def setup(self):
super(TestStoreAuthz, self).setup()
self.app = annotator.app.test_client()
self.anno_id = '123'
self.permissions = {
'read': ['alice', 'bob'],
'update': ['alice', 'charlie'],
'admin': ['alice']
}
ann = Annotation(id=self.anno_id,
user='******',
text='Foobar',
permissions=self.permissions)
ann.save()
self.consumer = Consumer('test-consumer-key')
save(self.consumer)
self.user = '******'
for u in ['alice', 'bob', 'charlie']:
token = auth.generate_token(self.consumer.key, u)
setattr(self, '%s_headers' % u, auth.headers_for_token(token))
class TestAnnotation(object):
def setup(self):
self.uri = u"http://xyz.com"
self.ranges = [{"start": "p 19", "end": "div 23"}]
self.tags = [u"abc", u"xyz"]
self.anno = Annotation(
uri=self.uri,
ranges=self.ranges,
note=u"It is a truth universally acknowledged",
user=u"myuserid",
tags=self.tags,
extras={u"extra1": u"extraval1"},
)
def test_as_dict(self):
out = self.anno.as_dict()
assertProp(out, "uri", self.uri)
assertProp(out, "tags", self.tags)
assertProp(out, "ranges", self.ranges)
assertProp(out, "extra1", u"extraval1")
def test_merge_dict(self):
self.anno.merge_dict({"id": 123, "text": "Foobar"})
assertProp(self.anno, "id", 123)
assertProp(self.anno, "text", "Foobar")
assertProp(self.anno, "tags", self.tags)
def test_from_dict(self):
r = {"start": "/html/body/p[2]/strong", "end": "/html/body/p[2]/strong", "startOffset": 22, "endOffset": 27}
anno = Annotation.from_dict({"id": 456, "text": "Hello", "ranges": [r]})
assertProp(anno, "id", 456)
assertProp(anno, "text", "Hello")
assertProp(anno, "ranges", [r])
def create_test_annotation(self):
anno = Annotation(uri=u'http://xyz.com',
ranges=[u'1.0 2.0'],
text=u'blah text')
self.sess.add(anno)
self.sess.commit()
anno = anno.as_dict()
return anno
def test_delete(self):
id_ = 1
ann = Annotation(id=id_)
ann.save()
newann = Annotation.fetch(id_)
newann.delete()
noann = Annotation.fetch(id_)
assert noann == None
def setup(self):
self.uri = u'http://xyz.com'
self.ranges = [{'start': 'p 19', 'end': 'div 23'}]
self.tags = [u'abc', u'xyz']
self.anno = Annotation(uri=self.uri,
ranges=self.ranges,
note=u'It is a truth universally acknowledged',
user=u'myuserid',
tags=self.tags,
extras={u'extra1': u'extraval1'})
def index():
uid = current_user_id()
if uid:
if not auth.verify_request(request):
return _failed_auth_response()
annotations = Annotation.search(_user_id=uid)
else:
annotations = Annotation.search()
return jsonify(annotations)
def index():
uid = current_user_id()
if uid:
if not auth.verify_request(request):
return _failed_auth_response()
annotations = Annotation.search(_user_id=uid)
else:
annotations = Annotation.search()
return jsonify(annotations)
def test_basics(self):
user = "******"
ann = Annotation(text="Hello there", user=user)
ann['ranges'] = []
ann['ranges'].append({})
ann['ranges'].append({})
ann.save()
ann = Annotation.fetch(ann.id)
h.assert_equal(ann['text'], "Hello there")
h.assert_equal(ann['user'], "alice")
h.assert_equal(len(ann['ranges']), 2)
def test_basics(self):
user = "******"
ann = Annotation(text="Hello there", user=user)
ann['ranges'] = []
ann['ranges'].append({})
ann['ranges'].append({})
ann.save()
ann = Annotation.fetch(ann.id)
h.assert_equal(ann['text'], "Hello there")
h.assert_equal(ann['user'], "alice")
h.assert_equal(len(ann['ranges']), 2)
def test_search(self):
uri1 = u'http://xyz.com'
uri2 = u'urn:uuid:xxxxx'
user = u'levin'
user2 = u'anna'
anno = Annotation(
uri=uri1,
text=uri1,
user=user,
)
anno2 = Annotation(
uri=uri1,
text=uri1 + uri1,
user=user2,
)
anno3 = Annotation(uri=uri2, text=uri2, user=user)
self.sess.add_all([anno, anno2, anno3])
self.sess.commit()
annoid = anno.id
anno2id = anno2.id
url = self.url('search_annotations')
res = self.app.get(url)
body = json.loads(res.body)
assert body['total'] == 3, body
url = self.url('search_annotations', limit=1)
res = self.app.get(url)
body = json.loads(res.body)
assert body['total'] == 3, body
assert len(body['results']) == 1
url = self.url('search_annotations', uri=uri1, all_fields=1)
res = self.app.get(url)
body = json.loads(res.body)
assert body['total'] == 2, body
out = body['results']
assert len(out) == 2
assert out[0]['uri'] == uri1
assert out[0]['id'] in [annoid, anno2id]
url = self.url('search_annotations', uri=uri1)
res = self.app.get(url)
body = json.loads(res.body)
assert body['results'][0].keys() == ['id'], body['results']
url = self.url('search_annotations', limit=-1)
res = self.app.get(url)
body = json.loads(res.body)
assert len(body['results']) == 3, body
def setup(self):
self.permissions = dict(
read=[self.gooduser, self.updateuser],
update=[self.gooduser, self.updateuser],
admin=[self.gooduser])
kwargs = dict(
id=self.anno_id,
text=u"Foo",
permissions=self.permissions
)
ann = Annotation(**kwargs)
ann.save()
self.app = app.test_client()
def search_annotations():
kwargs = dict(request.args.items())
uid = current_user_id()
if uid:
if not auth.verify_request(request):
return _failed_auth_response()
results = Annotation.search(**kwargs)
results = filter(lambda a: authz.authorize(a, 'read', uid), results)
total = Annotation.count(**kwargs)
return jsonify({
'total': total,
'rows': results,
})
def search_annotations():
kwargs = dict(request.args.items())
uid = current_user_id()
if uid:
if not auth.verify_request(request):
return _failed_auth_response()
results = Annotation.search(**kwargs)
results = filter(lambda a: authz.authorize(a, 'read', uid), results)
total = Annotation.count(**kwargs)
return jsonify({
'total': total,
'rows': results,
})
def test_update_other_users_annotation(self):
ann = Annotation(id=123,
user='******',
permissions={'update': []})
ann.save()
payload = json.dumps({
'id': 123,
'text': 'Foo'
})
response = self.app.put('/api/annotations/123',
data=payload,
content_type='application/json',
headers=self.bob_headers)
assert response.status_code == 200, "response should be 200 OK"
def create_annotation():
# Only registered users can create annotations
if not auth.verify_request(request):
return _failed_auth_response()
if request.json:
annotation = Annotation(_filter_input(request.json))
annotation['consumer'] = request.headers[auth.HEADER_PREFIX + 'consumer-key']
annotation['user'] = request.headers[auth.HEADER_PREFIX + 'user-id']
annotation.save()
return jsonify(annotation)
else:
return jsonify('No JSON payload sent. Annotation not created.', status=400)
def test_from_dict(self):
r = {"start": "/html/body/p[2]/strong", "end": "/html/body/p[2]/strong", "startOffset": 22, "endOffset": 27}
anno = Annotation.from_dict({"id": 456, "text": "Hello", "ranges": [r]})
assertProp(anno, "id", 456)
assertProp(anno, "text", "Hello")
assertProp(anno, "ranges", [r])
def test_delete(self):
ann = Annotation(text=u"Bar", id=456)
session.commit()
response = self.app.delete('/annotations/456')
assert response.status_code == 204, "response should be 204 NO CONTENT"
assert Annotation.get(456) == None, "annotation wasn't deleted in db"
def create_annotation():
# Only registered users can create annotations
if not auth.verify_request(request):
return _failed_auth_response()
if request.json:
annotation = Annotation(_filter_input(request.json))
annotation['consumer'] = request.headers[auth.HEADER_PREFIX +
'consumer-key']
annotation['user'] = request.headers[auth.HEADER_PREFIX + 'user-id']
annotation.save()
return jsonify(annotation)
else:
return jsonify('No JSON payload sent. Annotation not created.',
status=400)
def create(self):
if 'json' in self.request.params:
params = json.loads(self.request.params['json'])
else:
params = dict(self.request.params)
if isinstance(params, list):
for objdict in params:
anno = Annotation.from_dict(objdict)
else:
anno = Annotation.from_dict(params)
self.session.add(anno)
self.session.commit()
self.response.status = 303
self.response.headers['Location'] = self.url('annotation', id=anno.id)
return None
def read_annotation(id):
annotation = Annotation.fetch(id)
if not annotation:
return jsonify('Annotation not found!', status=404)
failure = _check_action(annotation, 'read', current_user_id())
if failure:
return failure
return jsonify(annotation)
def create(self):
if 'json' in self.request.params:
params = json.loads(self.request.params['json'])
else:
params = dict(self.request.params)
if isinstance(params, list):
for objdict in params:
anno = Annotation.from_dict(objdict)
else:
anno = Annotation.from_dict(params)
self.session.add(anno)
self.session.commit()
self.response.status = 303
self.response.headers['Location'] = self.url('annotation', id=anno.id)
return None
def home():
_require_user('to see your profile')
bookmarklet = render_template('bookmarklet.js', root=current_app.config['ROOT_URL'])
annotations = Annotation.search(user=g.user.username, limit=20)
return render_template('user/home.html',
user=g.user,
bookmarklet=bookmarklet,
annotations=annotations)
def read_annotation(id):
annotation = Annotation.fetch(id)
if not annotation:
return jsonify('Annotation not found!', status=404)
failure = _check_action(annotation, 'read', current_user_id())
if failure:
return failure
return jsonify(annotation)
class TestAnnotation(object):
def setup(self):
self.uri = u'http://xyz.com'
self.ranges = [{'start': 'p 19', 'end': 'div 23'}]
self.tags = [u'abc', u'xyz']
self.anno = Annotation(uri=self.uri,
ranges=self.ranges,
note=u'It is a truth universally acknowledged',
user=u'myuserid',
tags=self.tags,
extras={u'extra1': u'extraval1'})
def test_as_dict(self):
out = self.anno.as_dict()
assertProp(out, 'uri', self.uri)
assertProp(out, 'tags', self.tags)
assertProp(out, 'ranges', self.ranges)
assertProp(out, 'extra1', u'extraval1')
def test_merge_dict(self):
self.anno.merge_dict({'id': 123, 'text': "Foobar"})
assertProp(self.anno, 'id', 123)
assertProp(self.anno, 'text', 'Foobar')
assertProp(self.anno, 'tags', self.tags)
def test_from_dict(self):
r = {
"start": "/html/body/p[2]/strong",
"end": "/html/body/p[2]/strong",
"startOffset": 22,
"endOffset": 27
}
anno = Annotation.from_dict({
'id': 456,
'text': "Hello",
'ranges': [r]
})
assertProp(anno, 'id', 456)
assertProp(anno, 'text', 'Hello')
assertProp(anno, 'ranges', [r])
def home():
_require_user('to see your profile')
bookmarklet = render_template('bookmarklet.js',
root=current_app.config['ROOT_URL'])
annotations = Annotation.search(user=g.user.username, limit=20)
return render_template('user/home.html',
user=g.user,
bookmarklet=bookmarklet,
annotations=annotations)
def delete_annotation(id):
annotation = Annotation.fetch(id)
if not annotation:
return jsonify('Annotation not found. No delete performed.', status=404)
failure = _check_action(annotation, 'delete', current_user_id())
if failure:
return failure
annotation.delete()
return None, 204
def delete_annotation(id):
annotation = Annotation.fetch(id)
if not annotation:
return jsonify('Annotation not found. No delete performed.',
status=404)
failure = _check_action(annotation, 'delete', current_user_id())
if failure:
return failure
annotation.delete()
return None, 204
def setup(self):
self.uri = u"http://xyz.com"
self.ranges = [{"start": "p 19", "end": "div 23"}]
self.tags = [u"abc", u"xyz"]
self.anno = Annotation(
uri=self.uri,
ranges=self.ranges,
note=u"It is a truth universally acknowledged",
user=u"myuserid",
tags=self.tags,
extras={u"extra1": u"extraval1"},
)
def test_delete(self):
id_ = 1
ann = Annotation(id=id_)
ann.save()
newann = Annotation.fetch(id_)
newann.delete()
noann = Annotation.fetch(id_)
assert noann == None
def test_from_dict(self):
r = {
"start": "/html/body/p[2]/strong",
"end": "/html/body/p[2]/strong",
"startOffset": 22,
"endOffset": 27
}
anno = Annotation.from_dict({
'id': 456,
'text': "Hello",
'ranges': [r]
})
assertProp(anno, 'id', 456)
assertProp(anno, 'text', 'Hello')
assertProp(anno, 'ranges', [r])
def update_annotation(id):
annotation = Annotation.fetch(id)
if not annotation:
return jsonify('Annotation not found! No update performed.', status=404)
failure = _check_action(annotation, 'update', current_user_id())
if failure:
return failure
if request.json:
updated = _filter_input(request.json)
updated['id'] = id # use id from URL, regardless of what arrives in JSON payload
if 'permissions' in updated and updated['permissions'] != annotation.get('permissions', {}):
if not authz.authorize(annotation, 'admin', current_user_id()):
return _failed_authz_response('permissions update')
annotation.update(updated)
annotation.save()
return jsonify(annotation)
def update_annotation(id):
annotation = Annotation.fetch(id)
if not annotation:
return jsonify('Annotation not found! No update performed.',
status=404)
failure = _check_action(annotation, 'update', current_user_id())
if failure:
return failure
if request.json:
updated = _filter_input(request.json)
updated[
'id'] = id # use id from URL, regardless of what arrives in JSON payload
if 'permissions' in updated and updated[
'permissions'] != annotation.get('permissions', {}):
if not authz.authorize(annotation, 'admin', current_user_id()):
return _failed_authz_response('permissions update')
annotation.update(updated)
annotation.save()
return jsonify(annotation)
def test_authorize_read_user(self):
ann = Annotation(permissions={'read': ['bob']})
assert authorize(ann, 'read', 'bob')
assert not authorize(ann, 'read', 'alice')
def test_save(self):
a = Annotation(name='bob')
a.save()
h.assert_in('id', a)
def test_fetch(self):
a = Annotation(foo='bar')
a.save()
b = Annotation.fetch(a.id)
h.assert_equal(b['foo'], 'bar')
def _get_annotation(self, id_):
return Annotation.get(id_)
def test_authorise_delete_user(self):
ann = Annotation(user='******')
assert ann.authorise('delete', 'bob')
assert not ann.authorise('delete', 'alice')
def test_authorize_read_nouser(self):
ann = Annotation()
assert authorize(ann, 'read')
assert authorize(ann, 'read', 'bob')
def test_authorize_admin_nouser(self):
ann = Annotation()
assert not authorize(ann, 'admin')
assert authorize(ann, 'admin', 'bob')
def test_save(self):
a = Annotation(name='bob')
a.save()
h.assert_in('id', a)
def test_search_permissions(self):
anno = Annotation(text='Foobar', permissions={'read': []})
anno.save()
annotator.es.refresh(timesleep=0.01)
res = Annotation.search()
h.assert_equal(len(res), 1)
res = Annotation.search(_user_id='bob')
h.assert_equal(len(res), 1)
anno = Annotation(text='Foobar', permissions={'read': ['bob']})
anno.save()
annotator.es.refresh(timesleep=0.01)
res = Annotation.search()
h.assert_equal(len(res), 1)
res = Annotation.search(_user_id='alice')
h.assert_equal(len(res), 1)
res = Annotation.search(_user_id='bob')
h.assert_equal(len(res), 2)
def test_search(self):
uri1 = u'http://xyz.com'
uri2 = u'urn:uuid:xxxxx'
user1 = u'levin'
user2 = u'anna'
anno1 = Annotation(uri=uri1, text=uri1, user=user1)
anno2 = Annotation(uri=uri1, text=uri1 + uri1, user=user2)
anno3 = Annotation(uri=uri2, text=uri2, user=user1)
anno1.save()
anno2.save()
anno3.save()
annotator.es.refresh(timesleep=0.01)
res = Annotation.search()
h.assert_equal(len(res), 3)
# ordering (most recent first)
h.assert_equal(res[0]['text'], uri2)
res = Annotation.count()
h.assert_equal(res, 3)
res = Annotation.search(limit=1)
h.assert_equal(len(res), 1)
res = Annotation.count(limit=1)
h.assert_equal(res, 3)
res = Annotation.search(uri=uri1)
h.assert_equal(len(res), 2)
h.assert_equal(res[0]['uri'], uri1)
h.assert_equal(res[0]['id'], anno2.id)
res = Annotation.search(user=user1)
h.assert_equal(len(res), 2)
h.assert_equal(res[0]['user'], user1)
h.assert_equal(res[0]['id'], anno3.id)
res = Annotation.search(user=user1, uri=uri2)
h.assert_equal(len(res), 1)
h.assert_equal(res[0]['user'], user1)
h.assert_equal(res[0]['id'], anno3.id)
res = Annotation.count(user=user1, uri=uri2)
h.assert_equal(res, 1)
def test_authorise_read_nouser(self):
ann = Annotation()
assert ann.authorise('read')
assert ann.authorise('read', 'bob')
def test_fetch(self):
a = Annotation(foo='bar')
a.save()
b = Annotation.fetch(a.id)
h.assert_equal(b['foo'], 'bar')
def test_authorize_delete_nouser(self):
ann = Annotation()
assert not authorize(ann, 'delete')
assert authorize(ann, 'delete', 'bob')
def test_authorize_delete_user(self):
ann = Annotation(permissions={'delete': ['bob']})
assert authorize(ann, 'delete', 'bob')
assert not authorize(ann, 'delete', 'alice')
def test_authorise_read_user(self):
ann = Annotation(user='******')
assert ann.authorise('read', 'bob')
assert ann.authorise('read', 'alice')
def test_authorize_admin_user(self):
ann = Annotation(permissions={'admin': ['bob']})
assert authorize(ann, 'admin', 'bob')
assert not authorize(ann, 'admin', 'alice')
def _get_annotation(self, id_):
return Annotation.fetch(id_)
def test_authorise_delete_nouser(self):
ann = Annotation()
assert ann.authorise('delete')
assert ann.authorise('delete', 'bob')
def test_search_permissions(self):
anno = Annotation(text='Foobar', permissions={'read': []})
anno.save()
annotator.es.refresh(timesleep=0.01)
res = Annotation.search()
h.assert_equal(len(res), 1)
res = Annotation.search(_user_id='bob')
h.assert_equal(len(res), 1)
anno = Annotation(text='Foobar', permissions={'read': ['bob']})
anno.save()
annotator.es.refresh(timesleep=0.01)
res = Annotation.search()
h.assert_equal(len(res), 1)
res = Annotation.search(_user_id='alice')
h.assert_equal(len(res), 1)
res = Annotation.search(_user_id='bob')
h.assert_equal(len(res), 2)
def _create_annotation(self, **kwargs):
ann = Annotation(**kwargs)
ann.save()
return ann
def test_new(self):
a = Annotation()
h.assert_equal('{}', repr(a))
def test_repr(self):
ann = Annotation(text="FooBarBaz")
assert ann.__repr__() == '<Annotation None "FooBarBaz">', "annotation repr incorrect"
def test_search(self):
uri1 = u'http://xyz.com'
uri2 = u'urn:uuid:xxxxx'
user1 = u'levin'
user2 = u'anna'
anno1 = Annotation(uri=uri1, text=uri1, user=user1)
anno2 = Annotation(uri=uri1, text=uri1 + uri1, user=user2)
anno3 = Annotation(uri=uri2, text=uri2, user=user1)
anno1.save()
anno2.save()
anno3.save()
annotator.es.refresh(timesleep=0.01)
res = Annotation.search()
h.assert_equal(len(res), 3)
# ordering (most recent first)
h.assert_equal(res[0]['text'], uri2)
res = Annotation.count()
h.assert_equal(res, 3)
res = Annotation.search(limit=1)
h.assert_equal(len(res), 1)
res = Annotation.count(limit=1)
h.assert_equal(res, 3)
res = Annotation.search(uri=uri1)
h.assert_equal(len(res), 2)
h.assert_equal(res[0]['uri'], uri1)
h.assert_equal(res[0]['id'], anno2.id)
res = Annotation.search(user=user1)
h.assert_equal(len(res), 2)
h.assert_equal(res[0]['user'], user1)
h.assert_equal(res[0]['id'], anno3.id)
res = Annotation.search(user=user1, uri=uri2)
h.assert_equal(len(res), 1)
h.assert_equal(res[0]['user'], user1)
h.assert_equal(res[0]['id'], anno3.id)
res = Annotation.count(user=user1, uri=uri2)
h.assert_equal(res, 1)
def _create_annotation(self, **kwargs):
ann = Annotation(**kwargs)
ann.save()
return ann
def create_test_annotation(self):
anno = Annotation(uri=u'http://xyz.com', ranges=[u'1.0 2.0'], text=u'blah text')
self.sess.add(anno)
self.sess.commit()
anno = anno.as_dict()
return anno
