Skip to content

Commit

Permalink
tests: add tests for the read-only mode
Browse files Browse the repository at this point in the history
  • Loading branch information
max-moser committed Nov 15, 2022
1 parent 7474d4b commit 75b50da
Show file tree
Hide file tree
Showing 3 changed files with 137 additions and 1 deletion.
26 changes: 26 additions & 0 deletions tests/resources/conftest.py
Original file line number Diff line number Diff line change
@@ -0,0 +1,26 @@
# -*- coding: utf-8 -*-
#
# Copyright (C) 2022 TU Wien.
#
# Invenio-Requests is free software; you can redistribute it and/or modify it
# under the terms of the MIT License; see LICENSE file for more details.

"""Pytest configuration.
See https://pytest-invenio.readthedocs.io/ for documentation on which test fixtures
are available.
"""

import pytest


@pytest.fixture()
def rw_app(app):
"""Fixture that resets the read-only mode before and after tests.
This is done in order to prevent permission issues with other fixtures when the
app isn't freshly initialized for each test.
"""
app.config["RECORDS_PERMISSIONS_READ_ONLY"] = False
yield app
app.config["RECORDS_PERMISSIONS_READ_ONLY"] = False
65 changes: 65 additions & 0 deletions tests/resources/events/test_request_events_resources.py
Original file line number Diff line number Diff line change
Expand Up @@ -2,6 +2,7 @@
#
# Copyright (C) 2021 CERN.
# Copyright (C) 2021 Northwestern University.
# Copyright (C) 2022 TU Wien.
#
# Invenio-Requests is free software; you can redistribute it and/or
# modify it under the terms of the MIT License; see LICENSE file for more
Expand Down Expand Up @@ -215,3 +216,67 @@ def test_empty_comment(
)
assert 400 == response.status_code
assert expected_json == response.json


#
# Read-only mode
#


def test_comment_request_ro(
rw_app, client_logged_as, headers, events_resource_data, example_request
):
rw_app.config["RECORDS_PERMISSIONS_READ_ONLY"] = True
request_id = example_request.id
client = client_logged_as("[email protected]")

# Commenting on a request in read-only mode should fail
response = client.post(
f"/requests/{request_id}/comments", headers=headers, json=events_resource_data
)
assert response.status_code == 403


def test_update_comment_request_ro(
rw_app, client_logged_as, headers, events_resource_data, example_request
):
request_id = example_request.id
client = client_logged_as("[email protected]")

response = client.post(
f"/requests/{request_id}/comments", headers=headers, json=events_resource_data
)
comment_id = response.json["id"]
assert response.status_code == 201

# Updating the comment in read-only mode should fail
rw_app.config["RECORDS_PERMISSIONS_READ_ONLY"] = True
data = copy.deepcopy(events_resource_data)
data["payload"]["content"] = "I've revised my comment."
response = client.put(
f"/requests/{request_id}/comments/{comment_id}",
headers=headers,
json=data,
)
assert response.status_code == 403


def test_delete_comment_request_ro(
rw_app, client_logged_as, headers, events_resource_data, example_request
):
request_id = example_request.id
client = client_logged_as("[email protected]")

response = client.post(
f"/requests/{request_id}/comments", headers=headers, json=events_resource_data
)
comment_id = response.json["id"]
assert response.status_code == 201

# Updating the comment in read-only mode should fail
rw_app.config["RECORDS_PERMISSIONS_READ_ONLY"] = True
response = client.delete(
f"/requests/{request_id}/comments/{comment_id}",
headers=headers,
)
assert response.status_code == 403
47 changes: 46 additions & 1 deletion tests/resources/requests/test_requests_resources.py
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
# -*- coding: utf-8 -*-
#
# Copyright (C) 2021 TU Wien.
# Copyright (C) 2021-2022 TU Wien.
#
# Invenio-Requests is free software; you can redistribute it and/or
# modify it under the terms of the MIT License; see LICENSE file for more
Expand Down Expand Up @@ -195,3 +195,48 @@ def test_simple_request_flow(app, client_logged_as, headers, example_request):
}
)
assert_api_response(response, 200, expected_data)


#
# Read-only mode
#


def test_update_request_ro(rw_app, client_logged_as, headers, example_request):
rw_app.config["RECORDS_PERMISSIONS_READ_ONLY"] = True
request_id = example_request.id
client = client_logged_as("[email protected]")
response = client.put(
f"/requests/{request_id}", headers=headers, data=example_request
)
assert response.status_code == 403


def test_delete_request_ro(rw_app, client_logged_as, headers, example_request):
rw_app.config["RECORDS_PERMISSIONS_READ_ONLY"] = True
request_id = example_request.id
client = client_logged_as("[email protected]")
response = client.delete(f"/requests/{request_id}", headers=headers)
assert response.status_code == 403


def test_submit_request_ro(rw_app, client_logged_as, headers, example_request):
rw_app.config["RECORDS_PERMISSIONS_READ_ONLY"] = True
request_id = example_request.id
client = client_logged_as("[email protected]")
response = client.post(f"/requests/{request_id}/actions/submit", headers=headers)
assert response.status_code == 403


def test_request_actions_ro(rw_app, client_logged_as, headers, example_request):
request_id = example_request.id
client = client_logged_as("[email protected]")
response = client.post(f"/requests/{request_id}/actions/submit", headers=headers)
assert response.status_code == 200

for action in ["accept", "decline", "cancel"]:
rw_app.config["RECORDS_PERMISSIONS_READ_ONLY"] = True
response = client.post(
f"/requests/{request_id}/actions/{action}", headers=headers
)
assert response.status_code == 403

0 comments on commit 75b50da

Please sign in to comment.