-
Notifications
You must be signed in to change notification settings - Fork 33
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
tests: add tests for the read-only mode
- Loading branch information
Showing
3 changed files
with
137 additions
and
1 deletion.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,26 @@ | ||
# -*- coding: utf-8 -*- | ||
# | ||
# Copyright (C) 2022 TU Wien. | ||
# | ||
# Invenio-Requests is free software; you can redistribute it and/or modify it | ||
# under the terms of the MIT License; see LICENSE file for more details. | ||
|
||
"""Pytest configuration. | ||
See https://pytest-invenio.readthedocs.io/ for documentation on which test fixtures | ||
are available. | ||
""" | ||
|
||
import pytest | ||
|
||
|
||
@pytest.fixture() | ||
def rw_app(app): | ||
"""Fixture that resets the read-only mode before and after tests. | ||
This is done in order to prevent permission issues with other fixtures when the | ||
app isn't freshly initialized for each test. | ||
""" | ||
app.config["RECORDS_PERMISSIONS_READ_ONLY"] = False | ||
yield app | ||
app.config["RECORDS_PERMISSIONS_READ_ONLY"] = False |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -2,6 +2,7 @@ | |
# | ||
# Copyright (C) 2021 CERN. | ||
# Copyright (C) 2021 Northwestern University. | ||
# Copyright (C) 2022 TU Wien. | ||
# | ||
# Invenio-Requests is free software; you can redistribute it and/or | ||
# modify it under the terms of the MIT License; see LICENSE file for more | ||
|
@@ -215,3 +216,67 @@ def test_empty_comment( | |
) | ||
assert 400 == response.status_code | ||
assert expected_json == response.json | ||
|
||
|
||
# | ||
# Read-only mode | ||
# | ||
|
||
|
||
def test_comment_request_ro( | ||
rw_app, client_logged_as, headers, events_resource_data, example_request | ||
): | ||
rw_app.config["RECORDS_PERMISSIONS_READ_ONLY"] = True | ||
request_id = example_request.id | ||
client = client_logged_as("[email protected]") | ||
|
||
# Commenting on a request in read-only mode should fail | ||
response = client.post( | ||
f"/requests/{request_id}/comments", headers=headers, json=events_resource_data | ||
) | ||
assert response.status_code == 403 | ||
|
||
|
||
def test_update_comment_request_ro( | ||
rw_app, client_logged_as, headers, events_resource_data, example_request | ||
): | ||
request_id = example_request.id | ||
client = client_logged_as("[email protected]") | ||
|
||
response = client.post( | ||
f"/requests/{request_id}/comments", headers=headers, json=events_resource_data | ||
) | ||
comment_id = response.json["id"] | ||
assert response.status_code == 201 | ||
|
||
# Updating the comment in read-only mode should fail | ||
rw_app.config["RECORDS_PERMISSIONS_READ_ONLY"] = True | ||
data = copy.deepcopy(events_resource_data) | ||
data["payload"]["content"] = "I've revised my comment." | ||
response = client.put( | ||
f"/requests/{request_id}/comments/{comment_id}", | ||
headers=headers, | ||
json=data, | ||
) | ||
assert response.status_code == 403 | ||
|
||
|
||
def test_delete_comment_request_ro( | ||
rw_app, client_logged_as, headers, events_resource_data, example_request | ||
): | ||
request_id = example_request.id | ||
client = client_logged_as("[email protected]") | ||
|
||
response = client.post( | ||
f"/requests/{request_id}/comments", headers=headers, json=events_resource_data | ||
) | ||
comment_id = response.json["id"] | ||
assert response.status_code == 201 | ||
|
||
# Updating the comment in read-only mode should fail | ||
rw_app.config["RECORDS_PERMISSIONS_READ_ONLY"] = True | ||
response = client.delete( | ||
f"/requests/{request_id}/comments/{comment_id}", | ||
headers=headers, | ||
) | ||
assert response.status_code == 403 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,6 +1,6 @@ | ||
# -*- coding: utf-8 -*- | ||
# | ||
# Copyright (C) 2021 TU Wien. | ||
# Copyright (C) 2021-2022 TU Wien. | ||
# | ||
# Invenio-Requests is free software; you can redistribute it and/or | ||
# modify it under the terms of the MIT License; see LICENSE file for more | ||
|
@@ -195,3 +195,48 @@ def test_simple_request_flow(app, client_logged_as, headers, example_request): | |
} | ||
) | ||
assert_api_response(response, 200, expected_data) | ||
|
||
|
||
# | ||
# Read-only mode | ||
# | ||
|
||
|
||
def test_update_request_ro(rw_app, client_logged_as, headers, example_request): | ||
rw_app.config["RECORDS_PERMISSIONS_READ_ONLY"] = True | ||
request_id = example_request.id | ||
client = client_logged_as("[email protected]") | ||
response = client.put( | ||
f"/requests/{request_id}", headers=headers, data=example_request | ||
) | ||
assert response.status_code == 403 | ||
|
||
|
||
def test_delete_request_ro(rw_app, client_logged_as, headers, example_request): | ||
rw_app.config["RECORDS_PERMISSIONS_READ_ONLY"] = True | ||
request_id = example_request.id | ||
client = client_logged_as("[email protected]") | ||
response = client.delete(f"/requests/{request_id}", headers=headers) | ||
assert response.status_code == 403 | ||
|
||
|
||
def test_submit_request_ro(rw_app, client_logged_as, headers, example_request): | ||
rw_app.config["RECORDS_PERMISSIONS_READ_ONLY"] = True | ||
request_id = example_request.id | ||
client = client_logged_as("[email protected]") | ||
response = client.post(f"/requests/{request_id}/actions/submit", headers=headers) | ||
assert response.status_code == 403 | ||
|
||
|
||
def test_request_actions_ro(rw_app, client_logged_as, headers, example_request): | ||
request_id = example_request.id | ||
client = client_logged_as("[email protected]") | ||
response = client.post(f"/requests/{request_id}/actions/submit", headers=headers) | ||
assert response.status_code == 200 | ||
|
||
for action in ["accept", "decline", "cancel"]: | ||
rw_app.config["RECORDS_PERMISSIONS_READ_ONLY"] = True | ||
response = client.post( | ||
f"/requests/{request_id}/actions/{action}", headers=headers | ||
) | ||
assert response.status_code == 403 |