def test_get_accessible_filepath_ids(self): self._set_processed_data_private() # shared has access to all study files and analysis files obs = get_accessible_filepath_ids(User('*****@*****.**')) self.assertEqual(obs, set([1, 2, 5, 6, 7, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20])) # Now shared should not have access to the study files self._unshare_studies() obs = get_accessible_filepath_ids(User('*****@*****.**')) self.assertEqual(obs, set([12, 13, 14, 15])) # Now shared should not have access to any files self._unshare_analyses() obs = get_accessible_filepath_ids(User('*****@*****.**')) self.assertEqual(obs, set()) # Now shared has access to public study files self._set_processed_data_public() obs = get_accessible_filepath_ids(User('*****@*****.**')) self.assertEqual(obs, set([1, 2, 5, 6, 7, 11, 16, 19, 20])) # Test that it doesn't break: if the SampleTemplate hasn't been added exp = set([1, 2, 5, 6, 7, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20]) obs = get_accessible_filepath_ids(User('*****@*****.**')) self.assertEqual(obs, exp) info = { "timeseries_type_id": 1, "metadata_complete": True, "mixs_compliant": True, "number_samples_collected": 4, "number_samples_promised": 4, "portal_type_id": 3, "study_alias": "TestStudy", "study_description": "Description of a test study", "study_abstract": "No abstract right now...", "emp_person_id": 1, "principal_investigator_id": 1, "lab_person_id": 1 } Study.create(User('*****@*****.**'), "Test study", [1], info) obs = get_accessible_filepath_ids(User('*****@*****.**')) self.assertEqual(obs, exp) # test in case there is a prep template that failed self.conn_handler.execute( "INSERT INTO qiita.prep_template (data_type_id, raw_data_id) " "VALUES (2,1)") obs = get_accessible_filepath_ids(User('*****@*****.**')) self.assertEqual(obs, exp) # admin should have access to everything count = self.conn_handler.execute_fetchone("SELECT count(*) FROM " "qiita.filepath")[0] exp = set(range(1, count + 1)) obs = get_accessible_filepath_ids(User('*****@*****.**')) self.assertEqual(obs, exp)
def get(self, filepath_id): filepath_id = int(filepath_id) # Check access to file accessible_filepaths = get_accessible_filepath_ids(self.current_user) if filepath_id not in accessible_filepaths: raise QiitaPetAuthorizationError( self.current_user, 'filepath id %s' % str(filepath_id)) relpath = filepath_id_to_rel_path(filepath_id) fname = basename(relpath) # If we don't have nginx, write a file that indicates this self.write("This installation of Qiita was not equipped with nginx, " "so it is incapable of serving files. The file you " "attempted to download is located at %s" % relpath) self.set_header('Content-Description', 'File Transfer') self.set_header('Content-Type', 'application/octet-stream') self.set_header('Content-Transfer-Encoding', 'binary') self.set_header('Expires', '0') self.set_header('Cache-Control', 'no-cache') self.set_header('X-Accel-Redirect', '/protected/' + relpath) self.set_header('Content-Disposition', 'attachment; filename=%s' % fname) self.finish()
def test_get_accessible_filepath_ids(self): self._set_studies_private() # shared has access to all study files and analysis files obs = get_accessible_filepath_ids(User('*****@*****.**')) self.assertEqual(obs, set([1, 2, 5, 6, 7, 11, 12, 13, 14, 15, 16, 17, 18])) # Now shared should not have access to the study files self._unshare_studies() obs = get_accessible_filepath_ids(User('*****@*****.**')) self.assertEqual(obs, set([12, 13, 14, 15])) # Now shared should not have access to any files self._unshare_analyses() obs = get_accessible_filepath_ids(User('*****@*****.**')) self.assertEqual(obs, set()) # Test that it doesn't break: if the SampleTemplate hasn't been added exp = set([1, 2, 5, 6, 7, 11, 12, 13, 14, 15, 16, 17, 18]) obs = get_accessible_filepath_ids(User('*****@*****.**')) self.assertEqual(obs, exp) info = { "timeseries_type_id": 1, "metadata_complete": True, "mixs_compliant": True, "number_samples_collected": 4, "number_samples_promised": 4, "portal_type_id": 3, "study_alias": "TestStudy", "study_description": "Description of a test study", "study_abstract": "No abstract right now...", "emp_person_id": 1, "principal_investigator_id": 1, "lab_person_id": 1 } Study.create(User('*****@*****.**'), "Test study", [1], info) obs = get_accessible_filepath_ids(User('*****@*****.**')) self.assertEqual(obs, exp) # test in case there is a prep template that failed self.conn_handler.execute( "INSERT INTO qiita.prep_template (data_type_id, raw_data_id) " "VALUES (2,1)") obs = get_accessible_filepath_ids(User('*****@*****.**')) self.assertEqual(obs, exp) # admin should have access to everything count = self.conn_handler.execute_fetchone("SELECT count(*) FROM " "qiita.filepath")[0] exp = set(range(1, count + 1)) obs = get_accessible_filepath_ids(User('*****@*****.**')) self.assertEqual(obs, exp)