def test_delete_damage_BUT_user_has_MODERATE_DAMAGES_permission(app, user_factory, rci): """ A user with the MODERATE_DAMAGES permission can delete damages form any unlocked rci """ user = user_factory(permissions=Permission.MODERATE_DAMAGES) with app.app_context(): damage = get_db().execute( 'select * from damages where rci_id = ?', (rci['rci_id'],)).fetchone() libdamage.delete_damage(damage_id=damage['damage_id'], logged_in_user=user)
def _make_user(permissions=0): random_string = str(uuid.uuid4()) with app.app_context(): db_connection = get_db() username = '******'.format(random_string) password = '******'.format(random_string) role = _create_role(db_connection=db_connection, permissions=permissions) return _create_user(db_connection=db_connection, username=username, password=password, role=role['role'])
def test_get_rcis_for_user_WITH_user_being_a_collaborator(app, rci): """ Assert that the function fetches the expected rci(s) The creator of the fixture rci is also a collaborator. So we expect the same rci to be fetched when use use the creator's user_id to fetch rcis """ with app.app_context(): db = get_db() user = db.execute('select * from users where user_id = ?', (rci['created_by'], )).fetchone() rcis = librci.get_rcis_for_user(user_id=rci['created_by'], logged_in_user=user) assert len(rcis) == 1 assert rcis[0]['rci_id'] == rci['rci_id']
def test_delete_damage_BUT_rci_is_locked(app, user_factory, rci_factory): locked_rci = rci_factory(locked=True) user = user_factory(permissions=Permission.MODERATE_DAMAGES) with app.app_context(): damage = get_db().execute( 'select * from damages where rci_id = ?', (locked_rci['rci_id'],)).fetchone() with pytest.raises(Unauthorized) as e: libdamage.delete_damage(damage_id=damage['damage_id'], logged_in_user=user) assert 'is locked' in str(e)
def _make_rci(locked=False): id = str(uuid.uuid4()) username = '******'.format(id) password = '******'.format(id) room_name = 'room_{}'.format(id) building_name = 'building_{}'.format(id) damage_item = 'item_{}'.format(id) damage_text = 'text_{}'.format(id) damage_url = 'http://url_{}'.format(id) is_locked = 1 if locked else 0 with app.app_context(): db = get_db() role = _create_role(db, permissions=0) user = _create_user(db, username=username, password=password, role=role['role']) room = _create_room(db, room_name=room_name, building_name=building_name) rci = _create_rci(db, building_name=building_name, room_name=room_name, created_by=user['user_id'], is_locked=is_locked) damage = _create_damage(db, rci_id=rci['rci_id'], item=damage_item, text=damage_text, image_url=damage_url, created_by=user['user_id']) collab = _create_rci_collab(db, rci_id=rci['rci_id'], user_id=user['user_id']) return rci
def __enter__(self): self.connection = get_db() cursor = self.connection.cursor() return cursor