Exemplo n.º 1
0
def test_user_has_not_needed_permission_on_action(auth_post):
    permission_mutation = read_graphql(
        "tests/auth/e2e/queries/permission.graphql")
    command = {
        "accessKey":
        config.default_user()[0],
        "permissions": [{
            "resource": "user",
            "action": "CREATE",
            "isConditional": False
        }],
    }
    response = auth_post(json=dict(
        query=permission_mutation,
        operationName="detachUserPermissions",
        variables=dict(command=command),
    ), )
    status = response.json()["data"]["detachUserPermissions"]["status"]
    assert "PERMISSIONS_DETACHED" in status

    mutation = read_graphql("tests/auth/e2e/queries/create_user.graphql")
    command = {
        "accessKey": helpers.random_username(),
        "name": helpers.random_name(),
        "email": helpers.random_email(),
        "password": helpers.random_password(),
    }
    response = auth_post(json=dict(
        query=mutation,
        operationName="createUser",
        variables=dict(command=command),
    ))
    response = response.json()
    assert not response["data"]["createUser"]
    assert response["errors"]
    assert "not allowed" in response["errors"][0]["message"]

    permission_mutation = read_graphql(
        "tests/auth/e2e/queries/permission.graphql")
    command = {
        "accessKey":
        config.default_user()[0],
        "permissions": [{
            "resource": "user",
            "action": "CREATE",
            "isConditional": False
        }],
    }
    auth_post(json=dict(
        query=permission_mutation,
        operationName="attachUserPermissions",
        variables=dict(command=command),
    ), )
def data_upgrade():
    access_key, _ = config.default_user()
    op.execute(f"""
        INSERT INTO user_permissions
    SELECT u.id AS id_user, p.id AS id_permission
    FROM users u CROSS JOIN permissions p
    WHERE u.access_key = '{access_key}'
        """)
def data_upgrade(users):
    access_key, pwd = config.default_user()
    op.bulk_insert(
        users,
        [{
            "access_key": access_key,
            "name": "Admin",
            "email": "*****@*****.**",
            "password": model.User.hash_password(pwd),
        }],
    )
from src import config
from tests.helpers import read_graphql
from tests.auth import helpers
from tests.fakes import auth

DEFAULT_USER, DEFAULT_PWD = config.default_user()


def test_create_user(auth_post):
    mutation = read_graphql("tests/auth/e2e/queries/create_user.graphql")
    command = {
        "accessKey": helpers.TEST_USER_ACCESS_KEY,
        "name": helpers.random_name(),
        "email": helpers.TEST_USER_EMAIL,
        "password": helpers.random_password(),
    }

    response = auth_post(
        json=dict(
            query=mutation,
            operationName="createUser",
            variables=dict(command=command),
        )
    )
    command_response = response.json()["data"]["createUser"]
    assert command_response
    assert "user_created" in command_response["status"].lower()


def test_create_user_without_token(starlette_client):
    mutation = read_graphql("tests/auth/e2e/queries/create_user.graphql")