Transaction management added for one example. All tests passing.

app/dao/permissions_dao.py

@@ -61,17 +61,19 @@ class PermissionDAO(DAOClass):
         query = self.get_query(filter_by_dict={'user': user.id, 'service': service.id})
         query.delete()
 
-    def set_user_permission(self, user, permissions):
+    def set_user_service_permission(self, user, service, permissions, _commit=False):
         try:
-            query = self.get_query(filter_by_dict={'user': user.id})
+            query = self.get_query(filter_by_dict={'user': user.id, 'service': service.id})
             query.delete()
             for p in permissions:
                 self.create_instance(p, _commit=False)
         except Exception as e:
-            db.session.rollback()
+            if _commit:
+                db.session.rollback()
             raise e
         else:
-            db.session.commit()
+            if _commit:
+                db.session.commit()
 
 
 permission_dao = PermissionDAO()

app/dao/services_dao.py

@@ -26,7 +26,6 @@ def dao_create_service(service, user):
         permission_dao.add_default_service_permissions_for_user(user, service)
         db.session.add(service)
     except Exception as e:
-        # Proper clean up
         db.session.rollback()
         raise e
     else:
@@ -38,10 +37,17 @@ def dao_update_service(service):
     db.session.commit()
 
 
-def dao_add_user_to_service(service, user):
+def dao_add_user_to_service(service, user, permissions=[]):
-    service.users.append(user)
+    try:
-    db.session.add(service)
+        from app.dao.permissions_dao import permission_dao
-    db.session.commit()
+        service.users.append(user)
+        permission_dao.set_user_service_permission(user, service, permissions, _commit=False)
+        db.session.add(service)
+    except Exception as e:
+        db.session.rollback()
+        raise e
+    else:
+        db.session.commit()
 
 
 def dao_remove_user_from_service(service, user):
@@ -51,7 +57,6 @@ def dao_remove_user_from_service(service, user):
         service.users.remove(user)
         db.session.add(service)
     except Exception as e:
-        # Proper clean up
         db.session.rollback()
         raise e
     else:

app/service/rest.py

@@ -152,9 +152,9 @@ def add_user_to_service(service_id, user_id):
         return jsonify(result='error',
                        message='User id: {} already part of service id: {}'.format(user_id, service_id)), 400
 
-    dao_add_user_to_service(service, user)
+    permissions_json = request.get_json().get('permissions', [])
-    permissions = request.get_json()['permissions']
+    permissions = _process_permissions(user, service, permissions_json)
-    _process_permissions(user, service, permissions)
+    dao_add_user_to_service(service, user, permissions)
 
     data, errors = service_schema.dump(service)
     return jsonify(data=data), 201
@@ -183,4 +183,4 @@ def _process_permissions(user, service, permission_groups):
     for permission in permissions:
         permission.user = user
         permission.service = service
-    permission_dao.set_user_permission(user, permissions)
+    return permissions

app/user/rest.py

@@ -196,7 +196,7 @@ def set_permissions(user_id, service_id):
     for p in permissions:
         p.user = user
         p.service = service
-    permission_dao.set_user_permission(user, permissions)
+    permission_dao.set_user_service_permission(user, service, permissions, _commit=True)
     return jsonify({}), 204