def test_non_contributor_GET_disapproval_returns_HTTPError(self): non_contributor = AuthUserFactory() self.registration.embargo_registration( self.user, datetime.datetime.utcnow() + datetime.timedelta(days=10) ) self.registration.save() assert_true(self.registration.is_pending_embargo) rejection_token = self.registration.embargo.approval_state[self.user._id]['rejection_token'] approval_url = self.registration.web_url_for('view_project', token=rejection_token) res = self.app.get(approval_url, auth=non_contributor.auth, expect_errors=True) assert_equal(http.FORBIDDEN, res.status_code) assert_true(self.registration.is_pending_embargo) assert_false(self.registration.embargo_end_date)
def test_import_auth_cant_write_node(self): ea = self.ExternalAccountFactory() user = AuthUserFactory() user.add_addon(self.ADDON_SHORT_NAME, auth=Auth(user)) user.external_accounts.append(ea) user.save() node = ProjectFactory(creator=self.user) node.add_contributor(user, permissions=[permissions.READ], auth=self.auth, save=True) node.add_addon(self.ADDON_SHORT_NAME, auth=self.auth) node.save() url = node.api_url_for('{0}_import_auth'.format(self.ADDON_SHORT_NAME)) res = self.app.put_json(url, { 'external_account_id': ea._id }, auth=user.auth, expect_errors=True) assert_equal(res.status_code, http.FORBIDDEN)
def test_node_child_filtering(self): user = AuthUserFactory() project = ProjectFactory(creator=user) title1, title2 = fake.bs(), fake.bs() component = NodeFactory(title=title1, parent=project) component2 = NodeFactory(title=title2, parent=project) url = '/{}nodes/{}/children/?filter[title]={}'.format( API_BASE, project._id, title1) res = self.app.get(url, auth=user.auth) ids = [node['id'] for node in res.json['data']] assert_in(component._id, ids) assert_not_in(component2._id, ids)
def setUp(self): super(TestUserNodesPreprintsFiltering, self).setUp() self.user = AuthUserFactory() self.no_preprints_node = ProjectFactory(creator=self.user) self.valid_preprint_node = ProjectFactory(creator=self.user) self.orphaned_preprint_node = ProjectFactory(creator=self.user) self.abandoned_preprint_node = ProjectFactory(creator=self.user) self.valid_preprint = PreprintFactory(project=self.valid_preprint_node) self.abandoned_preprint = PreprintFactory(project=self.abandoned_preprint_node, is_published=False) self.orphaned_preprint = PreprintFactory(project=self.orphaned_preprint_node) self.orphaned_preprint.node._is_preprint_orphan = True self.orphaned_preprint.node.save() self.url_base = '/{}users/me/nodes/?filter[preprint]='.format(API_BASE)
def test_delete_user_is_admin_but_not_affiliated_with_inst(self): user = AuthUserFactory() node = NodeFactory(creator=user) node.affiliated_institutions.append(self.institution) node.save() assert_in(self.institution, node.affiliated_institutions) res = self.app.delete_json_api( self.institution_nodes_url, self.create_payload(node._id), auth=user.auth ) assert_equal(res.status_code, 204) node.reload() assert_not_in(self.institution, node.affiliated_institutions)
def setUp(self): super(TestPrivateLink, self).setUp() self.flaskapp = Flask('testing_private_links') @self.flaskapp.route('/project/<pid>/') @must_be_contributor def project_get(**kwargs): return 'success', 200 self.app = TestApp(self.flaskapp) self.user = AuthUserFactory() self.project = ProjectFactory(is_public=False) self.link = PrivateLinkFactory() self.link.nodes.append(self.project) self.link.save()
def test_update_preprint_permission_denied(self): update_title_payload = build_preprint_update_payload( self.preprint._id, attributes={'title': 'A new title'}) noncontrib = AuthUserFactory() res = self.app.patch_json_api(self.url, update_title_payload, auth=noncontrib.auth, expect_errors=True) assert_equal(res.status_code, 403) res = self.app.patch_json_api(self.url, update_title_payload, expect_errors=True) assert_equal(res.status_code, 401)
def test_has_permission_private_irrelevant_scope_forbidden(self): component_admin = AuthUserFactory() component = ProjectFactory(creator=component_admin, is_public=False, parent=self.node) cas_resp = cas.CasResponse( authenticated=True, status=None, user=self.user._id, attributes={'accessTokenScope': {'osf.users.all+read'}}) assert_false(component.has_permission(self.user, 'write')) with assert_raises(HTTPError) as exc_info: views.check_access(component, Auth(user=self.user), 'download', cas_resp) assert_equal(exc_info.exception.code, 403)
def test_cant_delete_project_if_not_admin(self): non_admin = AuthUserFactory() self.component.add_contributor( non_admin, permissions=['read', 'write'], auth=self.consolidate_auth, save=True, ) res = self.app.get( self.component.url + 'settings/', auth=non_admin.auth ).maybe_follow() assert_not_in( 'Delete {0}'.format(self.component.project_or_component), res )
def setUp(self): super(TestInstitutionRelationshipNodes, self).setUp() self.user = AuthUserFactory() self.institution = InstitutionFactory() self.user.affiliated_institutions.append(self.institution) self.user.save() self.node1 = NodeFactory(creator=self.user) self.node2 = NodeFactory(is_public=True) self.node3 = NodeFactory() self.node1.affiliated_institutions.append(self.institution) self.node2.affiliated_institutions.append(self.institution) self.node3.affiliated_institutions.append(self.institution) self.node1.save() self.node2.save() self.node3.save() self.institution_nodes_url = '/{}institutions/{}/relationships/nodes/'.format(API_BASE, self.institution._id)
def setUp(self): super(TestNodeLicenses, self).setUp() self.user = AuthUserFactory() self.node = ProjectFactory(creator=self.user) ensure_licenses() self.LICENSE_NAME = 'MIT License' self.node_license = NodeLicense.find_one( Q('name', 'eq', self.LICENSE_NAME)) self.YEAR = '2105' self.COPYRIGHT_HOLDERS = ['Foo', 'Bar'] self.node.node_license = NodeLicenseRecordFactory( node_license=self.node_license, year=self.YEAR, copyright_holders=self.COPYRIGHT_HOLDERS) self.node.save()
def setUp(self): super(TestInstitutionNodeList, self).setUp() self.institution = InstitutionFactory() self.node1 = ProjectFactory(is_public=True) self.node1.affiliated_institutions.append(self.institution) self.node1.save() self.user1 = AuthUserFactory() self.node2 = ProjectFactory(creator=self.user1, is_public=False) self.node2.affiliated_institutions.append(self.institution) self.node2.save() self.node3 = ProjectFactory(is_public=False) self.node3.affiliated_institutions.append(self.institution) self.node3.save() self.institution_node_url = '/{0}institutions/{1}/nodes/'.format( API_BASE, self.institution._id)
def test_can_make_project_public_if_admin_contributor(self): admin_user = AuthUserFactory() self.private_project.add_contributor( admin_user, permissions=(permissions.READ, permissions.WRITE, permissions.ADMIN), auth=Auth(self.private_project.creator) ) self.private_project.save() res = self.app.patch_json_api( self.private_url, make_node_payload(self.private_project, {'public': True}), auth=admin_user.auth # self.user is creator/admin ) assert_equal(res.status_code, 200) self.private_project.reload() assert_true(self.private_project.is_public)
def test_set_config_not_owner(self): user = AuthUserFactory() user.add_addon('mendeley') self.project.add_contributor(user) self.project.save() res = self.app.put_json( self.project.api_url_for('mendeley_set_config'), { 'external_account_id': self.account._id, 'external_list_id': 'list', }, auth=user.auth, ) self.node_addon.reload() assert_equal(self.user_addon, self.node_addon.user_settings) assert_equal(res.json, {})
def setUp(self): super(TestEmailFormView, self).setUp() self.comment = CommentFactory() self.comment.report_abuse(user=AuthUserFactory(), save=True, category='spam') self.request = RequestFactory().post('/fake_path') self.request.user = UserFactory() self.view = EmailFormView() self.form = EmailForm(data={ 'author': 'Nemo', 'message': 'A message for spammers.', 'subject': 'stop spamming', 'email': ('*****@*****.**', '*****@*****.**') }) self.view = setup_form_view(self.view, self.request, self.form, spam_id=self.comment._id)
def setUp(self): super(TestGitHubFileView, self).setUp() self.user = AuthUserFactory() self.consolidated_auth = Auth(user=self.user) self.project = ProjectFactory(creator=self.user) self.project.add_addon('github', auth=self.consolidated_auth) self.project.creator.add_addon('github') self.github = create_mock_github(user='******', private=False) self.node_settings = self.project.get_addon('github') self.node_settings.user_settings = self.project.creator.get_addon('github') # Set the node addon settings to correspond to the values of the mock repo self.node_settings.user = self.github.repo.return_value.owner.login self.node_settings.repo = self.github.repo.return_value.name self.node_settings.save()
def test_cannot_make_project_public_if_non_admin_contributor(self): non_admin = AuthUserFactory() self.private_project.add_contributor( non_admin, permissions=(permissions.READ, permissions.WRITE), auth=Auth(self.private_project.creator) ) self.private_project.save() res = self.app.patch_json( self.private_url, make_node_payload(self.private_project, {'public': True}), auth=non_admin.auth, expect_errors=True ) assert_equal(res.status_code, 403) self.private_project.reload() assert_false(self.private_project.is_public)
def test_settings_detail_noncontrib_public_can_view(self): self.node.set_privacy('public', auth=self.auth) noncontrib = AuthUserFactory() wrong_type = self.should_expect_errors() res = self.app.get(self.setting_detail_url, auth=noncontrib.auth, expect_errors=wrong_type) if not wrong_type: assert_equal(res.status_code, 200) addon_data = res.json['data']['attributes'] assert_equal(self.account_id, addon_data['external_account_id']) assert_equal(self.node_settings.has_auth, addon_data['node_has_auth']) assert_equal(self.node_settings.folder_id, addon_data['folder_id']) if wrong_type: assert_equal(res.status_code, 404)
def test_settings_detail_PATCH_readcontrib_raises_error(self): read_user = AuthUserFactory() self.node.add_contributor(read_user, permissions=[READ], auth=self.auth) res = self.app.patch_json_api(self.setting_detail_url, { 'data': { 'id': self.short_name, 'type': 'node_addons', 'attributes': { 'external_account_id': None, } } }, auth=read_user.auth, expect_errors=True) assert_equal(res.status_code, 403)
def setUp(self): super(TestNodeSettings, self).setUp() self.user = AuthUserFactory() self.project = ProjectFactory(creator=self.user) self.project.add_addon('figshare', auth=Auth(self.user)) self.project.creator.add_addon('figshare') self.node_settings = self.project.get_addon('figshare') self.user_settings = self.project.creator.get_addon('figshare') self.user_settings.oauth_access_token = 'legittoken' self.user_settings.oauth_access_token_secret = 'legittoken' self.user_settings.save() self.node_settings.user_settings = self.user_settings self.node_settings.figshare_id = '123456' self.node_settings.figshare_type = 'project' self.node_settings.figshare_title = 'singlefile' self.node_settings.save()
def setUp(self): super(TestDraftListView, self).setUp() self.user = AuthUserFactory() schema = utils.draft_reg_util() self.dr1 = DraftRegistrationFactory( initiator=self.user, registration_schema=schema, registration_metadata=utils.SCHEMA_DATA) self.dr1.submit_for_review(self.user, {}, save=True) self.dr2 = DraftRegistrationFactory( initiator=self.user, registration_schema=schema, registration_metadata=utils.SCHEMA_DATA) self.dr2.submit_for_review(self.user, {}, save=True) self.request = RequestFactory().get('/fake_path') self.view = DraftListView() self.view = setup_view(self.view, self.request)
def test_only_project_contrib_can_comment_on_closed_project(self): self.node.comment_level = 'private' self.node.is_public = True self.node.save() res = self.app.get(self.file_url, auth=self.user.auth) can_comment = res.json['data']['attributes'][ 'current_user_can_comment'] assert_equal(res.status_code, 200) assert_equal(can_comment, True) non_contributor = AuthUserFactory() res = self.app.get(self.file_url, auth=non_contributor.auth) can_comment = res.json['data']['attributes'][ 'current_user_can_comment'] assert_equal(res.status_code, 200) assert_equal(can_comment, False)
def setUp(self): super(TestAddonCount, self).setUp() self.user = AuthUserFactory() self.node = ProjectFactory(creator=self.user) self.user.add_addon('github') self.user_addon = self.user.get_addon('github') self.oauth_settings = GitHubAccountFactory(display_name='hmoco1') self.oauth_settings.save() self.user.external_accounts.append(self.oauth_settings) self.user.save() self.node.add_addon('github', Auth(self.user)) self.node_addon = self.node.get_addon('github') self.node_addon.user = self.user.fullname self.node_addon.repo = '29 #Strafford APTS' self.node_addon.user_settings = self.user_addon self.node_addon.external_account = self.oauth_settings self.node_addon.save()
def setUp(self): super(AddonSerializerTestSuiteMixin, self).setUp() self.user = AuthUserFactory() self.node = ProjectFactory(creator=self.user) self.set_user_settings(self.user) assert_is_not_none( getattr(self, 'user_settings'), "'set_user_settings' should set the 'user_settings' attribute of the instance to an instance of the appropriate user settings model." ) self.set_node_settings(self.user_settings) assert_is_not_none( getattr(self, 'node_settings'), "'set_node_settings' should set the 'user_settings' attribute of the instance to an instance of the appropriate node settings model." ) self.ser = self.Serializer(user_settings=self.user_settings, node_settings=self.node_settings)
def test_delete_user_is_admin_but_not_affiliated_with_inst(self): user = AuthUserFactory() node = NodeFactory(creator=user) node.affiliated_institutions.append(self.institution1) node.save() assert_in(self.institution1, node.affiliated_institutions) res = self.app.delete_json_api( '/{0}nodes/{1}/relationships/institutions/'.format( API_BASE, node._id), self.create_payload(self.institution1._id), auth=user.auth, ) assert_equal(res.status_code, 204) node.reload() assert_not_in(self.institution1, node.affiliated_institutions)
def setUp(self): super(TestFileTagging, self).setUp() self.user = AuthUserFactory() self.node = ProjectFactory(creator=self.user) self.file1 = api_utils.create_test_file( self.node, self.user, filename='file1') self.payload = { "data": { "type": "files", "id": self.file1._id, "attributes": { "checkout": None, "tags": ["goofy"] } } } self.url = '/{}files/{}/'.format(API_BASE, self.file1._id)
def setUp(self): super(TestMeetingFormView, self).setUp() self.conf = ConferenceFactory() self.user = AuthUserFactory() self.request = RequestFactory().post('/fake_path') self.view = MeetingFormView() mod_data = dict(data) mod_data.update({ 'edit': 'True', 'endpoint': self.conf.endpoint, 'admins': self.user.emails[0], 'location': 'Timbuktu, Mali', 'start date': 'Dec 11 2014', 'end_date': 'Jan 12 2013' }) self.form = MeetingForm(data=mod_data) self.form.is_valid()
def setUp(self): super(TestNodeLinkedNodes, self).setUp() self.user = AuthUserFactory() self.auth = Auth(self.user) self.linking_node = NodeFactory(creator=self.user) self.linked_node = NodeFactory(creator=self.user) self.linked_node2 = NodeFactory(creator=self.user) self.public_node = NodeFactory(is_public=True, creator=self.user) self.linking_node.add_pointer(self.linked_node, auth=self.auth) self.linking_node.add_pointer(self.linked_node2, auth=self.auth) self.linking_node.add_pointer(self.public_node, auth=self.auth) self.linking_node.save() self.url = '/{}nodes/{}/linked_nodes/'.format(API_BASE, self.linking_node._id) self.node_ids = [ pointer.node._id for pointer in self.linking_node.nodes_pointer ]
def test_remove_institution_not_admin_but_affiliated(self): node = NodeFactory(creator=self.user) user = AuthUserFactory() user.affiliated_institutions.append(self.institution) user.save() node.primary_institution = self.institution node.add_contributor(user, auth=Auth(self.user)) node.save() res = self.app.put_json_api( '/{0}nodes/{1}/relationships/institution/'.format( API_BASE, node._id), {'data': None}, auth=user.auth, expect_errors=True) assert_equal(res.status_code, 403) assert_equal(node.primary_institution, self.institution)
def setUp(self): super(TestComponents, self).setUp() self.user = AuthUserFactory() self.consolidate_auth = Auth(user=self.user) self.project = ProjectFactory(creator=self.user) self.project.add_contributor(contributor=self.user, auth=self.consolidate_auth) # A non-project componenet self.component = NodeFactory( category='hypothesis', creator=self.user, parent=self.project, ) self.component.save() self.component.set_privacy('public', self.consolidate_auth) self.component.set_privacy('private', self.consolidate_auth) self.project.save() self.project_url = self.project.web_url_for('view_project')