Alexander/FitTrackee
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

API - limit access to users for now

Browse Source 
- only auth user can access his preference
- only admin can visualize users
This commit is contained in:
Sam
2022-03-13 09:30:50 +01:00
parent 6c42b9ffbd
commit ac6aceadfd
6 changed files with 180 additions and 104 deletions
Download Patch File Download Diff File Expand all files Collapse all files

152
fittrackee/tests/users/test_users_api.py
View File

@ -14,7 +14,7 @@ from ..api_test_case import ApiTestCaseMixin
class TestGetUser(ApiTestCaseMixin):
def test_it_gets_single_user_without_workouts(
def test_it_returns_error_if_user_has_no_admin_rights(
self, app: Flask, user_1: User, user_2: User
) -> None:
client, auth_token = self.get_test_client_and_auth_token(
@ -27,6 +27,21 @@ class TestGetUser(ApiTestCaseMixin):
headers=dict(Authorization=f'Bearer {auth_token}'),
)
self.assert_403(response)
def test_it_gets_single_user_without_workouts(
self, app: Flask, user_1_admin: User, user_2: User
) -> None:
client, auth_token = self.get_test_client_and_auth_token(
app, user_1_admin.email
)
response = client.get(
f'/api/users/{user_2.username}',
content_type='application/json',
headers=dict(Authorization=f'Bearer {auth_token}'),
)
data = json.loads(response.data.decode())
assert response.status_code == 200
assert data['status'] == 'success'
@ -40,11 +55,7 @@ class TestGetUser(ApiTestCaseMixin):
assert user['last_name'] is None
assert user['birth_date'] is None
assert user['bio'] is None
assert user['imperial_units'] is False
assert user['location'] is None
assert user['timezone'] is None
assert user['weekm'] is False
assert user['language'] is None
assert user['nb_sports'] == 0
assert user['nb_workouts'] == 0
assert user['records'] == []
@ -56,13 +67,14 @@ class TestGetUser(ApiTestCaseMixin):
self,
app: Flask,
user_1: User,
user_2_admin: User,
sport_1_cycling: Sport,
sport_2_running: Sport,
workout_cycling_user_1: Workout,
workout_running_user_1: Workout,
) -> None:
client, auth_token = self.get_test_client_and_auth_token(
app, user_1.email
app, user_2_admin.email
)
response = client.get(
@ -84,11 +96,7 @@ class TestGetUser(ApiTestCaseMixin):
assert user['last_name'] is None
assert user['birth_date'] is None
assert user['bio'] is None
assert user['imperial_units'] is False
assert user['location'] is None
assert user['timezone'] is None
assert user['weekm'] is False
assert user['language'] is None
assert len(user['records']) == 8
assert user['nb_sports'] == 2
assert user['nb_workouts'] == 2
@ -97,10 +105,10 @@ class TestGetUser(ApiTestCaseMixin):
assert user['total_duration'] == '2:40:00'
def test_it_returns_error_if_user_does_not_exist(
self, app: Flask, user_1: User
self, app: Flask, user_1_admin: User
) -> None:
client, auth_token = self.get_test_client_and_auth_token(
app, user_1.email
app, user_1_admin.email
)
response = client.get(
@ -113,8 +121,8 @@ class TestGetUser(ApiTestCaseMixin):
class TestGetUsers(ApiTestCaseMixin):
def test_it_get_users_list(
self, app: Flask, user_1: User, user_2: User, user_3: User
def test_it_returns_error_if_user_has_no_admin_rights(
self, app: Flask, user_1: User, user_2: User
) -> None:
client, auth_token = self.get_test_client_and_auth_token(
app, user_1.email
@ -125,6 +133,20 @@ class TestGetUsers(ApiTestCaseMixin):
headers=dict(Authorization=f'Bearer {auth_token}'),
)
self.assert_403(response)
def test_it_get_users_list(
self, app: Flask, user_1_admin: User, user_2: User, user_3: User
) -> None:
client, auth_token = self.get_test_client_and_auth_token(
app, user_1_admin.email
)
response = client.get(
'/api/users',
headers=dict(Authorization=f'Bearer {auth_token}'),
)
data = json.loads(response.data.decode())
assert response.status_code == 200
assert 'success' in data['status']
@ -132,10 +154,10 @@ class TestGetUsers(ApiTestCaseMixin):
assert 'created_at' in data['data']['users'][0]
assert 'created_at' in data['data']['users'][1]
assert 'created_at' in data['data']['users'][2]
assert 'test' in data['data']['users'][0]['username']
assert 'admin' in data['data']['users'][0]['username']
assert 'toto' in data['data']['users'][1]['username']
assert 'sam' in data['data']['users'][2]['username']
assert 'test@test.com' in data['data']['users'][0]['email']
assert 'admin@example.com' in data['data']['users'][0]['email']
assert 'toto@toto.com' in data['data']['users'][1]['email']
assert 'sam@test.com' in data['data']['users'][2]['email']
assert data['data']['users'][0]['imperial_units'] is False
@ -148,20 +170,12 @@ class TestGetUsers(ApiTestCaseMixin):
assert data['data']['users'][0]['sports_list'] == []
assert data['data']['users'][0]['total_distance'] == 0
assert data['data']['users'][0]['total_duration'] == '0:00:00'
assert data['data']['users'][1]['imperial_units'] is False
assert data['data']['users'][1]['timezone'] is None
assert data['data']['users'][1]['weekm'] is False
assert data['data']['users'][1]['language'] is None
assert data['data']['users'][1]['nb_sports'] == 0
assert data['data']['users'][1]['nb_workouts'] == 0
assert data['data']['users'][1]['records'] == []
assert data['data']['users'][1]['sports_list'] == []
assert data['data']['users'][1]['total_distance'] == 0
assert data['data']['users'][1]['total_duration'] == '0:00:00'
assert data['data']['users'][2]['imperial_units'] is False
assert data['data']['users'][2]['timezone'] is None
assert data['data']['users'][2]['weekm'] is True
assert data['data']['users'][2]['language'] is None
assert data['data']['users'][2]['records'] == []
assert data['data']['users'][2]['nb_sports'] == 0
assert data['data']['users'][2]['nb_workouts'] == 0
@ -179,7 +193,7 @@ class TestGetUsers(ApiTestCaseMixin):
def test_it_gets_users_list_with_workouts(
self,
app: Flask,
user_1: User,
user_1_admin: User,
user_2: User,
user_3: User,
sport_1_cycling: Sport,
@ -189,7 +203,7 @@ class TestGetUsers(ApiTestCaseMixin):
workout_cycling_user_2: Workout,
) -> None:
client, auth_token = self.get_test_client_and_auth_token(
app, user_1.email
app, user_1_admin.email
)
response = client.get(
@ -204,10 +218,10 @@ class TestGetUsers(ApiTestCaseMixin):
assert 'created_at' in data['data']['users'][0]
assert 'created_at' in data['data']['users'][1]
assert 'created_at' in data['data']['users'][2]
assert 'test' in data['data']['users'][0]['username']
assert 'admin' in data['data']['users'][0]['username']
assert 'toto' in data['data']['users'][1]['username']
assert 'sam' in data['data']['users'][2]['username']
assert 'test@test.com' in data['data']['users'][0]['email']
assert 'admin@example.com' in data['data']['users'][0]['email']
assert 'toto@toto.com' in data['data']['users'][1]['email']
assert 'sam@test.com' in data['data']['users'][2]['email']
assert data['data']['users'][0]['imperial_units'] is False
@ -219,18 +233,12 @@ class TestGetUsers(ApiTestCaseMixin):
assert data['data']['users'][0]['sports_list'] == [1, 2]
assert data['data']['users'][0]['total_distance'] == 22.0
assert data['data']['users'][0]['total_duration'] == '2:40:00'
assert data['data']['users'][1]['imperial_units'] is False
assert data['data']['users'][1]['timezone'] is None
assert data['data']['users'][1]['weekm'] is False
assert data['data']['users'][1]['nb_sports'] == 1
assert data['data']['users'][1]['nb_workouts'] == 1
assert len(data['data']['users'][1]['records']) == 4
assert data['data']['users'][1]['sports_list'] == [1]
assert data['data']['users'][1]['total_distance'] == 15
assert data['data']['users'][1]['total_duration'] == '1:00:00'
assert data['data']['users'][2]['imperial_units'] is False
assert data['data']['users'][2]['timezone'] is None
assert data['data']['users'][2]['weekm'] is True
assert data['data']['users'][2]['nb_sports'] == 0
assert data['data']['users'][2]['nb_workouts'] == 0
assert len(data['data']['users'][2]['records']) == 0
@ -249,12 +257,12 @@ class TestGetUsers(ApiTestCaseMixin):
def test_it_gets_first_page_on_users_list(
self,
app: Flask,
user_1: User,
user_1_admin: User,
user_2: User,
user_3: User,
) -> None:
client, auth_token = self.get_test_client_and_auth_token(
app, user_1.email
app, user_1_admin.email
)
response = client.get(
@ -278,12 +286,12 @@ class TestGetUsers(ApiTestCaseMixin):
def test_it_gets_next_page_on_users_list(
self,
app: Flask,
user_1: User,
user_1_admin: User,
user_2: User,
user_3: User,
) -> None:
client, auth_token = self.get_test_client_and_auth_token(
app, user_1.email
app, user_1_admin.email
)
response = client.get(
@ -306,12 +314,12 @@ class TestGetUsers(ApiTestCaseMixin):
def test_it_gets_empty_next_page_on_users_list(
self,
app: Flask,
user_1: User,
user_1_admin: User,
user_2: User,
user_3: User,
) -> None:
client, auth_token = self.get_test_client_and_auth_token(
app, user_1.email
app, user_1_admin.email
)
response = client.get(
@ -334,12 +342,12 @@ class TestGetUsers(ApiTestCaseMixin):
def test_it_gets_user_list_with_2_per_page(
self,
app: Flask,
user_1: User,
user_1_admin: User,
user_2: User,
user_3: User,
) -> None:
client, auth_token = self.get_test_client_and_auth_token(
app, user_1.email
app, user_1_admin.email
)
response = client.get(
@ -362,12 +370,12 @@ class TestGetUsers(ApiTestCaseMixin):
def test_it_gets_next_page_on_user_list_with_2_per_page(
self,
app: Flask,
user_1: User,
user_1_admin: User,
user_2: User,
user_3: User,
) -> None:
client, auth_token = self.get_test_client_and_auth_token(
app, user_1.email
app, user_1_admin.email
)
response = client.get(
@ -388,10 +396,10 @@ class TestGetUsers(ApiTestCaseMixin):
}
def test_it_gets_users_list_ordered_by_username(
self, app: Flask, user_1: User, user_2: User, user_3: User
self, app: Flask, user_1_admin: User, user_2: User, user_3: User
) -> None:
client, auth_token = self.get_test_client_and_auth_token(
app, user_1.email
app, user_1_admin.email
)
response = client.get(
@ -403,8 +411,8 @@ class TestGetUsers(ApiTestCaseMixin):
assert response.status_code == 200
assert 'success' in data['status']
assert len(data['data']['users']) == 3
assert 'sam' in data['data']['users'][0]['username']
assert 'test' in data['data']['users'][1]['username']
assert 'admin' in data['data']['users'][0]['username']
assert 'sam' in data['data']['users'][1]['username']
assert 'toto' in data['data']['users'][2]['username']
assert data['pagination'] == {
'has_next': False,
@ -415,10 +423,10 @@ class TestGetUsers(ApiTestCaseMixin):
}
def test_it_gets_users_list_ordered_by_username_ascending(
self, app: Flask, user_1: User, user_2: User, user_3: User
self, app: Flask, user_1_admin: User, user_2: User, user_3: User
) -> None:
client, auth_token = self.get_test_client_and_auth_token(
app, user_1.email
app, user_1_admin.email
)
response = client.get(
@ -430,8 +438,8 @@ class TestGetUsers(ApiTestCaseMixin):
assert response.status_code == 200
assert 'success' in data['status']
assert len(data['data']['users']) == 3
assert 'sam' in data['data']['users'][0]['username']
assert 'test' in data['data']['users'][1]['username']
assert 'admin' in data['data']['users'][0]['username']
assert 'sam' in data['data']['users'][1]['username']
assert 'toto' in data['data']['users'][2]['username']
assert data['pagination'] == {
'has_next': False,
@ -442,10 +450,10 @@ class TestGetUsers(ApiTestCaseMixin):
}
def test_it_gets_users_list_ordered_by_username_descending(
self, app: Flask, user_1: User, user_2: User, user_3: User
self, app: Flask, user_1_admin: User, user_2: User, user_3: User
) -> None:
client, auth_token = self.get_test_client_and_auth_token(
app, user_1.email
app, user_1_admin.email
)
response = client.get(
@ -458,8 +466,8 @@ class TestGetUsers(ApiTestCaseMixin):
assert 'success' in data['status']
assert len(data['data']['users']) == 3
assert 'toto' in data['data']['users'][0]['username']
assert 'test' in data['data']['users'][1]['username']
assert 'sam' in data['data']['users'][2]['username']
assert 'sam' in data['data']['users'][1]['username']
assert 'admin' in data['data']['users'][2]['username']
assert data['pagination'] == {
'has_next': False,
'has_prev': False,
@ -642,14 +650,14 @@ class TestGetUsers(ApiTestCaseMixin):
def test_it_gets_users_list_ordered_by_workouts_count(
self,
app: Flask,
user_1: User,
user_1_admin: User,
user_2: User,
user_3: User,
sport_1_cycling: Sport,
workout_cycling_user_2: Workout,
) -> None:
client, auth_token = self.get_test_client_and_auth_token(
app, user_1.email
app, user_1_admin.email
)
response = client.get(
@ -661,7 +669,7 @@ class TestGetUsers(ApiTestCaseMixin):
assert response.status_code == 200
assert 'success' in data['status']
assert len(data['data']['users']) == 3
assert 'test' in data['data']['users'][0]['username']
assert 'admin' in data['data']['users'][0]['username']
assert 0 == data['data']['users'][0]['nb_workouts']
assert 'sam' in data['data']['users'][1]['username']
assert 0 == data['data']['users'][1]['nb_workouts']
@ -678,14 +686,14 @@ class TestGetUsers(ApiTestCaseMixin):
def test_it_gets_users_list_ordered_by_workouts_count_ascending(
self,
app: Flask,
user_1: User,
user_1_admin: User,
user_2: User,
user_3: User,
sport_1_cycling: Sport,
workout_cycling_user_2: Workout,
) -> None:
client, auth_token = self.get_test_client_and_auth_token(
app, user_1.email
app, user_1_admin.email
)
response = client.get(
@ -697,7 +705,7 @@ class TestGetUsers(ApiTestCaseMixin):
assert response.status_code == 200
assert 'success' in data['status']
assert len(data['data']['users']) == 3
assert 'test' in data['data']['users'][0]['username']
assert 'admin' in data['data']['users'][0]['username']
assert 0 == data['data']['users'][0]['nb_workouts']
assert 'sam' in data['data']['users'][1]['username']
assert 0 == data['data']['users'][1]['nb_workouts']
@ -714,14 +722,14 @@ class TestGetUsers(ApiTestCaseMixin):
def test_it_gets_users_list_ordered_by_workouts_count_descending(
self,
app: Flask,
user_1: User,
user_1_admin: User,
user_2: User,
user_3: User,
sport_1_cycling: Sport,
workout_cycling_user_2: Workout,
) -> None:
client, auth_token = self.get_test_client_and_auth_token(
app, user_1.email
app, user_1_admin.email
)
response = client.get(
@ -735,7 +743,7 @@ class TestGetUsers(ApiTestCaseMixin):
assert len(data['data']['users']) == 3
assert 'toto' in data['data']['users'][0]['username']
assert 1 == data['data']['users'][0]['nb_workouts']
assert 'test' in data['data']['users'][1]['username']
assert 'admin' in data['data']['users'][1]['username']
assert 0 == data['data']['users'][1]['nb_workouts']
assert 'sam' in data['data']['users'][2]['username']
assert 0 == data['data']['users'][2]['nb_workouts']
@ -748,10 +756,10 @@ class TestGetUsers(ApiTestCaseMixin):
}
def test_it_gets_users_list_filtering_on_username(
self, app: Flask, user_1: User, user_2: User, user_3: User
self, app: Flask, user_1_admin: User, user_2: User, user_3: User
) -> None:
client, auth_token = self.get_test_client_and_auth_token(
app, user_1.email
app, user_1_admin.email
)
response = client.get(
@ -773,10 +781,10 @@ class TestGetUsers(ApiTestCaseMixin):
}
def test_it_returns_empty_users_list_filtering_on_username(
self, app: Flask, user_1: User, user_2: User, user_3: User
self, app: Flask, user_1_admin: User, user_2: User, user_3: User
) -> None:
client, auth_token = self.get_test_client_and_auth_token(
app, user_1.email
app, user_1_admin.email
)
response = client.get(
@ -797,10 +805,10 @@ class TestGetUsers(ApiTestCaseMixin):
}
def test_it_users_list_with_complex_query(
self, app: Flask, user_1: User, user_2: User, user_3: User
self, app: Flask, user_1_admin: User, user_2: User, user_3: User
) -> None:
client, auth_token = self.get_test_client_and_auth_token(
app, user_1.email
app, user_1_admin.email
)
response = client.get(
@ -812,7 +820,7 @@ class TestGetUsers(ApiTestCaseMixin):
assert response.status_code == 200
assert 'success' in data['status']
assert len(data['data']['users']) == 1
assert 'sam' in data['data']['users'][0]['username']
assert 'admin' in data['data']['users'][0]['username']
assert data['pagination'] == {
'has_next': False,
'has_prev': True,

60
fittrackee/tests/users/test_users_model.py
View File

@ -1,33 +1,71 @@
from typing import Dict
import pytest
from flask import Flask
from fittrackee.users.exceptions import UserNotFoundException
from fittrackee.users.models import User, UserSportPreference
from fittrackee.workouts.models import Sport, Workout
class TestUserModel:
def test_user_model(self, app: Flask, user_1: User) -> None:
assert '<User \'test\'>' == str(user_1)
serialized_user = user_1.serialize()
assert 'test' == serialized_user['username']
@staticmethod
def assert_serialized_used(serialized_user: Dict) -> None:
assert 'created_at' in serialized_user
assert serialized_user['admin'] is False
assert serialized_user['first_name'] is None
assert serialized_user['last_name'] is None
assert serialized_user['imperial_units'] is False
assert serialized_user['bio'] is None
assert serialized_user['location'] is None
assert serialized_user['birth_date'] is None
assert serialized_user['picture'] is False
assert serialized_user['timezone'] is None
assert serialized_user['weekm'] is False
assert serialized_user['language'] is None
assert serialized_user['nb_sports'] == 0
assert serialized_user['nb_workouts'] == 0
def test_user_model_as_auth_user(self, app: Flask, user_1: User) -> None:
assert '<User \'test\'>' == str(user_1)
serialized_user = user_1.serialize(user_1)
self.assert_serialized_used(serialized_user)
assert 'test' == serialized_user['username']
assert 'test@test.com' == serialized_user['email']
assert serialized_user['nb_sports'] == 0
assert serialized_user['records'] == []
assert serialized_user['sports_list'] == []
assert serialized_user['total_distance'] == 0
assert serialized_user['total_duration'] == '0:00:00'
assert serialized_user['imperial_units'] is False
assert serialized_user['language'] is None
assert serialized_user['timezone'] is None
assert serialized_user['weekm'] is False
assert serialized_user['email_to_confirm'] is None
assert 'confirmation_token' not in serialized_user
def test_user_model_as_admin(
self, app: Flask, user_1_admin: User, user_2: User
) -> None:
serialized_user = user_2.serialize(user_1_admin)
self.assert_serialized_used(serialized_user)
assert 'toto' == serialized_user['username']
assert 'toto@toto.com' == serialized_user['email']
assert serialized_user['nb_sports'] == 0
assert serialized_user['records'] == []
assert serialized_user['sports_list'] == []
assert serialized_user['total_distance'] == 0
assert serialized_user['total_duration'] == '0:00:00'
assert serialized_user['email_to_confirm'] is None
assert 'imperial_units' not in serialized_user
assert 'language' not in serialized_user
assert 'timezone' not in serialized_user
assert 'weekm' not in serialized_user
assert 'confirmation_token' not in serialized_user
def test_user_model_as_regular_user(
self, app: Flask, user_1: User, user_2: User
) -> None:
with pytest.raises(UserNotFoundException):
user_2.serialize(user_1)
def test_encode_auth_token(self, app: Flask, user_1: User) -> None:
auth_token = user_1.encode_auth_token(user_1.id)
@ -49,7 +87,7 @@ class TestUserModel:
sport_1_cycling: Sport,
workout_cycling_user_1: Workout,
) -> None:
serialized_user = user_1.serialize()
serialized_user = user_1.serialize(user_1)
assert len(serialized_user['records']) == 4
assert serialized_user['records'][0]['record_type'] == 'AS'
assert serialized_user['records'][0]['sport_id'] == sport_1_cycling.id