def assign_permissions_to_user(user, role_id, permission_ids):
"""Create the role and permissions, assign the permissions to the
role, and assign the role to the user.
"""
role = authorization_service.create_role(role_id, role_id)
for permission_id in permission_ids:
permission = authorization_service.create_permission(permission_id,
permission_id)
authorization_service.assign_permission_to_role(permission, role)
authorization_service.assign_role_to_user(role, user)
def assign_permissions_to_user(user_id, role_id, permission_ids):
"""Create the role and permissions, assign the permissions to the
role, and assign the role to the user.
"""
role = authorization_service.create_role(role_id, role_id)
for permission_id in permission_ids:
permission = authorization_service.create_permission(
permission_id, permission_id)
authorization_service.assign_permission_to_role(permission.id, role.id)
authorization_service.assign_role_to_user(user_id, role.id)
def test_assign_role_to_user(admin_app_with_db, normal_user, admin_user, role):
user_id = normal_user.id
initiator_id = admin_user.id
user_permission_ids_before = service.get_permission_ids_for_user(user_id)
assert PERMISSION_ID not in user_permission_ids_before
service.assign_role_to_user(role.id, user_id, initiator_id=initiator_id)
user_permission_ids_after = service.get_permission_ids_for_user(user_id)
assert PERMISSION_ID in user_permission_ids_after
# Expect attempt to assign that role again to that user to have no
# effect and to not raise an exception.
service.assign_role_to_user(role.id, user_id, initiator_id=initiator_id)
def test_deassign_role_from_user(admin_app_with_db, normal_user, admin_user,
role):
user_id = normal_user.id
initiator_id = admin_user.id
service.assign_role_to_user(role.id, user_id, initiator_id=initiator_id)
user_permission_ids_before = service.get_permission_ids_for_user(user_id)
assert PERMISSION_ID in user_permission_ids_before
service.deassign_role_from_user(role.id,
user_id,
initiator_id=initiator_id)
user_permission_ids_after = service.get_permission_ids_for_user(user_id)
assert PERMISSION_ID not in user_permission_ids_after
def test_deassign_all_roles_from_user(admin_app_with_db, admin_user):
role1 = create_role('board_moderator', 'Board Moderator')
role2 = create_role('pausenclown', 'Pausenclown')
role3 = create_role('partymeister', 'Partymeister')
user1 = create_user('User1')
user2 = create_user('User2')
initiator_id = admin_user.id
assign_role_to_user(role1.id, user1.id, initiator_id=admin_user)
assign_role_to_user(role2.id, user1.id, initiator_id=admin_user)
assign_role_to_user(role1.id, user2.id, initiator_id=admin_user)
assign_role_to_user(role3.id, user2.id, initiator_id=admin_user)
assert find_role_ids_for_user(user1.id) == {'board_moderator', 'pausenclown'}
assert find_role_ids_for_user(user2.id) == {'board_moderator', 'partymeister'}
deassign_all_roles_from_user(user1.id)
# Targeted user's roles should have been deassigned.
assert find_role_ids_for_user(user1.id) == set()
# All other users' roles should still be assigned.
assert find_role_ids_for_user(user2.id) == {'board_moderator', 'partymeister'}
def assign_roles_to_user(user_id, roles):
for role in roles:
authorization_service.assign_role_to_user(user_id, role.id)
def assign_roles_to_user(self, roles, user):
for role in roles:
authorization_service.assign_role_to_user(role, user)
def add_roles_to_user(roles, user):
for role in roles:
authorization_service.assign_role_to_user(role, user)
def _assign_roles_to_user(roles, user_id):
for role in roles:
authorization_service.assign_role_to_user(role.id, user_id)
def test_delete_account(app, db, permission, role):
admin_id = app.admin_id
user_id = UUID('20868b15-b935-40fc-8054-38854ef8509a')
screen_name = 'GetRidOfMe'
email_address = '*****@*****.**'
legacy_id = 22299
user = create_user_with_detail(screen_name,
user_id=user_id,
email_address=email_address)
user.legacy_id = legacy_id
db.session.commit()
authorization_service.assign_role_to_user(role.id, user_id)
reason = 'duplicate'
user_before = user_command_service._get_user(user_id)
assert user_before.screen_name == screen_name
assert user_before.email_address == email_address
assert user_before.deleted == False
assert user_before.legacy_id == legacy_id
# details
assert user_before.detail.first_names is not None
assert user_before.detail.last_name is not None
assert user_before.detail.date_of_birth is not None
assert user_before.detail.country is not None
assert user_before.detail.zip_code is not None
assert user_before.detail.city is not None
assert user_before.detail.street is not None
assert user_before.detail.phone_number is not None
# events
events_before = event_service.get_events_for_user(user_before.id)
assert len(events_before) == 1
assert events_before[0].event_type == 'role-assigned'
# authorization
assert authorization_service.find_role_ids_for_user(user_id) == {
'board_moderator'
}
assert authorization_service.get_permission_ids_for_user(user_id) == {
'board_topic_hide'
}
# -------------------------------- #
user_command_service.delete_account(user_id, admin_id, reason=reason)
# -------------------------------- #
user_after = user_command_service._get_user(user_id)
assert user_after.screen_name == 'deleted-20868b15b93540fc805438854ef8509a'
assert user_after.email_address == '*****@*****.**'
assert user_after.deleted == True
assert user_after.legacy_id is None
# details
assert user_after.detail.first_names is None
assert user_after.detail.last_name is None
assert user_after.detail.date_of_birth is None
assert user_after.detail.country is None
assert user_after.detail.zip_code is None
assert user_after.detail.city is None
assert user_after.detail.street is None
assert user_after.detail.phone_number is None
# avatar
assert user_after.avatar_selection is None
# events
events_after = event_service.get_events_for_user(user_after.id)
assert len(events_after) == 2
user_enabled_event = events_after[1]
assert user_enabled_event.event_type == 'user-deleted'
assert user_enabled_event.data == {
'initiator_id': str(admin_id),
'reason': reason,
}
# authorization
assert authorization_service.find_role_ids_for_user(user_id) == set()
assert authorization_service.get_permission_ids_for_user(user_id) == set()
