def test__get_joinedload_object_for_include__wrong_field_name(
self, permission_user):
qs = QueryStringManager({}, ModelWithMeta)
with pytest.raises(InvalidInclude):
PermissionPlugin._get_joinedload_object_for_include(
'wrong_field', qs, permission_user, ModelWithMetaSchema(),
ModelWithMeta)
def test__update_qs_fields(self, permission_user, qs, new_fields,
new_include):
PermissionToMapper.add_permission('get', ModelWithMeta,
[SomePermission])
qs = QueryStringManager(qs, ModelWithMetaSchema)
PermissionPlugin._update_qs_fields(
ModelWithMetaSchema.Meta.type_,
list(permission_user.permission_for_get(ModelWithMeta).columns),
qs, 'related_model_id')
assert set(qs.fields['model_with_meta']) == new_fields
assert qs.qs['include'] == new_include
def test__permission_for_schema(self, mock__permission_for_link_schema,
permission_user):
schema, model = 'schema', ModelWithMeta
PermissionToMapper.get.clear()
PermissionPlugin._permission_for_schema(
schema=schema, model=model, _permission_user=permission_user)
mock__permission_for_link_schema.assert_called_once_with(
schema=schema,
prefix_name_column="",
_permission_user=permission_user,
columns={
'id', 'name', 'type', 'flags', 'description', 'settings',
'related_model_id'
},
)
def test__get_schema(self, relationship_schema):
field = 'related_model_id'
schema = ModelWithMetaSchema()
schema._declared_fields[field].__dict__[
'_Relationship__schema'] = relationship_schema
result = PermissionPlugin._get_schema(schema, field)
assert result is RelatedModelSchema
def register_extensions(app):
db.init_app(app)
migrate.init_app(app, db, compare_type=True)
csrf.init_app(app)
admin.init_app(app)
api.plugins = [
EventPlugin(),
PermissionPlugin(),
ApiSpecPlugin(app=app,
tags={
'Tag': 'Tag API',
'User': '******',
'Author': 'Author API',
'Article': 'Article API',
}),
]
api.init_app(app)
login_manager.login_view = 'auth.login'
login_manager.init_app(app)
@login_manager.user_loader
def load_user(user_id):
return User.query.get(int(user_id))
def test__get_joinedload_object_for_splitted_include__not_allowed(
self, mock_is_access_foreign_key, permission_user):
qs = QueryStringManager({}, ModelWithMeta)
result = PermissionPlugin._get_joinedload_object_for_splitted_include(
'related_model_id', qs, permission_user, ModelWithMetaSchema(),
ModelWithMeta)
assert result is None
def test__get_or_update_joinedload_object(self, mock_property,
permission_user):
mock_property.mapper = mock_mapper
qs = QueryStringManager({}, ModelWithMeta)
joinedload_object, related_schema = PermissionPlugin._get_or_update_joinedload_object(
None, qs, permission_user, ModelWithMeta, ModelWithMetaSchema,
'related_model_id', 'related_model_id', 0)
assert joinedload_object.path[0] == ModelWithMeta.related_model_id
assert related_schema is RelatedModelSchema
def test__permission_for_link_schema(self, permission_user):
PermissionToMapper.add_permission('get', ModelWithMeta,
[SomePermission])
schema = ModelWithMetaSchema()
PermissionPlugin._permission_for_link_schema(
schema=schema,
prefix_name_column='',
columns=permission_user.permission_for_get(
ModelWithMeta).columns_and_jsonb_columns)
expected_fields = {'name', 'type', 'description', 'settings'}
# check that only allowed fields are in schema now
assert set(schema.fields.keys()) == set(
schema.dump_fields.keys()) == set(schema.only) == expected_fields
# check that func was applied recursively for nested schema
settings_schema = schema.fields['settings'].schema
assert set(settings_schema.fields.keys()) == set(settings_schema.dump_fields.keys()) == \
set(settings_schema.only) == {'first_attr'}
def test__get_joinedload_object_for_include(self,
mock_is_access_foreign_key,
mock_property,
permission_user):
qs = QueryStringManager({}, ModelWithMeta)
result = PermissionPlugin._get_joinedload_object_for_include(
'related_model_id', qs, permission_user, ModelWithMetaSchema(),
ModelWithMeta)
assert result.path[0] == ModelWithMeta.related_model_id
def test__eagerload_includes__no_includes(self, mock_current_app, session,
permission_user,
sqlalchemy_data_layer):
mock_current_app.config.get.return_value = None
query = session.query(ModelWithMeta)
qs = QueryStringManager({}, ModelWithMeta)
result = PermissionPlugin._eagerload_includes(query, qs,
permission_user,
sqlalchemy_data_layer)
assert result is query
def test__eagerload_includes__with_not_allowed_includes(
self, mock_current_app, mock_get_joinedload_object_for_include,
mock_is_access_foreign_key, session, permission_user,
sqlalchemy_data_layer):
mock_current_app.config.get.return_value = None
query = session.query(ModelWithMeta)
include = 'related_model_id'
qs = QueryStringManager({'include': include}, ModelWithMeta)
result = PermissionPlugin._eagerload_includes(query, qs,
permission_user,
sqlalchemy_data_layer)
assert result is query
mock_get_joinedload_object_for_include.assert_not_called()
def test__get_access_fields_in_schema(self, mock__update_qs_fields,
permission_user):
qs = QueryStringManager({}, ModelWithMetaSchema)
expected_result = {'id', 'other_field'}
result = PermissionPlugin._get_access_fields_in_schema(
'related_model_id',
ModelWithMetaSchema,
permission_user,
ModelWithMeta,
qs=qs)
assert set(result) == expected_result
mock__update_qs_fields.assert_called_once()
args, kwargs = mock__update_qs_fields.call_args[
0], mock__update_qs_fields.call_args[1]
assert args[0] == RelatedModelSchema.Meta.type_
assert set(args[1]) == expected_result
assert kwargs == {'qs': qs, 'name_foreign_key': 'related_model_id'}
def test_eagerload_includes__with_splitted_includes(
self, mock_current_app,
mock_get_joinedload_object_for_splitted_include, permission_user,
sqlalchemy_data_layer):
mock_current_app.config.get.return_value = None
query = mock.Mock()
include = 'foo.bar'
qs = QueryStringManager({'include': include}, ModelWithMeta)
result = PermissionPlugin._eagerload_includes(query, qs,
permission_user,
sqlalchemy_data_layer)
mock_get_joinedload_object_for_splitted_include.assert_called_once_with(
include, qs, permission_user, ModelWithMetaSchema, ModelWithMeta)
query.options.assert_called_once_with(
mock_get_joinedload_object_for_splitted_include.return_value)
assert result == query.options.return_value
def test__is_access_foreign_key(self, permission_user, field_name, result):
PermissionToMapper.add_permission('get', ModelWithMeta,
[SomePermission])
assert result is PermissionPlugin._is_access_foreign_key(
field_name, ModelWithMeta, permission_user)
def test__permission_for_schema__no_permission_user(self):
with pytest.raises(Exception) as e:
PermissionPlugin._permission_for_schema(schema='schema',
model=ModelWithMeta)
assert e.value.args[0] == 'No permission for user'
def test__resource_method_bad_request(self):
with pytest.raises(BadRequest) as e:
PermissionPlugin._resource_method_bad_request()
assert e.value.detail == 'No method'
def test__get_permission_user(self, permission_user):
result = PermissionPlugin._get_permission_user(
{'_permission_user': permission_user})
assert result is permission_user
def test__get_permission_user__no_user(self):
with pytest.raises(Exception) as e:
PermissionPlugin._get_permission_user({})
assert e.value.args[0] == "No permission for user"
def test__get_model(self):
result = PermissionPlugin._get_model(ModelWithMeta, 'related_model_id')
assert result is RelatedModel
def test__get_model__wrong_field(self):
field = 'wrong_fk'
with pytest.raises(ValueError) as e:
PermissionPlugin._get_model(ModelWithMeta, field)
assert e.value.args[
0] == f"No foreign key {field} in mapper {ModelWithMeta.__name__}"
def strict_instance(self):
return PermissionPlugin(strict=True)
app=app,
# Declaring tags list with their descriptions, so API gets organized into groups.
# This is optional: when there are no tags,
# api will be grouped automatically by type schemas names (type_)
tags={
"Person": "Person API",
"Computer": "Computer API",
},
)
# Create endpoints
api = Api(
app,
plugins=[
api_spec_plugin,
PermissionPlugin(strict=False),
],
)
api.route(PersonList, "person_list", "/persons", tag="Person")
api.route(PersonDetail, "person_detail", "/persons/<int:id>", tag="Person")
api.route(ComputerList, "computer_list", "/computers", tag="Computer")
api.route(ComputerDetail,
"computer_detail",
"/computers/<int:id>",
tag="Computer")
if __name__ == "__main__":
# Start application
app.run(debug=True)
def instance(self):
return PermissionPlugin()