darkhelm/notifications-admin
1
0
Fork 0
mirror of https://github.com/GSA/notifications-admin.git synced 2026-02-06 11:23:48 -05:00
Code Issues Packages Projects Releases Wiki Activity
Files
ddd413f2995a8e71b110a6eb1f97df5d9bfa83da
notifications-admin/tests/app/utils/test_user.py

192 lines
4.1 KiB
Python
Raw Blame History

This file contains ambiguous Unicode characters
This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.
import pytest
from flask import request
from werkzeug.exceptions import Forbidden
from app.utils.user import user_has_permissions
@pytest.mark.parametrize(
"permissions",
[
[
# Route has one of the permissions which the user has
"manage_service"
],
[
# Route has more than one of the permissions which the user has
"manage_templates",
"manage_service",
],
[
# Route has one of the permissions which the user has, and one they do not
"manage_service",
"send_messages",
],
[
# Route has no specific permissions required
],
],
)
def test_permissions(
client_request,
permissions,
api_user_active,
):
request.view_args.update({"service_id": "foo"})
api_user_active["permissions"] = {
"foo": ["manage_users", "manage_templates", "manage_settings"]
}
api_user_active["services"] = ["foo", "bar"]
client_request.login(api_user_active)
@user_has_permissions(*permissions)
def index():
pass
index()
@pytest.mark.parametrize(
"permissions",
[
[
# Route has a permission which the user doesnt have
"send_messages"
],
],
)
def test_permissions_forbidden(
client_request,
permissions,
api_user_active,
):
request.view_args.update({"service_id": "foo"})
api_user_active["permissions"] = {
"foo": ["manage_users", "manage_templates", "manage_settings"]
}
api_user_active["services"] = ["foo", "bar"]
client_request.login(api_user_active)
@user_has_permissions(*permissions)
def index():
pass
with pytest.raises(expected_exception=Forbidden):
index()
def test_restrict_admin_usage(
client_request,
platform_admin_user,
):
request.view_args.update({"service_id": "foo"})
client_request.login(platform_admin_user)
@user_has_permissions(restrict_admin_usage=True)
def index():
pass
with pytest.raises(Forbidden):
index()
def test_no_user_returns_redirect_to_sign_in(client_request, mocker):
mocker.patch("app.notify_client.user_api_client.UserApiClient.deactivate_user")
client_request.logout()
@user_has_permissions()
def index():
pass
response = index()
assert response.status_code == 302
assert response.location.startswith("/sign-in?next=")
def test_user_has_permissions_for_organization(
client_request,
api_user_active,
):
api_user_active["organizations"] = ["org_1", "org_2"]
client_request.login(api_user_active)
request.view_args = {"org_id": "org_2"}
@user_has_permissions()
def index():
pass
index()
def test_platform_admin_can_see_orgs_they_dont_have(
client_request,
platform_admin_user,
):
platform_admin_user["organizations"] = []
client_request.login(platform_admin_user)
request.view_args = {"org_id": "org_2"}
@user_has_permissions()
def index():
pass
index()
# def test_cant_use_decorator_without_view_args(
# client_request,
# platform_admin_user,
# ):
# client_request.login(platform_admin_user)
# request.view_args = {}
# @user_has_permissions()
# def index():
# pass
# with pytest.raises(NotImplementedError):
# index()
def test_user_doesnt_have_permissions_for_organization(
client_request,
api_user_active,
):
api_user_active["organizations"] = ["org_1", "org_2"]
client_request.login(api_user_active)
request.view_args = {"org_id": "org_3"}
@user_has_permissions()
def index():
pass
with pytest.raises(Forbidden):
index()
def test_user_with_no_permissions_to_service_goes_to_templates(
client_request,
api_user_active,
):
api_user_active["permissions"] = {
"foo": ["manage_users", "manage_templates", "manage_settings"]
}
api_user_active["services"] = ["foo", "bar"]
client_request.login(api_user_active)
request.view_args = {"service_id": "bar"}
@user_has_permissions()
def index():
pass
index()
Reference in New Issue View Git Blame Copy Permalink