def app(user, plan_record):
app = create_app(test_config)
with app.app_context():
db.create_all()
admin_role = Role(name="admin")
user_role = Role(name="user")
db.session.add(admin_role)
db.session.add(user_role)
# Admin user
user.roles = [admin_role, user_role]
db.session.add(user)
# Non-admin user
non_admin = User(first="Example",
last="Person",
email="*****@*****.**")
non_admin.roles = [user_role]
db.session.add(non_admin)
place = Place(name="Lowell, MA", description="A town")
db.session.add(place)
plan = PlanSchema().load(plan_record)
plan.user = user
db.session.add(plan)
db.session.commit()
return app
def test_update_role(self):
self.role1.save()
role1 = Role.get(id=1)
role1.update({'title': 'new_role_title'})
self.assertEqual('new_role_title', Role.get(id=1).title)
self.assertTrue(isinstance(role1.update({'random': 'bad field'}),
dict))
async def test_role_update(app: AsyncClient, db, user, token,
manage_roles_role, request_data, new_data, status):
try:
query = """
INSERT INTO roles (id, name, color, permissions, position)
VALUES (create_snowflake(), 'test update', 0, 0, (SELECT COUNT(*) FROM roles) + 1)
RETURNING *;
"""
role = Role(**await Role.pool.fetchrow(query))
await UserRole.create(user.id, manage_roles_role.id)
res = await app.patch(
f"/api/v1/roles/{role.id}",
json=request_data,
headers={"Authorization": token},
)
assert res.status_code == status
role = await Role.fetch(role.id)
data = role.as_dict()
data.pop("id")
data.pop("position")
assert data == new_data
finally:
await db.execute(
"DELETE FROM userroles WHERE role_id = $1 AND user_id = $2;",
manage_roles_role.id,
user.id,
)
await db.execute("DELETE FROM roles WHERE id = $1", role.id)
def app(user, plan_record):
app = create_app(
{
"TESTING": True,
"SQLALCHEMY_DATABASE_URI": "sqlite:///:memory:",
"SQLALCHEMY_TRACK_MODIFICATIONS": False,
"SECRET_KEY": b"my_secret_key",
}
)
with app.app_context():
db.create_all()
admin_role = Role(name="admin")
user_role = Role(name="user")
db.session.add(admin_role)
db.session.add(user_role)
user.roles = [admin_role, user_role]
db.session.add(user)
place = Place(name="Lowell, MA", description="A town")
db.session.add(place)
plan = PlanSchema().load(plan_record)
plan.user = user
db.session.add(plan)
db.session.commit()
return app
def new_roles(app):
roles = [
Role(title='Operations Intern'),
Role(title='Operations Coordinator'),
Role(title='Operations Assistant'),
Role(title='Operations Manager'),
]
return roles
def test_get_many_roles(self):
self.assertEqual(True, isinstance(Role.get_all(), dict))
self.role1.save()
self.role2.save()
self.role3.save()
self.assertEqual(True, isinstance(Role.get_all()[0], Role))
self.assertEqual(True, isinstance(Role.get_all()[1], Role))
self.assertEqual(3, len(Role.get_all()))
def setUp(self):
"""
Set up test application.
"""
self.app = create_app('testing')
self.client = self.app.test_client()
self.client.headers = {'Authorization': getenv('TEST_TOKEN')}
self.app_context = self.app.app_context()
self.app_context.push()
db.drop_all()
db.create_all()
self.board1 = Board()
self.board2 = Board()
self.conversation1 = Conversation()
self.conversation2 = Conversation()
self.deposit1 = Deposit()
self.deposit2 = Deposit()
self.estate1 = Estate(address="Random Address 1")
self.estate2 = Estate(address="Random Address 2")
self.estate3 = Estate()
self.headers = {'Authorization': getenv('TEST_TOKEN')}
self.message1 = Message(sender=1, content='Random Content')
self.message2 = Message(sender=2, content='Random Content')
self.message3 = Message()
self.payment1 = Payment()
self.payment2 = Payment()
self.role1 = Role(title='basic')
self.role2 = Role(title='admin')
self.role3 = Role(title='super_admin')
self.role4 = Role()
self.unit1 = Unit(name="Random Unit 1")
self.unit2 = Unit(name="Random Unit 2")
self.unit3 = Unit()
self.user1 = User(name="First1 Middle1 Last1",
phone_number="000 12 3456781",
email="*****@*****.**",
password=digest('ABC123!@#'))
self.user2 = User(name="First2 Middle2 Last2",
phone_number="000 12 3456782",
email="*****@*****.**",
password=digest('ABC123!@#'))
self.user3 = User()
self.user_new_data1 = {'phone_number': "000 12 3456783"}
self.user_new_data2 = {'bad_field': "random"}
self.wallet1 = Wallet()
self.wallet2 = Wallet()
self.user1_dict = {
"name": "First1 Middle1 Last1",
"phone_number": "000 12 3456781",
"email": "*****@*****.**",
"password": "******"
}
self.conversation3_dict = {"participants": [1, 2]}
self.message4_dict = {"content": "New Message."}
self.board3_dict = {'members': [1, 2]}
def app(user, plan_record):
app = create_app(test_config)
with app.app_context():
db.create_all()
admin_role = Role(name="admin")
user_role = Role(name="user")
db.session.add(admin_role)
db.session.add(user_role)
# Admin user
user.roles = [admin_role, user_role]
db.session.add(user)
# Non-admin user
non_admin = User(first="Example",
last="Person",
email="*****@*****.**")
non_admin.roles = [user_role]
db.session.add(non_admin)
place = Place(
slug="lowell",
name="Lowell, MA",
state="Massachusetts",
description="A town",
districting_problems=[
DistrictingProblem(
number_of_parts=9,
name="Town Council",
plural_noun="Town Council Districts",
)
],
units=[
UnitSet(
name="Blocks",
unit_type="block",
slug="blocks",
bounds="[[0, 100], [0, 100]]",
)
],
)
db.session.add(place)
plan = Plan(**PlanSchema().load(plan_record))
plan.user = user
db.session.add(plan)
db.session.commit()
return app
def create_admin():
if User.get_or_none(email='admin'):
db.close_db(None)
return
anonymous_role, _ = Role.get_or_create(name='anonymous')
super_role, _ = Role.get_or_create(name='superuser')
user_role, _ = Role.get_or_create(name='user')
user_datastore.create_user(first_name='Admin',
email='admin',
password=hash_password(ADMIN_PASS),
confirmed_at=datetime.utcnow(),
roles=[user_role, super_role])
db.close_db(None)
def setUpClass(cls):
DBModel.metadata.drop_all(sqla_engine)
DBModel.metadata.create_all(sqla_engine)
r1, r2 = Role(name='admin'), Role(name='pikus')
DBSession.add(r1)
DBSession.add(r2)
a = Account(username='******',
fullName='Greg Burek',
email='*****@*****.**')
a.set_password('dupa')
a.roles.extend((r1, r2))
DBSession.add(a)
DBSession.commit()
cls.DBSession = DBSession
def centre_societies_roles_data_dev(production=False):
"""Generate center societies and role data."""
# test centers
nairobi = Center(name='nairobi')
kampala = Center(name='kampala')
lagos = Center(name='lagos')
# societies
phoenix = Society(name="phoenix")
istelle = Society(name="istelle")
sparks = Society(name="sparks")
invictus = Society(name="invictus")
# roles available
roles = (Role(uuid="-KXGy1EB1oimjQgFim6F", name="success"),
Role(uuid="-KXGy1EB1oimjQgFim6L", name="finance"),
Role(uuid="-KXGy1EB1oimjQgFim6C", name="fellow"),
Role(uuid="-KkLwgbeJUO0dQKsEk1i", name="success ops"),
Role(uuid="-KiihfZoseQeqC6bWTau",
name="andelan"), Role(name="society president"),
Role(name="society vice president"),
Role(name="society secretary"))
return (roles, nairobi, kampala, lagos, phoenix, istelle, sparks,
invictus) if not production else (roles, phoenix, istelle, sparks,
invictus)
def handle(self, *args, **options):
try:
role_names = [settings.ROLE_PROJECT_ADMIN, settings.ROLE_ANNOTATOR, settings.ROLE_ANNOTATION_APPROVER]
except KeyError as key_error:
self.stderr.write(self.style.ERROR(f'Missing Key: "{key_error}"'))
for role_name in role_names:
if Role.objects.filter(name=role_name).exists():
continue
role = Role()
role.name = role_name
try:
role.save()
except DatabaseError as db_error:
self.stderr.write(self.style.ERROR(f'Database Error: "{db_error}"'))
else:
self.stdout.write(self.style.SUCCESS(f'Role created successfully "{role_name}"'))
def post(self):
username = request.values.get("username") or request.values.get(
"email")
password = request.values.get("password")
user, authenticated = User.query.authenticate(username, password)
log_type = request.values.get('type')
x_real_ip = request.headers.get('x-real-ip', '')
if user and not user.is_active:
return abort(403, "账户已被系统禁用")
if not user:
return abort(403, "User <{0}> does not exist".format(username))
if not authenticated:
value = UserCache.get_count_error(username)
if value >= 3:
if user and user.is_active:
user.is_active = False
user.save()
return abort(403, "账户已被禁用")
return abort(403, "invalid username or password")
role = Role.get_by(id=user.id, first=True, to_dict=True)
if log_type == 'ldap':
pass
# ldap未完成
else:
if user and user.deleted_by is None:
return self.handle_user_info(user, x_real_ip, role)
def get(cls, id):
permission = cache.get(cls.PREFIX_ID.format(key))
if not permission:
permission = Role.get_by(id=id).page_perms
if permission:
cls.set(id, permission)
return permission
async def manage_roles_role(db):
query = """
INSERT INTO roles (id, name, color, permissions, position)
VALUES (create_snowflake(), $1, $2, $3, (SELECT COUNT(*) FROM roles) + 1)
RETURNING *;
"""
record = await Role.pool.fetchrow(query, "Roles Manager", 0x0,
ManageRoles().value)
yield Role(**record)
await db.execute("DELETE FROM roles WHERE id = $1;", record["id"])
def test_add_and_remove_role_from_user(self):
self.user1.save()
self.role1.save()
self.role2.save()
user1 = User.get(id=1)
self.assertEqual(0, len(user1.roles))
user1.insert('roles', Role.get_all())
self.assertEqual(2, len(user1.roles))
user1.remove('roles', id=1)
self.assertEqual(1, len(user1.roles))
user1.remove('roles')
self.assertEqual(0, len(user1.roles))
def create_test_token():
"""
Create token for use in testing.
Seed roles before running this.
"""
user = User.get(email="*****@*****.**")
roles = Role.get_all()
user.insert('roles', roles)
user.save()
token = create_token("*****@*****.**")
environ['TEST_TOKEN'] = token
print('\nToken created:\n', token,
'\nThe token is saved in the environment.\n')
def test_add_and_remove_users_from_role(self):
self.user1.save()
self.user2.save()
self.role1.save()
role1 = Role.get(id=1)
self.assertEqual(0, len(role1.users))
users = User.get_all()
role1.insert('users', users)
self.assertEqual(True, isinstance(role1.users[0], User))
role1.remove('users', id=1)
self.assertEqual(1, len(role1.users))
role1.remove('users')
self.assertEqual(0, len(role1.users))
def seed_roles():
"""
Seeds sample roles
"""
titles = [
'Operations Intern',
'Operations Coordinator',
'Operations Assistant',
'Operations Manager',
]
for title in titles:
db.session.add(Role(title=title))
db.session.commit()
def seed_roles():
"""
Add initial roles to the database.
"""
Role.drop()
roles = ['basic', 'admin', 'super_admin']
for role in roles:
new_role = Role(title=role)
new_role.save()
print('\nRoles Seeded.\n')
async def test_update_role_positions_down(app: AsyncClient, db, user, token,
manage_roles_role):
try:
roles = []
# manage roles -> 1 -> 3 -> 2 -> 4
role_names = ["1", "3", "2", "4"]
for role_name in role_names:
query = """
INSERT INTO roles (id, name, color, permissions, position)
VALUES (create_snowflake(), $1, 0, 0, (SELECT COUNT(*) FROM roles) + 1)
RETURNING *;
"""
role = Role(**await Role.pool.fetchrow(query, role_name))
roles.append(role)
await UserRole.create(user.id, manage_roles_role.id)
res = await app.patch(
f"/api/v1/roles/{roles[1].id}",
json={"position": 4},
headers={"Authorization": token},
)
assert res.status_code == 204
res = await app.get("/api/v1/roles")
new_roles = sorted(res.json(), key=lambda x: x["position"])
for i, role in enumerate(new_roles, 1):
assert (role["position"] == i
) # make sure roles are ordered with no missing positions
for i in range(1, 5):
assert new_roles[i]["name"] == str(i)
finally:
await db.execute(
"DELETE FROM userroles WHERE role_id = $1 AND user_id = $2;",
manage_roles_role.id,
user.id,
)
for role in roles:
await db.execute("DELETE FROM roles WHERE id = $1", role.id)
async def inner(user=authorization()):
query = """
SELECT *
FROM roles r
WHERE r.id IN (
SELECT ur.role_id
FROM userroles ur
WHERE ur.user_id = $1
)
"""
records = await Role.pool.fetch(query, user.id)
if not records:
raise HTTPException(403, "Missing Permissions")
user_permissions = 0
for record in records:
user_permissions |= record["permissions"]
if not utils.has_permissions(user_permissions, permissions):
raise HTTPException(403, "Missing Permissions")
return [Role(**record) for record in records]
def post(self):
"""
Create a new user.
"""
payload = request.get_json()
required = ['email', 'name', 'password', 'phone_number']
result = validate_json(required, payload)
if isinstance(result, bool) is True:
new_user = User(name=payload['name'],
phone_number=payload['phone_number'],
email=payload['email'],
password=digest(payload['password']))
basic_role = Role.get(title='basic')
new_wallet = Wallet()
new_user.insert('roles', [basic_role])
new_user.insert('wallet', new_wallet)
new_user_id = new_user.save()
return {
'status': 'success',
'message': 'User with id {} was created.'.format(new_user_id)
}, 201
return {'status': 'fail', 'data': {'missing': result}}, 400
async def test_role_add(app: AsyncClient, db, user, token, manage_roles_role):
try:
query = """
INSERT INTO roles (id, name, color, permissions, position)
VALUES (create_snowflake(), 'test add', 0, 0, (SELECT COUNT(*) FROM roles) + 1)
RETURNING *;
"""
role = Role(**await Role.pool.fetchrow(query))
await UserRole.create(user.id, manage_roles_role.id)
res = await app.put(
f"/api/v1/roles/{role.id}/members/{user.id}",
headers={"Authorization": token},
)
assert res.status_code == 204
finally:
await db.execute(
"DELETE FROM userroles WHERE role_id = $1 AND user_id = $2;",
manage_roles_role.id,
user.id,
)
await db.execute("DELETE FROM roles WHERE id = $1", role.id)
def test_count(self):
assert Role.count() == 1
def seed_test_data():
"""
Seed data to be used for testing.
"""
db.drop_all()
db.create_all()
payment_1 = Payment()
payment_2 = Payment()
payment_3 = Payment()
payment_4 = Payment()
payment_1.insert('deposits', [Deposit(
amount=1000.0), Deposit(amount=500.0)])
payment_2.insert('deposits', [Deposit(
amount=1000.0), Deposit(amount=500.0)])
payment_3.insert('deposits', [Deposit(amount=1000.0)])
payment_4.insert('deposits', [Deposit(amount=1000.0)])
wallet_1 = Wallet()
wallet_2 = Wallet()
wallet_3 = Wallet()
wallet_4 = Wallet()
wallet_1.insert('payments', [payment_1, payment_2])
wallet_2.insert('payments', [payment_3])
wallet_3.insert('payments', [payment_4])
estate1 = Estate(address='Casterly Rock')
estate2 = Estate(address='Dorne')
estate3 = Estate(address='Dragonstone')
estate2.insert('payment', wallet_2.payments[0])
estate3.insert('payment', wallet_3.payments[0])
unit1 = Unit(name='No. 1')
unit2 = Unit(name='No. 2')
unit3 = Unit(name='No. 1')
unit4 = Unit(name='No. 2')
unit5 = Unit(name='No. 3')
unit1.insert('payment', wallet_1.payments[0])
unit2.insert('payment', wallet_1.payments[1])
estate1.insert('estate_units', [unit1, unit2])
estate2.insert('estate_units', [unit3])
estate3.insert('estate_units', [unit4, unit5])
board1 = Board()
board2 = Board()
board1.insert('estates_owned', [estate1, estate2])
board2.insert('estates_owned', [estate3])
board1.insert('units_owned', [unit5])
user0 = User(
name="Test User",
phone_number="000 00 0000000",
email="*****@*****.**",
password=digest('ABC123!@#1'))
user1 = User(
name="Jaime Lannister",
phone_number="000 12 3456781",
email="*****@*****.**",
password=digest('ABC123!@#1'))
user2 = User(
name="Oberyn Martell",
phone_number="000 12 3456782",
email="*****@*****.**",
password=digest('ABC123!@#2'))
user3 = User(
name="Daenerys Targaryen",
phone_number="000 12 3456783",
email="*****@*****.**",
password=digest('ABC123!@#3'))
conversation1 = Conversation()
conversation2 = Conversation()
message1 = Message(sender=user1.name,
content='Content 1')
message2 = Message(sender=user2.name,
content='Content 2')
message3 = Message(sender=user3.name,
content='Content 3')
conversation1.insert('messages', [message1, message2])
conversation2.insert('messages', [message3])
user0.insert('boards', [board1])
user1.insert('boards', [board1])
user2.insert('boards', [board1])
user3.insert('boards', [board2])
user1.insert('units', [unit1, unit2])
user2.insert('units', [unit3])
user3.insert('units', [unit4])
user0.insert('wallet', wallet_4)
user1.insert('wallet', wallet_1)
user2.insert('wallet', wallet_2)
user3.insert('wallet', wallet_3)
user1.insert('conversations', [conversation1, conversation2])
user2.insert('conversations', [conversation1, conversation2])
user3.insert('conversations', [conversation1])
role1 = Role(title='admin')
role2 = Role(title='basic')
role3 = Role(title='super_admin')
role3.insert('users', [user0, user1])
role2.insert('users', [user0, user1, user2, user3])
role1.insert('users', [user0, user3])
role1.save()
role2.save()
role3.save()
print('\nTest Data Seeded.\n')
def new_role(app):
role = Role(title='Operations Intern')
return role
def test_delete(self, new_user, new_role, request_ctx,
mock_request_obj_decoded_token):
new_role.delete()
assert Role.get(new_role.id) is None
def test_role_exists(self):
self.assertFalse(Role.check_exists(id=1))
self.role1.save()
self.assertTrue(Role.check_exists(id=1))
def test_query(self):
role_query = Role._query()
assert role_query.count() == 1
assert isinstance(role_query.all(), list)
