def test_creation(app, db, users, record_example):
"""Test link creation."""
mock_link_created = Mock()
pid_value, record = record_example
with app.test_request_context():
with link_created.connected_to(mock_link_created):
datastore = current_app.extensions['security'].datastore
receiver = datastore.get_user(users['receiver']['id'])
l = SecretLink.create("Test title",
receiver,
dict(recid=pid_value),
description="Test description")
assert l.title == "Test title"
assert l.description == "Test description"
assert l.expires_at is None
assert l.token != ''
assert mock_link_created.called
db.session.commit()
l = SecretLink.query.get(l.id)
assert SecretLink.validate_token(
l.token,
dict(recid=pid_value),
)
assert not SecretLink.validate_token(l.token, dict(recid='-1'))
def has_read_files_permission(user, record):
"""Check if user has read access to the record."""
# Allow if record is open access
if AccessRight.get(
record.get('access_right', 'closed'),
record.get('embargo_date')) == AccessRight.OPEN:
return True
# Allow token bearers
token = session.get('accessrequests-secret-token')
if token and SecretLink.validate_token(
token, dict(recid=int(record['recid']))):
return True
# Check for a resource access token
rat_token = request.args.get('token')
if rat_token:
rat_signer, payload = decode_rat(rat_token)
rat_deposit_id = payload.get('deposit_id')
rat_access = payload.get('access')
deposit_id = record.get('_deposit', {}).get('id')
if rat_deposit_id == deposit_id and rat_access == 'read':
return has_update_permission(rat_signer, record)
return has_update_permission(user, record)
def has_access(user=None, record=None):
"""Check whether the user has access to the record.
The rules followed are:
1. Open Access records can be viewed by everyone.
2. Embargoed, Restricted and Closed records can be viewed by
the record owners.
3. Administrators can view every record.
"""
if AccessRight.get(record['access_right'], record.get('embargo_date')) \
== AccessRight.OPEN:
return True
user_id = int(user.get_id()) if user.is_authenticated else None
if user_id in record.get('owners', []):
return True
if DynamicPermission(ActionNeed('admin-access')):
return True
try:
token = session['accessrequests-secret-token']
recid = record['recid']
if SecretLink.validate_token(token, dict(recid=int(recid))):
return True
else:
del session['accessrequests-secret-token']
except KeyError:
pass
return False
def test_creation(self):
"""Test link creation."""
from zenodo_accessrequests.models import SecretLink
from zenodo_accessrequests.signals import \
link_created
with link_created.connected_to(self.get_receiver('created')):
l = SecretLink.create("Test title", self.receiver, dict(recid=1),
description="Test description")
self.assertEqual(l.title, "Test title")
self.assertEqual(l.description, "Test description")
self.assertIsNone(l.expires_at)
self.assertNotEqual(l.token, "")
self.assertIsNotNone(self.called['created'])
assert SecretLink.validate_token(l.token, dict(recid=1),)
assert not SecretLink.validate_token(l.token, dict(recid=2))
def has_read_files_permission(user, record):
"""Check if user has read access to the record."""
# Allow if record is open access
if AccessRight.get(record.get('access_right', 'closed'),
record.get('embargo_date')) == AccessRight.OPEN:
return True
# Allow token bearers
token = session.get('accessrequests-secret-token')
if token and SecretLink.validate_token(token,
dict(recid=int(record['recid']))):
return True
return has_update_permission(user, record)
def has_read_permission(user, record):
"""Check if user has read access to the record."""
# Allow if record is open access
if AccessRight.get(record['access_right'], record.get('embargo_date')) \
== AccessRight.OPEN:
return True
# Allow token bearers
token = session.get('accessrequests-secret-token')
if token and SecretLink.validate_token(
token, dict(recid=int(record['recid']))):
return True
return has_update_permission(user, record)
def test_creation(app, db, users, record_example):
"""Test link creation."""
mock_link_created = Mock()
pid_value, record = record_example
with app.test_request_context():
with link_created.connected_to(mock_link_created):
datastore = current_app.extensions['security'].datastore
receiver = datastore.get_user(users['receiver']['id'])
l = SecretLink.create("Test title", receiver,
dict(recid=pid_value),
description="Test description")
assert l.title == "Test title"
assert l.description == "Test description"
assert l.expires_at is None
assert l.token != ''
assert mock_link_created.called
db.session.commit()
l = SecretLink.query.get(l.id)
assert SecretLink.validate_token(l.token, dict(recid=pid_value),)
assert not SecretLink.validate_token(l.token, dict(recid='-1'))
def test_creation(self):
"""Test link creation."""
from zenodo_accessrequests.models import SecretLink
from zenodo_accessrequests.signals import \
link_created
with link_created.connected_to(self.get_receiver('created')):
l = SecretLink.create("Test title",
self.receiver,
dict(recid=1),
description="Test description")
self.assertEqual(l.title, "Test title")
self.assertEqual(l.description, "Test description")
self.assertIsNone(l.expires_at)
self.assertNotEqual(l.token, "")
self.assertIsNotNone(self.called['created'])
assert SecretLink.validate_token(
l.token,
dict(recid=1),
)
assert not SecretLink.validate_token(l.token, dict(recid=2))
