def seed_force(db=None):
db = psef.models.db if db is None else db
with open(
f'{os.path.dirname(os.path.abspath(__file__))}/seed_data/permissions.json',
'r') as perms:
perms = json.load(perms)
for name, perm_data in perms.items():
if perm_data['course_permission']:
perm = psef.permissions.CoursePermission.get_by_name(name)
else:
perm = psef.permissions.GlobalPermission.get_by_name(name)
old_perm = m.Permission.query.filter_by(value=perm).first()
if old_perm is not None:
old_perm.default_value = perm.value.default_value
assert old_perm.course_permission == isinstance(
perm, psef.permissions.CoursePermission)
else:
db.session.add(
m.Permission(_Permission__name=perm.name,
default_value=perm.value.default_value,
course_permission=isinstance(
perm, psef.permissions.CoursePermission)))
# Flush to make sure all new perms are in the db.
db.session.flush()
with open(
f'{os.path.dirname(os.path.abspath(__file__))}/seed_data/roles.json',
'r') as c:
cs = json.load(c)
for name, c in cs.items():
perms = m.Permission.get_all_permissions(
psef.permissions.GlobalPermission)
r_perms = {}
perms_set = set(c['permissions'])
for perm in perms:
if (perm.default_value ^ (perm.value.name in perms_set)):
r_perms[perm.value] = perm
r = m.Role.query.filter_by(name=name).with_for_update().first()
if r is None:
db.session.add(m.Role(name=name, _permissions=r_perms))
else:
r._permissions = r_perms
db.session.commit()
def seed_force(db=None):
db = db or psef.models.db
with open(
f'{os.path.dirname(os.path.abspath(__file__))}/seed_data/permissions.json',
'r'
) as perms:
perms = json.load(perms)
for name, perm in perms.items():
old_perm = m.Permission.query.filter_by(name=name).first()
if old_perm is not None:
old_perm.default_value = perm['default_value']
old_perm.course_permission = perm['course_permission']
else:
db.session.add(
m.Permission(
name=name,
default_value=perm['default_value'],
course_permission=perm['course_permission']
)
)
with open(
f'{os.path.dirname(os.path.abspath(__file__))}/seed_data/roles.json',
'r'
) as c:
cs = json.load(c)
for name, c in cs.items():
perms = m.Permission.query.filter_by(course_permission=False).all()
r_perms = {}
perms_set = set(c['permissions'])
for perm in perms:
if (perm.default_value ^ (perm.name in perms_set)):
r_perms[perm.name] = perm
r = m.Role.query.filter_by(name=name).first()
if r is None:
db.session.add(m.Role(name=name, _permissions=r_perms))
else:
r._permissions = r_perms
db.session.commit()
def create_user_with_role(session, role, courses, name=None):
if not isinstance(courses, list):
courses = [courses]
n_id = str(uuid.uuid4())
new_role = m.Role(name=f'NEW_ROLE--{n_id}')
user = m.User(
name=f'NEW_USER-{n_id}' if name is None else name,
email=f'new_user-{n_id}@a.nl',
password=n_id,
active=True,
username=f'a-the-a-er-{n_id}' if name is None else f'{name}{n_id}',
role=new_role,
)
for course in courses:
user.courses[get_id(course)] = m.CourseRole.query.filter_by(
name=role, course_id=get_id(course)
).one()
session.add(user)
session.commit()
u_id = user.id
return LocalProxy(lambda: m.User.query.get(u_id))
def test_update_user_info_permissions(logged_in, test_client, session,
error_template, request):
new_role = m.Role(name='NEW_ROLE')
info_perm = psef.permissions.GlobalPermission.can_edit_own_info
pw_perm = psef.permissions.GlobalPermission.can_edit_own_password
new_role.set_permission(info_perm, False)
new_role.set_permission(pw_perm, False)
session.add(new_role)
user = m.User(
name='NEW_USER',
email='*****@*****.**',
password='******',
active=True,
username='******',
role=new_role,
)
session.add(user)
session.commit()
user_id = user.id
data = {}
data['new_password'] = '******'
data['old_password'] = '******'
data['email'] = '*****@*****.**'
data['name'] = 'new_name'
with logged_in(user):
# This user has no permissions so it should not be possible to do this.
test_client.req(
'patch',
'/api/v1/login',
403,
data=data,
result=error_template,
)
pw_perm = GlobalPermission.can_edit_own_password
m.User.query.get(user_id).role.set_permission(pw_perm, True)
session.commit()
# This user does not have the permission to change the name, so it
# should fail
test_client.req(
'patch',
'/api/v1/login',
403,
data=data,
result=error_template,
)
# However only password should be good
test_client.req(
'patch',
'/api/v1/login',
200,
data={
'name': 'NEW_USER',
'email': '*****@*****.**',
'old_password': '******',
'new_password': '******'
},
)
pw_perm = psef.permissions.GlobalPermission.can_edit_own_password
info_perm = psef.permissions.GlobalPermission.can_edit_own_info
m.User.query.get(user_id).role.set_permission(pw_perm, False)
m.User.query.get(user_id).role.set_permission(info_perm, True)
session.commit()
# This user does not have the permission to change the pw, so it
# should fail
test_client.req(
'patch',
'/api/v1/login',
403,
data=data,
result=error_template,
)
# However only name should be good
test_client.req(
'patch',
'/api/v1/login',
200,
data={
'name': 'new_name1',
'email': '*****@*****.**',
'old_password': '',
'new_password': '',
},
)
m.User.query.get(user_id).role.set_permission(
GlobalPermission.can_edit_own_password, True)
session.commit()
# It now has both so this should work.
test_client.req(
'patch',
'/api/v1/login',
403,
data=data,
result=error_template,
)
