def test_propertyvalue_acl_get_record_match_acl(app, db, es, es_acl_prepare,
test_users):
pid, record = create_record(
{
'$schema': RECORD_SCHEMA,
'keywords': ['blah'],
'title': 'Hello world'
},
clz=SchemaEnforcingRecord)
pid1, record1 = create_record(
{
'$schema': RECORD_SCHEMA,
'keywords': ['test'],
'title': 'Goodbye world'
},
clz=SchemaEnforcingRecord)
with db.session.begin_nested():
acl = PropertyValueACL(name='test',
schemas=[RECORD_SCHEMA],
priority=0,
operation='get',
originator=test_users.u1)
propval = PropertyValue(name='title',
value='hello',
acl=acl,
originator=test_users.u1,
match_operation=MatchOperation.match)
db.session.add(acl)
db.session.add(propval)
acl2 = PropertyValueACL(name='test 2',
schemas=[RECORD_SCHEMA],
priority=0,
operation='get',
originator=test_users.u1)
propval2 = PropertyValue(name='title',
value='goodbye',
acl=acl2,
originator=test_users.u1,
match_operation=MatchOperation.match)
db.session.add(acl2)
db.session.add(propval2)
acl.update()
acl2.update()
acls = list(PropertyValueACL.get_record_acls(record))
assert len(acls) == 1
assert isinstance(acls[0], PropertyValueACL)
assert acls[0].id == acl.id
acls = list(PropertyValueACL.get_record_acls(record1))
assert len(acls) == 1
assert isinstance(acls[0], PropertyValueACL)
assert acls[0].id == acl2.id
def test_propertyvalue_acl_prepare_schema_acl(app, db, es, es_acl_prepare,
test_users):
# should pass as it does nothing
PropertyValueACL.prepare_schema_acls(RECORD_SCHEMA)
idx = PropertyValueACL.get_acl_index_name(
schema_to_index(RECORD_SCHEMA)[0])
mapping = current_search_client.indices.get_mapping(idx)
assert idx in mapping
idx, doc_type = schema_to_index(RECORD_SCHEMA)
mapping = current_search_client.indices.get_mapping(idx)
assert '_invenio_explicit_acls' in mapping[idx]['mappings'][doc_type][
'properties']
def test_propertyvalue_acl_update(app, db, es, es_acl_prepare, test_users):
# should pass as it does nothing
with db.session.begin_nested():
acl = PropertyValueACL(name='test',
schemas=[RECORD_SCHEMA],
priority=0,
operation='get',
originator=test_users.u1)
propval = PropertyValue(name='keywords',
value='test',
acl=acl,
originator=test_users.u1)
db.session.add(acl)
db.session.add(propval)
acl.update() # makes version 1
acl.update() # makes version 2
idx = acl.get_acl_index_name(schema_to_index(RECORD_SCHEMA)[0])
acl_md = current_search_client.get(
index=idx,
doc_type=current_app.config['INVENIO_EXPLICIT_ACLS_DOCTYPE_NAME'],
id=acl.id)
# ES7 returns extra:
acl_md.pop('_seq_no', None)
acl_md.pop('_primary_term', None)
assert acl_md == {
'_id': acl.id,
'_index': 'invenio_explicit_acls-acl-v1.0.0-records-record-v1.0.0',
'_source': {
'__acl_record_selector': {
'bool': {
'must': [{
'term': {
'keywords': 'test'
}
}]
}
},
'__acl_record_type': 'propertyvalue'
},
'_type': '_doc',
'_version': 2,
'found': True
}
def test_no_es_prepared_index(app, db, es, test_users):
pid, record = create_record(
{
'$schema': RECORD_SCHEMA,
'keywords': ['blah']
},
clz=SchemaEnforcingRecord)
with pytest.raises(
RuntimeError,
match='Explicit ACLs were not prepared for the given schema. '
'Please run invenio explicit-acls prepare '
'https://localhost/schemas/records/record-v1.0.0.json'):
list(PropertyValueACL.get_record_acls(record))
def test_propertyvalue_str(app, db, es, es_acl_prepare, test_users):
with db.session.begin_nested():
acl = PropertyValueACL(name='test',
schemas=[RECORD_SCHEMA],
priority=0,
operation='get',
originator=test_users.u1)
propval = PropertyValue(name='keywords',
value='test',
acl=acl,
originator=test_users.u1,
bool_operation=BoolOperation.must,
match_operation=MatchOperation.term)
assert str(
propval
) == 'BoolOperation.must: MatchOperation.term(keywords=test)'
def test_propertyvalue_acl_get_matching_resources(app, db, es, es_acl_prepare,
test_users):
pid, record = create_record(
{
'$schema': RECORD_SCHEMA,
'keywords': ['blah']
},
clz=SchemaEnforcingRecord)
pid1, record1 = create_record(
{
'$schema': RECORD_SCHEMA,
'keywords': ['test']
},
clz=SchemaEnforcingRecord)
RecordIndexer().index(record)
RecordIndexer().index(record1)
current_search_client.indices.refresh()
current_search_client.indices.flush()
with db.session.begin_nested():
acl = PropertyValueACL(name='test',
schemas=[RECORD_SCHEMA],
priority=0,
operation='get',
originator=test_users.u1)
propval = PropertyValue(name='keywords',
value='blah',
acl=acl,
originator=test_users.u1)
db.session.add(acl)
db.session.add(propval)
acl1 = PropertyValueACL(name='test',
schemas=[RECORD_SCHEMA],
priority=0,
operation='get',
originator=test_users.u1)
propval2 = PropertyValue(name='keywords',
value='test',
acl=acl1,
originator=test_users.u1)
db.session.add(acl1)
db.session.add(propval2)
ids = list(acl.get_matching_resources())
assert len(ids) == 1
assert ids[0] == str(pid.object_uuid)
ids = list(acl1.get_matching_resources())
assert len(ids) == 1
assert ids[0] == str(pid1.object_uuid)
def test_propertyvalue_acl_repr(app, db, es, es_acl_prepare, test_users):
# should pass as it does nothing
with db.session.begin_nested():
acl = PropertyValueACL(name='test',
schemas=[RECORD_SCHEMA],
priority=0,
operation='get',
originator=test_users.u1)
propval = PropertyValue(name='keywords',
value='test',
acl=acl,
originator=test_users.u1)
db.session.add(acl)
db.session.add(propval)
assert repr(
acl
) == "\"test\" (%s) on schemas ['records/record-v1.0.0.json']" % acl.id
def test_multi_propertyvalue_acl_get_matching_resources(
app, db, es, es_acl_prepare, test_users):
pid, record = create_record(
{
'$schema': RECORD_SCHEMA,
'title': 'foo',
'keywords': ['blah']
},
clz=SchemaEnforcingRecord)
pid1, record1 = create_record(
{
'$schema': RECORD_SCHEMA,
'title': 'bar',
'keywords': ['blah']
},
clz=SchemaEnforcingRecord)
pid2, record2 = create_record(
{
'$schema': RECORD_SCHEMA,
'title': 'bar',
'keywords': ['blah', 'test']
},
clz=SchemaEnforcingRecord)
RecordIndexer().index(record)
RecordIndexer().index(record1)
RecordIndexer().index(record2)
current_search_client.indices.flush()
with db.session.begin_nested():
aclAND = PropertyValueACL(name='TestAND',
schemas=[RECORD_SCHEMA],
priority=0,
operation='get',
originator=test_users.u1)
propval1 = PropertyValue(name='keywords',
value='blah',
acl=aclAND,
originator=test_users.u1,
bool_operation=BoolOperation.must)
propval2 = PropertyValue(name='title',
value='foo',
acl=aclAND,
originator=test_users.u1,
bool_operation=BoolOperation.must)
db.session.add(aclAND)
db.session.add(propval1)
db.session.add(propval2)
aclANDnot = PropertyValueACL(name='TestAND+NOT',
schemas=[RECORD_SCHEMA],
priority=0,
operation='get',
originator=test_users.u1)
propval3 = PropertyValue(name='title',
value='bar',
acl=aclANDnot,
originator=test_users.u1,
bool_operation=BoolOperation.must)
propval4 = PropertyValue(name='keywords',
value='blah',
acl=aclANDnot,
originator=test_users.u1,
bool_operation=BoolOperation.must)
propval5 = PropertyValue(name='keywords',
value='test',
acl=aclANDnot,
originator=test_users.u1,
bool_operation=BoolOperation.mustNot)
db.session.add(aclANDnot)
db.session.add(propval3)
db.session.add(propval4)
db.session.add(propval5)
ids = list(aclAND.get_matching_resources())
assert len(ids) == 1
assert ids[0] == str(pid.object_uuid)
ids = list(aclANDnot.get_matching_resources())
assert len(ids) == 1
assert ids[0] == str(pid1.object_uuid)
