task') def test_valid_POST_embargo_adds_to_parent_projects_log(self, mock_enquque): initial_project_logs = len(self.project.logs) res = self.app.post( self.project.api_url_for('register_draft_registration', draft_id=self.draft._id), self.valid_embargo_payload, content_type='application/json', auth=self.user.auth ) self.project.reload() # Logs: Created, registered, embargo initiated assert_equal(len(self.project.logs), initial_project_logs + 1) def test_non_contributor_GET_approval_returns_HTTPError(self): non_contributor = AuthUserFactory() self.registration.embargo_registration( self.user, datetime.datetime.utcnow() + datetime.timedelta(days=10) ) self.registration.save() assert_true(self.registration.is_pending_embargo) approval_token = self.registration.embargo.approval_state[self.user._id]['approval_token'] approval_url = self.registration.web_url_for('view_project', token=approval_token) res = self.app.get(approval_url, auth=non_contributor.auth, expect_errors=True) assert_equal(http.FORBIDDEN, res.status_code) assert_true(self.registration.is_pending_embargo) assert_false(self.registration.embargo_end_date) def test_non_contributor_GET_disapproval_returns_HTTPError(self): non_contributor = AuthUserFactory() self.registration.embargo_registration( self.user, datetime.datetime.utcnow() + datetime.timedelta(days=10) ) self.registration.save() assert_true(self.registration.is_pending_embargo) rejection_token = self.registration.embargo.approval_state[self.user._id]['rejection_token'] approval_url = self.registration.web_url_for('view_project', token=rejection_token) res = self.app.get(approval_url, auth=non_contributor.auth, expect_errors=True) assert_equal(http.FORBIDDEN, res.status_code) assert_true(self.registration.is_pending_embargo) assert_false(self.registration.embargo_end_date)
class RegistrationEmbargoModelsTestCase(OsfTestCase): def setUp(self): super(RegistrationEmbargoModelsTestCase, self).setUp() self.user = UserFactory() self.project = ProjectFactory(creator=self.user) self.registration = RegistrationFactory(project=self.project) self.embargo = EmbargoFactory(user=self.user) self.valid_embargo_end_date = datetime.datetime.utcnow() + datetime.timedelta(days=3) # Node#_initiate_embargo tests def test__initiate_embargo_saves_embargo(self): initial_count = Embargo.find().count() self.registration._initiate_embargo( self.user, self.valid_embargo_end_date, for_existing_registration=True ) assert_equal(Embargo.find().count(), initial_count + 1) def test_state_can_be_set_to_complete(self): embargo = EmbargoFactory() embargo.state = Embargo.COMPLETED embargo.save() # should pass validation assert_equal(embargo.state, Embargo.COMPLETED) def test__initiate_embargo_does_not_create_tokens_for_unregistered_admin(self): unconfirmed_user = UnconfirmedUserFactory() self.registration.contributors.append(unconfirmed_user) self.registration.add_permission(unconfirmed_user, 'admin', save=True) assert_true(self.registration.has_permission(unconfirmed_user, 'admin')) embargo = self.registration._initiate_embargo( self.user, self.valid_embargo_end_date, for_existing_registration=True ) assert_true(self.user._id in embargo.approval_state) assert_false(unconfirmed_user._id in embargo.approval_state) def test__initiate_embargo_adds_admins_on_child_nodes(self): project_admin = UserFactory() project_non_admin = UserFactory() child_admin = UserFactory() child_non_admin = UserFactory() grandchild_admin = UserFactory() project = ProjectFactory(creator=project_admin) project.add_contributor(project_non_admin, auth=Auth(project.creator), save=True) child = NodeFactory(creator=child_admin, parent=project) child.add_contributor(child_non_admin, auth=Auth(project.creator), save=True) grandchild = NodeFactory(creator=grandchild_admin, parent=child) # noqa embargo = project._initiate_embargo( project.creator, self.valid_embargo_end_date, for_existing_registration=True ) assert_in(project_admin._id, embargo.approval_state) assert_in(child_admin._id, embargo.approval_state) assert_in(grandchild_admin._id, embargo.approval_state) assert_not_in(project_non_admin._id, embargo.approval_state) assert_not_in(child_non_admin._id, embargo.approval_state) def test__initiate_embargo_with_save_does_save_embargo(self): initial_count = Embargo.find().count() self.registration._initiate_embargo( self.user, self.valid_embargo_end_date, for_existing_registration=True, ) assert_equal(Embargo.find().count(), initial_count + 1) # Backref tests def test_embargo_initiator_has_backref(self): self.registration.embargo_registration( self.user, self.valid_embargo_end_date ) self.registration.save() self.registration.reload() assert_equal(len(self.user.embargo__embargoed), Embargo.find(Q('initiated_by', 'eq', self.user)).count()) # Node#embargo_registration tests def test_embargo_from_non_admin_raises_PermissionsError(self): self.registration.remove_permission(self.user, 'admin') self.registration.save() self.registration.reload() with assert_raises(PermissionsError): self.registration.embargo_registration(self.user, self.valid_embargo_end_date) def test_embargo_end_date_in_past_raises_ValidationValueError(self): with assert_raises(ValidationValueError): self.registration.embargo_registration( self.user, datetime.datetime(1999, 1, 1) ) def test_embargo_end_date_today_raises_ValidationValueError(self): with assert_raises(ValidationValueError): self.registration.embargo_registration( self.user, datetime.datetime.utcnow() ) def test_embargo_end_date_in_far_future_raises_ValidationValueError(self): with assert_raises(ValidationValueError): self.registration.embargo_registration( self.user, datetime.datetime(2099, 1, 1) ) def test_embargo_with_valid_end_date_starts_pending_embargo(self): self.registration.embargo_registration( self.user, datetime.datetime.utcnow() + datetime.timedelta(days=10) ) self.registration.save() assert_true(self.registration.is_pending_embargo) def test_embargo_public_project_makes_private_pending_embargo(self): self.registration.is_public = True assert_true(self.registration.is_public) self.registration.embargo_registration( self.user, datetime.datetime.utcnow() + datetime.timedelta(days=10) ) self.registration.save() assert_true(self.registration.is_pending_embargo) assert_false(self.registration.is_public) def test_embargo_non_registration_raises_NodeStateError(self): self.registration.is_registration = False self.registration.save() with assert_raises(NodeStateError): self.registration.embargo_registration( self.user, datetime.datetime.utcnow() + datetime.timedelta(days=10) ) assert_false(self.registration.is_pending_embargo) # Embargo#approve_embargo tests def test_invalid_approval_token_raises_InvalidSanctionApprovalToken(self): self.registration.embargo_registration( self.user, datetime.datetime.utcnow() + datetime.timedelta(days=10) ) self.registration.save() assert_true(self.registration.is_pending_embargo) invalid_approval_token = 'not a real token' with assert_raises(InvalidSanctionApprovalToken): self.registration.embargo.approve_embargo(self.user, invalid_approval_token) assert_true(self.registration.is_pending_embargo) def test_non_admin_approval_token_raises_PermissionsError(self): non_admin = UserFactory() self.registration.embargo_registration( self.user, datetime.datetime.utcnow() + datetime.timedelta(days=10) ) self.registration.save() assert_true(self.registration.is_pending_embargo) approval_token = self.registration.embargo.approval_state[self.user._id]['approval_token'] with assert_raises(PermissionsError): self.registration.embargo.approve_embargo(non_admin, approval_token) assert_true(self.registration.is_pending_embargo) def test_one_approval_with_one_admin_embargoes(self): self.registration.embargo_registration( self.user, datetime.datetime.utcnow() + datetime.timedelta(days=10) ) self.registration.save() assert_true(self.registration.is_pending_embargo) approval_token = self.registration.embargo.approval_state[self.user._id]['approval_token'] self.registration.embargo.approve_embargo(self.user, approval_token) assert_true(self.registration.embargo_end_date) assert_false(self.registration.is_pending_embargo) def test_approval_adds_to_parent_projects_log(self): initial_project_logs = len(self.registration.registered_from.logs) self.registration.embargo_registration( self.user, datetime.datetime.utcnow() + datetime.timedelta(days=10) ) self.registration.save() approval_token = self.registration.embargo.approval_state[self.user._id]['approval_token'] self.registration.embargo.approve_embargo(self.user, approval_token) # Logs: Created, registered, embargo initiated, embargo approved assert_equal(len(self.registration.registered_from.logs), initial_project_logs + 2) def test_one_approval_with_two_admins_stays_pending(self): admin2 = UserFactory() self.registration.contributors.append(admin2) self.registration.add_permission(admin2, 'admin', save=True) self.registration.embargo_registration( self.user, datetime.datetime.utcnow() + datetime.timedelta(days=10) ) self.registration.save() # First admin approves approval_token = self.registration.embargo.approval_state[self.user._id]['approval_token'] self.registration.embargo.approve_embargo(self.user, approval_token) assert_true(self.registration.is_pending_embargo) num_of_approvals = sum([val['has_approved'] for val in self.registration.embargo.approval_state.values()]) assert_equal(num_of_approvals, 1) # Second admin approves approval_token = self.registration.embargo.approval_state[admin2._id]['approval_token'] self.registration.embargo.approve_embargo(admin2, approval_token) assert_true(self.registration.embargo_end_date) assert_false(self.registration.is_pending_embargo) num_of_approvals = sum([val['has_approved'] for val in self.registration.embargo.approval_state.values()]) assert_equal(num_of_approvals, 2) # Embargo#disapprove_embargo tests def test_invalid_rejection_token_raises_InvalidSanctionRejectionToken(self): self.registration.embargo_registration( self.user, datetime.datetime.utcnow() + datetime.timedelta(days=10) ) self.registration.save() assert_true(self.registration.is_pending_embargo) with assert_raises(InvalidSanctionRejectionToken): self.registration.embargo.disapprove_embargo(self.user, fake.sentence()) assert_true(self.registration.is_pending_embargo) def test_non_admin_rejection_token_raises_PermissionsError(self): non_admin = UserFactory() self.registration.embargo_registration( self.user, datetime.datetime.utcnow() + datetime.timedelta(days=10) ) self.registration.save() assert_true(self.registration.is_pending_embargo) rejection_token = self.registration.embargo.approval_state[self.user._id]['rejection_token'] with assert_raises(PermissionsError): self.registration.embargo.disapprove_embargo(non_admin, rejection_token) assert_true(self.registration.is_pending_embargo) def test_one_disapproval_cancels_embargo(self): self.registration.embargo_registration( self.user, datetime.datetime.utcnow() + datetime.timedelta(days=10) ) self.registration.save() assert_true(self.registration.is_pending_embargo) rejection_token = self.registration.embargo.approval_state[self.user._id]['rejection_token'] self.registration.embargo.disapprove_embargo(self.user, rejection_token) assert_equal(self.registration.embargo.state, Embargo.REJECTED) assert_false(self.registration.is_pending_embargo) def test_disapproval_adds_to_parent_projects_log(self): initial_project_logs = len(self.registration.registered_from.logs) self.registration.embargo_registration( self.user, datetime.datetime.utcnow() + datetime.timedelta(days=10) ) self.registration.save() rejection_token = self.registration.embargo.approval_state[self.user._id]['rejection_token'] registered_from = self.registration.registered_from self.registration.embargo.disapprove_embargo(self.user, rejection_token) # Logs: Created, registered, embargo initiated, embargo cancelled assert_equal(len(registered_from.logs), initial_project_logs + 2) def test_cancelling_embargo_deletes_parent_registration(self): self.registration.embargo_registration( self.user, datetime.datetime.utcnow() + datetime.timedelta(days=10) ) self.registration.save() rejection_token = self.registration.embargo.approval_state[self.user._id]['rejection_token'] self.registration.embargo.disapprove_embargo(self.user, rejection_token) assert_equal(self.registration.embargo.state, Embargo.REJECTED) assert_true(self.registration.is_deleted) def test_cancelling_embargo_deletes_component_registrations(self): component = NodeFactory( creator=self.user, parent=self.project, title='Component' ) subcomponent = NodeFactory( creator=self.user, parent=component, title='Subcomponent' ) project_registration = RegistrationFactory(project=self.project) component_registration = project_registration.nodes[0] subcomponent_registration = component_registration.nodes[0] project_registration.embargo_registration( self.user, datetime.datetime.utcnow() + datetime.timedelta(days=10) ) project_registration.save() rejection_token = project_registration.embargo.approval_state[self.user._id]['rejection_token'] project_registration.embargo.disapprove_embargo(self.user, rejection_token) assert_equal(project_registration.embargo.state, Embargo.REJECTED) assert_true(project_registration.is_deleted) assert_true(component_registration.is_deleted) assert_true(subcomponent_registration.is_deleted) def test_cancelling_embargo_for_existing_registration_does_not_delete_registration(self): self.registration.embargo_registration( self.user, datetime.datetime.utcnow() + datetime.timedelta(days=10), for_existing_registration=True ) self.registration.save() rejection_token = self.registration.embargo.approval_state[self.user._id]['rejection_token'] self.registration.embargo.disapprove_embargo(self.user, rejection_token) assert_equal(self.registration.embargo.state, Embargo.REJECTED) assert_false(self.registration.is_deleted) def test_rejecting_embargo_for_existing_registration_does_not_deleted_component_registrations(self): component = NodeFactory( creator=self.user, parent=self.project, title='Component' ) subcomponent = NodeFactory( creator=self.user, parent=component, title='Subcomponent' ) project_registration = RegistrationFactory(project=self.project) component_registration = project_registration.nodes[0] subcomponent_registration = component_registration.nodes[0] project_registration.embargo_registration( self.user, datetime.datetime.utcnow() + datetime.timedelta(days=10), for_existing_registration=True ) rejection_token = project_registration.embargo.approval_state[self.user._id]['rejection_token'] project_registration.embargo.disapprove_embargo(self.user, rejection_token) project_registration.save() assert_equal(project_registration.embargo.state, Embargo.REJECTED) assert_false(project_registration.is_deleted) assert_false(component_registration.is_deleted) assert_false(subcomponent_registration.is_deleted) # Embargo property tests def test_new_registration_is_pending_registration(self): self.registration.embargo_registration( self.user, datetime.datetime.utcnow() + datetime.timedelta(days=10) ) self.registration.save() assert_true(self.registration.is_pending_embargo_for_existing_registration) def test_existing_registration_is_not_pending_registration(self): self.registration.embargo_registration( self.user, datetime.datetime.utcnow() + datetime.timedelta(days=10), for_existing_registration=True ) self.registration.save() assert_false(self.registration.is_pending_embargo_for_existing_registration) def test_on_complete_notify_initiator(self): self.registration.embargo_registration( self.user, datetime.datetime.utcnow() + datetime.timedelta(days=10), notify_initiator_on_complete=True ) self.registration.save() with mock.patch.object(PreregCallbackMixin, '_notify_initiator') as mock_notify: self.registration.embargo._on_complete(self.user) mock_notify.assert_called()
class TestWithdrawnRegistrations(NodeCRUDTestCase): def setUp(self): super(TestWithdrawnRegistrations, self).setUp() self.registration = RegistrationFactory(creator=self.user, project=self.public_project) self.withdrawn_registration = WithdrawnRegistrationFactory(registration=self.registration, user=self.registration.creator) self.public_pointer_project = ProjectFactory(is_public=True) self.public_pointer = self.public_project.add_pointer(self.public_pointer_project, auth=Auth(self.user), save=True) self.withdrawn_url = '/{}registrations/{}/'.format(API_BASE, self.registration._id) self.withdrawn_registration.justification = 'We made a major error.' self.withdrawn_registration.save() def test_can_access_withdrawn_contributors(self): url = '/{}registrations/{}/contributors/'.format(API_BASE, self.registration._id) res = self.app.get(url, auth=self.user.auth, expect_errors=True) assert_equal(res.status_code, 200) def test_cannot_access_withdrawn_children(self): url = '/{}registrations/{}/children/'.format(API_BASE, self.registration._id) res = self.app.get(url, auth=self.user.auth, expect_errors=True) assert_equal(res.status_code, 403) def test_cannot_access_withdrawn_comments(self): self.public_project = ProjectFactory(is_public=True, creator=self.user) self.public_comment = CommentFactory(node=self.public_project, user=self.user) url = '/{}registrations/{}/comments/'.format(API_BASE, self.registration._id) res = self.app.get(url, auth=self.user.auth, expect_errors=True) assert_equal(res.status_code, 403) def test_can_access_withdrawn_contributor_detail(self): url = '/{}registrations/{}/contributors/{}/'.format(API_BASE, self.registration._id, self.user._id) res = self.app.get(url, auth=self.user.auth, expect_errors=True) assert_equal(res.status_code, 200) def test_cannot_return_a_withdrawn_registration_at_node_detail_endpoint(self): url = '/{}nodes/{}/'.format(API_BASE, self.registration._id) res = self.app.get(url, auth=self.user.auth, expect_errors=True) assert_equal(res.status_code, 404) def test_cannot_delete_a_withdrawn_registration(self): url = '/{}registrations/{}/'.format(API_BASE, self.registration._id) res = self.app.delete_json_api(url, auth=self.user.auth, expect_errors=True) self.registration.reload() assert_equal(res.status_code, 405) def test_cannot_access_withdrawn_files_list(self): url = '/{}registrations/{}/files/'.format(API_BASE, self.registration._id) res = self.app.get(url, auth=self.user.auth, expect_errors=True) assert_equal(res.status_code, 403) def test_cannot_access_withdrawn_node_links_detail(self): url = '/{}registrations/{}/node_links/{}/'.format(API_BASE, self.registration._id, self.public_pointer._id) res = self.app.get(url, auth=self.user.auth, expect_errors=True) assert_equal(res.status_code, 404) def test_cannot_access_withdrawn_node_links_list(self): url = '/{}registrations/{}/node_links/'.format(API_BASE, self.registration._id) res = self.app.get(url, auth=self.user.auth, expect_errors=True) assert_equal(res.status_code, 403) def test_cannot_access_withdrawn_node_logs(self): self.public_project = ProjectFactory(is_public=True, creator=self.user) url = '/{}registrations/{}/logs/'.format(API_BASE, self.registration._id) res = self.app.get(url, auth=self.user.auth, expect_errors=True) assert_equal(res.status_code, 403) def test_cannot_access_withdrawn_registrations_list(self): self.registration.save() url = '/{}registrations/{}/registrations/'.format(API_BASE, self.registration._id) res = self.app.get(url, auth=self.user.auth, expect_errors=True) assert_equal(res.status_code, 403) def test_withdrawn_registrations_display_limited_fields(self): registration = self.registration res = self.app.get(self.withdrawn_url, auth=self.user.auth) assert_equal(res.status_code, 200) attributes = res.json['data']['attributes'] expected_attributes = { 'title': registration.title, 'description': registration.description, 'date_created': registration.date_created.isoformat(), 'date_registered': registration.registered_date.isoformat(), 'withdrawal_justification': registration.retraction.justification, 'public': None, 'category': None, 'date_modified': None, 'registration': True, 'fork': None, 'collection': None, 'tags': None, 'withdrawn': True, 'pending_withdrawal': None, 'pending_registration_approval': None, 'pending_embargo_approval': None, 'embargo_end_date': None, 'registered_meta': None, 'current_user_permissions': None, 'registration_supplement': registration.registered_schema[0].name } for attribute in expected_attributes: assert_equal(expected_attributes[attribute], attributes[attribute]) contributors = urlparse(res.json['data']['relationships']['contributors']['links']['related']['href']).path assert_equal(contributors, '/{}registrations/{}/contributors/'.format(API_BASE, registration._id)) assert_not_in('children', res.json['data']['relationships']) assert_not_in('comments', res.json['data']['relationships']) assert_not_in('node_links', res.json['data']['relationships']) assert_not_in('registrations', res.json['data']['relationships']) assert_not_in('parent', res.json['data']['relationships']) assert_not_in('forked_from', res.json['data']['relationships']) assert_not_in('files', res.json['data']['relationships']) assert_not_in('logs', res.json['data']['relationships']) assert_not_in('registered_by', res.json['data']['relationships']) assert_not_in('registered_from', res.json['data']['relationships']) assert_not_in('root', res.json['data']['relationships']) def test_field_specific_related_counts_ignored_if_hidden_field_on_withdrawn_registration(self): url = '/{}registrations/{}/?related_counts=children'.format(API_BASE, self.registration._id) res = self.app.get(url, auth=self.user.auth) assert_equal(res.status_code, 200) assert_not_in('children', res.json['data']['relationships']) assert_in('contributors', res.json['data']['relationships']) def test_field_specific_related_counts_retrieved_if_visible_field_on_withdrawn_registration(self): url = '/{}registrations/{}/?related_counts=contributors'.format(API_BASE, self.registration._id) res = self.app.get(url, auth=self.user.auth) assert_equal(res.status_code, 200) assert_equal(res.json['data']['relationships']['contributors']['links']['related']['meta']['count'], 1)
class TestNodeCount(OsfTestCase): def setUp(self): super(TestNodeCount, self).setUp() self.user = UserFactory() # 3 Projects - Public, Private, Private Component self.public_project = ProjectFactory(is_public=True) self.private_project = ProjectFactory(is_public=False) self.private_component = ProjectFactory(parent=self.private_project) # 5 Registrations - Public, Public Registrations of Private Proj + Component, Embargoed, Withdrawn self.public_registration = RegistrationFactory(project=self.public_project, is_public=True) self.registration_of_components = RegistrationFactory(project=self.private_project, is_public=True) registration_of_component = self.private_component.registrations_all[0] registration_of_component.is_public = True registration_of_component.save() self.embargoed_registration = RegistrationFactory(project=self.public_project, creator=self.user) self.embargoed_registration.embargo_registration( self.user, datetime.datetime.utcnow() + datetime.timedelta(days=10) ) self.embargoed_registration.save() self.reg_to_be_withdrawn = RegistrationFactory(project=self.public_project) self.withdrawn_registration = WithdrawnRegistrationFactory( registration=self.reg_to_be_withdrawn, user=self.reg_to_be_withdrawn.creator ) # Add Deleted Nodes self.deleted_node = ProjectFactory(is_deleted=True) self.deleted_node2 = ProjectFactory(is_deleted=True) self.date = datetime.datetime.utcnow() - datetime.timedelta(1) modify_node_dates_in_mongo(self.date - datetime.timedelta(0.1)) self.results = NodeSummary().get_events(self.date.date())[0] def tearDown(self): super(TestNodeCount, self).tearDown() Node.remove() User.remove() def test_get_node_count(self): nodes = self.results['nodes'] assert_equal(nodes['total'], 8) # 3 Projects, 5 Registrations assert_equal(nodes['public'], 1) # 1 Project assert_equal(nodes['private'], 2) # 1 Project, 1 Component def test_get_project_count(self): projects = self.results['projects'] assert_equal(projects['total'], 2) assert_equal(projects['public'], 1) assert_equal(projects['private'], 1) def test_get_registered_nodes_count(self): registered_nodes = self.results['registered_nodes'] assert_equal(registered_nodes['total'], 5) assert_equal(registered_nodes['public'], 4) # 3 Registrations, 1 Withdrawn registration assert_equal(registered_nodes['withdrawn'], 1) assert_equal(registered_nodes['embargoed'], 1) def test_get_registered_projects_count(self): registered_projects = self.results['registered_projects'] assert_equal(registered_projects['total'], 4) # Not including a Registration Component assert_equal(registered_projects['public'], 3) assert_equal(registered_projects['withdrawn'], 1) assert_equal(registered_projects['embargoed'], 1)
class RegistrationWithChildNodesRetractionModelTestCase(OsfTestCase): def setUp(self): super(RegistrationWithChildNodesRetractionModelTestCase, self).setUp() self.user = AuthUserFactory() self.auth = self.user.auth self.project = ProjectFactory(is_public=True, creator=self.user) self.component = NodeFactory( creator=self.user, parent=self.project, title='Component' ) self.subproject = ProjectFactory( creator=self.user, parent=self.project, title='Subproject' ) self.subproject_component = NodeFactory( creator=self.user, parent=self.subproject, title='Subcomponent' ) self.registration = RegistrationFactory(project=self.project, is_public=True) # Reload the registration; else tests won't catch failures to svae self.registration.reload() def test_approval_retracts_descendant_nodes(self): # Initiate retraction for parent registration self.registration.retract_registration(self.user) self.registration.save() assert_true(self.registration.is_pending_retraction) # Ensure descendant nodes are pending registration descendants = self.registration.get_descendants_recursive() for node in descendants: node.save() assert_true(node.is_pending_retraction) # Approve parent registration's retraction approval_token = self.registration.retraction.approval_state[self.user._id]['approval_token'] self.registration.retraction.approve_retraction(self.user, approval_token) assert_true(self.registration.is_retracted) # Ensure descendant nodes are retracted descendants = self.registration.get_descendants_recursive() for node in descendants: assert_true(node.is_retracted) def test_disapproval_cancels_retraction_on_descendant_nodes(self): # Initiate retraction for parent registration self.registration.retract_registration(self.user) self.registration.save() assert_true(self.registration.is_pending_retraction) # Ensure descendant nodes are pending registration descendants = self.registration.get_descendants_recursive() for node in descendants: node.save() assert_true(node.is_pending_retraction) # Disapprove parent registration's retraction rejection_token = self.registration.retraction.approval_state[self.user._id]['rejection_token'] self.registration.retraction.disapprove_retraction(self.user, rejection_token) assert_false(self.registration.is_pending_retraction) assert_false(self.registration.is_retracted) assert_true(self.registration.retraction.is_rejected) # Ensure descendant nodes' retractions are cancelled descendants = self.registration.get_descendants_recursive() for node in descendants: assert_false(node.is_pending_retraction) assert_false(node.is_retracted) def test_approval_cancels_pending_embargoes_on_descendant_nodes(self): # Initiate embargo for registration self.registration.embargo_registration( self.user, datetime.datetime.utcnow() + datetime.timedelta(days=10), for_existing_registration=True ) self.registration.save() assert_true(self.registration.is_pending_embargo) # Initiate retraction for parent registration self.registration.retract_registration(self.user) self.registration.save() assert_true(self.registration.is_pending_retraction) # Ensure descendant nodes are pending embargo descendants = self.registration.get_descendants_recursive() for node in descendants: assert_true(node.is_pending_retraction) assert_true(node.is_pending_embargo) # Approve parent registration's retraction approval_token = self.registration.retraction.approval_state[self.user._id]['approval_token'] self.registration.retraction.approve_retraction(self.user, approval_token) assert_true(self.registration.is_retracted) assert_false(self.registration.is_pending_embargo) # Ensure descendant nodes are not pending embargo descendants = self.registration.get_descendants_recursive() for node in descendants: assert_true(node.is_retracted) assert_false(node.is_pending_embargo) def test_approval_cancels_active_embargoes_on_descendant_nodes(self): # Initiate embargo for registration self.registration.embargo_registration( self.user, datetime.datetime.utcnow() + datetime.timedelta(days=10), for_existing_registration=True ) self.registration.save() assert_true(self.registration.is_pending_embargo) # Approve embargo for registration embargo_approval_token = self.registration.embargo.approval_state[self.user._id]['approval_token'] self.registration.embargo.approve_embargo(self.user, embargo_approval_token) assert_false(self.registration.is_pending_embargo) assert_true(self.registration.embargo_end_date) # Initiate retraction for parent registration self.registration.retract_registration(self.user) self.registration.save() assert_true(self.registration.is_pending_retraction) # Ensure descendant nodes are not pending embargo descendants = self.registration.get_descendants_recursive() for node in descendants: assert_true(node.is_pending_retraction) assert_true(node.embargo_end_date) # Approve parent registration's retraction approval_token = self.registration.retraction.approval_state[self.user._id]['approval_token'] self.registration.retraction.approve_retraction(self.user, approval_token) assert_true(self.registration.is_retracted) # Ensure descendant nodes are not pending embargo descendants = self.registration.get_descendants_recursive() for node in descendants: assert_true(node.is_retracted)
class TestWikiContentView(ApiWikiTestCase): def _set_up_public_project_with_wiki_page(self): self.public_project = ProjectFactory(is_public=True, creator=self.user) self.public_wiki = self._add_project_wiki_page(self.public_project, self.user) self.public_url = '/{}wikis/{}/content/'.format( API_BASE, self.public_wiki._id) def _set_up_private_project_with_wiki_page(self): self.private_project = ProjectFactory(creator=self.user) self.private_wiki = self._add_project_wiki_page( self.private_project, self.user) self.private_url = '/{}wikis/{}/content/'.format( API_BASE, self.private_wiki._id) def _set_up_public_registration_with_wiki_page(self): self._set_up_public_project_with_wiki_page() self.public_registration = RegistrationFactory( project=self.public_project, user=self.user, is_public=True) self.public_registration_wiki_id = self.public_registration.wiki_pages_versions[ 'home'][0] self.public_registration.wiki_pages_current = { 'home': self.public_registration_wiki_id } self.public_registration.save() self.public_registration_url = '/{}wikis/{}/content/'.format( API_BASE, self.public_registration_wiki_id) def test_logged_out_user_can_get_public_wiki_content(self): self._set_up_public_project_with_wiki_page() res = self.app.get(self.public_url) assert_equal(res.status_code, 200) assert_equal(res.content_type, 'text/markdown') assert_equal(res.body, self.public_wiki.content) def test_logged_in_non_contributor_can_get_public_wiki_content(self): self._set_up_public_project_with_wiki_page() res = self.app.get(self.public_url, auth=self.non_contributor.auth) assert_equal(res.status_code, 200) assert_equal(res.content_type, 'text/markdown') assert_equal(res.body, self.public_wiki.content) def test_logged_in_contributor_can_get_public_wiki_content(self): self._set_up_public_project_with_wiki_page() res = self.app.get(self.public_url, auth=self.user.auth) assert_equal(res.status_code, 200) assert_equal(res.content_type, 'text/markdown') assert_equal(res.body, self.public_wiki.content) def test_logged_out_user_cannot_get_private_wiki_content(self): self._set_up_private_project_with_wiki_page() res = self.app.get(self.private_url, expect_errors=True) assert_equal(res.status_code, 401) def test_logged_in_non_contributor_cannot_get_private_wiki_content(self): self._set_up_private_project_with_wiki_page() res = self.app.get(self.private_url, auth=self.non_contributor.auth, expect_errors=True) assert_equal(res.status_code, 403) def test_logged_in_contributor_can_get_private_wiki_content(self): self._set_up_private_project_with_wiki_page() res = self.app.get(self.private_url, auth=self.user.auth) assert_equal(res.status_code, 200) assert_equal(res.content_type, 'text/markdown') assert_equal(res.body, self.private_wiki.content) def test_user_cannot_get_withdrawn_registration_wiki_content(self): self._set_up_public_registration_with_wiki_page() withdrawal = self.public_registration.retract_registration( user=self.user, save=True) token = withdrawal.approval_state.values()[0]['approval_token'] withdrawal.approve_retraction(self.user, token) withdrawal.save() res = self.app.get(self.public_registration_url, auth=self.user.auth, expect_errors=True) assert_equal(res.status_code, 403)
class RegistrationRetractionViewsTestCase(OsfTestCase): def setUp(self): super(RegistrationRetractionViewsTestCase, self).setUp() self.user = AuthUserFactory() self.registered_from = ProjectFactory(creator=self.user, is_public=True) self.registration = RegistrationFactory(project=self.registered_from, is_public=True) self.retraction_post_url = self.registration.api_url_for('node_registration_retraction_post') self.retraction_get_url = self.registration.web_url_for('node_registration_retraction_get') self.justification = fake.sentence() def test_GET_retraction_page_when_pending_retraction_returns_HTTPError_BAD_REQUEST(self): self.registration.retract_registration(self.user) self.registration.save() res = self.app.get( self.retraction_get_url, auth=self.user.auth, expect_errors=True, ) assert_equal(res.status_code, http.BAD_REQUEST) def test_POST_retraction_to_private_registration_returns_HTTPError_FORBIDDEN(self): self.registration.is_public = False self.registration.save() res = self.app.post_json( self.retraction_post_url, {'justification': ''}, auth=self.user.auth, expect_errors=True, ) assert_equal(res.status_code, http.FORBIDDEN) self.registration.reload() assert_is_none(self.registration.retraction) @mock.patch('website.mails.send_mail') def test_POST_retraction_does_not_send_email_to_unregistered_admins(self, mock_send_mail): unreg = UnregUserFactory() self.registration.add_contributor( unreg, auth=Auth(self.user), permissions=['read', 'write', 'admin'] ) self.registration.save() self.app.post_json( self.retraction_post_url, {'justification': ''}, auth=self.user.auth, ) # Only the creator gets an email; the unreg user does not get emailed assert_equal(mock_send_mail.call_count, 1) def test_POST_pending_embargo_returns_HTTPError_HTTPOK(self): self.registration.embargo_registration( self.user, (datetime.datetime.utcnow() + datetime.timedelta(days=10)), for_existing_registration=True ) self.registration.save() assert_true(self.registration.is_pending_embargo) res = self.app.post_json( self.retraction_post_url, {'justification': ''}, auth=self.user.auth, expect_errors=True, ) assert_equal(res.status_code, http.OK) self.registration.reload() assert_true(self.registration.is_pending_retraction) def test_POST_active_embargo_returns_HTTPOK(self): self.registration.embargo_registration( self.user, (datetime.datetime.utcnow() + datetime.timedelta(days=10)), for_existing_registration=True ) self.registration.save() assert_true(self.registration.is_pending_embargo) approval_token = self.registration.embargo.approval_state[self.user._id]['approval_token'] self.registration.embargo.approve(self.user, approval_token) assert_true(self.registration.embargo_end_date) res = self.app.post_json( self.retraction_post_url, {'justification': ''}, auth=self.user.auth, expect_errors=True, ) assert_equal(res.status_code, http.OK) self.registration.reload() assert_true(self.registration.is_pending_retraction) def test_POST_retraction_by_non_admin_retract_HTTPError_UNAUTHORIZED(self): res = self.app.post_json(self.retraction_post_url, expect_errors=True) assert_equals(res.status_code, http.UNAUTHORIZED) self.registration.reload() assert_is_none(self.registration.retraction) @mock.patch('website.mails.send_mail') def test_POST_retraction_without_justification_returns_HTTPOK(self, mock_send): res = self.app.post_json( self.retraction_post_url, {'justification': ''}, auth=self.user.auth, ) assert_equal(res.status_code, http.OK) self.registration.reload() assert_false(self.registration.is_retracted) assert_true(self.registration.is_pending_retraction) assert_is_none(self.registration.retraction.justification) @mock.patch('website.mails.send_mail') def test_valid_POST_retraction_adds_to_parent_projects_log(self, mock_send): initial_project_logs = len(self.registration.registered_from.logs) self.app.post_json( self.retraction_post_url, {'justification': ''}, auth=self.user.auth, ) self.registration.registered_from.reload() # Logs: Created, registered, retraction initiated assert_equal(len(self.registration.registered_from.logs), initial_project_logs + 1) @mock.patch('website.mails.send_mail') def test_valid_POST_retraction_when_pending_retraction_raises_400(self, mock_send): self.app.post_json( self.retraction_post_url, {'justification': ''}, auth=self.user.auth, ) res = self.app.post_json( self.retraction_post_url, {'justification': ''}, auth=self.user.auth, expect_errors=True ) assert_equal(res.status_code, 400) @mock.patch('website.mails.send_mail') def test_valid_POST_calls_send_mail_with_username(self, mock_send): self.app.post_json( self.retraction_post_url, {'justification': ''}, auth=self.user.auth, ) assert_true(mock_send.called) args, kwargs = mock_send.call_args assert_true(self.user.username in args) def test_non_contributor_GET_approval_returns_HTTPError_UNAUTHORIZED(self): non_contributor = AuthUserFactory() self.registration.retract_registration(self.user) approval_token = self.registration.retraction.approval_state[self.user._id]['approval_token'] approval_url = self.registration.web_url_for('view_project', token=approval_token) res = self.app.get(approval_url, auth=non_contributor.auth, expect_errors=True) assert_equal(res.status_code, http.UNAUTHORIZED) assert_true(self.registration.is_pending_retraction) assert_false(self.registration.is_retracted) def test_non_contributor_GET_disapproval_returns_HTTPError_UNAUTHORIZED(self): non_contributor = AuthUserFactory() self.registration.retract_registration(self.user) rejection_token = self.registration.retraction.approval_state[self.user._id]['rejection_token'] disapproval_url = self.registration.web_url_for('view_project', token=rejection_token) res = self.app.get(disapproval_url, auth=non_contributor.auth, expect_errors=True) assert_equal(res.status_code, http.UNAUTHORIZED) assert_true(self.registration.is_pending_retraction) assert_false(self.registration.is_retracted)
class TestRegistrationUpdate(ApiTestCase): def setUp(self): self.maxDiff = None super(TestRegistrationUpdate, self).setUp() self.user = AuthUserFactory() self.user_two = AuthUserFactory() self.user_three = AuthUserFactory() self.public_project = ProjectFactory(title="Project One", is_public=True, creator=self.user) self.private_project = ProjectFactory(title="Project Two", is_public=False, creator=self.user) self.public_registration = RegistrationFactory( project=self.public_project, creator=self.user, is_public=True) self.private_registration = RegistrationFactory( project=self.private_project, creator=self.user) self.public_url = '/{}registrations/{}/'.format( API_BASE, self.public_registration._id) self.private_url = '/{}registrations/{}/'.format( API_BASE, self.private_registration._id) self.private_registration.add_contributor( self.user_two, permissions=[permissions.READ]) self.private_registration.add_contributor( self.user_three, permissions=[permissions.WRITE]) self.private_registration.save() self.payload = { "data": { "id": self.private_registration._id, "type": "registrations", "attributes": { "public": True, } } } def test_update_private_registration_logged_out(self): res = self.app.put_json_api(self.private_url, self.payload, expect_errors=True) assert_equal(res.status_code, 401) def test_update_private_registration_logged_in_admin(self): res = self.app.put_json_api(self.private_url, self.payload, auth=self.user.auth) assert_equal(res.status_code, 200) assert_equal(res.json['data']['attributes']['public'], True) def test_update_private_registration_logged_in_read_only_contributor(self): res = self.app.put_json_api(self.private_url, self.payload, auth=self.user_two.auth, expect_errors=True) assert_equal(res.status_code, 403) def test_update_private_registration_logged_in_read_write_contributor( self): res = self.app.put_json_api(self.private_url, self.payload, auth=self.user_three.auth, expect_errors=True) assert_equal(res.status_code, 403) def test_update_public_registration_to_private(self): payload = { "data": { "id": self.public_registration._id, "type": "registrations", "attributes": { "public": False, } } } res = self.app.put_json_api(self.public_url, payload, auth=self.user.auth, expect_errors=True) assert_equal(res.status_code, 400) assert_equal( res.json['errors'][0]['detail'], 'Registrations can only be turned from private to public.') def test_public_field_has_invalid_value(self): payload = { "data": { "id": self.public_registration._id, "type": "registrations", "attributes": { "public": "Yes" } } } res = self.app.put_json_api(self.public_url, payload, auth=self.user.auth, expect_errors=True) assert_equal(res.status_code, 400) assert_equal(res.json['errors'][0]['detail'], '"Yes" is not a valid boolean.') def test_fields_other_than_public_are_ignored(self): payload = { "data": { "id": self.private_registration._id, "type": "registrations", "attributes": { "public": True, "category": "instrumentation", "title": "New title", "description": "New description" } } } res = self.app.put_json_api(self.private_url, payload, auth=self.user.auth) assert_equal(res.status_code, 200) assert_equal(res.json['data']['attributes']['public'], True) assert_equal(res.json['data']['attributes']['category'], 'project') assert_equal(res.json['data']['attributes']['description'], self.private_registration.description) assert_equal(res.json['data']['attributes']['title'], self.private_registration.title) def test_type_field_must_match(self): payload = { "data": { "id": self.private_registration._id, "type": "nodes", "attributes": { "public": True, "category": "instrumentation", "title": "New title", "description": "New description" } } } res = self.app.put_json_api(self.private_url, payload, auth=self.user.auth, expect_errors=True) assert_equal(res.status_code, 409) def test_id_field_must_match(self): payload = { "data": { "id": '12345', "type": "registrations", "attributes": { "public": True, "category": "instrumentation", "title": "New title", "description": "New description" } } } res = self.app.put_json_api(self.private_url, payload, auth=self.user.auth, expect_errors=True) assert_equal(res.status_code, 409) def test_turning_private_registrations_public(self): node1 = ProjectFactory(creator=self.user, is_public=False) node2 = ProjectFactory(creator=self.user, is_public=False) node1.is_registration = True node1.registered_from = node2 node1.registered_date = node1.date_modified node1.save() payload = { "data": { "id": node1._id, "type": "registrations", "attributes": { "public": True, } } } url = '/{}registrations/{}/'.format(API_BASE, node1._id) res = self.app.put_json_api(url, payload, auth=self.user.auth) assert_equal(res.json['data']['attributes']['public'], True) def test_registration_fields_are_read_only(self): writeable_fields = [ 'type', 'public', 'draft_registration', 'registration_choice', 'lift_embargo' ] for field in RegistrationSerializer._declared_fields: reg_field = RegistrationSerializer._declared_fields[field] if field not in writeable_fields: assert_equal(getattr(reg_field, 'read_only', False), True) def test_registration_detail_fields_are_read_only(self): writeable_fields = [ 'type', 'public', 'draft_registration', 'registration_choice', 'lift_embargo' ] for field in RegistrationDetailSerializer._declared_fields: reg_field = RegistrationSerializer._declared_fields[field] if field not in writeable_fields: assert_equal(getattr(reg_field, 'read_only', False), True) def test_user_cannot_delete_registration(self): res = self.app.delete_json_api(self.private_url, expect_errors=True, auth=self.user.auth) assert_equal(res.status_code, 405)