def update_access(): """ Updates the accesses for the user in the post body """ user_management = UserManagement() jwt_user = get_jwt_identity() admin_user = user_management.get_user(jwt_user) authorized = admin_user['role'] == 'admin' log_request(request, jwt_user, authorized) if not authorized: response = {'message': 'only admins can update accesses'} return jsonify(response), 403 else: if 'username' not in request.json: response = {'message': 'username required in post body'} return jsonify(response), 400 if 'modules' not in request.json: response = {'message': 'role required in post body'} return jsonify(response), 400 username = request.json['username'] modules = request.json['modules'] user_management.update_access(username, modules) response = {'message': 'role updated for %s' % (username)} return jsonify(response), 201
def test_event(): user_management = UserManagement() user_management.delete_user(conf.TEST_USER) user_management.add_user(conf.TEST_USER, conf.TEST_PASSWORD) # User must be authenticated url = '/service/event/7757038511' response = CLIENT.get(url) assert response.status_code == 401 response = CLIENT.post('/service/user/authenticate', json=dict(username=conf.TEST_USER, password=conf.TEST_PASSWORD)) assert response.status_code == 200 jwt = utils._get_cookie_from_response(response, 'access_token_cookie') # User must have access to events response = CLIENT.get( url, headers={'Cookies': 'access_token_cookie=%s' % (jwt)}) assert response.status_code == 403 user_management.update_access(conf.TEST_USER, ['events']) # Success response = CLIENT.get( url, headers={'Cookies': 'access_token_cookie=%s' % (jwt)}) assert response.status_code == 200 assert type(response.json) == dict # Check to make sure the aggregates are present assert 'average_age' in response.json assert 'member_count' in response.json assert 'non_member_count' in response.json assert 'first_event_count' in response.json assert 'age_groups' in response.json for group in response.json['age_groups']: count = response.json['age_groups'][group] assert type(count) == int # Check to make sure the attendees are present for attendee in response.json['attendees']: 'member_id' in attendee 'first_name' in attendee 'last_name' in attendee 'name' in attendee 'age' in attendee 'is_member' in attendee url = '/service/event/8675309' response = CLIENT.get( url, headers={'Cookies': 'access_token_cookie=%s' % (jwt)}) assert response.status_code == 404 assert type(response.json) == dict url = '/service/user/logout' response = CLIENT.post(url) assert response.status_code == 200 user_management.delete_user(conf.TEST_USER) user = user_management.get_user(conf.TEST_USER) assert user == None
def run_url_tests(url, client, access=[]): user_management = UserManagement() user_management.delete_user(conf.TEST_USER) user_management.add_user(conf.TEST_USER, conf.TEST_PASSWORD) # User must be authenticated response = client.get(url) assert response.status_code == 401 response = client.post('/service/user/authenticate', json=dict(username=conf.TEST_USER, password=conf.TEST_PASSWORD)) assert response.status_code == 200 jwt = utils._get_cookie_from_response(response, 'access_token_cookie') # The user must have access to the correct modules response = client.get( url, headers={'Cookies': 'access_token_cookie=%s' % (jwt)}) assert response.status_code == 403 user_management.update_access(conf.TEST_USER, access) response = client.get( url, headers={'Cookies': 'access_token_cookie=%s' % (jwt)}) assert response.status_code == 200 url = '/service/user/logout' response = client.post(url) assert response.status_code == 200 user_management.delete_user(conf.TEST_USER) user = user_management.get_user(conf.TEST_USER) assert not user
def test_avg_attendance(): user_management = UserManagement() user_management.delete_user(conf.TEST_USER) user_management.add_user(conf.TEST_USER, conf.TEST_PASSWORD) url = '/service/trends/avg-attendance' response = CLIENT.post('/service/user/authenticate', json=dict(username=conf.TEST_USER, password=conf.TEST_PASSWORD)) assert response.status_code == 200 jwt = utils._get_cookie_from_response(response, 'access_token_cookie') # User must have access to trends response = CLIENT.get( url, headers={'Authorization': 'access_token_cookies=%s' % (jwt)}) assert response.status_code == 403 user_management.update_access(conf.TEST_USER, ['trends']) # Success! response = CLIENT.get( url, headers={'Authorization': 'access_token_cookies=%s' % (jwt)}) assert response.status_code == 200 assert type(response.json['results']) == list for result in response.json['results']: assert 'day_of_week' in result assert 'day_order' in result assert 'avg_attendance' in result url = '/service/user/logout' response = CLIENT.post(url) assert response.status_code == 200 user_management.delete_user(conf.TEST_USER) user = user_management.get_user(conf.TEST_USER) assert user == None
def test_map_authorize(): user_management = UserManagement() user_management.delete_user(conf.TEST_USER) user_management.add_user(conf.TEST_USER, conf.TEST_PASSWORD) url = '/service/map/authorize' # User must be authenticated response = CLIENT.get(url) assert response.status_code == 401 response = CLIENT.post('/service/user/authenticate', json=dict(username=conf.TEST_USER, password=conf.TEST_PASSWORD)) assert response.status_code == 200 jwt = utils._get_cookie_from_response(response, 'access_token_cookie') # The user must have access to the map module response = CLIENT.get( url, headers={'Cookies': 'access_token_cookie=%s' % (jwt)}) assert response.status_code == 403 user_management.update_access(conf.TEST_USER, ['map']) # Success! response = CLIENT.get( url, headers={'Cookies': 'access_token_cookie=%s' % (jwt)}) assert response.status_code == 200 url = '/service/user/logout' response = CLIENT.post(url) assert response.status_code == 200 user_management.delete_user(conf.TEST_USER) user = user_management.get_user(conf.TEST_USER) assert user == None
def test_events(): user_management = UserManagement() user_management.delete_user(conf.TEST_USER) user_management.add_user(conf.TEST_USER, conf.TEST_PASSWORD) url = '/service/user/logout' response = CLIENT.post(url) assert response.status_code == 200 # User must be authenticated response = CLIENT.get('/service/events?limit=25') assert response.status_code == 401 response = CLIENT.post('/service/user/authenticate', json=dict(username=conf.TEST_USER, password=conf.TEST_PASSWORD)) assert response.status_code == 200 jwt = utils._get_cookie_from_response(response, 'access_token_cookie') url = '/service/events?limit=25&page=2' url += '&sort=start_datetime&order=desc' url += '&q=a&start_datetime=1900-01-01' url += '&end_datetime=2100-01-01' user_management.update_access(conf.TEST_USER, ['events']) # Success! response = CLIENT.get( url, headers={'Cookies': 'access_token_cookie=%s' % (jwt)}) assert response.status_code == 200 assert type(response.json['results']) == list assert len(response.json['results']) == 25 assert 'count' in response.json assert 'pages' in response.json # Make sure input validation is working url = '/service/events?limit=30&page=2' response = CLIENT.get( url, headers={'Cookies': 'access_token_cookie=%s' % (jwt)}) assert response.status_code == 422 url = '/service/user/logout' response = CLIENT.post(url) assert response.status_code == 200 user_management.delete_user(conf.TEST_USER) user = user_management.get_user(conf.TEST_USER) assert user == None
def test_year_group_attendees(): user_management = UserManagement() user_management.delete_user(conf.TEST_USER) user_management.add_user(conf.TEST_USER, conf.TEST_PASSWORD) url = '/service/trends/age-group-attendance' response = CLIENT.post('/service/user/authenticate', json=dict(username=conf.TEST_USER, password=conf.TEST_PASSWORD)) assert response.status_code == 200 jwt = utils._get_cookie_from_response(response, 'access_token_cookie') # User must have access to trends response = CLIENT.get( url, headers={'Authorization': 'access_token_cookies=%s' % (jwt)}) assert response.status_code == 403 user_management.update_access(conf.TEST_USER, ['trends']) # Success! response = CLIENT.get( url, headers={'Authorization': 'access_token_cookies=%s' % (jwt)}) assert response.status_code == 200 assert type(response.json) == dict for key in response.json: assert 'group' in response.json[key] assert 'count' in response.json[key] # And now let's try grouping by month url += '?groupBy=month' assert response.status_code == 200 assert type(response.json) == dict for key in response.json: assert 'group' in response.json[key] assert 'count' in response.json[key] url = '/service/user/logout' response = CLIENT.post(url) assert response.status_code == 200 user_management.delete_user(conf.TEST_USER) user = user_management.get_user(conf.TEST_USER) assert user == None
def test_participation(): user_management = UserManagement() user_management.delete_user(conf.TEST_USER) user_management.add_user(conf.TEST_USER, conf.TEST_PASSWORD) url = '/service/trends/participation/Young Professional' response = CLIENT.post('/service/user/authenticate', json=dict(username=conf.TEST_USER, password=conf.TEST_PASSWORD)) assert response.status_code == 200 jwt = utils._get_cookie_from_response(response, 'access_token_cookie') # User must have access to the trends page response = CLIENT.get( url, headers={'Authorization': 'access_token_cookies=%s' % (jwt)}) assert response.status_code == 403 user_management.update_access(conf.TEST_USER, ['trends']) response = CLIENT.get( url, headers={'Authorization': 'access_token_cookies=%s' % (jwt)}) assert response.status_code == 200 assert type(response.json['results']) == list for item in response.json['results']: assert 'id' in item assert 'name' in item assert 'total' in item url += '?top=event' assert response.status_code == 200 assert type(response.json['results']) == list for item in response.json['results']: assert 'id' in item assert 'name' in item assert 'total' in item url = '/service/user/logout' response = CLIENT.post(url) assert response.status_code == 200 user_management.delete_user(conf.TEST_USER) user = user_management.get_user(conf.TEST_USER) assert user == None
def test_all_geometries(): user_management = UserManagement() user_management.delete_user(conf.TEST_USER) user_management.add_user(conf.TEST_USER, conf.TEST_PASSWORD) url = '/service/map/geometries' # The user must be authenticated response = CLIENT.get(url) assert response.status_code == 401 response = CLIENT.post('/service/user/authenticate', json=dict(username=conf.TEST_USER, password=conf.TEST_PASSWORD)) assert response.status_code == 200 jwt = utils._get_cookie_from_response(response, 'access_token_cookie') # The user must have access to the map response = CLIENT.get( url, headers={'Cookies': 'access_token_cookie=%s' % (jwt)}) assert response.status_code == 403 user_management.update_access(conf.TEST_USER, ['map']) # Success! response = CLIENT.get( url, headers={'Cookies': 'access_token_cookie=%s' % (jwt)}) assert response.status_code == 200 for key in response.json: layer = response.json[key] assert 'id' in layer assert 'type' in layer assert 'source' in layer assert layer['source']['type'] == 'geojson' assert type(layer['source']['data']) == dict assert 'paint' in layer url = '/service/user/logout' response = CLIENT.post(url) assert response.status_code == 200 user_management.delete_user(conf.TEST_USER) user = user_management.get_user(conf.TEST_USER) assert user == None
def test_export_event_aggregates(): user_management = UserManagement() user_management.delete_user(conf.TEST_USER) user_management.add_user(conf.TEST_USER, conf.TEST_PASSWORD) # User must be authenticated url = '/service/events/export?q=trsty' response = CLIENT.get(url) assert response.status_code == 401 response = CLIENT.post('/service/user/authenticate', json=dict(username=conf.TEST_USER, password=conf.TEST_PASSWORD)) assert response.status_code == 200 jwt = utils._get_cookie_from_response(response, 'access_token_cookie') # User must have access to events url = '/service/events/export?q=trsty' response = CLIENT.get( url, headers={'Cookies': 'access_token_cookie=%s' % (jwt)}) assert response.status_code == 403 user_management.update_access(conf.TEST_USER, ['events']) # Success! url = '/service/events/export?q=trsty' response = CLIENT.get( url, headers={'Cookies': 'access_token_cookie=%s' % (jwt)}) assert response.status_code == 200 csv = StringIO(response.data.decode('utf-8')) df = pd.read_csv(csv) assert len(df) > 0 url = '/service/user/logout' response = CLIENT.post(url) assert response.status_code == 200 user_management.delete_user(conf.TEST_USER) user = user_management.get_user(conf.TEST_USER) assert user == None
def test_event_cities(): user_management = UserManagement() user_management.delete_user(conf.TEST_USER) user_management.add_user(conf.TEST_USER, conf.TEST_PASSWORD) # User must be authenticated response = CLIENT.get('/service/events?limit=25') assert response.status_code == 401 response = CLIENT.post('/service/user/authenticate', json=dict(username=conf.TEST_USER, password=conf.TEST_PASSWORD)) assert response.status_code == 200 jwt = utils._get_cookie_from_response(response, 'access_token_cookie') # User must have access to events url = '/service/events/cities' response = CLIENT.get( url, headers={'Cookies': 'access_token_cookie=%s' % (jwt)}) assert response.status_code == 403 user_management.update_access(conf.TEST_USER, ['map']) # Success! response = CLIENT.get( url, headers={'Cookies': 'access_token_cookie=%s' % (jwt)}) assert response.status_code == 200 assert type(response.json['results']) == dict for city in response.json['results']['cities']: assert type(response.json['results']['cities'][city]) == list for city in response.json['results']['counts']: assert type(response.json['results']['counts'][city]) == str assert type(response.json['count']) == str url = '/service/user/logout' response = CLIENT.post(url) assert response.status_code == 200 user_management.delete_user(conf.TEST_USER) user = user_management.get_user(conf.TEST_USER) assert user == None
def test_event_locations(): user_management = UserManagement() user_management.delete_user(conf.TEST_USER) user_management.add_user(conf.TEST_USER, conf.TEST_PASSWORD) response = CLIENT.post('/service/user/authenticate', json=dict(username=conf.TEST_USER, password=conf.TEST_PASSWORD)) assert response.status_code == 200 jwt = utils._get_cookie_from_response(response, 'access_token_cookie') # User must have access to events url = '/service/events/locations' response = CLIENT.get( url, headers={'Cookies': 'access_token_cookie=%s' % (jwt)}) assert response.status_code == 403 user_management.update_access(conf.TEST_USER, ['map']) # Success! response = CLIENT.get( url, headers={'Cookies': 'access_token_cookie=%s' % (jwt)}) assert response.status_code == 200 assert type(response.json['results']) == list for result in response.json['results']: assert type(result['type']) == str assert type(result['geometry']['type']) == str assert type(result['geometry']['coordinates'][0]) == float assert type(result['geometry']['coordinates'][1]) == float assert type(result['properties']['title']) == str assert type(result['properties']['icon']) == str assert type(result['properties']['description']) == str url = '/service/user/logout' response = CLIENT.post(url) assert response.status_code == 200 user_management.delete_user(conf.TEST_USER) user = user_management.get_user(conf.TEST_USER) assert user == None