diff --git a/app/notify_client/models.py b/app/notify_client/models.py index 3a4c9e92b..a40db7cd3 100644 --- a/app/notify_client/models.py +++ b/app/notify_client/models.py @@ -94,10 +94,6 @@ class User(UserMixin): return set(self._permissions[service_id]) >= set(permissions) return False - def has_platform_admin_permissions(self): - print('platform_permissions {}'.format(self.platform_admin)) - self.platform_admin - @property def failed_login_count(self): return self._failed_login_count diff --git a/tests/__init__.py b/tests/__init__.py index 557ff8108..20d046665 100644 --- a/tests/__init__.py +++ b/tests/__init__.py @@ -146,6 +146,10 @@ def validate_route_permission(mocker, mocker.patch('app.user_api_client.get_user', return_value=usr) mocker.patch('app.user_api_client.get_user_by_email', return_value=usr) mocker.patch('app.service_api_client.get_service', return_value={'data': service}) + mocker.patch('app.user_api_client.get_users_for_service', return_value=[usr]) + mocker.patch('app.invite_api_client.get_invites_for_service', return_value=[]) + mocker.patch('app.invite_api_client.cancel_invited_user') + with app_.test_request_context(): with app_.test_client() as client: diff --git a/tests/app/main/test_permissions.py b/tests/app/main/test_permissions.py index 62c5b5058..586f0238f 100644 --- a/tests/app/main/test_permissions.py +++ b/tests/app/main/test_permissions.py @@ -1,16 +1,15 @@ import pytest -from flask import url_for from app.utils import user_has_permissions from app.main.views.index import index from werkzeug.exceptions import Forbidden -def _test_permissions(app_, usr, permissions, will_succeed, or_=False): +def _test_permissions(app_, usr, permissions, will_succeed, or_=False, admin_override=False): with app_.test_request_context(): with app_.test_client() as client: client.login(usr) - decorator = user_has_permissions(*permissions, or_=or_) + decorator = user_has_permissions(*permissions, or_=or_, admin_override=admin_override) decorated_index = decorator(index) if will_succeed: response = decorated_index() @@ -76,3 +75,26 @@ def test_exact_permissions(app_, api_user_active, ['manage_users', 'manage_templates', 'manage_settings'], True) + + +def test_platform_admin_user_can_access_page(app_, + platform_admin_user, + mock_login, + mock_get_platform_admin_user_with_permissions): + _test_permissions( + app_, + platform_admin_user, + [], + True, + admin_override=True) + + +def test_platform_admin_user_can_not_access_page(app_, + platform_admin_user, + mock_login, + mock_get_platform_admin_user_with_permissions): + _test_permissions( + app_, + platform_admin_user, + [], + will_succeed=False) diff --git a/tests/app/main/views/test_manage_users.py b/tests/app/main/views/test_manage_users.py index d0ed7e571..474445f23 100644 --- a/tests/app/main/views/test_manage_users.py +++ b/tests/app/main/views/test_manage_users.py @@ -3,6 +3,7 @@ from flask import url_for from bs4 import BeautifulSoup from app.notify_client.models import InvitedUser +from tests import validate_route_permission def test_should_show_overview_page( @@ -258,10 +259,8 @@ def test_user_cant_invite_themselves( mock_get_invites_for_service, mock_has_permissions ): - from_user = api_user_active.id service_id = service_one['id'] email_address = api_user_active.email_address - permissions = 'send_messages,manage_service,manage_api_keys' with app_.test_request_context(): with app_.test_client() as client: @@ -280,3 +279,38 @@ def test_user_cant_invite_themselves( assert page.h1.string.strip() == 'Invite a team member' form_error = page.find('span', class_='error-message').string.strip() assert form_error == "You can't send an invitation to yourself" + + +def test_platform_admin_user_can_manage_user(mocker, app_, platform_admin_user, service_one, api_user_active): + routes = [ + 'main.manage_users', + 'main.invite_user' + ] + with app_.test_request_context(): + # for route in routes: + # validate_route_permission(mocker, + # app_, + # "GET", + # 200, + # url_for(route, service_id=service_one['id']), + # [], + # platform_admin_user, + # service_one) + # + # validate_route_permission(mocker, + # app_, + # "GET", + # 200, + # url_for('main.edit_user_permissions', service_id=service_one['id'], user_id=platform_admin_user.id), + # [], + # platform_admin_user, + # service_one) + validate_route_permission(mocker, + app_, + "GET", + 200, + url_for('main.cancel_invited_user', service_id=service_one['id'], + invited_user_id=api_user_active.id), + [], + platform_admin_user, + service_one) diff --git a/tests/app/main/views/test_service_settings.py b/tests/app/main/views/test_service_settings.py index 65f7030e7..59af4e3d6 100644 --- a/tests/app/main/views/test_service_settings.py +++ b/tests/app/main/views/test_service_settings.py @@ -422,3 +422,26 @@ def test_route_invalid_permissions(mocker, app_, api_user_active, service_one): ['blah'], api_user_active, service_one) + + +def test_route_for_platform_admin(mocker, app_, platform_admin_user, service_one): + routes = [ + 'main.service_settings', + 'main.service_name_change', + 'main.service_name_change_confirm', + 'main.service_request_to_go_live', + 'main.service_status_change', + 'main.service_status_change_confirm', + 'main.service_delete', + 'main.service_delete_confirm' + ] + with app_.test_request_context(): + for route in routes: + validate_route_permission(mocker, + app_, + "GET", + 200, + url_for(route, service_id=service_one['id']), + [], + platform_admin_user, + service_one) diff --git a/tests/conftest.py b/tests/conftest.py index 38bb03903..626161968 100644 --- a/tests/conftest.py +++ b/tests/conftest.py @@ -380,6 +380,14 @@ def mock_get_user_with_permissions(mocker, api_user_active): 'app.user_api_client.get_user', side_effect=_get_user) +@pytest.fixture(scope='function') +def mock_get_platform_admin_user_with_permissions(mocker, platform_admin_user): + def _get_user(id): + return platform_admin_user + return mocker.patch( + 'app.user_api_client.get_user', side_effect=_get_user) + + @pytest.fixture(scope='function') def mock_dont_get_user_by_email(mocker):