def set_model_perms(model,
actions=['add', 'delete', 'edit', 'view'],
is_table=False):
if is_table:
name = str(model)
else:
name = f'{model.__name__}s'
try:
db.session.query(model)
except exc.InvalidRequestError:
return f"Error: {name} is not a valid sqlalchemy model or table."
else:
with app.app_context():
try:
mod = Model(name=name)
mod.save()
for action in actions:
perm = Permission(name=f'can {action} {name}')
perm.model_id = mod.id
perm.save()
except (exc.IntegrityError, ValueError) as error:
db.session.rollback()
return f'Error: {error}'
def test_user_perms(users):
name1 = Permission.set_code_name('can add users')
name2 = Permission.set_code_name('can edit groups')
perm1 = Permission.find_by_name(name1)
perm2 = Permission.find_by_name(name2)
user = User.find_by_identity('*****@*****.**')
user.add_permissions([perm1, perm2])
assert user.permissions.count() == 2
assert user.user_has_perm(perm2) is True
user.remove_permissions([perm2])
assert user.user_has_perm(perm2) is False
assert user.permissions.count() == 1
def test_group_perms(groups):
name1 = Permission.set_code_name('can view groups')
name2 = Permission.set_code_name('can delete users')
perm1 = Permission.find_by_name(name1)
perm2 = Permission.find_by_name(name2)
grp = Group.find_by_name('test group 1')
grp.add_permissions([perm1, perm2])
assert grp.has_perm(perm2) is True
assert grp.permissions.count() == 2
grp.remove_permissions([perm2])
assert grp.has_perm(perm2) is False
assert grp.permissions.count() == 1
def test_user_get_all_perms(users, groups):
name1 = Permission.set_code_name('can add users')
name2 = Permission.set_code_name('can edit groups')
perm1 = Permission.find_by_name(name1)
perm2 = Permission.find_by_name(name2)
user = User.find_by_identity('*****@*****.**')
grp = Group.find_by_name('test group 1')
grp.add_members([user])
assert len(user.get_all_perms()) == 0
user.add_permissions([perm1])
grp.add_permissions([perm2])
assert len(user.get_all_perms()) == 2
assert user.has_permission(perm2.code_name) is True
assert user.has_permission(perm1.code_name) is True
assert user.has_permissions([perm1.code_name, perm2.code_name]) is True
def test_add_group_perms(client, groups):
name1 = Permission.set_code_name('can view groups')
name2 = Permission.set_code_name('can delete users')
perm1 = Permission.find_by_name(name1)
perm2 = Permission.find_by_name(name2)
group = Group.find_by_name('test group 1')
response = client.put(
f'/api/admin/groups/{group.id}/permissions',
content_type='application/json',
data=json.dumps({'perms': [perm1.id, perm2.id]})
)
data = json.loads(response.data.decode())
assert response.status_code == 200
assert len(data.get('permissions')) == 2
assert data.get('permissions')[1]['name'] == 'can view groups'
assert data.get('permissions')[0]['name'] == 'can delete users'
def test_remove_group_perms(client, groups):
name1 = Permission.set_code_name('can view groups')
name2 = Permission.set_code_name('can delete users')
perm1 = Permission.find_by_name(name1)
perm2 = Permission.find_by_name(name2)
group = Group.find_by_name('test group 3')
group.add_permissions([perm2, perm1])
assert len(group.permissions.all()) == 2
response = client.delete(
f'/api/admin/groups/{group.id}/permissions',
content_type='application/json',
data=json.dumps({'perms': [perm1.id, perm2.id]})
)
data = json.loads(response.data.decode())
assert response.status_code == 200
assert len(data.get('permissions')) == 0
def test_remove_user_perms(client, users):
name1 = Permission.set_code_name('can view groups')
name2 = Permission.set_code_name('can delete users')
perm1 = Permission.find_by_name(name1)
perm2 = Permission.find_by_name(name2)
user = User.find_by_identity('*****@*****.**')
user.add_permissions([perm2, perm1])
assert len(user.permissions.all()) == 2
response = client.delete(
f'/api/admin/users/{user.id}/permissions',
content_type='application/json',
data=json.dumps({'perms': [perm1.id, perm2.id]})
)
data = json.loads(response.data.decode())
assert response.status_code == 200
assert len(data.get('permissions')) == 0
def has_permissions(self, perms_list):
perms = []
for perm in perms_list:
p = Permission.find_by_name(perm)
perms.append(p)
return set(perms).issubset(set(self.get_all_perms()))
def remove_user_permissions(id):
data = request.get_json()
user = User.find_by_id(id)
perms = []
for id in data.get('perms'):
perm = Permission.find_by_id(id)
perms.append(perm)
user.remove_permissions(perms)
return jsonify(UserSchema().dump(user))
def remove_group_permissions(grp_id):
data = request.get_json()
group = Group.find_by_id(grp_id)
perms = []
for id in data.get('perms'):
perm = Permission.find_by_id(id)
perms.append(perm)
group.remove_permissions(perms)
return jsonify(GroupSchema().dump(group))
def has_permission(self, name):
perm = Permission.find_by_name(name)
return perm in self.get_all_perms()