def test_user_is_admin(self): node = NodeFactory(creator=self.user) res = self.app.post_json_api(self.institution_nodes_url, self.create_payload(node._id), auth=self.user.auth) assert_equal(res.status_code, 201) node.reload() assert_in(self.institution, node.affiliated_institutions.all())
def test_a_public_component_from_home_page(self): component = NodeFactory(title='Foobar Component', is_public=True) # Searches a part of the name res = self.app.get('/').maybe_follow() component.reload() form = res.forms['searchBar'] form['q'] = 'Foobar' res = form.submit().maybe_follow() # A link to the component is shown as a result assert_in('Foobar Component', res)
def test_user_does_not_have_node(self): node = NodeFactory() res = self.app.post_json_api(self.institution_nodes_url, self.create_payload(node._id), expect_errors=True, auth=self.user.auth) assert_equal(res.status_code, 403) node.reload() assert_not_in(self.institution, node.affiliated_institutions.all())
def test_user_is_admin(self): node = NodeFactory(creator=self.user) res = self.app.post_json_api( self.institution_nodes_url, self.create_payload(node._id), auth=self.user.auth ) assert_equal(res.status_code, 201) node.reload() assert_in(self.institution, node.affiliated_institutions.all())
def test_user_is_admin_but_not_affiliated(self): user = AuthUserFactory() node = NodeFactory(creator=user) res = self.app.post_json_api(self.institution_nodes_url, self.create_payload(node._id), expect_errors=True, auth=user.auth) assert_equal(res.status_code, 403) node.reload() assert_not_in(self.institution, node.affiliated_institutions.all())
def test_user_does_not_have_node(self): node = NodeFactory() res = self.app.post_json_api( self.institution_nodes_url, self.create_payload(node._id), expect_errors=True, auth=self.user.auth ) assert_equal(res.status_code, 403) node.reload() assert_not_in(self.institution, node.affiliated_institutions.all())
def test_user_with_nodes_and_permissions(self): node = NodeFactory(creator=self.user) res = self.app.post_json_api(self.institution_nodes_url, self.create_payload(node._id), auth=self.user.auth) assert_equal(res.status_code, 201) node_ids = [node_['id'] for node_ in res.json['data']] assert_in(node._id, node_ids) node.reload() assert_in(self.institution, node.affiliated_institutions.all())
def test_user_is_admin_but_not_affiliated(self, app, url_institution_nodes, institution): user = AuthUserFactory() node = NodeFactory(creator=user) res = app.post_json_api(url_institution_nodes, make_payload(node._id), expect_errors=True, auth=user.auth) assert res.status_code == 403 node.reload() assert institution not in node.affiliated_institutions.all()
def test_add_some_with_permissions_others_without(self): node1 = NodeFactory(creator=self.user) node2 = NodeFactory() res = self.app.post_json_api(self.institution_nodes_url, self.create_payload(node1._id, node2._id), expect_errors=True, auth=self.user.auth) assert_equal(res.status_code, 403) node1.reload() node2.reload() assert_not_in(self.institution, node1.affiliated_institutions.all()) assert_not_in(self.institution, node2.affiliated_institutions.all())
def test_new_draft_registration_POST(self): target = NodeFactory(creator=self.user) payload = { 'schema_name': self.meta_schema.name, 'schema_version': self.meta_schema.schema_version } url = target.web_url_for('new_draft_registration') res = self.app.post(url, payload, auth=self.user.auth) assert_equal(res.status_code, http.FOUND) target.reload() draft = DraftRegistration.objects.get(branched_from=target) assert_equal(draft.registration_schema, self.meta_schema)
def test_user_is_read_write(self): user = AuthUserFactory() user.affiliated_institutions.add(self.institution) node = NodeFactory() node.add_contributor(user) node.save() res = self.app.post_json_api(self.institution_nodes_url, self.create_payload(node._id), auth=user.auth) assert_equal(res.status_code, 201) node.reload() assert_in(self.institution, node.affiliated_institutions.all())
def test_user_is_admin_but_not_affiliated(self): user = AuthUserFactory() node = NodeFactory(creator=user) res = self.app.post_json_api( self.institution_nodes_url, self.create_payload(node._id), expect_errors=True, auth=user.auth ) assert_equal(res.status_code, 403) node.reload() assert_not_in(self.institution, node.affiliated_institutions.all())
def test_user_is_admin_but_not_affiliated( self, app, url_institution_nodes, institution): user = AuthUserFactory() node = NodeFactory(creator=user) res = app.post_json_api( url_institution_nodes, make_payload(node._id), expect_errors=True, auth=user.auth ) assert res.status_code == 403 node.reload() assert institution not in node.affiliated_institutions.all()
def test_delete_user_is_admin_but_not_affiliated_with_inst(self): user = AuthUserFactory() node = NodeFactory(creator=user) node.affiliated_institutions.add(self.institution) node.save() assert_in(self.institution, node.affiliated_institutions.all()) res = self.app.delete_json_api(self.institution_nodes_url, self.create_payload(node._id), auth=user.auth) assert_equal(res.status_code, 204) node.reload() assert_not_in(self.institution, node.affiliated_institutions.all())
def test_add_some_existant_others_not(self): assert_in(self.institution, self.node1.affiliated_institutions.all()) node = NodeFactory(creator=self.user) res = self.app.post_json_api(self.institution_nodes_url, self.create_payload( node._id, self.node1._id), auth=self.user.auth) assert_equal(res.status_code, 201) node.reload() self.node1.reload() assert_in(self.institution, self.node1.affiliated_institutions.all()) assert_in(self.institution, node.affiliated_institutions.all())
def test_user_with_nodes_and_permissions(self): node = NodeFactory(creator=self.user) res = self.app.post_json_api( self.institution_nodes_url, self.create_payload(node._id), auth=self.user.auth ) assert_equal(res.status_code, 201) node_ids = [node_['id'] for node_ in res.json['data']] assert_in(node._id, node_ids) node.reload() assert_in(self.institution, node.affiliated_institutions.all())
def test_add_some_with_permissions_others_without(self): node1 = NodeFactory(creator=self.user) node2 = NodeFactory() res = self.app.post_json_api( self.institution_nodes_url, self.create_payload(node1._id, node2._id), expect_errors=True, auth=self.user.auth ) assert_equal(res.status_code, 403) node1.reload() node2.reload() assert_not_in(self.institution, node1.affiliated_institutions.all()) assert_not_in(self.institution, node2.affiliated_institutions.all())
def test_add_some_existant_others_not(self): assert_in(self.institution, self.node1.affiliated_institutions.all()) node = NodeFactory(creator=self.user) res = self.app.post_json_api( self.institution_nodes_url, self.create_payload(node._id, self.node1._id), auth=self.user.auth ) assert_equal(res.status_code, 201) node.reload() self.node1.reload() assert_in(self.institution, self.node1.affiliated_institutions.all()) assert_in(self.institution, node.affiliated_institutions.all())
def test_user_is_read_write(self): user = AuthUserFactory() user.affiliated_institutions.add(self.institution) node = NodeFactory() node.add_contributor(user) node.save() res = self.app.post_json_api( self.institution_nodes_url, self.create_payload(node._id), auth=user.auth ) assert_equal(res.status_code, 201) node.reload() assert_in(self.institution, node.affiliated_institutions.all())
def test_user_is_read_only(self): user = AuthUserFactory() user.affiliated_institutions.add(self.institution) node = NodeFactory() node.add_contributor(user, permissions=[permissions.READ]) node.save() res = self.app.post_json_api(self.institution_nodes_url, self.create_payload(node._id), auth=user.auth, expect_errors=True) assert_equal(res.status_code, 403) node.reload() assert_not_in(self.institution, node.affiliated_institutions.all())
def test_delete_user_is_admin_but_not_affiliated_with_inst( self, institution, app, url_institution_nodes): user = AuthUserFactory() node = NodeFactory(creator=user) node.affiliated_institutions.add(institution) node.save() assert institution in node.affiliated_institutions.all() res = app.delete_json_api(url_institution_nodes, make_payload(node._id), auth=user.auth) assert res.status_code == 204 node.reload() assert institution not in node.affiliated_institutions.all()
def test_delete_user_is_admin_but_not_affiliated_with_inst(self, app, institution_one, create_payload): user = AuthUserFactory() node = NodeFactory(creator=user) node.affiliated_institutions.add(institution_one) node.save() assert institution_one in node.affiliated_institutions.all() res = app.delete_json_api( '/{0}nodes/{1}/relationships/institutions/'.format(API_BASE, node._id), create_payload(institution_one._id), auth=user.auth, ) assert res.status_code == 204 node.reload() assert institution_one not in node.affiliated_institutions.all()
def test_delete_user_is_admin_but_not_affiliated_with_inst(self): user = AuthUserFactory() node = NodeFactory(creator=user) node.affiliated_institutions.add(self.institution1) node.save() assert_in(self.institution1, node.affiliated_institutions.all()) res = self.app.delete_json_api( '/{0}nodes/{1}/relationships/institutions/'.format(API_BASE, node._id), self.create_payload(self.institution1._id), auth=user.auth, ) assert_equal(res.status_code, 204) node.reload() assert_not_in(self.institution1, node.affiliated_institutions.all())
def test_delete_user_is_admin_but_not_affiliated_with_inst(self): user = AuthUserFactory() node = NodeFactory(creator=user) node.affiliated_institutions.add(self.institution) node.save() assert_in(self.institution, node.affiliated_institutions.all()) res = self.app.delete_json_api( self.institution_nodes_url, self.create_payload(node._id), auth=user.auth ) assert_equal(res.status_code, 204) node.reload() assert_not_in(self.institution, node.affiliated_institutions.all())
def test_delete_user_is_admin_but_not_affiliated_with_inst( self, institution, app, url_institution_nodes): user = AuthUserFactory() node = NodeFactory(creator=user) node.affiliated_institutions.add(institution) node.save() assert institution in node.affiliated_institutions.all() res = app.delete_json_api( url_institution_nodes, make_payload(node._id), auth=user.auth ) assert res.status_code == 204 node.reload() assert institution not in node.affiliated_institutions.all()
def test_user_is_read_only(self): user = AuthUserFactory() user.affiliated_institutions.add(self.institution) node = NodeFactory() node.add_contributor(user, permissions=[permissions.READ]) node.save() res = self.app.post_json_api( self.institution_nodes_url, self.create_payload(node._id), auth=user.auth, expect_errors=True ) assert_equal(res.status_code, 403) node.reload() assert_not_in(self.institution, node.affiliated_institutions.all())
def test_delete_user_is_admin_but_not_affiliated_with_inst( self, app, institution_one, create_payload): user = AuthUserFactory() node = NodeFactory(creator=user) node.affiliated_institutions.add(institution_one) node.save() assert institution_one in node.affiliated_institutions.all() res = app.delete_json_api( '/{0}nodes/{1}/relationships/institutions/'.format( API_BASE, node._id), create_payload(institution_one._id), auth=user.auth, ) assert res.status_code == 204 node.reload() assert institution_one not in node.affiliated_institutions.all()
class TestInstitutionRelationshipNodes(ApiTestCase): def setUp(self): super(TestInstitutionRelationshipNodes, self).setUp() self.user = AuthUserFactory() self.institution = InstitutionFactory() self.user.affiliated_institutions.add(self.institution) self.user.save() self.node1 = NodeFactory(creator=self.user) self.node2 = NodeFactory(is_public=True) self.node3 = NodeFactory() self.node1.affiliated_institutions.add(self.institution) self.node2.affiliated_institutions.add(self.institution) self.node3.affiliated_institutions.add(self.institution) self.node1.save() self.node2.save() self.node3.save() self.institution_nodes_url = '/{}institutions/{}/relationships/nodes/'.format(API_BASE, self.institution._id) def create_payload(self, *node_ids): data = [ {'type': 'nodes', 'id': id_} for id_ in node_ids ] return {'data': data} def test_get_nodes_no_auth(self): res = self.app.get(self.institution_nodes_url) assert_equal(res.status_code, 200) node_ids = [node['id'] for node in res.json['data']] assert_in(self.node2._id, node_ids) assert_not_in(self.node1._id, node_ids) assert_not_in(self.node3._id, node_ids) def test_get_nodes_with_auth(self): res = self.app.get(self.institution_nodes_url, auth=self.user.auth) assert_equal(res.status_code, 200) node_ids = [node['id'] for node in res.json['data']] assert_in(self.node1._id, node_ids) assert_in(self.node2._id, node_ids) assert_not_in(self.node3._id, node_ids) def test_node_does_not_exist(self): res = self.app.post_json_api( self.institution_nodes_url, self.create_payload('notIdatAll'), expect_errors=True, auth=self.user.auth ) assert_equal(res.status_code, 404) def test_wrong_type(self): node = NodeFactory(creator=self.user) res = self.app.post_json_api( self.institution_nodes_url, {'data': [{'type': 'dugtrio', 'id': node._id}]}, expect_errors=True, auth=self.user.auth ) assert_equal(res.status_code, 409) def test_user_with_nodes_and_permissions(self): node = NodeFactory(creator=self.user) res = self.app.post_json_api( self.institution_nodes_url, self.create_payload(node._id), auth=self.user.auth ) assert_equal(res.status_code, 201) node_ids = [node_['id'] for node_ in res.json['data']] assert_in(node._id, node_ids) node.reload() assert_in(self.institution, node.affiliated_institutions.all()) def test_user_does_not_have_node(self): node = NodeFactory() res = self.app.post_json_api( self.institution_nodes_url, self.create_payload(node._id), expect_errors=True, auth=self.user.auth ) assert_equal(res.status_code, 403) node.reload() assert_not_in(self.institution, node.affiliated_institutions.all()) def test_user_is_admin(self): node = NodeFactory(creator=self.user) res = self.app.post_json_api( self.institution_nodes_url, self.create_payload(node._id), auth=self.user.auth ) assert_equal(res.status_code, 201) node.reload() assert_in(self.institution, node.affiliated_institutions.all()) def test_user_is_read_write(self): user = AuthUserFactory() user.affiliated_institutions.add(self.institution) node = NodeFactory() node.add_contributor(user) node.save() res = self.app.post_json_api( self.institution_nodes_url, self.create_payload(node._id), auth=user.auth ) assert_equal(res.status_code, 201) node.reload() assert_in(self.institution, node.affiliated_institutions.all()) def test_user_is_read_only(self): user = AuthUserFactory() user.affiliated_institutions.add(self.institution) node = NodeFactory() node.add_contributor(user, permissions=[permissions.READ]) node.save() res = self.app.post_json_api( self.institution_nodes_url, self.create_payload(node._id), auth=user.auth, expect_errors=True ) assert_equal(res.status_code, 403) node.reload() assert_not_in(self.institution, node.affiliated_institutions.all()) def test_user_is_admin_but_not_affiliated(self): user = AuthUserFactory() node = NodeFactory(creator=user) res = self.app.post_json_api( self.institution_nodes_url, self.create_payload(node._id), expect_errors=True, auth=user.auth ) assert_equal(res.status_code, 403) node.reload() assert_not_in(self.institution, node.affiliated_institutions.all()) def test_add_some_with_permissions_others_without(self): node1 = NodeFactory(creator=self.user) node2 = NodeFactory() res = self.app.post_json_api( self.institution_nodes_url, self.create_payload(node1._id, node2._id), expect_errors=True, auth=self.user.auth ) assert_equal(res.status_code, 403) node1.reload() node2.reload() assert_not_in(self.institution, node1.affiliated_institutions.all()) assert_not_in(self.institution, node2.affiliated_institutions.all()) def test_add_some_existant_others_not(self): assert_in(self.institution, self.node1.affiliated_institutions.all()) node = NodeFactory(creator=self.user) res = self.app.post_json_api( self.institution_nodes_url, self.create_payload(node._id, self.node1._id), auth=self.user.auth ) assert_equal(res.status_code, 201) node.reload() self.node1.reload() assert_in(self.institution, self.node1.affiliated_institutions.all()) assert_in(self.institution, node.affiliated_institutions.all()) def test_only_add_existent_with_mixed_permissions(self): assert_in(self.institution, self.node1.affiliated_institutions.all()) assert_in(self.institution, self.node2.affiliated_institutions.all()) res = self.app.post_json_api( self.institution_nodes_url, self.create_payload(self.node2._id, self.node1._id), expect_errors=True, auth=self.user.auth ) assert_equal(res.status_code, 403) self.node1.reload() self.node2.reload() assert_in(self.institution, self.node1.affiliated_institutions.all()) assert_in(self.institution, self.node2.affiliated_institutions.all()) def test_only_add_existent_with_permissions(self): node = NodeFactory(creator=self.user) node.affiliated_institutions.add(self.institution) node.save() assert_in(self.institution, self.node1.affiliated_institutions.all()) assert_in(self.institution, node.affiliated_institutions.all()) res = self.app.post_json_api( self.institution_nodes_url, self.create_payload(node._id, self.node1._id), auth=self.user.auth ) assert_equal(res.status_code, 204) def test_delete_user_is_admin(self): res = self.app.delete_json_api( self.institution_nodes_url, self.create_payload(self.node1._id), auth=self.user.auth ) self.node1.reload() assert_equal(res.status_code, 204) assert_not_in(self.institution, self.node1.affiliated_institutions.all()) def test_delete_user_is_read_write(self): self.node3.add_contributor(self.user) self.node3.save() res = self.app.delete_json_api( self.institution_nodes_url, self.create_payload(self.node3._id), auth=self.user.auth ) self.node3.reload() assert_equal(res.status_code, 204) assert_not_in(self.institution, self.node3.affiliated_institutions.all()) def test_delete_user_is_read_only(self): self.node3.add_contributor(self.user, permissions='read') self.node3.save() res = self.app.delete_json_api( self.institution_nodes_url, self.create_payload(self.node3._id), auth=self.user.auth, expect_errors=True ) self.node3.reload() assert_equal(res.status_code, 403) assert_in(self.institution, self.node3.affiliated_institutions.all()) def test_delete_user_is_admin_and_affiliated_with_inst(self): assert_in(self.institution, self.node1.affiliated_institutions.all()) res = self.app.delete_json_api( self.institution_nodes_url, self.create_payload(self.node1._id), auth=self.user.auth ) assert_equal(res.status_code, 204) self.node1.reload() assert_not_in(self.institution, self.node1.affiliated_institutions.all()) def test_delete_user_is_admin_but_not_affiliated_with_inst(self): user = AuthUserFactory() node = NodeFactory(creator=user) node.affiliated_institutions.add(self.institution) node.save() assert_in(self.institution, node.affiliated_institutions.all()) res = self.app.delete_json_api( self.institution_nodes_url, self.create_payload(node._id), auth=user.auth ) assert_equal(res.status_code, 204) node.reload() assert_not_in(self.institution, node.affiliated_institutions.all()) def test_delete_user_is_affiliated_with_inst_and_mixed_permissions_on_nodes(self): res = self.app.delete_json_api( self.institution_nodes_url, self.create_payload(self.node1._id, self.node2._id), expect_errors=True, auth=self.user.auth ) assert_equal(res.status_code, 403)
class TestInstitutionRelationshipNodes(ApiTestCase): def setUp(self): super(TestInstitutionRelationshipNodes, self).setUp() self.user = AuthUserFactory() self.institution = InstitutionFactory() self.user.affiliated_institutions.add(self.institution) self.user.save() self.node1 = NodeFactory(creator=self.user) self.node2 = NodeFactory(is_public=True) self.node3 = NodeFactory() self.node1.affiliated_institutions.add(self.institution) self.node2.affiliated_institutions.add(self.institution) self.node3.affiliated_institutions.add(self.institution) self.node1.save() self.node2.save() self.node3.save() self.institution_nodes_url = '/{}institutions/{}/relationships/nodes/'.format( API_BASE, self.institution._id) def create_payload(self, *node_ids): data = [{'type': 'nodes', 'id': id_} for id_ in node_ids] return {'data': data} def test_get_nodes_no_auth(self): res = self.app.get(self.institution_nodes_url) assert_equal(res.status_code, 200) node_ids = [node['id'] for node in res.json['data']] assert_in(self.node2._id, node_ids) assert_not_in(self.node1._id, node_ids) assert_not_in(self.node3._id, node_ids) def test_get_nodes_with_auth(self): res = self.app.get(self.institution_nodes_url, auth=self.user.auth) assert_equal(res.status_code, 200) node_ids = [node['id'] for node in res.json['data']] assert_in(self.node1._id, node_ids) assert_in(self.node2._id, node_ids) assert_not_in(self.node3._id, node_ids) def test_node_does_not_exist(self): res = self.app.post_json_api(self.institution_nodes_url, self.create_payload('notIdatAll'), expect_errors=True, auth=self.user.auth) assert_equal(res.status_code, 404) def test_wrong_type(self): node = NodeFactory(creator=self.user) res = self.app.post_json_api( self.institution_nodes_url, {'data': [{ 'type': 'dugtrio', 'id': node._id }]}, expect_errors=True, auth=self.user.auth) assert_equal(res.status_code, 409) def test_user_with_nodes_and_permissions(self): node = NodeFactory(creator=self.user) res = self.app.post_json_api(self.institution_nodes_url, self.create_payload(node._id), auth=self.user.auth) assert_equal(res.status_code, 201) node_ids = [node_['id'] for node_ in res.json['data']] assert_in(node._id, node_ids) node.reload() assert_in(self.institution, node.affiliated_institutions.all()) def test_user_does_not_have_node(self): node = NodeFactory() res = self.app.post_json_api(self.institution_nodes_url, self.create_payload(node._id), expect_errors=True, auth=self.user.auth) assert_equal(res.status_code, 403) node.reload() assert_not_in(self.institution, node.affiliated_institutions.all()) def test_user_is_admin(self): node = NodeFactory(creator=self.user) res = self.app.post_json_api(self.institution_nodes_url, self.create_payload(node._id), auth=self.user.auth) assert_equal(res.status_code, 201) node.reload() assert_in(self.institution, node.affiliated_institutions.all()) def test_user_is_read_write(self): user = AuthUserFactory() user.affiliated_institutions.add(self.institution) node = NodeFactory() node.add_contributor(user) node.save() res = self.app.post_json_api(self.institution_nodes_url, self.create_payload(node._id), auth=user.auth) assert_equal(res.status_code, 201) node.reload() assert_in(self.institution, node.affiliated_institutions.all()) def test_user_is_read_only(self): user = AuthUserFactory() user.affiliated_institutions.add(self.institution) node = NodeFactory() node.add_contributor(user, permissions=[permissions.READ]) node.save() res = self.app.post_json_api(self.institution_nodes_url, self.create_payload(node._id), auth=user.auth, expect_errors=True) assert_equal(res.status_code, 403) node.reload() assert_not_in(self.institution, node.affiliated_institutions.all()) def test_user_is_admin_but_not_affiliated(self): user = AuthUserFactory() node = NodeFactory(creator=user) res = self.app.post_json_api(self.institution_nodes_url, self.create_payload(node._id), expect_errors=True, auth=user.auth) assert_equal(res.status_code, 403) node.reload() assert_not_in(self.institution, node.affiliated_institutions.all()) def test_add_some_with_permissions_others_without(self): node1 = NodeFactory(creator=self.user) node2 = NodeFactory() res = self.app.post_json_api(self.institution_nodes_url, self.create_payload(node1._id, node2._id), expect_errors=True, auth=self.user.auth) assert_equal(res.status_code, 403) node1.reload() node2.reload() assert_not_in(self.institution, node1.affiliated_institutions.all()) assert_not_in(self.institution, node2.affiliated_institutions.all()) def test_add_some_existant_others_not(self): assert_in(self.institution, self.node1.affiliated_institutions.all()) node = NodeFactory(creator=self.user) res = self.app.post_json_api(self.institution_nodes_url, self.create_payload( node._id, self.node1._id), auth=self.user.auth) assert_equal(res.status_code, 201) node.reload() self.node1.reload() assert_in(self.institution, self.node1.affiliated_institutions.all()) assert_in(self.institution, node.affiliated_institutions.all()) def test_only_add_existent_with_mixed_permissions(self): assert_in(self.institution, self.node1.affiliated_institutions.all()) assert_in(self.institution, self.node2.affiliated_institutions.all()) res = self.app.post_json_api(self.institution_nodes_url, self.create_payload( self.node2._id, self.node1._id), expect_errors=True, auth=self.user.auth) assert_equal(res.status_code, 403) self.node1.reload() self.node2.reload() assert_in(self.institution, self.node1.affiliated_institutions.all()) assert_in(self.institution, self.node2.affiliated_institutions.all()) def test_only_add_existent_with_permissions(self): node = NodeFactory(creator=self.user) node.affiliated_institutions.add(self.institution) node.save() assert_in(self.institution, self.node1.affiliated_institutions.all()) assert_in(self.institution, node.affiliated_institutions.all()) res = self.app.post_json_api(self.institution_nodes_url, self.create_payload( node._id, self.node1._id), auth=self.user.auth) assert_equal(res.status_code, 204) def test_delete_user_is_admin(self): res = self.app.delete_json_api(self.institution_nodes_url, self.create_payload(self.node1._id), auth=self.user.auth) self.node1.reload() assert_equal(res.status_code, 204) assert_not_in(self.institution, self.node1.affiliated_institutions.all()) def test_delete_user_is_read_write(self): self.node3.add_contributor(self.user) self.node3.save() res = self.app.delete_json_api(self.institution_nodes_url, self.create_payload(self.node3._id), auth=self.user.auth) self.node3.reload() assert_equal(res.status_code, 204) assert_not_in(self.institution, self.node3.affiliated_institutions.all()) def test_delete_user_is_read_only(self): self.node3.add_contributor(self.user, permissions='read') self.node3.save() res = self.app.delete_json_api(self.institution_nodes_url, self.create_payload(self.node3._id), auth=self.user.auth, expect_errors=True) self.node3.reload() assert_equal(res.status_code, 403) assert_in(self.institution, self.node3.affiliated_institutions.all()) def test_delete_user_is_admin_and_affiliated_with_inst(self): assert_in(self.institution, self.node1.affiliated_institutions.all()) res = self.app.delete_json_api(self.institution_nodes_url, self.create_payload(self.node1._id), auth=self.user.auth) assert_equal(res.status_code, 204) self.node1.reload() assert_not_in(self.institution, self.node1.affiliated_institutions.all()) def test_delete_user_is_admin_but_not_affiliated_with_inst(self): user = AuthUserFactory() node = NodeFactory(creator=user) node.affiliated_institutions.add(self.institution) node.save() assert_in(self.institution, node.affiliated_institutions.all()) res = self.app.delete_json_api(self.institution_nodes_url, self.create_payload(node._id), auth=user.auth) assert_equal(res.status_code, 204) node.reload() assert_not_in(self.institution, node.affiliated_institutions.all()) def test_delete_user_is_affiliated_with_inst_and_mixed_permissions_on_nodes( self): res = self.app.delete_json_api(self.institution_nodes_url, self.create_payload( self.node1._id, self.node2._id), expect_errors=True, auth=self.user.auth) assert_equal(res.status_code, 403)
class TestNodeRelationshipInstitutions(ApiTestCase): def setUp(self): super(TestNodeRelationshipInstitutions, self).setUp() self.institution2 = InstitutionFactory() self.institution1 = InstitutionFactory() self.user = AuthUserFactory() self.user.affiliated_institutions.add(self.institution1) self.user.affiliated_institutions.add(self.institution2) self.user.save() self.read_write_contributor = AuthUserFactory() self.read_write_contributor_institution = InstitutionFactory() self.read_write_contributor.affiliated_institutions.add(self.read_write_contributor_institution) self.read_write_contributor.save() self.read_only_contributor = AuthUserFactory() self.read_only_contributor_institution = InstitutionFactory() self.read_only_contributor.affiliated_institutions.add(self.read_only_contributor_institution) self.read_only_contributor.save() self.node = NodeFactory(creator=self.user) self.node.add_contributor(self.read_write_contributor, permissions=[permissions.WRITE]) self.node.add_contributor(self.read_only_contributor, permissions=[permissions.READ]) self.node.save() self.node_institutions_url = '/{0}nodes/{1}/relationships/institutions/'.format(API_BASE, self.node._id) def create_payload(self, *institution_ids): data = [] for id_ in institution_ids: data.append({'type': 'institutions', 'id': id_}) return {'data': data} def test_node_with_no_permissions(self): user = AuthUserFactory() user.affiliated_institutions.add(self.institution1) user.save() res = self.app.put_json_api( self.node_institutions_url, self.create_payload([self.institution1._id]), auth=user.auth, expect_errors=True, ) assert_equal(res.status_code, 403) def test_user_with_no_institution(self): user = AuthUserFactory() node = NodeFactory(creator=user) res = self.app.put_json_api( '/{0}nodes/{1}/relationships/institutions/'.format(API_BASE, node._id), self.create_payload(self.institution1._id), expect_errors=True, auth=user.auth ) assert_equal(res.status_code, 403) def test_get_public_node(self): self.node.is_public = True self.node.save() res = self.app.get( self.node_institutions_url ) assert_equal(res.status_code, 200) assert_equal(res.json['data'], []) def test_institution_does_not_exist(self): res = self.app.put_json_api( self.node_institutions_url, self.create_payload('not_an_id'), expect_errors=True, auth=self.user.auth ) assert_equal(res.status_code, 404) def test_wrong_type(self): res = self.app.put_json_api( self.node_institutions_url, {'data': [{'type': 'not_institution', 'id': self.institution1._id}]}, expect_errors=True, auth=self.user.auth ) assert_equal(res.status_code, 409) def test_user_with_institution_and_permissions(self): assert_not_in(self.institution1, self.node.affiliated_institutions.all()) assert_not_in(self.institution2, self.node.affiliated_institutions.all()) res = self.app.post_json_api( self.node_institutions_url, self.create_payload(self.institution1._id, self.institution2._id), auth=self.user.auth ) assert_equal(res.status_code, 201) data = res.json['data'] ret_institutions = [inst['id'] for inst in data] assert_in(self.institution1._id, ret_institutions) assert_in(self.institution2._id, ret_institutions) self.node.reload() assert_in(self.institution1, self.node.affiliated_institutions.all()) assert_in(self.institution2, self.node.affiliated_institutions.all()) def test_user_with_institution_and_permissions_through_patch(self): assert_not_in(self.institution1, self.node.affiliated_institutions.all()) assert_not_in(self.institution2, self.node.affiliated_institutions.all()) res = self.app.put_json_api( self.node_institutions_url, self.create_payload(self.institution1._id, self.institution2._id), auth=self.user.auth ) assert_equal(res.status_code, 200) data = res.json['data'] ret_institutions = [inst['id'] for inst in data] assert_in(self.institution1._id, ret_institutions) assert_in(self.institution2._id, ret_institutions) self.node.reload() assert_in(self.institution1, self.node.affiliated_institutions.all()) assert_in(self.institution2, self.node.affiliated_institutions.all()) def test_remove_institutions_with_no_permissions(self): res = self.app.put_json_api( self.node_institutions_url, self.create_payload(), expect_errors=True ) assert_equal(res.status_code, 401) def test_remove_institutions_with_affiliated_user(self): self.node.affiliated_institutions.add(self.institution1) self.node.save() assert_in(self.institution1, self.node.affiliated_institutions.all()) res = self.app.put_json_api( self.node_institutions_url, {'data': []}, auth=self.user.auth ) assert_equal(res.status_code, 200) self.node.reload() assert_equal(self.node.affiliated_institutions.count(), 0) def test_using_post_making_no_changes_returns_204(self): self.node.affiliated_institutions.add(self.institution1) self.node.save() assert_in(self.institution1, self.node.affiliated_institutions.all()) res = self.app.post_json_api( self.node_institutions_url, self.create_payload(self.institution1._id), auth=self.user.auth ) assert_equal(res.status_code, 204) self.node.reload() assert_in(self.institution1, self.node.affiliated_institutions.all()) def test_put_not_admin_but_affiliated(self): user = AuthUserFactory() user.affiliated_institutions.add(self.institution1) user.save() self.node.add_contributor(user) self.node.save() res = self.app.put_json_api( self.node_institutions_url, self.create_payload(self.institution1._id), auth=user.auth ) self.node.reload() assert_equal(res.status_code, 200) assert_in(self.institution1, self.node.affiliated_institutions.all()) def test_retrieve_private_node_no_auth(self): res = self.app.get(self.node_institutions_url, expect_errors=True) assert_equal(res.status_code, 401) def test_add_through_patch_one_inst_to_node_with_inst(self): self.node.affiliated_institutions.add(self.institution1) self.node.save() assert_in(self.institution1, self.node.affiliated_institutions.all()) assert_not_in(self.institution2, self.node.affiliated_institutions.all()) res = self.app.patch_json_api( self.node_institutions_url, self.create_payload(self.institution1._id, self.institution2._id), auth=self.user.auth ) assert_equal(res.status_code, 200) self.node.reload() assert_in(self.institution1, self.node.affiliated_institutions.all()) assert_in(self.institution2, self.node.affiliated_institutions.all()) def test_add_through_patch_one_inst_while_removing_other(self): self.node.affiliated_institutions.add(self.institution1) self.node.save() assert_in(self.institution1, self.node.affiliated_institutions.all()) assert_not_in(self.institution2, self.node.affiliated_institutions.all()) res = self.app.patch_json_api( self.node_institutions_url, self.create_payload(self.institution2._id), auth=self.user.auth ) assert_equal(res.status_code, 200) self.node.reload() assert_not_in(self.institution1, self.node.affiliated_institutions.all()) assert_in(self.institution2, self.node.affiliated_institutions.all()) def test_add_one_inst_with_post_to_node_with_inst(self): self.node.affiliated_institutions.add(self.institution1) self.node.save() assert_in(self.institution1, self.node.affiliated_institutions.all()) assert_not_in(self.institution2, self.node.affiliated_institutions.all()) res = self.app.post_json_api( self.node_institutions_url, self.create_payload(self.institution2._id), auth=self.user.auth ) assert_equal(res.status_code, 201) self.node.reload() assert_in(self.institution1, self.node.affiliated_institutions.all()) assert_in(self.institution2, self.node.affiliated_institutions.all()) def test_delete_nothing(self): res = self.app.delete_json_api( self.node_institutions_url, self.create_payload(), auth=self.user.auth ) assert_equal(res.status_code, 204) def test_delete_existing_inst(self): self.node.affiliated_institutions.add(self.institution1) self.node.save() assert_in(self.institution1, self.node.affiliated_institutions.all()) res = self.app.delete_json_api( self.node_institutions_url, self.create_payload(self.institution1._id), auth=self.user.auth ) assert_equal(res.status_code, 204) self.node.reload() assert_not_in(self.institution1, self.node.affiliated_institutions.all()) def test_delete_not_affiliated_and_affiliated_insts(self): self.node.affiliated_institutions.add(self.institution1) self.node.save() assert_in(self.institution1, self.node.affiliated_institutions.all()) assert_not_in(self.institution2, self.node.affiliated_institutions.all()) res = self.app.delete_json_api( self.node_institutions_url, self.create_payload(self.institution1._id, self.institution2._id), auth=self.user.auth, ) assert_equal(res.status_code, 204) self.node.reload() assert_not_in(self.institution1, self.node.affiliated_institutions.all()) assert_not_in(self.institution2, self.node.affiliated_institutions.all()) def test_delete_user_is_admin(self): self.node.affiliated_institutions.add(self.institution1) self.node.save() res = self.app.delete_json_api( self.node_institutions_url, self.create_payload(self.institution1._id), auth=self.user.auth ) assert_equal(res.status_code, 204) def test_delete_user_is_read_write(self): user = AuthUserFactory() user.affiliated_institutions.add(self.institution1) user.save() self.node.add_contributor(user) self.node.affiliated_institutions.add(self.institution1) self.node.save() res = self.app.delete_json_api( self.node_institutions_url, self.create_payload(self.institution1._id), auth=user.auth ) assert_equal(res.status_code, 204) def test_delete_user_is_read_only(self): user = AuthUserFactory() user.affiliated_institutions.add(self.institution1) user.save() self.node.add_contributor(user, permissions=[permissions.READ]) self.node.affiliated_institutions.add(self.institution1) self.node.save() res = self.app.delete_json_api( self.node_institutions_url, self.create_payload(self.institution1._id), auth=user.auth, expect_errors=True ) assert_equal(res.status_code, 403) def test_delete_user_is_admin_but_not_affiliated_with_inst(self): user = AuthUserFactory() node = NodeFactory(creator=user) node.affiliated_institutions.add(self.institution1) node.save() assert_in(self.institution1, node.affiliated_institutions.all()) res = self.app.delete_json_api( '/{0}nodes/{1}/relationships/institutions/'.format(API_BASE, node._id), self.create_payload(self.institution1._id), auth=user.auth, ) assert_equal(res.status_code, 204) node.reload() assert_not_in(self.institution1, node.affiliated_institutions.all()) def test_admin_can_add_affiliated_institution(self): payload = { 'data': [{ 'type': 'institutions', 'id': self.institution1._id }] } res = self.app.post_json_api(self.node_institutions_url, payload, auth=self.user.auth) self.node.reload() assert_equal(res.status_code, 201) assert_in(self.institution1, self.node.affiliated_institutions.all()) def test_admin_can_remove_admin_affiliated_institution(self): self.node.affiliated_institutions.add(self.institution1) payload = { 'data': [{ 'type': 'institutions', 'id': self.institution1._id }] } res = self.app.delete_json_api(self.node_institutions_url, payload, auth=self.user.auth) self.node.reload() assert_equal(res.status_code, 204) assert_not_in(self.institution1, self.node.affiliated_institutions.all()) def test_admin_can_remove_read_write_contributor_affiliated_institution(self): self.node.affiliated_institutions.add(self.read_write_contributor_institution) self.node.save() payload = { 'data': [{ 'type': 'institutions', 'id': self.read_write_contributor_institution._id }] } res = self.app.delete_json_api(self.node_institutions_url, payload, auth=self.user.auth) self.node.reload() assert_equal(res.status_code, 204) assert_not_in(self.read_write_contributor_institution, self.node.affiliated_institutions.all()) def test_read_write_contributor_can_add_affiliated_institution(self): payload = { 'data': [{ 'type': 'institutions', 'id': self.read_write_contributor_institution._id }] } res = self.app.post_json_api(self.node_institutions_url, payload, auth=self.read_write_contributor.auth) self.node.reload() assert_equal(res.status_code, 201) assert_in(self.read_write_contributor_institution, self.node.affiliated_institutions.all()) def test_read_write_contributor_can_remove_affiliated_institution(self): self.node.affiliated_institutions.add(self.read_write_contributor_institution) self.node.save() payload = { 'data': [{ 'type': 'institutions', 'id': self.read_write_contributor_institution._id }] } res = self.app.delete_json_api(self.node_institutions_url, payload, auth=self.read_write_contributor.auth) self.node.reload() assert_equal(res.status_code, 204) assert_not_in(self.read_write_contributor_institution, self.node.affiliated_institutions.all()) def test_read_write_contributor_cannot_remove_admin_affiliated_institution(self): self.node.affiliated_institutions.add(self.institution1) self.node.save() payload = { 'data': [{ 'type': 'institutions', 'id': self.institution1._id }] } res = self.app.delete_json_api(self.node_institutions_url, payload, auth=self.read_write_contributor.auth, expect_errors=True) self.node.reload() assert_equal(res.status_code, 403) assert_in(self.institution1, self.node.affiliated_institutions.all()) def test_read_only_contributor_cannot_remove_admin_affiliated_institution(self): self.node.affiliated_institutions.add(self.institution1) self.node.save() payload = { 'data': [{ 'type': 'institutions', 'id': self.institution1._id }] } res = self.app.delete_json_api(self.node_institutions_url, payload, auth=self.read_only_contributor.auth, expect_errors=True) self.node.reload() assert_equal(res.status_code, 403) assert_in(self.institution1, self.node.affiliated_institutions.all()) def test_read_only_contributor_cannot_add_affiliated_institution(self): payload = { 'data': [{ 'type': 'institutions', 'id': self.read_only_contributor_institution._id }] } res = self.app.post_json_api(self.node_institutions_url, payload, auth=self.read_only_contributor.auth, expect_errors=True) self.node.reload() assert_equal(res.status_code, 403) assert_not_in(self.read_write_contributor_institution, self.node.affiliated_institutions.all()) def test_read_only_contributor_cannot_remove_affiliated_institution(self): self.node.affiliated_institutions.add(self.read_only_contributor_institution) self.node.save() payload = { 'data': [{ 'type': 'institutions', 'id': self.read_only_contributor_institution._id }] } res = self.app.delete_json_api(self.node_institutions_url, payload, auth=self.read_only_contributor.auth, expect_errors=True) self.node.reload() assert_equal(res.status_code, 403) assert_in(self.read_only_contributor_institution, self.node.affiliated_institutions.all())