def test_list_submissions_permissions(database, monkeypatch): """Verify that the user must be in the same CGAC group, the submission's owner, or website admin to see the submission""" cgac1, cgac2 = CGACFactory(), CGACFactory() user1, user2 = UserFactory.with_cgacs(cgac1), UserFactory() database.session.add_all([cgac1, cgac2, user1, user2]) database.session.commit() sub = SubmissionFactory(user_id=user2.user_id, cgac_code=cgac2.cgac_code, publish_status_id=1) database.session.add(sub) database.session.commit() monkeypatch.setattr(fileHandler, 'g', Mock(user=user1)) assert list_submissions_result()['total'] == 0 user1.affiliations[0].cgac = cgac2 database.session.commit() assert list_submissions_result()['total'] == 1 user1.affiliations = [] database.session.commit() assert list_submissions_result()['total'] == 0 sub.user_id = user1.user_id database.session.commit() assert list_submissions_result()['total'] == 1 sub.user_id = user2.user_id database.session.commit() assert list_submissions_result()['total'] == 0 user1.website_admin = True database.session.commit() assert list_submissions_result()['total'] == 1
def test_list_submissions_permissions(database, monkeypatch): """Verify that the user must be in the same CGAC group, the submission's owner, or website admin to see the submission""" cgac1, cgac2 = CGACFactory(), CGACFactory() user1, user2 = UserFactory.with_cgacs(cgac1), UserFactory() database.session.add_all([cgac1, cgac2, user1, user2]) database.session.commit() sub = SubmissionFactory(user_id=user2.user_id, cgac_code=cgac2.cgac_code, publish_status_id=1) database.session.add(sub) database.session.commit() monkeypatch.setattr(fileHandler, 'g', Mock(user=user1)) assert list_submissions_result()['total'] == 0 user1.affiliations[0].cgac = cgac2 database.session.commit() assert list_submissions_result()['total'] == 1 user1.affiliations = [] database.session.commit() assert list_submissions_result()['total'] == 0 sub.user_id = user1.user_id database.session.commit() assert list_submissions_result()['total'] == 1 sub.user_id = user2.user_id database.session.commit() assert list_submissions_result()['total'] == 0 user1.website_admin = True database.session.commit() assert list_submissions_result()['total'] == 1
def test_current_user_can_on_submission(monkeypatch, database): submission = SubmissionFactory() user = UserFactory() database.session.add_all([submission, user]) database.session.commit() current_user_can = Mock() monkeypatch.setattr(permissions, 'g', Mock(user=user)) monkeypatch.setattr(permissions, 'current_user_can', current_user_can) current_user_can.return_value = True assert permissions.current_user_can_on_submission('reader', submission) current_user_can.return_value = False assert not permissions.current_user_can_on_submission('reader', submission) submission.user_id = user.user_id assert permissions.current_user_can_on_submission('reader', submission)
def test_current_user_can_on_submission(monkeypatch, database): submission = SubmissionFactory() user = UserFactory() database.session.add_all([submission, user]) database.session.commit() current_user_can = Mock() monkeypatch.setattr(permissions, 'g', Mock(user=user)) monkeypatch.setattr(permissions, 'current_user_can', current_user_can) current_user_can.return_value = True assert permissions.current_user_can_on_submission('reader', submission) current_user_can.return_value = False assert not permissions.current_user_can_on_submission('reader', submission) submission.user_id = user.user_id assert permissions.current_user_can_on_submission('reader', submission)