rookeries
/
rookeries
1
0
Fork 0
Code Issues 11 Pull Requests Projects Releases Wiki Activity

Implement modification of users.

This commit is contained in:
Dorian 2017-03-07 01:01:03 -05:00
parent 7dc600755c
commit da8aba962c
3 changed files with 178 additions and 61 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

30
api/rookeries/users/views.py
View File

@ -72,7 +72,35 @@ def create_user():
@rookeries_app.route('/api/users/<username>', methods=['PUT'])
@flask_jwt.jwt_required()
def update_user(username):
flask.abort(http.HTTPStatus.NOT_IMPLEMENTED)
# Check if request is JSON, and respects the JSON schema
if not flask.request.is_json:
flask.abort(http.HTTPStatus.BAD_REQUEST)
incoming_request = flask.request.get_json()
jsonschema.validate(incoming_request, schema.USER_CREATION_MODIFICATION_SCHEMA)
# Check if user allowed to create a user.
current_user = flask_jwt.current_identity
requesting_user_role = models.UserRole[current_user['role']]
if requesting_user_role != models.UserRole.admin and current_user['username'] != username:
flask.abort(http.HTTPStatus.UNAUTHORIZED)
# Modifies a user from the json.
existing_user = models.User.query.filter_by(username=username).first_or_404()
updated_user = models.User.from_json(incoming_request)
existing_user.role = updated_user.role
existing_user.profile.full_name = updated_user.profile.full_name
existing_user.profile.alias_name = updated_user.profile.alias_name
existing_user.profile.email = updated_user.profile.email
db.session.commit()
user_response = replace_id_with_self_link(updated_user.to_json())
return flask.jsonify(user_response), http.HTTPStatus.CREATED
# TODO: Add in a patch to update the password of a user.
@rookeries_app.route('/api/users/<username>', methods=['DELETE'])

85
api/tests/server/test_user_management.py
View File

@ -18,6 +18,7 @@ from tests import utils
bdd.scenarios('user_management.feature')
TEST_USER_PASSWORDS = 'password-testing'
TEST_NAME_MODIFIER = ' modified'
USER_TEMPLATES = {
'requester': {
@ -65,6 +66,10 @@ USER_TEMPLATES = {
}
def parse_self_other(text):
return text.lower() == 'my'
def create_user_in_db(db_engine, test_user: dict):
return utils.create_test_user(
db_engine=db_engine,
@ -114,6 +119,38 @@ def create_new_user_response(user_role, jwt_token, api_base_uri):
)
@bdd.given(
parsers.parse('I try to modify {self_classifier:self_other} {user_role} user', {'self_other': parse_self_other}),
target_fixture='user_response')
def modify_user_response(self_classifier, user_role, jwt_token, api_base_uri, db_engine):
existing_user_template = USER_TEMPLATES['target_data']['non-existent']
if self_classifier:
existing_user_template = USER_TEMPLATES['requester'][user_role]
create_user_in_db(db_engine, existing_user_template)
elif not self_classifier and not user_role == 'non-existent':
existing_user_template = USER_TEMPLATES['target_data'][user_role]
create_user_in_db(db_engine, existing_user_template)
user_creation_request = {
'username': existing_user_template['username'],
'password': TEST_USER_PASSWORDS,
'role': user_role,
'profile': {
'fullName': f'{existing_user_template["name"]}{TEST_NAME_MODIFIER}',
'email': existing_user_template['email'],
}
}
return requests.put(
url=f'{api_base_uri}/api/users/{existing_user_template["username"]}',
json=user_creation_request,
headers={
'Authorization': f'JWT {jwt_token}',
},
)
@bdd.given(parsers.parse('I try to create an {user_role} user with an {type_of_request} request'),
target_fixture='user_response')
def invalid_create_new_user_response(user_role, type_of_request, jwt_token, api_base_uri):
@ -136,8 +173,28 @@ def invalid_create_new_user_response(user_role, type_of_request, jwt_token, api_
)
def parse_self_other(text):
return text.lower() == 'my'
@bdd.given(parsers.parse('I try to modify an {user_role} user with an {type_of_request} request'),
target_fixture='user_response')
def invalid_modify_user_response(user_role, type_of_request, jwt_token, api_base_uri):
test_username = USER_TEMPLATES['target_data'][user_role]['username']
if type_of_request == 'non-json':
return requests.put(
url=f'{api_base_uri}/api/users/{test_username}',
body='',
headers={
'Authorization': f'JWT {jwt_token}',
},
)
return requests.put(
url=f'{api_base_uri}/api/users/{test_username}',
json={},
headers={
'Authorization': f'JWT {jwt_token}',
},
)
@bdd.given(parsers.parse('I try to get {self_classifier:self_other} {user_role} user',
@ -227,6 +284,30 @@ def assert_user_profile(self_classifier, user_role, user_response, db_engine, ap
assert user_response.json() == expected_user_creation_response
@bdd.then(parsers.parse('updates to {self_classifier:self_other} {user_role} user are preserved',
{'self_other': parse_self_other}))
def assert_modified_user_profile(self_classifier, user_role, user_response, api_base_uri):
template_user = USER_TEMPLATES['target_data'][user_role]
if self_classifier:
template_user = USER_TEMPLATES['requester'][user_role]
assert user_response.status_code == http.HTTPStatus.CREATED
expected_user_creation_response = {
'username': template_user['username'],
'role': user_role,
'profile': {
'aliasName': None,
'fullName': f'{template_user.get("name")}{TEST_NAME_MODIFIER}',
'email': template_user.get('email'),
},
'urls': {
'self': f'{api_base_uri}/api/users/{template_user["username"]}'
}
}
assert user_response.json() == expected_user_creation_response
@bdd.then(parsers.parse('I get an unauthorized response'))
def assert_unauthorized_response(user_response: requests.Response):

124
api/tests/server/user_management.feature
View File

@ -115,65 +115,73 @@ Scenario: Subscriber user can get own profile
And I try to get my subscriber user
Then I get my subscriber user
## User Modification
#
# TODO: Test for invalid non-JSON requests
# TODO: Test for requests not matching JSON schemas
#Scenario: Admin user can modify an admin user
# Given I am an admin user
# And I modify an admin user
# Then my updates to the admin user are preserved
#
#Scenario: Admin user can modify an editor user
# Given I am an admin user
# And I modify an editor user
# Then my updates to the editor user are preserved
#
#Scenario: Admin user can modify an subscriber user
# Given I am an admin user
# And I modify a subscriber user
# Then my updates to the subscriber user are preserved
#
#Scenario: Editor user can not modify an admin user
# Given I am an editor user
# And I modify an admin user
# Then I get an unauthorized response
#
#Scenario: Editor user can not modify an editor user that is not self
# Given I am an editor user
# And I modify an editor user
# Then I get an unauthorized response
#
#Scenario: Editor user can modify their own user
# Given I am an editor user
# And I modify my user
# Then my updates to my editor user are preserved
#
#Scenario: Editor user can not modify a subscriber user
# Given I am an editor user
# And I modify a subscriber user
# Then I get an unauthorized response
# User Modification
Scenario: User cannot modify a user using a non-json response
Given I am an admin user
And I try to modify an admin user with non-json request
Then I get a bad request response
Scenario: User cannot modify a user using a non-json response
Given I am an admin user
And I try to modify an admin user with an empty-json request
Then I get a bad request response
Scenario: Admin user can modify an admin user
Given I am an admin user
And I try to modify an admin user
Then updates to the admin user are preserved
Scenario: Admin user can modify an editor user
Given I am an admin user
And I try to modify an editor user
Then updates to the editor user are preserved
Scenario: Admin user can modify an subscriber user
Given I am an admin user
And I try to modify a subscriber user
Then updates to the subscriber user are preserved
Scenario: Editor user can not modify an admin user
Given I am an editor user
And I try to modify an admin user
Then I get an unauthorized response
Scenario: Editor user can not modify an editor user that is not self
Given I am an editor user
And I try to modify an editor user
Then I get an unauthorized response
Scenario: Editor user can modify their own user
Given I am an editor user
And I try to modify my editor user
Then updates to my editor user are preserved
Scenario: Editor user can not modify a subscriber user
Given I am an editor user
And I try to modify a subscriber user
Then I get an unauthorized response
Scenario: Subscriber user can not modify an admin user
Given I am an subscriber user
And I try to modify an admin user
Then I get an unauthorized response
Scenario: Subscriber user can not modify an editor user
Given I am an subscriber user
And I try to modify an editor user
Then I get an unauthorized response
Scenario: Subscriber user can modify their own user
Given I am an subscriber user
And I try to modify my subscriber user
Then updates to my subscriber user are preserved
Scenario: Subscriber user can not modify a subscriber user that is not self
Given I am an subscriber user
And I try to modify a subscriber user
Then I get an unauthorized response
#Scenario: Subscriber user can not modify an admin user
# Given I am an subscriber user
# And I modify an admin user
# Then I get an unauthorized response
#
#Scenario: Subscriber user can not modify an editor user
# Given I am an subscriber user
# And I modify an editor user
# Then I get an unauthorized response
#
#Scenario: Subscriber user can modify their own user
# Given I am an subscriber user
# And I modify my subscriber user
# Then my updates to the subscriber user are preserved
#
#Scenario: Subscriber user can not modify a subscriber user that is not self
# Given I am an subscriber user
# And I modify a subscriber user
# Then I get an unauthorized response
#
## User Deletion