diff --git a/app/main/views/dashboard.py b/app/main/views/dashboard.py index 6fc17c49c..88d7c14b9 100644 --- a/app/main/views/dashboard.py +++ b/app/main/views/dashboard.py @@ -9,10 +9,12 @@ from app.main import main from app.main.dao.services_dao import get_service_by_id from app.main.dao import templates_dao from app import job_api_client, statistics_api_client +from app.utils import user_has_permissions @main.route("/services//dashboard") @login_required +@user_has_permissions() def service_dashboard(service_id): templates = templates_dao.get_service_templates(service_id)['data'] jobs = job_api_client.get_job(service_id)['data'] diff --git a/app/main/views/jobs.py b/app/main/views/jobs.py index c6de79710..4e5082d31 100644 --- a/app/main/views/jobs.py +++ b/app/main/views/jobs.py @@ -18,11 +18,12 @@ from app import job_api_client, notification_api_client from app.main import main from app.main.dao import templates_dao from app.main.dao import services_dao -from app.utils import (get_page_from_request, generate_previous_next_dict) +from app.utils import (get_page_from_request, generate_previous_next_dict, user_has_permissions) @main.route("/services//jobs") @login_required +@user_has_permissions() def view_jobs(service_id): jobs = job_api_client.get_job(service_id)['data'] return render_template( @@ -34,6 +35,7 @@ def view_jobs(service_id): @main.route("/services//jobs/") @login_required +@user_has_permissions() def view_job(service_id, job_id): service = services_dao.get_service_by_id_or_404(service_id) job = job_api_client.get_job(service_id, job_id)['data'] @@ -62,6 +64,7 @@ def view_job(service_id, job_id): @main.route("/services//jobs/.json") @login_required +@user_has_permissions() def view_job_updates(service_id, job_id): service = services_dao.get_service_by_id_or_404(service_id) job = job_api_client.get_job(service_id, job_id)['data'] @@ -89,6 +92,7 @@ def view_job_updates(service_id, job_id): @main.route('/services//notifications') @login_required +@user_has_permissions() def view_notifications(service_id): # TODO get the api to return count of pages as well. page = get_page_from_request() @@ -117,6 +121,7 @@ def view_notifications(service_id): @main.route("/services//jobs//notification/") @login_required +@user_has_permissions() def view_notification(service_id, job_id, notification_id): now = time.strftime('%H:%M') diff --git a/app/main/views/manage_users.py b/app/main/views/manage_users.py index 4f38751b6..6006f0553 100644 --- a/app/main/views/manage_users.py +++ b/app/main/views/manage_users.py @@ -36,6 +36,7 @@ roles = { @main.route("/services//users") @login_required +@user_has_permissions() def manage_users(service_id): return render_template( 'views/manage-users.html', diff --git a/tests/app/main/views/test_accept_invite.py b/tests/app/main/views/test_accept_invite.py index 4e922bf76..fa9fc0aaf 100644 --- a/tests/app/main/views/test_accept_invite.py +++ b/tests/app/main/views/test_accept_invite.py @@ -278,7 +278,8 @@ def test_new_invited_user_verifies_and_added_to_service(app_, mock_get_service, mock_get_service_templates, mock_get_service_statistics, - mock_get_jobs): + mock_get_jobs, + mock_has_permissions): with app_.test_request_context(): with app_.test_client() as client: diff --git a/tests/app/main/views/test_dashboard.py b/tests/app/main/views/test_dashboard.py index 70e98f335..34fcf71e2 100644 --- a/tests/app/main/views/test_dashboard.py +++ b/tests/app/main/views/test_dashboard.py @@ -1,4 +1,5 @@ from flask import url_for +from tests import validate_route_permission def test_should_show_recent_jobs_on_dashboard(app_, @@ -9,7 +10,8 @@ def test_should_show_recent_jobs_on_dashboard(app_, mock_get_user, mock_get_user_by_email, mock_login, - mock_get_jobs): + mock_get_jobs, + mock_has_permissions): with app_.test_request_context(): with app_.test_client() as client: @@ -133,3 +135,30 @@ def test_menu_all_services_for_platform_admin_user(mocker, app_, platform_admin_ assert url_for('main.view_notifications', service_id=service_one['id']) in page assert url_for('main.view_jobs', service_id=service_one['id']) in page assert url_for('main.api_keys', service_id=service_one['id']) not in page + + +def test_route_for_service_permissions(mocker, + app_, + api_user_active, + service_one, + mock_get_service, + mock_get_user, + mock_get_service_templates, + mock_get_jobs, + mock_get_service_statistics): + routes = [ + 'main.service_dashboard'] + with app_.test_request_context(): + # Just test that the user is part of the service + for route in routes: + validate_route_permission( + mocker, + app_, + "GET", + 200, + url_for( + route, + service_id=service_one['id']), + [], + api_user_active, + service_one) diff --git a/tests/app/main/views/test_jobs.py b/tests/app/main/views/test_jobs.py index 47def675a..2e44f63f3 100644 --- a/tests/app/main/views/test_jobs.py +++ b/tests/app/main/views/test_jobs.py @@ -9,7 +9,8 @@ def test_should_return_list_of_all_jobs(app_, mock_get_user, mock_get_user_by_email, mock_login, - mock_get_jobs): + mock_get_jobs, + mock_has_permissions): with app_.test_request_context(): with app_.test_client() as client: client.login(api_user_active) @@ -33,7 +34,8 @@ def test_should_show_page_for_one_job( mock_get_service_template, job_data, mock_get_job, - mock_get_notifications + mock_get_notifications, + mock_has_permissions ): service_id = job_data['service'] job_id = job_data['id'] @@ -61,7 +63,8 @@ def test_should_show_updates_for_one_job_as_json( mock_get_service_template, job_data, mock_get_job, - mock_get_notifications + mock_get_notifications, + mock_has_permissions ): service_id = job_data['service'] job_id = job_data['id'] @@ -88,7 +91,8 @@ def test_should_show_notifications_for_a_service(app_, mock_get_user, mock_get_user_by_email, mock_get_service, - mock_get_notifications): + mock_get_notifications, + mock_has_permissions): with app_.test_request_context(): with app_.test_client() as client: client.login(api_user_active) @@ -110,7 +114,8 @@ def test_should_show_notifications_for_a_service_with_next_previous(app_, mock_get_user, mock_get_user_by_email, mock_get_service, - mock_get_notifications_with_previous_next): + mock_get_notifications_with_previous_next, + mock_has_permissions): with app_.test_request_context(): with app_.test_client() as client: client.login(api_user_active) diff --git a/tests/conftest.py b/tests/conftest.py index 155213833..011a2ef4c 100644 --- a/tests/conftest.py +++ b/tests/conftest.py @@ -762,3 +762,10 @@ def mock_set_user_permissions(mocker): @pytest.fixture(scope='function') def mock_remove_user_from_service(mocker): return mocker.patch('app.service_api_client.remove_user_from_service', return_value=None) + + +@pytest.fixture(scope='function') +def mock_get_service_statistics(mocker): + return mocker.patch( + 'app.statistics_api_client.get_statistics_for_service', + return_value={'data': [{}]})