def test_set_user_permission_multiple_users(session, client): with session() as session: user = register_user(session, 'diageo', 'St._Jamess_Gate_Dublin', 'Arthur', 'Guinness') session.add(user) session.commit() perm = set_user_permission(session, 'admin', user.id) session.add(perm) session.commit() admin_perm = session.query(Permission).filter_by( name='admin').first() user_perm = session.query(UserPermission).filter_by( user_id=user.id).first() assert admin_perm.id == user_perm.permission_id new_user_2 = register_user(session, 'anheuserbusch', 'DillyDilly', 'Bud', 'Light') session.add(new_user_2) session.commit() perm_2 = set_user_permission(session, 'user', new_user_2.id) session.add(perm_2) session.commit() user_permission = session.query(Permission).filter_by( name='user').first() user2_perm = session.query(UserPermission).filter_by( user_id=new_user_2.id).first() assert user_permission.id == user2_perm.permission_id
def test_is_admin(session, client): with session() as session: new_user_1 = register_user(session, 'especial1925', 'ABInBev', 'Grupo', 'Modelo') session.add(new_user_1) session.commit() # First user must always be admin even though we are asking for user perm_1 = set_user_permission(session, 'user', new_user_1.id) session.add(perm_1) session.commit() test_with_authenticated_user(session) admin = is_admin(session, new_user_1) assert admin new_user_2 = register_user(session, 'anheuserbusch', 'DillyDilly', 'Bud', 'Light') session.add(new_user_2) session.commit() perm_2 = set_user_permission(session, 'admin', new_user_2.id) session.add(perm_2) session.commit() # Now that there is a second user, change first user to 'user' change_user_permission(session, new_user_1.id) session.commit() admin = is_admin(session, new_user_1) assert not admin
def test_change_second_user(session, client): with session() as session: new_user_1 = register_user(session, 'sabmiller', 'ColdAsTheRockies', 'Coors', 'Light') session.add(new_user_1) session.commit() perm = set_user_permission(session, 'admin', new_user_1.id) session.add(perm) session.commit() new_user_2 = register_user(session, 'anheuserbusch', 'DillyDilly', 'Bud', 'Light') session.add(new_user_2) session.commit() perm_2 = set_user_permission(session, 'user', new_user_2.id) session.add(perm_2) session.commit() user_permission = session.query(Permission).filter_by( name='user').first() admin_permission = session.query(Permission).filter_by( name='admin').first() user_perm_2 = session.query(UserPermission).filter_by( user_id=new_user_2.id).first() assert user_perm_2.permission_id == user_permission.id change_user_permission(session, new_user_2.id) session.commit() assert user_perm_2.permission_id == admin_permission.id change_user_permission(session, new_user_2.id) session.commit() assert user_perm_2.permission_id == user_permission.id
def test_get_user_with_permissions(session, client): with session() as session: new_user_1 = register_user(session, 'anheuserbusch', 'DillyDilly', 'Bud', 'Light') session.add(new_user_1) session.commit() perm_1 = set_user_permission(session, 'admin', new_user_1.id) session.add(perm_1) session.commit() new_user_2 = register_user(session, 'especial1925', 'ABInBev', 'Grupo', 'Modelo') session.add(new_user_2) session.commit() perm_2 = set_user_permission(session, 'user', new_user_2.id) session.add(perm_2) session.commit() user = get_user_with_permissions(session, new_user_1.id) assert new_user_1 in user assert perm_1 in user assert user.User.first_name == 'Bud' assert user.Permission.name == 'admin'
def test_change_only_admin(session, client): with session() as session: user = register_user(session, 'diageo', 'St._Jamess_Gate_Dublin', 'Arthur', 'Guinness') session.add(user) session.commit() perm = set_user_permission(session, 'admin', user.id) session.add(perm) session.commit() with pytest.raises(Exception) as exc: change_user_permission(session, user.id) assert str(exc.value) == 'Cannot remove last admin'
def test_user_already_registered(client, session): with session() as session: new_user = register_user( session, 'sabmiller', 'ColdAsTheRockies', 'Coors', 'Light') session.add(new_user) session.commit() perm = set_user_permission(session, 'admin', new_user.id) session.add(perm) session.commit() data = {'username': '******', 'password': '******', 'password_conf': 'ColdAsTheRockies', 'first_name': 'Coors', 'last_name': 'Light'} resp = client.post('/register', data=data, follow_redirects=True) assert b'Username already used' in resp.data
def test_get_all_users_with_permissions(session, client): with session() as session: new_user_1 = register_user(session, 'anheuserbusch', 'DillyDilly', 'Bud', 'Light') session.add(new_user_1) session.commit() perm_1 = set_user_permission(session, 'admin', new_user_1.id) session.add(perm_1) session.commit() new_user_2 = register_user(session, 'especial1925', 'ABInBev', 'Grupo', 'Modelo') session.add(new_user_2) session.commit() perm_2 = set_user_permission(session, 'user', new_user_2.id) session.add(perm_2) session.commit() users = get_all_users_with_permissions(session) assert new_user_1 in users[0] or new_user_1 in users[1] assert new_user_2 in users[0] or new_user_2 in users[1] assert perm_1 in users[0] or perm_1 in users[1] assert perm_2 in users[0] or perm_2 in users[1] assert len(users) == 2
def test_delete_user(client, session): with session() as session: new_user = register_user( session, 'anheuserbusch', 'DillyDilly', 'Bud', 'Light') session.add(new_user) session.commit() perm = set_user_permission(session, 'admin', new_user.id) session.add(perm) session.commit() new_user = register_user( session, 'especial1925', 'ABInBev', 'Grupo', 'Modelo') session.add(new_user) session.commit() perm = set_user_permission(session, 'user', new_user.id) session.add(perm) session.commit() test_with_authenticated_user(session) delete_id = new_user.id resp = client.delete('/admin', json={'user': delete_id}) assert resp.status_code == 200 assert resp.json == { 'msg': f'User with ID {delete_id} successfully deleted'}
def test_patch_user(client, session): with session() as session: new_user = register_user( session, 'anheuserbusch', 'DillyDilly', 'Bud', 'Light') session.add(new_user) session.commit() perm = set_user_permission(session, 'admin', new_user.id) session.add(perm) session.commit() new_user = register_user( session, 'especial1925', 'ABInBev', 'Grupo', 'Modelo') session.add(new_user) session.commit() perm = set_user_permission(session, 'user', new_user.id) session.add(perm) session.commit() test_with_authenticated_user(session) user_id = new_user.id resp = client.patch('/admin', json={'user': user_id}) assert resp.status_code == 200 assert resp.json == { 'msg': f'User permissions changed for ID {user_id}'}
def test_delete_user_bad_json(client, session): with session() as session: new_user = register_user( session, 'anheuserbusch', 'DillyDilly', 'Bud', 'Light') session.add(new_user) session.commit() perm = set_user_permission(session, 'admin', new_user.id) session.add(perm) session.commit() test_with_authenticated_user(session) resp = client.delete('/admin', json={'bad_key': new_user.id}) assert resp.status_code == 400 assert resp.json == {'msg': 'A known value was not supplied'}
def test_set_user_permission(session, client): with session() as session: user = register_user(session, 'diageo', 'St._Jamess_Gate_Dublin', 'Arthur', 'Guinness') session.add(user) session.commit() perm = set_user_permission(session, 'admin', user.id) session.add(perm) session.commit() admin_perm = session.query(Permission).filter_by( name='admin').first() user_perm = session.query(UserPermission).filter_by( user_id=user.id).first() assert user_perm.permission_id == admin_perm.id
def test_patch_control(client, session): from app.main.admin import get_admin_control_by_name with session() as session: control_id = get_admin_control_by_name(session, 'new_users').id new_user = register_user( session, 'anheuserbusch', 'DillyDilly', 'Bud', 'Light') session.add(new_user) session.commit() perm = set_user_permission(session, 'admin', new_user.id) session.add(perm) session.commit() test_with_authenticated_user(session) resp = client.patch('/admin', json={'control': control_id}) assert resp.status_code == 200 assert resp.json == { 'msg': f'Control ID: {control_id} successfull changed'}
def test_patch_user_bad_json(client, session): with session() as session: new_user = register_user( session, 'especial1925', 'ABInBev', 'Grupo', 'Modelo') session.add(new_user) session.commit() perm = set_user_permission(session, 'user', new_user.id) session.add(perm) session.commit() test_with_authenticated_user(session) user_id = new_user.id with patch('app.main.routes.routes.change_user_permission', side_effect=BaseException('user_permission_err')): resp = client.patch( '/admin', json={'bad_key': user_id}, follow_redirects=True) assert resp.status_code == 400 assert resp.json == {'msg': 'A known value was not supplied'}
def test_admin_page(client, session): with session() as session: new_user = register_user( session, 'sabmiller', 'ColdAsTheRockies', 'Coors', 'Light') session.add(new_user) session.commit() perm = set_user_permission(session, 'admin', new_user.id) session.add(perm) session.commit() test_with_authenticated_user(session) resp = client.get('/admin') assert b'<title>Socks Chat | Admin</title>' in resp.data assert b'''<span class="horizontal"> new_users''' in resp.data assert b'''sabmiller''' in resp.data assert b'''Coors Light''' in resp.data assert b'''<span class="horizontal">\n new_users''' in resp.data
def test_user_already_logged_in(client, session): with session() as session: new_user = register_user( session, 'anheuserbusch', 'DillyDilly', 'Bud', 'Light') session.add(new_user) session.commit() perm = set_user_permission(session, 'user', new_user.id) session.add(perm) session.commit() test_with_authenticated_user(session) with client.session_transaction() as f_session: f_session['username'] = '******' f_session['name'] = 'Bud Light' f_session['room'] = 'ABInBev' resp = client.get('/', follow_redirects=True) assert b'<title>Socks Chat | Chat</title>' in resp.data
def test_patch_control_exception(client, session): from app.main.admin import get_admin_control_by_name with session() as session: control_id = get_admin_control_by_name(session, 'new_users').id new_user = register_user( session, 'especial1925', 'ABInBev', 'Grupo', 'Modelo') session.add(new_user) session.commit() perm = set_user_permission(session, 'user', new_user.id) session.add(perm) session.commit() test_with_authenticated_user(session) with patch('app.main.routes.routes.get_admin_control_by_id', side_effect=Exception('admin_switch_err')): resp = client.patch( '/admin', json={'control': control_id}, follow_redirects=True) assert resp.status_code == 500 assert resp.json == { 'msg': 'Something went wrong changing the control'}
def register(): admin = is_admin(g.session, current_user) form = RegisterForm() # Check if 'new_users' is turned on or off if not get_admin_control_by_name(g.session, 'new_users').value: return render_template( 'register.html', form=form, admin=admin, msg='New user registration has been disabled at this time', svg=Markup(svg_contents('./app/static/socks.svg'))) if request.method == 'GET': return render_template('register.html', form=form, svg=Markup( svg_contents('./app/static/socks.svg'))) elif request.method == 'POST': if form.validate_on_submit(): username = request.form.get('username') password = request.form.get('password') password_conf = request.form.get('password_conf') first_name = request.form.get('first_name') last_name = request.form.get('last_name') if password != password_conf: return render_template( 'register.html', form=form, admin=admin, msg='Passwords did not match', svg=Markup(svg_contents('./app/static/socks.svg'))) try: new_user = register_user(g.session, username, password, first_name, last_name) try: # add the new user to the database g.session.add(new_user) g.session.commit() except: g.session.rollback() raise Exception('Error adding new user') # Set user's role as 'user' user_permission = set_user_permission(g.session, 'user', new_user.id) try: # add the new user's related permission to the database g.session.add(user_permission) g.session.commit() except: g.session.rollback() raise Exception('Error setting user permissions') except Exception as err: return render_template( 'register.html', form=form, admin=admin, msg=str(err), svg=Markup(svg_contents('./app/static/socks.svg'))) except: return render_template( 'register.html', form=form, admin=admin, msg=f'Unexpected error: {sys.exc_info()[0]}', svg=Markup(svg_contents('./app/static/socks.svg'))) else: return render_template('register.html', form=form, admin=admin, msg='Not all required fields provided', svg=Markup( svg_contents('./app/static/socks.svg'))) flash('Registration successful') return redirect(url_for('.index'))