def test_dao_assign_admin_role_to_admin_user(self):
dao = AdminDAO()
user = UserModel(
name=user1["name"],
username=user1["username"],
email=user1["email"],
password=user1["password"],
terms_and_conditions_checked=user1["terms_and_conditions_checked"],
)
user.save_to_db()
user = UserModel.query.filter_by(id=2).first()
self.assertFalse(user.is_admin)
user.is_admin = True
user.save_to_db()
self.assertTrue(user.is_admin)
data = dict(user_id=2)
dao_result = dao.assign_new_user(1, data)
self.assertEqual((messages.USER_IS_ALREADY_AN_ADMIN, 400), dao_result)
def test_dao_revoke_admin_role_to_myself(self):
dao = AdminDAO()
data = dict(user_id=1)
dao_result = dao.revoke_admin_user(1, data)
self.assertEqual((messages.USER_CANNOT_REVOKE_ADMIN_STATUS, 403), dao_result)
def test_dao_assign_admin_role_to_non_existing_user(self):
dao = AdminDAO()
data = dict(user_id=123)
dao_result = dao.assign_new_user(1, data)
self.assertEqual((messages.USER_DOES_NOT_EXIST, 404), dao_result)
def test_dao_revoke_admin_role_by_non_admin_user(self):
dao = AdminDAO()
user = UserModel(
name=user1["name"],
username=user1["username"],
email=user1["email"],
password=user1["password"],
terms_and_conditions_checked=user1["terms_and_conditions_checked"],
)
user.is_email_verified = True
user.save_to_db()
user = UserModel.query.filter_by(id=2).first()
self.assertFalse(user.is_admin)
data = dict(user_id=1)
dao_result = dao.revoke_admin_user(2, data)
self.assertEqual((messages.USER_REVOKE_NOT_ADMIN, 403), dao_result)
def test_dao_assign_new_admin_valid_user(self):
dao = AdminDAO()
user = UserModel(
name="Joan",
username="******",
email="*****@*****.**",
password="******",
terms_and_conditions_checked=True,
)
db.session.add(user)
db.session.commit()
user = UserModel.query.filter_by(id=2).first()
self.assertFalse(user.is_admin)
data = dict(user_id=2)
dao.assign_new_user(1, data)
user = UserModel.query.filter_by(id=2).first()
self.assertTrue(user.is_admin)
def post(cls):
"""
Revoke admin status from another User Admin.
An existing admin can use this endpoint to revoke admin status of another user.
This is done by passing "user_id" of that particular user.
"""
user_id = get_jwt_identity()
user = UserDAO.get_user(user_id)
if user.is_admin:
data = request.json
return AdminDAO.revoke_admin_user(user.id, data)
else:
return messages.USER_REVOKE_NOT_ADMIN, HTTPStatus.FORBIDDEN
def post(cls):
"""
Assigns a User as a new Admin.
An existing admin can use this endpoint to designate another user as an admin.
This is done by passing "user_id" of that particular user.
"""
user_id = get_jwt_identity()
user = UserDAO.get_user(user_id)
if user.is_admin:
data = request.json
return AdminDAO.assign_new_user(user.id, data)
else:
return messages.USER_ASSIGN_NOT_ADMIN, HTTPStatus.FORBIDDEN
def test_dao_revoke_admin_role_to_valid_user(self):
dao = AdminDAO()
user = UserModel(
name=user1["name"],
username=user1["username"],
email=user1["email"],
password=user1["password"],
terms_and_conditions_checked=user1["terms_and_conditions_checked"],
)
user.save_to_db()
user = UserModel.query.filter_by(id=2).first()
self.assertFalse(user.is_admin)
user.is_admin = True
user.save_to_db()
self.assertTrue(user.is_admin)
data = dict(user_id=2)
dao.revoke_admin_user(1, data)
user = UserModel.query.filter_by(id=2).first()
self.assertFalse(user.is_admin)
def test_dao_assign_admin_role_to_myself(self):
dao = AdminDAO()
user = UserModel(
name=user1["name"],
username=user1["username"],
email=user1["email"],
password=user1["password"],
terms_and_conditions_checked=user1["terms_and_conditions_checked"],
)
user.is_email_verified = True
user.save_to_db()
user = UserModel.query.filter_by(id=2).first()
self.assertFalse(user.is_admin)
data = dict(user_id=2)
dao_result = dao.assign_new_user(2, data)
self.assertEqual(
(messages.USER_CANNOT_BE_ASSIGNED_ADMIN_BY_USER, 403), dao_result
)
def get(cls):
"""
Returns all admin users.
A admin user with valid access token can view the list of all admins. The endpoint
doesn't take any other input. A JSON array having an object for each admin user is
returned. The array contains id, username, name, slack_username, bio,
location, occupation, organization, skills.
The current admin user's details are not returned.
"""
user_id = get_jwt_identity()
user = UserDAO.get_user(user_id)
if user.is_admin:
list_of_admins = AdminDAO.list_admins(user_id)
list_of_admins = [
marshal(x, public_admin_user_api_model) for x in list_of_admins
]
return list_of_admins, HTTPStatus.OK
else:
return messages.USER_IS_NOT_AN_ADMIN, HTTPStatus.FORBIDDEN