mirror of
https://github.com/GSA/notifications-api.git
synced 2026-02-05 10:42:41 -05:00
Set folder permissions when adding a user to a service
This sets the folder permissions for a user when adding them to a service. If a user is being added to a service after accepting an invite, we need to account for the possibility that the folders we are trying to add them to have been deleted before they accepted the invite.
This commit is contained in:
Katie Smith
@@ -46,6 +46,7 @@ from app.models import (
|
||||
InvitedUser,
|
||||
Service,
|
||||
ServicePermission,
|
||||
ServiceUser,
|
||||
KEY_TYPE_NORMAL,
|
||||
KEY_TYPE_TEAM,
|
||||
KEY_TYPE_TEST,
|
||||
@@ -192,6 +193,52 @@ def test_should_add_user_to_service(notify_db_session):
|
||||
assert new_user in Service.query.first().users
|
||||
|
||||
|
||||
def test_dao_add_user_to_service_sets_folder_permissions(sample_user, sample_service):
|
||||
folder_1 = create_template_folder(sample_service)
|
||||
folder_2 = create_template_folder(sample_service)
|
||||
|
||||
assert not folder_1.users
|
||||
assert not folder_2.users
|
||||
|
||||
folder_permissions = [str(folder_1.id), str(folder_2.id)]
|
||||
|
||||
dao_add_user_to_service(sample_service, sample_user, folder_permissions=folder_permissions)
|
||||
|
||||
service_user = dao_get_service_user(user_id=sample_user.id, service_id=sample_service.id)
|
||||
assert len(service_user.folders) == 2
|
||||
assert folder_1 in service_user.folders
|
||||
assert folder_2 in service_user.folders
|
||||
|
||||
|
||||
def test_dao_add_user_to_service_ignores_folders_which_do_not_exist_when_setting_permissions(
|
||||
sample_user,
|
||||
sample_service,
|
||||
fake_uuid
|
||||
):
|
||||
valid_folder = create_template_folder(sample_service)
|
||||
folder_permissions = [fake_uuid, str(valid_folder.id)]
|
||||
|
||||
dao_add_user_to_service(sample_service, sample_user, folder_permissions=folder_permissions)
|
||||
|
||||
service_user = dao_get_service_user(sample_user.id, sample_service.id)
|
||||
|
||||
assert service_user.folders == [valid_folder]
|
||||
|
||||
|
||||
def test_dao_add_user_to_service_raises_error_if_adding_folder_permissions_for_a_different_service(
|
||||
sample_user,
|
||||
sample_service,
|
||||
):
|
||||
other_service = create_service(service_name='other service')
|
||||
other_service_folder = create_template_folder(other_service)
|
||||
folder_permissions = [str(other_service_folder.id)]
|
||||
|
||||
with pytest.raises(IntegrityError) as e:
|
||||
dao_add_user_to_service(sample_service, sample_user, folder_permissions=folder_permissions)
|
||||
assert 'insert or update on table "user_folder_permissions" violates foreign key constraint' in str(e.value)
|
||||
assert ServiceUser.query.count() == 0
|
||||
|
||||
|
||||
def test_should_remove_user_from_service(notify_db_session):
|
||||
user = create_user()
|
||||
service = Service(name="service_name",
|
||||
|
||||
@@ -11,6 +11,7 @@ from freezegun import freeze_time
|
||||
from app.dao.organisation_dao import dao_add_service_to_organisation
|
||||
from app.dao.service_sms_sender_dao import dao_get_sms_senders_by_service_id
|
||||
from app.dao.services_dao import dao_remove_user_from_service
|
||||
from app.dao.service_user_dao import dao_get_service_user
|
||||
from app.dao.templates_dao import dao_redact_template
|
||||
from app.dao.users_dao import save_model_user
|
||||
from app.models import (
|
||||
@@ -38,6 +39,7 @@ from tests.app.db import (
|
||||
create_service,
|
||||
create_service_with_inbound_number,
|
||||
create_template,
|
||||
create_template_folder,
|
||||
create_notification,
|
||||
create_reply_to_email,
|
||||
create_letter_contact,
|
||||
@@ -1123,7 +1125,8 @@ def test_add_existing_user_to_another_service_with_all_permissions(
|
||||
{"permission": "manage_api_keys"},
|
||||
{"permission": "manage_templates"},
|
||||
{"permission": "view_activity"},
|
||||
]
|
||||
],
|
||||
"folder_permissions": []
|
||||
}
|
||||
|
||||
auth_header = create_authorization_header()
|
||||
@@ -1181,7 +1184,8 @@ def test_add_existing_user_to_another_service_with_send_permissions(notify_api,
|
||||
{"permission": "send_emails"},
|
||||
{"permission": "send_letters"},
|
||||
{"permission": "send_texts"},
|
||||
]
|
||||
],
|
||||
"folder_permissions": []
|
||||
}
|
||||
|
||||
auth_header = create_authorization_header()
|
||||
@@ -1254,6 +1258,47 @@ def test_add_existing_user_to_another_service_with_manage_permissions(notify_api
|
||||
assert sorted(expected_permissions) == sorted(permissions)
|
||||
|
||||
|
||||
def test_add_existing_user_to_another_service_with_folder_permissions(notify_api,
|
||||
notify_db,
|
||||
notify_db_session,
|
||||
sample_service,
|
||||
sample_user):
|
||||
with notify_api.test_request_context():
|
||||
with notify_api.test_client() as client:
|
||||
# they must exist in db first
|
||||
user_to_add = User(
|
||||
name='Invited User',
|
||||
email_address='invited@digital.cabinet-office.gov.uk',
|
||||
password='password',
|
||||
mobile_number='+4477123456'
|
||||
)
|
||||
save_model_user(user_to_add)
|
||||
|
||||
folder_1 = create_template_folder(sample_service)
|
||||
folder_2 = create_template_folder(sample_service)
|
||||
|
||||
data = {
|
||||
"permissions": [{"permission": "manage_api_keys"}],
|
||||
"folder_permissions": [str(folder_1.id), str(folder_2.id)]
|
||||
}
|
||||
|
||||
auth_header = create_authorization_header()
|
||||
|
||||
resp = client.post(
|
||||
'/service/{}/users/{}'.format(sample_service.id, user_to_add.id),
|
||||
headers=[('Content-Type', 'application/json'), auth_header],
|
||||
data=json.dumps(data)
|
||||
)
|
||||
|
||||
assert resp.status_code == 201
|
||||
|
||||
new_user = dao_get_service_user(user_id=user_to_add.id, service_id=sample_service.id)
|
||||
|
||||
assert len(new_user.folders) == 2
|
||||
assert folder_1 in new_user.folders
|
||||
assert folder_2 in new_user.folders
|
||||
|
||||
|
||||
def test_add_existing_user_to_another_service_with_manage_api_keys(notify_api,
|
||||
notify_db,
|
||||
notify_db_session,
|
||||
|
||||
Reference in New Issue
Block a user