diff --git a/app/notify_client/models.py b/app/notify_client/models.py index 9450b5d75..3e6a7ae60 100644 --- a/app/notify_client/models.py +++ b/app/notify_client/models.py @@ -1,3 +1,4 @@ +from itertools import chain from flask_login import UserMixin, AnonymousUserMixin from flask import session @@ -9,6 +10,8 @@ roles = { 'manage_api_keys': ['manage_api_keys'] } +all_permissions = set(chain.from_iterable(roles.values())) | {'view_activity'} + class User(UserMixin): def __init__(self, fields, max_failed_login_count=3): @@ -101,6 +104,11 @@ class User(UserMixin): def has_permissions(self, *permissions, any_=False, admin_override=False): + unknown_permissions = set(permissions) - all_permissions + + if unknown_permissions: + raise TypeError('{} are not valid permissions'.format(unknown_permissions)) + # Only available to the platform admin user if admin_override and self.platform_admin: return True diff --git a/tests/app/main/test_permissions.py b/tests/app/main/test_permissions.py index 721e74953..f908c1e79 100644 --- a/tests/app/main/test_permissions.py +++ b/tests/app/main/test_permissions.py @@ -38,7 +38,7 @@ def test_user_has_permissions_on_endpoint_fail( _test_permissions( client, user, - ['something'], + ['send_texts'], '', False) @@ -66,7 +66,7 @@ def test_user_has_permissions_or( _test_permissions( client, user, - ['something', 'manage_users'], + ['send_texts', 'manage_users'], '', True, any_=True) diff --git a/tests/app/main/test_user.py b/tests/app/main/test_user.py index 1042f3b26..48e160376 100644 --- a/tests/app/main/test_user.py +++ b/tests/app/main/test_user.py @@ -1,3 +1,4 @@ +import pytest from app.notify_client.user_api_client import User @@ -25,3 +26,6 @@ def test_user(): # set failed logins to threshold user.failed_login_count = 3 assert user.is_locked() + + with pytest.raises(TypeError): + user.has_permissions('to_do_bad_things')