def test_route_for_service_permissions(mocker,
app_,
api_user_active,
service_one,
mock_get_service,
mock_get_user,
mock_get_service_templates,
mock_get_jobs,
mock_get_template_statistics,
mock_get_detailed_service,
mock_get_usage):
routes = [
'main.service_dashboard']
with app_.test_request_context():
# Just test that the user is part of the service
for route in routes:
validate_route_permission(
mocker,
app_,
"GET",
200,
url_for(
route,
service_id=service_one['id']),
['view_activity'],
api_user_active,
service_one)
def test_route_invalid_permissions(mocker,
app_,
api_user_active,
service_one,
mock_get_service_template,
mock_get_service_templates,
mock_get_jobs,
mock_get_notifications,
mock_create_job,
fake_uuid,
route):
with app_.test_request_context():
validate_route_permission(
mocker,
app_,
"GET",
403,
url_for(
route,
service_id=service_one['id'],
template_type='sms',
template_id=fake_uuid),
['blah'],
api_user_active,
service_one)
def test_route_for_service_permissions(
mocker,
app_,
api_user_active,
service_one,
mock_get_service,
mock_get_user,
mock_get_service_templates,
mock_get_jobs,
mock_get_template_statistics,
mock_get_service_statistics,
mock_get_usage,
mock_get_inbound_sms_summary,
):
with app_.test_request_context():
validate_route_permission(
mocker,
app_,
"GET",
200,
url_for("main.service_dashboard", service_id=service_one["id"]),
["view_activity"],
api_user_active,
service_one,
)
def test_route_for_service_permissions(mocker,
app_,
api_user_active,
service_one,
mock_get_service,
mock_get_user,
mock_get_service_templates,
mock_get_jobs,
mock_get_template_statistics,
mock_get_detailed_service,
mock_get_usage):
routes = [
'main.service_dashboard']
with app_.test_request_context():
# Just test that the user is part of the service
for route in routes:
validate_route_permission(
mocker,
app_,
"GET",
200,
url_for(
route,
service_id=service_one['id']),
['view_activity'],
api_user_active,
service_one)
def test_route_invalid_permissions(mocker,
app_,
api_user_active,
service_one,
mock_get_service_template,
mock_get_service_templates,
mock_get_jobs,
mock_get_notifications,
mock_create_job,
fake_uuid):
routes = [
'main.choose_template',
'main.send_messages',
'main.get_example_csv',
'main.send_test']
with app_.test_request_context():
for route in routes:
validate_route_permission(
mocker,
app_,
"GET",
403,
url_for(
route,
service_id=service_one['id'],
template_type='sms',
template_id=fake_uuid),
['blah'],
api_user_active,
service_one)
def test_route_permissions(mocker,
app_,
api_user_active,
service_one,
mock_get_service_template,
mock_get_service_templates,
mock_get_jobs,
mock_get_notifications,
mock_create_job,
mock_s3_upload,
fake_uuid,
route,
response_code):
with app_.test_request_context():
validate_route_permission(
mocker,
app_,
"GET",
response_code,
url_for(
route,
service_id=service_one['id'],
template_type='sms',
template_id=fake_uuid),
['send_texts', 'send_emails', 'send_letters'],
api_user_active,
service_one)
def test_route_invalid_permissions(mocker,
app_,
api_user_active,
service_one,
mock_get_service_template,
mock_get_service_templates,
mock_get_jobs,
mock_get_notifications,
mock_create_job,
fake_uuid):
routes = [
'main.choose_template',
'main.send_messages',
'main.get_example_csv',
'main.send_test']
with app_.test_request_context():
for route in routes:
validate_route_permission(
mocker,
app_,
"GET",
403,
url_for(
route,
service_id=service_one['id'],
template_type='sms',
template_id=fake_uuid),
['blah'],
api_user_active,
service_one)
def test_route_invalid_permissions(mocker, app_, api_user_active, service_one,
mock_get_api_keys):
routes = ['main.api_keys', 'main.create_api_key', 'main.revoke_api_key']
with app_.test_request_context():
for route in routes:
validate_route_permission(
mocker, app_, "GET", 403,
url_for(route, service_id=service_one['id'], key_id=123),
['view_activity'], api_user_active, service_one)
def test_route_for_platform_admin_update_service(mocker, app_,
platform_admin_user,
service_one):
routes = ['main.service_switch_live', 'main.service_switch_research_mode']
with app_.test_request_context():
for route in routes:
validate_route_permission(
mocker, app_, "GET", 302,
url_for(route, service_id=service_one['id']), [],
platform_admin_user, service_one)
def test_route_for_platform_admin(mocker, app_, platform_admin_user, service_one, route):
with app_.test_request_context():
validate_route_permission(mocker,
app_,
"GET",
200,
url_for(route, service_id=service_one['id']),
[],
platform_admin_user,
service_one)
def test_should_403_if_user_does_not_have_send_permissions_for_tour_step(
mocker, app_, client, api_user_active,
mock_get_service_template_with_multiple_placeholders, service_one,
fake_uuid, method):
validate_route_permission(
mocker, app_, method, 403,
url_for('main.tour_step',
service_id=SERVICE_ONE_ID,
template_id=fake_uuid,
step_index=1), ['view_activity'], api_user_active, service_one)
def test_route_permissions(mocker, app_, api_user_active, service_one, route):
with app_.test_request_context():
validate_route_permission(
mocker,
app_,
"GET",
200,
url_for(route, service_id=service_one['id']),
['manage_settings'],
api_user_active,
service_one)
def test_route_for_platform_admin_update_service(mocker, app_, platform_admin_user, service_one, route):
mocker.patch('app.service_api_client.deactivate_service')
with app_.test_request_context():
validate_route_permission(mocker,
app_,
"GET",
302,
url_for(route, service_id=service_one['id']),
[],
platform_admin_user,
service_one)
def test_route_invalid_permissions(mocker, app_, api_user_active, service_one, route):
with app_.test_request_context():
validate_route_permission(
mocker,
app_,
"GET",
403,
url_for(route, service_id=service_one['id']),
['blah'],
api_user_active,
service_one)
def test_route_for_platform_admin(mocker, app_, platform_admin_user,
service_one, mock_get_organisation):
routes = [
'main.service_settings', 'main.service_name_change',
'main.service_name_change_confirm', 'main.service_request_to_go_live',
'main.service_delete', 'main.service_delete_confirm'
]
with app_.test_request_context():
for route in routes:
validate_route_permission(
mocker, app_, "GET", 200,
url_for(route, service_id=service_one['id']), [],
platform_admin_user, service_one)
def test_route_invalid_permissions(
mocker,
app_,
api_user_active,
service_one,
mock_get_api_keys,
route,
):
with app_.test_request_context():
validate_route_permission(
mocker, app_, "GET", 403,
url_for(route, service_id=service_one['id'], key_id=123),
['view_activity'], api_user_active, service_one)
def test_route_permissions(
mocker,
app_,
fake_uuid,
api_user_active,
service_one,
mock_get_api_keys,
route,
):
with app_.test_request_context():
validate_route_permission(
mocker, app_, "GET", 200,
url_for(route, service_id=service_one['id'], key_id=fake_uuid),
['manage_api_keys'], api_user_active, service_one)
def test_route_invalid_permissions(mocker, app_, api_user_active, service_one,
mock_get_organisation):
routes = [
'main.service_settings', 'main.service_name_change',
'main.service_name_change_confirm', 'main.service_request_to_go_live',
'main.service_switch_live', 'main.service_switch_research_mode',
'main.service_delete', 'main.service_delete_confirm'
]
with app_.test_request_context():
for route in routes:
validate_route_permission(
mocker, app_, "GET", 403,
url_for(route, service_id=service_one['id']), ['blah'],
api_user_active, service_one)
def test_route_permissions_for_choose_template(
mocker,
app_,
client,
api_user_active,
service_one,
mock_get_service_templates,
):
mocker.patch('app.job_api_client.get_job')
validate_route_permission(
mocker, app_, "GET", 200,
url_for(
'main.choose_template',
service_id=service_one['id'],
), ['view_activity'], api_user_active, service_one)
def test_route_for_platform_admin_update_service(mocker, app_, platform_admin_user, service_one):
routes = [
'main.service_switch_live',
'main.service_switch_research_mode'
]
with app_.test_request_context():
for route in routes:
validate_route_permission(mocker,
app_,
"GET",
302,
url_for(route, service_id=service_one['id']),
[],
platform_admin_user,
service_one)
def test_route_choose_template_send_messages_permissions(mocker,
app_,
active_user_with_permissions,
service_one,
mock_get_service,
mock_check_verify_code,
mock_get_service_templates,
mock_get_jobs):
with app_.test_request_context():
template_id = None
for temp in mock_get_service_templates(service_one['id'])['data']:
if temp['template_type'] == 'sms':
template_id = temp['id']
assert template_id
resp = validate_route_permission(
mocker,
app_,
"GET",
200,
url_for(
'main.choose_template',
service_id=service_one['id'],
template_type='sms'),
['send_texts', 'send_emails', 'send_letters'],
active_user_with_permissions,
service_one)
page = resp.get_data(as_text=True)
assert url_for(
"main.send_messages",
service_id=service_one['id'],
template_id=template_id) in page
assert url_for(
"main.edit_service_template",
service_id=service_one['id'],
template_id=template_id) not in page
def test_route_choose_template_send_messages_permissions(mocker,
app_,
active_user_with_permissions,
service_one,
mock_get_service,
mock_check_verify_code,
mock_get_service_templates,
mock_get_jobs):
with app_.test_request_context():
template_id = None
for temp in mock_get_service_templates(service_one['id'])['data']:
if temp['template_type'] == 'sms':
template_id = temp['id']
assert template_id
resp = validate_route_permission(
mocker,
app_,
"GET",
200,
url_for(
'main.choose_template',
service_id=service_one['id'],
template_type='sms'),
['send_texts', 'send_emails', 'send_letters'],
active_user_with_permissions,
service_one)
page = resp.get_data(as_text=True)
assert url_for(
"main.send_messages",
service_id=service_one['id'],
template_id=template_id) in page
assert url_for(
"main.edit_service_template",
service_id=service_one['id'],
template_id=template_id) not in page
def test_route_invalid_permissions(mocker,
app_,
api_user_active,
service_one,
mock_get_api_keys,
route):
with app_.test_request_context():
validate_route_permission(
mocker,
app_,
"GET",
403,
url_for(route, service_id=service_one['id'], key_id=123),
['view_activity'],
api_user_active,
service_one)
def test_route_permissions(mocker,
app_,
api_user_active,
service_one,
mock_get_service_template,
mock_get_service_templates,
mock_get_jobs,
mock_get_notifications,
mock_create_job,
mock_s3_upload,
fake_uuid):
routes = [
'main.choose_template',
'main.send_messages',
'main.get_example_csv']
with app_.test_request_context():
for route in routes:
validate_route_permission(
mocker,
app_,
"GET",
200,
url_for(
route,
service_id=service_one['id'],
template_type='sms',
template_id=fake_uuid),
['send_texts', 'send_emails', 'send_letters'],
api_user_active,
service_one)
with app_.test_request_context():
validate_route_permission(
mocker,
app_,
"GET",
302,
url_for(
'main.send_test',
service_id=service_one['id'],
template_type='sms',
template_id=fake_uuid),
['send_texts', 'send_emails', 'send_letters'],
api_user_active,
service_one)
def test_route_permissions(mocker,
app_,
api_user_active,
service_one,
mock_get_service_template,
mock_get_service_templates,
mock_get_jobs,
mock_get_notifications,
mock_create_job,
mock_s3_upload,
fake_uuid):
routes = [
'main.choose_template',
'main.send_messages',
'main.get_example_csv']
with app_.test_request_context():
for route in routes:
validate_route_permission(
mocker,
app_,
"GET",
200,
url_for(
route,
service_id=service_one['id'],
template_type='sms',
template_id=fake_uuid),
['send_texts', 'send_emails', 'send_letters'],
api_user_active,
service_one)
with app_.test_request_context():
validate_route_permission(
mocker,
app_,
"GET",
302,
url_for(
'main.send_test',
service_id=service_one['id'],
template_type='sms',
template_id=fake_uuid),
['send_texts', 'send_emails', 'send_letters'],
api_user_active,
service_one)
def test_route_invalid_permissions(
route,
mocker,
app_,
client,
api_user_active,
service_one,
mock_get_service_template,
mock_get_template_statistics_for_template,
fake_uuid,
):
validate_route_permission(
mocker, app_, "GET", 403,
url_for(route,
service_id=service_one['id'],
template_type='sms',
template_id=fake_uuid), ['view_activity'], api_user_active,
service_one)
def test_route_permissions_for_choose_template(mocker,
app_,
api_user_active,
service_one,
mock_get_service_templates):
mocker.patch('app.job_api_client.get_job')
with app_.test_request_context():
validate_route_permission(
mocker,
app_,
"GET",
200,
url_for(
'main.choose_template',
service_id=service_one['id'],
template_type='sms'),
['view_activity'],
api_user_active,
service_one)
def test_route_permissions_for_choose_template(mocker,
app_,
api_user_active,
service_one,
mock_get_service_templates):
mocker.patch('app.job_api_client.get_job')
with app_.test_request_context():
validate_route_permission(
mocker,
app_,
"GET",
200,
url_for(
'main.choose_template',
service_id=service_one['id'],
template_type='sms'),
['view_activity'],
api_user_active,
service_one)
def test_route_invalid_permissions(
mocker,
app_,
fake_uuid,
api_user_active,
service_one,
mock_get_api_keys,
route,
):
with app_.test_request_context():
validate_route_permission(
mocker,
app_,
"GET",
403,
url_for(route, service_id=service_one["id"], key_id=fake_uuid),
["view_activity"],
api_user_active,
service_one,
)
def test_route_invalid_permissions(mocker,
app_,
api_user_active,
service_one,
mock_get_api_keys):
routes = [
'main.api_keys',
'main.create_api_key',
'main.revoke_api_key']
with app_.test_request_context():
for route in routes:
validate_route_permission(
mocker,
app_,
"GET",
403,
url_for(route, service_id=service_one['id'], key_id=123),
['view_activity'],
api_user_active,
service_one)
def test_route_for_platform_admin(mocker, app_, platform_admin_user, service_one):
routes = [
'main.service_settings',
'main.service_name_change',
'main.service_name_change_confirm',
'main.service_request_to_go_live',
'main.service_status_change',
'main.service_status_change_confirm',
'main.service_delete',
'main.service_delete_confirm'
]
with app_.test_request_context():
for route in routes:
validate_route_permission(mocker,
app_,
"GET",
200,
url_for(route, service_id=service_one['id']),
[],
platform_admin_user,
service_one)
def test_route_permissions(route,
mocker,
app_,
api_user_active,
service_one,
mock_get_service_template,
mock_get_template_statistics_for_template,
fake_uuid):
with app_.test_request_context():
validate_route_permission(
mocker,
app_,
"GET",
200,
url_for(
route,
service_id=service_one['id'],
template_type='sms',
template_id=fake_uuid),
['manage_templates'],
api_user_active,
service_one)
def test_route_invalid_permissions(route,
mocker,
app_,
api_user_active,
service_one,
mock_get_service_template,
mock_get_template_statistics_for_template,
fake_uuid):
with app_.test_request_context():
validate_route_permission(
mocker,
app_,
"GET",
403,
url_for(
route,
service_id=service_one['id'],
template_type='sms',
template_id=fake_uuid),
['view_activity'],
api_user_active,
service_one)
def test_route_invalid_permissions(mocker, app_, api_user_active, service_one):
routes = [
'main.service_settings',
'main.service_name_change',
'main.service_name_change_confirm',
'main.service_request_to_go_live',
'main.service_switch_live',
'main.service_switch_research_mode',
'main.service_status_change',
'main.service_status_change_confirm',
'main.service_delete',
'main.service_delete_confirm']
with app_.test_request_context():
for route in routes:
validate_route_permission(
mocker,
app_,
"GET",
403,
url_for(route, service_id=service_one['id']),
['blah'],
api_user_active,
service_one)
def test_route_for_service_permissions(
mocker,
app_,
api_user_active,
service_one,
mock_get_service,
mock_get_user,
mock_get_service_templates,
mock_get_jobs,
mock_get_template_statistics,
mock_get_detailed_service,
mock_get_usage,
):
with app_.test_request_context():
validate_route_permission(
mocker,
app_,
"GET",
200,
url_for("main.service_dashboard", service_id=service_one["id"]),
["view_activity"],
api_user_active,
service_one,
)
def test_route_choose_template_manage_api_keys_permissions(mocker,
app_,
api_user_active,
service_one,
mock_get_user,
mock_get_service,
mock_check_verify_code,
mock_get_service_templates,
mock_get_jobs):
with app_.test_request_context():
template_id = None
for temp in mock_get_service_templates(service_one['id'])['data']:
if temp['template_type'] == 'sms':
template_id = temp['id']
assert template_id
resp = validate_route_permission(
mocker,
app_,
"GET",
200,
url_for(
'main.choose_template',
service_id=service_one['id'],
template_type='sms'),
['manage_api_keys'],
api_user_active,
service_one)
page = resp.get_data(as_text=True)
assert url_for(
"main.send_test",
service_id=service_one['id'],
template_id=template_id) not in page
assert url_for(
"main.edit_service_template",
service_id=service_one['id'],
template_id=template_id) not in page
page = BeautifulSoup(resp.data.decode('utf-8'), 'html.parser')
links = page.findAll('a', href=re.compile('^' + url_for(
"main.send_from_api",
service_id=service_one['id'],
template_id=template_id)))
assert len(links) == 1
def test_route_choose_template_manage_api_keys_permissions(mocker,
app_,
api_user_active,
service_one,
mock_get_user,
mock_get_service,
mock_check_verify_code,
mock_get_service_templates,
mock_get_jobs):
with app_.test_request_context():
template_id = None
for temp in mock_get_service_templates(service_one['id'])['data']:
if temp['template_type'] == 'sms':
template_id = temp['id']
assert template_id
resp = validate_route_permission(
mocker,
app_,
"GET",
200,
url_for(
'main.choose_template',
service_id=service_one['id'],
template_type='sms'),
['manage_api_keys'],
api_user_active,
service_one)
page = resp.get_data(as_text=True)
assert url_for(
"main.send_test",
service_id=service_one['id'],
template_id=template_id) not in page
assert url_for(
"main.edit_service_template",
service_id=service_one['id'],
template_id=template_id) not in page
page = BeautifulSoup(resp.data.decode('utf-8'), 'html.parser')
links = page.findAll('a', href=re.compile('^' + url_for(
"main.send_from_api",
service_id=service_one['id'],
template_id=template_id)))
assert len(links) == 1
def test_route_choose_template_manage_service_permissions(mocker,
app_,
api_user_active,
service_one,
mock_login,
mock_get_user,
mock_get_service,
mock_check_verify_code,
mock_get_service_templates,
mock_get_jobs):
with app_.test_request_context():
template_id = mock_get_service_templates(service_one['id'])['data'][0]['id']
resp = validate_route_permission(
mocker,
app_,
"GET",
200,
url_for(
'main.choose_template',
service_id=service_one['id'],
template_type='sms'),
['manage_users', 'manage_templates', 'manage_settings'],
api_user_active,
service_one)
page = resp.get_data(as_text=True)
assert url_for(
"main.send_messages",
service_id=service_one['id'],
template_id=template_id) not in page
assert url_for(
"main.send_test",
service_id=service_one['id'],
template_id=template_id) not in page
assert url_for(
"main.edit_service_template",
service_id=service_one['id'],
template_id=template_id) in page
def test_route_choose_template_manage_service_permissions(mocker,
app_,
api_user_active,
service_one,
mock_login,
mock_get_user,
mock_get_service,
mock_check_verify_code,
mock_get_service_templates,
mock_get_jobs):
with app_.test_request_context():
template_id = mock_get_service_templates(service_one['id'])['data'][0]['id']
resp = validate_route_permission(
mocker,
app_,
"GET",
200,
url_for(
'main.choose_template',
service_id=service_one['id'],
template_type='sms'),
['manage_users', 'manage_templates', 'manage_settings'],
api_user_active,
service_one)
page = resp.get_data(as_text=True)
assert url_for(
"main.send_messages",
service_id=service_one['id'],
template_id=template_id) not in page
assert url_for(
"main.send_test",
service_id=service_one['id'],
template_id=template_id) not in page
assert url_for(
"main.edit_service_template",
service_id=service_one['id'],
template_id=template_id) in page
