class UserFollowingUpdate(Resource):
@api.login_required(oauth_scopes=['users:write'])
@api.permission_required(permissions.OwnerRolePermission())
@api.permission_required(permissions.WriteAccessPermission())
@api.response(schemas.UserSchema())
def patch(self, uid):
"""Follow a new user
"""
# TODO: do not follow himself
with api.commit_or_abort(
db.session,
default_error_message="Failed to update following relationships"
):
user = User.query.get_or_404(current_user.id)
user.follows(uid)
return user
@api.login_required(oauth_scopes=['users:write'])
@api.permission_required(permissions.OwnerRolePermission())
@api.permission_required(permissions.WriteAccessPermission())
@api.response(schemas.UserSchema())
def delete(self, uid):
"""Un-follow a user
"""
# TODO: do not follow himself
with api.commit_or_abort(
db.session,
default_error_message="Failed to update following relationships"
):
user = User.query.get_or_404(current_user.id)
user.unfollows(uid)
return user
def test_OwnerRolePermission_authenticated_user(authenticated_user_instance):
obj = Mock()
obj.check_owner = lambda user: user == authenticated_user_instance
with permissions.OwnerRolePermission(obj=obj):
pass
del obj.check_Owner
with pytest.raises(HTTPException):
with permissions.OwnerRolePermission():
pass
def test_OwnerRolePermission_authenticated_user_with_password_with_check_owner(
authenticated_user_instance):
authenticated_user_instance.password = "******"
obj = Mock()
obj.check_owner = lambda user: user == authenticated_user_instance
with permissions.OwnerRolePermission(obj=obj,
password_required=True,
password="******"):
pass
with pytest.raises(HTTPException):
with permissions.OwnerRolePermission(obj=obj,
password_required=True,
password="******"):
pass
class UserStories(Resource):
@api.login_required(oauth_scopes=['users:read'])
@api.permission_required(permissions.OwnerRolePermission())
@api.response(StorySchema(many=True))
def get(self):
""" Get all stories added by current user"""
return current_user.stories
class UserPublishers(Resource):
@api.login_required(oauth_scopes=['users:read'])
@api.permission_required(permissions.OwnerRolePermission())
@api.response(PublisherSchema(many=True))
def get(self):
""" Get all publishers posted by current user"""
pass
class UserComments(Resource):
@api.login_required(oauth_scopes=['users:read'])
@api.permission_required(permissions.OwnerRolePermission())
@api.response(CommentSchema(many=True))
def get(self):
""" Get all comments posted by current user"""
return current_user.comments
def test_OwnerRolePermission_anonymous_user_with_password(
anonymous_user_instance):
obj = Mock()
obj.check_owner = lambda user: False
with pytest.raises(HTTPException):
with permissions.OwnerRolePermission(obj=obj,
password_required=True,
password="******"):
pass
class UserAllFollowing(Resource):
@api.login_required(oauth_scopes=['users:read'])
@api.permission_required(permissions.OwnerRolePermission())
@api.parameters(PaginationParameters())
@api.response(schemas.UserSchema(many=True))
def get(self, args):
"""Get all following users of current user
"""
return User.query_all_following(current_user.id) \
.offset(args['offset']).limit(args['limit'])
def test_OwnerRolePermission_anonymous_user(anonymous_user_instance):
with pytest.raises(HTTPException):
with permissions.OwnerRolePermission():
pass
