def setUp(self):
super(TestUserNodes, self).setUp()
self.user_one = UserFactory.build()
self.user_one.set_password('justapoorboy')
self.user_one.social['twitter'] = 'howtopizza'
self.user_one.save()
self.auth_one = (self.user_one.username, 'justapoorboy')
self.user_two = UserFactory.build()
self.user_two.set_password('justapoorboy')
self.user_two.save()
self.auth_two = (self.user_two.username, 'justapoorboy')
self.public_project_user_one = ProjectFactory(title="Public Project User One",
is_public=True,
creator=self.user_one)
self.private_project_user_one = ProjectFactory(title="Private Project User One",
is_public=False,
creator=self.user_one)
self.public_project_user_two = ProjectFactory(title="Public Project User Two",
is_public=True,
creator=self.user_two)
self.private_project_user_two = ProjectFactory(title="Private Project User Two",
is_public=False,
creator=self.user_two)
self.deleted_project_user_one = FolderFactory(title="Deleted Project User One",
is_public=False,
creator=self.user_one,
is_deleted=True)
self.folder = FolderFactory()
self.deleted_folder = FolderFactory(title="Deleted Folder User One",
is_public=False,
creator=self.user_one,
is_deleted=True)
self.dashboard = DashboardFactory()
def setUp(self):
super(TestUserRoutesNodeRoutes, self).setUp()
self.user_one = AuthUserFactory()
self.user_one.social['twitter'] = 'howtopizza'
self.user_two = AuthUserFactory()
self.public_project_user_one = ProjectFactory(
title="Public Project User One",
is_public=True,
creator=self.user_one)
self.private_project_user_one = ProjectFactory(
title="Private Project User One",
is_public=False,
creator=self.user_one)
self.public_project_user_two = ProjectFactory(
title="Public Project User Two",
is_public=True,
creator=self.user_two)
self.private_project_user_two = ProjectFactory(
title="Private Project User Two",
is_public=False,
creator=self.user_two)
self.deleted_project_user_one = FolderFactory(
title="Deleted Project User One",
is_public=False,
creator=self.user_one,
is_deleted=True)
self.folder = FolderFactory()
self.deleted_folder = FolderFactory(title="Deleted Folder User One",
is_public=False,
creator=self.user_one,
is_deleted=True)
self.dashboard = DashboardFactory()
def test_dashboard_adding_one_folder_increases_size_by_one_in_hgrid_representation(self):
folder = FolderFactory(creator=self.user)
self.dash.add_pointer(folder, self.auth)
project = ProjectFactory(creator=self.user)
folder.add_pointer(project,self.auth)
dash_hgrid = rubeus.to_project_hgrid(self.dash, self.auth)
assert_equal(len(dash_hgrid), len(self.init_dash_hgrid) + 1)
def test_dashboard_adding_one_folder_increases_size_by_one_in_hgrid_representation(self):
folder = FolderFactory(creator=self.user)
self.dash.add_pointer(folder, self.auth)
project = ProjectFactory(creator=self.user)
folder.add_pointer(project,self.auth)
dash_hgrid = rubeus.to_project_hgrid(self.dash, self.auth)
assert_equal(len(dash_hgrid), len(self.init_dash_hgrid) + 1)
def test_serialize_folder_containing_folder_increases_size_by_one(self):
outer_folder = FolderFactory(creator=self.user)
folder_hgrid = rubeus.to_project_hgrid(outer_folder, self.auth)
inner_folder = FolderFactory(creator=self.user)
outer_folder.add_pointer(inner_folder, self.auth)
new_hgrid = rubeus.to_project_hgrid(outer_folder, self.auth)
assert_equal(len(folder_hgrid) + 1, len(new_hgrid))
def test_serialize_folder_containing_folder_increases_size_by_one(self):
outer_folder = FolderFactory(creator=self.user)
folder_hgrid = rubeus.to_project_hgrid(outer_folder, self.auth)
inner_folder = FolderFactory(creator=self.user)
outer_folder.add_pointer(inner_folder, self.auth)
new_hgrid = rubeus.to_project_hgrid(outer_folder, self.auth)
assert_equal(len(folder_hgrid) + 1, len(new_hgrid))
def test_view_project_pointer_count_excludes_folders(self):
user = UserFactory()
pointer_project = ProjectFactory(is_public=True) # project that points to another project
pointed_project = ProjectFactory(creator=user) # project that other project points to
pointer_project.add_pointer(pointed_project, Auth(pointer_project.creator), save=True)
# Project is in a dashboard folder
folder = FolderFactory(creator=pointed_project.creator)
folder.add_pointer(pointed_project, Auth(pointed_project.creator), save=True)
result = _view_project(pointed_project, Auth(pointed_project.creator))
# pointer_project is included in count, but not folder
assert_equal(result['node']['points'], 1)
def test_view_project_pointer_count_excludes_folders(self):
user = UserFactory()
pointer_project = ProjectFactory(is_public=True) # project that points to another project
pointed_project = ProjectFactory(creator=user) # project that other project points to
pointer_project.add_pointer(pointed_project, Auth(pointer_project.creator), save=True)
# Project is in a dashboard folder
folder = FolderFactory(creator=pointed_project.creator)
folder.add_pointer(pointed_project, Auth(pointed_project.creator), save=True)
result = _view_project(pointed_project, Auth(pointed_project.creator))
# pointer_project is included in count, but not folder
assert_equal(result['node']['points'], 1)
class TestCollectionNodeLinksList(ApiTestCase):
def setUp(self):
super(TestCollectionNodeLinksList, self).setUp()
self.user_one = AuthUserFactory()
self.user_two = AuthUserFactory()
self.collection = FolderFactory(creator=self.user_one)
self.project = ProjectFactory(is_public=False, creator=self.user_one)
self.public_project = ProjectFactory(is_public=True, creator=self.user_two)
self.private_project = ProjectFactory(is_public=False, creator=self.user_two)
self.collection.add_pointer(self.project, auth=Auth(self.user_one))
self.collection.add_pointer(self.public_project, auth=Auth(self.user_one))
self.url = '/{}collections/{}/node_links/'.format(API_BASE, self.collection._id)
def test_do_not_return_node_pointers_logged_out(self):
res = self.app.get(self.url, expect_errors=True)
assert_equal(res.status_code, 401)
assert_in('detail', res.json['errors'][0])
def test_return_node_pointers_logged_in(self):
res = self.app.get(self.url, auth=self.user_one.auth)
res_json = res.json['data']
assert_equal(len(res_json), 2)
assert_equal(res.status_code, 200)
assert_equal(res.content_type, 'application/vnd.api+json')
expected_project_path = node_url_for(self.project._id)
expected_public_project_path = node_url_for(self.public_project._id)
actual_project_path = urlparse(res_json[0]['relationships']['target_node']['links']['related']['href']).path
actual_public_project_path = urlparse(res_json[1]['relationships']['target_node']['links']['related']['href']).path
assert_equal(expected_project_path, actual_project_path)
assert_equal(expected_public_project_path, actual_public_project_path)
def test_return_private_node_pointers_logged_in_non_contributor(self):
res = self.app.get(self.url, auth=self.user_two.auth, expect_errors=True)
assert_equal(res.status_code, 403)
assert_in('detail', res.json['errors'][0])
def test_deleted_links_not_returned(self):
res = self.app.get(self.url, auth=self.user_one.auth)
res_json = res.json['data']
original_length = len(res_json)
self.public_project.is_deleted = True
self.public_project.save()
res = self.app.get(self.url, auth=self.user_one.auth)
res_json = res.json['data']
assert_equal(len(res_json), original_length - 1)
def setUp(self):
super(TestRegistrationFiltering, self).setUp()
self.user_one = AuthUserFactory()
self.user_two = AuthUserFactory()
self.project_one = ProjectFactory(title="Project One",
description='Two',
is_public=True,
creator=self.user_one,
category='hypothesis')
self.project_two = ProjectFactory(title="Project Two",
description="One Three",
is_public=True,
creator=self.user_one)
self.project_three = ProjectFactory(title="Three",
is_public=True,
creator=self.user_two)
self.private_project_user_one = ProjectFactory(
title="Private Project User One",
is_public=False,
creator=self.user_one)
self.private_project_user_two = ProjectFactory(
title="Private Project User Two",
is_public=False,
creator=self.user_two)
self.project_one.add_tag('tag1',
Auth(self.project_one.creator),
save=False)
self.project_one.add_tag('tag2',
Auth(self.project_one.creator),
save=False)
self.project_one.save()
self.project_two.add_tag('tag1',
Auth(self.project_two.creator),
save=True)
self.project_two.save()
self.project_one_reg = RegistrationFactory(creator=self.user_one,
project=self.project_one,
is_public=True)
self.project_two_reg = RegistrationFactory(creator=self.user_one,
project=self.project_two,
is_public=True)
self.project_three_reg = RegistrationFactory(
creator=self.user_two, project=self.project_three, is_public=True)
self.private_project_user_one_reg = RegistrationFactory(
creator=self.user_one,
project=self.private_project_user_one,
is_public=False)
self.private_project_user_two_reg = RegistrationFactory(
creator=self.user_two,
project=self.private_project_user_two,
is_public=False)
self.folder = FolderFactory()
self.dashboard = DashboardFactory()
self.url = "/{}registrations/".format(API_BASE)
def test_dashboard_adding_one_folder_does_not_remove_smart_folders(self):
folder = FolderFactory(creator=self.user)
self.dash.add_pointer(folder, self.auth)
dash_hgrid = rubeus.to_project_hgrid(self.dash, self.auth)
assert_true(
{ALL_MY_PROJECTS_NAME, ALL_MY_REGISTRATIONS_NAME, folder.title
} <= {node_hgrid['name']
for node_hgrid in dash_hgrid})
def setUp(self):
super(TestCollectionNodeLinksList, self).setUp()
self.user_one = AuthUserFactory()
self.user_two = AuthUserFactory()
self.collection = FolderFactory(creator=self.user_one)
self.project = ProjectFactory(is_public=False, creator=self.user_one)
self.public_project = ProjectFactory(is_public=True, creator=self.user_two)
self.private_project = ProjectFactory(is_public=False, creator=self.user_two)
self.collection.add_pointer(self.project, auth=Auth(self.user_one))
self.collection.add_pointer(self.public_project, auth=Auth(self.user_one))
self.url = '/{}collections/{}/node_links/'.format(API_BASE, self.collection._id)
def setUp(self):
super(TestCollectionNodeLinkDetail, self).setUp()
self.user_one = AuthUserFactory()
self.user_two = AuthUserFactory()
self.collection = FolderFactory(creator=self.user_one)
self.project = ProjectFactory(creator=self.user_one, is_public=False)
self.project_public = ProjectFactory(creator=self.user_one, is_public=False)
self.node_link = self.collection.add_pointer(self.project, auth=Auth(self.user_one), save=True)
self.node_link_public = self.collection.add_pointer(self.project_public, auth=Auth(self.user_one), save=True)
self.url = '/{}collections/{}/node_links/{}/'.format(API_BASE, self.collection._id, self.node_link._id)
self.url_public = '/{}collections/{}/node_links/{}/'.format(API_BASE, self.collection._id, self.node_link_public._id)
def test_collection_serialization(self):
collection = FolderFactory(creator=self.user)
req = make_drf_request()
result = CollectionSerializer(collection, context={'request': req}).data
data = result['data']
assert_equal(data['id'], collection._id)
assert_equal(data['type'], 'collections')
# Attributes
attributes = data['attributes']
assert_equal(attributes['title'], collection.title)
assert_equal(attributes['date_created'], collection.date_created.isoformat())
assert_equal(attributes['date_modified'], collection.date_modified.isoformat())
# Relationships
relationships = data['relationships']
assert_in('node_links', relationships)
# Bunch of stuff in Nodes that should not be in Collections
assert_not_in('contributors', relationships)
assert_not_in('files', relationships)
assert_not_in('parent', relationships)
assert_not_in('registrations', relationships)
assert_not_in('forked_from', relationships)
class TestCollectionNodeLinkDetail(ApiTestCase):
def setUp(self):
super(TestCollectionNodeLinkDetail, self).setUp()
self.user_one = AuthUserFactory()
self.user_two = AuthUserFactory()
self.collection = FolderFactory(creator=self.user_one)
self.project = ProjectFactory(creator=self.user_one, is_public=False)
self.project_public = ProjectFactory(creator=self.user_one, is_public=False)
self.node_link = self.collection.add_pointer(self.project, auth=Auth(self.user_one), save=True)
self.node_link_public = self.collection.add_pointer(self.project_public, auth=Auth(self.user_one), save=True)
self.url = '/{}collections/{}/node_links/{}/'.format(API_BASE, self.collection._id, self.node_link._id)
self.url_public = '/{}collections/{}/node_links/{}/'.format(API_BASE, self.collection._id, self.node_link_public._id)
def test_returns_error_public_node_link_detail_unauthenticated(self):
res = self.app.get(self.url_public, expect_errors=True)
assert_equal(res.status_code, 401)
assert_in('detail', res.json['errors'][0])
def test_returns_public_node_pointer_detail_authorized(self):
res = self.app.get(self.url_public, auth=self.user_one.auth)
res_json = res.json['data']
assert_equal(res.status_code, 200)
assert_equal(res.content_type, 'application/vnd.api+json')
expected_path = node_url_for(self.project_public._id)
actual_path = urlparse(res_json['relationships']['target_node']['links']['related']['href']).path
assert_equal(expected_path, actual_path)
def test_returns_error_private_node_link_detail_unauthenticated(self):
res = self.app.get(self.url, expect_errors=True)
assert_equal(res.status_code, 401)
assert_in('detail', res.json['errors'][0])
def test_returns_private_node_link_detail_authorized(self):
res = self.app.get(self.url, auth=self.user_one.auth)
res_json = res.json['data']
assert_equal(res.status_code, 200)
assert_equal(res.content_type, 'application/vnd.api+json')
expected_path = node_url_for(self.project._id)
actual_path = urlparse(res_json['relationships']['target_node']['links']['related']['href']).path
assert_equal(expected_path, actual_path)
def test_returns_error_private_node_link_detail_unauthorized(self):
res = self.app.get(self.url, auth=self.user_two.auth, expect_errors=True)
assert_equal(res.status_code, 403)
assert_in('detail', res.json['errors'][0])
def test_self_link_points_to_node_link_detail_url(self):
res = self.app.get(self.url, auth=self.user_one.auth)
assert_equal(res.status_code, 200)
url = res.json['data']['links']['self']
assert_in(self.url, url)
def test_delete_node_link_no_permissions_for_target_node(self):
pointer_project = FolderFactory(creator=self.user_two)
pointer = self.collection.add_pointer(pointer_project, auth=Auth(self.user_one), save=True)
assert_in(pointer, self.collection.nodes)
url = '/{}collections/{}/node_links/{}/'.format(API_BASE, self.collection._id, pointer._id)
res = self.app.delete_json_api(url, auth=self.user_one.auth)
assert_equal(res.status_code, 204)
def test_can_not_delete_collection_public_node_link_unauthenticated(self):
res = self.app.delete(self.url_public, expect_errors=True)
assert_equal(res.status_code, 401)
assert_in('detail', res.json['errors'][0].keys())
def test_can_not_delete_collection_public_node_pointer_unauthorized(self):
node_count_before = len(self.collection.nodes_pointer)
res = self.app.delete(self.url_public, auth=self.user_two.auth, expect_errors=True)
# This is could arguably be a 405, but we don't need to go crazy with status codes
assert_equal(res.status_code, 403)
assert_in('detail', res.json['errors'][0])
self.collection.reload()
assert_equal(node_count_before, len(self.collection.nodes_pointer))
@assert_logs(NodeLog.POINTER_REMOVED, 'collection')
def test_delete_public_node_pointer_authorized(self):
node_count_before = len(self.collection.nodes_pointer)
res = self.app.delete(self.url_public, auth=self.user_one.auth)
self.collection.reload()
assert_equal(res.status_code, 204)
assert_equal(node_count_before - 1, len(self.collection.nodes_pointer))
@assert_logs(NodeLog.POINTER_REMOVED, 'collection')
def test_delete_private_node_link_authorized(self):
node_count_before = len(self.collection.nodes_pointer)
res = self.app.delete(self.url, auth=self.user_one.auth)
self.collection.reload()
assert_equal(res.status_code, 204)
assert_equal(node_count_before - 1, len(self.collection.nodes_pointer))
def test_can_not_delete_collection_private_node_link_unauthorized(self):
res = self.app.delete(self.url, auth=self.user_two.auth, expect_errors=True)
assert_equal(res.status_code, 403)
assert_in('detail', res.json['errors'][0])
@assert_logs(NodeLog.POINTER_REMOVED, 'collection')
def test_can_not_return_deleted_collection_public_node_pointer(self):
res = self.app.delete(self.url_public, auth=self.user_one.auth)
self.collection.reload()
assert_equal(res.status_code, 204)
res = self.app.get(self.url_public, auth=self.user_one.auth, expect_errors=True)
assert_equal(res.status_code, 404)
@assert_logs(NodeLog.POINTER_REMOVED, 'collection')
def test_return_deleted_private_node_pointer(self):
res = self.app.delete(self.url, auth=self.user_one.auth)
self.project.reload()
assert_equal(res.status_code, 204)
res = self.app.get(self.url, auth=self.user_one.auth, expect_errors=True)
assert_equal(res.status_code, 404)
# Regression test for https://openscience.atlassian.net/browse/OSF-4322
def test_delete_link_that_is_not_linked_to_correct_node(self):
collection = FolderFactory(creator=self.user_one)
# The node link belongs to a different project
res = self.app.delete(
'/{}nodes/{}/node_links/{}/'.format(API_BASE, collection._id, self.node_link._id),
auth=self.user_one.auth,
expect_errors=True
)
assert_equal(res.status_code, 404)
errors = res.json['errors']
assert_equal(len(errors), 1)
assert_equal(errors[0]['detail'], 'Not found.')
def test_serialized_folder_is_valid_folder(self):
folder = FolderFactory(creator=self.user)
folder_hgrid = rubeus.to_project_hgrid(folder, self.auth)
assert_equal(folder_hgrid, [])
def test_cannot_return_folder_at_node_detail_endpoint(self):
folder = FolderFactory(creator=self.user)
res = self.app.get('/{}nodes/{}/'.format(API_BASE, folder._id), auth=self.user.auth, expect_errors=True)
assert_equal(res.status_code, 404)