def test_link(self, groupfinder_service, links_service): ann = mock.Mock() res = AnnotationContext(ann, groupfinder_service, links_service) result = res.link("json") links_service.get.assert_called_once_with(ann, "json") assert result == links_service.get.return_value
def test_getting_by_subscript_returns_AnnotationContext( self, root, pyramid_request, AnnotationContext, storage): context = root[sentinel.annotation_id] storage.fetch_annotation.assert_called_once_with( pyramid_request.db, sentinel.annotation_id) AnnotationContext.assert_called_once_with( storage.fetch_annotation.return_value) assert context == AnnotationContext.return_value
def test_acl_private(self, factories, groupfinder_service, links_service): ann = factories.Annotation(shared=False, userid="saoirse") res = AnnotationContext(ann, groupfinder_service, links_service) actual = res.__acl__() # Note NOT the ``moderate`` permission expect = [ (security.Allow, "saoirse", "read"), (security.Allow, "saoirse", "flag"), (security.Allow, "saoirse", "admin"), (security.Allow, "saoirse", "update"), (security.Allow, "saoirse", "delete"), security.DENY_ALL, ] assert actual == expect
def test_acl_flag_shared( self, factories, pyramid_config, pyramid_request, groupid, userid, permitted, groupfinder_service, links_service, ): """ Flag permissions should echo read permissions with the exception that `Security.Everyone` does not get the permission """ # Set up the test with a dummy authn policy and a real ACL authz # policy: policy = ACLAuthorizationPolicy() pyramid_config.testing_securitypolicy(userid) pyramid_config.set_authorization_policy(policy) ann = factories.Annotation(shared=True, userid="mioara", groupid=groupid) res = AnnotationContext(ann, groupfinder_service, links_service) if permitted: assert pyramid_request.has_permission("flag", res) else: assert not pyramid_request.has_permission("flag", res)
def test_acl_moderate_shared( self, factories, pyramid_config, pyramid_request, groupid, userid, permitted, groupfinder_service, links_service, ): """ Moderate permissions should only be applied when an annotation is shared—as the annotation here is shared, anyone set as a principal for the given ``FakeGroup`` will receive the ``moderate`` permission. """ # Set up the test with a dummy authn policy and a real ACL authz # policy: policy = ACLAuthorizationPolicy() pyramid_config.testing_securitypolicy(userid) pyramid_config.set_authorization_policy(policy) ann = factories.Annotation(shared=True, userid="mioara", groupid=groupid) res = AnnotationContext(ann, groupfinder_service, links_service) if permitted: assert pyramid_request.has_permission("moderate", res) else: assert not pyramid_request.has_permission("moderate", res)
def test_permissions( self, annotation, group_readable, action, expected, group_service, fake_links_service, ): annotation.deleted = False group_principals = { "members": (security.Allow, "group:{}".format(annotation.groupid), "read"), "world": (security.Allow, security.Everyone, "read"), None: security.DENY_ALL, } group = mock.Mock(spec_set=["__acl__"]) group.__acl__.return_value = [group_principals[group_readable]] group_service.find.return_value = group resource = AnnotationContext(annotation, group_service, fake_links_service) presenter = AnnotationJSONPresenter(resource) assert expected == presenter.permissions[action]
def test_rewrites_rangeselectors_same_element(self, group_service, fake_links_service): """ A RangeSelector that starts and ends in the same element should be rewritten to an XPathSelector refinedBy a TextPositionSelector, for the sake of simplicity. """ annotation = mock.Mock(target_uri='http://example.com') annotation.target_selectors = [{ 'type': 'RangeSelector', 'startContainer': '/div[1]/main[1]/article[1]/div[2]/p[339]', 'startOffset': 12, 'endContainer': '/div[1]/main[1]/article[1]/div[2]/p[339]', 'endOffset': 43, }] resource = AnnotationContext(annotation, group_service, fake_links_service) selectors = AnnotationJSONLDPresenter(resource).target[0]['selector'] assert selectors == [{ 'type': 'XPathSelector', 'value': '/div[1]/main[1]/article[1]/div[2]/p[339]', 'refinedBy': { 'type': 'TextPositionSelector', 'start': 12, 'end': 43, } }]
def test_rewrites_rangeselectors_same_element(self, group_service, fake_links_service): """ A RangeSelector that starts and ends in the same element should be rewritten to an XPathSelector refinedBy a TextPositionSelector, for the sake of simplicity. """ annotation = mock.Mock(target_uri="http://example.com") annotation.target_selectors = [{ "type": "RangeSelector", "startContainer": "/div[1]/main[1]/article[1]/div[2]/p[339]", "startOffset": 12, "endContainer": "/div[1]/main[1]/article[1]/div[2]/p[339]", "endOffset": 43, }] resource = AnnotationContext(annotation, group_service, fake_links_service) selectors = AnnotationJSONLDPresenter(resource).target[0]["selector"] assert selectors == [{ "type": "XPathSelector", "value": "/div[1]/main[1]/article[1]/div[2]/p[339]", "refinedBy": { "type": "TextPositionSelector", "start": 12, "end": 43 }, }]
def test_acl_read_shared( self, factories, pyramid_config, pyramid_request, groupid, userid, permitted, groupfinder_service, links_service, ): """ Shared annotation contexts should delegate their 'read' permission to their containing group. """ # Set up the test with a dummy authn policy and a real ACL authz # policy: policy = ACLAuthorizationPolicy() pyramid_config.testing_securitypolicy(userid) pyramid_config.set_authorization_policy(policy) ann = factories.Annotation(shared=True, userid="mioara", groupid=groupid) res = AnnotationContext(ann, groupfinder_service, links_service) if permitted: assert pyramid_request.has_permission("read", res) else: assert not pyramid_request.has_permission("read", res)
def test_asdict_extra_cannot_override_other_data( self, document_asdict, group_service, fake_links_service ): ann = mock.Mock(id="the-real-id", extra={"id": "the-extra-id"}) resource = AnnotationContext(ann, group_service, fake_links_service) document_asdict.return_value = {} presented = AnnotationJSONPresenter(resource).asdict() assert presented["id"] == "the-real-id"
def test_id_returns_jsonld_id_link(self, group_service, fake_links_service): annotation = mock.Mock(id="foobar") resource = AnnotationContext(annotation, group_service, fake_links_service) presenter = AnnotationJSONLDPresenter(resource) assert presenter.id == "http://fake-link/jsonld_id"
def test_id_passes_annotation_to_link_service(self, group_service, fake_links_service): annotation = mock.Mock(id="foobar") resource = AnnotationContext(annotation, group_service, fake_links_service) presenter = AnnotationJSONLDPresenter(resource) presenter.id assert fake_links_service.last_annotation == annotation
def test_asdict(self, group_service, fake_links_service): annotation = mock.Mock( id="foobar", created=datetime.datetime(2016, 2, 24, 18, 3, 25, 768), updated=datetime.datetime(2016, 2, 29, 10, 24, 5, 564), userid="acct:luke", target_uri="http://example.com", text="It is magical!", tags=["magic"], target_selectors=[{ "type": "TestSelector", "test": "foobar" }], ) expected = { "@context": "http://www.w3.org/ns/anno.jsonld", "type": "Annotation", "id": "http://fake-link/jsonld_id", "created": "2016-02-24T18:03:25.000768+00:00", "modified": "2016-02-29T10:24:05.000564+00:00", "creator": "acct:luke", "body": [ { "type": "TextualBody", "format": "text/markdown", "value": "It is magical!", }, { "type": "TextualBody", "purpose": "tagging", "value": "magic" }, ], "target": [{ "source": "http://example.com", "selector": [{ "type": "TestSelector", "test": "foobar" }], }], } resource = AnnotationContext(annotation, group_service, fake_links_service) result = AnnotationJSONLDPresenter(resource).asdict() assert result == expected
def test_id_returns_jsonld_id_link(self, groupfinder_service, links_service): annotation = mock.Mock(id="foobar") resource = AnnotationContext(annotation, groupfinder_service, links_service) presenter = AnnotationJSONLDPresenter(resource) result = presenter.id assert result == links_service.get.return_value links_service.get.assert_called_once_with(annotation, Any())
def _generate_annotation_event(message, socket, annotation, user_nipsad, group_service, formatters): """ Get message about annotation event `message` to be sent to `socket`. Inspects the embedded annotation event and decides whether or not the passed socket should receive notification of the event. Returns None if the socket should not receive any message about this annotation event, otherwise a dict containing information about the event. """ action = message["action"] if action == "read": return None if message["src_client_id"] == socket.client_id: return None # We don't send anything until we have received a filter from the client if socket.filter is None: return None # Don't sent annotations from NIPSA'd users to anyone other than that # user. if user_nipsad and socket.authenticated_userid != annotation.userid: return None notification = { "type": "annotation-notification", "options": { "action": action } } base_url = socket.registry.settings.get("h.app_url", "http://localhost:8080") links_service = LinksService(base_url, socket.registry) resource = AnnotationContext(annotation, group_service, links_service) serialized = presenters.AnnotationJSONPresenter( resource, formatters=formatters).asdict() permissions = serialized.get("permissions") if not _authorized_to_read(socket.effective_principals, permissions): return None if not socket.filter.match(serialized, action): return None notification["payload"] = [serialized] if action == "delete": notification["payload"] = [{"id": annotation.id}] return notification
def test_og_no_document( pyramid_request, groupfinder_service, links_service, sidebar_app ): annotation = Annotation(id="123", userid="foo", target_uri="http://example.com") context = AnnotationContext(annotation, groupfinder_service, links_service) sidebar_app.side_effect = _fake_sidebar_app ctx = main.annotation_page(context, pyramid_request) expected = Any.dict.containing({"content": Any.string.containing("foo")}) assert expected in ctx["meta_attrs"]
def test_asdict_extra_uses_copy_of_extra( self, document_asdict, group_service, fake_links_service ): extra = {"foo": "bar"} ann = mock.Mock(id="my-id", extra=extra) resource = AnnotationContext(ann, group_service, fake_links_service) document_asdict.return_value = {} AnnotationJSONPresenter(resource).asdict() # Presenting the annotation shouldn't change the "extra" dict. assert extra == {"foo": "bar"}
def test_formatter_uses_annotation_resource( self, group_service, fake_links_service ): annotation = mock.Mock(id="the-id", extra={}) resource = AnnotationContext(annotation, group_service, fake_links_service) formatters = [IDDuplicatingFormatter()] presenter = AnnotationJSONPresenter(resource, formatters) output = presenter.asdict() assert output["duplicated-id"] == "the-id"
def test_acl_deleted(self, factories, groupfinder_service, links_service): """ Nobody -- not even the owner -- should have any permissions on a deleted annotation. """ policy = ACLAuthorizationPolicy() ann = factories.Annotation(userid="saoirse", deleted=True) res = AnnotationContext(ann, groupfinder_service, links_service) for perm in ["read", "admin", "update", "delete", "moderate"]: assert not policy.permits(res, ["saiorse"], perm)
def _generate_annotation_event(message, socket, annotation, user_nipsad, group_service, formatters): """ Get message about annotation event `message` to be sent to `socket`. Inspects the embedded annotation event and decides whether or not the passed socket should receive notification of the event. Returns None if the socket should not receive any message about this annotation event, otherwise a dict containing information about the event. """ action = message["action"] if action == "read": return None if message["src_client_id"] == socket.client_id: return None # Don't sent annotations from NIPSA'd users to anyone other than that # user. if user_nipsad and socket.authenticated_userid != annotation.userid: return None # The `prepare` function sets the active registry which is an implicit # dependency of some of the authorization logic used to look up annotation # and group permissions. with pyramid.scripting.prepare(registry=socket.registry): notification = { "type": "annotation-notification", "options": { "action": action }, } base_url = socket.registry.settings.get("h.app_url", "http://localhost:5000") links_service = LinksService(base_url, socket.registry) resource = AnnotationContext(annotation, group_service, links_service) # Check whether client is authorized to read this annotation. read_principals = principals_allowed_by_permission(resource, "read") if not set(read_principals).intersection(socket.effective_principals): return None serialized = presenters.AnnotationJSONPresenter( resource, formatters=formatters).asdict() notification["payload"] = [serialized] if action == "delete": notification["payload"] = [{"id": annotation.id}] return notification
def test_og_document(factories, pyramid_request, group_service, links_service, sidebar_app): annotation = factories.Annotation(userid='acct:[email protected]') context = AnnotationContext(annotation, group_service, links_service) sidebar_app.side_effect = _fake_sidebar_app ctx = main.annotation_page(context, pyramid_request) def test(d): return '*****@*****.**' in d[ 'content'] and annotation.document.title in d['content'] assert any(test(d) for d in ctx['meta_attrs'])
def test_bodies_returns_textual_body(self, group_service, fake_links_service): annotation = mock.Mock(text='Flib flob flab', tags=None) resource = AnnotationContext(annotation, group_service, fake_links_service) bodies = AnnotationJSONLDPresenter(resource).bodies assert bodies == [{ 'type': 'TextualBody', 'value': 'Flib flob flab', 'format': 'text/markdown', }]
def test_asdict_merges_formatters(self, group_service, fake_links_service): ann = mock.Mock(id='the-real-id', extra={}) resource = AnnotationContext(ann, group_service, fake_links_service) formatters = [ FakeFormatter({'flagged': 'nope'}), FakeFormatter({'nipsa': 'maybe'}) ] presenter = AnnotationJSONPresenter(resource, formatters) presented = presenter.asdict() assert presented['flagged'] == 'nope' assert presented['nipsa'] == 'maybe'
def test_asdict_merges_formatters(self, group_service, fake_links_service): ann = mock.Mock(id="the-real-id", extra={}) resource = AnnotationContext(ann, group_service, fake_links_service) formatters = [ FakeFormatter({"flagged": "nope"}), FakeFormatter({"nipsa": "maybe"}), ] presenter = AnnotationJSONPresenter(resource, formatters) presented = presenter.asdict() assert presented["flagged"] == "nope" assert presented["nipsa"] == "maybe"
def test_bodies_returns_textual_body(self, group_service, fake_links_service): annotation = mock.Mock(text="Flib flob flab", tags=None) resource = AnnotationContext(annotation, group_service, fake_links_service) bodies = AnnotationJSONLDPresenter(resource).bodies assert bodies == [{ "type": "TextualBody", "value": "Flib flob flab", "format": "text/markdown", }]
def test_asdict(self, document_asdict, group_service, fake_links_service): ann = mock.Mock( id="the-id", created=datetime.datetime(2016, 2, 24, 18, 3, 25, 768), updated=datetime.datetime(2016, 2, 29, 10, 24, 5, 564), userid="acct:luke", target_uri="http://example.com", text="It is magical!", tags=["magic"], groupid="__world__", shared=True, target_selectors=[{"TestSelector": "foobar"}], references=["referenced-id-1", "referenced-id-2"], extra={"extra-1": "foo", "extra-2": "bar"}, ) resource = AnnotationContext(ann, group_service, fake_links_service) document_asdict.return_value = {"foo": "bar"} expected = { "id": "the-id", "created": "2016-02-24T18:03:25.000768+00:00", "updated": "2016-02-29T10:24:05.000564+00:00", "user": "******", "uri": "http://example.com", "text": "It is magical!", "tags": ["magic"], "group": "__world__", "permissions": { "read": ["group:__world__"], "admin": ["acct:luke"], "update": ["acct:luke"], "delete": ["acct:luke"], }, "target": [ { "source": "http://example.com", "selector": [{"TestSelector": "foobar"}], } ], "document": {"foo": "bar"}, "links": {"giraffe": "http://giraffe.com", "toad": "http://toad.net"}, "references": ["referenced-id-1", "referenced-id-2"], "extra-1": "foo", "extra-2": "bar", } result = AnnotationJSONPresenter(resource).asdict() assert result == expected
def test_og_no_document(pyramid_request, group_service, links_service, sidebar_app): annotation = Annotation(id="123", userid="foo", target_uri="http://example.com") context = AnnotationContext(annotation, group_service, links_service) sidebar_app.side_effect = _fake_sidebar_app ctx = main.annotation_page(context, pyramid_request) def test(d): return "foo" in d["content"] assert any(test(d) for d in ctx["meta_attrs"])
def test_og_no_document(pyramid_request, group_service, links_service, sidebar_app): annotation = Annotation(id='123', userid='foo', target_uri='http://example.com') context = AnnotationContext(annotation, group_service, links_service) sidebar_app.side_effect = _fake_sidebar_app ctx = main.annotation_page(context, pyramid_request) def test(d): return 'foo' in d['content'] assert any(test(d) for d in ctx['meta_attrs'])
def test_acl_shared_admin_perms(self, factories, groupfinder_service, links_service): """ Shared annotation contexts should still only give admin/update/delete permissions to the owner. """ policy = ACLAuthorizationPolicy() ann = factories.Annotation(shared=False, userid="saoirse") res = AnnotationContext(ann, groupfinder_service, links_service) for perm in ["admin", "update", "delete"]: assert policy.permits(res, ["saoirse"], perm) assert not policy.permits(res, ["someoneelse"], perm)
def test_asdict(self, group_service, fake_links_service): annotation = mock.Mock( id='foobar', created=datetime.datetime(2016, 2, 24, 18, 3, 25, 768), updated=datetime.datetime(2016, 2, 29, 10, 24, 5, 564), userid='acct:luke', target_uri='http://example.com', text='It is magical!', tags=['magic'], target_selectors=[{ 'type': 'TestSelector', 'test': 'foobar' }]) expected = { '@context': 'http://www.w3.org/ns/anno.jsonld', 'type': 'Annotation', 'id': 'http://fake-link/jsonld_id', 'created': '2016-02-24T18:03:25.000768+00:00', 'modified': '2016-02-29T10:24:05.000564+00:00', 'creator': 'acct:luke', 'body': [{ 'type': 'TextualBody', 'format': 'text/markdown', 'value': 'It is magical!' }, { 'type': 'TextualBody', 'purpose': 'tagging', 'value': 'magic' }], 'target': [{ 'source': 'http://example.com', 'selector': [{ 'type': 'TestSelector', 'test': 'foobar' }] }] } resource = AnnotationContext(annotation, group_service, fake_links_service) result = AnnotationJSONLDPresenter(resource).asdict() assert result == expected