def create_db():
""" Initialize new database """
from flask_app import user_datastore
db.drop_all() # Empty database
db.create_all() # Creates all tables from models
# Create roles to separate between administrators and regular users
user_datastore.create_role(name="instructor", description="Code club instructor")
user_datastore.create_role(name="admin", description="Site administrator")
# Create a default admin user to start off with
# This should only be used to create a new admin user in production and then deleted
user_datastore.create_user(email="*****@*****.**", password="******")
user_datastore.add_role_to_user("*****@*****.**", "admin")
db.session.commit() # Commit changes to database
def test_admin_access(client):
""" Make sure an admin has access to the admin functionality, while others do not """
# Make sure we do not have access to admin while not admin
login(client, EMAIL, PASSWORD)
rv = client.get("/admin/user", follow_redirects=True)
assert rv.status == "403 FORBIDDEN"
rv = client.get("/admin/meeting", follow_redirects=True)
assert rv.status == "403 FORBIDDEN"
rv = client.get("/admin/world", follow_redirects=True)
assert rv.status == "403 FORBIDDEN"
# Login as admin
logout(client)
user_datastore.add_role_to_user(EMAIL, "admin")
login(client, EMAIL, PASSWORD)
# Make sure we get access as admin
rv = client.get("/admin/user", follow_redirects=True)
assert rv.status == "200 OK"
rv = client.get("/admin/meeting", follow_redirects=True)
assert rv.status == "200 OK"
rv = client.get("/admin/world", follow_redirects=True)
assert rv.status == "200 OK"
