Abort 403 if nonwhitelist user tries to add service

This commit is contained in:
Imdad Ahad
2016-10-25 18:11:37 +01:00
parent f33e0d0e94
commit 84762edef4
2 changed files with 31 additions and 8 deletions

View File

@@ -1,11 +1,19 @@
import re
from flask import (
render_template,
redirect,
session,
url_for,
current_app)
current_app
)
from flask_login import login_required
from flask_login import (
current_user,
login_required
)
from werkzeug.exceptions import abort
from app.main import main
from app.main.forms import AddServiceForm
@@ -16,7 +24,11 @@ from app import (
user_api_client,
service_api_client
)
from app.utils import email_safe
from app.utils import (
email_safe,
user_in_whitelist
)
@main.route("/add-service", methods=['GET', 'POST'])
@@ -61,8 +73,11 @@ def add_service():
help=1
))
else:
return render_template(
'views/add-service.html',
form=form,
heading=heading
)
if not user_in_whitelist(current_user.email_address):
abort(403)
else:
return render_template(
'views/add-service.html',
form=form,
heading=heading
)

View File

@@ -1,6 +1,7 @@
from flask import url_for, session
from unittest.mock import ANY
import app
from app.utils import user_in_whitelist
def test_get_should_render_add_service_template(app_,
@@ -101,3 +102,10 @@ def test_should_return_form_errors_with_duplicate_service_name_regardless_of_cas
assert 'This service name is already in use' in response.get_data(as_text=True)
app.service_api_client.find_all_service_email_from.assert_called_once_with()
assert not mock_create_service.called
def test_non_whitelist_user_cannot_add_service(app_, nonwhitelist_user, mocker, client):
client.login(nonwhitelist_user, mocker)
assert not user_in_whitelist(nonwhitelist_user.email_address)
response = client.get(url_for('main.add_service'))
assert response.status_code == 403