mirror of
https://github.com/GSA/notifications-admin.git
synced 2026-07-13 09:50:08 -04:00
@@ -26,7 +26,7 @@
|
||||
).done(
|
||||
response => flushQueue(queue, response)
|
||||
).fail(
|
||||
() => clearQueue(queue)
|
||||
() => poll = function(){}
|
||||
);
|
||||
|
||||
setTimeout(
|
||||
|
||||
@@ -53,7 +53,6 @@ def service_dashboard(service_id):
|
||||
|
||||
|
||||
@main.route("/services/<service_id>/dashboard.json")
|
||||
@login_required
|
||||
@user_has_permissions('view_activity', admin_override=True)
|
||||
def service_dashboard_updates(service_id):
|
||||
return jsonify(**get_dashboard_partials(service_id))
|
||||
|
||||
@@ -172,7 +172,6 @@ def cancel_job(service_id, job_id):
|
||||
|
||||
|
||||
@main.route("/services/<service_id>/jobs/<job_id>.json")
|
||||
@login_required
|
||||
@user_has_permissions('view_activity', admin_override=True)
|
||||
def view_job_updates(service_id, job_id):
|
||||
return jsonify(**get_job_partials(
|
||||
|
||||
14
app/utils.py
14
app/utils.py
@@ -42,11 +42,17 @@ def user_has_permissions(*permissions, admin_override=False, any_=False):
|
||||
@wraps(func)
|
||||
def wrap_func(*args, **kwargs):
|
||||
from flask_login import current_user
|
||||
if current_user and current_user.has_permissions(permissions=permissions,
|
||||
admin_override=admin_override, any_=any_):
|
||||
return func(*args, **kwargs)
|
||||
if current_user and current_user.is_authenticated:
|
||||
if current_user.has_permissions(
|
||||
permissions=permissions,
|
||||
admin_override=admin_override,
|
||||
any_=any_
|
||||
):
|
||||
return func(*args, **kwargs)
|
||||
else:
|
||||
abort(403)
|
||||
else:
|
||||
abort(403)
|
||||
abort(401)
|
||||
return wrap_func
|
||||
return wrap
|
||||
|
||||
|
||||
@@ -1,7 +1,7 @@
|
||||
import pytest
|
||||
from app.utils import user_has_permissions
|
||||
from app.main.views.index import index
|
||||
from werkzeug.exceptions import Forbidden
|
||||
from werkzeug.exceptions import Forbidden, Unauthorized
|
||||
from flask import request
|
||||
|
||||
|
||||
@@ -9,7 +9,8 @@ def _test_permissions(app_, usr, permissions, service_id, will_succeed, any_=Fal
|
||||
with app_.test_request_context() as ctx:
|
||||
request.view_args.update({'service_id': service_id})
|
||||
with app_.test_client() as client:
|
||||
client.login(usr)
|
||||
if usr:
|
||||
client.login(usr)
|
||||
decorator = user_has_permissions(*permissions, any_=any_, admin_override=admin_override)
|
||||
decorated_index = decorator(index)
|
||||
if will_succeed:
|
||||
@@ -17,8 +18,8 @@ def _test_permissions(app_, usr, permissions, service_id, will_succeed, any_=Fal
|
||||
else:
|
||||
try:
|
||||
response = decorated_index()
|
||||
pytest.fail("Failed to throw a forbidden exception")
|
||||
except Forbidden:
|
||||
pytest.fail("Failed to throw a forbidden or unauthorised exception")
|
||||
except (Forbidden, Unauthorized):
|
||||
pass
|
||||
|
||||
|
||||
@@ -107,6 +108,17 @@ def test_platform_admin_user_can_not_access_page(app_,
|
||||
admin_override=False)
|
||||
|
||||
|
||||
def test_no_user_returns_401_unauth(app_):
|
||||
from flask_login import current_user
|
||||
assert not current_user
|
||||
_test_permissions(
|
||||
app_,
|
||||
None,
|
||||
[],
|
||||
'',
|
||||
will_succeed=False)
|
||||
|
||||
|
||||
def _user_with_permissions():
|
||||
from app.notify_client.user_api_client import User
|
||||
|
||||
|
||||
Reference in New Issue
Block a user