class TestPublicNodes(SearchTestCase):
def setUp(self):
super(TestPublicNodes, self).setUp()
self.user = UserFactory(usename='Doug Bogie')
self.title = 'Red Special'
self.consolidate_auth = Auth(user=self.user)
self.project = ProjectFactory(
title=self.title,
creator=self.user,
is_public=True,
)
self.component = NodeFactory(
parent=self.project,
title=self.title,
creator=self.user,
is_public=True
)
self.registration = ProjectFactory(
title=self.title,
creator=self.user,
is_public=True,
is_registration=True
)
def test_make_private(self):
"""Make project public, then private, and verify that it is not present
in search.
"""
self.project.set_privacy('private')
docs = query('category:project AND ' + self.title)['results']
assert_equal(len(docs), 0)
self.component.set_privacy('private')
docs = query('category:component AND ' + self.title)['results']
assert_equal(len(docs), 0)
self.registration.set_privacy('private')
docs = query('category:registration AND ' + self.title)['results']
assert_equal(len(docs), 0)
def test_public_parent_title(self):
self.project.set_title('hello & world', self.consolidate_auth)
self.project.save()
docs = query('category:component AND ' + self.title)['results']
assert_equal(len(docs), 1)
assert_equal(docs[0]['parent_title'], 'hello & world')
assert_true(docs[0]['parent_url'])
def test_make_parent_private(self):
"""Make parent of component, public, then private, and verify that the
component still appears but doesn't link to the parent in search.
"""
self.project.set_privacy('private')
docs = query('category:component AND ' + self.title)['results']
assert_equal(len(docs), 1)
assert_equal(docs[0]['parent_title'], '-- private project --')
assert_false(docs[0]['parent_url'])
def test_delete_project(self):
"""
"""
self.component.remove_node(self.consolidate_auth)
docs = query('category:component AND ' + self.title)['results']
assert_equal(len(docs), 0)
self.project.remove_node(self.consolidate_auth)
docs = query('category:project AND ' + self.title)['results']
assert_equal(len(docs), 0)
def test_change_title(self):
"""
"""
title_original = self.project.title
self.project.set_title(
'Blue Ordinary', self.consolidate_auth, save=True)
docs = query('category:project AND ' + title_original)['results']
assert_equal(len(docs), 0)
docs = query('category:project AND ' + self.project.title)['results']
assert_equal(len(docs), 1)
def test_add_tags(self):
tags = ['stonecoldcrazy', 'just a poor boy', 'from-a-poor-family']
for tag in tags:
docs = query('tags:"{}"'.format(tag))['results']
assert_equal(len(docs), 0)
self.project.add_tag(tag, self.consolidate_auth, save=True)
for tag in tags:
docs = query('tags:"{}"'.format(tag))['results']
assert_equal(len(docs), 1)
def test_remove_tag(self):
tags = ['stonecoldcrazy', 'just a poor boy', 'from-a-poor-family']
for tag in tags:
self.project.add_tag(tag, self.consolidate_auth, save=True)
self.project.remove_tag(tag, self.consolidate_auth, save=True)
docs = query('tags:"{}"'.format(tag))['results']
assert_equal(len(docs), 0)
def test_update_wiki(self):
"""Add text to a wiki page, then verify that project is found when
searching for wiki text.
"""
wiki_content = {
'home': 'Hammer to fall',
'swag': '#YOLO'
}
for key, value in wiki_content.items():
docs = query(value)['results']
assert_equal(len(docs), 0)
self.project.update_node_wiki(
key, value, self.consolidate_auth,
)
docs = query(value)['results']
assert_equal(len(docs), 1)
def test_clear_wiki(self):
"""Add wiki text to page, then delete, then verify that project is not
found when searching for wiki text.
"""
wiki_content = 'Hammer to fall'
self.project.update_node_wiki(
'home', wiki_content, self.consolidate_auth,
)
self.project.update_node_wiki('home', '', self.consolidate_auth)
docs = query(wiki_content)['results']
assert_equal(len(docs), 0)
def test_add_contributor(self):
"""Add a contributor, then verify that project is found when searching
for contributor.
"""
user2 = UserFactory(fullname='Adam Lambert')
docs = query('category:project AND "{}"'.format(user2.fullname))['results']
assert_equal(len(docs), 0)
self.project.add_contributor(user2, save=True)
docs = query('category:project AND "{}"'.format(user2.fullname))['results']
assert_equal(len(docs), 1)
def test_remove_contributor(self):
"""Add and remove a contributor, then verify that project is not found
when searching for contributor.
"""
user2 = UserFactory(fullname='Brian May')
self.project.add_contributor(user2, save=True)
self.project.remove_contributor(user2, self.consolidate_auth)
docs = query('category:project AND "{}"'.format(user2.fullname))['results']
assert_equal(len(docs), 0)
def test_hide_contributor(self):
user2 = UserFactory(fullname='Brian May')
self.project.add_contributor(user2)
self.project.set_visible(user2, False, save=True)
docs = query('category:project AND "{}"'.format(user2.fullname))['results']
assert_equal(len(docs), 0)
self.project.set_visible(user2, True, save=True)
docs = query('category:project AND "{}"'.format(user2.fullname))['results']
assert_equal(len(docs), 1)
def test_wrong_order_search(self):
title_parts = self.title.split(' ')
title_parts.reverse()
title_search = ' '.join(title_parts)
docs = query(title_search)['results']
assert_equal(len(docs), 3)
def test_tag_aggregation(self):
tags = ['stonecoldcrazy', 'just a poor boy', 'from-a-poor-family']
for tag in tags:
self.project.add_tag(tag, self.consolidate_auth, save=True)
docs = query(self.title)['tags']
assert len(docs) == 3
for doc in docs:
assert doc['key'] in tags
class TestNodeLogList(ApiTestCase):
def setUp(self):
super(TestNodeLogList, self).setUp()
self.user = AuthUserFactory()
self.contrib = AuthUserFactory()
self.creator = AuthUserFactory()
self.user_auth = Auth(self.user)
self.NodeLogFactory = ProjectFactory()
self.pointer = ProjectFactory()
self.private_project = ProjectFactory(is_public=False,
creator=self.user)
self.private_url = '/{}nodes/{}/logs/'.format(API_BASE,
self.private_project._id)
self.public_project = ProjectFactory(is_public=True, creator=self.user)
self.public_url = '/{}nodes/{}/logs/'.format(API_BASE,
self.public_project._id)
def tearDown(self):
super(TestNodeLogList, self).tearDown()
NodeLog.remove()
def test_add_tag(self):
user_auth = Auth(self.user)
self.public_project.add_tag("Jeff Spies", auth=user_auth)
assert_equal("tag_added", self.public_project.logs[OSF_LATEST].action)
res = self.app.get(self.public_url, auth=self.user.auth)
assert_equal(res.status_code, 200)
assert_equal(len(res.json['data']), len(self.public_project.logs))
assert_equal(res.json['data'][API_LATEST]['attributes']['action'],
'tag_added')
assert_equal("Jeff Spies",
self.public_project.logs[OSF_LATEST].params['tag'])
def test_remove_tag(self):
user_auth = Auth(self.user)
self.public_project.add_tag("Jeff Spies", auth=user_auth)
assert_equal("tag_added", self.public_project.logs[OSF_LATEST].action)
self.public_project.remove_tag("Jeff Spies", auth=self.user_auth)
assert_equal("tag_removed",
self.public_project.logs[OSF_LATEST].action)
res = self.app.get(self.public_url, auth=self.user)
assert_equal(res.status_code, 200)
assert_equal(len(res.json['data']), len(self.public_project.logs))
assert_equal(res.json['data'][API_LATEST]['attributes']['action'],
'tag_removed')
assert_equal("Jeff Spies",
self.public_project.logs[OSF_LATEST].params['tag'])
def test_project_created(self):
res = self.app.get(self.public_url)
assert_equal(res.status_code, 200)
assert_equal(len(res.json['data']), len(self.public_project.logs))
assert_equal(self.public_project.logs[OSF_FIRST].action,
"project_created")
assert_equal(self.public_project.logs[OSF_FIRST].action,
res.json['data'][API_LATEST]['attributes']['action'])
def test_log_create_on_public_project(self):
res = self.app.get(self.public_url)
assert_equal(res.status_code, 200)
assert_equal(len(res.json['data']), len(self.public_project.logs))
assert_datetime_equal(
parse_date(res.json['data'][API_FIRST]['attributes']['date']),
self.public_project.logs[OSF_FIRST].date)
assert_equal(res.json['data'][API_FIRST]['attributes']['action'],
self.public_project.logs[OSF_FIRST].action)
def test_log_create_on_private_project(self):
res = self.app.get(self.private_url, auth=self.user.auth)
assert_equal(res.status_code, 200)
assert_equal(len(res.json['data']), len(self.public_project.logs))
assert_datetime_equal(
datetime.datetime.strptime(
res.json['data'][API_FIRST]['attributes']['date'],
"%Y-%m-%dT%H:%M:%S.%f"),
self.private_project.logs[OSF_FIRST].date)
assert_equal(res.json['data'][API_FIRST]['attributes']['action'],
self.private_project.logs[OSF_FIRST].action)
def test_add_addon(self):
self.public_project.add_addon('github', auth=self.user_auth)
assert_equal('addon_added',
self.public_project.logs[OSF_LATEST].action)
res = self.app.get(self.public_url, auth=self.user.auth)
assert_equal(res.status_code, 200)
assert_equal(len(res.json['data']), len(self.public_project.logs))
assert_equal(res.json['data'][API_LATEST]['attributes']['action'],
'addon_added')
def test_project_add_remove_contributor(self):
self.public_project.add_contributor(self.contrib, auth=self.user_auth)
assert_equal('contributor_added',
self.public_project.logs[OSF_LATEST].action)
self.public_project.remove_contributor(self.contrib,
auth=self.user_auth)
assert_equal('contributor_removed',
self.public_project.logs[OSF_LATEST].action)
res = self.app.get(self.public_url, auth=self.user.auth)
assert_equal(res.status_code, 200)
assert_equal(len(res.json['data']), len(self.public_project.logs))
assert_equal(res.json['data'][API_LATEST]['attributes']['action'],
'contributor_removed')
assert_equal(res.json['data'][1]['attributes']['action'],
'contributor_added')
def test_remove_addon(self):
self.public_project.add_addon('github', auth=self.user_auth)
assert_equal('addon_added',
self.public_project.logs[OSF_LATEST].action)
self.public_project.delete_addon('github', auth=self.user_auth)
assert_equal('addon_removed',
self.public_project.logs[OSF_LATEST].action)
res = self.app.get(self.public_url, auth=self.user.auth)
assert_equal(res.status_code, 200)
assert_equal(len(res.json['data']), len(self.public_project.logs))
assert_equal(res.json['data'][API_LATEST]['attributes']['action'],
'addon_removed')
def test_add_pointer(self):
self.public_project.add_pointer(self.pointer,
auth=Auth(self.user),
save=True)
assert_equal('pointer_created',
self.public_project.logs[OSF_LATEST].action)
res = self.app.get(self.public_url, auth=self.user.auth)
assert_equal(res.status_code, 200)
assert_equal(len(res.json['data']), len(self.public_project.logs))
assert_equal(res.json['data'][API_LATEST]['attributes']['action'],
'pointer_created')
class TestPublicNodes(SearchTestCase):
def setUp(self):
super(TestPublicNodes, self).setUp()
self.user = UserFactory(usename='Doug Bogie')
self.title = 'Red Special'
self.consolidate_auth = Auth(user=self.user)
self.project = ProjectFactory(
title=self.title,
creator=self.user,
is_public=True,
)
self.component = NodeFactory(parent=self.project,
title=self.title,
creator=self.user,
is_public=True)
self.registration = ProjectFactory(title=self.title,
creator=self.user,
is_public=True,
is_registration=True)
def test_make_private(self):
# Make project public, then private, and verify that it is not present
# in search.
self.project.set_privacy('private')
docs = query('category:project AND ' + self.title)['results']
assert_equal(len(docs), 0)
self.component.set_privacy('private')
docs = query('category:component AND ' + self.title)['results']
assert_equal(len(docs), 0)
def test_public_parent_title(self):
self.project.set_title('hello & world', self.consolidate_auth)
self.project.save()
docs = query('category:component AND ' + self.title)['results']
assert_equal(len(docs), 1)
assert_equal(docs[0]['parent_title'], 'hello & world')
assert_true(docs[0]['parent_url'])
def test_make_parent_private(self):
# Make parent of component, public, then private, and verify that the
# component still appears but doesn't link to the parent in search.
self.project.set_privacy('private')
docs = query('category:component AND ' + self.title)['results']
assert_equal(len(docs), 1)
assert_equal(docs[0]['parent_title'], '-- private project --')
assert_false(docs[0]['parent_url'])
def test_delete_project(self):
self.component.remove_node(self.consolidate_auth)
docs = query('category:component AND ' + self.title)['results']
assert_equal(len(docs), 0)
self.project.remove_node(self.consolidate_auth)
docs = query('category:project AND ' + self.title)['results']
assert_equal(len(docs), 0)
def test_change_title(self):
title_original = self.project.title
self.project.set_title('Blue Ordinary',
self.consolidate_auth,
save=True)
docs = query('category:project AND ' + title_original)['results']
assert_equal(len(docs), 0)
docs = query('category:project AND ' + self.project.title)['results']
assert_equal(len(docs), 1)
def test_add_tags(self):
tags = ['stonecoldcrazy', 'just a poor boy', 'from-a-poor-family']
for tag in tags:
docs = query('tags:"{}"'.format(tag))['results']
assert_equal(len(docs), 0)
self.project.add_tag(tag, self.consolidate_auth, save=True)
for tag in tags:
docs = query('tags:"{}"'.format(tag))['results']
assert_equal(len(docs), 1)
def test_remove_tag(self):
tags = ['stonecoldcrazy', 'just a poor boy', 'from-a-poor-family']
for tag in tags:
self.project.add_tag(tag, self.consolidate_auth, save=True)
self.project.remove_tag(tag, self.consolidate_auth, save=True)
docs = query('tags:"{}"'.format(tag))['results']
assert_equal(len(docs), 0)
def test_update_wiki(self):
"""Add text to a wiki page, then verify that project is found when
searching for wiki text.
"""
wiki_content = {'home': 'Hammer to fall', 'swag': '#YOLO'}
for key, value in wiki_content.items():
docs = query(value)['results']
assert_equal(len(docs), 0)
self.project.update_node_wiki(
key,
value,
self.consolidate_auth,
)
docs = query(value)['results']
assert_equal(len(docs), 1)
def test_clear_wiki(self):
# Add wiki text to page, then delete, then verify that project is not
# found when searching for wiki text.
wiki_content = 'Hammer to fall'
self.project.update_node_wiki(
'home',
wiki_content,
self.consolidate_auth,
)
self.project.update_node_wiki('home', '', self.consolidate_auth)
docs = query(wiki_content)['results']
assert_equal(len(docs), 0)
def test_add_contributor(self):
# Add a contributor, then verify that project is found when searching
# for contributor.
user2 = UserFactory(fullname='Adam Lambert')
docs = query('category:project AND "{}"'.format(
user2.fullname))['results']
assert_equal(len(docs), 0)
self.project.add_contributor(user2, save=True)
docs = query('category:project AND "{}"'.format(
user2.fullname))['results']
assert_equal(len(docs), 1)
def test_remove_contributor(self):
# Add and remove a contributor, then verify that project is not found
# when searching for contributor.
user2 = UserFactory(fullname='Brian May')
self.project.add_contributor(user2, save=True)
self.project.remove_contributor(user2, self.consolidate_auth)
docs = query('category:project AND "{}"'.format(
user2.fullname))['results']
assert_equal(len(docs), 0)
def test_hide_contributor(self):
user2 = UserFactory(fullname='Brian May')
self.project.add_contributor(user2)
self.project.set_visible(user2, False, save=True)
docs = query('category:project AND "{}"'.format(
user2.fullname))['results']
assert_equal(len(docs), 0)
self.project.set_visible(user2, True, save=True)
docs = query('category:project AND "{}"'.format(
user2.fullname))['results']
assert_equal(len(docs), 1)
def test_wrong_order_search(self):
title_parts = self.title.split(' ')
title_parts.reverse()
title_search = ' '.join(title_parts)
docs = query(title_search)['results']
assert_equal(len(docs), 3)
def test_tag_aggregation(self):
tags = ['stonecoldcrazy', 'just a poor boy', 'from-a-poor-family']
for tag in tags:
self.project.add_tag(tag, self.consolidate_auth, save=True)
docs = query(self.title)['tags']
assert len(docs) == 3
for doc in docs:
assert doc['key'] in tags
class TestFileView(ApiTestCase):
def setUp(self):
super(TestFileView, self).setUp()
self.user = AuthUserFactory()
self.node = ProjectFactory(creator=self.user)
self.file = api_utils.create_test_file(self.node, self.user)
def test_must_have_auth(self):
res = self.app.get('/{}files/{}/'.format(API_BASE, self.file._id), expect_errors=True)
assert_equal(res.status_code, 401)
def test_must_be_contributor(self):
user = AuthUserFactory()
res = self.app.get('/{}files/{}/'.format(API_BASE, self.file._id), auth=user.auth, expect_errors=True)
assert_equal(res.status_code, 403)
def test_get_file(self):
res = self.app.get('/{}files/{}/'.format(API_BASE, self.file._id), auth=self.user.auth)
self.file.versions[-1]._clear_caches()
self.file.versions[-1].reload()
assert_equal(res.status_code, 200)
assert_equal(res.json.keys(), ['data'])
attributes = res.json['data']['attributes']
assert_equal(attributes['path'], self.file.path)
assert_equal(attributes['kind'], self.file.kind)
assert_equal(attributes['name'], self.file.name)
assert_equal(attributes['materialized_path'], self.file.materialized_path)
assert_equal(attributes['last_touched'], None)
assert_equal(attributes['provider'], self.file.provider)
assert_equal(attributes['size'], self.file.versions[-1].size)
assert_equal(attributes['date_modified'], _dt_to_iso8601(self.file.versions[-1].date_created.replace(tzinfo=pytz.utc)))
assert_equal(attributes['date_created'], _dt_to_iso8601(self.file.versions[0].date_created.replace(tzinfo=pytz.utc)))
assert_equal(attributes['extra']['hashes']['md5'], None)
assert_equal(attributes['extra']['hashes']['sha256'], None)
assert_equal(attributes['tags'], [])
def test_file_has_comments_link(self):
res = self.app.get('/{}files/{}/'.format(API_BASE, self.file._id), auth=self.user.auth)
assert_equal(res.status_code, 200)
assert_in('comments', res.json['data']['relationships'].keys())
expected_url = '/{}nodes/{}/comments/?filter[target]={}'.format(API_BASE, self.node._id, self.file.get_guid()._id)
url = res.json['data']['relationships']['comments']['links']['related']['href']
assert_in(expected_url, url)
def test_file_has_correct_unread_comments_count(self):
contributor = AuthUserFactory()
self.node.add_contributor(contributor, auth=Auth(self.user), save=True)
comment = CommentFactory(node=self.node, target=self.file.get_guid(), user=contributor, page='files')
res = self.app.get('/{}files/{}/?related_counts=True'.format(API_BASE, self.file._id), auth=self.user.auth)
assert_equal(res.status_code, 200)
unread_comments = res.json['data']['relationships']['comments']['links']['related']['meta']['unread']
assert_equal(unread_comments, 1)
def test_checkout(self):
assert_equal(self.file.checkout, None)
res = self.app.put_json_api(
'/{}files/{}/'.format(API_BASE, self.file._id),
{'data': {'id': self.file._id, 'type': 'files', 'attributes': {'checkout': self.user._id}}},
auth=self.user.auth
)
self.file.reload()
self.file.save()
self.node.reload()
assert_equal(res.status_code, 200)
assert_equal(self.file.checkout, self.user)
res = self.app.get(
'/{}files/{}/'.format(API_BASE, self.file._id),
auth=self.user.auth
)
assert_equal(len(self.node.logs),2)
assert_equal(self.node.logs[-1].action, NodeLog.CHECKED_OUT)
assert_equal(self.node.logs[-1].user, self.user)
assert_equal(
self.user._id,
res.json['data']['relationships']['checkout']['links']['related']['meta']['id']
)
assert_in(
'/{}users/{}/'.format(API_BASE, self.user._id),
res.json['data']['relationships']['checkout']['links']['related']['href']
)
res = self.app.put_json_api(
'/{}files/{}/'.format(API_BASE, self.file._id),
{'data': {'id': self.file._id, 'type': 'files', 'attributes': {'checkout': None}}},
auth=self.user.auth
)
self.file.reload()
assert_equal(self.file.checkout, None)
assert_equal(res.status_code, 200)
def test_checkout_file_no_type(self):
res = self.app.put_json_api(
'/{}files/{}/'.format(API_BASE, self.file._id),
{'data': {'id': self.file._id, 'attributes': {'checkout': self.user._id}}},
auth=self.user.auth, expect_errors=True
)
assert_equal(res.status_code, 400)
def test_checkout_file_no_id(self):
res = self.app.put_json_api(
'/{}files/{}/'.format(API_BASE, self.file._id),
{'data': {'type': 'files', 'attributes': {'checkout': self.user._id}}},
auth=self.user.auth, expect_errors=True
)
assert_equal(res.status_code, 400)
def test_checkout_file_incorrect_type(self):
res = self.app.put_json_api(
'/{}files/{}/'.format(API_BASE, self.file._id),
{'data': {'id': self.file._id, 'type': 'Wrong type.', 'attributes': {'checkout': self.user._id}}},
auth=self.user.auth, expect_errors=True
)
assert_equal(res.status_code, 409)
def test_checkout_file_incorrect_id(self):
res = self.app.put_json_api(
'/{}files/{}/'.format(API_BASE, self.file._id),
{'data': {'id': '12345', 'type': 'files', 'attributes': {'checkout': self.user._id}}},
auth=self.user.auth, expect_errors=True
)
assert_equal(res.status_code, 409)
def test_checkout_file_no_attributes(self):
res = self.app.put_json_api(
'/{}files/{}/'.format(API_BASE, self.file._id),
{'data': {'id': self.file._id, 'type': 'files'}},
auth=self.user.auth, expect_errors=True
)
assert_equal(res.status_code, 400)
def test_must_set_self(self):
user = UserFactory()
assert_equal(self.file.checkout, None)
res = self.app.put_json_api(
'/{}files/{}/'.format(API_BASE, self.file._id),
{'data': {'id': self.file._id, 'type': 'files', 'attributes': {'checkout': user._id}}},
auth=self.user.auth,
expect_errors=True,
)
self.file.reload()
assert_equal(res.status_code, 400)
assert_equal(self.file.checkout, None)
def test_must_be_self(self):
user = AuthUserFactory()
self.file.checkout = self.user
self.file.save()
res = self.app.put_json_api(
'/{}files/{}/'.format(API_BASE, self.file._id),
{'data': {'id': self.file._id, 'type': 'files', 'attributes': {'checkout': user._id}}},
auth=user.auth,
expect_errors=True,
)
self.file.reload()
assert_equal(res.status_code, 403)
assert_equal(self.file.checkout, self.user)
def test_admin_can_checkin(self):
user = UserFactory()
self.node.add_contributor(user)
self.file.checkout = user
self.file.save()
res = self.app.put_json_api(
'/{}files/{}/'.format(API_BASE, self.file._id),
{'data': {'id': self.file._id, 'type': 'files', 'attributes': {'checkout': None}}},
auth=self.user.auth,
expect_errors=True,
)
self.file.reload()
self.node.reload()
assert_equal(res.status_code, 200)
assert_equal(self.file.checkout, None)
assert_equal(self.node.logs[-1].action, NodeLog.CHECKED_IN)
assert_equal(self.node.logs[-1].user, self.user)
def test_admin_can_checkout(self):
res = self.app.put_json_api(
'/{}files/{}/'.format(API_BASE, self.file._id),
{'data': {'id': self.file._id, 'type': 'files', 'attributes': {'checkout': self.user._id}}},
auth=self.user.auth,
expect_errors=True,
)
self.file.reload()
self.node.reload()
assert_equal(res.status_code, 200)
assert_equal(self.file.checkout, self.user)
assert_equal(self.node.logs[-1].action, NodeLog.CHECKED_OUT)
assert_equal(self.node.logs[-1].user, self.user)
def test_cannot_checkin_when_already_checked_in(self):
count = len(self.node.logs)
assert_false(self.file.is_checked_out)
res = self.app.put_json_api(
'/{}files/{}/'.format(API_BASE, self.file._id),
{'data': {'id': self.file._id, 'type': 'files', 'attributes': {'checkout': None}}},
auth=self.user.auth,
expect_errors=True,
)
self.file.reload()
self.node.reload()
assert_equal(res.status_code, 200)
assert_equal(len(self.node.logs), count)
assert_equal(self.file.checkout, None)
def test_cannot_checkout_when_checked_out(self):
user = UserFactory()
self.node.add_contributor(user)
self.file.checkout = user
self.file.save()
count = len(self.node.logs)
res = self.app.put_json_api(
'/{}files/{}/'.format(API_BASE, self.file._id),
{'data': {'id': self.file._id, 'type': 'files', 'attributes': {'checkout': self.user._id}}},
auth=self.user.auth,
expect_errors=True,
)
self.file.reload()
self.node.reload()
assert_equal(res.status_code, 200)
assert_equal(self.file.checkout, user)
assert_equal(len(self.node.logs), count)
def test_noncontrib_cannot_checkout(self):
user = AuthUserFactory()
assert_equal(self.file.checkout, None)
assert user._id not in self.node.permissions.keys()
res = self.app.put_json_api(
'/{}files/{}/'.format(API_BASE, self.file._id),
{'data': {'id': self.file._id, 'type': 'files', 'attributes': {'checkout': self.user._id}}},
auth=user.auth,
expect_errors=True,
)
self.file.reload()
self.node.reload()
assert_equal(res.status_code, 403)
assert_equal(self.file.checkout, None)
assert self.node.logs[-1].action != NodeLog.CHECKED_OUT
def test_read_contrib_cannot_checkout(self):
user = AuthUserFactory()
self.node.add_contributor(user, permissions=['read'])
self.node.save()
assert_false(self.node.can_edit(user=user))
res = self.app.put_json_api(
'/{}files/{}/'.format(API_BASE, self.file._id),
{'data': {'id': self.file._id, 'type': 'files', 'attributes': {'checkout': None}}},
auth=user.auth,
expect_errors=True
)
self.file.reload()
assert_equal(res.status_code, 403)
assert_equal(self.file.checkout, None)
assert self.node.logs[-1].action != NodeLog.CHECKED_OUT
def test_user_can_checkin(self):
user = AuthUserFactory()
self.node.add_contributor(user, permissions=['read', 'write'])
self.node.save()
assert_true(self.node.can_edit(user=user))
self.file.checkout = user
self.file.save()
res = self.app.put_json_api(
'/{}files/{}/'.format(API_BASE, self.file._id),
{'data': {'id': self.file._id, 'type': 'files', 'attributes': {'checkout': None}}},
auth=user.auth,
)
self.file.reload()
assert_equal(res.status_code, 200)
assert_equal(self.file.checkout, None)
def test_removed_contrib_files_checked_in(self):
user = AuthUserFactory()
self.node.add_contributor(user, permissions=['read', 'write'])
self.node.save()
assert_true(self.node.can_edit(user=user))
self.file.checkout = user
self.file.save()
assert_true(self.file.is_checked_out)
with capture_signals() as mock_signals:
self.node.remove_contributor(user, auth=Auth(user))
assert_equal(mock_signals.signals_sent(), set([contributor_removed]))
self.file.reload()
assert_false(self.file.is_checked_out)
def test_must_be_osfstorage(self):
self.file.provider = 'github'
self.file.save()
res = self.app.put_json_api(
'/{}files/{}/'.format(API_BASE, self.file._id),
{'data': {'id': self.file._id, 'type': 'files', 'attributes': {'checkout': self.user._id}}},
auth=self.user.auth,
expect_errors=True,
)
assert_equal(res.status_code, 403)
class MendeleyNodeSettingsTestCase(OsfTestCase):
def setUp(self):
super(MendeleyNodeSettingsTestCase, self).setUp()
self.node = ProjectFactory()
self.node_settings = model.MendeleyNodeSettings(owner=self.node)
self.node_settings.save()
self.user = self.node.creator
self.user_settings = self.user.get_or_add_addon('mendeley')
def tearDown(self):
super(MendeleyNodeSettingsTestCase, self).tearDown()
self.user_settings.remove()
self.node_settings.remove()
self.node.remove()
self.user.remove()
@mock.patch('website.addons.mendeley.model.Mendeley')
def test_api_not_cached(self, mock_mendeley):
# The first call to .api returns a new object
api = self.node_settings.api
mock_mendeley.assert_called_once()
assert_equal(api, mock_mendeley())
@mock.patch('website.addons.mendeley.model.Mendeley')
def test_api_cached(self, mock_mendeley):
# Repeated calls to .api returns the same object
self.node_settings._api = 'testapi'
api = self.node_settings.api
assert_false(mock_mendeley.called)
assert_equal(api, 'testapi')
def test_set_auth(self):
external_account = ExternalAccountFactory()
self.user.external_accounts.append(external_account)
self.user.save()
# this should be reset after the call
self.node_settings.mendeley_list_id = 'anything'
self.node_settings.set_auth(
external_account=external_account,
user=self.user
)
# this instance is updated
assert_equal(
self.node_settings.external_account,
external_account
)
assert_equal(
self.node_settings.user_settings,
self.user_settings
)
assert_is_none(
self.node_settings.mendeley_list_id
)
# user_settings was updated
# TODO: The call to grant_oauth_access in set_auth should be mocked
assert_true(
self.user_settings.verify_oauth_access(
node=self.node,
external_account=external_account,
)
)
def test_set_auth_wrong_user(self):
external_account = ExternalAccountFactory()
self.user.external_accounts.append(external_account)
self.user.save()
with assert_raises(PermissionsError):
self.node_settings.set_auth(
external_account=external_account,
user=UserFactory()
)
def test_deauthorize(self):
self.node_settings.external_account = ExternalAccountFactory()
self.node_settings.mendeley_list_id = 'something'
self.node_settings.user_settings = self.user_settings
self.node_settings.save()
assert_true(self.node_settings.mendeley_list_id)
self.node_settings.deauthorize(auth=Auth(self.user))
self.node_settings.save()
assert_is(self.node_settings.user_settings, None)
assert_is(self.node_settings.mendeley_list_id, None)
last_log = self.node.logs[-1]
assert_equal(last_log.action, 'mendeley_node_deauthorized')
params = last_log.params
assert_in('node', params)
assert_in('project', params)
def test_clear_auth(self):
self.node_settings.external_account = ExternalAccountFactory()
self.node_settings.mendeley_list_id = 'something'
self.node_settings.user_settings = self.user_settings
self.node_settings.save()
self.node_settings.clear_auth()
assert_is_none(self.node_settings.external_account)
assert_is_none(self.node_settings.mendeley_list_id)
assert_is_none(self.node_settings.user_settings)
def test_set_target_folder(self):
folder_id = 'fake-folder-id'
folder_name = 'fake-folder-name'
external_account = ExternalAccountFactory()
self.user.external_accounts.append(external_account)
self.user.save()
self.node_settings.set_auth(
external_account=external_account,
user=self.user,
)
assert_is_none(self.node_settings.mendeley_list_id)
self.node_settings.set_target_folder(
folder_id,
folder_name,
auth=Auth(user=self.user),
)
# instance was updated
assert_equal(
self.node_settings.mendeley_list_id,
'fake-folder-id',
)
# user_settings was updated
# TODO: the call to grant_oauth_access should be mocked
assert_true(
self.user_settings.verify_oauth_access(
node=self.node,
external_account=external_account,
metadata={'folder': 'fake-folder-id'}
)
)
log = self.node.logs[-1]
assert_equal(log.action, 'mendeley_folder_selected')
assert_equal(log.params['folder_id'], folder_id)
assert_equal(log.params['folder_name'], folder_name)
def test_has_auth_false(self):
external_account = ExternalAccountFactory()
assert_false(self.node_settings.has_auth)
# both external_account and user_settings must be set to have auth
self.node_settings.external_account = external_account
assert_false(self.node_settings.has_auth)
self.node_settings.external_account = None
self.node_settings.user_settings = self.user_settings
assert_false(self.node_settings.has_auth)
# set_auth must be called to have auth
self.node_settings.external_account = external_account
self.node_settings.user_settings = self.user_settings
assert_false(self.node_settings.has_auth)
def test_has_auth_true(self):
external_account = ExternalAccountFactory()
self.user.external_accounts.append(external_account)
self.node_settings.set_auth(external_account, self.user)
# mendeley_list_id should have no effect
self.node_settings.mendeley_list_id = None
assert_true(self.node_settings.has_auth)
# mendeley_list_id should have no effect
self.node_settings.mendeley_list_id = 'totally fake ID'
assert_true(self.node_settings.has_auth)
def test_selected_folder_name_root(self):
self.node_settings.mendeley_list_id = 'ROOT'
assert_equal(
self.node_settings.selected_folder_name,
"All Documents"
)
def test_selected_folder_name_empty(self):
self.node_settings.mendeley_list_id = None
assert_equal(
self.node_settings.selected_folder_name,
''
)
@mock.patch('website.addons.mendeley.model.Mendeley._folder_metadata')
def test_selected_folder_name(self, mock_folder_metadata):
# Mock the return from api call to get the folder's name
mock_folder = mock.Mock()
mock_folder.name = 'Fake Folder'
# Add the mocked return object to the mocked api client
mock_folder_metadata.return_value = mock_folder
self.node_settings.mendeley_list_id = 'fake-list-id'
assert_equal(
self.node_settings.selected_folder_name,
'Fake Folder'
)
# TODO: Make these tests generic and move to core
@mock.patch('framework.status.push_status_message')
def test_remove_contributor_authorizer(self, mock_push_status):
external_account = ExternalAccountFactory()
self.user.external_accounts.append(external_account)
self.node_settings.set_auth(external_account, self.user)
contributor = UserFactory()
self.node.add_contributor(contributor, permissions=['read', 'write', 'admin'])
self.node.remove_contributor(self.node.creator, auth=Auth(user=contributor))
assert_false(self.node_settings.has_auth)
assert_false(self.user_settings.verify_oauth_access(self.node, external_account))
def test_remove_contributor_not_authorizer(self):
external_account = ExternalAccountFactory()
self.user.external_accounts.append(external_account)
self.node_settings.set_auth(external_account, self.user)
contributor = UserFactory()
self.node.add_contributor(contributor)
self.node.remove_contributor(contributor, auth=Auth(user=self.node.creator))
assert_true(self.node_settings.has_auth)
assert_true(self.user_settings.verify_oauth_access(self.node, external_account))
@mock.patch('framework.status.push_status_message')
def test_fork_by_authorizer(self, mock_push_status):
external_account = ExternalAccountFactory()
self.user.external_accounts.append(external_account)
self.node_settings.set_auth(external_account, self.user)
fork = self.node.fork_node(auth=Auth(user=self.node.creator))
assert_true(fork.get_addon('mendeley').has_auth)
assert_true(self.user_settings.verify_oauth_access(fork, external_account))
@mock.patch('framework.status.push_status_message')
def test_fork_not_by_authorizer(self, mock_push_status):
external_account = ExternalAccountFactory()
self.user.external_accounts.append(external_account)
self.node_settings.set_auth(external_account, self.user)
contributor = UserFactory()
self.node.add_contributor(contributor)
fork = self.node.fork_node(auth=Auth(user=contributor))
assert_false(fork.get_addon('mendeley').has_auth)
assert_false(self.user_settings.verify_oauth_access(fork, external_account))
class TestFileView(ApiTestCase):
def setUp(self):
super(TestFileView, self).setUp()
self.user = AuthUserFactory()
self.node = ProjectFactory(creator=self.user, comment_level="public")
self.file = api_utils.create_test_file(self.node, self.user, create_guid=False)
self.file_url = "/{}files/{}/".format(API_BASE, self.file._id)
def test_must_have_auth(self):
res = self.app.get(self.file_url, expect_errors=True)
assert_equal(res.status_code, 401)
def test_must_be_contributor(self):
user = AuthUserFactory()
res = self.app.get(self.file_url, auth=user.auth, expect_errors=True)
assert_equal(res.status_code, 403)
def test_unvisited_file_has_no_guid(self):
res = self.app.get(self.file_url, auth=self.user.auth)
assert_equal(res.status_code, 200)
assert_equal(res.json["data"]["attributes"]["guid"], None)
def test_visited_file_has_guid(self):
guid = self.file.get_guid(create=True)
res = self.app.get(self.file_url, auth=self.user.auth)
assert_equal(res.status_code, 200)
assert_is_not_none(guid)
assert_equal(res.json["data"]["attributes"]["guid"], guid._id)
@mock.patch("api.base.throttling.CreateGuidThrottle.allow_request")
def test_file_guid_not_created_with_basic_auth(self, mock_allow):
res = self.app.get(self.file_url + "?create_guid=1", auth=self.user.auth)
guid = res.json["data"]["attributes"].get("guid", None)
assert_equal(res.status_code, 200)
assert_equal(mock_allow.call_count, 1)
assert guid is None
@mock.patch("api.base.throttling.CreateGuidThrottle.allow_request")
def test_file_guid_created_with_cookie(self, mock_allow):
session = Session(data={"auth_user_id": self.user._id})
session.save()
cookie = itsdangerous.Signer(website_settings.SECRET_KEY).sign(session._id)
self.app.set_cookie(website_settings.COOKIE_NAME, str(cookie))
res = self.app.get(self.file_url + "?create_guid=1", auth=self.user.auth)
self.app.reset() # clear cookie
assert_equal(res.status_code, 200)
guid = res.json["data"]["attributes"].get("guid", None)
assert_is_not_none(guid)
assert_equal(guid, self.file.get_guid()._id)
assert_equal(mock_allow.call_count, 1)
def test_get_file(self):
res = self.app.get(self.file_url, auth=self.user.auth)
self.file.versions[-1]._clear_caches()
self.file.versions[-1].reload()
assert_equal(res.status_code, 200)
assert_equal(res.json.keys(), ["data"])
attributes = res.json["data"]["attributes"]
assert_equal(attributes["path"], self.file.path)
assert_equal(attributes["kind"], self.file.kind)
assert_equal(attributes["name"], self.file.name)
assert_equal(attributes["materialized_path"], self.file.materialized_path)
assert_equal(attributes["last_touched"], None)
assert_equal(attributes["provider"], self.file.provider)
assert_equal(attributes["size"], self.file.versions[-1].size)
assert_equal(attributes["current_version"], len(self.file.history))
assert_equal(
attributes["date_modified"], _dt_to_iso8601(self.file.versions[-1].date_created.replace(tzinfo=pytz.utc))
)
assert_equal(
attributes["date_created"], _dt_to_iso8601(self.file.versions[0].date_created.replace(tzinfo=pytz.utc))
)
assert_equal(attributes["extra"]["hashes"]["md5"], None)
assert_equal(attributes["extra"]["hashes"]["sha256"], None)
assert_equal(attributes["tags"], [])
def test_file_has_rel_link_to_owning_project(self):
res = self.app.get(self.file_url, auth=self.user.auth)
assert_equal(res.status_code, 200)
assert_in("node", res.json["data"]["relationships"].keys())
expected_url = self.node.api_v2_url
actual_url = res.json["data"]["relationships"]["node"]["links"]["related"]["href"]
assert_in(expected_url, actual_url)
def test_file_has_comments_link(self):
self.file.get_guid(create=True)
res = self.app.get(self.file_url, auth=self.user.auth)
assert_equal(res.status_code, 200)
assert_in("comments", res.json["data"]["relationships"].keys())
url = res.json["data"]["relationships"]["comments"]["links"]["related"]["href"]
assert_equal(self.app.get(url, auth=self.user.auth).status_code, 200)
assert_equal(res.json["data"]["type"], "files")
def test_file_has_correct_unread_comments_count(self):
contributor = AuthUserFactory()
self.node.add_contributor(contributor, auth=Auth(self.user), save=True)
comment = CommentFactory(node=self.node, target=self.file.get_guid(create=True), user=contributor, page="files")
res = self.app.get("/{}files/{}/?related_counts=True".format(API_BASE, self.file._id), auth=self.user.auth)
assert_equal(res.status_code, 200)
unread_comments = res.json["data"]["relationships"]["comments"]["links"]["related"]["meta"]["unread"]
assert_equal(unread_comments, 1)
def test_only_project_contrib_can_comment_on_closed_project(self):
self.node.comment_level = "private"
self.node.is_public = True
self.node.save()
res = self.app.get(self.file_url, auth=self.user.auth)
can_comment = res.json["data"]["attributes"]["current_user_can_comment"]
assert_equal(res.status_code, 200)
assert_equal(can_comment, True)
non_contributor = AuthUserFactory()
res = self.app.get(self.file_url, auth=non_contributor.auth)
can_comment = res.json["data"]["attributes"]["current_user_can_comment"]
assert_equal(res.status_code, 200)
assert_equal(can_comment, False)
def test_any_loggedin_user_can_comment_on_open_project(self):
self.node.is_public = True
self.node.save()
non_contributor = AuthUserFactory()
res = self.app.get(self.file_url, auth=non_contributor.auth)
can_comment = res.json["data"]["attributes"]["current_user_can_comment"]
assert_equal(res.status_code, 200)
assert_equal(can_comment, True)
def test_non_logged_in_user_cant_comment(self):
self.node.is_public = True
self.node.save()
res = self.app.get(self.file_url)
can_comment = res.json["data"]["attributes"]["current_user_can_comment"]
assert_equal(res.status_code, 200)
assert_equal(can_comment, False)
def test_checkout(self):
assert_equal(self.file.checkout, None)
res = self.app.put_json_api(
self.file_url,
{"data": {"id": self.file._id, "type": "files", "attributes": {"checkout": self.user._id}}},
auth=self.user.auth,
)
self.file.reload()
self.file.save()
self.node.reload()
assert_equal(res.status_code, 200)
assert_equal(self.file.checkout, self.user)
res = self.app.get(self.file_url, auth=self.user.auth)
assert_equal(len(self.node.logs), 2)
assert_equal(self.node.logs[-1].action, NodeLog.CHECKED_OUT)
assert_equal(self.node.logs[-1].user, self.user)
assert_equal(self.user._id, res.json["data"]["relationships"]["checkout"]["links"]["related"]["meta"]["id"])
assert_in(
"/{}users/{}/".format(API_BASE, self.user._id),
res.json["data"]["relationships"]["checkout"]["links"]["related"]["href"],
)
res = self.app.put_json_api(
self.file_url,
{"data": {"id": self.file._id, "type": "files", "attributes": {"checkout": None}}},
auth=self.user.auth,
)
self.file.reload()
assert_equal(self.file.checkout, None)
assert_equal(res.status_code, 200)
def test_checkout_file_no_type(self):
res = self.app.put_json_api(
self.file_url,
{"data": {"id": self.file._id, "attributes": {"checkout": self.user._id}}},
auth=self.user.auth,
expect_errors=True,
)
assert_equal(res.status_code, 400)
def test_checkout_file_no_id(self):
res = self.app.put_json_api(
self.file_url,
{"data": {"type": "files", "attributes": {"checkout": self.user._id}}},
auth=self.user.auth,
expect_errors=True,
)
assert_equal(res.status_code, 400)
def test_checkout_file_incorrect_type(self):
res = self.app.put_json_api(
self.file_url,
{"data": {"id": self.file._id, "type": "Wrong type.", "attributes": {"checkout": self.user._id}}},
auth=self.user.auth,
expect_errors=True,
)
assert_equal(res.status_code, 409)
def test_checkout_file_incorrect_id(self):
res = self.app.put_json_api(
self.file_url,
{"data": {"id": "12345", "type": "files", "attributes": {"checkout": self.user._id}}},
auth=self.user.auth,
expect_errors=True,
)
assert_equal(res.status_code, 409)
def test_checkout_file_no_attributes(self):
res = self.app.put_json_api(
self.file_url, {"data": {"id": self.file._id, "type": "files"}}, auth=self.user.auth, expect_errors=True
)
assert_equal(res.status_code, 400)
def test_must_set_self(self):
user = UserFactory()
assert_equal(self.file.checkout, None)
res = self.app.put_json_api(
self.file_url,
{"data": {"id": self.file._id, "type": "files", "attributes": {"checkout": user._id}}},
auth=self.user.auth,
expect_errors=True,
)
self.file.reload()
assert_equal(res.status_code, 400)
assert_equal(self.file.checkout, None)
def test_must_be_self(self):
user = AuthUserFactory()
self.file.checkout = self.user
self.file.save()
res = self.app.put_json_api(
self.file_url,
{"data": {"id": self.file._id, "type": "files", "attributes": {"checkout": user._id}}},
auth=user.auth,
expect_errors=True,
)
self.file.reload()
assert_equal(res.status_code, 403)
assert_equal(self.file.checkout, self.user)
def test_admin_can_checkin(self):
user = UserFactory()
self.node.add_contributor(user)
self.file.checkout = user
self.file.save()
res = self.app.put_json_api(
self.file_url,
{"data": {"id": self.file._id, "type": "files", "attributes": {"checkout": None}}},
auth=self.user.auth,
expect_errors=True,
)
self.file.reload()
self.node.reload()
assert_equal(res.status_code, 200)
assert_equal(self.file.checkout, None)
assert_equal(self.node.logs[-1].action, NodeLog.CHECKED_IN)
assert_equal(self.node.logs[-1].user, self.user)
def test_admin_can_checkout(self):
res = self.app.put_json_api(
self.file_url,
{"data": {"id": self.file._id, "type": "files", "attributes": {"checkout": self.user._id}}},
auth=self.user.auth,
expect_errors=True,
)
self.file.reload()
self.node.reload()
assert_equal(res.status_code, 200)
assert_equal(self.file.checkout, self.user)
assert_equal(self.node.logs[-1].action, NodeLog.CHECKED_OUT)
assert_equal(self.node.logs[-1].user, self.user)
def test_cannot_checkin_when_already_checked_in(self):
count = len(self.node.logs)
assert_false(self.file.is_checked_out)
res = self.app.put_json_api(
self.file_url,
{"data": {"id": self.file._id, "type": "files", "attributes": {"checkout": None}}},
auth=self.user.auth,
expect_errors=True,
)
self.file.reload()
self.node.reload()
assert_equal(res.status_code, 200)
assert_equal(len(self.node.logs), count)
assert_equal(self.file.checkout, None)
def test_cannot_checkout_when_checked_out(self):
user = UserFactory()
self.node.add_contributor(user)
self.file.checkout = user
self.file.save()
count = len(self.node.logs)
res = self.app.put_json_api(
self.file_url,
{"data": {"id": self.file._id, "type": "files", "attributes": {"checkout": self.user._id}}},
auth=self.user.auth,
expect_errors=True,
)
self.file.reload()
self.node.reload()
assert_equal(res.status_code, 200)
assert_equal(self.file.checkout, user)
assert_equal(len(self.node.logs), count)
def test_noncontrib_cannot_checkout(self):
user = AuthUserFactory()
assert_equal(self.file.checkout, None)
assert user._id not in self.node.permissions.keys()
res = self.app.put_json_api(
self.file_url,
{"data": {"id": self.file._id, "type": "files", "attributes": {"checkout": self.user._id}}},
auth=user.auth,
expect_errors=True,
)
self.file.reload()
self.node.reload()
assert_equal(res.status_code, 403)
assert_equal(self.file.checkout, None)
assert self.node.logs[-1].action != NodeLog.CHECKED_OUT
def test_read_contrib_cannot_checkout(self):
user = AuthUserFactory()
self.node.add_contributor(user, permissions=["read"])
self.node.save()
assert_false(self.node.can_edit(user=user))
res = self.app.put_json_api(
self.file_url,
{"data": {"id": self.file._id, "type": "files", "attributes": {"checkout": None}}},
auth=user.auth,
expect_errors=True,
)
self.file.reload()
assert_equal(res.status_code, 403)
assert_equal(self.file.checkout, None)
assert self.node.logs[-1].action != NodeLog.CHECKED_OUT
def test_user_can_checkin(self):
user = AuthUserFactory()
self.node.add_contributor(user, permissions=["read", "write"])
self.node.save()
assert_true(self.node.can_edit(user=user))
self.file.checkout = user
self.file.save()
res = self.app.put_json_api(
self.file_url,
{"data": {"id": self.file._id, "type": "files", "attributes": {"checkout": None}}},
auth=user.auth,
)
self.file.reload()
assert_equal(res.status_code, 200)
assert_equal(self.file.checkout, None)
def test_removed_contrib_files_checked_in(self):
user = AuthUserFactory()
self.node.add_contributor(user, permissions=["read", "write"])
self.node.save()
assert_true(self.node.can_edit(user=user))
self.file.checkout = user
self.file.save()
assert_true(self.file.is_checked_out)
with capture_signals() as mock_signals:
self.node.remove_contributor(user, auth=Auth(user))
assert_equal(mock_signals.signals_sent(), set([contributor_removed]))
self.file.reload()
assert_false(self.file.is_checked_out)
def test_must_be_osfstorage(self):
self.file.provider = "github"
self.file.save()
res = self.app.put_json_api(
self.file_url,
{"data": {"id": self.file._id, "type": "files", "attributes": {"checkout": self.user._id}}},
auth=self.user.auth,
expect_errors=True,
)
assert_equal(res.status_code, 403)
def test_get_file_resolves_guids(self):
guid = self.file.get_guid(create=True)
url = "/{}files/{}/".format(API_BASE, guid._id)
res = self.app.get(url, auth=self.user.auth)
assert_equal(res.status_code, 200)
assert_equal(res.json.keys(), ["data"])
assert_equal(res.json["data"]["attributes"]["path"], self.file.path)
def test_get_file_invalid_guid_gives_404(self):
url = "/{}files/{}/".format(API_BASE, "asdasasd")
res = self.app.get(url, auth=self.user.auth, expect_errors=True)
assert_equal(res.status_code, 404)
def test_get_file_non_file_guid_gives_404(self):
url = "/{}files/{}/".format(API_BASE, self.node._id)
res = self.app.get(url, auth=self.user.auth, expect_errors=True)
assert_equal(res.status_code, 404)
def test_current_version_is_equal_to_length_of_history(self):
res = self.app.get(self.file_url, auth=self.user.auth)
assert_equal(res.json["data"]["attributes"]["current_version"], 1)
for version in range(2, 4):
self.file.create_version(
self.user,
{
"object": "06d80e" + str(version),
"service": "cloud",
osfstorage_settings.WATERBUTLER_RESOURCE: "osf",
},
{"size": 1337, "contentType": "img/png"},
).save()
res = self.app.get(self.file_url, auth=self.user.auth)
assert_equal(res.json["data"]["attributes"]["current_version"], version)
class MendeleyNodeSettingsTestCase(OsfTestCase):
def setUp(self):
super(MendeleyNodeSettingsTestCase, self).setUp()
self.node = ProjectFactory()
self.node_settings = model.MendeleyNodeSettings(owner=self.node)
self.node_settings.save()
self.user = self.node.creator
self.user_settings = self.user.get_or_add_addon('mendeley')
def tearDown(self):
super(MendeleyNodeSettingsTestCase, self).tearDown()
self.user_settings.remove()
self.node_settings.remove()
self.node.remove()
self.user.remove()
@mock.patch('website.addons.mendeley.model.Mendeley')
def test_api_not_cached(self, mock_mendeley):
# The first call to .api returns a new object
api = self.node_settings.api
mock_mendeley.assert_called_once()
assert_equal(api, mock_mendeley())
@mock.patch('website.addons.mendeley.model.Mendeley')
def test_api_cached(self, mock_mendeley):
# Repeated calls to .api returns the same object
self.node_settings._api = 'testapi'
api = self.node_settings.api
assert_false(mock_mendeley.called)
assert_equal(api, 'testapi')
def test_set_auth(self):
external_account = MendeleyAccountFactory()
self.user.external_accounts.append(external_account)
self.user.save()
# this should be reset after the call
self.node_settings.mendeley_list_id = 'anything'
self.node_settings.set_auth(external_account=external_account,
user=self.user)
# this instance is updated
assert_equal(self.node_settings.external_account, external_account)
assert_equal(self.node_settings.user_settings, self.user_settings)
assert_is_none(self.node_settings.mendeley_list_id)
# user_settings was updated
# TODO: The call to grant_oauth_access in set_auth should be mocked
assert_true(
self.user_settings.verify_oauth_access(
node=self.node,
external_account=external_account,
))
def test_set_auth_wrong_user(self):
external_account = MendeleyAccountFactory()
self.user.external_accounts.append(external_account)
self.user.save()
with assert_raises(PermissionsError):
self.node_settings.set_auth(external_account=external_account,
user=UserFactory())
def test_deauthorize(self):
self.node_settings.external_account = MendeleyAccountFactory()
self.node_settings.mendeley_list_id = 'something'
self.node_settings.user_settings = self.user_settings
self.node_settings.save()
assert_true(self.node_settings.mendeley_list_id)
self.node_settings.deauthorize(auth=Auth(self.user))
self.node_settings.save()
assert_is(self.node_settings.user_settings, None)
assert_is(self.node_settings.mendeley_list_id, None)
last_log = self.node.logs[-1]
assert_equal(last_log.action, 'mendeley_node_deauthorized')
params = last_log.params
assert_in('node', params)
assert_in('project', params)
def test_clear_auth(self):
self.node_settings.external_account = MendeleyAccountFactory()
self.node_settings.mendeley_list_id = 'something'
self.node_settings.user_settings = self.user_settings
self.node_settings.save()
self.node_settings.clear_auth()
assert_is_none(self.node_settings.external_account)
assert_is_none(self.node_settings.mendeley_list_id)
assert_is_none(self.node_settings.user_settings)
def test_set_target_folder(self):
folder_id = 'fake-folder-id'
folder_name = 'fake-folder-name'
external_account = MendeleyAccountFactory()
self.user.external_accounts.append(external_account)
self.user.save()
self.node_settings.set_auth(
external_account=external_account,
user=self.user,
)
assert_is_none(self.node_settings.mendeley_list_id)
self.node_settings.set_target_folder(
folder_id,
folder_name,
auth=Auth(user=self.user),
)
# instance was updated
assert_equal(
self.node_settings.mendeley_list_id,
'fake-folder-id',
)
# user_settings was updated
# TODO: the call to grant_oauth_access should be mocked
assert_true(
self.user_settings.verify_oauth_access(
node=self.node,
external_account=external_account,
metadata={'folder': 'fake-folder-id'}))
log = self.node.logs[-1]
assert_equal(log.action, 'mendeley_folder_selected')
assert_equal(log.params['folder_id'], folder_id)
assert_equal(log.params['folder_name'], folder_name)
def test_has_auth_false(self):
external_account = MendeleyAccountFactory()
assert_false(self.node_settings.has_auth)
# both external_account and user_settings must be set to have auth
self.node_settings.external_account = external_account
assert_false(self.node_settings.has_auth)
self.node_settings.external_account = None
self.node_settings.user_settings = self.user_settings
assert_false(self.node_settings.has_auth)
# set_auth must be called to have auth
self.node_settings.external_account = external_account
self.node_settings.user_settings = self.user_settings
assert_false(self.node_settings.has_auth)
def test_has_auth_true(self):
external_account = MendeleyAccountFactory()
self.user.external_accounts.append(external_account)
self.node_settings.set_auth(external_account, self.user)
# mendeley_list_id should have no effect
self.node_settings.mendeley_list_id = None
assert_true(self.node_settings.has_auth)
# mendeley_list_id should have no effect
self.node_settings.mendeley_list_id = 'totally fake ID'
assert_true(self.node_settings.has_auth)
def test_selected_folder_name_root(self):
self.node_settings.mendeley_list_id = 'ROOT'
assert_equal(self.node_settings.selected_folder_name, "All Documents")
def test_selected_folder_name_empty(self):
self.node_settings.mendeley_list_id = None
assert_equal(self.node_settings.selected_folder_name, '')
@mock.patch('website.addons.mendeley.model.Mendeley._folder_metadata')
def test_selected_folder_name(self, mock_folder_metadata):
# Mock the return from api call to get the folder's name
mock_folder = mock.Mock()
mock_folder.name = 'Fake Folder'
# Add the mocked return object to the mocked api client
mock_folder_metadata.return_value = mock_folder
self.node_settings.mendeley_list_id = 'fake-list-id'
assert_equal(self.node_settings.selected_folder_name, 'Fake Folder')
# TODO: Make these tests generic and move to core
@mock.patch('framework.status.push_status_message')
def test_remove_contributor_authorizer(self, mock_push_status):
external_account = MendeleyAccountFactory()
self.user.external_accounts.append(external_account)
self.user.save()
self.node_settings.set_auth(external_account, self.user)
contributor = UserFactory()
self.node.add_contributor(contributor,
permissions=['read', 'write', 'admin'])
self.node.remove_contributor(self.node.creator,
auth=Auth(user=contributor))
assert_false(self.node_settings.has_auth)
assert_false(
self.user_settings.verify_oauth_access(self.node,
external_account))
def test_remove_contributor_not_authorizer(self):
external_account = MendeleyAccountFactory()
self.user.external_accounts.append(external_account)
self.node_settings.set_auth(external_account, self.user)
contributor = UserFactory()
self.node.add_contributor(contributor)
self.node.remove_contributor(contributor,
auth=Auth(user=self.node.creator))
assert_true(self.node_settings.has_auth)
assert_true(
self.user_settings.verify_oauth_access(self.node,
external_account))
@mock.patch('framework.status.push_status_message')
def test_fork_by_authorizer(self, mock_push_status):
external_account = MendeleyAccountFactory()
self.user.external_accounts.append(external_account)
self.node_settings.set_auth(external_account, self.user)
fork = self.node.fork_node(auth=Auth(user=self.node.creator))
assert_true(fork.get_addon('mendeley').has_auth)
assert_true(
self.user_settings.verify_oauth_access(fork, external_account))
@mock.patch('framework.status.push_status_message')
def test_fork_not_by_authorizer(self, mock_push_status):
external_account = MendeleyAccountFactory()
self.user.external_accounts.append(external_account)
self.node_settings.set_auth(external_account, self.user)
contributor = UserFactory()
self.node.add_contributor(contributor)
fork = self.node.fork_node(auth=Auth(user=contributor))
assert_false(fork.get_addon('mendeley').has_auth)
assert_false(
self.user_settings.verify_oauth_access(fork, external_account))
class TestNodeLogList(ApiTestCase):
def setUp(self):
super(TestNodeLogList, self).setUp()
self.user = AuthUserFactory()
self.contrib = AuthUserFactory()
self.creator = AuthUserFactory()
self.user_auth = Auth(self.user)
self.NodeLogFactory = ProjectFactory()
self.pointer = ProjectFactory()
self.private_project = ProjectFactory(is_public=False, creator=self.user)
self.private_url = '/{}nodes/{}/logs/'.format(API_BASE, self.private_project._id)
self.public_project = ProjectFactory(is_public=True, creator=self.user)
self.public_url = '/{}nodes/{}/logs/'.format(API_BASE, self.public_project._id)
def tearDown(self):
super(TestNodeLogList, self).tearDown()
NodeLog.remove()
def test_add_tag(self):
user_auth = Auth(self.user)
self.public_project.add_tag("Jeff Spies", auth=user_auth)
assert_equal("tag_added", self.public_project.logs[OSF_LATEST].action)
res = self.app.get(self.public_url, auth=self.user.auth)
assert_equal(res.status_code, 200)
assert_equal(len(res.json['data']), len(self.public_project.logs))
assert_equal(res.json['data'][API_LATEST]['attributes']['action'], 'tag_added')
assert_equal("Jeff Spies", self.public_project.logs[OSF_LATEST].params['tag'])
def test_remove_tag(self):
user_auth = Auth(self.user)
self.public_project.add_tag("Jeff Spies", auth=user_auth)
assert_equal("tag_added", self.public_project.logs[OSF_LATEST].action)
self.public_project.remove_tag("Jeff Spies", auth=self.user_auth)
assert_equal("tag_removed", self.public_project.logs[OSF_LATEST].action)
res = self.app.get(self.public_url, auth=self.user)
assert_equal(res.status_code, 200)
assert_equal(len(res.json['data']), len(self.public_project.logs))
assert_equal(res.json['data'][API_LATEST]['attributes']['action'], 'tag_removed')
assert_equal("Jeff Spies", self.public_project.logs[OSF_LATEST].params['tag'])
def test_project_created(self):
res = self.app.get(self.public_url)
assert_equal(res.status_code, 200)
assert_equal(len(res.json['data']), len(self.public_project.logs))
assert_equal(self.public_project.logs[OSF_FIRST].action, "project_created")
assert_equal(self.public_project.logs[OSF_FIRST].action,res.json['data'][API_LATEST]['attributes']['action'])
def test_log_create_on_public_project(self):
res = self.app.get(self.public_url)
assert_equal(res.status_code, 200)
assert_equal(len(res.json['data']), len(self.public_project.logs))
assert_datetime_equal(parse_date(res.json['data'][API_FIRST]['attributes']['date']),
self.public_project.logs[OSF_FIRST].date)
assert_equal(res.json['data'][API_FIRST]['attributes']['action'], self.public_project.logs[OSF_FIRST].action)
def test_log_create_on_private_project(self):
res = self.app.get(self.private_url, auth=self.user.auth)
assert_equal(res.status_code, 200)
assert_equal(len(res.json['data']), len(self.public_project.logs))
assert_datetime_equal(datetime.datetime.strptime(res.json['data'][API_FIRST]['attributes']['date'], "%Y-%m-%dT%H:%M:%S.%f"),
self.private_project.logs[OSF_FIRST].date)
assert_equal(res.json['data'][API_FIRST]['attributes']['action'], self.private_project.logs[OSF_FIRST].action)
def test_add_addon(self):
self.public_project.add_addon('github', auth=self.user_auth)
assert_equal('addon_added', self.public_project.logs[OSF_LATEST].action)
res = self.app.get(self.public_url, auth=self.user.auth)
assert_equal(res.status_code, 200)
assert_equal(len(res.json['data']), len(self.public_project.logs))
assert_equal(res.json['data'][API_LATEST]['attributes']['action'], 'addon_added')
def test_project_add_remove_contributor(self):
self.public_project.add_contributor(self.contrib, auth=self.user_auth)
assert_equal('contributor_added', self.public_project.logs[OSF_LATEST].action)
self.public_project.remove_contributor(self.contrib, auth=self.user_auth)
assert_equal('contributor_removed', self.public_project.logs[OSF_LATEST].action)
res = self.app.get(self.public_url, auth=self.user.auth)
assert_equal(res.status_code, 200)
assert_equal(len(res.json['data']), len(self.public_project.logs))
assert_equal(res.json['data'][API_LATEST]['attributes']['action'], 'contributor_removed')
assert_equal(res.json['data'][1]['attributes']['action'], 'contributor_added')
def test_remove_addon(self):
self.public_project.add_addon('github', auth=self.user_auth)
assert_equal('addon_added', self.public_project.logs[OSF_LATEST].action)
self.public_project.delete_addon('github', auth=self.user_auth)
assert_equal('addon_removed', self.public_project.logs[OSF_LATEST].action)
res = self.app.get(self.public_url, auth=self.user.auth)
assert_equal(res.status_code, 200)
assert_equal(len(res.json['data']), len(self.public_project.logs))
assert_equal(res.json['data'][API_LATEST]['attributes']['action'], 'addon_removed')
def test_add_pointer(self):
self.public_project.add_pointer(self.pointer, auth=Auth(self.user), save=True)
assert_equal('pointer_created', self.public_project.logs[OSF_LATEST].action)
res = self.app.get(self.public_url, auth=self.user.auth)
assert_equal(res.status_code, 200)
assert_equal(len(res.json['data']), len(self.public_project.logs))
assert_equal(res.json['data'][API_LATEST]['attributes']['action'], 'pointer_created')
class TestPublicNodes(SearchTestCase):
def setUp(self):
super(TestPublicNodes, self).setUp()
self.user = UserFactory(usename="Doug Bogie")
self.title = "Red Special"
self.consolidate_auth = Auth(user=self.user)
self.project = ProjectFactory(title=self.title, creator=self.user, is_public=True)
self.component = NodeFactory(parent=self.project, title=self.title, creator=self.user, is_public=True)
self.registration = ProjectFactory(title=self.title, creator=self.user, is_public=True, is_registration=True)
def test_make_private(self):
"""Make project public, then private, and verify that it is not present
in search.
"""
self.project.set_privacy("private")
docs = query("category:project AND " + self.title)["results"]
assert_equal(len(docs), 0)
self.component.set_privacy("private")
docs = query("category:component AND " + self.title)["results"]
assert_equal(len(docs), 0)
self.registration.set_privacy("private")
docs = query("category:registration AND " + self.title)["results"]
assert_equal(len(docs), 0)
def test_public_parent_title(self):
self.project.set_title("hello & world", self.consolidate_auth)
self.project.save()
docs = query("category:component AND " + self.title)["results"]
assert_equal(len(docs), 1)
assert_equal(docs[0]["parent_title"], "hello & world")
assert_true(docs[0]["parent_url"])
def test_make_parent_private(self):
"""Make parent of component, public, then private, and verify that the
component still appears but doesn't link to the parent in search.
"""
self.project.set_privacy("private")
docs = query("category:component AND " + self.title)["results"]
assert_equal(len(docs), 1)
assert_equal(docs[0]["parent_title"], "-- private project --")
assert_false(docs[0]["parent_url"])
def test_delete_project(self):
"""
"""
self.component.remove_node(self.consolidate_auth)
docs = query("category:component AND " + self.title)["results"]
assert_equal(len(docs), 0)
self.project.remove_node(self.consolidate_auth)
docs = query("category:project AND " + self.title)["results"]
assert_equal(len(docs), 0)
def test_change_title(self):
"""
"""
title_original = self.project.title
self.project.set_title("Blue Ordinary", self.consolidate_auth, save=True)
docs = query("category:project AND " + title_original)["results"]
assert_equal(len(docs), 0)
docs = query("category:project AND " + self.project.title)["results"]
assert_equal(len(docs), 1)
def test_add_tags(self):
tags = ["stonecoldcrazy", "just a poor boy", "from-a-poor-family"]
for tag in tags:
docs = query('tags:"{}"'.format(tag))["results"]
assert_equal(len(docs), 0)
self.project.add_tag(tag, self.consolidate_auth, save=True)
for tag in tags:
docs = query('tags:"{}"'.format(tag))["results"]
assert_equal(len(docs), 1)
def test_remove_tag(self):
tags = ["stonecoldcrazy", "just a poor boy", "from-a-poor-family"]
for tag in tags:
self.project.add_tag(tag, self.consolidate_auth, save=True)
self.project.remove_tag(tag, self.consolidate_auth, save=True)
docs = query('tags:"{}"'.format(tag))["results"]
assert_equal(len(docs), 0)
def test_update_wiki(self):
"""Add text to a wiki page, then verify that project is found when
searching for wiki text.
"""
wiki_content = {"home": "Hammer to fall", "swag": "#YOLO"}
for key, value in wiki_content.items():
docs = query(value)["results"]
assert_equal(len(docs), 0)
self.project.update_node_wiki(key, value, self.consolidate_auth)
docs = query(value)["results"]
assert_equal(len(docs), 1)
def test_clear_wiki(self):
"""Add wiki text to page, then delete, then verify that project is not
found when searching for wiki text.
"""
wiki_content = "Hammer to fall"
self.project.update_node_wiki("home", wiki_content, self.consolidate_auth)
self.project.update_node_wiki("home", "", self.consolidate_auth)
docs = query(wiki_content)["results"]
assert_equal(len(docs), 0)
def test_add_contributor(self):
"""Add a contributor, then verify that project is found when searching
for contributor.
"""
user2 = UserFactory(fullname="Adam Lambert")
docs = query('category:project AND "{}"'.format(user2.fullname))["results"]
assert_equal(len(docs), 0)
self.project.add_contributor(user2, save=True)
docs = query('category:project AND "{}"'.format(user2.fullname))["results"]
assert_equal(len(docs), 1)
def test_remove_contributor(self):
"""Add and remove a contributor, then verify that project is not found
when searching for contributor.
"""
user2 = UserFactory(fullname="Brian May")
self.project.add_contributor(user2, save=True)
self.project.remove_contributor(user2, self.consolidate_auth)
docs = query('category:project AND "{}"'.format(user2.fullname))["results"]
assert_equal(len(docs), 0)
def test_hide_contributor(self):
user2 = UserFactory(fullname="Brian May")
self.project.add_contributor(user2)
self.project.set_visible(user2, False, save=True)
docs = query('category:project AND "{}"'.format(user2.fullname))["results"]
assert_equal(len(docs), 0)
self.project.set_visible(user2, True, save=True)
docs = query('category:project AND "{}"'.format(user2.fullname))["results"]
assert_equal(len(docs), 1)
def test_wrong_order_search(self):
title_parts = self.title.split(" ")
title_parts.reverse()
title_search = " ".join(title_parts)
docs = query(title_search)["results"]
assert_equal(len(docs), 3)
def test_tag_aggregation(self):
tags = ["stonecoldcrazy", "just a poor boy", "from-a-poor-family"]
for tag in tags:
self.project.add_tag(tag, self.consolidate_auth, save=True)
docs = query(self.title)["tags"]
assert len(docs) == 3
for doc in docs:
assert doc["key"] in tags
class TestFileView(ApiTestCase):
def setUp(self):
super(TestFileView, self).setUp()
self.user = AuthUserFactory()
self.node = ProjectFactory(creator=self.user, comment_level='public')
self.file = api_utils.create_test_file(self.node,
self.user,
create_guid=False)
self.file_url = '/{}files/{}/'.format(API_BASE, self.file._id)
def test_must_have_auth(self):
res = self.app.get(self.file_url, expect_errors=True)
assert_equal(res.status_code, 401)
def test_must_be_contributor(self):
user = AuthUserFactory()
res = self.app.get(self.file_url, auth=user.auth, expect_errors=True)
assert_equal(res.status_code, 403)
def test_unvisited_file_has_no_guid(self):
res = self.app.get(self.file_url, auth=self.user.auth)
assert_equal(res.status_code, 200)
assert_equal(res.json['data']['attributes']['guid'], None)
def test_visited_file_has_guid(self):
guid = self.file.get_guid(create=True)
res = self.app.get(self.file_url, auth=self.user.auth)
assert_equal(res.status_code, 200)
assert_is_not_none(guid)
assert_equal(res.json['data']['attributes']['guid'], guid._id)
@mock.patch('api.base.throttling.CreateGuidThrottle.allow_request')
def test_file_guid_not_created_with_basic_auth(self, mock_allow):
res = self.app.get(self.file_url + '?create_guid=1',
auth=self.user.auth)
guid = res.json['data']['attributes'].get('guid', None)
assert_equal(res.status_code, 200)
assert_equal(mock_allow.call_count, 1)
assert guid is None
@mock.patch('api.base.throttling.CreateGuidThrottle.allow_request')
def test_file_guid_created_with_cookie(self, mock_allow):
session = Session(data={'auth_user_id': self.user._id})
session.save()
cookie = itsdangerous.Signer(website_settings.SECRET_KEY).sign(
session._id)
self.app.set_cookie(website_settings.COOKIE_NAME, str(cookie))
res = self.app.get(self.file_url + '?create_guid=1',
auth=self.user.auth)
self.app.reset() # clear cookie
assert_equal(res.status_code, 200)
guid = res.json['data']['attributes'].get('guid', None)
assert_is_not_none(guid)
assert_equal(guid, self.file.get_guid()._id)
assert_equal(mock_allow.call_count, 1)
def test_get_file(self):
res = self.app.get(self.file_url, auth=self.user.auth)
self.file.versions[-1]._clear_caches()
self.file.versions[-1].reload()
assert_equal(res.status_code, 200)
assert_equal(res.json.keys(), ['data'])
attributes = res.json['data']['attributes']
assert_equal(attributes['path'], self.file.path)
assert_equal(attributes['kind'], self.file.kind)
assert_equal(attributes['name'], self.file.name)
assert_equal(attributes['materialized_path'],
self.file.materialized_path)
assert_equal(attributes['last_touched'], None)
assert_equal(attributes['provider'], self.file.provider)
assert_equal(attributes['size'], self.file.versions[-1].size)
assert_equal(attributes['current_version'], len(self.file.history))
assert_equal(
attributes['date_modified'],
_dt_to_iso8601(
self.file.versions[-1].date_created.replace(tzinfo=pytz.utc)))
assert_equal(
attributes['date_created'],
_dt_to_iso8601(
self.file.versions[0].date_created.replace(tzinfo=pytz.utc)))
assert_equal(attributes['extra']['hashes']['md5'], None)
assert_equal(attributes['extra']['hashes']['sha256'], None)
assert_equal(attributes['tags'], [])
def test_file_has_rel_link_to_owning_project(self):
res = self.app.get(self.file_url, auth=self.user.auth)
assert_equal(res.status_code, 200)
assert_in('node', res.json['data']['relationships'].keys())
expected_url = self.node.api_v2_url
actual_url = res.json['data']['relationships']['node']['links'][
'related']['href']
assert_in(expected_url, actual_url)
def test_file_has_comments_link(self):
self.file.get_guid(create=True)
res = self.app.get(self.file_url, auth=self.user.auth)
assert_equal(res.status_code, 200)
assert_in('comments', res.json['data']['relationships'].keys())
url = res.json['data']['relationships']['comments']['links'][
'related']['href']
assert_equal(self.app.get(url, auth=self.user.auth).status_code, 200)
assert_equal(res.json['data']['type'], 'files')
def test_file_has_correct_unread_comments_count(self):
contributor = AuthUserFactory()
self.node.add_contributor(contributor, auth=Auth(self.user), save=True)
comment = CommentFactory(node=self.node,
target=self.file.get_guid(create=True),
user=contributor,
page='files')
res = self.app.get('/{}files/{}/?related_counts=True'.format(
API_BASE, self.file._id),
auth=self.user.auth)
assert_equal(res.status_code, 200)
unread_comments = res.json['data']['relationships']['comments'][
'links']['related']['meta']['unread']
assert_equal(unread_comments, 1)
def test_only_project_contrib_can_comment_on_closed_project(self):
self.node.comment_level = 'private'
self.node.is_public = True
self.node.save()
res = self.app.get(self.file_url, auth=self.user.auth)
can_comment = res.json['data']['attributes'][
'current_user_can_comment']
assert_equal(res.status_code, 200)
assert_equal(can_comment, True)
non_contributor = AuthUserFactory()
res = self.app.get(self.file_url, auth=non_contributor.auth)
can_comment = res.json['data']['attributes'][
'current_user_can_comment']
assert_equal(res.status_code, 200)
assert_equal(can_comment, False)
def test_any_loggedin_user_can_comment_on_open_project(self):
self.node.is_public = True
self.node.save()
non_contributor = AuthUserFactory()
res = self.app.get(self.file_url, auth=non_contributor.auth)
can_comment = res.json['data']['attributes'][
'current_user_can_comment']
assert_equal(res.status_code, 200)
assert_equal(can_comment, True)
def test_non_logged_in_user_cant_comment(self):
self.node.is_public = True
self.node.save()
res = self.app.get(self.file_url)
can_comment = res.json['data']['attributes'][
'current_user_can_comment']
assert_equal(res.status_code, 200)
assert_equal(can_comment, False)
def test_checkout(self):
assert_equal(self.file.checkout, None)
res = self.app.put_json_api(self.file_url, {
'data': {
'id': self.file._id,
'type': 'files',
'attributes': {
'checkout': self.user._id
}
}
},
auth=self.user.auth)
self.file.reload()
self.file.save()
self.node.reload()
assert_equal(res.status_code, 200)
assert_equal(self.file.checkout, self.user)
res = self.app.get(self.file_url, auth=self.user.auth)
assert_equal(len(self.node.logs), 2)
assert_equal(self.node.logs[-1].action, NodeLog.CHECKED_OUT)
assert_equal(self.node.logs[-1].user, self.user)
assert_equal(
self.user._id, res.json['data']['relationships']['checkout']
['links']['related']['meta']['id'])
assert_in(
'/{}users/{}/'.format(API_BASE, self.user._id), res.json['data']
['relationships']['checkout']['links']['related']['href'])
res = self.app.put_json_api(self.file_url, {
'data': {
'id': self.file._id,
'type': 'files',
'attributes': {
'checkout': None
}
}
},
auth=self.user.auth)
self.file.reload()
assert_equal(self.file.checkout, None)
assert_equal(res.status_code, 200)
def test_checkout_file_no_type(self):
res = self.app.put_json_api(self.file_url, {
'data': {
'id': self.file._id,
'attributes': {
'checkout': self.user._id
}
}
},
auth=self.user.auth,
expect_errors=True)
assert_equal(res.status_code, 400)
def test_checkout_file_no_id(self):
res = self.app.put_json_api(self.file_url, {
'data': {
'type': 'files',
'attributes': {
'checkout': self.user._id
}
}
},
auth=self.user.auth,
expect_errors=True)
assert_equal(res.status_code, 400)
def test_checkout_file_incorrect_type(self):
res = self.app.put_json_api(self.file_url, {
'data': {
'id': self.file._id,
'type': 'Wrong type.',
'attributes': {
'checkout': self.user._id
}
}
},
auth=self.user.auth,
expect_errors=True)
assert_equal(res.status_code, 409)
def test_checkout_file_incorrect_id(self):
res = self.app.put_json_api(self.file_url, {
'data': {
'id': '12345',
'type': 'files',
'attributes': {
'checkout': self.user._id
}
}
},
auth=self.user.auth,
expect_errors=True)
assert_equal(res.status_code, 409)
def test_checkout_file_no_attributes(self):
res = self.app.put_json_api(
self.file_url, {'data': {
'id': self.file._id,
'type': 'files'
}},
auth=self.user.auth,
expect_errors=True)
assert_equal(res.status_code, 400)
def test_must_set_self(self):
user = UserFactory()
assert_equal(self.file.checkout, None)
res = self.app.put_json_api(
self.file_url,
{
'data': {
'id': self.file._id,
'type': 'files',
'attributes': {
'checkout': user._id
}
}
},
auth=self.user.auth,
expect_errors=True,
)
self.file.reload()
assert_equal(res.status_code, 400)
assert_equal(self.file.checkout, None)
def test_must_be_self(self):
user = AuthUserFactory()
self.file.checkout = self.user
self.file.save()
res = self.app.put_json_api(
self.file_url,
{
'data': {
'id': self.file._id,
'type': 'files',
'attributes': {
'checkout': user._id
}
}
},
auth=user.auth,
expect_errors=True,
)
self.file.reload()
assert_equal(res.status_code, 403)
assert_equal(self.file.checkout, self.user)
def test_admin_can_checkin(self):
user = UserFactory()
self.node.add_contributor(user)
self.file.checkout = user
self.file.save()
res = self.app.put_json_api(
self.file_url,
{
'data': {
'id': self.file._id,
'type': 'files',
'attributes': {
'checkout': None
}
}
},
auth=self.user.auth,
expect_errors=True,
)
self.file.reload()
self.node.reload()
assert_equal(res.status_code, 200)
assert_equal(self.file.checkout, None)
assert_equal(self.node.logs[-1].action, NodeLog.CHECKED_IN)
assert_equal(self.node.logs[-1].user, self.user)
def test_admin_can_checkout(self):
res = self.app.put_json_api(
self.file_url,
{
'data': {
'id': self.file._id,
'type': 'files',
'attributes': {
'checkout': self.user._id
}
}
},
auth=self.user.auth,
expect_errors=True,
)
self.file.reload()
self.node.reload()
assert_equal(res.status_code, 200)
assert_equal(self.file.checkout, self.user)
assert_equal(self.node.logs[-1].action, NodeLog.CHECKED_OUT)
assert_equal(self.node.logs[-1].user, self.user)
def test_cannot_checkin_when_already_checked_in(self):
count = len(self.node.logs)
assert_false(self.file.is_checked_out)
res = self.app.put_json_api(
self.file_url,
{
'data': {
'id': self.file._id,
'type': 'files',
'attributes': {
'checkout': None
}
}
},
auth=self.user.auth,
expect_errors=True,
)
self.file.reload()
self.node.reload()
assert_equal(res.status_code, 200)
assert_equal(len(self.node.logs), count)
assert_equal(self.file.checkout, None)
def test_cannot_checkout_when_checked_out(self):
user = UserFactory()
self.node.add_contributor(user)
self.file.checkout = user
self.file.save()
count = len(self.node.logs)
res = self.app.put_json_api(
self.file_url,
{
'data': {
'id': self.file._id,
'type': 'files',
'attributes': {
'checkout': self.user._id
}
}
},
auth=self.user.auth,
expect_errors=True,
)
self.file.reload()
self.node.reload()
assert_equal(res.status_code, 200)
assert_equal(self.file.checkout, user)
assert_equal(len(self.node.logs), count)
def test_noncontrib_cannot_checkout(self):
user = AuthUserFactory()
assert_equal(self.file.checkout, None)
assert user._id not in self.node.permissions.keys()
res = self.app.put_json_api(
self.file_url,
{
'data': {
'id': self.file._id,
'type': 'files',
'attributes': {
'checkout': self.user._id
}
}
},
auth=user.auth,
expect_errors=True,
)
self.file.reload()
self.node.reload()
assert_equal(res.status_code, 403)
assert_equal(self.file.checkout, None)
assert self.node.logs[-1].action != NodeLog.CHECKED_OUT
def test_read_contrib_cannot_checkout(self):
user = AuthUserFactory()
self.node.add_contributor(user, permissions=['read'])
self.node.save()
assert_false(self.node.can_edit(user=user))
res = self.app.put_json_api(self.file_url, {
'data': {
'id': self.file._id,
'type': 'files',
'attributes': {
'checkout': None
}
}
},
auth=user.auth,
expect_errors=True)
self.file.reload()
assert_equal(res.status_code, 403)
assert_equal(self.file.checkout, None)
assert self.node.logs[-1].action != NodeLog.CHECKED_OUT
def test_user_can_checkin(self):
user = AuthUserFactory()
self.node.add_contributor(user, permissions=['read', 'write'])
self.node.save()
assert_true(self.node.can_edit(user=user))
self.file.checkout = user
self.file.save()
res = self.app.put_json_api(
self.file_url,
{
'data': {
'id': self.file._id,
'type': 'files',
'attributes': {
'checkout': None
}
}
},
auth=user.auth,
)
self.file.reload()
assert_equal(res.status_code, 200)
assert_equal(self.file.checkout, None)
def test_removed_contrib_files_checked_in(self):
user = AuthUserFactory()
self.node.add_contributor(user, permissions=['read', 'write'])
self.node.save()
assert_true(self.node.can_edit(user=user))
self.file.checkout = user
self.file.save()
assert_true(self.file.is_checked_out)
with capture_signals() as mock_signals:
self.node.remove_contributor(user, auth=Auth(user))
assert_equal(mock_signals.signals_sent(), set([contributor_removed]))
self.file.reload()
assert_false(self.file.is_checked_out)
def test_must_be_osfstorage(self):
self.file.provider = 'github'
self.file.save()
res = self.app.put_json_api(
self.file_url,
{
'data': {
'id': self.file._id,
'type': 'files',
'attributes': {
'checkout': self.user._id
}
}
},
auth=self.user.auth,
expect_errors=True,
)
assert_equal(res.status_code, 403)
def test_get_file_resolves_guids(self):
guid = self.file.get_guid(create=True)
url = '/{}files/{}/'.format(API_BASE, guid._id)
res = self.app.get(url, auth=self.user.auth)
assert_equal(res.status_code, 200)
assert_equal(res.json.keys(), ['data'])
assert_equal(res.json['data']['attributes']['path'], self.file.path)
def test_get_file_invalid_guid_gives_404(self):
url = '/{}files/{}/'.format(API_BASE, 'asdasasd')
res = self.app.get(url, auth=self.user.auth, expect_errors=True)
assert_equal(res.status_code, 404)
def test_get_file_non_file_guid_gives_404(self):
url = '/{}files/{}/'.format(API_BASE, self.node._id)
res = self.app.get(url, auth=self.user.auth, expect_errors=True)
assert_equal(res.status_code, 404)
def test_current_version_is_equal_to_length_of_history(self):
res = self.app.get(self.file_url, auth=self.user.auth)
assert_equal(res.json['data']['attributes']['current_version'], 1)
for version in range(2, 4):
self.file.create_version(
self.user, {
'object': '06d80e' + str(version),
'service': 'cloud',
osfstorage_settings.WATERBUTLER_RESOURCE: 'osf',
}, {
'size': 1337,
'contentType': 'img/png'
}).save()
res = self.app.get(self.file_url, auth=self.user.auth)
assert_equal(res.json['data']['attributes']['current_version'],
version)
