expose no_public to sample_template_checks (#3290)

qiita-spots · May 26, 2023 · b39c7df · b39c7df
1 parent 39135a1
commit b39c7df
Show file tree

Hide file tree

Showing 8 changed files with 38 additions and 35 deletions.
diff --git a/qiita_pet/handlers/api_proxy/tests/test_artifact.py b/qiita_pet/handlers/api_proxy/tests/test_artifact.py
@@ -35,7 +35,7 @@ class TestArtifactAPIReadOnly(TestCase):
     def test_artifact_get_req_no_access(self):
         obs = artifact_get_req('demo@microbio.me', 1)
         exp = {'status': 'error',
-               'message': 'User does not have access to study'}
+               'message': 'User has insufficient permissions'}
         self.assertEqual(obs, exp)
 
     def test_artifact_get_req(self):
@@ -95,7 +95,7 @@ def test_artifact_graph_get_req_descendants(self):
     def test_artifact_graph_get_req_no_access(self):
         obs = artifact_graph_get_req(1, 'ancestors', 'demo@microbio.me')
         exp = {'status': 'error',
-               'message': 'User does not have access to study'}
+               'message': 'User has insufficient permissions'}
         self.assertEqual(obs, exp)
 
     def test_artifact_graph_get_req_bad_direction(self):
@@ -187,7 +187,7 @@ def test_artifact_get_prep_req(self):
 
         obs = artifact_get_prep_req('demo@microbio.me', [4])
         exp = {'status': 'error',
-               'message': 'User does not have access to study'}
+               'message': 'User has insufficient permissions'}
         self.assertEqual(obs, exp)
 
     def test_artifact_get_info(self):
@@ -283,7 +283,7 @@ def test_artifact_post_req_error(self):
         obs = artifact_post_req("demo@microbio.me", filepaths, artifact_type,
                                 name, pt.id)
         exp = {'status': 'error',
-               'message': 'User does not have access to study'}
+               'message': 'User has insufficient permissions'}
         self.assertEqual(obs, exp)
 
         # A file does not exist
@@ -326,7 +326,7 @@ def test_artifact_status_put_req_private_bad_permissions(self):
     def test_artifact_status_put_req_no_access(self):
         obs = artifact_status_put_req(1, 'demo@microbio.me', 'sandbox')
         exp = {'status': 'error',
-               'message': 'User does not have access to study'}
+               'message': 'User has insufficient permissions'}
         self.assertEqual(obs, exp)
 
     def test_artifact_status_put_req_unknown_status(self):

diff --git a/qiita_pet/handlers/api_proxy/tests/test_prep_template.py b/qiita_pet/handlers/api_proxy/tests/test_prep_template.py
@@ -186,7 +186,7 @@ def test_prep_template_get_req(self):
     def test_prep_template_get_req_no_access(self):
         obs = prep_template_get_req(1, 'demo@microbio.me')
         exp = {'status': 'error',
-               'message': 'User does not have access to study'}
+               'message': 'User has insufficient permissions'}
         self.assertEqual(obs, exp)
 
     def test_prep_template_get_req_no_exists(self):
@@ -206,13 +206,13 @@ def test_prep_template_filepaths_get_req(self):
     def test_prep_template_filepaths_get_req_no_access(self):
         obs = prep_template_filepaths_get_req(1, 'demo@microbio.me')
         exp = {'status': 'error',
-               'message': 'User does not have access to study'}
+               'message': 'User has insufficient permissions'}
         self.assertEqual(obs, exp)
 
     def test_prep_template_graph_get_req_no_access(self):
         obs = prep_template_graph_get_req(1, 'demo@microbio.me')
         exp = {'status': 'error',
-               'message': 'User does not have access to study'}
+               'message': 'User has insufficient permissions'}
         self.assertEqual(obs, exp)
 
     def test_prep_template_graph_get_req_no_exists(self):
@@ -276,7 +276,7 @@ def test_prep_template_summary_get_req(self):
     def test_prep_template_summary_get_req_no_access(self):
         obs = prep_template_summary_get_req(1, 'demo@microbio.me')
         exp = {'status': 'error',
-               'message': 'User does not have access to study'}
+               'message': 'User has insufficient permissions'}
         self.assertEqual(obs, exp)
 
     def test_prep_template_summary_get_req_no_exists(self):
@@ -426,7 +426,7 @@ def test_prep_template_jobs_get_req(self):
 
         obs = prep_template_jobs_get_req(pt.id, 'demo@microbio.me')
         exp = {'status': 'error',
-               'message': 'User does not have access to study'}
+               'message': 'User has insufficient permissions'}
         self.assertEqual(obs, exp)
 
     def test_process_investigation_type(self):
@@ -482,7 +482,7 @@ def test_prep_template_post_req_errors(self):
         # User doesn't have access
         obs = prep_template_post_req(1, 'demo@microbio.me', 'filepath', '16S')
         exp = {'status': 'error',
-               'message': 'User does not have access to study'}
+               'message': 'User has insufficient permissions'}
         self.assertEqual(obs, exp)
 
         # The file does not exist
@@ -577,7 +577,7 @@ def test_prep_template_patch_req(self):
             'demo@microbio.me', 'replace', '/%s/investigation_type' % pt.id,
             'Cancer Genomics')
         exp = {'status': 'error',
-               'message': 'User does not have access to study'}
+               'message': 'User has insufficient permissions'}
         self.assertEqual(obs, exp)
         # File does not exists
         obs = prep_template_patch_req(
@@ -607,7 +607,7 @@ def test_prep_template_delete_req_attached_artifact(self):
     def test_prep_template_delete_req_no_access(self):
         obs = prep_template_delete_req(1, 'demo@microbio.me')
         exp = {'status': 'error',
-               'message': 'User does not have access to study'}
+               'message': 'User has insufficient permissions'}
         self.assertEqual(obs, exp)
 
     def test_prep_template_delete_req_no_prep(self):

diff --git a/qiita_pet/handlers/api_proxy/tests/test_sample_template.py b/qiita_pet/handlers/api_proxy/tests/test_sample_template.py
@@ -118,7 +118,7 @@ def test_sample_template_get_req(self):
     def test_sample_template_get_req_no_access(self):
         obs = sample_template_get_req(1, 'demo@microbio.me')
         exp = {'status': 'error',
-               'message': 'User does not have access to study'}
+               'message': 'User has insufficient permissions'}
         self.assertEqual(obs, exp)
 
     def test_sample_template_get_req_no_template(self):
@@ -148,7 +148,7 @@ def test_analyses_associated_with_study(self):
         obs = analyses_associated_with_study(
             self.new_study.id, 'shared@foo.bar')
         exp = {'status': 'error',
-               'message': 'User does not have access to study'}
+               'message': 'User has insufficient permissions'}
         self.assertEqual(obs, exp)
 
     def test_get_sample_template_processing_status(self):
@@ -221,7 +221,7 @@ def test_sample_template_samples_get_req(self):
     def test_sample_template_samples_get_req_no_access(self):
         obs = sample_template_samples_get_req(1, 'demo@microbio.me')
         exp = {'status': 'error',
-               'message': 'User does not have access to study'}
+               'message': 'User has insufficient permissions'}
         self.assertEqual(obs, exp)
 
     def test_sample_template_sample_get_req_no_template(self):
@@ -269,7 +269,7 @@ def test_sample_template_category_get_req_no_access(self):
         obs = sample_template_category_get_req('latitude', 1,
                                                'demo@microbio.me')
         exp = {'status': 'error',
-               'message': 'User does not have access to study'}
+               'message': 'User has insufficient permissions'}
         self.assertEqual(obs, exp)
 
     def test_sample_template_category_get_req_no_template(self):
@@ -291,7 +291,7 @@ def test_sample_template_filepaths_get_req(self):
     def test_sample_template_filepaths_get_req_no_access(self):
         obs = sample_template_filepaths_get_req(1, 'demo@microbio.me')
         exp = {'status': 'error',
-               'message': 'User does not have access to study'}
+               'message': 'User has insufficient permissions'}
         self.assertEqual(obs, exp)
 
     def test_sample_template_filepaths_get_req_no_template(self):
@@ -321,7 +321,7 @@ def test_sample_template_meta_cats_get_req(self):
     def test_sample_template_meta_cats_get_req_no_access(self):
         obs = sample_template_meta_cats_get_req(1, 'demo@microbio.me')
         exp = {'status': 'error',
-               'message': 'User does not have access to study'}
+               'message': 'User has insufficient permissions'}
         self.assertEqual(obs, exp)
 
     def test_sample_template_meta_cats_get_req_no_template(self):

diff --git a/qiita_pet/handlers/api_proxy/tests/test_studies.py b/qiita_pet/handlers/api_proxy/tests/test_studies.py
@@ -136,7 +136,7 @@ def test_study_get_req(self):
     def test_study_get_req_no_access(self):
         obs = study_get_req(1, 'demo@microbio.me')
         exp = {'status': 'error',
-               'message': 'User does not have access to study'}
+               'message': 'User has insufficient permissions'}
         self.assertEqual(obs, exp)
 
     def test_study_get_req_no_exists(self):
@@ -254,13 +254,13 @@ def test_study_prep_get_req_failed_EBI(self):
     def test_study_prep_get_req_no_access(self):
         obs = study_prep_get_req(1, 'demo@microbio.me')
         exp = {'status': 'error',
-               'message': 'User does not have access to study'}
+               'message': 'User has insufficient permissions'}
         self.assertEqual(obs, exp)
 
     def test_study_delete_req_no_access(self):
         obs = study_delete_req(1, 'demo@microbio.me')
         exp = {'status': 'error',
-               'message': 'User does not have access to study'}
+               'message': 'User has insufficient permissions'}
         self.assertEqual(obs, exp)
 
     def test_study_delete_req_no_exists(self):

diff --git a/qiita_pet/handlers/api_proxy/tests/test_util.py b/qiita_pet/handlers/api_proxy/tests/test_util.py
@@ -20,7 +20,7 @@ def test_check_access(self):
     def test_check_access_no_access(self):
         obs = check_access(1, 'demo@microbio.me')
         exp = {'status': 'error',
-               'message': 'User does not have access to study'}
+               'message': 'User has insufficient permissions'}
         self.assertEqual(obs, exp)
 
     def test_check_access_bad_id(self):

diff --git a/qiita_pet/handlers/api_proxy/util.py b/qiita_pet/handlers/api_proxy/util.py
@@ -38,7 +38,7 @@ def check_access(study_id, user_id):
                 'message': 'Study does not exist'}
     if not study.has_access(User(user_id)):
         return {'status': 'error',
-                'message': 'User does not have access to study'}
+                'message': 'User has insufficient permissions'}
     return {}
 
 

diff --git a/qiita_pet/handlers/study_handlers/sample_template.py b/qiita_pet/handlers/study_handlers/sample_template.py
@@ -34,7 +34,8 @@
 SAMPLE_TEMPLATE_KEY_FORMAT = 'sample_template_%s'
 
 
-def sample_template_checks(study_id, user, check_exists=False):
+def sample_template_checks(study_id, user, check_exists=False,
+                           no_public=False):
     """Performs different checks and raises errors if any of the checks fail
 
     Parameters
@@ -45,6 +46,8 @@ def sample_template_checks(study_id, user, check_exists=False):
         The user trying to access the study
     check_exists : bool, optional
         If true, check if the sample template exists
+    no_public : bool, optional
+        If true, public studies will not be used for checking permissions
 
     Raises
     ------
@@ -57,8 +60,8 @@ def sample_template_checks(study_id, user, check_exists=False):
         study = Study(int(study_id))
     except QiitaDBUnknownIDError:
         raise HTTPError(404, reason='Study does not exist')
-    if not study.has_access(user):
-        raise HTTPError(403, reason='User does not have access to study')
+    if not study.has_access(user, no_public=no_public):
+        raise HTTPError(403, reason='User has insufficient permissions')
 
     # Check if the sample template exists
     if check_exists and not SampleTemplate.exists(study_id):
@@ -160,7 +163,7 @@ def sample_template_handler_patch_request(user, req_op, req_path,
     study_id = int(req_path[0])
     # Check if the current user has access to the study and if the sample
     # template exists
-    sample_template_checks(study_id, user, check_exists=True)
+    sample_template_checks(study_id, user, check_exists=True, no_public=True)
 
     if req_op == 'remove':
         # Path format
@@ -501,7 +504,7 @@ def get(self):
         if res['status'] == 'error':
             if 'does not exist' in res['message']:
                 raise HTTPError(404, reason=res['message'])
-            elif 'User does not have access to study' in res['message']:
+            elif 'User has insufficient permissions' in res['message']:
                 raise HTTPError(403, reason=res['message'])
             else:
                 raise HTTPError(500, reason=res['message'])

diff --git a/qiita_pet/handlers/study_handlers/tests/test_sample_template.py b/qiita_pet/handlers/study_handlers/tests/test_sample_template.py
@@ -83,7 +83,7 @@ def test_sample_template_checks(self):
 
         # Test user doesn't have access to the study
         with self.assertRaisesRegex(HTTPError,
-                                    'User does not have access to study'):
+                                    'User has insufficient permissions'):
             sample_template_checks(1, User('demo@microbio.me'))
 
         # Test sample template doesn't exist
@@ -96,7 +96,7 @@ def test_sample_template_checks(self):
     def test_sample_template_handler_post_request(self):
         # Test user doesn't have access
         with self.assertRaisesRegex(HTTPError,
-                                    'User does not have access to study'):
+                                    'User has insufficient permissions'):
             sample_template_handler_post_request(
                 1, User('demo@microbio.me'), 'ignored')
 
@@ -148,7 +148,7 @@ def test_sample_template_handler_patch_request(self):
 
         # Test user doesn't have access
         with self.assertRaisesRegex(HTTPError,
-                                    'User does not have access to study'):
+                                    'User has insufficient permissions'):
             sample_template_handler_patch_request(
                 User('demo@microbio.me'), "remove",
                 "/1/columns/season_environment/")
@@ -236,7 +236,7 @@ def test_sample_template_handler_patch_request(self):
     def test_sample_template_handler_delete_request(self):
         # Test user doesn't have access
         with self.assertRaisesRegex(HTTPError,
-                                    'User does not have access to study'):
+                                    'User has insufficient permissions'):
             sample_template_handler_delete_request(
                 1, User('demo@microbio.me'))
 
@@ -264,7 +264,7 @@ def test_sample_template_handler_delete_request(self):
     def test_sample_template_overview_handler_get_request(self):
         # Test user doesn't have access
         with self.assertRaisesRegex(HTTPError,
-                                    'User does not have access to study'):
+                                    'User has insufficient permissions'):
             sample_template_overview_handler_get_request(
                 1, User('demo@microbio.me'))
 
@@ -322,7 +322,7 @@ def test_sample_template_overview_handler_get_request(self):
     def test_sample_template_columns_get_req(self):
         # Test user doesn't have access
         with self.assertRaisesRegex(HTTPError,
-                                    'User does not have access to study'):
+                                    'User has insufficient permissions'):
             sample_template_columns_get_req(1, None, User('demo@microbio.me'))
 
         # Test study doesn't exist