def test_search_returns_private_access_results_to_owner(
self, client, create_record, create_user, es_clear):
# TODO: Improve User factory to auto-generate unique emails
user1 = create_user({'email': '*****@*****.**'})
user2 = create_user({'email': '*****@*****.**'})
record = create_record(
{
"title": "old record",
"permissions": RecordPermissions.PRIVATE_VIEW,
"_deposit": {"owners": [user1.id]}
}
)
# WARNING: If user is logged in before create_record,
# then create_record assigns that user as the owner
login_request_and_session(user2, client)
response = client.get("/records/?q=old+record")
assert response.status_code == 200
assert len(response.json['hits']['hits']) == 0
login_request_and_session(user1, client)
response = client.get("/records/?q=old+record")
assert_single_hit(response, record)
def test_search_only_returns_appropriate_records(
self, client, create_record, es_clear, create_user, db):
user = create_user()
login_request_and_session(user, client)
print("Case: Newly created (draft) record should be returned")
unpublished_record = create_record(
{'title': 'A New Record'}, published=False)
response = client.get('/deposits/')
assert_single_hit(response, unpublished_record)
print("****")
print("Case: When published, only published record should be returned")
unpublished_record.publish()
db.session.commit()
current_search.flush_and_refresh(index='*')
pid, published_record = unpublished_record.fetch_published()
response = client.get('/deposits/')
assert_single_hit(response, published_record)
print("****")
print("Case: When edited, draft and published record should be "
"returned")
edited_record = unpublished_record.edit()
current_search.flush_and_refresh(index='*')
db.session.commit()
response = client.get('/deposits/')
search_hits = response.json['hits']['hits']
assert response.status_code == 200
assert len(search_hits) == 2
hit_types = [hit['metadata']['type'] for hit in search_hits]
assert published_record['type'] == RecordType.published.value
assert published_record['type'] in hit_types
assert edited_record['type'] == RecordType.draft.value
assert edited_record['type'] in hit_types
print("****")
# Case: When edited record is published,
print("Case: When re-published, only published record should be "
"returned")
edited_record.publish()
db.session.commit()
current_search.flush_and_refresh(index='*')
pid, published_record = edited_record.fetch_published()
response = client.get('/deposits/')
assert_single_hit(response, published_record)
print("****")
def test_deposits_page_has_search_bar(client, create_user):
user = create_user()
login_request_and_session(user, client)
response = client.get('/deposit/new')
html_text = response.get_data(as_text=True)
invenio_search_bar = re.findall('<invenio-search-bar', html_text)
role_search = re.findall('role="search"', html_text)
assert len(invenio_search_bar) == 0
assert len(role_search) == 1
def test_search_does_not_contain_owner_draft_records(
self, client, create_record, es_clear, create_user):
user = create_user()
login_request_and_session(user, client)
unpublished_record = create_record(
{'title': 'Unpublished'}, published=False
)
published_record = create_record()
response = client.get("/records/")
assert_single_hit(response, published_record)
def test_activity_feed_page_requires_login(client, create_user):
user = create_user()
activity_feed_url = '/account'
response = client.get(activity_feed_url)
assert response.status_code == 302
assert response.location.endswith('login/?next=%2Faccount')
login_request_and_session(user, client)
response = client.get(activity_feed_url)
assert response.status_code == 200
def test_new_record_page_requires_login(client, create_user):
user = create_user()
new_record_url = '/records/new'
response = client.get(new_record_url)
assert response.status_code == 302
assert response.location.endswith('login/?next=%2Frecords%2Fnew')
login_request_and_session(user, client)
response = client.get(new_record_url)
assert response.status_code == 200
def test_user_dropdown_contains_desired_links(client, create_user):
user = create_user()
login_request_and_session(user, client)
response = client.get('/')
html_tree = html.fromstring(response.get_data(as_text=True))
links = {
a.get('href') for a in html_tree.cssselect('ul.dropdown-menu li a')
}
assert links == {
'/personal-records',
'/account/settings/profile/',
'/logout/'
}
def test_edit_record_page_requires_edit_permission(
client, create_user, create_record):
user = create_user()
record = create_record({'_deposit': {'owners': [user.id]}})
login_request_and_session(user, client)
response = client.get('/deposit/{}'.format(record['_deposit']['id']))
assert response.status_code == 200
another_user = create_user(
{'email': '*****@*****.**'}
)
login_request_and_session(another_user, client)
response = client.get('/deposit/{}'.format(record['_deposit']['id']))
assert response.status_code == 403
def test_account_page_menu_contains_desired_links(
client, create_user, super_user):
# NOTE: super_user is needed because of a quirk in invenio-admin.
# A PR: https://github.com/inveniosoftware/invenio-admin/pull/67
# has been submitted.
user = create_user()
login_request_and_session(user, client)
response = client.get('/account')
html_tree = html.fromstring(response.get_data(as_text=True))
links = {
a.get('href') for a in html_tree.cssselect('ul.list-group a')
}
assert links == {
'/personal-records',
'/account/settings/profile/',
'/account/settings/security/',
'/account/settings/applications/',
}
def test_record_page_shows_edit_action_if_permitted(
client, create_record, create_user):
user = create_user()
owned_record = create_record({'_deposit': {'owners': [user.id]}})
not_owned_record = create_record()
login_request_and_session(user, client)
response = client.get('/records/{}'.format(owned_record['id']))
page = response.get_data(as_text=True)
html_tree = html.fromstring(page)
edit_links = html_tree.cssselect('a#edit-action')
assert len(edit_links) == 1
pid_value = owned_record['_deposit']['id']
assert edit_links[0].get('href') == '/deposit/{}'.format(pid_value)
response = client.get('/records/{}'.format(not_owned_record['id']))
html_tree = html.fromstring(response.get_data(as_text=True))
edit_links = html_tree.cssselect('a#edit-action')
assert len(edit_links) == 0
def test_search_returns_restricted_access_results_to_authenticated_user(
self, client, create_record, create_user, es_clear):
record = create_record(
{
"title": "old record",
"permissions": RecordPermissions.RESTRICTED_VIEW
}
)
response = client.get("/records/?q=old+record")
assert response.status_code == 200
assert len(response.json['hits']['hits']) == 0
# WARNING: If user is logged in before create_record,
# then create_record assigns that user as the owner
user = create_user()
login_request_and_session(user, client)
response = client.get("/records/?q=old+record")
assert_single_hit(response, record)
def test_search_contains_owner_published_and_draft_records(
self, client, create_record, es_clear, create_user):
# Another user to scramble things
another_user = create_user({'email': '*****@*****.**'})
login_request_and_session(another_user, client)
another_published_record = create_record(
{'title': 'Another Published Record'})
# The user we want to test
user = create_user()
login_request_and_session(user, client)
published_record = create_record({'title': 'A Published Record'})
unpublished_record = create_record(
{'title': 'A Draft Record'}, published=False)
response = client.get('/deposits/')
search_hits = response.json['hits']['hits']
assert response.status_code == 200
assert len(search_hits) == 2
hit_titles = [hit['metadata']['title'] for hit in search_hits]
assert published_record['title'] in hit_titles
assert unpublished_record['title'] in hit_titles
assert another_published_record['title'] not in hit_titles