darkhelm/notifications-admin
1
0
Fork 0
mirror of https://github.com/GSA/notifications-admin.git synced 2026-05-04 08:01:34 -04:00
Code Issues Packages Projects Releases Wiki Activity
Files
17061e0d06ea15b1ba30381226aa95325089665d
notifications-admin/tests/app/notify_client/test_user_client.py
Leo Hemsted 17061e0d06 map roles and db permissions 
in the db, we have several rows for single permissions - we separate
`send_messages` into `send_texts`, `send_emails` and `send_letters`,
and also `manage_service` into `manage_users` and `manage_settings`.

But on the front end we don't do anything with this distinction. It's
unhelpful for us to have to think about permissions as groups of things
when we can never split them up at all. So we should combine them. This
commit makes sure:
* when user models are read  (from JSON direct from the API), we
  should transform them from db permissions into roles.
* when permissions are persisted (editing permissions, and creating
  invites), we should send db permissions to the API.

All other interaction with permissions (should just be the endpoint
decorator and checks in html templates generally) should use admin
roles.
2018-03-06 13:08:06 +00:00

160 lines
5.4 KiB
Python
Raw Blame History

from unittest.mock import call
import pytest
from tests.conftest import SERVICE_ONE_ID
from app import user_api_client
from app.notify_client.models import User
def test_client_gets_all_users_for_service(
mocker,
fake_uuid,
):
user_api_client.max_failed_login_count = 99 # doesn't matter for this test
mock_get = mocker.patch(
'app.notify_client.user_api_client.UserApiClient.get',
return_value={'data': [
{'id': fake_uuid},
]}
)
users = user_api_client.get_users_for_service(SERVICE_ONE_ID)
mock_get.assert_called_once_with('/service/{}/users'.format(SERVICE_ONE_ID))
assert len(users) == 1
assert users[0].id == fake_uuid
def test_client_returns_count_of_users_with_manage_service(
app_,
client,
mocker,
fake_uuid,
):
def _service_one_user_with_permissions(*permissions):
return User({'permissions': {SERVICE_ONE_ID: list(permissions)}})
mock_get_users = mocker.patch(
'app.notify_client.user_api_client.UserApiClient.get_users_for_service',
return_value=[
_service_one_user_with_permissions('manage_settings', 'view_activity'),
_service_one_user_with_permissions('manage_settings'),
_service_one_user_with_permissions('view_activity'),
_service_one_user_with_permissions('manage_templates'),
]
)
mocker.patch(
'app.notify_client.models._get_service_id_from_view_args',
return_value=SERVICE_ONE_ID,
)
assert user_api_client.get_count_of_users_with_permission(
SERVICE_ONE_ID,
'manage_settings'
) == 2
assert user_api_client.get_count_of_users_with_permission(
SERVICE_ONE_ID,
'manage_templates'
) == 1
assert mock_get_users.call_args_list == [
call(SERVICE_ONE_ID),
call(SERVICE_ONE_ID)
]
def test_client_uses_correct_find_by_email(mocker, api_user_active):
expected_url = '/user/email'
expected_params = {'email': api_user_active.email_address}
user_api_client.max_failed_login_count = 1 # doesn't matter for this test
mock_get = mocker.patch('app.notify_client.user_api_client.UserApiClient.get')
user_api_client.get_user_by_email(api_user_active.email_address)
mock_get.assert_called_once_with(expected_url, params=expected_params)
def test_client_only_updates_allowed_attributes(mocker):
mocker.patch('app.notify_client.current_user', id='1')
with pytest.raises(TypeError) as error:
user_api_client.update_user_attribute('user_id', id='1')
assert str(error.value) == 'Not allowed to update user attributes: id'
def test_client_updates_password_separately(mocker, api_user_active):
expected_url = '/user/{}/update-password'.format(api_user_active.id)
expected_params = {'_password': 'newpassword'}
user_api_client.max_failed_login_count = 1 # doesn't matter for this test
mock_update_password = mocker.patch('app.notify_client.user_api_client.UserApiClient.post')
user_api_client.update_password(api_user_active.id, expected_params['_password'])
mock_update_password.assert_called_once_with(expected_url, data=expected_params)
def test_client_activates_if_pending(mocker, api_user_pending):
mock_post = mocker.patch('app.notify_client.user_api_client.UserApiClient.post')
user_api_client.max_failed_login_count = 1 # doesn't matter for this test
user_api_client.activate_user(api_user_pending)
mock_post.assert_called_once_with('/user/{}/activate'.format(api_user_pending.id), data=None)
def test_client_doesnt_activate_if_already_active(mocker, api_user_active):
mock_post = mocker.patch('app.notify_client.user_api_client.UserApiClient.post')
user_api_client.activate_user(api_user_active)
assert not mock_post.called
def test_client_passes_admin_url_when_sending_email_auth(
app_,
mocker,
fake_uuid,
):
mock_post = mocker.patch('app.notify_client.user_api_client.UserApiClient.post')
user_api_client.send_verify_code(fake_uuid, 'email', 'ignored@example.com')
mock_post.assert_called_once_with(
'/user/{}/email-code'.format(fake_uuid),
data={
'to': 'ignored@example.com',
'email_auth_link_host': 'http://localhost:6012',
}
)
def test_client_converts_admin_permissions_to_db_permissions_on_edit(app_, mocker):
mock_post = mocker.patch('app.notify_client.user_api_client.UserApiClient.post')
user_api_client.set_user_permissions('user_id', 'service_id', permissions={'send_messages', 'view_activity'})
assert sorted(mock_post.call_args[1]['data'], key=lambda x: x['permission']) == sorted([
{'permission': 'send_texts'},
{'permission': 'send_emails'},
{'permission': 'send_letters'},
{'permission': 'view_activity'},
], key=lambda x: x['permission'])
def test_client_converts_admin_permissions_to_db_permissions_on_add_to_service(app_, mocker):
mock_post = mocker.patch('app.notify_client.user_api_client.UserApiClient.post', return_value={'data': {}})
user_api_client.add_user_to_service('service_id', 'user_id', permissions={'send_messages', 'view_activity'})
assert sorted(mock_post.call_args[1]['data'], key=lambda x: x['permission']) == sorted([
{'permission': 'send_texts'},
{'permission': 'send_emails'},
{'permission': 'send_letters'},
{'permission': 'view_activity'},
], key=lambda x: x['permission'])
Reference in New Issue View Git Blame Copy Permalink