def delete(cls, id, account, dry_run=False):
# as long as authentication (in the layer above) has been successful, and the account exists, then
# we are good to proceed
if account is None:
raise Api401Error()
applicationService = DOAJ.applicationService()
authService = DOAJ.authorisationService()
if dry_run:
application, _ = applicationService.application(id)
if application is not None:
try:
authService.can_edit_application(account, application)
except AuthoriseException as e:
if e.reason == e.WRONG_STATUS:
raise Api403Error()
raise Api404Error()
else:
raise Api404Error()
else:
try:
applicationService.delete_application(id, account)
except AuthoriseException as e:
if e.reason == e.WRONG_STATUS:
raise Api403Error()
raise Api404Error()
except NoSuchObjectException as e:
raise Api404Error()
def delete(cls, id, account, dry_run=False):
# as long as authentication (in the layer above) has been successful, and the account exists, then
# we are good to proceed
if account is None:
raise Api401Error()
applicationService = DOAJ.applicationService()
authService = DOAJ.authorisationService()
if dry_run:
application, _ = applicationService.application(id)
if application is not None:
try:
authService.can_edit_application(account, application)
except AuthoriseException as e:
if e.reason == e.WRONG_STATUS:
raise Api403Error()
raise Api404Error()
else:
raise Api404Error()
else:
try:
applicationService.delete_application(id, account)
except AuthoriseException as e:
if e.reason == e.WRONG_STATUS:
raise Api403Error()
raise Api404Error()
except NoSuchObjectException as e:
raise Api404Error()
def test_02_edit_update_request(self, name, application, account, raises=None, expected=None):
svc = DOAJ.authorisationService()
if raises is not None:
with self.assertRaises(raises):
svc.can_edit_application(account, application)
elif expected is not None:
assert svc.can_edit_application(account, application) is expected
else:
assert False, "Specify either raises or expected"
def test_01_create_update_request(self, name, journal, account, raises=None, expected=None):
svc = DOAJ.authorisationService()
if raises is not None:
with self.assertRaises(raises):
svc.can_create_update_request(account, journal)
elif expected is not None:
assert svc.can_create_update_request(account, journal) is expected
else:
assert False, "Specify either raises or expected"
def test_03_view_application(self,
name,
account_type,
role,
owner,
application_type,
raises=None,
returns=None,
auth_reason=None):
# set up the objects
application = None
if application_type == "exists":
application = Suggestion(
**ApplicationFixtureFactory.make_application_source())
account = None
if account_type == "exists":
if role == "none":
account = Account(
**AccountFixtureFactory.make_publisher_source())
account.remove_role("publisher")
elif role == "publisher":
account = Account(
**AccountFixtureFactory.make_publisher_source())
elif role == "admin":
account = Account(
**AccountFixtureFactory.make_managing_editor_source())
if owner == "yes":
application.set_owner(account.id)
svc = DOAJ.authorisationService()
if raises is not None and raises != "":
exception = None
with self.assertRaises(EXCEPTIONS[raises]):
try:
svc.can_view_application(account, application)
except Exception as e:
exception = e
raise e
if raises == "AuthoriseException":
if auth_reason == "not_owner":
assert exception.reason == exception.NOT_OWNER
elif auth_reason == "wrong_role":
assert exception.reason == exception.WRONG_ROLE
elif returns is not None:
expected = returns == "true"
assert svc.can_view_application(account, application) is expected
else:
assert False, "Specify either raises or returns"
def test_02_edit_update_request(self,
name,
application,
account,
raises=None,
expected=None):
svc = DOAJ.authorisationService()
if raises is not None:
with self.assertRaises(raises):
svc.can_edit_application(account, application)
elif expected is not None:
assert svc.can_edit_application(account, application) is expected
else:
assert False, "Specify either raises or expected"
def test_01_create_update_request(self,
name,
journal,
account,
raises=None,
expected=None):
svc = DOAJ.authorisationService()
if raises is not None:
with self.assertRaises(raises):
svc.can_create_update_request(account, journal)
elif expected is not None:
assert svc.can_create_update_request(account, journal) is expected
else:
assert False, "Specify either raises or expected"
def update_request_readonly(application_id):
# DOAJ BLL for this request
applicationService = DOAJ.applicationService()
authService = DOAJ.authorisationService()
application, _ = applicationService.application(application_id)
try:
authService.can_view_application(current_user._get_current_object(),
application)
except AuthoriseException as e:
abort(404)
fc = formcontext.ApplicationFormFactory.get_form_context(
role="update_request_readonly", source=application)
return fc.render_template(no_sidebar=True)
def test_03_view_application(self, name, account_type, role, owner, application_type, raises=None, returns=None, auth_reason=None):
# set up the objects
application = None
if application_type == "exists":
application = Suggestion(**ApplicationFixtureFactory.make_application_source())
account = None
if account_type == "exists":
if role == "none":
account = Account(**AccountFixtureFactory.make_publisher_source())
account.remove_role("publisher")
elif role == "publisher":
account = Account(**AccountFixtureFactory.make_publisher_source())
elif role == "admin":
account = Account(**AccountFixtureFactory.make_managing_editor_source())
if owner == "yes":
application.set_owner(account.id)
svc = DOAJ.authorisationService()
if raises is not None and raises != "":
exception = None
with self.assertRaises(EXCEPTIONS[raises]):
try:
svc.can_view_application(account, application)
except Exception as e:
exception = e
raise e
if raises == "AuthoriseException":
if auth_reason == "not_owner":
assert exception.reason == exception.NOT_OWNER
elif auth_reason == "wrong_role":
assert exception.reason == exception.WRONG_ROLE
elif returns is not None:
expected = returns == "true"
assert svc.can_view_application(account, application) is expected
else:
assert False, "Specify either raises or returns"
def update(cls, id, data, account):
# as long as authentication (in the layer above) has been successful, and the account exists, then
# we are good to proceed
if account is None:
raise Api401Error()
# next thing to do is a structural validation of the replacement data, by instantiating the object
try:
ia = IncomingApplication(data)
except dataobj.DataStructureException as e:
raise Api400Error(e.message)
# now see if there's something for us to update
ap = models.Suggestion.pull(id)
if ap is None:
raise Api404Error()
# if that works, convert it to a Suggestion object
new_ap = ia.to_application_model()
# now augment the suggestion object with all the additional information it requires
#
# suggester name and email from the user account
new_ap.set_suggester(account.name, account.email)
# they are not allowed to set "subject"
new_ap.bibjson().remove_subjects()
# DOAJ BLL for this request
applicationService = DOAJ.applicationService()
authService = DOAJ.authorisationService()
# if a current_journal is specified on the incoming data
if new_ap.current_journal is not None:
# once an application has a current_journal specified, you can't change it
if new_ap.current_journal != ap.current_journal:
raise Api400Error(
"current_journal cannot be changed once set. current_journal is {x}; this request tried to change it to {y}"
.format(x=ap.current_journal, y=new_ap.current_journal))
# load the update_request application either directly or by crosswalking the journal object
vanilla_ap = None
jlock = None
alock = None
try:
vanilla_ap, jlock, alock = applicationService.update_request_for_journal(
new_ap.current_journal, account=account)
except AuthoriseException as e:
if e.reason == AuthoriseException.WRONG_STATUS:
raise Api403Error(
"The application is no longer in a state in which it can be edited via the API"
)
else:
raise Api404Error()
except lock.Locked as e:
raise Api409Error(
"The application is locked for editing by another user - most likely your application is being reviewed by an editor"
)
# if we didn't find an application or journal, 404 the user
if vanilla_ap is None:
if jlock is not None: jlock.delete()
if alock is not None: alock.delete()
raise Api404Error()
# convert the incoming application into the web form
form = MultiDict(xwalk.SuggestionFormXWalk.obj2form(new_ap))
fc = formcontext.ApplicationFormFactory.get_form_context(
role="publisher", form_data=form, source=vanilla_ap)
if fc.validate():
try:
fc.finalise(email_alert=False)
return fc.target
except formcontext.FormContextException as e:
raise Api400Error(e.message)
finally:
if jlock is not None: jlock.delete()
if alock is not None: alock.delete()
else:
if jlock is not None: jlock.delete()
if alock is not None: alock.delete()
raise Api400Error(cls._validation_message(fc))
else:
try:
authService.can_edit_application(account, ap)
except AuthoriseException as e:
if e.reason == e.WRONG_STATUS:
raise Api403Error(
"The application is no longer in a state in which it can be edited via the API"
)
else:
raise Api404Error()
# convert the incoming application into the web form
form = MultiDict(xwalk.SuggestionFormXWalk.obj2form(new_ap))
fc = formcontext.ApplicationFormFactory.get_form_context(
form_data=form, source=ap)
if fc.validate():
try:
fc.finalise(email_alert=False)
return fc.target
except formcontext.FormContextException as e:
raise Api400Error(e.message)
else:
raise Api400Error(cls._validation_message(fc))
def update(cls, id, data, account):
# as long as authentication (in the layer above) has been successful, and the account exists, then
# we are good to proceed
if account is None:
raise Api401Error()
# next thing to do is a structural validation of the replacement data, by instantiating the object
try:
ia = IncomingApplication(data)
except dataobj.DataStructureException as e:
raise Api400Error(e.message)
# now see if there's something for us to update
ap = models.Suggestion.pull(id)
if ap is None:
raise Api404Error()
# if that works, convert it to a Suggestion object
new_ap = ia.to_application_model()
# now augment the suggestion object with all the additional information it requires
#
# suggester name and email from the user account
new_ap.set_suggester(account.name, account.email)
# they are not allowed to set "subject"
new_ap.bibjson().remove_subjects()
# DOAJ BLL for this request
applicationService = DOAJ.applicationService()
authService = DOAJ.authorisationService()
# if a current_journal is specified on the incoming data
if new_ap.current_journal is not None:
# once an application has a current_journal specified, you can't change it
if new_ap.current_journal != ap.current_journal:
raise Api400Error("current_journal cannot be changed once set. current_journal is {x}; this request tried to change it to {y}".format(x=ap.current_journal, y=new_ap.current_journal))
# load the update_request application either directly or by crosswalking the journal object
vanilla_ap = None
jlock = None
alock = None
try:
vanilla_ap, jlock, alock = applicationService.update_request_for_journal(new_ap.current_journal, account=account)
except AuthoriseException as e:
if e.reason == AuthoriseException.WRONG_STATUS:
raise Api403Error("The application is no longer in a state in which it can be edited via the API")
else:
raise Api404Error()
except lock.Locked as e:
raise Api409Error("The application is locked for editing by another user - most likely your application is being reviewed by an editor")
# if we didn't find an application or journal, 404 the user
if vanilla_ap is None:
if jlock is not None: jlock.delete()
if alock is not None: alock.delete()
raise Api404Error()
# convert the incoming application into the web form
form = MultiDict(xwalk.SuggestionFormXWalk.obj2form(new_ap))
fc = formcontext.ApplicationFormFactory.get_form_context(role="publisher", form_data=form, source=vanilla_ap)
if fc.validate():
try:
fc.finalise(email_alert=False)
return fc.target
except formcontext.FormContextException as e:
raise Api400Error(e.message)
finally:
if jlock is not None: jlock.delete()
if alock is not None: alock.delete()
else:
if jlock is not None: jlock.delete()
if alock is not None: alock.delete()
raise Api400Error(cls._validation_message(fc))
else:
try:
authService.can_edit_application(account, ap)
except AuthoriseException as e:
if e.reason == e.WRONG_STATUS:
raise Api403Error("The application is no longer in a state in which it can be edited via the API")
else:
raise Api404Error()
# convert the incoming application into the web form
form = MultiDict(xwalk.SuggestionFormXWalk.obj2form(new_ap))
fc = formcontext.ApplicationFormFactory.get_form_context(form_data=form, source=ap)
if fc.validate():
try:
fc.finalise(email_alert=False)
return fc.target
except formcontext.FormContextException as e:
raise Api400Error(e.message)
else:
raise Api400Error(cls._validation_message(fc))
