Пример #1
0
    def test_has_permission_on_parent_node_copyto_fail_if_not_registration(self):
        component_admin = AuthUserFactory()
        component = ProjectFactory(creator=component_admin, parent=self.node)

        assert_false(component.has_permission(self.user, 'write'))
        with assert_raises(HTTPError):
            views.check_access(component, Auth(user=self.user), 'copyto', None)
Пример #2
0
    def test_has_permission_on_parent_node_copyto_fail_if_not_registration(self):
        component_admin = AuthUserFactory()
        component = ProjectFactory(creator=component_admin, parent=self.node)

        assert_false(component.has_permission(self.user, 'write'))
        with assert_raises(HTTPError):
            views.check_access(component, Auth(user=self.user), 'copyto', None)
Пример #3
0
    def test_has_permission_read_scope_write_action_forbidden(self):
        component = ProjectFactory(creator=self.user, is_public=False, parent=self.node)
        cas_resp = cas.CasResponse(authenticated=True, status=None, user=self.user._id,
                                   attributes={'accessTokenScope': {'osf.nodes.data_read'}})

        assert_true(component.has_permission(self.user, 'write'))
        with assert_raises(HTTPError) as exc_info:
            views.check_access(component, Auth(user=self.user), 'upload', cas_resp)
        assert_equal(exc_info.exception.code, 403)
Пример #4
0
    def test_has_permission_read_scope_write_action_forbidden(self):
        component = ProjectFactory(creator=self.user, is_public=False, parent=self.node)
        cas_resp = cas.CasResponse(authenticated=True, status=None, user=self.user._id,
                                   attributes={'accessTokenScope': {'osf.nodes.data_read'}})

        assert_true(component.has_permission(self.user, 'write'))
        with assert_raises(HTTPError) as exc_info:
            views.check_access(component, Auth(user=self.user), 'upload', cas_resp)
        assert_equal(exc_info.exception.code, 403)
Пример #5
0
    def test_has_permission_private_not_authenticated(self):
        component_admin = AuthUserFactory()
        component = ProjectFactory(creator=component_admin, is_public=False, parent=self.node)
        cas_resp = cas.CasResponse(authenticated=False)

        assert_false(component.has_permission(self.user, 'write'))
        with assert_raises(HTTPError) as exc_info:
            views.check_access(component, Auth(user=self.user), 'download', cas_resp)
        assert_equal(exc_info.exception.code, 403)
Пример #6
0
    def test_has_permission_private_not_authenticated(self):
        component_admin = AuthUserFactory()
        component = ProjectFactory(creator=component_admin, is_public=False, parent=self.node)
        cas_resp = cas.CasResponse(authenticated=False)

        assert_false(component.has_permission(self.user, 'write'))
        with assert_raises(HTTPError) as exc_info:
            views.check_access(component, Auth(user=self.user), 'download', cas_resp)
        assert_equal(exc_info.exception.code, 403)
Пример #7
0
    def test_has_permission_private_irrelevant_scope_forbidden(self):
        component_admin = AuthUserFactory()
        component = ProjectFactory(creator=component_admin, is_public=False, parent=self.node)
        cas_resp = cas.CasResponse(authenticated=True, status=None, user=self.user._id,
                                   attributes={'accessTokenScope': {'osf.users.all_read'}})

        assert_false(component.has_permission(self.user, 'write'))
        with assert_raises(HTTPError) as exc_info:
            views.check_access(component, Auth(user=self.user), 'download', cas_resp)
        assert_equal(exc_info.exception.code, 403)
Пример #8
0
    def test_has_permission_private_irrelevant_scope_forbidden(self):
        component_admin = AuthUserFactory()
        component = ProjectFactory(creator=component_admin, is_public=False, parent=self.node)
        cas_resp = cas.CasResponse(authenticated=True, status=None, user=self.user._id,
                                   attributes={'accessTokenScope': {'osf.users.all_read'}})

        assert_false(component.has_permission(self.user, 'write'))
        with assert_raises(HTTPError) as exc_info:
            views.check_access(component, Auth(user=self.user), 'download', cas_resp)
        assert_equal(exc_info.exception.code, 403)
Пример #9
0
 def test_has_permission_download_on_component_prereg_challenge_admin(self):
     try:
         res = views.check_access(self.draft_registration.branched_from._nodes.first(),
                                  Auth(user=self.prereg_challenge_admin_user), 'download', None)
     except Exception:
         self.fail()
     assert_true(res)
Пример #10
0
    def test_has_permission_on_parent_node_copyfrom(self):
        component_admin = AuthUserFactory()
        component = ProjectFactory(creator=component_admin, is_public=False, parent=self.node)

        assert_false(component.has_permission(self.user, 'write'))
        res = views.check_access(component, Auth(user=self.user), 'copyfrom', None)
        assert_true(res)
Пример #11
0
    def test_has_permission_on_parent_node_copyfrom(self):
        component_admin = AuthUserFactory()
        component = ProjectFactory(creator=component_admin, is_public=False, parent=self.node)

        assert_false(component.has_permission(self.user, 'write'))
        res = views.check_access(component, Auth(user=self.user), 'copyfrom', None)
        assert_true(res)
Пример #12
0
 def test_has_permission_download_on_component_prereg_challenge_admin(self):
     try:
         res = views.check_access(self.draft_registration.branched_from._nodes.first(),
                                  Auth(user=self.prereg_challenge_admin_user), 'download', None)
     except Exception:
         self.fail()
     assert_true(res)
Пример #13
0
    def test_has_permission_on_parent_node_metadata_pass_if_registration(self):
        component_admin = AuthUserFactory()
        component = ProjectFactory(creator=component_admin, parent=self.node, is_public=False)

        component_registration = RegistrationFactory(project=component, creator=component_admin)

        assert_false(component_registration.has_permission(self.user, 'read'))
        res = views.check_access(component_registration, Auth(user=self.user), 'metadata', None)
        assert_true(res)
Пример #14
0
    def test_has_permission_write_scope_read_action(self):
        component_admin = AuthUserFactory()
        component = ProjectFactory(creator=component_admin, is_public=False, parent=self.node)
        cas_resp = cas.CasResponse(authenticated=True, status=None, user=self.user._id,
                                   attributes={'accessTokenScope': {'osf.nodes.data_write'}})

        assert_false(component.has_permission(self.user, 'write'))
        res = views.check_access(component, Auth(user=self.user), 'download', cas_resp)
        assert_true(res)
Пример #15
0
    def test_has_permission_write_scope_read_action(self):
        component_admin = AuthUserFactory()
        component = ProjectFactory(creator=component_admin, is_public=False, parent=self.node)
        cas_resp = cas.CasResponse(authenticated=True, status=None, user=self.user._id,
                                   attributes={'accessTokenScope': {'osf.nodes.data_write'}})

        assert_false(component.has_permission(self.user, 'write'))
        res = views.check_access(component, Auth(user=self.user), 'download', cas_resp)
        assert_true(res)
Пример #16
0
    def test_has_permission_on_parent_node_metadata_pass_if_registration(self):
        component_admin = AuthUserFactory()
        component = ProjectFactory(creator=component_admin, parent=self.node, is_public=False)

        component_registration = RegistrationFactory(project=component, creator=component_admin)

        assert_false(component_registration.has_permission(self.user, 'read'))
        res = views.check_access(component_registration, Auth(user=self.user), 'metadata', None)
        assert_true(res)
Пример #17
0
    def test_has_permission_on_parent_node_copyto_pass_if_registration(self):
        component_admin = AuthUserFactory()
        ProjectFactory(creator=component_admin, parent=self.node)
        registration = RegistrationFactory(project=self.node)

        component_registration = registration._nodes.first()

        assert_false(component_registration.has_permission(self.user, 'write'))
        res = views.check_access(component_registration, Auth(user=self.user), 'copyto', None)
        assert_true(res)
Пример #18
0
    def test_has_permission_on_parent_node_copyto_pass_if_registration(self):
        component_admin = AuthUserFactory()
        ProjectFactory(creator=component_admin, parent=self.node)
        registration = RegistrationFactory(project=self.node)

        component_registration = registration._nodes.first()

        assert_false(component_registration.has_permission(self.user, 'write'))
        res = views.check_access(component_registration, Auth(user=self.user), 'copyto', None)
        assert_true(res)
Пример #19
0
 def test_has_permission_download_not_prereg_challenge_admin(self):
     new_user = AuthUserFactory()
     with assert_raises(HTTPError) as exc_info:
         views.check_access(self.draft_registration.branched_from,
              Auth(user=new_user), 'download', None)
         assert_equal(exc_info.exception.code, http.FORBIDDEN)
Пример #20
0
 def test_not_has_permission_logged_in(self):
     user2 = AuthUserFactory()
     with assert_raises(HTTPError) as exc_info:
         views.check_access(self.node, Auth(user=user2), 'download', None)
     assert_equal(exc_info.exception.code, 403)
Пример #21
0
 def test_has_permission_download_prereg_challenge_admin(self):
     res = views.check_access(self.draft_registration.branched_from,
         Auth(user=self.prereg_challenge_admin_user), 'download', None)
     assert_true(res)
Пример #22
0
 def test_has_permission_download_prereg_challenge_admin(self):
     res = views.check_access(self.draft_registration.branched_from,
         Auth(user=self.prereg_challenge_admin_user), 'download', None)
     assert_true(res)
Пример #23
0
 def test_not_has_permission_read_has_link(self):
     link = new_private_link('red-special', self.user, [self.node], anonymous=False)
     views.check_access(self.node, Auth(private_key=link.key), 'download', None)
Пример #24
0
 def test_not_has_permission_not_logged_in(self):
     with assert_raises(HTTPError) as exc_info:
         views.check_access(self.node, Auth(), 'download', None)
     assert_equal(exc_info.exception.code, 401)
Пример #25
0
 def test_not_has_permission_logged_in(self):
     user2 = AuthUserFactory()
     with assert_raises(HTTPError) as exc_info:
         views.check_access(self.node, Auth(user=user2), 'download', None)
     assert_equal(exc_info.exception.code, 403)
Пример #26
0
 def test_not_has_permission_read_has_link(self):
     link = new_private_link('red-special', self.user, [self.node], anonymous=False)
     views.check_access(self.node, Auth(private_key=link.key), 'download', None)
Пример #27
0
 def test_has_permission_download_not_prereg_challenge_admin(self):
     new_user = AuthUserFactory()
     with assert_raises(HTTPError) as exc_info:
         views.check_access(self.draft_registration.branched_from,
              Auth(user=new_user), 'download', None)
         assert_equal(exc_info.exception.code, http.FORBIDDEN)
Пример #28
0
 def test_has_permission_download_prereg_challenge_admin_not_draft(self):
     with assert_raises(HTTPError) as exc_info:
         views.check_access(self.node,
              Auth(user=self.prereg_challenge_admin_user), 'download', None)
         assert_equal(exc_info.exception.code, http.FORBIDDEN)
Пример #29
0
 def test_has_permission_download_prereg_challenge_admin_not_draft(self):
     with assert_raises(HTTPError) as exc_info:
         views.check_access(self.node,
              Auth(user=self.prereg_challenge_admin_user), 'download', None)
         assert_equal(exc_info.exception.code, http.FORBIDDEN)
Пример #30
0
 def test_has_permission_write_prereg_challenge_admin(self):
     with assert_raises(HTTPError) as exc_info:
         views.check_access(self.draft_registration.branched_from,
             Auth(user=self.prereg_challenge_admin_user), 'write', None)
         assert_equal(exc_info.exception.code, http.FORBIDDEN)
Пример #31
0
 def test_has_permission_write_prereg_challenge_admin(self):
     with assert_raises(HTTPError) as exc_info:
         views.check_access(self.draft_registration.branched_from,
             Auth(user=self.prereg_challenge_admin_user), 'write', None)
         assert_equal(exc_info.exception.code, http.FORBIDDEN)
Пример #32
0
 def test_not_has_permission_read_public(self):
     self.node.is_public = True
     self.node.save()
     views.check_access(self.node, Auth(), 'download', None)
Пример #33
0
 def test_not_has_permission_read_public(self):
     self.node.is_public = True
     self.node.save()
     views.check_access(self.node, Auth(), 'download', None)
Пример #34
0
 def test_not_has_permission_not_logged_in(self):
     with assert_raises(HTTPError) as exc_info:
         views.check_access(self.node, Auth(), 'download', None)
     assert_equal(exc_info.exception.code, 401)
Пример #35
0
 def test_has_permission(self):
     res = views.check_access(self.node, Auth(user=self.user), 'upload', None)
     assert_true(res)
Пример #36
0
 def test_has_permission(self):
     res = views.check_access(self.node, Auth(user=self.user), 'upload', None)
     assert_true(res)