def setup(self): super(TestStoreAuthz, self).setup() self.app = annotator.app.test_client() self.anno_id = '123' self.permissions = { 'read': ['alice', 'bob'], 'update': ['alice', 'charlie'], 'admin': ['alice'] } ann = Annotation(id=self.anno_id, user='******', text='Foobar', permissions=self.permissions) ann.save() self.consumer = Consumer('test-consumer-key') save(self.consumer) self.user = '******' for u in ['alice', 'bob', 'charlie']: token = auth.generate_token(self.consumer.key, u) setattr(self, '%s_headers' % u, auth.headers_for_token(token))
class TestAnnotation(object): def setup(self): self.uri = u"http://xyz.com" self.ranges = [{"start": "p 19", "end": "div 23"}] self.tags = [u"abc", u"xyz"] self.anno = Annotation( uri=self.uri, ranges=self.ranges, note=u"It is a truth universally acknowledged", user=u"myuserid", tags=self.tags, extras={u"extra1": u"extraval1"}, ) def test_as_dict(self): out = self.anno.as_dict() assertProp(out, "uri", self.uri) assertProp(out, "tags", self.tags) assertProp(out, "ranges", self.ranges) assertProp(out, "extra1", u"extraval1") def test_merge_dict(self): self.anno.merge_dict({"id": 123, "text": "Foobar"}) assertProp(self.anno, "id", 123) assertProp(self.anno, "text", "Foobar") assertProp(self.anno, "tags", self.tags) def test_from_dict(self): r = {"start": "/html/body/p[2]/strong", "end": "/html/body/p[2]/strong", "startOffset": 22, "endOffset": 27} anno = Annotation.from_dict({"id": 456, "text": "Hello", "ranges": [r]}) assertProp(anno, "id", 456) assertProp(anno, "text", "Hello") assertProp(anno, "ranges", [r])
def create_test_annotation(self): anno = Annotation(uri=u'http://xyz.com', ranges=[u'1.0 2.0'], text=u'blah text') self.sess.add(anno) self.sess.commit() anno = anno.as_dict() return anno
def test_delete(self): id_ = 1 ann = Annotation(id=id_) ann.save() newann = Annotation.fetch(id_) newann.delete() noann = Annotation.fetch(id_) assert noann == None
def setup(self): self.uri = u'http://xyz.com' self.ranges = [{'start': 'p 19', 'end': 'div 23'}] self.tags = [u'abc', u'xyz'] self.anno = Annotation(uri=self.uri, ranges=self.ranges, note=u'It is a truth universally acknowledged', user=u'myuserid', tags=self.tags, extras={u'extra1': u'extraval1'})
def index(): uid = current_user_id() if uid: if not auth.verify_request(request): return _failed_auth_response() annotations = Annotation.search(_user_id=uid) else: annotations = Annotation.search() return jsonify(annotations)
def test_basics(self): user = "******" ann = Annotation(text="Hello there", user=user) ann['ranges'] = [] ann['ranges'].append({}) ann['ranges'].append({}) ann.save() ann = Annotation.fetch(ann.id) h.assert_equal(ann['text'], "Hello there") h.assert_equal(ann['user'], "alice") h.assert_equal(len(ann['ranges']), 2)
def test_search(self): uri1 = u'http://xyz.com' uri2 = u'urn:uuid:xxxxx' user = u'levin' user2 = u'anna' anno = Annotation( uri=uri1, text=uri1, user=user, ) anno2 = Annotation( uri=uri1, text=uri1 + uri1, user=user2, ) anno3 = Annotation(uri=uri2, text=uri2, user=user) self.sess.add_all([anno, anno2, anno3]) self.sess.commit() annoid = anno.id anno2id = anno2.id url = self.url('search_annotations') res = self.app.get(url) body = json.loads(res.body) assert body['total'] == 3, body url = self.url('search_annotations', limit=1) res = self.app.get(url) body = json.loads(res.body) assert body['total'] == 3, body assert len(body['results']) == 1 url = self.url('search_annotations', uri=uri1, all_fields=1) res = self.app.get(url) body = json.loads(res.body) assert body['total'] == 2, body out = body['results'] assert len(out) == 2 assert out[0]['uri'] == uri1 assert out[0]['id'] in [annoid, anno2id] url = self.url('search_annotations', uri=uri1) res = self.app.get(url) body = json.loads(res.body) assert body['results'][0].keys() == ['id'], body['results'] url = self.url('search_annotations', limit=-1) res = self.app.get(url) body = json.loads(res.body) assert len(body['results']) == 3, body
def setup(self): self.permissions = dict( read=[self.gooduser, self.updateuser], update=[self.gooduser, self.updateuser], admin=[self.gooduser]) kwargs = dict( id=self.anno_id, text=u"Foo", permissions=self.permissions ) ann = Annotation(**kwargs) ann.save() self.app = app.test_client()
def search_annotations(): kwargs = dict(request.args.items()) uid = current_user_id() if uid: if not auth.verify_request(request): return _failed_auth_response() results = Annotation.search(**kwargs) results = filter(lambda a: authz.authorize(a, 'read', uid), results) total = Annotation.count(**kwargs) return jsonify({ 'total': total, 'rows': results, })
def test_update_other_users_annotation(self): ann = Annotation(id=123, user='******', permissions={'update': []}) ann.save() payload = json.dumps({ 'id': 123, 'text': 'Foo' }) response = self.app.put('/api/annotations/123', data=payload, content_type='application/json', headers=self.bob_headers) assert response.status_code == 200, "response should be 200 OK"
def create_annotation(): # Only registered users can create annotations if not auth.verify_request(request): return _failed_auth_response() if request.json: annotation = Annotation(_filter_input(request.json)) annotation['consumer'] = request.headers[auth.HEADER_PREFIX + 'consumer-key'] annotation['user'] = request.headers[auth.HEADER_PREFIX + 'user-id'] annotation.save() return jsonify(annotation) else: return jsonify('No JSON payload sent. Annotation not created.', status=400)
def test_from_dict(self): r = {"start": "/html/body/p[2]/strong", "end": "/html/body/p[2]/strong", "startOffset": 22, "endOffset": 27} anno = Annotation.from_dict({"id": 456, "text": "Hello", "ranges": [r]}) assertProp(anno, "id", 456) assertProp(anno, "text", "Hello") assertProp(anno, "ranges", [r])
def test_delete(self): ann = Annotation(text=u"Bar", id=456) session.commit() response = self.app.delete('/annotations/456') assert response.status_code == 204, "response should be 204 NO CONTENT" assert Annotation.get(456) == None, "annotation wasn't deleted in db"
def create(self): if 'json' in self.request.params: params = json.loads(self.request.params['json']) else: params = dict(self.request.params) if isinstance(params, list): for objdict in params: anno = Annotation.from_dict(objdict) else: anno = Annotation.from_dict(params) self.session.add(anno) self.session.commit() self.response.status = 303 self.response.headers['Location'] = self.url('annotation', id=anno.id) return None
def read_annotation(id): annotation = Annotation.fetch(id) if not annotation: return jsonify('Annotation not found!', status=404) failure = _check_action(annotation, 'read', current_user_id()) if failure: return failure return jsonify(annotation)
def home(): _require_user('to see your profile') bookmarklet = render_template('bookmarklet.js', root=current_app.config['ROOT_URL']) annotations = Annotation.search(user=g.user.username, limit=20) return render_template('user/home.html', user=g.user, bookmarklet=bookmarklet, annotations=annotations)
class TestAnnotation(object): def setup(self): self.uri = u'http://xyz.com' self.ranges = [{'start': 'p 19', 'end': 'div 23'}] self.tags = [u'abc', u'xyz'] self.anno = Annotation(uri=self.uri, ranges=self.ranges, note=u'It is a truth universally acknowledged', user=u'myuserid', tags=self.tags, extras={u'extra1': u'extraval1'}) def test_as_dict(self): out = self.anno.as_dict() assertProp(out, 'uri', self.uri) assertProp(out, 'tags', self.tags) assertProp(out, 'ranges', self.ranges) assertProp(out, 'extra1', u'extraval1') def test_merge_dict(self): self.anno.merge_dict({'id': 123, 'text': "Foobar"}) assertProp(self.anno, 'id', 123) assertProp(self.anno, 'text', 'Foobar') assertProp(self.anno, 'tags', self.tags) def test_from_dict(self): r = { "start": "/html/body/p[2]/strong", "end": "/html/body/p[2]/strong", "startOffset": 22, "endOffset": 27 } anno = Annotation.from_dict({ 'id': 456, 'text': "Hello", 'ranges': [r] }) assertProp(anno, 'id', 456) assertProp(anno, 'text', 'Hello') assertProp(anno, 'ranges', [r])
def delete_annotation(id): annotation = Annotation.fetch(id) if not annotation: return jsonify('Annotation not found. No delete performed.', status=404) failure = _check_action(annotation, 'delete', current_user_id()) if failure: return failure annotation.delete() return None, 204
def setup(self): self.uri = u"http://xyz.com" self.ranges = [{"start": "p 19", "end": "div 23"}] self.tags = [u"abc", u"xyz"] self.anno = Annotation( uri=self.uri, ranges=self.ranges, note=u"It is a truth universally acknowledged", user=u"myuserid", tags=self.tags, extras={u"extra1": u"extraval1"}, )
def test_from_dict(self): r = { "start": "/html/body/p[2]/strong", "end": "/html/body/p[2]/strong", "startOffset": 22, "endOffset": 27 } anno = Annotation.from_dict({ 'id': 456, 'text': "Hello", 'ranges': [r] }) assertProp(anno, 'id', 456) assertProp(anno, 'text', 'Hello') assertProp(anno, 'ranges', [r])
def update_annotation(id): annotation = Annotation.fetch(id) if not annotation: return jsonify('Annotation not found! No update performed.', status=404) failure = _check_action(annotation, 'update', current_user_id()) if failure: return failure if request.json: updated = _filter_input(request.json) updated['id'] = id # use id from URL, regardless of what arrives in JSON payload if 'permissions' in updated and updated['permissions'] != annotation.get('permissions', {}): if not authz.authorize(annotation, 'admin', current_user_id()): return _failed_authz_response('permissions update') annotation.update(updated) annotation.save() return jsonify(annotation)
def update_annotation(id): annotation = Annotation.fetch(id) if not annotation: return jsonify('Annotation not found! No update performed.', status=404) failure = _check_action(annotation, 'update', current_user_id()) if failure: return failure if request.json: updated = _filter_input(request.json) updated[ 'id'] = id # use id from URL, regardless of what arrives in JSON payload if 'permissions' in updated and updated[ 'permissions'] != annotation.get('permissions', {}): if not authz.authorize(annotation, 'admin', current_user_id()): return _failed_authz_response('permissions update') annotation.update(updated) annotation.save() return jsonify(annotation)
def test_authorize_read_user(self): ann = Annotation(permissions={'read': ['bob']}) assert authorize(ann, 'read', 'bob') assert not authorize(ann, 'read', 'alice')
def test_save(self): a = Annotation(name='bob') a.save() h.assert_in('id', a)
def test_fetch(self): a = Annotation(foo='bar') a.save() b = Annotation.fetch(a.id) h.assert_equal(b['foo'], 'bar')
def _get_annotation(self, id_): return Annotation.get(id_)
def test_authorise_delete_user(self): ann = Annotation(user='******') assert ann.authorise('delete', 'bob') assert not ann.authorise('delete', 'alice')
def test_authorize_read_nouser(self): ann = Annotation() assert authorize(ann, 'read') assert authorize(ann, 'read', 'bob')
def test_authorize_admin_nouser(self): ann = Annotation() assert not authorize(ann, 'admin') assert authorize(ann, 'admin', 'bob')
def test_search_permissions(self): anno = Annotation(text='Foobar', permissions={'read': []}) anno.save() annotator.es.refresh(timesleep=0.01) res = Annotation.search() h.assert_equal(len(res), 1) res = Annotation.search(_user_id='bob') h.assert_equal(len(res), 1) anno = Annotation(text='Foobar', permissions={'read': ['bob']}) anno.save() annotator.es.refresh(timesleep=0.01) res = Annotation.search() h.assert_equal(len(res), 1) res = Annotation.search(_user_id='alice') h.assert_equal(len(res), 1) res = Annotation.search(_user_id='bob') h.assert_equal(len(res), 2)
def test_search(self): uri1 = u'http://xyz.com' uri2 = u'urn:uuid:xxxxx' user1 = u'levin' user2 = u'anna' anno1 = Annotation(uri=uri1, text=uri1, user=user1) anno2 = Annotation(uri=uri1, text=uri1 + uri1, user=user2) anno3 = Annotation(uri=uri2, text=uri2, user=user1) anno1.save() anno2.save() anno3.save() annotator.es.refresh(timesleep=0.01) res = Annotation.search() h.assert_equal(len(res), 3) # ordering (most recent first) h.assert_equal(res[0]['text'], uri2) res = Annotation.count() h.assert_equal(res, 3) res = Annotation.search(limit=1) h.assert_equal(len(res), 1) res = Annotation.count(limit=1) h.assert_equal(res, 3) res = Annotation.search(uri=uri1) h.assert_equal(len(res), 2) h.assert_equal(res[0]['uri'], uri1) h.assert_equal(res[0]['id'], anno2.id) res = Annotation.search(user=user1) h.assert_equal(len(res), 2) h.assert_equal(res[0]['user'], user1) h.assert_equal(res[0]['id'], anno3.id) res = Annotation.search(user=user1, uri=uri2) h.assert_equal(len(res), 1) h.assert_equal(res[0]['user'], user1) h.assert_equal(res[0]['id'], anno3.id) res = Annotation.count(user=user1, uri=uri2) h.assert_equal(res, 1)
def test_authorise_read_nouser(self): ann = Annotation() assert ann.authorise('read') assert ann.authorise('read', 'bob')
def test_authorize_delete_nouser(self): ann = Annotation() assert not authorize(ann, 'delete') assert authorize(ann, 'delete', 'bob')
def test_authorize_delete_user(self): ann = Annotation(permissions={'delete': ['bob']}) assert authorize(ann, 'delete', 'bob') assert not authorize(ann, 'delete', 'alice')
def test_authorise_read_user(self): ann = Annotation(user='******') assert ann.authorise('read', 'bob') assert ann.authorise('read', 'alice')
def test_authorize_admin_user(self): ann = Annotation(permissions={'admin': ['bob']}) assert authorize(ann, 'admin', 'bob') assert not authorize(ann, 'admin', 'alice')
def _get_annotation(self, id_): return Annotation.fetch(id_)
def test_authorise_delete_nouser(self): ann = Annotation() assert ann.authorise('delete') assert ann.authorise('delete', 'bob')
def _create_annotation(self, **kwargs): ann = Annotation(**kwargs) ann.save() return ann
def test_new(self): a = Annotation() h.assert_equal('{}', repr(a))
def test_repr(self): ann = Annotation(text="FooBarBaz") assert ann.__repr__() == '<Annotation None "FooBarBaz">', "annotation repr incorrect"