def test_get_user_authorizations_for_org(session, monkeypatch): # pylint:disable=unused-argument
"""Assert that user authorizations for entity is working."""
user = factory_user_model()
org = factory_org_model()
membership = factory_membership_model(user.id, org.id)
patch_token_info({
'sub': str(user.keycloak_guid),
'realm_access': {
'roles': ['basic']
}}, monkeypatch)
authorization = Authorization.get_account_authorizations_for_org(org.id, ProductCode.BUSINESS.value)
assert authorization is not None
assert authorization.get('orgMembership', None) == membership.membership_type_code
assert authorization.get('roles') is not None
patch_token_info({
'sub': str(user.keycloak_guid),
'realm_access': {
'roles': ['basic']
}}, monkeypatch)
authorization = Authorization.get_account_authorizations_for_org(org.id, ProductCode.NAMES_REQUEST.value)
assert authorization is not None
assert authorization.get('orgMembership', None) == membership.membership_type_code
assert authorization.get('roles') is not None
patch_token_info({
'sub': str(user.keycloak_guid),
'realm_access': {
'roles': ['basic']
}}, monkeypatch)
authorization = Authorization.get_account_authorizations_for_org(org.id, ProductCode.VS.value)
assert authorization is not None
assert authorization.get('orgMembership') is None
assert len(authorization.get('roles')) == 0
def test_get_user_authorizations_for_entity(session, monkeypatch): # pylint:disable=unused-argument
"""Assert that user authorizations for entity is working."""
user = factory_user_model()
org = factory_org_model()
membership = factory_membership_model(user.id, org.id)
entity = factory_entity_model()
factory_affiliation_model(entity.id, org.id)
patch_token_info(
{
'sub': str(user.keycloak_guid),
'realm_access': {
'roles': ['basic']
}
}, monkeypatch)
authorization = Authorization.get_user_authorizations_for_entity(
entity.business_identifier)
assert authorization is not None
assert authorization.get('orgMembership',
None) == membership.membership_type_code
# Test with invalid user
patch_token_info(
{
'sub': str(uuid.uuid4()),
'realm_access': {
'roles': ['basic']
}
}, monkeypatch)
authorization = Authorization.get_user_authorizations_for_entity(
entity.business_identifier)
assert authorization is not None
assert authorization.get('orgMembership', None) is None
# Test for passcode users with invalid username
patch_token_info(
{
'loginSource': 'PASSCODE',
'username': '******',
'realm_access': {
'roles': ['basic']
}
}, monkeypatch)
authorization = Authorization.get_user_authorizations_for_entity(
entity.business_identifier)
assert authorization is not None
assert authorization.get('orgMembership', None) is None
# Test for staff users
patch_token_info({
'loginSource': '',
'realm_access': {
'roles': ['staff']
}
}, monkeypatch)
authorization = Authorization.get_user_authorizations_for_entity(
entity.business_identifier)
assert authorization is not None
assert authorization.get('orgMembership', None) is None
def test_get_account_authorizations_for_product(session, monkeypatch): # pylint:disable=unused-argument
"""Assert that user authorizations for product is working."""
user = factory_user_model()
org = factory_org_model()
factory_membership_model(user.id, org.id)
patch_token_info(TestJwtClaims.get_test_real_user(user.keycloak_guid), monkeypatch)
authorization = Authorization.get_account_authorizations_for_product(org.id, 'PPR')
assert authorization is not None
assert len(authorization.get('roles')) == 0
# Now add some product subscription for the org
patch_token_info(TestJwtClaims.get_test_real_user(user.keycloak_guid), monkeypatch)
factory_product_model(org.id)
authorization = Authorization.get_account_authorizations_for_product(org.id, 'PPR')
assert authorization is not None
assert len(authorization.get('roles')) > 0
# Create another org and assert that the roles are empty
org = factory_org_model(org_info=TestOrgInfo.org2, org_type_info=TestOrgTypeInfo.implicit, org_status_info=None,
payment_type_info=None)
factory_membership_model(user.id, org.id)
patch_token_info(TestJwtClaims.get_test_real_user(user.keycloak_guid), monkeypatch)
authorization = Authorization.get_account_authorizations_for_product(org.id, 'PPR')
assert authorization is not None
assert len(authorization.get('roles')) == 0
factory_product_model(org.id)
patch_token_info(TestJwtClaims.get_test_real_user(user.keycloak_guid), monkeypatch)
authorization = Authorization.get_account_authorizations_for_product(org.id, 'PPR')
assert authorization is not None
assert len(authorization.get('roles')) > 0
def test_get_user_authorizations_for_entity_service_account(session, monkeypatch):
"""Assert that user authorizations for entity is working."""
user = factory_user_model()
org = factory_org_model()
factory_membership_model(user.id, org.id)
factory_product_model(org.id, product_code=ProductCode.BUSINESS.value)
entity = factory_entity_model()
factory_affiliation_model(entity.id, org.id)
# Test for service accounts with correct product code
patch_token_info(
{'loginSource': '', 'realm_access': {'roles': ['system']}, 'product_code': ProductCode.BUSINESS.value},
monkeypatch)
authorization = Authorization.get_user_authorizations_for_entity(entity.business_identifier)
assert bool(authorization) is True
assert authorization.get('orgMembership', None) == 'ADMIN'
# Test for service accounts with wrong product code
patch_token_info({'loginSource': '', 'realm_access': {'roles': ['system']}, 'product_code': 'INVALIDCP'},
monkeypatch)
authorization = Authorization.get_user_authorizations_for_entity(entity.business_identifier)
assert bool(authorization) is False
assert authorization.get('orgMembership', None) is None
# Test for service accounts with no product code
patch_token_info({'loginSource': '', 'realm_access': {'roles': ['system']}}, monkeypatch)
authorization = Authorization.get_user_authorizations_for_entity(entity.business_identifier)
assert bool(authorization) is False
assert authorization.get('orgMembership', None) is None
def test_get_user_authorizations(session): # pylint:disable=unused-argument
"""Assert that listing all user authorizations is working."""
user = factory_user_model()
org = factory_org_model()
membership = factory_membership_model(user.id, org.id)
entity = factory_entity_model()
factory_affiliation_model(entity.id, org.id)
authorization = Authorization.get_user_authorizations(str(user.keycloak_guid))
assert authorization is not None
assert authorization['authorizations'][0].get('orgMembership', None) == membership.membership_type_code
# Test with invalid user
authorization = Authorization.get_user_authorizations(str(uuid.uuid4()))
assert authorization is not None
assert len(authorization['authorizations']) == 0
def get(account_id, product_code):
"""Return authorizations for a product in an account."""
expanded: bool = request.args.get('expanded', False)
authorizations = AuthorizationService.get_account_authorizations_for_product(
g.jwt_oidc_token_info.get('sub', None), account_id, product_code,
expanded)
return authorizations, http_status.HTTP_200_OK
def get(org_id):
"""Return authorization for the user for the passed business identifier."""
expanded: bool = request.args.get('expanded', False)
corp_type_code = request.headers.get('Product-Code', None)
authorisations = AuthorizationService.get_account_authorizations_for_org(g.jwt_oidc_token_info, org_id,
corp_type_code, expanded)
return authorisations, http_status.HTTP_200_OK
def test_get_user_authorizations_for_entity_service_account(session):
"""Assert that user authorizations for entity is working."""
user = factory_user_model()
org = factory_org_model()
factory_membership_model(user.id, org.id)
entity = factory_entity_model()
factory_affiliation_model(entity.id, org.id)
# Test for service accounts with correct corp type
authorization = Authorization.get_user_authorizations_for_entity(
{
'loginSource': '',
'realm_access': {
'roles': ['system']
},
'corp_type': 'CP'
}, entity.business_identifier)
assert bool(authorization) is True
assert authorization.get('orgMembership', None) == 'OWNER'
# Test for service accounts with wrong corp type
authorization = Authorization.get_user_authorizations_for_entity(
{
'loginSource': '',
'realm_access': {
'roles': ['system']
},
'corp_type': 'INVALIDCP'
}, entity.business_identifier)
assert bool(authorization) is False
assert authorization.get('orgMembership', None) is None
# Test for service accounts with no corp type
authorization = Authorization.get_user_authorizations_for_entity(
{
'loginSource': '',
'realm_access': {
'roles': ['system']
}
}, entity.business_identifier)
assert bool(authorization) is False
assert authorization.get('orgMembership', None) is None
def test_get_user_authorizations_for_entity_with_multiple_affiliations(
session, # pylint:disable=unused-argument
monkeypatch):
"""Assert that user authorizations for entity is working."""
user = factory_user_model()
org = factory_org_model()
membership = factory_membership_model(user.id, org.id)
entity = factory_entity_model()
factory_affiliation_model(entity.id, org.id)
patch_token_info(
{
'sub': str(user.keycloak_guid),
'realm_access': {
'roles': ['basic']
}
}, monkeypatch)
authorization = Authorization.get_user_authorizations_for_entity(
entity.business_identifier)
assert authorization is not None
assert authorization.get('orgMembership',
None) == membership.membership_type_code
# Affiliate same entity to another org and user, and assert both authorizations works
user_2 = factory_user_model(user_info=TestUserInfo.user2)
org_2 = factory_org_model(org_info=TestOrgInfo.org2)
membership = factory_membership_model(user_2.id, org_2.id)
factory_affiliation_model(entity.id, org_2.id)
patch_token_info(
{
'sub': str(user_2.keycloak_guid),
'realm_access': {
'roles': ['basic']
}
}, monkeypatch)
authorization = Authorization.get_user_authorizations_for_entity(
entity.business_identifier)
assert authorization is not None
assert authorization.get('orgMembership',
None) == membership.membership_type_code
def test_get_account_authorizations_for_product(session): # pylint:disable=unused-argument
"""Assert that user authorizations for product is working."""
user = factory_user_model()
org = factory_org_model()
factory_membership_model(user.id, org.id)
authorization = Authorization.get_account_authorizations_for_product(
str(user.keycloak_guid), org.id, 'PPR')
assert authorization is not None
assert len(authorization.get('roles')) == 0
# Now add some product subscription for the org
factory_product_model(org.id)
authorization = Authorization.get_account_authorizations_for_product(
str(user.keycloak_guid), org.id, 'PPR')
assert authorization is not None
assert len(authorization.get('roles')) == 1
assert authorization.get('roles')[0] == 'search'
# Create another org and assert that the roles are empty
org = factory_org_model(org_info=TestOrgInfo.org2,
org_type_info=TestOrgTypeInfo.implicit,
org_status_info=None,
payment_type_info=None)
factory_membership_model(user.id, org.id)
authorization = Authorization.get_account_authorizations_for_product(
str(user.keycloak_guid), org.id, 'PPR')
assert authorization is not None
assert len(authorization.get('roles')) == 0
factory_product_model(org.id, product_role_codes=['search', 'register'])
authorization = Authorization.get_account_authorizations_for_product(
str(user.keycloak_guid), org.id, 'PPR')
assert authorization is not None
assert len(authorization.get('roles')) == 2
assert 'search' in authorization.get('roles')
assert 'register' in authorization.get('roles')
def get(business_identifier):
"""Return authorization for the user for the passed business identifier."""
expanded: bool = request.args.get('expanded', False)
authorisations = AuthorizationService.get_user_authorizations_for_entity(
g.jwt_oidc_token_info, business_identifier, expanded)
return authorisations, http_status.HTTP_200_OK
def get(business_identifier):
"""Return authorization for the user for the passed business identifier."""
authorisations = AuthorizationService.get_user_authorizations_for_entity(
g.jwt_oidc_token_info, business_identifier)
return authorisations, http_status.HTTP_200_OK
def get():
"""Add a new contact for the Entity identified by the provided id."""
sub = g.jwt_oidc_token_info.get('sub', None)
return AuthorizationService.get_user_authorizations(
sub), http_status.HTTP_200_OK
def get(account_id, product_code):
"""Return authorizations for a product in an account."""
authorizations = AuthorizationService.get_account_authorizations_for_product(
g.jwt_oidc_token_info.get('sub', None),
account_id, product_code)
return authorizations, http_status.HTTP_200_OK
