Merge pull request #119 from alphagov/update_permission_endpoints

Update permission endpoints
2026-02-05 10:42:41 -05:00 · 2016-03-02 14:33:18 +00:00
parent 45ae336bd0 01f616eeac
commit 3fd3aa5b3e
10 changed files with 252 additions and 134 deletions
--- a/tests/app/conftest.py
+++ b/tests/app/conftest.py
@@ -334,7 +334,7 @@ def sample_permission(notify_db,
                      notify_db_session,
                      service=None,
                      user=None,
-                      permission="sample permission"):
+                      permission="manage_service"):
    if user is None:
        user = sample_user(notify_db, notify_db_session)
    data = {
@@ -343,9 +343,14 @@ def sample_permission(notify_db,
    }
    if service:
        data['service'] = service
-    p_model = Permission(**data)
-    db.session.add(p_model)
-    db.session.commit()
+    p_model = Permission.query.filter_by(
+        user=user,
+        service=service,
+        permission=permission).first()
+    if not p_model:
+        p_model = Permission(**data)
+        db.session.add(p_model)
+        db.session.commit()
    return p_model


@@ -354,7 +359,7 @@ def sample_service_permission(notify_db,
                              notify_db_session,
                              service=None,
                              user=None,
-                              permission="sample permission"):
+                              permission="manage_service"):
    if user is None:
        user = sample_user(notify_db, notify_db_session)
    if service is None:
@@ -364,7 +369,12 @@ def sample_service_permission(notify_db,
        'service': service,
        'permission': permission
    }
-    p_model = Permission(**data)
-    db.session.add(p_model)
-    db.session.commit()
+    p_model = Permission.query.filter_by(
+        user=user,
+        service=service,
+        permission=permission).first()
+    if not p_model:
+        p_model = Permission(**data)
+        db.session.add(p_model)
+        db.session.commit()
    return p_model
--- a/tests/app/permissions/test_rest.py
+++ b/tests/app/permissions/test_rest.py
@@ -1,5 +1,6 @@
 import json
 from flask import url_for
+from app.models import Permission
 from tests import create_authorization_header
 from ..conftest import sample_permission as create_permission

@@ -39,12 +40,6 @@ def test_get_permission_filter(notify_api,
    """
    with notify_api.test_request_context():
        with notify_api.test_client() as client:
-            another_permission = create_permission(
-                notify_db,
-                notify_db_session,
-                user=sample_user,
-                service=sample_service,
-                permission="another permission")
            header = create_authorization_header(
                path=url_for('permission.get_permissions'),
                method='GET')
@@ -53,6 +48,8 @@ def test_get_permission_filter(notify_api,
                headers=[header])
            assert response.status_code == 200
            json_resp = json.loads(response.get_data(as_text=True))
+            another_permission = Permission.query.filter_by(
+                service_id=str(sample_service.id)).first()
            expected = {
                "permission": another_permission.permission,
                "user": sample_user.id,
@@ -100,78 +97,3 @@ def test_get_permission_404(notify_api, notify_db, notify_db_session, sample_per
            assert response.status_code == 404
            json_resp = json.loads(response.get_data(as_text=True))
            assert json_resp['message'] == 'No result found'
-
-
-def test_create_permission(notify_api, notify_db, notify_db_session, sample_user, sample_service):
-    """
-    Tests POST endpoint '/' to create a single permission.
-    """
-    with notify_api.test_request_context():
-        with notify_api.test_client() as client:
-            permission_name = "new permission"
-            data = json.dumps({
-                'user': sample_user.id,
-                'service': str(sample_service.id),
-                'permission': permission_name})
-            auth_header = create_authorization_header(
-                path=url_for('permission.create_permission'),
-                method='POST',
-                request_body=data)
-            headers = [('Content-Type', 'application/json'), auth_header]
-            response = client.post(
-                url_for('permission.create_permission'),
-                data=data,
-                headers=headers)
-            assert response.status_code == 201
-            json_resp = json.loads(response.get_data(as_text=True))
-            assert permission_name == json_resp['data']['permission']
-            assert str(sample_service.id) == json_resp['data']['service']
-            assert sample_user.id == json_resp['data']['user']
-
-
-def test_create_permission_no_service(notify_api, notify_db, notify_db_session, sample_user):
-    """
-    Tests POST endpoint '/' to create a single permission.
-    """
-    with notify_api.test_request_context():
-        with notify_api.test_client() as client:
-            permission_name = "new permission"
-            data = json.dumps({
-                'user': sample_user.id,
-                'permission': permission_name})
-            auth_header = create_authorization_header(
-                path=url_for('permission.create_permission'),
-                method='POST',
-                request_body=data)
-            headers = [('Content-Type', 'application/json'), auth_header]
-            response = client.post(
-                url_for('permission.create_permission'),
-                data=data,
-                headers=headers)
-            assert response.status_code == 201
-            json_resp = json.loads(response.get_data(as_text=True))
-            assert permission_name == json_resp['data']['permission']
-            assert sample_user.id == json_resp['data']['user']
-
-
-def test_delete_permission(notify_api, notify_db, notify_db_session, sample_permission):
-    """
-    Tests DELETE endpoint '/' to delete a permission.
-    """
-    with notify_api.test_request_context():
-        with notify_api.test_client() as client:
-            header = create_authorization_header(
-                path=url_for('permission.delete_permission', permission_id=sample_permission.id),
-                method='DELETE')
-            response = client.delete(
-                url_for('permission.delete_permission', permission_id=sample_permission.id),
-                headers=[header])
-            assert response.status_code == 200
-            json_resp = json.loads(response.get_data(as_text=True))
-            expected = {
-                "permission": sample_permission.permission,
-                "user": sample_permission.user.id,
-                "id": str(sample_permission.id),
-                "service": None
-            }
-            assert expected == json_resp['data']
--- a/tests/app/user/test_rest.py
+++ b/tests/app/user/test_rest.py
@@ -2,7 +2,8 @@ import json

 from flask import url_for

-from app.models import (User)
+from app.models import (User, Permission, MANAGE_SERVICE, MANAGE_TEMPLATES)
+from app import db
 from tests import create_authorization_header


@@ -336,3 +337,99 @@ def test_get_user_with_permissions(notify_api,
            assert response.status_code == 200
            permissions = json.loads(response.get_data(as_text=True))['data']['permissions']
            assert sample_service_permission.permission in permissions[str(sample_service_permission.service.id)]
+
+
+def test_set_user_permissions(notify_api,
+                              notify_db,
+                              notify_db_session,
+                              sample_user,
+                              sample_service):
+    with notify_api.test_request_context():
+        with notify_api.test_client() as client:
+            data = json.dumps([{'permission': MANAGE_SERVICE}])
+            header = create_authorization_header(
+                path=url_for(
+                    'user.set_permissions',
+                    user_id=sample_user.id,
+                    service_id=str(sample_service.id)),
+                method='POST',
+                request_body=data)
+            headers = [('Content-Type', 'application/json'), header]
+            response = client.post(
+                url_for(
+                    'user.set_permissions',
+                    user_id=sample_user.id,
+                    service_id=str(sample_service.id)),
+                headers=headers,
+                data=data)
+
+            assert response.status_code == 204
+            permission = Permission.query.filter_by(permission=MANAGE_SERVICE).first()
+            assert permission.user == sample_user
+            assert permission.service == sample_service
+            assert permission.permission == MANAGE_SERVICE
+
+
+def test_set_user_permissions_multiple(notify_api,
+                                       notify_db,
+                                       notify_db_session,
+                                       sample_user,
+                                       sample_service):
+    with notify_api.test_request_context():
+        with notify_api.test_client() as client:
+            data = json.dumps([{'permission': MANAGE_SERVICE}, {'permission': MANAGE_TEMPLATES}])
+            header = create_authorization_header(
+                path=url_for(
+                    'user.set_permissions',
+                    user_id=sample_user.id,
+                    service_id=str(sample_service.id)),
+                method='POST',
+                request_body=data)
+            headers = [('Content-Type', 'application/json'), header]
+            response = client.post(
+                url_for(
+                    'user.set_permissions',
+                    user_id=sample_user.id,
+                    service_id=str(sample_service.id)),
+                headers=headers,
+                data=data)
+
+            assert response.status_code == 204
+            permission = Permission.query.filter_by(permission=MANAGE_SERVICE).first()
+            assert permission.user == sample_user
+            assert permission.service == sample_service
+            assert permission.permission == MANAGE_SERVICE
+            permission = Permission.query.filter_by(permission=MANAGE_TEMPLATES).first()
+            assert permission.user == sample_user
+            assert permission.service == sample_service
+            assert permission.permission == MANAGE_TEMPLATES
+
+
+def test_set_user_permissions_remove_old(notify_api,
+                                         notify_db,
+                                         notify_db_session,
+                                         sample_user,
+                                         sample_service):
+    with notify_api.test_request_context():
+        with notify_api.test_client() as client:
+            data = json.dumps([{'permission': MANAGE_SERVICE}])
+            header = create_authorization_header(
+                path=url_for(
+                    'user.set_permissions',
+                    user_id=sample_user.id,
+                    service_id=str(sample_service.id)),
+                method='POST',
+                request_body=data)
+            headers = [('Content-Type', 'application/json'), header]
+            response = client.post(
+                url_for(
+                    'user.set_permissions',
+                    user_id=sample_user.id,
+                    service_id=str(sample_service.id)),
+                headers=headers,
+                data=data)
+
+            assert response.status_code == 204
+            query = Permission.query.filter_by(user=sample_user)
+            assert query.count() == 1
+            assert query.first().permission == MANAGE_SERVICE