def test_update_collections_via_doc_update(self): url = '/api/1/documents/1000' ores = self.client.get(url) user = self.login() Permission.grant_collection(1000, user, True, True) can_write = Collection.create({'label': "Write"}, user) no_write = Collection.create({'label': "No-write"}) db.session.commit() data = ores.json.copy() data['collection_id'].append(can_write.id) res = self.client.post(url, data=json.dumps(data), content_type='application/json') assert res.status_code == 200, res assert can_write.id in res.json['collection_id'], res.json data = ores.json.copy() data['collection_id'] = [no_write.id] res = self.client.post(url, data=json.dumps(data), content_type='application/json') assert res.status_code == 200, res assert no_write.id not in res.json['collection_id'], res.json assert 1000 in res.json['collection_id'], res.json data = ores.json.copy() data['collection_id'] = ['foo'] res = self.client.post(url, data=json.dumps(data), content_type='application/json') assert res.status_code == 400, res
def test_update_collections_via_doc_update(self): url = '/api/1/documents/1000' ores = self.client.get(url) user = self.login() Permission.grant_collection(1000, user, True, True) can_write = Collection.create({'label': "Write"}, user) no_write = Collection.create({'label': "No-write"}) db.session.commit() data = ores.json.copy() data['collection_id'].append(can_write.id) res = self.client.post(url, data=json.dumps(data), content_type='application/json') assert res.status_code == 200, res assert can_write.id in res.json['collection_id'], res.json data = ores.json.copy() data['collection_id'] = [no_write.id] res = self.client.post(url, data=json.dumps(data), content_type='application/json') assert res.status_code == 200, res assert no_write.id not in res.json['collection_id'], res.json assert 1000 in res.json['collection_id'], res.json data = ores.json.copy() data['collection_id'] = ['foo'] res = self.client.post(url, data=json.dumps(data), content_type='application/json') assert res.status_code == 400, res
def permissions_update(collection): authz.require(authz.collection_write(collection)) data = request_data() validate(data, "permission.json#") role = Role.all().filter(Role.id == data["role"]).first() if role is None: raise BadRequest() permission = Permission.grant_collection(collection, role, data["read"], data["write"]) db.session.commit() log_event(request) return jsonify({"status": "ok", "updated": permission})
def permissions_update(collection): authz.require(authz.collection_write(collection)) data = request_data() validate(data, 'permission.json#') role = Role.all().filter(Role.id == data['role']).first() if role is None: raise BadRequest() permission = Permission.grant_collection(collection.id, role, data['read'], data['write']) db.session.commit() return jsonify({'status': 'ok', 'updated': permission})
def permissions_update(collection): authz.require(authz.collection_write(collection)) data = request_data() validate(data, 'permission.json#') role = Role.all().filter(Role.id == data['role']).first() if role is None: raise BadRequest() permission = Permission.grant_collection(collection.id, role, data['read'], data['write']) db.session.commit() return jsonify({ 'status': 'ok', 'updated': permission })
def update_permission(role, collection, read, write): """Update a roles permission to access a given collection.""" pre = Permission.by_collection_role(collection.id, role) post = Permission.grant_collection(collection.id, role, read, write) db.session.commit() try: url = '%scollections/%s' % (app_url, collection.id) html = render_template('email/permission.html', role=role, url=url, collection=collection, pre=pre, post=post, app_url=app_url, app_title=app_title) notify_role(role, collection.label, html) except Exception as ex: log.exception(ex) return post