diff --git a/app/models/user.py b/app/models/user.py index 201743356..5f0d5033e 100644 --- a/app/models/user.py +++ b/app/models/user.py @@ -119,7 +119,6 @@ class User(UserMixin): def has_permissions(self, *permissions, restrict_admin_usage=False): unknown_permissions = set(permissions) - all_permissions - if unknown_permissions: raise TypeError('{} are not valid permissions'.format(list(unknown_permissions))) @@ -139,7 +138,7 @@ class User(UserMixin): if org_id: return org_id in self.organisations if not permissions: - return service_id in self._permissions + return service_id in self.services if service_id: return any(x in self._permissions.get(service_id, []) for x in permissions) diff --git a/tests/__init__.py b/tests/__init__.py index f12e111b8..f789c0c25 100644 --- a/tests/__init__.py +++ b/tests/__init__.py @@ -484,6 +484,7 @@ def validate_route_permission(mocker, usr, service): usr._permissions[str(service['id'])] = permissions + usr.services = [service['id']] mocker.patch( 'app.user_api_client.check_verify_code', return_value=(True, '')) diff --git a/tests/app/main/test_permissions.py b/tests/app/main/test_permissions.py index 70b013df7..6c76d59c1 100644 --- a/tests/app/main/test_permissions.py +++ b/tests/app/main/test_permissions.py @@ -211,6 +211,22 @@ def test_user_doesnt_have_permissions_for_organisation( index() +def test_user_with_no_permissions_to_service_goes_to_templates( + client, + mocker +): + user = _user_with_permissions() + mocker.patch('app.user_api_client.get_user', return_value=user) + client.login(user) + request.view_args = {'service_id': 'bar'} + + @user_has_permissions() + def index(): + pass + + index() + + def _user_with_permissions(): from app.notify_client.user_api_client import User @@ -224,6 +240,7 @@ def _user_with_permissions(): 'permissions': {'foo': ['manage_users', 'manage_templates', 'manage_settings']}, 'platform_admin': False, 'organisations': ['org_1', 'org_2'], + 'services': ['foo', 'bar'] } user = User(user_data) return user diff --git a/tests/app/main/views/test_dashboard.py b/tests/app/main/views/test_dashboard.py index 862206efb..4b986c573 100644 --- a/tests/app/main/views/test_dashboard.py +++ b/tests/app/main/views/test_dashboard.py @@ -875,6 +875,7 @@ def _test_dashboard_menu(mocker, app_, usr, service, permissions): with app_.test_request_context(): with app_.test_client() as client: usr._permissions[str(service['id'])] = permissions + usr.services = [service['id']] mocker.patch('app.user_api_client.check_verify_code', return_value=(True, '')) mocker.patch('app.service_api_client.get_services', return_value={'data': [service]}) mocker.patch('app.user_api_client.get_user', return_value=usr) diff --git a/tests/app/main/views/test_templates.py b/tests/app/main/views/test_templates.py index fcfa62108..75eb5cf90 100644 --- a/tests/app/main/views/test_templates.py +++ b/tests/app/main/views/test_templates.py @@ -1455,7 +1455,7 @@ def test_route_permissions_for_choose_template( api_user_active, mock_get_template_folders, service_one, - mock_get_service_templates, + mock_get_service_templates ): mocker.patch('app.job_api_client.get_job') validate_route_permission( @@ -1467,7 +1467,7 @@ def test_route_permissions_for_choose_template( 'main.choose_template', service_id=service_one['id'], ), - ['view_activity'], + [], api_user_active, service_one) diff --git a/tests/conftest.py b/tests/conftest.py index 270e93151..5c64914fc 100644 --- a/tests/conftest.py +++ b/tests/conftest.py @@ -1178,7 +1178,8 @@ def active_user_with_permissions(fake_uuid): 'view_activity']}, 'platform_admin': False, 'auth_type': 'sms_auth', - 'organisations': [ORGANISATION_ID] + 'organisations': [ORGANISATION_ID], + 'services': [SERVICE_ONE_ID] } user = User(user_data) return user @@ -1205,6 +1206,7 @@ def active_caseworking_user(fake_uuid): 'platform_admin': False, 'auth_type': 'sms_auth', 'organisations': [], + 'services': [SERVICE_ONE_ID] } user = User(user_data) return user @@ -1232,7 +1234,8 @@ def active_user_no_mobile(fake_uuid): 'view_activity']}, 'platform_admin': False, 'auth_type': 'email_auth', - 'organisations': [] + 'organisations': [], + 'services': [SERVICE_ONE_ID] } user = User(user_data) return user @@ -1253,7 +1256,8 @@ def active_user_view_permissions(fake_uuid): 'permissions': {SERVICE_ONE_ID: ['view_activity']}, 'platform_admin': False, 'auth_type': 'sms_auth', - 'organisations': [] + 'organisations': [], + 'services': [SERVICE_ONE_ID] } user = User(user_data) return user @@ -1271,10 +1275,11 @@ def active_user_empty_permissions(fake_uuid): 'mobile_number': '07700 900763', 'state': 'active', 'failed_login_count': 0, - 'permissions': {SERVICE_ONE_ID: []}, + 'permissions': {}, 'platform_admin': False, 'auth_type': 'sms_auth', - 'organisations': [] + 'organisations': [], + 'services': [SERVICE_ONE_ID] } user = User(user_data) return user @@ -1299,7 +1304,8 @@ def active_user_manage_template_permission(fake_uuid): ]}, 'platform_admin': False, 'auth_type': 'sms_auth', - 'organisations': [] + 'organisations': [], + 'services': [SERVICE_ONE_ID] } user = User(user_data) return user