def update_group(id):
request_data = request.get_json()
if not request_data:
return bad_request('No input data provided.')
try:
data = GroupSchema().load(request_data)
# check for existing group name
group = Group.find_by_id(id)
existing_group = Group.find_by_name(name=data.get('name'))
if existing_group is not None:
if existing_group.id != group.id:
return bad_request(f'Group already exists.')
group.name = data.get('name')
group.description = data.get('description')
group.save()
return jsonify(GroupSchema().dump(group))
# handle errors
except ValidationError as err:
return error_response(422, err.messages)
except (exc.IntegrityError, ValueError):
db.session.rollback()
return server_error('Something went wrong, please try again.')
def seed_groups():
"""
Seed the database with a few groups.
"""
try:
groups = [
'partner',
'junior partner',
'senior associate',
'associate',
'paralegal'
]
users = User.query.limit(24).all()
perms = Permission.query.all()
for group in groups:
grp = Group(name=group)
grp.members.extend(random.sample(
users, k=random.randrange(len(users))))
grp.permissions.extend(random.sample(
perms, k=random.randrange(len(perms))))
grp.save()
print(f'Added users to {len(groups)} groups...')
except Exception as error:
print(f'Error: {error}')
def add_group():
request_data = request.get_json()
if not request_data:
return bad_request('No input data provided.')
try:
data = GroupSchema().load(request_data)
name = data.get('name')
description = data.get('description')
# check for existing group name
group = Group.find_by_name(name=name)
if group:
return bad_request('Group already exist.')
group = Group(name=name, description=description)
group.save()
response = jsonify(GroupSchema().dump(group))
response.status_code = 201
response.headers['Location'] = url_for('admin.get_group', id=group.id)
return response
# handle errors
except ValidationError as err:
return error_response(422, err.messages)
except (exc.IntegrityError, ValueError):
db.session.rollback()
return server_error('Something went wrong, please try again.')
def test_update_group_invalid_data(client, groups):
group = Group.find_by_name('test group 2')
response = client.put(
f'/api/admin/groups/{group.id}',
data=json.dumps({'name': 'tr*st1'}),
content_type='application/json'
)
data = json.loads(response.data.decode())
assert response.status_code == 422
assert data.get('message') is not None
def test_update_group_no_data(client, groups):
group = Group.find_by_name('test group 2')
response = client.put(
f'/api/admin/groups/{group.id}',
data=json.dumps({}),
content_type='application/json'
)
data = json.loads(response.data.decode())
assert response.status_code == 400
assert 'No input data provided' in data.get('message')
def remove_group_permissions(grp_id):
data = request.get_json()
group = Group.find_by_id(grp_id)
perms = []
for id in data.get('perms'):
perm = Permission.find_by_id(id)
perms.append(perm)
group.remove_permissions(perms)
return jsonify(GroupSchema().dump(group))
def remove_group_members(grp_id):
data = request.get_json()
group = Group.find_by_id(grp_id)
users = []
for id in data.get('users'):
user = User.find_by_id(id)
users.append(user)
group.remove_members(users)
return jsonify(GroupSchema().dump(group))
def delete_group(id):
try:
group = Group.find_by_id(id)
if not group:
return not_found('Group does not exist.')
group.delete()
return {'message': 'Successfully deleted group.'}
except Exception as error:
return {'message': error}
def test_group_members(users, groups):
admin = User.find_by_identity('*****@*****.**')
regular = User.find_by_identity('*****@*****.**')
grp = Group.find_by_name('test group 1')
grp.add_members([regular, admin])
assert grp.is_group_member(regular) is True
assert grp.members.count() == 2
grp.remove_members([regular])
assert grp.is_group_member(regular) is False
assert grp.members.count() == 1
def test_update_group_duplicate_name(client, groups):
group = Group.find_by_name('test group 2')
response = client.put(
f'/api/admin/groups/{group.id}',
data=json.dumps({
'name': 'test group 1',
'description': 'just a common group',
}),
content_type='application/json'
)
data = json.loads(response.data.decode())
assert response.status_code == 400
assert 'Group already exists.' in data.get('message')
def test_update_group(client, groups):
group = Group.find_by_name('test group 2')
response = client.put(
f'/api/admin/groups/{group.id}',
data=json.dumps({
'description': 'test group',
'name': 'test group',
}),
content_type='application/json'
)
data = json.loads(response.data.decode())
assert response.status_code == 200
assert isinstance(data, dict) is True
assert data.get('name') == 'test group'
def test_group_perms(groups):
name1 = Permission.set_code_name('can view groups')
name2 = Permission.set_code_name('can delete users')
perm1 = Permission.find_by_name(name1)
perm2 = Permission.find_by_name(name2)
grp = Group.find_by_name('test group 1')
grp.add_permissions([perm1, perm2])
assert grp.has_perm(perm2) is True
assert grp.permissions.count() == 2
grp.remove_permissions([perm2])
assert grp.has_perm(perm2) is False
assert grp.permissions.count() == 1
def test_remove_group_members(client, users, groups):
user1 = User.find_by_identity('*****@*****.**')
user2 = User.find_by_identity('*****@*****.**')
group = Group.find_by_name('test group 3')
group.add_members([user2, user1])
assert len(group.members.all()) == 2
response = client.delete(
f'/api/admin/groups/{group.id}/members',
content_type='application/json',
data=json.dumps({'users': [user1.id, user2.id]})
)
data = json.loads(response.data.decode())
assert response.status_code == 200
assert len(data.get('members')) == 0
def test_add_group_members(client, users, groups):
user1 = User.find_by_identity('*****@*****.**')
user2 = User.find_by_identity('*****@*****.**')
group = Group.find_by_name('test group 1')
response = client.put(
f'/api/admin/groups/{group.id}/members',
content_type='application/json',
data=json.dumps({'users': [user1.id, user2.id]})
)
data = json.loads(response.data.decode())
assert response.status_code == 200
assert len(data.get('members')) == 2
assert data.get('members')[0]['username'] == 'adminuser'
assert data.get('members')[1]['username'] == 'regularuser'
def test_user_get_all_perms(users, groups):
name1 = Permission.set_code_name('can add users')
name2 = Permission.set_code_name('can edit groups')
perm1 = Permission.find_by_name(name1)
perm2 = Permission.find_by_name(name2)
user = User.find_by_identity('*****@*****.**')
grp = Group.find_by_name('test group 1')
grp.add_members([user])
assert len(user.get_all_perms()) == 0
user.add_permissions([perm1])
grp.add_permissions([perm2])
assert len(user.get_all_perms()) == 2
assert user.has_permission(perm2.code_name) is True
assert user.has_permission(perm1.code_name) is True
assert user.has_permissions([perm1.code_name, perm2.code_name]) is True
def test_remove_group_perms(client, groups):
name1 = Permission.set_code_name('can view groups')
name2 = Permission.set_code_name('can delete users')
perm1 = Permission.find_by_name(name1)
perm2 = Permission.find_by_name(name2)
group = Group.find_by_name('test group 3')
group.add_permissions([perm2, perm1])
assert len(group.permissions.all()) == 2
response = client.delete(
f'/api/admin/groups/{group.id}/permissions',
content_type='application/json',
data=json.dumps({'perms': [perm1.id, perm2.id]})
)
data = json.loads(response.data.decode())
assert response.status_code == 200
assert len(data.get('permissions')) == 0
def test_add_group_perms(client, groups):
name1 = Permission.set_code_name('can view groups')
name2 = Permission.set_code_name('can delete users')
perm1 = Permission.find_by_name(name1)
perm2 = Permission.find_by_name(name2)
group = Group.find_by_name('test group 1')
response = client.put(
f'/api/admin/groups/{group.id}/permissions',
content_type='application/json',
data=json.dumps({'perms': [perm1.id, perm2.id]})
)
data = json.loads(response.data.decode())
assert response.status_code == 200
assert len(data.get('permissions')) == 2
assert data.get('permissions')[1]['name'] == 'can view groups'
assert data.get('permissions')[0]['name'] == 'can delete users'
def get_group(id):
"""Get a single group"""
group = Group.find_by_id(id)
if group is None:
return not_found('Group not found!')
return jsonify(GroupSchema().dump(group))
def add_group(name, description='', members=[], permissions=[]):
group = Group(name=name, description=description)
group.add_members(members)
group.add_permissions(permissions)
group.save()
return group
def test_get_group(client, groups):
group = Group.find_by_name('test group 1')
response = client.get(f'/api/admin/groups/{group.id}',)
data = json.loads(response.data.decode())
assert response.status_code == 200
assert data.get('name') == 'test group 1'
def test_delete_group(client, groups):
group = Group.find_by_name('test group 2')
response = client.delete(f'/api/admin/groups/{group.id}')
data = json.loads(response.data.decode())
assert response.status_code == 200
assert 'deleted group' in data.get('message')
