def test_validate_access_incoming_account_id(self, lookup_account_id_method):
with self.app.test_request_context():
account_id = "111222"
lookup_account_id_method.return_value = account_id
response = validate_access("fred", incoming_account_id="333444")
lookup_account_id_method.assert_called_with("fred")
self.assertEqual(response.status_code, client.UNAUTHORIZED)
response = validate_access("fred", incoming_account_id="111222")
self.assertIsNone(response)
def test_validate_access_registration_id(self, lookup_registration_id_method, lookup_account_id_method):
with self.app.test_request_context():
account_id = "555"
registration_id = "444"
lookup_account_id_method.return_value = account_id
lookup_registration_id_method.return_value = True
return_value = validate_access("fred", registration_id="444")
self.assertIsNone(return_value)
lookup_account_id_method.assert_called_with("fred")
lookup_registration_id_method.assert_called_with(account_id, registration_id)
lookup_registration_id_method.return_value = False
response = validate_access("fred", registration_id="444")
self.assertEqual(response.status_code, client.UNAUTHORIZED)
def test_validate_access_incoming_account_id(self,
lookup_account_id_method):
with self.app.test_request_context():
account_id = '111222'
lookup_account_id_method.return_value = account_id
response = validate_access(
'fred', incoming_account_id='333444')
lookup_account_id_method.assert_called_with('fred')
self.assertEqual(response.status_code, client.UNAUTHORIZED)
response = validate_access(
'fred', incoming_account_id='111222')
self.assertIsNone(response)
def test_validate_access_registration_id(self,
lookup_registration_id_method,
lookup_account_id_method,):
with self.app.test_request_context():
account_id = '555'
registration_id = '444'
lookup_account_id_method.return_value = account_id
lookup_registration_id_method.return_value = True
return_value = validate_access('fred', registration_id='444')
self.assertIsNone(return_value)
lookup_account_id_method.assert_called_with('fred')
lookup_registration_id_method.assert_called_with(
account_id, registration_id)
lookup_registration_id_method.return_value = False
response = validate_access('fred', registration_id='444')
self.assertEqual(response.status_code, client.UNAUTHORIZED)
def test_validate_access_subscription_id(self,
lookup_subscription_id_method,
lookup_account_id_method,):
with self.app.test_request_context():
account_id = '123'
subscription_id = '775'
lookup_account_id_method.return_value = account_id
lookup_subscription_id_method.return_value = True
return_value = validate_access('fred', subscription_id='775')
self.assertIsNone(return_value)
lookup_account_id_method.assert_called_with('fred')
lookup_subscription_id_method.assert_called_with(
account_id, subscription_id)
lookup_subscription_id_method.return_value = False
response = validate_access('fred', subscription_id='775')
self.assertEqual(response.status_code, client.UNAUTHORIZED)
def delete(self, subscription_id):
"""
Deletes subscription record
"""
return_val = validate_access(request.headers['username'],
subscription_id=subscription_id)
if return_val:
return return_val
return delete(DEFAULT_SUBSCRIPTIONS_TABLE, subscription_id)
def delete(self, account_id):
"""
Deletes account record
"""
return_val = validate_access(
request.headers['username'],
incoming_account_id=account_id)
if return_val:
return return_val
return delete_account(account_id)
def delete(self, registration_id):
"""
Deletes registration record, will also remove the records for this
registration_id in the subscription table as well
"""
return_val = validate_access(request.headers['username'],
registration_id=registration_id)
if return_val:
return return_val
return delete_registration(registration_id)
def delete(self, subscription_id):
"""
Deletes subscription record
"""
return_val = validate_access(
request.headers['username'],
subscription_id=subscription_id)
if return_val:
return return_val
return delete(DEFAULT_SUBSCRIPTIONS_TABLE, subscription_id)
def delete(self, registration_id):
"""
Deletes registration record, will also remove the records for this
registration_id in the subscription table as well
"""
return_val = validate_access(
request.headers['username'],
registration_id=registration_id)
if return_val:
return return_val
return delete_registration(registration_id)
def patch(self, registration_id):
"""
Updates registration. Only one field can be updated: description
"""
return_val = validate_access(request.headers['username'],
registration_id=registration_id)
if return_val:
return return_val
json_data = request.get_json()
update_json = {}
if 'description' in json_data:
update_json['description'] = json_data['description']
else:
return make_response(
jsonify({'Error': 'Description field missing'}),
client.BAD_REQUEST)
return update(DEFAULT_REGISTRATIONS_TABLE,
record_id=registration_id,
updates=update_json)
def patch(self, registration_id):
"""
Updates registration. Only one field can be updated: description
"""
return_val = validate_access(
request.headers['username'],
registration_id=registration_id)
if return_val:
return return_val
json_data = request.get_json()
update_json = {}
if 'description' in json_data:
update_json['description'] = json_data['description']
else:
return make_response(
jsonify({'Error': 'Description field missing'}),
client.BAD_REQUEST)
return update(DEFAULT_REGISTRATIONS_TABLE,
record_id=registration_id,
updates=update_json)
def test_validate_access_admin(self):
self.assertIsNone(validate_access("admin"))
def test_validate_access_admin(self):
self.assertIsNone(validate_access('admin'))