summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorgebele <gebele@in-silico.ch>2014-01-17 17:03:15 +0100
committergebele <gebele@in-silico.ch>2014-01-17 17:03:15 +0100
commitd33c2f8378ece872addc2bc7555472dc469b7ce7 (patch)
tree2d565ad259c301aad9e807e0229b503c3a6452e5
parente90a3f8543553bc68a8747529d61b0c59c5d3fe2 (diff)
adjusted for new get_permission rule with flags only
Diffstat
-rw-r--r--test/toxbank-investigation-rest.rb21
-rw-r--r--test/toxbank-investigation-workflow.rb212
2 files changed, 169 insertions, 64 deletions
diff --git a/test/toxbank-investigation-rest.rb b/test/toxbank-investigation-rest.rb
index 70da2c3..b7aebc2 100644
--- a/test/toxbank-investigation-rest.rb
+++ b/test/toxbank-investigation-rest.rb
@@ -413,7 +413,7 @@ class TBInvestigationREST < MiniTest::Test
response = OpenTox::RestClientWrapper.get "#{@@uri}/metadata", {}, {:accept => "application/rdf+xml", :subjectid => $pi[:subjectid]}
assert_match /<\?xml/, response #PI can get
assert_raises OpenTox::UnauthorizedError do
- res = OpenTox::RestClientWrapper.get "#{@@uri}/metadata", {}, {:accept => "application/rdf+xml"}
+ res = OpenTox::RestClientWrapper.get "#{@@uri}/metadata", {}, {:accept => "application/rdf+xml", :subjectid => $secondpi[:subjectid]}
end #Guest can not get
end
@@ -428,15 +428,17 @@ class TBInvestigationREST < MiniTest::Test
assert_equal "Completed", task.hasStatus, "Task should be completed but is: #{task.hasStatus}. Task URI is #{task_uri} ."
response = OpenTox::RestClientWrapper.get "#{@@uri}/metadata", {}, {:accept => "application/rdf+xml", :subjectid => $pi[:subjectid]}
assert_match /<\?xml/, response #PI can get
- res = OpenTox::RestClientWrapper.get "#{@@uri}/metadata", {}, {:accept => "application/rdf+xml", :subjectid => $secondpi[:subjectid]}
- assert_match /<\?xml/, res #secondpi can get if isSS
+ #secondpi can not get unless published
+ assert_raises OpenTox::UnauthorizedError do
+ res = OpenTox::RestClientWrapper.get "#{@@uri}/metadata", {}, {:accept => "application/rdf+xml", :subjectid => $secondpi[:subjectid]}
+ end
end
# check title has changed by update
# @note expect title after update is "BII-I-1"
def test_10_d_check_if_title_has_changed_by_update
# check content
- res = OpenTox::RestClientWrapper.get "#{@@uri}/metadata", {}, {:accept => "application/rdf+xml", :subjectid => $secondpi[:subjectid]}
+ res = OpenTox::RestClientWrapper.get "#{@@uri}/metadata", {}, {:accept => "application/rdf+xml", :subjectid => $pi[:subjectid]}
@g = RDF::Graph.new
RDF::Reader.for(:rdfxml).new(res.to_s){|r| r.each{|s| @g << s}}
@g.query(:predicate => RDF::TB.isPublished){|r| assert_match /false/, r[2].to_s}
@@ -462,6 +464,9 @@ class TBInvestigationREST < MiniTest::Test
# check owner can get
res = OpenTox::RestClientWrapper.get @@uri.to_s, {}, {:accept => "application/rdf+xml", :subjectid => $pi[:subjectid]}
assert_match /<\?xml/, res
+ # check guest can get now metadata
+ res = OpenTox::RestClientWrapper.get "#{@@uri}/metadata", {}, {:accept => "application/rdf+xml", :subjectid => $secondpi[:subjectid]}
+ assert_match /<\?xml/, res
end
# @note expect data is still not reachable without policy
@@ -473,7 +478,7 @@ class TBInvestigationREST < MiniTest::Test
# update policy
def test_10_h_update_guest_policy
- response = OpenTox::RestClientWrapper.put @@uri.to_s, {:allowReadByUser => "#{$user_service[:uri]}/user/U2"},{:subjectid => $pi[:subjectid]}
+ response = OpenTox::RestClientWrapper.put @@uri.to_s, {:allowReadByUser => "#{$user_service[:uri]}/user/U479"},{:subjectid => $pi[:subjectid]}
task_uri = response.chomp
puts "update Policy: #{task_uri}"
task = OpenTox::Task.new task_uri
@@ -483,10 +488,10 @@ class TBInvestigationREST < MiniTest::Test
# @note data is available with policy
def test_10_i_guest_can_get
- res = OpenTox::RestClientWrapper.get @@uri.to_s, {}, {:accept => "application/rdf+xml", :subjectid => $guestid}
+ res = OpenTox::RestClientWrapper.get @@uri.to_s, {}, {:accept => "application/rdf+xml", :subjectid => $secondpi[:subjectid]}
assert_match /<\?xml/, res
#guest is authorized to get ftp file
- result = OpenTox::RestClientWrapper.get("#{@@uri}", {}, {:accept => "text/uri-list", :subjectid => $guestid}).split("\n")
+ result = OpenTox::RestClientWrapper.get("#{@@uri}", {}, {:accept => "text/uri-list", :subjectid => $secondpi[:subjectid]}).split("\n")
assert_match "#{@@uri}/isatab/JIC37_Ethanol_0.07_Internal_1_3.txt", result.to_s
end
@@ -545,7 +550,7 @@ class TBInvestigationREST < MiniTest::Test
assert_equal true, OpenTox::Authorization.authorize(@@uri.to_s, "DELETE", $pi[:subjectid])
assert_equal true, OpenTox::Authorization.authorize(@@uri.to_s, "GET", $pi[:subjectid])
# check for guest policy
- assert_equal true, OpenTox::Authorization.authorize(@@uri.to_s, "GET", OpenTox::RestClientWrapper.subjectid)
+ assert_equal true, OpenTox::Authorization.authorize(@@uri.to_s, "GET", $secondpi[:subjectid])
end
# check how many policies,
diff --git a/test/toxbank-investigation-workflow.rb b/test/toxbank-investigation-workflow.rb
index 6bc8a70..6fb34b6 100644
--- a/test/toxbank-investigation-workflow.rb
+++ b/test/toxbank-investigation-workflow.rb
@@ -25,16 +25,22 @@ class TBInvestigationWorkflow < MiniTest::Test
# Download y n y y n n n
# Search ? n n y n n y
+ # define different users
+ @@owner = $pi[:subjectid]
+ @@user1 = $secondpi[:subjectid]
+ @@user2 = $guestid
+
def setup
- OpenTox::RestClientWrapper.subjectid = $pi[:subjectid] # set pi as the logged in user
+ OpenTox::RestClientWrapper.subjectid = @@owner #set owner as the logged in user
end
+ ## Owner keeps all private
# create a new investigation by uploading a zip file,
- # owner is $pi, Summary is not searchable, access=custom(owner only), not published
+ # Summary is not searchable, not published. { access=custom(owner only) in the GUI }
def test_01_post_investigation
@@uri = ""
file = File.join File.dirname(__FILE__), "data/toxbank-investigation/valid", "BII-I-1b-tb2.zip"
- response = OpenTox::RestClientWrapper.post $investigation[:uri], {:file => File.open(file)}, { :subjectid => $pi[:subjectid] }
+ response = OpenTox::RestClientWrapper.post $investigation[:uri], {:file => File.open(file)}, { :subjectid => @@owner }
task_uri = response.chomp
task = OpenTox::Task.new task_uri
task.wait
@@ -45,7 +51,7 @@ class TBInvestigationWorkflow < MiniTest::Test
# check if @@uri is not in search-index
def test_02_investigation_not_in_searchindex
- response = OpenTox::RestClientWrapper.get "#{$search_service[:uri]}/search/index/investigation?resourceUri=#{CGI.escape(@@uri.to_s)}",{},{:subjectid => $pi[:subjectid]}
+ response = OpenTox::RestClientWrapper.get "#{$search_service[:uri]}/search/index/investigation?resourceUri=#{CGI.escape(@@uri.to_s)}",{},{:subjectid => @@owner}
assert_equal 200, response.code
refute_match /#{@@uri}/, response.to_s
end
@@ -53,75 +59,130 @@ class TBInvestigationWorkflow < MiniTest::Test
# check for flag "isPublished" is false,
# @note default behaviour on new investigations
def test_03_check_published_false
- data = OpenTox::RestClientWrapper.get "#{@@uri}/metadata", {}, {:accept => "application/rdf+xml", :subjectid => $pi[:subjectid]}
+ data = OpenTox::RestClientWrapper.get "#{@@uri}/metadata", {}, {:accept => "application/rdf+xml", :subjectid => @@owner}
@g = RDF::Graph.new
RDF::Reader.for(:rdfxml).new(data.to_s){|r| r.each{|s| @g << s}}
@g.query(:predicate => RDF::TB.isPublished){|r| assert_match /false/, r[2].to_s}
end
+ # check for flag "isSummarySearchable" is false,
+ # @note default behaviour on new investigations
+ def test_03b_check_searchable_false
+ data = OpenTox::RestClientWrapper.get "#{@@uri}/metadata", {}, {:accept => "application/rdf+xml", :subjectid => @@owner}
+ @g = RDF::Graph.new
+ RDF::Reader.for(:rdfxml).new(data.to_s){|r| r.each{|s| @g << s}}
+ @g.query(:predicate => RDF::TB.isSummarySearchable){|r| assert_match /false/, r[2].to_s}
+ end
+
# check all permissions for owner
def test_04a_all_permission
["GET","POST","PUT","DELETE"].each do |permission|
- response = OpenTox::Authorization.authorize "#{@@uri}", permission, $pi[:subjectid]
+ response = OpenTox::Authorization.authorize "#{@@uri}", permission, @@owner
assert_equal true, response
end
end
# get metadata for owner
def test_04b_get_metadata_pi
- response = OpenTox::RestClientWrapper.get "#{@@uri}/metadata", {}, {:accept => "application/rdf+xml", :subjectid => $pi[:subjectid]}
+ response = OpenTox::RestClientWrapper.get "#{@@uri}/metadata", {}, {:accept => "application/rdf+xml", :subjectid => @@owner}
assert_equal 200, response.code
end
# get related protocol uris for owner
def test_04c_get_protocol_pi
- response = OpenTox::RestClientWrapper.get "#{@@uri}/protocol", {}, {:accept => "application/rdf+xml", :subjectid => $pi[:subjectid]}
+ response = OpenTox::RestClientWrapper.get "#{@@uri}/protocol", {}, {:accept => "application/rdf+xml", :subjectid => @@owner}
assert_equal 200, response.code
end
def test_04d_get_download_owner
- response = OpenTox::RestClientWrapper.get "#{@@uri}", {}, {:accept => "application/zip", :subjectid => $pi[:subjectid]}
+ response = OpenTox::RestClientWrapper.get "#{@@uri}", {}, {:accept => "application/zip", :subjectid => @@owner}
assert_equal 200, response.code
end
+ ## now check permissions for user1
+ ## expect nothing allowed
+ ##################################
+
# no get permission for user1
def test_05a_no_get_permission
- response = OpenTox::Authorization.authorize "#{@@uri}", "GET", $secondpi[:subjectid]
+ response = OpenTox::Authorization.authorize "#{@@uri}", "GET", @@user1
assert_equal false, response
end
# do not get metadata for user1
- def test_05b_get_metadata_secondpi
+ def test_05b_get_metadata
assert_raises OpenTox::UnauthorizedError do
- response = OpenTox::RestClientWrapper.get "#{@@uri}/metadata", {}, {:accept => "application/rdf+xml", :subjectid => $secondpi[:subjectid]}
+ response = OpenTox::RestClientWrapper.get "#{@@uri}/metadata", {}, {:accept => "application/rdf+xml", :subjectid => @@user1}
end
end
# do not get protocol for user1
- def test_05c_get_protocol_secondpi
+ def test_05c_get_protocol
assert_raises OpenTox::UnauthorizedError do
- response = OpenTox::RestClientWrapper.get "#{@@uri}/protocol", {}, {:accept => "application/rdf+xml", :subjectid => $secondpi[:subjectid]}
+ response = OpenTox::RestClientWrapper.get "#{@@uri}/protocol", {}, {:accept => "application/rdf+xml", :subjectid => @@user1}
end
end
# do not get download for user1
- def test_05d_get_download_secondpi
+ def test_05d_get_download
assert_raises OpenTox::UnauthorizedError do
- response = OpenTox::RestClientWrapper.get "#{@@uri}", {}, {:accept => "application/zip", :subjectid => $secondpi[:subjectid]}
+ response = OpenTox::RestClientWrapper.get "#{@@uri}", {}, {:accept => "application/zip", :subjectid => @@user1}
end
end
# no post/put/delete permission for user1
def test_05e_no_cud_permission
["POST", "PUT", "DELETE"].each do |permission|
- response = OpenTox::Authorization.authorize "#{@@uri}", permission, $secondpi[:subjectid]
+ response = OpenTox::Authorization.authorize "#{@@uri}", permission, @@user1
assert_equal false, response
end
end
+
+ ## now check permissions for user2
+ ## expect nothing allowed
+ ##################################
+
+ # do not get for user2
+ def test_06a_get_permission
+ response = OpenTox::Authorization.authorize "#{@@uri}", "GET", @@user2
+ assert_equal false, response
+ end
+
+ # do not get metadata for user2
+ def test_06b_get_metadata
+ assert_raises OpenTox::UnauthorizedError do
+ response = OpenTox::RestClientWrapper.get "#{@@uri}/metadata", {}, {:accept => "application/rdf+xml", :subjectid => @@user2}
+ end
+ end
- def test_06_put_group_access
- @@toxbank_uri = `curl -Lk -X GET -H "Accept:text/uri-list" -H "subjectid:#{$pi[:subjectid]}" #{$user_service[:uri]}/project?search=ToxBank`.chomp.sub("\n","")
- response = OpenTox::RestClientWrapper.put @@uri.to_s, { :allowReadByGroup => "#{@@toxbank_uri}"},{ :subjectid => $pi[:subjectid] }
+ # do not get protocol for user2
+ def test_06c_get_protocol
+ assert_raises OpenTox::UnauthorizedError do
+ response = OpenTox::RestClientWrapper.get "#{@@uri}/protocol", {}, {:accept => "application/rdf+xml", :subjectid => @@user2}
+ end
+ end
+
+ # do not get download for user2
+ def test_06d_get_download
+ assert_raises OpenTox::UnauthorizedError do
+ response = OpenTox::RestClientWrapper.get "#{@@uri}", {}, {:accept => "application/zip", :subjectid => @@user2}
+ end
+ end
+
+ # no post/put/delete permission for user2
+ def test_06e_no_cud_permission
+ ["POST", "PUT", "DELETE"].each do |permission|
+ response = OpenTox::Authorization.authorize "#{@@uri}", permission, @@user2
+ assert_equal false, response
+ end
+ end
+
+ # give the investigation a tb-group membership access by policy
+ ###############################################################
+
+ def test_08_put_group_access
+ @@toxbank_uri = `curl -Lk -X GET -H "Accept:text/uri-list" -H "subjectid:#{@@owner}" #{$user_service[:uri]}/project?search=ToxBank`.chomp.sub("\n","")
+ response = OpenTox::RestClientWrapper.put @@uri.to_s, { :allowReadByGroup => "#{@@toxbank_uri}"},{ :subjectid => @@owner }
task_uri = response.chomp
task = OpenTox::Task.new task_uri
task.wait
@@ -130,22 +191,25 @@ class TBInvestigationWorkflow < MiniTest::Test
end
# get permission for user1
- def test_07a_get_permission
- response = OpenTox::Authorization.authorize "#{@@uri}", "GET", $secondpi[:subjectid]
+ def test_08a_get_permission
+ response = OpenTox::Authorization.authorize "#{@@uri}", "GET", @@user1
assert_equal true, response
end
# repeat with permissions for toxbank group
- def test_07b_repeat_05bcd
- test_05b_get_metadata_secondpi
- test_05c_get_protocol_secondpi
- test_05d_get_download_secondpi
+ def test_08b_repeat_05bcd
+ test_05b_get_metadata
+ test_05c_get_protocol
+ test_05d_get_download
test_05e_no_cud_permission
test_02_investigation_not_in_searchindex
end
- def test_08_put_published
- response = OpenTox::RestClientWrapper.put @@uri.to_s, { :published => "true"},{ :subjectid => $pi[:subjectid] }
+ ## make publish
+ ###############
+
+ def test_09_put_published
+ response = OpenTox::RestClientWrapper.put @@uri.to_s, { :published => "true"},{ :subjectid => @@owner }
task_uri = response.chomp
task = OpenTox::Task.new task_uri
task.wait
@@ -153,43 +217,53 @@ class TBInvestigationWorkflow < MiniTest::Test
assert_equal uri, @@uri.to_s
end
+ ## check changes for user1
+ ##########################
+
+ # allowed
def test_09a_get_user1
- response = OpenTox::RestClientWrapper.get "#{@@uri}", {}, {:accept => "text/uri-list", :subjectid => $pi[:subjectid]}
+ response = OpenTox::RestClientWrapper.get "#{@@uri}", {}, {:accept => "text/uri-list", :subjectid => @@user1}
assert_equal 200, response.code
end
-
+
+ # denied
def test_09b_put_user1
assert_raises OpenTox::UnauthorizedError do
- response = OpenTox::RestClientWrapper.put "#{@@uri}", {}, {:published => "true", :subjectid => $secondpi[:subjectid]}
+ response = OpenTox::RestClientWrapper.put "#{@@uri}", {}, {:published => "true", :subjectid => @@user1}
end
end
+ # denied
def test_09c_post_user1
assert_raises OpenTox::UnauthorizedError do
- response = OpenTox::RestClientWrapper.post "#{@@uri}", {}, {:published => "true", :subjectid => $secondpi[:subjectid]}
+ response = OpenTox::RestClientWrapper.post "#{@@uri}", {}, {:published => "true", :subjectid => @@user1}
end
end
+ # denied
def test_09d_delete_user1
assert_raises OpenTox::UnauthorizedError do
- response = OpenTox::RestClientWrapper.delete "#{@@uri}", {}, {:subjectid => $secondpi[:subjectid]}
+ response = OpenTox::RestClientWrapper.delete "#{@@uri}", {}, {:subjectid => @@user1}
end
end
+ # allowed
# get metadata for user1
def test_09e_get_metadata_user1
- response = OpenTox::RestClientWrapper.get "#{@@uri}/metadata", {}, {:accept => "application/rdf+xml", :subjectid => $secondpi[:subjectid]}
+ response = OpenTox::RestClientWrapper.get "#{@@uri}/metadata", {}, {:accept => "application/rdf+xml", :subjectid => @@user1}
assert_equal 200, response.code
end
+ # allowed
# get related protocol uris for user1
def test_09f_get_protocol_user1
- response = OpenTox::RestClientWrapper.get "#{@@uri}/protocol", {}, {:accept => "application/rdf+xml", :subjectid => $secondpi[:subjectid]}
+ response = OpenTox::RestClientWrapper.get "#{@@uri}/protocol", {}, {:accept => "application/rdf+xml", :subjectid => @@user1}
assert_equal 200, response.code
end
+ # allowed
def test_09g_get_download_user1
- response = OpenTox::RestClientWrapper.get "#{@@uri}", {}, {:accept => "application/zip", :subjectid => $secondpi[:subjectid]}
+ response = OpenTox::RestClientWrapper.get "#{@@uri}", {}, {:accept => "application/zip", :subjectid => @@user1}
assert_equal 200, response.code
end
@@ -197,8 +271,11 @@ class TBInvestigationWorkflow < MiniTest::Test
test_02_investigation_not_in_searchindex
end
+ ## make searchable
+ ##################
+
def test_10_put_searchable
- response = OpenTox::RestClientWrapper.put @@uri.to_s, { :summarySearchable => "true"},{ :subjectid => $pi[:subjectid] }
+ response = OpenTox::RestClientWrapper.put @@uri.to_s, { :summarySearchable => "true"},{ :subjectid => @@owner }
task_uri = response.chomp
task = OpenTox::Task.new task_uri
task.wait
@@ -217,13 +294,13 @@ class TBInvestigationWorkflow < MiniTest::Test
end
def test_11b_is_indexed
- response = OpenTox::RestClientWrapper.get "#{$search_service[:uri]}/search/index/investigation?resourceUri=#{CGI.escape(@@uri.to_s)}",{},{:subjectid => $pi[:subjectid]}
+ response = OpenTox::RestClientWrapper.get "#{$search_service[:uri]}/search/index/investigation?resourceUri=#{CGI.escape(@@uri.to_s)}",{},{:subjectid => @@owner}
assert_equal 200, response.code
assert_match /#{@@uri}/, response.to_s
end
def test_12_remove_group_access
- response = OpenTox::RestClientWrapper.put @@uri.to_s, { :allowReadByGroup => ""},{ :subjectid => $pi[:subjectid] }
+ response = OpenTox::RestClientWrapper.put @@uri.to_s, { :allowReadByGroup => ""},{ :subjectid => @@owner }
task_uri = response.chomp
task = OpenTox::Task.new task_uri
task.wait
@@ -234,32 +311,32 @@ class TBInvestigationWorkflow < MiniTest::Test
# searchable + published without GET policy
def test_13a_repeat_05bcd
test_05a_no_get_permission
- test_05d_get_download_secondpi
+ test_05d_get_download
test_05e_no_cud_permission
test_11b_is_indexed
end
# get metadata for user1
- def test_13c_get_metadata_second_pi
- response = OpenTox::RestClientWrapper.get "#{@@uri}/metadata", {}, {:accept => "application/rdf+xml", :subjectid => $secondpi[:subjectid]}
+ def test_13c_get_metadata_user1
+ response = OpenTox::RestClientWrapper.get "#{@@uri}/metadata", {}, {:accept => "application/rdf+xml", :subjectid => @@user1 }
assert_equal 200, response.code
end
# get related protocol uris for user1
- def test_13d_get_protocol_second_pi
- response = OpenTox::RestClientWrapper.get "#{@@uri}/protocol", {}, {:accept => "application/rdf+xml", :subjectid => $secondpi[:subjectid]}
+ def test_13d_get_protocol_user1
+ response = OpenTox::RestClientWrapper.get "#{@@uri}/protocol", {}, {:accept => "application/rdf+xml", :subjectid => @@user1 }
assert_equal 200, response.code
end
def test_20_update_modified_time
- response = OpenTox::RestClientWrapper.get "#{@@uri}/metadata", {}, {:accept => "application/rdf+xml", :subjectid => $pi[:subjectid]}
+ response = OpenTox::RestClientWrapper.get "#{@@uri}/metadata", {}, {:accept => "application/rdf+xml", :subjectid => @@owner }
g = RDF::Graph.new
RDF::Reader.for(:rdfxml).new(response.to_s){|r| r.each{|s| g << s}}
g.query(:predicate => RDF::DC.modified){|r| @modified_time1 = r[2].to_s}
t_start = Time.parse(@modified_time1).to_i
- response = OpenTox::RestClientWrapper.put @@uri.to_s, { :allowReadByGroup => "#{@@toxbank_uri}"},{ :subjectid => $pi[:subjectid] }
+ response = OpenTox::RestClientWrapper.put @@uri.to_s, { :allowReadByGroup => "#{@@toxbank_uri}"},{ :subjectid => @@owner }
sleep 2
- response = OpenTox::RestClientWrapper.get "#{@@uri}/metadata", {}, {:accept => "application/rdf+xml", :subjectid => $pi[:subjectid]}
+ response = OpenTox::RestClientWrapper.get "#{@@uri}/metadata", {}, {:accept => "application/rdf+xml", :subjectid => @@owner }
g = RDF::Graph.new
RDF::Reader.for(:rdfxml).new(response.to_s){|r| r.each{|s| g << s}}
g.query(:predicate => RDF::DC.modified){|r| @modified_time2 = r[2].to_s}
@@ -270,17 +347,20 @@ class TBInvestigationWorkflow < MiniTest::Test
# delete investigation/{id}
# @note expect code 200
def test_99_a_delete_investigation
- result = OpenTox::RestClientWrapper.delete @@uri.to_s, {}, {:subjectid => $pi[:subjectid]}
+ result = OpenTox::RestClientWrapper.delete @@uri.to_s, {}, {:subjectid => @@owner}
assert_equal 200, result.code
#assert result.match(/^Investigation [a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12} deleted$/)
assert !OpenTox::Authorization.uri_has_policy(@@uri.to_s)
end
+
+ ## check for user1 and user2 with only isSum=true is set
+ ## expect no get { GUI option 'make searchable' during first upload }
+ ########################################################
- # create an investigation
def test_99_b_post_investigation
@@uri = ""
file = File.join File.dirname(__FILE__), "data/toxbank-investigation/valid", "BII-I-1b-tb2.zip"
- response = OpenTox::RestClientWrapper.post $investigation[:uri], {:file => File.open(file), :summarySearchable => "true"}, {:subjectid => $pi[:subjectid] }
+ response = OpenTox::RestClientWrapper.post $investigation[:uri], {:file => File.open(file), :summarySearchable => "true"}, { :subjectid => @@owner }
task_uri = response.chomp
task = OpenTox::Task.new task_uri
task.wait
@@ -289,16 +369,36 @@ class TBInvestigationWorkflow < MiniTest::Test
@@uri = URI(uri)
end
- #TODO user2 can get metadata of an unpublished investigation, this is wrong workflow
- def test_99_c_get_metadata_for_user2
- response = OpenTox::RestClientWrapper.get "#{@@uri}/metadata", {}, {:accept => "application/rdf+xml", :subjectid => $guestid}
- assert_equal 200, response.code
+ # check for flag "isSummarySearchable" is true,
+ def test_99_c_check_searchable_true
+ data = OpenTox::RestClientWrapper.get "#{@@uri}/metadata", {}, {:accept => "application/rdf+xml", :subjectid => @@owner}
+ @g = RDF::Graph.new
+ RDF::Reader.for(:rdfxml).new(data.to_s){|r| r.each{|s| @g << s}}
+ @g.query(:predicate => RDF::TB.isSummarySearchable){|r| assert_match /true/, r[2].to_s}
end
+ ## expect no get for user1 and user2
+ ####################################
+
+ def test_99_d_repeat_tests
+ # user1
+ test_05a_no_get_permission
+ test_05b_get_metadata
+ test_05c_get_protocol
+ test_05d_get_download
+ test_05e_no_cud_permission
+ #user2
+ test_06a_get_permission
+ test_06b_get_metadata
+ test_06c_get_protocol
+ test_06d_get_download
+ test_06e_no_cud_permission
+ end
+
# delete investigation/{id}
# @note expect code 200
- def test_99_d_delete_investigation
- result = OpenTox::RestClientWrapper.delete @@uri.to_s, {}, {:subjectid => $pi[:subjectid]}
+ def test_99_x_delete_investigation
+ result = OpenTox::RestClientWrapper.delete @@uri.to_s, {}, {:subjectid => @@owner}
assert_equal 200, result.code
assert !OpenTox::Authorization.uri_has_policy(@@uri.to_s)
end
generated by cgit v1.2.3 (git 2.25.1) at 2024-04-30 21:04:41 +0000