def test_post_user_role_correct() -> None:
with CustomTestClient() as c:
User("jane", "asd123").save()
User("JOHN", "asd123").save()
User("Leia", "asd123").save()
Role("ADMIN", "Administrator for site").save()
Role("FINANCE", "financer for site").save()
token = auth.create_jwt_token("JohnDoe", 1, ["ADMIN"])
c.set_cookie('localhost:5000', 'Authorization', token)
res = c.post('/api/v1/users/1/roles',
data=json.dumps({'role': 'ADMIN'}),
content_type='application/json')
res_2 = c.post('/api/v1/users/1/roles',
data=json.dumps({'role': 'FINANCE'}),
content_type='application/json')
res_3 = c.post('/api/v1/users/3/roles',
data=json.dumps({'role': 'FINANCE'}),
content_type='application/json')
data = res.get_json()
assert data['message'] == "Role successfully added to user"
assert res.status_code == 200
data_2 = res_2.get_json()
assert data_2['message'] == "Role successfully added to user"
assert res_2.status_code == 200
data_3 = res_3.get_json()
assert data_3['message'] == "Role successfully added to user"
assert res_3.status_code == 200
user_1 = User.find_by_id(1)
assert user_1.roles[0].name == "ADMIN"
assert user_1.roles[0].description == "Administrator for site"
assert user_1.roles[1].name == "FINANCE"
assert user_1.roles[1].description == "financer for site"
user_2 = User.find_by_id(2)
assert user_2.roles == []
user_3 = User.find_by_id(3)
assert user_3.roles[0].name == "FINANCE"
assert user_3.roles[0].description == "financer for site"
def load_roles(session):
"""
Preload the initial user roles if they do not exist
"""
count_roles = session.query(Role.id).count()
if count_roles == 0:
roles = [('Member', 'member'), ('Administrator', 'admin'),
('Supervisor', 'super')]
rid = 1
for name, code in roles:
r = Role(id=rid, name=name, code=code)
session.add(r)
rid = rid + 1
session.flush()
session.commit()
def role_add():
form = RoleForm()
if form.validate_on_submit():
data = form.data
# 重复添加账户暂未处理!!!
# print(data['auths']) # 权限id列表形式[1, 2]
role = Role(
name=data['name'],
auths=','.join(map(lambda item: str(item),
data['auths'])) # 数字转换为字符串形式
)
db.session.add(role)
db.session.commit()
flash('角色添加成功', category='ok')
return render_template('admin/role_edit.html', form=form)
def create_admin():
""" Create default admin user """
from app.models import db
role = Role(id=1, role_name='administrator')
admin = User(
id=1,
user_name='admin',
email='*****@*****.**',
password_hash=generate_password_hash('memory'),
created_time=datetime.datetime.now().strftime('%Y/%m/%d %H:%M:%S'),
role_id=1)
db.session.add(role)
db.session.add(admin)
db.session.commit() # This is needed to write the changes to database
print("Default admin user, username: admin password: memory")
def add_role():
form = RoleForm()
form.auth.choices = [(a.id, a.name) for a in Auth.query.all()]
if form.validate_on_submit():
isExist = Role.query.filter_by(name=form.name.data).count()
if isExist:
flash("Role have existed. Please try again", "danger")
return redirect(url_for("admin_bp.add_tag"))
auths = [Auth.query.get_or_404(id) for id in form.auth.data]
role = Role(name=form.name.data, auths=auths)
db.session.add(role)
db.session.commit()
flash("Role was added", "success")
return redirect(url_for("admin_bp.list_role"))
return render_template("admin/add_role.html", form=form)
def role_add():
form = RoleForm()
if form.validate_on_submit():
data = form.data
role = Role(
name=data['name'],
auths=','.join([str(v) for v in data['auths']
]) # data['auth']为数组形式 exm: [3]
)
db.session.add(role)
db.session.commit()
flash("添加角色成功!", 'ok')
return redirect(url_for('admin.role_add'))
return render_template('admin/role_add.html', form=form)
def index():
form = VideoForm()
map_on = form.switch_map.data
video_on = form.switch_video.data
map_switch = Role(map_switch=form.switch_map.data)
video_switch = Role(video_switch=form.switch_video.data)
# if map_on == True:
# flash(u'success open the map!')
# else:
# flash(u'map closed!')
# if video_on == True:
# flash(u'success open the video!')
# else:
# flash(u'video closed!')
db.session.add(map_switch)
db.session.add(video_switch)
# db.session.commit()
return render_template('index.html',
form=form,
map_on=map_on,
video_on=video_on)
def role_add():
form = RoleForm()
if form.validate_on_submit():
data = form.data
role = Role(name=data['name'],
auths=','.join(map(lambda v: str(v), data['auths'])))
db.session.add(role)
db.session.commit()
oplog = Oplog(admin_id=session['admin_id'],
ip=request.remote_addr,
reason='管理员%s添加角色%s' % (session['admin'], data['name']))
db.session.add(oplog)
db.session.commit()
flash('添加角色成功!', 'ok')
return render_template('admin/role_add.html', form=form)
def test_tur001_perm_funcs(self):
r = Role(name='User')
# add two perms
r.add_permission(Permission.FOLLOW)
r.add_permission(Permission.REVIEW)
# assert has one of those
assert r.has_permission(Permission.FOLLOW)
# assert it doesn't have another
assert not r.has_permission(Permission.PUBLISH)
r.remove_permission(Permission.FOLLOW)
# assert now it doesn't have removed one
assert not r.has_permission(Permission.FOLLOW)
# erase all perms
r.reset_permissions()
assert not r.has_permission(Permission.REVIEW)
def test_is_promotion_returns_correct_values(
self,
starting_grade,
new_grade,
role_change_id,
expected_outcome,
test_session,
test_candidate,
):
test_candidate.roles.extend(
[
Role(
date_started=date(2019, 1, 1),
grade=Grade.query.filter_by(value=starting_grade).first(),
role_change_id=2,
),
Role(
date_started=date(2020, 6, 1),
grade=Grade.query.filter_by(value=new_grade).first(),
role_change_id=role_change_id,
),
]
)
assert test_candidate.roles[0].is_promotion() is expected_outcome
def load_data_roles():
""" this function loads data from csv"""
try:
with open("data/role.csv", "r") as f:
reader = csv.reader(f)
next(reader)
for record in reader:
role = Role(role_id=record[0],
role_name=record[1],
role_desc=record[2])
db.session.add(role)
db.session.commit()
logger.info("loaded data to role table")
db.session.close()
except (Exception, psycopg2.Error) as e:
print(e)
def test_has_permission(self):
"""测试三个关于权限的方法是否正确"""
r = Role(name='User')
r.add_permission(Permissions.FOLLOW)
r.add_permission(Permissions.ADMIN)
r.add_permission(Permissions.MODERATE)
self.assertTrue(r.has_permission(Permissions.FOLLOW))
self.assertTrue(r.has_permission(Permissions.ADMIN))
self.assertTrue(r.has_permission(Permissions.MODERATE))
self.assertFalse(r.has_permission(Permissions.COMMIT))
self.assertFalse(r.has_permission(Permissions.WRITE))
r.remove_permission(Permissions.ADMIN)
self.assertFalse(r.has_permission(Permissions.ADMIN))
r.reset_permission()
self.assertFalse(r.has_permission(Permissions.FOLLOW))
self.assertFalse(r.has_permission(Permissions.MODERATE))
def create_role():
form = RoleCreateForm()
if form.validate_on_submit():
role = Role(permissions=json.dumps(form.permissions.data))
del form.permissions
form.populate_obj(role)
db.session.add(role)
db.session.commit()
flash('Role {} created'.format(form.name.data))
audit_log('created role', role.name)
return redirect(url_for('index'))
context = get_context()
return _render_template('generic_form.html',
title='New Role',
form=form,
**context)
def test_1_user_role(self):
admin_role = Role(name='admin')
admin_user = User(name='admin', role=admin_role)
test_user = User(name='test', role=admin_role)
db.session.add_all([admin_role, admin_user, test_user])
db.session.commit()
admin_role = Role.query.filter_by(name='admin').first()
admin_user = User.query.filter_by(name='admin').first()
self.assertFalse(admin_role is None)
self.assertFalse(admin_user is None)
self.assertTrue(admin_role.users.count() == 2)
self.assertTrue(admin_user.role == admin_role)
self.assertTrue(admin_role.users.filter_by(name='admin').first() == admin_user)
db.session.delete(test_user)
db.session.commit()
def role_add():
form = RoleForm()
if form.validate_on_submit():
data = form.data
role = Role.query.filter_by(name=data['name']).count()
if role >= 1:
flash("名称已经存在", "err")
return redirect(url_for('admin.role_add'))
role = Role(name=data['name'],
auths=','.join(map(lambda v: str(v), data['auths'])))
db.session.add(role)
db.session.commit()
flash("添加角色成功", "ok")
redirect(url_for('admin.role_add'))
return render_template("admin/role_add.html", form=form)
def role_add():
"""
添加角色
"""
form = RoleForm()
form.auths.choices = [(v.id, v.name) for v in Auth.query.all()]
if form.validate_on_submit():
data = form.data
role = Role(
name=data['name'],
# 使用join拼接权限数组,先转化为字符串,因为权限ID是int
auths=','.join([str(auth) for auth in data['auths']]))
db.session.add(role)
db.session.commit()
flash('角色添加成功', 'success')
return render_template('admin/role_add.html', form=form)
def role_add():
form = RoleForm()
form.auths.choices = [(v.id, v.name) for v in Auth.query.all()]
if form.validate_on_submit() is True:
data = form.data
role = Role(
name=data['name'],
auths=','.join(map(lambda v: str(v), data['auths'])),
)
db.session.add(role)
db.session.commit()
flash('添加角色成功', 'ok')
return render_template('admin/role_add.html', form=form)
def role_add():
role_form = RoleForm()
if role_form.validate_on_submit():
data = role_form.data
role_count = Role.query.filter_by(name=data['name']).count()
if role_count == 1:
flash('角色已经存在', 'err')
return redirect(url_for('admin.role_add'))
role = Role()
role.name = data['name']
role.auths = ';'.join(map(lambda i: str(i), data['auths']))
db.session.add(role)
db.session.commit()
flash('角色创建成功', 'ok')
return redirect(url_for('admin.role_add'))
return render_template('admin/role-add.html', role_form=role_form)
def role_add():
"""
角色添加
:return:
"""
form = RoleForm()
if form.validate_on_submit():
data = form.data
role = Role(
name = data["name"],
auths = ",".join(map(lambda v:str(v),data["auths"]))
)
db.session.add(role)
db.session.commit()
flash("添加角色成功","ok")
return render_template("admin/role_add.html",form=form)
def role_add():
form = RoleForm()
if form.validate_on_submit():
data = form.data
role = Role(name=data["name"],
auths=",".join(map(lambda v: str(v), data["auths"])))
db.session.add(role)
db.session.commit()
flash("添加角色成功!", "ok")
oplog = Oplog(admin_id=session["admin_id"],
ip=request.remote_addr,
reason="添加新角色:%s" % data["name"])
db.session.add(oplog)
db.session.commit()
return redirect(url_for("admin.role_add"))
return render_template("admin/role_add.html", form=form)
def role_add():
form = RoleForm()
if form.validate_on_submit():
count = Role.query.filter_by(name=form.name.data).count()
if count:
flash("此角色已存在", "fail")
else:
role = Role(name=form.name.data, auths=str(form.auths.data))
db.session.add(role)
db.session.commit()
flash("添加角色", "succeed")
return redirect(url_for("admin.role_add"))
return render_template("admin/role_add.html",
title="添加角色",
btn="添加",
form=form)
def add_user(username, roles=[]):
roles = list(roles)
print(f'Adding user={username}; roles={roles}')
if not User.query.filter(User.username == username).first():
user = User(
username=username,
password=user_manager.hash_password(
input(f"Insert password for {username}: ")),
)
for role in roles:
user.roles.append(Role(name=role))
db.session.add(user)
db.session.commit()
print(f"User {username} successfully added!")
else:
raise ConfigError(f"Username {username} already exists!")
def role_add():
form = RoleForm()
if form.validate_on_submit():
data = form.data
if Role.query.filter_by(name=data['name']).first():
flash('已存在该角色,请不要重复添加', 'err')
return redirect(url_for('admin.role_add'))
with db.auto_commit():
new_role = Role(name=data['name'])
db.session.add(new_role)
# 记录添加角色操作
new_adminlog = OpLog(admin_id=session['id'],
ip=session['login_ip'],
reason="添加角色: " + new_role.name)
db.session.add(new_adminlog)
return redirect(url_for('admin.role_add'))
return render_template("admin/role_add.html", form=form)
def role_add():
form = RoleForm()
if form.validate_on_submit():
data = form.data
role_co = Role.query.filter_by(name=data['name']).count()
if role_co == 1:
flash('角色已存在','err')
return redirect(url_for('admin.role_add'))
role = Role(
name = data['name'],
auths = ','.join(map(lambda v :str(v),data['auths'])),
)
db.session.add(role)
db.session.commit()
flash('角色添加成功!','ok')
return redirect(url_for('admin.role_add'))
return render_template('admin/role_add.html',form=form)
def role_add():
form = RoleForm()
# 在 forms 里面查出的 auths 不会自动更新的 后期看看有没有其他方法 没有的话就用这个吧。
# form.auths.choices = [(i.id, i.name) for i in Auth.query.all()]
if form.validate_on_submit():
data = form.data
role = Role(name=data["name"],
auths=",".join(map(lambda i: str(i), data["auths"])))
db.session.add(role)
oplog = Oplog(admin_id=session["admin_id"],
ip=request.remote_addr,
reason="添加角色:{0}".format(role.name))
db.session.add(oplog)
db.session.commit()
flash("添加角色成功", "ok")
return redirect(url_for("admin.role_add"))
return render_template("admin/role_add.html", form=form)
def test_delete_user_role_correct() -> None:
with CustomTestClient() as c:
role = Role("ADMIN", "Administrator for site")
role.save()
user = User("jane", "asd123")
user.roles.append(role)
user.save()
token = auth.create_jwt_token("JohnDoe", 1, ["ADMIN"])
c.set_cookie('localhost:5000', 'Authorization', token)
res = c.delete('/api/v1/users/1/roles',
data=json.dumps({'role': 'ADMIN'}),
content_type='application/json')
data = res.get_json()
assert data['message'] == "Role successfully deleted from user"
assert res.status_code == 200
user_1 = User.find_by_id(1)
assert user_1.roles == []
def role_add():
form = Roleform()
if form.validate_on_submit():
data = form.data
role_count = Role.query.filter_by(name=data["name"]).count()
if role_count != 0:
flash("名称已经存在", "err")
return render_template("admin/role_add.html", form=form)
# print(data["auths"]) # [2, 3]
# print(",".join(map(lambda v: str(v), data["auths"]))) # 2,3
role = Role(name=data["name"],
auths=",".join(map(lambda v: str(v), data["auths"])))
db.session.add(role)
db.session.commit()
flash("添加角色成功", "ok")
return redirect(url_for("admin.role_list", page=1))
return render_template("admin/role_add.html", form=form)
def app_with_envion_DB(monkeypatch, client):
for k, v in environ.items():
monkeypatch.setenv(k, v)
p = Pref(**db_environ)
db.session.add(p)
for role in ['admin', 'visitor', 'guest']:
r = Role(name=role)
u = User(first_name="first_" + role,
last_name="last_" + role,
username=role,
password="******",
roles=[r])
db.session.add(r)
db.session.add(u)
db.session.commit()
create_prefs(client)
return client
def test_reassign(self):
"""
Test that an admin can assign a new role and department
to an employee
"""
# Create new department
department = Department(name=test_department2_name,
description=test_department2_description)
# Create new role
role = Role(name=test_role2_name,
description=test_role2_description)
# Add to database
db.session.add(department)
db.session.add(role)
db.session.commit()
# Login as admin user
self.login_admin_user()
# Click employees menu link
self.driver.find_element_by_id("employees_link").click()
time.sleep(1)
# Click on assign link
self.driver.find_element_by_class_name("assign").click()
time.sleep(1)
# Select new department and role
select_dept = Select(self.driver.find_element_by_id("department"))
select_dept.select_by_visible_text(test_department2_name)
select_role = Select(self.driver.find_element_by_id("role"))
select_role.select_by_visible_text(test_role2_name)
self.driver.find_element_by_id("submit").click()
time.sleep(2)
# Assert success message is shown
success_message = self.driver.find_element_by_class_name("alert").text
assert "You have successfully assigned a department and role" in success_message
# Assert that employee's department and role has changed
employee = Employee.query.get(2)
self.assertEqual(employee.role.name, test_role2_name)
self.assertEqual(employee.department.name, test_department2_name)
def post(self):
json_data = request.get_json(force=True)
if not json_data:
return {'message': 'No Input Data Provided'}, 400
role = Role.query.filter(name=json_data['name']).first()
if role:
return {'message': 'Role with that name already exists'}
role = Role(name=json_data['name'],
description=json_data['description'])
db.session.add(role)
db.session.commit()
result = role_schema.dump(role)
return {'status': 'success', 'data': result}, 201
