def test_admin_admin_update(self): give_user_privilege(self.user, "ADMIN_ADMIN") user_id = self.user.id forms = create_admin_admin_form() my_form = forms[user_id] my_form["%d_admin_config" % user_id].data = True my_form["%d_admin_admin" % user_id].data = True my_form["%d_admin_playback" % user_id].data = True my_form["%d_admin_interface" % user_id].data = True forms[user_id] = my_form # Create a big dict to send back, just like in the real world! post_data = {} for form in forms.itervalues(): post_data.update(form.data) # Try to update our own privileges! response = self.app.post("/admin/admin_admin_update", data=post_data, follow_redirects=True) assert response.status_code == 200 assert user_has_privilege(user_id, "ADMIN_INTERFACE") assert user_has_privilege(user_id, "ADMIN_CONFIG") assert user_has_privilege(user_id, "ADMIN_PLAYBACK") assert user_has_privilege(user_id, "ADMIN_ADMIN")
def player(): """Display the player page. Sends the user's queue and the global queue along and displays the player page.""" users_tracks = get_user_queue(session['user']['id']) global_queue = get_global_queue() config = {'lastfm_api_key': app.config['LASTFM_API_KEY'], 'lastfm_api_secret': app.config['LASTFM_API_SECRET']} user = User.query.get(session['user']['id']) # Do some logic to figure out if we need to show the admin console (i.e. the hostname or port for the MPD server are blank) if app.config['MPD_SERVER_HOSTNAME'] == "" or app.config['MPD_SERVER_PORT'] == "": if user_has_privilege(user, "ADMIN_INTERFACE") and user_has_privilege(user, "ADMIN_CONFIG"): return redirect(url_for("admin_console")) return render_template("player.html", user=user, user_play_queue=users_tracks, global_play_queue=global_queue, config=config, voting_enabled=needs_voting[app.config['SELECTION_SCHEME']], user_privs=dump_user_privileges(user))
def wrapped(*args, **kwargs): current_user = session['user']['id'] missing_privs = [p for p in privs if not user_has_privilege(current_user, p)] if len(missing_privs) == 0: return f(*args, **kwargs) else: if fail_mode == "redirect": return redirect(url_for("player")) elif fail_mode == "json": return jsonify(status="error", message="You are not authorized to view this page!"), 403 else: return jsonify(status="Not authorized."), 403
def wrapped(*args, **kwargs): current_user = session['user']['id'] missing_privs = [ p for p in privs if not user_has_privilege(current_user, p) ] if len(missing_privs) == 0: return f(*args, **kwargs) else: if fail_mode == "redirect": return redirect(url_for("player")) elif fail_mode == "json": return jsonify( status="error", message="You are not authorized to view this page!" ), 403 else: return jsonify(status="Not authorized."), 403
def test_user_has_privilege(self): assert not user_has_privilege(self.user, "ADMIN_INTERFACE") give_user_privilege(self.user, "ADMIN_INTERFACE") assert user_has_privilege(self.user, "ADMIN_INTERFACE")