def test_get_record_no_acls_anonymous(app, db, es, es_acl_prepare, test_users):
with db.session.begin_nested():
# create an empty ACL in order to get the _invenio_explicit_acls filled
acl = DefaultACL(name='test',
schemas=[RECORD_SCHEMA],
priority=0,
operation='get',
originator=test_users.u1)
db.session.add(acl)
actor = UserActor(name='test',
acl=acl,
users=[],
originator=test_users.u1)
db.session.add(actor)
pid, record = create_record({}, clz=SchemaEnforcingRecord)
RecordIndexer().index(record)
# make sure it is flushed
current_search_client.indices.flush()
# try to get it ...
with app.test_client() as client:
res = client.get(record_url(pid))
assert res.status_code == 401 # unauthorized
# get it directly from ES
res = get_from_es(pid)['_source']
assert res['control_number'] == pid.pid_value
assert res['$schema'] == 'https://localhost/schemas/' + RECORD_SCHEMA
assert '_invenio_explicit_acls' in res
def test_create_record_no_acls_authenticated(app, db, es, es_acl_prepare,
test_users):
with app.test_client() as client:
with db.session.begin_nested():
# create an empty ACL in order to get the _invenio_explicit_acls filled
acl = DefaultACL(name='test',
schemas=[RECORD_SCHEMA],
priority=0,
operation='get',
originator=test_users.u1)
db.session.add(acl)
actor = UserActor(name='test',
acl=acl,
users=[],
originator=test_users.u1)
db.session.add(actor)
login(client, test_users.u1)
response = client.post(records_url(),
data=json.dumps({
'title': 'blah',
'contributors': []
}),
content_type='application/json')
# print("Response", response.get_data(as_text=True))
assert response.status_code == 201
created_record_metadata = get_json(response)['metadata']
# check that ACLs are not leaking
assert 'invenio_explicit_acls' not in created_record_metadata
pid = PersistentIdentifier.get(
'recid', created_record_metadata['control_number'])
res = get_from_es(pid)['_source']
assert res['control_number'] == pid.pid_value
assert res['$schema'] == 'https://localhost/schemas/' + RECORD_SCHEMA
assert '_invenio_explicit_acls' in res
# still can not get it
res = client.get(record_url(pid))
assert res.status_code == 403 # Forbidden
def test_get_record_without_enabled_acl(app, db, es):
pid, record = create_record({}, clz=SchemaEnforcingRecord)
RecordIndexer().index(record)
# make sure it is flushed
current_search_client.indices.flush()
# try to get it ...
with app.test_client() as client:
res = client.get(record_url(pid))
assert res.status_code == 200
assert get_json(res)['metadata'] == {
'control_number': pid.pid_value,
'$schema': 'https://localhost/schemas/records/record-v1.0.0.json'
}
# get it directly from ES
res = get_from_es(pid)['_source']
assert res['control_number'] == pid.pid_value
assert res['$schema'] == 'https://localhost/schemas/' + RECORD_SCHEMA