Implement modification of users.

api/rookeries/users/views.py

@@ -72,7 +72,35 @@ def create_user():
 @rookeries_app.route('/api/users/<username>', methods=['PUT'])
 @flask_jwt.jwt_required()
 def update_user(username):
-    flask.abort(http.HTTPStatus.NOT_IMPLEMENTED)
+    # Check if request is JSON, and respects the JSON schema
+    if not flask.request.is_json:
+        flask.abort(http.HTTPStatus.BAD_REQUEST)
+
+    incoming_request = flask.request.get_json()
+    jsonschema.validate(incoming_request, schema.USER_CREATION_MODIFICATION_SCHEMA)
+
+    # Check if user allowed to create a user.
+    current_user = flask_jwt.current_identity
+    requesting_user_role = models.UserRole[current_user['role']]
+
+    if requesting_user_role != models.UserRole.admin and current_user['username'] != username:
+        flask.abort(http.HTTPStatus.UNAUTHORIZED)
+
+    # Modifies a user from the json.
+    existing_user = models.User.query.filter_by(username=username).first_or_404()
+    updated_user = models.User.from_json(incoming_request)
+    existing_user.role = updated_user.role
+    existing_user.profile.full_name = updated_user.profile.full_name
+    existing_user.profile.alias_name = updated_user.profile.alias_name
+    existing_user.profile.email = updated_user.profile.email
+
+    db.session.commit()
+
+    user_response = replace_id_with_self_link(updated_user.to_json())
+    return flask.jsonify(user_response), http.HTTPStatus.CREATED
+
+
+# TODO: Add in a patch to update the password of a user.
 
 
 @rookeries_app.route('/api/users/<username>', methods=['DELETE'])

api/tests/server/test_user_management.py

@@ -18,6 +18,7 @@ from tests import utils
 bdd.scenarios('user_management.feature')
 
 TEST_USER_PASSWORDS = 'password-testing'
+TEST_NAME_MODIFIER = ' modified'
 
 USER_TEMPLATES = {
     'requester': {
@@ -65,6 +66,10 @@ USER_TEMPLATES = {
 }
 
 
+def parse_self_other(text):
+    return text.lower() == 'my'
+
+
 def create_user_in_db(db_engine, test_user: dict):
     return utils.create_test_user(
         db_engine=db_engine,
@@ -114,6 +119,38 @@ def create_new_user_response(user_role, jwt_token, api_base_uri):
     )
 
 
+@bdd.given(
+    parsers.parse('I try to modify {self_classifier:self_other} {user_role} user', {'self_other': parse_self_other}),
+    target_fixture='user_response')
+def modify_user_response(self_classifier, user_role, jwt_token, api_base_uri, db_engine):
+
+    existing_user_template = USER_TEMPLATES['target_data']['non-existent']
+    if self_classifier:
+        existing_user_template = USER_TEMPLATES['requester'][user_role]
+        create_user_in_db(db_engine, existing_user_template)
+    elif not self_classifier and not user_role == 'non-existent':
+        existing_user_template = USER_TEMPLATES['target_data'][user_role]
+        create_user_in_db(db_engine, existing_user_template)
+
+    user_creation_request = {
+        'username': existing_user_template['username'],
+        'password': TEST_USER_PASSWORDS,
+        'role': user_role,
+        'profile': {
+            'fullName': f'{existing_user_template["name"]}{TEST_NAME_MODIFIER}',
+            'email': existing_user_template['email'],
+        }
+    }
+
+    return requests.put(
+        url=f'{api_base_uri}/api/users/{existing_user_template["username"]}',
+        json=user_creation_request,
+        headers={
+            'Authorization': f'JWT {jwt_token}',
+        },
+    )
+
+
 @bdd.given(parsers.parse('I try to create an {user_role} user with an {type_of_request} request'),
            target_fixture='user_response')
 def invalid_create_new_user_response(user_role, type_of_request, jwt_token, api_base_uri):
@@ -136,8 +173,28 @@ def invalid_create_new_user_response(user_role, type_of_request, jwt_token, api_
     )
 
 
-def parse_self_other(text):
+@bdd.given(parsers.parse('I try to modify an {user_role} user with an {type_of_request} request'),
-    return text.lower() == 'my'
+           target_fixture='user_response')
+def invalid_modify_user_response(user_role, type_of_request, jwt_token, api_base_uri):
+
+    test_username = USER_TEMPLATES['target_data'][user_role]['username']
+
+    if type_of_request == 'non-json':
+        return requests.put(
+            url=f'{api_base_uri}/api/users/{test_username}',
+            body='',
+            headers={
+                'Authorization': f'JWT {jwt_token}',
+            },
+        )
+
+    return requests.put(
+        url=f'{api_base_uri}/api/users/{test_username}',
+        json={},
+        headers={
+            'Authorization': f'JWT {jwt_token}',
+        },
+    )
 
 
 @bdd.given(parsers.parse('I try to get {self_classifier:self_other} {user_role} user',
@@ -227,6 +284,30 @@ def assert_user_profile(self_classifier, user_role, user_response, db_engine, ap
     assert user_response.json() == expected_user_creation_response
 
 
+@bdd.then(parsers.parse('updates to {self_classifier:self_other} {user_role} user are preserved',
+                        {'self_other': parse_self_other}))
+def assert_modified_user_profile(self_classifier, user_role, user_response, api_base_uri):
+
+    template_user = USER_TEMPLATES['target_data'][user_role]
+    if self_classifier:
+        template_user = USER_TEMPLATES['requester'][user_role]
+
+    assert user_response.status_code == http.HTTPStatus.CREATED
+    expected_user_creation_response = {
+        'username': template_user['username'],
+        'role': user_role,
+        'profile': {
+            'aliasName': None,
+            'fullName': f'{template_user.get("name")}{TEST_NAME_MODIFIER}',
+            'email': template_user.get('email'),
+        },
+        'urls': {
+            'self': f'{api_base_uri}/api/users/{template_user["username"]}'
+        }
+    }
+    assert user_response.json() == expected_user_creation_response
+
+
 @bdd.then(parsers.parse('I get an unauthorized response'))
 def assert_unauthorized_response(user_response: requests.Response):
 

api/tests/server/user_management.feature

@@ -115,65 +115,73 @@ Scenario: Subscriber user can get own profile
   And I try to get my subscriber user
   Then I get my subscriber user
 
-## User Modification
+# User Modification
-#
+
-# TODO: Test for invalid non-JSON requests
+Scenario: User cannot modify a user using a non-json response
-# TODO: Test for requests not matching JSON schemas
+  Given I am an admin user
-#Scenario: Admin user can modify an admin user
+  And I try to modify an admin user with non-json request
-#  Given I am an admin user
+  Then I get a bad request response
-#  And I modify an admin user
+
-#  Then my updates to the admin user are preserved
+Scenario: User cannot modify a user using a non-json response
-#
+  Given I am an admin user
-#Scenario: Admin user can modify an editor user
+  And I try to modify an admin user with an empty-json request
-#  Given I am an admin user
+  Then I get a bad request response
-#  And I modify an editor user
+
-#  Then my updates to the editor user are preserved
+Scenario: Admin user can modify an admin user
-#
+  Given I am an admin user
-#Scenario: Admin user can modify an subscriber user
+  And I try to modify an admin user
-#  Given I am an admin user
+  Then updates to the admin user are preserved
-#  And I modify a subscriber user
+
-#  Then my updates to the subscriber user are preserved
+Scenario: Admin user can modify an editor user
-#
+  Given I am an admin user
-#Scenario: Editor user can not modify an admin user
+  And I try to modify an editor user
-#  Given I am an editor user
+  Then updates to the editor user are preserved
-#  And I modify an admin user
+
-#  Then I get an unauthorized response
+Scenario: Admin user can modify an subscriber user
-#
+  Given I am an admin user
-#Scenario: Editor user can not modify an editor user that is not self
+  And I try to modify a subscriber user
-#  Given I am an editor user
+  Then updates to the subscriber user are preserved
-#  And I modify an editor user
+
-#  Then I get an unauthorized response
+Scenario: Editor user can not modify an admin user
-#
+  Given I am an editor user
-#Scenario: Editor user can modify their own user
+  And I try to modify an admin user
-#  Given I am an editor user
+  Then I get an unauthorized response
-#  And I modify my user
+
-#  Then my updates to my editor user are preserved
+Scenario: Editor user can not modify an editor user that is not self
-#
+  Given I am an editor user
-#Scenario: Editor user can not modify a subscriber user
+  And I try to modify an editor user
-#  Given I am an editor user
+  Then I get an unauthorized response
-#  And I modify a subscriber user
+
-#  Then I get an unauthorized response
+Scenario: Editor user can modify their own user
+  Given I am an editor user
+  And I try to modify my editor user
+  Then updates to my editor user are preserved
+
+Scenario: Editor user can not modify a subscriber user
+  Given I am an editor user
+  And I try to modify a subscriber user
+  Then I get an unauthorized response
+
+Scenario: Subscriber user can not modify an admin user
+  Given I am an subscriber user
+  And I try to modify an admin user
+  Then I get an unauthorized response
+
+Scenario: Subscriber user can not modify an editor user
+  Given I am an subscriber user
+  And I try to modify an editor user
+  Then I get an unauthorized response
+
+Scenario: Subscriber user can modify their own user
+  Given I am an subscriber user
+  And I try to modify my subscriber user
+  Then updates to my subscriber user are preserved
+
+Scenario: Subscriber user can not modify a subscriber user that is not self
+  Given I am an subscriber user
+  And I try to modify a subscriber user
+  Then I get an unauthorized response
 
-#Scenario: Subscriber user can not modify an admin user
-#  Given I am an subscriber user
-#  And I modify an admin user
-#  Then I get an unauthorized response
-#
-#Scenario: Subscriber user can not modify an editor user
-#  Given I am an subscriber user
-#  And I modify an editor user
-#  Then I get an unauthorized response
-#
-#Scenario: Subscriber user can modify their own user
-#  Given I am an subscriber user
-#  And I modify my subscriber user
-#  Then my updates to the subscriber user are preserved
-#
-#Scenario: Subscriber user can not modify a subscriber user that is not self
-#  Given I am an subscriber user
-#  And I modify a subscriber user
-#  Then I get an unauthorized response
-#
 
 ## User Deletion