def delete(self, object_type, object_id):
model = get_model_from_type(object_type)
obj = get_object_or_404(model.get_by_id_and_org, object_id,
self.current_org)
require_admin_or_owner(obj.user_id)
req = request.get_json(True)
grantee_id = req['user_id']
access_type = req['access_type']
grantee = User.query.get(req['user_id'])
if grantee is None:
abort(400, message='User not found.')
AccessPermission.revoke(obj, grantee, access_type)
db.session.commit()
self.record_event({
'action': 'revoke_permission',
'object_id': object_id,
'object_type': object_type,
'access_type': access_type,
'grantee_id': grantee_id
})
def delete(self, object_type, object_id):
model = get_model_from_type(object_type)
obj = get_object_or_404(model.get_by_id_and_org, object_id,
self.current_org)
require_admin_or_owner(obj.user_id)
req = request.get_json(True)
grantee_id = req["user_id"]
access_type = req["access_type"]
grantee = User.query.get(req["user_id"])
if grantee is None:
abort(400, message="User not found.")
AccessPermission.revoke(obj, grantee, access_type)
db.session.commit()
self.record_event({
"action": "revoke_permission",
"object_id": object_id,
"object_type": object_type,
"access_type": access_type,
"grantee_id": grantee_id,
})
def test_deletes_permission_for_only_given_grantee_on_given_grant_type(self):
q = self.factory.create_query()
first_user = self.factory.create_user()
second_user = self.factory.create_user()
AccessPermission.grant(
obj=q,
access_type=ACCESS_TYPE_MODIFY,
grantor=self.factory.user,
grantee=first_user,
)
AccessPermission.grant(
obj=q,
access_type=ACCESS_TYPE_MODIFY,
grantor=self.factory.user,
grantee=second_user,
)
AccessPermission.grant(
obj=q,
access_type=ACCESS_TYPE_VIEW,
grantor=self.factory.user,
grantee=second_user,
)
self.assertEqual(1, AccessPermission.revoke(q, second_user, ACCESS_TYPE_VIEW))
def test_deletes_permission(self):
q = self.factory.create_query()
permission = AccessPermission.grant(obj=q,
access_type=ACCESS_TYPE_MODIFY,
grantor=self.factory.user,
grantee=self.factory.user)
self.assertEqual(
1, AccessPermission.revoke(q, self.factory.user,
ACCESS_TYPE_MODIFY))
def delete(self, object_type, object_id):
model = get_model_from_type(object_type)
obj = get_object_or_404(model.get_by_id_and_org, object_id, self.current_org)
require_admin_or_owner(obj.user_id)
req = request.get_json(True)
grantee = req['user_id']
access_type = req['access_type']
AccessPermission.revoke(obj, grantee, access_type)
self.record_event({
'action': 'revoke_permission',
'object_id': object_id,
'object_type': object_type,
'access_type': access_type,
'grantee': grantee
})
def test_deletes_all_permissions_if_no_type_given(self):
q = self.factory.create_query()
permission = AccessPermission.grant(obj=q, access_type=ACCESS_TYPE_MODIFY,
grantor=self.factory.user,
grantee=self.factory.user)
permission = AccessPermission.grant(obj=q, access_type=ACCESS_TYPE_VIEW,
grantor=self.factory.user,
grantee=self.factory.user)
self.assertEqual(2, AccessPermission.revoke(q, self.factory.user))
def test_deletes_permission_for_only_given_grantee_on_given_grant_type(self):
q = self.factory.create_query()
first_user = self.factory.create_user()
second_user = self.factory.create_user()
AccessPermission.grant(obj=q, access_type=ACCESS_TYPE_MODIFY,
grantor=self.factory.user,
grantee=first_user)
AccessPermission.grant(obj=q, access_type=ACCESS_TYPE_MODIFY,
grantor=self.factory.user,
grantee=second_user)
AccessPermission.grant(obj=q, access_type=ACCESS_TYPE_VIEW,
grantor=self.factory.user,
grantee=second_user)
self.assertEqual(1, AccessPermission.revoke(q, second_user, ACCESS_TYPE_VIEW))
def test_deletes_nothing_when_no_permission_exists(self):
q = self.factory.create_query()
self.assertEqual(
0, AccessPermission.revoke(q, self.factory.user,
ACCESS_TYPE_MODIFY))
def test_deletes_permission(self):
q = self.factory.create_query()
permission = AccessPermission.grant(obj=q, access_type=ACCESS_TYPE_MODIFY,
grantor=self.factory.user,
grantee=self.factory.user)
self.assertEqual(1, AccessPermission.revoke(q, self.factory.user, ACCESS_TYPE_MODIFY))
def test_deletes_nothing_when_no_permission_exists(self):
q = self.factory.create_query()
self.assertEqual(0, AccessPermission.revoke(q, self.factory.user, ACCESS_TYPE_MODIFY))
