mealie/tests/integration_tests/user_group_tests/test_group_permissions.py

from uuid import uuid4

from fastapi.testclient import TestClient

from mealie.repos.repository_factory import AllRepositories
from tests.utils.factories import random_bool
from tests.utils.fixture_schemas import TestUser


class Routes:
    self = "/api/groups/self"
    members = "/api/groups/members"
    permissions = "/api/groups/permissions"


def get_permissions_payload(user_id: str, can_manage=None) -> dict:
    return {
        "user_id": user_id,
        "can_manage": random_bool() if can_manage is None else can_manage,
        "can_invite": random_bool(),
        "can_organize": random_bool(),
    }


def test_get_group_members(api_client: TestClient, user_tuple: list[TestUser]):
    usr_1, usr_2 = user_tuple

    response = api_client.get(Routes.members, headers=usr_1.token)
    assert response.status_code == 200

    members = response.json()
    assert len(members) >= 2

    all_ids = [x["id"] for x in members]

    assert str(usr_1.user_id) in all_ids
    assert str(usr_2.user_id) in all_ids


def test_set_memeber_permissions(api_client: TestClient, user_tuple: list[TestUser], database: AllRepositories):
    usr_1, usr_2 = user_tuple

    # Set Acting User
    acting_user = database.users.get_one(usr_1.user_id)
    acting_user.can_manage = True
    database.users.update(acting_user.id, acting_user)

    payload = get_permissions_payload(str(usr_2.user_id))

    # Test
    response = api_client.put(Routes.permissions, json=payload, headers=usr_1.token)
    assert response.status_code == 200


def test_set_memeber_permissions_unauthorized(api_client: TestClient, unique_user: TestUser, database: AllRepositories):
    # Setup
    user = database.users.get_one(unique_user.user_id)
    user.can_manage = False
    database.users.update(user.id, user)

    payload = get_permissions_payload(str(user.id))
    payload = {
        "user_id": str(user.id),
        "can_manage": True,
        "can_invite": True,
        "can_organize": True,
    }

    # Test
    response = api_client.put(Routes.permissions, json=payload, headers=unique_user.token)
    assert response.status_code == 403


def test_set_memeber_permissions_other_group(
    api_client: TestClient,
    unique_user: TestUser,
    g2_user: TestUser,
    database: AllRepositories,
):
    user = database.users.get_one(unique_user.user_id)
    user.can_manage = True
    database.users.update(user.id, user)

    payload = get_permissions_payload(str(g2_user.user_id))
    response = api_client.put(Routes.permissions, json=payload, headers=unique_user.token)
    assert response.status_code == 403


def test_set_memeber_permissions_no_user(
    api_client: TestClient,
    unique_user: TestUser,
    database: AllRepositories,
):
    user = database.users.get_one(unique_user.user_id)
    user.can_manage = True
    database.users.update(user.id, user)

    payload = get_permissions_payload(str(uuid4()))
    response = api_client.put(Routes.permissions, json=payload, headers=unique_user.token)
    assert response.status_code == 404
Refactor/conver to controllers (#923) * add dependency injection for get_repositories * convert events api to controller * update generic typing * add abstract controllers * update test naming * migrate admin services to controllers * add additional admin route tests * remove print * add public shared dependencies * add types * fix typo * add static variables for recipe json keys * add coverage gutters config * update controller routers * add generic success response * add category/tag/tool tests * add token refresh test * add coverage utilities * covert comments to controller * add todo * add helper properties * delete old service * update test notes * add unit test for pretty_stats * remove dead code from post_webhooks * update group routes to use controllers * add additional group test coverage * abstract common permission checks * convert ingredient parser to controller * update recipe crud to use controller * remove dead-code * add class lifespan tracker for debugging * convert bulk export to controller * migrate tools router to controller * update recipe share to controller * move customer router to _base * ignore prints in flake8 * convert units and foods to new controllers * migrate user routes to controllers * centralize error handling * fix invalid ref * reorder fields * update routers to share common handling * update tests * remove prints * fix cookbooks delete * fix cookbook get * add controller for mealplanner * cover report routes to controller * remove __future__ imports * remove dead code * remove all base_http children and remove dead code 2022-01-13 13:06:52 -09:00			`from uuid import uuid4`

			`from fastapi.testclient import TestClient`

			`from mealie.repos.repository_factory import AllRepositories`
			`from tests.utils.factories import random_bool`
			`from tests.utils.fixture_schemas import TestUser`


			`class Routes:`
			`self = "/api/groups/self"`
docs: fix typos (#1665) * docs: fix typos * typos: fix typos found by `codespell` across the codebase * docs: fix `macOS` spelling * docs: fix `authentification` terminology "Authentification" is not a thing. * docs: fix `localhost` typo in example link * typos: fix in-code typos These are potentially higher risk, but no other mentions of these typos show up in the codebase. 2022-09-25 23:17:27 +00:00			`members = "/api/groups/members"`
Refactor/conver to controllers (#923) * add dependency injection for get_repositories * convert events api to controller * update generic typing * add abstract controllers * update test naming * migrate admin services to controllers * add additional admin route tests * remove print * add public shared dependencies * add types * fix typo * add static variables for recipe json keys * add coverage gutters config * update controller routers * add generic success response * add category/tag/tool tests * add token refresh test * add coverage utilities * covert comments to controller * add todo * add helper properties * delete old service * update test notes * add unit test for pretty_stats * remove dead code from post_webhooks * update group routes to use controllers * add additional group test coverage * abstract common permission checks * convert ingredient parser to controller * update recipe crud to use controller * remove dead-code * add class lifespan tracker for debugging * convert bulk export to controller * migrate tools router to controller * update recipe share to controller * move customer router to _base * ignore prints in flake8 * convert units and foods to new controllers * migrate user routes to controllers * centralize error handling * fix invalid ref * reorder fields * update routers to share common handling * update tests * remove prints * fix cookbooks delete * fix cookbook get * add controller for mealplanner * cover report routes to controller * remove __future__ imports * remove dead code * remove all base_http children and remove dead code 2022-01-13 13:06:52 -09:00			`permissions = "/api/groups/permissions"`


			`def get_permissions_payload(user_id: str, can_manage=None) -> dict:`
			`return {`
			`"user_id": user_id,`
			`"can_manage": random_bool() if can_manage is None else can_manage,`
			`"can_invite": random_bool(),`
			`"can_organize": random_bool(),`
			`}`


			`def test_get_group_members(api_client: TestClient, user_tuple: list[TestUser]):`
			`usr_1, usr_2 = user_tuple`

docs: fix typos (#1665) * docs: fix typos * typos: fix typos found by `codespell` across the codebase * docs: fix `macOS` spelling * docs: fix `authentification` terminology "Authentification" is not a thing. * docs: fix `localhost` typo in example link * typos: fix in-code typos These are potentially higher risk, but no other mentions of these typos show up in the codebase. 2022-09-25 23:17:27 +00:00			`response = api_client.get(Routes.members, headers=usr_1.token)`
Refactor/conver to controllers (#923) * add dependency injection for get_repositories * convert events api to controller * update generic typing * add abstract controllers * update test naming * migrate admin services to controllers * add additional admin route tests * remove print * add public shared dependencies * add types * fix typo * add static variables for recipe json keys * add coverage gutters config * update controller routers * add generic success response * add category/tag/tool tests * add token refresh test * add coverage utilities * covert comments to controller * add todo * add helper properties * delete old service * update test notes * add unit test for pretty_stats * remove dead code from post_webhooks * update group routes to use controllers * add additional group test coverage * abstract common permission checks * convert ingredient parser to controller * update recipe crud to use controller * remove dead-code * add class lifespan tracker for debugging * convert bulk export to controller * migrate tools router to controller * update recipe share to controller * move customer router to _base * ignore prints in flake8 * convert units and foods to new controllers * migrate user routes to controllers * centralize error handling * fix invalid ref * reorder fields * update routers to share common handling * update tests * remove prints * fix cookbooks delete * fix cookbook get * add controller for mealplanner * cover report routes to controller * remove __future__ imports * remove dead code * remove all base_http children and remove dead code 2022-01-13 13:06:52 -09:00			`assert response.status_code == 200`

			`members = response.json()`
			`assert len(members) >= 2`

			`all_ids = [x["id"] for x in members]`

			`assert str(usr_1.user_id) in all_ids`
			`assert str(usr_2.user_id) in all_ids`


			`def test_set_memeber_permissions(api_client: TestClient, user_tuple: list[TestUser], database: AllRepositories):`
			`usr_1, usr_2 = user_tuple`

			`# Set Acting User`
			`acting_user = database.users.get_one(usr_1.user_id)`
			`acting_user.can_manage = True`
			`database.users.update(acting_user.id, acting_user)`

			`payload = get_permissions_payload(str(usr_2.user_id))`

			`# Test`
			`response = api_client.put(Routes.permissions, json=payload, headers=usr_1.token)`
			`assert response.status_code == 200`


			`def test_set_memeber_permissions_unauthorized(api_client: TestClient, unique_user: TestUser, database: AllRepositories):`
			`# Setup`
			`user = database.users.get_one(unique_user.user_id)`
			`user.can_manage = False`
			`database.users.update(user.id, user)`

			`payload = get_permissions_payload(str(user.id))`
			`payload = {`
			`"user_id": str(user.id),`
			`"can_manage": True,`
			`"can_invite": True,`
			`"can_organize": True,`
			`}`

			`# Test`
			`response = api_client.put(Routes.permissions, json=payload, headers=unique_user.token)`
			`assert response.status_code == 403`


			`def test_set_memeber_permissions_other_group(`
			`api_client: TestClient,`
			`unique_user: TestUser,`
			`g2_user: TestUser,`
			`database: AllRepositories,`
			`):`
			`user = database.users.get_one(unique_user.user_id)`
			`user.can_manage = True`
			`database.users.update(user.id, user)`

			`payload = get_permissions_payload(str(g2_user.user_id))`
			`response = api_client.put(Routes.permissions, json=payload, headers=unique_user.token)`
			`assert response.status_code == 403`


			`def test_set_memeber_permissions_no_user(`
			`api_client: TestClient,`
			`unique_user: TestUser,`
			`database: AllRepositories,`
			`):`
			`user = database.users.get_one(unique_user.user_id)`
			`user.can_manage = True`
			`database.users.update(user.id, user)`

			`payload = get_permissions_payload(str(uuid4()))`
			`response = api_client.put(Routes.permissions, json=payload, headers=unique_user.token)`
			`assert response.status_code == 404`