From 376a074f5f81dbb2753acaf4a15efd1aee07217c Mon Sep 17 00:00:00 2001 From: Rebecca Law Date: Tue, 29 Mar 2016 15:35:34 +0100 Subject: [PATCH 1/2] Add view_activity permission so that users can have the default permission to see activity. Add view_activity to default permissions when adding a new user. Add view_activity as a permission group, used when inviting a user. --- app/dao/permissions_dao.py | 6 ++-- app/models.py | 4 ++- app/permissions_utils.py | 6 ++-- app/service/rest.py | 1 - migrations/versions/0043_view_activity.py | 37 +++++++++++++++++++++++ 5 files changed, 48 insertions(+), 6 deletions(-) create mode 100644 migrations/versions/0043_view_activity.py diff --git a/app/dao/permissions_dao.py b/app/dao/permissions_dao.py index d6bdfc8b8..31e4a24a6 100644 --- a/app/dao/permissions_dao.py +++ b/app/dao/permissions_dao.py @@ -12,7 +12,8 @@ from app.models import ( SEND_EMAILS, SEND_LETTERS, MANAGE_API_KEYS, - ACCESS_DEVELOPER_DOCS) + ACCESS_DEVELOPER_DOCS, + VIEW_ACTIVITY) # Default permissions for a service @@ -24,7 +25,8 @@ default_service_permissions = [ SEND_EMAILS, SEND_LETTERS, MANAGE_API_KEYS, - ACCESS_DEVELOPER_DOCS] + ACCESS_DEVELOPER_DOCS, + VIEW_ACTIVITY] class PermissionDAO(DAOClass): diff --git a/app/models.py b/app/models.py index a6f8c9d0f..28dc68c60 100644 --- a/app/models.py +++ b/app/models.py @@ -308,6 +308,7 @@ SEND_LETTERS = 'send_letters' MANAGE_API_KEYS = 'manage_api_keys' ACCESS_DEVELOPER_DOCS = 'access_developer_docs' PLATFORM_ADMIN = 'platform_admin' +VIEW_ACTIVITY = 'view_activity' # List of permissions PERMISSION_LIST = [ @@ -319,7 +320,8 @@ PERMISSION_LIST = [ SEND_LETTERS, MANAGE_API_KEYS, ACCESS_DEVELOPER_DOCS, - PLATFORM_ADMIN] + PLATFORM_ADMIN, + VIEW_ACTIVITY] class Permission(db.Model): diff --git a/app/permissions_utils.py b/app/permissions_utils.py index 13a4ffcbe..e75dd1cb6 100644 --- a/app/permissions_utils.py +++ b/app/permissions_utils.py @@ -6,7 +6,8 @@ from app.models import ( SEND_EMAILS, SEND_LETTERS, MANAGE_API_KEYS, - ACCESS_DEVELOPER_DOCS + ACCESS_DEVELOPER_DOCS, + VIEW_ACTIVITY ) from app.schemas import permission_schema @@ -14,7 +15,8 @@ from app.schemas import permission_schema permissions_groups = {'send_messages': [SEND_TEXTS, SEND_EMAILS, SEND_LETTERS], 'manage_service': [MANAGE_USERS, MANAGE_SETTINGS, MANAGE_TEMPLATES], - 'manage_api_keys': [MANAGE_API_KEYS, ACCESS_DEVELOPER_DOCS]} + 'manage_api_keys': [MANAGE_API_KEYS, ACCESS_DEVELOPER_DOCS], + VIEW_ACTIVITY: [VIEW_ACTIVITY]} def get_permissions_by_group(permission_groups): diff --git a/app/service/rest.py b/app/service/rest.py index 26bee5600..9cd34bbb2 100644 --- a/app/service/rest.py +++ b/app/service/rest.py @@ -178,7 +178,6 @@ def remove_user_from_service(service_id, user_id): def _process_permissions(user, service, permission_groups): from app.permissions_utils import get_permissions_by_group - from app.dao.permissions_dao import permission_dao permissions = get_permissions_by_group(permission_groups) for permission in permissions: permission.user = user diff --git a/migrations/versions/0043_view_activity.py b/migrations/versions/0043_view_activity.py new file mode 100644 index 000000000..c60d4fb61 --- /dev/null +++ b/migrations/versions/0043_view_activity.py @@ -0,0 +1,37 @@ +"""empty message + +Revision ID: 0043_add_view_activity +Revises: 0042_default_stats_to_zero +Create Date: 2016-03-29 13:46:36.219549 + +""" + +# revision identifiers, used by Alembic. +import uuid + +revision = '0043_add_view_activity' +down_revision = '0042_default_stats_to_zero' + +from alembic import op + + +def upgrade(): + ### commands auto generated by Alembic - please adjust! ### + conn = op.get_bind() + conn.execute('COMMIT') + conn.execute("alter type permission_types add value IF NOT EXISTS 'view_activity'") + user_services = conn.execute("SELECT * FROM user_to_service").fetchall() + for user_service in user_services: + conn.execute( + "insert into permissions (id, service_id, user_id, created_at, permission) " + "values('{0}', '{1}', {2}, now(), 'view_activity')".format( + uuid.uuid4(), user_service.service_id, user_service.user_id)) + ### end Alembic commands ### + + +def downgrade(): + ### commands auto generated by Alembic - please adjust! ### + conn = op.get_bind() + conn.execute("delete from permissions where permission = 'view_activity'") + conn.execute("delete from pg_enum where enumlabel = 'view_activity'") + ### end Alembic commands ### From c7c845cea6115e188ac2e909b4d40f40d72542c7 Mon Sep 17 00:00:00 2001 From: Rebecca Law Date: Tue, 29 Mar 2016 17:00:42 +0100 Subject: [PATCH 2/2] Remove access_developer_docs as a permission type. It does not make sense to have permission for viewing the documentation. On the downgrade method of the db script the assumption that all users with manage_api_keys had the access_developer_docs permission. --- app/dao/permissions_dao.py | 2 -- app/models.py | 2 -- app/permissions_utils.py | 3 +-- migrations/versions/0043_view_activity.py | 10 ++++++++++ tests/app/service/test_rest.py | 5 ++--- 5 files changed, 13 insertions(+), 9 deletions(-) diff --git a/app/dao/permissions_dao.py b/app/dao/permissions_dao.py index 31e4a24a6..2213c0040 100644 --- a/app/dao/permissions_dao.py +++ b/app/dao/permissions_dao.py @@ -12,7 +12,6 @@ from app.models import ( SEND_EMAILS, SEND_LETTERS, MANAGE_API_KEYS, - ACCESS_DEVELOPER_DOCS, VIEW_ACTIVITY) @@ -25,7 +24,6 @@ default_service_permissions = [ SEND_EMAILS, SEND_LETTERS, MANAGE_API_KEYS, - ACCESS_DEVELOPER_DOCS, VIEW_ACTIVITY] diff --git a/app/models.py b/app/models.py index 28dc68c60..0603fb1c3 100644 --- a/app/models.py +++ b/app/models.py @@ -306,7 +306,6 @@ SEND_TEXTS = 'send_texts' SEND_EMAILS = 'send_emails' SEND_LETTERS = 'send_letters' MANAGE_API_KEYS = 'manage_api_keys' -ACCESS_DEVELOPER_DOCS = 'access_developer_docs' PLATFORM_ADMIN = 'platform_admin' VIEW_ACTIVITY = 'view_activity' @@ -319,7 +318,6 @@ PERMISSION_LIST = [ SEND_EMAILS, SEND_LETTERS, MANAGE_API_KEYS, - ACCESS_DEVELOPER_DOCS, PLATFORM_ADMIN, VIEW_ACTIVITY] diff --git a/app/permissions_utils.py b/app/permissions_utils.py index e75dd1cb6..fa9268523 100644 --- a/app/permissions_utils.py +++ b/app/permissions_utils.py @@ -6,7 +6,6 @@ from app.models import ( SEND_EMAILS, SEND_LETTERS, MANAGE_API_KEYS, - ACCESS_DEVELOPER_DOCS, VIEW_ACTIVITY ) @@ -15,7 +14,7 @@ from app.schemas import permission_schema permissions_groups = {'send_messages': [SEND_TEXTS, SEND_EMAILS, SEND_LETTERS], 'manage_service': [MANAGE_USERS, MANAGE_SETTINGS, MANAGE_TEMPLATES], - 'manage_api_keys': [MANAGE_API_KEYS, ACCESS_DEVELOPER_DOCS], + 'manage_api_keys': [MANAGE_API_KEYS], VIEW_ACTIVITY: [VIEW_ACTIVITY]} diff --git a/migrations/versions/0043_view_activity.py b/migrations/versions/0043_view_activity.py index c60d4fb61..f589a0938 100644 --- a/migrations/versions/0043_view_activity.py +++ b/migrations/versions/0043_view_activity.py @@ -26,6 +26,8 @@ def upgrade(): "insert into permissions (id, service_id, user_id, created_at, permission) " "values('{0}', '{1}', {2}, now(), 'view_activity')".format( uuid.uuid4(), user_service.service_id, user_service.user_id)) + conn.execute("delete from permissions where permission = 'access_developer_docs'") + conn.execute("delete from pg_enum where enumlabel='access_developer_docs'") ### end Alembic commands ### @@ -34,4 +36,12 @@ def downgrade(): conn = op.get_bind() conn.execute("delete from permissions where permission = 'view_activity'") conn.execute("delete from pg_enum where enumlabel = 'view_activity'") + conn.execute('COMMIT') + conn.execute("alter type permission_types add value IF NOT EXISTS 'access_developer_docs'") + manage_api_key_users = conn.execute("SELECT * FROM permissions where permission='manage_api_keys'").fetchall() + for user_service in manage_api_key_users: + conn.execute( + "insert into permissions (id, service_id, user_id, created_at, permission) " + "values('{0}', '{1}', {2}, now(), 'access_developer_docs')".format( + uuid.uuid4(), user_service.service_id, user_service.user_id)) ### end Alembic commands ### diff --git a/tests/app/service/test_rest.py b/tests/app/service/test_rest.py index 960d66543..7b2c4e8dd 100644 --- a/tests/app/service/test_rest.py +++ b/tests/app/service/test_rest.py @@ -600,8 +600,7 @@ def test_add_existing_user_to_another_service_with_all_permissions(notify_api, json_resp = json.loads(resp.get_data(as_text=True)) permissions = json_resp['data']['permissions'][str(sample_service.id)] expected_permissions = ['send_texts', 'send_emails', 'send_letters', 'manage_users', - 'manage_settings', 'manage_templates', 'manage_api_keys', - 'access_developer_docs'] + 'manage_settings', 'manage_templates', 'manage_api_keys'] assert sorted(expected_permissions) == sorted(permissions) @@ -745,7 +744,7 @@ def test_add_existing_user_to_another_service_with_manage_api_keys(notify_api, json_resp = json.loads(resp.get_data(as_text=True)) permissions = json_resp['data']['permissions'][str(sample_service.id)] - expected_permissions = ['manage_api_keys', 'access_developer_docs'] + expected_permissions = ['manage_api_keys'] assert sorted(expected_permissions) == sorted(permissions)