From 63c29a3a3d07cabe86e772abd71c1b84bebcaa1e Mon Sep 17 00:00:00 2001 From: Adam Shimali Date: Mon, 6 Jun 2016 12:37:06 +0100 Subject: [PATCH] API recieves full set of permissions names on create of user invite. This is instead of mapping from permission groups to individual permissions on user creation. --- app/dao/permissions_dao.py | 2 ++ app/permissions_utils.py | 28 ---------------------------- app/service/rest.py | 10 +++++----- tests/app/service/test_rest.py | 24 +++++++++++++++++++----- 4 files changed, 26 insertions(+), 38 deletions(-) delete mode 100644 app/permissions_utils.py diff --git a/app/dao/permissions_dao.py b/app/dao/permissions_dao.py index eca2446e9..7ff9bb447 100644 --- a/app/dao/permissions_dao.py +++ b/app/dao/permissions_dao.py @@ -68,6 +68,8 @@ class PermissionDAO(DAOClass): query = self.get_query(filter_by_dict={'user': user.id, 'service': service.id}) query.delete() for p in permissions: + p.user = user + p.service = service self.create_instance(p, _commit=False) except Exception as e: if _commit: diff --git a/app/permissions_utils.py b/app/permissions_utils.py deleted file mode 100644 index fa9268523..000000000 --- a/app/permissions_utils.py +++ /dev/null @@ -1,28 +0,0 @@ -from app.models import ( - MANAGE_USERS, - MANAGE_TEMPLATES, - MANAGE_SETTINGS, - SEND_TEXTS, - SEND_EMAILS, - SEND_LETTERS, - MANAGE_API_KEYS, - VIEW_ACTIVITY -) - -from app.schemas import permission_schema - - -permissions_groups = {'send_messages': [SEND_TEXTS, SEND_EMAILS, SEND_LETTERS], - 'manage_service': [MANAGE_USERS, MANAGE_SETTINGS, MANAGE_TEMPLATES], - 'manage_api_keys': [MANAGE_API_KEYS], - VIEW_ACTIVITY: [VIEW_ACTIVITY]} - - -def get_permissions_by_group(permission_groups): - requested_permissions = [] - for group in permission_groups: - permissions = permissions_groups[group] - for permission in permissions: - requested_permissions.append({'permission': permission}) - permissions, errors = permission_schema.load(requested_permissions, many=True) - return permissions diff --git a/app/service/rest.py b/app/service/rest.py index 1e28886b8..80b82fe67 100644 --- a/app/service/rest.py +++ b/app/service/rest.py @@ -26,12 +26,13 @@ from app.dao.services_dao import ( from app.dao.provider_statistics_dao import get_fragment_count from app.dao.users_dao import get_model_users -from app.models import ApiKey + from app.schemas import ( service_schema, api_key_schema, user_schema, - from_to_date_schema + from_to_date_schema, + permission_schema ) from app.errors import register_errors @@ -150,10 +151,9 @@ def add_user_to_service(service_id, user_id): return jsonify(result='error', message='User id: {} already part of service id: {}'.format(user_id, service_id)), 400 - permissions_json = request.get_json().get('permissions', []) - permissions = _process_permissions(user, service, permissions_json) - dao_add_user_to_service(service, user, permissions) + permissions, errors = permission_schema.load(request.get_json(), many=True) + dao_add_user_to_service(service, user, permissions) data, errors = service_schema.dump(service) return jsonify(data=data), 201 diff --git a/tests/app/service/test_rest.py b/tests/app/service/test_rest.py index 7c8b52c37..7dc43853a 100644 --- a/tests/app/service/test_rest.py +++ b/tests/app/service/test_rest.py @@ -640,7 +640,14 @@ def test_add_existing_user_to_another_service_with_all_permissions(notify_api, # they must exist in db first save_model_user(user_to_add) - data = {'permissions': ['send_messages', 'manage_service', 'manage_api_keys']} + data = [{"permission": "send_emails"}, + {"permission": "send_letters"}, + {"permission": "send_texts"}, + {"permission": "manage_users"}, + {"permission": "manage_settings"}, + {"permission": "manage_api_keys"}, + {"permission": "manage_templates"}, + {"permission": "view_activity"}] auth_header = create_authorization_header() @@ -672,7 +679,7 @@ def test_add_existing_user_to_another_service_with_all_permissions(notify_api, json_resp = json.loads(resp.get_data(as_text=True)) permissions = json_resp['data']['permissions'][str(sample_service.id)] expected_permissions = ['send_texts', 'send_emails', 'send_letters', 'manage_users', - 'manage_settings', 'manage_templates', 'manage_api_keys'] + 'manage_settings', 'manage_templates', 'manage_api_keys', 'view_activity'] assert sorted(expected_permissions) == sorted(permissions) @@ -693,7 +700,10 @@ def test_add_existing_user_to_another_service_with_send_permissions(notify_api, ) save_model_user(user_to_add) - data = {'permissions': ['send_messages']} + data = [{"permission": "send_emails"}, + {"permission": "send_letters"}, + {"permission": "send_texts"}] + auth_header = create_authorization_header() resp = client.post( @@ -734,7 +744,10 @@ def test_add_existing_user_to_another_service_with_manage_permissions(notify_api ) save_model_user(user_to_add) - data = {'permissions': ['manage_service']} + data = [{"permission": "manage_users"}, + {"permission": "manage_settings"}, + {"permission": "manage_templates"}] + auth_header = create_authorization_header() resp = client.post( @@ -775,7 +788,8 @@ def test_add_existing_user_to_another_service_with_manage_api_keys(notify_api, ) save_model_user(user_to_add) - data = {'permissions': ['manage_api_keys']} + data = [{"permission": "manage_api_keys"}] + auth_header = create_authorization_header() resp = client.post(