def test_api_algorithm_image_list_permissions(client): alg_set = TwoAlgorithms() alg1_image_pk = AlgorithmImageFactory(algorithm=alg_set.alg1).pk alg2_image_pk = AlgorithmImageFactory(algorithm=alg_set.alg2).pk tests = ( (None, 200, []), (alg_set.creator, 200, []), (alg_set.editor1, 200, [alg1_image_pk]), (alg_set.user1, 200, []), (alg_set.editor2, 200, [alg2_image_pk]), (alg_set.user2, 200, []), (alg_set.u, 200, []), ) for test in tests: response = get_view_for_user( viewname="api:algorithms-image-list", client=client, user=test[0], content_type="application/json", ) assert response.status_code == test[1] assert response.json()["count"] == len(test[2]) pks = {obj["pk"] for obj in response.json()["results"]} assert {str(pk) for pk in test[2]} == pks
def test_api_algorithm_list_permissions(client): alg_set = TwoAlgorithms() tests = ( (None, 401, []), (alg_set.creator, 200, []), (alg_set.editor1, 200, [alg_set.alg1.pk]), (alg_set.user1, 200, [alg_set.alg1.pk]), (alg_set.editor2, 200, [alg_set.alg2.pk]), (alg_set.user2, 200, [alg_set.alg2.pk]), (alg_set.u, 200, []), ) for test in tests: response = get_view_for_user( viewname="api:algorithm-list", client=client, user=test[0], content_type="application/json", ) assert response.status_code == test[1] if test[1] != 401: # We provided auth details and get a response assert response.json()["count"] == len(test[2]) pks = [obj["pk"] for obj in response.json()["results"]] for pk in test[2]: assert str(pk) in pks
def test_algorithm_detail_view_permissions(client, view_name, index): alg_set = TwoAlgorithms() # We need to fake some images to use AlgorithmImageFactory(ready=True, algorithm=alg_set.alg1) AlgorithmImageFactory(ready=True, algorithm=alg_set.alg2) tests = ( (None, alg_set.alg1, 302, 302), (None, alg_set.alg2, 302, 302), (alg_set.creator, alg_set.alg1, 302, 403), (alg_set.creator, alg_set.alg2, 302, 403), (alg_set.editor1, alg_set.alg1, 200, 200), (alg_set.editor1, alg_set.alg2, 302, 403), (alg_set.user1, alg_set.alg1, 200, 200), (alg_set.user1, alg_set.alg2, 302, 403), (alg_set.editor2, alg_set.alg1, 302, 403), (alg_set.editor2, alg_set.alg2, 200, 200), (alg_set.user2, alg_set.alg1, 302, 403), (alg_set.user2, alg_set.alg2, 200, 200), (alg_set.u, alg_set.alg1, 302, 403), (alg_set.u, alg_set.alg2, 302, 403), ) for test in tests: response = get_view_for_user( viewname=f"algorithms:{view_name}", reverse_kwargs={"slug": test[1].slug}, client=client, user=test[0], ) assert response.status_code == test[index]
def test_algorithm_edit_view_permissions(client, view_name): alg_set = TwoAlgorithms() tests = ( (None, alg_set.alg1, 302), (None, alg_set.alg2, 302), (alg_set.creator, alg_set.alg1, 403), (alg_set.creator, alg_set.alg2, 403), (alg_set.editor1, alg_set.alg1, 200), (alg_set.editor1, alg_set.alg2, 403), (alg_set.user1, alg_set.alg1, 403), (alg_set.user1, alg_set.alg2, 403), (alg_set.editor2, alg_set.alg1, 403), (alg_set.editor2, alg_set.alg2, 200), (alg_set.user2, alg_set.alg1, 403), (alg_set.user2, alg_set.alg2, 403), (alg_set.u, alg_set.alg1, 403), (alg_set.u, alg_set.alg2, 403), ) for test in tests: response = get_view_for_user( viewname=f"algorithms:{view_name}", client=client, user=test[0], reverse_kwargs={"slug": test[1].slug}, ) assert response.status_code == test[2]
def test_algorithm_execution_session_list_view(client): # Session creators and algorithm editors should be able to see these sessions alg_set = TwoAlgorithms() extra_user1, extra_user2 = UserFactory(), UserFactory() alg_set.alg1.add_user(extra_user1) alg_set.alg2.add_user(extra_user2) s1, s2 = ( RawImageUploadSessionFactory(creator=extra_user1, algorithm_image__algorithm=alg_set.alg1), RawImageUploadSessionFactory(creator=extra_user2, algorithm_image__algorithm=alg_set.alg2), ) all_sessions = {s1, s2} tests = ( (None, alg_set.alg1, 302, set()), (None, alg_set.alg2, 302, set()), (alg_set.creator, alg_set.alg1, 200, set()), (alg_set.creator, alg_set.alg2, 200, set()), (alg_set.editor1, alg_set.alg1, 200, {s1}), (alg_set.editor1, alg_set.alg2, 200, set()), (alg_set.user1, alg_set.alg1, 200, set()), (alg_set.user1, alg_set.alg2, 200, set()), (alg_set.editor2, alg_set.alg1, 200, set()), (alg_set.editor2, alg_set.alg2, 200, {s2}), (alg_set.user2, alg_set.alg1, 200, set()), (alg_set.user2, alg_set.alg2, 200, set()), (alg_set.u, alg_set.alg1, 200, set()), (alg_set.u, alg_set.alg2, 200, set()), (extra_user1, alg_set.alg1, 200, {s1}), (extra_user1, alg_set.alg2, 200, set()), (extra_user2, alg_set.alg1, 200, set()), (extra_user2, alg_set.alg2, 200, {s2}), ) for test in tests: response = get_view_for_user( viewname="algorithms:execution-session-list", reverse_kwargs={"slug": test[1].slug}, client=client, user=test[0], ) assert response.status_code == test[2] # Check that the results are filtered if response.status_code == 200: expected_sessions = test[3] excluded_sessions = all_sessions - expected_sessions assert all( str(j.pk) in response.rendered_content for j in expected_sessions) assert all( str(j.pk) not in response.rendered_content for j in excluded_sessions)
def test_api_job_list_permissions(client): alg_set = TwoAlgorithms() j1_creator, j2_creator = UserFactory(), UserFactory() alg1_job = AlgorithmJobFactory(algorithm_image__algorithm=alg_set.alg1, creator=j1_creator) alg2_job = AlgorithmJobFactory(algorithm_image__algorithm=alg_set.alg2, creator=j2_creator) alg1_job.viewer_groups.add(alg_set.alg1.editors_group) alg2_job.viewer_groups.add(alg_set.alg2.editors_group) tests = ( (None, 200, []), (alg_set.creator, 200, []), (alg_set.editor1, 200, [alg1_job]), (alg_set.user1, 200, []), (j1_creator, 200, [alg1_job]), (alg_set.editor2, 200, [alg2_job]), (alg_set.user2, 200, []), (j2_creator, 200, [alg2_job]), (alg_set.u, 200, []), ) for test in tests: response = get_view_for_user( viewname="api:algorithms-job-list", client=client, user=test[0], content_type="application/json", ) assert response.status_code == test[1] assert response.json()["count"] == len(test[2]) job_pks = {obj["pk"] for obj in response.json()["results"]} assert job_pks == {str(j.pk) for j in test[2]} # Ensure that the images are downloadable response = get_view_for_user( viewname="api:image-list", client=client, user=test[0], content_type="application/json", ) assert response.status_code == 200 image_pks = {obj["pk"] for obj in response.json()["results"]} assert image_pks == { str(i.image.pk) for j in test[2] for i in j.inputs.all() }
def test_user_autocomplete_permissions(client): alg_set = TwoAlgorithms() tests = ( (None, 302), (alg_set.creator, 403), (alg_set.editor1, 200), (alg_set.user1, 403), (alg_set.editor2, 200), (alg_set.user2, 403), (alg_set.u, 403), ) for test in tests: response = get_view_for_user( viewname="algorithms:users-autocomplete", client=client, user=test[0], ) assert response.status_code == test[1]
def test_job_update_permissions(client, view_name): alg_set = TwoAlgorithms() j1, j2 = ( AlgorithmJobFactory(algorithm_image__algorithm=alg_set.alg1), AlgorithmJobFactory(algorithm_image__algorithm=alg_set.alg2), ) tests = ( (None, j1, 302), (None, j2, 302), (alg_set.creator, j1, 403), (alg_set.creator, j2, 403), (alg_set.editor1, j1, 403), (alg_set.editor1, j2, 403), (alg_set.user1, j1, 403), (alg_set.user1, j2, 403), (alg_set.editor2, j1, 403), (alg_set.editor2, j2, 403), (alg_set.user2, j1, 403), (alg_set.user2, j2, 403), (alg_set.u, j1, 403), (alg_set.u, j2, 403), (j1.creator, j1, 200), (j1.creator, j2, 403), (j2.creator, j1, 403), (j2.creator, j2, 200), ) for test in tests: response = get_view_for_user( viewname=f"algorithms:{view_name}", client=client, user=test[0], reverse_kwargs={ "slug": test[1].algorithm_image.algorithm.slug, "pk": test[1].pk, }, ) assert response.status_code == test[2]
def test_algorithm_image_edit_view_permissions(client, view_name): alg_set = TwoAlgorithms() im1, im2 = ( AlgorithmImageFactory(algorithm=alg_set.alg1), AlgorithmImageFactory(algorithm=alg_set.alg2), ) tests = ( (None, im1, 302), (None, im2, 302), (alg_set.creator, im1, 403), (alg_set.creator, im2, 403), (alg_set.editor1, im1, 200), (alg_set.editor1, im2, 403), (alg_set.user1, im1, 403), (alg_set.user1, im2, 403), (alg_set.editor2, im1, 403), (alg_set.editor2, im2, 200), (alg_set.user2, im1, 403), (alg_set.user2, im2, 403), (alg_set.u, im1, 403), (alg_set.u, im2, 403), ) for test in tests: response = get_view_for_user( viewname=f"algorithms:{view_name}", client=client, user=test[0], reverse_kwargs={ "slug": test[1].algorithm.slug, "pk": test[1].pk }, ) assert response.status_code == test[2]
def test_algorithm_jobs_list_view(client): # This view is a bit special, everyone should be able to # view it, but the results should be filtered alg_set = TwoAlgorithms() extra_user1, extra_user2 = UserFactory(), UserFactory() alg_set.alg1.add_user(extra_user1) alg_set.alg2.add_user(extra_user2) j1, j2 = ( AlgorithmJobFactory( algorithm_image__algorithm=alg_set.alg1, creator=extra_user1, status=Job.SUCCESS, ), AlgorithmJobFactory( algorithm_image__algorithm=alg_set.alg2, creator=extra_user2, status=Job.SUCCESS, ), ) all_jobs = {j1, j2} tests = ( (None, alg_set.alg1, 200, set()), (None, alg_set.alg2, 200, set()), (alg_set.creator, alg_set.alg1, 200, set()), (alg_set.creator, alg_set.alg2, 200, set()), (alg_set.editor1, alg_set.alg1, 200, {j1}), (alg_set.editor1, alg_set.alg2, 200, set()), (alg_set.user1, alg_set.alg1, 200, set()), (alg_set.user1, alg_set.alg2, 200, set()), (alg_set.editor2, alg_set.alg1, 200, set()), (alg_set.editor2, alg_set.alg2, 200, {j2}), (alg_set.user2, alg_set.alg1, 200, set()), (alg_set.user2, alg_set.alg2, 200, set()), (alg_set.u, alg_set.alg1, 200, set()), (alg_set.u, alg_set.alg2, 200, set()), (extra_user1, alg_set.alg1, 200, {j1}), (extra_user1, alg_set.alg2, 200, set()), (extra_user2, alg_set.alg1, 200, set()), (extra_user2, alg_set.alg2, 200, {j2}), ) for test in tests: response = get_view_for_user( viewname="algorithms:jobs-list", reverse_kwargs={"slug": test[1].slug}, client=client, user=test[0], data={ "length": 50, "draw": 1 }, **{"HTTP_X_REQUESTED_WITH": "XMLHttpRequest"}, ) assert response.status_code == test[2] # Check that the results are filtered if response.status_code == 200: expected_jobs = test[3] excluded_jobs = all_jobs - expected_jobs data = response.json()["data"] assert all(str(j.pk) in str(data) for j in expected_jobs) assert all(str(j.pk) not in str(data) for j in excluded_jobs)
def test_user_can_download_images(client, reverse): alg_set = TwoAlgorithms() j1_creator, j2_creator = UserFactory(), UserFactory() alg1_job = AlgorithmJobFactory(algorithm_image__algorithm=alg_set.alg1, creator=j1_creator) alg2_job = AlgorithmJobFactory(algorithm_image__algorithm=alg_set.alg2, creator=j2_creator) alg1_job.viewer_groups.add(alg_set.alg1.editors_group) alg2_job.viewer_groups.add(alg_set.alg2.editors_group) iv1, iv2, iv3, iv4 = ( ComponentInterfaceValueFactory(image=ImageFactory()), ComponentInterfaceValueFactory(image=ImageFactory()), ComponentInterfaceValueFactory(image=ImageFactory()), ComponentInterfaceValueFactory(image=ImageFactory()), ) if reverse: for im in [iv1, iv2, iv3, iv4]: im.algorithms_jobs_as_output.add(alg1_job, alg2_job) for im in [iv3, iv4]: im.algorithms_jobs_as_output.remove(alg1_job, alg2_job) for im in [iv1, iv2]: im.algorithms_jobs_as_output.remove(alg2_job) else: # Test that adding images works alg1_job.outputs.add(iv1, iv2, iv3, iv4) # Test that removing images works alg1_job.outputs.remove(iv3, iv4) tests = ( (None, 200, []), (alg_set.creator, 200, []), ( alg_set.editor1, 200, [ *[i.image.pk for i in alg1_job.inputs.all()], iv1.image.pk, iv2.image.pk, ], ), (alg_set.user1, 200, []), ( j1_creator, 200, [ *[i.image.pk for i in alg1_job.inputs.all()], iv1.image.pk, iv2.image.pk, ], ), ( alg_set.editor2, 200, [i.image.pk for i in alg2_job.inputs.all()], ), (alg_set.user2, 200, []), (j2_creator, 200, [i.image.pk for i in alg2_job.inputs.all()]), (alg_set.u, 200, []), ) for test in tests: response = get_view_for_user( viewname="api:image-list", client=client, user=test[0], content_type="application/json", ) assert response.status_code == test[1] assert response.json()["count"] == len(test[2]) pks = {obj["pk"] for obj in response.json()["results"]} assert {str(pk) for pk in test[2]} == pks # Test clearing if reverse: iv1.algorithms_jobs_as_output.clear() iv2.algorithms_jobs_as_output.clear() else: alg1_job.outputs.clear() response = get_view_for_user( viewname="api:image-list", client=client, user=j1_creator, content_type="application/json", ) assert response.status_code == 200 assert response.json()["count"] == 1
def test_user_can_download_input_images(client, reverse): alg_set = TwoAlgorithms() j1_creator, j2_creator = UserFactory(), UserFactory() alg1_job = AlgorithmJobFactory( algorithm_image__algorithm=alg_set.alg1, creator=j1_creator ) alg2_job = AlgorithmJobFactory( algorithm_image__algorithm=alg_set.alg2, creator=j2_creator ) iv1, iv2, iv3, iv4 = ( ComponentInterfaceValueFactory(image=ImageFactory()), ComponentInterfaceValueFactory(image=ImageFactory()), ComponentInterfaceValueFactory(image=ImageFactory()), ComponentInterfaceValueFactory(image=ImageFactory()), ) alg1_origin_input = [i.image.pk for i in alg1_job.inputs.all()] alg2_origin_input = [i.image.pk for i in alg2_job.inputs.all()] if reverse: for iv in [iv1, iv2, iv3, iv4]: iv.algorithms_jobs_as_input.add(alg1_job, alg2_job) for iv in [iv3, iv4]: iv.algorithms_jobs_as_input.remove(alg1_job, alg2_job) for iv in [iv1, iv2]: iv.algorithms_jobs_as_input.remove(alg2_job) else: # Test that adding images works alg1_job.inputs.add(iv1, iv2, iv3, iv4) # Test that removing images works alg1_job.inputs.remove(iv3, iv4) tests = ( (None, 401, []), (alg_set.creator, 200, []), ( alg_set.editor1, 200, [*alg1_origin_input, iv1.image.pk, iv2.image.pk], ), (alg_set.user1, 200, []), (j1_creator, 200, [*alg1_origin_input, iv1.image.pk, iv2.image.pk],), (alg_set.editor2, 200, alg2_origin_input), (alg_set.user2, 200, []), (j2_creator, 200, alg2_origin_input), (alg_set.u, 200, []), ) for test in tests: response = get_view_for_user( viewname="api:image-list", client=client, user=test[0], content_type="application/json", ) assert response.status_code == test[1] if test[1] != 401: # We provided auth details and get a response assert response.json()["count"] == len(test[2]) pks = [obj["pk"] for obj in response.json()["results"]] for pk in test[2]: assert str(pk) in pks # Test clearing if reverse: iv1.algorithms_jobs_as_input.clear() iv2.algorithms_jobs_as_input.clear() else: alg1_job.inputs.clear() response = get_view_for_user( viewname="api:image-list", client=client, user=j1_creator, content_type="application/json", ) assert response.status_code == 200 if reverse: assert response.json()["count"] == 1 else: assert response.json()["count"] == 0