Skip to content

Commit

Permalink
permissions: Add API permissions
Browse files Browse the repository at this point in the history 
* Closes #3740.

Co-Authored-by: Peter Weber <[email protected]>
  • Loading branch information
@rerowep
rerowep committed Jan 16, 2025
1 parent dba2d83 commit 37d695c
Show file tree
Hide file tree
Showing 3 changed files with 31 additions and 8 deletions.
2 changes: 2 additions & 0 deletions rero_ils/modules/imports/views.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -72,6 +72,7 @@ def __init__(self, **kwargs):
**kwargs,
)

@check_logged_as_librarian
def get(self, **kwargs):
"""Implement the GET."""
no_cache = True if flask_request.args.get("no_cache") else False
Expand Down Expand Up @@ -168,6 +169,7 @@ def __init__(self, **kwargs):
**kwargs,
)

@check_logged_as_librarian
def get(self, id, **kwargs):
"""Implement the GET."""
no_cache = True if flask_request.args.get("no_cache") else False
Expand Down
2 changes: 2 additions & 0 deletions rero_ils/modules/items/views/rest.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -24,6 +24,7 @@

from invenio_rest import ContentNegotiatedMethodView

from rero_ils.modules.decorators import check_logged_as_librarian
from rero_ils.modules.items.api import ItemsSearch
from rero_ils.modules.items.serializers import csv_item_search
from rero_ils.query import items_search_factory
Expand Down Expand Up @@ -51,6 +52,7 @@ def __init__(self, **kwargs):
)
self.search_factory = partial(items_search_factory, self)

@check_logged_as_librarian
def get(self, **kwargs):
"""Search records."""
search_obj = ItemsSearch()
Expand Down
35 changes: 27 additions & 8 deletions tests/api/test_external_services.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -41,17 +41,31 @@ def test_imports_get_config(client, librarian_martigny):


@mock.patch("requests.get")
@mock.patch("rero_ils.permissions.login_and_librarian", mock.MagicMock())
def test_documents_import_bnf_ean_no_permission(
mock_get,
client,
bnf_ean_any_123,
):
"""Test document import from bnf no permission."""

mock_get.return_value = mock_response(content=bnf_ean_any_123)
res = client.get(url_for("api_imports.import_bnf", q="ean:any:123", no_cache=1))
assert res.status_code == 401


@mock.patch("requests.get")
def test_documents_import_bnf_ean(
mock_get,
client,
librarian_martigny,
bnf_ean_any_123,
bnf_ean_any_9782070541270,
bnf_ean_any_9782072862014,
bnf_anywhere_all_peter,
bnf_recordid_all_FRBNF370903960000006,
):
"""Test document import from bnf."""
login_user_via_session(client, librarian_martigny.user)

mock_get.return_value = mock_response(content=bnf_ean_any_123)
res = client.get(url_for("api_imports.import_bnf", q="ean:any:123", no_cache=1))
Expand Down Expand Up @@ -151,17 +165,18 @@ def test_documents_import_bnf_ean(


@mock.patch("requests.get")
@mock.patch("rero_ils.permissions.login_and_librarian", mock.MagicMock())
def test_documents_import_loc_isbn(
mock_get,
client,
librarian_martigny,
loc_isbn_all_123,
loc_isbn_all_9781604689808,
loc_isbn_all_9780821417478,
loc_anywhere_all_samuelson,
loc_recordid_all_2014043016,
):
"""Test document import from LoC."""
login_user_via_session(client, librarian_martigny.user)

mock_get.return_value = mock_response(content=loc_isbn_all_123)
res = client.get(url_for("api_imports.import_loc", q="isbn:all:123", no_cache=1))
Expand Down Expand Up @@ -264,17 +279,18 @@ def test_documents_import_loc_missing_id(mock_get, client, loc_without_010):


@mock.patch("requests.get")
@mock.patch("rero_ils.permissions.login_and_librarian", mock.MagicMock())
def test_documents_import_dnb_isbn(
mock_get,
client,
librarian_martigny,
dnb_isbn_123,
dnb_isbn_9783862729852,
dnb_isbn_3858818526,
dnb_samuelson,
dnb_recordid_1214325203,
):
"""Test document import from DNB."""
login_user_via_session(client, librarian_martigny.user)

mock_get.return_value = mock_response(content=dnb_isbn_123)
res = client.get(url_for("api_imports.import_dnb", q="123", no_cache=1))
Expand Down Expand Up @@ -342,17 +358,18 @@ def test_documents_import_dnb_isbn(


@mock.patch("requests.get")
@mock.patch("rero_ils.permissions.login_and_librarian", mock.MagicMock())
def test_documents_import_slsp_isbn(
mock_get,
client,
librarian_martigny,
slsp_anywhere_123,
slsp_isbn_9782296076648,
slsp_isbn_3908497272,
slsp_samuelson,
slsp_recordid_9910137,
):
"""Test document import from slsp."""
login_user_via_session(client, librarian_martigny.user)

mock_get.return_value = mock_response(content=slsp_anywhere_123)
res = client.get(url_for("api_imports.import_slsp", q="123", no_cache=1))
Expand Down Expand Up @@ -450,10 +467,10 @@ def test_documents_import_slsp_isbn(


@mock.patch("requests.get")
@mock.patch("rero_ils.permissions.login_and_librarian", mock.MagicMock())
def test_documents_import_ugent_isbn(
mock_get,
client,
librarian_martigny,
ugent_anywhere_123,
ugent_isbn_9781108422925,
ugent_book_without_26X,
Expand All @@ -462,6 +479,7 @@ def test_documents_import_ugent_isbn(
ugent_recordid_001247835,
):
"""Test document import from ugent."""
login_user_via_session(client, librarian_martigny.user)

mock_get.return_value = mock_response(content=ugent_anywhere_123)
res = client.get(url_for("api_imports.import_ugent", q="123", no_cache=1))
Expand Down Expand Up @@ -528,10 +546,10 @@ def test_documents_import_ugent_isbn(


@mock.patch("requests.get")
@mock.patch("rero_ils.permissions.login_and_librarian", mock.MagicMock())
def test_documents_import_kul_isbn(
mock_get,
client,
librarian_martigny,
kul_anywhere_123,
kul_isbn_9782265089419,
kul_book_without_26X,
Expand All @@ -540,6 +558,7 @@ def test_documents_import_kul_isbn(
kul_recordid_9992876296301471,
):
"""Test document import from kul."""
login_user_via_session(client, librarian_martigny.user)

mock_get.return_value = mock_response(content=kul_anywhere_123)
res = client.get(url_for("api_imports.import_kul", q="123", no_cache=1))
Expand Down Expand Up @@ -636,9 +655,9 @@ def test_documents_import_kul_isbn(


@mock.patch("requests.get")
@mock.patch("rero_ils.permissions.login_and_librarian", mock.MagicMock())
def test_documents_import_bnf_errors(mock_get, client):
def test_documents_import_bnf_errors(mock_get, client, librarian_martigny):
"""Test document import from bnf."""
login_user_via_session(client, librarian_martigny.user)

mock_get.return_value = mock_response(content=b"")
res = client.get(url_for("api_imports.import_bnf", q="ean:any", no_cache=1))
Expand Down

0 comments on commit 37d695c

Please sign in to comment.