fix and update tests (#1607)

bihealth · Jul 26, 2023 · bd2451d · bd2451d
1 parent 4af6d61
commit bd2451d
Show file tree

Hide file tree

Showing 5 changed files with 228 additions and 89 deletions.
diff --git a/samplesheets/tests/test_permissions_api.py b/samplesheets/tests/test_permissions_api.py
@@ -1,16 +1,25 @@
 """Tests for REST API View permissions in the samplesheets app"""
 
+import os
+import uuid
+
 from django.test import override_settings
 from django.urls import reverse
 
 # Projectroles dependency
 from projectroles.models import SODAR_CONSTANTS
+from projectroles.plugins import get_backend_api
 from projectroles.tests.test_models import RemoteSiteMixin, RemoteProjectMixin
 from projectroles.tests.test_permissions import TestProjectPermissionBase
 from projectroles.tests.test_permissions_api import TestProjectAPIPermissionBase
 
-from samplesheets.models import Investigation
+from samplesheets.models import (
+    Investigation,
+    IRODS_REQUEST_ACTION_DELETE,
+    IRODS_REQUEST_STATUS_ACTIVE,
+)
 from samplesheets.tests.test_io import SampleSheetIOMixin
+from samplesheets.tests.test_models import IrodsDataRequestMixin
 from samplesheets.tests.test_permissions import (
     SHEET_PATH,
     REMOTE_SITE_NAME,
@@ -20,6 +29,10 @@
 )
 
 
+# Local constants
+IRODS_FILE_NAME = 'test1.txt'
+
+
 class TestInvestigationRetrieveAPIView(
     SampleSheetIOMixin,
     RemoteSiteMixin,
@@ -354,6 +367,100 @@ def test_get_archive(self):
         self.assert_response_api(url, self.anonymous, 401)
 
 
+class TestIrodsDataRequestDestroyAPIView(
+    SampleSheetIOMixin, IrodsDataRequestMixin, TestProjectAPIPermissionBase
+):
+    """Test permissions for IrodsDataRequestDestroyAPIView"""
+
+    def _make_request(self):
+        # TODO: Create as contributor instead
+        self.request = self.make_irods_request(
+            project=self.project,
+            action=IRODS_REQUEST_ACTION_DELETE,
+            path=self.obj_path,
+            status=IRODS_REQUEST_STATUS_ACTIVE,
+            user=self.superuser,
+        )
+        self.request.sodar_uuid = self.request_uuid
+        self.request.save()
+        self.url = reverse(
+            'samplesheets:api_irods_request_delete',
+            kwargs={'irodsdatarequest': self.request.sodar_uuid},
+        )
+
+    def setUp(self):
+        super().setUp()
+        # Import investigation
+        self.investigation = self.import_isa_from_file(SHEET_PATH, self.project)
+        self.study = self.investigation.studies.first()
+        self.assay = self.study.assays.first()
+        # Set up iRODS data
+        self.irods_backend = get_backend_api('omics_irods')
+        self.assay_path = self.irods_backend.get_path(self.assay)
+        self.obj_path = os.path.join(self.assay_path, IRODS_FILE_NAME)
+        self.request_uuid = uuid.uuid4()
+        self._make_request()
+
+    def test_delete(self):
+        """Test delete() in IrodsDataRequestDestroyAPIView"""
+        good_users = [
+            self.superuser,
+            self.user_owner_cat,
+            self.user_delegate_cat,
+            self.user_owner,
+            self.user_delegate,
+        ]
+        bad_users = [
+            self.user_contributor_cat,
+            self.user_guest_cat,
+            self.user_finder_cat,
+            self.user_contributor,
+            self.user_guest,
+            self.user_no_roles,
+        ]
+        self.assert_response_api(
+            self.url,
+            good_users,
+            204,
+            method='DELETE',
+            cleanup_method=self._make_request,
+        )
+        self.assert_response_api(self.url, bad_users, 403, method='DELETE')
+        self.assert_response_api(self.url, self.anonymous, 401, method='DELETE')
+
+    @override_settings(PROJECTROLES_ALLOW_ANONYMOUS=True)
+    def test_delete_anon(self):
+        """Test delete() in IrodsDataRequestDestroyAPIView with anonymous access"""
+        self.project.set_public()
+        self.assert_response_api(self.url, self.anonymous, 401, method='DELETE')
+
+    def test_delete_archived(self):
+        """Test delete() in IrodsDataRequestDestroyAPIView with archived project"""
+        self.project.set_archive()
+        good_users = [self.superuser]
+        bad_users = [
+            self.user_owner_cat,
+            self.user_delegate_cat,
+            self.user_contributor_cat,
+            self.user_guest_cat,
+            self.user_finder_cat,
+            self.user_owner,
+            self.user_delegate,
+            self.user_contributor,
+            self.user_guest,
+            self.user_no_roles,
+        ]
+        self.assert_response_api(
+            self.url,
+            good_users,
+            204,
+            method='DELETE',
+            cleanup_method=self._make_request,
+        )
+        self.assert_response_api(self.url, bad_users, 403, method='DELETE')
+        self.assert_response_api(self.url, self.anonymous, 401, method='DELETE')
+
+
 class TestRemoteSheetGetAPIView(
     SampleSheetIOMixin,
     RemoteSiteMixin,

diff --git a/samplesheets/tests/test_permissions_api_taskflow.py b/samplesheets/tests/test_permissions_api_taskflow.py
@@ -23,6 +23,47 @@
 )
 
 
+# Base Classes and Mixins ------------------------------------------------------
+
+
+class TestIrodsDataRequestAPIViewBase(
+    SampleSheetIOMixin, SampleSheetTaskflowMixin, TaskflowAPIPermissionTestBase
+):
+    """Base class for iRODS data request API view permission tests"""
+
+    def create_request(self):
+        """Helper function to create a request"""
+        url = reverse(
+            'samplesheets:api_irods_request_create',
+            kwargs={'project': self.project.sodar_uuid},
+        )
+        # TODO: Create as contributor instead
+        # TODO: Remove these "bla" things once #1735 has been fixed
+        post_data = {'path': self.obj_path + '/', 'description': 'bla'}
+        with self.login(self.superuser):
+            self.client.post(url, post_data)
+            obj = IrodsDataRequest.objects.first()
+        return obj
+
+    def setUp(self):
+        super().setUp()
+        # Import investigation
+        self.investigation = self.import_isa_from_file(SHEET_PATH, self.project)
+        self.study = self.investigation.studies.first()
+        self.assay = self.study.assays.first()
+        # Set up iRODS data
+        self.make_irods_colls(self.investigation)
+        self.assay_path = self.irods_backend.get_path(self.assay)
+        self.obj_path = os.path.join(self.assay_path, IRODS_FILE_NAME)
+        self.md5_path = os.path.join(self.assay_path, IRODS_FILE_NAME + '.md5')
+        # Create objects
+        self.file_obj = self.irods.data_objects.create(self.obj_path)
+        self.md5_obj = self.irods.data_objects.create(self.md5_path)
+
+
+# Test Classes -----------------------------------------------------------------
+
+
 class TestSampleDataFileExistsAPIView(
     SampleSheetIOMixin, SampleSheetTaskflowMixin, TaskflowAPIPermissionTestBase
 ):
@@ -62,6 +103,8 @@ def test_get(self):
         self.assert_response_api(url, good_users, 200, data=self.post_data)
         self.assert_response_api(url, self.anonymous, 401, data=self.post_data)
 
+    # TODO: Test get anonymous
+
     def test_get_archive(self):
         """Test get() with archived project"""
         self.project.set_archive()
@@ -83,53 +126,79 @@ def test_get_archive(self):
         self.assert_response_api(url, self.anonymous, 401, data=self.post_data)
 
 
-class TestIrodsDataRequestAPIViewBase(
+class TestIrodsDataRequestListAPIView(
     SampleSheetIOMixin, SampleSheetTaskflowMixin, TaskflowAPIPermissionTestBase
 ):
-    """Base class for iRODS data request API view permission tests"""
-
-    def create_request(self):
-        """Helper function to create a request"""
-        url = reverse(
-            'samplesheets:api_irods_request_create',
-            kwargs={'project': self.project.sodar_uuid},
-        )
-        # Set up post data
-        post_data = {'path': self.path + '/', 'description': 'bla'}
-        with self.login(self.superuser):
-            self.client.post(url, post_data)
-            obj = IrodsDataRequest.objects.first()
-        return obj
+    """Tests for IrodsDataRequestListAPIView permissions"""
 
     def setUp(self):
         super().setUp()
-        # Import investigation
         self.investigation = self.import_isa_from_file(SHEET_PATH, self.project)
         self.study = self.investigation.studies.first()
         self.assay = self.study.assays.first()
-
-        # Set up iRODS data
         self.make_irods_colls(self.investigation)
-        self.assay_path = self.irods_backend.get_path(self.assay)
-        self.path = os.path.join(self.assay_path, IRODS_FILE_NAME)
-        self.path_md5 = os.path.join(self.assay_path, f'{IRODS_FILE_NAME}.md5')
-        # Create objects
-        self.file_obj = self.irods.data_objects.create(self.path)
-        self.md5_obj = self.irods.data_objects.create(self.path_md5)
+        self.url = reverse(
+            'samplesheets:api_irods_request_list',
+            kwargs={'project': self.project.sodar_uuid},
+        )
+
+    def test_get(self):
+        """Test get() in IrodsDataRequestListAPIView"""
+        good_users = [
+            self.superuser,
+            self.user_owner_cat,
+            self.user_delegate_cat,
+            self.user_contributor_cat,
+            self.user_owner,
+            self.user_delegate,
+            self.user_contributor,
+        ]
+        bad_users = [
+            self.user_guest_cat,
+            self.user_finder_cat,
+            self.user_guest,
+            self.user_no_roles,
+        ]
+        self.assert_response_api(self.url, good_users, 200)
+        self.assert_response_api(self.url, bad_users, 403)
+        self.assert_response_api(self.url, self.anonymous, 401)
+
+    @override_settings(PROJECTROLES_ALLOW_ANONYMOUS=True)
+    def test_get_anon(self):
+        """Test get() in IrodsDataRequestListAPIView with anonymous access"""
+        self.assert_response_api(self.url, self.anonymous, 401)
+
+    def test_get_archived(self):
+        """Test get() in IrodsDataRequestListAPIView with archived project"""
+        self.project.set_archive()
+        good_users = [self.superuser]
+        bad_users = [
+            self.user_owner_cat,
+            self.user_delegate_cat,
+            self.user_contributor_cat,
+            self.user_owner,
+            self.user_delegate,
+            self.user_contributor,
+            self.user_guest_cat,
+            self.user_finder_cat,
+            self.user_guest,
+            self.user_no_roles,
+        ]
+        self.assert_response_api(self.url, good_users, 200)
+        self.assert_response_api(self.url, bad_users, 403)
+        self.assert_response_api(self.url, self.anonymous, 401)
 
 
 class TestIrodsDataRequestCreateAPIView(TestIrodsDataRequestAPIViewBase):
     """Test permissions for IrodsDataRequestCreateAPIView"""
 
     def setUp(self):
         super().setUp()
-        # Set up URLs
         self.url = reverse(
             'samplesheets:api_irods_request_create',
             kwargs={'project': self.project.sodar_uuid},
         )
-        # Set up post data
-        self.post_data = {'path': self.path + '/', 'description': 'bla'}
+        self.post_data = {'path': self.obj_path + '/', 'description': 'bla'}
 
     def test_create(self):
         """Test post() in IrodsDataRequestCreateAPIView"""
@@ -209,7 +278,7 @@ def setUp(self):
             'samplesheets:api_irods_request_update',
             kwargs={'irodsdatarequest': self.irods_request.sodar_uuid},
         )
-        self.update_data = {'path': self.path, 'description': 'Updated'}
+        self.update_data = {'path': self.obj_path, 'description': 'Updated'}
 
     def test_update(self):
         """Test post() in IrodsDataRequestUpdateAPIView"""
@@ -273,56 +342,7 @@ def test_update_archived(self):
         )
 
 
-class TestIrodsDataRequestDeleteAPIView(TestIrodsDataRequestAPIViewBase):
-    """Test permissions for IrodsDataRequestDeleteAPIView"""
-
-    def test_delete(self):
-        """Test delete() in IrodsDataRequestDeleteAPIView"""
-        good_users = [
-            self.superuser,
-            self.user_owner_cat,
-            self.user_delegate_cat,
-            self.user_owner,
-            self.user_delegate,
-        ]
-        bad_users = [
-            self.user_contributor_cat,
-            self.user_guest_cat,
-            self.user_finder_cat,
-            self.user_contributor,
-            self.user_guest,
-            self.user_no_roles,
-        ]
-
-        for user in good_users:
-            obj = self.create_request()
-            self.url_delete = reverse(
-                'samplesheets:api_irods_request_delete',
-                kwargs={'irodsdatarequest': obj.sodar_uuid},
-            )
-            self.assert_response_api(
-                self.url_delete, user, 200, method='DELETE'
-            )
-
-        obj = self.create_request()
-        self.url_delete = reverse(
-            'samplesheets:api_irods_request_delete',
-            kwargs={'irodsdatarequest': obj.sodar_uuid},
-        )
-        self.assert_response_api(
-            self.url_delete, bad_users, 403, method='DELETE'
-        )
-
-        # Test with anonymous access
-        with self.login(self.superuser):
-            obj = self.create_request()
-            self.url_delete = reverse(
-                'samplesheets:api_irods_request_delete',
-                kwargs={'irodsdatarequest': obj.sodar_uuid},
-            )
-            self.assert_response_api(
-                self.url_delete, self.anonymous, 401, method='DELETE'
-            )
+# NOTE: For IrodsDataRequestDestroyAPIView, see test_permissions_api
 
 
 class TestIrodsDataRequestAcceptAPIView(TestIrodsDataRequestAPIViewBase):
@@ -451,6 +471,7 @@ def test_accept_archived(self):
         )
 
 
+# TODO: Move to test_permissions_api
 class TestIrodsDataRequestRejectAPIView(TestIrodsDataRequestAPIViewBase):
     """Test permissions for TestIrodsDataRequestRejectAPIView"""
 

diff --git a/samplesheets/tests/test_views_ajax_taskflow.py b/samplesheets/tests/test_views_ajax_taskflow.py
@@ -18,6 +18,7 @@
 from samplesheets.tests.test_views_taskflow import (
     TestIrodsDataRequestViewsBase,
     SampleSheetTaskflowMixin,
+    IRODS_FILE_NAME,
     IRODS_FILE_NAME2,
 )
 from samplesheets.views import IRODS_REQ_CREATE_ALERT as CREATE_ALERT
@@ -641,7 +642,9 @@ def test_get_coll_obj_delete_request(self):
             )
 
         self.assertEqual(response.status_code, 200)
-        self.assertEqual(response.json()['irods_data'][0]['name'], 'test1')
+        self.assertEqual(
+            response.json()['irods_data'][0]['name'], IRODS_FILE_NAME
+        )
         self.assertEqual(
             response.json()['irods_data'][0]['path'], self.obj_path
         )