def is_coorganizer_endpoint_related_to_event(view, view_args, view_kwargs,
*args, **kwargs):
"""
If the authorization header is present (but expired)
and the eventbeing accessed is not published
- And the user is related to the event (organizer, co-organizer etc) show a 401
- Else show a 404
:param view:
:param view_args:
:param view_kwargs:
:param args:
:param kwargs:
:return:
"""
user = get_identity()
if user.is_staff:
verify_jwt_in_request()
return view(*view_args, **view_kwargs)
if user.has_event_access(kwargs['event_id']):
verify_jwt_in_request()
return view(*view_args, **view_kwargs)
raise ForbiddenError({'source': ''}, 'Co-organizer access is required.')
def is_coorganizer_endpoint_related_to_event(view, view_args, view_kwargs,
*args, **kwargs):
"""
If the authorization header is present (but expired) and the event being accessed is not published
- And the user is related to the event (organizer, co-organizer etc) show a 401
- Else show a 404
:param view:
:param view_args:
:param view_kwargs:
:param args:
:param kwargs:
:return:
"""
user = get_identity()
if user.is_staff:
_jwt_required(app.config['JWT_DEFAULT_REALM'])
return view(*view_args, **view_kwargs)
if user.is_organizer(kwargs['event_id']) or user.is_coorganizer(
kwargs['event_id']):
_jwt_required(app.config['JWT_DEFAULT_REALM'])
return view(*view_args, **view_kwargs)
return ForbiddenError({
'source': ''
}, 'Co-organizer access is required.').respond()
def test_get_identity(self):
"""Check JWTHelper: get user identity"""
with app.test_request_context():
mixer.init_app(app)
user = mixer.blend(User)
# Authenticate User
self.auth = {'Authorization': "JWT " + _default_jwt_encode_handler(user)}
with app.test_request_context(headers=self.auth):
self.assertEquals(get_identity().id, user.id)
def test_get_identity(self):
with app.test_request_context():
user = UserFactory()
db.session.add(user)
db.session.commit()
event = EventFactoryBasic()
event.user_id = user.id
db.session.add(event)
db.session.commit()
# Authenticate User
self.auth = {'Authorization': "JWT " + _default_jwt_encode_handler(user)}
with app.test_request_context(headers=self.auth):
self.assertEquals(get_identity().id, user.id)
def test_get_identity(self):
"""Method to test identity of authenticated user"""
with self.app.test_request_context():
user = UserFactory()
save_to_db(user)
event = EventFactoryBasic()
event.user_id = user.id
save_to_db(event)
# Authenticate User
self.auth = {'Authorization': "JWT " + create_access_token(user.id, fresh=True)}
with self.app.test_request_context(headers=self.auth):
self.assertEquals(get_identity().id, user.id)
def test_get_identity(self):
"""Method to test identity of authenticated user"""
with app.test_request_context():
user = UserFactory()
save_to_db(user)
event = EventFactoryBasic()
event.user_id = user.id
save_to_db(event)
# Authenticate User
self.auth = {
'Authorization':
"JWT " + str(_default_jwt_encode_handler(user), 'utf-8')
}
with app.test_request_context(headers=self.auth):
self.assertEquals(get_identity().id, user.id)
def is_coorganizer_endpoint_related_to_event(view, view_args, view_kwargs, *args, **kwargs):
"""
If the authorization header is present (but expired) and the event being accessed is not published
- And the user is related to the event (organizer, co-organizer etc) show a 401
- Else show a 404
:param view:
:param view_args:
:param view_kwargs:
:param args:
:param kwargs:
:return:
"""
user = get_identity()
if user.is_staff:
_jwt_required(app.config['JWT_DEFAULT_REALM'])
return view(*view_args, **view_kwargs)
if user.is_organizer(kwargs['event_id']) or user.is_coorganizer(kwargs['event_id']):
_jwt_required(app.config['JWT_DEFAULT_REALM'])
return view(*view_args, **view_kwargs)
return ForbiddenError({'source': ''}, 'Co-organizer access is required.').respond()
