def create(request): """Create an annotation from the POST payload.""" json_payload = _json_payload(request) # Validate the annotation for, and create the annotation in, PostgreSQL. if request.feature('postgres'): schema = schemas.CreateAnnotationSchema(request) appstruct = schema.validate(copy.deepcopy(json_payload)) annotation = storage.create_annotation(request, appstruct) # Validate the annotation for, and create the annotation in, Elasticsearch. legacy_schema = schemas.LegacyCreateAnnotationSchema(request) legacy_appstruct = legacy_schema.validate(copy.deepcopy(json_payload)) # When 'postgres' is on make sure that annotations in the legacy # Elasticsearch database use the same IDs as the PostgreSQL ones. if request.feature('postgres'): assert annotation.id legacy_appstruct['id'] = annotation.id legacy_annotation = storage.legacy_create_annotation( request, legacy_appstruct) if request.feature('postgres'): _publish_annotation_event(request, annotation, 'create') return AnnotationJSONPresenter(request, annotation).asdict() _publish_annotation_event(request, legacy_annotation, 'create') return AnnotationJSONPresenter(request, legacy_annotation).asdict()
def test_it_permits_all_other_changes(self, data): request = self.mock_request() schema = schemas.LegacyCreateAnnotationSchema(request) result = schema.validate(data) for k in data: assert result[k] == data[k]
def test_it_removes_protected_fields(self, field): request = self.mock_request() schema = schemas.LegacyCreateAnnotationSchema(request) data = {} data[field] = 'something forbidden' result = schema.validate(data) assert field not in result
def test_it_raises_if_structure_validator_raises(self): request = self.mock_request() schema = schemas.LegacyCreateAnnotationSchema(request) schema.structure = mock.Mock() schema.structure.validate.side_effect = ( schemas.ValidationError('asplode')) with pytest.raises(schemas.ValidationError): schema.validate({'foo': 'bar'})
def test_it_passes_input_to_structure_validator(self): request = self.mock_request() schema = schemas.LegacyCreateAnnotationSchema(request) schema.structure = mock.Mock() schema.structure.validate.return_value = {} schema.validate({'foo': 'bar'}) schema.structure.validate.assert_called_once_with({'foo': 'bar'})
def test_it_ignores_input_user(self, data, authn_policy): """Any user field sent in the payload should be ignored.""" authn_policy.authenticated_userid.return_value = ( 'acct:[email protected]') request = self.mock_request() schema = schemas.LegacyCreateAnnotationSchema(request) result = schema.validate(data) assert result['user'] == 'acct:[email protected]'
def test_it_rejects_annotations_to_other_groups(self, data, effective_principals, ok, authn_policy): """ A user cannot create an annotation in a group they're not a member of. If a group is specified in the annotation, then reject the creation if the relevant group principal is not present in the request's effective principals. """ authn_policy.effective_principals.return_value = effective_principals request = self.mock_request() schema = schemas.LegacyCreateAnnotationSchema(request) if ok: result = schema.validate(data) assert result.get('group') == data.get('group') else: with pytest.raises(schemas.ValidationError) as exc: schema.validate(data) assert exc.value.message.startswith('group:')