def test_only_subscriber_or_admin_can_unsubscribe(self):
subscription = self.factory.create_alert_subscription()
alert = subscription.alert
user = subscription.user
path = '/api/alerts/{}/subscriptions/{}'.format(
alert.id, subscription.id)
other_user = self.factory.create_user()
response = self.make_request('delete', path, user=other_user)
self.assertEqual(response.status_code, 403)
response = self.make_request('delete', path, user=user)
self.assertEqual(response.status_code, 200)
subscription_two = AlertSubscription(alert=alert, user=other_user)
admin_user = self.factory.create_admin()
db.session.add_all([subscription_two, admin_user])
db.session.commit()
path = '/api/alerts/{}/subscriptions/{}'.format(
alert.id, subscription_two.id)
response = self.make_request('delete', path, user=admin_user)
self.assertEqual(response.status_code, 200)
def post(self, alert_id):
req = request.get_json(True)
alert = Alert.get_by_id_and_org(alert_id, self.current_org)
require_access(alert.groups, self.current_user, view_only)
kwargs = {'alert': alert, 'user': self.current_user}
if 'destination_id' in req:
destination = NotificationDestination.get_by_id_and_org(
req['destination_id'], self.current_org)
kwargs['destination'] = destination
# 用提供外键对应的列
# kwargs = {'alert': alert, 'user': self.current_user, 'destination': destination}
# AlertSubscription. 一个alert有对应多个订阅者,一订阅者订阅多个alert,多对多
# alert
# user
# query
# notification
subscription = AlertSubscription(**kwargs)
session.add(subscription)
session.commit()
self.record_event({
'action': 'subscribe',
'timestamp': int(time.time()),
'object_id': alert_id,
'object_type': 'alert',
'destination': req.get('destination_id')
})
d = subscription.to_dict()
return d