def test_dependent_enrollments_link(db, granting_user, enrolled_user):
parent_enrollment = Enrollment.create('test',
None,
'*****@*****.**',
granting_user,
actions=['read', 'update', 'delete'])
dependent_enrollment_1 = Enrollment.create(
'dependent',
None,
'*****@*****.**',
granting_user,
parent_enrollment=parent_enrollment)
dependent_enrollment_2 = Enrollment.create(
'dependent',
None,
'*****@*****.**',
granting_user,
parent_enrollment=parent_enrollment)
db.session.commit()
assert dependent_enrollment_1.state == parent_enrollment.state
assert dependent_enrollment_2.state == parent_enrollment.state
parent_enrollment.attach_user(enrolled_user)
assert parent_enrollment.enrolled_user == enrolled_user
assert parent_enrollment.state == Enrollment.LINKED
assert dependent_enrollment_1.enrolled_user == enrolled_user
assert dependent_enrollment_1.enrolled_user == enrolled_user
assert dependent_enrollment_1.state == parent_enrollment.state
assert dependent_enrollment_2.state == parent_enrollment.state
def linked_enrollment(db, granting_user, enrolled_user):
enrollment = Enrollment.create('role',
'blah',
enrolled_user.email,
granting_user,
extra_data=dict(role='test'))
db.session.commit()
return enrollment
def pending_accept_enrollment(db, granting_user):
enrollment = Enrollment.create('role-accept',
None,
'*****@*****.**',
granting_user,
extra_data=dict(role='test'))
db.session.commit()
return enrollment
def get(self, external_key=None, enrollment_type=None, state=None, **kwargs):
if state:
state = [x.strip() for x in state.split(',')]
state = [Enrollment.ENROLLMENT_STATUS_CHOICES_REVERSE.get(s, s) for s in state if s]
enrollments = Enrollment.list(external_key=external_key, enrollment_type=enrollment_type, state=state)
query_filter = current_enrollments.list_permission_filter
enrollments = query_filter(enrollments)
pagination = Pagination(current_app, db)
return pagination.paginate(enrollments, self.enrollment_fields, post_query_hook=lambda l: NeverEmptyList(l))
def expired_enrollment(db, granting_user):
enrollment = Enrollment.create(
'role',
None,
'*****@*****.**',
granting_user,
extra_data=dict(role='test'),
expiration_interval=-1 # expired yesterday
)
db.session.commit()
return enrollment
def test_actions(db, granting_user):
enrollment = Enrollment.create('test',
None,
'*****@*****.**',
granting_user,
actions=['read', 'update', 'delete'])
db.session.commit()
assert list(Enrollment.query.filter(
Enrollment.actions.any('read'))) == [enrollment]
assert list(Enrollment.query.filter(
Enrollment.actions.any('update'))) == [enrollment]
assert list(Enrollment.query.filter(
Enrollment.actions.any('delete'))) == [enrollment]
assert list(Enrollment.query.filter(Enrollment.actions.any('blah'))) == []
def test_create_linked_enrollment(db, granting_user, enrolled_user):
enrollment = Enrollment.create('role', None, enrolled_user.email,
granting_user)
db.session.commit()
assert enrollment.granting_email == granting_user.email
assert enrollment.state == Enrollment.LINKED
def test_dependent_enrollments_enroll_revoke(db, granting_user, enrolled_user):
class TestEnrollmentHandler(EnrollmentHandler):
enroll_count = 0
def enroll(self, user: User, **kwargs) -> None:
TestEnrollmentHandler.enroll_count += 1
def revoke(self, user: User, **kwargs) -> None:
TestEnrollmentHandler.enroll_count -= 1
current_enrollments.handlers['test'] = TestEnrollmentHandler
current_enrollments.handlers['dependent'] = TestEnrollmentHandler
try:
parent_enrollment = Enrollment.create(
'test',
None,
'*****@*****.**',
granting_user,
actions=['read', 'update', 'delete'])
dependent_enrollment_1 = Enrollment.create(
'dependent',
None,
'*****@*****.**',
granting_user,
parent_enrollment=parent_enrollment)
dependent_enrollment_2 = Enrollment.create(
'dependent',
None,
'*****@*****.**',
granting_user,
parent_enrollment=parent_enrollment)
db.session.commit()
parent_enrollment.enroll(enrolled_user)
assert parent_enrollment.enrolled_user == enrolled_user
assert parent_enrollment.state == Enrollment.SUCCESS
assert dependent_enrollment_1.enrolled_user == enrolled_user
assert dependent_enrollment_1.enrolled_user == enrolled_user
assert dependent_enrollment_1.state == parent_enrollment.state
assert dependent_enrollment_2.state == parent_enrollment.state
assert TestEnrollmentHandler.enroll_count == 3
parent_enrollment.revoke(granting_user)
assert parent_enrollment.enrolled_user == enrolled_user
assert parent_enrollment.state == Enrollment.REVOKED
assert dependent_enrollment_1.state == parent_enrollment.state
assert dependent_enrollment_2.state == parent_enrollment.state
assert TestEnrollmentHandler.enroll_count == 0
finally:
current_enrollments.handlers.pop('test')
current_enrollments.handlers.pop('dependent')
def test_create_enrollment(db, granting_user):
enrollment = Enrollment.create('role', None, '*****@*****.**',
granting_user)
db.session.commit()
assert enrollment.granting_email == granting_user.email
assert enrollment.state == Enrollment.PENDING
def list_enrollments(external_key=None,
enrollment_type=None,
states=None,
actions=None) -> List[Enrollment]:
return Enrollment.list(external_key, enrollment_type, states, actions)
def enroll(enrollment_type: str,
recipient: str,
sender: User,
sender_email: str = None,
subject: str = None,
body: str = None,
email_template=None,
html: bool = None,
language: str = None,
mode: EnrollmentMethod = EnrollmentMethod.AUTOMATIC,
accept_url: str = None,
reject_url: str = None,
success_url: str = None,
failure_url: str = None,
commit=True,
external_key: str = None,
expiration_interval=None,
actions=None,
extra_data=None,
parent_enrollment=None) -> Enrollment:
if enrollment_type not in current_enrollments.handlers:
raise AttributeError(
f'Unknown enrollment {enrollment_type}. Registered enrollment types: {list(current_enrollments.handlers.keys())}'
)
if not recipient:
raise AttributeError('Enrollment recipient must not be empty')
if not sender:
raise AttributeError('Enrollment sender must not be empty')
db_enrollment = Enrollment.create(enrollment_type=enrollment_type,
external_key=external_key,
enrolled_email=recipient,
granting_user=sender,
granting_email=sender_email,
accept_url=accept_url,
reject_url=reject_url,
success_url=success_url,
failure_url=failure_url,
expiration_interval=expiration_interval,
actions=actions,
extra_data=extra_data or {},
parent_enrollment=parent_enrollment)
if parent_enrollment:
parent_enrollment.process_dependent_enrollment(db_enrollment)
if commit:
db.session.commit()
return db_enrollment
handler = db_enrollment.handler
tmpl = handler.email_template
if tmpl:
subject = subject or tmpl.get('subject')
body = body or tmpl.get('body')
html = html if html is not None else tmpl.get('html')
if email_template:
tmpl = current_app.config['OAREPO_ENROLLMENT_MAIL_TEMPLATES'][
email_template]
subject = subject or tmpl.get('subject')
body = body or tmpl.get('body')
html = html if html is not None else tmpl.get('html')
if not subject and body or not body and subject:
raise AttributeError(
'Subject and body must not be empty (or both empty in some circumstances, see the readme)'
)
try:
if db_enrollment.state == Enrollment.LINKED:
if mode == EnrollmentMethod.SKIP_EMAIL:
# enroll the user automatically, do not send email
try:
return db_enrollment.enroll(db_enrollment.enrolled_user)
finally:
if commit:
db.session.commit()
elif mode == EnrollmentMethod.AUTOMATIC:
# enroll the user automatically and send email
try:
db_enrollment.enroll(db_enrollment.enrolled_user)
except:
if commit:
db.session.commit()
raise
if not subject or not body:
return db_enrollment
_send_enrollment_mail(subject, body, db_enrollment, language, html,
extra_data or {})
except:
db_enrollment.revoke(current_user)
raise
finally:
if commit:
db.session.commit()
return db_enrollment