def update_access():
""" Updates the accesses for the user in the post body """
user_management = UserManagement()
jwt_user = get_jwt_identity()
admin_user = user_management.get_user(jwt_user)
authorized = admin_user['role'] == 'admin'
log_request(request, jwt_user, authorized)
if not authorized:
response = {'message': 'only admins can update accesses'}
return jsonify(response), 403
else:
if 'username' not in request.json:
response = {'message': 'username required in post body'}
return jsonify(response), 400
if 'modules' not in request.json:
response = {'message': 'role required in post body'}
return jsonify(response), 400
username = request.json['username']
modules = request.json['modules']
user_management.update_access(username, modules)
response = {'message': 'role updated for %s' % (username)}
return jsonify(response), 201
def test_event():
user_management = UserManagement()
user_management.delete_user(conf.TEST_USER)
user_management.add_user(conf.TEST_USER, conf.TEST_PASSWORD)
# User must be authenticated
url = '/service/event/7757038511'
response = CLIENT.get(url)
assert response.status_code == 401
response = CLIENT.post('/service/user/authenticate',
json=dict(username=conf.TEST_USER,
password=conf.TEST_PASSWORD))
assert response.status_code == 200
jwt = utils._get_cookie_from_response(response, 'access_token_cookie')
# User must have access to events
response = CLIENT.get(
url, headers={'Cookies': 'access_token_cookie=%s' % (jwt)})
assert response.status_code == 403
user_management.update_access(conf.TEST_USER, ['events'])
# Success
response = CLIENT.get(
url, headers={'Cookies': 'access_token_cookie=%s' % (jwt)})
assert response.status_code == 200
assert type(response.json) == dict
# Check to make sure the aggregates are present
assert 'average_age' in response.json
assert 'member_count' in response.json
assert 'non_member_count' in response.json
assert 'first_event_count' in response.json
assert 'age_groups' in response.json
for group in response.json['age_groups']:
count = response.json['age_groups'][group]
assert type(count) == int
# Check to make sure the attendees are present
for attendee in response.json['attendees']:
'member_id' in attendee
'first_name' in attendee
'last_name' in attendee
'name' in attendee
'age' in attendee
'is_member' in attendee
url = '/service/event/8675309'
response = CLIENT.get(
url, headers={'Cookies': 'access_token_cookie=%s' % (jwt)})
assert response.status_code == 404
assert type(response.json) == dict
url = '/service/user/logout'
response = CLIENT.post(url)
assert response.status_code == 200
user_management.delete_user(conf.TEST_USER)
user = user_management.get_user(conf.TEST_USER)
assert user == None
def run_url_tests(url, client, access=[]):
user_management = UserManagement()
user_management.delete_user(conf.TEST_USER)
user_management.add_user(conf.TEST_USER, conf.TEST_PASSWORD)
# User must be authenticated
response = client.get(url)
assert response.status_code == 401
response = client.post('/service/user/authenticate',
json=dict(username=conf.TEST_USER,
password=conf.TEST_PASSWORD))
assert response.status_code == 200
jwt = utils._get_cookie_from_response(response, 'access_token_cookie')
# The user must have access to the correct modules
response = client.get(
url, headers={'Cookies': 'access_token_cookie=%s' % (jwt)})
assert response.status_code == 403
user_management.update_access(conf.TEST_USER, access)
response = client.get(
url, headers={'Cookies': 'access_token_cookie=%s' % (jwt)})
assert response.status_code == 200
url = '/service/user/logout'
response = client.post(url)
assert response.status_code == 200
user_management.delete_user(conf.TEST_USER)
user = user_management.get_user(conf.TEST_USER)
assert not user
def test_avg_attendance():
user_management = UserManagement()
user_management.delete_user(conf.TEST_USER)
user_management.add_user(conf.TEST_USER, conf.TEST_PASSWORD)
url = '/service/trends/avg-attendance'
response = CLIENT.post('/service/user/authenticate',
json=dict(username=conf.TEST_USER,
password=conf.TEST_PASSWORD))
assert response.status_code == 200
jwt = utils._get_cookie_from_response(response, 'access_token_cookie')
# User must have access to trends
response = CLIENT.get(
url, headers={'Authorization': 'access_token_cookies=%s' % (jwt)})
assert response.status_code == 403
user_management.update_access(conf.TEST_USER, ['trends'])
# Success!
response = CLIENT.get(
url, headers={'Authorization': 'access_token_cookies=%s' % (jwt)})
assert response.status_code == 200
assert type(response.json['results']) == list
for result in response.json['results']:
assert 'day_of_week' in result
assert 'day_order' in result
assert 'avg_attendance' in result
url = '/service/user/logout'
response = CLIENT.post(url)
assert response.status_code == 200
user_management.delete_user(conf.TEST_USER)
user = user_management.get_user(conf.TEST_USER)
assert user == None
def test_map_authorize():
user_management = UserManagement()
user_management.delete_user(conf.TEST_USER)
user_management.add_user(conf.TEST_USER, conf.TEST_PASSWORD)
url = '/service/map/authorize'
# User must be authenticated
response = CLIENT.get(url)
assert response.status_code == 401
response = CLIENT.post('/service/user/authenticate',
json=dict(username=conf.TEST_USER,
password=conf.TEST_PASSWORD))
assert response.status_code == 200
jwt = utils._get_cookie_from_response(response, 'access_token_cookie')
# The user must have access to the map module
response = CLIENT.get(
url, headers={'Cookies': 'access_token_cookie=%s' % (jwt)})
assert response.status_code == 403
user_management.update_access(conf.TEST_USER, ['map'])
# Success!
response = CLIENT.get(
url, headers={'Cookies': 'access_token_cookie=%s' % (jwt)})
assert response.status_code == 200
url = '/service/user/logout'
response = CLIENT.post(url)
assert response.status_code == 200
user_management.delete_user(conf.TEST_USER)
user = user_management.get_user(conf.TEST_USER)
assert user == None
def test_events():
user_management = UserManagement()
user_management.delete_user(conf.TEST_USER)
user_management.add_user(conf.TEST_USER, conf.TEST_PASSWORD)
url = '/service/user/logout'
response = CLIENT.post(url)
assert response.status_code == 200
# User must be authenticated
response = CLIENT.get('/service/events?limit=25')
assert response.status_code == 401
response = CLIENT.post('/service/user/authenticate',
json=dict(username=conf.TEST_USER,
password=conf.TEST_PASSWORD))
assert response.status_code == 200
jwt = utils._get_cookie_from_response(response, 'access_token_cookie')
url = '/service/events?limit=25&page=2'
url += '&sort=start_datetime&order=desc'
url += '&q=a&start_datetime=1900-01-01'
url += '&end_datetime=2100-01-01'
user_management.update_access(conf.TEST_USER, ['events'])
# Success!
response = CLIENT.get(
url, headers={'Cookies': 'access_token_cookie=%s' % (jwt)})
assert response.status_code == 200
assert type(response.json['results']) == list
assert len(response.json['results']) == 25
assert 'count' in response.json
assert 'pages' in response.json
# Make sure input validation is working
url = '/service/events?limit=30&page=2'
response = CLIENT.get(
url, headers={'Cookies': 'access_token_cookie=%s' % (jwt)})
assert response.status_code == 422
url = '/service/user/logout'
response = CLIENT.post(url)
assert response.status_code == 200
user_management.delete_user(conf.TEST_USER)
user = user_management.get_user(conf.TEST_USER)
assert user == None
def test_year_group_attendees():
user_management = UserManagement()
user_management.delete_user(conf.TEST_USER)
user_management.add_user(conf.TEST_USER, conf.TEST_PASSWORD)
url = '/service/trends/age-group-attendance'
response = CLIENT.post('/service/user/authenticate',
json=dict(username=conf.TEST_USER,
password=conf.TEST_PASSWORD))
assert response.status_code == 200
jwt = utils._get_cookie_from_response(response, 'access_token_cookie')
# User must have access to trends
response = CLIENT.get(
url, headers={'Authorization': 'access_token_cookies=%s' % (jwt)})
assert response.status_code == 403
user_management.update_access(conf.TEST_USER, ['trends'])
# Success!
response = CLIENT.get(
url, headers={'Authorization': 'access_token_cookies=%s' % (jwt)})
assert response.status_code == 200
assert type(response.json) == dict
for key in response.json:
assert 'group' in response.json[key]
assert 'count' in response.json[key]
# And now let's try grouping by month
url += '?groupBy=month'
assert response.status_code == 200
assert type(response.json) == dict
for key in response.json:
assert 'group' in response.json[key]
assert 'count' in response.json[key]
url = '/service/user/logout'
response = CLIENT.post(url)
assert response.status_code == 200
user_management.delete_user(conf.TEST_USER)
user = user_management.get_user(conf.TEST_USER)
assert user == None
def test_participation():
user_management = UserManagement()
user_management.delete_user(conf.TEST_USER)
user_management.add_user(conf.TEST_USER, conf.TEST_PASSWORD)
url = '/service/trends/participation/Young Professional'
response = CLIENT.post('/service/user/authenticate',
json=dict(username=conf.TEST_USER,
password=conf.TEST_PASSWORD))
assert response.status_code == 200
jwt = utils._get_cookie_from_response(response, 'access_token_cookie')
# User must have access to the trends page
response = CLIENT.get(
url, headers={'Authorization': 'access_token_cookies=%s' % (jwt)})
assert response.status_code == 403
user_management.update_access(conf.TEST_USER, ['trends'])
response = CLIENT.get(
url, headers={'Authorization': 'access_token_cookies=%s' % (jwt)})
assert response.status_code == 200
assert type(response.json['results']) == list
for item in response.json['results']:
assert 'id' in item
assert 'name' in item
assert 'total' in item
url += '?top=event'
assert response.status_code == 200
assert type(response.json['results']) == list
for item in response.json['results']:
assert 'id' in item
assert 'name' in item
assert 'total' in item
url = '/service/user/logout'
response = CLIENT.post(url)
assert response.status_code == 200
user_management.delete_user(conf.TEST_USER)
user = user_management.get_user(conf.TEST_USER)
assert user == None
def test_all_geometries():
user_management = UserManagement()
user_management.delete_user(conf.TEST_USER)
user_management.add_user(conf.TEST_USER, conf.TEST_PASSWORD)
url = '/service/map/geometries'
# The user must be authenticated
response = CLIENT.get(url)
assert response.status_code == 401
response = CLIENT.post('/service/user/authenticate',
json=dict(username=conf.TEST_USER,
password=conf.TEST_PASSWORD))
assert response.status_code == 200
jwt = utils._get_cookie_from_response(response, 'access_token_cookie')
# The user must have access to the map
response = CLIENT.get(
url, headers={'Cookies': 'access_token_cookie=%s' % (jwt)})
assert response.status_code == 403
user_management.update_access(conf.TEST_USER, ['map'])
# Success!
response = CLIENT.get(
url, headers={'Cookies': 'access_token_cookie=%s' % (jwt)})
assert response.status_code == 200
for key in response.json:
layer = response.json[key]
assert 'id' in layer
assert 'type' in layer
assert 'source' in layer
assert layer['source']['type'] == 'geojson'
assert type(layer['source']['data']) == dict
assert 'paint' in layer
url = '/service/user/logout'
response = CLIENT.post(url)
assert response.status_code == 200
user_management.delete_user(conf.TEST_USER)
user = user_management.get_user(conf.TEST_USER)
assert user == None
def test_export_event_aggregates():
user_management = UserManagement()
user_management.delete_user(conf.TEST_USER)
user_management.add_user(conf.TEST_USER, conf.TEST_PASSWORD)
# User must be authenticated
url = '/service/events/export?q=trsty'
response = CLIENT.get(url)
assert response.status_code == 401
response = CLIENT.post('/service/user/authenticate',
json=dict(username=conf.TEST_USER,
password=conf.TEST_PASSWORD))
assert response.status_code == 200
jwt = utils._get_cookie_from_response(response, 'access_token_cookie')
# User must have access to events
url = '/service/events/export?q=trsty'
response = CLIENT.get(
url, headers={'Cookies': 'access_token_cookie=%s' % (jwt)})
assert response.status_code == 403
user_management.update_access(conf.TEST_USER, ['events'])
# Success!
url = '/service/events/export?q=trsty'
response = CLIENT.get(
url, headers={'Cookies': 'access_token_cookie=%s' % (jwt)})
assert response.status_code == 200
csv = StringIO(response.data.decode('utf-8'))
df = pd.read_csv(csv)
assert len(df) > 0
url = '/service/user/logout'
response = CLIENT.post(url)
assert response.status_code == 200
user_management.delete_user(conf.TEST_USER)
user = user_management.get_user(conf.TEST_USER)
assert user == None
def test_event_cities():
user_management = UserManagement()
user_management.delete_user(conf.TEST_USER)
user_management.add_user(conf.TEST_USER, conf.TEST_PASSWORD)
# User must be authenticated
response = CLIENT.get('/service/events?limit=25')
assert response.status_code == 401
response = CLIENT.post('/service/user/authenticate',
json=dict(username=conf.TEST_USER,
password=conf.TEST_PASSWORD))
assert response.status_code == 200
jwt = utils._get_cookie_from_response(response, 'access_token_cookie')
# User must have access to events
url = '/service/events/cities'
response = CLIENT.get(
url, headers={'Cookies': 'access_token_cookie=%s' % (jwt)})
assert response.status_code == 403
user_management.update_access(conf.TEST_USER, ['map'])
# Success!
response = CLIENT.get(
url, headers={'Cookies': 'access_token_cookie=%s' % (jwt)})
assert response.status_code == 200
assert type(response.json['results']) == dict
for city in response.json['results']['cities']:
assert type(response.json['results']['cities'][city]) == list
for city in response.json['results']['counts']:
assert type(response.json['results']['counts'][city]) == str
assert type(response.json['count']) == str
url = '/service/user/logout'
response = CLIENT.post(url)
assert response.status_code == 200
user_management.delete_user(conf.TEST_USER)
user = user_management.get_user(conf.TEST_USER)
assert user == None
def test_event_locations():
user_management = UserManagement()
user_management.delete_user(conf.TEST_USER)
user_management.add_user(conf.TEST_USER, conf.TEST_PASSWORD)
response = CLIENT.post('/service/user/authenticate',
json=dict(username=conf.TEST_USER,
password=conf.TEST_PASSWORD))
assert response.status_code == 200
jwt = utils._get_cookie_from_response(response, 'access_token_cookie')
# User must have access to events
url = '/service/events/locations'
response = CLIENT.get(
url, headers={'Cookies': 'access_token_cookie=%s' % (jwt)})
assert response.status_code == 403
user_management.update_access(conf.TEST_USER, ['map'])
# Success!
response = CLIENT.get(
url, headers={'Cookies': 'access_token_cookie=%s' % (jwt)})
assert response.status_code == 200
assert type(response.json['results']) == list
for result in response.json['results']:
assert type(result['type']) == str
assert type(result['geometry']['type']) == str
assert type(result['geometry']['coordinates'][0]) == float
assert type(result['geometry']['coordinates'][1]) == float
assert type(result['properties']['title']) == str
assert type(result['properties']['icon']) == str
assert type(result['properties']['description']) == str
url = '/service/user/logout'
response = CLIENT.post(url)
assert response.status_code == 200
user_management.delete_user(conf.TEST_USER)
user = user_management.get_user(conf.TEST_USER)
assert user == None