示例#1
0
    def test_search_returns_private_access_results_to_owner(
            self, client, create_record, create_user, es_clear):

        # TODO: Improve User factory to auto-generate unique emails
        user1 = create_user({'email': '*****@*****.**'})
        user2 = create_user({'email': '*****@*****.**'})
        record = create_record(
            {
                "title": "old record",
                "permissions": RecordPermissions.PRIVATE_VIEW,
                "_deposit": {"owners": [user1.id]}
            }
        )

        # WARNING: If user is logged in before create_record,
        #          then create_record assigns that user as the owner
        login_request_and_session(user2, client)

        response = client.get("/records/?q=old+record")

        assert response.status_code == 200
        assert len(response.json['hits']['hits']) == 0

        login_request_and_session(user1, client)

        response = client.get("/records/?q=old+record")

        assert_single_hit(response, record)
示例#2
0
    def test_search_only_returns_appropriate_records(
            self, client, create_record, es_clear, create_user, db):
        user = create_user()
        login_request_and_session(user, client)

        print("Case: Newly created (draft) record should be returned")
        unpublished_record = create_record(
            {'title': 'A New Record'}, published=False)

        response = client.get('/deposits/')

        assert_single_hit(response, unpublished_record)
        print("****")

        print("Case: When published, only published record should be returned")
        unpublished_record.publish()
        db.session.commit()
        current_search.flush_and_refresh(index='*')
        pid, published_record = unpublished_record.fetch_published()

        response = client.get('/deposits/')

        assert_single_hit(response, published_record)
        print("****")

        print("Case: When edited, draft and published record should be "
              "returned")
        edited_record = unpublished_record.edit()
        current_search.flush_and_refresh(index='*')
        db.session.commit()

        response = client.get('/deposits/')
        search_hits = response.json['hits']['hits']

        assert response.status_code == 200
        assert len(search_hits) == 2
        hit_types = [hit['metadata']['type'] for hit in search_hits]
        assert published_record['type'] == RecordType.published.value
        assert published_record['type'] in hit_types
        assert edited_record['type'] == RecordType.draft.value
        assert edited_record['type'] in hit_types
        print("****")

        # Case: When edited record is published,
        print("Case: When re-published, only published record should be "
              "returned")
        edited_record.publish()
        db.session.commit()
        current_search.flush_and_refresh(index='*')
        pid, published_record = edited_record.fetch_published()

        response = client.get('/deposits/')

        assert_single_hit(response, published_record)
        print("****")
示例#3
0
def test_deposits_page_has_search_bar(client, create_user):
    user = create_user()
    login_request_and_session(user, client)

    response = client.get('/deposit/new')
    html_text = response.get_data(as_text=True)
    invenio_search_bar = re.findall('<invenio-search-bar', html_text)
    role_search = re.findall('role="search"', html_text)

    assert len(invenio_search_bar) == 0
    assert len(role_search) == 1
示例#4
0
    def test_search_does_not_contain_owner_draft_records(
            self, client, create_record, es_clear, create_user):
        user = create_user()
        login_request_and_session(user, client)
        unpublished_record = create_record(
            {'title': 'Unpublished'}, published=False
        )
        published_record = create_record()

        response = client.get("/records/")

        assert_single_hit(response, published_record)
示例#5
0
def test_activity_feed_page_requires_login(client, create_user):
    user = create_user()
    activity_feed_url = '/account'

    response = client.get(activity_feed_url)

    assert response.status_code == 302
    assert response.location.endswith('login/?next=%2Faccount')

    login_request_and_session(user, client)

    response = client.get(activity_feed_url)

    assert response.status_code == 200
示例#6
0
def test_new_record_page_requires_login(client, create_user):
    user = create_user()
    new_record_url = '/records/new'

    response = client.get(new_record_url)

    assert response.status_code == 302
    assert response.location.endswith('login/?next=%2Frecords%2Fnew')

    login_request_and_session(user, client)

    response = client.get(new_record_url)

    assert response.status_code == 200
示例#7
0
def test_user_dropdown_contains_desired_links(client, create_user):
    user = create_user()
    login_request_and_session(user, client)

    response = client.get('/')
    html_tree = html.fromstring(response.get_data(as_text=True))
    links = {
        a.get('href') for a in html_tree.cssselect('ul.dropdown-menu li a')
    }

    assert links == {
        '/personal-records',
        '/account/settings/profile/',
        '/logout/'
    }
示例#8
0
def test_edit_record_page_requires_edit_permission(
        client, create_user, create_record):
    user = create_user()
    record = create_record({'_deposit': {'owners': [user.id]}})
    login_request_and_session(user, client)

    response = client.get('/deposit/{}'.format(record['_deposit']['id']))

    assert response.status_code == 200

    another_user = create_user(
        {'email': '*****@*****.**'}
    )
    login_request_and_session(another_user, client)

    response = client.get('/deposit/{}'.format(record['_deposit']['id']))

    assert response.status_code == 403
示例#9
0
def test_account_page_menu_contains_desired_links(
        client, create_user, super_user):
    # NOTE: super_user is needed because of a quirk in invenio-admin.
    #       A PR: https://github.com/inveniosoftware/invenio-admin/pull/67
    #       has been submitted.
    user = create_user()
    login_request_and_session(user, client)

    response = client.get('/account')
    html_tree = html.fromstring(response.get_data(as_text=True))
    links = {
        a.get('href') for a in html_tree.cssselect('ul.list-group a')
    }

    assert links == {
        '/personal-records',
        '/account/settings/profile/',
        '/account/settings/security/',
        '/account/settings/applications/',
    }
示例#10
0
def test_record_page_shows_edit_action_if_permitted(
        client, create_record, create_user):
    user = create_user()
    owned_record = create_record({'_deposit': {'owners': [user.id]}})
    not_owned_record = create_record()
    login_request_and_session(user, client)

    response = client.get('/records/{}'.format(owned_record['id']))
    page = response.get_data(as_text=True)
    html_tree = html.fromstring(page)
    edit_links = html_tree.cssselect('a#edit-action')

    assert len(edit_links) == 1
    pid_value = owned_record['_deposit']['id']
    assert edit_links[0].get('href') == '/deposit/{}'.format(pid_value)

    response = client.get('/records/{}'.format(not_owned_record['id']))
    html_tree = html.fromstring(response.get_data(as_text=True))
    edit_links = html_tree.cssselect('a#edit-action')

    assert len(edit_links) == 0
示例#11
0
    def test_search_returns_restricted_access_results_to_authenticated_user(
            self, client, create_record, create_user, es_clear):
        record = create_record(
            {
                "title": "old record",
                "permissions": RecordPermissions.RESTRICTED_VIEW
            }
        )

        response = client.get("/records/?q=old+record")

        assert response.status_code == 200
        assert len(response.json['hits']['hits']) == 0

        # WARNING: If user is logged in before create_record,
        #          then create_record assigns that user as the owner
        user = create_user()
        login_request_and_session(user, client)

        response = client.get("/records/?q=old+record")

        assert_single_hit(response, record)
示例#12
0
    def test_search_contains_owner_published_and_draft_records(
            self, client, create_record, es_clear, create_user):
        # Another user to scramble things
        another_user = create_user({'email': '*****@*****.**'})
        login_request_and_session(another_user, client)
        another_published_record = create_record(
            {'title': 'Another Published Record'})
        # The user we want to test
        user = create_user()
        login_request_and_session(user, client)
        published_record = create_record({'title': 'A Published Record'})
        unpublished_record = create_record(
            {'title': 'A Draft Record'}, published=False)

        response = client.get('/deposits/')
        search_hits = response.json['hits']['hits']

        assert response.status_code == 200
        assert len(search_hits) == 2
        hit_titles = [hit['metadata']['title'] for hit in search_hits]
        assert published_record['title'] in hit_titles
        assert unpublished_record['title'] in hit_titles
        assert another_published_record['title'] not in hit_titles