class TestPrivateLink(OsfTestCase):
def setUp(self):
super(TestPrivateLink, self).setUp()
self.flaskapp = Flask('testing_private_links')
@self.flaskapp.route('/project/<pid>/')
@must_be_contributor
def project_get(**kwargs):
return 'success', 200
self.app = WebtestApp(self.flaskapp)
self.user = AuthUserFactory()
self.project = ProjectFactory(is_public=False)
self.link = PrivateLinkFactory()
self.link.nodes.add(self.project)
self.link.save()
@mock.patch('website.project.decorators.Auth.from_kwargs')
def test_has_private_link_key(self, mock_from_kwargs):
mock_from_kwargs.return_value = Auth(user=None)
res = self.app.get('/project/{0}'.format(self.project._primary_key),
{'view_only': self.link.key})
res = res.follow()
assert_equal(res.status_code, 200)
assert_equal(res.body, 'success')
@mock.patch('website.project.decorators.Auth.from_kwargs')
def test_does_not_have_key(self, mock_from_kwargs):
mock_from_kwargs.return_value = Auth(user=None)
res = self.app.get('/project/{0}'.format(self.project._primary_key),
{'key': None})
assert_is_redirect(res)
class TestPrivateLink(OsfTestCase):
def setUp(self):
super(TestPrivateLink, self).setUp()
self.flaskapp = Flask('testing_private_links')
@self.flaskapp.route('/project/<pid>/')
@must_be_contributor
def project_get(**kwargs):
return 'success', 200
self.app = WebtestApp(self.flaskapp)
self.user = AuthUserFactory()
self.project = ProjectFactory(is_public=False)
self.link = PrivateLinkFactory()
self.link.nodes.add(self.project)
self.link.save()
@mock.patch('website.project.decorators.Auth.from_kwargs')
def test_has_private_link_key(self, mock_from_kwargs):
mock_from_kwargs.return_value = Auth(user=None)
res = self.app.get('/project/{0}'.format(self.project._primary_key),
{'view_only': self.link.key})
res = res.follow()
assert_equal(res.status_code, 200)
assert_equal(res.body, 'success')
@mock.patch('website.project.decorators.Auth.from_kwargs')
def test_does_not_have_key(self, mock_from_kwargs):
mock_from_kwargs.return_value = Auth(user=None)
res = self.app.get('/project/{0}'.format(self.project._primary_key),
{'key': None})
assert_is_redirect(res)
def test_private_node_user_with_private_and_anonymous_link_misc(
self, app, private_project, comment):
# def test_private_node_user_with_private_link_can_see_comment
private_link = PrivateLinkFactory(anonymous=False)
private_link.nodes.add(private_project)
private_link.save()
res = app.get('/{}comments/{}/'.format(API_BASE, comment._id),
{'view_only': private_link.key},
expect_errors=True)
assert res.status_code == 200
assert comment._id == res.json['data']['id']
assert comment.content == res.json['data']['attributes']['content']
# test_private_node_user_with_anonymous_link_cannot_see_commenter_info
private_link = PrivateLinkFactory(anonymous=True)
private_link.nodes.add(private_project)
private_link.save()
res = app.get('/{}comments/{}/'.format(API_BASE, comment._id),
{'view_only': private_link.key})
assert res.status_code == 200
assert comment._id == res.json['data']['id']
assert comment.content == res.json['data']['attributes']['content']
assert 'user' not in res.json['data']['relationships']
# test_private_node_user_with_anonymous_link_cannot_see_mention_info
comment.content = 'test with [@username](userlink) and @mention'
comment.save()
res = app.get('/{}comments/{}/'.format(API_BASE, comment._id),
{'view_only': private_link.key})
assert res.status_code == 200
assert comment._id == res.json['data']['id']
assert 'test with @A User and @mention' == res.json['data'][
'attributes']['content']
def test_private_node_user_with_view_only_link_can_view_wiki_version(self):
self._set_up_private_project_with_wiki_page()
private_link = PrivateLinkFactory(anonymous=False)
private_link.nodes.add(self.private_project)
private_link.save()
url = furl.furl(self.private_url).add(query_params={'view_only': private_link.key}).url
res = self.app.get(url)
assert_equal(res.status_code, 200)
assert_equal(res.json['data']['id'], str(self.private_wiki_version.identifier))
def test_private_node_user_with_view_only_link_can_view_wiki(self):
self._set_up_private_project_with_wiki_page()
private_link = PrivateLinkFactory(anonymous=False)
private_link.nodes.add(self.private_project)
private_link.save()
url = furl.furl(self.private_url).add(query_params={
'view_only': private_link.key
}).url
res = self.app.get(url)
assert_equal(res.status_code, 200)
assert_equal(res.json['data']['id'], self.private_wiki._id)
def test_public_node_user_with_private_link_can_view_comment(self):
self._set_up_public_project_with_comment()
private_link = PrivateLinkFactory(anonymous=False)
private_link.nodes.add(self.public_project)
private_link.save()
res = self.app.get('/{}comments/{}/'.format(API_BASE,
self.public_comment._id),
{'view_only': private_link.key},
expect_errors=True)
assert_equal(self.public_comment._id, res.json['data']['id'])
assert_equal(self.public_comment.content,
res.json['data']['attributes']['content'])
class TestPrivateLinkView(OsfTestCase):
def setUp(self):
super(TestPrivateLinkView, self).setUp()
self.user = AuthUserFactory() # Is NOT a contributor
self.project = ProjectFactory(is_public=False)
self.link = PrivateLinkFactory(anonymous=True)
self.link.nodes.add(self.project)
self.link.save()
self.project_url = self.project.web_url_for('view_project')
def test_anonymous_link_hide_contributor(self):
res = self.app.get(self.project_url, {'view_only': self.link.key})
assert_in('Anonymous Contributors', res.body)
assert_not_in(self.user.fullname, res)
def test_anonymous_link_hides_citations(self):
res = self.app.get(self.project_url, {'view_only': self.link.key})
assert_not_in('Citation:', res)
def test_no_warning_for_read_only_user_with_valid_link(self):
link2 = PrivateLinkFactory(anonymous=False)
link2.nodes.add(self.project)
link2.save()
self.project.add_contributor(
self.user,
permissions=['read'],
save=True,
)
res = self.app.get(self.project_url, {'view_only': link2.key},
auth=self.user.auth)
assert_not_in(
'is being viewed through a private, view-only link. '
'Anyone with the link can view this project. Keep '
'the link safe.',
res.body
)
def test_no_warning_for_read_only_user_with_invalid_link(self):
self.project.add_contributor(
self.user,
permissions=['read'],
save=True,
)
res = self.app.get(self.project_url, {'view_only': 'not_valid'},
auth=self.user.auth)
assert_not_in(
'is being viewed through a private, view-only link. '
'Anyone with the link can view this project. Keep '
'the link safe.',
res.body
)
class TestPrivateLinkView(OsfTestCase):
def setUp(self):
super(TestPrivateLinkView, self).setUp()
self.user = AuthUserFactory() # Is NOT a contributor
self.project = ProjectFactory(is_public=False)
self.link = PrivateLinkFactory(anonymous=True)
self.link.nodes.add(self.project)
self.link.save()
self.project_url = self.project.web_url_for('view_project')
def test_anonymous_link_hide_contributor(self):
res = self.app.get(self.project_url, {'view_only': self.link.key})
assert_in('Anonymous Contributors', res.body)
assert_not_in(self.user.fullname, res)
def test_anonymous_link_hides_citations(self):
res = self.app.get(self.project_url, {'view_only': self.link.key})
assert_not_in('Citation:', res)
def test_no_warning_for_read_only_user_with_valid_link(self):
link2 = PrivateLinkFactory(anonymous=False)
link2.nodes.add(self.project)
link2.save()
self.project.add_contributor(
self.user,
permissions=['read'],
save=True,
)
res = self.app.get(self.project_url, {'view_only': link2.key},
auth=self.user.auth)
assert_not_in(
'is being viewed through a private, view-only link. '
'Anyone with the link can view this project. Keep '
'the link safe.',
res.body
)
def test_no_warning_for_read_only_user_with_invalid_link(self):
self.project.add_contributor(
self.user,
permissions=['read'],
save=True,
)
res = self.app.get(self.project_url, {'view_only': 'not_valid'},
auth=self.user.auth)
assert_not_in(
'is being viewed through a private, view-only link. '
'Anyone with the link can view this project. Keep '
'the link safe.',
res.body
)
def test_build_addon_root_for_anonymous_vols_shows_path(self):
private_link = PrivateLinkFactory()
private_link.nodes.add(self.project)
private_link.save()
project_viewer = UserFactory()
result = rubeus.build_addon_root(self.node_settings,
self.node_settings.bucket,
user=project_viewer,
private_key=private_link.key)
assert result['name'] == 'Amazon S3: {0}'.format(
self.node_settings.bucket)
def test_private_node_user_with_anonymous_link_cannot_see_commenter_info(
self):
self._set_up_private_project_with_comment()
private_link = PrivateLinkFactory(anonymous=True)
private_link.nodes.add(self.private_project)
private_link.save()
res = self.app.get(
'/{}comments/{}/'.format(API_BASE, self.comment._id),
{'view_only': private_link.key})
assert_equal(res.status_code, 200)
assert_equal(self.comment._id, res.json['data']['id'])
assert_equal(self.comment.content,
res.json['data']['attributes']['content'])
assert_not_in('user', res.json['data']['relationships'])
def test_build_addon_root_for_anonymous_vols_hides_path(self):
private_anonymous_link = PrivateLinkFactory(anonymous=True)
private_anonymous_link.nodes.add(self.project)
private_anonymous_link.save()
project_viewer = UserFactory()
result = rubeus.build_addon_root(
self.node_settings,
self.node_settings.bucket,
user=project_viewer,
private_key=private_anonymous_link.key
)
assert result['name'] == 'Amazon S3'
def test_no_warning_for_read_only_user_with_valid_link(self):
link2 = PrivateLinkFactory(anonymous=False)
link2.nodes.add(self.project)
link2.save()
self.project.add_contributor(
self.user,
permissions=['read'],
save=True,
)
res = self.app.get(self.project_url, {'view_only': link2.key},
auth=self.user.auth)
assert_not_in(
"is being viewed through a private, view-only link. "
"Anyone with the link can view this project. Keep "
"the link safe.", res.body)
def test_params_do_not_appear_on_private_project_with_anonymous_view_only_link(self):
private_link = PrivateLinkFactory(anonymous=True)
private_link.nodes.add(self.node)
private_link.save()
url = self.url + '{}/'.format(self.log_add_contributor._id)
res = self.app.get(url, {'view_only': private_link.key}, expect_errors=True)
assert_equal(res.status_code, 200)
data = res.json['data']
assert_in('attributes', data)
assert_not_in('params', data['attributes'])
body = res.body
assert_not_in(self.user._id, body)
def test_private_node_user_with_anonymous_link_cannot_see_mention_info(
self):
self._set_up_private_project_with_comment()
self.comment.content = 'test with [@username](userlink) and @mention'
self.comment.save()
private_link = PrivateLinkFactory(anonymous=True)
private_link.nodes.add(self.private_project)
private_link.save()
res = self.app.get(
'/{}comments/{}/'.format(API_BASE, self.comment._id),
{'view_only': private_link.key})
assert_equal(res.status_code, 200)
assert_equal(self.comment._id, res.json['data']['id'])
assert_equal('test with @A User and @mention',
res.json['data']['attributes']['content'])
def test_public_node_view_only_link_user_cannot_see_deleted_comment(self):
self._set_up_public_project_with_comment()
self.public_comment.is_deleted = True
self.public_comment.save()
private_link = PrivateLinkFactory(anonymous=False)
private_link.nodes.add(self.public_project)
private_link.save()
res = self.app.get('/{}comments/{}/'.format(API_BASE,
self.public_comment._id),
{'view_only': private_link.key},
expect_errors=True)
assert_equal(res.status_code, 200)
assert_is_none(res.json['data']['attributes']['content'])
def test_params_do_not_appear_on_private_project_with_anonymous_view_only_link(
self, app, url_logs, node_private, contributor_log_private, user_one):
private_link = PrivateLinkFactory(anonymous=True)
private_link.nodes.add(node_private)
private_link.save()
url = '{}{}/'.format(url_logs, contributor_log_private._id)
res = app.get(url, {'view_only': private_link.key}, expect_errors=True)
assert res.status_code == 200
data = res.json['data']
assert 'attributes' in data
assert 'params' not in data['attributes']
body = res.body
assert user_one._id not in body
def test_params_do_not_appear_on_private_project_with_anonymous_view_only_link(
self, app, url_logs, node_private, contributor_log_private, user_one):
private_link = PrivateLinkFactory(anonymous=True)
private_link.nodes.add(node_private)
private_link.save()
url = '{}{}/'.format(url_logs, contributor_log_private._id)
res = app.get(url, {'view_only': private_link.key}, expect_errors=True)
assert res.status_code == 200
data = res.json['data']
assert 'attributes' in data
assert 'params' not in data['attributes']
body = res.body.decode()
assert user_one._id not in body
def test_deleted_vols_not_returned(self, app, user, url, public_project):
view_only_link = PrivateLinkFactory(name='testlink2')
view_only_link.nodes.add(public_project)
view_only_link.save()
res = app.get(url, auth=user.auth)
data = res.json['data']
assert res.status_code == 200
assert len(data) == 2
view_only_link.nodes.remove(public_project)
view_only_link.save()
res = app.get(url, auth=user.auth)
data = res.json['data']
assert res.status_code == 200
assert len(data) == 1
def test_no_warning_for_read_only_user_with_valid_link(self):
link2 = PrivateLinkFactory(anonymous=False)
link2.nodes.add(self.project)
link2.save()
self.project.add_contributor(
self.user,
permissions=['read'],
save=True,
)
res = self.app.get(self.project_url, {'view_only': link2.key},
auth=self.user.auth)
assert_not_in(
'is being viewed through a private, view-only link. '
'Anyone with the link can view this project. Keep '
'the link safe.',
res.body
)
class ViewOnlyLinkTestCase(ApiTestCase):
def setUp(self):
super(ViewOnlyLinkTestCase, self).setUp()
self.user = AuthUserFactory()
self.read_only_user = AuthUserFactory()
self.read_write_user = AuthUserFactory()
self.non_contributor = AuthUserFactory()
self.public_project = ProjectFactory(is_public=True, creator=self.user)
self.public_project.add_contributor(self.read_only_user, permissions=[permissions.READ])
self.public_project.add_contributor(self.read_write_user, permissions=[permissions.WRITE])
self.public_project.save()
self.view_only_link = PrivateLinkFactory(name='testlink')
self.view_only_link.nodes.add(self.public_project)
self.view_only_link.save()
def test_deleted_vols_not_returned(self, app, user, url, public_project):
view_only_link = PrivateLinkFactory(name='testlink2')
view_only_link.nodes.add(public_project)
view_only_link.save()
res = app.get(url, auth=user.auth)
data = res.json['data']
assert res.status_code == 200
assert len(data) == 2
view_only_link.nodes.remove(public_project)
view_only_link.save()
res = app.get(url, auth=user.auth)
data = res.json['data']
assert res.status_code == 200
assert len(data) == 1
def test_deleted_vols_not_returned(self):
view_only_link = PrivateLinkFactory(name='testlink2')
view_only_link.nodes.add(self.public_project)
view_only_link.save()
res = self.app.get(self.url, auth=self.user.auth)
data = res.json['data']
assert_equal(res.status_code, 200)
assert_equal(len(data), 2)
view_only_link.nodes.remove(self.public_project)
view_only_link.save()
res = self.app.get(self.url, auth=self.user.auth)
data = res.json['data']
assert_equal(res.status_code, 200)
assert_equal(len(data), 1)
def test_private_node_deleted_comment_auth_misc(self, app, user,
contributor, comment,
private_project):
comment.is_deleted = True
comment.save()
# test_private_node_only_logged_in_commenter_can_view_deleted_comment
url = '/{}comments/{}/'.format(API_BASE, comment._id)
res = app.get(url, auth=user.auth)
assert res.status_code == 200
assert res.json['data']['attributes']['content'] == comment.content
# test_private_node_contributor_cannot_see_other_users_deleted_comment
url = '/{}comments/{}/'.format(API_BASE, comment._id)
res = app.get(url, auth=contributor.auth)
assert res.status_code == 200
assert res.json['data']['attributes']['content'] is None
# test_private_node_logged_out_user_cannot_see_deleted_comment
url = '/{}comments/{}/'.format(API_BASE, comment._id)
res = app.get(url, expect_errors=True)
assert res.status_code == 401
assert res.json['errors'][0][
'detail'] == exceptions.NotAuthenticated.default_detail
# test_private_node_view_only_link_user_cannot_see_deleted_comment
private_link = PrivateLinkFactory(anonymous=False)
private_link.nodes.add(private_project)
private_link.save()
res = app.get('/{}comments/{}/'.format(API_BASE, comment._id),
{'view_only': private_link.key},
expect_errors=True)
assert res.status_code == 200
assert res.json['data']['attributes']['content'] is None
# test_private_node_anonymous_view_only_link_user_cannot_see_deleted_comment
anonymous_link = PrivateLinkFactory(anonymous=True)
anonymous_link.nodes.add(private_project)
anonymous_link.save()
res = app.get('/{}comments/{}/'.format(API_BASE, comment._id),
{'view_only': anonymous_link.key},
expect_errors=True)
assert res.status_code == 200
assert res.json['data']['attributes']['content'] is None
def test_public_node_deleted_comments_auth_misc(
self, app, user, contributor, non_contrib,
public_project, public_comment
):
public_comment.is_deleted = True
public_comment.save()
url = '/{}comments/{}/'.format(API_BASE, public_comment._id)
# test_public_node_only_logged_in_commenter_can_view_deleted_comment
res = app.get(url, auth=user.auth)
assert res.status_code == 200
assert res.json['data']['attributes']['content'] == public_comment.content
# test_public_node_contributor_cannot_view_other_users_deleted_comment
res = app.get(url, auth=contributor.auth)
assert res.status_code == 200
assert res.json['data']['attributes']['content'] is None
# test_public_node_non_contrib_cannot_view_other_users_deleted_comment
res = app.get(url, auth=non_contrib.auth)
assert res.status_code == 200
assert res.json['data']['attributes']['content'] is None
# test_public_node_logged_out_user_cannot_view_deleted_comments
res = app.get(url)
assert res.status_code == 200
assert res.json['data']['attributes']['content'] is None
# test_public_node_view_only_link_user_cannot_see_deleted_comment
private_link = PrivateLinkFactory(anonymous=False)
private_link.nodes.add(public_project)
private_link.save()
res = app.get(
'/{}comments/{}/'.format(
API_BASE, public_comment._id
),
{'view_only': private_link.key},
expect_errors=True
)
assert res.status_code == 200
assert res.json['data']['attributes']['content'] is None
def test_public_node_deleted_comments_auth_misc(
self, app, user, contributor, non_contrib,
public_project, public_comment
):
public_comment.is_deleted = True
public_comment.save()
url = '/{}comments/{}/'.format(API_BASE, public_comment._id)
# test_public_node_only_logged_in_commenter_can_view_deleted_comment
res = app.get(url, auth=user.auth)
assert res.status_code == 200
assert res.json['data']['attributes']['content'] == public_comment.content
# test_public_node_contributor_cannot_view_other_users_deleted_comment
res = app.get(url, auth=contributor.auth)
assert res.status_code == 200
assert res.json['data']['attributes']['content'] is None
# test_public_node_non_contrib_cannot_view_other_users_deleted_comment
res = app.get(url, auth=non_contrib.auth)
assert res.status_code == 200
assert res.json['data']['attributes']['content'] is None
# test_public_node_logged_out_user_cannot_view_deleted_comments
res = app.get(url)
assert res.status_code == 200
assert res.json['data']['attributes']['content'] is None
# test_public_node_view_only_link_user_cannot_see_deleted_comment
private_link = PrivateLinkFactory(anonymous=False)
private_link.nodes.add(public_project)
private_link.save()
res = app.get(
'/{}comments/{}/'.format(
API_BASE, public_comment._id
),
{'view_only': private_link.key},
expect_errors=True
)
assert res.status_code == 200
assert res.json['data']['attributes']['content'] is None
def test_public_node_comment_can_view_misc(self, app, user, non_contrib,
public_project, public_url,
public_comment,
registration_comment,
comment_url):
# test_public_node_logged_in_contributor_can_view_comment
res = app.get(public_url, auth=user.auth)
assert res.status_code == 200
assert public_comment._id == res.json['data']['id']
assert public_comment.content == res.json['data']['attributes'][
'content']
# test_public_node_logged_in_non_contrib_can_view_comment
res = app.get(public_url, auth=non_contrib.auth)
assert res.status_code == 200
assert public_comment._id == res.json['data']['id']
assert public_comment.content == res.json['data']['attributes'][
'content']
# test_public_node_logged_out_user_can_view_comment
res = app.get(public_url)
assert res.status_code == 200
assert public_comment._id == res.json['data']['id']
assert public_comment.content == res.json['data']['attributes'][
'content']
# test_registration_logged_in_contributor_can_view_comment
res = app.get(comment_url, auth=user.auth)
assert res.status_code == 200
assert registration_comment._id == res.json['data']['id']
assert registration_comment.content == res.json['data']['attributes'][
'content']
# test_public_node_user_with_private_link_can_view_comment
private_link = PrivateLinkFactory(anonymous=False)
private_link.nodes.add(public_project)
private_link.save()
res = app.get('/{}comments/{}/'.format(API_BASE, public_comment._id),
{'view_only': private_link.key},
expect_errors=True)
assert public_comment._id == res.json['data']['id']
assert public_comment.content == res.json['data']['attributes'][
'content']
def test_private_node_deleted_comment_auth_misc(
self, app, user, contributor, comment, private_project):
comment.is_deleted = True
comment.save()
# test_private_node_only_logged_in_commenter_can_view_deleted_comment
url = '/{}comments/{}/'.format(API_BASE, comment._id)
res = app.get(url, auth=user.auth)
assert res.status_code == 200
assert res.json['data']['attributes']['content'] == comment.content
# test_private_node_contributor_cannot_see_other_users_deleted_comment
url = '/{}comments/{}/'.format(API_BASE, comment._id)
res = app.get(url, auth=contributor.auth)
assert res.status_code == 200
assert res.json['data']['attributes']['content'] is None
# test_private_node_logged_out_user_cannot_see_deleted_comment
url = '/{}comments/{}/'.format(API_BASE, comment._id)
res = app.get(url, expect_errors=True)
assert res.status_code == 401
assert res.json['errors'][0]['detail'] == exceptions.NotAuthenticated.default_detail
# test_private_node_view_only_link_user_cannot_see_deleted_comment
private_link = PrivateLinkFactory(anonymous=False)
private_link.nodes.add(private_project)
private_link.save()
res = app.get('/{}comments/{}/'.format(API_BASE, comment._id),
{'view_only': private_link.key}, expect_errors=True)
assert res.status_code == 200
assert res.json['data']['attributes']['content'] is None
# test_private_node_anonymous_view_only_link_user_cannot_see_deleted_comment
anonymous_link = PrivateLinkFactory(anonymous=True)
anonymous_link.nodes.add(private_project)
anonymous_link.save()
res = app.get('/{}comments/{}/'.format(API_BASE, comment._id),
{'view_only': anonymous_link.key}, expect_errors=True)
assert res.status_code == 200
assert res.json['data']['attributes']['content'] is None
def test_redirects_through_view_only_link(self, app, project, user):
# test_redirect_when_viewing_private_project_through_view_only_link
view_only_link = PrivateLinkFactory(anonymous=False)
view_only_link.nodes.add(project)
view_only_link.save()
url = '/{}guids/{}/?view_only={}'.format(
API_BASE, project._id, view_only_link.key)
res = app.get(url, auth=user.auth)
redirect_url = '{}{}nodes/{}/?view_only={}'.format(
API_DOMAIN, API_BASE, project._id, view_only_link.key)
assert res.status_code == 302
assert res.location == redirect_url
# test_redirect_when_viewing_private_project_file_through_view_only_link
test_file = OsfStorageFile.create(
node=project,
path='/test',
name='test',
materialized_path='/test',
)
test_file.save()
guid = test_file.get_guid(create=True)
url = '/{}guids/{}/?view_only={}'.format(
API_BASE, guid._id, view_only_link.key)
res = app.get(url, auth=user.auth)
redirect_url = '{}{}files/{}/?view_only={}'.format(
API_DOMAIN, API_BASE, test_file._id, view_only_link.key)
assert res.status_code == 302
assert res.location == redirect_url
# test_redirect_when_viewing_private_project_comment_through_view_only_link
comment = CommentFactory(node=project)
url = '/{}guids/{}/?view_only={}'.format(
API_BASE, comment._id, view_only_link.key)
res = app.get(url, auth=AuthUserFactory().auth)
redirect_url = '{}{}comments/{}/?view_only={}'.format(
API_DOMAIN, API_BASE, comment._id, view_only_link.key)
assert res.status_code == 302
assert res.location == redirect_url
def test_redirects_through_view_only_link(self, app, project, user):
# test_redirect_when_viewing_private_project_through_view_only_link
view_only_link = PrivateLinkFactory(anonymous=False)
view_only_link.nodes.add(project)
view_only_link.save()
url = '/{}guids/{}/?view_only={}'.format(API_BASE, project._id,
view_only_link.key)
res = app.get(url, auth=user.auth)
redirect_url = '{}{}nodes/{}/?view_only={}'.format(
API_DOMAIN, API_BASE, project._id, view_only_link.key)
assert res.status_code == 302
assert res.location == redirect_url
# test_redirect_when_viewing_private_project_file_through_view_only_link
test_file = OsfStorageFile.create(
node=project,
path='/test',
name='test',
materialized_path='/test',
)
test_file.save()
guid = test_file.get_guid(create=True)
url = '/{}guids/{}/?view_only={}'.format(API_BASE, guid._id,
view_only_link.key)
res = app.get(url, auth=user.auth)
redirect_url = '{}{}files/{}/?view_only={}'.format(
API_DOMAIN, API_BASE, test_file._id, view_only_link.key)
assert res.status_code == 302
assert res.location == redirect_url
# test_redirect_when_viewing_private_project_comment_through_view_only_link
comment = CommentFactory(node=project)
url = '/{}guids/{}/?view_only={}'.format(API_BASE, comment._id,
view_only_link.key)
res = app.get(url, auth=AuthUserFactory().auth)
redirect_url = '{}{}comments/{}/?view_only={}'.format(
API_DOMAIN, API_BASE, comment._id, view_only_link.key)
assert res.status_code == 302
assert res.location == redirect_url
def test_public_node_comment_can_view_misc(
self, app, user, non_contrib,
public_project, public_url,
public_comment, registration_comment,
comment_url
):
# test_public_node_logged_in_contributor_can_view_comment
res = app.get(public_url, auth=user.auth)
assert res.status_code == 200
assert public_comment._id == res.json['data']['id']
assert public_comment.content == res.json['data']['attributes']['content']
# test_public_node_logged_in_non_contrib_can_view_comment
res = app.get(public_url, auth=non_contrib.auth)
assert res.status_code == 200
assert public_comment._id == res.json['data']['id']
assert public_comment.content == res.json['data']['attributes']['content']
# test_public_node_logged_out_user_can_view_comment
res = app.get(public_url)
assert res.status_code == 200
assert public_comment._id == res.json['data']['id']
assert public_comment.content == res.json['data']['attributes']['content']
# test_registration_logged_in_contributor_can_view_comment
res = app.get(comment_url, auth=user.auth)
assert res.status_code == 200
assert registration_comment._id == res.json['data']['id']
assert registration_comment.content == res.json['data']['attributes']['content']
# test_public_node_user_with_private_link_can_view_comment
private_link = PrivateLinkFactory(anonymous=False)
private_link.nodes.add(public_project)
private_link.save()
res = app.get(
'/{}comments/{}/'.format(API_BASE, public_comment._id),
{'view_only': private_link.key}, expect_errors=True
)
assert public_comment._id == res.json['data']['id']
assert public_comment.content == res.json['data']['attributes']['content']
def test_private_node_user_with_private_and_anonymous_link_misc(
self, app, private_project, comment):
# def test_private_node_user_with_private_link_can_see_comment
private_link = PrivateLinkFactory(anonymous=False)
private_link.nodes.add(private_project)
private_link.save()
res = app.get(
'/{}comments/{}/'.format(API_BASE, comment._id),
{'view_only': private_link.key}, expect_errors=True
)
assert res.status_code == 200
assert comment._id == res.json['data']['id']
assert comment.content == res.json['data']['attributes']['content']
# test_private_node_user_with_anonymous_link_cannot_see_commenter_info
private_link = PrivateLinkFactory(anonymous=True)
private_link.nodes.add(private_project)
private_link.save()
res = app.get(
'/{}comments/{}/'.format(API_BASE, comment._id),
{'view_only': private_link.key}
)
assert res.status_code == 200
assert comment._id == res.json['data']['id']
assert comment.content == res.json['data']['attributes']['content']
assert 'user' not in res.json['data']['relationships']
# test_private_node_user_with_anonymous_link_cannot_see_mention_info
comment.content = 'test with [@username](userlink) and @mention'
comment.save()
res = app.get(
'/{}comments/{}/'.format(API_BASE, comment._id),
{'view_only': private_link.key}
)
assert res.status_code == 200
assert comment._id == res.json['data']['id']
assert 'test with @A User and @mention' == res.json['data']['attributes']['content']
class ViewOnlyTestCase(ApiTestCase):
def setUp(self):
super(ViewOnlyTestCase, self).setUp()
self.creation_user = AuthUserFactory()
self.viewing_user = AuthUserFactory()
self.contributing_read_user = AuthUserFactory()
self.contributing_write_user = AuthUserFactory()
self.valid_contributors = [
self.creation_user._id,
self.contributing_read_user._id,
self.contributing_write_user._id,
]
self.private_node_one = ProjectFactory(is_public=False, creator=self.creation_user, title="Private One")
self.private_node_one.add_contributor(self.contributing_read_user, permissions=[permissions.READ], save=True)
self.private_node_one.add_contributor(self.contributing_write_user, permissions=[permissions.WRITE], save=True)
self.private_node_one_anonymous_link = PrivateLinkFactory(anonymous=True)
self.private_node_one_anonymous_link.nodes.add(self.private_node_one)
self.private_node_one_anonymous_link.save()
self.private_node_one_private_link = PrivateLinkFactory(anonymous=False)
self.private_node_one_private_link.nodes.add(self.private_node_one)
self.private_node_one_private_link.save()
self.private_node_one_url = '/{}nodes/{}/'.format(API_BASE, self.private_node_one._id)
self.private_node_two = ProjectFactory(is_public=False, creator=self.creation_user, title="Private Two")
self.private_node_two.add_contributor(self.contributing_read_user, permissions=[permissions.READ], save=True)
self.private_node_two.add_contributor(self.contributing_write_user, permissions=[permissions.WRITE], save=True)
self.private_node_two_url = '/{}nodes/{}/'.format(API_BASE, self.private_node_two._id)
self.public_node_one = ProjectFactory(is_public=True, creator=self.creation_user, title="Public One")
self.public_node_one.add_contributor(self.contributing_read_user, permissions=[permissions.READ], save=True)
self.public_node_one.add_contributor(self.contributing_write_user, permissions=[permissions.WRITE], save=True)
self.public_node_one_anonymous_link = PrivateLinkFactory(anonymous=True)
self.public_node_one_anonymous_link.nodes.add(self.public_node_one)
self.public_node_one_anonymous_link.save()
self.public_node_one_private_link = PrivateLinkFactory(anonymous=False)
self.public_node_one_private_link.nodes.add(self.public_node_one)
self.public_node_one_private_link.save()
self.public_node_one_url = '/{}nodes/{}/'.format(API_BASE, self.public_node_one._id)
self.public_node_two = ProjectFactory(is_public=True, creator=self.creation_user, title="Public Two")
self.public_node_two.add_contributor(self.contributing_read_user, permissions=[permissions.READ], save=True)
self.public_node_two.add_contributor(self.contributing_write_user, permissions=[permissions.WRITE], save=True)
self.public_node_two_url = '/{}nodes/{}/'.format(API_BASE, self.public_node_two._id)
def private_node_one_anonymous_link(self, private_node_one):
private_node_one_anonymous_link = PrivateLinkFactory(anonymous=True)
private_node_one_anonymous_link.nodes.add(private_node_one)
private_node_one_anonymous_link.save()
return private_node_one_anonymous_link
def view_only_link(self):
private_link = PrivateLinkFactory(creator=self.user)
private_link.nodes.add(self.project)
private_link.save()
return private_link
def view_only_link(public_project):
view_only_link = PrivateLinkFactory(name='testlink')
view_only_link.nodes.add(public_project)
view_only_link.save()
return view_only_link
def public_node_one_anonymous_link(public_node_one):
public_node_one_anonymous_link = PrivateLinkFactory(anonymous=True)
public_node_one_anonymous_link.nodes.add(public_node_one)
public_node_one_anonymous_link.save()
return public_node_one_anonymous_link
def private_node_one_anonymous_link(self, private_node_one):
private_node_one_anonymous_link = PrivateLinkFactory(anonymous=True)
private_node_one_anonymous_link.nodes.add(private_node_one)
private_node_one_anonymous_link.save()
return private_node_one_anonymous_link
def view_only_link(self):
private_link = PrivateLinkFactory(creator=self.user)
private_link.nodes.add(self.project)
private_link.save()
return private_link
class TestMustBeContributorOrPublicButNotAnonymizedDecorator(AuthAppTestCase):
def setUp(self):
super(TestMustBeContributorOrPublicButNotAnonymizedDecorator, self).setUp()
self.contrib = AuthUserFactory()
self.non_contrib = AuthUserFactory()
admin = UserFactory()
self.public_project = ProjectFactory(is_public=True)
self.public_project.add_contributor(admin, auth=Auth(self.public_project.creator), permissions=['read', 'write', 'admin'])
self.private_project = ProjectFactory(is_public=False)
self.private_project.add_contributor(admin, auth=Auth(self.private_project.creator), permissions=['read', 'write', 'admin'])
self.public_project.add_contributor(self.contrib, auth=Auth(self.public_project.creator))
self.private_project.add_contributor(self.contrib, auth=Auth(self.private_project.creator))
self.public_project.save()
self.private_project.save()
self.anonymized_link_to_public_project = PrivateLinkFactory(anonymous=True)
self.anonymized_link_to_private_project = PrivateLinkFactory(anonymous=True)
self.anonymized_link_to_public_project.nodes.add(self.public_project)
self.anonymized_link_to_public_project.save()
self.anonymized_link_to_private_project.nodes.add(self.private_project)
self.anonymized_link_to_private_project.save()
self.flaskapp = Flask('Testing decorator')
@self.flaskapp.route('/project/<pid>/')
@must_be_contributor_or_public_but_not_anonymized
def project_get(**kwargs):
return 'success', 200
self.app = WebtestApp(self.flaskapp)
def test_must_be_contributor_when_user_is_contributor_and_public_project(self):
result = view_that_needs_contributor_or_public_but_not_anonymized(
pid=self.public_project._primary_key,
user=self.contrib)
assert_equal(result, self.public_project)
def test_must_be_contributor_when_user_is_not_contributor_and_public_project(self):
result = view_that_needs_contributor_or_public_but_not_anonymized(
pid=self.public_project._primary_key,
user=self.non_contrib)
assert_equal(result, self.public_project)
def test_must_be_contributor_when_user_is_contributor_and_private_project(self):
result = view_that_needs_contributor_or_public_but_not_anonymized(
pid=self.private_project._primary_key,
user=self.contrib)
assert_equal(result, self.private_project)
def test_must_be_contributor_when_user_is_not_contributor_and_private_project_raise_error(self):
with assert_raises(HTTPError):
view_that_needs_contributor_or_public_but_not_anonymized(
pid=self.private_project._primary_key,
user=self.non_contrib
)
def test_must_be_contributor_no_user_and_public_project(self):
res = view_that_needs_contributor_or_public_but_not_anonymized(
pid=self.public_project._primary_key,
user=None,
)
assert_equal(res, self.public_project)
def test_must_be_contributor_no_user_and_private_project(self):
res = view_that_needs_contributor_or_public_but_not_anonymized(
pid=self.private_project._primary_key,
user=None,
)
assert_is_redirect(res)
# redirects to login url
redirect_url = res.headers['Location']
login_url = cas.get_login_url(service_url='http://localhost/')
assert_equal(redirect_url, login_url)
def test_must_be_contributor_parent_admin_and_public_project(self):
user = UserFactory()
node = NodeFactory(parent=self.public_project, creator=user)
res = view_that_needs_contributor_or_public_but_not_anonymized(
pid=self.public_project._id,
nid=node._id,
user=self.public_project.creator,
)
assert_equal(res, node)
def test_must_be_contributor_parent_admin_and_private_project(self):
user = UserFactory()
node = NodeFactory(parent=self.private_project, creator=user)
res = view_that_needs_contributor_or_public_but_not_anonymized(
pid=self.private_project._id,
nid=node._id,
user=self.private_project.creator,
)
assert_equal(res, node)
def test_must_be_contributor_parent_write_public_project(self):
user = UserFactory()
node = NodeFactory(parent=self.public_project, creator=user)
self.public_project.set_permissions(self.public_project.creator, ['read', 'write'])
self.public_project.save()
with assert_raises(HTTPError) as exc_info:
view_that_needs_contributor_or_public_but_not_anonymized(
pid=self.public_project._id,
nid=node._id,
user=self.public_project.creator,
)
assert_equal(exc_info.exception.code, 403)
def test_must_be_contributor_parent_write_private_project(self):
user = UserFactory()
node = NodeFactory(parent=self.private_project, creator=user)
self.private_project.set_permissions(self.private_project.creator, ['read', 'write'])
self.private_project.save()
with assert_raises(HTTPError) as exc_info:
view_that_needs_contributor_or_public_but_not_anonymized(
pid=self.private_project._id,
nid=node._id,
user=self.private_project.creator,
)
assert_equal(exc_info.exception.code, 403)
@mock.patch('website.project.decorators.Auth.from_kwargs')
def test_decorator_does_allow_anonymous_link_public_project(self, mock_from_kwargs):
mock_from_kwargs.return_value = Auth(user=None)
res = self.app.get('/project/{0}'.format(self.public_project._primary_key),
{'view_only': self.anonymized_link_to_public_project.key})
res = res.follow()
assert_equal(res.status_code, 200)
@mock.patch('website.project.decorators.Auth.from_kwargs')
def test_decorator_does_not_allow_anonymous_link_private_project(self, mock_from_kwargs):
mock_from_kwargs.return_value = Auth(user=None)
res = self.app.get('/project/{0}'.format(self.private_project._primary_key),
{'view_only': self.anonymized_link_to_private_project.key})
res = res.follow(expect_errors=True)
assert_equal(res.status_code, 500)
def view_only_link(self, private_project):
view_only_link = PrivateLinkFactory(name='node_view_only_link')
view_only_link.nodes.add(private_project)
view_only_link.save()
return view_only_link
def view_only_link(registration_with_children):
view_only_link = PrivateLinkFactory(name='testlink')
view_only_link.nodes.add(registration_with_children)
view_only_link.save()
return view_only_link
class TestMustBeContributorOrPublicButNotAnonymizedDecorator(AuthAppTestCase):
def setUp(self):
super(TestMustBeContributorOrPublicButNotAnonymizedDecorator,
self).setUp()
self.contrib = AuthUserFactory()
self.non_contrib = AuthUserFactory()
admin = UserFactory()
self.public_project = ProjectFactory(is_public=True)
self.public_project.add_contributor(
admin,
auth=Auth(self.public_project.creator),
permissions=['read', 'write', 'admin'])
self.private_project = ProjectFactory(is_public=False)
self.private_project.add_contributor(
admin,
auth=Auth(self.private_project.creator),
permissions=['read', 'write', 'admin'])
self.public_project.add_contributor(self.contrib,
auth=Auth(
self.public_project.creator))
self.private_project.add_contributor(self.contrib,
auth=Auth(
self.private_project.creator))
self.public_project.save()
self.private_project.save()
self.anonymized_link_to_public_project = PrivateLinkFactory(
anonymous=True)
self.anonymized_link_to_private_project = PrivateLinkFactory(
anonymous=True)
self.anonymized_link_to_public_project.nodes.add(self.public_project)
self.anonymized_link_to_public_project.save()
self.anonymized_link_to_private_project.nodes.add(self.private_project)
self.anonymized_link_to_private_project.save()
self.flaskapp = Flask('Testing decorator')
@self.flaskapp.route('/project/<pid>/')
@must_be_contributor_or_public_but_not_anonymized
def project_get(**kwargs):
return 'success', 200
self.app = WebtestApp(self.flaskapp)
def test_must_be_contributor_when_user_is_contributor_and_public_project(
self):
result = view_that_needs_contributor_or_public_but_not_anonymized(
pid=self.public_project._primary_key, user=self.contrib)
assert_equal(result, self.public_project)
def test_must_be_contributor_when_user_is_not_contributor_and_public_project(
self):
result = view_that_needs_contributor_or_public_but_not_anonymized(
pid=self.public_project._primary_key, user=self.non_contrib)
assert_equal(result, self.public_project)
def test_must_be_contributor_when_user_is_contributor_and_private_project(
self):
result = view_that_needs_contributor_or_public_but_not_anonymized(
pid=self.private_project._primary_key, user=self.contrib)
assert_equal(result, self.private_project)
def test_must_be_contributor_when_user_is_not_contributor_and_private_project_raise_error(
self):
with assert_raises(HTTPError):
view_that_needs_contributor_or_public_but_not_anonymized(
pid=self.private_project._primary_key, user=self.non_contrib)
def test_must_be_contributor_no_user_and_public_project(self):
res = view_that_needs_contributor_or_public_but_not_anonymized(
pid=self.public_project._primary_key,
user=None,
)
assert_equal(res, self.public_project)
def test_must_be_contributor_no_user_and_private_project(self):
res = view_that_needs_contributor_or_public_but_not_anonymized(
pid=self.private_project._primary_key,
user=None,
)
assert_is_redirect(res)
# redirects to login url
redirect_url = res.headers['Location']
login_url = cas.get_login_url(service_url='http://localhost/')
assert_equal(redirect_url, login_url)
def test_must_be_contributor_parent_admin_and_public_project(self):
user = UserFactory()
node = NodeFactory(parent=self.public_project, creator=user)
res = view_that_needs_contributor_or_public_but_not_anonymized(
pid=self.public_project._id,
nid=node._id,
user=self.public_project.creator,
)
assert_equal(res, node)
def test_must_be_contributor_parent_admin_and_private_project(self):
user = UserFactory()
node = NodeFactory(parent=self.private_project, creator=user)
res = view_that_needs_contributor_or_public_but_not_anonymized(
pid=self.private_project._id,
nid=node._id,
user=self.private_project.creator,
)
assert_equal(res, node)
def test_must_be_contributor_parent_write_public_project(self):
user = UserFactory()
node = NodeFactory(parent=self.public_project, creator=user)
self.public_project.set_permissions(self.public_project.creator,
['read', 'write'])
self.public_project.save()
with assert_raises(HTTPError) as exc_info:
view_that_needs_contributor_or_public_but_not_anonymized(
pid=self.public_project._id,
nid=node._id,
user=self.public_project.creator,
)
assert_equal(exc_info.exception.code, 403)
def test_must_be_contributor_parent_write_private_project(self):
user = UserFactory()
node = NodeFactory(parent=self.private_project, creator=user)
self.private_project.set_permissions(self.private_project.creator,
['read', 'write'])
self.private_project.save()
with assert_raises(HTTPError) as exc_info:
view_that_needs_contributor_or_public_but_not_anonymized(
pid=self.private_project._id,
nid=node._id,
user=self.private_project.creator,
)
assert_equal(exc_info.exception.code, 403)
@mock.patch('website.project.decorators.Auth.from_kwargs')
def test_decorator_does_allow_anonymous_link_public_project(
self, mock_from_kwargs):
mock_from_kwargs.return_value = Auth(user=None)
res = self.app.get(
'/project/{0}'.format(self.public_project._primary_key),
{'view_only': self.anonymized_link_to_public_project.key})
res = res.follow()
assert_equal(res.status_code, 200)
@mock.patch('website.project.decorators.Auth.from_kwargs')
def test_decorator_does_not_allow_anonymous_link_private_project(
self, mock_from_kwargs):
mock_from_kwargs.return_value = Auth(user=None)
res = self.app.get(
'/project/{0}'.format(self.private_project._primary_key),
{'view_only': self.anonymized_link_to_private_project.key})
res = res.follow(expect_errors=True)
assert_equal(res.status_code, 500)
def private_node_one_private_link(private_node_one):
private_node_one_private_link = PrivateLinkFactory(anonymous=False)
private_node_one_private_link.nodes.add(private_node_one)
private_node_one_private_link.save()
return private_node_one_private_link
def _add_private_link(self, project, anonymous=False):
view_only_link = PrivateLinkFactory(anonymous=anonymous)
view_only_link.nodes.add(project)
view_only_link.save()
return view_only_link
def view_only_link(public_project):
view_only_link = PrivateLinkFactory(name='testlink')
view_only_link.nodes.add(public_project)
view_only_link.save()
return view_only_link
def test_node_settings_detail(self, app, admin_contrib, non_contrib, write_contrib, url, project):
# non logged in uers can't access node settings
res = app.get(url, expect_errors=True)
assert res.status_code == 401
# non_contrib can't access node settings
res = app.get(url, auth=non_contrib.auth, expect_errors=True)
assert res.status_code == 403
# read contrib can access node settings
res = app.get(url, auth=write_contrib.auth)
assert res.status_code == 200
# admin can access node settings
res = app.get(url, auth=admin_contrib.auth)
assert res.status_code == 200
# allow_access_requests
project.allow_access_requests = True
project.save()
res = app.get(url, auth=admin_contrib.auth)
attributes = res.json['data']['attributes']
assert attributes['access_requests_enabled'] is True
# anyone can comment
project.comment_level = 'public'
project.save()
res = app.get(url, auth=admin_contrib.auth)
attributes = res.json['data']['attributes']
assert attributes['anyone_can_comment'] is True
project.comment_level = 'private'
project.save()
res = app.get(url, auth=admin_contrib.auth)
attributes = res.json['data']['attributes']
assert attributes['anyone_can_comment'] is False
# wiki enabled
res = app.get(url, auth=admin_contrib.auth)
attributes = res.json['data']['attributes']
assert attributes['wiki_enabled'] is True
project.delete_addon('wiki', auth=Auth(admin_contrib))
project.save()
res = app.get(url, auth=admin_contrib.auth)
attributes = res.json['data']['attributes']
assert attributes['wiki_enabled'] is False
# redirect link enabled
res = app.get(url, auth=admin_contrib.auth)
attributes = res.json['data']['attributes']
assert attributes['redirect_link_enabled'] is False
assert attributes['redirect_link_url'] is None
assert attributes['redirect_link_label'] is None
new_url = 'http://cool.com'
new_label = 'Test Label Woo'
forward = project.add_addon('forward', auth=Auth(admin_contrib))
forward.url = new_url
forward.label = new_label
forward.save()
res = app.get(url, auth=admin_contrib.auth)
attributes = res.json['data']['attributes']
assert attributes['redirect_link_enabled'] is True
assert attributes['redirect_link_url'] == new_url
assert attributes['redirect_link_label'] == new_label
# view only links
view_only_link = PrivateLinkFactory(name='testlink')
view_only_link.nodes.add(project)
view_only_link.save()
res = app.get(url, auth=admin_contrib.auth)
assert 'view_only_links' in res.json['data']['relationships'].keys()
def test_node_settings_detail(self, app, admin_contrib, non_contrib,
write_contrib, url, project):
# non logged in uers can't access node settings
res = app.get(url, expect_errors=True)
assert res.status_code == 401
# non_contrib can't access node settings
res = app.get(url, auth=non_contrib.auth, expect_errors=True)
assert res.status_code == 403
# read contrib can access node settings
res = app.get(url, auth=write_contrib.auth)
assert res.status_code == 200
# admin can access node settings
res = app.get(url, auth=admin_contrib.auth)
assert res.status_code == 200
# allow_access_requests
project.allow_access_requests = True
project.save()
res = app.get(url, auth=admin_contrib.auth)
attributes = res.json['data']['attributes']
assert attributes['access_requests_enabled'] is True
# anyone can comment
project.comment_level = 'public'
project.save()
res = app.get(url, auth=admin_contrib.auth)
attributes = res.json['data']['attributes']
assert attributes['anyone_can_comment'] is True
project.comment_level = 'private'
project.save()
res = app.get(url, auth=admin_contrib.auth)
attributes = res.json['data']['attributes']
assert attributes['anyone_can_comment'] is False
# wiki enabled
res = app.get(url, auth=admin_contrib.auth)
attributes = res.json['data']['attributes']
assert attributes['wiki_enabled'] is True
project.delete_addon('wiki', auth=Auth(admin_contrib))
project.save()
res = app.get(url, auth=admin_contrib.auth)
attributes = res.json['data']['attributes']
assert attributes['wiki_enabled'] is False
# redirect link enabled
res = app.get(url, auth=admin_contrib.auth)
attributes = res.json['data']['attributes']
assert attributes['redirect_link_enabled'] is False
assert attributes['redirect_link_url'] is None
assert attributes['redirect_link_label'] is None
new_url = 'http://cool.com'
new_label = 'Test Label Woo'
forward = project.add_addon('forward', auth=Auth(admin_contrib))
forward.url = new_url
forward.label = new_label
forward.save()
res = app.get(url, auth=admin_contrib.auth)
attributes = res.json['data']['attributes']
assert attributes['redirect_link_enabled'] is True
assert attributes['redirect_link_url'] == new_url
assert attributes['redirect_link_label'] == new_label
# view only links
view_only_link = PrivateLinkFactory(name='testlink')
view_only_link.nodes.add(project)
view_only_link.save()
res = app.get(url, auth=admin_contrib.auth)
assert 'view_only_links' in res.json['data']['relationships'].keys()
def reg_report_anonymous_link(self, reg_report):
anon_link = PrivateLinkFactory(anonymous=True)
anon_link.nodes.add(reg_report)
anon_link.save()
return anon_link
