darkhelm/notifications-api
1
0
Fork 0
mirror of https://github.com/GSA/notifications-api.git synced 2026-02-01 23:55:58 -05:00
Code Issues Packages Projects Releases Wiki Activity

Working permissions and all tests passing.

Browse Source 
Remove print statements.

Fix for review comments.
This commit is contained in:
Nicholas Staples
2016-02-26 12:00:16 +00:00
parent 5bbd3aad39
commit 16e1ecb134
19 changed files with 456 additions and 177 deletions
Download Patch File Download Diff File Expand all files Collapse all files

28
tests/app/conftest.py
View File

@@ -1,7 +1,8 @@
import pytest
from datetime import datetime
from app import email_safe
from app.models import (User, Service, Template, ApiKey, Job, Notification, InvitedUser)
from app import (email_safe, db)
from app.models import (
User, Service, Template, ApiKey, Job, Notification, InvitedUser, Permission)
from app.dao.users_dao import (save_model_user, create_user_code, create_secret_code)
from app.dao.services_dao import dao_create_service
from app.dao.templates_dao import dao_create_template
@@ -47,8 +48,7 @@ def sample_user(notify_db,
'email_address': email,
'password': 'password',
'mobile_number': '+447700900986',
'state': 'active',
'permissions': []
'state': 'active'
}
usr = User.query.filter_by(email_address=email).first()
if not usr:
@@ -321,3 +321,23 @@ def sample_invited_user(notify_db,
invited_user = InvitedUser(**data)
save_invited_user(invited_user)
return invited_user
@pytest.fixture(scope='function')
def sample_permission(notify_db,
notify_db_session,
service=None,
user=None,
permission="sample permission"):
if user is None:
user = sample_user(notify_db, notify_db_session)
data = {
'user': user,
'permission': permission
}
if service:
data['service'] = service
p_model = Permission(**data)
db.session.add(p_model)
db.session.commit()
return p_model

4
tests/app/notifications/test_rest.py
View File

@@ -439,8 +439,8 @@ def test_should_allow_valid_email_notification(notify_api, sample_email_template
path='/notifications/email',
data=json.dumps(data),
headers=[('Content-Type', 'application/json'), auth_header])
notification_id = json.loads(response.data)['notification_id']
assert response.status_code == 201
notification_id = json.loads(response.get_data(as_text=True))['notification_id']
app.celery.tasks.send_email.apply_async.assert_called_once_with(
(str(sample_email_template.service_id),
notification_id,

0
tests/app/permissions/__init__.py Normal file
View File

178
tests/app/permissions/test_rest.py Normal file
View File

@@ -0,0 +1,178 @@
import json
from flask import url_for
from tests import create_authorization_header
from ..conftest import sample_permission as create_permission
def test_get_permission_list(notify_api, notify_db, notify_db_session, sample_permission):
"""
Tests GET endpoint '/' to retrieve entire permission list.
"""
with notify_api.test_request_context():
with notify_api.test_client() as client:
header = create_authorization_header(
path=url_for('permission.get_permissions'),
method='GET')
response = client.get(
url_for('permission.get_permissions'),
headers=[header])
assert response.status_code == 200
json_resp = json.loads(response.get_data(as_text=True))
assert len(json_resp['data']) == 1
expected = {
"permission": sample_permission.permission,
"user": sample_permission.user.id,
"id": str(sample_permission.id),
"service": None
}
assert expected in json_resp['data']
def test_get_permission_filter(notify_api,
notify_db,
notify_db_session,
sample_permission,
sample_user,
sample_service):
"""
Tests GET endpoint '/' to retrieve filtered permission list.
"""
with notify_api.test_request_context():
with notify_api.test_client() as client:
another_permission = create_permission(
notify_db,
notify_db_session,
user=sample_user,
service=sample_service,
permission="another permission")
header = create_authorization_header(
path=url_for('permission.get_permissions'),
method='GET')
response = client.get(
url_for('permission.get_permissions', service=str(sample_service.id)),
headers=[header])
assert response.status_code == 200
json_resp = json.loads(response.get_data(as_text=True))
assert len(json_resp['data']) == 1
expected = {
"permission": another_permission.permission,
"user": sample_user.id,
"id": str(another_permission.id),
"service": str(sample_service.id)
}
assert expected in json_resp['data']
def test_get_permission(notify_api, notify_db, notify_db_session, sample_permission):
"""
Tests GET endpoint '/<permission_id>' to retrieve a single permission.
"""
with notify_api.test_request_context():
with notify_api.test_client() as client:
header = create_authorization_header(
path=url_for('permission.get_permission', permission_id=str(sample_permission.id)),
method='GET')
response = client.get(
url_for('permission.get_permission', permission_id=str(sample_permission.id)),
headers=[header])
assert response.status_code == 200
json_resp = json.loads(response.get_data(as_text=True))
expected = {
"permission": sample_permission.permission,
"user": sample_permission.user.id,
"id": str(sample_permission.id),
"service": None
}
assert expected == json_resp['data']
def test_get_permission_404(notify_api, notify_db, notify_db_session, sample_permission):
"""
Tests GET endpoint '/<invalid_id>' returns a correct 404
"""
with notify_api.test_request_context():
with notify_api.test_client() as client:
header = create_authorization_header(
path=url_for('permission.get_permission', permission_id="123"),
method='GET')
response = client.get(
url_for('permission.get_permission', permission_id="123"),
headers=[header])
assert response.status_code == 404
json_resp = json.loads(response.get_data(as_text=True))
assert json_resp['message'] == 'No result found'
def test_create_permission(notify_api, notify_db, notify_db_session, sample_user, sample_service):
"""
Tests POST endpoint '/' to create a single permission.
"""
with notify_api.test_request_context():
with notify_api.test_client() as client:
permission_name = "new permission"
data = json.dumps({
'user': sample_user.id,
'service': str(sample_service.id),
'permission': permission_name})
auth_header = create_authorization_header(
path=url_for('permission.create_permission'),
method='POST',
request_body=data)
headers = [('Content-Type', 'application/json'), auth_header]
response = client.post(
url_for('permission.create_permission'),
data=data,
headers=headers)
assert response.status_code == 201
json_resp = json.loads(response.get_data(as_text=True))
assert permission_name == json_resp['data']['permission']
assert str(sample_service.id) == json_resp['data']['service']
assert sample_user.id == json_resp['data']['user']
def test_create_permission_no_service(notify_api, notify_db, notify_db_session, sample_user):
"""
Tests POST endpoint '/' to create a single permission.
"""
with notify_api.test_request_context():
with notify_api.test_client() as client:
permission_name = "new permission"
data = json.dumps({
'user': sample_user.id,
'permission': permission_name})
auth_header = create_authorization_header(
path=url_for('permission.create_permission'),
method='POST',
request_body=data)
headers = [('Content-Type', 'application/json'), auth_header]
response = client.post(
url_for('permission.create_permission'),
data=data,
headers=headers)
assert response.status_code == 201
json_resp = json.loads(response.get_data(as_text=True))
assert permission_name == json_resp['data']['permission']
assert sample_user.id == json_resp['data']['user']
def test_delete_permission(notify_api, notify_db, notify_db_session, sample_permission):
"""
Tests DELETE endpoint '/' to delete a permission.
"""
with notify_api.test_request_context():
with notify_api.test_client() as client:
header = create_authorization_header(
path=url_for('permission.delete_permission', permission_id=sample_permission.id),
method='DELETE')
response = client.delete(
url_for('permission.delete_permission', permission_id=sample_permission.id),
headers=[header])
assert response.status_code == 200
json_resp = json.loads(response.get_data(as_text=True))
expected = {
"permission": sample_permission.permission,
"user": sample_permission.user.id,
"id": str(sample_permission.id),
"service": None
}
assert expected == json_resp['data']

146
tests/app/user/test_rest.py
View File

@@ -28,8 +28,7 @@ def test_get_user_list(notify_api, notify_db, notify_db_session, sample_user, sa
"password_changed_at": None,
"logged_in_at": None,
"state": "active",
"failed_login_count": 0,
"permissions": []
"failed_login_count": 0
}
assert expected in json_resp['data']
@@ -56,8 +55,7 @@ def test_get_user(notify_api, notify_db, notify_db_session, sample_user, sample_
"password_changed_at": None,
"logged_in_at": None,
"state": "active",
"failed_login_count": 0,
"permissions": []
"failed_login_count": 0
}
assert json_resp['data'] == expected
@@ -77,8 +75,7 @@ def test_post_user(notify_api, notify_db, notify_db_session, sample_admin_servic
"password_changed_at": None,
"logged_in_at": None,
"state": "active",
"failed_login_count": 0,
"permissions": []
"failed_login_count": 0
}
auth_header = create_authorization_header(service_id=sample_admin_service_id,
path=url_for('user.create_user'),
@@ -111,8 +108,7 @@ def test_post_user_missing_attribute_email(notify_api, notify_db, notify_db_sess
"password_changed_at": None,
"logged_in_at": None,
"state": "active",
"failed_login_count": 0,
"permissions": []
"failed_login_count": 0
}
auth_header = create_authorization_header(service_id=sample_admin_service_id,
path=url_for('user.create_user'),
@@ -143,8 +139,7 @@ def test_post_user_missing_attribute_password(notify_api, notify_db, notify_db_s
"password_changed_at": None,
"logged_in_at": None,
"state": "active",
"failed_login_count": 0,
"permissions": []
"failed_login_count": 0
}
auth_header = create_authorization_header(service_id=sample_admin_service_id,
path=url_for('user.create_user'),
@@ -172,8 +167,7 @@ def test_put_user(notify_api, notify_db, notify_db_session, sample_user, sample_
data = {
'name': sample_user.name,
'email_address': new_email,
'mobile_number': sample_user.mobile_number,
'permissions': []
'mobile_number': sample_user.mobile_number
}
auth_header = create_authorization_header(service_id=sample_admin_service_id,
path=url_for('user.update_user', user_id=sample_user.id),
@@ -196,8 +190,7 @@ def test_put_user(notify_api, notify_db, notify_db_session, sample_user, sample_
"id": user.id,
"logged_in_at": None,
"state": "active",
"failed_login_count": 0,
"permissions": []
"failed_login_count": 0
}
assert json_resp['data'] == expected
assert json_resp['data']['email_address'] == new_email
@@ -219,8 +212,7 @@ def test_put_user_update_password(notify_api,
'name': sample_user.name,
'email_address': sample_user.email_address,
'mobile_number': sample_user.mobile_number,
'password': new_password,
'permissions': []
'password': new_password
}
auth_header = create_authorization_header(service_id=sample_admin_service_id,
path=url_for('user.update_user', user_id=sample_user.id),
@@ -277,125 +269,6 @@ def test_put_user_not_exists(notify_api, notify_db, notify_db_session, sample_us
assert user.email_address != new_email
def test_post_with_permissions(notify_api, notify_db, notify_db_session, sample_admin_service_id):
"""
Tests POST endpoint '/' to create a user with permissions.
"""
with notify_api.test_request_context():
with notify_api.test_client() as client:
assert User.query.count() == 1
permissions = ['new permission']
data = {
"name": "Test User",
"email_address": "user@digital.cabinet-office.gov.uk",
"password": "password",
"mobile_number": "+447700900986",
"password_changed_at": None,
"logged_in_at": None,
"state": "active",
"failed_login_count": 0,
"permissions": permissions
}
auth_header = create_authorization_header(service_id=sample_admin_service_id,
path=url_for('user.create_user'),
method='POST',
request_body=json.dumps(data))
headers = [('Content-Type', 'application/json'), auth_header]
resp = client.post(
url_for('user.create_user'),
data=json.dumps(data),
headers=headers)
assert resp.status_code == 201
user = User.query.filter_by(email_address='user@digital.cabinet-office.gov.uk').first()
json_resp = json.loads(resp.get_data(as_text=True))
json_resp['data'] == {"email_address": user.email_address, "id": user.id}
assert json_resp['data']['email_address'] == user.email_address
assert json_resp['data']['id'] == user.id
assert json_resp['data']['permissions'] == permissions
def test_put_add_permissions(notify_api, notify_db, notify_db_session, sample_user, sample_admin_service_id):
"""
Tests PUT endpoint '/' to update user permissions.
"""
with notify_api.test_request_context():
with notify_api.test_client() as client:
permissions = ['one permission', 'another permission']
data = {
'name': sample_user.name,
'email_address': sample_user.email_address,
'mobile_number': sample_user.mobile_number,
'permissions': permissions
}
auth_header = create_authorization_header(service_id=sample_admin_service_id,
path=url_for('user.update_user', user_id=sample_user.id),
method='PUT',
request_body=json.dumps(data))
headers = [('Content-Type', 'application/json'), auth_header]
resp = client.put(
url_for('user.update_user', user_id=sample_user.id),
data=json.dumps(data),
headers=headers)
assert resp.status_code == 200
assert User.query.count() == 2
user = User.query.filter_by(email_address=sample_user.email_address).first()
json_resp = json.loads(resp.get_data(as_text=True))
expected = {
"name": user.name,
"email_address": user.email_address,
"mobile_number": user.mobile_number,
"password_changed_at": None,
"id": user.id,
"logged_in_at": None,
"state": user.state,
"failed_login_count": 0,
"permissions": permissions
}
assert json_resp['data'] == expected
def test_put_remove_permissions(notify_api, notify_db, notify_db_session, sample_user, sample_admin_service_id):
"""
Tests PUT endpoint '/' to update user permissions.
"""
with notify_api.test_request_context():
with notify_api.test_client() as client:
old_permissions = ['one permission', 'another permission']
save_model_user(sample_user, {'permissions': old_permissions})
permissions = ['new permissions']
data = {
'name': sample_user.name,
'email_address': sample_user.email_address,
'mobile_number': sample_user.mobile_number,
'permissions': permissions
}
auth_header = create_authorization_header(service_id=sample_admin_service_id,
path=url_for('user.update_user', user_id=sample_user.id),
method='PUT',
request_body=json.dumps(data))
headers = [('Content-Type', 'application/json'), auth_header]
resp = client.put(
url_for('user.update_user', user_id=sample_user.id),
data=json.dumps(data),
headers=headers)
assert resp.status_code == 200
assert User.query.count() == 2
user = User.query.filter_by(email_address=sample_user.email_address).first()
json_resp = json.loads(resp.get_data(as_text=True))
expected = {
"name": user.name,
"email_address": user.email_address,
"mobile_number": user.mobile_number,
"password_changed_at": None,
"id": user.id,
"logged_in_at": None,
"state": user.state,
"failed_login_count": 0,
"permissions": permissions
}
assert json_resp['data'] == expected
def test_get_user_by_email(notify_api, notify_db, notify_db_session, sample_user, sample_admin_service_id):
with notify_api.test_request_context():
@@ -414,8 +287,7 @@ def test_get_user_by_email(notify_api, notify_db, notify_db_session, sample_user
"password_changed_at": None,
"logged_in_at": None,
"state": "active",
"failed_login_count": 0,
"permissions": []
"failed_login_count": 0
}
assert json_resp['data'] == expected