def test_has_permission_download_not_prereg_challenge_admin(self):
self.setUpPrereg()
new_user = AuthUserFactory()
with assert_raises(HTTPError) as exc_info:
views.check_access(self.draft_registration.branched_from,
Auth(user=new_user), 'download', None)
assert_equal(exc_info.exception.code, 403)
def test_has_permission_on_parent_node_copyto_fail_if_not_registration(self):
component_admin = AuthUserFactory()
component = ProjectFactory(creator=component_admin, parent=self.node)
assert_false(component.has_permission(self.user, 'write'))
with assert_raises(HTTPError):
views.check_access(component, Auth(user=self.user), 'copyto', None)
def test_has_permission_private_not_authenticated(self):
component_admin = AuthUserFactory()
component = ProjectFactory(creator=component_admin, is_public=False, parent=self.node)
cas_resp = cas.CasResponse(authenticated=False)
assert_false(component.has_permission(self.user, 'write'))
with assert_raises(HTTPError) as exc_info:
views.check_access(component, Auth(user=self.user), 'download', cas_resp)
assert_equal(exc_info.exception.code, 403)
def test_has_permission_read_scope_write_action_forbidden(self):
component = ProjectFactory(creator=self.user, is_public=False, parent=self.node)
cas_resp = cas.CasResponse(authenticated=True, status=None, user=self.user._id,
attributes={'accessTokenScope': {'osf.nodes.data_read'}})
assert_true(component.has_permission(self.user, 'write'))
with assert_raises(HTTPError) as exc_info:
views.check_access(component, Auth(user=self.user), 'upload', cas_resp)
assert_equal(exc_info.exception.code, 403)
def test_has_permission_private_irrelevant_scope_forbidden(self):
component_admin = AuthUserFactory()
component = ProjectFactory(creator=component_admin, is_public=False, parent=self.node)
cas_resp = cas.CasResponse(authenticated=True, status=None, user=self.user._id,
attributes={'accessTokenScope': {'osf.users.all_read'}})
assert_false(component.has_permission(self.user, 'write'))
with assert_raises(HTTPError) as exc_info:
views.check_access(component, Auth(user=self.user), 'download', cas_resp)
assert_equal(exc_info.exception.code, 403)
def test_has_permission_download_on_component_prereg_challenge_admin(self):
try:
res = views.check_access(self.draft_registration.branched_from.nodes[0],
Auth(user=self.prereg_challenge_admin_user), 'download', None)
except Exception:
self.fail()
assert_true(res)
def test_has_permission_on_parent_node_copyfrom(self):
component_admin = AuthUserFactory()
component = ProjectFactory(creator=component_admin, is_public=False, parent=self.node)
assert_false(component.has_permission(self.user, 'write'))
res = views.check_access(component, Auth(user=self.user), 'copyfrom', None)
assert_true(res)
def test_has_permission_download_on_component_prereg_challenge_admin(self):
try:
res = views.check_access(self.draft_registration.branched_from.nodes[0],
Auth(user=self.prereg_challenge_admin_user), 'download', None)
except Exception:
self.fail()
assert_true(res)
def test_has_permission_on_parent_node_copyto_pass_if_registration(self):
component_admin = AuthUserFactory()
component = ProjectFactory(creator=component_admin, parent=self.node)
component.is_registration = True
assert_false(component.has_permission(self.user, 'write'))
res = views.check_access(component, Auth(user=self.user), 'copyto', None)
assert_true(res)
def test_has_permission_on_parent_node_metadata_pass_if_registration(self):
component_admin = AuthUserFactory()
component = ProjectFactory(creator=component_admin, parent=self.node, is_public=False)
component_registration = RegistrationFactory(project=component, creator=component_admin)
assert_false(component_registration.has_permission(self.user, 'read'))
res = views.check_access(component_registration, Auth(user=self.user), 'metadata', None)
assert_true(res)
def test_has_permission_write_scope_read_action(self):
component_admin = AuthUserFactory()
component = ProjectFactory(creator=component_admin, is_public=False, parent=self.node)
cas_resp = cas.CasResponse(authenticated=True, status=None, user=self.user._id,
attributes={'accessTokenScope': {'osf.nodes.data_write'}})
assert_false(component.has_permission(self.user, 'write'))
res = views.check_access(component, Auth(user=self.user), 'download', cas_resp)
assert_true(res)
def test_has_permission_public_irrelevant_scope_allowed(self):
component_admin = AuthUserFactory()
component = ProjectFactory(creator=component_admin, is_public=True, parent=self.node)
cas_resp = cas.CasResponse(
authenticated=True, status=None, user=self.user._id, attributes={"accessTokenScope": {"osf.users.all_read"}}
)
assert_false(component.has_permission(self.user, "write"))
res = views.check_access(component, Auth(user=self.user), "download", cas_resp)
assert_true(res)
def test_has_permission_on_parent_node_metadata_pass_if_registration(self):
component_admin = AuthUserFactory()
component = ProjectFactory(creator=component_admin,
parent=self.node,
is_public=False)
component_registration = RegistrationFactory(project=component,
creator=component_admin)
assert_false(component_registration.has_permission(self.user, 'read'))
res = views.check_access(component_registration, Auth(user=self.user),
'metadata', None)
assert_true(res)
def test_has_permission_decommissioned_scope_no_error(self):
component_admin = AuthUserFactory()
component = ProjectFactory(creator=component_admin, is_public=False, parent=self.node)
cas_resp = cas.CasResponse(
authenticated=True,
status=None,
user=self.user._id,
attributes={"accessTokenScope": {"decommissioned.scope+write", "osf.nodes.data_read"}},
)
assert_false(component.has_permission(self.user, "write"))
res = views.check_access(component, Auth(user=self.user), "download", cas_resp)
assert_true(res)
def test_has_permission(self):
res = views.check_access(self.node, self.user, 'upload')
assert_true(res)
def test_not_has_permission_not_logged_in(self):
with assert_raises(HTTPError) as exc_info:
views.check_access(self.node, None, 'download')
assert_equal(exc_info.exception.code, 401)
def test_not_has_permission_logged_in(self):
user2 = AuthUserFactory()
with assert_raises(HTTPError) as exc_info:
views.check_access(self.node, user2, 'download')
assert_equal(exc_info.exception.code, 403)
def test_not_has_permission_read_has_link(self):
link = new_private_link('red-special', self.user, [self.node], anonymous=False)
res = views.check_access(self.node, None, 'download', key=link.key)
def test_not_has_permission_read_public(self):
self.node.is_public = True
self.node.save()
res = views.check_access(self.node, None, 'download')
def test_has_permission(self):
res = views.check_access(self.node, self.user, 'upload')
assert_true(res)
def test_has_permission_download_prereg_challenge_admin_not_draft(self):
self.setUpPrereg()
with assert_raises(HTTPError) as exc_info:
views.check_access(self.node,
Auth(user=self.prereg_challenge_admin_user), 'download', None)
assert_equal(exc_info.exception.code, 403)
def test_has_permission_write_prereg_challenge_admin(self):
with assert_raises(HTTPError) as exc_info:
views.check_access(
self.draft_registration.branched_from, Auth(user=self.prereg_challenge_admin_user), "write", None
)
assert_equal(exc_info.exception.code, http.FORBIDDEN)
def test_has_permission(self):
res = views.check_access(self.node, Auth(user=self.user), 'upload', None)
assert_true(res)
def test_has_permission_download_prereg_challenge_admin(self):
self.setUpPrereg()
res = views.check_access(self.draft_registration.branched_from,
Auth(user=self.prereg_challenge_admin_user), 'download', None)
assert_true(res)
def test_has_permission_download_prereg_challenge_admin_not_draft(self):
with assert_raises(HTTPError) as exc_info:
views.check_access(self.node, Auth(user=self.prereg_challenge_admin_user), "download", None)
assert_equal(exc_info.exception.code, http.FORBIDDEN)
def test_not_has_permission_logged_in(self):
user2 = AuthUserFactory()
with assert_raises(HTTPError) as exc_info:
views.check_access(self.node, user2, 'download')
assert_equal(exc_info.exception.code, 403)
def test_not_has_permission_read_public(self):
self.node.is_public = True
self.node.save()
res = views.check_access(self.node, None, 'download')
def test_has_permission(self):
res = views.check_access(self.node, Auth(user=self.user), 'upload',
None)
assert_true(res)
def test_not_has_permission_read_has_link(self):
link = new_private_link('red-special', self.user, [self.node], anonymous=False)
res = views.check_access(self.node, None, 'download', key=link.key)
def test_has_permission_write_prereg_challenge_admin(self):
self.setUpPrereg()
with assert_raises(HTTPError) as exc_info:
res = views.check_access(self.draft_registration.branched_from,
Auth(user=self.prereg_challenge_admin_user), 'write', None)
assert_equal(exc_info.exception.code, 403)
def test_not_has_permission_not_logged_in(self):
with assert_raises(HTTPError) as exc_info:
views.check_access(self.node, None, 'download')
assert_equal(exc_info.exception.code, 401)
def test_not_has_permission_read_has_link(self):
link = new_private_link("red-special", self.user, [self.node], anonymous=False)
res = views.check_access(self.node, Auth(private_key=link.key), "download", None)
