def test_ipermissionlabels_user_group_see_privates_inverted( create_with_upload): """User is not allowed to see another user's private datasets""" user_a = factories.User() user_b = factories.User() owner_org = factories.Organization(users=[{ 'name': user_a['id'], 'capacity': 'admin' }]) owner_group = factories.Group(users=[ { 'name': user_a['id'], 'capacity': 'admin' }, ]) context_a = { 'ignore_auth': False, 'user': user_a['name'], 'model': model, 'api_version': 3 } context_b = { 'ignore_auth': False, 'user': user_b['name'], 'model': model, 'api_version': 3 } dataset, _ = make_dataset(context_a, owner_org, create_with_upload=create_with_upload, activate=True, groups=[{ "id": owner_group["id"] }], private=True) with pytest.raises(logic.NotAuthorized): helpers.call_auth("package_show", context_b, id=dataset["id"])
def test_group_index(self): app = self._get_test_app() for i in xrange(1, 26): _i = '0' + str(i) if i < 10 else i factories.Group( name='test-group-{0}'.format(_i), title='Test Group {0}'.format(_i)) url = url_for(controller='group', action='index') response = app.get(url) for i in xrange(1, 22): _i = '0' + str(i) if i < 10 else i assert_in('Test Group {0}'.format(_i), response) assert 'Test Group 22' not in response url = url_for(controller='group', action='index', page=1) response = app.get(url) for i in xrange(1, 22): _i = '0' + str(i) if i < 10 else i assert_in('Test Group {0}'.format(_i), response) assert 'Test Group 22' not in response url = url_for(controller='group', action='index', page=2) response = app.get(url) for i in xrange(22, 26): assert_in('Test Group {0}'.format(i), response) assert 'Test Group 21' not in response
def test_group_follower_list(self): '''Following users appear on followers list page.''' app = self._get_test_app() user_one = factories.Sysadmin() group = factories.Group() env = {'REMOTE_USER': user_one['name'].encode('ascii')} follow_url = url_for(controller='group', action='follow', id=group['id']) app.post(follow_url, extra_environ=env, status=302) followers_url = url_for(controller='group', action='followers', id=group['id']) # Only sysadmins can view the followers list pages followers_response = app.get(followers_url, extra_environ=env, status=200) assert_true(user_one['display_name'] in followers_response)
def test_group_search_within_org_results(self): '''Searching within an group returns expected dataset results.''' app = self._get_test_app() grp = factories.Group() factories.Dataset(name="ds-one", title="Dataset One", groups=[{ 'id': grp['id'] }]) factories.Dataset(name="ds-two", title="Dataset Two", groups=[{ 'id': grp['id'] }]) factories.Dataset(name="ds-three", title="Dataset Three", groups=[{ 'id': grp['id'] }]) grp_url = url_for(controller='group', action='read', id=grp['id']) grp_response = app.get(grp_url) search_form = grp_response.forms['group-datasets-search-form'] search_form['q'] = 'One' search_response = webtest_submit(search_form) assert_true('1 dataset found for "One"' in search_response) search_response_html = BeautifulSoup(search_response.body) ds_titles = search_response_html.select('.dataset-list ' '.dataset-item ' '.dataset-heading a') ds_titles = [t.string for t in ds_titles] assert_equal(len(ds_titles), 1) assert_true('Dataset One' in ds_titles) assert_true('Dataset Two' not in ds_titles) assert_true('Dataset Three' not in ds_titles)
def test_resource_patch_other_users_dataset(create_with_upload): """User is not allowed to patch other user's datasets""" user_a = factories.User() user_b = factories.User() owner_org = factories.Organization(users=[{ 'name': user_a['id'], 'capacity': 'admin' }]) factories.Group(users=[ { 'name': user_a['id'], 'capacity': 'admin' }, ]) context_a = { 'ignore_auth': False, 'user': user_a['name'], 'model': model, 'api_version': 3 } context_b = { 'ignore_auth': False, 'user': user_b['name'], 'model': model, 'api_version': 3 } # create a dataset ds, res = make_dataset(context_a, owner_org, create_with_upload=create_with_upload, activate=True) with pytest.raises(logic.NotAuthorized): assert helpers.call_auth("resource_patch", context_b, id=res["id"], package_id=ds["id"], description="my nice text")
def test_group_unfollow(self): app = self._get_test_app() user_one = factories.User() group = factories.Group() env = {'REMOTE_USER': user_one['name'].encode('ascii')} follow_url = url_for(controller='group', action='follow', id=group['id']) app.post(follow_url, extra_environ=env, status=302) unfollow_url = url_for(controller='group', action='unfollow', id=group['id']) unfollow_response = app.post(unfollow_url, extra_environ=env, status=302) unfollow_response = unfollow_response.follow() assert_true('You are no longer following {0}'.format( group['display_name']) in unfollow_response)
def test_all_fields_saved(self, app): user = factories.User() group = factories.Group(user=user) env = {"REMOTE_USER": six.ensure_str(user["name"])} form = { "name": u"all-fields-edited", "title": "Science", "description": "Sciencey datasets", "image_url": "http://example.com/image.png", "save": "", } resp = app.post( url=url_for("group.edit", id=group["name"]), extra_environ=env, data=form, ) group = model.Group.by_name(u"all-fields-edited") assert group.title == u"Science" assert group.description == "Sciencey datasets" assert group.image_url == "http://example.com/image.png"
def test_group_search_within_org_no_results(self): '''Searching for non-returning phrase within an group returns no results.''' app = self._get_test_app() grp = factories.Group() factories.Dataset(name="ds-one", title="Dataset One", groups=[{ 'id': grp['id'] }]) factories.Dataset(name="ds-two", title="Dataset Two", groups=[{ 'id': grp['id'] }]) factories.Dataset(name="ds-three", title="Dataset Three", groups=[{ 'id': grp['id'] }]) with app.flask_app.test_request_context(): grp_url = url_for(controller='group', action='read', id=grp['id']) grp_response = app.get(grp_url) search_form = grp_response.forms['group-datasets-search-form'] search_form['q'] = 'Nout' search_response = webtest_submit(search_form) assert_true('No datasets found for "Nout"' in search_response) search_response_html = BeautifulSoup(search_response.body) ds_titles = search_response_html.select('.dataset-list ' '.dataset-item ' '.dataset-heading a') ds_titles = [t.string for t in ds_titles] assert_equal(len(ds_titles), 0)
def test_smtp_error_returns_error_message(self): sysadmin = factories.Sysadmin() group = factories.Group() context = { 'user': sysadmin['name'] } params = { 'email': '*****@*****.**', 'group_id': group['id'], 'role': 'editor' } assert_raises(logic.ValidationError, helpers.call_action, 'user_invite', context, **params) # Check that the pending user was deleted user = model.Session.query(model.User).filter( model.User.name.like('example-invited-user%')).all() assert_equals(user[0].state, 'deleted')
def test_group_patch_updating_single_field_when_public_user_details_is_false(self): user = factories.User() group = factories.Group( name="economy", description="some test now", user=user ) group = helpers.call_action( "group_patch", id=group["id"], description="somethingnew", context={"user": user["name"]}, ) assert group["name"] == "economy" assert group["description"] == "somethingnew" group2 = helpers.call_action("group_show", id=group["id"], include_users=True) assert group2["name"] == "economy" assert group2["description"] == "somethingnew" assert len(group2["users"]) == 1 assert group2["users"][0]["name"] == user["name"]
def test_delete_group_by_updating_state(self, app): user = factories.User() group = factories.Group(user=user) _clear_activities() group["state"] = "deleted" helpers.call_action( "group_update", context={"user": user["name"]}, **group ) url = url_for("activity.group_activity", id=group["id"]) env = {"REMOTE_USER": user["name"]} response = app.get(url, extra_environ=env) assert ( '<a href="/user/{}">{}'.format(user["name"], user["fullname"]) in response ) assert "deleted the group" in response assert ( '<a href="/group/{}">{}'.format(group["name"], group["title"]) in response )
def test_change_dataset(self, app): user = factories.User() group = factories.Group(user=user) dataset = factories.Dataset(groups=[{"id": group["id"]}], user=user) _clear_activities() dataset["title"] = "Dataset with changed title" helpers.call_action( "package_update", context={"user": user["name"]}, **dataset ) url = url_for("activity.group_activity", id=group["id"]) response = app.get(url) page = BeautifulSoup(response.body) href = page.select_one(".dataset") assert ( '<a href="/user/{}">{}'.format(user["name"], user["fullname"]) in response ) assert "updated the dataset" in response assert dataset["id"] in href.select_one("a")["href"].split("/", 2)[-1] assert dataset["title"] in href.text.strip()
def test_member_users_cannot_add_members(self, current_user, app): user = factories.User(fullname="My Owner") user_obj = model.User.get(user["name"]) # mock current_user current_user.return_value = user_obj group = factories.Group(users=[{ "name": user["name"], "capacity": "member" }]) app.get(url_for("group.member_new", id=group["id"]), status=403) app.post( url_for("group.member_new", id=group["id"]), data={ "id": "test", "username": "******", "save": "save", "role": "test", }, status=403, )
def test_smtp_error_returns_error_message(self): sysadmin = factories.Sysadmin() group = factories.Group() context = {"user": sysadmin["name"]} params = { "email": "*****@*****.**", "group_id": group["id"], "role": "editor", } with pytest.raises(logic.ValidationError): helpers.call_action("user_invite", context, **params) # Check that the pending user was deleted user = ( model.Session.query(model.User) .filter(model.User.name.like("example-invited-user%")) .all() ) assert user[0].state == "deleted"
def test_group_autocomplete_by_name(self): factories.Group(name='rivers', title='Bridges') app = self._get_test_app() with app.flask_app.test_request_context(): url = url_for(controller='api', action='group_autocomplete', ver='/2') assert_equal(url, '/api/2/util/group/autocomplete') response = app.get( url=url, params={ 'q': u'rive', }, status=200, ) results = json.loads(response.body) assert_equal(len(results), 1) assert_equal(results[0]['name'], 'rivers') assert_equal(results[0]['title'], 'Bridges') assert_equal(response.headers['Content-Type'], 'application/json;charset=utf-8')