def node(self, user, write_contrib, read_contrib): node = NodeFactory(creator=user) node.add_contributor(write_contrib, permissions=[permissions.READ, permissions.WRITE]) node.add_contributor(read_contrib, permissions=[permissions.READ]) node.save() return node
def test_node_children_related_counts_duplicate_query_results( self, app, user, public_project, private_project, public_project_url): user_2 = AuthUserFactory() # Adding a child component child = NodeFactory(parent=public_project, creator=user, is_public=True, category='software') child.add_contributor(user_2, permissions.WRITE, save=True) # Adding a grandchild NodeFactory(parent=child, creator=user, is_public=True) # Adding a node link public_project.add_pointer(private_project, auth=Auth(public_project.creator)) # Assert NodeChildrenList returns one result res = app.get(public_project_url, auth=user.auth) assert len(res.json['data']) == 1 assert res.json['data'][0]['id'] == child._id project_url = '/{}nodes/{}/?related_counts=children'.format( API_BASE, public_project._id) res = app.get(project_url, auth=user.auth) assert res.status_code == 200 # Verifying related_counts match direct children count (grandchildren not included, pointers not included) assert res.json['data']['relationships']['children']['links'][ 'related']['meta']['count'] == 1
def test__initiate_embargo_adds_admins_on_child_nodes(self): project_admin = UserFactory() project_non_admin = UserFactory() child_admin = UserFactory() child_non_admin = UserFactory() grandchild_admin = UserFactory() project = ProjectFactory(creator=project_admin) project.add_contributor(project_non_admin, auth=Auth(project.creator), save=True) child = NodeFactory(creator=child_admin, parent=project) child.add_contributor(child_non_admin, auth=Auth(child.creator), save=True) grandchild = NodeFactory(creator=grandchild_admin, parent=child) # noqa registration = RegistrationFactory(project=project) embargo = registration._initiate_embargo( project.creator, self.valid_embargo_end_date, for_existing_registration=True ) assert_in(project_admin._id, embargo.approval_state) assert_in(child_admin._id, embargo.approval_state) assert_in(grandchild_admin._id, embargo.approval_state) assert_not_in(project_non_admin._id, embargo.approval_state) assert_not_in(child_non_admin._id, embargo.approval_state)
def test__initiate_approval_adds_admins_on_child_nodes(self): project_admin = UserFactory() project_non_admin = UserFactory() child_admin = UserFactory() child_non_admin = UserFactory() grandchild_admin = UserFactory() project = ProjectFactory(creator=project_admin) project.add_contributor(project_non_admin, auth=Auth(project.creator), save=True) child = NodeFactory(creator=child_admin, parent=project) child.add_contributor(child_non_admin, auth=Auth(child.creator), save=True) grandchild = NodeFactory(creator=grandchild_admin, parent=child) # noqa registration = RegistrationFactory(project=project) approval = registration._initiate_approval(registration.creator) assert_in(project_admin._id, approval.approval_state) assert_in(child_admin._id, approval.approval_state) assert_in(grandchild_admin._id, approval.approval_state) assert_not_in(project_non_admin._id, approval.approval_state) assert_not_in(child_non_admin._id, approval.approval_state)
def test_serialize_node_search_returns_only_visible_contributors(self): node = NodeFactory() non_visible_contributor = UserFactory() node.add_contributor(non_visible_contributor, visible=False) serialized_node = _serialize_node_search(node) assert_equal(serialized_node['firstAuthor'], node.visible_contributors[0].family_name) assert_equal(len(node.visible_contributors), 1) assert_false(serialized_node['etal'])
def node_private(self, user_admin_contrib, user_write_contrib, user_read_contrib, registration): node_private = NodeFactory(creator=user_admin_contrib) node_private.add_contributor(user_write_contrib, auth=Auth(user_admin_contrib)) node_private.add_contributor(user_read_contrib, permissions=['read'], auth=Auth(user_admin_contrib)) node_private.add_pointer(registration, auth=Auth(user_admin_contrib)) return node_private
def node(self, user, write_contrib, read_contrib): node = NodeFactory(creator=user) node.add_contributor( write_contrib, permissions=[ permissions.READ, permissions.WRITE]) node.add_contributor(read_contrib, permissions=[permissions.READ]) node.save() return node
def node_private( self, user_admin_contrib, user_write_contrib, user_read_contrib, registration): node_private = NodeFactory(creator=user_admin_contrib) node_private.add_contributor( user_write_contrib, auth=Auth(user_admin_contrib)) node_private.add_contributor( user_read_contrib, permissions=['read'], auth=Auth(user_admin_contrib)) node_private.add_pointer(registration, auth=Auth(user_admin_contrib)) return node_private
def test_user_is_read_write(self): user = AuthUserFactory() user.affiliated_institutions.add(self.institution) node = NodeFactory() node.add_contributor(user) node.save() res = self.app.post_json_api(self.institution_nodes_url, self.create_payload(node._id), auth=user.auth) assert_equal(res.status_code, 201) node.reload() assert_in(self.institution, node.affiliated_institutions.all())
def setUp(self): super(LinkedRegistrationsTestCase, self).setUp() self.mock_archive = mock.patch('website.archiver.tasks.archive') self.non_contributor = AuthUserFactory() self.read_contributor = AuthUserFactory() self.rw_contributor = AuthUserFactory() self.admin_contributor = AuthUserFactory() self.public_linked_registration = RegistrationFactory(is_public=True, creator=self.rw_contributor) self.private_linked_registration = RegistrationFactory(is_public=False, creator=self.rw_contributor) self.mock_archive.start() public_node = NodeFactory(creator=self.admin_contributor, is_public=True) public_node.add_contributor(self.rw_contributor, auth=Auth(self.admin_contributor)) public_node.add_contributor(self.read_contributor, permissions=['read'], auth=Auth(self.admin_contributor)) public_node.add_pointer(self.public_linked_registration, auth=Auth(self.admin_contributor)) public_node.add_pointer(self.private_linked_registration, auth=Auth(self.rw_contributor)) public_node.save() self.public_registration = public_node.register_node(get_default_metaschema(), Auth(self.admin_contributor), '', None) self.public_registration.is_public = True self.public_registration.save() private_node = NodeFactory(creator=self.admin_contributor) private_node.add_contributor(self.rw_contributor, auth=Auth(self.admin_contributor)) private_node.add_contributor(self.read_contributor, permissions=['read'], auth=Auth(self.admin_contributor)) private_node.add_pointer(self.public_linked_registration, auth=Auth(self.admin_contributor)) private_node.add_pointer(self.private_linked_registration, auth=Auth(self.rw_contributor)) private_node.save() self.private_registration = private_node.register_node(get_default_metaschema(), Auth(self.admin_contributor), '', None)
def test_user_is_read_write(self): user = AuthUserFactory() user.affiliated_institutions.add(self.institution) node = NodeFactory() node.add_contributor(user) node.save() res = self.app.post_json_api( self.institution_nodes_url, self.create_payload(node._id), auth=user.auth ) assert_equal(res.status_code, 201) node.reload() assert_in(self.institution, node.affiliated_institutions.all())
def test_user_is_read_only(self): user = AuthUserFactory() user.affiliated_institutions.add(self.institution) node = NodeFactory() node.add_contributor(user, permissions=[permissions.READ]) node.save() res = self.app.post_json_api(self.institution_nodes_url, self.create_payload(node._id), auth=user.auth, expect_errors=True) assert_equal(res.status_code, 403) node.reload() assert_not_in(self.institution, node.affiliated_institutions.all())
def test_user_is_read_only(self): user = AuthUserFactory() user.affiliated_institutions.add(self.institution) node = NodeFactory() node.add_contributor(user, permissions=[permissions.READ]) node.save() res = self.app.post_json_api( self.institution_nodes_url, self.create_payload(node._id), auth=user.auth, expect_errors=True ) assert_equal(res.status_code, 403) node.reload() assert_not_in(self.institution, node.affiliated_institutions.all())
def setUp(self): super(LinkedRegistrationsTestCase, self).setUp() self.mock_archive = mock.patch('website.archiver.tasks.archive') self.non_contributor = AuthUserFactory() self.read_contributor = AuthUserFactory() self.rw_contributor = AuthUserFactory() self.admin_contributor = AuthUserFactory() self.public_linked_registration = RegistrationFactory( is_public=True, creator=self.rw_contributor) self.private_linked_registration = RegistrationFactory( is_public=False, creator=self.rw_contributor) self.mock_archive.start() public_node = NodeFactory( creator=self.admin_contributor, is_public=True) public_node.add_contributor( self.rw_contributor, auth=Auth(self.admin_contributor)) public_node.add_contributor( self.read_contributor, permissions=['read'], auth=Auth(self.admin_contributor)) public_node.add_pointer( self.public_linked_registration, auth=Auth(self.admin_contributor)) public_node.add_pointer( self.private_linked_registration, auth=Auth(self.rw_contributor)) public_node.save() self.public_registration = public_node.register_node( get_default_metaschema(), Auth(self.admin_contributor), '', None) self.public_registration.is_public = True self.public_registration.save() private_node = NodeFactory(creator=self.admin_contributor) private_node.add_contributor( self.rw_contributor, auth=Auth(self.admin_contributor)) private_node.add_contributor( self.read_contributor, permissions=['read'], auth=Auth(self.admin_contributor)) private_node.add_pointer( self.public_linked_registration, auth=Auth(self.admin_contributor)) private_node.add_pointer( self.private_linked_registration, auth=Auth(self.rw_contributor)) private_node.save() self.private_registration = private_node.register_node( get_default_metaschema(), Auth(self.admin_contributor), '', None)
class LinkedRegistrationsTestCase(ApiTestCase): def setUp(self): super(LinkedRegistrationsTestCase, self).setUp() self.registration = RegistrationFactory(is_public=True) self.public_node = NodeFactory(is_public=True) self.public_node.add_pointer(self.registration, auth=Auth(self.public_node.creator)) self.public_node.save() self.admin_contributor = AuthUserFactory() self.rw_contributor = AuthUserFactory() self.read_contributor = AuthUserFactory() self.non_contributor = AuthUserFactory() self.private_node = NodeFactory(creator=self.admin_contributor) self.private_node.add_contributor(self.rw_contributor, auth=Auth(self.admin_contributor)) self.private_node.add_contributor(self.read_contributor, permissions=['read'], auth=Auth(self.admin_contributor)) self.private_node.add_pointer(self.registration, auth=Auth(self.admin_contributor)) self.private_node.save()
def test_get_children_only_returns_child_nodes_with_admin_permissions( self): user = UserFactory() admin_project = ProjectFactory() admin_project.add_contributor( user, auth=Auth(admin_project.creator), permissions=permissions.expand_permissions(permissions.ADMIN)) admin_project.save() admin_component = NodeFactory(parent=admin_project) admin_component.add_contributor( user, auth=Auth(admin_component.creator), permissions=permissions.expand_permissions(permissions.ADMIN)) admin_component.save() read_and_write = NodeFactory(parent=admin_project) read_and_write.add_contributor( user, auth=Auth(read_and_write.creator), permissions=permissions.expand_permissions(permissions.WRITE)) read_and_write.save() read_only = NodeFactory(parent=admin_project) read_only.add_contributor(user, auth=Auth(read_only.creator), permissions=permissions.expand_permissions( permissions.READ)) read_only.save() non_contributor = NodeFactory(parent=admin_project) components = _get_children(admin_project, Auth(user)) assert_equal(len(components), 1)
def test_get_contributors_from_parent(self): self.project.add_contributor( AuthUserFactory(), auth=self.auth, visible=True, ) self.project.add_contributor( AuthUserFactory(), auth=self.auth, visible=False, ) component = NodeFactory(parent=self.project, creator=self.user) user_already_on_component = AuthUserFactory() component.add_contributor( user_already_on_component, auth=self.auth, visible=True, ) self.project.add_contributor( user_already_on_component, auth=self.auth, visible=True, ) self.project.save() component.save() url = component.api_url_for('get_contributors_from_parent') res = self.app.get(url, auth=self.user.auth) # Should be all contributors, client-side handles marking # contributors that are already added to the child. ids = [contrib['id'] for contrib in res.json['contributors']] assert_not_in(user_already_on_component.id, ids) assert_equal( len(res.json['contributors']), 2, )
def test_node_children_related_counts_duplicate_query_results(self, app, user, public_project, private_project, public_project_url): user_2 = AuthUserFactory() # Adding a child component child = NodeFactory(parent=public_project, creator=user, is_public=True, category='software') child.add_contributor(user_2, ['read', 'write'], save=True) # Adding a grandchild NodeFactory(parent=child, creator=user, is_public=True) # Adding a node link public_project.add_pointer( private_project, auth=Auth(public_project.creator) ) # Assert NodeChildrenList returns one result res = app.get(public_project_url, auth=user.auth) assert len(res.json['data']) == 1 assert res.json['data'][0]['id'] == child._id project_url = '/{}nodes/{}/?related_counts=children'.format(API_BASE, public_project._id) res = app.get(project_url, auth=user.auth) assert res.status_code == 200 # Verifying related_counts match direct children count (grandchildren not included, pointers not included) assert res.json['data']['relationships']['children']['links']['related']['meta']['count'] == 1
def test_get_children_only_returns_child_nodes_with_admin_permissions(self): user = UserFactory() admin_project = ProjectFactory() admin_project.add_contributor(user, auth=Auth(admin_project.creator), permissions=permissions.expand_permissions(permissions.ADMIN)) admin_project.save() admin_component = NodeFactory(parent=admin_project) admin_component.add_contributor(user, auth=Auth(admin_component.creator), permissions=permissions.expand_permissions(permissions.ADMIN)) admin_component.save() read_and_write = NodeFactory(parent=admin_project) read_and_write.add_contributor(user, auth=Auth(read_and_write.creator), permissions=permissions.expand_permissions(permissions.WRITE)) read_and_write.save() read_only = NodeFactory(parent=admin_project) read_only.add_contributor(user, auth=Auth(read_only.creator), permissions=permissions.expand_permissions(permissions.READ)) read_only.save() non_contributor = NodeFactory(parent=admin_project) components = _get_children(admin_project, Auth(user)) assert_equal(len(components), 1)
class TestNodeRelationshipNodeLinks(ApiTestCase): def setUp(self): super(TestNodeRelationshipNodeLinks, self).setUp() self.user = AuthUserFactory() self.user2 = AuthUserFactory() self.auth = Auth(self.user) self.linking_node = NodeFactory(creator=self.user) self.admin_node = NodeFactory(creator=self.user) self.contributor_node = NodeFactory(creator=self.user2) self.contributor_node.add_contributor(self.user, auth=Auth(self.user2)) self.contributor_node.save() self.other_node = NodeFactory() self.private_node = NodeFactory(creator=self.user) self.public_node = NodeFactory(is_public=True) self.linking_node.add_pointer(self.private_node, auth=self.auth) self.public_linking_node = NodeFactory(is_public=True, creator=self.user2) self.public_linking_node.add_pointer(self.private_node, auth=Auth(self.user2)) self.public_linking_node.add_pointer(self.public_node, auth=Auth(self.user2)) self.url = '/{}nodes/{}/relationships/linked_nodes/'.format(API_BASE, self.linking_node._id) self.public_url = '/{}nodes/{}/relationships/linked_nodes/'.format(API_BASE, self.public_linking_node._id) def payload(self, node_ids=None): node_ids = node_ids or [self.admin_node._id] env_linked_nodes = [{'type': 'linked_nodes', 'id': node_id} for node_id in node_ids] return {"data": env_linked_nodes} def test_get_relationship_linked_nodes(self): res = self.app.get( self.url, auth=self.user.auth ) assert_equal(res.status_code, 200) assert_in(self.linking_node.linked_nodes_self_url, res.json['links']['self']) assert_in(self.linking_node.linked_nodes_related_url, res.json['links']['html']) assert_equal(res.json['data'][0]['id'], self.private_node._id) def test_get_public_relationship_linked_nodes_logged_out(self): res = self.app.get(self.public_url) assert_equal(res.status_code, 200) assert_equal(len(res.json['data']), 1) assert_equal(res.json['data'][0]['id'], self.public_node._id) def test_get_public_relationship_linked_nodes_logged_in(self): res = self.app.get(self.public_url, auth=self.user.auth) assert_equal(res.status_code, 200) assert_equal(len(res.json['data']), 2) def test_get_private_relationship_linked_nodes_logged_out(self): res = self.app.get(self.url, expect_errors=True) assert_equal(res.status_code, 401) def test_post_contributing_node(self): res = self.app.post_json_api( self.url, self.payload([self.contributor_node._id]), auth=self.user.auth ) assert_equal(res.status_code, 201) ids = [data['id'] for data in res.json['data']] assert_in(self.contributor_node._id, ids) assert_in(self.private_node._id, ids) def test_post_public_node(self): res = self.app.post_json_api( self.url, self.payload([self.public_node._id]), auth=self.user.auth ) assert_equal(res.status_code, 201) ids = [data['id'] for data in res.json['data']] assert_in(self.public_node._id, ids) assert_in(self.private_node._id, ids) def test_post_private_node(self): res = self.app.post_json_api( self.url, self.payload([self.other_node._id]), auth=self.user.auth, expect_errors=True ) assert_equal(res.status_code, 403) res = self.app.get( self.url, auth=self.user.auth ) ids = [data['id'] for data in res.json['data']] assert_not_in(self.other_node._id, ids) assert_in(self.private_node._id, ids) def test_post_mixed_nodes(self): res = self.app.post_json_api( self.url, self.payload([self.other_node._id, self.contributor_node._id]), auth=self.user.auth, expect_errors=True ) assert_equal(res.status_code, 403) res = self.app.get( self.url, auth=self.user.auth ) ids = [data['id'] for data in res.json['data']] assert_not_in(self.other_node._id, ids) assert_not_in(self.contributor_node._id, ids) assert_in(self.private_node._id, ids) def test_post_node_already_linked(self): res = self.app.post_json_api( self.url, self.payload([self.private_node._id]), auth=self.user.auth ) assert_equal(res.status_code, 204) def test_put_contributing_node(self): res = self.app.put_json_api( self.url, self.payload([self.contributor_node._id]), auth=self.user.auth ) assert_equal(res.status_code, 200) ids = [data['id'] for data in res.json['data']] assert_in(self.contributor_node._id, ids) assert_not_in(self.private_node._id, ids) def test_put_private_node(self): res = self.app.put_json_api( self.url, self.payload([self.other_node._id]), auth=self.user.auth, expect_errors=True ) assert_equal(res.status_code, 403) res = self.app.get( self.url, auth=self.user.auth ) ids = [data['id'] for data in res.json['data']] assert_not_in(self.other_node._id, ids) assert_in(self.private_node._id, ids) def test_put_mixed_nodes(self): res = self.app.put_json_api( self.url, self.payload([self.other_node._id, self.contributor_node._id]), auth=self.user.auth, expect_errors=True ) assert_equal(res.status_code, 403) res = self.app.get( self.url, auth=self.user.auth ) ids = [data['id'] for data in res.json['data']] assert_not_in(self.other_node._id, ids) assert_not_in(self.contributor_node._id, ids) assert_in(self.private_node._id, ids) def test_delete_with_put_empty_array(self): self.linking_node.add_pointer(self.admin_node, auth=self.auth) payload = self.payload() payload['data'].pop() res = self.app.put_json_api( self.url, payload, auth=self.user.auth ) assert_equal(res.status_code, 200) assert_equal(res.json['data'], payload['data']) def test_delete_one(self): self.linking_node.add_pointer(self.admin_node, auth=self.auth) res = self.app.delete_json_api( self.url, self.payload([self.private_node._id]), auth=self.user.auth, ) assert_equal(res.status_code, 204) res = self.app.get(self.url, auth=self.user.auth) ids = [data['id'] for data in res.json['data']] assert_in(self.admin_node._id, ids) assert_not_in(self.private_node._id, ids) def test_delete_multiple(self): self.linking_node.add_pointer(self.admin_node, auth=self.auth) res = self.app.delete_json_api( self.url, self.payload([self.private_node._id, self.admin_node._id]), auth=self.user.auth, ) assert_equal(res.status_code, 204) res = self.app.get(self.url, auth=self.user.auth) assert_equal(res.json['data'], []) def test_delete_not_present(self): number_of_links = self.linking_node.linked_nodes.count() res = self.app.delete_json_api( self.url, self.payload([self.other_node._id]), auth=self.user.auth ) assert_equal(res.status_code, 204) res = self.app.get( self.url, auth=self.user.auth ) assert_equal(len(res.json['data']), number_of_links) def test_delete_invalid_payload(self): number_of_links = self.linking_node.linked_nodes.count() # No id in datum payload = {'data': [{'type': 'linked_nodes'}]} res = self.app.delete_json_api( self.url, payload, auth=self.user.auth, expect_errors=True ) assert_equal(res.status_code, 400) error = res.json['errors'][0] assert_equal(error['detail'], 'Request must include /data/id.') res = self.app.get( self.url, auth=self.user.auth ) assert_equal(len(res.json['data']), number_of_links) def test_node_doesnt_exist(self): res = self.app.post_json_api( self.url, self.payload(['aquarela']), auth=self.user.auth, expect_errors=True ) assert_equal(res.status_code, 404) def test_type_mistyped(self): res = self.app.post_json_api( self.url, { 'data': [{'type': 'not_linked_nodes', 'id': self.contributor_node._id}] }, auth=self.user.auth, expect_errors=True ) assert_equal(res.status_code, 409) def test_creates_public_linked_node_relationship_logged_out(self): res = self.app.post_json_api( self.public_url, self.payload([self.public_node._id]), expect_errors=True ) assert_equal(res.status_code, 401) def test_creates_public_linked_node_relationship_logged_in(self): res = self.app.post_json_api( self.public_url, self.payload([self.public_node._id]), auth=self.user.auth, expect_errors=True ) assert_equal(res.status_code, 403) def test_creates_private_linked_node_relationship_logged_out(self): res = self.app.post_json_api( self.url, self.payload([self.other_node._id]), expect_errors=True ) assert_equal(res.status_code, 401) def test_put_public_nodes_relationships_logged_out(self): res = self.app.put_json_api( self.public_url, self.payload([self.public_node._id]), expect_errors=True ) assert_equal(res.status_code, 401) def test_put_public_nodes_relationships_logged_in(self): res = self.app.put_json_api( self.public_url, self.payload([self.private_node._id]), auth=self.user.auth, expect_errors=True ) assert_equal(res.status_code, 403) def test_delete_public_nodes_relationships_logged_out(self): res = self.app.delete_json_api( self.public_url, self.payload([self.public_node._id]), expect_errors=True ) assert_equal(res.status_code, 401) def test_delete_public_nodes_relationships_logged_in(self): res = self.app.delete_json_api( self.public_url, self.payload([self.private_node._id]), auth=self.user.auth, expect_errors=True ) assert_equal(res.status_code, 403) def test_node_links_and_relationship_represent_same_nodes(self): self.linking_node.add_pointer(self.admin_node, auth=self.auth) self.linking_node.add_pointer(self.contributor_node, auth=self.auth) res_relationship = self.app.get( self.url, auth=self.user.auth ) res_node_links = self.app.get( '/{}nodes/{}/node_links/'.format(API_BASE, self.linking_node._id), auth=self.user.auth ) node_links_id = [data['embeds']['target_node']['data']['id'] for data in res_node_links.json['data']] relationship_id = [data['id'] for data in res_relationship.json['data']] assert_equal(set(node_links_id), set(relationship_id))
class TestNodeLinkedNodes(ApiTestCase): def setUp(self): super(TestNodeLinkedNodes, self).setUp() self.user = AuthUserFactory() self.auth = Auth(self.user) self.linking_node = NodeFactory(creator=self.user) self.linked_node = NodeFactory(creator=self.user) self.linked_node2 = NodeFactory(creator=self.user) self.public_node = NodeFactory(is_public=True, creator=self.user) self.linking_node.add_pointer(self.linked_node, auth=self.auth) self.linking_node.add_pointer(self.linked_node2, auth=self.auth) self.linking_node.add_pointer(self.public_node, auth=self.auth) self.linking_node.save() self.url = '/{}nodes/{}/linked_nodes/'.format(API_BASE, self.linking_node._id) self.node_ids = self.linking_node.linked_nodes.values_list('guids___id', flat=True) def test_linked_nodes_returns_everything(self): res = self.app.get(self.url, auth=self.user.auth) assert_equal(res.status_code, 200) nodes_returned = [linked_node['id'] for linked_node in res.json['data']] assert_equal(len(nodes_returned), len(self.node_ids)) for node_id in self.node_ids: assert_in(node_id, nodes_returned) def test_linked_nodes_only_return_viewable_nodes(self): user = AuthUserFactory() new_linking_node = NodeFactory(creator=user) self.linked_node.add_contributor(user, auth=self.auth, save=True) self.linked_node2.add_contributor(user, auth=self.auth, save=True) self.public_node.add_contributor(user, auth=self.auth, save=True) new_linking_node.add_pointer(self.linked_node, auth=Auth(user)) new_linking_node.add_pointer(self.linked_node2, auth=Auth(user)) new_linking_node.add_pointer(self.public_node, auth=Auth(user)) new_linking_node.save() res = self.app.get( '/{}nodes/{}/linked_nodes/'.format(API_BASE, new_linking_node._id), auth=user.auth ) assert_equal(res.status_code, 200) nodes_returned = [linked_node['id'] for linked_node in res.json['data']] assert_equal(len(nodes_returned), len(self.node_ids)) for node_id in self.node_ids: assert_in(node_id, nodes_returned) # Disconnect contributor_removed so that we don't check in files # We can remove this when StoredFileNode is implemented in osf-models with disconnected_from_listeners(contributor_removed): self.linked_node2.remove_contributor(user, auth=self.auth) self.public_node.remove_contributor(user, auth=self.auth) res = self.app.get( '/{}nodes/{}/linked_nodes/'.format(API_BASE, new_linking_node._id), auth=user.auth ) nodes_returned = [linked_node['id'] for linked_node in res.json['data']] assert_equal(len(nodes_returned), len(self.node_ids) - 1) assert_in(self.linked_node._id, nodes_returned) assert_in(self.public_node._id, nodes_returned) assert_not_in(self.linked_node2._id, nodes_returned) def test_linked_nodes_doesnt_return_deleted_nodes(self): self.linked_node.is_deleted = True self.linked_node.save() res = self.app.get(self.url, auth=self.user.auth) assert_equal(res.status_code, 200) nodes_returned = [linked_node['id'] for linked_node in res.json['data']] assert_equal(len(nodes_returned), len(self.node_ids) - 1) assert_not_in(self.linked_node._id, nodes_returned) assert_in(self.linked_node2._id, nodes_returned) assert_in(self.public_node._id, nodes_returned) def test_attempt_to_return_linked_nodes_logged_out(self): res = self.app.get( self.url, auth=None, expect_errors=True ) assert_equal(res.status_code, 401)
class TestComponents(OsfTestCase): def setUp(self): super(TestComponents, self).setUp() self.user = AuthUserFactory() self.consolidate_auth = Auth(user=self.user) self.project = ProjectFactory(creator=self.user) self.project.add_contributor(contributor=self.user, auth=self.consolidate_auth) # A non-project componenet self.component = NodeFactory( category='hypothesis', creator=self.user, parent=self.project, ) self.component.save() self.component.set_privacy('public', self.consolidate_auth) self.component.set_privacy('private', self.consolidate_auth) self.project.save() self.project_url = self.project.web_url_for('view_project') def test_sees_parent(self): res = self.app.get(self.component.url, auth=self.user.auth).maybe_follow() parent_title = res.html.find_all('h2', class_='node-parent-title') assert_equal(len(parent_title), 1) assert_in(self.project.title, parent_title[0].text) # Bs4 will handle unescaping HTML here def test_delete_project(self): res = self.app.get(self.component.url + 'settings/', auth=self.user.auth).maybe_follow() assert_in('Delete {0}'.format(self.component.project_or_component), res) def test_cant_delete_project_if_not_admin(self): non_admin = AuthUserFactory() self.component.add_contributor( non_admin, permissions=['read', 'write'], auth=self.consolidate_auth, save=True, ) res = self.app.get(self.component.url + 'settings/', auth=non_admin.auth).maybe_follow() assert_not_in('Delete {0}'.format(self.component.project_or_component), res) def test_can_configure_comments_if_admin(self): res = self.app.get( self.component.url + 'settings/', auth=self.user.auth, ).maybe_follow() assert_in('Commenting', res) def test_cant_configure_comments_if_not_admin(self): non_admin = AuthUserFactory() self.component.add_contributor( non_admin, permissions=['read', 'write'], auth=self.consolidate_auth, save=True, ) res = self.app.get(self.component.url + 'settings/', auth=non_admin.auth).maybe_follow() assert_not_in('Commenting', res) def test_components_should_have_component_list(self): res = self.app.get(self.component.url, auth=self.user.auth) assert_in('Components', res)
class TestNodeRelationshipNodeLinks(ApiTestCase): def setUp(self): super(TestNodeRelationshipNodeLinks, self).setUp() self.user = AuthUserFactory() self.user2 = AuthUserFactory() self.auth = Auth(self.user) self.linking_node_source = NodeFactory(creator=self.user) self.admin_node = NodeFactory(creator=self.user) self.contributor_node = NodeFactory(creator=self.user2) self.contributor_node.add_contributor(self.user, auth=Auth(self.user2)) self.contributor_node.save() self.other_node = NodeFactory() self.private_node = NodeFactory(creator=self.user) self.public_node = NodeFactory(is_public=True) self.linking_node_source.add_pointer(self.private_node, auth=self.auth) self.linking_node_source.add_pointer(self.admin_node, auth=self.auth) self.public_linking_node_source = NodeFactory(is_public=True, creator=self.user2) self.public_linking_node_source.add_pointer(self.private_node, auth=Auth(self.user2)) self.public_linking_node_source.add_pointer(self.public_node, auth=Auth(self.user2)) self.public_linking_node = RegistrationFactory( project=self.public_linking_node_source, is_public=True, creator=self.user2) self.linking_node = RegistrationFactory( project=self.linking_node_source, creator=self.user) self.url = '/{}registrations/{}/relationships/linked_nodes/'.format( API_BASE, self.linking_node._id) self.public_url = '/{}registrations/{}/relationships/linked_nodes/'.format( API_BASE, self.public_linking_node._id) def payload(self, node_ids=None): node_ids = node_ids or [self.admin_node._id] env_linked_nodes = [{ "type": "linked_nodes", "id": node_id } for node_id in node_ids] return {"data": env_linked_nodes} def test_get_relationship_linked_nodes(self): res = self.app.get(self.url, auth=self.user.auth) assert_equal(res.status_code, 200) assert_in(self.linking_node.linked_nodes_self_url, res.json['links']['self']) assert_in(self.linking_node.linked_nodes_related_url, res.json['links']['html']) assert_in(self.private_node._id, [e['id'] for e in res.json['data']]) def test_get_linked_nodes_related_counts(self): res = self.app.get( '/{}registrations/{}/?related_counts=linked_nodes'.format( API_BASE, self.linking_node._id), auth=self.user.auth) assert_equal( res.json['data']['relationships']['linked_nodes']['links'] ['related']['meta']['count'], 2) def test_get_public_relationship_linked_nodes_logged_out(self): res = self.app.get(self.public_url) assert_equal(res.status_code, 200) assert_equal(len(res.json['data']), 1) assert_in(self.public_node._id, [e['id'] for e in res.json['data']]) def test_get_public_relationship_linked_nodes_logged_in(self): res = self.app.get(self.public_url, auth=self.user.auth) assert_equal(res.status_code, 200) assert_equal(len(res.json['data']), 2) def test_get_private_relationship_linked_nodes_logged_out(self): res = self.app.get(self.url, expect_errors=True) assert_equal(res.status_code, 401) def test_post_contributing_node(self): res = self.app.post_json_api(self.url, self.payload([self.contributor_node._id]), auth=self.user.auth, expect_errors=True) assert_equal(res.status_code, 405) def test_post_public_node(self): res = self.app.post_json_api(self.url, self.payload([self.public_node._id]), auth=self.user.auth, expect_errors=True) assert_equal(res.status_code, 405) def test_post_private_node(self): res = self.app.post_json_api(self.url, self.payload([self.other_node._id]), auth=self.user.auth, expect_errors=True) assert_equal(res.status_code, 405) res = self.app.get(self.url, auth=self.user.auth) ids = [data['id'] for data in res.json['data']] assert_not_in(self.other_node._id, ids) assert_in(self.private_node._id, ids) def test_post_mixed_nodes(self): res = self.app.post_json_api( self.url, self.payload([self.other_node._id, self.contributor_node._id]), auth=self.user.auth, expect_errors=True) assert_equal(res.status_code, 405) res = self.app.get(self.url, auth=self.user.auth) ids = [data['id'] for data in res.json['data']] assert_not_in(self.other_node._id, ids) assert_not_in(self.contributor_node._id, ids) assert_in(self.private_node._id, ids) def test_post_node_already_linked(self): res = self.app.post_json_api(self.url, self.payload([self.private_node._id]), auth=self.user.auth, expect_errors=True) assert_equal(res.status_code, 405) def test_put_contributing_node(self): res = self.app.put_json_api(self.url, self.payload([self.contributor_node._id]), auth=self.user.auth, expect_errors=True) assert_equal(res.status_code, 405) def test_put_private_node(self): res = self.app.put_json_api(self.url, self.payload([self.other_node._id]), auth=self.user.auth, expect_errors=True) assert_equal(res.status_code, 405) res = self.app.get(self.url, auth=self.user.auth) ids = [data['id'] for data in res.json['data']] assert_not_in(self.other_node._id, ids) assert_in(self.private_node._id, ids) def test_put_mixed_nodes(self): res = self.app.put_json_api( self.url, self.payload([self.other_node._id, self.contributor_node._id]), auth=self.user.auth, expect_errors=True) assert_equal(res.status_code, 405) res = self.app.get(self.url, auth=self.user.auth) ids = [data['id'] for data in res.json['data']] assert_not_in(self.other_node._id, ids) assert_not_in(self.contributor_node._id, ids) assert_in(self.private_node._id, ids) def test_delete_with_put_empty_array(self): payload = self.payload() payload['data'].pop() res = self.app.put_json_api(self.url, payload, auth=self.user.auth, expect_errors=True) assert_equal(res.status_code, 405) def test_delete_one(self): res = self.app.delete_json_api(self.url, self.payload([self.private_node._id]), auth=self.user.auth, expect_errors=True) assert_equal(res.status_code, 405) res = self.app.get(self.url, auth=self.user.auth) ids = [data['id'] for data in res.json['data']] assert_in(self.admin_node._id, ids) assert_in(self.private_node._id, ids) def test_delete_multiple(self): res = self.app.delete_json_api( self.url, self.payload([self.private_node._id, self.admin_node._id]), auth=self.user.auth, expect_errors=True) assert_equal(res.status_code, 405) res = self.app.get(self.url, auth=self.user.auth) assert_equal(len(res.json['data']), 2) def test_delete_not_present(self): number_of_links = self.linking_node.linked_nodes.count() res = self.app.delete_json_api(self.url, self.payload([self.other_node._id]), auth=self.user.auth, expect_errors=True) assert_equal(res.status_code, 405) res = self.app.get(self.url, auth=self.user.auth) assert_equal(len(res.json['data']), number_of_links) def test_node_doesnt_exist(self): res = self.app.post_json_api(self.url, self.payload(['aquarela']), auth=self.user.auth, expect_errors=True) assert_equal(res.status_code, 405) def test_type_mistyped(self): res = self.app.post_json_api(self.url, { 'data': [{ 'type': 'not_linked_nodes', 'id': self.contributor_node._id }] }, auth=self.user.auth, expect_errors=True) assert_equal(res.status_code, 405) def test_creates_public_linked_node_relationship_logged_out(self): res = self.app.post_json_api(self.public_url, self.payload([self.public_node._id]), expect_errors=True) assert_equal(res.status_code, 401) def test_creates_public_linked_node_relationship_logged_in(self): res = self.app.post_json_api(self.public_url, self.payload([self.public_node._id]), auth=self.user.auth, expect_errors=True) assert_equal(res.status_code, 405) def test_creates_private_linked_node_relationship_logged_out(self): res = self.app.post_json_api(self.url, self.payload([self.other_node._id]), expect_errors=True) assert_equal(res.status_code, 401) def test_put_public_nodes_relationships_logged_out(self): res = self.app.put_json_api(self.public_url, self.payload([self.public_node._id]), expect_errors=True) assert_equal(res.status_code, 401) def test_put_public_nodes_relationships_logged_in(self): res = self.app.put_json_api(self.public_url, self.payload([self.private_node._id]), auth=self.user.auth, expect_errors=True) assert_equal(res.status_code, 405) def test_delete_public_nodes_relationships_logged_out(self): res = self.app.delete_json_api(self.public_url, self.payload([self.public_node._id]), expect_errors=True) assert_equal(res.status_code, 401) def test_delete_public_nodes_relationships_logged_in(self): res = self.app.delete_json_api(self.public_url, self.payload([self.private_node._id]), auth=self.user.auth, expect_errors=True) assert_equal(res.status_code, 405)
class TestNodeRelationshipNodeLinks(ApiTestCase): def setUp(self): super(TestNodeRelationshipNodeLinks, self).setUp() self.user = AuthUserFactory() self.user2 = AuthUserFactory() self.auth = Auth(self.user) self.linking_node = NodeFactory(creator=self.user) self.admin_node = NodeFactory(creator=self.user) self.contributor_node = NodeFactory(creator=self.user2) self.contributor_node.add_contributor(self.user, auth=Auth(self.user2)) self.contributor_node.save() self.other_node = NodeFactory() self.private_node = NodeFactory(creator=self.user) self.public_node = NodeFactory(is_public=True) self.linking_node.add_pointer(self.private_node, auth=self.auth) self.public_linking_node = NodeFactory(is_public=True, creator=self.user2) self.public_linking_node.add_pointer(self.private_node, auth=Auth(self.user2)) self.public_linking_node.add_pointer(self.public_node, auth=Auth(self.user2)) self.url = '/{}nodes/{}/relationships/linked_nodes/'.format( API_BASE, self.linking_node._id) self.public_url = '/{}nodes/{}/relationships/linked_nodes/'.format( API_BASE, self.public_linking_node._id) def payload(self, node_ids=None): node_ids = node_ids or [self.admin_node._id] env_linked_nodes = [{ 'type': 'linked_nodes', 'id': node_id } for node_id in node_ids] return {"data": env_linked_nodes} def test_get_relationship_linked_nodes(self): res = self.app.get(self.url, auth=self.user.auth) assert_equal(res.status_code, 200) assert_in(self.linking_node.linked_nodes_self_url, res.json['links']['self']) assert_in(self.linking_node.linked_nodes_related_url, res.json['links']['html']) assert_equal(res.json['data'][0]['id'], self.private_node._id) def test_get_public_relationship_linked_nodes_logged_out(self): res = self.app.get(self.public_url) assert_equal(res.status_code, 200) assert_equal(len(res.json['data']), 1) assert_equal(res.json['data'][0]['id'], self.public_node._id) def test_get_public_relationship_linked_nodes_logged_in(self): res = self.app.get(self.public_url, auth=self.user.auth) assert_equal(res.status_code, 200) assert_equal(len(res.json['data']), 2) def test_get_private_relationship_linked_nodes_logged_out(self): res = self.app.get(self.url, expect_errors=True) assert_equal(res.status_code, 401) def test_post_contributing_node(self): res = self.app.post_json_api(self.url, self.payload([self.contributor_node._id]), auth=self.user.auth) assert_equal(res.status_code, 201) ids = [data['id'] for data in res.json['data']] assert_in(self.contributor_node._id, ids) assert_in(self.private_node._id, ids) def test_post_public_node(self): res = self.app.post_json_api(self.url, self.payload([self.public_node._id]), auth=self.user.auth) assert_equal(res.status_code, 201) ids = [data['id'] for data in res.json['data']] assert_in(self.public_node._id, ids) assert_in(self.private_node._id, ids) def test_post_private_node(self): res = self.app.post_json_api(self.url, self.payload([self.other_node._id]), auth=self.user.auth, expect_errors=True) assert_equal(res.status_code, 403) res = self.app.get(self.url, auth=self.user.auth) ids = [data['id'] for data in res.json['data']] assert_not_in(self.other_node._id, ids) assert_in(self.private_node._id, ids) def test_post_mixed_nodes(self): res = self.app.post_json_api( self.url, self.payload([self.other_node._id, self.contributor_node._id]), auth=self.user.auth, expect_errors=True) assert_equal(res.status_code, 403) res = self.app.get(self.url, auth=self.user.auth) ids = [data['id'] for data in res.json['data']] assert_not_in(self.other_node._id, ids) assert_not_in(self.contributor_node._id, ids) assert_in(self.private_node._id, ids) def test_post_node_already_linked(self): res = self.app.post_json_api(self.url, self.payload([self.private_node._id]), auth=self.user.auth) assert_equal(res.status_code, 204) def test_put_contributing_node(self): res = self.app.put_json_api(self.url, self.payload([self.contributor_node._id]), auth=self.user.auth) assert_equal(res.status_code, 200) ids = [data['id'] for data in res.json['data']] assert_in(self.contributor_node._id, ids) assert_not_in(self.private_node._id, ids) def test_put_private_node(self): res = self.app.put_json_api(self.url, self.payload([self.other_node._id]), auth=self.user.auth, expect_errors=True) assert_equal(res.status_code, 403) res = self.app.get(self.url, auth=self.user.auth) ids = [data['id'] for data in res.json['data']] assert_not_in(self.other_node._id, ids) assert_in(self.private_node._id, ids) def test_put_mixed_nodes(self): res = self.app.put_json_api( self.url, self.payload([self.other_node._id, self.contributor_node._id]), auth=self.user.auth, expect_errors=True) assert_equal(res.status_code, 403) res = self.app.get(self.url, auth=self.user.auth) ids = [data['id'] for data in res.json['data']] assert_not_in(self.other_node._id, ids) assert_not_in(self.contributor_node._id, ids) assert_in(self.private_node._id, ids) def test_delete_with_put_empty_array(self): self.linking_node.add_pointer(self.admin_node, auth=self.auth) payload = self.payload() payload['data'].pop() res = self.app.put_json_api(self.url, payload, auth=self.user.auth) assert_equal(res.status_code, 200) assert_equal(res.json['data'], payload['data']) def test_delete_one(self): self.linking_node.add_pointer(self.admin_node, auth=self.auth) res = self.app.delete_json_api( self.url, self.payload([self.private_node._id]), auth=self.user.auth, ) assert_equal(res.status_code, 204) res = self.app.get(self.url, auth=self.user.auth) ids = [data['id'] for data in res.json['data']] assert_in(self.admin_node._id, ids) assert_not_in(self.private_node._id, ids) def test_delete_multiple(self): self.linking_node.add_pointer(self.admin_node, auth=self.auth) res = self.app.delete_json_api( self.url, self.payload([self.private_node._id, self.admin_node._id]), auth=self.user.auth, ) assert_equal(res.status_code, 204) res = self.app.get(self.url, auth=self.user.auth) assert_equal(res.json['data'], []) def test_delete_not_present(self): number_of_links = self.linking_node.linked_nodes.count() res = self.app.delete_json_api(self.url, self.payload([self.other_node._id]), auth=self.user.auth) assert_equal(res.status_code, 204) res = self.app.get(self.url, auth=self.user.auth) assert_equal(len(res.json['data']), number_of_links) def test_delete_invalid_payload(self): number_of_links = self.linking_node.linked_nodes.count() # No id in datum payload = {'data': [{'type': 'linked_nodes'}]} res = self.app.delete_json_api(self.url, payload, auth=self.user.auth, expect_errors=True) assert_equal(res.status_code, 400) error = res.json['errors'][0] assert_equal(error['detail'], 'Request must include /data/id.') res = self.app.get(self.url, auth=self.user.auth) assert_equal(len(res.json['data']), number_of_links) def test_node_doesnt_exist(self): res = self.app.post_json_api(self.url, self.payload(['aquarela']), auth=self.user.auth, expect_errors=True) assert_equal(res.status_code, 404) def test_type_mistyped(self): res = self.app.post_json_api(self.url, { 'data': [{ 'type': 'not_linked_nodes', 'id': self.contributor_node._id }] }, auth=self.user.auth, expect_errors=True) assert_equal(res.status_code, 409) def test_creates_public_linked_node_relationship_logged_out(self): res = self.app.post_json_api(self.public_url, self.payload([self.public_node._id]), expect_errors=True) assert_equal(res.status_code, 401) def test_creates_public_linked_node_relationship_logged_in(self): res = self.app.post_json_api(self.public_url, self.payload([self.public_node._id]), auth=self.user.auth, expect_errors=True) assert_equal(res.status_code, 403) def test_creates_private_linked_node_relationship_logged_out(self): res = self.app.post_json_api(self.url, self.payload([self.other_node._id]), expect_errors=True) assert_equal(res.status_code, 401) def test_put_public_nodes_relationships_logged_out(self): res = self.app.put_json_api(self.public_url, self.payload([self.public_node._id]), expect_errors=True) assert_equal(res.status_code, 401) def test_put_public_nodes_relationships_logged_in(self): res = self.app.put_json_api(self.public_url, self.payload([self.private_node._id]), auth=self.user.auth, expect_errors=True) assert_equal(res.status_code, 403) def test_delete_public_nodes_relationships_logged_out(self): res = self.app.delete_json_api(self.public_url, self.payload([self.public_node._id]), expect_errors=True) assert_equal(res.status_code, 401) def test_delete_public_nodes_relationships_logged_in(self): res = self.app.delete_json_api(self.public_url, self.payload([self.private_node._id]), auth=self.user.auth, expect_errors=True) assert_equal(res.status_code, 403) def test_node_links_and_relationship_represent_same_nodes(self): self.linking_node.add_pointer(self.admin_node, auth=self.auth) self.linking_node.add_pointer(self.contributor_node, auth=self.auth) res_relationship = self.app.get(self.url, auth=self.user.auth) res_node_links = self.app.get('/{}nodes/{}/node_links/'.format( API_BASE, self.linking_node._id), auth=self.user.auth) node_links_id = [ data['embeds']['target_node']['data']['id'] for data in res_node_links.json['data'] ] relationship_id = [ data['id'] for data in res_relationship.json['data'] ] assert_equal(set(node_links_id), set(relationship_id))
class TestInstitutionRelationshipNodes(ApiTestCase): def setUp(self): super(TestInstitutionRelationshipNodes, self).setUp() self.user = AuthUserFactory() self.institution = InstitutionFactory() self.user.affiliated_institutions.add(self.institution) self.user.save() self.node1 = NodeFactory(creator=self.user) self.node2 = NodeFactory(is_public=True) self.node3 = NodeFactory() self.node1.affiliated_institutions.add(self.institution) self.node2.affiliated_institutions.add(self.institution) self.node3.affiliated_institutions.add(self.institution) self.node1.save() self.node2.save() self.node3.save() self.institution_nodes_url = '/{}institutions/{}/relationships/nodes/'.format( API_BASE, self.institution._id) def create_payload(self, *node_ids): data = [{'type': 'nodes', 'id': id_} for id_ in node_ids] return {'data': data} def test_get_nodes_no_auth(self): res = self.app.get(self.institution_nodes_url) assert_equal(res.status_code, 200) node_ids = [node['id'] for node in res.json['data']] assert_in(self.node2._id, node_ids) assert_not_in(self.node1._id, node_ids) assert_not_in(self.node3._id, node_ids) def test_get_nodes_with_auth(self): res = self.app.get(self.institution_nodes_url, auth=self.user.auth) assert_equal(res.status_code, 200) node_ids = [node['id'] for node in res.json['data']] assert_in(self.node1._id, node_ids) assert_in(self.node2._id, node_ids) assert_not_in(self.node3._id, node_ids) def test_node_does_not_exist(self): res = self.app.post_json_api(self.institution_nodes_url, self.create_payload('notIdatAll'), expect_errors=True, auth=self.user.auth) assert_equal(res.status_code, 404) def test_wrong_type(self): node = NodeFactory(creator=self.user) res = self.app.post_json_api( self.institution_nodes_url, {'data': [{ 'type': 'dugtrio', 'id': node._id }]}, expect_errors=True, auth=self.user.auth) assert_equal(res.status_code, 409) def test_user_with_nodes_and_permissions(self): node = NodeFactory(creator=self.user) res = self.app.post_json_api(self.institution_nodes_url, self.create_payload(node._id), auth=self.user.auth) assert_equal(res.status_code, 201) node_ids = [node_['id'] for node_ in res.json['data']] assert_in(node._id, node_ids) node.reload() assert_in(self.institution, node.affiliated_institutions.all()) def test_user_does_not_have_node(self): node = NodeFactory() res = self.app.post_json_api(self.institution_nodes_url, self.create_payload(node._id), expect_errors=True, auth=self.user.auth) assert_equal(res.status_code, 403) node.reload() assert_not_in(self.institution, node.affiliated_institutions.all()) def test_user_is_admin(self): node = NodeFactory(creator=self.user) res = self.app.post_json_api(self.institution_nodes_url, self.create_payload(node._id), auth=self.user.auth) assert_equal(res.status_code, 201) node.reload() assert_in(self.institution, node.affiliated_institutions.all()) def test_user_is_read_write(self): user = AuthUserFactory() user.affiliated_institutions.add(self.institution) node = NodeFactory() node.add_contributor(user) node.save() res = self.app.post_json_api(self.institution_nodes_url, self.create_payload(node._id), auth=user.auth) assert_equal(res.status_code, 201) node.reload() assert_in(self.institution, node.affiliated_institutions.all()) def test_user_is_read_only(self): user = AuthUserFactory() user.affiliated_institutions.add(self.institution) node = NodeFactory() node.add_contributor(user, permissions=[permissions.READ]) node.save() res = self.app.post_json_api(self.institution_nodes_url, self.create_payload(node._id), auth=user.auth, expect_errors=True) assert_equal(res.status_code, 403) node.reload() assert_not_in(self.institution, node.affiliated_institutions.all()) def test_user_is_admin_but_not_affiliated(self): user = AuthUserFactory() node = NodeFactory(creator=user) res = self.app.post_json_api(self.institution_nodes_url, self.create_payload(node._id), expect_errors=True, auth=user.auth) assert_equal(res.status_code, 403) node.reload() assert_not_in(self.institution, node.affiliated_institutions.all()) def test_add_some_with_permissions_others_without(self): node1 = NodeFactory(creator=self.user) node2 = NodeFactory() res = self.app.post_json_api(self.institution_nodes_url, self.create_payload(node1._id, node2._id), expect_errors=True, auth=self.user.auth) assert_equal(res.status_code, 403) node1.reload() node2.reload() assert_not_in(self.institution, node1.affiliated_institutions.all()) assert_not_in(self.institution, node2.affiliated_institutions.all()) def test_add_some_existant_others_not(self): assert_in(self.institution, self.node1.affiliated_institutions.all()) node = NodeFactory(creator=self.user) res = self.app.post_json_api(self.institution_nodes_url, self.create_payload( node._id, self.node1._id), auth=self.user.auth) assert_equal(res.status_code, 201) node.reload() self.node1.reload() assert_in(self.institution, self.node1.affiliated_institutions.all()) assert_in(self.institution, node.affiliated_institutions.all()) def test_only_add_existent_with_mixed_permissions(self): assert_in(self.institution, self.node1.affiliated_institutions.all()) assert_in(self.institution, self.node2.affiliated_institutions.all()) res = self.app.post_json_api(self.institution_nodes_url, self.create_payload( self.node2._id, self.node1._id), expect_errors=True, auth=self.user.auth) assert_equal(res.status_code, 403) self.node1.reload() self.node2.reload() assert_in(self.institution, self.node1.affiliated_institutions.all()) assert_in(self.institution, self.node2.affiliated_institutions.all()) def test_only_add_existent_with_permissions(self): node = NodeFactory(creator=self.user) node.affiliated_institutions.add(self.institution) node.save() assert_in(self.institution, self.node1.affiliated_institutions.all()) assert_in(self.institution, node.affiliated_institutions.all()) res = self.app.post_json_api(self.institution_nodes_url, self.create_payload( node._id, self.node1._id), auth=self.user.auth) assert_equal(res.status_code, 204) def test_delete_user_is_admin(self): res = self.app.delete_json_api(self.institution_nodes_url, self.create_payload(self.node1._id), auth=self.user.auth) self.node1.reload() assert_equal(res.status_code, 204) assert_not_in(self.institution, self.node1.affiliated_institutions.all()) def test_delete_user_is_read_write(self): self.node3.add_contributor(self.user) self.node3.save() res = self.app.delete_json_api(self.institution_nodes_url, self.create_payload(self.node3._id), auth=self.user.auth) self.node3.reload() assert_equal(res.status_code, 204) assert_not_in(self.institution, self.node3.affiliated_institutions.all()) def test_delete_user_is_read_only(self): self.node3.add_contributor(self.user, permissions='read') self.node3.save() res = self.app.delete_json_api(self.institution_nodes_url, self.create_payload(self.node3._id), auth=self.user.auth, expect_errors=True) self.node3.reload() assert_equal(res.status_code, 403) assert_in(self.institution, self.node3.affiliated_institutions.all()) def test_delete_user_is_admin_and_affiliated_with_inst(self): assert_in(self.institution, self.node1.affiliated_institutions.all()) res = self.app.delete_json_api(self.institution_nodes_url, self.create_payload(self.node1._id), auth=self.user.auth) assert_equal(res.status_code, 204) self.node1.reload() assert_not_in(self.institution, self.node1.affiliated_institutions.all()) def test_delete_user_is_admin_but_not_affiliated_with_inst(self): user = AuthUserFactory() node = NodeFactory(creator=user) node.affiliated_institutions.add(self.institution) node.save() assert_in(self.institution, node.affiliated_institutions.all()) res = self.app.delete_json_api(self.institution_nodes_url, self.create_payload(node._id), auth=user.auth) assert_equal(res.status_code, 204) node.reload() assert_not_in(self.institution, node.affiliated_institutions.all()) def test_delete_user_is_affiliated_with_inst_and_mixed_permissions_on_nodes( self): res = self.app.delete_json_api(self.institution_nodes_url, self.create_payload( self.node1._id, self.node2._id), expect_errors=True, auth=self.user.auth) assert_equal(res.status_code, 403)
class TestNodeRelationshipInstitutions(ApiTestCase): def setUp(self): super(TestNodeRelationshipInstitutions, self).setUp() self.institution2 = InstitutionFactory() self.institution1 = InstitutionFactory() self.user = AuthUserFactory() self.user.affiliated_institutions.add(self.institution1) self.user.affiliated_institutions.add(self.institution2) self.user.save() self.read_write_contributor = AuthUserFactory() self.read_write_contributor_institution = InstitutionFactory() self.read_write_contributor.affiliated_institutions.add(self.read_write_contributor_institution) self.read_write_contributor.save() self.read_only_contributor = AuthUserFactory() self.read_only_contributor_institution = InstitutionFactory() self.read_only_contributor.affiliated_institutions.add(self.read_only_contributor_institution) self.read_only_contributor.save() self.node = NodeFactory(creator=self.user) self.node.add_contributor(self.read_write_contributor, permissions=[permissions.WRITE]) self.node.add_contributor(self.read_only_contributor, permissions=[permissions.READ]) self.node.save() self.node_institutions_url = '/{0}nodes/{1}/relationships/institutions/'.format(API_BASE, self.node._id) def create_payload(self, *institution_ids): data = [] for id_ in institution_ids: data.append({'type': 'institutions', 'id': id_}) return {'data': data} def test_node_with_no_permissions(self): user = AuthUserFactory() user.affiliated_institutions.add(self.institution1) user.save() res = self.app.put_json_api( self.node_institutions_url, self.create_payload([self.institution1._id]), auth=user.auth, expect_errors=True, ) assert_equal(res.status_code, 403) def test_user_with_no_institution(self): user = AuthUserFactory() node = NodeFactory(creator=user) res = self.app.put_json_api( '/{0}nodes/{1}/relationships/institutions/'.format(API_BASE, node._id), self.create_payload(self.institution1._id), expect_errors=True, auth=user.auth ) assert_equal(res.status_code, 403) def test_get_public_node(self): self.node.is_public = True self.node.save() res = self.app.get( self.node_institutions_url ) assert_equal(res.status_code, 200) assert_equal(res.json['data'], []) def test_institution_does_not_exist(self): res = self.app.put_json_api( self.node_institutions_url, self.create_payload('not_an_id'), expect_errors=True, auth=self.user.auth ) assert_equal(res.status_code, 404) def test_wrong_type(self): res = self.app.put_json_api( self.node_institutions_url, {'data': [{'type': 'not_institution', 'id': self.institution1._id}]}, expect_errors=True, auth=self.user.auth ) assert_equal(res.status_code, 409) def test_user_with_institution_and_permissions(self): assert_not_in(self.institution1, self.node.affiliated_institutions.all()) assert_not_in(self.institution2, self.node.affiliated_institutions.all()) res = self.app.post_json_api( self.node_institutions_url, self.create_payload(self.institution1._id, self.institution2._id), auth=self.user.auth ) assert_equal(res.status_code, 201) data = res.json['data'] ret_institutions = [inst['id'] for inst in data] assert_in(self.institution1._id, ret_institutions) assert_in(self.institution2._id, ret_institutions) self.node.reload() assert_in(self.institution1, self.node.affiliated_institutions.all()) assert_in(self.institution2, self.node.affiliated_institutions.all()) def test_user_with_institution_and_permissions_through_patch(self): assert_not_in(self.institution1, self.node.affiliated_institutions.all()) assert_not_in(self.institution2, self.node.affiliated_institutions.all()) res = self.app.put_json_api( self.node_institutions_url, self.create_payload(self.institution1._id, self.institution2._id), auth=self.user.auth ) assert_equal(res.status_code, 200) data = res.json['data'] ret_institutions = [inst['id'] for inst in data] assert_in(self.institution1._id, ret_institutions) assert_in(self.institution2._id, ret_institutions) self.node.reload() assert_in(self.institution1, self.node.affiliated_institutions.all()) assert_in(self.institution2, self.node.affiliated_institutions.all()) def test_remove_institutions_with_no_permissions(self): res = self.app.put_json_api( self.node_institutions_url, self.create_payload(), expect_errors=True ) assert_equal(res.status_code, 401) def test_remove_institutions_with_affiliated_user(self): self.node.affiliated_institutions.add(self.institution1) self.node.save() assert_in(self.institution1, self.node.affiliated_institutions.all()) res = self.app.put_json_api( self.node_institutions_url, {'data': []}, auth=self.user.auth ) assert_equal(res.status_code, 200) self.node.reload() assert_equal(self.node.affiliated_institutions.count(), 0) def test_using_post_making_no_changes_returns_204(self): self.node.affiliated_institutions.add(self.institution1) self.node.save() assert_in(self.institution1, self.node.affiliated_institutions.all()) res = self.app.post_json_api( self.node_institutions_url, self.create_payload(self.institution1._id), auth=self.user.auth ) assert_equal(res.status_code, 204) self.node.reload() assert_in(self.institution1, self.node.affiliated_institutions.all()) def test_put_not_admin_but_affiliated(self): user = AuthUserFactory() user.affiliated_institutions.add(self.institution1) user.save() self.node.add_contributor(user) self.node.save() res = self.app.put_json_api( self.node_institutions_url, self.create_payload(self.institution1._id), auth=user.auth ) self.node.reload() assert_equal(res.status_code, 200) assert_in(self.institution1, self.node.affiliated_institutions.all()) def test_retrieve_private_node_no_auth(self): res = self.app.get(self.node_institutions_url, expect_errors=True) assert_equal(res.status_code, 401) def test_add_through_patch_one_inst_to_node_with_inst(self): self.node.affiliated_institutions.add(self.institution1) self.node.save() assert_in(self.institution1, self.node.affiliated_institutions.all()) assert_not_in(self.institution2, self.node.affiliated_institutions.all()) res = self.app.patch_json_api( self.node_institutions_url, self.create_payload(self.institution1._id, self.institution2._id), auth=self.user.auth ) assert_equal(res.status_code, 200) self.node.reload() assert_in(self.institution1, self.node.affiliated_institutions.all()) assert_in(self.institution2, self.node.affiliated_institutions.all()) def test_add_through_patch_one_inst_while_removing_other(self): self.node.affiliated_institutions.add(self.institution1) self.node.save() assert_in(self.institution1, self.node.affiliated_institutions.all()) assert_not_in(self.institution2, self.node.affiliated_institutions.all()) res = self.app.patch_json_api( self.node_institutions_url, self.create_payload(self.institution2._id), auth=self.user.auth ) assert_equal(res.status_code, 200) self.node.reload() assert_not_in(self.institution1, self.node.affiliated_institutions.all()) assert_in(self.institution2, self.node.affiliated_institutions.all()) def test_add_one_inst_with_post_to_node_with_inst(self): self.node.affiliated_institutions.add(self.institution1) self.node.save() assert_in(self.institution1, self.node.affiliated_institutions.all()) assert_not_in(self.institution2, self.node.affiliated_institutions.all()) res = self.app.post_json_api( self.node_institutions_url, self.create_payload(self.institution2._id), auth=self.user.auth ) assert_equal(res.status_code, 201) self.node.reload() assert_in(self.institution1, self.node.affiliated_institutions.all()) assert_in(self.institution2, self.node.affiliated_institutions.all()) def test_delete_nothing(self): res = self.app.delete_json_api( self.node_institutions_url, self.create_payload(), auth=self.user.auth ) assert_equal(res.status_code, 204) def test_delete_existing_inst(self): self.node.affiliated_institutions.add(self.institution1) self.node.save() assert_in(self.institution1, self.node.affiliated_institutions.all()) res = self.app.delete_json_api( self.node_institutions_url, self.create_payload(self.institution1._id), auth=self.user.auth ) assert_equal(res.status_code, 204) self.node.reload() assert_not_in(self.institution1, self.node.affiliated_institutions.all()) def test_delete_not_affiliated_and_affiliated_insts(self): self.node.affiliated_institutions.add(self.institution1) self.node.save() assert_in(self.institution1, self.node.affiliated_institutions.all()) assert_not_in(self.institution2, self.node.affiliated_institutions.all()) res = self.app.delete_json_api( self.node_institutions_url, self.create_payload(self.institution1._id, self.institution2._id), auth=self.user.auth, ) assert_equal(res.status_code, 204) self.node.reload() assert_not_in(self.institution1, self.node.affiliated_institutions.all()) assert_not_in(self.institution2, self.node.affiliated_institutions.all()) def test_delete_user_is_admin(self): self.node.affiliated_institutions.add(self.institution1) self.node.save() res = self.app.delete_json_api( self.node_institutions_url, self.create_payload(self.institution1._id), auth=self.user.auth ) assert_equal(res.status_code, 204) def test_delete_user_is_read_write(self): user = AuthUserFactory() user.affiliated_institutions.add(self.institution1) user.save() self.node.add_contributor(user) self.node.affiliated_institutions.add(self.institution1) self.node.save() res = self.app.delete_json_api( self.node_institutions_url, self.create_payload(self.institution1._id), auth=user.auth ) assert_equal(res.status_code, 204) def test_delete_user_is_read_only(self): user = AuthUserFactory() user.affiliated_institutions.add(self.institution1) user.save() self.node.add_contributor(user, permissions=[permissions.READ]) self.node.affiliated_institutions.add(self.institution1) self.node.save() res = self.app.delete_json_api( self.node_institutions_url, self.create_payload(self.institution1._id), auth=user.auth, expect_errors=True ) assert_equal(res.status_code, 403) def test_delete_user_is_admin_but_not_affiliated_with_inst(self): user = AuthUserFactory() node = NodeFactory(creator=user) node.affiliated_institutions.add(self.institution1) node.save() assert_in(self.institution1, node.affiliated_institutions.all()) res = self.app.delete_json_api( '/{0}nodes/{1}/relationships/institutions/'.format(API_BASE, node._id), self.create_payload(self.institution1._id), auth=user.auth, ) assert_equal(res.status_code, 204) node.reload() assert_not_in(self.institution1, node.affiliated_institutions.all()) def test_admin_can_add_affiliated_institution(self): payload = { 'data': [{ 'type': 'institutions', 'id': self.institution1._id }] } res = self.app.post_json_api(self.node_institutions_url, payload, auth=self.user.auth) self.node.reload() assert_equal(res.status_code, 201) assert_in(self.institution1, self.node.affiliated_institutions.all()) def test_admin_can_remove_admin_affiliated_institution(self): self.node.affiliated_institutions.add(self.institution1) payload = { 'data': [{ 'type': 'institutions', 'id': self.institution1._id }] } res = self.app.delete_json_api(self.node_institutions_url, payload, auth=self.user.auth) self.node.reload() assert_equal(res.status_code, 204) assert_not_in(self.institution1, self.node.affiliated_institutions.all()) def test_admin_can_remove_read_write_contributor_affiliated_institution(self): self.node.affiliated_institutions.add(self.read_write_contributor_institution) self.node.save() payload = { 'data': [{ 'type': 'institutions', 'id': self.read_write_contributor_institution._id }] } res = self.app.delete_json_api(self.node_institutions_url, payload, auth=self.user.auth) self.node.reload() assert_equal(res.status_code, 204) assert_not_in(self.read_write_contributor_institution, self.node.affiliated_institutions.all()) def test_read_write_contributor_can_add_affiliated_institution(self): payload = { 'data': [{ 'type': 'institutions', 'id': self.read_write_contributor_institution._id }] } res = self.app.post_json_api(self.node_institutions_url, payload, auth=self.read_write_contributor.auth) self.node.reload() assert_equal(res.status_code, 201) assert_in(self.read_write_contributor_institution, self.node.affiliated_institutions.all()) def test_read_write_contributor_can_remove_affiliated_institution(self): self.node.affiliated_institutions.add(self.read_write_contributor_institution) self.node.save() payload = { 'data': [{ 'type': 'institutions', 'id': self.read_write_contributor_institution._id }] } res = self.app.delete_json_api(self.node_institutions_url, payload, auth=self.read_write_contributor.auth) self.node.reload() assert_equal(res.status_code, 204) assert_not_in(self.read_write_contributor_institution, self.node.affiliated_institutions.all()) def test_read_write_contributor_cannot_remove_admin_affiliated_institution(self): self.node.affiliated_institutions.add(self.institution1) self.node.save() payload = { 'data': [{ 'type': 'institutions', 'id': self.institution1._id }] } res = self.app.delete_json_api(self.node_institutions_url, payload, auth=self.read_write_contributor.auth, expect_errors=True) self.node.reload() assert_equal(res.status_code, 403) assert_in(self.institution1, self.node.affiliated_institutions.all()) def test_read_only_contributor_cannot_remove_admin_affiliated_institution(self): self.node.affiliated_institutions.add(self.institution1) self.node.save() payload = { 'data': [{ 'type': 'institutions', 'id': self.institution1._id }] } res = self.app.delete_json_api(self.node_institutions_url, payload, auth=self.read_only_contributor.auth, expect_errors=True) self.node.reload() assert_equal(res.status_code, 403) assert_in(self.institution1, self.node.affiliated_institutions.all()) def test_read_only_contributor_cannot_add_affiliated_institution(self): payload = { 'data': [{ 'type': 'institutions', 'id': self.read_only_contributor_institution._id }] } res = self.app.post_json_api(self.node_institutions_url, payload, auth=self.read_only_contributor.auth, expect_errors=True) self.node.reload() assert_equal(res.status_code, 403) assert_not_in(self.read_write_contributor_institution, self.node.affiliated_institutions.all()) def test_read_only_contributor_cannot_remove_affiliated_institution(self): self.node.affiliated_institutions.add(self.read_only_contributor_institution) self.node.save() payload = { 'data': [{ 'type': 'institutions', 'id': self.read_only_contributor_institution._id }] } res = self.app.delete_json_api(self.node_institutions_url, payload, auth=self.read_only_contributor.auth, expect_errors=True) self.node.reload() assert_equal(res.status_code, 403) assert_in(self.read_only_contributor_institution, self.node.affiliated_institutions.all())
class TestComponents(OsfTestCase): def setUp(self): super(TestComponents, self).setUp() self.user = AuthUserFactory() self.consolidate_auth = Auth(user=self.user) self.project = ProjectFactory(creator=self.user) self.project.add_contributor(contributor=self.user, auth=self.consolidate_auth) # A non-project componenet self.component = NodeFactory( category='hypothesis', creator=self.user, parent=self.project, ) self.component.save() self.component.set_privacy('public', self.consolidate_auth) self.component.set_privacy('private', self.consolidate_auth) self.project.save() self.project_url = self.project.web_url_for('view_project') def test_sees_parent(self): res = self.app.get(self.component.url, auth=self.user.auth).maybe_follow() parent_title = res.html.find_all('h2', class_='node-parent-title') assert_equal(len(parent_title), 1) assert_in(self.project.title, parent_title[0].text) # Bs4 will handle unescaping HTML here def test_delete_project(self): res = self.app.get( self.component.url + 'settings/', auth=self.user.auth ).maybe_follow() assert_in( 'Delete {0}'.format(self.component.project_or_component), res ) def test_cant_delete_project_if_not_admin(self): non_admin = AuthUserFactory() self.component.add_contributor( non_admin, permissions=['read', 'write'], auth=self.consolidate_auth, save=True, ) res = self.app.get( self.component.url + 'settings/', auth=non_admin.auth ).maybe_follow() assert_not_in( 'Delete {0}'.format(self.component.project_or_component), res ) def test_can_configure_comments_if_admin(self): res = self.app.get( self.component.url + 'settings/', auth=self.user.auth, ).maybe_follow() assert_in('Commenting', res) def test_cant_configure_comments_if_not_admin(self): non_admin = AuthUserFactory() self.component.add_contributor( non_admin, permissions=['read', 'write'], auth=self.consolidate_auth, save=True, ) res = self.app.get( self.component.url + 'settings/', auth=non_admin.auth ).maybe_follow() assert_not_in('Commenting', res) def test_components_should_have_component_list(self): res = self.app.get(self.component.url, auth=self.user.auth) assert_in('Components', res)
class TestInstitutionRelationshipNodes(ApiTestCase): def setUp(self): super(TestInstitutionRelationshipNodes, self).setUp() self.user = AuthUserFactory() self.institution = InstitutionFactory() self.user.affiliated_institutions.add(self.institution) self.user.save() self.node1 = NodeFactory(creator=self.user) self.node2 = NodeFactory(is_public=True) self.node3 = NodeFactory() self.node1.affiliated_institutions.add(self.institution) self.node2.affiliated_institutions.add(self.institution) self.node3.affiliated_institutions.add(self.institution) self.node1.save() self.node2.save() self.node3.save() self.institution_nodes_url = '/{}institutions/{}/relationships/nodes/'.format(API_BASE, self.institution._id) def create_payload(self, *node_ids): data = [ {'type': 'nodes', 'id': id_} for id_ in node_ids ] return {'data': data} def test_get_nodes_no_auth(self): res = self.app.get(self.institution_nodes_url) assert_equal(res.status_code, 200) node_ids = [node['id'] for node in res.json['data']] assert_in(self.node2._id, node_ids) assert_not_in(self.node1._id, node_ids) assert_not_in(self.node3._id, node_ids) def test_get_nodes_with_auth(self): res = self.app.get(self.institution_nodes_url, auth=self.user.auth) assert_equal(res.status_code, 200) node_ids = [node['id'] for node in res.json['data']] assert_in(self.node1._id, node_ids) assert_in(self.node2._id, node_ids) assert_not_in(self.node3._id, node_ids) def test_node_does_not_exist(self): res = self.app.post_json_api( self.institution_nodes_url, self.create_payload('notIdatAll'), expect_errors=True, auth=self.user.auth ) assert_equal(res.status_code, 404) def test_wrong_type(self): node = NodeFactory(creator=self.user) res = self.app.post_json_api( self.institution_nodes_url, {'data': [{'type': 'dugtrio', 'id': node._id}]}, expect_errors=True, auth=self.user.auth ) assert_equal(res.status_code, 409) def test_user_with_nodes_and_permissions(self): node = NodeFactory(creator=self.user) res = self.app.post_json_api( self.institution_nodes_url, self.create_payload(node._id), auth=self.user.auth ) assert_equal(res.status_code, 201) node_ids = [node_['id'] for node_ in res.json['data']] assert_in(node._id, node_ids) node.reload() assert_in(self.institution, node.affiliated_institutions.all()) def test_user_does_not_have_node(self): node = NodeFactory() res = self.app.post_json_api( self.institution_nodes_url, self.create_payload(node._id), expect_errors=True, auth=self.user.auth ) assert_equal(res.status_code, 403) node.reload() assert_not_in(self.institution, node.affiliated_institutions.all()) def test_user_is_admin(self): node = NodeFactory(creator=self.user) res = self.app.post_json_api( self.institution_nodes_url, self.create_payload(node._id), auth=self.user.auth ) assert_equal(res.status_code, 201) node.reload() assert_in(self.institution, node.affiliated_institutions.all()) def test_user_is_read_write(self): user = AuthUserFactory() user.affiliated_institutions.add(self.institution) node = NodeFactory() node.add_contributor(user) node.save() res = self.app.post_json_api( self.institution_nodes_url, self.create_payload(node._id), auth=user.auth ) assert_equal(res.status_code, 201) node.reload() assert_in(self.institution, node.affiliated_institutions.all()) def test_user_is_read_only(self): user = AuthUserFactory() user.affiliated_institutions.add(self.institution) node = NodeFactory() node.add_contributor(user, permissions=[permissions.READ]) node.save() res = self.app.post_json_api( self.institution_nodes_url, self.create_payload(node._id), auth=user.auth, expect_errors=True ) assert_equal(res.status_code, 403) node.reload() assert_not_in(self.institution, node.affiliated_institutions.all()) def test_user_is_admin_but_not_affiliated(self): user = AuthUserFactory() node = NodeFactory(creator=user) res = self.app.post_json_api( self.institution_nodes_url, self.create_payload(node._id), expect_errors=True, auth=user.auth ) assert_equal(res.status_code, 403) node.reload() assert_not_in(self.institution, node.affiliated_institutions.all()) def test_add_some_with_permissions_others_without(self): node1 = NodeFactory(creator=self.user) node2 = NodeFactory() res = self.app.post_json_api( self.institution_nodes_url, self.create_payload(node1._id, node2._id), expect_errors=True, auth=self.user.auth ) assert_equal(res.status_code, 403) node1.reload() node2.reload() assert_not_in(self.institution, node1.affiliated_institutions.all()) assert_not_in(self.institution, node2.affiliated_institutions.all()) def test_add_some_existant_others_not(self): assert_in(self.institution, self.node1.affiliated_institutions.all()) node = NodeFactory(creator=self.user) res = self.app.post_json_api( self.institution_nodes_url, self.create_payload(node._id, self.node1._id), auth=self.user.auth ) assert_equal(res.status_code, 201) node.reload() self.node1.reload() assert_in(self.institution, self.node1.affiliated_institutions.all()) assert_in(self.institution, node.affiliated_institutions.all()) def test_only_add_existent_with_mixed_permissions(self): assert_in(self.institution, self.node1.affiliated_institutions.all()) assert_in(self.institution, self.node2.affiliated_institutions.all()) res = self.app.post_json_api( self.institution_nodes_url, self.create_payload(self.node2._id, self.node1._id), expect_errors=True, auth=self.user.auth ) assert_equal(res.status_code, 403) self.node1.reload() self.node2.reload() assert_in(self.institution, self.node1.affiliated_institutions.all()) assert_in(self.institution, self.node2.affiliated_institutions.all()) def test_only_add_existent_with_permissions(self): node = NodeFactory(creator=self.user) node.affiliated_institutions.add(self.institution) node.save() assert_in(self.institution, self.node1.affiliated_institutions.all()) assert_in(self.institution, node.affiliated_institutions.all()) res = self.app.post_json_api( self.institution_nodes_url, self.create_payload(node._id, self.node1._id), auth=self.user.auth ) assert_equal(res.status_code, 204) def test_delete_user_is_admin(self): res = self.app.delete_json_api( self.institution_nodes_url, self.create_payload(self.node1._id), auth=self.user.auth ) self.node1.reload() assert_equal(res.status_code, 204) assert_not_in(self.institution, self.node1.affiliated_institutions.all()) def test_delete_user_is_read_write(self): self.node3.add_contributor(self.user) self.node3.save() res = self.app.delete_json_api( self.institution_nodes_url, self.create_payload(self.node3._id), auth=self.user.auth ) self.node3.reload() assert_equal(res.status_code, 204) assert_not_in(self.institution, self.node3.affiliated_institutions.all()) def test_delete_user_is_read_only(self): self.node3.add_contributor(self.user, permissions='read') self.node3.save() res = self.app.delete_json_api( self.institution_nodes_url, self.create_payload(self.node3._id), auth=self.user.auth, expect_errors=True ) self.node3.reload() assert_equal(res.status_code, 403) assert_in(self.institution, self.node3.affiliated_institutions.all()) def test_delete_user_is_admin_and_affiliated_with_inst(self): assert_in(self.institution, self.node1.affiliated_institutions.all()) res = self.app.delete_json_api( self.institution_nodes_url, self.create_payload(self.node1._id), auth=self.user.auth ) assert_equal(res.status_code, 204) self.node1.reload() assert_not_in(self.institution, self.node1.affiliated_institutions.all()) def test_delete_user_is_admin_but_not_affiliated_with_inst(self): user = AuthUserFactory() node = NodeFactory(creator=user) node.affiliated_institutions.add(self.institution) node.save() assert_in(self.institution, node.affiliated_institutions.all()) res = self.app.delete_json_api( self.institution_nodes_url, self.create_payload(node._id), auth=user.auth ) assert_equal(res.status_code, 204) node.reload() assert_not_in(self.institution, node.affiliated_institutions.all()) def test_delete_user_is_affiliated_with_inst_and_mixed_permissions_on_nodes(self): res = self.app.delete_json_api( self.institution_nodes_url, self.create_payload(self.node1._id, self.node2._id), expect_errors=True, auth=self.user.auth ) assert_equal(res.status_code, 403)
def contributor_node(self, user, contributor): contributor_node = NodeFactory(creator=contributor) contributor_node.add_contributor(user, auth=Auth(contributor)) contributor_node.save() return contributor_node
class TestNodeLinkedNodes(ApiTestCase): def setUp(self): super(TestNodeLinkedNodes, self).setUp() self.user = AuthUserFactory() self.auth = Auth(self.user) self.linking_node = NodeFactory(creator=self.user) self.linked_node = NodeFactory(creator=self.user) self.linked_node2 = NodeFactory(creator=self.user) self.public_node = NodeFactory(is_public=True, creator=self.user) self.linking_node.add_pointer(self.linked_node, auth=self.auth) self.linking_node.add_pointer(self.linked_node2, auth=self.auth) self.linking_node.add_pointer(self.public_node, auth=self.auth) self.linking_node.save() self.url = '/{}nodes/{}/linked_nodes/'.format(API_BASE, self.linking_node._id) self.node_ids = self.linking_node.linked_nodes.values_list( 'guids___id', flat=True) def test_linked_nodes_returns_everything(self): res = self.app.get(self.url, auth=self.user.auth) assert_equal(res.status_code, 200) nodes_returned = [ linked_node['id'] for linked_node in res.json['data'] ] assert_equal(len(nodes_returned), len(self.node_ids)) for node_id in self.node_ids: assert_in(node_id, nodes_returned) def test_linked_nodes_only_return_viewable_nodes(self): user = AuthUserFactory() new_linking_node = NodeFactory(creator=user) self.linked_node.add_contributor(user, auth=self.auth, save=True) self.linked_node2.add_contributor(user, auth=self.auth, save=True) self.public_node.add_contributor(user, auth=self.auth, save=True) new_linking_node.add_pointer(self.linked_node, auth=Auth(user)) new_linking_node.add_pointer(self.linked_node2, auth=Auth(user)) new_linking_node.add_pointer(self.public_node, auth=Auth(user)) new_linking_node.save() res = self.app.get('/{}nodes/{}/linked_nodes/'.format( API_BASE, new_linking_node._id), auth=user.auth) assert_equal(res.status_code, 200) nodes_returned = [ linked_node['id'] for linked_node in res.json['data'] ] assert_equal(len(nodes_returned), len(self.node_ids)) for node_id in self.node_ids: assert_in(node_id, nodes_returned) # Disconnect contributor_removed so that we don't check in files # We can remove this when StoredFileNode is implemented in osf-models with disconnected_from_listeners(contributor_removed): self.linked_node2.remove_contributor(user, auth=self.auth) self.public_node.remove_contributor(user, auth=self.auth) res = self.app.get('/{}nodes/{}/linked_nodes/'.format( API_BASE, new_linking_node._id), auth=user.auth) nodes_returned = [ linked_node['id'] for linked_node in res.json['data'] ] assert_equal(len(nodes_returned), len(self.node_ids) - 1) assert_in(self.linked_node._id, nodes_returned) assert_in(self.public_node._id, nodes_returned) assert_not_in(self.linked_node2._id, nodes_returned) def test_linked_nodes_doesnt_return_deleted_nodes(self): self.linked_node.is_deleted = True self.linked_node.save() res = self.app.get(self.url, auth=self.user.auth) assert_equal(res.status_code, 200) nodes_returned = [ linked_node['id'] for linked_node in res.json['data'] ] assert_equal(len(nodes_returned), len(self.node_ids) - 1) assert_not_in(self.linked_node._id, nodes_returned) assert_in(self.linked_node2._id, nodes_returned) assert_in(self.public_node._id, nodes_returned) def test_attempt_to_return_linked_nodes_logged_out(self): res = self.app.get(self.url, auth=None, expect_errors=True) assert_equal(res.status_code, 401)
def node_contrib(self, user, user_two): node_contrib = NodeFactory(creator=user_two) node_contrib.add_contributor(user, auth=Auth(user_two)) node_contrib.save() return node_contrib