Merge pull request #122 from alphagov/correct_permission_enums

Permission enums corrected, all tests passing.
2025-12-25 09:51:42 -05:00 · 2016-03-02 17:22:03 +00:00
parent ce7e0cef7a 9acc528988
commit 26120e4e7f
5 changed files with 125 additions and 43 deletions
--- a/app/dao/permissions_dao.py
+++ b/app/dao/permissions_dao.py
@@ -5,22 +5,26 @@ from app.models import (
    Permission,
    Service,
    User,
-    MANAGE_SERVICE,
-    SEND_MESSAGES,
-    MANAGE_API_KEYS,
+    MANAGE_USERS,
    MANAGE_TEMPLATES,
-    MANAGE_TEAM,
-    VIEW_ACTIVITY)
+    MANAGE_SETTINGS,
+    SEND_TEXTS,
+    SEND_EMAILS,
+    SEND_LETTERS,
+    MANAGE_API_KEYS,
+    ACCESS_DEVELOPER_DOCS)


 # Default permissions for a service
 default_service_permissions = [
-    MANAGE_SERVICE,
-    SEND_MESSAGES,
-    MANAGE_API_KEYS,
+    MANAGE_USERS,
    MANAGE_TEMPLATES,
-    MANAGE_TEAM,
-    VIEW_ACTIVITY]
+    MANAGE_SETTINGS,
+    SEND_TEXTS,
+    SEND_EMAILS,
+    SEND_LETTERS,
+    MANAGE_API_KEYS,
+    ACCESS_DEVELOPER_DOCS]


 class PermissionDAO(DAOClass):
--- a/app/models.py
+++ b/app/models.py
@@ -273,21 +273,25 @@ class InvitedUser(db.Model):


 # Service Permissions
-MANAGE_SERVICE = 'manage_service'
-SEND_MESSAGES = 'send_messages'
-MANAGE_API_KEYS = 'manage_api_keys'
+MANAGE_USERS = 'manage_users'
 MANAGE_TEMPLATES = 'manage_templates'
-MANAGE_TEAM = 'manage_team'
-VIEW_ACTIVITY = 'view_activity'
+MANAGE_SETTINGS = 'manage_settings'
+SEND_TEXTS = 'send_texts'
+SEND_EMAILS = 'send_emails'
+SEND_LETTERS = 'send_letters'
+MANAGE_API_KEYS = 'manage_api_keys'
+ACCESS_DEVELOPER_DOCS = 'access_developer_docs'

 # List of permissions
 PERMISSION_LIST = [
-    MANAGE_SERVICE,
-    SEND_MESSAGES,
-    MANAGE_API_KEYS,
+    MANAGE_USERS,
    MANAGE_TEMPLATES,
-    MANAGE_TEAM,
-    VIEW_ACTIVITY]
+    MANAGE_SETTINGS,
+    SEND_TEXTS,
+    SEND_EMAILS,
+    SEND_LETTERS,
+    MANAGE_API_KEYS,
+    ACCESS_DEVELOPER_DOCS]


 class Permission(db.Model):
--- a/migrations/versions/0033_correct_permission_enums.py
+++ b/migrations/versions/0033_correct_permission_enums.py
@@ -0,0 +1,81 @@
+"""empty message
+
+Revision ID: 0033_correct_permission_enums
+Revises: 0032_update_permission_to_enum
+Create Date: 2016-03-02 15:00:25.358153
+
+"""
+
+# revision identifiers, used by Alembic.
+revision = '0033_correct_permission_enums'
+down_revision = '0032_update_permission_to_enum'
+
+import uuid
+from datetime import datetime
+from alembic import op
+import sqlalchemy as sa
+
+
+def add_default_permissions(conn, permissions):
+    user_services = conn.execute("SELECT * FROM user_to_service").fetchall()
+    for entry in user_services:
+        for p in permissions:
+            id_ = uuid.uuid4()
+            created_at = datetime.now().isoformat().replace('T', ' ')
+            conn.execute((
+                "INSERT INTO permissions (id, user_id, service_id, permission, created_at)"
+                " VALUES ('{}', '{}', '{}', '{}', '{}')").format(id_, entry[0], entry[1], p, created_at))
+
+
+def upgrade():
+    # Since there are no specific permissions set for services yet
+    # we can just remove all and re-add all.
+    ### commands auto generated by Nick - please adjust! ###
+    new_permissions = ['manage_users',
+                       'manage_templates',
+                       'manage_settings',
+                       'send_texts',
+                       'send_emails',
+                       'send_letters',
+                       'manage_api_keys',
+                       'access_developer_docs']
+    conn = op.get_bind()
+    conn.execute("DELETE FROM permissions")
+    op.drop_constraint('uix_service_user_permission', 'permissions', type_='unique')
+    op.drop_column('permissions', 'permission')
+    try:
+        sa.Enum(name='permission_types').drop(conn, checkfirst=False)
+    except:
+        pass
+    permission_types = sa.Enum(*new_permissions, name='permission_types')
+    permission_types.create(op.get_bind())
+    op.add_column('permissions', sa.Column('permission', permission_types, nullable=False))
+    add_default_permissions(conn, new_permissions)
+    op.alter_column('permissions', 'permission', nullable=False)
+    op.create_unique_constraint('uix_service_user_permission', 'permissions', ['service_id', 'user_id', 'permission'])
+    ### end Alembic commands ###
+
+
+def downgrade():
+    ### commands auto generated by Nick - please adjust! ###
+    old_permissions = ['manage_service',
+                        'send_messages',
+                        'manage_api_keys',
+                        'manage_templates',
+                        'manage_team',
+                        'view_activity']
+    conn = op.get_bind()
+    conn.execute("DELETE FROM permissions")
+    op.drop_constraint('uix_service_user_permission', 'permissions', type_='unique')
+    op.drop_column('permissions', 'permission')
+    try:
+        sa.Enum(name='permission_types').drop(conn, checkfirst=False)
+    except:
+        pass
+    permission_types = sa.Enum(*old_permissions, name='permission_types')
+    permission_types.create(op.get_bind())
+    op.add_column('permissions', sa.Column('permission', permission_types, nullable=False))
+    add_default_permissions(conn, old_permissions)
+    op.alter_column('permissions', 'permission', nullable=False)
+    op.create_unique_constraint('uix_service_user_permission', 'permissions', ['service_id', 'user_id', 'permission'])
+    ### end Alembic commands ###
--- a/tests/app/conftest.py
+++ b/tests/app/conftest.py
@@ -334,7 +334,7 @@ def sample_permission(notify_db,
                      notify_db_session,
                      service=None,
                      user=None,
-                      permission="manage_service"):
+                      permission="manage_settings"):
    if user is None:
        user = sample_user(notify_db, notify_db_session)
    data = {
@@ -359,7 +359,7 @@ def sample_service_permission(notify_db,
                              notify_db_session,
                              service=None,
                              user=None,
-                              permission="manage_service"):
+                              permission="manage_settings"):
    if user is None:
        user = sample_user(notify_db, notify_db_session)
    if service is None:
--- a/tests/app/user/test_rest.py
+++ b/tests/app/user/test_rest.py
@@ -2,7 +2,8 @@ import json

 from flask import url_for

-from app.models import (User, Permission, MANAGE_SERVICE, MANAGE_TEMPLATES)
+from app.models import (User, Permission, MANAGE_SETTINGS, MANAGE_TEMPLATES)
+from app.dao.permissions_dao import default_service_permissions
 from app import db
 from tests import create_authorization_header

@@ -21,9 +22,7 @@ def test_get_user_list(notify_api, notify_db, notify_db_session, sample_service)
            json_resp = json.loads(response.get_data(as_text=True))
            assert len(json_resp['data']) == 1
            sample_user = sample_service.users[0]
-            expected_permissions = [
-                'manage_service', 'send_messages', 'manage_api_keys', 'manage_templates',
-                'manage_team', 'view_activity']
+            expected_permissions = default_service_permissions
            fetched = json_resp['data'][0]

            assert sample_user.id == fetched['id']
@@ -49,9 +48,7 @@ def test_get_user(notify_api, notify_db, notify_db_session, sample_service):
            assert resp.status_code == 200
            json_resp = json.loads(resp.get_data(as_text=True))

-            expected_permissions = [
-                'manage_service', 'send_messages', 'manage_api_keys', 'manage_templates',
-                'manage_team', 'view_activity']
+            expected_permissions = default_service_permissions
            fetched = json_resp['data']

            assert sample_user.id == fetched['id']
@@ -184,9 +181,7 @@ def test_put_user(notify_api, notify_db, notify_db_session, sample_service):
            assert User.query.count() == 1
            json_resp = json.loads(resp.get_data(as_text=True))
            assert json_resp['data']['email_address'] == new_email
-            expected_permissions = [
-                'manage_service', 'send_messages', 'manage_api_keys', 'manage_templates',
-                'manage_team', 'view_activity']
+            expected_permissions = default_service_permissions
            fetched = json_resp['data']

            assert sample_user.id == fetched['id']
@@ -278,9 +273,7 @@ def test_get_user_by_email(notify_api, notify_db, notify_db_session, sample_serv
            assert resp.status_code == 200

            json_resp = json.loads(resp.get_data(as_text=True))
-            expected_permissions = [
-                'manage_service', 'send_messages', 'manage_api_keys', 'manage_templates',
-                'manage_team', 'view_activity']
+            expected_permissions = default_service_permissions
            fetched = json_resp['data']

            assert sample_user.id == fetched['id']
@@ -346,7 +339,7 @@ def test_set_user_permissions(notify_api,
                              sample_service):
    with notify_api.test_request_context():
        with notify_api.test_client() as client:
-            data = json.dumps([{'permission': MANAGE_SERVICE}])
+            data = json.dumps([{'permission': MANAGE_SETTINGS}])
            header = create_authorization_header(
                path=url_for(
                    'user.set_permissions',
@@ -364,10 +357,10 @@ def test_set_user_permissions(notify_api,
                data=data)

            assert response.status_code == 204
-            permission = Permission.query.filter_by(permission=MANAGE_SERVICE).first()
+            permission = Permission.query.filter_by(permission=MANAGE_SETTINGS).first()
            assert permission.user == sample_user
            assert permission.service == sample_service
-            assert permission.permission == MANAGE_SERVICE
+            assert permission.permission == MANAGE_SETTINGS


 def test_set_user_permissions_multiple(notify_api,
@@ -377,7 +370,7 @@ def test_set_user_permissions_multiple(notify_api,
                                       sample_service):
    with notify_api.test_request_context():
        with notify_api.test_client() as client:
-            data = json.dumps([{'permission': MANAGE_SERVICE}, {'permission': MANAGE_TEMPLATES}])
+            data = json.dumps([{'permission': MANAGE_SETTINGS}, {'permission': MANAGE_TEMPLATES}])
            header = create_authorization_header(
                path=url_for(
                    'user.set_permissions',
@@ -395,10 +388,10 @@ def test_set_user_permissions_multiple(notify_api,
                data=data)

            assert response.status_code == 204
-            permission = Permission.query.filter_by(permission=MANAGE_SERVICE).first()
+            permission = Permission.query.filter_by(permission=MANAGE_SETTINGS).first()
            assert permission.user == sample_user
            assert permission.service == sample_service
-            assert permission.permission == MANAGE_SERVICE
+            assert permission.permission == MANAGE_SETTINGS
            permission = Permission.query.filter_by(permission=MANAGE_TEMPLATES).first()
            assert permission.user == sample_user
            assert permission.service == sample_service
@@ -412,7 +405,7 @@ def test_set_user_permissions_remove_old(notify_api,
                                         sample_service):
    with notify_api.test_request_context():
        with notify_api.test_client() as client:
-            data = json.dumps([{'permission': MANAGE_SERVICE}])
+            data = json.dumps([{'permission': MANAGE_SETTINGS}])
            header = create_authorization_header(
                path=url_for(
                    'user.set_permissions',
@@ -432,4 +425,4 @@ def test_set_user_permissions_remove_old(notify_api,
            assert response.status_code == 204
            query = Permission.query.filter_by(user=sample_user)
            assert query.count() == 1
-            assert query.first().permission == MANAGE_SERVICE
+            assert query.first().permission == MANAGE_SETTINGS