class TestPublicNodes(SearchTestCase): def setUp(self): super(TestPublicNodes, self).setUp() self.user = UserFactory(usename='Doug Bogie') self.title = 'Red Special' self.consolidate_auth = Auth(user=self.user) self.project = ProjectFactory( title=self.title, creator=self.user, is_public=True, ) self.component = NodeFactory(parent=self.project, title=self.title, creator=self.user, is_public=True) self.registration = ProjectFactory(title=self.title, creator=self.user, is_public=True, is_registration=True) def test_make_private(self): # Make project public, then private, and verify that it is not present # in search. self.project.set_privacy('private') docs = query('category:project AND ' + self.title)['results'] assert_equal(len(docs), 0) self.component.set_privacy('private') docs = query('category:component AND ' + self.title)['results'] assert_equal(len(docs), 0) def test_public_parent_title(self): self.project.set_title('hello & world', self.consolidate_auth) self.project.save() docs = query('category:component AND ' + self.title)['results'] assert_equal(len(docs), 1) assert_equal(docs[0]['parent_title'], 'hello & world') assert_true(docs[0]['parent_url']) def test_make_parent_private(self): # Make parent of component, public, then private, and verify that the # component still appears but doesn't link to the parent in search. self.project.set_privacy('private') docs = query('category:component AND ' + self.title)['results'] assert_equal(len(docs), 1) assert_equal(docs[0]['parent_title'], '-- private project --') assert_false(docs[0]['parent_url']) def test_delete_project(self): self.component.remove_node(self.consolidate_auth) docs = query('category:component AND ' + self.title)['results'] assert_equal(len(docs), 0) self.project.remove_node(self.consolidate_auth) docs = query('category:project AND ' + self.title)['results'] assert_equal(len(docs), 0) def test_change_title(self): title_original = self.project.title self.project.set_title('Blue Ordinary', self.consolidate_auth, save=True) docs = query('category:project AND ' + title_original)['results'] assert_equal(len(docs), 0) docs = query('category:project AND ' + self.project.title)['results'] assert_equal(len(docs), 1) def test_add_tags(self): tags = ['stonecoldcrazy', 'just a poor boy', 'from-a-poor-family'] for tag in tags: docs = query('tags:"{}"'.format(tag))['results'] assert_equal(len(docs), 0) self.project.add_tag(tag, self.consolidate_auth, save=True) for tag in tags: docs = query('tags:"{}"'.format(tag))['results'] assert_equal(len(docs), 1) def test_remove_tag(self): tags = ['stonecoldcrazy', 'just a poor boy', 'from-a-poor-family'] for tag in tags: self.project.add_tag(tag, self.consolidate_auth, save=True) self.project.remove_tag(tag, self.consolidate_auth, save=True) docs = query('tags:"{}"'.format(tag))['results'] assert_equal(len(docs), 0) def test_update_wiki(self): """Add text to a wiki page, then verify that project is found when searching for wiki text. """ wiki_content = {'home': 'Hammer to fall', 'swag': '#YOLO'} for key, value in wiki_content.items(): docs = query(value)['results'] assert_equal(len(docs), 0) self.project.update_node_wiki( key, value, self.consolidate_auth, ) docs = query(value)['results'] assert_equal(len(docs), 1) def test_clear_wiki(self): # Add wiki text to page, then delete, then verify that project is not # found when searching for wiki text. wiki_content = 'Hammer to fall' self.project.update_node_wiki( 'home', wiki_content, self.consolidate_auth, ) self.project.update_node_wiki('home', '', self.consolidate_auth) docs = query(wiki_content)['results'] assert_equal(len(docs), 0) def test_add_contributor(self): # Add a contributor, then verify that project is found when searching # for contributor. user2 = UserFactory(fullname='Adam Lambert') docs = query('category:project AND "{}"'.format( user2.fullname))['results'] assert_equal(len(docs), 0) self.project.add_contributor(user2, save=True) docs = query('category:project AND "{}"'.format( user2.fullname))['results'] assert_equal(len(docs), 1) def test_remove_contributor(self): # Add and remove a contributor, then verify that project is not found # when searching for contributor. user2 = UserFactory(fullname='Brian May') self.project.add_contributor(user2, save=True) self.project.remove_contributor(user2, self.consolidate_auth) docs = query('category:project AND "{}"'.format( user2.fullname))['results'] assert_equal(len(docs), 0) def test_hide_contributor(self): user2 = UserFactory(fullname='Brian May') self.project.add_contributor(user2) self.project.set_visible(user2, False, save=True) docs = query('category:project AND "{}"'.format( user2.fullname))['results'] assert_equal(len(docs), 0) self.project.set_visible(user2, True, save=True) docs = query('category:project AND "{}"'.format( user2.fullname))['results'] assert_equal(len(docs), 1) def test_wrong_order_search(self): title_parts = self.title.split(' ') title_parts.reverse() title_search = ' '.join(title_parts) docs = query(title_search)['results'] assert_equal(len(docs), 3) def test_tag_aggregation(self): tags = ['stonecoldcrazy', 'just a poor boy', 'from-a-poor-family'] for tag in tags: self.project.add_tag(tag, self.consolidate_auth, save=True) docs = query(self.title)['tags'] assert len(docs) == 3 for doc in docs: assert doc['key'] in tags
class TestPublicNodes(SearchTestCase): def setUp(self): super(TestPublicNodes, self).setUp() self.user = UserFactory(usename='Doug Bogie') self.title = 'Red Special' self.consolidate_auth = Auth(user=self.user) self.project = ProjectFactory( title=self.title, creator=self.user, is_public=True, ) self.component = NodeFactory( parent=self.project, title=self.title, creator=self.user, is_public=True ) self.registration = ProjectFactory( title=self.title, creator=self.user, is_public=True, is_registration=True ) def test_make_private(self): """Make project public, then private, and verify that it is not present in search. """ self.project.set_privacy('private') docs = query('category:project AND ' + self.title)['results'] assert_equal(len(docs), 0) self.component.set_privacy('private') docs = query('category:component AND ' + self.title)['results'] assert_equal(len(docs), 0) self.registration.set_privacy('private') docs = query('category:registration AND ' + self.title)['results'] assert_equal(len(docs), 0) def test_public_parent_title(self): self.project.set_title('hello & world', self.consolidate_auth) self.project.save() docs = query('category:component AND ' + self.title)['results'] assert_equal(len(docs), 1) assert_equal(docs[0]['parent_title'], 'hello & world') assert_true(docs[0]['parent_url']) def test_make_parent_private(self): """Make parent of component, public, then private, and verify that the component still appears but doesn't link to the parent in search. """ self.project.set_privacy('private') docs = query('category:component AND ' + self.title)['results'] assert_equal(len(docs), 1) assert_equal(docs[0]['parent_title'], '-- private project --') assert_false(docs[0]['parent_url']) def test_delete_project(self): """ """ self.component.remove_node(self.consolidate_auth) docs = query('category:component AND ' + self.title)['results'] assert_equal(len(docs), 0) self.project.remove_node(self.consolidate_auth) docs = query('category:project AND ' + self.title)['results'] assert_equal(len(docs), 0) def test_change_title(self): """ """ title_original = self.project.title self.project.set_title( 'Blue Ordinary', self.consolidate_auth, save=True) docs = query('category:project AND ' + title_original)['results'] assert_equal(len(docs), 0) docs = query('category:project AND ' + self.project.title)['results'] assert_equal(len(docs), 1) def test_add_tags(self): tags = ['stonecoldcrazy', 'just a poor boy', 'from-a-poor-family'] for tag in tags: docs = query('tags:"{}"'.format(tag))['results'] assert_equal(len(docs), 0) self.project.add_tag(tag, self.consolidate_auth, save=True) for tag in tags: docs = query('tags:"{}"'.format(tag))['results'] assert_equal(len(docs), 1) def test_remove_tag(self): tags = ['stonecoldcrazy', 'just a poor boy', 'from-a-poor-family'] for tag in tags: self.project.add_tag(tag, self.consolidate_auth, save=True) self.project.remove_tag(tag, self.consolidate_auth, save=True) docs = query('tags:"{}"'.format(tag))['results'] assert_equal(len(docs), 0) def test_update_wiki(self): """Add text to a wiki page, then verify that project is found when searching for wiki text. """ wiki_content = { 'home': 'Hammer to fall', 'swag': '#YOLO' } for key, value in wiki_content.items(): docs = query(value)['results'] assert_equal(len(docs), 0) self.project.update_node_wiki( key, value, self.consolidate_auth, ) docs = query(value)['results'] assert_equal(len(docs), 1) def test_clear_wiki(self): """Add wiki text to page, then delete, then verify that project is not found when searching for wiki text. """ wiki_content = 'Hammer to fall' self.project.update_node_wiki( 'home', wiki_content, self.consolidate_auth, ) self.project.update_node_wiki('home', '', self.consolidate_auth) docs = query(wiki_content)['results'] assert_equal(len(docs), 0) def test_add_contributor(self): """Add a contributor, then verify that project is found when searching for contributor. """ user2 = UserFactory(fullname='Adam Lambert') docs = query('category:project AND "{}"'.format(user2.fullname))['results'] assert_equal(len(docs), 0) self.project.add_contributor(user2, save=True) docs = query('category:project AND "{}"'.format(user2.fullname))['results'] assert_equal(len(docs), 1) def test_remove_contributor(self): """Add and remove a contributor, then verify that project is not found when searching for contributor. """ user2 = UserFactory(fullname='Brian May') self.project.add_contributor(user2, save=True) self.project.remove_contributor(user2, self.consolidate_auth) docs = query('category:project AND "{}"'.format(user2.fullname))['results'] assert_equal(len(docs), 0) def test_hide_contributor(self): user2 = UserFactory(fullname='Brian May') self.project.add_contributor(user2) self.project.set_visible(user2, False, save=True) docs = query('category:project AND "{}"'.format(user2.fullname))['results'] assert_equal(len(docs), 0) self.project.set_visible(user2, True, save=True) docs = query('category:project AND "{}"'.format(user2.fullname))['results'] assert_equal(len(docs), 1) def test_wrong_order_search(self): title_parts = self.title.split(' ') title_parts.reverse() title_search = ' '.join(title_parts) docs = query(title_search)['results'] assert_equal(len(docs), 3) def test_tag_aggregation(self): tags = ['stonecoldcrazy', 'just a poor boy', 'from-a-poor-family'] for tag in tags: self.project.add_tag(tag, self.consolidate_auth, save=True) docs = query(self.title)['tags'] assert len(docs) == 3 for doc in docs: assert doc['key'] in tags
class TestNodeContributorDelete(ApiTestCase): def setUp(self): super(TestNodeContributorDelete, self).setUp() self.user = AuthUserFactory() self.user_two = AuthUserFactory() self.user_three = AuthUserFactory() self.project = ProjectFactory(creator=self.user) self.project.add_contributor(self.user_two, permissions=[permissions.READ, permissions.WRITE], visible=True, save=True) self.url_user = '******'.format(API_BASE, self.project._id, self.user._id) self.url_user_two = '/{}nodes/{}/contributors/{}/'.format(API_BASE, self.project._id, self.user_two._id) self.url_user_three = '/{}nodes/{}/contributors/{}/'.format(API_BASE, self.project._id, self.user_three._id) @assert_logs(NodeLog.CONTRIB_REMOVED, 'project') def test_remove_contributor_admin(self): res = self.app.delete(self.url_user_two, auth=self.user.auth) assert_equal(res.status_code, 204) self.project.reload() assert_not_in(self.user_two, self.project.contributors) def test_remove_contributor_non_admin_is_forbidden(self): self.project.add_contributor(self.user_three, permissions=[permissions.READ, permissions.WRITE], visible=True, save=True) res = self.app.delete(self.url_user_three, auth=self.user_two.auth, expect_errors=True) assert_equal(res.status_code, 403) self.project.reload() assert_in(self.user_three, self.project.contributors) @assert_logs(NodeLog.CONTRIB_REMOVED, 'project') def test_remove_self_non_admin(self): self.project.add_contributor(self.user_three, permissions=[permissions.READ, permissions.WRITE], visible=True, save=True) res = self.app.delete(self.url_user_three, auth=self.user_three.auth) assert_equal(res.status_code, 204) self.project.reload() assert_not_in(self.user_three, self.project.contributors) def test_remove_contributor_non_contributor(self): res = self.app.delete(self.url_user_two, auth=self.user_three.auth, expect_errors=True) assert_equal(res.status_code, 403) self.project.reload() assert_in(self.user_two, self.project.contributors) def test_remove_contributor_not_logged_in(self): res = self.app.delete(self.url_user_two, expect_errors=True) assert_equal(res.status_code, 401) self.project.reload() assert_in(self.user_two, self.project.contributors) def test_remove_non_contributor_admin(self): assert_not_in(self.user_three, self.project.contributors) res = self.app.delete(self.url_user_three, auth=self.user.auth, expect_errors=True) assert_equal(res.status_code, 404) self.project.reload() assert_not_in(self.user_three, self.project.contributors) def test_remove_non_existing_user_admin(self): url_user_fake = '/{}nodes/{}/contributors/{}/'.format(API_BASE, self.project._id, 'fake') res = self.app.delete(url_user_fake, auth=self.user.auth, expect_errors=True) assert_equal(res.status_code, 404) @assert_logs(NodeLog.CONTRIB_REMOVED, 'project') def test_remove_self_contributor_not_unique_admin(self): self.project.add_permission(self.user_two, permissions.ADMIN, save=True) res = self.app.delete(self.url_user, auth=self.user.auth) assert_equal(res.status_code, 204) self.project.reload() assert_not_in(self.user, self.project.contributors) @assert_logs(NodeLog.CONTRIB_REMOVED, 'project') def test_can_remove_self_as_contributor_not_unique_admin(self): self.project.add_permission(self.user_two, permissions.ADMIN, save=True) res = self.app.delete(self.url_user_two, auth=self.user_two.auth) assert_equal(res.status_code, 204) self.project.reload() assert_not_in(self.user_two, self.project.contributors) def test_remove_self_contributor_unique_admin(self): res = self.app.delete(self.url_user, auth=self.user.auth, expect_errors=True) assert_equal(res.status_code, 400) self.project.reload() assert_in(self.user, self.project.contributors) def test_can_not_remove_only_bibliographic_contributor(self): self.project.add_permission(self.user_two, permissions.ADMIN, save=True) self.project.set_visible(self.user_two, False, save=True) res = self.app.delete(self.url_user, auth=self.user.auth, expect_errors=True) assert_equal(res.status_code, 400) self.project.reload() assert_in(self.user, self.project.contributors)
class TestNodeContributorUpdate(ApiTestCase): def setUp(self): super(TestNodeContributorUpdate, self).setUp() self.user = AuthUserFactory() self.user_two = AuthUserFactory() self.project = ProjectFactory(creator=self.user) self.project.add_contributor(self.user_two, permissions=[permissions.READ, permissions.WRITE], visible=True, save=True) self.url_creator = '/{}nodes/{}/contributors/{}/'.format(API_BASE, self.project._id, self.user._id) self.url_contributor = '/{}nodes/{}/contributors/{}/'.format(API_BASE, self.project._id, self.user_two._id) def test_node_update_invalid_data(self): res = self.app.put_json_api(self.url_creator, "Incorrect data", auth=self.user.auth, expect_errors=True) assert_equal(res.status_code, 400) assert_equal(res.json['errors'][0]['detail'], "Malformed request.") res = self.app.put_json_api(self.url_creator, ["Incorrect data"], auth=self.user.auth, expect_errors=True) assert_equal(res.status_code, 400) assert_equal(res.json['errors'][0]['detail'], "Malformed request.") def test_change_contributor_no_id(self): data = { 'data': { 'type': 'contributors', 'attributes': { 'permission': permissions.ADMIN, 'bibliographic': True } } } res = self.app.put_json_api(self.url_contributor, data, auth=self.user.auth, expect_errors=True) assert_equal(res.status_code, 400) def test_change_contributor_incorrect_id(self): data = { 'data': { 'id': '12345', 'type': 'contributors', 'attributes': { 'permission': permissions.ADMIN, 'bibliographic': True } } } res = self.app.put_json_api(self.url_contributor, data, auth=self.user.auth, expect_errors=True) assert_equal(res.status_code, 409) def test_change_contributor_no_type(self): data = { 'data': { 'id': self.user_two._id, 'attributes': { 'permission': permissions.ADMIN, 'bibliographic': True } } } res = self.app.put_json_api(self.url_contributor, data, auth=self.user.auth, expect_errors=True) assert_equal(res.status_code, 400) def test_change_contributor_incorrect_type(self): data = { 'data': { 'id': self.user_two._id, 'type': 'Wrong type.', 'attributes': { 'permission': permissions.ADMIN, 'bibliographic': True } } } res = self.app.put_json_api(self.url_contributor, data, auth=self.user.auth, expect_errors=True) assert_equal(res.status_code, 409) @assert_logs(NodeLog.PERMISSIONS_UPDATED, 'project', -3) @assert_logs(NodeLog.PERMISSIONS_UPDATED, 'project', -2) @assert_logs(NodeLog.PERMISSIONS_UPDATED, 'project') def test_change_contributor_permissions(self): data = { 'data': { 'id': self.user_two._id, 'type': 'contributors', 'attributes': { 'permission': permissions.ADMIN, 'bibliographic': True } } } res = self.app.put_json_api(self.url_contributor, data, auth=self.user.auth) assert_equal(res.status_code, 200) attributes = res.json['data']['attributes'] assert_equal(attributes['permission'], permissions.ADMIN) self.project.reload() assert_equal(self.project.get_permissions(self.user_two), [permissions.READ, permissions.WRITE, permissions.ADMIN]) data = { 'data': { 'id': self.user_two._id, 'type': 'contributors', 'attributes': { 'permission': permissions.WRITE, 'bibliographic': True } } } res = self.app.put_json_api(self.url_contributor, data, auth=self.user.auth) assert_equal(res.status_code, 200) attributes = res.json['data']['attributes'] assert_equal(attributes['permission'], permissions.WRITE) self.project.reload() assert_equal(self.project.get_permissions(self.user_two), [permissions.READ, permissions.WRITE]) data = { 'data': { 'id': self.user_two._id, 'type': 'contributors', 'attributes': { 'permission': permissions.READ, 'bibliographic': True } } } res = self.app.put_json_api(self.url_contributor, data, auth=self.user.auth) assert_equal(res.status_code, 200) attributes = res.json['data']['attributes'] assert_equal(attributes['permission'], permissions.READ) self.project.reload() assert_equal(self.project.get_permissions(self.user_two), [permissions.READ]) @assert_logs(NodeLog.MADE_CONTRIBUTOR_INVISIBLE, 'project', -2) @assert_logs(NodeLog.MADE_CONTRIBUTOR_VISIBLE, 'project') def test_change_contributor_bibliographic(self): data = { 'data': { 'id': self.user_two._id, 'type': 'contributors', 'attributes': { 'bibliographic': False } } } res = self.app.put_json_api(self.url_contributor, data, auth=self.user.auth) assert_equal(res.status_code, 200) attributes = res.json['data']['attributes'] assert_equal(attributes['bibliographic'], False) self.project.reload() assert_false(self.project.get_visible(self.user_two)) data = { 'data': { 'id': self.user_two._id, 'type': 'contributors', 'attributes': { 'bibliographic': True } } } res = self.app.put_json_api(self.url_contributor, data, auth=self.user.auth) assert_equal(res.status_code, 200) attributes = res.json['data']['attributes'] assert_equal(attributes['bibliographic'], True) self.project.reload() assert_true(self.project.get_visible(self.user_two)) @assert_logs(NodeLog.PERMISSIONS_UPDATED, 'project', -2) @assert_logs(NodeLog.MADE_CONTRIBUTOR_INVISIBLE, 'project') def test_change_contributor_permission_and_bibliographic(self): data = { 'data': { 'id': self.user_two._id, 'type': 'contributors', 'attributes': { 'permission': permissions.READ, 'bibliographic': False } } } res = self.app.put_json_api(self.url_contributor, data, auth=self.user.auth) assert_equal(res.status_code, 200) attributes = res.json['data']['attributes'] assert_equal(attributes['permission'], permissions.READ) assert_equal(attributes['bibliographic'], False) self.project.reload() assert_equal(self.project.get_permissions(self.user_two), [permissions.READ]) assert_false(self.project.get_visible(self.user_two)) @assert_not_logs(NodeLog.PERMISSIONS_UPDATED, 'project') def test_not_change_contributor(self): data = { 'data': { 'id': self.user_two._id, 'type': 'contributors', 'attributes': { 'permission': None, 'bibliographic': True } } } res = self.app.put_json_api(self.url_contributor, data, auth=self.user.auth) assert_equal(res.status_code, 200) attributes = res.json['data']['attributes'] assert_equal(attributes['permission'], permissions.WRITE) assert_equal(attributes['bibliographic'], True) self.project.reload() assert_equal(self.project.get_permissions(self.user_two), [permissions.READ, permissions.WRITE]) assert_true(self.project.get_visible(self.user_two)) def test_invalid_change_inputs_contributor(self): data = { 'data': { 'id': self.user_two._id, 'type': 'contributors', 'attributes': { 'permission': 'invalid', 'bibliographic': 'invalid' } } } res = self.app.put_json_api(self.url_contributor, data, auth=self.user.auth, expect_errors=True) assert_equal(res.status_code, 400) assert_equal(self.project.get_permissions(self.user_two), [permissions.READ, permissions.WRITE]) assert_true(self.project.get_visible(self.user_two)) @assert_logs(NodeLog.PERMISSIONS_UPDATED, 'project') def test_change_admin_self_with_other_admin(self): self.project.add_permission(self.user_two, permissions.ADMIN, save=True) data = { 'data': { 'id': self.user._id, 'type': 'contributors', 'attributes': { 'permission': permissions.WRITE, 'bibliographic': True } } } res = self.app.put_json_api(self.url_creator, data, auth=self.user.auth) assert_equal(res.status_code, 200) attributes = res.json['data']['attributes'] assert_equal(attributes['permission'], permissions.WRITE) self.project.reload() assert_equal(self.project.get_permissions(self.user), [permissions.READ, permissions.WRITE]) def test_change_admin_self_without_other_admin(self): data = { 'data': { 'id': self.user._id, 'type': 'contributors', 'attributes': { 'permission': permissions.WRITE, 'bibliographic': True } } } res = self.app.put_json_api(self.url_creator, data, auth=self.user.auth, expect_errors=True) assert_equal(res.status_code, 400) self.project.reload() assert_equal(self.project.get_permissions(self.user), [permissions.READ, permissions.WRITE, permissions.ADMIN]) def test_remove_all_bibliographic_statuses_contributors(self): self.project.set_visible(self.user_two, False, save=True) data = { 'data': { 'id': self.user._id, 'type': 'contributors', 'attributes': { 'bibliographic': False } } } res = self.app.put_json_api(self.url_creator, data, auth=self.user.auth, expect_errors=True) assert_equal(res.status_code, 400) self.project.reload() assert_true(self.project.get_visible(self.user)) def test_change_contributor_non_admin_auth(self): data = { 'data': { 'id': self.user_two._id, 'type': 'contributors', 'attributes': { 'permission': permissions.READ, 'bibliographic': False } } } res = self.app.put_json_api(self.url_contributor, data, auth=self.user_two.auth, expect_errors=True) assert_equal(res.status_code, 403) self.project.reload() assert_equal(self.project.get_permissions(self.user_two), [permissions.READ, permissions.WRITE]) assert_true(self.project.get_visible(self.user_two)) def test_change_contributor_not_logged_in(self): data = { 'data': { 'id': self.user_two._id, 'type': 'contributors', 'attributes': { 'permission': permissions.READ, 'bibliographic': False } } } res = self.app.put_json_api(self.url_contributor, data, expect_errors=True) assert_equal(res.status_code, 401) self.project.reload() assert_equal(self.project.get_permissions(self.user_two), [permissions.READ, permissions.WRITE]) assert_true(self.project.get_visible(self.user_two))
class TestNodeContributorDelete(ApiTestCase): def setUp(self): super(TestNodeContributorDelete, self).setUp() self.user = AuthUserFactory() self.user_two = AuthUserFactory() self.user_three = AuthUserFactory() self.project = ProjectFactory(creator=self.user) self.project.add_contributor(self.user_two, permissions=[permissions.READ, permissions.WRITE], visible=True, save=True) self.url_user = '******'.format(API_BASE, self.project._id, self.user._id) self.url_user_two = '/{}nodes/{}/contributors/{}/'.format(API_BASE, self.project._id, self.user_two._id) self.url_user_three = '/{}nodes/{}/contributors/{}/'.format(API_BASE, self.project._id, self.user_three._id) @assert_logs(NodeLog.CONTRIB_REMOVED, 'project') def test_remove_contributor_admin(self): res = self.app.delete(self.url_user_two, auth=self.user.auth) assert_equal(res.status_code, 204) self.project.reload() assert_not_in(self.user_two, self.project.contributors) def test_remove_contributor_non_admin_is_forbidden(self): self.project.add_contributor(self.user_three, permissions=[permissions.READ, permissions.WRITE], visible=True, save=True) res = self.app.delete(self.url_user_three, auth=self.user_two.auth, expect_errors=True) assert_equal(res.status_code, 403) self.project.reload() assert_in(self.user_three, self.project.contributors) @assert_logs(NodeLog.CONTRIB_REMOVED, 'project') def test_remove_self_non_admin(self): self.project.add_contributor(self.user_three, permissions=[permissions.READ, permissions.WRITE], visible=True, save=True) res = self.app.delete(self.url_user_three, auth=self.user_three.auth) assert_equal(res.status_code, 204) self.project.reload() assert_not_in(self.user_three, self.project.contributors) def test_remove_contributor_non_contributor(self): res = self.app.delete(self.url_user_two, auth=self.user_three.auth, expect_errors=True) assert_equal(res.status_code, 403) self.project.reload() assert_in(self.user_two, self.project.contributors) def test_remove_contributor_not_logged_in(self): res = self.app.delete(self.url_user_two, expect_errors=True) assert_equal(res.status_code, 401) self.project.reload() assert_in(self.user_two, self.project.contributors) def test_remove_non_contributor_admin(self): assert_not_in(self.user_three, self.project.contributors) res = self.app.delete(self.url_user_three, auth=self.user.auth, expect_errors=True) assert_equal(res.status_code, 404) self.project.reload() assert_not_in(self.user_three, self.project.contributors) def test_remove_non_existing_user_admin(self): url_user_fake = '/{}nodes/{}/contributors/{}/'.format(API_BASE, self.project._id, 'fake') res = self.app.delete(url_user_fake, auth=self.user.auth, expect_errors=True) assert_equal(res.status_code, 404) @assert_logs(NodeLog.CONTRIB_REMOVED, 'project') def test_remove_self_contributor_not_unique_admin(self): self.project.add_permission(self.user_two, permissions.ADMIN, save=True) res = self.app.delete(self.url_user, auth=self.user.auth) assert_equal(res.status_code, 204) self.project.reload() assert_not_in(self.user, self.project.contributors) @assert_logs(NodeLog.CONTRIB_REMOVED, 'project') def test_can_remove_self_as_contributor_not_unique_admin(self): self.project.add_permission(self.user_two, permissions.ADMIN, save=True) res = self.app.delete(self.url_user_two, auth=self.user_two.auth) assert_equal(res.status_code, 204) self.project.reload() assert_not_in(self.user_two, self.project.contributors) def test_remove_self_contributor_unique_admin(self): res = self.app.delete(self.url_user, auth=self.user.auth, expect_errors=True) assert_equal(res.status_code, 400) self.project.reload() assert_in(self.user, self.project.contributors) def test_can_not_remove_only_bibliographic_contributor(self): self.project.add_permission(self.user_two, permissions.ADMIN, save=True) self.project.set_visible(self.user_two, False, save=True) res = self.app.delete(self.url_user, auth=self.user.auth, expect_errors=True) assert_equal(res.status_code, 400) self.project.reload() assert_in(self.user, self.project.contributors)
class TestNodeContributorUpdate(ApiTestCase): def setUp(self): super(TestNodeContributorUpdate, self).setUp() self.user = AuthUserFactory() self.user_two = AuthUserFactory() self.project = ProjectFactory(creator=self.user) self.project.add_contributor(self.user_two, permissions=[permissions.READ, permissions.WRITE], visible=True, save=True) self.url_creator = '/{}nodes/{}/contributors/{}/'.format(API_BASE, self.project._id, self.user._id) self.url_contributor = '/{}nodes/{}/contributors/{}/'.format(API_BASE, self.project._id, self.user_two._id) def test_node_update_invalid_data(self): res = self.app.put_json_api(self.url_creator, "Incorrect data", auth=self.user.auth, expect_errors=True) assert_equal(res.status_code, 400) assert_equal(res.json['errors'][0]['detail'], "Malformed request.") res = self.app.put_json_api(self.url_creator, ["Incorrect data"], auth=self.user.auth, expect_errors=True) assert_equal(res.status_code, 400) assert_equal(res.json['errors'][0]['detail'], "Malformed request.") def test_change_contributor_no_id(self): data = { 'data': { 'type': 'contributors', 'attributes': { 'permission': permissions.ADMIN, 'bibliographic': True } } } res = self.app.put_json_api(self.url_contributor, data, auth=self.user.auth, expect_errors=True) assert_equal(res.status_code, 400) def test_change_contributor_incorrect_id(self): data = { 'data': { 'id': '12345', 'type': 'contributors', 'attributes': { 'permission': permissions.ADMIN, 'bibliographic': True } } } res = self.app.put_json_api(self.url_contributor, data, auth=self.user.auth, expect_errors=True) assert_equal(res.status_code, 409) def test_change_contributor_no_type(self): data = { 'data': { 'id': self.user_two._id, 'attributes': { 'permission': permissions.ADMIN, 'bibliographic': True } } } res = self.app.put_json_api(self.url_contributor, data, auth=self.user.auth, expect_errors=True) assert_equal(res.status_code, 400) def test_change_contributor_incorrect_type(self): data = { 'data': { 'id': self.user_two._id, 'type': 'Wrong type.', 'attributes': { 'permission': permissions.ADMIN, 'bibliographic': True } } } res = self.app.put_json_api(self.url_contributor, data, auth=self.user.auth, expect_errors=True) assert_equal(res.status_code, 409) @assert_logs(NodeLog.PERMISSIONS_UPDATED, 'project', -3) @assert_logs(NodeLog.PERMISSIONS_UPDATED, 'project', -2) @assert_logs(NodeLog.PERMISSIONS_UPDATED, 'project') def test_change_contributor_permissions(self): data = { 'data': { 'id': self.user_two._id, 'type': 'contributors', 'attributes': { 'permission': permissions.ADMIN, 'bibliographic': True } } } res = self.app.put_json_api(self.url_contributor, data, auth=self.user.auth) assert_equal(res.status_code, 200) attributes = res.json['data']['attributes'] assert_equal(attributes['permission'], permissions.ADMIN) self.project.reload() assert_equal(self.project.get_permissions(self.user_two), [permissions.READ, permissions.WRITE, permissions.ADMIN]) data = { 'data': { 'id': self.user_two._id, 'type': 'contributors', 'attributes': { 'permission': permissions.WRITE, 'bibliographic': True } } } res = self.app.put_json_api(self.url_contributor, data, auth=self.user.auth) assert_equal(res.status_code, 200) attributes = res.json['data']['attributes'] assert_equal(attributes['permission'], permissions.WRITE) self.project.reload() assert_equal(self.project.get_permissions(self.user_two), [permissions.READ, permissions.WRITE]) data = { 'data': { 'id': self.user_two._id, 'type': 'contributors', 'attributes': { 'permission': permissions.READ, 'bibliographic': True } } } res = self.app.put_json_api(self.url_contributor, data, auth=self.user.auth) assert_equal(res.status_code, 200) attributes = res.json['data']['attributes'] assert_equal(attributes['permission'], permissions.READ) self.project.reload() assert_equal(self.project.get_permissions(self.user_two), [permissions.READ]) @assert_logs(NodeLog.MADE_CONTRIBUTOR_INVISIBLE, 'project', -2) @assert_logs(NodeLog.MADE_CONTRIBUTOR_VISIBLE, 'project') def test_change_contributor_bibliographic(self): data = { 'data': { 'id': self.user_two._id, 'type': 'contributors', 'attributes': { 'bibliographic': False } } } res = self.app.put_json_api(self.url_contributor, data, auth=self.user.auth) assert_equal(res.status_code, 200) attributes = res.json['data']['attributes'] assert_equal(attributes['bibliographic'], False) self.project.reload() assert_false(self.project.get_visible(self.user_two)) data = { 'data': { 'id': self.user_two._id, 'type': 'contributors', 'attributes': { 'bibliographic': True } } } res = self.app.put_json_api(self.url_contributor, data, auth=self.user.auth) assert_equal(res.status_code, 200) attributes = res.json['data']['attributes'] assert_equal(attributes['bibliographic'], True) self.project.reload() assert_true(self.project.get_visible(self.user_two)) @assert_logs(NodeLog.PERMISSIONS_UPDATED, 'project', -2) @assert_logs(NodeLog.MADE_CONTRIBUTOR_INVISIBLE, 'project') def test_change_contributor_permission_and_bibliographic(self): data = { 'data': { 'id': self.user_two._id, 'type': 'contributors', 'attributes': { 'permission': permissions.READ, 'bibliographic': False } } } res = self.app.put_json_api(self.url_contributor, data, auth=self.user.auth) assert_equal(res.status_code, 200) attributes = res.json['data']['attributes'] assert_equal(attributes['permission'], permissions.READ) assert_equal(attributes['bibliographic'], False) self.project.reload() assert_equal(self.project.get_permissions(self.user_two), [permissions.READ]) assert_false(self.project.get_visible(self.user_two)) @assert_not_logs(NodeLog.PERMISSIONS_UPDATED, 'project') def test_not_change_contributor(self): data = { 'data': { 'id': self.user_two._id, 'type': 'contributors', 'attributes': { 'permission': None, 'bibliographic': True } } } res = self.app.put_json_api(self.url_contributor, data, auth=self.user.auth) assert_equal(res.status_code, 200) attributes = res.json['data']['attributes'] assert_equal(attributes['permission'], permissions.WRITE) assert_equal(attributes['bibliographic'], True) self.project.reload() assert_equal(self.project.get_permissions(self.user_two), [permissions.READ, permissions.WRITE]) assert_true(self.project.get_visible(self.user_two)) def test_invalid_change_inputs_contributor(self): data = { 'data': { 'id': self.user_two._id, 'type': 'contributors', 'attributes': { 'permission': 'invalid', 'bibliographic': 'invalid' } } } res = self.app.put_json_api(self.url_contributor, data, auth=self.user.auth, expect_errors=True) assert_equal(res.status_code, 400) assert_equal(self.project.get_permissions(self.user_two), [permissions.READ, permissions.WRITE]) assert_true(self.project.get_visible(self.user_two)) @assert_logs(NodeLog.PERMISSIONS_UPDATED, 'project') def test_change_admin_self_with_other_admin(self): self.project.add_permission(self.user_two, permissions.ADMIN, save=True) data = { 'data': { 'id': self.user._id, 'type': 'contributors', 'attributes': { 'permission': permissions.WRITE, 'bibliographic': True } } } res = self.app.put_json_api(self.url_creator, data, auth=self.user.auth) assert_equal(res.status_code, 200) attributes = res.json['data']['attributes'] assert_equal(attributes['permission'], permissions.WRITE) self.project.reload() assert_equal(self.project.get_permissions(self.user), [permissions.READ, permissions.WRITE]) def test_change_admin_self_without_other_admin(self): data = { 'data': { 'id': self.user._id, 'type': 'contributors', 'attributes': { 'permission': permissions.WRITE, 'bibliographic': True } } } res = self.app.put_json_api(self.url_creator, data, auth=self.user.auth, expect_errors=True) assert_equal(res.status_code, 400) self.project.reload() assert_equal(self.project.get_permissions(self.user), [permissions.READ, permissions.WRITE, permissions.ADMIN]) def test_remove_all_bibliographic_statuses_contributors(self): self.project.set_visible(self.user_two, False, save=True) data = { 'data': { 'id': self.user._id, 'type': 'contributors', 'attributes': { 'bibliographic': False } } } res = self.app.put_json_api(self.url_creator, data, auth=self.user.auth, expect_errors=True) assert_equal(res.status_code, 400) self.project.reload() assert_true(self.project.get_visible(self.user)) def test_change_contributor_non_admin_auth(self): data = { 'data': { 'id': self.user_two._id, 'type': 'contributors', 'attributes': { 'permission': permissions.READ, 'bibliographic': False } } } res = self.app.put_json_api(self.url_contributor, data, auth=self.user_two.auth, expect_errors=True) assert_equal(res.status_code, 403) self.project.reload() assert_equal(self.project.get_permissions(self.user_two), [permissions.READ, permissions.WRITE]) assert_true(self.project.get_visible(self.user_two)) def test_change_contributor_not_logged_in(self): data = { 'data': { 'id': self.user_two._id, 'type': 'contributors', 'attributes': { 'permission': permissions.READ, 'bibliographic': False } } } res = self.app.put_json_api(self.url_contributor, data, expect_errors=True) assert_equal(res.status_code, 401) self.project.reload() assert_equal(self.project.get_permissions(self.user_two), [permissions.READ, permissions.WRITE]) assert_true(self.project.get_visible(self.user_two))
class TestPublicNodes(SearchTestCase): def setUp(self): super(TestPublicNodes, self).setUp() self.user = UserFactory(usename="Doug Bogie") self.title = "Red Special" self.consolidate_auth = Auth(user=self.user) self.project = ProjectFactory(title=self.title, creator=self.user, is_public=True) self.component = NodeFactory(parent=self.project, title=self.title, creator=self.user, is_public=True) self.registration = ProjectFactory(title=self.title, creator=self.user, is_public=True, is_registration=True) def test_make_private(self): """Make project public, then private, and verify that it is not present in search. """ self.project.set_privacy("private") docs = query("category:project AND " + self.title)["results"] assert_equal(len(docs), 0) self.component.set_privacy("private") docs = query("category:component AND " + self.title)["results"] assert_equal(len(docs), 0) self.registration.set_privacy("private") docs = query("category:registration AND " + self.title)["results"] assert_equal(len(docs), 0) def test_public_parent_title(self): self.project.set_title("hello & world", self.consolidate_auth) self.project.save() docs = query("category:component AND " + self.title)["results"] assert_equal(len(docs), 1) assert_equal(docs[0]["parent_title"], "hello & world") assert_true(docs[0]["parent_url"]) def test_make_parent_private(self): """Make parent of component, public, then private, and verify that the component still appears but doesn't link to the parent in search. """ self.project.set_privacy("private") docs = query("category:component AND " + self.title)["results"] assert_equal(len(docs), 1) assert_equal(docs[0]["parent_title"], "-- private project --") assert_false(docs[0]["parent_url"]) def test_delete_project(self): """ """ self.component.remove_node(self.consolidate_auth) docs = query("category:component AND " + self.title)["results"] assert_equal(len(docs), 0) self.project.remove_node(self.consolidate_auth) docs = query("category:project AND " + self.title)["results"] assert_equal(len(docs), 0) def test_change_title(self): """ """ title_original = self.project.title self.project.set_title("Blue Ordinary", self.consolidate_auth, save=True) docs = query("category:project AND " + title_original)["results"] assert_equal(len(docs), 0) docs = query("category:project AND " + self.project.title)["results"] assert_equal(len(docs), 1) def test_add_tags(self): tags = ["stonecoldcrazy", "just a poor boy", "from-a-poor-family"] for tag in tags: docs = query('tags:"{}"'.format(tag))["results"] assert_equal(len(docs), 0) self.project.add_tag(tag, self.consolidate_auth, save=True) for tag in tags: docs = query('tags:"{}"'.format(tag))["results"] assert_equal(len(docs), 1) def test_remove_tag(self): tags = ["stonecoldcrazy", "just a poor boy", "from-a-poor-family"] for tag in tags: self.project.add_tag(tag, self.consolidate_auth, save=True) self.project.remove_tag(tag, self.consolidate_auth, save=True) docs = query('tags:"{}"'.format(tag))["results"] assert_equal(len(docs), 0) def test_update_wiki(self): """Add text to a wiki page, then verify that project is found when searching for wiki text. """ wiki_content = {"home": "Hammer to fall", "swag": "#YOLO"} for key, value in wiki_content.items(): docs = query(value)["results"] assert_equal(len(docs), 0) self.project.update_node_wiki(key, value, self.consolidate_auth) docs = query(value)["results"] assert_equal(len(docs), 1) def test_clear_wiki(self): """Add wiki text to page, then delete, then verify that project is not found when searching for wiki text. """ wiki_content = "Hammer to fall" self.project.update_node_wiki("home", wiki_content, self.consolidate_auth) self.project.update_node_wiki("home", "", self.consolidate_auth) docs = query(wiki_content)["results"] assert_equal(len(docs), 0) def test_add_contributor(self): """Add a contributor, then verify that project is found when searching for contributor. """ user2 = UserFactory(fullname="Adam Lambert") docs = query('category:project AND "{}"'.format(user2.fullname))["results"] assert_equal(len(docs), 0) self.project.add_contributor(user2, save=True) docs = query('category:project AND "{}"'.format(user2.fullname))["results"] assert_equal(len(docs), 1) def test_remove_contributor(self): """Add and remove a contributor, then verify that project is not found when searching for contributor. """ user2 = UserFactory(fullname="Brian May") self.project.add_contributor(user2, save=True) self.project.remove_contributor(user2, self.consolidate_auth) docs = query('category:project AND "{}"'.format(user2.fullname))["results"] assert_equal(len(docs), 0) def test_hide_contributor(self): user2 = UserFactory(fullname="Brian May") self.project.add_contributor(user2) self.project.set_visible(user2, False, save=True) docs = query('category:project AND "{}"'.format(user2.fullname))["results"] assert_equal(len(docs), 0) self.project.set_visible(user2, True, save=True) docs = query('category:project AND "{}"'.format(user2.fullname))["results"] assert_equal(len(docs), 1) def test_wrong_order_search(self): title_parts = self.title.split(" ") title_parts.reverse() title_search = " ".join(title_parts) docs = query(title_search)["results"] assert_equal(len(docs), 3) def test_tag_aggregation(self): tags = ["stonecoldcrazy", "just a poor boy", "from-a-poor-family"] for tag in tags: self.project.add_tag(tag, self.consolidate_auth, save=True) docs = query(self.title)["tags"] assert len(docs) == 3 for doc in docs: assert doc["key"] in tags