From e5e9db88fddbef385bad19b68bd12d6b6d505193 Mon Sep 17 00:00:00 2001
From: Nicholas Staples <nicholas.staples@solution-tribute.com>
Date: Thu, 3 Mar 2016 14:32:19 +0000
Subject: [PATCH] Functionality_added, tests passing.

---
 app/main/dao/users_dao.py                 |  3 +-
 app/main/forms.py                         |  8 +--
 app/main/views/manage_users.py            | 31 ++++++++----
 tests/app/main/views/test_manage_users.py | 59 +++++++++++++++++++++--
 tests/conftest.py                         |  5 ++
 5 files changed, 87 insertions(+), 19 deletions(-)

diff --git a/app/main/dao/users_dao.py b/app/main/dao/users_dao.py
index e494ddfd9..411a22490 100644
--- a/app/main/dao/users_dao.py
+++ b/app/main/dao/users_dao.py
@@ -8,9 +8,10 @@ from app.main.encryption import hashpw
 
 from app import user_api_client
 
-
+#
 # TODO fix up this, do we really need this class why not just use the clients
 # directly??
+#
 
 
 @login_manager.user_loader
diff --git a/app/main/forms.py b/app/main/forms.py
index b68162b95..5aa1cec60 100644
--- a/app/main/forms.py
+++ b/app/main/forms.py
@@ -110,9 +110,11 @@ class RegisterUserFromInviteForm(Form):
 class InviteUserForm(Form):
     email_address = email_address('Their email address')
 
-    send_messages = BooleanField("Send messages")
-    manage_service = BooleanField("Manage service")
-    manage_api_keys = BooleanField("Manage API keys")
+    # TODO fix this Radio field so we are not having to test for yes or no rather
+    # use operator equality.
+    send_messages = RadioField("Send messages", choices=[('yes', 'Yes'), ('no', 'No')])
+    manage_service = RadioField("Manage service", choices=[('yes', 'Yes'), ('no', 'No')])
+    manage_api_keys = RadioField("Manage API keys", choices=[('yes', 'Yes'), ('no', 'No')])
 
 
 class TwoFactorForm(Form):
diff --git a/app/main/views/manage_users.py b/app/main/views/manage_users.py
index 13e02ed2c..017509ac3 100644
--- a/app/main/views/manage_users.py
+++ b/app/main/views/manage_users.py
@@ -12,6 +12,7 @@ from flask_login import (
 )
 
 from notifications_python_client.errors import HTTPError
+from app import user_api_client
 
 from app.main import main
 from app.main.forms import InviteUserForm
@@ -20,16 +21,6 @@ from app import user_api_client
 from app import invite_api_client
 from app.utils import user_has_permissions
 
-fake_users = [
-    {
-        'name': '',
-        'permission_send_messages': True,
-        'permission_manage_service': True,
-        'permission_manage_api_keys': True,
-        'active': True
-    }
-]
-
 
 @main.route("/services/<service_id>/users")
 @login_required
@@ -83,6 +74,14 @@ def edit_user_permissions(service_id, user_id):
         'manage_api_keys': user.has_permissions(['manage_api_keys', 'access_developer_docs'])
         })
     if form.validate_on_submit():
+        permissions = []
+        permissions.extend(
+            _convert_role_to_permissions('send_messages') if form.send_messages.data == 'yes' else [])
+        permissions.extend(
+            _convert_role_to_permissions('manage_service') if form.manage_service.data == 'yes' else [])
+        permissions.extend(
+            _convert_role_to_permissions('manage_api_keys') if form.manage_api_keys.data == 'yes' else [])
+        user_api_client.set_user_permissions(user_id, service_id, permissions)
         return redirect(url_for('.manage_users', service_id=service_id))
 
     return render_template(
@@ -123,6 +122,18 @@ def cancel_invited_user(service_id, invited_user_id):
     return redirect(url_for('main.manage_users', service_id=service_id))
 
 
+def _convert_role_to_permissions(role):
+    if role == 'send_messages':
+        return ['send_texts', 'send_emails', 'send_letters']
+    elif role == 'manage_service':
+        return ['manage_users', 'manage_templates', 'manage_settings']
+    elif role == 'manage_api_keys':
+        return ['manage_api_keys', 'access_developer_docs']
+    return []
+
+
+# TODO replace with method which converts each 'role' into the list
+# of permissions like the method above :)
 def _get_permissions(form):
     permissions = []
     if form.get('send_messages') and form['send_messages'] == 'yes':
diff --git a/tests/app/main/views/test_manage_users.py b/tests/app/main/views/test_manage_users.py
index 22528d2e9..123a225e3 100644
--- a/tests/app/main/views/test_manage_users.py
+++ b/tests/app/main/views/test_manage_users.py
@@ -37,26 +37,75 @@ def test_should_show_page_for_one_user(
         assert response.status_code == 200
 
 
-def test_redirect_after_saving_user(
+def test_edit_user_permissions(
     app_,
     api_user_active,
     mock_login,
     mock_get_service,
     mock_get_users_by_service,
     mock_get_invites_for_service,
-    mock_has_permissions
+    mock_has_permissions,
+    mock_set_user_permissions
 ):
     with app_.test_request_context():
         with app_.test_client() as client:
+            service_id = '55555'
             client.login(api_user_active)
             response = client.post(url_for(
-                'main.edit_user_permissions', service_id=55555, user_id=0
-            ))
+                'main.edit_user_permissions', service_id=service_id, user_id=api_user_active.id
+            ), data={'email_address': api_user_active.email_address,
+                     'send_messages': 'yes',
+                     'manage_service': 'yes',
+                     'manage_api_keys': 'yes'})
 
         assert response.status_code == 302
         assert response.location == url_for(
-            'main.manage_users', service_id=55555, _external=True
+            'main.manage_users', service_id=service_id, _external=True
         )
+        mock_set_user_permissions.assert_called_with(
+            str(api_user_active.id),
+            service_id,
+            ['send_texts',
+             'send_emails',
+             'send_letters',
+             'manage_users',
+             'manage_templates',
+             'manage_settings',
+             'manage_api_keys',
+             'access_developer_docs'])
+
+
+def test_edit_some_user_permissions(
+    app_,
+    api_user_active,
+    mock_login,
+    mock_get_service,
+    mock_get_users_by_service,
+    mock_get_invites_for_service,
+    mock_has_permissions,
+    mock_set_user_permissions
+):
+    with app_.test_request_context():
+        with app_.test_client() as client:
+            service_id = '55555'
+            client.login(api_user_active)
+            response = client.post(url_for(
+                'main.edit_user_permissions', service_id=service_id, user_id=api_user_active.id
+            ), data={'email_address': api_user_active.email_address,
+                     'send_messages': 'yes',
+                     'manage_service': 'no',
+                     'manage_api_keys': 'no'})
+
+        assert response.status_code == 302
+        assert response.location == url_for(
+            'main.manage_users', service_id=service_id, _external=True
+        )
+        mock_set_user_permissions.assert_called_with(
+            str(api_user_active.id),
+            service_id,
+            ['send_texts',
+             'send_emails',
+             'send_letters'])
 
 
 def test_should_show_page_for_inviting_user(
diff --git a/tests/conftest.py b/tests/conftest.py
index 24471d539..2c8d8266d 100644
--- a/tests/conftest.py
+++ b/tests/conftest.py
@@ -624,3 +624,8 @@ def mock_add_user_to_service(mocker, service_one, api_user_active):
     def _add_user(service_id, user_id):
         return api_user_active
     return mocker.patch('app.user_api_client.add_user_to_service', side_effect=_add_user)
+
+
+@pytest.fixture(scope='function')
+def mock_set_user_permissions(mocker):
+    return mocker.patch('app.user_api_client.set_user_permissions', return_value=None)