diff --git a/app/dao/__init__.py b/app/dao/__init__.py index 28208075b..483e45fd1 100644 --- a/app/dao/__init__.py +++ b/app/dao/__init__.py @@ -1,6 +1,4 @@ from sqlalchemy.exc import SQLAlchemyError -from werkzeug.datastructures import MultiDict -from sqlalchemy.orm.relationships import RelationshipProperty from app import db @@ -14,41 +12,19 @@ class DAOClass(object): class Meta: model = None - def create_instance(self, inst): + def create_instance(self, inst, _commit=True): db.session.add(inst) - db.session.commit() + if _commit: + db.session.commit() - def update_instance(self, inst, update_dict): + def update_instance(self, inst, update_dict, _commit=True): # Make sure the id is not included in the update_dict update_dict.pop('id') self.Meta.model.query.filter_by(id=inst.id).update(update_dict) - db.session.commit() + if _commit: + db.session.commit() - def get_query(self, filter_by_dict={}): - if isinstance(filter_by_dict, dict): - filter_by_dict = MultiDict(filter_by_dict) - query = self.Meta.model.query - for k in filter_by_dict.keys(): - query = self._build_query(query, k, filter_by_dict.getlist(k)) - return query - - def delete_instance(self, inst): + def delete_instance(self, inst, _commit=True): db.session.delete(inst) - db.session.commit() - - def _build_query(self, query, key, values): - # TODO Lots to do here to work with all types of filters. - field = getattr(self.Meta.model, key, None) - filters = getattr(self.Meta, 'filter', [key]) - if field and key in filters: - if isinstance(field.property, RelationshipProperty): - if len(values) == 1: - query = query.filter_by(**{key: field.property.mapper.class_.query.get(values[0])}) - elif len(values) > 1: - query = query.filter(field.in_(field.property.mapper.class_.query.any(values[0]))) - else: - if len(values) == 1: - query = query.filter_by(**{key: values[0]}) - elif len(values) > 1: - query = query.filter(field.in_(values)) - return query + if _commit: + db.session.commit() diff --git a/app/dao/permissions_dao.py b/app/dao/permissions_dao.py index 30859aaa7..09bf82f35 100644 --- a/app/dao/permissions_dao.py +++ b/app/dao/permissions_dao.py @@ -1,5 +1,14 @@ from app.dao import DAOClass -from app.models import Permission +from app.models import (Permission, Service, User) +from werkzeug.datastructures import MultiDict + + +# Service Permissions +manage_service = 'manage_service' +send_messages = 'send_messages' +manage_api_keys = 'manage_api_keys' +# Default permissions for a service +default_service_permissions = [manage_service, send_messages, manage_api_keys] class PermissionDAO(DAOClass): @@ -7,5 +16,30 @@ class PermissionDAO(DAOClass): class Meta: model = Permission + def get_query(self, filter_by_dict={}): + if isinstance(filter_by_dict, dict): + filter_by_dict = MultiDict(filter_by_dict) + query = self.Meta.model.query + if 'id' in filter_by_dict: + query = query.filter(Permission.id.in_(filter_by_dict.getlist('id'))) + if 'service' in filter_by_dict: + service_ids = filter_by_dict.getlist('service') + if len(service_ids) == 1: + query.filter_by(service=Service.query.get(service_ids[0])) + # TODO the join method for multiple services + if 'user' in filter_by_dict: + user_ids = filter_by_dict.getlist('service') + if len(user_ids) == 1: + query = query.filter_by(user=User.query.get(user_ids[0])) + # TODO the join method for multiple users + if 'permission' in filter_by_dict: + query = query.filter(Permission.permission.in_(filter_by_dict.getlist('permission'))) + return query + + def add_default_service_permissions_for_user(self, user, service): + for name in default_service_permissions: + permission = Permission(permission=name, user=user, service=service) + self.create_instance(permission, _commit=False) + permission_dao = PermissionDAO() diff --git a/app/dao/services_dao.py b/app/dao/services_dao.py index c9a714d51..ce392be6e 100644 --- a/app/dao/services_dao.py +++ b/app/dao/services_dao.py @@ -20,9 +20,17 @@ def dao_fetch_service_by_id_and_user(service_id, user_id): def dao_create_service(service, user): - service.users.append(user) - db.session.add(service) - db.session.commit() + try: + from app.dao.permissions_dao import permission_dao + service.users.append(user) + permission_dao.add_default_service_permissions_for_user(user, service) + db.session.add(service) + except Exception as e: + # Proper clean up + db.session.rollback() + raise e + else: + db.session.commit() def dao_update_service(service): diff --git a/migrations/versions/0028_add_default_permissions.py b/migrations/versions/0028_add_default_permissions.py new file mode 100644 index 000000000..893f4f851 --- /dev/null +++ b/migrations/versions/0028_add_default_permissions.py @@ -0,0 +1,44 @@ +"""empty message + +Revision ID: 0028_add_default_permissions +Revises: 0027_add_service_permission +Create Date: 2016-02-26 10:33:20.536362 + +""" + +# revision identifiers, used by Alembic. +revision = '0028_add_default_permissions' +down_revision = '0027_add_service_permission' +import uuid +from datetime import datetime +from alembic import op +import sqlalchemy as sa +from sqlalchemy.dialects import postgresql + +def upgrade(): + ### commands auto generated by Alembic - please adjust! ### + conn = op.get_bind() + user_services = conn.execute("SELECT * FROM user_to_service").fetchall() + for entry in user_services: + id_ = uuid.uuid4() + created_at = datetime.now().isoformat().replace('T', ' ') + conn.execute(( + "INSERT INTO permissions (id, user_id, service_id, permission, created_at)" + " VALUES ('{}', '{}', '{}', 'manage_service', '{}')").format(id_, entry[0], entry[1], created_at)) + id_ = uuid.uuid4() + conn.execute(( + "INSERT INTO permissions (id, user_id, service_id, permission, created_at)" + " VALUES ('{}', '{}', '{}', 'send_messages', '{}')").format(id_, entry[0], entry[1], created_at)) + id_ = uuid.uuid4() + conn.execute(( + "INSERT INTO permissions (id, user_id, service_id, permission, created_at)" + " VALUES ('{}', '{}', '{}', 'manage_api_keys', '{}')").format(id_, entry[0], entry[1], created_at)) + ### end Alembic commands ### + + +def downgrade(): + ### commands auto generated by Alembic - please adjust! ### + conn = op.get_bind() + conn.execute("DELETE FROM permissions") + + ### end Alembic commands ### \ No newline at end of file diff --git a/tests/app/job/test_rest.py b/tests/app/job/test_rest.py index 278366732..44d7ffd78 100644 --- a/tests/app/job/test_rest.py +++ b/tests/app/job/test_rest.py @@ -50,7 +50,6 @@ def test_get_job_with_invalid_job_id_returns404(notify_api, sample_template): response = client.get(path, headers=[auth_header]) assert response.status_code == 404 resp_json = json.loads(response.get_data(as_text=True)) - print(resp_json) assert resp_json['result'] == 'error' assert resp_json['message'] == 'No result found' @@ -218,7 +217,6 @@ def test_get_update_job(notify_api, sample_job): def _setup_jobs(notify_db, notify_db_session, template, number_of_jobs=5): for i in range(number_of_jobs): - print(i) create_job( notify_db, notify_db_session, diff --git a/tests/app/permissions/test_rest.py b/tests/app/permissions/test_rest.py index 10607d72b..434680684 100644 --- a/tests/app/permissions/test_rest.py +++ b/tests/app/permissions/test_rest.py @@ -53,7 +53,6 @@ def test_get_permission_filter(notify_api, headers=[header]) assert response.status_code == 200 json_resp = json.loads(response.get_data(as_text=True)) - assert len(json_resp['data']) == 1 expected = { "permission": another_permission.permission, "user": sample_user.id, diff --git a/tests/app/service/test_rest.py b/tests/app/service/test_rest.py index 6e44f68d2..6fa343567 100644 --- a/tests/app/service/test_rest.py +++ b/tests/app/service/test_rest.py @@ -1,5 +1,6 @@ import json import uuid +from flask import url_for from app.dao.users_dao import save_model_user from app.dao.services_dao import dao_remove_user_from_service from app.models import User @@ -403,3 +404,55 @@ def test_get_users_for_service_returns_404_when_service_does_not_exist(notify_ap result = json.loads(response.get_data(as_text=True)) assert result['result'] == 'error' assert result['message'] == 'Service not found for id: {}'.format(service_id) + + +def test_default_permissions_are_added_for_user_service(notify_api, + notify_db, + notify_db_session, + sample_service, + sample_user): + with notify_api.test_request_context(): + with notify_api.test_client() as client: + data = { + 'name': 'created service', + 'user_id': sample_user.id, + 'limit': 1000, + 'restricted': False, + 'active': False} + auth_header = create_authorization_header( + path='/service', + method='POST', + request_body=json.dumps(data) + ) + headers = [('Content-Type', 'application/json'), auth_header] + resp = client.post( + '/service', + data=json.dumps(data), + headers=headers) + json_resp = json.loads(resp.get_data(as_text=True)) + assert resp.status_code == 201 + assert json_resp['data']['id'] + assert json_resp['data']['name'] == 'created service' + assert json_resp['data']['email_from'] == 'created.service' + + auth_header_fetch = create_authorization_header( + path='/service/{}'.format(json_resp['data']['id']), + method='GET' + ) + + resp = client.get( + '/service/{}?user_id={}'.format(json_resp['data']['id'], sample_user.id), + headers=[auth_header_fetch] + ) + assert resp.status_code == 200 + header = create_authorization_header( + path=url_for('user.get_user', user_id=sample_user.id), + method='GET') + response = client.get( + url_for('user.get_user', user_id=sample_user.id), + headers=[header]) + assert response.status_code == 200 + json_resp = json.loads(response.get_data(as_text=True)) + service_permissions = json_resp['data']['permissions'][str(sample_service.id)] + from app.dao.permissions_dao import default_service_permissions + assert sorted(default_service_permissions) == sorted(service_permissions) diff --git a/tests/app/user/test_rest.py b/tests/app/user/test_rest.py index be47c0b65..a94df0bdf 100644 --- a/tests/app/user/test_rest.py +++ b/tests/app/user/test_rest.py @@ -29,7 +29,8 @@ def test_get_user_list(notify_api, notify_db, notify_db_session, sample_user, sa "logged_in_at": None, "state": "active", "failed_login_count": 0, - "permissions": {} + "permissions": { + str(sample_admin_service_id): ['manage_service', 'send_messages', 'manage_api_keys']} } print(json_resp['data']) assert expected in json_resp['data'] @@ -58,7 +59,8 @@ def test_get_user(notify_api, notify_db, notify_db_session, sample_user, sample_ "logged_in_at": None, "state": "active", "failed_login_count": 0, - "permissions": {} + "permissions": { + str(sample_admin_service_id): ['manage_service', 'send_messages', 'manage_api_keys']} } assert json_resp['data'] == expected @@ -197,7 +199,8 @@ def test_put_user(notify_api, notify_db, notify_db_session, sample_user, sample_ "logged_in_at": None, "state": "active", "failed_login_count": 0, - "permissions": {} + "permissions": { + str(sample_admin_service_id): ['manage_service', 'send_messages', 'manage_api_keys']} } assert json_resp['data'] == expected assert json_resp['data']['email_address'] == new_email @@ -295,7 +298,8 @@ def test_get_user_by_email(notify_api, notify_db, notify_db_session, sample_user "logged_in_at": None, "state": "active", "failed_login_count": 0, - "permissions": {} + "permissions": { + str(sample_admin_service_id): ['manage_service', 'send_messages', 'manage_api_keys']} } assert json_resp['data'] == expected @@ -349,16 +353,5 @@ def test_get_user_with_permissions(notify_api, response = client.get(url_for('user.get_user', user_id=sample_service_permission.user.id), headers=[header]) assert response.status_code == 200 - json_resp = json.loads(response.get_data(as_text=True)) - expected = { - "name": "Test User", - "email_address": sample_service_permission.user.email_address, - "id": sample_service_permission.user.id, - "mobile_number": "+447700900986", - "password_changed_at": None, - "logged_in_at": None, - "state": "active", - "failed_login_count": 0, - "permissions": {str(sample_service_permission.service.id): [sample_service_permission.permission]} - } - assert expected == json_resp['data'] + permissions = json.loads(response.get_data(as_text=True))['data']['permissions'] + assert sample_service_permission.permission in permissions[str(sample_service_permission.service.id)] diff --git a/tests/app/user/test_rest_verify.py b/tests/app/user/test_rest_verify.py index 5d6dc544c..f93533ab5 100644 --- a/tests/app/user/test_rest_verify.py +++ b/tests/app/user/test_rest_verify.py @@ -358,7 +358,6 @@ def test_send_user_sms_code(notify_api, url_for('user.send_user_sms_code', user_id=sample_sms_code.user.id), data=data, headers=[('Content-Type', 'application/json'), auth_header]) - print(resp.get_data(as_text=True)) assert resp.status_code == 204 app.celery.tasks.send_sms_code.apply_async.assert_called_once_with(['something_encrypted'], queue='sms-code') @@ -427,7 +426,6 @@ def test_send_user_email_code(notify_api, url_for('user.send_user_email_code', user_id=sample_email_code.user.id), data=data, headers=[('Content-Type', 'application/json'), auth_header]) - print(resp.get_data(as_text=True)) assert resp.status_code == 204 app.celery.tasks.send_email_code.apply_async.assert_called_once_with(['something_encrypted'], queue='email-code')