def test_other_user_cannot_edit_private_annotation(self): annotation = Annotation(self.example_annotation) permissions.add_permissions(annotation, self.private_params) params = {"username": "******"} self.assertEqual( permissions.is_allowed_to_edit(params["username"], annotation), False)
def test_other_user_can_see_public_annotation(self): annotation = Annotation(self.example_annotation) permissions.add_permissions(annotation, self.public_params) params = {"username": "******"} self.assertEqual( permissions.is_allowed_to_see(params["username"], annotation), True)
def add_annotation_to_collection_es(self, annotation_id, collection_id, params): # check that user is allowed to edit collection collection = self.get_from_index_if_allowed( collection_id, username=params["username"], action="edit", annotation_type="AnnotationCollection") # check if collection contains annotation if collection.has_annotation(annotation_id): raise AnnotationError( message="Collection already contains this annotation") # check that user is allowed to see annotation self.get_from_index_if_allowed(annotation_id, username=params["username"], action="see", annotation_type="Annotation") # add annotation collection.add_annotation(annotation_id) # add permissions for access (see) and update (edit) permissions.add_permissions(collection, params) self.update_in_index(collection.to_json(), "AnnotationCollection") # set index needs refresh before next GET self.set_index_needs_refresh() # return collection metadata return collection.to_clean_json(params)
def update_annotation_es(self, updated_annotation_json, params): if "action" not in params: params["action"] = "edit" annotation = self.get_from_index_if_allowed( updated_annotation_json["id"], username=params["username"], action=params["action"], annotation_type="Annotation") # get copy of original target list old_target_list = copy.copy(annotation.to_json()["target_list"]) # update annotation with new data annotation.update(updated_annotation_json) # update permissions if given permissions.add_permissions(annotation, params) # update target_list self.add_target_list(annotation) # index updated annotation self.update_in_index(annotation.to_json(), annotation.type) # if target list has changed, annotations targeting this annotation should also be updated if self.target_list_changed(annotation.to_json()["target_list"], old_target_list): # updates annotations that target this updated annotation self.update_chained_annotations(annotation.id) # set index needs refresh before next GET self.set_index_needs_refresh() # return annotation to caller return annotation.to_clean_json(params)
def test_other_user_who_can_edit_can_also_see_shared_annotation(self): annotation = Annotation(self.example_annotation) permissions.add_permissions(annotation, self.shared_params) params = {"username": "******"} self.assertEqual( permissions.is_allowed_to_edit(params["username"], annotation), True) self.assertEqual( permissions.is_allowed_to_see(params["username"], annotation), True)
def test_can_see_user_cannot_edit_shared_annotation(self): annotation = Annotation(self.example_annotation) params = { "access_status": "shared", "username": "******", "can_see": ["user2", "user3"], "can_edit": ["user4"] } permissions.add_permissions(annotation, params) self.assertEqual( permissions.is_allowed_action(params["can_see"][0], "see", annotation), True) self.assertEqual( permissions.is_allowed_action(params["can_see"][0], "edit", annotation), False)
def create_collection_es(self, collection_data, params): # check if collection is valid, add id and timestamp collection = AnnotationCollection(collection_data) # if collection already has ID, check if it already exists in the index if "id" in collection_data: self.should_not_exist(collection_data['id'], collection_data['type']) # add permissions for access (see) and update (edit) permissions.add_permissions(collection, params) # index collection self.add_to_index(collection.to_json(), collection.type) # set index needs refresh before next GET self.set_index_needs_refresh() # return collection to caller return collection.to_clean_json(params)
def add_annotation_es(self, annotation, params): # check if annotation is valid, add id and timestamp anno = Annotation(annotation) # if annotation already has ID, check if it already exists in the index if "id" in annotation: self.should_not_exist(annotation['id'], annotation['type']) # add permissions for access (see) and update (edit) permissions.add_permissions(anno, params) # create target_list for easy target-based retrieval self.add_target_list(anno) # index annotation self.add_to_index(anno.to_json(), annotation["type"]) # set index needs refresh before next GET self.set_index_needs_refresh() # exclude target_list and permissions when returning annotation return anno.to_clean_json(params)
def test_anonymous_user_cannot_edit_shared_annotation(self): annotation = Annotation(self.example_annotation) permissions.add_permissions(annotation, self.shared_params) self.assertEqual( permissions.is_allowed_to_edit(self.anon_params["username"], annotation), False)
def test_owner_user_can_see_shared_annotation(self): annotation = Annotation(self.example_annotation) permissions.add_permissions(annotation, self.shared_params) self.assertEqual( permissions.is_allowed_to_see(self.private_params["username"], annotation), True)
def test_anonymous_user_can_see_public_annotation(self): annotation = Annotation(self.example_annotation) permissions.add_permissions(annotation, self.public_params) self.assertEqual( permissions.is_allowed_to_see(self.anon_params["username"], annotation), True)