Check for unknown permissions

This guards against anyone mispelling or using the wrong words for a
permission, which could introduce unexpected or hard to catch errors.

app/notify_client/models.py

@@ -1,3 +1,4 @@
+from itertools import chain
 from flask_login import UserMixin, AnonymousUserMixin
 from flask import session
 
@@ -9,6 +10,8 @@ roles = {
     'manage_api_keys': ['manage_api_keys']
 }
 
+all_permissions = set(chain.from_iterable(roles.values())) | {'view_activity'}
+
 
 class User(UserMixin):
     def __init__(self, fields, max_failed_login_count=3):
@@ -101,6 +104,11 @@ class User(UserMixin):
 
     def has_permissions(self, *permissions, any_=False, admin_override=False):
 
+        unknown_permissions = set(permissions) - all_permissions
+
+        if unknown_permissions:
+            raise TypeError('{} are not valid permissions'.format(unknown_permissions))
+
         # Only available to the platform admin user
         if admin_override and self.platform_admin:
             return True

tests/app/main/test_permissions.py

@@ -38,7 +38,7 @@ def test_user_has_permissions_on_endpoint_fail(
     _test_permissions(
         client,
         user,
-        ['something'],
+        ['send_texts'],
         '',
         False)
 
@@ -66,7 +66,7 @@ def test_user_has_permissions_or(
     _test_permissions(
         client,
         user,
-        ['something', 'manage_users'],
+        ['send_texts', 'manage_users'],
         '',
         True,
         any_=True)

tests/app/main/test_user.py

@@ -1,3 +1,4 @@
+import pytest
 from app.notify_client.user_api_client import User
 
 
@@ -25,3 +26,6 @@ def test_user():
     # set failed logins to threshold
     user.failed_login_count = 3
     assert user.is_locked()
+
+    with pytest.raises(TypeError):
+        user.has_permissions('to_do_bad_things')