def sample_service(notify_db,
notify_db_session,
service_name="Sample service",
user=None,
active=True,
restricted=False,
limit=1000,
email_from=None):
if user is None:
user = sample_user(notify_db, notify_db_session)
if email_from is None:
email_from = service_name.lower().replace(' ', '.')
data = {
'name': service_name,
'message_limit': limit,
'active': active,
'restricted': restricted,
'email_from': email_from,
'created_by': user
}
service = Service.query.filter_by(name=service_name).first()
if not service:
service = Service(**data)
dao_create_service(service, user)
else:
if user not in service.users:
dao_add_user_to_service(service, user)
return service
def test_send_notification_to_service_users_sends_to_active_users_only(
notify_db, notify_db_session, mocker):
mocker.patch("app.service.sender.send_notification_to_queue")
create_notify_service(notify_db, notify_db_session)
first_active_user = create_user(email="*****@*****.**", state="active")
second_active_user = create_user(email="*****@*****.**", state="active")
pending_user = create_user(email="*****@*****.**", state="pending")
service = create_sample_service(notify_db,
notify_db_session,
user=first_active_user)
dao_add_user_to_service(service, second_active_user)
dao_add_user_to_service(service, pending_user)
template = create_template(service, template_type=EMAIL_TYPE)
send_notification_to_service_users(service_id=service.id,
template_id=template.id)
notifications = Notification.query.all()
notifications_recipients = [
notification.to for notification in notifications
]
assert Notification.query.count() == 2
assert pending_user.email_address not in notifications_recipients
assert first_active_user.email_address in notifications_recipients
assert second_active_user.email_address in notifications_recipients
def setup_service(db_session,
service_name="Sample service",
user=None,
restricted=False,
limit=1000,
email_from=None,
permissions=None,
research_mode=None):
if user is None:
user = create_user()
if email_from is None:
email_from = service_name.lower().replace(' ', '.')
data = {
'name': service_name,
'message_limit': limit,
'restricted': restricted,
'email_from': email_from,
'created_by': user,
'crown': True
}
service = Service.query.filter_by(name=service_name).first()
if not service:
service = Service(**data)
dao_create_service(service, user, service_permissions=permissions)
if research_mode:
service.research_mode = research_mode
else:
if user not in service.users:
dao_add_user_to_service(service, user)
return service
def sample_broadcast_service(notify_db_session, broadcast_organisation):
user = create_user()
service_name = 'Sample broadcast service'
email_from = service_name.lower().replace(' ', '.')
data = {
'name': service_name,
'message_limit': 1000,
'restricted': False,
'email_from': email_from,
'created_by': user,
'crown': True,
'count_as_live': False,
}
service = Service.query.filter_by(name=service_name).first()
if not service:
service = Service(**data)
dao_create_service(service, user, service_permissions=[BROADCAST_TYPE])
insert_or_update_service_broadcast_settings(service, channel="severe")
dao_add_service_to_organisation(service, current_app.config['BROADCAST_ORGANISATION_ID'])
else:
if user not in service.users:
dao_add_user_to_service(service, user)
return service
def test_dao_fetch_active_users_for_service_returns_active_only(notify_db_session):
active_user = create_user(email='*****@*****.**', state='active')
pending_user = create_user(email='*****@*****.**', state='pending')
service = create_service(user=active_user)
dao_add_user_to_service(service, pending_user)
users = dao_fetch_active_users_for_service(service.id)
assert len(users) == 1
def create_service(
user=None,
service_name="Sample service",
service_id=None,
restricted=False,
count_as_live=True,
service_permissions=None,
research_mode=False,
active=True,
email_from=None,
prefix_sms=True,
message_limit=1000,
organisation_type='central',
check_if_service_exists=False,
go_live_user=None,
go_live_at=None,
crown=True,
organisation=None,
purchase_order_number=None,
billing_contact_names=None,
billing_contact_email_addresses=None,
billing_reference=None,
):
if check_if_service_exists:
service = Service.query.filter_by(name=service_name).first()
if (not check_if_service_exists) or (check_if_service_exists and not service):
service = Service(
name=service_name,
message_limit=message_limit,
restricted=restricted,
email_from=email_from if email_from else service_name.lower().replace(' ', '.'),
created_by=user if user else create_user(email='{}@digital.cabinet-office.gov.uk'.format(uuid.uuid4())),
prefix_sms=prefix_sms,
organisation_type=organisation_type,
organisation=organisation,
go_live_user=go_live_user,
go_live_at=go_live_at,
crown=crown,
purchase_order_number=purchase_order_number,
billing_contact_names=billing_contact_names,
billing_contact_email_addresses=billing_contact_email_addresses,
billing_reference=billing_reference,
)
dao_create_service(
service,
service.created_by,
service_id,
service_permissions=service_permissions,
)
service.active = active
service.research_mode = research_mode
service.count_as_live = count_as_live
else:
if user and user not in service.users:
dao_add_user_to_service(service, user)
return service
def test_add_existing_user_to_another_service_doesnot_change_old_permissions(
notify_db_session, ):
user = create_user()
service_one = Service(
name="service_one",
email_from="service_one",
message_limit=1000,
restricted=False,
created_by=user,
)
dao_create_service(service_one, user)
assert user.id == service_one.users[0].id
test_user_permissions = Permission.query.filter_by(service=service_one,
user=user).all()
assert len(test_user_permissions) == 8
other_user = User(
name="Other Test User",
email_address="*****@*****.**",
password="******",
mobile_number="+447700900987",
)
save_model_user(other_user)
service_two = Service(
name="service_two",
email_from="service_two",
message_limit=1000,
restricted=False,
created_by=other_user,
)
dao_create_service(service_two, other_user)
assert other_user.id == service_two.users[0].id
other_user_permissions = Permission.query.filter_by(service=service_two,
user=other_user).all()
assert len(other_user_permissions) == 8
other_user_service_one_permissions = Permission.query.filter_by(
service=service_one, user=other_user).all()
assert len(other_user_service_one_permissions) == 0
# adding the other_user to service_one should leave all other_user permissions on service_two intact
permissions = []
for p in ["send_emails", "send_texts", "send_letters"]:
permissions.append(Permission(permission=p))
dao_add_user_to_service(service_one, other_user, permissions=permissions)
other_user_service_one_permissions = Permission.query.filter_by(
service=service_one, user=other_user).all()
assert len(other_user_service_one_permissions) == 3
other_user_service_two_permissions = Permission.query.filter_by(
service=service_two, user=other_user).all()
assert len(other_user_service_two_permissions) == 8
def add_user_to_service(service_id, user_id):
service = dao_fetch_service_by_id(service_id)
user = get_user_by_id(user_id=user_id)
if user in service.users:
error = 'User id: {} already part of service id: {}'.format(user_id, service_id)
raise InvalidRequest(error, status_code=400)
permissions = permission_schema.load(request.get_json(), many=True).data
dao_add_user_to_service(service, user, permissions)
data = service_schema.dump(service).data
return jsonify(data=data), 201
def test_dao_add_user_to_service_ignores_folders_which_do_not_exist_when_setting_permissions(
sample_user, sample_service, fake_uuid):
valid_folder = create_template_folder(sample_service)
folder_permissions = [fake_uuid, str(valid_folder.id)]
dao_add_user_to_service(sample_service,
sample_user,
folder_permissions=folder_permissions)
service_user = dao_get_service_user(sample_user.id, sample_service.id)
assert service_user.folders == [valid_folder]
def create_service(
user=None,
service_name="Sample service",
service_id=None,
restricted=False,
count_as_live=True,
service_permissions=[EMAIL_TYPE, SMS_TYPE],
research_mode=False,
active=True,
email_from=None,
prefix_sms=True,
message_limit=1000,
organisation_type="central",
check_if_service_exists=False,
go_live_user=None,
go_live_at=None,
crown=True,
organisation=None,
):
if check_if_service_exists:
service = Service.query.filter_by(name=service_name).first()
if (not check_if_service_exists) or (check_if_service_exists
and not service):
service = Service(
name=service_name,
message_limit=message_limit,
restricted=restricted,
email_from=email_from
if email_from else service_name.lower().replace(" ", "."),
created_by=user if user else create_user(
email="{}@digital.cabinet-office.gov.uk".format(uuid.uuid4())),
prefix_sms=prefix_sms,
organisation_type=organisation_type,
go_live_user=go_live_user,
go_live_at=go_live_at,
crown=crown,
)
dao_create_service(
service,
service.created_by,
service_id,
service_permissions=service_permissions,
)
service.active = active
service.research_mode = research_mode
service.count_as_live = count_as_live
else:
if user and user not in service.users:
dao_add_user_to_service(service, user)
return service
def test_should_add_user_to_service(sample_user):
service = Service(
name="service_name", email_from="email_from", message_limit=1000, restricted=False, created_by=sample_user
)
dao_create_service(service, sample_user)
assert sample_user in Service.query.first().users
new_user = User(
name="Test User",
email_address="*****@*****.**",
password="******",
mobile_number="+447700900986",
)
save_model_user(new_user)
dao_add_user_to_service(service, new_user)
assert new_user in Service.query.first().users
def test_dao_add_user_to_service_sets_folder_permissions(sample_user, sample_service):
folder_1 = create_template_folder(sample_service)
folder_2 = create_template_folder(sample_service)
assert not folder_1.users
assert not folder_2.users
folder_permissions = [str(folder_1.id), str(folder_2.id)]
dao_add_user_to_service(sample_service, sample_user, folder_permissions=folder_permissions)
service_user = dao_get_service_user(user_id=sample_user.id, service_id=sample_service.id)
assert len(service_user.folders) == 2
assert folder_1 in service_user.folders
assert folder_2 in service_user.folders
def test_should_add_user_to_service(notify_db_session):
user = create_user()
service = Service(name="service_name",
email_from="email_from",
message_limit=1000,
restricted=False,
created_by=user)
dao_create_service(service, user)
assert user in Service.query.first().users
new_user = User(name='Test User',
email_address='*****@*****.**',
password='******',
mobile_number='+16502532222')
save_model_user(new_user)
dao_add_user_to_service(service, new_user)
assert new_user in Service.query.first().users
def test_dao_add_user_to_service_raises_error_if_adding_folder_permissions_for_a_different_service(
sample_service,
):
user = create_user()
other_service = create_service(service_name='other service')
other_service_folder = create_template_folder(other_service)
folder_permissions = [str(other_service_folder.id)]
assert ServiceUser.query.count() == 2
with pytest.raises(IntegrityError) as e:
dao_add_user_to_service(sample_service, user, folder_permissions=folder_permissions)
db.session.rollback()
assert 'insert or update on table "user_folder_permissions" violates foreign key constraint' in str(e.value)
assert ServiceUser.query.count() == 2
def test_get_all_only_services_user_has_access_to(service_factory, sample_user):
service_factory.get("service 1", sample_user, email_from="service.1")
service_factory.get("service 2", sample_user, email_from="service.2")
service_3 = service_factory.get("service 3", sample_user, email_from="service.3")
new_user = User(
name="Test User",
email_address="*****@*****.**",
password="******",
mobile_number="+447700900986",
)
save_model_user(new_user)
dao_add_user_to_service(service_3, new_user)
assert len(dao_fetch_all_services_by_user(sample_user.id)) == 3
assert dao_fetch_all_services_by_user(sample_user.id)[0].name == "service 1"
assert dao_fetch_all_services_by_user(sample_user.id)[1].name == "service 2"
assert dao_fetch_all_services_by_user(sample_user.id)[2].name == "service 3"
assert len(dao_fetch_all_services_by_user(new_user.id)) == 1
assert dao_fetch_all_services_by_user(new_user.id)[0].name == "service 3"
def test_get_all_user_services_only_returns_services_user_has_access_to(notify_db_session):
user = create_user()
create_service(service_name='service 1', user=user, email_from='service.1')
create_service(service_name='service 2', user=user, email_from='service.2')
service_3 = create_service(service_name='service 3', user=user, email_from='service.3')
new_user = User(
name='Test User',
email_address='*****@*****.**',
password='******',
mobile_number='+447700900986'
)
save_model_user(new_user, validated_email_access=True)
dao_add_user_to_service(service_3, new_user)
assert len(dao_fetch_all_services_by_user(user.id)) == 3
assert dao_fetch_all_services_by_user(user.id)[0].name == 'service 1'
assert dao_fetch_all_services_by_user(user.id)[1].name == 'service 2'
assert dao_fetch_all_services_by_user(user.id)[2].name == 'service 3'
assert len(dao_fetch_all_services_by_user(new_user.id)) == 1
assert dao_fetch_all_services_by_user(new_user.id)[0].name == 'service 3'
def test_add_existing_user_to_another_service_doesnot_change_old_permissions(sample_user):
service_one = Service(
name="service_one", email_from="service_one", message_limit=1000, restricted=False, created_by=sample_user
)
dao_create_service(service_one, sample_user)
assert sample_user.id == service_one.users[0].id
test_user_permissions = Permission.query.filter_by(service=service_one, user=sample_user).all()
assert len(test_user_permissions) == 8
other_user = User(
name="Other Test User",
email_address="*****@*****.**",
password="******",
mobile_number="+447700900987",
)
save_model_user(other_user)
service_two = Service(
name="service_two", email_from="service_two", message_limit=1000, restricted=False, created_by=other_user
)
dao_create_service(service_two, other_user)
assert other_user.id == service_two.users[0].id
other_user_permissions = Permission.query.filter_by(service=service_two, user=other_user).all()
assert len(other_user_permissions) == 8
other_user_service_one_permissions = Permission.query.filter_by(service=service_one, user=other_user).all()
assert len(other_user_service_one_permissions) == 0
# adding the other_user to service_one should leave all other_user permissions on service_two intact
permissions = []
for p in ["send_emails", "send_texts", "send_letters"]:
permissions.append(Permission(permission=p))
dao_add_user_to_service(service_one, other_user, permissions=permissions)
other_user_service_one_permissions = Permission.query.filter_by(service=service_one, user=other_user).all()
assert len(other_user_service_one_permissions) == 3
other_user_service_two_permissions = Permission.query.filter_by(service=service_two, user=other_user).all()
assert len(other_user_service_two_permissions) == 8
def add_user_to_service(service_id, user_id):
service = dao_fetch_service_by_id(service_id)
user = get_user_by_id(user_id=user_id)
if user in service.users:
error = 'User id: {} already part of service id: {}'.format(user_id, service_id)
raise InvalidRequest(error, status_code=400)
data = request.get_json()
validate(data, post_set_permissions_schema)
permissions = [
Permission(service_id=service_id, user_id=user_id, permission=p['permission'])
for p in data['permissions']
]
folder_permissions = data.get('folder_permissions', [])
dao_add_user_to_service(service, user, permissions, folder_permissions)
data = service_schema.dump(service).data
return jsonify(data=data), 201
def sample_service(notify_db,
notify_db_session,
service_name="Sample service",
user=None,
restricted=False,
limit=1000,
email_from=None,
permissions=None,
research_mode=None):
if user is None:
user = create_user()
if email_from is None:
email_from = service_name.lower().replace(' ', '.')
data = {
'name': service_name,
'message_limit': limit,
'restricted': restricted,
'email_from': email_from,
'created_by': user,
'crown': True
}
service = Service.query.filter_by(name=service_name).first()
if not service:
service = Service(**data)
dao_create_service(service, user, service_permissions=permissions)
if research_mode:
service.research_mode = research_mode
else:
if user not in service.users:
dao_add_user_to_service(service, user)
if permissions and INBOUND_SMS_TYPE in permissions:
create_inbound_number('12345', service_id=service.id)
if permissions and INBOUND_SMS_KEYWORD_TYPE in permissions:
create_inbound_shortnumber('12345', service_id=service.id)
return service
def test_rejects_jwt_without_permission_for_service(
self, client, db_session):
@requires_admin_auth_or_user_in_service(
required_permission='some-required-permission')
def endpoint_that_requires_admin_auth_or_permission_for_service():
pass
user = create_user()
service = create_service(service_name='some-service')
dao_add_user_to_service(service, user, permissions=[])
token = create_access_token(identity=user)
request.view_args['service_id'] = service.id
request.headers = {'Authorization': 'Bearer {}'.format(token)}
with pytest.raises(AuthError) as error:
endpoint_that_requires_admin_auth_or_permission_for_service()
assert error.value.code == 403
def test_should_remove_user_from_service(notify_db_session):
user = create_user()
service = Service(
name="service_name",
email_from="email_from",
message_limit=1000,
restricted=False,
created_by=user,
)
dao_create_service(service, user)
new_user = User(
name="Test User",
email_address="*****@*****.**",
password="******",
mobile_number="+16502532222",
)
save_model_user(new_user)
dao_add_user_to_service(service, new_user)
assert new_user in Service.query.first().users
dao_remove_user_from_service(service, new_user)
assert new_user not in Service.query.first().users
def sample_service(
notify_db,
notify_db_session,
service_name="Sample service",
user=None,
restricted=False,
limit=1000,
email_from=None,
permissions=None,
research_mode=None,
):
if user is None:
user = create_user()
if email_from is None:
email_from = service_name.lower().replace(" ", ".")
data = {
"name": service_name,
"message_limit": limit,
"restricted": restricted,
"email_from": email_from,
"created_by": user,
"crown": True,
}
service = Service.query.filter_by(name=service_name).first()
if not service:
service = Service(**data)
dao_create_service(service, user, service_permissions=permissions)
if research_mode:
service.research_mode = research_mode
else:
if user not in service.users:
dao_add_user_to_service(service, user)
if permissions and INBOUND_SMS_TYPE in permissions:
create_inbound_number("12345", service_id=service.id)
return service
def sample_broadcast_service(notify_db_session):
user = create_user()
service_name = 'Sample broadcast service'
email_from = service_name.lower().replace(' ', '.')
data = {
'name': service_name,
'message_limit': 1000,
'restricted': False,
'email_from': email_from,
'created_by': user,
'crown': True
}
service = Service.query.filter_by(name=service_name).first()
if not service:
service = Service(**data)
dao_create_service(service, user, service_permissions=[BROADCAST_TYPE])
else:
if user not in service.users:
dao_add_user_to_service(service, user)
return service
def test_get_all_user_services_only_returns_services_user_has_access_to(
notify_db_session, ):
user = create_user()
create_service(service_name="service 1", user=user, email_from="service.1")
create_service(service_name="service 2", user=user, email_from="service.2")
service_3 = create_service(service_name="service 3",
user=user,
email_from="service.3")
new_user = User(
name="Test User",
email_address="*****@*****.**",
password="******",
mobile_number="+16502532222",
)
save_model_user(new_user)
dao_add_user_to_service(service_3, new_user)
assert len(dao_fetch_all_services_by_user(user.id)) == 3
assert dao_fetch_all_services_by_user(user.id)[0].name == "service 1"
assert dao_fetch_all_services_by_user(user.id)[1].name == "service 2"
assert dao_fetch_all_services_by_user(user.id)[2].name == "service 3"
assert len(dao_fetch_all_services_by_user(new_user.id)) == 1
assert dao_fetch_all_services_by_user(new_user.id)[0].name == "service 3"
def test_accepts_jwt_with_permission_for_service(self, client, db_session,
required_permission):
@requires_user_in_service(required_permission=required_permission)
def endpoint_that_requires_permission_for_service():
pass
user = create_user()
service = create_service(service_name='some-service')
dao_add_user_to_service(service,
user,
permissions=[
Permission(service=service,
user=user,
permission=required_permission)
])
token = create_access_token(identity=user)
request.view_args['service_id'] = service.id
request.headers = {'Authorization': 'Bearer {}'.format(token)}
endpoint_that_requires_permission_for_service()
