def test_update_collections_via_doc_update(self):
url = '/api/1/documents/1000'
ores = self.client.get(url)
user = self.login()
Permission.grant_collection(1000, user, True, True)
can_write = Collection.create({'label': "Write"}, user)
no_write = Collection.create({'label': "No-write"})
db.session.commit()
data = ores.json.copy()
data['collection_id'].append(can_write.id)
res = self.client.post(url, data=json.dumps(data),
content_type='application/json')
assert res.status_code == 200, res
assert can_write.id in res.json['collection_id'], res.json
data = ores.json.copy()
data['collection_id'] = [no_write.id]
res = self.client.post(url, data=json.dumps(data),
content_type='application/json')
assert res.status_code == 200, res
assert no_write.id not in res.json['collection_id'], res.json
assert 1000 in res.json['collection_id'], res.json
data = ores.json.copy()
data['collection_id'] = ['foo']
res = self.client.post(url, data=json.dumps(data),
content_type='application/json')
assert res.status_code == 400, res
def test_update_collections_via_doc_update(self):
url = '/api/1/documents/1000'
ores = self.client.get(url)
user = self.login()
Permission.grant_collection(1000, user, True, True)
can_write = Collection.create({'label': "Write"}, user)
no_write = Collection.create({'label': "No-write"})
db.session.commit()
data = ores.json.copy()
data['collection_id'].append(can_write.id)
res = self.client.post(url,
data=json.dumps(data),
content_type='application/json')
assert res.status_code == 200, res
assert can_write.id in res.json['collection_id'], res.json
data = ores.json.copy()
data['collection_id'] = [no_write.id]
res = self.client.post(url,
data=json.dumps(data),
content_type='application/json')
assert res.status_code == 200, res
assert no_write.id not in res.json['collection_id'], res.json
assert 1000 in res.json['collection_id'], res.json
data = ores.json.copy()
data['collection_id'] = ['foo']
res = self.client.post(url,
data=json.dumps(data),
content_type='application/json')
assert res.status_code == 400, res
def permissions_update(collection):
authz.require(authz.collection_write(collection))
data = request_data()
validate(data, "permission.json#")
role = Role.all().filter(Role.id == data["role"]).first()
if role is None:
raise BadRequest()
permission = Permission.grant_collection(collection, role, data["read"], data["write"])
db.session.commit()
log_event(request)
return jsonify({"status": "ok", "updated": permission})
def permissions_update(collection):
authz.require(authz.collection_write(collection))
data = request_data()
validate(data, 'permission.json#')
role = Role.all().filter(Role.id == data['role']).first()
if role is None:
raise BadRequest()
permission = Permission.grant_collection(collection.id, role, data['read'],
data['write'])
db.session.commit()
return jsonify({'status': 'ok', 'updated': permission})
def permissions_update(collection):
authz.require(authz.collection_write(collection))
data = request_data()
validate(data, 'permission.json#')
role = Role.all().filter(Role.id == data['role']).first()
if role is None:
raise BadRequest()
permission = Permission.grant_collection(collection.id,
role,
data['read'],
data['write'])
db.session.commit()
return jsonify({
'status': 'ok',
'updated': permission
})
def update_permission(role, collection, read, write):
"""Update a roles permission to access a given collection."""
pre = Permission.by_collection_role(collection.id, role)
post = Permission.grant_collection(collection.id, role, read, write)
db.session.commit()
try:
url = '%scollections/%s' % (app_url, collection.id)
html = render_template('email/permission.html',
role=role,
url=url,
collection=collection,
pre=pre,
post=post,
app_url=app_url,
app_title=app_title)
notify_role(role, collection.label, html)
except Exception as ex:
log.exception(ex)
return post
