From 9b73b0d9f84314e0b4288b75bf0a7d14672ba848 Mon Sep 17 00:00:00 2001
From: Nicholas Staples <nicholas.staples@solution-tribute.com>
Date: Fri, 26 Feb 2016 17:11:30 +0000
Subject: [PATCH] Default permissions added on service creation. All tests
 working.

---
 app/dao/__init__.py                |  5 +--
 app/dao/permissions_dao.py         | 13 ++++++++
 app/dao/services_dao.py            |  9 ++++-
 tests/app/permissions/test_rest.py |  1 -
 tests/app/service/test_rest.py     | 53 ++++++++++++++++++++++++++++++
 tests/app/user/test_rest.py        | 15 ++-------
 6 files changed, 79 insertions(+), 17 deletions(-)

diff --git a/app/dao/__init__.py b/app/dao/__init__.py
index 28208075b..2b985d659 100644
--- a/app/dao/__init__.py
+++ b/app/dao/__init__.py
@@ -14,9 +14,10 @@ class DAOClass(object):
     class Meta:
         model = None
 
-    def create_instance(self, inst):
+    def create_instance(self, inst, _commit=True):
         db.session.add(inst)
-        db.session.commit()
+        if _commit:
+            db.session.commit()
 
     def update_instance(self, inst, update_dict):
         # Make sure the id is not included in the update_dict
diff --git a/app/dao/permissions_dao.py b/app/dao/permissions_dao.py
index 30859aaa7..f60cc0652 100644
--- a/app/dao/permissions_dao.py
+++ b/app/dao/permissions_dao.py
@@ -2,10 +2,23 @@ from app.dao import DAOClass
 from app.models import Permission
 
 
+# Service Permissions
+manage_service = 'manage_service'
+send_messages = 'send_messages'
+manage_api_keys = 'manage_api_keys'
+# Default permissions for a service
+default_service_permissions = [manage_service, send_messages, manage_api_keys]
+
+
 class PermissionDAO(DAOClass):
 
     class Meta:
         model = Permission
 
+    def add_default_service_permissions_for_user(self, user, service):
+        for name in default_service_permissions:
+            permission = Permission(permission=name, user=user, service=service)
+            self.create_instance(permission, _commit=False)
+
 
 permission_dao = PermissionDAO()
diff --git a/app/dao/services_dao.py b/app/dao/services_dao.py
index c9a714d51..9083768dc 100644
--- a/app/dao/services_dao.py
+++ b/app/dao/services_dao.py
@@ -20,7 +20,14 @@ def dao_fetch_service_by_id_and_user(service_id, user_id):
 
 
 def dao_create_service(service, user):
-    service.users.append(user)
+    try:
+        from app.dao.permissions_dao import permission_dao
+        service.users.append(user)
+        permission_dao.add_default_service_permissions_for_user(user, service)
+    except Exception as e:
+        # Proper clean up
+        db.session.rollback()
+        raise e
     db.session.add(service)
     db.session.commit()
 
diff --git a/tests/app/permissions/test_rest.py b/tests/app/permissions/test_rest.py
index 10607d72b..434680684 100644
--- a/tests/app/permissions/test_rest.py
+++ b/tests/app/permissions/test_rest.py
@@ -53,7 +53,6 @@ def test_get_permission_filter(notify_api,
                 headers=[header])
             assert response.status_code == 200
             json_resp = json.loads(response.get_data(as_text=True))
-            assert len(json_resp['data']) == 1
             expected = {
                 "permission": another_permission.permission,
                 "user": sample_user.id,
diff --git a/tests/app/service/test_rest.py b/tests/app/service/test_rest.py
index 6e44f68d2..6fa343567 100644
--- a/tests/app/service/test_rest.py
+++ b/tests/app/service/test_rest.py
@@ -1,5 +1,6 @@
 import json
 import uuid
+from flask import url_for
 from app.dao.users_dao import save_model_user
 from app.dao.services_dao import dao_remove_user_from_service
 from app.models import User
@@ -403,3 +404,55 @@ def test_get_users_for_service_returns_404_when_service_does_not_exist(notify_ap
             result = json.loads(response.get_data(as_text=True))
             assert result['result'] == 'error'
             assert result['message'] == 'Service not found for id: {}'.format(service_id)
+
+
+def test_default_permissions_are_added_for_user_service(notify_api,
+                                                        notify_db,
+                                                        notify_db_session,
+                                                        sample_service,
+                                                        sample_user):
+    with notify_api.test_request_context():
+        with notify_api.test_client() as client:
+            data = {
+                'name': 'created service',
+                'user_id': sample_user.id,
+                'limit': 1000,
+                'restricted': False,
+                'active': False}
+            auth_header = create_authorization_header(
+                path='/service',
+                method='POST',
+                request_body=json.dumps(data)
+            )
+            headers = [('Content-Type', 'application/json'), auth_header]
+            resp = client.post(
+                '/service',
+                data=json.dumps(data),
+                headers=headers)
+            json_resp = json.loads(resp.get_data(as_text=True))
+            assert resp.status_code == 201
+            assert json_resp['data']['id']
+            assert json_resp['data']['name'] == 'created service'
+            assert json_resp['data']['email_from'] == 'created.service'
+
+            auth_header_fetch = create_authorization_header(
+                path='/service/{}'.format(json_resp['data']['id']),
+                method='GET'
+            )
+
+            resp = client.get(
+                '/service/{}?user_id={}'.format(json_resp['data']['id'], sample_user.id),
+                headers=[auth_header_fetch]
+            )
+            assert resp.status_code == 200
+            header = create_authorization_header(
+                path=url_for('user.get_user', user_id=sample_user.id),
+                method='GET')
+            response = client.get(
+                url_for('user.get_user', user_id=sample_user.id),
+                headers=[header])
+            assert response.status_code == 200
+            json_resp = json.loads(response.get_data(as_text=True))
+            service_permissions = json_resp['data']['permissions'][str(sample_service.id)]
+            from app.dao.permissions_dao import default_service_permissions
+            assert sorted(default_service_permissions) == sorted(service_permissions)
diff --git a/tests/app/user/test_rest.py b/tests/app/user/test_rest.py
index be47c0b65..ea4a0e20c 100644
--- a/tests/app/user/test_rest.py
+++ b/tests/app/user/test_rest.py
@@ -349,16 +349,5 @@ def test_get_user_with_permissions(notify_api,
             response = client.get(url_for('user.get_user', user_id=sample_service_permission.user.id),
                                   headers=[header])
             assert response.status_code == 200
-            json_resp = json.loads(response.get_data(as_text=True))
-            expected = {
-                "name": "Test User",
-                "email_address": sample_service_permission.user.email_address,
-                "id": sample_service_permission.user.id,
-                "mobile_number": "+447700900986",
-                "password_changed_at": None,
-                "logged_in_at": None,
-                "state": "active",
-                "failed_login_count": 0,
-                "permissions": {str(sample_service_permission.service.id): [sample_service_permission.permission]}
-            }
-            assert expected == json_resp['data']
+            permissions = json.loads(response.get_data(as_text=True))['data']['permissions']
+            assert sample_service_permission.permission in permissions[str(sample_service_permission.service.id)]