Esempio n. 1
0
    def options(self):
        user = session.get('auth_user', {})
        option = {
            'POST': Auth.has_permission(user, 'add_document'),
            'PUT': Auth.has_permission(user, 'add_document,modify_document'),
            'DELETE': Auth.has_permission(user, 'delete_document')
        }

        if request.args.get('method'):
            if not option.get(request.args.get('method')):
                option['notify_msg'] = {
                    'title': 'No Permission',
                    'message':
                    'You do not have permission to perform that action',
                    'type': 'error'
                }

            return Response(
                response=json.dumps(option),
                status=403
                if not option.get(request.args.get('method')) else 200,
                content_type='application/json')

        return Response(response=json.dumps(option),
                        content_type='application/json',
                        status=200)
Esempio n. 2
0
def post_login():

    user = Auth.get_by_login(request.form.get('email'),
                             request.form.get('password'))
    if user:
        Auth.create_session(user)
        return redirect(request.args.get('next_page', '/'))

    return get_login(error={'message': 'Invalid email and/or password'})
Esempio n. 3
0
def post_login():

    user = Auth.get_by_login(request.form.get('email'), request.form.get('password'))
    if user:
        Auth.create_session(user)
        return redirect(request.args.get('next_page', '/'))

    return get_login(error={
        'message': 'Invalid email and/or password'
    })
Esempio n. 4
0
    def options(self):
        user = session.get('auth_user', {})
        option = {
            'POST': Auth.has_permission(user, 'upload_archive_document'),
        }

        if request.args.get('method'):
            if not option.get(request.args.get('method')):
                option['notify_msg'] = {
                    'title': 'No Permission',
                    'message': 'You do not have permission to perform that action',
                    'type': 'error'
                }

            return Response(
                response=json.dumps(option),
                status=403 if not option.get(request.args.get('method')) else 200,
                content_type='application/json')

        return Response(response=json.dumps(option), content_type='application/json', status=200)
Esempio n. 5
0
def test_missing_single_permission_from_set(user_mock):
    assert Auth.has_permission(user_mock, ['add', 'modify', 'delete', 'restore']) is False
Esempio n. 6
0
def test_has_multiple_permissions_subset(user_mock):
    assert Auth.has_permission(user_mock, ['add', 'modify']) is True
Esempio n. 7
0
def test_missing_permission(user_mock):
    assert Auth.has_permission(user_mock, ['restore']) is False
Esempio n. 8
0
def test_has_single_permission(user_mock):
    assert Auth.has_permission(user_mock, 'add') is True
Esempio n. 9
0
def test_has_multiple_permissions(user_mock):
    assert Auth.has_permission(user_mock, ['add', 'modify', 'delete']) is True
Esempio n. 10
0
def test_has_multiple_permissions(user_mock):
    assert Auth.has_permission(user_mock, ['add', 'modify', 'delete']) is True
Esempio n. 11
0
def logout():
    if Auth.delete_session():
        return redirect('/')

    return Response(status=400)
Esempio n. 12
0
def test_delete_session(session_mock):
    session_mock.__contains__.return_value = True
    assert Auth.delete_session() is True
    session_mock.pop.assert_called_with('auth_user')
Esempio n. 13
0
def test_has_single_permission(user_mock):
    assert Auth.has_permission(user_mock, 'add') is True
Esempio n. 14
0
def test_has_multiple_permissions_subset(user_mock):
    assert Auth.has_permission(user_mock, ['add', 'modify']) is True
Esempio n. 15
0
def test_delete_session_no_session(session_mock):
    session_mock.__contains__.return_value = False
    assert Auth.delete_session() is False
Esempio n. 16
0
def test_delete_session(session_mock):
    session_mock.__contains__.return_value = True
    assert Auth.delete_session() is True
    session_mock.pop.assert_called_with('auth_user')
Esempio n. 17
0
def test_missing_single_permission_from_set(user_mock):
    assert Auth.has_permission(user_mock,
                               ['add', 'modify', 'delete', 'restore']) is False
Esempio n. 18
0
def test_missing_permission(user_mock):
    assert Auth.has_permission(user_mock, ['restore']) is False
Esempio n. 19
0
def test_delete_session_no_session(session_mock):
    session_mock.__contains__.return_value = False
    assert Auth.delete_session() is False
Esempio n. 20
0
def logout():
    if Auth.delete_session():
        return redirect('/')

    return Response(status=400)