def test_OwnerRolePermission_authenticated_user(authenticated_user_instance): obj = Mock() obj.check_owner = lambda user: user == authenticated_user_instance with permissions.OwnerRolePermission(obj=obj): pass del obj.check_Owner with pytest.raises(HTTPException): with permissions.OwnerRolePermission(): pass
def test_OwnerRolePermission_authenticated_user_with_password_with_check_owner( authenticated_user_instance): authenticated_user_instance.password = "******" obj = Mock() obj.check_owner = lambda user: user == authenticated_user_instance with permissions.OwnerRolePermission(obj=obj, password_required=True, password="******"): pass with pytest.raises(HTTPException): with permissions.OwnerRolePermission(obj=obj, password_required=True, password="******"): pass
def test_OwnerRolePermission_authenticated_user_with_password_without_check_owner( authenticated_user_instance, ): authenticated_user_instance.password = '******' obj = Mock() del obj.check_owner with pytest.raises(HTTPException): with permissions.OwnerRolePermission( obj=obj, password_required=True, password='******' ): pass with pytest.raises(HTTPException): with permissions.OwnerRolePermission( obj=obj, password_required=True, password='******' ): pass
class TeamMembers(Resource): """ Manipulations with members of a specific team. """ @api.login_required(oauth_scopes=['teams:read']) @api.resolve_object_by_model(Team, 'team') @api.permission_required( permissions.OwnerRolePermission, kwargs_on_request=lambda kwargs: {'obj': kwargs['team']} ) @api.permission_required(permissions.OwnerRolePermission(partial=True)) @api.parameters(PaginationParameters()) @api.response(schemas.BaseTeamMemberSchema(many=True)) def get(self, args, team): """ Get team members by team ID. """ return team.members[args['offset']: args['offset'] + args['limit']] @api.login_required(oauth_scopes=['teams:write']) @api.resolve_object_by_model(Team, 'team') @api.permission_required( permissions.OwnerRolePermission, kwargs_on_request=lambda kwargs: {'obj': kwargs['team']} ) @api.permission_required(permissions.WriteAccessPermission()) @api.parameters(parameters.AddTeamMemberParameters()) @api.response(schemas.BaseTeamMemberSchema()) @api.response(code=http_exceptions.Conflict.code) def post(self, args, team): """ Add a new member to a team. """ try: user_id = args.pop('user_id') user = User.query.get(user_id) if user is None: abort( code=http_exceptions.NotFound.code, message="User with id %d does not exist" % user_id ) try: team_member = TeamMember(team=team, user=user, **args) except ValueError as exception: abort(code=http_exceptions.Conflict.code, message=str(exception)) db.session.add(team_member) try: db.session.commit() except sqlalchemy.exc.IntegrityError: abort( code=http_exceptions.Conflict.code, message="Could not update team details." ) finally: db.session.rollback() return team_member
def get(self, team_id): """ Get team details by ID. """ team = Team.query.get_or_404(team_id) with permissions.OwnerRolePermission(obj=team): return team
def patch(self, args, team_id): """ Patch team details by ID. """ team = Team.query.get_or_404(team_id) # pylint: disable=no-member with permissions.OwnerRolePermission(obj=team): with permissions.WriteAccessPermission(): for operation in args['body']: if not self._process_patch_operation(operation, team=team): log.info( "Team patching has ignored unknown operation %s", operation) db.session.merge(team) try: db.session.commit() except sqlalchemy.exc.IntegrityError: db.session.rollback() # TODO: handle errors better abort(code=http_exceptions.Conflict.code, message="Could not update team details.") return team
def delete(self, args, team_id): """ Remove a member from a team. """ team = Team.query.get_or_404(team_id) # pylint: disable=no-member with permissions.OwnerRolePermission(obj=team): with permissions.WriteAccessPermission(): user_id = args['user_id'] team_member = TeamMember.query.filter_by( team=team, user_id=user_id).one() if team_member is None: abort(code=http_exceptions.NotFound.code, message="User with id %d does not exist" % user_id) db.session.delete(team_member) try: db.session.commit() except sqlalchemy.exc.IntegrityError: db.session.rollback() # TODO: handle errors better abort(code=http_exceptions.Conflict.code, message="Could not update team details.") return team
class TeamMemberByID(Resource): """ Manipulations with a specific team member. """ @api_v1.login_required(scopes=['teams:write']) @api_v1.permission_required(permissions.OwnerRolePermission(partial=True)) @api_v1.response(code=http_exceptions.Conflict.code) def delete(self, args, team_id): """ Remove a member from a team. """ team = Team.query.get_or_404(team_id) # pylint: disable=no-member with permissions.OwnerRolePermission(obj=team): with permissions.WriteAccessPermission(): user_id = args['user_id'] team_member = TeamMember.query.filter_by( team=team, user_id=user_id).one() if team_member is None: abort(code=http_exceptions.NotFound.code, message="User with id %d does not exist" % user_id) db.session.delete(team_member) try: db.session.commit() except sqlalchemy.exc.IntegrityError: db.session.rollback() # TODO: handle errors better abort(code=http_exceptions.Conflict.code, message="Could not update team details.") return team
def post(self, args, team_id): """ Add a new member to a team. """ team = Team.query.get_or_404(team_id) # pylint: disable=no-member with permissions.OwnerRolePermission(obj=team): with permissions.WriteAccessPermission(): user_id = args.pop('user_id') user = User.query.get(user_id) if user is None: abort(code=http_exceptions.NotFound.code, message="User with id %d does not exist" % user_id) team_member = TeamMember(team=team, user=user, **args) db.session.add(team_member) try: db.session.commit() except sqlalchemy.exc.IntegrityError: db.session.rollback() # TODO: handle errors better abort(code=http_exceptions.Conflict.code, message="Could not update team details.") return None
def get(self, args, team_id): """ Get team members by team ID. """ team = Team.query.get_or_404(team_id) with permissions.OwnerRolePermission(obj=team): return team.members[args['offset']:args['offset'] + args['limit']]
class TeamMembers(Resource): """ Manipulations with members of a specific team. """ @api_v1.login_required(scopes=['teams:read']) @api_v1.permission_required(permissions.OwnerRolePermission(partial=True)) @api_v1.parameters(PaginationParameters()) @api_v1.response(schemas.BaseTeamMemberSchema(many=True)) def get(self, args, team_id): """ Get team members by team ID. """ team = Team.query.get_or_404(team_id) with permissions.OwnerRolePermission(obj=team): return team.members[args['offset']:args['offset'] + args['limit']] @api_v1.login_required(scopes=['teams:write']) @api_v1.permission_required(permissions.OwnerRolePermission(partial=True)) @api_v1.parameters(parameters.AddTeamMemberParameters()) @api_v1.response(code=http_exceptions.Conflict.code) def post(self, args, team_id): """ Add a new member to a team. """ team = Team.query.get_or_404(team_id) # pylint: disable=no-member with permissions.OwnerRolePermission(obj=team): with permissions.WriteAccessPermission(): user_id = args.pop('user_id') user = User.query.get(user_id) if user is None: abort(code=http_exceptions.NotFound.code, message="User with id %d does not exist" % user_id) team_member = TeamMember(team=team, user=user, **args) db.session.add(team_member) try: db.session.commit() except sqlalchemy.exc.IntegrityError: db.session.rollback() # TODO: handle errors better abort(code=http_exceptions.Conflict.code, message="Could not update team details.") return None
def test_OwnerRolePermission_anonymous_user_with_password(anonymous_user_instance): # pylint: disable=unused-argument obj = Mock() obj.check_owner = lambda user: False with pytest.raises(HTTPException): with permissions.OwnerRolePermission( obj=obj, password_required=True, password='******' ): pass
class TeamMembers(Resource): """ Manipulations with members of a specific team. """ @api.permission_required( permissions.OwnerRolePermission, kwargs_on_request=lambda kwargs: {'obj': kwargs['team']} ) @api.permission_required(permissions.OwnerRolePermission(partial=True)) @api.parameters(PaginationParameters()) @api.response(schemas.BaseTeamMemberSchema(many=True)) def get(self, args, team): """ Get team members by team ID. """ return team.members.skip(args['offset']).limit(args['limit']) @api.login_required(oauth_scopes=['teams:write']) @api.permission_required( permissions.OwnerRolePermission, kwargs_on_request=lambda kwargs: {'obj': kwargs['team']} ) @api.permission_required(permissions.WriteAccessPermission()) @api.parameters(parameters.AddTeamMemberParameters()) @api.response(schemas.BaseTeamMemberSchema()) @api.response(code=HTTPStatus.CONFLICT) def post(self, args, team): """ Add a new member to a team. """ with api.commit_or_abort( default_error_message="Failed to update team details." ): user_id = args.pop('user_id') #user = User.query.get(user_id) user = User.objects(user_id=user_id).first() if user is None: abort( code=HTTPStatus.NOT_FOUND, message="User with id %d does not exist" % user_id ) team_member = TeamMember(team=team, user=user, **args) team_member.save() #db.session.add(team_member) return team_member
def delete(self, team_id): """ Delete a team by ID. """ team = Team.query.get_or_404(team_id) # pylint: disable=no-member with permissions.OwnerRolePermission(obj=team): with permissions.WriteAccessPermission(): db.session.delete(team) try: db.session.commit() except sqlalchemy.exc.IntegrityError: db.session.rollback() # TODO: handle errors better abort(code=http_exceptions.Conflict.code, message="Could not delete the team.") return None
def test_OwnerRolePermission_anonymous_user(anonymous_user_instance): # pylint: disable=unused-argument with pytest.raises(HTTPException): with permissions.OwnerRolePermission(): pass
class TeamByID(Resource): """ Manipulations with a specific team. """ @api_v1.login_required(scopes=['teams:read']) @api_v1.permission_required(permissions.OwnerRolePermission(partial=True)) @api_v1.response(schemas.DetailedTeamSchema()) def get(self, team_id): """ Get team details by ID. """ team = Team.query.get_or_404(team_id) with permissions.OwnerRolePermission(obj=team): return team @api_v1.login_required(scopes=['teams:write']) @api_v1.permission_required(permissions.OwnerRolePermission(partial=True)) @api_v1.parameters(parameters.PatchTeamDetailsParameters()) @api_v1.response(schemas.DetailedTeamSchema()) @api_v1.response(code=http_exceptions.Conflict.code) def patch(self, args, team_id): """ Patch team details by ID. """ team = Team.query.get_or_404(team_id) # pylint: disable=no-member with permissions.OwnerRolePermission(obj=team): with permissions.WriteAccessPermission(): for operation in args['body']: if not self._process_patch_operation(operation, team=team): log.info( "Team patching has ignored unknown operation %s", operation) db.session.merge(team) try: db.session.commit() except sqlalchemy.exc.IntegrityError: db.session.rollback() # TODO: handle errors better abort(code=http_exceptions.Conflict.code, message="Could not update team details.") return team @api_v1.login_required(scopes=['teams:write']) @api_v1.permission_required(permissions.OwnerRolePermission(partial=True)) @api_v1.response(code=http_exceptions.Conflict.code) def delete(self, team_id): """ Delete a team by ID. """ team = Team.query.get_or_404(team_id) # pylint: disable=no-member with permissions.OwnerRolePermission(obj=team): with permissions.WriteAccessPermission(): db.session.delete(team) try: db.session.commit() except sqlalchemy.exc.IntegrityError: db.session.rollback() # TODO: handle errors better abort(code=http_exceptions.Conflict.code, message="Could not delete the team.") return None def _process_patch_operation(self, operation, team): """ Args: operation (dict) - one patch operation in RFC 6902 format. team (Team) - team instance which is needed to be patched. state (dict) - inter-operations state storage. Returns: processing_status (bool) - True if operation was handled, otherwise False. """ if 'value' not in operation: # TODO: handle errors better abort(code=http_exceptions.UnprocessableEntity.code, message="value is required") assert operation['path'][0] == '/', "Path must always begin with /" field_name = operation['path'][1:] field_value = operation['value'] if operation['op'] == parameters.PatchTeamDetailsParameters.OP_REPLACE: setattr(team, field_name, field_value) return True return False