def revoke_user(args, appname):
"""Revoke someone's permission to a app
:<json string username: you know what this is
:<json int user_id: must provide either username or user_id
"""
app = _get_app(appname)
if args['username']:
user = User.get_by_name(args['username'])
else:
user = User.get(args['user_id'])
return app.revoke_user(user)
def list_users(self):
from citadel.models.user import User
user_ids = [
r.user_id
for r in AppUserRelation.filter_by(appname=self.name).all()
]
users = [User.get(id_) for id_ in user_ids]
return users
def grant_user(args, appname):
"""Grant permission to a user
:<json string username: you know what this is
:<json int user_id: must provide either username or user_id
"""
app = _get_app(appname)
if args['username']:
user = User.get_by_name(args['username'])
else:
user = User.get(args['user_id'])
try:
app.grant_user(user)
except IntegrityError as e:
pass
return DEFAULT_RETURN_VALUE
def _(*args, **kwargs):
if current_app.config['DEBUG']:
g.user = User(**FAKE_USER)
else:
g.user = get_current_user()
if not g.user:
return redirect(url_for('user.login', next=request.url))
elif privileged and g.user.privileged != 1:
abort(403, 'dude you are not administrator')
else:
return func(*args, **kwargs)
def test_app_user_permission(test_db, client):
User.create(**FAKE_USER)
res = client.get(url_for('user.list_users'))
assert res.status_code == 200
assert len(res.json) == 1
assert res.json[0]['id'] == FAKE_USER['id']
payload = {'username': FAKE_USER['name']}
permission_url = url_for('app.grant_user', appname=default_appname)
res = client.put(permission_url, data=payload)
assert res.status_code == 200
relations = AppUserRelation.query.filter_by(user_id=FAKE_USER['id'],
appname=default_appname).all()
assert len(relations) == 1
res = client.delete(permission_url, data=payload)
assert res.status_code == 200
relations = AppUserRelation.query.filter_by(user_id=FAKE_USER['id'],
appname=default_appname).all()
assert len(relations) == 0
def test_permissions(test_db, client):
FAKE_USER['privileged'] = 0
user = User.create(**FAKE_USER)
res = client.get(url_for('app.list_app'))
assert res.json == []
res = client.get(url_for('app.get_app', appname=default_appname))
assert res.status_code == 403
app = App.get_by_name(default_appname)
app.grant_user(user)
res = client.get(url_for('app.list_app'))
assert len(res.json) == 1
res = client.get(url_for('app.get_app', appname=default_appname))
assert res.status_code == 200
def validate_username(n):
from citadel.models.user import User
if not bool(User.get_by_name(n)):
raise ValidationError(
'User {} not found, needs to login first'.format(n))
def list_users():
return jsonify([u.to_dict() for u in User.get_all()])