2021-06-09 15:38:28 +01:00
|
|
|
|
import pytest
|
|
|
|
|
|
from flask import request
|
2022-06-06 10:38:34 +01:00
|
|
|
|
from werkzeug.exceptions import Forbidden
|
2021-06-09 15:38:28 +01:00
|
|
|
|
|
|
|
|
|
|
from app.utils.user import user_has_permissions
|
2022-06-06 11:40:10 +01:00
|
|
|
|
|
2021-06-09 15:38:28 +01:00
|
|
|
|
|
2022-06-06 11:45:10 +01:00
|
|
|
|
@pytest.mark.parametrize('permissions', (
|
2022-06-06 15:07:53 +01:00
|
|
|
|
[
|
|
|
|
|
|
# Route has one of the permissions which the user has
|
|
|
|
|
|
'manage_service'
|
|
|
|
|
|
],
|
|
|
|
|
|
[
|
|
|
|
|
|
# Route has more than one of the permissions which the user has
|
|
|
|
|
|
'manage_templates', 'manage_service'
|
|
|
|
|
|
],
|
|
|
|
|
|
[
|
|
|
|
|
|
# Route has one of the permissions which the user has, and one they do not
|
|
|
|
|
|
'manage_service', 'send_messages',
|
|
|
|
|
|
],
|
|
|
|
|
|
[
|
|
|
|
|
|
# Route has no specific permissions required
|
|
|
|
|
|
],
|
2022-06-06 11:07:02 +01:00
|
|
|
|
))
|
|
|
|
|
|
def test_permissions(
|
2022-01-04 10:56:25 +00:00
|
|
|
|
client_request,
|
2022-06-06 11:07:02 +01:00
|
|
|
|
permissions,
|
2022-06-06 15:00:37 +01:00
|
|
|
|
api_user_active,
|
2021-06-09 15:38:28 +01:00
|
|
|
|
):
|
2022-06-06 11:07:02 +01:00
|
|
|
|
request.view_args.update({'service_id': 'foo'})
|
2022-06-06 15:00:37 +01:00
|
|
|
|
|
|
|
|
|
|
api_user_active['permissions'] = {'foo': ['manage_users', 'manage_templates', 'manage_settings']}
|
|
|
|
|
|
api_user_active['services'] = ['foo', 'bar']
|
|
|
|
|
|
|
|
|
|
|
|
client_request.login(api_user_active)
|
2022-06-06 11:07:02 +01:00
|
|
|
|
|
2022-06-06 13:55:25 +01:00
|
|
|
|
@user_has_permissions(*permissions)
|
|
|
|
|
|
def index():
|
|
|
|
|
|
pass
|
|
|
|
|
|
|
|
|
|
|
|
index()
|
2021-06-09 15:38:28 +01:00
|
|
|
|
|
|
|
|
|
|
|
2023-05-26 12:35:48 -07:00
|
|
|
|
@pytest.mark.parametrize('permissions', (
|
|
|
|
|
|
[
|
|
|
|
|
|
# Route has a permission which the user doesn’t have
|
|
|
|
|
|
'send_messages'
|
|
|
|
|
|
],
|
|
|
|
|
|
))
|
|
|
|
|
|
def test_permissions_forbidden(
|
|
|
|
|
|
client_request,
|
|
|
|
|
|
permissions,
|
|
|
|
|
|
api_user_active,
|
|
|
|
|
|
):
|
|
|
|
|
|
request.view_args.update({'service_id': 'foo'})
|
|
|
|
|
|
|
|
|
|
|
|
api_user_active['permissions'] = {'foo': ['manage_users', 'manage_templates', 'manage_settings']}
|
|
|
|
|
|
api_user_active['services'] = ['foo', 'bar']
|
|
|
|
|
|
|
|
|
|
|
|
client_request.login(api_user_active)
|
|
|
|
|
|
|
|
|
|
|
|
@user_has_permissions(*permissions)
|
|
|
|
|
|
def index():
|
|
|
|
|
|
pass
|
|
|
|
|
|
|
|
|
|
|
|
with pytest.raises(expected_exception=Forbidden):
|
|
|
|
|
|
index()
|
|
|
|
|
|
|
|
|
|
|
|
|
2022-06-06 11:45:10 +01:00
|
|
|
|
def test_restrict_admin_usage(
|
|
|
|
|
|
client_request,
|
|
|
|
|
|
platform_admin_user,
|
|
|
|
|
|
):
|
|
|
|
|
|
request.view_args.update({'service_id': 'foo'})
|
|
|
|
|
|
client_request.login(platform_admin_user)
|
|
|
|
|
|
|
2022-06-06 13:55:25 +01:00
|
|
|
|
@user_has_permissions(restrict_admin_usage=True)
|
|
|
|
|
|
def index():
|
|
|
|
|
|
pass
|
2022-06-06 11:45:10 +01:00
|
|
|
|
|
|
|
|
|
|
with pytest.raises(Forbidden):
|
2022-06-06 13:55:25 +01:00
|
|
|
|
index()
|
2022-06-06 11:45:10 +01:00
|
|
|
|
|
|
|
|
|
|
|
2022-06-06 10:46:23 +01:00
|
|
|
|
def test_no_user_returns_redirect_to_sign_in(
|
2022-01-04 10:56:25 +00:00
|
|
|
|
client_request
|
2021-06-09 15:38:28 +01:00
|
|
|
|
):
|
2022-01-04 10:56:25 +00:00
|
|
|
|
client_request.logout()
|
2022-06-06 13:55:25 +01:00
|
|
|
|
|
|
|
|
|
|
@user_has_permissions()
|
|
|
|
|
|
def index():
|
|
|
|
|
|
pass
|
|
|
|
|
|
|
|
|
|
|
|
response = index()
|
2022-06-06 10:46:23 +01:00
|
|
|
|
assert response.status_code == 302
|
|
|
|
|
|
assert response.location.startswith('/sign-in?next=')
|
2021-06-09 15:38:28 +01:00
|
|
|
|
|
|
|
|
|
|
|
2023-07-12 12:09:44 -04:00
|
|
|
|
def test_user_has_permissions_for_organization(
|
2022-01-04 10:56:25 +00:00
|
|
|
|
client_request,
|
2022-06-06 15:00:37 +01:00
|
|
|
|
api_user_active,
|
2021-06-09 15:38:28 +01:00
|
|
|
|
):
|
2023-07-12 12:09:44 -04:00
|
|
|
|
api_user_active['organizations'] = ['org_1', 'org_2']
|
2022-06-06 15:00:37 +01:00
|
|
|
|
client_request.login(api_user_active)
|
2021-06-09 15:38:28 +01:00
|
|
|
|
|
|
|
|
|
|
request.view_args = {'org_id': 'org_2'}
|
|
|
|
|
|
|
|
|
|
|
|
@user_has_permissions()
|
|
|
|
|
|
def index():
|
|
|
|
|
|
pass
|
|
|
|
|
|
|
|
|
|
|
|
index()
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
def test_platform_admin_can_see_orgs_they_dont_have(
|
2022-01-04 10:56:25 +00:00
|
|
|
|
client_request,
|
2021-06-09 15:38:28 +01:00
|
|
|
|
platform_admin_user,
|
|
|
|
|
|
):
|
2023-07-12 12:09:44 -04:00
|
|
|
|
platform_admin_user['organizations'] = []
|
2022-01-04 10:56:25 +00:00
|
|
|
|
client_request.login(platform_admin_user)
|
2021-06-09 15:38:28 +01:00
|
|
|
|
|
|
|
|
|
|
request.view_args = {'org_id': 'org_2'}
|
|
|
|
|
|
|
|
|
|
|
|
@user_has_permissions()
|
|
|
|
|
|
def index():
|
|
|
|
|
|
pass
|
|
|
|
|
|
|
|
|
|
|
|
index()
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
def test_cant_use_decorator_without_view_args(
|
2022-01-04 10:56:25 +00:00
|
|
|
|
client_request,
|
2021-06-09 15:38:28 +01:00
|
|
|
|
platform_admin_user,
|
|
|
|
|
|
):
|
2022-01-04 10:56:25 +00:00
|
|
|
|
client_request.login(platform_admin_user)
|
2021-06-09 15:38:28 +01:00
|
|
|
|
|
|
|
|
|
|
request.view_args = {}
|
|
|
|
|
|
|
|
|
|
|
|
@user_has_permissions()
|
|
|
|
|
|
def index():
|
|
|
|
|
|
pass
|
|
|
|
|
|
|
|
|
|
|
|
with pytest.raises(NotImplementedError):
|
|
|
|
|
|
index()
|
|
|
|
|
|
|
|
|
|
|
|
|
2023-07-12 12:09:44 -04:00
|
|
|
|
def test_user_doesnt_have_permissions_for_organization(
|
2022-01-04 10:56:25 +00:00
|
|
|
|
client_request,
|
2022-06-06 15:00:37 +01:00
|
|
|
|
api_user_active,
|
2021-06-09 15:38:28 +01:00
|
|
|
|
):
|
2023-07-12 12:09:44 -04:00
|
|
|
|
api_user_active['organizations'] = ['org_1', 'org_2']
|
2022-06-06 15:00:37 +01:00
|
|
|
|
client_request.login(api_user_active)
|
2021-06-09 15:38:28 +01:00
|
|
|
|
|
|
|
|
|
|
request.view_args = {'org_id': 'org_3'}
|
|
|
|
|
|
|
|
|
|
|
|
@user_has_permissions()
|
|
|
|
|
|
def index():
|
|
|
|
|
|
pass
|
|
|
|
|
|
|
|
|
|
|
|
with pytest.raises(Forbidden):
|
|
|
|
|
|
index()
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
def test_user_with_no_permissions_to_service_goes_to_templates(
|
2022-06-06 10:54:38 +01:00
|
|
|
|
client_request,
|
2022-06-06 15:00:37 +01:00
|
|
|
|
api_user_active,
|
2021-06-09 15:38:28 +01:00
|
|
|
|
):
|
2022-06-06 15:00:37 +01:00
|
|
|
|
api_user_active['permissions'] = {'foo': ['manage_users', 'manage_templates', 'manage_settings']}
|
|
|
|
|
|
api_user_active['services'] = ['foo', 'bar']
|
|
|
|
|
|
client_request.login(api_user_active)
|
2021-06-09 15:38:28 +01:00
|
|
|
|
request.view_args = {'service_id': 'bar'}
|
|
|
|
|
|
|
|
|
|
|
|
@user_has_permissions()
|
|
|
|
|
|
def index():
|
|
|
|
|
|
pass
|
|
|
|
|
|
|
|
|
|
|
|
index()
|
