def options(self):
user = session.get('auth_user', {})
option = {
'POST': Auth.has_permission(user, 'add_document'),
'PUT': Auth.has_permission(user, 'add_document,modify_document'),
'DELETE': Auth.has_permission(user, 'delete_document')
}
if request.args.get('method'):
if not option.get(request.args.get('method')):
option['notify_msg'] = {
'title': 'No Permission',
'message':
'You do not have permission to perform that action',
'type': 'error'
}
return Response(
response=json.dumps(option),
status=403
if not option.get(request.args.get('method')) else 200,
content_type='application/json')
return Response(response=json.dumps(option),
content_type='application/json',
status=200)
def post_login():
user = Auth.get_by_login(request.form.get('email'),
request.form.get('password'))
if user:
Auth.create_session(user)
return redirect(request.args.get('next_page', '/'))
return get_login(error={'message': 'Invalid email and/or password'})
def post_login():
user = Auth.get_by_login(request.form.get('email'), request.form.get('password'))
if user:
Auth.create_session(user)
return redirect(request.args.get('next_page', '/'))
return get_login(error={
'message': 'Invalid email and/or password'
})
def options(self):
user = session.get('auth_user', {})
option = {
'POST': Auth.has_permission(user, 'upload_archive_document'),
}
if request.args.get('method'):
if not option.get(request.args.get('method')):
option['notify_msg'] = {
'title': 'No Permission',
'message': 'You do not have permission to perform that action',
'type': 'error'
}
return Response(
response=json.dumps(option),
status=403 if not option.get(request.args.get('method')) else 200,
content_type='application/json')
return Response(response=json.dumps(option), content_type='application/json', status=200)
def test_missing_single_permission_from_set(user_mock):
assert Auth.has_permission(user_mock, ['add', 'modify', 'delete', 'restore']) is False
def test_has_multiple_permissions_subset(user_mock):
assert Auth.has_permission(user_mock, ['add', 'modify']) is True
def test_missing_permission(user_mock):
assert Auth.has_permission(user_mock, ['restore']) is False
def test_has_single_permission(user_mock):
assert Auth.has_permission(user_mock, 'add') is True
def test_has_multiple_permissions(user_mock):
assert Auth.has_permission(user_mock, ['add', 'modify', 'delete']) is True
def test_has_multiple_permissions(user_mock):
assert Auth.has_permission(user_mock, ['add', 'modify', 'delete']) is True
def logout():
if Auth.delete_session():
return redirect('/')
return Response(status=400)
def test_delete_session(session_mock):
session_mock.__contains__.return_value = True
assert Auth.delete_session() is True
session_mock.pop.assert_called_with('auth_user')
def test_has_single_permission(user_mock):
assert Auth.has_permission(user_mock, 'add') is True
def test_has_multiple_permissions_subset(user_mock):
assert Auth.has_permission(user_mock, ['add', 'modify']) is True
def test_delete_session_no_session(session_mock):
session_mock.__contains__.return_value = False
assert Auth.delete_session() is False
def test_delete_session(session_mock):
session_mock.__contains__.return_value = True
assert Auth.delete_session() is True
session_mock.pop.assert_called_with('auth_user')
def test_missing_single_permission_from_set(user_mock):
assert Auth.has_permission(user_mock,
['add', 'modify', 'delete', 'restore']) is False
def test_missing_permission(user_mock):
assert Auth.has_permission(user_mock, ['restore']) is False
def test_delete_session_no_session(session_mock):
session_mock.__contains__.return_value = False
assert Auth.delete_session() is False
def logout():
if Auth.delete_session():
return redirect('/')
return Response(status=400)