def test_get_user_permissions(self):
"""
Test get_user_permissions
"""
user_ok = {"id_role": 1, "nom_role": "Administrateur"}
perms = get_user_permissions(user_ok,
code_action="C",
code_filter_type="SCOPE")
assert isinstance(perms, list)
assert get_max_perm(perms).value_filter == "3"
fake_user = {"id_role": 220, "nom_role": "Administrateur"}
with pytest.raises(InsufficientRightsError):
perms = get_user_permissions(fake_user,
code_action="C",
code_filter_type="SCOPE")
# with module code
perms = get_user_permissions(user_ok,
code_action="C",
code_filter_type="SCOPE",
module_code="ADMIN")
max_perm = get_max_perm(perms)
assert max_perm.value_filter == "3"
# with code_object
perms = get_user_permissions(
user_ok,
code_action="C",
code_filter_type="SCOPE",
code_object="PERMISSIONS",
)
assert isinstance(perms, list)
assert get_max_perm(perms).value_filter == "3"
def test_get_user_permissions(self):
"""
Test get_user_permissions
"""
user_ok = {'id_role': 1, 'nom_role': 'Administrateur'}
perms = get_user_permissions(user_ok,
code_action='C',
code_filter_type='SCOPE')
assert isinstance(perms, list)
assert get_max_perm(perms).value_filter == '3'
fake_user = {'id_role': 220, 'nom_role': 'Administrateur'}
with pytest.raises(InsufficientRightsError):
perms = get_user_permissions(fake_user,
code_action='C',
code_filter_type='SCOPE')
# with module code
perms = get_user_permissions(user_ok,
code_action='C',
code_filter_type='SCOPE',
module_code='ADMIN')
max_perm = get_max_perm(perms)
assert max_perm.value_filter == '3'
# with code_object
perms = get_user_permissions(user_ok,
code_action='C',
code_filter_type='SCOPE',
code_object='PERMISSIONS')
assert isinstance(perms, list)
assert get_max_perm(perms).value_filter == '3'
def __check_cruved_scope(*args, **kwargs):
user = get_user_from_token_and_raise(request, action,
redirect_on_expiration,
redirect_on_invalid_token)
# If user not a dict: its a token issue
# return the appropriate Response from get_user_from_token_and_raise
if not isinstance(user, dict):
return user
user_with_highter_perm = None
user_permissions = get_user_permissions(user, "SCOPE", action,
module_code, object_code)
user_cruved_obj = UserCruved()
user_with_highter_perm = user_cruved_obj.build_herited_user_cruved(
user_permissions, module_code, object_code)
# if get_role = True : set info_role as kwargs
if get_role:
kwargs["info_role"] = user_with_highter_perm
# if no perm or perm = 0 -> raise 403
if user_with_highter_perm is None or (
user_with_highter_perm is not None
and user_with_highter_perm.value_filter == "0"):
if object_code:
message = f"""User {user_with_highter_perm.id_role} cannot "{user_with_highter_perm.code_action}" {object_code}"""
else:
message = f"""User {user_with_highter_perm.id_role}" cannot "{user_with_highter_perm.code_action}" in {user_with_highter_perm.module_code}"""
raise InsufficientRightsError(message, 403)
g.user = user_with_highter_perm
return fn(*args, **kwargs)
def test_get_user_permissions(self):
"""
Test get_user_permissions
"""
user_ok = {"id_role": 1, "nom_role": "Administrateur"}
perms, is_herited, herited_object = UserCruved(
id_role=user_ok["id_role"], code_filter_type="SCOPE", module_code="GEONATURE"
).get_herited_user_cruved_by_action("C")
assert isinstance(perms, VUsersPermissions)
assert perms.value_filter == "3"
fake_user = {"id_role": 220, "nom_role": "Administrateur"}
# get_user_permissions(fake_user, code_action="C", code_filter_type="SCOPE")
with pytest.raises(InsufficientRightsError):
perms = get_user_permissions(fake_user, code_action="C", code_filter_type="SCOPE")
# with module code
perms = perms, is_herited, herited_object = UserCruved(
id_role=user_ok["id_role"], code_filter_type="SCOPE", module_code="ADMIN"
).get_herited_user_cruved_by_action("C")
assert perms.value_filter == "3"
# # with code_object -> heritage
perms = perms, is_herited, herited_object = UserCruved(
id_role=user_ok["id_role"],
code_filter_type="SCOPE",
module_code="GEONATURE",
object_code="PERMISSIONS",
).get_herited_user_cruved_by_action("C")
assert isinstance(perms, VUsersPermissions)
assert perms.value_filter == "3"
def __check_cruved_scope(*args, **kwargs):
user = get_user_from_token_and_raise(request, action,
redirect_on_expiration,
redirect_on_invalid_token)
# If user not a dict: its a token issue
# return the appropriate Response from get_user_from_token_and_raise
if not isinstance(user, dict):
return user
user_with_highter_perm = None
user_permissions = get_user_permissions(user, action, "SCOPE",
module_code, object_code)
# if object_code no heritage
if object_code:
user_with_highter_perm = get_max_perm(user_permissions)
else:
# else
# loop on user permissions
# return the module permission if exist
# otherwise return GEONATURE permission
module_permissions = []
geonature_permission = []
# filter the GeoNature perm and the module perm in two
# arrays to make heritage
for user_permission in user_permissions:
if user_permission.module_code == module_code:
module_permissions.append(user_permission)
else:
geonature_permission.append(user_permission)
# take the max of the different permissions
# if no module permission take the max of GN perm
if len(module_permissions) == 0:
user_with_highter_perm = get_max_perm(geonature_permission)
# if at least one module perm: take the max of module perms
else:
user_with_highter_perm = get_max_perm(module_permissions)
# if get_role = True : set info_role as kwargs
if get_role:
kwargs["info_role"] = user_with_highter_perm
# if no perm or perm = 0 -> raise 403
if user_with_highter_perm is None or (
user_with_highter_perm is not None
and user_with_highter_perm.value_filter == "0"):
raise InsufficientRightsError(
('User "{}" cannot "{}" in {}').format(
user_with_highter_perm.id_role,
user_with_highter_perm.code_action,
user_with_highter_perm.module_code,
),
403,
)
g.user = user_with_highter_perm
return fn(*args, **kwargs)
def test_get_user_permissions(self):
"""
Test get_user_permissions
"""
user_ok = {'id_role': 1, 'nom_role': 'Administrateur'}
perms = get_user_permissions(
user_ok,
code_action='C',
code_filter_type='SCOPE'
)
assert isinstance(perms, list)
assert get_max_perm(perms).value_filter == '3'
fake_user = {'id_role': 220, 'nom_role': 'Administrateur'}
with pytest.raises(InsufficientRightsError):
perms = get_user_permissions(
fake_user,
code_action='C',
code_filter_type='SCOPE'
)
# with module code
perms = get_user_permissions(
user_ok,
code_action='C',
code_filter_type='SCOPE',
module_code='ADMIN'
)
max_perm = get_max_perm(perms)
assert max_perm.value_filter == '3'
# with code_object
perms = get_user_permissions(
user_ok,
code_action='C',
code_filter_type='SCOPE',
code_object='PERMISSIONS'
)
assert isinstance(perms, list)
assert get_max_perm(perms).value_filter == '3'
def __check_cruved_scope(*args, **kwargs):
user = get_user_from_token_and_raise(
request,
action,
redirect_on_expiration,
redirect_on_invalid_token,
)
# If user not a dict: its a token issue
# return the appropriate Response from get_user_from_token_and_raise
if not isinstance(user, dict):
return user
user_with_highter_perm = None
if get_role:
user_permissions = get_user_permissions(
user,
action,
'SCOPE',
module_code,
object_code
)
# if object_code no heritage
if object_code:
user_with_highter_perm = get_max_perm(user_permissions)
else:
# else
# loop on user permissions
# return the module permission if exist
# otherwise return GEONATURE permission
module_permissions = []
geonature_permission = []
# user_permissions is a array of at least 1 permission
# get the user from the first element of the array
for user_permission in user_permissions:
if user_permission.module_code == module_code:
module_permissions.append(user_permission)
else:
geonature_permission.append(user_permission)
# take the max of the different permissions
if len(module_permissions) == 0:
user_with_highter_perm = get_max_perm(geonature_permission)
else:
user_with_highter_perm = get_max_perm(module_permissions)
kwargs['info_role'] = user_with_highter_perm
g.user = user_with_highter_perm
return fn(*args, **kwargs)
def __check_cruved_scope(*args, **kwargs):
user = get_user_from_token_and_raise(
request,
action,
redirect_on_expiration,
redirect_on_invalid_token,
)
# If user not a dict: its a token issue
# return the appropriate Response from get_user_from_token_and_raise
if not isinstance(user, dict):
return user
user_with_highter_perm = None
if get_role:
user_permissions = get_user_permissions(
user,
action,
'SCOPE',
module_code,
object_code
)
# if object_code no heritage
if object_code:
user_with_highter_perm = get_max_perm(user_permissions)
else:
# else
# loop on user permissions
# return the module permission if exist
# otherwise return GEONATURE permission
module_permissions = []
geonature_permission = []
# user_permissions is a array of at least 1 permission
# get the user from the first element of the array
for user_permission in user_permissions:
if user_permission.module_code == module_code:
module_permissions.append(user_permission)
else:
geonature_permission.append(user_permission)
# take the max of the different permissions
if len(module_permissions) == 0:
user_with_highter_perm = get_max_perm(geonature_permission)
else:
user_with_highter_perm = get_max_perm(module_permissions)
kwargs['info_role'] = user_with_highter_perm
g.user = user_with_highter_perm
return fn(*args, **kwargs)