2021-06-09 15:38:28 +01:00
|
|
|
|
import pytest
|
|
|
|
|
|
from flask import request
|
2022-06-06 10:38:34 +01:00
|
|
|
|
from werkzeug.exceptions import Forbidden
|
2021-06-09 15:38:28 +01:00
|
|
|
|
|
|
|
|
|
|
from app.utils.user import user_has_permissions
|
2022-06-06 11:40:10 +01:00
|
|
|
|
|
2021-06-09 15:38:28 +01:00
|
|
|
|
|
2023-10-26 08:33:59 -07:00
|
|
|
|
@pytest.mark.parametrize(
|
2023-08-25 09:12:23 -07:00
|
|
|
|
"permissions",
|
2023-10-26 08:33:59 -07:00
|
|
|
|
[
|
2023-09-07 17:22:39 -04:00
|
|
|
|
[
|
2023-08-25 09:12:23 -07:00
|
|
|
|
# Route has one of the permissions which the user has
|
|
|
|
|
|
"manage_service"
|
2023-09-07 17:22:39 -04:00
|
|
|
|
],
|
|
|
|
|
|
[
|
2023-08-25 09:12:23 -07:00
|
|
|
|
# Route has more than one of the permissions which the user has
|
|
|
|
|
|
"manage_templates",
|
|
|
|
|
|
"manage_service",
|
2023-09-07 17:22:39 -04:00
|
|
|
|
],
|
|
|
|
|
|
[
|
2023-08-25 09:12:23 -07:00
|
|
|
|
# Route has one of the permissions which the user has, and one they do not
|
|
|
|
|
|
"manage_service",
|
|
|
|
|
|
"send_messages",
|
2023-09-07 17:22:39 -04:00
|
|
|
|
],
|
|
|
|
|
|
[
|
2023-08-25 09:12:23 -07:00
|
|
|
|
# Route has no specific permissions required
|
2023-09-07 17:22:39 -04:00
|
|
|
|
],
|
2023-10-26 08:33:59 -07:00
|
|
|
|
],
|
2023-08-25 09:12:23 -07:00
|
|
|
|
)
|
2022-06-06 11:07:02 +01:00
|
|
|
|
def test_permissions(
|
2022-01-04 10:56:25 +00:00
|
|
|
|
client_request,
|
2022-06-06 11:07:02 +01:00
|
|
|
|
permissions,
|
2022-06-06 15:00:37 +01:00
|
|
|
|
api_user_active,
|
2021-06-09 15:38:28 +01:00
|
|
|
|
):
|
2023-08-25 09:12:23 -07:00
|
|
|
|
request.view_args.update({"service_id": "foo"})
|
2022-06-06 15:00:37 +01:00
|
|
|
|
|
2023-08-25 09:12:23 -07:00
|
|
|
|
api_user_active["permissions"] = {
|
|
|
|
|
|
"foo": ["manage_users", "manage_templates", "manage_settings"]
|
|
|
|
|
|
}
|
|
|
|
|
|
api_user_active["services"] = ["foo", "bar"]
|
2022-06-06 15:00:37 +01:00
|
|
|
|
|
|
|
|
|
|
client_request.login(api_user_active)
|
2022-06-06 11:07:02 +01:00
|
|
|
|
|
2022-06-06 13:55:25 +01:00
|
|
|
|
@user_has_permissions(*permissions)
|
|
|
|
|
|
def index():
|
|
|
|
|
|
pass
|
|
|
|
|
|
|
|
|
|
|
|
index()
|
2021-06-09 15:38:28 +01:00
|
|
|
|
|
|
|
|
|
|
|
2023-10-26 08:33:59 -07:00
|
|
|
|
@pytest.mark.parametrize(
|
2023-08-25 09:12:23 -07:00
|
|
|
|
"permissions",
|
2023-10-26 08:33:59 -07:00
|
|
|
|
[
|
2023-09-07 17:22:39 -04:00
|
|
|
|
[
|
2023-08-25 09:12:23 -07:00
|
|
|
|
# Route has a permission which the user doesn’t have
|
|
|
|
|
|
"send_messages"
|
2023-09-07 17:22:39 -04:00
|
|
|
|
],
|
2023-10-26 08:33:59 -07:00
|
|
|
|
],
|
2023-08-25 09:12:23 -07:00
|
|
|
|
)
|
2023-05-26 12:35:48 -07:00
|
|
|
|
def test_permissions_forbidden(
|
|
|
|
|
|
client_request,
|
|
|
|
|
|
permissions,
|
|
|
|
|
|
api_user_active,
|
|
|
|
|
|
):
|
2023-08-25 09:12:23 -07:00
|
|
|
|
request.view_args.update({"service_id": "foo"})
|
2023-05-26 12:35:48 -07:00
|
|
|
|
|
2023-08-25 09:12:23 -07:00
|
|
|
|
api_user_active["permissions"] = {
|
|
|
|
|
|
"foo": ["manage_users", "manage_templates", "manage_settings"]
|
|
|
|
|
|
}
|
|
|
|
|
|
api_user_active["services"] = ["foo", "bar"]
|
2023-05-26 12:35:48 -07:00
|
|
|
|
|
|
|
|
|
|
client_request.login(api_user_active)
|
|
|
|
|
|
|
|
|
|
|
|
@user_has_permissions(*permissions)
|
|
|
|
|
|
def index():
|
|
|
|
|
|
pass
|
|
|
|
|
|
|
|
|
|
|
|
with pytest.raises(expected_exception=Forbidden):
|
|
|
|
|
|
index()
|
|
|
|
|
|
|
|
|
|
|
|
|
2022-06-06 11:45:10 +01:00
|
|
|
|
def test_restrict_admin_usage(
|
|
|
|
|
|
client_request,
|
|
|
|
|
|
platform_admin_user,
|
|
|
|
|
|
):
|
2023-08-25 09:12:23 -07:00
|
|
|
|
request.view_args.update({"service_id": "foo"})
|
2022-06-06 11:45:10 +01:00
|
|
|
|
client_request.login(platform_admin_user)
|
|
|
|
|
|
|
2022-06-06 13:55:25 +01:00
|
|
|
|
@user_has_permissions(restrict_admin_usage=True)
|
|
|
|
|
|
def index():
|
|
|
|
|
|
pass
|
2022-06-06 11:45:10 +01:00
|
|
|
|
|
|
|
|
|
|
with pytest.raises(Forbidden):
|
2022-06-06 13:55:25 +01:00
|
|
|
|
index()
|
2022-06-06 11:45:10 +01:00
|
|
|
|
|
|
|
|
|
|
|
2024-07-11 09:38:32 -07:00
|
|
|
|
def test_no_user_returns_redirect_to_sign_in(client_request, mocker):
|
|
|
|
|
|
|
|
|
|
|
|
mocker.patch("app.notify_client.user_api_client.UserApiClient.deactivate_user")
|
2022-01-04 10:56:25 +00:00
|
|
|
|
client_request.logout()
|
2022-06-06 13:55:25 +01:00
|
|
|
|
|
|
|
|
|
|
@user_has_permissions()
|
|
|
|
|
|
def index():
|
|
|
|
|
|
pass
|
|
|
|
|
|
|
|
|
|
|
|
response = index()
|
2022-06-06 10:46:23 +01:00
|
|
|
|
assert response.status_code == 302
|
2023-08-25 09:12:23 -07:00
|
|
|
|
assert response.location.startswith("/sign-in?next=")
|
2021-06-09 15:38:28 +01:00
|
|
|
|
|
|
|
|
|
|
|
2023-07-12 12:09:44 -04:00
|
|
|
|
def test_user_has_permissions_for_organization(
|
2022-01-04 10:56:25 +00:00
|
|
|
|
client_request,
|
2022-06-06 15:00:37 +01:00
|
|
|
|
api_user_active,
|
2021-06-09 15:38:28 +01:00
|
|
|
|
):
|
2023-08-25 09:12:23 -07:00
|
|
|
|
api_user_active["organizations"] = ["org_1", "org_2"]
|
2022-06-06 15:00:37 +01:00
|
|
|
|
client_request.login(api_user_active)
|
2021-06-09 15:38:28 +01:00
|
|
|
|
|
2023-08-25 09:12:23 -07:00
|
|
|
|
request.view_args = {"org_id": "org_2"}
|
2021-06-09 15:38:28 +01:00
|
|
|
|
|
|
|
|
|
|
@user_has_permissions()
|
|
|
|
|
|
def index():
|
|
|
|
|
|
pass
|
|
|
|
|
|
|
|
|
|
|
|
index()
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
def test_platform_admin_can_see_orgs_they_dont_have(
|
2022-01-04 10:56:25 +00:00
|
|
|
|
client_request,
|
2021-06-09 15:38:28 +01:00
|
|
|
|
platform_admin_user,
|
|
|
|
|
|
):
|
2023-08-25 09:12:23 -07:00
|
|
|
|
platform_admin_user["organizations"] = []
|
2022-01-04 10:56:25 +00:00
|
|
|
|
client_request.login(platform_admin_user)
|
2021-06-09 15:38:28 +01:00
|
|
|
|
|
2023-08-25 09:12:23 -07:00
|
|
|
|
request.view_args = {"org_id": "org_2"}
|
2021-06-09 15:38:28 +01:00
|
|
|
|
|
|
|
|
|
|
@user_has_permissions()
|
|
|
|
|
|
def index():
|
|
|
|
|
|
pass
|
|
|
|
|
|
|
|
|
|
|
|
index()
|
|
|
|
|
|
|
|
|
|
|
|
|
2024-07-16 13:01:12 -07:00
|
|
|
|
# def test_cant_use_decorator_without_view_args(
|
|
|
|
|
|
# client_request,
|
|
|
|
|
|
# platform_admin_user,
|
|
|
|
|
|
# ):
|
|
|
|
|
|
# client_request.login(platform_admin_user)
|
2021-06-09 15:38:28 +01:00
|
|
|
|
|
2024-07-16 13:01:12 -07:00
|
|
|
|
# request.view_args = {}
|
2021-06-09 15:38:28 +01:00
|
|
|
|
|
2024-07-16 13:01:12 -07:00
|
|
|
|
# @user_has_permissions()
|
|
|
|
|
|
# def index():
|
|
|
|
|
|
# pass
|
2021-06-09 15:38:28 +01:00
|
|
|
|
|
2024-07-16 13:01:12 -07:00
|
|
|
|
# with pytest.raises(NotImplementedError):
|
|
|
|
|
|
# index()
|
2021-06-09 15:38:28 +01:00
|
|
|
|
|
|
|
|
|
|
|
2023-07-12 12:09:44 -04:00
|
|
|
|
def test_user_doesnt_have_permissions_for_organization(
|
2022-01-04 10:56:25 +00:00
|
|
|
|
client_request,
|
2022-06-06 15:00:37 +01:00
|
|
|
|
api_user_active,
|
2021-06-09 15:38:28 +01:00
|
|
|
|
):
|
2023-08-25 09:12:23 -07:00
|
|
|
|
api_user_active["organizations"] = ["org_1", "org_2"]
|
2022-06-06 15:00:37 +01:00
|
|
|
|
client_request.login(api_user_active)
|
2021-06-09 15:38:28 +01:00
|
|
|
|
|
2023-08-25 09:12:23 -07:00
|
|
|
|
request.view_args = {"org_id": "org_3"}
|
2021-06-09 15:38:28 +01:00
|
|
|
|
|
|
|
|
|
|
@user_has_permissions()
|
|
|
|
|
|
def index():
|
|
|
|
|
|
pass
|
|
|
|
|
|
|
|
|
|
|
|
with pytest.raises(Forbidden):
|
|
|
|
|
|
index()
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
def test_user_with_no_permissions_to_service_goes_to_templates(
|
2022-06-06 10:54:38 +01:00
|
|
|
|
client_request,
|
2022-06-06 15:00:37 +01:00
|
|
|
|
api_user_active,
|
2021-06-09 15:38:28 +01:00
|
|
|
|
):
|
2023-08-25 09:12:23 -07:00
|
|
|
|
api_user_active["permissions"] = {
|
|
|
|
|
|
"foo": ["manage_users", "manage_templates", "manage_settings"]
|
|
|
|
|
|
}
|
|
|
|
|
|
api_user_active["services"] = ["foo", "bar"]
|
2022-06-06 15:00:37 +01:00
|
|
|
|
client_request.login(api_user_active)
|
2023-08-25 09:12:23 -07:00
|
|
|
|
request.view_args = {"service_id": "bar"}
|
2021-06-09 15:38:28 +01:00
|
|
|
|
|
|
|
|
|
|
@user_has_permissions()
|
|
|
|
|
|
def index():
|
|
|
|
|
|
pass
|
|
|
|
|
|
|
|
|
|
|
|
index()
|
