def test_get_user_authorizations_for_entity_service_account(session, monkeypatch): """Assert that user authorizations for entity is working.""" user = factory_user_model() org = factory_org_model() factory_membership_model(user.id, org.id) factory_product_model(org.id, product_code=ProductCode.BUSINESS.value) entity = factory_entity_model() factory_affiliation_model(entity.id, org.id) # Test for service accounts with correct product code patch_token_info( {'loginSource': '', 'realm_access': {'roles': ['system']}, 'product_code': ProductCode.BUSINESS.value}, monkeypatch) authorization = Authorization.get_user_authorizations_for_entity(entity.business_identifier) assert bool(authorization) is True assert authorization.get('orgMembership', None) == 'ADMIN' # Test for service accounts with wrong product code patch_token_info({'loginSource': '', 'realm_access': {'roles': ['system']}, 'product_code': 'INVALIDCP'}, monkeypatch) authorization = Authorization.get_user_authorizations_for_entity(entity.business_identifier) assert bool(authorization) is False assert authorization.get('orgMembership', None) is None # Test for service accounts with no product code patch_token_info({'loginSource': '', 'realm_access': {'roles': ['system']}}, monkeypatch) authorization = Authorization.get_user_authorizations_for_entity(entity.business_identifier) assert bool(authorization) is False assert authorization.get('orgMembership', None) is None
def test_get_user_authorizations_for_entity(session, monkeypatch): # pylint:disable=unused-argument """Assert that user authorizations for entity is working.""" user = factory_user_model() org = factory_org_model() membership = factory_membership_model(user.id, org.id) entity = factory_entity_model() factory_affiliation_model(entity.id, org.id) patch_token_info( { 'sub': str(user.keycloak_guid), 'realm_access': { 'roles': ['basic'] } }, monkeypatch) authorization = Authorization.get_user_authorizations_for_entity( entity.business_identifier) assert authorization is not None assert authorization.get('orgMembership', None) == membership.membership_type_code # Test with invalid user patch_token_info( { 'sub': str(uuid.uuid4()), 'realm_access': { 'roles': ['basic'] } }, monkeypatch) authorization = Authorization.get_user_authorizations_for_entity( entity.business_identifier) assert authorization is not None assert authorization.get('orgMembership', None) is None # Test for passcode users with invalid username patch_token_info( { 'loginSource': 'PASSCODE', 'username': '******', 'realm_access': { 'roles': ['basic'] } }, monkeypatch) authorization = Authorization.get_user_authorizations_for_entity( entity.business_identifier) assert authorization is not None assert authorization.get('orgMembership', None) is None # Test for staff users patch_token_info({ 'loginSource': '', 'realm_access': { 'roles': ['staff'] } }, monkeypatch) authorization = Authorization.get_user_authorizations_for_entity( entity.business_identifier) assert authorization is not None assert authorization.get('orgMembership', None) is None
def test_get_user_authorizations_for_entity_service_account(session): """Assert that user authorizations for entity is working.""" user = factory_user_model() org = factory_org_model() factory_membership_model(user.id, org.id) entity = factory_entity_model() factory_affiliation_model(entity.id, org.id) # Test for service accounts with correct corp type authorization = Authorization.get_user_authorizations_for_entity( { 'loginSource': '', 'realm_access': { 'roles': ['system'] }, 'corp_type': 'CP' }, entity.business_identifier) assert bool(authorization) is True assert authorization.get('orgMembership', None) == 'OWNER' # Test for service accounts with wrong corp type authorization = Authorization.get_user_authorizations_for_entity( { 'loginSource': '', 'realm_access': { 'roles': ['system'] }, 'corp_type': 'INVALIDCP' }, entity.business_identifier) assert bool(authorization) is False assert authorization.get('orgMembership', None) is None # Test for service accounts with no corp type authorization = Authorization.get_user_authorizations_for_entity( { 'loginSource': '', 'realm_access': { 'roles': ['system'] } }, entity.business_identifier) assert bool(authorization) is False assert authorization.get('orgMembership', None) is None
def test_get_user_authorizations_for_entity_with_multiple_affiliations( session, # pylint:disable=unused-argument monkeypatch): """Assert that user authorizations for entity is working.""" user = factory_user_model() org = factory_org_model() membership = factory_membership_model(user.id, org.id) entity = factory_entity_model() factory_affiliation_model(entity.id, org.id) patch_token_info( { 'sub': str(user.keycloak_guid), 'realm_access': { 'roles': ['basic'] } }, monkeypatch) authorization = Authorization.get_user_authorizations_for_entity( entity.business_identifier) assert authorization is not None assert authorization.get('orgMembership', None) == membership.membership_type_code # Affiliate same entity to another org and user, and assert both authorizations works user_2 = factory_user_model(user_info=TestUserInfo.user2) org_2 = factory_org_model(org_info=TestOrgInfo.org2) membership = factory_membership_model(user_2.id, org_2.id) factory_affiliation_model(entity.id, org_2.id) patch_token_info( { 'sub': str(user_2.keycloak_guid), 'realm_access': { 'roles': ['basic'] } }, monkeypatch) authorization = Authorization.get_user_authorizations_for_entity( entity.business_identifier) assert authorization is not None assert authorization.get('orgMembership', None) == membership.membership_type_code
def get(business_identifier): """Return authorization for the user for the passed business identifier.""" expanded: bool = request.args.get('expanded', False) authorisations = AuthorizationService.get_user_authorizations_for_entity( g.jwt_oidc_token_info, business_identifier, expanded) return authorisations, http_status.HTTP_200_OK
def get(business_identifier): """Return authorization for the user for the passed business identifier.""" authorisations = AuthorizationService.get_user_authorizations_for_entity( g.jwt_oidc_token_info, business_identifier) return authorisations, http_status.HTTP_200_OK