Skip to content

Commit

Permalink
update view and permission tests, fix issues (#1706)
Browse files Browse the repository at this point in the history
  • Loading branch information
@mikkonie
mikkonie committed Jul 28, 2023
1 parent 7e495d5 commit 1e2fdde
Show file tree
Hide file tree
Showing 4 changed files with 364 additions and 638 deletions.
131 changes: 108 additions & 23 deletions samplesheets/tests/test_permissions_api.py
View file
Original file line number Diff line number Diff line change
@@ -1,5 +1,7 @@
"""Tests for REST API View permissions in the samplesheets app"""

# TODO: Fix behaviour on archive!

import uuid

from django.test import override_settings
Expand Down Expand Up @@ -44,7 +46,7 @@ def setUp(self):
self.assay = self.study.assays.first()

def test_get(self):
"""Test get() in InvestigationRetrieveAPIView"""
"""Test InvestigationRetrieveAPIView GET"""
url = reverse(
'samplesheets:api_investigation_retrieve',
kwargs={'project': self.project.sodar_uuid},
Expand Down Expand Up @@ -74,7 +76,7 @@ def test_get(self):

@override_settings(PROJECTROLES_ALLOW_ANONYMOUS=True)
def test_get_anon(self):
"""Test get() with anonymous guest access"""
"""Test GET with anonymous guest access"""
url = reverse(
'samplesheets:api_investigation_retrieve',
kwargs={'project': self.project.sodar_uuid},
Expand All @@ -83,7 +85,7 @@ def test_get_anon(self):
self.assert_response_api(url, self.anonymous, 200)

def test_get_archive(self):
"""Test get() with archived project"""
"""Test GET with archived project"""
self.project.set_archive()
url = reverse(
'samplesheets:api_investigation_retrieve',
Expand Down Expand Up @@ -130,7 +132,7 @@ def tearDown(self):
super().tearDown()

def test_post(self):
"""Test post() in SampleSheetImportAPIView"""
"""Test SampleSheetImportAPIView POST"""
url = reverse(
'samplesheets:api_import',
kwargs={'project': self.project.sodar_uuid},
Expand Down Expand Up @@ -199,7 +201,7 @@ def test_post(self):

@override_settings(PROJECTROLES_ALLOW_ANONYMOUS=True)
def test_post_anon(self):
"""Test post() with anonymous guest access"""
"""Test POST with anonymous guest access"""
url = reverse(
'samplesheets:api_import',
kwargs={'project': self.project.sodar_uuid},
Expand All @@ -215,7 +217,7 @@ def test_post_anon(self):
)

def test_post_archive(self):
"""Test post() with archived project"""
"""Test POST with archived project"""
self.project.set_archive()
url = reverse(
'samplesheets:api_import',
Expand Down Expand Up @@ -295,7 +297,7 @@ def setUp(self):
self.assay = self.study.assays.first()

def test_get(self):
"""Test get() in SampleSheetISAExportAPIView"""
"""Test SampleSheetISAExportAPIView GET"""
url = reverse(
'samplesheets:api_export_zip',
kwargs={'project': self.project.sodar_uuid},
Expand All @@ -321,7 +323,7 @@ def test_get(self):

@override_settings(PROJECTROLES_ALLOW_ANONYMOUS=True)
def test_get_anon(self):
"""Test get() with anonymous guest access"""
"""Test GET with anonymous guest access"""
url = reverse(
'samplesheets:api_export_zip',
kwargs={'project': self.project.sodar_uuid},
Expand All @@ -330,7 +332,7 @@ def test_get_anon(self):
self.assert_response_api(url, self.anonymous, 200)

def test_get_archive(self):
"""Test get() with archived project"""
"""Test GET with archived project"""
self.project.set_archive()
url = reverse(
'samplesheets:api_export_zip',
Expand Down Expand Up @@ -376,7 +378,7 @@ def setUp(self):
)

def test_get(self):
"""Test get() in IrodsDataRequestListAPIView"""
"""Test IrodsDataRequestListAPIView GET"""
good_users = [
self.superuser,
self.user_owner_cat,
Expand Down Expand Up @@ -404,12 +406,12 @@ def test_get(self):

@override_settings(PROJECTROLES_ALLOW_ANONYMOUS=True)
def test_get_anon(self):
"""Test get() with anonymous guest access"""
"""Test GET with anonymous guest access"""
self.project.set_public()
self.assert_response_api(self.url, self.anonymous, 401)

def test_get_archive(self):
"""Test get() with archived project"""
"""Test GET with archived project"""
self.project.set_archive()
good_users = [self.superuser]
bad_users = [
Expand Down Expand Up @@ -440,7 +442,7 @@ def setUp(self):
)

def test_get(self):
"""Test get() in IrodsDataRequestListAPIView"""
"""Test IrodsDataRequestListAPIView GET"""
good_users = [
self.superuser,
self.user_owner_cat,
Expand Down Expand Up @@ -468,12 +470,12 @@ def test_get(self):

@override_settings(PROJECTROLES_ALLOW_ANONYMOUS=True)
def test_get_anon(self):
"""Test get() with anonymous guest access"""
"""Test GET with anonymous guest access"""
self.project.set_public()
self.assert_response_api(self.url, self.anonymous, 401)

def test_get_archive(self):
"""Test get() with archived project"""
"""Test GET with archived project"""
self.project.set_archive()
good_users = [self.superuser]
bad_users = [
Expand All @@ -493,6 +495,88 @@ def test_get_archive(self):
self.assert_response_api(self.url, self.anonymous, 401)


class TestIrodsDataRequestRejectAPIView(
IrodsDataRequestMixin, TestProjectAPIPermissionBase
):
"""Test permissions for TestIrodsDataRequestRejectAPIView"""

def _cleanup(self):
self.request.status = IRODS_REQUEST_STATUS_ACTIVE
self.request.save()

def setUp(self):
super().setUp()
self.request = self.make_irods_request(
project=self.project,
action=IRODS_REQUEST_ACTION_DELETE,
path=IRODS_FILE_PATH,
status=IRODS_REQUEST_STATUS_ACTIVE,
user=self.user_contributor,
)
self.url = reverse(
'samplesheets:api_irods_request_reject',
kwargs={'irodsdatarequest': self.request.sodar_uuid},
)

def test_reject(self):
"""Test IrodsDataRequestRejectAPIView POST"""
good_users = [
self.superuser,
self.user_owner_cat,
self.user_delegate_cat,
self.user_owner,
self.user_delegate,
]
bad_users = [
self.user_contributor_cat,
self.user_guest_cat,
self.user_finder_cat,
self.user_contributor,
self.user_guest,
self.user_no_roles,
]
self.assert_response_api(
self.url,
good_users,
200,
method='POST',
cleanup_method=self._cleanup,
)
self.assert_response_api(self.url, bad_users, 403, method='POST')
self.assert_response_api(self.url, self.anonymous, 401, method='POST')

@override_settings(PROJECTROLES_ALLOW_ANONYMOUS=True)
def test_accept_anon(self):
"""Test POST in IrodsDataRequestRejectAPIView with anonymous access"""
self.assert_response_api(self.url, self.anonymous, 401, method='POST')

def test_reject_archived(self):
"""Test POST in IrodsDataRequestUpdateAPIView with archived project"""
self.project.set_archive()
good_users = [self.superuser]
bad_users = [
self.user_owner_cat,
self.user_delegate_cat,
self.user_contributor_cat,
self.user_guest_cat,
self.user_finder_cat,
self.user_owner,
self.user_delegate,
self.user_contributor,
self.user_guest,
self.user_no_roles,
]
self.assert_response_api(
self.url,
good_users,
200,
method='POST',
cleanup_method=self._cleanup,
)
self.assert_response_api(self.url, bad_users, 403, method='POST')
self.assert_response_api(self.url, self.anonymous, 401, method='POST')


class TestIrodsDataRequestDestroyAPIView(
SampleSheetIOMixin, IrodsDataRequestMixin, TestProjectAPIPermissionBase
):
Expand All @@ -519,7 +603,7 @@ def setUp(self):
self._make_request()

def test_delete(self):
"""Test delete() in IrodsDataRequestDestroyAPIView"""
"""Test IrodsDataRequestDestroyAPIView DELETE"""
good_users = [
self.superuser,
self.user_owner_cat,
Expand Down Expand Up @@ -547,12 +631,13 @@ def test_delete(self):

@override_settings(PROJECTROLES_ALLOW_ANONYMOUS=True)
def test_delete_anon(self):
"""Test delete() in IrodsDataRequestDestroyAPIView with anonymous access"""
"""Test DELETE with anonymous access"""
self.project.set_public()
self.assert_response_api(self.url, self.anonymous, 401, method='DELETE')

# TODO: Fix!
def test_delete_archived(self):
"""Test delete() in IrodsDataRequestDestroyAPIView with archived project"""
"""Test DELETE with archived project"""
self.project.set_archive()
good_users = [self.superuser, self.user_contributor]
bad_users = [
Expand Down Expand Up @@ -602,7 +687,7 @@ def setUp(self):
)

def test_get(self):
"""Test RemoteSheetGetAPIView with correct access"""
"""Test RemoteSheetGetAPIView GET"""
# Create remote project
self.make_remote_project(
project_uuid=self.project.sodar_uuid,
Expand All @@ -619,7 +704,7 @@ def test_get(self):
self.assert_response(url, self.anonymous, 200)

def test_get_invalid_access(self):
"""Test RemoteSheetGetAPIView with invalid access level"""
"""Test GET with invalid access level"""
self.make_remote_project(
project_uuid=self.project.sodar_uuid,
site=self.target_site,
Expand All @@ -635,7 +720,7 @@ def test_get_invalid_access(self):
self.assert_response(url, self.anonymous, 401)

def test_get_no_access(self):
"""Test RemoteSheetGetAPIView with no remote access rights"""
"""Test GET with no remote access rights"""
url = reverse(
'samplesheets:api_remote_get',
kwargs={
Expand All @@ -646,7 +731,7 @@ def test_get_no_access(self):
self.assert_response(url, self.anonymous, 401)

def test_get_invalid_secret(self):
"""Test RemoteSheetGetAPIView with invalid remote site secret"""
"""Test GET with invalid remote site secret"""
self.make_remote_project(
project_uuid=self.project.sodar_uuid,
site=self.target_site,
Expand All @@ -662,7 +747,7 @@ def test_get_invalid_secret(self):
self.assert_response(url, self.anonymous, 401)

def test_get_archive(self):
"""Test RemoteSheetGetAPIView with archived project"""
"""Test GET with archived project"""
self.project.set_archive()
self.make_remote_project(
project_uuid=self.project.sodar_uuid,
Expand Down
Loading

0 comments on commit 1e2fdde

Please sign in to comment.