diff --git a/app/dao/permissions_dao.py b/app/dao/permissions_dao.py index 4b3a3632a..07e631043 100644 --- a/app/dao/permissions_dao.py +++ b/app/dao/permissions_dao.py @@ -5,22 +5,26 @@ from app.models import ( Permission, Service, User, - MANAGE_SERVICE, - SEND_MESSAGES, - MANAGE_API_KEYS, + MANAGE_USERS, MANAGE_TEMPLATES, - MANAGE_TEAM, - VIEW_ACTIVITY) + MANAGE_SETTINGS, + SEND_TEXTS, + SEND_EMAILS, + SEND_LETTERS, + MANAGE_API_KEYS, + ACCESS_DEVELOPER_DOCS) # Default permissions for a service default_service_permissions = [ - MANAGE_SERVICE, - SEND_MESSAGES, - MANAGE_API_KEYS, + MANAGE_USERS, MANAGE_TEMPLATES, - MANAGE_TEAM, - VIEW_ACTIVITY] + MANAGE_SETTINGS, + SEND_TEXTS, + SEND_EMAILS, + SEND_LETTERS, + MANAGE_API_KEYS, + ACCESS_DEVELOPER_DOCS] class PermissionDAO(DAOClass): diff --git a/app/models.py b/app/models.py index 896d50518..c2bbf4765 100644 --- a/app/models.py +++ b/app/models.py @@ -273,21 +273,25 @@ class InvitedUser(db.Model): # Service Permissions -MANAGE_SERVICE = 'manage_service' -SEND_MESSAGES = 'send_messages' -MANAGE_API_KEYS = 'manage_api_keys' +MANAGE_USERS = 'manage_users' MANAGE_TEMPLATES = 'manage_templates' -MANAGE_TEAM = 'manage_team' -VIEW_ACTIVITY = 'view_activity' +MANAGE_SETTINGS = 'manage_settings' +SEND_TEXTS = 'send_texts' +SEND_EMAILS = 'send_emails' +SEND_LETTERS = 'send_letters' +MANAGE_API_KEYS = 'manage_api_keys' +ACCESS_DEVELOPER_DOCS = 'access_developer_docs' # List of permissions PERMISSION_LIST = [ - MANAGE_SERVICE, - SEND_MESSAGES, - MANAGE_API_KEYS, + MANAGE_USERS, MANAGE_TEMPLATES, - MANAGE_TEAM, - VIEW_ACTIVITY] + MANAGE_SETTINGS, + SEND_TEXTS, + SEND_EMAILS, + SEND_LETTERS, + MANAGE_API_KEYS, + ACCESS_DEVELOPER_DOCS] class Permission(db.Model): diff --git a/migrations/versions/0033_correct_permission_enums.py b/migrations/versions/0033_correct_permission_enums.py new file mode 100644 index 000000000..52989b6c4 --- /dev/null +++ b/migrations/versions/0033_correct_permission_enums.py @@ -0,0 +1,81 @@ +"""empty message + +Revision ID: 0033_correct_permission_enums +Revises: 0032_update_permission_to_enum +Create Date: 2016-03-02 15:00:25.358153 + +""" + +# revision identifiers, used by Alembic. +revision = '0033_correct_permission_enums' +down_revision = '0032_update_permission_to_enum' + +import uuid +from datetime import datetime +from alembic import op +import sqlalchemy as sa + + +def add_default_permissions(conn, permissions): + user_services = conn.execute("SELECT * FROM user_to_service").fetchall() + for entry in user_services: + for p in permissions: + id_ = uuid.uuid4() + created_at = datetime.now().isoformat().replace('T', ' ') + conn.execute(( + "INSERT INTO permissions (id, user_id, service_id, permission, created_at)" + " VALUES ('{}', '{}', '{}', '{}', '{}')").format(id_, entry[0], entry[1], p, created_at)) + + +def upgrade(): + # Since there are no specific permissions set for services yet + # we can just remove all and re-add all. + ### commands auto generated by Nick - please adjust! ### + new_permissions = ['manage_users', + 'manage_templates', + 'manage_settings', + 'send_texts', + 'send_emails', + 'send_letters', + 'manage_api_keys', + 'access_developer_docs'] + conn = op.get_bind() + conn.execute("DELETE FROM permissions") + op.drop_constraint('uix_service_user_permission', 'permissions', type_='unique') + op.drop_column('permissions', 'permission') + try: + sa.Enum(name='permission_types').drop(conn, checkfirst=False) + except: + pass + permission_types = sa.Enum(*new_permissions, name='permission_types') + permission_types.create(op.get_bind()) + op.add_column('permissions', sa.Column('permission', permission_types, nullable=False)) + add_default_permissions(conn, new_permissions) + op.alter_column('permissions', 'permission', nullable=False) + op.create_unique_constraint('uix_service_user_permission', 'permissions', ['service_id', 'user_id', 'permission']) + ### end Alembic commands ### + + +def downgrade(): + ### commands auto generated by Nick - please adjust! ### + old_permissions = ['manage_service', + 'send_messages', + 'manage_api_keys', + 'manage_templates', + 'manage_team', + 'view_activity'] + conn = op.get_bind() + conn.execute("DELETE FROM permissions") + op.drop_constraint('uix_service_user_permission', 'permissions', type_='unique') + op.drop_column('permissions', 'permission') + try: + sa.Enum(name='permission_types').drop(conn, checkfirst=False) + except: + pass + permission_types = sa.Enum(*old_permissions, name='permission_types') + permission_types.create(op.get_bind()) + op.add_column('permissions', sa.Column('permission', permission_types, nullable=False)) + add_default_permissions(conn, old_permissions) + op.alter_column('permissions', 'permission', nullable=False) + op.create_unique_constraint('uix_service_user_permission', 'permissions', ['service_id', 'user_id', 'permission']) + ### end Alembic commands ### diff --git a/tests/app/conftest.py b/tests/app/conftest.py index 75b8c6f75..eff3a56b0 100644 --- a/tests/app/conftest.py +++ b/tests/app/conftest.py @@ -334,7 +334,7 @@ def sample_permission(notify_db, notify_db_session, service=None, user=None, - permission="manage_service"): + permission="manage_settings"): if user is None: user = sample_user(notify_db, notify_db_session) data = { @@ -359,7 +359,7 @@ def sample_service_permission(notify_db, notify_db_session, service=None, user=None, - permission="manage_service"): + permission="manage_settings"): if user is None: user = sample_user(notify_db, notify_db_session) if service is None: diff --git a/tests/app/user/test_rest.py b/tests/app/user/test_rest.py index 241805962..c014272a1 100644 --- a/tests/app/user/test_rest.py +++ b/tests/app/user/test_rest.py @@ -2,7 +2,8 @@ import json from flask import url_for -from app.models import (User, Permission, MANAGE_SERVICE, MANAGE_TEMPLATES) +from app.models import (User, Permission, MANAGE_SETTINGS, MANAGE_TEMPLATES) +from app.dao.permissions_dao import default_service_permissions from app import db from tests import create_authorization_header @@ -21,9 +22,7 @@ def test_get_user_list(notify_api, notify_db, notify_db_session, sample_service) json_resp = json.loads(response.get_data(as_text=True)) assert len(json_resp['data']) == 1 sample_user = sample_service.users[0] - expected_permissions = [ - 'manage_service', 'send_messages', 'manage_api_keys', 'manage_templates', - 'manage_team', 'view_activity'] + expected_permissions = default_service_permissions fetched = json_resp['data'][0] assert sample_user.id == fetched['id'] @@ -49,9 +48,7 @@ def test_get_user(notify_api, notify_db, notify_db_session, sample_service): assert resp.status_code == 200 json_resp = json.loads(resp.get_data(as_text=True)) - expected_permissions = [ - 'manage_service', 'send_messages', 'manage_api_keys', 'manage_templates', - 'manage_team', 'view_activity'] + expected_permissions = default_service_permissions fetched = json_resp['data'] assert sample_user.id == fetched['id'] @@ -184,9 +181,7 @@ def test_put_user(notify_api, notify_db, notify_db_session, sample_service): assert User.query.count() == 1 json_resp = json.loads(resp.get_data(as_text=True)) assert json_resp['data']['email_address'] == new_email - expected_permissions = [ - 'manage_service', 'send_messages', 'manage_api_keys', 'manage_templates', - 'manage_team', 'view_activity'] + expected_permissions = default_service_permissions fetched = json_resp['data'] assert sample_user.id == fetched['id'] @@ -278,9 +273,7 @@ def test_get_user_by_email(notify_api, notify_db, notify_db_session, sample_serv assert resp.status_code == 200 json_resp = json.loads(resp.get_data(as_text=True)) - expected_permissions = [ - 'manage_service', 'send_messages', 'manage_api_keys', 'manage_templates', - 'manage_team', 'view_activity'] + expected_permissions = default_service_permissions fetched = json_resp['data'] assert sample_user.id == fetched['id'] @@ -346,7 +339,7 @@ def test_set_user_permissions(notify_api, sample_service): with notify_api.test_request_context(): with notify_api.test_client() as client: - data = json.dumps([{'permission': MANAGE_SERVICE}]) + data = json.dumps([{'permission': MANAGE_SETTINGS}]) header = create_authorization_header( path=url_for( 'user.set_permissions', @@ -364,10 +357,10 @@ def test_set_user_permissions(notify_api, data=data) assert response.status_code == 204 - permission = Permission.query.filter_by(permission=MANAGE_SERVICE).first() + permission = Permission.query.filter_by(permission=MANAGE_SETTINGS).first() assert permission.user == sample_user assert permission.service == sample_service - assert permission.permission == MANAGE_SERVICE + assert permission.permission == MANAGE_SETTINGS def test_set_user_permissions_multiple(notify_api, @@ -377,7 +370,7 @@ def test_set_user_permissions_multiple(notify_api, sample_service): with notify_api.test_request_context(): with notify_api.test_client() as client: - data = json.dumps([{'permission': MANAGE_SERVICE}, {'permission': MANAGE_TEMPLATES}]) + data = json.dumps([{'permission': MANAGE_SETTINGS}, {'permission': MANAGE_TEMPLATES}]) header = create_authorization_header( path=url_for( 'user.set_permissions', @@ -395,10 +388,10 @@ def test_set_user_permissions_multiple(notify_api, data=data) assert response.status_code == 204 - permission = Permission.query.filter_by(permission=MANAGE_SERVICE).first() + permission = Permission.query.filter_by(permission=MANAGE_SETTINGS).first() assert permission.user == sample_user assert permission.service == sample_service - assert permission.permission == MANAGE_SERVICE + assert permission.permission == MANAGE_SETTINGS permission = Permission.query.filter_by(permission=MANAGE_TEMPLATES).first() assert permission.user == sample_user assert permission.service == sample_service @@ -412,7 +405,7 @@ def test_set_user_permissions_remove_old(notify_api, sample_service): with notify_api.test_request_context(): with notify_api.test_client() as client: - data = json.dumps([{'permission': MANAGE_SERVICE}]) + data = json.dumps([{'permission': MANAGE_SETTINGS}]) header = create_authorization_header( path=url_for( 'user.set_permissions', @@ -432,4 +425,4 @@ def test_set_user_permissions_remove_old(notify_api, assert response.status_code == 204 query = Permission.query.filter_by(user=sample_user) assert query.count() == 1 - assert query.first().permission == MANAGE_SERVICE + assert query.first().permission == MANAGE_SETTINGS