def test_deposit_create_permission(app, test_users, login_user,
test_communities):
"""Test record draft creation."""
headers = [('Content-Type', 'application/json'),
('Accept', 'application/json')]
with app.app_context():
community_name = 'MyTestCommunity1'
record_data = generate_record_data(community=community_name)
community_id = test_communities[community_name]
community = Community.get(community_id)
creator = create_user('creator')
need = create_deposit_need_factory(str(community_id))
allowed = create_user('allowed', permissions=[need])
com_member = create_user('com_member', roles=[community.member_role])
com_admin = create_user('com_admin', roles=[community.admin_role])
deposit, pid, record = create_record(record_data, creator)
def restrict_creation(restricted):
community.update({'restricted_submission':restricted})
db.session.commit()
def test_creation(expected_code, user=None, version_of=None):
with app.test_client() as client:
if user is not None:
login_user(user, client)
draft_create_res = client.post(
url_for('b2share_records_rest.b2rec_list',
version_of=version_of),
data=json.dumps(record_data),
headers=headers
)
assert draft_create_res.status_code == expected_code
# test creating a deposit with anonymous user
restrict_creation(False)
test_creation(401)
restrict_creation(True)
test_creation(401)
# test creating a deposit with a logged in user
restrict_creation(False)
test_creation(201, creator)
restrict_creation(True)
test_creation(403, creator)
# test with a use who is allowed
test_creation(201, allowed)
# test with a community member and admin
test_creation(201, com_member)
test_creation(201, com_admin)
# test creating a new version
test_creation(401, None, version_of=pid.pid_value)
test_creation(403, com_member, version_of=pid.pid_value)
restrict_creation(True)
test_creation(403, creator, version_of=pid.pid_value)
restrict_creation(False)
test_creation(201, creator, version_of=pid.pid_value)
def test_deposit_create_permission(app, test_users, login_user,
test_communities):
"""Test record draft creation."""
headers = [('Content-Type', 'application/json'),
('Accept', 'application/json')]
with app.app_context():
community_name = 'MyTestCommunity1'
record_data = generate_record_data(community=community_name)
community_id = test_communities[community_name]
community = Community.get(community_id)
creator = create_user('creator')
need = create_deposit_need_factory(str(community_id))
allowed = create_user('allowed', permissions=[need])
com_member = create_user('com_member', roles=[community.member_role])
com_admin = create_user('com_admin', roles=[community.admin_role])
deposit, pid, record = create_record(record_data, creator)
def restrict_creation(restricted):
community.update({'restricted_submission': restricted})
db.session.commit()
def test_creation(expected_code, user=None, version_of=None):
with app.test_client() as client:
if user is not None:
login_user(user, client)
draft_create_res = client.post(url_for(
'b2share_records_rest.b2rec_list', version_of=version_of),
data=json.dumps(record_data),
headers=headers)
assert draft_create_res.status_code == expected_code
# test creating a deposit with anonymous user
restrict_creation(False)
test_creation(401)
restrict_creation(True)
test_creation(401)
# test creating a deposit with a logged in user
restrict_creation(False)
test_creation(201, creator)
restrict_creation(True)
test_creation(403, creator)
# test with a use who is allowed
test_creation(201, allowed)
# test with a community member and admin
test_creation(201, com_member)
test_creation(201, com_admin)
# test creating a new version
test_creation(401, None, version_of=pid.pid_value)
test_creation(403, com_member, version_of=pid.pid_value)
restrict_creation(True)
test_creation(403, creator, version_of=pid.pid_value)
restrict_creation(False)
test_creation(201, creator, version_of=pid.pid_value)
def receive_before_insert(mapper, connection, target):
"""Create community admin and member roles and add their permissions."""
from b2share.modules.deposit.permissions import (
create_deposit_need_factory,
read_deposit_need_factory,
update_deposit_metadata_need_factory,
update_deposit_publication_state_need_factory,
)
from b2share.modules.deposit.api import PublicationStates
admin_role = Role(name=_community_admin_role_name(target),
description='Admin role of the community "{}"'.format(
target.name))
member_role = Role(name=_community_member_role_name(target),
description='Member role of the community "{}"'.format(
target.name))
db.session.add(admin_role)
db.session.add(member_role)
member_needs = [
create_deposit_need_factory(str(target.id)),
]
admin_needs = [
read_deposit_need_factory(
community=str(target.id),
publication_state=PublicationStates.submitted.name),
read_deposit_need_factory(
community=str(target.id),
publication_state=PublicationStates.published.name),
update_deposit_metadata_need_factory(
community=str(target.id),
publication_state=PublicationStates.submitted.name),
# permission to publish a submission
update_deposit_publication_state_need_factory(
community=str(target.id),
old_state=PublicationStates.submitted.name,
new_state=PublicationStates.published.name),
# permission to ask the owners to fix a submission before resubmitting
update_deposit_publication_state_need_factory(
community=str(target.id),
old_state=PublicationStates.submitted.name,
new_state=PublicationStates.draft.name)
]
for need in member_needs:
db.session.add(ActionRoles.allow(need, role=member_role))
for need in chain(member_needs, admin_needs):
db.session.add(ActionRoles.allow(need, role=admin_role))
def receive_before_insert(mapper, connection, target):
"""Create community admin and member roles and add their permissions."""
from b2share.modules.deposit.permissions import (
create_deposit_need_factory,
read_deposit_need_factory,
update_deposit_metadata_need_factory,
update_deposit_publication_state_need_factory,
)
from b2share.modules.deposit.api import PublicationStates
from b2share.modules.records.permissions import (
update_record_metadata_need_factory, )
from b2share.modules.users.permissions import (
assign_role_need_factory,
search_accounts_need,
)
admin_role = Role(name=_community_admin_role_name(target),
description='Admin role of the community "{}"'.format(
target.name))
member_role = Role(name=_community_member_role_name(target),
description='Member role of the community "{}"'.format(
target.name))
db.session.add(admin_role)
db.session.add(member_role)
member_needs = [
create_deposit_need_factory(str(target.id)),
]
admin_needs = [
read_deposit_need_factory(
community=str(target.id),
publication_state=PublicationStates.submitted.name),
read_deposit_need_factory(
community=str(target.id),
publication_state=PublicationStates.published.name),
update_deposit_metadata_need_factory(
community=str(target.id),
publication_state=PublicationStates.submitted.name),
# permission to publish a submission
update_deposit_publication_state_need_factory(
community=str(target.id),
old_state=PublicationStates.submitted.name,
new_state=PublicationStates.published.name),
# permission to ask the owners to fix a submission before resubmitting
update_deposit_publication_state_need_factory(
community=str(target.id),
old_state=PublicationStates.submitted.name,
new_state=PublicationStates.draft.name),
# permission to update the metadata of a published record
update_record_metadata_need_factory(community=str(target.id), ),
# allow to assign any role owned by this community
assign_role_need_factory(community=target.id),
# allow to list users' accounts
search_accounts_need,
]
for need in member_needs:
db.session.add(ActionRoles.allow(need, role=member_role))
for need in chain(member_needs, admin_needs):
db.session.add(ActionRoles.allow(need, role=admin_role))
oaiset = OAISet(spec=str(target.id),
name=target.name,
description=target.description)
db.session.add(oaiset)
def create_roles_and_permissions(community, fix=False):
"""Create community admin and member roles and add their permissions.
:param community: the community for which we add the roles and
permissions.
:param fix: Enable the fixing of the database. This function doesn't fail
if some roles or permissions already exist. It will just add the
missing ones.
"""
from b2share.modules.deposit.permissions import (
create_deposit_need_factory, read_deposit_need_factory,
update_deposit_metadata_need_factory,
update_deposit_publication_state_need_factory,
)
from b2share.modules.deposit.api import PublicationStates
from b2share.modules.records.permissions import (
update_record_metadata_need_factory,
)
from b2share.modules.users.permissions import (
assign_role_need_factory, search_accounts_need,
)
admin_role = Role(
name=_community_admin_role_name(community),
description='Admin role of the community "{}"'.format(community.name)
)
member_role = Role(
name=_community_member_role_name(community),
description='Member role of the community "{}"'.format(community.name)
)
# use a nested session so that the ids are generated by the DB.
with db.session.begin_nested():
admin_role = add_to_db(admin_role, skip_if_exists=fix)
member_role = add_to_db(member_role, skip_if_exists=fix)
member_needs = [
create_deposit_need_factory(str(community.id)),
]
admin_needs = [
read_deposit_need_factory(
community=str(community.id),
publication_state=PublicationStates.submitted.name
),
read_deposit_need_factory(
community=str(community.id),
publication_state=PublicationStates.published.name
),
update_deposit_metadata_need_factory(
community=str(community.id),
publication_state=PublicationStates.submitted.name
),
# permission to publish a submission
update_deposit_publication_state_need_factory(
community=str(community.id),
old_state=PublicationStates.submitted.name,
new_state=PublicationStates.published.name
),
# permission to ask the owners to fix a submission before resubmitting
update_deposit_publication_state_need_factory(
community=str(community.id),
old_state=PublicationStates.submitted.name,
new_state=PublicationStates.draft.name
),
# permission to update the metadata of a published record
update_record_metadata_need_factory(
community=str(community.id),
),
# allow to assign any role owned by this community
assign_role_need_factory(community=community.id),
# allow to list users' accounts
search_accounts_need,
]
for need in member_needs:
add_to_db(ActionRoles.allow(need, role=member_role),
skip_if_exists=fix,
role_id=member_role.id)
for need in chain (member_needs, admin_needs):
add_to_db(ActionRoles.allow(need, role=admin_role),
skip_if_exists=fix,
role_id=admin_role.id)
def receive_before_insert(mapper, connection, target):
"""Create community admin and member roles and add their permissions."""
from b2share.modules.deposit.permissions import (
create_deposit_need_factory, read_deposit_need_factory,
update_deposit_metadata_need_factory,
update_deposit_publication_state_need_factory,
)
from b2share.modules.deposit.api import PublicationStates
from b2share.modules.records.permissions import (
update_record_metadata_need_factory,
)
from b2share.modules.users.permissions import (
assign_role_need_factory, search_accounts_need,
)
admin_role = Role(
name=_community_admin_role_name(target),
description='Admin role of the community "{}"'.format(target.name)
)
member_role = Role(
name=_community_member_role_name(target),
description='Member role of the community "{}"'.format(target.name)
)
db.session.add(admin_role)
db.session.add(member_role)
member_needs = [
create_deposit_need_factory(str(target.id)),
]
admin_needs = [
read_deposit_need_factory(
community=str(target.id),
publication_state=PublicationStates.submitted.name
),
read_deposit_need_factory(
community=str(target.id),
publication_state=PublicationStates.published.name
),
update_deposit_metadata_need_factory(
community=str(target.id),
publication_state=PublicationStates.submitted.name
),
# permission to publish a submission
update_deposit_publication_state_need_factory(
community=str(target.id),
old_state=PublicationStates.submitted.name,
new_state=PublicationStates.published.name
),
# permission to ask the owners to fix a submission before resubmitting
update_deposit_publication_state_need_factory(
community=str(target.id),
old_state=PublicationStates.submitted.name,
new_state=PublicationStates.draft.name
),
# permission to update the metadata of a published record
update_record_metadata_need_factory(
community=str(target.id),
),
# allow to assign any role owned by this community
assign_role_need_factory(community=target.id),
# allow to list users' accounts
search_accounts_need,
]
for need in member_needs:
db.session.add(ActionRoles.allow(need, role=member_role))
for need in chain (member_needs, admin_needs):
db.session.add(ActionRoles.allow(need, role=admin_role))
oaiset = OAISet(spec=str(target.id), name=target.name, description=target.description)
db.session.add(oaiset)