Ejemplo n.º 1
0
    def permissions(self) -> List[str]:
        """
        A general function to get the permissions of a user from a permission
        model and attributes of their user classes. Locked users are restricted
        to the permissions defined for them in the config.

        :param key:   The cache key to cache the permissions under
        :param model: The model to query custom permissions from
        :param attr:  The attribute of the userclasses that should be queried
        """
        from core.permissions.models import SecondaryClass
        from core.permissions.models import UserPermission

        if self.locked:  # Locked accounts have restricted permissions.
            return app.config['LOCKED_ACCOUNT_PERMISSIONS']
        key = self.__cache_key_permissions__.format(id=self.id)
        permissions = cache.get(key)
        if not permissions:
            permissions = copy(self.user_class_model.permissions)
            for class_ in SecondaryClass.from_user(self.id):
                permissions += class_.permissions
            permissions = set(permissions)  # De-dupe

            for perm, granted in UserPermission.from_user(self.id).items():
                if not granted and perm in permissions:
                    permissions.remove(perm)
                if granted and perm not in permissions:
                    permissions.add(perm)

            cache.set(key, permissions)
        return permissions
Ejemplo n.º 2
0
def test_delete_secondary_class_with_user(app, authed_client):
    response = authed_client.delete('/user_classes/1',
                                    query_string={
                                        'secondary': True
                                    }).get_json()
    assert (
        response['response'] ==
        'You cannot delete a SecondaryClass while users are assigned to it.')
    assert SecondaryClass.from_pk(1)
Ejemplo n.º 3
0
def test_modify_secondary_user_class(app, authed_client):
    authed_client.put(
        '/user_classes/2',
        data=json.dumps({
            'permissions': {
                'users_edit_settings': False
            },
            'secondary': True
        }),
    )

    secondary_class = SecondaryClass.from_pk(2)
    assert not secondary_class.permissions

    user_class = UserClass.from_pk(2)
    assert 'users_edit_settings' in user_class.permissions
Ejemplo n.º 4
0
    def populate(cls):
        UserClass.new(name='User')
        UserClass.new(
            name='Power User',
            permissions=['permissions_modify', 'users_edit_settings'],
        )
        UserClass.new(name='Elite')
        UserClass.new(name='Torrent Masturbaiter')
        UserClass.new(name='Staff')
        UserClass.new(name='Administrator')
        SecondaryClass.new(name='FLS')
        SecondaryClass.new(name='Beans Team',
                           permissions=['users_edit_settings'])
        SecondaryClass.new(name='Progressive Insurance')
        SecondaryClass.new(name='Jake from State Farom')

        db.engine.execute(  # Generating password hash each time is slow, so raw SQL we go.
            f"""INSERT INTO users
            (username, passhash, email, invites, inviter_id, user_class_id) VALUES
            ('user_one', '{HASH_1}', '*****@*****.**', 1, NULL, 1),
            ('user_two', '{HASH_2}', '*****@*****.**', 0, 1, 1),
            ('user_three', '{HASH_3}', '*****@*****.**', 0, NULL, 1),
            ('user_four', '{HASH_1}', '*****@*****.**', 2, 2, 1),
            ('user_five', '{HASH_1}', '*****@*****.**', 1, 4, 1)
            """)
        db.engine.execute(
            f"""INSERT INTO api_keys (user_id, hash, keyhashsalt, revoked, permissions) VALUES
            (1, 'abcdefghij', '{HASHED_CODE_1}', 'f',
             '{{"sample_permission", "sample_2_permission", "sample_3_permission"}}'),
            (1, 'cdefghijkl', '{HASHED_CODE_3}', 'f', '{{}}'),
            (2, 'bcdefghijk', '{HASHED_CODE_3}', 'f', '{{}}'),
            (2, '1234567890', '{HASHED_CODE_2}', 't', '{{}}')""")
        db.engine.execute(
            f"""INSERT INTO invites (inviter_id, invitee_id, email, code, expired) VALUES
            (1, NULL, '*****@*****.**', '{CODE_1}', 'f'),
            (1, 2, '*****@*****.**', '{CODE_2}', 't'),
            (2, NULL, '*****@*****.**', '{CODE_3}', 'f'),
            (1, NULL, '*****@*****.**', '{CODE_4}', 't')
            """)

        db.session.execute(secondary_class_assoc_table.insert().values(
            user_id=1, secondary_class_id=1))
        db.session.commit()
Ejemplo n.º 5
0
    def secondary_classes(self) -> List[str]:
        from core.permissions.models import SecondaryClass

        secondary_classes = SecondaryClass.from_user(self.id)
        return [sc.name for sc in secondary_classes]
Ejemplo n.º 6
0
def test_user_secondary_classes_models(app, client):
    cache.set(SecondaryClass.__cache_key_of_user__.format(id=1), [2],
              timeout=60)
    secondary_classes = SecondaryClass.from_user(1)
    assert len(secondary_classes) == 1
    assert secondary_classes[0].name == 'Beans Team'