From 75b9f77f92ef2408f41cb9ecaf6a559ca0eb3db1 Mon Sep 17 00:00:00 2001 From: Nicholas Staples Date: Fri, 26 Feb 2016 15:57:24 +0000 Subject: [PATCH] user permissions now returned with the user object and all tests passing. --- app/schemas.py | 13 ++++++++++ tests/app/conftest.py | 21 ++++++++++++++++ tests/app/user/test_rest.py | 49 +++++++++++++++++++++++++++++++------ 3 files changed, 76 insertions(+), 7 deletions(-) diff --git a/app/schemas.py b/app/schemas.py index 4cc58d9ac..80b0b72e1 100644 --- a/app/schemas.py +++ b/app/schemas.py @@ -3,6 +3,7 @@ from flask import current_app from flask_marshmallow.fields import fields from . import ma from . import models +from app.dao.permissions_dao import permission_dao from marshmallow import (post_load, ValidationError, validates, validates_schema) mobile_regex = re.compile("^\\+44[\\d]{10}$") @@ -58,6 +59,18 @@ class BaseSchema(ma.ModelSchema): class UserSchema(BaseSchema): + + permissions = fields.Method("user_permissions", dump_only=True) + + def user_permissions(self, usr): + retval = {} + for x in permission_dao.get_query({'user': usr.id}): + service_id = str(x.service_id) + if service_id not in retval: + retval[service_id] = [] + retval[service_id].append(x.permission) + return retval + class Meta: model = models.User exclude = ( diff --git a/tests/app/conftest.py b/tests/app/conftest.py index 89174e167..f95d37a38 100644 --- a/tests/app/conftest.py +++ b/tests/app/conftest.py @@ -341,3 +341,24 @@ def sample_permission(notify_db, db.session.add(p_model) db.session.commit() return p_model + + +@pytest.fixture(scope='function') +def sample_service_permission(notify_db, + notify_db_session, + service=None, + user=None, + permission="sample permission"): + if user is None: + user = sample_user(notify_db, notify_db_session) + if service is None: + service = sample_service(notify_db, notify_db_session) + data = { + 'user': user, + 'service': service, + 'permission': permission + } + p_model = Permission(**data) + db.session.add(p_model) + db.session.commit() + return p_model diff --git a/tests/app/user/test_rest.py b/tests/app/user/test_rest.py index 35ced8812..be47c0b65 100644 --- a/tests/app/user/test_rest.py +++ b/tests/app/user/test_rest.py @@ -28,8 +28,10 @@ def test_get_user_list(notify_api, notify_db, notify_db_session, sample_user, sa "password_changed_at": None, "logged_in_at": None, "state": "active", - "failed_login_count": 0 + "failed_login_count": 0, + "permissions": {} } + print(json_resp['data']) assert expected in json_resp['data'] @@ -55,7 +57,8 @@ def test_get_user(notify_api, notify_db, notify_db_session, sample_user, sample_ "password_changed_at": None, "logged_in_at": None, "state": "active", - "failed_login_count": 0 + "failed_login_count": 0, + "permissions": {} } assert json_resp['data'] == expected @@ -75,7 +78,8 @@ def test_post_user(notify_api, notify_db, notify_db_session, sample_admin_servic "password_changed_at": None, "logged_in_at": None, "state": "active", - "failed_login_count": 0 + "failed_login_count": 0, + "permissions": {} } auth_header = create_authorization_header(service_id=sample_admin_service_id, path=url_for('user.create_user'), @@ -108,7 +112,8 @@ def test_post_user_missing_attribute_email(notify_api, notify_db, notify_db_sess "password_changed_at": None, "logged_in_at": None, "state": "active", - "failed_login_count": 0 + "failed_login_count": 0, + "permissions": {} } auth_header = create_authorization_header(service_id=sample_admin_service_id, path=url_for('user.create_user'), @@ -139,7 +144,8 @@ def test_post_user_missing_attribute_password(notify_api, notify_db, notify_db_s "password_changed_at": None, "logged_in_at": None, "state": "active", - "failed_login_count": 0 + "failed_login_count": 0, + "permissions": {} } auth_header = create_authorization_header(service_id=sample_admin_service_id, path=url_for('user.create_user'), @@ -190,7 +196,8 @@ def test_put_user(notify_api, notify_db, notify_db_session, sample_user, sample_ "id": user.id, "logged_in_at": None, "state": "active", - "failed_login_count": 0 + "failed_login_count": 0, + "permissions": {} } assert json_resp['data'] == expected assert json_resp['data']['email_address'] == new_email @@ -287,7 +294,8 @@ def test_get_user_by_email(notify_api, notify_db, notify_db_session, sample_user "password_changed_at": None, "logged_in_at": None, "state": "active", - "failed_login_count": 0 + "failed_login_count": 0, + "permissions": {} } assert json_resp['data'] == expected @@ -327,3 +335,30 @@ def test_get_user_by_email_bad_url_returns_404(notify_api, json_resp = json.loads(resp.get_data(as_text=True)) assert json_resp['result'] == 'error' assert json_resp['message'] == 'invalid request' + + +def test_get_user_with_permissions(notify_api, + notify_db, + notify_db_session, + sample_service_permission): + with notify_api.test_request_context(): + with notify_api.test_client() as client: + header = create_authorization_header( + path=url_for('user.get_user', user_id=sample_service_permission.user.id), + method='GET') + response = client.get(url_for('user.get_user', user_id=sample_service_permission.user.id), + headers=[header]) + assert response.status_code == 200 + json_resp = json.loads(response.get_data(as_text=True)) + expected = { + "name": "Test User", + "email_address": sample_service_permission.user.email_address, + "id": sample_service_permission.user.id, + "mobile_number": "+447700900986", + "password_changed_at": None, + "logged_in_at": None, + "state": "active", + "failed_login_count": 0, + "permissions": {str(sample_service_permission.service.id): [sample_service_permission.permission]} + } + assert expected == json_resp['data']