def test_has_permission_on_parent_node_copyfrom(self): component_admin = AuthUserFactory() component = ProjectFactory(creator=component_admin, is_public=False, parent=self.node) assert_false(component.has_permission(self.user, 'write')) res = views.check_access(component, Auth(user=self.user), 'copyfrom', None) assert_true(res)
def test_has_permission_on_parent_node_copyto_fail_if_not_registration(self): component_admin = AuthUserFactory() component = ProjectFactory(creator=component_admin, parent=self.node) assert_false(component.has_permission(self.user, 'write')) with assert_raises(HTTPError): views.check_access(component, Auth(user=self.user), 'copyto', None)
def test_has_permission_on_parent_node_copyto_pass_if_registration(self): component_admin = AuthUserFactory() component = ProjectFactory(creator=component_admin, parent=self.node) component.is_registration = True assert_false(component.has_permission(self.user, 'write')) res = views.check_access(component, Auth(user=self.user), 'copyto', None) assert_true(res)
def test_has_permission_read_scope_write_action_forbidden(self): component = ProjectFactory(creator=self.user, is_public=False, parent=self.node) cas_resp = cas.CasResponse(authenticated=True, status=None, user=self.user._id, attributes={'accessTokenScope': {'osf.nodes.data_read'}}) assert_true(component.has_permission(self.user, 'write')) with assert_raises(HTTPError) as exc_info: views.check_access(component, Auth(user=self.user), 'upload', cas_resp) assert_equal(exc_info.exception.code, 403)
def test_has_permission_write_scope_read_action(self): component_admin = AuthUserFactory() component = ProjectFactory(creator=component_admin, is_public=False, parent=self.node) cas_resp = cas.CasResponse(authenticated=True, status=None, user=self.user._id, attributes={'accessTokenScope': {'osf.nodes.data_write'}}) assert_false(component.has_permission(self.user, 'write')) res = views.check_access(component, Auth(user=self.user), 'download', cas_resp) assert_true(res)
def test_has_permission_private_not_authenticated(self): component_admin = AuthUserFactory() component = ProjectFactory(creator=component_admin, is_public=False, parent=self.node) cas_resp = cas.CasResponse(authenticated=False) assert_false(component.has_permission(self.user, 'write')) with assert_raises(HTTPError) as exc_info: views.check_access(component, Auth(user=self.user), 'download', cas_resp) assert_equal(exc_info.exception.code, 403)
def test_has_permission_private_irrelevant_scope_forbidden(self): component_admin = AuthUserFactory() component = ProjectFactory(creator=component_admin, is_public=False, parent=self.node) cas_resp = cas.CasResponse(authenticated=True, status=None, user=self.user._id, attributes={'accessTokenScope': {'osf.users.all_read'}}) assert_false(component.has_permission(self.user, 'write')) with assert_raises(HTTPError) as exc_info: views.check_access(component, Auth(user=self.user), 'download', cas_resp) assert_equal(exc_info.exception.code, 403)
def test_has_permission_public_irrelevant_scope_allowed(self): component_admin = AuthUserFactory() component = ProjectFactory(creator=component_admin, is_public=True, parent=self.node) cas_resp = cas.CasResponse( authenticated=True, status=None, user=self.user._id, attributes={"accessTokenScope": {"osf.users.all_read"}} ) assert_false(component.has_permission(self.user, "write")) res = views.check_access(component, Auth(user=self.user), "download", cas_resp) assert_true(res)
def test_has_permission_decommissioned_scope_no_error(self): component_admin = AuthUserFactory() component = ProjectFactory(creator=component_admin, is_public=False, parent=self.node) cas_resp = cas.CasResponse( authenticated=True, status=None, user=self.user._id, attributes={"accessTokenScope": {"decommissioned.scope+write", "osf.nodes.data_read"}}, ) assert_false(component.has_permission(self.user, "write")) res = views.check_access(component, Auth(user=self.user), "download", cas_resp) assert_true(res)