def test_record_patron_create(db, users, access, action, is_allowed):
"""Test patron create."""
# create role to be able to create records
role = Role(name="records-creators")
db.session.add(role)
db.session.commit()
# assign role to the action "create-records"
ar = ActionRoles.allow(create_records_action, role_id=role.id)
db.session.add(ar)
db.session.commit()
@identity_loaded.connect
def mock_identity_provides(sender, identity):
"""Provide additional role to the user."""
roles = [RoleNeed(role.name)]
# Gives the user additional roles, f.e. based on his groups
identity.provides |= set(roles)
login_user(users["patron1"])
id = uuid.uuid4()
record = Record.create(access, id_=id)
factory = RecordPermission(record, action)
assert factory.can() if is_allowed else not factory.can()
def test_record_patron_access(db, users, access, action, is_allowed):
"""Test patron access."""
login_user(users["patron1"])
id = uuid.uuid4()
record = Record.create(access, id_=id)
factory = RecordPermission(record, action)
assert factory.can() if is_allowed else not factory.can()
def post(self, pid, record, **kwargs):
"""Send a signal to count record view for the record stats."""
factory = RecordPermission(record, "read")
if not factory.is_public() and not backoffice_permission().can():
if not current_user.is_authenticated:
abort(401)
abort(403)
data = request.get_json()
event_name = data.get("event")
if event_name == "record-view":
record_viewed.send(
current_app._get_current_object(),
pid=pid,
record=record,
)
return self.make_response(pid, record, 202)
elif event_name == "file-download":
if "key" not in data:
abort(406, "File key is required")
if "bucket_id" not in record:
abort(406, "Record has no bucket")
obj = ObjectVersion.get(record["bucket_id"], data["key"])
file_downloaded.send(current_app._get_current_object(),
obj=obj,
record=record)
return self.make_response(pid, record, 202)
return StatsError(
description="Invalid stats event request: {}".format(event_name))
def test_record_patron_create(client, db, users, with_role_creator):
"""Test patron create."""
tests = [
({
"foo": "bar"
}, "create", True),
({
"foo": "bar"
}, "update", False),
({
"foo": "bar"
}, "delete", False),
]
@identity_loaded.connect
def add_roles_to_identity(sender, identity):
"""Provide additional role to the user."""
roles = [RoleNeed("records-creators")]
identity.provides |= set(roles)
for access, action, is_allowed in tests:
# create role to be able to create records
user_login(client, "patron1", users)
id = uuid.uuid4()
record = Record.create(access, id_=id)
factory = RecordPermission(record, action)
assert factory.can() if is_allowed else not factory.can()
def test_record_librarian_access(db, users, access, action, is_allowed):
"""Test Librarian access."""
login_user(User.query.get(3))
id = uuid.uuid4()
record = Record.create(access, id_=id)
factory = RecordPermission(record, action)
assert factory.can() if is_allowed else not factory.can()
def test_record_patron_create(db, users, access, action, is_allowed):
"""Test patron create."""
@identity_loaded.connect
def mock_identity_provides(sender, identity):
"""Provide additional role to the user."""
roles = [ActionNeed('create-records')]
# Gives the user additional roles, f.e. based on his groups
identity.provides |= set(roles)
login_user(users["patron1"])
id = uuid.uuid4()
record = Record.create(access, id_=id)
factory = RecordPermission(record, action)
assert factory.can() if is_allowed else not factory.can()
def login_and_test(username):
user = user_login(client, username, users)
# Create record
id = uuid.uuid4()
record = Record.create(access, id_=id)
factory = RecordPermission(record, action)
if user.has_role("admin"):
# super user can do EVERYTHING
assert factory.can()
elif user.has_role("librarian") and action != "delete":
# librarian should be able to update, create, and read everything
assert factory.can()
else:
assert factory.can() if is_allowed else not factory.can()
def login_and_test(user_id):
login_user(User.query.get(user_id))
# Create record
user = User.query.get(user_id)
id = uuid.uuid4()
record = Record.create(access, id_=id)
factory = RecordPermission(record, action)
if user.has_role('admin'):
# super user can do EVERYTHING
assert factory.can()
elif user.has_role('librarian') and action != 'delete':
# librarian should be able to update, create, and read everything
assert factory.can()
else:
assert factory.can() if is_allowed else not factory.can()