def assign_permissions_to_user(user, role_id, permission_ids): """Create the role and permissions, assign the permissions to the role, and assign the role to the user. """ role = authorization_service.create_role(role_id, role_id) for permission_id in permission_ids: permission = authorization_service.create_permission(permission_id, permission_id) authorization_service.assign_permission_to_role(permission, role) authorization_service.assign_role_to_user(role, user)
def assign_permissions_to_user(user_id, role_id, permission_ids): """Create the role and permissions, assign the permissions to the role, and assign the role to the user. """ role = authorization_service.create_role(role_id, role_id) for permission_id in permission_ids: permission = authorization_service.create_permission( permission_id, permission_id) authorization_service.assign_permission_to_role(permission.id, role.id) authorization_service.assign_role_to_user(user_id, role.id)
def test_assign_role_to_user(admin_app_with_db, normal_user, admin_user, role): user_id = normal_user.id initiator_id = admin_user.id user_permission_ids_before = service.get_permission_ids_for_user(user_id) assert PERMISSION_ID not in user_permission_ids_before service.assign_role_to_user(role.id, user_id, initiator_id=initiator_id) user_permission_ids_after = service.get_permission_ids_for_user(user_id) assert PERMISSION_ID in user_permission_ids_after # Expect attempt to assign that role again to that user to have no # effect and to not raise an exception. service.assign_role_to_user(role.id, user_id, initiator_id=initiator_id)
def test_deassign_role_from_user(admin_app_with_db, normal_user, admin_user, role): user_id = normal_user.id initiator_id = admin_user.id service.assign_role_to_user(role.id, user_id, initiator_id=initiator_id) user_permission_ids_before = service.get_permission_ids_for_user(user_id) assert PERMISSION_ID in user_permission_ids_before service.deassign_role_from_user(role.id, user_id, initiator_id=initiator_id) user_permission_ids_after = service.get_permission_ids_for_user(user_id) assert PERMISSION_ID not in user_permission_ids_after
def test_deassign_all_roles_from_user(admin_app_with_db, admin_user): role1 = create_role('board_moderator', 'Board Moderator') role2 = create_role('pausenclown', 'Pausenclown') role3 = create_role('partymeister', 'Partymeister') user1 = create_user('User1') user2 = create_user('User2') initiator_id = admin_user.id assign_role_to_user(role1.id, user1.id, initiator_id=admin_user) assign_role_to_user(role2.id, user1.id, initiator_id=admin_user) assign_role_to_user(role1.id, user2.id, initiator_id=admin_user) assign_role_to_user(role3.id, user2.id, initiator_id=admin_user) assert find_role_ids_for_user(user1.id) == {'board_moderator', 'pausenclown'} assert find_role_ids_for_user(user2.id) == {'board_moderator', 'partymeister'} deassign_all_roles_from_user(user1.id) # Targeted user's roles should have been deassigned. assert find_role_ids_for_user(user1.id) == set() # All other users' roles should still be assigned. assert find_role_ids_for_user(user2.id) == {'board_moderator', 'partymeister'}
def assign_roles_to_user(user_id, roles): for role in roles: authorization_service.assign_role_to_user(user_id, role.id)
def assign_roles_to_user(self, roles, user): for role in roles: authorization_service.assign_role_to_user(role, user)
def add_roles_to_user(roles, user): for role in roles: authorization_service.assign_role_to_user(role, user)
def _assign_roles_to_user(roles, user_id): for role in roles: authorization_service.assign_role_to_user(role.id, user_id)
def test_delete_account(app, db, permission, role): admin_id = app.admin_id user_id = UUID('20868b15-b935-40fc-8054-38854ef8509a') screen_name = 'GetRidOfMe' email_address = '*****@*****.**' legacy_id = 22299 user = create_user_with_detail(screen_name, user_id=user_id, email_address=email_address) user.legacy_id = legacy_id db.session.commit() authorization_service.assign_role_to_user(role.id, user_id) reason = 'duplicate' user_before = user_command_service._get_user(user_id) assert user_before.screen_name == screen_name assert user_before.email_address == email_address assert user_before.deleted == False assert user_before.legacy_id == legacy_id # details assert user_before.detail.first_names is not None assert user_before.detail.last_name is not None assert user_before.detail.date_of_birth is not None assert user_before.detail.country is not None assert user_before.detail.zip_code is not None assert user_before.detail.city is not None assert user_before.detail.street is not None assert user_before.detail.phone_number is not None # events events_before = event_service.get_events_for_user(user_before.id) assert len(events_before) == 1 assert events_before[0].event_type == 'role-assigned' # authorization assert authorization_service.find_role_ids_for_user(user_id) == { 'board_moderator' } assert authorization_service.get_permission_ids_for_user(user_id) == { 'board_topic_hide' } # -------------------------------- # user_command_service.delete_account(user_id, admin_id, reason=reason) # -------------------------------- # user_after = user_command_service._get_user(user_id) assert user_after.screen_name == 'deleted-20868b15b93540fc805438854ef8509a' assert user_after.email_address == '*****@*****.**' assert user_after.deleted == True assert user_after.legacy_id is None # details assert user_after.detail.first_names is None assert user_after.detail.last_name is None assert user_after.detail.date_of_birth is None assert user_after.detail.country is None assert user_after.detail.zip_code is None assert user_after.detail.city is None assert user_after.detail.street is None assert user_after.detail.phone_number is None # avatar assert user_after.avatar_selection is None # events events_after = event_service.get_events_for_user(user_after.id) assert len(events_after) == 2 user_enabled_event = events_after[1] assert user_enabled_event.event_type == 'user-deleted' assert user_enabled_event.data == { 'initiator_id': str(admin_id), 'reason': reason, } # authorization assert authorization_service.find_role_ids_for_user(user_id) == set() assert authorization_service.get_permission_ids_for_user(user_id) == set()