def test_reviewer_cannot_update_nested_value_fields_draft_registration(self, app, project_public, draft_registration_prereg): user = AuthUserFactory() user.add_system_tag(PREREG_ADMIN_TAG) user.save() payload = { 'data': { 'id': draft_registration_prereg._id, 'type': 'draft_registrations', 'attributes': { 'registration_metadata': { 'q7': { 'value': { 'question': { 'value': 'This is the answer' } } } } } } } url = '/{}nodes/{}/draft_registrations/{}/'.format(API_BASE, project_public._id, draft_registration_prereg._id) res = app.put_json_api(url, payload, auth=user.auth, expect_errors=True) assert res.status_code == 400 assert res.json['errors'][0]['detail'] == 'Additional properties are not allowed (u\'value\' was unexpected)'
def test_reviewer_cannot_update_nested_value_fields_draft_registration(self): user = AuthUserFactory() user.add_system_tag(PREREG_ADMIN_TAG) user.save() payload = { "data": { "id": self.prereg_draft_registration._id, "type": "draft_registrations", "attributes": { "registration_metadata": { 'q7': { 'value': { 'question': { 'value': 'This is the answer' } } } } } } } url = '/{}nodes/{}/draft_registrations/{}/'.format(API_BASE, self.public_project._id, self.prereg_draft_registration._id) res = self.app.put_json_api(url, payload, auth=user.auth, expect_errors=True) assert_equal(res.status_code, 400) assert_equal(res.json['errors'][0]['detail'], "Additional properties are not allowed (u'value' was unexpected)")
def test_reviewer_can_only_update_comment_fields_draft_registration(self): user = AuthUserFactory() user.add_system_tag(PREREG_ADMIN_TAG) user.save() payload = { "data": { "id": self.prereg_draft_registration._id, "type": "draft_registrations", "attributes": { "registration_metadata": { 'q2': { 'value': 'Test response' } } } } } url = '/{}nodes/{}/draft_registrations/{}/'.format( API_BASE, self.public_project._id, self.prereg_draft_registration._id) res = self.app.put_json_api(url, payload, auth=user.auth, expect_errors=True) assert_equal(res.status_code, 400) assert_equal( res.json['errors'][0]['detail'], "Additional properties are not allowed (u'value' was unexpected)")
def test_reviewer_can_update_nested_comment_fields_draft_registration(self, app, project_public, draft_registration_prereg): user = AuthUserFactory() user.add_system_tag(PREREG_ADMIN_TAG) user.save() payload = { 'data': { 'id': draft_registration_prereg._id, 'type': 'draft_registrations', 'attributes': { 'registration_metadata': { 'q7': { 'value': { 'question': { 'comments': [{'value': 'Add some clarity here.'}] } } } } } } } url = '/{}nodes/{}/draft_registrations/{}/'.format(API_BASE, project_public._id, draft_registration_prereg._id) res = app.put_json_api(url, payload, auth=user.auth, expect_errors=True) assert res.status_code == 200 assert res.json['data']['attributes']['registration_metadata']['q7']['value']['question']['comments'][0]['value'] == 'Add some clarity here.'
def test_reviewer_can_update_nested_comment_fields_draft_registration(self): user = AuthUserFactory() user.add_system_tag(PREREG_ADMIN_TAG) user.save() payload = { "data": { "id": self.prereg_draft_registration._id, "type": "draft_registrations", "attributes": { "registration_metadata": { 'q7': { 'value': { 'question': { 'comments': [{'value': 'Add some clarity here.'}] } } } } } } } url = '/{}nodes/{}/draft_registrations/{}/'.format(API_BASE, self.public_project._id, self.prereg_draft_registration._id) res = self.app.put_json_api(url, payload, auth=user.auth, expect_errors=True) assert_equal(res.status_code, 200) assert_equal(res.json['data']['attributes']['registration_metadata']['q7']['value']['question']['comments'][0]['value'], 'Add some clarity here.')
def test_reviewer_can_update_draft_registration(self): user = AuthUserFactory() user.add_system_tag(PREREG_ADMIN_TAG) user.save() payload = { "data": { "id": self.prereg_draft_registration._id, "type": "draft_registrations", "attributes": { "registration_metadata": { 'q2': { 'comments': [{ 'value': 'This is incomplete.' }] } } } } } url = '/{}nodes/{}/draft_registrations/{}/'.format( API_BASE, self.public_project._id, self.prereg_draft_registration._id) res = self.app.put_json_api(url, payload, auth=user.auth, expect_errors=True) assert_equal(res.status_code, 200) assert_equal( res.json['data']['attributes']['registration_metadata']['q2'] ['comments'][0]['value'], 'This is incomplete.') assert_not_in('q1', res.json['data']['attributes']['registration_metadata'])
def test_reviewer_cannot_delete_draft_registration(self): user = AuthUserFactory() user.add_system_tag(PREREG_ADMIN_TAG) user.save() res = self.app.delete_json_api(self.url, auth=user.auth, expect_errors=True) assert_equal(res.status_code, 403) assert_equal(res.json['errors'][0]['detail'], 'You do not have permission to perform this action.')
def test_reviewer_cannot_create_draft_registration(self): user = AuthUserFactory() user.add_system_tag(PREREG_ADMIN_TAG) user.save() assert_in(self.read_only_user, self.public_project.contributors.all()) res = self.app.post_json_api(self.url, self.payload, auth=user.auth, expect_errors=True) assert_equal(res.status_code, 403)
def test_reviewer_cannot_delete_draft_registration(self, app, url_draft_registrations): user = AuthUserFactory() user.add_system_tag(PREREG_ADMIN_TAG) user.save() res = app.delete_json_api(url_draft_registrations, auth=user.auth, expect_errors=True) assert res.status_code == 403 assert res.json['errors'][0]['detail'] == exceptions.PermissionDenied.default_detail
class TestCheckPreregAuth(OsfTestCase): def setUp(self): super(TestCheckPreregAuth, self).setUp() ensure_schemas() self.prereg_challenge_admin_user = AuthUserFactory() self.prereg_challenge_admin_user.add_system_tag( settings.PREREG_ADMIN_TAG) self.prereg_challenge_admin_user.save() prereg_schema = MetaSchema.find_one( Q('name', 'eq', 'Prereg Challenge') & Q('schema_version', 'eq', 2)) self.user = AuthUserFactory() self.node = factories.ProjectFactory(creator=self.user) self.parent = factories.ProjectFactory() self.child = factories.NodeFactory(parent=self.parent) self.draft_registration = factories.DraftRegistrationFactory( initiator=self.user, registration_schema=prereg_schema, branched_from=self.parent) def test_has_permission_download_prereg_challenge_admin(self): res = views.check_access(self.draft_registration.branched_from, Auth(user=self.prereg_challenge_admin_user), 'download', None) assert_true(res) def test_has_permission_download_on_component_prereg_challenge_admin(self): try: res = views.check_access( self.draft_registration.branched_from._nodes.first(), Auth(user=self.prereg_challenge_admin_user), 'download', None) except Exception: self.fail() assert_true(res) def test_has_permission_download_not_prereg_challenge_admin(self): new_user = AuthUserFactory() with assert_raises(HTTPError) as exc_info: views.check_access(self.draft_registration.branched_from, Auth(user=new_user), 'download', None) assert_equal(exc_info.exception.code, http.FORBIDDEN) def test_has_permission_download_prereg_challenge_admin_not_draft(self): with assert_raises(HTTPError) as exc_info: views.check_access(self.node, Auth(user=self.prereg_challenge_admin_user), 'download', None) assert_equal(exc_info.exception.code, http.FORBIDDEN) def test_has_permission_write_prereg_challenge_admin(self): with assert_raises(HTTPError) as exc_info: views.check_access(self.draft_registration.branched_from, Auth(user=self.prereg_challenge_admin_user), 'write', None) assert_equal(exc_info.exception.code, http.FORBIDDEN)
class TestCheckPreregAuth(OsfTestCase): def setUp(self): super(TestCheckPreregAuth, self).setUp() self.prereg_challenge_admin_user = AuthUserFactory() self.prereg_challenge_admin_user.add_system_tag(settings.PREREG_ADMIN_TAG) self.prereg_challenge_admin_user.save() prereg_schema = MetaSchema.find_one( Q('name', 'eq', 'Prereg Challenge') & Q('schema_version', 'eq', 2) ) self.user = AuthUserFactory() self.node = factories.ProjectFactory(creator=self.user) self.parent = factories.ProjectFactory() self.child = factories.NodeFactory(parent=self.parent) self.draft_registration = factories.DraftRegistrationFactory( initiator=self.user, registration_schema=prereg_schema, branched_from=self.parent ) def test_has_permission_download_prereg_challenge_admin(self): res = views.check_access(self.draft_registration.branched_from, Auth(user=self.prereg_challenge_admin_user), 'download', None) assert_true(res) def test_has_permission_download_on_component_prereg_challenge_admin(self): try: res = views.check_access(self.draft_registration.branched_from._nodes.first(), Auth(user=self.prereg_challenge_admin_user), 'download', None) except Exception: self.fail() assert_true(res) def test_has_permission_download_not_prereg_challenge_admin(self): new_user = AuthUserFactory() with assert_raises(HTTPError) as exc_info: views.check_access(self.draft_registration.branched_from, Auth(user=new_user), 'download', None) assert_equal(exc_info.exception.code, http.FORBIDDEN) def test_has_permission_download_prereg_challenge_admin_not_draft(self): with assert_raises(HTTPError) as exc_info: views.check_access(self.node, Auth(user=self.prereg_challenge_admin_user), 'download', None) assert_equal(exc_info.exception.code, http.FORBIDDEN) def test_has_permission_write_prereg_challenge_admin(self): with assert_raises(HTTPError) as exc_info: views.check_access(self.draft_registration.branched_from, Auth(user=self.prereg_challenge_admin_user), 'write', None) assert_equal(exc_info.exception.code, http.FORBIDDEN)
def test_reviewer_can_see_draft_registration(self): user = AuthUserFactory() user.add_system_tag(PREREG_ADMIN_TAG) user.save() res = self.app.get(self.url, auth=user.auth) assert_equal(res.status_code, 200) data = res.json['data'] assert_equal(data['attributes']['registration_supplement'], self.schema._id) assert_equal(data['id'], self.draft_registration._id) assert_equal(data['attributes']['registration_metadata'], {})
def test_reviewer_can_see_draft_registration(self, app, schema, draft_registration, url_draft_registrations): user = AuthUserFactory() user.add_system_tag(PREREG_ADMIN_TAG) user.save() res = app.get(url_draft_registrations, auth=user.auth) assert res.status_code == 200 data = res.json['data'] assert data['attributes']['registration_supplement'] == schema._id assert data['id'] == draft_registration._id assert data['attributes']['registration_metadata'] == {}
def test_reviewer_cannot_create_draft_registration( self, app, user_read_contrib, project_public, payload, url_draft_registrations): user = AuthUserFactory() user.add_system_tag(PREREG_ADMIN_TAG) user.save() assert user_read_contrib in project_public.contributors.all() res = app.post_json_api(url_draft_registrations, payload, auth=user.auth, expect_errors=True) assert res.status_code == 403
def user(self): user = AuthUserFactory() user.add_system_tag('no_waffle:sloan|coi') user.add_system_tag('no_waffle:sloan|data') user.add_system_tag('no_waffle:sloan|prereg') user.save() return user
def user(self): user = AuthUserFactory() user.is_staff = True user.add_system_tag('raw_es6') user.save() return user
def other_non_admin_user(self): user = AuthUserFactory() user.add_system_tag('preprint_metrics') user.save() return user
def user(self): user = AuthUserFactory() user.is_staff = True user.add_system_tag('preprint_metrics') user.save() return user
def admin(self): user = AuthUserFactory() user.is_staff = True user.add_system_tag('preprint_metrics') user.save() return user
def user(self): user = AuthUserFactory() user.is_staff = True user.add_system_tag('registries_moderation_metrics') user.save() return user