def test_user_has_not_needed_permission_on_action(auth_post): permission_mutation = read_graphql( "tests/auth/e2e/queries/permission.graphql") command = { "accessKey": config.default_user()[0], "permissions": [{ "resource": "user", "action": "CREATE", "isConditional": False }], } response = auth_post(json=dict( query=permission_mutation, operationName="detachUserPermissions", variables=dict(command=command), ), ) status = response.json()["data"]["detachUserPermissions"]["status"] assert "PERMISSIONS_DETACHED" in status mutation = read_graphql("tests/auth/e2e/queries/create_user.graphql") command = { "accessKey": helpers.random_username(), "name": helpers.random_name(), "email": helpers.random_email(), "password": helpers.random_password(), } response = auth_post(json=dict( query=mutation, operationName="createUser", variables=dict(command=command), )) response = response.json() assert not response["data"]["createUser"] assert response["errors"] assert "not allowed" in response["errors"][0]["message"] permission_mutation = read_graphql( "tests/auth/e2e/queries/permission.graphql") command = { "accessKey": config.default_user()[0], "permissions": [{ "resource": "user", "action": "CREATE", "isConditional": False }], } auth_post(json=dict( query=permission_mutation, operationName="attachUserPermissions", variables=dict(command=command), ), )
def data_upgrade(): access_key, _ = config.default_user() op.execute(f""" INSERT INTO user_permissions SELECT u.id AS id_user, p.id AS id_permission FROM users u CROSS JOIN permissions p WHERE u.access_key = '{access_key}' """)
def data_upgrade(users): access_key, pwd = config.default_user() op.bulk_insert( users, [{ "access_key": access_key, "name": "Admin", "email": "*****@*****.**", "password": model.User.hash_password(pwd), }], )
from src import config from tests.helpers import read_graphql from tests.auth import helpers from tests.fakes import auth DEFAULT_USER, DEFAULT_PWD = config.default_user() def test_create_user(auth_post): mutation = read_graphql("tests/auth/e2e/queries/create_user.graphql") command = { "accessKey": helpers.TEST_USER_ACCESS_KEY, "name": helpers.random_name(), "email": helpers.TEST_USER_EMAIL, "password": helpers.random_password(), } response = auth_post( json=dict( query=mutation, operationName="createUser", variables=dict(command=command), ) ) command_response = response.json()["data"]["createUser"] assert command_response assert "user_created" in command_response["status"].lower() def test_create_user_without_token(starlette_client): mutation = read_graphql("tests/auth/e2e/queries/create_user.graphql")