def setUp(self): super(TestOSFGroupsFormView, self).setUp() self.user = UserFactory() self.group = OSFGroupFactory(name='Brian Dawkins', creator=self.user) self.group2 = OSFGroupFactory(name='Brian Westbrook', creator=self.user) self.view = OSFGroupsFormView()
def test_more_than_one_projects_in_common(self, app, user_one, user_two): group = OSFGroupFactory(creator=user_one) group.make_member(user_two) project1 = ProjectFactory(creator=user_one) project1.add_contributor(contributor=user_two, permissions=CREATOR_PERMISSIONS, auth=Auth(user=user_one)) project1.save() project2 = ProjectFactory(creator=user_one) project2.add_contributor(contributor=user_two, permissions=CREATOR_PERMISSIONS, auth=Auth(user=user_one)) project2.save() project3 = ProjectFactory() project4 = ProjectFactory() project3.add_osf_group(group) project4.add_osf_group(group) project4.is_deleted = True project3.save() project4.save() RegistrationFactory(project=project1, creator=user_one, is_public=True) url = '/{}users/?show_projects_in_common=true'.format(API_BASE) res = app.get(url, auth=user_two.auth) user_json = res.json['data'] for user in user_json: if user['id'] == user_two._id: meta = user['relationships']['nodes']['links']['related'][ 'meta'] assert 'projects_in_common' in meta assert meta['projects_in_common'] == 4
def setUp(self): super(TestOSFGroupsListView, self).setUp() self.user = UserFactory() self.group = OSFGroupFactory(name='Brian Dawkins', creator=self.user) self.group2 = OSFGroupFactory(name='Brian Westbrook', creator=self.user) self.group3 = OSFGroupFactory(name='Darren Sproles', creator=self.user) self.request = RequestFactory().post('/fake_path') self.view = OSFGroupsListView()
def test_filter_groups(self, app, osf_group, private_project, manager, private_url, make_group_id): with override_flag(OSF_GROUPS, active=True): read_group = OSFGroupFactory(creator=manager, name='house') write_group = OSFGroupFactory(creator=manager, name='doghouse') private_project.add_osf_group(read_group, permissions.READ) private_project.add_osf_group(write_group, permissions.WRITE) private_project.add_osf_group(osf_group, permissions.ADMIN) # test filter on permission url = private_url + '?filter[permission]=admin' res = app.get(url, auth=private_project.creator.auth) resp_json = res.json['data'] ids = [each['id'] for each in resp_json] assert make_group_id(private_project, osf_group) in ids assert make_group_id(private_project, write_group) not in ids assert make_group_id(private_project, read_group) not in ids url = private_url + '?filter[permission]=write' res = app.get(url, auth=private_project.creator.auth) resp_json = res.json['data'] ids = [each['id'] for each in resp_json] assert make_group_id(private_project, osf_group) in ids assert make_group_id(private_project, write_group) in ids assert make_group_id(private_project, read_group) not in ids url = private_url + '?filter[permission]=read' res = app.get(url, auth=private_project.creator.auth) resp_json = res.json['data'] ids = [each['id'] for each in resp_json] assert make_group_id(private_project, osf_group) in ids assert make_group_id(private_project, write_group) in ids assert make_group_id(private_project, read_group) in ids # test_filter_on_invalid_permission url = private_url + '?filter[permission]=bad_perm' res = app.get(url, auth=private_project.creator.auth, expect_errors=True) assert res.status_code == 400 assert res.json['errors'][0][ 'detail'] == 'bad_perm is not a filterable permission.' url = private_url + '?filter[name]=Plat' res = app.get(url, auth=private_project.creator.auth) resp_json = res.json['data'] ids = [each['id'] for each in resp_json] assert make_group_id(private_project, osf_group) in ids assert make_group_id(private_project, write_group) not in ids assert make_group_id(private_project, read_group) not in ids url = private_url + '?filter[name]=house' res = app.get(url, auth=private_project.creator.auth) resp_json = res.json['data'] ids = [each['id'] for each in resp_json] assert make_group_id(private_project, osf_group) not in ids assert make_group_id(private_project, write_group) in ids assert make_group_id(private_project, read_group) in ids
def setUp(self): super(TestOSFGroupsView, self).setUp() self.user = UserFactory() self.user_two = UserFactory() self.project = ProjectFactory() self.group = OSFGroupFactory(name='test', creator=self.user) self.group.make_member(self.user_two) self.group.add_group_to_node(self.project) self.group.save() self.request = RequestFactory().post('/fake_path')
def test_admin_can_view_draft_list(self, app, user, draft_registration, project_public, schema, url_draft_registrations): res = app.get(url_draft_registrations, auth=user.auth) assert res.status_code == 200 data = res.json['data'] assert len(data) == 1 assert schema._id in data[0]['relationships']['registration_schema'][ 'links']['related']['href'] assert data[0]['id'] == draft_registration._id assert data[0]['attributes']['registration_metadata'] == {} # test_osf_group_with_admin_permissions group_mem = AuthUserFactory() group = OSFGroupFactory(creator=group_mem) project_public.add_osf_group(group, permissions.ADMIN) res = app.get(url_draft_registrations, auth=group_mem.auth, expect_errors=True) assert res.status_code == 200 data = res.json['data'] assert len(data) == 1 assert schema._id in data[0]['relationships']['registration_schema'][ 'links']['related']['href']
def test_groups_filter(self, app, member, manager, user, osf_group, url): with override_flag(OSF_GROUPS, active=True): second_group = OSFGroupFactory(name='Apples', creator=manager) res = app.get(url + '?filter[name]=Platform', auth=manager.auth) assert res.status_code == 200 data = res.json['data'] assert len(data) == 1 assert data[0]['id'] == osf_group._id res = app.get(url + '?filter[name]=Apple', auth=manager.auth) assert res.status_code == 200 data = res.json['data'] assert len(data) == 1 assert data[0]['id'] == second_group._id res = app.get(url + '?filter[bad_field]=Apple', auth=manager.auth, expect_errors=True) assert res.status_code == 400 res = app.get(url + '?filter[name]=Platform') assert res.status_code == 200 data = res.json['data'] assert len(data) == 0 res = app.get(url + '?filter[name]=Apple') assert res.status_code == 200 data = res.json['data'] assert len(data) == 0
def test_return_private_node_children_list(self, app, user, component, private_project, private_project_url): # test_return_private_node_children_list_logged_out res = app.get(private_project_url, expect_errors=True) assert res.status_code == 401 assert 'detail' in res.json['errors'][0] # test_return_private_node_children_list_logged_in_non_contributor non_contrib = AuthUserFactory() res = app.get(private_project_url, auth=non_contrib.auth, expect_errors=True) assert res.status_code == 403 assert 'detail' in res.json['errors'][0] # test_return_private_node_children_list_logged_in_contributor res = app.get(private_project_url, auth=user.auth) assert res.status_code == 200 assert res.content_type == 'application/vnd.api+json' assert len(res.json['data']) == 1 assert res.json['data'][0]['id'] == component._id # test_return_private_node_children_osf_group_member_admin group_mem = AuthUserFactory() group = OSFGroupFactory(creator=group_mem) private_project.add_osf_group(group, permissions.ADMIN) res = app.get(private_project_url, auth=group_mem.auth) assert res.status_code == 200 # Can view node children that you have implict admin permissions assert len(res.json['data']) == 1 assert res.json['data'][0]['id'] == component._id
def test_change_contributor_non_admin_osf_group_member_auth( self, app, user, contrib, project, url_contrib): group_mem = AuthUserFactory() group = OSFGroupFactory(creator=group_mem) project.add_osf_group(group, permissions.WRITE) data = { 'data': { 'id': contrib._id, 'type': 'contributors', 'attributes': { 'permission': permissions.READ, 'bibliographic': False } } } res = app.put_json_api(url_contrib, data, auth=group_mem.auth, expect_errors=True) assert res.status_code == 403 project.reload() assert project.get_permissions(contrib) == [ permissions.READ, permissions.WRITE ] assert project.get_visible(contrib)
def test_post_private_node(self, app, user, node_private, node_other, node_linking_private, make_payload, url_private): res = app.post_json_api(url_private, make_payload([node_other._id]), auth=user.auth, expect_errors=True) assert res.status_code == 403 res = app.get(url_private, auth=user.auth) ids = [data['id'] for data in res.json['data']] assert node_other._id not in ids assert node_private._id in ids # test_group_member_can_post_with_write group_mem = AuthUserFactory() group = OSFGroupFactory(creator=group_mem) node_linking_private.add_osf_group(group, READ) res = app.post_json_api(url_private, make_payload([node_other._id]), auth=group_mem.auth, expect_errors=True) assert res.status_code == 403 node_linking_private.update_osf_group(group, WRITE) node_other.add_osf_group(group, WRITE) res = app.post_json_api(url_private, make_payload([node_other._id]), auth=group_mem.auth, expect_errors=True) assert res.status_code == 201
def test_get_contributor_detail_valid_response(self, app, user, project_public, project_private, url_public, url_private): # test_get_public_contributor_detail res = app.get(url_public) assert res.status_code == 200 assert res.json['data']['id'] == '{}-{}'.format( project_public._id, user._id) # regression test # test_get_public_contributor_detail_is_viewable_through_browsable_api res = app.get(url_public + '?format=api') assert res.status_code == 200 # test_get_private_node_contributor_detail_contributor_auth res = app.get(url_private, auth=user.auth) assert res.status_code == 200 assert res.json['data']['id'] == '{}-{}'.format( project_private._id, user._id) # test_get_private_node_osf_group_member group_mem = AuthUserFactory() osf_group = OSFGroupFactory(creator=group_mem) project_private.add_osf_group(osf_group, permissions.READ) res = app.get(url_private, auth=group_mem.auth) assert res.status_code == 200 assert res.json['data']['id'] == '{}-{}'.format( project_private._id, user._id)
def test_creates_public_node_pointer_logged_in( self, app, user, user_two, public_project, public_pointer_project, public_url, make_payload): public_payload = make_payload(id=public_pointer_project._id) with assert_latest_log(NodeLog.POINTER_CREATED, public_project): res = app.post_json_api( public_url, public_payload, auth=user_two.auth, expect_errors=True) assert res.status_code == 403 assert 'detail' in res.json['errors'][0] group_mem = AuthUserFactory() group = OSFGroupFactory(creator=group_mem) public_project.add_osf_group(group, READ) res = app.post_json_api( public_url, public_payload, auth=group_mem.auth, expect_errors=True) assert res.status_code == 403 res = app.post_json_api(public_url, public_payload, auth=user.auth) assert res.status_code == 201 assert res.content_type == 'application/vnd.api+json' res_json = res.json['data'] embedded = res_json['embeds']['target_node']['data']['id'] assert embedded == public_pointer_project._id
def test_can_fork_private_node_logged_in_contributor( self, app, user, private_project, fork_data, private_project_url): res = app.post_json_api( private_project_url + '?embed=children&embed=node_links&embed=logs&embed=contributors&embed=forked_from', fork_data, auth=user.auth) assert res.status_code == 201 data = res.json['data'] assert data['attributes']['title'] == 'Fork of ' + \ private_project.title fork_contributors = data['embeds']['contributors']['data'][0][ 'embeds']['users']['data'] assert fork_contributors['attributes'][ 'family_name'] == user.family_name assert fork_contributors['id'] == user._id forked_from = data['embeds']['forked_from']['data'] assert forked_from['id'] == private_project._id # test_group_member_read_can_create_fork_of_private_node group_mem = AuthUserFactory() group = OSFGroupFactory(creator=group_mem) private_project.add_osf_group(group, permissions.READ) res = app.post_json_api(private_project_url, fork_data, auth=user.auth) assert res.status_code == 201
def test_non_mutational_node_links_list_tests( self, app, user, public_non_contrib, public_pointer_project, private_project, private_pointer_project, public_url, private_url): # test_return_embedded_public_node_pointers_logged_out res = app.get(public_url) res_json = res.json['data'] assert len(res_json) == 1 assert res.status_code == 200 assert res.content_type == 'application/vnd.api+json' embedded = res_json[0]['embeds']['target_node']['data']['id'] assert embedded == public_pointer_project._id # test_return_embedded_public_node_pointers_logged_in res = app.get(public_url, auth=public_non_contrib.auth) res_json = res.json['data'] assert len(res_json) == 1 assert res.status_code == 200 assert res.content_type == 'application/vnd.api+json' embedded = res_json[0]['embeds']['target_node']['data']['id'] assert embedded == public_pointer_project._id # test_return_private_node_pointers_logged_out res = app.get(private_url, expect_errors=True) assert res.status_code == 401 assert 'detail' in res.json['errors'][0] # test_return_private_node_pointers_logged_in_contributor res = app.get(private_url, auth=user.auth) res_json = res.json['data'] assert res.status_code == 200 assert res.content_type == 'application/vnd.api+json' assert len(res_json) == 1 embedded = res_json[0]['embeds']['target_node']['data']['id'] assert embedded == private_pointer_project._id # test_return_private_node_pointers_logged_in_non_contributor res = app.get( private_url, auth=public_non_contrib.auth, expect_errors=True) assert res.status_code == 403 assert 'detail' in res.json['errors'][0] # test_osf_group_member_read_can_view group_mem = AuthUserFactory() group = OSFGroupFactory(creator=group_mem) private_project.add_osf_group(group, READ) res = app.get( private_url, auth=group_mem.auth, expect_errors=True) assert res.status_code == 200 # test_node_links_bad_version url = '{}?version=2.1'.format(public_url) res = app.get(url, auth=user.auth, expect_errors=True) assert res.status_code == 404 assert res.json['errors'][0]['detail'] == 'This feature is deprecated as of version 2.1'
def test_returns_private_files_logged_in_osf_group_member(self): group_mem = AuthUserFactory() group = OSFGroupFactory(creator=group_mem) self.project.add_osf_group(group, READ) res = self.app.get(self.private_url, auth=group_mem.auth, expect_errors=True) assert_equal(res.status_code, 200)
def test_can_vew_linked_registrations_relationship( self, make_request, registration, user_admin_contrib, user_write_contrib, user_read_contrib, user_non_contrib, node_public, node_private): # test_public_node_unauthenticated_user_can_view_linked_registrations_relationship res = make_request(node_id=node_public._id) assert res.status_code == 200 assert res.json['data'][0]['id'] == registration._id assert res.json['data'][0]['type'] == 'linked_registrations' # test_public_node_unauthenticated_user_can_view_linked_registrations_relationship_2_13 res = make_request(node_id=node_public._id, version='2.13') assert res.status_code == 200 assert res.json['data'][0]['id'] == registration._id assert res.json['data'][0]['type'] == 'registrations' # test_private_node_admin_contributor_can_view_linked_registrations_relationship res = make_request(node_id=node_private._id, auth=user_admin_contrib.auth) assert res.status_code == 200 assert res.json['data'][0]['id'] == registration._id # test_private_node_rw_contributor_can_view_linked_registrations_relationship res = make_request(node_id=node_private._id, auth=user_write_contrib.auth) assert res.status_code == 200 assert res.json['data'][0]['id'] == registration._id # test_private_node_read_contributor_can_view_linked_registrations_relationship res = make_request(node_id=node_private._id, auth=user_read_contrib.auth) assert res.status_code == 200 assert res.json['data'][0]['id'] == registration._id # test_private_node_non_contributor_cannot_view_linked_registrations_relationship res = make_request(node_id=node_private._id, auth=user_non_contrib.auth, expect_errors=True) assert res.status_code == 403 assert res.json['errors'][0][ 'detail'] == exceptions.PermissionDenied.default_detail # test_private_node_unauthenticated_user_cannot_view_linked_registrations_relationship res = make_request(node_id=node_private._id, expect_errors=True) assert res.status_code == 401 assert res.json['errors'][0][ 'detail'] == exceptions.NotAuthenticated.default_detail # test_osf_group_member_can_view_linked_registration_relationship group_mem = AuthUserFactory() group = OSFGroupFactory(creator=group_mem) node_private.add_osf_group(group, READ) res = make_request(node_id=node_private._id, auth=group_mem.auth, expect_errors=True) assert res.status_code == 200
def test_node_contributor_detail_serializes_contributor_perms( self, app, user, make_resource_url, project_public): user_two = AuthUserFactory() project_public.add_contributor(user_two, permissions.WRITE) project_public.save() osf_group = OSFGroupFactory(creator=user) osf_group.make_member(user_two) project_public.add_osf_group(osf_group, permissions.ADMIN) url = make_resource_url(project_public._id, user_two._id) res = app.get(url, auth=user.auth) # Even though user_two has admin perms through group membership, # contributor endpoints return contributor permissions assert res.json['data']['attributes'][ 'permission'] == permissions.WRITE assert project_public.has_permission(user_two, permissions.ADMIN) is True
def test_creates_private_node_pointer_group_member( self, app, private_project, private_pointer_project, private_url, make_payload): group_mem = AuthUserFactory() group = OSFGroupFactory(creator=group_mem) private_project.add_osf_group(group, WRITE) private_payload = make_payload(id=private_pointer_project._id) res = app.post_json_api( private_url, private_payload, auth=group_mem.auth) assert res.status_code == 201
def test_authenticated_contributor_can_access_private_node_forks_list( self, app, user, private_project, private_component, private_fork, pointer, private_project_url): res = app.get( private_project_url + '?embed=children&embed=node_links&embed=logs&embed=contributors&embed=forked_from', auth=user.auth) assert res.status_code == 200 assert len(res.json['data']) == 1 data = res.json['data'][0] assert data['attributes']['title'] == 'Fork of ' + \ private_project.title assert data['id'] == private_fork._id fork_contributors = data['embeds']['contributors']['data'][0][ 'embeds']['users']['data'] assert fork_contributors['attributes'][ 'family_name'] == user.family_name assert fork_contributors['id'] == user._id forked_children = data['embeds']['children']['data'][0] assert forked_children['id'] == private_component.forks.first()._id assert forked_children['attributes'][ 'title'] == private_component.title forked_node_links = data['embeds']['node_links']['data'][0]['embeds'][ 'target_node']['data'] assert forked_node_links['id'] == pointer._id assert forked_node_links['attributes']['title'] == pointer.title auth = Auth(user) expected_logs = list( private_project.get_logs_queryset(auth).values_list('action', flat=True)) expected_logs.append('node_forked') forked_logs = data['embeds']['logs']['data'] forked_log_actions = [ log['attributes']['action'] for log in forked_logs ] assert set(expected_logs) == set(forked_log_actions) assert len(set(forked_log_actions)) == len(set(expected_logs)) forked_from = data['embeds']['forked_from']['data'] assert forked_from['id'] == private_project._id group_mem = AuthUserFactory() group = OSFGroupFactory(creator=group_mem) private_project.add_osf_group(group, permissions.READ) private_fork.add_osf_group(group, permissions.READ) res = app.get(private_project_url, auth=group_mem.auth) assert res.status_code == 200 assert len(res.json['data']) == 1 data = res.json['data'][0] assert data['attributes']['title'] == 'Fork of ' + \ private_project.title assert data['id'] == private_fork._id
def test_deletes_private_node_pointer_logged_in_read_group_mem( self, app, user_two, private_url, private_project): group_mem = AuthUserFactory() group = OSFGroupFactory(creator=group_mem) private_project.add_osf_group(group, READ) res = app.delete(private_url, auth=group_mem.auth, expect_errors=True) assert res.status_code == 403 private_project.update_osf_group(group, WRITE) res = app.delete(private_url, auth=group_mem.auth, expect_errors=True) assert res.status_code == 204
def test_remove_contributor_osf_group_member_read( self, app, user, user_write_contrib, user_non_contrib, project, url_user, url_user_write_contrib, url_user_non_contrib): group_mem = AuthUserFactory() group = OSFGroupFactory(creator=group_mem) project.add_osf_group(group, permissions.READ) res = app.delete(url_user_write_contrib, auth=group_mem.auth, expect_errors=True) assert res.status_code == 403
def test_node_contributor_detail_serializes_contributor_perms( self, app, user): project = ProjectFactory(creator=user, is_public=True) user_two = AuthUserFactory() project.add_contributor(user_two, permissions.WRITE) project.save() osf_group = OSFGroupFactory(creator=user) osf_group.make_member(user_two) project.add_osf_group(osf_group, permissions.ADMIN) url = '/{}nodes/{}/contributors/{}/'.format(API_BASE, project._id, user_two._id) res = app.get(url, auth=user.auth) # Even though user_two has admin perms through group membership, # contributor endpoints return contributor permissions assert res.json['data']['attributes'][ 'permission'] == permissions.WRITE assert project.has_permission(user_two, permissions.ADMIN) is True
def test_remove_errors(self, app, user, user_write_contrib, user_non_contrib, project, url_user, url_user_write_contrib, url_user_non_contrib): # test_remove_contributor_non_contributor res = app.delete(url_user_write_contrib, auth=user_non_contrib.auth, expect_errors=True) assert res.status_code == 403 # test_remove_contributor_osf_group_member_read group_mem = AuthUserFactory() group = OSFGroupFactory(creator=group_mem) project.add_osf_group(group, permissions.READ) res = app.delete(url_user_write_contrib, auth=group_mem.auth, expect_errors=True) assert res.status_code == 403 # test_remove_contributor_not_logged_in res = app.delete(url_user_write_contrib, expect_errors=True) assert res.status_code == 401 project.reload() assert user_write_contrib in project.contributors # test_remove_non_contributor_admin assert user_non_contrib not in project.contributors res = app.delete(url_user_non_contrib, auth=user.auth, expect_errors=True) assert res.status_code == 404 project.reload() assert user_non_contrib not in project.contributors # test_remove_non_existing_user_admin url_user_fake = '/{}nodes/{}/contributors/{}/'.format( API_BASE, project._id, 'fake') # Disconnect contributor_removed so that we don't check in files # We can remove this when StoredFileNode is implemented in osf-models with disconnected_from_listeners(contributor_removed): res = app.delete(url_user_fake, auth=user.auth, expect_errors=True) assert res.status_code == 404 # test_remove_self_contributor_unique_admin # Disconnect contributor_removed so that we don't check in files # We can remove this when StoredFileNode is implemented in osf-models with disconnected_from_listeners(contributor_removed): res = app.delete(url_user, auth=user.auth, expect_errors=True) assert res.status_code == 400 project.reload() assert user in project.contributors
def test_do_not_create_public_wiki_page(self, app, user_creator, user_read_contributor, user_non_contributor, url_node_public, wiki_public, project_public): # test_do_not_create_home_wiki_page res = app.post_json_api(url_node_public, create_wiki_payload('home'), auth=user_creator.auth, expect_errors=True) assert res.status_code == 409 assert res.json['errors'][0][ 'detail'] == "A wiki page with the name 'home' already exists." # test_do_not_create_wiki_page_name_exists res = app.post_json_api(url_node_public, create_wiki_payload(wiki_public.page_name), auth=user_creator.auth, expect_errors=True) assert res.status_code == 409 assert res.json['errors'][0][ 'detail'] == "A wiki page with the name '{}' already exists.".format( wiki_public.page_name) # test_do_not_create_public_wiki_page_as_read_contributor res = app.post_json_api(url_node_public, create_wiki_payload(fake.word()), auth=user_read_contributor.auth, expect_errors=True) assert res.status_code == 403 # test_do_not_create_public_wiki_page_as_non_contributor res = app.post_json_api(url_node_public, create_wiki_payload(fake.word()), auth=user_non_contributor.auth, expect_errors=True) assert res.status_code == 403 # test_do_not_create_public_wiki_page_as_read_osf_group_member group_mem = AuthUserFactory() group = OSFGroupFactory(creator=group_mem) project_public.add_osf_group(group, READ) res = app.post_json_api(url_node_public, create_wiki_payload(fake.word()), auth=group_mem.auth, expect_errors=True) assert res.status_code == 403 # test_do_not_create_public_wiki_page_as_unauthenticated res = app.post_json_api(url_node_public, create_wiki_payload(fake.word()), expect_errors=True) assert res.status_code == 401
class TestOSFGroupsView(AdminTestCase): def setUp(self): super(TestOSFGroupsView, self).setUp() self.user = UserFactory() self.user_two = UserFactory() self.project = ProjectFactory() self.group = OSFGroupFactory(name='test', creator=self.user) self.group.make_member(self.user_two) self.group.add_group_to_node(self.project) self.group.save() self.request = RequestFactory().post('/fake_path') def test_get_object(self): view = OSFGroupsView() view = setup_log_view(view, self.request, id=self.group._id) group = view.get_object() nt.assert_equal(self.group.name, group['name']) nt.assert_equal(self.user.fullname, group['creator']['name']) nt.assert_equal(len(group['members']), 1) nt.assert_equal(group['members'][0]['name'], self.user_two.fullname) nt.assert_equal(group['members'][0]['id'], self.user_two._id) nt.assert_equal(len(group['managers']), 1) nt.assert_equal(group['managers'][0]['name'], self.user.fullname) nt.assert_equal(group['managers'][0]['id'], self.user._id) nt.assert_equal([serialize_node_for_groups(self.project, self.group)], group['nodes']) nt.assert_equal(group['nodes'][0]['title'], self.project.title) nt.assert_equal(group['nodes'][0]['permission'], WRITE)
def test_node_citations(self, app, admin_contributor, private_project, write_contrib, read_contrib, non_contrib, private_url, public_url): # test_admin_can_view_private_project_citations res = app.get(private_url, auth=admin_contributor.auth) assert res.status_code == 200 # test_write_contrib_can_view_private_project_citations res = app.get(private_url, auth=write_contrib.auth) assert res.status_code == 200 # test_read_contrib_can_view_private_project_citations res = app.get(private_url, auth=read_contrib.auth) assert res.status_code == 200 # test_non_contrib_cannot_view_private_project_citations res = app.get(private_url, auth=non_contrib.auth, expect_errors=True) assert res.status_code == 403 assert res.json['errors'][0][ 'detail'] == exceptions.PermissionDenied.default_detail # test_unauthenticated_cannot_view_private_project_citations res = app.get(private_url, expect_errors=True) assert res.status_code == 401 assert res.json['errors'][0][ 'detail'] == exceptions.NotAuthenticated.default_detail # test_read_group_mem_can_view_private_project_citations group_mem = AuthUserFactory() group = OSFGroupFactory(creator=group_mem) private_project.add_osf_group(group, READ) res = app.get(private_url, auth=group_mem.auth) assert res.status_code == 200 # test_unauthenticated_can_view_public_project_citations res = app.get(public_url) assert res.status_code == 200 # test_citations_are_read_only post_res = app.post_json_api(public_url, {}, auth=admin_contributor.auth, expect_errors=True) assert post_res.status_code == 405 put_res = app.put_json_api(public_url, {}, auth=admin_contributor.auth, expect_errors=True) assert put_res.status_code == 405 delete_res = app.delete_json_api(public_url, auth=admin_contributor.auth, expect_errors=True) assert delete_res.status_code == 405
def test_osf_group_members_can_view_implicit_contributors( self, app, component, admin_contributor, implicit_contributor): group_mem = AuthUserFactory() group = OSFGroupFactory(creator=group_mem) component.add_osf_group(group, READ) url = '/{}nodes/{}/implicit_contributors/'.format( API_BASE, component._id) res = app.get(url, auth=group_mem.auth) assert res.status_code == 200 assert res.content_type == 'application/vnd.api+json' assert len(res.json['data']) == 1 assert res.json['data'][0]['id'] == implicit_contributor._id
def setUp(self): super(RegistrationRetractionViewsTestCase, self).setUp() self.user = AuthUserFactory() self.registered_from = ProjectFactory(creator=self.user, is_public=True) self.registration = RegistrationFactory(project=self.registered_from, is_public=True) self.retraction_post_url = self.registration.api_url_for('node_registration_retraction_post') self.retraction_get_url = self.registration.web_url_for('node_registration_retraction_get') self.justification = fake.sentence() self.group_mem = AuthUserFactory() self.group = OSFGroupFactory(creator=self.group_mem) self.registration.registered_from.add_osf_group(self.group, permissions.ADMIN)
def test_node_registration_list(self, app, user, public_project, private_project, public_registration, private_registration, public_url, private_url): # test_return_public_registrations_logged_out res = app.get(public_url) assert res.status_code == 200 assert res.content_type == 'application/vnd.api+json' assert res.json['data'][0]['attributes']['registration'] is True url = res.json['data'][0]['relationships']['registered_from']['links'][ 'related']['href'] assert urlparse(url).path == '/{}nodes/{}/'.format( API_BASE, public_project._id) assert res.json['data'][0]['type'] == 'registrations' # test_return_public_registrations_logged_in res = app.get(public_url, auth=user.auth) assert res.status_code == 200 assert res.json['data'][0]['attributes']['registration'] is True url = res.json['data'][0]['relationships']['registered_from']['links'][ 'related']['href'] assert urlparse(url).path == '/{}nodes/{}/'.format( API_BASE, public_project._id) assert res.content_type == 'application/vnd.api+json' assert res.json['data'][0]['type'] == 'registrations' # test_return_private_registrations_logged_out res = app.get(private_url, expect_errors=True) assert res.status_code == 401 assert 'detail' in res.json['errors'][0] # test_return_private_registration_group_mem_read group_mem = AuthUserFactory() group = OSFGroupFactory(creator=group_mem) private_project.add_osf_group(group, READ) res = app.get(private_url, expect_errors=True, auth=group_mem.auth) assert res.status_code == 200 # test_return_private_registrations_logged_in_contributor res = app.get(private_url, auth=user.auth) assert res.status_code == 200 assert res.json['data'][0]['attributes']['registration'] is True url = res.json['data'][0]['relationships']['registered_from']['links'][ 'related']['href'] assert urlparse(url).path == '/{}nodes/{}/'.format( API_BASE, private_project._id) assert res.content_type == 'application/vnd.api+json' assert res.json['data'][0]['type'] == 'registrations'
def test_current_user_permissions_filter(self, app, url, contrib, no_perm_node, read_node, write_node, admin_node): # test filter read res = app.get('{}read'.format(url), auth=contrib.auth) assert len(res.json['data']) == 3 assert set([read_node._id, write_node._id, admin_node._id ]) == set([node['id'] for node in res.json['data']]) # test filter write res = app.get('{}write'.format(url), auth=contrib.auth) assert len(res.json['data']) == 2 assert set([admin_node._id, write_node._id ]) == set([node['id'] for node in res.json['data']]) # test filter admin res = app.get('{}admin'.format(url), auth=contrib.auth) assert len(res.json['data']) == 1 assert [admin_node._id] == [node['id'] for node in res.json['data']] # test filter null res = app.get('{}null'.format(url), auth=contrib.auth, expect_errors=True) assert res.status_code == 400 user2 = AuthUserFactory() osf_group = OSFGroupFactory(creator=user2) read_node.add_osf_group(osf_group, permissions.READ) write_node.add_osf_group(osf_group, permissions.WRITE) admin_node.add_osf_group(osf_group, permissions.ADMIN) # test filter group member read res = app.get('{}read'.format(url), auth=user2.auth) assert len(res.json['data']) == 3 assert set([read_node._id, write_node._id, admin_node._id ]) == set([node['id'] for node in res.json['data']]) # test filter group member write res = app.get('{}write'.format(url), auth=user2.auth) assert len(res.json['data']) == 2 assert set([admin_node._id, write_node._id ]) == set([node['id'] for node in res.json['data']]) # test filter group member admin res = app.get('{}admin'.format(url), auth=user2.auth) assert len(res.json['data']) == 1 assert [admin_node._id] == [node['id'] for node in res.json['data']]