API recieves full set of permissions names on create of user

invite. This is instead of mapping from permission groups to individual permissions on user creation.
2025-12-21 07:51:13 -05:00 · 2016-06-06 12:37:06 +01:00
parent 37a3c27124
commit 63c29a3a3d
4 changed files with 26 additions and 38 deletions
--- a/app/dao/permissions_dao.py
+++ b/app/dao/permissions_dao.py
@@ -68,6 +68,8 @@ class PermissionDAO(DAOClass):
            query = self.get_query(filter_by_dict={'user': user.id, 'service': service.id})
            query.delete()
            for p in permissions:
+                p.user = user
+                p.service = service
                self.create_instance(p, _commit=False)
        except Exception as e:
            if _commit:
--- a/app/permissions_utils.py
+++ b/app/permissions_utils.py
@@ -1,28 +0,0 @@
-from app.models import (
-    MANAGE_USERS,
-    MANAGE_TEMPLATES,
-    MANAGE_SETTINGS,
-    SEND_TEXTS,
-    SEND_EMAILS,
-    SEND_LETTERS,
-    MANAGE_API_KEYS,
-    VIEW_ACTIVITY
-)
-
-from app.schemas import permission_schema
-
-
-permissions_groups = {'send_messages': [SEND_TEXTS, SEND_EMAILS, SEND_LETTERS],
-                      'manage_service': [MANAGE_USERS, MANAGE_SETTINGS, MANAGE_TEMPLATES],
-                      'manage_api_keys': [MANAGE_API_KEYS],
-                      VIEW_ACTIVITY: [VIEW_ACTIVITY]}
-
-
-def get_permissions_by_group(permission_groups):
-    requested_permissions = []
-    for group in permission_groups:
-        permissions = permissions_groups[group]
-        for permission in permissions:
-            requested_permissions.append({'permission': permission})
-    permissions, errors = permission_schema.load(requested_permissions, many=True)
-    return permissions
--- a/app/service/rest.py
+++ b/app/service/rest.py
@@ -26,12 +26,13 @@ from app.dao.services_dao import (
 from app.dao.provider_statistics_dao import get_fragment_count

 from app.dao.users_dao import get_model_users
-from app.models import ApiKey
+
 from app.schemas import (
    service_schema,
    api_key_schema,
    user_schema,
-    from_to_date_schema
+    from_to_date_schema,
+    permission_schema
 )

 from app.errors import register_errors
@@ -150,10 +151,9 @@ def add_user_to_service(service_id, user_id):
        return jsonify(result='error',
                       message='User id: {} already part of service id: {}'.format(user_id, service_id)), 400

-    permissions_json = request.get_json().get('permissions', [])
-    permissions = _process_permissions(user, service, permissions_json)
-    dao_add_user_to_service(service, user, permissions)
+    permissions, errors = permission_schema.load(request.get_json(), many=True)

+    dao_add_user_to_service(service, user, permissions)
    data, errors = service_schema.dump(service)
    return jsonify(data=data), 201

--- a/tests/app/service/test_rest.py
+++ b/tests/app/service/test_rest.py
@@ -640,7 +640,14 @@ def test_add_existing_user_to_another_service_with_all_permissions(notify_api,
            # they must exist in db first
            save_model_user(user_to_add)

-            data = {'permissions': ['send_messages', 'manage_service', 'manage_api_keys']}
+            data = [{"permission": "send_emails"},
+                    {"permission": "send_letters"},
+                    {"permission": "send_texts"},
+                    {"permission": "manage_users"},
+                    {"permission": "manage_settings"},
+                    {"permission": "manage_api_keys"},
+                    {"permission": "manage_templates"},
+                    {"permission": "view_activity"}]

            auth_header = create_authorization_header()

@@ -672,7 +679,7 @@ def test_add_existing_user_to_another_service_with_all_permissions(notify_api,
            json_resp = json.loads(resp.get_data(as_text=True))
            permissions = json_resp['data']['permissions'][str(sample_service.id)]
            expected_permissions = ['send_texts', 'send_emails', 'send_letters', 'manage_users',
-                                    'manage_settings', 'manage_templates', 'manage_api_keys']
+                                    'manage_settings', 'manage_templates', 'manage_api_keys', 'view_activity']
            assert sorted(expected_permissions) == sorted(permissions)


@@ -693,7 +700,10 @@ def test_add_existing_user_to_another_service_with_send_permissions(notify_api,
            )
            save_model_user(user_to_add)

-            data = {'permissions': ['send_messages']}
+            data = [{"permission": "send_emails"},
+                    {"permission": "send_letters"},
+                    {"permission": "send_texts"}]
+
            auth_header = create_authorization_header()

            resp = client.post(
@@ -734,7 +744,10 @@ def test_add_existing_user_to_another_service_with_manage_permissions(notify_api
            )
            save_model_user(user_to_add)

-            data = {'permissions': ['manage_service']}
+            data = [{"permission": "manage_users"},
+                    {"permission": "manage_settings"},
+                    {"permission": "manage_templates"}]
+
            auth_header = create_authorization_header()

            resp = client.post(
@@ -775,7 +788,8 @@ def test_add_existing_user_to_another_service_with_manage_api_keys(notify_api,
            )
            save_model_user(user_to_add)

-            data = {'permissions': ['manage_api_keys']}
+            data = [{"permission": "manage_api_keys"}]
+
            auth_header = create_authorization_header()

            resp = client.post(