def test_organization_api_delete_as_non_member_forbidden(self, api):
     '''It should delete an organization from the API if not member'''
     api.login()
     org = OrganizationFactory()
     response = api.delete(url_for('api.organization', org=org))
     assert403(response)
     assert Organization.objects.count() is 1
     assert Organization.objects[0].deleted is None
Пример #2
0
    def test_validate_source_is_admin_only(self, api):
        '''It should allow to validate a source if admin'''
        api.login()
        source = HarvestSourceFactory()

        data = {'validate': True}
        url = url_for('api.validate_harvest_source', ident=str(source.id))
        response = api.post(url, data)
        assert403(response)
 def test_organization_api_delete_as_editor_forbidden(self, api):
     '''It should not delete an organization from the API if not admin'''
     user = api.login()
     member = Member(user=user, role='editor')
     org = OrganizationFactory(members=[member])
     response = api.delete(url_for('api.organization', org=org))
     assert403(response)
     assert Organization.objects.count() is 1
     assert Organization.objects[0].deleted is None
Пример #4
0
    def test_permission_denied(self, api):
        @ns.route('/exception', endpoint='exception')
        class ExceptionAPI(API):
            def get(self):
                raise PermissionDenied('Permission denied')

        response = api.get(url_for('api.exception'))

        assert403(response)
        assert 'message' in response.json
 def test_organization_api_update_forbidden(self, api):
     '''It should not update an organization from the API if not admin'''
     org = OrganizationFactory()
     data = org.to_dict()
     data['description'] = 'new description'
     api.login()
     response = api.put(url_for('api.organization', org=org), data)
     assert403(response)
     assert Organization.objects.count() is 1
     assert Organization.objects.first().description == org.description
Пример #6
0
    def test_permission_denied(self, api):
        @ns.route('/exception', endpoint='exception')
        class ExceptionAPI(API):
            def get(self):
                raise PermissionDenied('Permission denied')

        response = api.get(url_for('api.exception'))

        assert403(response)
        assert 'message' in response.json
Пример #7
0
    def test_schedule_source_is_admin_only(self, api):
        '''It should only allow admins to schedule a source'''
        api.login()
        source = HarvestSourceFactory()

        data = '0 0 * * *'
        url = url_for('api.schedule_harvest_source', ident=str(source.id))
        response = api.post(url, data)
        assert403(response)

        source.reload()
        assert source.periodic_task is None
    def test_only_admin_can_accept_membership(self, api):
        user = api.login()
        applicant = UserFactory()
        membership_request = MembershipRequest(user=applicant, comment='test')
        member = Member(user=user, role='editor')
        organization = OrganizationFactory(members=[member],
                                           requests=[membership_request])

        api_url = url_for('api.accept_membership',
                          org=organization,
                          id=membership_request.id)
        response = api.post(api_url)
        assert403(response)
Пример #9
0
    def test_create_source_with_org_not_member(self, api):
        '''It should create and attach a new source to an organization'''
        user = api.login()
        member = Member(user=user, role='editor')
        org = OrganizationFactory(members=[member])
        data = {
            'name': faker.word(),
            'url': faker.url(),
            'backend': 'factory',
            'organization': str(org.id)
        }
        response = api.post(url_for('api.harvest_sources'), data)

        assert403(response)
    def test_only_admin_can_delete_member(self, api):
        user = api.login()
        deleted_user = UserFactory()
        organization = OrganizationFactory(members=[
            Member(user=user, role='editor'),
            Member(user=deleted_user, role='editor')
        ])

        api_url = url_for('api.member', org=organization, user=deleted_user)
        response = api.delete(api_url)
        assert403(response)

        organization.reload()
        assert organization.is_member(deleted_user)
    def test_only_admin_can_create_member(self, api):
        user = api.login()
        added_user = UserFactory()
        organization = OrganizationFactory(members=[
            Member(user=user, role='editor'),
        ])

        api_url = url_for('api.member', org=organization, user=added_user)
        response = api.post(api_url, {'role': 'editor'})

        assert403(response)

        organization.reload()
        assert not organization.is_member(added_user)
Пример #12
0
    def test_unschedule_source_is_admin_only(self, api):
        '''It should only allow admins to unschedule a source'''
        api.login()
        periodic_task = PeriodicTask.objects.create(
            task='harvest',
            name=faker.name(),
            description=faker.sentence(),
            enabled=True,
            crontab=PeriodicTask.Crontab())
        source = HarvestSourceFactory(periodic_task=periodic_task)

        url = url_for('api.schedule_harvest_source', ident=str(source.id))
        response = api.delete(url)
        assert403(response)

        source.reload()
        assert source.periodic_task is not None