class UserFollowingUpdate(Resource): @api.login_required(oauth_scopes=['users:write']) @api.permission_required(permissions.OwnerRolePermission()) @api.permission_required(permissions.WriteAccessPermission()) @api.response(schemas.UserSchema()) def patch(self, uid): """Follow a new user """ # TODO: do not follow himself with api.commit_or_abort( db.session, default_error_message="Failed to update following relationships" ): user = User.query.get_or_404(current_user.id) user.follows(uid) return user @api.login_required(oauth_scopes=['users:write']) @api.permission_required(permissions.OwnerRolePermission()) @api.permission_required(permissions.WriteAccessPermission()) @api.response(schemas.UserSchema()) def delete(self, uid): """Un-follow a user """ # TODO: do not follow himself with api.commit_or_abort( db.session, default_error_message="Failed to update following relationships" ): user = User.query.get_or_404(current_user.id) user.unfollows(uid) return user
def test_OwnerRolePermission_authenticated_user(authenticated_user_instance): obj = Mock() obj.check_owner = lambda user: user == authenticated_user_instance with permissions.OwnerRolePermission(obj=obj): pass del obj.check_Owner with pytest.raises(HTTPException): with permissions.OwnerRolePermission(): pass
def test_OwnerRolePermission_authenticated_user_with_password_with_check_owner( authenticated_user_instance): authenticated_user_instance.password = "******" obj = Mock() obj.check_owner = lambda user: user == authenticated_user_instance with permissions.OwnerRolePermission(obj=obj, password_required=True, password="******"): pass with pytest.raises(HTTPException): with permissions.OwnerRolePermission(obj=obj, password_required=True, password="******"): pass
class UserStories(Resource): @api.login_required(oauth_scopes=['users:read']) @api.permission_required(permissions.OwnerRolePermission()) @api.response(StorySchema(many=True)) def get(self): """ Get all stories added by current user""" return current_user.stories
class UserPublishers(Resource): @api.login_required(oauth_scopes=['users:read']) @api.permission_required(permissions.OwnerRolePermission()) @api.response(PublisherSchema(many=True)) def get(self): """ Get all publishers posted by current user""" pass
class UserComments(Resource): @api.login_required(oauth_scopes=['users:read']) @api.permission_required(permissions.OwnerRolePermission()) @api.response(CommentSchema(many=True)) def get(self): """ Get all comments posted by current user""" return current_user.comments
def test_OwnerRolePermission_anonymous_user_with_password( anonymous_user_instance): obj = Mock() obj.check_owner = lambda user: False with pytest.raises(HTTPException): with permissions.OwnerRolePermission(obj=obj, password_required=True, password="******"): pass
class UserAllFollowing(Resource): @api.login_required(oauth_scopes=['users:read']) @api.permission_required(permissions.OwnerRolePermission()) @api.parameters(PaginationParameters()) @api.response(schemas.UserSchema(many=True)) def get(self, args): """Get all following users of current user """ return User.query_all_following(current_user.id) \ .offset(args['offset']).limit(args['limit'])
def test_OwnerRolePermission_anonymous_user(anonymous_user_instance): with pytest.raises(HTTPException): with permissions.OwnerRolePermission(): pass