def test_OwnerRolePermission_authenticated_user(authenticated_user_instance):
obj = Mock()
obj.check_owner = lambda user: user == authenticated_user_instance
with permissions.OwnerRolePermission(obj=obj):
pass
del obj.check_Owner
with pytest.raises(HTTPException):
with permissions.OwnerRolePermission():
pass
def test_OwnerRolePermission_authenticated_user_with_password_with_check_owner(
authenticated_user_instance):
authenticated_user_instance.password = "******"
obj = Mock()
obj.check_owner = lambda user: user == authenticated_user_instance
with permissions.OwnerRolePermission(obj=obj,
password_required=True,
password="******"):
pass
with pytest.raises(HTTPException):
with permissions.OwnerRolePermission(obj=obj,
password_required=True,
password="******"):
pass
def test_OwnerRolePermission_authenticated_user_with_password_without_check_owner(
authenticated_user_instance,
):
authenticated_user_instance.password = '******'
obj = Mock()
del obj.check_owner
with pytest.raises(HTTPException):
with permissions.OwnerRolePermission(
obj=obj, password_required=True, password='******'
):
pass
with pytest.raises(HTTPException):
with permissions.OwnerRolePermission(
obj=obj, password_required=True, password='******'
):
pass
class TeamMembers(Resource):
"""
Manipulations with members of a specific team.
"""
@api.login_required(oauth_scopes=['teams:read'])
@api.resolve_object_by_model(Team, 'team')
@api.permission_required(
permissions.OwnerRolePermission,
kwargs_on_request=lambda kwargs: {'obj': kwargs['team']}
)
@api.permission_required(permissions.OwnerRolePermission(partial=True))
@api.parameters(PaginationParameters())
@api.response(schemas.BaseTeamMemberSchema(many=True))
def get(self, args, team):
"""
Get team members by team ID.
"""
return team.members[args['offset']: args['offset'] + args['limit']]
@api.login_required(oauth_scopes=['teams:write'])
@api.resolve_object_by_model(Team, 'team')
@api.permission_required(
permissions.OwnerRolePermission,
kwargs_on_request=lambda kwargs: {'obj': kwargs['team']}
)
@api.permission_required(permissions.WriteAccessPermission())
@api.parameters(parameters.AddTeamMemberParameters())
@api.response(schemas.BaseTeamMemberSchema())
@api.response(code=http_exceptions.Conflict.code)
def post(self, args, team):
"""
Add a new member to a team.
"""
try:
user_id = args.pop('user_id')
user = User.query.get(user_id)
if user is None:
abort(
code=http_exceptions.NotFound.code,
message="User with id %d does not exist" % user_id
)
try:
team_member = TeamMember(team=team, user=user, **args)
except ValueError as exception:
abort(code=http_exceptions.Conflict.code, message=str(exception))
db.session.add(team_member)
try:
db.session.commit()
except sqlalchemy.exc.IntegrityError:
abort(
code=http_exceptions.Conflict.code,
message="Could not update team details."
)
finally:
db.session.rollback()
return team_member
def get(self, team_id):
"""
Get team details by ID.
"""
team = Team.query.get_or_404(team_id)
with permissions.OwnerRolePermission(obj=team):
return team
def patch(self, args, team_id):
"""
Patch team details by ID.
"""
team = Team.query.get_or_404(team_id)
# pylint: disable=no-member
with permissions.OwnerRolePermission(obj=team):
with permissions.WriteAccessPermission():
for operation in args['body']:
if not self._process_patch_operation(operation, team=team):
log.info(
"Team patching has ignored unknown operation %s",
operation)
db.session.merge(team)
try:
db.session.commit()
except sqlalchemy.exc.IntegrityError:
db.session.rollback()
# TODO: handle errors better
abort(code=http_exceptions.Conflict.code,
message="Could not update team details.")
return team
def delete(self, args, team_id):
"""
Remove a member from a team.
"""
team = Team.query.get_or_404(team_id)
# pylint: disable=no-member
with permissions.OwnerRolePermission(obj=team):
with permissions.WriteAccessPermission():
user_id = args['user_id']
team_member = TeamMember.query.filter_by(
team=team, user_id=user_id).one()
if team_member is None:
abort(code=http_exceptions.NotFound.code,
message="User with id %d does not exist" % user_id)
db.session.delete(team_member)
try:
db.session.commit()
except sqlalchemy.exc.IntegrityError:
db.session.rollback()
# TODO: handle errors better
abort(code=http_exceptions.Conflict.code,
message="Could not update team details.")
return team
class TeamMemberByID(Resource):
"""
Manipulations with a specific team member.
"""
@api_v1.login_required(scopes=['teams:write'])
@api_v1.permission_required(permissions.OwnerRolePermission(partial=True))
@api_v1.response(code=http_exceptions.Conflict.code)
def delete(self, args, team_id):
"""
Remove a member from a team.
"""
team = Team.query.get_or_404(team_id)
# pylint: disable=no-member
with permissions.OwnerRolePermission(obj=team):
with permissions.WriteAccessPermission():
user_id = args['user_id']
team_member = TeamMember.query.filter_by(
team=team, user_id=user_id).one()
if team_member is None:
abort(code=http_exceptions.NotFound.code,
message="User with id %d does not exist" % user_id)
db.session.delete(team_member)
try:
db.session.commit()
except sqlalchemy.exc.IntegrityError:
db.session.rollback()
# TODO: handle errors better
abort(code=http_exceptions.Conflict.code,
message="Could not update team details.")
return team
def post(self, args, team_id):
"""
Add a new member to a team.
"""
team = Team.query.get_or_404(team_id)
# pylint: disable=no-member
with permissions.OwnerRolePermission(obj=team):
with permissions.WriteAccessPermission():
user_id = args.pop('user_id')
user = User.query.get(user_id)
if user is None:
abort(code=http_exceptions.NotFound.code,
message="User with id %d does not exist" % user_id)
team_member = TeamMember(team=team, user=user, **args)
db.session.add(team_member)
try:
db.session.commit()
except sqlalchemy.exc.IntegrityError:
db.session.rollback()
# TODO: handle errors better
abort(code=http_exceptions.Conflict.code,
message="Could not update team details.")
return None
def get(self, args, team_id):
"""
Get team members by team ID.
"""
team = Team.query.get_or_404(team_id)
with permissions.OwnerRolePermission(obj=team):
return team.members[args['offset']:args['offset'] + args['limit']]
class TeamMembers(Resource):
"""
Manipulations with members of a specific team.
"""
@api_v1.login_required(scopes=['teams:read'])
@api_v1.permission_required(permissions.OwnerRolePermission(partial=True))
@api_v1.parameters(PaginationParameters())
@api_v1.response(schemas.BaseTeamMemberSchema(many=True))
def get(self, args, team_id):
"""
Get team members by team ID.
"""
team = Team.query.get_or_404(team_id)
with permissions.OwnerRolePermission(obj=team):
return team.members[args['offset']:args['offset'] + args['limit']]
@api_v1.login_required(scopes=['teams:write'])
@api_v1.permission_required(permissions.OwnerRolePermission(partial=True))
@api_v1.parameters(parameters.AddTeamMemberParameters())
@api_v1.response(code=http_exceptions.Conflict.code)
def post(self, args, team_id):
"""
Add a new member to a team.
"""
team = Team.query.get_or_404(team_id)
# pylint: disable=no-member
with permissions.OwnerRolePermission(obj=team):
with permissions.WriteAccessPermission():
user_id = args.pop('user_id')
user = User.query.get(user_id)
if user is None:
abort(code=http_exceptions.NotFound.code,
message="User with id %d does not exist" % user_id)
team_member = TeamMember(team=team, user=user, **args)
db.session.add(team_member)
try:
db.session.commit()
except sqlalchemy.exc.IntegrityError:
db.session.rollback()
# TODO: handle errors better
abort(code=http_exceptions.Conflict.code,
message="Could not update team details.")
return None
def test_OwnerRolePermission_anonymous_user_with_password(anonymous_user_instance):
# pylint: disable=unused-argument
obj = Mock()
obj.check_owner = lambda user: False
with pytest.raises(HTTPException):
with permissions.OwnerRolePermission(
obj=obj, password_required=True, password='******'
):
pass
class TeamMembers(Resource):
"""
Manipulations with members of a specific team.
"""
@api.permission_required(
permissions.OwnerRolePermission,
kwargs_on_request=lambda kwargs: {'obj': kwargs['team']}
)
@api.permission_required(permissions.OwnerRolePermission(partial=True))
@api.parameters(PaginationParameters())
@api.response(schemas.BaseTeamMemberSchema(many=True))
def get(self, args, team):
"""
Get team members by team ID.
"""
return team.members.skip(args['offset']).limit(args['limit'])
@api.login_required(oauth_scopes=['teams:write'])
@api.permission_required(
permissions.OwnerRolePermission,
kwargs_on_request=lambda kwargs: {'obj': kwargs['team']}
)
@api.permission_required(permissions.WriteAccessPermission())
@api.parameters(parameters.AddTeamMemberParameters())
@api.response(schemas.BaseTeamMemberSchema())
@api.response(code=HTTPStatus.CONFLICT)
def post(self, args, team):
"""
Add a new member to a team.
"""
with api.commit_or_abort(
default_error_message="Failed to update team details."
):
user_id = args.pop('user_id')
#user = User.query.get(user_id)
user = User.objects(user_id=user_id).first()
if user is None:
abort(
code=HTTPStatus.NOT_FOUND,
message="User with id %d does not exist" % user_id
)
team_member = TeamMember(team=team, user=user, **args)
team_member.save()
#db.session.add(team_member)
return team_member
def delete(self, team_id):
"""
Delete a team by ID.
"""
team = Team.query.get_or_404(team_id)
# pylint: disable=no-member
with permissions.OwnerRolePermission(obj=team):
with permissions.WriteAccessPermission():
db.session.delete(team)
try:
db.session.commit()
except sqlalchemy.exc.IntegrityError:
db.session.rollback()
# TODO: handle errors better
abort(code=http_exceptions.Conflict.code,
message="Could not delete the team.")
return None
def test_OwnerRolePermission_anonymous_user(anonymous_user_instance):
# pylint: disable=unused-argument
with pytest.raises(HTTPException):
with permissions.OwnerRolePermission():
pass
class TeamByID(Resource):
"""
Manipulations with a specific team.
"""
@api_v1.login_required(scopes=['teams:read'])
@api_v1.permission_required(permissions.OwnerRolePermission(partial=True))
@api_v1.response(schemas.DetailedTeamSchema())
def get(self, team_id):
"""
Get team details by ID.
"""
team = Team.query.get_or_404(team_id)
with permissions.OwnerRolePermission(obj=team):
return team
@api_v1.login_required(scopes=['teams:write'])
@api_v1.permission_required(permissions.OwnerRolePermission(partial=True))
@api_v1.parameters(parameters.PatchTeamDetailsParameters())
@api_v1.response(schemas.DetailedTeamSchema())
@api_v1.response(code=http_exceptions.Conflict.code)
def patch(self, args, team_id):
"""
Patch team details by ID.
"""
team = Team.query.get_or_404(team_id)
# pylint: disable=no-member
with permissions.OwnerRolePermission(obj=team):
with permissions.WriteAccessPermission():
for operation in args['body']:
if not self._process_patch_operation(operation, team=team):
log.info(
"Team patching has ignored unknown operation %s",
operation)
db.session.merge(team)
try:
db.session.commit()
except sqlalchemy.exc.IntegrityError:
db.session.rollback()
# TODO: handle errors better
abort(code=http_exceptions.Conflict.code,
message="Could not update team details.")
return team
@api_v1.login_required(scopes=['teams:write'])
@api_v1.permission_required(permissions.OwnerRolePermission(partial=True))
@api_v1.response(code=http_exceptions.Conflict.code)
def delete(self, team_id):
"""
Delete a team by ID.
"""
team = Team.query.get_or_404(team_id)
# pylint: disable=no-member
with permissions.OwnerRolePermission(obj=team):
with permissions.WriteAccessPermission():
db.session.delete(team)
try:
db.session.commit()
except sqlalchemy.exc.IntegrityError:
db.session.rollback()
# TODO: handle errors better
abort(code=http_exceptions.Conflict.code,
message="Could not delete the team.")
return None
def _process_patch_operation(self, operation, team):
"""
Args:
operation (dict) - one patch operation in RFC 6902 format.
team (Team) - team instance which is needed to be patched.
state (dict) - inter-operations state storage.
Returns:
processing_status (bool) - True if operation was handled, otherwise False.
"""
if 'value' not in operation:
# TODO: handle errors better
abort(code=http_exceptions.UnprocessableEntity.code,
message="value is required")
assert operation['path'][0] == '/', "Path must always begin with /"
field_name = operation['path'][1:]
field_value = operation['value']
if operation['op'] == parameters.PatchTeamDetailsParameters.OP_REPLACE:
setattr(team, field_name, field_value)
return True
return False
