def create_db(): """ Initialize new database """ from flask_app import user_datastore db.drop_all() # Empty database db.create_all() # Creates all tables from models # Create roles to separate between administrators and regular users user_datastore.create_role(name="instructor", description="Code club instructor") user_datastore.create_role(name="admin", description="Site administrator") # Create a default admin user to start off with # This should only be used to create a new admin user in production and then deleted user_datastore.create_user(email="*****@*****.**", password="******") user_datastore.add_role_to_user("*****@*****.**", "admin") db.session.commit() # Commit changes to database
def test_admin_access(client): """ Make sure an admin has access to the admin functionality, while others do not """ # Make sure we do not have access to admin while not admin login(client, EMAIL, PASSWORD) rv = client.get("/admin/user", follow_redirects=True) assert rv.status == "403 FORBIDDEN" rv = client.get("/admin/meeting", follow_redirects=True) assert rv.status == "403 FORBIDDEN" rv = client.get("/admin/world", follow_redirects=True) assert rv.status == "403 FORBIDDEN" # Login as admin logout(client) user_datastore.add_role_to_user(EMAIL, "admin") login(client, EMAIL, PASSWORD) # Make sure we get access as admin rv = client.get("/admin/user", follow_redirects=True) assert rv.status == "200 OK" rv = client.get("/admin/meeting", follow_redirects=True) assert rv.status == "200 OK" rv = client.get("/admin/world", follow_redirects=True) assert rv.status == "200 OK"