def test_edit_default_group_permissions(flask_server, user):
with flask_server.app.app_context():
group_id = groups.create_group("Example Group", "", user.id).id
object_permissions.set_default_permissions_for_group(
creator_id=user.id,
group_id=group_id,
permissions=object_permissions.Permissions.WRITE)
assert object_permissions.get_default_permissions_for_groups(
creator_id=user.id).get(
group_id) == object_permissions.Permissions.WRITE
session = requests.session()
assert session.get(flask_server.base_url +
'users/{}/autologin'.format(user.id)).status_code == 200
r = session.get(flask_server.base_url +
'users/{}/preferences'.format(user.id))
assert r.status_code == 200
document = BeautifulSoup(r.content, 'html.parser')
default_permissions_form = document.find(attrs={
'name': 'edit_user_permissions',
'value': 'edit_user_permissions'
}).find_parent('form')
data = {}
group_field_name = None
for hidden_field in default_permissions_form.find_all(
'input', {'type': 'hidden'}):
data[hidden_field['name']] = hidden_field['value']
if hidden_field['name'].endswith(
'group_id') and hidden_field['value'] == str(group_id):
# the associated radio button is the first radio button in the same table row
group_field_name = hidden_field.find_parent('tr').find(
'input', {'type': 'radio'})['name']
for radio_button in default_permissions_form.find_all(
'input', {'type': 'radio'}):
if radio_button.has_attr(
'checked') and not radio_button.has_attr('disabled'):
data[radio_button['name']] = radio_button['value']
assert group_field_name is not None
assert data[group_field_name] == 'write'
data[group_field_name] = 'read'
data['edit_user_permissions'] = 'edit_user_permissions'
assert session.post(flask_server.base_url +
'users/{}/preferences'.format(user.id),
data=data).status_code == 200
with flask_server.app.app_context():
assert object_permissions.get_default_permissions_for_groups(
creator_id=user.id).get(
group_id) == object_permissions.Permissions.READ
def test_default_permissions_for_groups(users, independent_action):
user, creator = users
group_id = groups.create_group("Example Group", "", creator.id).id
assert object_permissions.get_default_permissions_for_groups(
creator_id=creator.id) == {}
object = sampledb.logic.objects.create_object(
user_id=creator.id,
action_id=independent_action.id,
data={'name': {
'_type': 'text',
'text': 'Name'
}})
assert object_permissions.get_object_permissions_for_groups(
object_id=object.id) == {}
object_permissions.set_default_permissions_for_group(
creator_id=creator.id, group_id=group_id, permissions=Permissions.READ)
assert object_permissions.get_default_permissions_for_groups(
creator_id=creator.id) == {
group_id: Permissions.READ
}
object = sampledb.logic.objects.create_object(
user_id=creator.id,
action_id=independent_action.id,
data={'name': {
'_type': 'text',
'text': 'Name'
}})
assert object_permissions.get_object_permissions_for_groups(
object_id=object.id) == {
group_id: Permissions.READ
}
# the default permissions are only used when creating a new object.
object_permissions.set_default_permissions_for_group(
creator_id=creator.id,
group_id=group_id,
permissions=Permissions.WRITE)
assert object_permissions.get_default_permissions_for_groups(
creator_id=creator.id) == {
group_id: Permissions.WRITE
}
assert object_permissions.get_object_permissions_for_groups(
object_id=object.id) == {
group_id: Permissions.READ
}
def test_add_default_group_permissions(flask_server, user):
with flask_server.app.app_context():
group_id = groups.create_group("Example Group", "", user.id).id
session = requests.session()
assert session.get(flask_server.base_url +
'users/{}/autologin'.format(user.id)).status_code == 200
r = session.get(flask_server.base_url +
'users/{}/preferences'.format(user.id))
assert r.status_code == 200
document = BeautifulSoup(r.content, 'html.parser')
default_permissions_form = document.find(attrs={
'name': 'add_group_permissions',
'value': 'add_group_permissions'
}).find_parent('form')
data = {}
for hidden_field in default_permissions_form.find_all(
'input', {'type': 'hidden'}):
data[hidden_field['name']] = hidden_field['value']
data['group_id'] = str(group_id)
data['permissions'] = 'read'
data['add_group_permissions'] = 'add_group_permissions'
assert session.post(flask_server.base_url +
'users/{}/preferences'.format(user.id),
data=data).status_code == 200
with flask_server.app.app_context():
assert object_permissions.get_default_permissions_for_groups(
creator_id=user.id).get(
group_id) == object_permissions.Permissions.READ
