archive/blender-cloud
0
1
Fork 1
Code Issues 24 Pull Requests Projects Releases Wiki Activity

Revert "Revert "Removed flamenco-user and attract-user role linking to subscriber/demo/admin""

Browse Source 
This reverts commit d46b5d645b.
This commit is contained in:
Sybren A. Stüvel
2017-12-12 10:22:07 +01:00
parent d46b5d645b
commit 501fb76c7e
3 changed files with 1 additions and 71 deletions
Download Patch File Download Diff File Expand all files Collapse all files

39
cloud/__init__.py
View File

@@ -7,7 +7,6 @@ from pillar.api.utils import authorization
from pillar.extension import PillarExtension
EXTENSION_NAME = 'cloud'
ROLES_TO_BE_SUBSCRIBER = {'demo', 'subscriber', 'admin'} # TODO: get rid of this, use 'subscriber' cap
class CloudExtension(PillarExtension):
@@ -86,49 +85,11 @@ class CloudExtension(PillarExtension):
}
def setup_app(self, app):
"""Links certain roles to the subscriber role.
This means that users who get the subscriber role also get this linked
role, and when the subscriber role is revoked, the linked role is also
revoked.
"""
from pillar.api.service import signal_user_changed_role
from . import routes, webhooks
signal_user_changed_role.connect(self._user_changed_role)
routes.setup_app(app)
app.register_api_blueprint(webhooks.blueprint, '/webhooks')
def _user_changed_role(self, sender, user: dict):
from pillar.api import service
linked_roles = {'flamenco-user', 'attract-user'}
link_to = {'subscriber', 'demo'}
user_roles = set(user.get('roles', []))
# Determine what to do
has_linked_roles = not (linked_roles - user_roles)
has_link_to = bool(link_to.intersection(user_roles))
action = ''
if has_link_to and not has_linked_roles:
self._log.info('Granting roles %s to user %s', linked_roles, user['_id'])
action = 'grant'
elif not has_link_to and has_linked_roles:
self._log.info('Revoking roles %s from user %s', linked_roles, user['_id'])
action = 'revoke'
if not action:
return
# Avoid infinite loops while we're changing the user's roles.
service.signal_user_changed_role.disconnect(self._user_changed_role)
try:
if linked_roles:
service.do_badger(action, roles=linked_roles, user_id=user['_id'])
finally:
service.signal_user_changed_role.connect(self._user_changed_role)
def _get_current_cloud():
"""Returns the Cloud extension of the current application."""

31
tests/test_linked_roles.py
View File

@@ -1,31 +0,0 @@
from abstract_cloud_test import AbstractCloudTest
class LinkedRolesTest(AbstractCloudTest):
def test_linked_roles_subscriber(self):
user_id = self.create_user(roles=[])
db_user = self.fetch_user_from_db(user_id)
self.badger(db_user['email'], {'subscriber'}, 'grant')
db_user = self.fetch_user_from_db(user_id)
self.assertEqual({'subscriber', 'flamenco-user', 'attract-user'},
set(db_user['roles']))
self.badger(db_user['email'], {'subscriber'}, 'revoke')
db_user = self.fetch_user_from_db(user_id)
self.assertEqual(set(),
set(db_user.get('roles', [])))
def test_linked_roles_demo(self):
user_id = self.create_user(roles=[])
db_user = self.fetch_user_from_db(user_id)
self.badger(db_user['email'], {'demo'}, 'grant')
db_user = self.fetch_user_from_db(user_id)
self.assertEqual({'demo', 'flamenco-user', 'attract-user'},
set(db_user['roles']))
self.badger(db_user['email'], {'demo'}, 'revoke')
db_user = self.fetch_user_from_db(user_id)
self.assertEqual(set(),
set(db_user.get('roles', [])))

2
tests/test_webhooks.py
View File

@@ -98,7 +98,7 @@ class UserModifiedTest(AbstractCloudTest):
db_user = self.fetch_user_from_db(self.uid)
self.assertEqual('old@email.address', db_user['email'])
self.assertEqual('ကြယ်ဆွတ်', db_user['full_name'])
self.assertEqual({'flamenco-user', 'attract-user', 'demo'}, set(db_user['roles']))
self.assertEqual({'demo'}, set(db_user['roles']))
def test_bad_hmac(self):
payload = {'id': 1112333,