def test_organization_api_delete_as_non_member_forbidden(self, api):
'''It should delete an organization from the API if not member'''
api.login()
org = OrganizationFactory()
response = api.delete(url_for('api.organization', org=org))
assert403(response)
assert Organization.objects.count() is 1
assert Organization.objects[0].deleted is None
def test_validate_source_is_admin_only(self, api):
'''It should allow to validate a source if admin'''
api.login()
source = HarvestSourceFactory()
data = {'validate': True}
url = url_for('api.validate_harvest_source', ident=str(source.id))
response = api.post(url, data)
assert403(response)
def test_organization_api_delete_as_editor_forbidden(self, api):
'''It should not delete an organization from the API if not admin'''
user = api.login()
member = Member(user=user, role='editor')
org = OrganizationFactory(members=[member])
response = api.delete(url_for('api.organization', org=org))
assert403(response)
assert Organization.objects.count() is 1
assert Organization.objects[0].deleted is None
def test_permission_denied(self, api):
@ns.route('/exception', endpoint='exception')
class ExceptionAPI(API):
def get(self):
raise PermissionDenied('Permission denied')
response = api.get(url_for('api.exception'))
assert403(response)
assert 'message' in response.json
def test_organization_api_update_forbidden(self, api):
'''It should not update an organization from the API if not admin'''
org = OrganizationFactory()
data = org.to_dict()
data['description'] = 'new description'
api.login()
response = api.put(url_for('api.organization', org=org), data)
assert403(response)
assert Organization.objects.count() is 1
assert Organization.objects.first().description == org.description
def test_permission_denied(self, api):
@ns.route('/exception', endpoint='exception')
class ExceptionAPI(API):
def get(self):
raise PermissionDenied('Permission denied')
response = api.get(url_for('api.exception'))
assert403(response)
assert 'message' in response.json
def test_schedule_source_is_admin_only(self, api):
'''It should only allow admins to schedule a source'''
api.login()
source = HarvestSourceFactory()
data = '0 0 * * *'
url = url_for('api.schedule_harvest_source', ident=str(source.id))
response = api.post(url, data)
assert403(response)
source.reload()
assert source.periodic_task is None
def test_only_admin_can_accept_membership(self, api):
user = api.login()
applicant = UserFactory()
membership_request = MembershipRequest(user=applicant, comment='test')
member = Member(user=user, role='editor')
organization = OrganizationFactory(members=[member],
requests=[membership_request])
api_url = url_for('api.accept_membership',
org=organization,
id=membership_request.id)
response = api.post(api_url)
assert403(response)
def test_create_source_with_org_not_member(self, api):
'''It should create and attach a new source to an organization'''
user = api.login()
member = Member(user=user, role='editor')
org = OrganizationFactory(members=[member])
data = {
'name': faker.word(),
'url': faker.url(),
'backend': 'factory',
'organization': str(org.id)
}
response = api.post(url_for('api.harvest_sources'), data)
assert403(response)
def test_only_admin_can_delete_member(self, api):
user = api.login()
deleted_user = UserFactory()
organization = OrganizationFactory(members=[
Member(user=user, role='editor'),
Member(user=deleted_user, role='editor')
])
api_url = url_for('api.member', org=organization, user=deleted_user)
response = api.delete(api_url)
assert403(response)
organization.reload()
assert organization.is_member(deleted_user)
def test_only_admin_can_create_member(self, api):
user = api.login()
added_user = UserFactory()
organization = OrganizationFactory(members=[
Member(user=user, role='editor'),
])
api_url = url_for('api.member', org=organization, user=added_user)
response = api.post(api_url, {'role': 'editor'})
assert403(response)
organization.reload()
assert not organization.is_member(added_user)
def test_unschedule_source_is_admin_only(self, api):
'''It should only allow admins to unschedule a source'''
api.login()
periodic_task = PeriodicTask.objects.create(
task='harvest',
name=faker.name(),
description=faker.sentence(),
enabled=True,
crontab=PeriodicTask.Crontab())
source = HarvestSourceFactory(periodic_task=periodic_task)
url = url_for('api.schedule_harvest_source', ident=str(source.id))
response = api.delete(url)
assert403(response)
source.reload()
assert source.periodic_task is not None