def test_other_user_cannot_edit_private_annotation(self):
annotation = Annotation(self.example_annotation)
permissions.add_permissions(annotation, self.private_params)
params = {"username": "******"}
self.assertEqual(
permissions.is_allowed_to_edit(params["username"], annotation),
False)
def test_other_user_can_see_public_annotation(self):
annotation = Annotation(self.example_annotation)
permissions.add_permissions(annotation, self.public_params)
params = {"username": "******"}
self.assertEqual(
permissions.is_allowed_to_see(params["username"], annotation),
True)
def add_annotation_to_collection_es(self, annotation_id, collection_id,
params):
# check that user is allowed to edit collection
collection = self.get_from_index_if_allowed(
collection_id,
username=params["username"],
action="edit",
annotation_type="AnnotationCollection")
# check if collection contains annotation
if collection.has_annotation(annotation_id):
raise AnnotationError(
message="Collection already contains this annotation")
# check that user is allowed to see annotation
self.get_from_index_if_allowed(annotation_id,
username=params["username"],
action="see",
annotation_type="Annotation")
# add annotation
collection.add_annotation(annotation_id)
# add permissions for access (see) and update (edit)
permissions.add_permissions(collection, params)
self.update_in_index(collection.to_json(), "AnnotationCollection")
# set index needs refresh before next GET
self.set_index_needs_refresh()
# return collection metadata
return collection.to_clean_json(params)
def update_annotation_es(self, updated_annotation_json, params):
if "action" not in params:
params["action"] = "edit"
annotation = self.get_from_index_if_allowed(
updated_annotation_json["id"],
username=params["username"],
action=params["action"],
annotation_type="Annotation")
# get copy of original target list
old_target_list = copy.copy(annotation.to_json()["target_list"])
# update annotation with new data
annotation.update(updated_annotation_json)
# update permissions if given
permissions.add_permissions(annotation, params)
# update target_list
self.add_target_list(annotation)
# index updated annotation
self.update_in_index(annotation.to_json(), annotation.type)
# if target list has changed, annotations targeting this annotation should also be updated
if self.target_list_changed(annotation.to_json()["target_list"],
old_target_list):
# updates annotations that target this updated annotation
self.update_chained_annotations(annotation.id)
# set index needs refresh before next GET
self.set_index_needs_refresh()
# return annotation to caller
return annotation.to_clean_json(params)
def test_other_user_who_can_edit_can_also_see_shared_annotation(self):
annotation = Annotation(self.example_annotation)
permissions.add_permissions(annotation, self.shared_params)
params = {"username": "******"}
self.assertEqual(
permissions.is_allowed_to_edit(params["username"], annotation),
True)
self.assertEqual(
permissions.is_allowed_to_see(params["username"], annotation),
True)
def test_can_see_user_cannot_edit_shared_annotation(self):
annotation = Annotation(self.example_annotation)
params = {
"access_status": "shared",
"username": "******",
"can_see": ["user2", "user3"],
"can_edit": ["user4"]
}
permissions.add_permissions(annotation, params)
self.assertEqual(
permissions.is_allowed_action(params["can_see"][0], "see",
annotation), True)
self.assertEqual(
permissions.is_allowed_action(params["can_see"][0], "edit",
annotation), False)
def create_collection_es(self, collection_data, params):
# check if collection is valid, add id and timestamp
collection = AnnotationCollection(collection_data)
# if collection already has ID, check if it already exists in the index
if "id" in collection_data:
self.should_not_exist(collection_data['id'],
collection_data['type'])
# add permissions for access (see) and update (edit)
permissions.add_permissions(collection, params)
# index collection
self.add_to_index(collection.to_json(), collection.type)
# set index needs refresh before next GET
self.set_index_needs_refresh()
# return collection to caller
return collection.to_clean_json(params)
def add_annotation_es(self, annotation, params):
# check if annotation is valid, add id and timestamp
anno = Annotation(annotation)
# if annotation already has ID, check if it already exists in the index
if "id" in annotation:
self.should_not_exist(annotation['id'], annotation['type'])
# add permissions for access (see) and update (edit)
permissions.add_permissions(anno, params)
# create target_list for easy target-based retrieval
self.add_target_list(anno)
# index annotation
self.add_to_index(anno.to_json(), annotation["type"])
# set index needs refresh before next GET
self.set_index_needs_refresh()
# exclude target_list and permissions when returning annotation
return anno.to_clean_json(params)
def test_anonymous_user_cannot_edit_shared_annotation(self):
annotation = Annotation(self.example_annotation)
permissions.add_permissions(annotation, self.shared_params)
self.assertEqual(
permissions.is_allowed_to_edit(self.anon_params["username"],
annotation), False)
def test_owner_user_can_see_shared_annotation(self):
annotation = Annotation(self.example_annotation)
permissions.add_permissions(annotation, self.shared_params)
self.assertEqual(
permissions.is_allowed_to_see(self.private_params["username"],
annotation), True)
def test_anonymous_user_can_see_public_annotation(self):
annotation = Annotation(self.example_annotation)
permissions.add_permissions(annotation, self.public_params)
self.assertEqual(
permissions.is_allowed_to_see(self.anon_params["username"],
annotation), True)
