From cd240f921265a72c25b4d23eec76677d4374c8a2 Mon Sep 17 00:00:00 2001 From: Katie Smith Date: Mon, 25 Feb 2019 15:39:11 +0000 Subject: [PATCH] Delete user folder permissions when user is removed from a service --- app/dao/services_dao.py | 8 ++++- tests/app/dao/test_services_dao.py | 36 ++++++++++++++++++++++- tests/app/dao/test_template_folder_dao.py | 16 ++++++++++ 3 files changed, 58 insertions(+), 2 deletions(-) create mode 100644 tests/app/dao/test_template_folder_dao.py diff --git a/app/dao/services_dao.py b/app/dao/services_dao.py index 18819a862..eb766c06b 100644 --- a/app/dao/services_dao.py +++ b/app/dao/services_dao.py @@ -12,6 +12,7 @@ from app.dao.dao_utils import ( version_class ) from app.dao.service_sms_sender_dao import insert_service_sms_sender +from app.dao.service_user_dao import dao_get_service_user from app.models import ( AnnualBilling, ApiKey, @@ -201,8 +202,13 @@ def dao_remove_user_from_service(service, user): try: from app.dao.permissions_dao import permission_dao permission_dao.remove_user_service_permissions(user, service) + + service_user = dao_get_service_user(user.id, service.id) + service_user.folders = [] + service.users.remove(user) - db.session.add(service) + + db.session.add_all([service, service_user]) except Exception as e: db.session.rollback() raise e diff --git a/tests/app/dao/test_services_dao.py b/tests/app/dao/test_services_dao.py index 6d134d616..6461fd93c 100644 --- a/tests/app/dao/test_services_dao.py +++ b/tests/app/dao/test_services_dao.py @@ -31,6 +31,7 @@ from app.dao.services_dao import ( dao_fetch_active_users_for_service, dao_fetch_service_by_inbound_number, ) +from app.dao.service_user_dao import dao_get_service_user, dao_update_service_user from app.dao.users_dao import save_model_user, create_user_code from app.models import ( VerifyCode, @@ -51,7 +52,8 @@ from app.models import ( EMAIL_TYPE, SMS_TYPE, INTERNATIONAL_SMS_TYPE, - LETTER_TYPE + LETTER_TYPE, + user_folder_permissions, ) from tests.app.db import ( create_inbound_number, @@ -60,6 +62,7 @@ from tests.app.db import ( create_service_with_inbound_number, create_service_with_defined_sms_sender, create_template, + create_template_folder, create_notification, create_api_key, create_invited_user, @@ -210,6 +213,37 @@ def test_should_remove_user_from_service(notify_db_session): assert new_user not in Service.query.first().users +def test_removing_a_user_from_a_service_deletes_their_permissions(sample_user, sample_service): + assert len(Permission.query.all()) == 8 + + dao_remove_user_from_service(sample_service, sample_user) + + assert Permission.query.all() == [] + + +def test_removing_a_user_from_a_service_deletes_their_folder_permissions_for_that_service(sample_user, sample_service): + tf1 = create_template_folder(sample_service) + tf2 = create_template_folder(sample_service) + + service_2 = create_service(sample_user, service_name='other service') + tf3 = create_template_folder(service_2) + + service_user = dao_get_service_user(sample_user.id, sample_service.id) + service_user.folders = [tf1, tf2] + dao_update_service_user(service_user) + + service_2_user = dao_get_service_user(sample_user.id, service_2.id) + service_2_user.folders = [tf3] + dao_update_service_user(service_2_user) + + dao_remove_user_from_service(sample_service, sample_user) + + user_folder_permission = db.session.query(user_folder_permissions).one() + assert user_folder_permission.user_id == service_2_user.user_id + assert user_folder_permission.service_id == service_2_user.service_id + assert user_folder_permission.template_folder_id == tf3.id + + def test_get_all_services(notify_db_session): create_service(service_name='service 1', email_from='service.1') assert len(dao_fetch_all_services()) == 1 diff --git a/tests/app/dao/test_template_folder_dao.py b/tests/app/dao/test_template_folder_dao.py new file mode 100644 index 000000000..ac9ce444c --- /dev/null +++ b/tests/app/dao/test_template_folder_dao.py @@ -0,0 +1,16 @@ +from app import db +from app.dao.service_user_dao import dao_get_service_user +from app.dao.template_folder_dao import dao_delete_template_folder, dao_update_template_folder +from app.models import user_folder_permissions +from tests.app.db import create_template_folder + + +def test_dao_delete_template_folder_deletes_user_folder_permissions(sample_user, sample_service): + folder = create_template_folder(sample_service) + service_user = dao_get_service_user(sample_user.id, sample_service.id) + folder.users = [service_user] + dao_update_template_folder(folder) + + dao_delete_template_folder(folder) + + assert db.session.query(user_folder_permissions).all() == []